1 / 29

Capability Concept Mechanisms and Structure in System 250

Capability Concept Mechanisms and Structure in System 250 . Presented by: Hua Zhang COP6614, Fall 2005. Outline. Introduction Capability Program Resource Process Additional Features Conclusion Reference. Introduction.

bina
Download Presentation

Capability Concept Mechanisms and Structure in System 250

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Capability Concept Mechanisms and Structure in System 250 Presented by: Hua Zhang COP6614, Fall 2005

  2. Outline • Introduction • Capability • Program • Resource • Process • Additional Features • Conclusion • Reference

  3. Introduction • The idea of Capability was introduced in 1966 by J.B. Dennis and E.C. Van Horn • System 250 • Developed by Plessey Company Limited • First Capability machine realized in hardware

  4. System 250 • Multi-processor system • Any CPU can access any store word • Storage space is allocated dynamically in segments of arbitrary sizes • A single address space is employed • A segment is addressed by a unique reference called “Capability”

  5. Capability

  6. Capability Registers • The CPU contains 8 Data Registers, and 8 Capability Registers • A Capability is used to address fast store • A Store Module address • The base and limit addresses • Access field • CPU instructions access words within a segment by a refrence to a Capability Register which defines it

  7. Access Field • 6 bits • Data Types • Read Data • Write Data • Execute • Capability Types • Read Capability • Write Capability • Enter • Certain combinations, e.g. write data and read capability, are not allowed

  8. Functions of Capability Register • Provide an addressing base for segments in fast store • Protect segments against illicit operations • Limit the scope of a program and thus protected the data outside this scope from illicit access

  9. Load Capability Instruction • Make Capability Registers different from conventional base/limit registers • No way to alter base/limit registers • Program can access as many segments as needed during execution, while bounded by the set of Capability values which its Capability segments contain

  10. System Capability Table • Why use SCT • Physical address changes when a segment is moved • Contents in SCT • Physical addresses of segments • Capability value • Access field and offset in SCT • Stored in the Capability Segment of each program • Different programs can have different rights on one SCT entry

  11. System Capability Table • Load Capability • Use CR6 plus offset to locate the capability value • Use SCT OFFSET to locate the entry in SCT • ACCESS field is copied from capability value • The rest is copied from SCT entry

  12. Capability as Access Right • To develop the concept of Capability further • Disassociate it from addressing physical locations in fast store • Addressing any device in the system • Virtual Capability Register • Access field • Segment identity field

  13. Concept of Capability • A Capability is an access right for a segment of store • The segment may be operated upon by suitable CPU instructions when the capability is loaded into a Capability register • No segment may be accessed excepted by means of a Capability

  14. Program

  15. Structure of Program Package • Central Capability Segment • Defines a number of satellite segments • One code segment • One data structure • CR7 - code segment • CR6 – central code segment

  16. Structure of Program • Consists of a number of program packages • Enter access type • Needed for one program package to call another • On the central capability segment of the callee • Protect the data structure of callee

  17. Resource

  18. Dynamic Allocation of Resource • No privileged mode is needed • Operating system consists of a set of program packages called by Enter access type • Package Store Allocator • Called during execution of a program • Allocate a segment and create a Capability for it • The ONLY place where Capabilities can be manufactured • Complex program packages can be build upon to allocate arbitrary complex resources

  19. Structure of Resource • Same structure as a program package • Data structures are protected • Resource can be arbitrary complex

  20. Process

  21. Structure of Process • Created by a Process Allocator package • Called “process data structure” • CR7 - the first segment of process data structure • New segments created can be added using Store Capability Instruction

  22. Call, Return and Store Capability • Call • Store CR6, CR7 and IAR to stack • Load Execute type Capability to CR7 • Load Enter type Capability to CR6 • Give Read type Capability of CR6 to CR7 • Return • Restore CR6, CR7 and IAR from stack Store and restore CR6 provide mutual protection.

  23. Process Dump Stack • Defined by a special Dump Stack Capability Register • The stack area • Preserve CR6, CR7 and IAR values during a Call instruction • A dump Area • Remaining register values can be preserved on interrupt or context change

  24. Additional Features

  25. Additional Features • Mixed segments • Can include both data and capability values • Removes the rigid distinction between data and capability segments • Provides greater flexibility • To keep the protection, the distinction between data and capability types attaches to the values themselves.

  26. Additional Features • Process Workspace Stack • Supply a package automatically with working space when called during called during the execution of a process • Referenced relative to the stack pointer • Preserve and protect a package’s working data when a further package is called, by incrementing the stack pointer by a suitable value

  27. Conclusion • Using capability in System 250 provides a uniform addressing and protection mechanism to all resources in the system • Facilitate information sharing and protection between processes • No privileged mode is needed, thus saving the time of switching between kernel and user levels as in many other systems

  28. Reference • England, D.M., The Capability Concept Mechanism and Structure in System 250, IRIA International Workshop on Protection in Operating Systems, Rocquencourt, (1974), pp. 63-82. • H. Levy, Capability-based Computer Systems. Digital Press, 1984.

More Related