From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-09-10 11:16:39 PST Path: archiver1.google.com!newsfeed.google.com!sn-xit-02!supernews.com!news.gv.tsc.tdk.com!falcon.america.net!sunqbc.risq.qc.ca!cpk-news-hub1.bbnplanet.com!news.gtei.net!newsfeed1.cidera.com!Cidera!border1.nntp.aus1.giganews.com!nntp.giganews.com!news-east.rr.com!news-west.rr.com!lsnws01.we.mediaone.net!typhoon.san.rr.com!not-for-mail Message-ID: <3B9D0375.B3F48CF9@san.rr.com> From: Darren New Organization: Boxes! X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Progress on AdaOS References: <3b95d429.592218@news.cis.dfn.de> <3B9654AE.CD4382ED@san.rr.com> <3b9768b6.1671036@news.cis.dfn.de> <3B97A5C7.3ED71528@san.rr.com> <3b9876e0.334859@news.cis.dfn.de> <3B98EEA2.179DD2A1@san.rr.com> <3b99f79e.751695@news.cis.dfn.de> <3B9ACEB6.7F06DF1D@san.rr.com> <3b9b8162.641537@news.cis.dfn.de> <3B9BD2A8.2B2090D5@san.rr.com> <3b9cb179.1274575@news.cis.dfn.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Mon, 10 Sep 2001 18:16:25 GMT NNTP-Posting-Host: 24.165.23.236 X-Complaints-To: abuse@rr.com X-Trace: typhoon.san.rr.com 1000145785 24.165.23.236 (Mon, 10 Sep 2001 11:16:25 PDT) NNTP-Posting-Date: Mon, 10 Sep 2001 11:16:25 PDT Xref: archiver1.google.com comp.lang.ada:12996 Date: 2001-09-10T18:16:25+00:00 List-Id: > I many OSes a process may have several tasks [threads]. Why not to > have several memory mappings as well? Nothing wrong with that. It's just not what the word "process" classically means. > >Correct. That's why you need it at some user level, rather than > >kernel-enforced. > > Why not? Could a capacity be represented by a tagged type, and so that > dispatch [sometimes] happens on the kernel context? Well, if I have a tagged type that dispatches to the kernel, and there's three inherited procedures, and you only want the holder of the tagged object to be able to dispatch to one of them, you're going to have trouble. Maybe all three will dispatch to the kernel, and the kernel will decide that two of them are erroneous and should raise Capability_Error or something, but then that's a user-level check, rather than a hardware check. The fact that the code is running with kernel permissions doesn't change the fact that it's software doing the checking, which is what I meant. > >Yes. And you can do this by either using hardware protection, or using a > >VB interpreter that doesn't let them run off the end of arrays. The > >JavaVM (other than JNI etc) certainly doesn't need hardware support to > >keep you from doing something nasty - that's the whole idea of the > >sandbox. > > What about hardware/software faults? What about them? You're still going to have the kernel managing the memory maps in your scheme, and if there's a fault in that software, you still have a fault. You're still going to have programs like "login" handling your permissions. It's going to take lots of development to make it reliable. My point was that there are more ways to think about the problem than I think have been considered. Certainly more solutions than have been investigated here. -- Darren New San Diego, CA, USA (PST). Cryptokeys on demand. Those who work hard with few results always value hard work over getting results.