Capbility Concepts

[Norman Hardy]

At 13:58 -0400 00/07/16, Jonathan S. Shapiro wrote:
>I have just read the notes at
>http://www.mediacity.com/~norm/CapTheory/CapBits.html, and I have a few
>comments on them.
>
>I find the use of the terms "protected" and "unprotected" in the first
>paragraph very confusing. I think that what is probably meant is
>"partitioned" or "unpartitioned". I dislike the term "protected" because it
>already has many other uses in the context of the capability discussion, and
>I believe the that "partition" term captures the distinction that Norm is
>trying to make. If not, I'ld be very interested to be corrected, and perhaps
>the term I suggest below may be useful.
>

I have used "segrated" much as you use "partitioned". I was confused by
"partitioned" in recent mail. I shall try to speak of hiding or protecting
the bits of the capability instead of the capability itself. Yet I need an
adjective to modify "capability" that means its bits are hidden! There is
too much good text devoted to that plan.

There is yet another difference lurking here. IBM's System 38 devoted a
hardware bit in memory for each 16 memory bits to mark a location as
holding part of a capability. Capabilities were 64 bits long and allocated
admidst other user data but "hidden" by the extra bit so as to make the
bits therein unreadable and unmodifiable by "user code". The System 38 was
not the first to protect capabilities admist user data but it may have been
the last. AS/400 is in some sense a descendent of the System 38. The 38
provided a language called "MI" (Machine Interface) that, like Java byte
codes, was translated before execution. The translator was trusted but not
enough to dispense with the hardware to protect the capability bits.

Perhaps the bits of the System 38 capability are protected but neither
segregated nor partitioned.  I agree that the page you cite is confusing. I
have spent the afternoon rewriting the page above. I am not done.
Norman Hardy  <http://www.mediacity.com/~norm>