Hardware support for fast capability-based addressing

Traditional methods of providing protection in memory systems do so at the cost of increased context switch time and/or increased storage to record access permissions for processes. With the advent of computers that supported cycle-by-cycle multithreading, protection schemes that increase the time t...

Full description

Bibliographic Details
Published in:ACM SIGPLAN Notices
Main Authors: Carter, Nicholas P., Keckler, Stephen W., Dally, William J.
Format: Article in Journal/Newspaper
Language:English
Published: Association for Computing Machinery (ACM) 1994
Subjects:
Online Access:http://dx.doi.org/10.1145/195470.195579
https://dl.acm.org/doi/pdf/10.1145/195470.195579
Description
Summary:Traditional methods of providing protection in memory systems do so at the cost of increased context switch time and/or increased storage to record access permissions for processes. With the advent of computers that supported cycle-by-cycle multithreading, protection schemes that increase the time to perform a context switch are unacceptable, but protecting unrelated processes from each other is still necessary if such machines are to be used in non-trusting environments. This paper examines guarded pointers , a hardware technique which uses tagged 64-bit pointer objects to implement capability-based addressing. Guarded pointers encode a segment descriptor into the upper bits of every pointer, eliminating the indirection and related performance penalties associated with traditional implementations of capabilities. All processes share a single 54-bit virtual address space, and access is limited to the data that can be referenced through the pointers that a process has been issued. Only one level of address translation is required to perform a memory reference. Sharing data between processes is efficient, and protection states are defined to allow fast protected subsystem calls and create unforgeable data keys.