Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!cbmvax!valentin From: valentin@cbmvax.commodore.com (Valentin Pepelea) Newsgroups: comp.sys.amiga.tech Subject: Re: Memory protection for AmigaDOS Message-ID: <12521@cbmvax.commodore.com> Date: 10 Jun 90 22:30:53 GMT References: <4250@darkstar.ucsc.edu> Reply-To: valentin@cbmvax (Valentin Pepelea) Distribution: na Organization: Commodore, West Chester, PA Lines: 84 In article <4250@darkstar.ucsc.edu> davids@slugmail.UCSC.EDU (Dave Schreiber) writes: > >A while back (I'm sure you all remember), there was a discussion >regarding putting memory protection into the Amiga OS. As I remember, >the two big problems were: > > 1. Compatibility > 2. Loss of performance, due to the loss of the ability of programs > to access memory allocated by other programs. Actually, performance was never an issue. While fetching a new translation table pointer for every task switch is going to slow down the system, the degradation is insignificant. In fact, it is probably lower than the degradation caused by math coprocessor context switches. > Since then I've been reading _Unix Papers for Unix Developers and Power > Users_ by the Waite Group. In it there is a paper regarding porting > Unix to 68030 systems; basically an intro to the '030, its features, > considerations, etc. On pages 444-445, the paper talks about shared > memory: Of all the operating systems that need studying, I found out that Unix is the cause for most of excess garbage added to streamlined operating systems such as ours. Shared memory though is an exception. :-) > So, what have I missed here? Is there something else in the Amiga's > OS that makes memory protection difficult to do? Well yes, the problem being irreponsability for the last five years. The first problem is the non-useage of the MEMF_PUBLIC flag. Theis flag defines a region of memory that can be accessed by 'other' tasks. Thus if a task want to send a message, it would put it in public memory and signal the other task to pick it up. Public data structures also have to be put in public memory, so that that the operating system may access them. Unfortunately, by definition, this impedes full recovery of a crashing task. Because OS structures have to be put in public memory, any task may access that public memory, and thus cause system lists to get corrupted. Since the cause of a crash is therefore impossible to determine, the crashing task cannot be identified, and the whole machine has to be reset. Another solution would have been to use the mn_length field of a message structure. If that field was used, public memory could be ignored, and the operating system would be informed of the starting and end address of the message. It could then modify the MMU transtalion table of the target task to allow it to access the given message. But then we also have to implement parameter checking. If we send an I/O request to a device driver, and it turns out that the device driver crashes because the parameters were wrong, again we don't know how to recover from the crash, unlkess parameter checking is implemented. Then there's resource tracking. What if a task grabs the DOS device list semaphore, and then crashes. The semaphore should be freed by the operating system, but since we don't have resource tracking yet... To summerize, in order to have memory protection we need to: 1. Redefine and use the MEMF_PUBLIC flag. 2. Use the mn_length field in message structures. 3. Implement parameter checking. 4. Implement resource tracking. Unfortunately, the greatest advantage of the Amiga is that tasks may share data by simply sharing a common memory block. That habit would have to be curtailed for memory protection to work. One thing we could do meanwhile is to come out with tools that make sure applications use the MEMF_PUBLIC flag and mn-length fields correctly. Easy to do. Then when a memory protected operating system came out, most applications would already be compatible. The MEMF_PUBLIC flag should be used right away anyway. We could redefine it to mean "motherboard memory accessible by all processors" in a multi-processing computer. Not using this flag would degrade performance on a multi-processor computer considerably. Valentin -- The Goddess of democracy? "The tyrants Name: Valentin Pepelea may distroy a statue, but they cannot Phone: (215) 431-9327 kill a god." UseNet: cbmvax!valentin@uunet.uu.net - Ancient Chinese Proverb Claimer: I not Commodore spokesman be