Overview Features Coding ApolloOS Performance Forum Downloads Products Order Contact

Welcome to the Apollo Forum

This forum is for people interested in the APOLLO CPU.
Please read the forum usage manual.
Please visit our Apollo-Discord Server for support.



All TopicsNewsPerformanceGamesDemosApolloVampireAROSWorkbenchATARIReleases
Information about the Apollo CPU and FPU.

Memory Protectionpage  1 2 

Robert Downs

Posts 31
11 Nov 2019 18:39


AROS 68k seems to be picking up steam with the release of the Vamp V4.  Looks like Final Writer is coming to AROS which had me thinking about memory protection. (That, and my experience with NetSurf)  I wanted to ask the experts in this area.  Virtual Memory and memory protection came about in an era of limited RAM and slow storage and works perfectly well.  Over the years proprietary tweaks have been made to this fundamental underlying technology to maintain compatibility for a given platform as computing marches forward (personal opinion:memory management in Windows is amazing) but overall the science behind the technique to address more RAM than physically present and provide memory protection has not changed fundamentally, at least from what I know which admittedly is something I only have a superficial level of comprehension.  With what we know about the architecture of the Amiga, the 68080, and the AROS ROM, what would be necessary to do, or rather does anyone think it is possible to add the ONE feature I think needs to be implemented to move the 68k platform forward into a more stable and safe future.  A true memory protection scheme.  We have gobs of cheap and plentiful RAM which makes virtual memory less of a requirement under most circumstances, but memory protection is in my opinion critical.

Looks like maybe there is an opportunity here to think outside-the-box in true Amigan form and maybe implement something novel without breaking the beautiful back catalog of Amiga software and heritage.

EXTERNAL LINK


Tim Trepanier

Posts 132
11 Nov 2019 20:22


Robert Downs wrote:

Looks like maybe there is an opportunity here to think outside-the-box in true Amiga form and maybe implement something novel without breaking the beautiful back catalog of Amiga software and heritage.

Adding memory protection has been debated many times on this forum and others. To over simplify the situation implementing full memory protection would break existing software and the features that make the Amiga an Amiga.

One of many such debates: EXTERNAL LINK


Gunnar von Boehn
(Apollo Team Member)
Posts 6197
12 Nov 2019 08:41


Tim Trepanier wrote:

To over simplify the situation implementing full memory protection would break existing software and the features that make the Amiga an Amiga.

Tim is fully correct here.

Amiga OS is internally constructed like a humming bird.
Its not fragile - its light constructed - without heavy bones.
Changing this to a big turtle OS - will kill the whole AMIGA concept. Nothing will work anymore.

Best advice to give:
Either be happy with what you have or more on to another OS.


Nicolas Sipieter
(Needs Verification)
Posts 115/ 1
12 Nov 2019 09:47


window broke the compatibility, yet managed to stay 'windows like' and also allow backward compatibility.
 
  macos broke compatibility, yet managed to stay 'mac like'
  and also allow backward compatibility.
 
  atari did too.
  this whole argument that correcting amiga-like-OSes memory handling will turn them into a heavy weight that will crawl like a fat snail is simply not correct.
 
  adding mp would mean break api, yes,
  a localized radical change as far as memory handling is concerned, yes.
  it would be amiga-ish, and yet something a bit different, yes.
 
  but the added overhead wouldn't make the whole OS slow down to a crawl. that no.
 
  beside, _all_ the other OSes evolved their memory handling to support mp. why on amigaos it would be impossible ? amigaos structure is even simplier than other OSes.
  so the problem amiga have is most probably even easier to solve than what competitors had to do to manage the jump to smp, mp enabled systems.
 
  break the damn compatibility already.


Gunnar von Boehn
(Apollo Team Member)
Posts 6197
12 Nov 2019 10:00


One important aspect of AMIGA is that it is not just CPU but also DMA.

So without an IOMMU which translates all DMA accesses -
any form of real protection will technically never be possible.

By coincident APOLLO is designed with an IOMMU.
This means APOLLO/SAGA can do MMU protection/monitoring on DMA.




Nicolas Sipieter
(Needs Verification)
Posts 115/ 1
12 Nov 2019 10:15


that's good news,
all glory to apollo/saga if it can find a way to make using amiga-like-OSes a crash free experience.

much needed.


Nixus Minimax

Posts 416
12 Nov 2019 11:12


In an ideal world we would have AROS with memory protection running old code inside a common sandboxed context and new code memory-protected from other processes and the sandbox. This would definitely be feasible from a theoretical point of view. It won't happen, though.

One obvious reason is the lack of developers. It already takes some effort to make AROS not crawl on the 080 and it is happening only very slowly. A clean new architecture that maintains compatibility like MacOS and Windows but adds new features for new code would require magnitudes more developer resources than what is available. Let alone a faster 68k processor than what we have. Remember that the WinNT line of Windows only became a good alternative to Windows 95/98/ME when the x86 processors were quite far in the hundreds of MHz. The 080, as powerful as it may be per clock, now is at 84 MHz.



Gunnar von Boehn
(Apollo Team Member)
Posts 6197
13 Nov 2019 16:58


I fear, this topic will lead nowhere.

Therefore I kindly ask you to stop this now.

My proposal lets focus on something positive and reachable.


Nicolas Sipieter
(Needs Verification)
Posts 115/ 1
14 Nov 2019 09:38


Gunnar von Boehn wrote:

One important aspect of AMIGA is that it is not just CPU but also DMA.
 
  So without an IOMMU which translates all DMA accesses -
  any form of real protection will technically never be possible.
 
  By coincident APOLLO is designed with an IOMMU.
  This means APOLLO/SAGA can do MMU protection/monitoring on DMA.
 

i'd like to ask about the status of all this.
- is this already there and enabled by default on vampire ?
- or rather is this some hardware features that are there, done and all, but left currently disabled ?
- maybe it is disabled because it's not completely ready just now ?

also, could you give more details of the kind of good this will bring in general ?


Kyle Blake
(Needs Verification)
Posts 108/ 1
14 Nov 2019 10:13


A large chunk of your first thread was just nuked. But I think there was something useful in what I said as the bomb went off. I'll reproduce it below. If Gunnar wipes it again then I respect that.

nicolas sipieter wrote:

  here's what should happen to amigans:
 
  - first their mind should face the truth, and logically accept it (that memory problem had been acknowledged by commodore and was being worked on, updates were about to get out, this is documented history.)
 
  - then once this is done, this quest, on making amigaos memory management better, should become the next chapter of the amiga fable.
  amigans all over the world should know about this, and call this change from their wishes, all wondering: "something need to be done about memory management yes, but who, who will have the real "boing balls" to do it ?"
 
  this doesn't mean someone will step up immediately, but at least people know what they need and they desire it, eventually some attempts will be made and one of them will do.
 
  in a few years.
 

 
  Memory protection was considered a problem by commodore engineers in 1994 in this context: Selling a new generation of a mass market computer platform.

You have to understand that the plans commodore had, the plans that any business that makes a product have, are a response to real world conditions. They are like battle plans in a war, you observe the situation and then work out a way you think you can win the fight.

So in 1994, Commodore are selling about a million computers a year. They're a small player but are mainstream in a couple of countries, but are losing in Office PC and workstation market. They see their Windows NT and OS/2 as their competition in the immediate future, and they think RISC CPUs will take over the industry. They also see on the home market they have to compete with Sony Playstation.

So they formulated plans to move into RISC, to compete with Windows NT PCs and the Playstation, so they could continue being an important modern technology company. That was 1994.

None of it happened, they vanished, we're here in 2019.

Why should we follow a plan that was made for 1994 when we live in 2019? Everything the plan was a response to is different now. Amigas are not a million units a year mainstream computer platform. We don't fight the Playstation 5!

You must assess the current position in 2019 and then make a plan for it.

Vampire project did this nicely. Look at standalone. If it was designed for the world of 1994, it would be AT Motherboard formfactor, have PS/2 Keyboard port, special COM port for mouse, Zorro and ISA slots. It would be advertised in Amiga Format as your new computer!

But the plan to make it responds to the world of 2019, 2020. It is understood in the present year that Amiga is a hobby, a secondary or third computer. It's role is different, and it interacts with different things. So now it's small formfactor product, USB ports, DIGITAL-VIDEO video.

Vampire team made a plan for the world that exists, not the world that used to exist, and are successful.

Now if you want a plan for AmigaOS future, you can't come demanding we use the 25 year old outdated one as if you are Moses coming down from the mountain and everyone must obey.

Before you can have a relevant plan for Amiga development, you must accept Amiga's relation to the world in the present day. Not how it was in the past, not how there was a chance to be a long time ago.

If you can learn this lesson, you can apply it to all things in life. History is a dialectical process and nothing is exempt.


Gunnar von Boehn
(Apollo Team Member)
Posts 6197
14 Nov 2019 11:05


nicolas sipieter wrote:

so, could you give more details of the kind of good this will bring in general ?

Maybe it makes sense to explain what AMIGA OS is.
AMIGA OS is a very light weight preemptive Multitasking OS.

Noticeable features of AMIGA OS are:
- very low requirement. (512 KB is enough)
- very swift
- very fast context switching
- very fast IRQ  (real time OS!)
- all programs share one memory (No Virtual memory)
- programs can share message buffers.
  Messages or data between tasks is exchanged
  by passing pointers not via copies! (this makes AMIGA OS so fast)
- OS can be called directly out of the Program context  (this makes AMIGA OS so fast)
- Programs can directly access HW.
- HW can directly DMA to Program memory. (makes it fast!)

 

For all that not fully understand this technical details.

In plain "english" this means that AMIGA OS is designed 100% differently than e.g. UNIX.
It designed for SPEED and for LIGHTWEIGHT - and this design decisions fully contradict the UNIX Memory-Protection approach.




Gunnar von Boehn
(Apollo Team Member)
Posts 6197
14 Nov 2019 11:21


For those which not understand anything about OS.
 
AMIGA OS is designed like a skinny 50 KG marathon runner.
UNIX Memory Protected is designed like a 200 KG huge Sumo wrestler.
 
 
If you add 150 KG more weight to the marathon guy - he will not be the same person and never run a marathon as before.
 
You would NOT have AMIGA OS anymore after you added 150KG/300 pounds of memory protection to it.

You can decide what you like:
Do you like the skinny AMIGA OS guy,
or do you love the fat Unix guy.

Pick one of those.

But asking for a 200 KG, marathon guy - is just ridiculous.
Please stop this.


Kyle Blake
(Needs Verification)
Posts 108/ 1
14 Nov 2019 11:38


more is not always better. Some people want to crack a walnut with a hydraulic press

Nicolas we try over and over with you, but your argument is deeply flawed. It's flawed because you don't try to understand what we're saying to you.

You just make a superficial reading of our responses and then repeat yourself without any understanding of what people are trying to tell you.


Geoff Wells

Posts 43
14 Nov 2019 13:34


Gunnar von Boehn wrote:

For those which not understand anything about OS.
 
  AMIGA OS is designed like a skinny 50 KG marathon runner.
  UNIX Memory Protected is designed like a 200 KG huge Sumo wrestler.
 
 
  If you add 150 KG more weight to the marathon guy - he will not be the same person and never run a marathon as before.
 
  You would NOT have AMIGA OS anymore after you added 150KG/300 pounds of memory protection to it.
 
 
  You can decide what you like:
  Do you like the skinny AMIGA OS guy,
  or do you love the fat Unix guy.
 
  Pick one of those.
 
  But asking for a 200 KG, marathon guy - is just ridiculous.
  Please stop this.

I feel like I'm going to regret jumping in but is there no 75 - 100 KG person who still runs pretty well and perhaps gives us a little better protection like code block protection while enabling data access.  Perhaps the benefit is not worth the trouble but it feels like there could be something of interest so some people.

Framing things in very black and white terms always makes me suspect.


Gunnar von Boehn
(Apollo Team Member)
Posts 6197
14 Nov 2019 13:39


Geoff Wells wrote:

I feel like I'm going to regret ....

   
You can either pass data via giving pointer or via data/memcopy.
This is nothing in between.
Passing pointer is very fast, memcopy is very slow but "protected"
 
 
 
If you compare the Operating system with society:
- Then AMIGA OS has no police.
  This works wonderful if you have only "good citizens" in your village.
- UNIX has 1 Police man per citizen following him night and day.
 
 
This idea of AMIGA OS requires that you "sort out" all criminals from your society.
On AMIGA OS you can use tools to find "suspects".
Delete these "malicous" suspects ... if you have only good programs on your HD then AMIGA OS is both - ultra fast and ultra stable.

On AMIGA OS you can never "prevent" a murder to happen.
What you can do is install cameras to spot murderers and then to "remove them" from society.




Gerardo G.

Posts 54
14 Nov 2019 17:01


The problem with those whose are proposing the implementation of unnecessary features or want to run the last generation Linux kernel on all their devices is that all their arguments are full of cognitive biases.
 
  Sometimes we only need smart solutions, easy (and funny) to use and program.
 
  Trying to explain this to people who buy flight tickets on Ghz multicore phones and then fly on last generation airplanes that are still using Intel 286 or Motorola 68000 CPUs with real time operating systems, is not an easy task... :)


Lord Aga
(Apollo Team Member)
Posts 119
14 Nov 2019 17:09


Wow, a second memory protection thread.

Maybe Nikolla Sipieter should open a third one, just for good measure?


Geoff Wells

Posts 43
14 Nov 2019 19:47


Gunnar von Boehn wrote:

 
Geoff Wells wrote:

    I feel like I'm going to regret ....
   

     
    You can either pass data via giving pointer or via data/memcopy.
    This is nothing in between.
    Passing pointer is very fast, memcopy is very slow but "protected"
     
     
     
    If you compare the Operating system with society:
    - Then AMIGA OS has no police.
      This works wonderful if you have only "good citizens" in your village.
    - UNIX has 1 Police man per citizen following him night and day.
   
   
    This idea of AMIGA OS requires that you "sort out" all criminals from your society.
    On AMIGA OS you can use tools to find "suspects".
    Delete these "malicous" suspects ... if you have only good programs on your HD then AMIGA OS is both - ultra fast and ultra stable.
   
    On AMIGA OS you can never "prevent" a murder to happen.
    What you can do is install cameras to spot murderers and then to "remove them" from society.
   
   
 

 
  I understand and respect the opinion of the people who are on the side of not adding memory protection.  I agree that you are either passing pointers to memory or not and that's why Amiga OS is fast.  I also agree with a point you made earlier, if it was ever to happen it needs hardware support and it's not a team priority so I do appreciate the time for the response.
 
  As an example of a middle ground (75 KG runner), you could prevent access to memory the OS loaded as executable versus all other allocations (which would be open to all processes).  I believe after reading about the Amiga executable file formats it should be possible to understand the difference between code and data.  Of course, this would block self-modifying code but that might be acceptable to some.
 
  Doing this would prevent overwriting of executable code in memory (including the kernel).  Would it help?  I don't know since I don't know the percentage of issues come from overwriting code from a bad pointer.
 
  You are absolutely correct that writing good code as a good citizen of the OS is the best but it's not always achievable.  I'm also a big supporter of the earlier comments about investing the time if you want to make change.  I don't have the time right now but do look forward to it in the future.
 
  I guess the starting point for anyone (including me) would be some tests to determine what actually causes instability.  I wouldn't want to invest time in anything that runs the risk of adding overhead with minimal return.  Of course, what's minimal is in the eyes of the beholder.
 
  Thanks again for all the hard work.  Vampire and Apollo is a dream come true.  Regards and respect.
 
  P.S.  While one police per person is not desirable, I wouldn't mind if there were a couple of police hanging around, looking at some suspects now and again to keep them behaving.  :)

Lord Aga wrote:

Wow, a second memory protection thread.

Apologies.  I know this topic has had lots of play.


Martin Randall

Posts 22
14 Nov 2019 20:18


This is all very interesting...but as others have pointed out, this is an OS decision, and the vampire isn't an OS so you are posting in the wrong place.

Perhaps the AROS forum or some other OS forum/sub forum.

Gunnar and his team don't do the Amiga OS or any of it's possible replacements.


Gunnar von Boehn
(Apollo Team Member)
Posts 6197
14 Nov 2019 22:02


Geoff Wells wrote:

I guess the starting point for anyone (including me) would be some tests to determine what actually causes instability. 

Yes, this is exactly the AMIGA OS concept.
You can on AMIGA OS "detect" bad program.


posts 22page  1 2