There are big difference...
Posted Nov 18, 2011 0:47 UTC (Fri) by khim
In reply to: There are big difference...
Parent article: Interview with Andrew Tanenbaum (LinuxFr.org)
Come on. We've seen bugs in NX implementation, in cache coherency protocols, etc.
Sure. But this is question about frequency. Absolute security is not possible so we should expect problems from time to time. But how often the hardware bugs are detected in comparison to JVM or .NET bugs?
A lot of them can be exploited for privilege escalation - remember the infamous F00F bug.
Sure. I remember it well enough to know that it can not be used for privilege escalation. And it's "infamous" precisely because bugs of such magnitude are rare in CPUs.
The key to this is to design your VM to actually use instructions that are close to the real hardware instead of abstract stack machines. In this case you can directly verify the code that is going to be executed on the real hardware.
Why do you need that if you can just directly verify the machine code? E2k does this entirely on hardware level (with full ANSI C support), NaCl does it for x86 at machine code level (again with full ANSI C support but with coarser granularity and bigger speed loss).
Then the _translated_ code is checked for correctness and uses hardware assists for features like memory allocation and bounds checking.
That's certainly cool, but this has to do with all these pointless complications like JVM and managed code with a lot of restrictions?
LISP machines were doing similar things long time ago, sure. So what?
Well, the history repeats itself. First you create pointless complications (like LISP or Java) to do something on general-purpose hardware, then you find out that you can not achieve good performance without hardware support, at stage three you create said hardware support and the next step is to realize that if you have said hardware support then you don't need the complications which promised to solve the problem on the old hardware.
Java is currently at stage three. If Azul guys are doing something similar to what E2K guys did (and I suspect this is what they actually do) then you can easily implement fast microkernel on top of that architecture without any need to have bytecode or "fully-managed system". This can certainly make sense if people worry about security. But this is as far from Microsoft Singularity as you can imagine.
to post comments)