THE SYSTEMATIC DESIGN OF A PROTECTION MECHANISM TO SUPPORT A HIGH LEVEL LANGUAGE

The protection structures of most computers in commercial use today are the results of a haphazard design process. This work represents an attempt to correct this state of affairs by integrating a wide variety of previous work in the areas of programming language design, memory protection, and design methodology. The design process is formalized as a structured walk through the multidimensional computer design space towards an optimal machine. The starting point for this walk is the result of a semantic analysis of the problem to be solved, and the walk ends when no changes to the design result in any improvement.;Measures of protection are required in order to identify desirable changes to an architecture or language. A number of existing protection measures are surveyed here, and these are extended to take into account the effects of combining different protection mechanisms, as is commonly done in the process of language implementation. A new overprotection measure is proposed for identifying redundancy in such situations, and this is used as a heuristic to guide the search for an acceptable protection mechanism.;This design approach is used to arrive at a practical general purpose protection architecture from the programming language Ada. This architecture is shown to be comparable in complexity and performance to that of the PDP-11/45. The semantic analysis of Ada required for this effort suggests a number of ways in which Ada or similar languages could be improved, and many of these improvements are anticipated by the proposed protection architecture. In the process of examining problems with Ada, a new protection structure design principle is identified: That the static and dynamic rights transfer mechanisms should parallel each other. Although this principle is violated by Ada and most existing languages, it is obeyed by the proposed architecture.