1. Field of the Invention
This invention relates to data processing systems running in a multiprogramming mode in which the system switches from one task to another and in which it is necessary to protect data from one task when a switch is made to a new task.
2. Prior Art
In many data processing systems there are often system facilities which are not used by all tasks and/or applications which are running on the system. Also, there may be data, status and control information which is stored within the facility. Whenever a switch is made from one task to another, as in a multiprogramming data processing system, it is necessary to switch from the active data which is associated with the old task to that data associated with the new task. In conventional systems, this might be accomplished through the Program Status Word (PSW), or as an extension of the PSW. It might be accomplished through hardware by saving the values stored in hardware registers by writing those values into a Program Status Save (PSS) area of memory, then reading the values associated with the new task and transferring those new values into the hardware registers. In other implementations, there may be multiple sets of hardware registers, with the various sets being associated with the various tasks. Under these circumstances, the task switch is made by switching the pointers which determine the active register set from the set associated with the old task to those associated with the new task. In still other implementations, the exchange of the data may be accomplished through a control program.
Generally, the exchange of data would be between the hardware registers and a PSS area of main memory. Whenever a program status save area is used, more advanced systems would use protection keys to prevent errors in the new task from inadvertently altering the data associated with another task.
When a switch is made to a task which does not use the facility, it is not necessary to switch the data which is active within the facility. The new task has no data to store within the facility; it has no operations to initiate; it need not be cognizant that the facility even exists. The old data can remain active within the facility and can await return of control to the old task. However, the data associated with the old task is exposed to programming errors in the new task. The present invention deals with the protection of the data under these circumstances.
Conventional means of protecting the data are as follows:
1. Perform the program status swap even though it is otherwise unnecessary, to allow the protection mechanisms associated with the program status to protect the facility.
2. Provide checks in the compilers and/or assemblers to screen out all instructions which might address the facility whenever nonusing programs are compiled/assembled.
3. Allow the facility to be accessed only through a control program (perhaps by requiring the machine to be in privileged mode), which screens all accesses in real time and produces program checks whenever a nonusing program inadvertently makes reference to the facility through programming error.
Each of the three solutions described above has disadvantages. The first increases the latency time for task switching if a program status save area in main memory is used. It also increases the size of the status save area, which can be a significant problem if the facility is optional, as may be true for a floating point accelerator facility, for example. If the technique of multiple register sets is used, the increase in latency is minimal, but a set of registers would be wasted for the nonusing tasks. The second alternative has the problem of requiring notifying, controlling, and enforcing all the compiler and assembler writers. This is a particular problem for a machine having an open architecture, such as the IBM PC, where third party programming organizations may write compilers and assemblers for their own direct marketing. The third alternative results in performance degradation at run time; for devices in which performance is critical, this latter alternative would be very detrimental.