Squeak + Android and Dalvik!? (was Re: [Vm-dev] Performance, Quality and Process [was Array new: SmallInteger maxVal])

Eliot Miranda eliot.miranda at gmail.com
Thu Oct 22 20:41:31 UTC 2009


On Thu, Oct 22, 2009 at 1:11 PM, John M McIntosh <
johnmci at smalltalkconsulting.com> wrote:

>
>
> On 2009-10-22, at 9:26 AM, Eliot Miranda wrote:
>
>>
>> Is there no access other than through the VM?  One of the major pains with
>> the iPhone is the lack of support for JITs.  The mmap function prevents
>> granting execute access on the memory it allocates.  John McIntosh has
>> suggested that Apple might be persuaded to provide a work-around for certain
>> applications (i.e. the Cog JIT) but I think John is merely speculating
>> optimistically (John, am I right or is there a real possibility here?).  It
>> would be great if Android didn't present simular hurdles.
>>
>
> Ah well the story is:
>
> The iPhone uses the virtual memory hardware page tags to deal with read,
> write, execute. *** Actually I was looking for confirmation of this but
> couldn't find it ***
> Apps from the store run as non-root from a nosuid partition, so you can't
> make them root, well not outside an exploit but those are *really rare now*.
> Apps from the store cannot dynamically link in executable code, everything
> you supply is static linked.
> I note things like Core-Data to SQLLite do DDL, but that's Apple's sandbox.
>
> To get a page of memory that is marked executable you need to use mmap to
> allocate a executable/read/write page of memory.
> The mmap binary is not quite BSD compliant, passing PROT_EXEC won't work if
> you are not root.
> *** I assume as root PROT_EXEC will work, but not clear on this, an Apple
> engineer insisted the PROC_EXEC logic wasn't in the binary, but doubtful how
> does the application loader then get the memory to load the binary? ***
>
> I did talk to some people in Apple enterprise security (hint at WWDC, the
> people in charge) about this issue,
> they have no plans to allow anyone to mmap memory with PROT_EXEC.
>
> They did however think if the *right* enterprise clients asked, then
> *maybe* an enterprise app with the proper certificate could get to PROC_EXEC
> as a
> non-root app, but that would require a change to the operating system.  For
> the curious a Enterprise can configure phones to disable various hardware
> components/features (ie no camera), plus of course distribute apps signed
> by the enterprise internally for phones which had the enterprise
> certificates.
>
> I did suggest to Cincom that they should ask.
>
> Did I mention Apple's security organizations general feelings? The answer
> is NO, now what was the question?
>
> Obviously this lowers the optimistic level...  Since I don't think we have
> an enterprise client (think 100,000 phones) who needs a JIT based app on the
> iPhone.
>

Its OK if you're Apple, right?  JavaScript is V8 (a JIT) on the iPhone isn't
it?  And if Java is on the iPhone its probably a JIT too.


>
> --
> ===========================================================================
> John M. McIntosh <johnmci at smalltalkconsulting.com>   Twitter:
>  squeaker68882
> Corporate Smalltalk Consulting Ltd.  http://www.smalltalkconsulting.com
> ===========================================================================
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20091022/9b4309f1/attachment.htm


More information about the Vm-dev mailing list