It was our last best hope for peace...

P T Withington
Thu, 8 Oct 1998 15:34:21 -0400

On 10/7/98 18:19, Ray Dillinger wrote:

>In other systems, like the BeOS, there is exactly ONE mapping of
>physical memory to addresses, and every process uses it.  Thus,
>different processes are implemented as what in UNIX would be
>called different threads.  This makes context switching a lot
>easier, allows much finer-grained parallelism, gets more use out
>of multiple processors, and a bunch of other nice things.  But 
>in such an operating system, how do you keep a buggy program
>from writing a random value into the middle of another's data
>(or code!!) causing crashes?  

You could require that all your programs be written in a safe language.  
That wouldn't prevent someone from intentionally making unsafe operations 
(they could write their own assembler, etc.) which is why you need 
hardware support to make a system secure againts malicious users.  But in 
a cooperative/friendly environment it would prevent someone from 
accidentally breaking things.

I don't know how Be do it, since I thought they just programmed in C++, 
which makes it very easy to unintentionally screw up.

Hardware pointer security doesn't have to mean separate address spaces.  
Capability machines provide hardware pointer security, essentially on an 
object-by-object basis.