This invention relates to the data processing field. More specifically, this invention relates to object encapsulation within an object oriented programming environment.
The development of the EDVAC computer system of 1948 is often cited as the beginning of the computer era. Since that time, computer systems have found their way into just about every aspect of the American life style. One reason for this proliferation is the ability of computer systems to perform a variety of tasks in an efficient manner. The mechanisms used by computer systems to perform these tasks are called computer programs.
Like computer systems themselves, the development of computer programs has evolved over the years. The EDVAC system used what was called a xe2x80x9cone addressxe2x80x9d computer programming language. This language allowed for only the most rudimentary computer programs. By the 1960s, improvements in computer programming languages led to computer programs that were so large and complex that it was difficult to manage and control their development and maintenance.
Hence, in the 1970s, focus was directed away from developing new programming languages towards the development of programming methodologies and environments which could better accommodate the increasing complexity and cost of large computer programs. One such methodology is the Object Oriented Programming (OOP) approach. OOP advocates claim that this approach to computer programming can improve the productivity of computer programmers by as much as twenty-five fold. Hence, while it has been some time since OOP technology was originally developed, it is currently seen as the way of the future.
Not surprisingly, objects are central to OOP technology. Objects can be thought of as autonomous agents which work together to perform the tasks required of the computer system. A single object represents an individual operation or a group of operations that are performed by a computer system upon information controlled by the object. The operations of objects are called xe2x80x9cmethodsxe2x80x9d and the information controlled by objects is called xe2x80x9cobject dataxe2x80x9d or just xe2x80x9cdata.xe2x80x9d Methods and object data are said to be xe2x80x9cencapsulatedxe2x80x9d in the object. The way an object acts and reacts relative to other objects is said to be its xe2x80x9cbehavior.xe2x80x9d Since the proper function of the computer system depends upon objects working together, it is extremely important for each object to exhibit a consistent behavior.
When a method of one object needs access to the data controlled by a second object, it is considered to be a client of the second object. To access the data controlled by the second object, one of the methods of the client (i.e., a client method) will call or invoke the second object to gain access to the data controlled by that object. One of the methods of the called object (i.e., a server method in this case) is then used to access and/or manipulate the data controlled by the called object. Limiting access to the called object""s own methods is critical because each object""s ability to exhibit a consistent behavior depends on its ability to prevent the methods of other objects from directly accessing and manipulating its data. Indeed, limiting access to the called object""s own methods is so critical that the whole OOP methodology breaks down if this encapsulation is not preserved.
It is a principal object of this invention to provide an enhanced mechanism which limits access to object data to only the methods of the subject object.
It is another object of this invention to provide an enhanced mechanism which permits access by a plurality of methods to only the object data of their object.
It is yet another object of this invention to provide an enhanced mechanism which limits access to object data to only the methods of the subject object by permitting access on the basis of memory aggregates that are smaller than pages, segments and other similar predetermined memory boundaries.
It is still another object of this invention to provide an enhanced mechanism which limits access to object data to only the methods of the subject object by permitting access on the basis of a memory aggregate which is equivalent in size to the space required for the object data itself.
These and other objects are accomplished by the data protection mechanisms and apparatus disclosed herein.
The present invention utilizes a hardware Window Storage Protection Controller (WSPC) and an Object Encapsulation Enforcement Manager (OEEM) to limit access to object data to only those methods which are encapsulated by the object. All of the objects of the computer system which require protection are stored in protected storage by a base storage protection mechanism so that only the mechanisms of the present invention can deny or permit access to the data encapsulated by the objects. For the most part, the object identifier for each object is known by all other objects. The object identifier is essentially the address of the object in storage. If a client method attempts to gain access to another object""s data without first interacting with the OEEM (i.e., perhaps via the other object s identifier), the access will be denied by the base storage protection mechanism.
When a method of one object (i.e., a client) wants to access and/or manipulate the data encapsulated in a second object, it presents the object identifier (also denoted as object ID and OID) to the OEEM. The OEEM then takes the object identifier, the length of the object, and the access permissions (i.e., read and write permissions for example) of the client and loads them into special registers within the WSPC. (While the present invention utilizes the object identifier and object length to delineate the address range of objects, those skilled in the art will appreciate that other mechanisms could have been used without loss of generality.) The OEEM then invokes the appropriate method of the called object. When this method attempts to access the data encapsulated within the called object, the WSPC verifies that the data to be accessed is actually encapsulated by the object identified by the object identifier and that the type of access (i.e., read v. write) is a permitted activity for this particular client. If the requested access is directed at data that is actually encapsulated by the called object and the type of access is a permitted activity for this particular client, the WSPC overrides the base storage protection mechanism and allows the requested access to proceed. However, if the requested access is directed at data that is not encapsulated by the called object or if the type of access requested is not a permitted activity for this particular client, the WSPC allows the base storage protection mechanism to deny the requested access.