Memory protection
|
Memory protection is a system that prevents one process from corrupting the memory of another process running on the same computer at the same time. It usually employs hardware (i.e. a Memory management unit) and system software to allocate distinct memory to different processes and to handle exceptions arising when a process tries to access memory outside its bounds.
There are different ways to achieve memory protection. Segmentation and paging are the most common methods.
- Segmentation means that a part, or parts, of the memory is sealed off from the process currently running by two hardware registers. If the data that is about to be read, or written to, is outside the permitted address space of that process, a general protection fault will fire. This should not be confused with the x86-processors realmode segmentation.
- Paging is the method mostly used for memory protection. Each process is given a page table. Paging makes it possible to create a linear virtual memory space out of a fragmented physical memory space. The page table is often invisible for the process. Paging has a significant advantage over segmentation. In paging, the virtual memory is divided into small pieces, called pages. A page is usually 4 or 8 KB wide. Each page can be made to point into any location in the physical memory, and there can be several different pages that point to the same physical memory block. This also makes it easier to allocate new memory for the process, as the new pages can be mapped in anywhere. Parts of an application's memory can be "swapped out" to other memory storages. This happens to memory that is seldom used, and it makes the application believe that it has a much larger working memory than actually exists. By swapping out memory, the virtual memory layout will not change, but it frees a lot of physical memory (i.e. RAM).
If the process is accessing a virtual memory location that is not mapped by the page table, a page fault will appear. Page faults could mean either that the process has tried to access memory that it should not have access to, or that part of the application's memory has been swapped out. In the last case, the page will be swapped back in and execution will proceed where it stopped.
If both paging and segmentation are used at the same time, as in the IA-32 architecture, paging does not map into physical memory at once, but goes through a linear memory stage first. Linear memory is the memory as seen solely by the processors segmentation circuitry, or as if the pages were turned off but the segmentation was still active.
It is important to note that virtual memory is not the same as RAM, that linear memory is a hardware register-defined part of the RAM and that physical memory more or less is the equivalent of RAM. Physical memory is actually both RAM and memory mapped I/O-ports.
The first widely used operating systems with protected memory were variants of Unix.de:Speicherschutz it:Protezione della memoria