Shared address space

Mon, 12 May 1997 13:23:26 -0400

In assembler, the namespace of available objects is folded into
the integers mod 2^32 (for some machines).  This means
that you must use memory protection if you don't want
an errant program causing problems.

If lisp code is distributed as source, or semi-compiled, this
aspect should not be a problem.

In Lisp, the namespace consists of the objects that can
be referenced by free variables.  If these objects are read-only,
and if the program is constrained in other ways (no access to the
whole disk, etc.), then the program should not be able
to do anything dangerous.

This problem is a bit trickier than I have just stated, but it
should be possible to develop a secure model.

The issue at this point is whether it is possible to use the MMU
to assist in enforcing our policies.