|Roger, David, and Uwe,|
Thank you! I did look at the instruction set manual, and the description of the protection scheme is very clear (I’m still looking for such good descriptions in the case of the x86 and the ARM). It seems that the so-called “stub” could do the job, but the question of legality would still exist - if one was serious about the protection being maintained. It seems that the “logical” addresses talked about there are the same as “virtual” addresses in x86 etc, or am I assuming too much? Are there page tables?
David, wouldn’t it be true that any channel accessed by occam would be compiler-checkable to be legal? Could C index into a list maintained by the stub? Thanks for bringing this up, because I was focusing on the source and target data arrays. I’m wondering if pages might be swapped out, and/or if the earlier communication might check out OK and then the later process find that its side violates memory protection.
On Dec 23, 2016, at 2:46 AM, David May <dave@xxxxxxxxxxxxxxxxxxxxx> wrote: