From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,dea2d62ab1462538 X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,ASCII Path: g2news1.google.com!news4.google.com!proxad.net!feeder1-2.proxad.net!194.25.134.126.MISMATCH!newsfeed01.sul.t-online.de!t-online.de!news.belwue.de!newsfeed.arcor.de!newsspool3.arcor-online.net!news.arcor.de.POSTED!not-for-mail From: "Dmitry A. Kazakov" Subject: Re: Writing an Operating System in Ada Newsgroups: comp.lang.ada User-Agent: 40tude_Dialog/2.0.15.1 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Reply-To: mailbox@dmitry-kazakov.de Organization: cbb software GmbH References: <8e9bc311-7540-40a1-b19e-49e93648c25c@s31g2000yqs.googlegroups.com> <3t7l4nep6nxx$.q8ux8y7cxfgd$.dlg@40tude.net> Date: Thu, 14 Jan 2010 14:47:06 +0100 Message-ID: <1oc1i9h8c1m5x$.eicdlkd8iiep$.dlg@40tude.net> NNTP-Posting-Date: 14 Jan 2010 14:47:06 CET NNTP-Posting-Host: 0abfb2e0.newsspool1.arcor-online.net X-Trace: DXC=CHP:@fd]NJPFm0Y?OE@2^Xic==]BZ:af^4Fo<]lROoRQ<`=YMgDjhgRS=hTm0oLAE_[6LHn;2LCV^7enW;^6ZC`TIXm65S@:3>_b>41PNlUO?R X-Complaints-To: usenet-abuse@arcor.de Xref: g2news1.google.com comp.lang.ada:8746 Date: 2010-01-14T14:47:06+01:00 List-Id: On Thu, 14 Jan 2010 12:31:01 +0100, Jean-Pierre Rosen wrote: > Dmitry A. Kazakov a �crit : >> I disagree. One could perfectly complement another. If you wanted to create >> a safe OS you would like to protect system objects at the hardware level >> independently on whether the language does any checks or not. >> > They claimed that the CPU was "putting Ada on silicon". What I mean is > that the value of Ada is to check many things at compile time; anything > that's on silicon will have to wait until execution time. Well, Ada has a cooperative model of accessing things, i.e. whatever the compiler has checked, that gives no any guaranty at run time. We could also imagine a variant of the language that would give such guaranties if demanded. For example a protected object could be mapped outside the process's space. When calling an operation on it, the OS would check the provided object address and execute the protected operation in the kernel mode. This is how many OSes handle I/O requests. They check the request parameters for being valid addresses in the process space. They also check certain types. When you pass a handle to some system object, it is checked if that is a brush, when used in Paint. That sort of things could be supported by the hardware reducing the overhead of system calls. Shared libraries would certainly win from such design too. So there is nothing wrong in this idea, and it is in no contradiction with static checks. (What iAPX432 was actually designed for is another story) -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de