Calum

kentcb wrote:

Thanks for such an interesting video, and kudos to the singularity team for their outstanding effort so far (and their awesome ability to explain their work). Looking forward to part III.

One thing I've been thinking a lot about lately is how useful it might be to have a CPU that understands IL. In other words, a specific CLR version is integrated directly into hardware instead of being a software abstraction.

I'm not sure whether this is even feasible but it seems to me that it would have a number of benefits:

Security. The security measures currently enforced by a software layer would instead be enforced at the lowest level - in the CPU itself.
Performance. I'm no expert in hardware but I imagine that performance could be greatly improved (not that it's bad now).

Essentially, unsafe code would be non-existant. This is kind of what you're trying to enforce with singularity but at an even lower level. I can imagine such a CPU being really useful in, for example, mobile phones.

Anyway, just ranting . . . thanks again,
Kent

I believe that the Singularity guys are thinking of something along these lines, at least on some level. They mention the concept of "typed assembly language", which implies that there is essentially type information associated with the native code that the MSIL for programs is compiled to. This type information essentially allows one to have "safe" assembly language. I believe there is currently some work into incorporating this into hardware, but even if that does not happen, superimposing type information (and I'm not sure if this is possible in an effective way, but bear with me) onto the native (x86 or whatever) code for the system would allow the OS to check the code it is provided for safety, even though the code is precompiled. Since the code in a SIP cannot be changed, the type information could be stripped and the strong guarantee of safety provided by the check would stay intact.

Hope I'm not reiterating anything here...

I do love this project, when I stumbled upon it at first it was like something I had been thinking about myself, except with far, far more thought put into it. Good stuff.

Singularity Revisited
Apr 18, 2006 at 4:49 AM
kentcb wrote:
Thanks for such an interesting video, and kudos to the singularity team for their outstanding effort so far (and their awesome ability to explain their work). Looking forward to part III.

One thing I've been thinking a lot about lately is how useful it might be to have a CPU that understands IL. In other words, a specific CLR version is integrated directly into hardware instead of being a software abstraction.

I'm not sure whether this is even feasible but it seems to me that it would have a number of benefits:

Security. The security measures currently enforced by a software layer would instead be enforced at the lowest level - in the CPU itself.
Performance. I'm no expert in hardware but I imagine that performance could be greatly improved (not that it's bad now).

Essentially, unsafe code would be non-existant. This is kind of what you're trying to enforce with singularity but at an even lower level. I can imagine such a CPU being really useful in, for example, mobile phones.

Anyway, just ranting . . . thanks again,
Kent
I believe that the Singularity guys are thinking of something along these lines, at least on some level. They mention the concept of "typed assembly language", which implies that there is essentially type information associated with the native code that the MSIL for programs is compiled to. This type information essentially allows one to have "safe" assembly language. I believe there is currently some work into incorporating this into hardware, but even if that does not happen, superimposing type information (and I'm not sure if this is possible in an effective way, but bear with me) onto the native (x86 or whatever) code for the system would allow the OS to check the code it is provided for safety, even though the code is precompiled. Since the code in a SIP cannot be changed, the type information could be stripped and the strong guarantee of safety provided by the check would stay intact.

Hope I'm not reiterating anything here...

I do love this project, when I stumbled upon it at first it was like something I had been thinking about myself, except with far, far more thought put into it. Good stuff.

Singularity Revisited

Staff