Processes and Communication (2)
Gary D. Duzan
Tue, 09 Mar 93 20:14:56 -0500
=>> Imagine a system that automatically changes the protection level
=>> when the code enters a particular code area. Each protected block of
=>> code would provide a special block of memory containing jump
=>> operations. This block would allow other code to execute it, and
=>> executing it causes a protection switch, so when the CPU hits the jump
=>> target, the processor will be executing with a new set of rights.
=>For anyone who has familiarity with the 386, you know how incredibly
=>easy this is to accomplish! [ et cetera ... ]
Actually, my first reference (from the USENIX Workshop Proceedings)
mentions that their initial implementation would use the segment
mechanism in the 386. (Eventually they plan to use a flat 64-bit
address space with a special MMU.)
=>> Please keep the flames down to simmer; this is all hypothetical/
=>> theoretical stuff, and won't necessarily apply to MOOSE. However,
=>> there may be some ideas we can use in there somewhere.
=>I can't think of any other way to accomplish what we need to do without
=>some sort of mechanism like this. It's completely transparent to the
=>programmer and even to the compiler. I like it!
For those systems that can't support this mechanism, we could put a
virtual procedure call (a VPC, for those who don't like the name RPC
:-) in the path. We could even tack the rights portion of a capability
to the VPC if we wanted to do so. Regardless, we will want some sort of
abstract interface to hide the details.
If you have access to a technical library, I'd suggest looking up
the articles I mentioned earlier. Together, they suggest the
possibility of the next generation kernelless operating system, which I
see as a significant step (though time will tell in which direction.)
Humble Practitioner of the Computer Arts