For novel ideas about building embedded systems (both hardware and firmware), join the 35,000 engineers who subscribe to The Embedded Muse, a free biweekly newsletter. The Muse has no hype and no vendor PR. Click here to subscribe.
By Jack Ganssle
Protected Memory Spaces
I'll present my Better Firmware Faster seminar in Melbourne, Australia February 20. All are invited. More info here.
Intel's 8088 processor was sort of a hermaphrodite. In to maintain some sort of software compatibility with the 8 bit 8080/85 it had 16 bit address registers. Yet even by 1979 it was clear that 64k of memory was not enough so four "segment" registers provided an awkward way to issue 20 bit addresses. Due perhaps to the entirely rational exuberance of those early PC days developers tolerated the peculiar programming paradigms required to create C programs that managed the segment registers.
With the advent of the 386 everything changed. Most engineers were horrified to discover that, instead of four segment registers, now there were thousands, instantiated as relatively complex data structures in memory. The 386 let developers specify the size and configuration of each segment independently. The industry largely felt that Intel took a bad problem and made it a disaster. The first step in programming that chip was to disable segmentation and set up a single linear, flat 4 GB address space.
History proved all of those naysayers wrong. For the real genius of the 386's segmentation was that developers could create memory spaces with hardware protection. If a task were assigned to its own segment, any attempt by it to access outside of that space generated an exception.
Software is inherently brittle. It's not like any other engineering endeavor. Civil engineers can beef up a truss to add design margin. EEs similarly add margin when they specify a ¬ watt resistor when the expected dissipation won't exceed an 1/8 watt. But in software, a single bit error out of tens of millions can cause the entire system to fail.
Protected memory spaces are fuses that guard against a variety of failure modes. A task might crash, but the exception handler can take appropriate action, maybe safing the system so no one gets injured, or perhaps restarting the task. At the very least it can leave debugging breadcrumbs behind.
Two decades after the introduction of the 386 most embedded processors still don't support any form of protected memory spaces. If transistors are nearly free, why aren't these common? Why not stick a memory management unit even on 8 bitters?
What's your take?