Motivation and Overview

JanosVM is a Virtual Machine for executing Java byte code whose design was largely-- but not entirely-- motivated by the needs of the University of Utah's project to build an operating system for active network nodes: a "Java-oriented Active Network OS," Janos. In an active network, not-fully-trusted code is run by routers or by the nodes of an overlay network. Therefore, Janos must be able to execute multiple untrusted Java-based applications on a relatively bare machine. For that reason and for efficiency, the VM was designed to provide support for safely managing multiple Java programs and their resource usage, all within a single instance of the VM.

We had already explored some of the design space of Java operating systems, designing and developing three of them. The most recent, KaffeOS, was selected as the base for JanosVM. KaffeOS underwent many changes, outlined in the "Comparison" section, resulting in a stripped-down system exporting this key set of primitives:

• Teams - The abstraction that contains a running Java program, analogous to a process in Unix.
• Resources - Services managed by internal code (e.g., memory, classpath, stdio, etc.).
• Exportables/Importables - Explicitly managed cross-team references in the Java code.

JanosVM provides per-team heaps kept separate through write barriers, per-team garbage collection threads, inter-team thread migration, and safe cross-team reference objects. It provides an extensible framework for associating and managing per-team resources, as well as simple yet powerful mechanisms for sharing data and types between teams. It is designed to support asynchronous termination of buggy, uncooperative, or malicious Java applications.

By design, JanosVM itself isn't a complete Java operating system like KaffeOS nor is it tailored to active networking; rather, it is flexible infrastructure that can be used to construct various Java operating systems, matching domain-specific needs. For example, when the combination of Janos's Java NodeOS bindings and the ANTS version 2 runtime is run on JanosVM, a safe environment is provided for running untrusted active code, with optimizations appropriate to the networking domain. Similarly, runtimes could be developed that match the needs of embedded systems, servlet environments, or peer-to-peer and mobile agent platforms.

Return to the main documentation page.