Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!husc6!linus!philabs!steinmetz!davidsen From: davidsen@steinmetz.steinmetz.UUCP (William E. Davidsen Jr) Newsgroups: comp.arch Subject: Re: 80286 vs. 432 Message-ID: <5987@steinmetz.steinmetz.UUCP> Date: Thu, 14-May-87 11:57:21 EDT Article-I.D.: steinmet.5987 Posted: Thu May 14 11:57:21 1987 Date-Received: Sat, 16-May-87 14:16:48 EDT References: <5981@shemp.UCLA.EDU> Reply-To: davidsen@kbsvax.steinmetz.UUCP (William E. Davidsen Jr) Distribution: world Organization: General Electric CRD, Schenectady, NY Lines: 64 Keywords: 432, 80286 I am just cross posting this to arch, because many people don't (won't) read comp.intel. ================================================================ In article <5981@shemp.UCLA.EDU| kong@CS.UCLA.EDU writes: |Here is a interesting issue, |What are the pros and cons of object based (or capability based) systems, say |iAPX 432, in terms of protection mechanisms compared to the contentional system,say 80286, from the architecture's point of view ? | |Here are some comparisons between them, |1. protection granularity | 80286 uses segments as the basic protection unit. | 432 uses objects. | |2. protection implementation | 80286 uses global and local descriptor tables(GDT and LDT) to define | the rights to access the segments. Each memory reference has to check | those access rights. | 432 uses Access Descriptors (actually, capabilities) to define the | access right the user's process has. | |3. protection hierarchy | 80286 uses ring structured protection hierarchy. The inner most ring is | the most trusted OS kernel, the outer ring is the user's process. Each | ring has a privilege level which defines the current process privilege, | the privilege level will change as the process call a function which | resides at the inner ring. | 432 uses plain object spaces. There is no hierarchical structure. User | can access every objects as long as he has the right capability. | |4. instruction set | 80286 has certain privileged instructions which can only be executed | in the kernel mode. This is the direct consequence of the ring structure and use the segment as the basic protection unit. | in 432, you can execute every instructions as long as you have the right capability to access the instruction object. | |5. sharing | 80286 uses some sharable LDT or aliases to share some data or | instructions between some processes. Or you can put them into GDT to be | shared by every processes in the system. | 432 sharing is achieved by passing capabilities to the sharable object. | |*** It seems the conventional architecture such as 80286 has different | approaches for different problems (i.e. privilege level, ring,...). | Sometimes it seems that the conventional architecture can't guarantee | a true protection. On the other hand, the architecture of 432 is very | uniform; it solves each problems by using the same approach (I.e. | the object model), but it has severe ovehead for object access. As we | know, the 432 suffers from the slow performance problems which is a | direct consequence of this "safest" object model. As a matter of fact, | every object based systems has this kind of problems. So, what should | be our choice ? a conventional architecture whose performance is | acceptable but sometimes has protection problems, or a object based | system which has less protection problems but an (unacceptable ?) poor | performance ? | |'Kong |UUCP : ..!{sdcrdcf,ihnp4,cepu,trwspp,ucbvax}!ucla-cs!kong |ARPA : kong@cs.ucla.edu -- bill davidsen sixhub \ ARPA: wedu@ge-crd.arpa ihnp4!seismo!rochester!steinmetz -> crdos1!davidsen chinet / "Stupidity, like virtue, is its own reward"