In most computer systems, individual programs access code and data by addressing memory through a virtual address space. That virtual address space for each program must then be translated into the physical address space in which the code and data is actually stored in memory. Thus, distinct programs may use identical virtual addresses which translate to different locations in physical memory. The physical address space utilized by several programs may be completely distinct or they may overlap. Some level of security must be provided in order to permit common access to certain memory locations while protecting against unauthorized access to other locations.
Memory system designers must provide security without sacrificing efficiency and flexibility. One process' objects must be protected from modification by other, unauthorized processes, and user programs must not be allowed to affect the execution of trusted system programs. It must be possible to share data between processes in a manner that restricts data access to authorized processes; merely providing the ability to have data be private to a process or accessible to all processes is insufficient. An efficient mechanism must also be provided to change protection domains (the set of objects that can be referenced) when entering a subsystem.
The current trend towards the use of multithreading as a method of increasing the utilization of execution units make traditional security schemes undesirable, particularly if context switches may occur on a cycle-by-cycle basis. Traditional security systems have a non-zero context switch time as loading the protection domain for the new context may require installing new address translations or protection table entries.
A number of multithreaded systems such as Alewife (Agarwal, A., et al., "The MIT Alewife machine: A large-scale distributed-memory mutiprocessor," Scalable Shared Memory Multiprocessors, Kluwer Academic Publishers, 1991.), and Tera (Alverson, R., et al., "The tera computer system," Proceedings of the 1990 International Conference on Supercomputing, September, 1990, ACM SIGPLAN Computer Architecture News, pp 1-6) have avoided this problem by requiring that all threads which are simultaneously loaded share the same address space and protection domain. This may be sufficient for execution of threads from a single user program, but disallows interleaving threads from different protection domains, which may restrict the performance of the machine.