On Jun 10, 7:41=A0pm, John Larkin [....]
Code space being in different chips, on a different bus is the ideal. The memory can be logically divided into sections and security can be good, however, it requires that the hardware prevent the application from causing the memory usage to change. If the x86 segmentation didn't have mistakes in how it was done, it could have worked for this. It would still be a pigs breakfast but it would have worked.
Ideally, there should be two stacks, one for the return addresses and a different one for the passed parameters and local variables. The processor could have the parameter stack protected against accesses beyond the limit of what is permitted for the current subroutine. This boundary number would automatically be updated on a return.
The task swapping part of the OS is really the only part that needs access to every bit of memory. This would be only a few hundreds of bytes.
The disk functions can be just an application except that it needs to be able to be able to access the disk. Ideally, the disk that holds the code and the one with the data should be different but with good protection in software, mixing code and data via the disk could be prevented.