First here is a link to the discussion of Storage Protection in SYSTEM GENERATION GUIDE:
HPSPO only protects System storage pools and system storage areas. It does not protect user task storage from other user tasks.
Here is the difference that makes HPSPO high performance:
With the old style Storage Protection, when control is passed to the User program (defined as PROTECT), IDMS would switch the PSW to the alternate key and would also have to run through every storage page for the task and make a system service call to change the key assigned to those storage pages to the alternate key.
So with the User program's PSW key and those storage pages set to the alternate key, the program can update those pages but would be abended (D003) if it tried to update any storage pages set to the primary protect key.
When the user program makes an IDMS call and we switch to System mode, we switch the PSW back to the primary key and again we have to run all of the tasks storage pages to set the key back to the primary while our system programs are processing.
With this old standard Stg Protection the above has to be done every time control switches between User mode and System mode.
This is a Big drain on performance and that is why the old Stg protect is not recommended for production CVs.
With HPSPO, since you segregate stg types, at startup if we see that PROTECT is specified for the System and the alternate STORAGE KEY is 9, we set all storage pages for the "User" storage pools and nonreentrant prog pools to key 9.
The system storage pools and system storage areas are all set to the primary protect key.
So, now when a user program is given control (and is defined PROTECT) all IDMS has to do is switch the PSW key.
Nothing is done to storage pages at all. The program executing with PSW key 9 can update any storage pages that are set to key 9, but it would get a D003 program check if it attempted to update any storage in the primary protect key.
This prevents the user program from corrupting any system storage due to errors in the code.
NOTE: according to the documentation referenced above ( https://docops.ca.com/ca-idms/19/en/using/using-system-generation/dc-ucf-concepts/storage-protection ) HPSPO has Four requirements to protect system storage from being overlaid by a User mode program ( IDMS-DC User application programs executed in CV address space such as Cobol, Assembler or PL1 pgms as well as ADSOMAIN and ADSORUN1) .
1. Storage pools must be properly segregated. See
2. PROTECT must be specified on sysgen SYSTEM statement
3. Alternate Storage key must be 9 (Sysgen SYSTEM statement must have clause 'STORAGE KEY IS 9')
4. ALL user application programs that run in the CV address space must be defined in sysgen with PROGRAM statement that specifies PROTECT. If a User mode program is defined NOPROTECT, then Storage Protection will Not be enforced for that program.
This includes all IDMS-DC programs that run as part of user applications in the CV address space such as Cobol, Assembler or PL1 pgms as well as ADSOMAIN and ADSORUN1..