1. Field of the Invention
The present invention relates to a system for managing the execution of program executing threads as well as operation rights for the memory regions and/or threads in a computer. It is to be noted here that, in the following description, the thread or memory region operation refers to a manipulation of a thread or a memory region, and the operation right for a thread or a memory region refers to a right for manipulating the thread or the memory region.
2. Description of the Background Art
In recent years, due to the improvement of the microprocessor performance, it has become commonplace to use a plurality of small size computers connected by a network. As a result, the cooperative work among the computers connected by the network or their users become possible, and there arose a need for managing the operation rights strictly.
In addition, due to the advance of the object oriented techniques and the appearance of the new paradigm such as a server client model, it is becoming increasingly difficult to achieve sufficient performance by the conventional operation right management in units of memory devices or files.
In order to resolve these problems, there has been an attempt to design an operating system in which the memory devices such as memory elements, CD-ROMs, and hard-disk drives as well as all the other computer resources such as the display and the keyboard can be managed under the identical concept, using the technique such as that of the single virtual memory. In particular, the technique of the single virtual memory for arranging various resources on the identical virtual space is noteworthy. There is also a proposition for managing the operation rights in units of blocks by dividing this single virtual memory into a number of blocks. This unit of management is called a memory region, and it is used as a unit for managing operation rights for all kinds of memory devices.
On the other hand, due to the enhanced utilization range of the microprocessor, it is becoming necessary for the operating system (OS) to be capable of dealing with various application fields, so that the OS is required to take a flexible structure. In this regard, there has been a conventional scheme to use a plurality of OSs interchangeably according to the utilization purposes or the hardware types. There has also been a technique of the micro-kernelized OS in which the minimum indispensable functions alone are given to the micro-kernel while all the other functions are provided as the user programs external to the micro-kernel, so as to be able to cover the wide range of utilization purposes by a single OS. In this technique, it becomes possible to provide the OS functions of a plurality of conventional OSs on a single micro-kernel in forms of the user programs, so that it is possible to realize the OS in the flexible structure.
In such a micro-kernelized OS, a control unit called process or thread is usually employed as the control as the unit of program execution management. Each thread has processor register values and stacks independently, and executes the program when the OS allocates the processor to this thread. The OS releases the allocation of the processor to one thread and allocates the processor to another thread after a certain period or time, or when a hardware interruption occurs. Since each thread has independent register states, it can be virtually regarded as a parallel processing processor.
In this type of the OS, the computer resources are constituted in units of two concepts called memory regions and threads, and the management of the operation rights to these memory regions and threads is made according to the data in the form of ACL (Access Control List) which is attached to each of the memory regions and threads.
For example, for a case of manipulating the thread itself on such an OS, i.e., when the execution of the thread is to be stopped or re-started, or when the thread is to be extinguished forcefully, or else when the internal states of the thread such as its register values or the stacks are to be examined, the OS provides a group of thread operation instructions such that it is possible to operate on one thread from the other thread. Such a thread operation instruction is provided to the user programs as a means of system call.
When such thread operation instructions are provided, if every thread is allowed to issue any of these thread operation instructions freely, it is going to allow even an illegal operation as well, so that there is a need to provide some protection mechanism. For instance, it is necessary to provide a protection mechanism such that the forceful extinguishing of a thread is allowed only to such a thread which has a particular right.
In addition, in the case of a system such as the Mach operating system disclosed by R. Rashid, et al. in "Machine-Independent Virtual Memory Management for Paged Uniprocessor and Multiprocessor Architectures", CMU-CS-87140, Carnegie Mellon University, July 1987, in which a plurality of virtual spaces are provided and one program or data is arranged in each of these virtual spaces, the thread can move only within each virtual space, the identical protection is provided for all the threads present in the same virtual space, and the protection of the threads relies on the protection of the memory spaces. In this case, however, it has been impossible to protect each thread separately. Also, in a case of a system such as the single virtual space in which all the programs are arranged within one and the same address space while a plurality of threads are provided, the protection of the threads cannot simply rely on the protection of the memory spaces and there is a need to set up a special right from the OS.
One way to resolve this problem is to specify an owner of each resource such as a thread and the operation of the resource is allowed only to the resources owned by the same owner. This scheme is realized by "signal" in the UNIX operating system as a means of process manipulation for instance. However, in this scheme, the protection among the resources of the same owner lacks flexibility, and it is impossible to give the operation right to the resource of the different owner, or it is impossible to enable the resource operation from the resources of a plurality of different owners, so that the resource protection function for enabling the sufficiently flexible resource operation has been unavailable.
On the other hand, there has been an attempt to increase the flexibility such as the DCE in which the ACL for the file or the directory is attached with various data concerning the data addition or deletion right, the ACL changing right, etc., so as to enable the multifarious settings of operation rights for the data files. However, such an attempt still lacks the flexibility for enabling a plurality of owners to manage the ACL of the memory region for example.
In addition, as for the right to change the operation rights themselves with respect to the thread, it has only been possible to make a rather simple management in which it is permitted only to the owner of the thread, or to a special user called root. Similarly, as for the right to change the operation rights themselves with respect to the memory region, it has only been possible to make a rather simple management in which it is permitted only to the owner of the memory region, or to a special user called root.
Moreover, even if it becomes possible to describe the operation rights with respect to the threads or the memory regions as well as the rights to change these operation rights in a very flexible manner, there arises a problem that the management can be quite complicated in such a case as it is expected that the amount of data required for the protection of the threads or the memory regions increases considerably.
Thus, in the conventional resource management mechanism, the setting of the operation rights has been not sufficiently flexible, or the protection among the threads sharing the identical virtual address space has been either missing or severely restricted.