Digital computer system incorporating object-based addressing and access control and tables defining derivation of addresses of data from operands in instructions
First Claim
1. A digital computer system comprising:
- memory means for storing and providing data items, said data items including instructions,memory organization means operative on said memory means for organizing said memory means into objects which provide for the location of said data items in said memory means, each object being identifiable by an object identifier;
access control means for identifying for each object a set of subjects which are permitted to access the data items in said object and for identifying for each subject a specified set of memory operations which each said subject is permitting to perform;
means responsive to said access control means and to a request from a current subject for access to a current data item in an object and for the performance of a current memory operation for determining whether said current subject is a subject which is permitted to access said current data item and whether said current memory operation is one which said current subject is permitted to perform;
memory oepration means responsive to a memory operation specifier which includesa logical address specifying an object identifier and a location in the object identified by said object identifier, anda memory command specifying a current memory operation,and further responsive to a request from a current subject for performing a current memory operation specified by said memory command when said determining means determines that said current subject is one having permission to access the object specified by said logical address and to perform said current memory operation,and further wherein said instructions includeoperation codes specifying operations, including memory operations, of said digital computer system, certain instructions further includinga name representing a data item to be used in an operation specified by an operation code, andsaid system further includesmeans for storing a plurality of name table entries each name table entry corresponding to a data item and to the name representing said data item and each name table entry including information from which the logical address of the data item represented by the name corresponding to said name table entry can be derived, andprocessor means connected to said memory means and includingmeans for providing instructions from said memory means,instruction decoding means responsive to instructions from said instruction providing means for decoding a current instruction to provide one or more names therein,logical address generation means responsive to the information in a name table entry corresponding to a name for deriving a logical address from said information, said logical address generating means includingname resolution means responsive to a name in said decoded instruction and to the information in the name table entry corresponding to said name for generating the logical address for the data item represented by said name, andnext instruction address generation means further responsive to said decoded instruction for providing a logical address of a next current instruction, andcontrol means responsive to a name from said instruction decoding means and to the logical address from said logical address generation means for providing a representation of a current subject and one or more memory operation specifiers to said memory operation means.
0 Assignments
0 Petitions
Accused Products
Abstract
A digital computer system having a memory system organized into objects for storing data and a processor for processing data in response to instructions. An object identifier and an access control list are associated with each object. The memory system responds to logical addresses for data which specify the object containing the data and the offset of the data in the object and to a current subject for which the processor is referencing the data. The memory system performs a memory operation for the processor only if the access control list for the object specified by the logical address allows the current subject to perform the desired memory operation. The objects include procedure objects and data objects. The procedure objects contain procedures including the instructions and name tables associated with the procedures. The instructions contain operations codes and names representing data. Each name corresponds to a name table entry in the name table associated with the procedure. The name table for a name contains information from which the processor may derive the logical address for the data represented by the name. The processor may then use the logical address to specify a memory operation on the data represented by the name.
-
Citations
16 Claims
-
1. A digital computer system comprising:
-
memory means for storing and providing data items, said data items including instructions, memory organization means operative on said memory means for organizing said memory means into objects which provide for the location of said data items in said memory means, each object being identifiable by an object identifier; access control means for identifying for each object a set of subjects which are permitted to access the data items in said object and for identifying for each subject a specified set of memory operations which each said subject is permitting to perform; means responsive to said access control means and to a request from a current subject for access to a current data item in an object and for the performance of a current memory operation for determining whether said current subject is a subject which is permitted to access said current data item and whether said current memory operation is one which said current subject is permitted to perform; memory oepration means responsive to a memory operation specifier which includes a logical address specifying an object identifier and a location in the object identified by said object identifier, and a memory command specifying a current memory operation, and further responsive to a request from a current subject for performing a current memory operation specified by said memory command when said determining means determines that said current subject is one having permission to access the object specified by said logical address and to perform said current memory operation, and further wherein said instructions include operation codes specifying operations, including memory operations, of said digital computer system, certain instructions further including a name representing a data item to be used in an operation specified by an operation code, and said system further includes means for storing a plurality of name table entries each name table entry corresponding to a data item and to the name representing said data item and each name table entry including information from which the logical address of the data item represented by the name corresponding to said name table entry can be derived, and processor means connected to said memory means and including means for providing instructions from said memory means, instruction decoding means responsive to instructions from said instruction providing means for decoding a current instruction to provide one or more names therein, logical address generation means responsive to the information in a name table entry corresponding to a name for deriving a logical address from said information, said logical address generating means including name resolution means responsive to a name in said decoded instruction and to the information in the name table entry corresponding to said name for generating the logical address for the data item represented by said name, and next instruction address generation means further responsive to said decoded instruction for providing a logical address of a next current instruction, and control means responsive to a name from said instruction decoding means and to the logical address from said logical address generation means for providing a representation of a current subject and one or more memory operation specifiers to said memory operation means. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification