1. Field of the Invention
The invention relates to data processing systems, and more particularly to a memory-accessing mechanism which protects memory locations from unauthorized access.
2. Description of the Related Art
Modern computer systems are organized such that all information within the system is represented by hardware-recognized, memory-resident information structures called objects. This is known as an object-oriented computer architecture. An object is a package of data that is a representation of related information maintained in a contiguouslyaddressed set of memory locations.
In an object-oriented programming system, each type or class of object has a set of operations that are permitted to be performed on the objects that are members of the class. This is known as an object-based access mechanism. The internal structure of objects is hidden from the programmer. The programmer can manipulate the objects only with the permitted operations. Access to an object is by means of a pointer to the object called an access descriptor. An access descriptor describes the kind of representation (rep) rights (such as read rights or write rights) which define the various kinds of access to the object that are permitted by the holder of the access descriptor for that object.
U.S. Pat. No. 4,325,120 granted Apr. 13, 1982, to Colley et al. and assigned to Intel Corporation, discloses an object-based access mechanism in which two basic types of objects are recognized and distinguished by a processor. The first basic type is a data segment which contains ordinary data. The second basic type is an access list which contains access descriptors which are used to access information, that is other objects, in the memory. Each access descriptor provides information for locating and defining the extent of access to an object associated with that access descriptor. Unauthorized access to the memory is controlled by a protection mechanism which checks the access descriptor utilized in the process of generating references to objects in the memory.
In early computer systems, the architecture provided for two program states, the supervisor state and the problem state, with the processor switching between the two states. In the problem state, all privileged instructions (I/O instructions, protection instructions, and a group of control instructions) are invalid. In the supervisor state, all instructions are valid. When a privileged instruction is encountered in the problem state, a privileged-operation exception is recognized, a program interrupt occurs and the operation is suppressed. Protection is provided to protect the contents of certain areas of main memory from destruction or misuse. Locations are protected by identifying blocks of storage with a key and comparing this key against a protection key supplied with the data to be stored. A mismatch will cause an exception to be recognized, a program interrupt occurs and the operation is suppressed.
The architecture of the Colley et al. patent eliminated the need for different execution states within the processor, such as the supervisor state and the problem state. In that object-oriented architecture there was no need for privileged instructions that are executed only when the processor is in the supervisor state. Memory protection was achieved by allowing or prohibiting access to certain objects, rather than certain memory locations.
In an object-oriented architecture, segments are the basis for all addressing and protection. A segment is a single linear address space with a defined size or length. Segments exist in main memory and are associated with a starting or base address. To determine the actual physical address of an item of data within a segment or an object, one adds the position of the item within the segment (called its displacement) to the segment's base address. In systems with segmented addressing, moving a segment requires the updating of its base address. However, the base address information can be distributed throughout memory and in the processor's registers. This means that if a segment is moved, many copies of its base address will have to be located and updated to reflect the change. To obviate this problem, the Colley et al. architecture brings together all of the information about a segment and places that information in a segment table. It then requires that all references to a segment obtain the necessary base address and length information from this table. Any reference to the segment will access the segment descriptor and obtain the correct and current base address and length information.
To further refine this mechanism, the Colley et al. system provides a second level of address mapping above that provided by the segment table. Each program unit is supplied at run time with a list of segment numbers (indices for segment descriptors) for all of the segments it may need to access during execution of the program. The program selects a particular segment by specifying, as part of each operand's address in an instruction, an index into its list of accessible segments. This list is known as its access list.
This type of mechanism is called a "capability-based protection mechanism" and provides excellent protection; however, it necessitates very complex programming procedures.
In object-oriented architectures, there is no notion of privileged instructions. A privileged instruction is an instruction that can be executed only when the central processing unit (CPU) is in the supervisor state. The supervisor state is that state in which the supervisor program is running, the supervisor program being a control program that coordinates the use of resources and maintains the flow of CPU operations. When in the supervisor state, the user's program cannot be executed. The user's program is executed when the CPU is in the problem state, which is a state during which the CPU cannot execute input/output and other privileged instructions. This is called a "state-based protection mechanism".
For a modern data processing system supporting an object oriented architecture to also be able to support the state protection mechanism in the same hardware, such a system must be compatible with operating systems of an earlier type employing supervisor and user states.
It is therefore an object of the present invention to provide a memory access protection mechanism that supports either a capability-based protection mechanism or a statebased protection mechanism.