Software fault isolation (SFI) is a way of preventing errors or unexpected behavior in one program from affecting others. Sandboxes, processes, containers, and VMs are all forms of SFI. SFI is a deeply important part of not only operating systems but also browsers and even server software.
The ways in which SFI can be implemented vary widely. Operating systems take advantage of hardware capabilities, like the MMU (memory management unit). Others, like processes and containers, use facilities provided by the operating system kernel to provide isolation. Some types of sandboxing even use a combination of the compiler and runtime libraries in order to provide safety. Each of these methods has advantages and disadvantages, but we don’t often think of them as different options toward a similar end goal. However, when we consider the growing prevalence of things like edge computing and the internet of things, our common patterns start to falter.
Tyler McMullen offers an overview of sandboxing compilers, which provide important benefits but are also challenging to make both safe and fast. Tyler covers machine code generation and optimization, trap handling, and memory sandboxing and illustrates how to integrate them into an existing system—all based on a real compiler and sandbox, currently in development that is designed to run many thousands of sandboxes concurrently in server applications.
Tyler McMullen is CTO of Fastly, where he is responsible for the system architecture and leads the company’s technology vision. As part of the founding team, Tyler built the first versions of Fastly’s instant purging system, API, and real-time analytics. Previously, Tyler worked on text analysis and recommendations at Scribd. A self-described technology curmudgeon, Tyler has experience in everything from web design to kernel development and loathes all of it. Especially distributed systems.
©2018, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org