Squeak + Android and Dalvik!? (was Re: [Vm-dev] Performance,
Quality and Process [was Array new: SmallInteger maxVal])
John M McIntosh
johnmci at smalltalkconsulting.com
Thu Oct 22 20:11:47 UTC 2009
On 2009-10-22, at 9:26 AM, Eliot Miranda wrote:
>
> Is there no access other than through the VM? One of the major
> pains with the iPhone is the lack of support for JITs. The mmap
> function prevents granting execute access on the memory it
> allocates. John McIntosh has suggested that Apple might be
> persuaded to provide a work-around for certain applications (i.e.
> the Cog JIT) but I think John is merely speculating optimistically
> (John, am I right or is there a real possibility here?). It would
> be great if Android didn't present simular hurdles.
Ah well the story is:
The iPhone uses the virtual memory hardware page tags to deal with
read, write, execute. *** Actually I was looking for confirmation of
this but couldn't find it ***
Apps from the store run as non-root from a nosuid partition, so you
can't make them root, well not outside an exploit but those are
*really rare now*.
Apps from the store cannot dynamically link in executable code,
everything you supply is static linked.
I note things like Core-Data to SQLLite do DDL, but that's Apple's
sandbox.
To get a page of memory that is marked executable you need to use mmap
to allocate a executable/read/write page of memory.
The mmap binary is not quite BSD compliant, passing PROT_EXEC won't
work if you are not root.
*** I assume as root PROT_EXEC will work, but not clear on this, an
Apple engineer insisted the PROC_EXEC logic wasn't in the binary, but
doubtful how
does the application loader then get the memory to load the binary? ***
I did talk to some people in Apple enterprise security (hint at WWDC,
the people in charge) about this issue,
they have no plans to allow anyone to mmap memory with PROT_EXEC.
They did however think if the *right* enterprise clients asked, then
*maybe* an enterprise app with the proper certificate could get to
PROC_EXEC as a
non-root app, but that would require a change to the operating
system. For the curious a Enterprise can configure phones to disable
various hardware
components/features (ie no camera), plus of course distribute apps
signed by the enterprise internally for phones which had the
enterprise certificates.
I did suggest to Cincom that they should ask.
Did I mention Apple's security organizations general feelings? The
answer is NO, now what was the question?
Obviously this lowers the optimistic level... Since I don't think we
have an enterprise client (think 100,000 phones) who needs a JIT based
app on the iPhone.
--
=
=
=
========================================================================
John M. McIntosh <johnmci at smalltalkconsulting.com> Twitter:
squeaker68882
Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com
=
=
=
========================================================================
More information about the Vm-dev
mailing list