PROTECTION
Restricting the addressability of a software module enables an operating system
to
control system
resources and priorities. This
is
especially important
in
an environment that supports multiple concur-
rent users. Multi-user, multi-tasking, and distributed processing systems require this complete control
of system resources for efficient, reliable operation.
The second aspect of protection
is
isolating users from each other. Without such isolation an error in
one user program could affect the operation of another error-free user program. Such subtle interac-
tions are difficult to diagnose and repair. The reliability of applications programs
is
greatly enhanced
by
such isolation of users.
Within a system or application level program, the
80286
will
ensure that all code and data segments
are properly used (e.g., data cannot be executed, programs cannot be modified, and offset must be
within defined limits, etc.). Such checks are performed
on
every memory access to provide full run-
time error checking.
7_1.2 Protection Implementation
The protection hardware of the 80286 establishes constraints
on
memory and instruction usage. The
number of possible interactions between instructions, memory, and
I/O
devices
is
practically unlim-
ited. Out of this very large field the protection mechanism limits interactions to a controlled, under-
standable subset. Within this subset fall the list of "correct" operations. Any operation that does not
fall into this subset
is
not allowed
by
the protection mechanism and
is
signalled
as
a protection
violation.
To understand protection
on
the 80286,
you
must begin with its basic parts: segments and tasks. 80286
segments are the smallest region of memory which have unique protection attributes. Modular
programming automatically produces separate regions of memory (segments)
whose
contents are treated
as a whole. Segments reflect the natural construction of a program, e.g., code for module
A,
data for
module
A,
stack for the task, etc. All parts of the segment are treated in the same
way
by
the 80286.
Logically separate regions of memory should be in separate segments.
The memory segmentation model (see figure
7-1)
of the 80286
was
designed
to
optimally execute code
for software composed of independent modules. Modular programs are easier
to
construct and maintain.
Compared
to
monolithic software systems, modular software systems have enhanced capabilities, and
are typically easier to develop and test
for
proper operation.
Each segment in the system
is
defined
by
a memory-resident descriptor. The protection hardware
prevents accesses outside the data areas and attempts
to
modify instructions, etc.,
as
defined
by
the
descriptors. Segmentation on the
80286 allows protection hardware
to
be integrated into the CPU for
full data access control without any performance impact.
The segmented memory architecture of the
80286 provides unique capabilities for regulating the trans-
fer of control between programs.
Programs are given direct but controlled access
to
other procedures and modules. This capability
is
the
heart of isolating application and system programs. Since this access
is
provided and controlled directly
by the
80286 hardware, there
is
no
performance penalty. A system designer can take advantage of the
80286 access control to design high-performance modular systems with a high degree of confidence
in
the integrity of the system. .
7-2