Ironwall

Ironwall Runtime Specification

Ironwall Runtime Specification

Runtime Position and GC Direction

Core Position:

  • Safety first, especially preventing RCE.
  • The core path is to reduce complexity. Complexity is one of the biggest enemies of safety.

GC complexity must be kept as minimal as possible because it operates in an unprotected environment. Once it becomes complex, failures are inevitable. GC should use the strategy with the least complexity. Complex GC strategies must be rejected.

Programs must trigger GC explicitly. When GC happens must be predictable, observable, and auditable.

The runtime must not turn GC into an implicit, background, self-directed collection mechanism.

Once trigger control is handed over to implicit runtime heuristics, the timing model and safety boundary of the entire system become blurry. Implicit, hidden runtime heuristic trigger mechanisms introduce another layer of complexity and should therefore be rejected.

The runtime's basic requirements are to be:

  • As simple as possible
  • Honest
  • Auditable
  • Explainable
  • Clear in its failure modes