From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=BAYES_00,FORGED_MUA_MOZILLA autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,af0c6ea85f3ed92d X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII Received: by 10.68.74.201 with SMTP id w9mr9274971pbv.0.1329566287637; Sat, 18 Feb 2012 03:58:07 -0800 (PST) Path: wr5ni39429pbc.0!nntp.google.com!news2.google.com!news3.google.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Niklas Holsti Newsgroups: comp.lang.ada Subject: Re: Arbitrary Sandbox Date: Sat, 18 Feb 2012 13:58:07 +0200 Organization: Tidorum Ltd Message-ID: <9q9i2eFcv7U1@mid.individual.net> References: <2aaee0a4-e820-4a75-bbaf-d9d09c366d2c@f5g2000yqm.googlegroups.com> <4da4bf75-e6c9-4c17-9072-ab6f533ed93f@vd8g2000pbc.googlegroups.com> <203d63cf-42a9-49ef-82cd-943d77b5e438@c21g2000yqi.googlegroups.com> <193cr8xol0ysi.14p4cp2yxnb0r$.dlg@40tude.net> <1jleu301thnd3$.s23priwn3ajb$.dlg@40tude.net> Mime-Version: 1.0 X-Trace: individual.net q1KYdXosIfsKMFP1R6LQVAllKA602ovxR6O86Hroy729Z36YCr Cancel-Lock: sha1:eNoyvIRP/tEU3m6OacBZIc+0FGE= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 In-Reply-To: <1jleu301thnd3$.s23priwn3ajb$.dlg@40tude.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Date: 2012-02-18T13:58:07+02:00 List-Id: On 12-02-18 13:31 , Dmitry A. Kazakov wrote: > On Sat, 18 Feb 2012 11:45:58 +0100, Yannick Duch�ne (Hibou57) wrote: > >> Le Sat, 18 Feb 2012 09:26:42 +0100, Dmitry A. Kazakov >> a �crit: >> >>> On Fri, 17 Feb 2012 20:47:36 -0800 (PST), Shark8 wrote: >>> >>>> You know; I always wondered why they (developers, and OS designers) >>>> didn't take advantage of segments. >>> >>> Ineffective, complicated, generally useless? >> Why? > > Presumably because of lack of address order. Comparing driver developing > for PDP-11/RSX-11 vs. 80286/Windows/DOS. The former was immensely simpler, > safer and also more effective (you could pass a buffer from the process > space to the driver). The latter was a pure horror. > > I wonder what kind of architecture could require a safe implementation of > Ada, e.g. when private parts of packages and protected objects would be > mapped onto the memory physically inaccessible from public contexts. > > Or, considering an implementation of an object-based OS without any I/O > when everything is just memory mapped. Maybe some sort of segments on top > of pages could be used for that... The Nokia Data MPS 10 minicomputer (1983) was something like that. See: Pekka Lahtinen. 1982. A machine architecture for Ada. Ada Lett. II, 2 (September 1982), 28-33. DOI=10.1145/989798.989799 http://doi.acm.org/10.1145/989798.989799 From that description, its seems that each static (= library-level) package had its own data segment, which contained both the public and private data of that package. So hardware was not used to check or enforce Ada visibility rules, at least not for the package level, but I suppose it could have been done by simply making two different segments for the package. Perhaps a change in the Ada compiler would have been enough. -- Niklas Holsti Tidorum Ltd niklas holsti tidorum fi . @ .