How do Operating Systems prevent programs from accessing memory?

Question

My understanding currently is,

• I can write an operating system in C

• I can write a program for that operating system in C

• When I write an operating system I can see all of the memory

• When I write a program the operating system hides memory from other programs from me.

• Whenever a program runs inside an OS it appears to the program as if the memory it is allocated is all the memory the computer has

How does the CPU / OS achieve this? Is this something purely implemented on the software level? Or does it require a hardware implementation as well?

Answer 1

It is not purely on software level. For Intel architecture in a few sentences:

Address space for each process is isolated; each process has the same virtual address space (let's simplify: 0x00000000 to 0xffffffff), which maps to different physical locations.

Address space represents collection of memory pages. Pages are physically mapped only when needed. Pages, which were not accessed a long time (there are special algorithms) are removed from physical memory; in case they contain something dynamically modified, they are stored in a 'swap' file on the hard drive.

Each page belongs to specific process (except for some system pages), has assigned virtual address, and access flags: read/write/execute. What appears to be continuous array, could be allocated on several non-contiguous pages, and some of them could be even swapped out to hard drive at the moment.

Program (process) can see only its own address space. There are a few ways to reach other process' spaces, but regular programs rarely do that.

Address space is not completely accessible: if the program will try to access unallocated address, or write to write-protected page, will be triggered memory violation.

Generally, program can allocate, deallocate, or change access flags for pages only in its own address space. There are types of memory (to load executable image, for stack, and for several different flavors of allocatable memory).

Sorry, I do not remember the book title, read it very long ago.

Answer 2

How do Operating Systems prevent programs from accessing memory?

Short answer: On x86 processors they do it by activating Protected Mode(32-bit) or Long Mode(64-bit). ARM or other processors implement similar concepts. The Protected Mode protects the memory space of different Processes from each other - giving each process its own memory space. This concept is called Virtual Memory.

In hardware this is realized by the MMU (for memory) or the IOMMU (for IO memory) that blocks the access to certain regions of the memory space.

How does the CPU / OS achieve this? Is this something purely implemented on the software level? Or does it require a hardware implementation as well?

As mentioned above, this is better be implemented in hardware to be efficient. It cannot be done (efficiently) purely on a software level.

As a thought experiment for the advanced readers:
try to implement process isolation (preventing another process from accessing this process'es memory) in Real Mode.

A (reasonable) answer:
The only way of a software implementation I know of is that of Virtual Machine which checks all of the boundaries (of all instructions) of memory accesses - which is essentially what a MMU does.