OSDev.org

JoeKayzA wrote:IMO, the best practise would probably be to use a JIT-compiler, to _cache_ the results in a safe place and check whether the "source" (actually the bytecode) files changed or not. The cached native code should also survive a reboot, so the often-used components are always ready to use at startup. Besides this, you could also offer an option for the user to compile (and move to the cache) a piece of bytecode manually. This could be useful when a new application is installed, for example: The app could be compiled during installation then.

What you describe is not really JIT compilation, but pre-compilation. The problem with JIT compilation in a kernel IMO is that it allows for failures to happen at very inconvenient times. Imagine if the JIT failed while trying to swap pages out to disk for example.

The other reason the Singularity project doesn't use JIT is that they simply don't need it. In the Singularity architecture, dynamic code loading is forbidden, and so is run-time code generation. This is to ensure that each process is a closed code space (i.e. -- once it starts running, its code never changes), which makes the system much more predictable and makes many kinds of static verification and optimization possible.

Sorry for the posting delay.
if(currently_holidays && friends_in_town && work_is_crazy)
scheduling_craziness = TRUE; // : )

Back on topic though, I'm trying my best to make a quite secure OS. It just seemed to me that all of the trying to contain a process and keep it from destroying things if it turns out to be malicious is just a bit of a kludge from when you can't step through the binaries and see if it has overtly malignant code in it. Ie. The kernel can say "this binary that we are trying to load has a buffer over/underrun and shouldnt be loaded. kill the process and notify the user." It allows me to relatively safely run code from untrusted sources such as the Internet. This would be extremely hard to do with native x86/powerpc/etc. machine code to say the absolute very least. So that leaves me with my kernel taking in bytecode. However, interpertation is quite slow, and virgin JIT has a bit of a speed curve involved (the time that it would take to compile the entire runtime at boot. Con you imagine how bad it would be if you had to compile the runtime at every boot?). So I was planning on using a hybrid like Sun's HotSpot. It is an interperter, that compiles methods into native code when they are called a lot. This way the code that is executed most often is native code, but the lag is hidden from the user by spreading this out, rather than making them wait at boot while the OS compiles everything at the sametime. And I thought about caching the compiled code, but that turns out to be a lot harder to implement in a secure way then would first be thought.

And as for websites/links/etc. I don't have any yet. I plan on releasing the entire system with a modified BSD liscence and posting it on Sourceforge, but not until I clean up my code consideribly. (It;s ugly right now. I mean _ugly_.) I would work on a website, but I dont need any other distractions if you know what I mean. (Crazy ADD, always getting in the way. : P)