Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!rutgers!mit-eddie!genrad!decvax!ucbvax!cartan!brahms.Berkeley.EDU!ballou From: ballou@brahms.Berkeley.EDU.UUCP Newsgroups: comp.os.minix Subject: MINIX memory management/protection Message-ID: <888@cartan.Berkeley.EDU> Date: Wed, 4-Feb-87 18:12:05 EST Article-I.D.: cartan.888 Posted: Wed Feb 4 18:12:05 1987 Date-Received: Sat, 7-Feb-87 09:17:39 EST References: <252@hqda-ai.UUCP> <1169@steinmetz.steinmetz.UUCP> <511@bobkat.UUCP> Sender: daemon@cartan.Berkeley.EDU Reply-To: ballou@brahms.Berkeley.EDU (Kenneth R. Ballou) Organization: Math Dept. UC Berkeley Lines: 42 Keywords: shared swapped jobs In article <511@bobkat.UUCP> m5d@bobkat.UUCP (Mike McNally (dlsh)) writes: >In article <1169@steinmetz.steinmetz.UUCP> davidsen@kbsvax.UUCP (william E Davidsen) writes: >> >>If you allocate a full 64k to data, there is hardware protection: you >>can't address more than that. This assures that any program which >>doesn't deliberately set out to cause problems will not modify the >>code. ... > >What about a program with a bug in it? Like "strcpy(a, b)" when "a" is >not quite what I meant? It's real easy to make this kind of mistake; >how many times while debugging a program on a VAX (or whatever) do you >get SIGBUS or SIGSEGV? [Omitted here: a description of a phenomenon with which I'm sure we are all too painfully familiar -- how wild pointers can crash programs and machines.] I think you have missed a key point here which depends on the iAPX86 architecture. Because addresses are constructed as SEGMENT:OFFSET, as long as the compiler generates no code that would reload the segment registers and as long as you do not use any assembly code in your program that does this, then you are physically constrained to 64K bytes starting at absolute location 16 * SEGMENT. Since pointers are passed only as offsets, the worst you can do is scribble over your 64K segment. However, this is a blatant lie, and it is possible you are vindicated. For, if auto variables are allocated on the stack, one could still easily lose. Since the stack must lie in the same segment as the static data (otherwise, pointers must have segments associated with them to distinguish between auto and static variables), it is possible to scribble over the stack. In doing so, one could alter a return address and find oneself in another process, or perhaps the kernel. Also, equally likely is that one would try to execute data and encounter an illegal opcode. I believe (but I am not certain) that this halts the 8086. So, in summary, it turns out you are right, in an indirect sort of way. -------- Kenneth R. Ballou ARPA: ballou@brahms.berkeley.edu Department of Mathematics UUCP: ...!ucbvax!brahms!ballou University of California Berkeley, California 94720