The concept of an address space plays various roles in the world of capability architectures. It may play different roles in different descriptions of the same capability system! In modern hardware architectures an address is a binary number generated by program logic to refer to some particular part of the program’s memory. The address space is the map from addresses to memory slots. Here is an elementary exposition of the conventional address space.

Some older architectures, such as Multics, have a Segmented Address Space where an address is of the form <SegId, num> where SegId and num are both 18 bit numbers produced by problem mode program logic. An instruction that refers to memory designates one of several segment registers that the program can load; that register provides the SegId. The memory accessible at addresses with the same SegId within an address space was called a segment. Two address spaces (for two processes) would map one segment each with their own distinct SegId whereupon they would share memory. A word of memory whose address in one space is <SegId1, num> might be at <SegId2, num> in another space. See this description. The SegId was thus very much in the style of a c-list index even though Multics was not a capability system. I do not know whether there was a C compiler for Multics but there would have been a dilemma as to whether the SegId was part of a pointer. For modern purposes the pointer would have had to include the SegId.

Some new machine architectures are defined using “address space” to refer to a larger number <sid, num> where sid is a short number controlled by the privileged mode program and num is provided by the problem mode program. This “confusion” is fruitful for the hardware map schemes that it suggests. Unlike previous concepts, this “address space” is an abstraction useful only to the kernel and hardware engineer.

Some modern machines have one large address space which is partitioned for the various problem mode programs. Some sort of separate access control keeps programs from accessing memory in other programs. I do not know how to write a capability kernel for such machines. They seem to assume access control based on permissions.

Most modern machines maintain some of the advantages inherent in the segmented address space by mapping hardware that partitions the address into two fixed portions such that memory and memory maps can be shared between spaces so long as shared hunks are aligned so that the low order portion of the addresses agree in the two spaces. Multics maintained the “advantage” that an indexing error could not refer to the wrong segment. This was occasionally a disadvantage in Multics when assigning adjacent SegIds in a space to hold an array too big for one. Indexing in such large segments was awkward as the carries in address arithmetic were not natural to the instruction set.

A Plessey 250 memory referencing instruction names a capability register that must hold a memory capability. It would be awkward for a C pointer to include that register name for then dereferencing would require modified code and assume that the capability registers were allocated as they were upon creation of the pointer. Capabilities were stored in segregated memory. I think the Plessey 250 literature did not use the term “address space”.

The Address Space of Keykos

Keykos employs the top level mapping structure of the IBM 370 which is called a segment, to provide a Multics like segment. Keykos domain address spaces can share memory and memory maps between spaces exactly as Multics did. Other main line IBM systems do the same. By contrast, Keykos requires a capability to a segment to build the space that included that segment. Keykos can share other sizes of memory as well but that is not of interest here. In contrast to Multics, Keykos can easily and efficiently concatenate segment size slots in an address space to hold outsize segments but lacks some degree of protection against errors in computing segment offsets. In effect the high order bits of an address serve as a c-list index.