Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!usc!sdd.hp.com!decwrl!bacchus.pa.dec.com!decvax.dec.com!zinn!ubbs-nh!siia!drd From: drd@siia.mv.com (David Dick) Newsgroups: comp.sys.mac.system Subject: Re: Protected-mode snake oil Message-ID: <1990Aug17.133833.9024@siia.mv.com> Date: 17 Aug 90 13:38:33 GMT References: <1204.26c2fb48@waikato.ac.nz> <1210.26c694ed@waikato.ac.nz> Organization: Software Innovations, Inc. Lines: 39 In <1210.26c694ed@waikato.ac.nz> ccc_ldo@waikato.ac.nz (Lawrence D'Oliveiro, Waikato University) writes: >Thanks to all those people who pointed out how reliable their UNIX systems >were. Can any of them tell me: does your system run anything like >Adobe Type Manager, or After Dark? Or (rummaging through this pile of >software that I haven't looked at yet) QuicKeys, FileMagic or POWERmenus? >Can you think of a way of implementing hooks for any of these so that a >bug in them can't render the system entirely unusable? The research operating system MULTICS included the concept of rings. Take the idea of two modes--user and system--and generalize it so that there is some number of modes > 2. The innermost ring would contain super-critical things like process scheduling and perhaps memory management. The next ring out might contain device drivers; further out rings containing things closer to user application programs. Outer-ring code would invoke inner-ring code in somewhat the same way system calls are done. (On MULTICS, ordinary subroutine calls would be done and the system would conspire to provide mode-changes the same way system-mode changes happen with system calls on most operating systems.) ATM or After Dark would operate in some intermediate ring. If they misbehaved, they could trash things in outer rings, but never those in inner rings. Some inner-ring code could be responsible for cleaning up after unfortunate events in outer rings. Even if a sophisticated facility like rings is not provided (and why they aren't I don't know--MULTICS had them almost 20 years ago!), a kernel can still provide protection by manipulating the address spaces while special-purpose things such as those you mention. In UNIX it could be done with special device drivers or additional system calls (e.g. to attach video ram to the code's address space). It's not as elegant and probably isn't practical for all uses, but it's still FAR better than the totally uncontrolled Mac environment of today. David Dick Software Innovations, Inc. [the Software Moving Company (sm)] "moving software to UNIX since 1980"