Digital computer system incorporating object-based addressing and access control and tables defining derivation of addresses of data from operands in instructions

US 4,731,734 A
Filed: 02/14/1986
Issued: 03/15/1988
Est. Priority Date: 10/17/1983
Status: Expired due to Term

First Claim

Patent Images

1. A digital computer system comprising:

memory means for storing and providing data items, said data items including instructions,memory organization means operative on said memory means for organizing said memory means into objects which provide for the location of said data items in said memory means, each object being identifiable by an object identifier;

access control means for identifying for each object a set of subjects which are permitted to access the data items in said object and for identifying for each subject a specified set of memory operations which each said subject is permitting to perform;

means responsive to said access control means and to a request from a current subject for access to a current data item in an object and for the performance of a current memory operation for determining whether said current subject is a subject which is permitted to access said current data item and whether said current memory operation is one which said current subject is permitted to perform;

memory oepration means responsive to a memory operation specifier which includesa logical address specifying an object identifier and a location in the object identified by said object identifier, anda memory command specifying a current memory operation,and further responsive to a request from a current subject for performing a current memory operation specified by said memory command when said determining means determines that said current subject is one having permission to access the object specified by said logical address and to perform said current memory operation,and further wherein said instructions includeoperation codes specifying operations, including memory operations, of said digital computer system, certain instructions further includinga name representing a data item to be used in an operation specified by an operation code, andsaid system further includesmeans for storing a plurality of name table entries each name table entry corresponding to a data item and to the name representing said data item and each name table entry including information from which the logical address of the data item represented by the name corresponding to said name table entry can be derived, andprocessor means connected to said memory means and includingmeans for providing instructions from said memory means,instruction decoding means responsive to instructions from said instruction providing means for decoding a current instruction to provide one or more names therein,logical address generation means responsive to the information in a name table entry corresponding to a name for deriving a logical address from said information, said logical address generating means includingname resolution means responsive to a name in said decoded instruction and to the information in the name table entry corresponding to said name for generating the logical address for the data item represented by said name, andnext instruction address generation means further responsive to said decoded instruction for providing a logical address of a next current instruction, andcontrol means responsive to a name from said instruction decoding means and to the logical address from said logical address generation means for providing a representation of a current subject and one or more memory operation specifiers to said memory operation means.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital computer system having a memory system organized into objects for storing data and a processor for processing data in response to instructions. An object identifier and an access control list are associated with each object. The memory system responds to logical addresses for data which specify the object containing the data and the offset of the data in the object and to a current subject for which the processor is referencing the data. The memory system performs a memory operation for the processor only if the access control list for the object specified by the logical address allows the current subject to perform the desired memory operation. The objects include procedure objects and data objects. The procedure objects contain procedures including the instructions and name tables associated with the procedures. The instructions contain operations codes and names representing data. Each name corresponds to a name table entry in the name table associated with the procedure. The name table for a name contains information from which the processor may derive the logical address for the data represented by the name. The processor may then use the logical address to specify a memory operation on the data represented by the name.

Citations

16 Claims

1. A digital computer system comprising:
- memory means for storing and providing data items, said data items including instructions,memory organization means operative on said memory means for organizing said memory means into objects which provide for the location of said data items in said memory means, each object being identifiable by an object identifier;
  
  access control means for identifying for each object a set of subjects which are permitted to access the data items in said object and for identifying for each subject a specified set of memory operations which each said subject is permitting to perform;
  
  means responsive to said access control means and to a request from a current subject for access to a current data item in an object and for the performance of a current memory operation for determining whether said current subject is a subject which is permitted to access said current data item and whether said current memory operation is one which said current subject is permitted to perform;
  
  memory oepration means responsive to a memory operation specifier which includesa logical address specifying an object identifier and a location in the object identified by said object identifier, anda memory command specifying a current memory operation,and further responsive to a request from a current subject for performing a current memory operation specified by said memory command when said determining means determines that said current subject is one having permission to access the object specified by said logical address and to perform said current memory operation,and further wherein said instructions includeoperation codes specifying operations, including memory operations, of said digital computer system, certain instructions further includinga name representing a data item to be used in an operation specified by an operation code, andsaid system further includesmeans for storing a plurality of name table entries each name table entry corresponding to a data item and to the name representing said data item and each name table entry including information from which the logical address of the data item represented by the name corresponding to said name table entry can be derived, andprocessor means connected to said memory means and includingmeans for providing instructions from said memory means,instruction decoding means responsive to instructions from said instruction providing means for decoding a current instruction to provide one or more names therein,logical address generation means responsive to the information in a name table entry corresponding to a name for deriving a logical address from said information, said logical address generating means includingname resolution means responsive to a name in said decoded instruction and to the information in the name table entry corresponding to said name for generating the logical address for the data item represented by said name, andnext instruction address generation means further responsive to said decoded instruction for providing a logical address of a next current instruction, andcontrol means responsive to a name from said instruction decoding means and to the logical address from said logical address generation means for providing a representation of a current subject and one or more memory operation specifiers to said memory operation means.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. In the digital computer system of claim 1 wherein said memory means is a local memory means and said system further includes global memory means for storing data items belonging to said objects, said local memory means being connected between said processor means and said global memory means and includingmeans for obtaining copies of data items from said global memory means;
    - said memory operation means being responsive to memory operation specifiers and to current subjects and to copies of data items from said global memory means for providing modified copies of said data items to said global memory means; and
      
      said memory operation means being further responsive to a memory operation specifier and to a current subject for performing the memory operation specified in the memory operation specifier for the modified copy of the data item specified by said logical address generating means when the current subject is a specified subject and the memory operation is a specified memory operation;
      
      said memory organization means further includes a logical allocation unit directory for said global memory means, said directory including a plurality of logical allocation unit directory entry items for defining objects, each said logical allocation unit directory entry item includingan object identifier item having a value which specifies the object defined by said logical allocation unit directory entry item,an access control list item specifying a set of subjects which are permitted access to said defined object and the set of memory operations for each said subject, anda data location item specifying the location of data items belonging to said defined object in said global memory;
      
      and further wherein said objects includeprocedure objects containing procedure data items and each said procedure object includinga procedure including instructions, anda name table which is a part of said name table entires storing means and is associated with said procedure, said name table containing name table entires corresponding to the names in certain instructions of said procedure, anddata objects containing data items other than those contained in said procedure objects; and
      
      said local memory means includesan access control table accessible by means of object identifiers, containing copies of the access control list items for all the objects from which data items have been copied into said local memory means,a local memory control table accessible by means of logical addresses for indicating whether a copy of a data item specified by a logical address is present in said local memory and the location of said data item copy in said local memory,virtual memory management means responsive to logical addresses and to said local memory control table for translating a global logical address specifying the location of a data item in said global memory means into a local logical address specifying the location of a copy of said data item in said local memory means when said local memory control table indicates that said copy is present in said local memory means and otherwise determining the location of said data item in said global memory means by means of a said global logical address and said logical allocation unit directory and fetching a copy of said data item from said global memory means when said local memory control table indicates that said copy is not present in said local memory means, andaccess checking means responsive to a memory operation specifier and to the access control table of said local memory means for providing copies of access control list items therein and further responsive to a representation of the current subject received from said processor means and to a representation of the object identifier and the memory command specified in said memory operation specifier for inhibiting said local memory means from performing the memory operation specified by said memory operation specifier unless the copy of said access control list item for the object specified by the representation of said object identifier indicates that the current subject is a specified subject and that the memory operation specified by said memory command is a specified memory operation; and
      
      said processor means includes private memory means accessible only to said processor means and under control of said control means, said private memory means containing the representation of said current subject.
  - 3. In the digital computer system of claim 2 wherein each object identifier is different from each other object identifier and each object is uniquely identified by the object identifier associated with said object.
  - 4. In the digital computer system of claim 2 wherein said processor means includes a first plurality of processor means, andsaid local memory means includes a plurality of local memory means connected between said global memory means and said first plurality of processor means.
  - 5. In the digital computer system of claim 2 wherein each operation code in said instructions belongs to a set of operation codes of a plurality of sets thereof;
    - andall operation codes in a single procedure belong to the same operation code set and said procedure has associated with it an operation code set identifier specifying said operation code set; and
      
      said private memory means contains a dialect value representing the operation code set identifier for the procedure currently being executed; and
      
      said instruction decoding means and said control means are responsive to all of said operation code sets and respond to the instruction currently being executed as determined by the operation code in said instruction and the value representing said operation code set identifier.
  - 6. In the digital computer system of claim 2, and wherein:
    - each said instruction code in said instructions belongs to one set of instruction codes of a plurality of sets of said instruction codes;
      
      all said instruction codes in a single said procedure item belong to the same instruction code set and said procedure item has associated with it an instruction code set identifier specifying said instruction code set;
      
      said private memory contains a dialect value representing said instruction code set identifier for said procedure currently being executed; and
      
      said instruction decoding means and said control means are responsive to all of said operation code sets and respond to said instruction currently being executed as determined by said operation code in said instruction and said value representing said instruction code set identifier.
  - 7. In the digital computer system of claim 6 whereineach operation code set includes a call operation code specifying a call operation for suspending execution of the procedure currently being executed by said processor means, for locating another procedure, for setting a dialect value to specify an operation code set for said another procedure, and for beginning the execution of said suspended another procedure;
    - each operation code set further includes a return operation code specifying a return operation for terminating the execution of the procedure currently being executed, for locating the procedure whose execution was suspended, for setting a dialect value to specify the operation code set for the suspended procedure whose execution is being resumed, and for resuming said suspended execution; and
      
      said processor means sets said dialect value only in response to said call operation code and said return operation code.
  - 8. In the digital computer system of claim 6, wherein all operation codes have the same size and all names in a procedure have the same size.
  - 9. In the digital computer system of claim 2, wherein each logical allocation unit directory entry item contains a size attribute specifying the current size of said defined object;
    - said access control table further contains a copy of said size attribute for each object having copies of data items in said local memory means;
      
      said logical address generation means provides a logical descriptor containing a logical address and a length specifier to said local memory means;
      
      said name table entry item corresponding to a name further specifies how the length of a data item represented by said name is to be derived;
      
      said name resolution means further derives the length specifier specified by the name table entry corresponding to said name;
      
      said memory operation specifier further includes a logical descriptor and said local memory means responds to said logical descriptor by providing the data item at the location specified by the representation of said object identifier and said offset and having the length specified by said length specifier; and
      
      said access checking means further provides a copy of the size attribute in said access control table and inhibits said local memory means from performing the memory operation specified by said memory operation specifier when the data item specified by said logical address and said length specifier extends beyond the end of the object as specified by said size attribute.
  - 10. In the digital computer system of claim 9wherein said size attribute specifies a size which may be any number of bits up to the maximum size of said object;
    - andsaid length specifier specifies any number of bits.
  - 11. In the digital computer system of claim 2 wherein each execution of a procedure by said processor means has associated with it a set of data objects accessible by the subject executing said procedure;
    - said private memory means includes a set of architectural base addresses specifying the logical addresses of locations in the set of data objects associated with the procedure currently being executed by said processor means;
      
      said name table entry item specifies the manner in which said processor means is to derive the logical address of a data item represented by the name corresponding to said name table entry item by specifying an architectural base address and a displacement from the location specified by said architectural base address; and
      
      said name resolution means uses said specified architectural base address and said specified displacement to derive the logical address for the data item represented by said name.
  - 12. In the digital computer system of claim 2 wherein data items include pointer items whose value includesan object identifier and an offset;
    - and said logical address generation means further includespointer to logical address conversion means for converting the pointer item received from said local memory means to the logical address containing the representation of the object identifier contained in said pointer item and the offset contained in said pointer item, andlogical address to pointer conversion means for converting said logical address to the pointer item containing the object identifier corresponding to the representation in said logical address and the offset in said logical address and for providing said pointer item to said local memory means, whereby said processor means may obtain the logical addresses of said data items from said pointer items and may form said pointer items from the logical addresses of said data items.
  - 13. In the digital computer system of claim 12 wherein the offset in said logical address may specify any bit in the object specified by the representation of said object identifier, andthe offset in said pointer item may specify any bit in the object specified by the object identifier in said pointer item.
  - 14. In the digital computer system of claim 2 wherein the logical allocation unit director entry for said procedure object includes a domain of execution attribute;
    - the current subject includes the domain of execution attribute for the procedure object containing the procedure currently being executed by said processor means; and
      
      said instructions includea call instruction specifying a call operation for suspending the execution of a procedure currently being executed by said processor means, for locating another procedure, if said another procedure is in another procedure object, for setting the representation of said current subject to represent the subject containing the domain of execution attribute for said another procedure object, and for beginning the execution of said another procedure, anda return instruction specifying a return operation for terminating the execution of the procedure currently being executed, for locating the procedure whose execution was suspended, if said suspended procedure is in a different procedure object, for setting the representation of the current subject to represent the subject containing the domain of execution attribute for said different procedure object, and for resuming said suspended execution; and
      
      said processor means sets the representation of said current subject only in response to a call instruction and a return instruction.
  - 15. In the digital computer system of claim 14 wherein objects include stack objects containing frame items of data, each frame item being associated with the execution of a procedure item which has not yet terminated;
    - said processor means response to a call instruction by providing the frame item for the procedure whose execution is being commenced in the stack object having the access control list entry item allowing the subject resulting from said call operation to access said frame item; and
      
      said processor means response to a return instruction by locating the frame associated with the suspended execution being resumed by said return instruction.
  - 16. In the digital computer system of claim 2 wherein said private memory means further includes a name table logical address specifying the name table associated with the procedure currently being executed;
    - said instructions includea call instruction specifying a call operation for suspending the execution of the procedure currently being executed by said processor means, for locating another procedure, if said another procedure is associated with a different name table from that associated with the procedure currently being executed, for changing the name table logical address to specify the name table associated with said another procedure, and for beginning the execution of said another procedure, anda return instruction specifying a return operation for terminating the execution of the procedure currently being executed, for locating the procedure whose execution was suspended. If said suspended procedure is associated with a name table different from the name table associated with the procedure whose execution is being terminated, for changing the name table logical address to specify the name table associated with said suspended procedure, and for resuming said suspended execution; and
      
      said processor means sets the name table logical address only in response to a call instruction and a return instruction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Data General Corp. (Dell Technologies Inc.)
Original Assignee
Data General Corp. (Dell Technologies Inc.)
Inventors
Bernstein, David H., Richmond, Michael S., Ahlstrom, John K., Gavrin, Edward S., Wallach, Walter A. Jr., Gruner, Ronald H., Mundie, Craig J., Wallach, Steven J., Schleimer, Stephen I., Bratt, Richard G., Clancy, Gerald F.
Primary Examiner(s)
Chan, Eddie P.

Application Number

US06/830,480
Time in Patent Office

760 Days
Field of Search

364/200 MS File, 364/900 MS File
US Class Current

711/202
CPC Class Codes

G06F 9/35 Indirect addressing

G06F 9/4488 Object-oriented

Digital computer system incorporating object-based addressing and access control and tables defining derivation of addresses of data from operands in instructions

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Digital computer system incorporating object-based addressing and access control and tables defining derivation of addresses of data from operands in instructions

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links