It was our last best hope for peace...
Kragen
kragen@pobox.com
Wed, 7 Oct 1998 19:59:39 -0400 (EDT)
On Wed, 7 Oct 1998, Ray Dillinger wrote:
> In other systems, like the BeOS, there is exactly ONE mapping of
> physical memory to addresses, and every process uses it. Thus,
> different processes are implemented as what in UNIX would be
> called different threads. This makes context switching a lot
> easier, allows much finer-grained parallelism, gets more use out
> of multiple processors, and a bunch of other nice things. But
> in such an operating system, how do you keep a buggy program
> from writing a random value into the middle of another's data
> (or code!!) causing crashes?
I'm not familiar with how BeOS does it, but there is a family of OSes
called "single address-space OSes" in which every process's memory
mapping is the same, but every process has different permissions with
which it can access that memory. So each process only has read access
to the things it needs to have read access to, write access to the
things it needs to have write access to, etc. This gives you the same
insulation against wild pointers that the Unix model does, but makes it
easier to write programs that communicate via shared memory -- the
shared memory can have pointers in it. Maybe this is what BeOS is doing?
I'm not familiar with the implications this has for context-switch cost.
Clearly, writing programs with many threads in Lisp can give you the
same isolation as the Unix model, but gives you the same low
context-switch time as the no-protection many-threads model. Unless
there's a bug in your Lisp interpreter. :) (This is why Java
programmers use multiple separate virtual machines. :)
Kragen (who hasn't implemented an OS, timed a context switch, written a
multithreaded program, found bugs in his Lisp interpreter, or
written anything in Java)
--
<kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/>
A well designed system must take people into account. . . . It's hard to
build a system that provides strong authentication on top of systems that
can be penetrated by knowing someone's mother's maiden name. -- Schneier