操作系统如何阻止程序访问内存? [英] How do Operating Systems prevent programs from accessing memory?

问题描述

我目前的理解是

• 我可以用C编写操作系统

• I can write an operating system in C

我可以用C编写该操作系统的程序

I can write a program for that operating system in C

编写操作系统时，我可以看到所有内存

When I write an operating system I can see all of the memory

当我编写程序时，操作系统会向其他程序隐藏内存.

When I write a program the operating system hides memory from other programs from me.

每当程序在操作系统中运行时，该程序就好像该程序所分配的内存是计算机拥有的所有内存一样

Whenever a program runs inside an OS it appears to the program as if the memory it is allocated is all the memory the computer has

CPU/OS如何实现此目的?这纯粹是在软件级别上实现的吗?还是也需要硬件实现?

How does the CPU / OS achieve this? Is this something purely implemented on the software level? Or does it require a hardware implementation as well?

推荐答案

它并不完全在软件级别上.用几句话来介绍英特尔架构:

It is not purely on software level. For Intel architecture in a few sentences:

每个进程的地址空间是隔离的；每个进程都具有相同的虚拟地址空间(简化为:0x00000000到0xffffffff)，它们映射到不同的物理位置.

Address space for each process is isolated; each process has the same virtual address space (let's simplify: 0x00000000 to 0xffffffff), which maps to different physical locations.

地址空间表示内存页面的集合.页面仅在需要时才进行物理映射.长时间未访问的页面(有特殊算法)将从物理内存中删除；如果它们包含动态修改的内容，它们将存储在硬盘驱动器上的交换"文件中.

Address space represents collection of memory pages. Pages are physically mapped only when needed. Pages, which were not accessed a long time (there are special algorithms) are removed from physical memory; in case they contain something dynamically modified, they are stored in a 'swap' file on the hard drive.

每个页面都属于特定进程(某些系统页面除外)，已分配了虚拟地址，并具有访问标志:读/写/执行.似乎是连续数组的东西，可以分配在几个不连续的页面上，并且其中一些甚至可以立即换出到硬盘驱动器上.

Each page belongs to specific process (except for some system pages), has assigned virtual address, and access flags: read/write/execute. What appears to be continuous array, could be allocated on several non-contiguous pages, and some of them could be even swapped out to hard drive at the moment.

程序(进程)只能看到其自己的地址空间.有几种方法可以到达其他进程的空间，但是常规程序很少这样做.

Program (process) can see only its own address space. There are a few ways to reach other process' spaces, but regular programs rarely do that.

地址空间无法完全访问:如果程序尝试访问未分配的地址或写入受写保护的页面，则会触发内存冲突.

Address space is not completely accessible: if the program will try to access unallocated address, or write to write-protected page, will be triggered memory violation.

通常，程序只能在其自己的地址空间中分配，取消分配或更改页面的访问标志.内存有多种类型(用于加载可执行映像，用于堆栈以及几种不同类型的可分配内存).

Generally, program can allocate, deallocate, or change access flags for pages only in its own address space. There are types of memory (to load executable image, for stack, and for several different flavors of allocatable memory).

对不起，我不记得那本书的书名，很早以前就读过.

Sorry, I do not remember the book title, read it very long ago.

这篇关于操作系统如何阻止程序访问内存?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！