ECOOP 2018
Sun 15 - Sat 21 July 2018 Amsterdam, Netherlands
co-located with ECOOP and ISSTA 2018
Tue 17 Jul 2018 15:55 - 16:35 at Matterhorn II - Track 2

Software Fault Isolation, or SFI, is a way of preventing errors or unexpected behavior in one program from affecting others. Sandboxes, processes, containers, and VMs are all forms of SFI. SFI is a deeply important part of not only operating systems, but also browsers, and even server software.

The ways in which SFI can be implemented vary widely. Operating systems take advantage of hardware capabilities, like the MMU (Memory Management Unit). Others, like processes and containers, use facilities provided by the operating system kernel to provide isolation. Some types of sandboxing even use a combination of the compiler and runtime libraries in order to provide safety.

Each of the methods of implementing SFI have advantages and disadvantages, but we don’t often think of them as different options toward a similar end goal. When we consider the growing prevalence of things like edge computing and “Internet of Things”, our common patterns start to falter.

In this talk, we’ll focus on how sandboxing compilers work. There are important benefits, but also major pitfalls and challenges to making it both safe and fast. We’ll talk about machine code generation and optimization, trap handling, memory sandboxing, and how it all integrates into an existing system. This is all based on a real compiler and sandbox, currently in development, that is designed to run many thousands of sandboxes concurrently in server applications.

CTO of Fastly.

Tue 17 Jul

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

15:55 - 17:25
15:55
40m
Talk
Isolation Without Containers
CurryOn Curry On Talks
16:45
40m
Talk
Using APIs and micro-services as the glue between observed and derived facts
CurryOn Curry On Talks
Faraz Babar American Express