The present invention relates to a memory protection system, and more particularly to a memory protection system for use in a data processing system including a main memory having a plurality of memory areas and a program implemented processor for effecting access to the main memory.
Methods for preventing data in a memory from being altered due to erroneous access to the memory are roughly grouped into a key scheme and a segment scheme. The key scheme will first be explained. In the key scheme, at the central processing unit (hereinafter referred to as CPU) of an electronic computer are provided an address register for holding an address of a memory location to be accessed (that is, a memory address to be accessed) and a program key associated with a program making the access. On the other hand, the memory is divided into a plurality of blocks A, B, C and so on, and memory keys KA, KB, KC and so on are associated with the respective memory blocks. When access to the memory is desired, a memory key associated with a block to be accessed is obtained in response to the address indication from the address register and this memory key is then compared with the above-mentioned program key. Access to the memory is allowed or inhibited depending on whether or not the memory key and the program key coincide. Examples of such a key scheme are disclosed in, for example, U.S. Pat. No. 3,377,624 and U.S. Pat. No. 3,576,544.
In the segment scheme, an address register for holding an address of a memory location to be accessed (that is, a memory address to be accessed) and registers for storing respectively a boundary address and the size associated with a program making the access are provided at the CPU. The stored boundary address represents the beginning address of a memory area accessible by the associated program and the stored size indicates the dimension or size of that memory area. When access to the memory is desired, it is tested whether or not the memory address held by the address register exists within the memory area specified by the boundary address and the size. A protective operation is performed on the basis of the results of such test. If the address indicated by the address register exists in the memory area indicated by the boundary address and the size, the access is allowed. On the other hand, when the memory address exists outside the indicated memory area, the access address is inhibited.
Many data processing systems frequently are required to provide various additional and/or new functions after having been placed on the market. When it is desired to expand a memory protection function, a new fundamental structure may be sometimes required depending upon the desired protection function. Thus, there arises a serious problem that the compatibility between originally prepared programs and newly prepared programs cannot be expected. In order to solve this problem, a recent data processing system has an operation mode called the mode of compatibility with the originally intended system. In more detail, an identifier is provided in a program status word (PSW) of the CPU and it is altered by use of an instruction for changing the contents of the PSW (for example, a PSW load instruction) to change over the operation mode of the whole data processing system, thereby effectively keeping a program intended for the original system. In this case, control programs are prepared for the originally intended mode of system operation and newly desired modes, respectively, so that the system can operate in either one of these modes, and a program for changing over these operation modes is also prepared. However, the instruction for changing the contents of the PSW is a special instruction, generally called a privileged instruction, and only a control program can issue such an instruction. Accordingly, when the identifier is altered on the basis of an ordinary processing program, the processing program has to be linked with the control program, which requires a lot of program overhead. In the case where it is desired to expand the memory protection function for providing more dependable memory protection, the problem of program overhead becomes very serious. Further, since a special instruction is required to alter the identifier, it is sometimes necessary to change a part of the originally prepared program. Especially, when the originally prepared program is employed under the expanded memory protection function, the instruction for changing the contents of the PSW or a process for effecting communication between the control program and the processing program must be additionally inserted into the originally prepared program, which is in fact impossible.