Re: Safety of running and stopping dynamically loaded code

Philippe Bernadat (p.bernadat@opengroup.org)
Fri, 19 Mar 1999 08:55:28 +0100

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Previous message: Rahul Merwah: "Re: Stopping Threads versus Denying Resources"
• Maybe in reply to: Franco Zambonelli: "Stopping Threads versus Denying Resources"

About separate namespaces and heaps

> 
>  Regarding the stopping of threads.
> 
> We do not believe that a general solution that allows thread X to stop
> thread Y is necessary.  It might be desirable, but it might also be impossible
> because of the problems involved in writing async-signal-safe code, but
> it's probably not necessary.
> 
> Instead, we argue to introduce a process model: a given activity, such
> as a servlet, applet, or mobile agent, is encapsulated in a "process".
> Processes can be asynchronously killed by destroying (a la Thread.destroy)
> their threads.
> 
> Processes are isolated from each other by giving them separate namespace,
> separate heaps, and separate CPU and network allocation.  Shared state is
> kept in a "kernel", separated from user processes by a "red line" --- very
> much akin to the traditional user/kernel mode boundary.
> 

We have adopted something similar for the conversant project at the
Open Group RI mid summer 98. We felt the real challenge was how to deal with 
the
shared objects (amongst which system classes). The conversant project was 
about
active networks and protection against denial of service. We did implement a 
prototype (on kaffe, with ANTS) where the creation of a new namespace led to 
the
creation of what we called a private heap. We did address the sharing of system
objects via a system heap, but we did not address the sharing of non system 
state/data between different namespaces (i.e. routing table, caches). One way 
is to
copy the objects, the other is to mediate the access/creation of shared
spaces through explicit interfaces. But the issue of sharing state/data in 
uncooperative environments is somewhat more general and orthogonal to JAVA 
anyway.

If anyone is interested you can still access the conversant homepage at
http://www.camb.opengroup.org/RI/PubProjPgs/CONVERSANT.htm
and I have made the code available as well as our latest publication at
http://www.gr.opengroup.org/~bernadat/conversant

Unfortunately the project has been canceled last fall when the Cambridge 
OpenGroup
RI was downsized.
 
Philippe


----------------------------------------------------------------------------
To unsubscribe (or other requests)            mailto:majordomo@media.mit.edu
List archives, FAQ, member list, etc.   http://gee.cs.oswego.edu/dl/javares/

• Previous message: Rahul Merwah: "Re: Stopping Threads versus Denying Resources"
• Maybe in reply to: Franco Zambonelli: "Stopping Threads versus Denying Resources"

This archive was generated by hypermail 2.0b3 on Fri Mar 19 1999 - 06:28:51 EST