Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!ucla-cs!kong
From: kong@ucla-cs.UUCP
Newsgroups: comp.sys.intel
Subject: 80286 vs. 432
Message-ID: <5981@shemp.UCLA.EDU>
Date: Mon, 11-May-87 23:31:56 EDT
Article-I.D.: shemp.5981
Posted: Mon May 11 23:31:56 1987
Date-Received: Thu, 14-May-87 01:48:15 EDT
Sender: root@CS.UCLA.EDU
Reply-To: kong@CS.UCLA.EDU
Distribution: world
Organization: UCLA Computer Science Department
Lines: 53
Keywords: 432, 80286

Here is a interesting issue,
What are the pros and cons of object based (or capability based) systems, say
iAPX 432, in terms of protection mechanisms compared to the contentional system,say 80286, from the architecture's point of view ?

Here are some comparisons between them,
1. protection granularity
	80286 uses segments as the basic protection unit.
	432 uses objects.

2. protection implementation
	80286 uses global and local descriptor tables(GDT and LDT) to define
	the rights to access the segments. Each memory reference has to check
	those access rights.
	432 uses Access Descriptors (actually, capabilities) to define the
	access right the user's process has.

3. protection hierarchy
	80286 uses ring structured protection hierarchy. The inner most ring is
	the most trusted OS kernel, the outer ring is the user's process. Each
	ring has a privilege level which defines the current process privilege,
	the privilege level will change as the process call a function which 
	resides at the inner ring.
	432 uses plain object spaces. There is no hierarchical structure. User
	can access every objects as long as he has the right capability.

4. instruction set
	80286 has certain privileged instructions which can only be executed
	in the kernel mode. This is the direct consequence of the ring structure	and use the segment as the basic protection unit.
	in 432, you can execute every instructions as long as you have the right	capability to access the instruction object.

5. sharing
	80286 uses some sharable LDT or aliases to share some data or 
        instructions between some processes. Or you can put them into GDT to be 
	shared by every processes in the system.
	432 sharing is achieved by passing capabilities to the sharable object.

***	It seems the conventional architecture such as 80286 has different
	approaches for different problems (i.e. privilege level, ring,...).
	Sometimes it seems that the conventional architecture can't guarantee
	a true protection. On the other hand, the architecture of 432 is very 
	uniform; it solves each problems by using the same approach (I.e. 
	the object model), but it has severe ovehead for object access. As we 
	know, the 432 suffers from the slow performance problems which is a 
	direct consequence of this "safest" object model. As a matter of fact, 
	every object based systems has this kind of problems. So, what should 
	be our choice ? a conventional architecture whose performance is
	acceptable but sometimes has protection problems, or a object based 
	system which has less protection problems but an (unacceptable ?) poor 
	performance ?

'Kong
UUCP : ..!{sdcrdcf,ihnp4,cepu,trwspp,ucbvax}!ucla-cs!kong
ARPA : kong@cs.ucla.edu