In multiprogrammed environments, multiple persons may share a given computer system and even use the system at the same time. For example, such an arrangement is common in large time-sharing systems. Generally speaking, multiprogrammed environments create the impression that the user has sole control over the system.
In order to permit multiple users to access a single computer system, the various users (and their applications) are assigned various separate resources within the system. For instance, various memory addresses are assigned to one user application and various other memory addresses are assigned to another to avoid overlap. This is known in the art as sandboxing. Such separation is used to avoid interference between applications that can cause undesired effects to occur.
Interference can be intentional or unintentional. An example of intentional interference is using a first application on a multiprogrammed system to copy data from another application on the system to access confidential information. An example of unintentional interference is accidental sharing of a virus of one application with another executing on the multiprogrammed system. Clearly, such interference is undesirable whether it is intentional or unintentional.
Substantially all multiprogrammed systems rely upon software and/or hardware solutions that prevent applications from accessing memory addresses that are out of the permissible range. The software solutions typically at least statically review the instructions of a particular application when it is loaded to determine whether any of the instructions contain a direct memory reference to an out-of-range memory address. Although such an examination can be completed with relative ease, it is difficult for software solutions to identify less conspicuous references. For example, the address of an indirect memory reference may not be determinable until the moment immediately prior to execution of a given instruction. Although software solutions can be written to check each instruction just prior to execution to determine whether the memory address is out-of-range, this normally involves a great deal of overhead in that the application typically must be interrupted and a second application may need to be swapped into memory.
Although the overhead associated with checking each instruction prior to execution is not a concern with hardware designed for this purpose, it is very difficult to build a hardware solution that is capable of checking for every potential interference problem that may arise. Moreover, the time and cost associated with developing hardware solutions for each available computer system is prohibitive.
From the foregoing, it can be appreciated that it would be desirable to have a system and method for isolating applications from each other that avoids one or more of the drawbacks identified above.