Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!rutgers!cbmvax!valentin From: valentin@cbmvax.commodore.com (Valentin Pepelea) Newsgroups: comp.sys.amiga.tech Subject: Re: resource tracking Message-ID: <9716@cbmvax.commodore.com> Date: 19 Feb 90 02:35:51 GMT References: <355.25C92297@weyr.FIDONET.ORG> <131188@sun.Eng.Sun.COM> Reply-To: valentin@cbmvax.cbm.commodore.com (Valentin Pepelea) Organization: Commodore, West Chester, PA Lines: 53 In article <131188@sun.Eng.Sun.COM> cmcmanis@sun.UUCP (Chuck McManis) writes: > >Something I personally would like to see would be a "runprotected" command >that would start a program and setfunction the appropriate vectors so that >the program would run with the MMU protecting all addresses outside of it's >range. > >It need only protect them from Write Access and could stop the >program when it did something stupid. Too bad Valentin already has >his degree this might be a good thesis project :-) Not that I did not think about it. The problem is that I can not achieve full recoverability if a task goes astray. The problem lies with the definition and useage of MEMF_PUBLIC. Memory defined as such is free to be written to by any task or interrupt in the system. That's where all the system structures are. So if one task crashes, even if the MMU protects other private memory, it could be that a portion of MEMF_PUBLIC memory got corrupted by some other task, and that eventually resulted in the crash under the context of the current task. Full recoverability in a memory protected system can therefore be achieved only by changing the definition of the MEMF_PUBLIC flag, and by adding parameter checking to all system functions that cause another task or interrupt to execute some code. For example the DoIO() function causes a device to process a request. If the request provided is scrambled, a crash will occur under the device's context. Both these changes would cause some programs to fail, if implemented. So for backwards compatibility reasons, it is unlikely that memory protection will ever be implemented on AmigaDOS. I for one would gladely implement them as they require no great engineering effort, but the god in the corner office is unlikely to approve, for backward compatibility reasons. >This would be a great debugging tool and allow a developer to >release it with confidence on the unsuspecting user community >*knowing* that it doesn't do weirdo writes outside of its address >space. As a debugging tool, "runprotected" would still make sense, since many illegal memory accesses would be detected this way. In fact, we already have two such utilities in-house. Both trap accesses to page zero (0x000000-0x000100) and above 16 Meg, send out a status report on the serial port at 9600 baud, and then complete the memory accesses manually. One was written by Bryce and the other by me. We like so much to double engineering efforts, you see. Of course, mine is muchg better written. :-) Valentin -- The Goddess of democracy? "The tyrants Name: Valentin Pepelea may distroy a statue, but they cannot Phone: (215) 431-9327 kill a god." UseNet: cbmvax!valentin@uunet.uu.net - Ancient Chinese Proverb Claimer: I not Commodore spokesman be