Now, I’ll comment a bit on the OS internals. I’ll start with the toolchain for obvious reasons. 🙂
I’ll start with the LLVM 3.0 compiler. It now has a feature called Automatic Reference Counting. If you ever programmed in Objective-C, you know that it’s a PITA to keep memory management sane. If you don’t know what I’m talking about, lucky you. In Cocoa, when we want to allocate memory for an object, it sends a retain message to it, which increments a counter (reference counter). When we’re done with that object, we message it again, but now with a release message, which decrements the reference counter. Think it as analog to malloc/free in C, if you wish. There is also an autorelease message, which adds the object to something called the autorelease pool. When the pool is drained at the end of an event loop, each object gets one release message for each time it was added to the pool (see Stanford course CS193P in iTunesU for more details on this).
Understood? Good. Now think about that process a million times in a large app. Not beautiful, right? That’s where Automatic Reference Counting comes in. What it does is that LLVM puts the retain and release/autorelease messages in the correct places, so the programmer doesn’t need to worry about them. That happens in compile-time and it doesn’t break compatibility when linking to other libraries you may used to. Then, when the code goes into the Clang backend, the compiler detects and removes any redundant memory management operations. Very neat!
The next point I want to discuss is security. Mac OS X Lion has some great improvements here. First is sandboxing of apps.
Sandboxing apps mean that whenever an app is running, it has a list of things it’s allowed to do (i.e. receive network connections, take a photo using iSight, write to disk, etc). The OS maintains trusted daemons which are entitled to perform these actions on behalf of a sandboxed app. So, what we have here is a very neatly crafted privilege separation among processes. One clear example on how this is useful is to protect us from PDF exploits, for instance – Preview isolates the PDF parser (low privilege) from the rest of the app which is allowed to access the file system (higher privilege). And to ensure this works the intended way, all sandboxed apps must be signed. By the way, all apps in the Mac App Store will have to be sandboxed starting in November 2011.
Another advantage of breaking the app into small pieces with different privileges is that if one of them crashes, it doesn’t necessarily takes down the entire app (i.e. Flash crashing and taking our browsers with it).
One other aspect of security that is present in Lion is full Address Space Layout Randomization, which makes attacks against particular addresses very difficult (i.e. return-to-libc attacks, or stack shell code injection).
And that’s all I had about Mac OS X Lion. I hope you enjoyed the reading!