[cap-talk] Cap OS question
Sandro Magi
naasking at higherlogics.com
Sun Sep 6 21:31:32 PDT 2009
AppDomains force the VM to re-jit the machine code for all resident
objects (to remap static field accesses -- not clear how much code
sharing happens), so memory pressure is higher, and jitting incurs
runtime costs.
I'm not clear on whether every authority-wielding call must be
marshalled to a domain with the requisite permissions, or whether the
required objects can carry the requisite permissions with them when they
are sent to the requesting domain, and so only incur CAS costs on
authority-wielding calls after their creation.
These are the CAS costs I was referring to; sorry for my unclear reply
below, I momentarily forgot the model I had in mind. This is a best-case
scenario I think. Worse is if cross-domain marshalling happens for every
call, though most data can probably be passed by ref. I haven't done
enough leg-work here to quantify the costs involved.
Bytecode analysis/rewriting will always have higher performance simply
because the granularity is per-object, with no special runtime support.
Not clear how costly the initial load and verification would be though.
Sandro
Sandro Magi wrote:
> David-Sarah Hopwood wrote:
>> I don't understand why the overhead due to CAS checks is any greater
>> in this kind of design. When the application uses only the tamed API,
>> it is not directly making any requests that would cause a CAS check.
>> (The CAS overhead is only incurred on a check, not per stack frame.)
>> The taming library makes requests that need not involve CAS checks
>> because it is running in another AppDomain that could be given FullTrust
>> (or even if it is not given FullTrust, it would have the same permissions
>> that a domain in a system relying on bytecode verification would have, so
>> there is no extra overhead).
>
> Good points. In rethinking this, the overheads I foresee are in
> marshalling calls across AppDomains, and benign CAS checks. IIRC, there
> are some benign functions that are protected by permissions, and since
> running with CAS is all-or-nothing, we incur the overhead of checking
> permissions for those functions regardless of whether or not they're
> enforced.
>
> I'm a little hazy on the details now though, it's been awhile since I
> looked at this stuff.
>
> Sandro
>
More information about the cap-talk
mailing list