Look at this: http://msdn.microsoft.com/en-us/magazine/cc163603.aspx
Aggressive interprocedural optimization is possible because Singularity processes are closed--they do not permit code loading after the process starts executing. This is a dramatic change, since dynamic code loading is a popular, but problematic, mechanism for loading plug-ins. Giving plug-ins access to a program's internals presents serious security and reliability problems (did you know that 85 percent of blue screens in Windows are caused by third-party plug-ins and device drivers?). Dynamic loading frustrates program analysis in compilers or defect-detection tools, which can't see all code that might execute. To be safe, the analysis must be conservative, which precludes many optimizations and dulls the accuracy of defect detection.
Java has had full safety and sandboxing, dynamic loading and interprocedural optimization for more than a decade, and it wasn't even the first.