Isolate proposal

Goal
Isolates are intended to seperate java programs from each other, in order to protect java programs from (intentional) errors in other programs.

Proposal (in concept)
I propose to make an Isolates implementation that is somewhere between full isolatation and full sharing. With the goal in mind, programs should be protected from each other, which means that they should not interfere each other in terms of resources, which are typically:

  • Memory
  • Threads
  • Locks

This means that everything that can be used to interfere other programs on these items must somehow be protected. Everything else must be as shared as possible, in order to minimize resource usage.

Think can be achieved by isolating certain resources, and making serveral services aware of the fact that there are isolates. E.g. a network stack should be aware that network bandwidth is shared nicely across all users, in order to prevent a single program from eating away all network bandwitdh.

What is Isolated v.s. Shared
Isolated:

  • Static variables
  • Java class structures (Class, Field, Method)
  • Class initialization
  • Java threads (java.lang.Thread)
  • Java object heaps

Shared:

  • Static variable indexes (in statics table)
  • Internal class structures (VmType, VmField, VmMethod)
  • Compiled (native) code
  • Internal thread structures (VmThread)
  • OS services (drivers, filesystems, networking)
  • System resources (memory, IRQ)
  • Raw memory blocks (MemoryBlockManager)

Explaination:
Static variables in JNode are implemented in statics tables. The index (of a static variable) in this table must be constant across all isolates, otherwise the compiled code needs to retrieve the index on every static variable get/set which is very expensive. Havig said this, this does imply that statics table will become pretty large. This can be solved by implementing a cleanup strategy that frees indexes when they are no longer used.

For the rest, the seperation is made in terms of publicly accessible versus internal. E.g. a java program can synchronize on a Class instance, but since these are isolated, this will not block all other programs.

Isolated java heaps will have significant implications on the code of the shared services, so this will something to do in step 2.

Isolated java heaps

Isolating memory allocation will cause some problems that need to be dealed with.

Problems
When an object is allocated in one isolate, and this isolate is closed, the object is also removed. But what if this object is registered somewhere in another isolate?
Answer: A problem. Objects may not cross isolate bounderies.