Put the following situation:
- You have a large and complex system (distributed, parallel, huge data set) that supports many users. The code is sent to the data.
- You want to allow mobile code in the system - that is, unreliable code that will work within the same JVM as the rest of the system to take advantage of data localization, avoid deserialization, etc.
You can put the code in a class classloader and use a custom security policy such as an applet runner. But there are still problems:
The system as a whole should be protected from malicious code - for example, spawning thread downloads, powering all processors, allocating too much memory.
The idea at the beginning of the millennium was the JSR-121. Isolates were supposed to bring most of the benefits of process isolation — limiting processor usage, spawning threads, heap usage: overall resource allocation.
Given that this effort would seem to have been rejected by Sun, what is the closest thing we can currently get?
So far my ideas are:
- Bytecode converts code to insert placement tracking. Google seems to have done something similar to this: http://code.google.com/p/java-allocation-instrumenter/ . This takes some work, as Google has (Joshua) Bloch ed in the corner and makes all kinds of things private ...
- , , .
- () , ( ThreadMXBean), , . , - n .
- ?