home *** CD-ROM | disk | FTP | other *** search
- Path: comma.rhein.de!serpens!not-for-mail
- From: mlelstv@serpens.rhein.de (Michael van Elst)
- Newsgroups: comp.sys.amiga.misc
- Subject: Re: OS features
- Date: 2 Feb 1996 10:18:30 +0100
- Organization: dis-
- Message-ID: <4eskt6$1ea@serpens.rhein.de>
- References: <4aj1tc$39r@candelo.dpie.gov.au> <1058.6591T492T1743@cycor.ca> <DLnqBB.DuD@focus-systems.on.ca> <4e442t$4ve@serpens.rhein.de> <DM4Etu.49K@focus-systems.on.ca>
- NNTP-Posting-Host: serpens.rhein.de
-
- wayne@focus-systems.on.ca (Wayne Fisher) writes:
-
- >I'll admit that I haven't done any large programs under AmigaOS but I
- >can't see why the overhead would be an order of magnitude more than
- >most other OSs.
-
- It isn't. Memory protection under UNIX costs about the same.
-
- >The machine I use at work is a fully protected OS running on
- >80[345]86s. It supports virtual memory but doesn't page to disk. It's
- >realtime and has incredible context switch times. Overhead from memory
- >protection cannot be very high.
-
- You think about QNX ?
-
- >>>although that is a natural extension to it. By virtual memory, I mean
- >>>giving all programs a contiguous address space independant of other
- >>>programs.
- >>This breaks 99% of all programs.
-
- >Maybe if you include games
-
- No. Games won't run at all unless you boot in a MMU-less state.
-
- >but they break on almost any machine that
- >is capable of memory protection anyways.
-
- I am thinking of regular apps that rely on a flat address space. Just
- think about an I/O buffer that is passed to the filesystem and a driver
- and maybe even an interrupt system.
-
- >And if this was true, I doubt that GigaMem would exist. Nor would it
- >work with a number of large commercial applications.
-
- GigaMem does _not_ provide separate address spaces for each task.
-
- >>>Neither of these features affects the realtime nature of the machine.
- >>You bet... It affects speed.
-
- >What does speed have to do with realtime. Faster just means you can do
- >more in the same amount of time - it isn't a requirement for realtime.
-
- While that is true you won't find _any_ realtime application that works
- independent of the actual speed. It's not all "task a must complete
- before task b". It is also "task a has to run N times per second with
- a latency of M milliseconds".
-
- >>> - protect unallocated memory from any accesses.
- >>MMU granularity forbids this. You cannot trap accesses to partially
- >>allocated pages.
-
- >Memory would be allocated to program on a page basis. Sure, you can't
- >protect the memory that malloc() hasn't used yet but you can catch
- >stray accesses to that 8MB chunk that doesn't belong to anyone.
-
- Obviously.
-
- >>> - protect any ROMs from writes.
- >>That's code and hardly matters. But protecting all the I/O addresses
- >>would help.
-
- >Well, it matters if the OS is going to catch it or not.
-
- Yes. It is nice to catch bugs. But a write to ROM doesn't do anything
- serious that would kill applications. But a single write to an I/O
- port can freeze the whole machine.
-
- >Remember, OS code can be 'priviledged' and access everyone's data.
-
- So, what is OS ? The handler process you simulate in your make utility ?
- The BOOPSI gadget that runs on input.device context ? The lowmem-handler
- that may execute in supervisor mode ?
-
- >The
- >biggest thing as far as programs go is in passing messages between
- >each other.
-
- You understand that most system functions do not pass messages. Instead
- you call the system function as a big library. Changing that to pass
- messages (even synchronously since you don't want to change semantics)
- is going to be abyssmally slow.
-
- >And yes, there would have to be some work done on AmigaOS to handle
- >access to program data.
-
- As I said. It had to be changed completely.
-
- >Later OS revisions could expand on this and on what memory is
- >protected and how.
-
- Sorry, how ? As I said this is something VERY difficult.
-
- >Invalid parameters is different from memory protection,
-
- No. Memory protection doesn't make sense without parameter checking.
- The system cannot simply accept arbitrary pointers for shared objects.
- You would have to write code that does not change shared data whenever
- the pointer is used to access the object.
-
- >What does memory protection have to do with passing a value of 1111 to
- >a function that expects something in the range 0-255?
-
- The problem that the function can still crash. Without sanity checks
- all over your memory protection doesn't do _anything_ to software
- stability.
-
- >Either force shared data to be explicitly allocated by the program as
- >shared to work out a way to let the OS do it. No question, some though
- >and work would be required here.
-
- You need complete hierarchy schemes. After all you don't want to allow
- other tasks to trash your window or gadget structure just because it
- was allocated "shared".
-
- >I'll admit that I'm not familiar with this area of the OS. However,
- >device drivers could become a priviledged part of the OS when they are
- >activated.
-
- Which already rules out to use any existing driver. Memory protection
- on existing machines would be impossible.
-
- >>Unfortunately most parameters are passed by pointers. You do have
- >>to change everything.
-
- >No change as far as the function prototypes of the API are concerned.
-
- If you do that you add tons of overhead and still you couldn't catch
- everything.
-
- Regards,
- --
- Michael van Elst
-
- Internet: mlelstv@serpens.rhein.de
- "A potential Snark may lurk in every tree."
-
