There are three technologies to enforce law and order among programs: I think that automatic proof checking provides the highest potential performance of user machine code but the art is not yet well developed. The art of proving resource properties of user code (space and time) is even less developed. The checking can be done locally, which takes time, or the checked code can be signed by a trusted remote checker. It even takes time to check a digital signature. I will not consider code checking further here.

Java, or better yet E, is a type safe interpreter and is perhaps nearly safe enough for the job but Java does not yet address time and space. It is strategic that it is machine independent. Java's JIT (compile as you go) stuff is exciting but that exacerbates the time issues. I will not consider interpreters further now.

That leaves the machine hardware solution. Lets look at modern hardware. 4K pages are the general rule. We will usually want to run different object instances in different maps. This means less user code devoted to distinguishing what the job at hand is and fewer bugs in such code. Indeed is it critical to avoid cross-talk between two streams using the same protocol. When we adopt this plan the smallest object occupies a page. We discuss the cost of hardware context switching here and conclude that about 150 clock times may be required.