Intel 80287, 80286 manual Protection Implementation

PROTECTION

Restricting the addressability of a software module enables an operating system to control system resources and priorities. This is especially important in an environment that supports multiple concur- rent users. Multi-user, multi-tasking, and distributed processing systems require this complete control of system resources for efficient, reliable operation.

The second aspect of protection is isolating users from each other. Without such isolation an error in one user program could affect the operation of another error-free user program. Such subtle interac- tions are difficult to diagnose and repair. The reliability of applications programs is greatly enhanced by such isolation of users.

Within a system or application level program, the 80286 will ensure that all code and data segments are properly used (e.g., data cannot be executed, programs cannot be modified, and offset must be within defined limits, etc.). Such checks are performed on every memory access to provide full run- time error checking.

7_1.2 Protection Implementation

The protection hardware of the 80286 establishes constraints on memory and instruction usage. The number of possible interactions between instructions, memory, and I/O devices is practically unlim- ited. Out of this very large field the protection mechanism limits interactions to a controlled, under- standable subset. Within this subset fall the list of "correct" operations. Any operation that does not fall into this subset is not allowed by the protection mechanism and is signalled as a protection violation.

To understand protection on the 80286, you must begin with its basic parts: segments and tasks. 80286 segments are the smallest region of memory which have unique protection attributes. Modular programming automatically produces separate regions of memory (segments) whose contents are treated as a whole. Segments reflect the natural construction of a program, e.g., code for module A, data for module A, stack for the task, etc. All parts of the segment are treated in the same way by the 80286. Logically separate regions of memory should be in separate segments.

The memory segmentation model (see figure 7-1) of the 80286 was designed to optimally execute code for software composed of independent modules. Modular programs are easier to construct and maintain. Compared to monolithic software systems, modular software systems have enhanced capabilities, and are typically easier to develop and test for proper operation.

Each segment in the system is defined by a memory-resident descriptor. The protection hardware prevents accesses outside the data areas and attempts to modify instructions, etc., as defined by the descriptors. Segmentation on the 80286 allows protection hardware to be integrated into the CPU for full data access control without any performance impact.

The segmented memory architecture of the 80286 provides unique capabilities for regulating the trans- fer of control between programs.

Programs are given direct but controlled access to other procedures and modules. This capability is the heart of isolating application and system programs. Since this access is provided and controlled directly by the 80286 hardware, there is no performance penalty. A system designer can take advantage of the 80286 access control to design high-performance modular systems with a high degree of confidence in

7-2