top - download
⟦308be99d5⟧ Wang Wps File
Length: 11688 (0x2da8)
Types: Wang Wps File
Notes: Spelunked
Names: »~ORPHAN69.00«
Derivation
└─⟦459bdb0e5⟧ Bits:30006057 8" Wang WCS floppy, CR 0089A
└─ ⟦this⟧ »~ORPHAN69.00«
WangText
D…0b…D…0f…D…06…D…07…C…0e…C…0f…C…05…C…06…B…09…B…86…1
…02…
…02… …02…
…02…CPS/SDS/001
…02…OKH/811020…02……02…
CAMPS
SYSTEM
DESIGN
SPECIFICATION
…02…ISSUE
1.1…02…CAMPS
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
5.6 KERNEL .....................................
277
5.6.1 Summary of Requirements.............. 277
5.6.1.1 General Description ..............
277
5.6.1.1.1 Process Concept ..............
279
5.6.1.1.2 Security .....................
279
5.6.1.1.3 Process Environment ..........
281
5.6.1.1.4 Intrfaces ................... 281
5.6.1.2 Functions ........................
284
5.6.1.2.1 Directory Functions ..........
284
5.6.1.2.1.1 Access to Objects ........
285
5.6.1.2.2 Security .....................
285
.6.1.2.2.1 Access Authorization ..... 286
5.6.1.2.3 Device Management ............
287
5.6.1.2.3.1 Device Security ..........
289
5.6.1.2.4 Process Management ...........
289
5.6.1.2.4.1 Process Hierarchy ........
90
5.6.1.2.4.2 Process Attributes .......
292
5.6.1.2.4.3 Process Management
Functions ................
292
5.6.1.2.5 Process Scheduling ...........
293
5.6.1.2.5.1 Priorities ...............
293
5.6.1.2.5.2 Time Slicing ............. 294
5.6.1.2.5.3 Process Scheduling
Interfaces ...............
294
5.6.1.2.6 Process Communication ........
294
5.6.1.2.6.1 Synchronization Elements .
294
5.6.1..6.2 Basic Process Communication
Functions ................
295
5.6.1.2.6.3 IO System ................
296
5.6.1.2.7 Page Management ..............
300
5.6.1.2.7.1 Page Manager Concepts ....
301
5.6.1.2.72 Page Manager Functions ... 304
5.6.1.2.7.3 Page Manager Security
Aspects ..................
307
5.6.1.2.8 Timer Management .............
307
5.6.1.3 Kernel Control ...................
308
5.6.1.3.1 Parameter Control ............
308
5.6.1.3.2 Initialization ...............
309
5.6.1.3.3 Error Hndling ............... 309
5.6.1.4 Characteristics ..................
309
5.6.1.4.1 Availability .................
310
5.6.1.4.2 Security .....................
310
5.6.1.5 Design and Construction ..........
310
5.6..6 Documentation ..................... 310
5.6.2 Environment ..........................
310
5.6.2.1 Standard Hardware, Firmware and
Software .........................
310
5.6.2.2 External Interfaces ..............
310
5.6.2.3 Subsystem Interfaces ............. 310…86…1
…02… …02… …02… …02…
5.6 K̲E̲R̲N̲E̲L̲
5.6.1 S̲u̲m̲m̲a̲r̲y̲ ̲o̲f̲ ̲R̲e̲q̲u̲i̲r̲e̲m̲e̲n̲t̲s̲
5.6.1.1 G̲e̲n̲e̲r̲a̲l̲ ̲D̲e̲s̲c̲r̲i̲p̲t̲i̲o̲n̲
KERNEL is the interface between CAMPS software and
hardware. The CR80D hardware provides a set of low
lvel hardware objects, such as CPUs, memory modules,
memory mapping module, I/O busses, I/O devices, and
a set of operations on those objects by means of the
CR80D instruction set.
The main purpose of most pieces of system software
is to hide certin hardware features, replacing them
with a new set of features, which are more suitable
for the application area at hand. This can be viewed
as an abstraction of the actual physical machine into
a virtual machine, which will be the only one accessble
by application software. Actually this abstraction
process is repeated a number of times and gives rise
to several layers of system software. Each layer transforms
the underlying virtual machine into a new one, which
is then provided to upper lyers. KERNEL constitutes
the lowest level of system software in this sense.
The next level of abstraction above the KERNEL is constituted
by SFM and IOC respectively:
- SFM transforms each disk device (controller) into
a set of disk units, eachconsisting of a number of
disk files.
- IOC transforms each line termination device (LTU
or TDX Host IF) into a set of logical communication
lines.
In a rather crude model, the relations between KERNEL,
SFM, IOC and the rest of CAMPS software i shown on
the diagram 5.6.1.1-1.
5.6.1.1-1…86…1 …02… …02… …02… …02…
5.6.1.1.1 P̲r̲o̲c̲e̲s̲s̲ ̲C̲o̲n̲c̲e̲p̲t̲
The most important new concept introduced by KERNEL
is that of a p̲r̲o̲c̲e̲s̲s̲.
A pr̲o̲c̲e̲s̲s̲ is defined as the transformation of a given
set of data performed y the execution of an associated
program.
A program is defined as a sequence of machine instructions.
The data associated with a process are called the p̲r̲o̲c̲e̲s̲s̲
̲d̲a̲t̲a̲.̲
The instructions for manipulating the process data
are collected in the assoiated program. The available
instructions are the CR80D user instructions (non privileged
hardware instructions) together with the system commands
provided by KER, SFM and IOC.
Program and process data reside in completely separate
parts of memor, and the same program may well be executed
by several processes.
Execution of processes may be truly parallel if the
machine contains more than one CPU. Otherwise execution
is pseudo-parallel, meaning that execution of the running
process may atany place in the program be interrupted
and another process may then resume execution from
a point in the program where it was previously interrupted.
Process data and program associated with a given process
are specified by two sets of Memory Trnslation Tables
belonging to the process. They are loaded into the
map module each time the process resumes execution.
(See figure 5.6.1.1.1-1)
5.6.1.1.2 S̲e̲c̲u̲r̲i̲t̲y̲
Security is closely related to the process concept
in that all system resourcesare allocated to and exchanged
between processes. So security actually amounts to
controlling the access to system resources, including
information carrying resources, by processes.…86…1
…02… …02… …02… …02…
Fig. 5.6.1.1.1-1
Relations between HW and SW packages…86…1 …02… …02… …02… …02…
KERNEL implements the basic tools for protection of
resources as described in more detail in section 5.6.1.2.2.
5.6.1.1.3 P̲r̲o̲c̲e̲s̲s̲ ̲E̲n̲v̲i̲r̲o̲n̲m̲e̲n̲t̲
From "within" a process the envionment looks as if
the process is executed within a monoprogrammed machine
with a CPU, a memory and a set of peripheral files
and/or lines. The process exchanges data with the environmental
files and lines. It does not need to recognize other
proceses except that they may cause a slow down of
the CPU.
Processes may, however, cooperate in performing a specific
task. They do so by exchanging data and synchronizing
their activities. This is done by the process communication
tools provided by ERNEL.
Synchronization and data exchange between processes
is done by means of s̲y̲n̲c̲h̲r̲o̲n̲i̲z̲a̲t̲i̲o̲n̲ ̲e̲l̲e̲m̲e̲n̲t̲s̲ ̲as described
in 5.6.1.2.6. Based upon synchronization elements,
the I/O system implements special tools for data exchange
with SFM and IOC.
5.6.1.1.4 I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲
KERNEL interfaces to hardware and to all other CAMPS
software packages. Three packages are of special interest:
a) SSC
Takes all high level decisions concerning resource
allocation and resource sharing.
b) SFM
Contols all disk storage.
c) IOC
Controls all communication lines.
The main interfaces are shown on the diagram overleaf.…86…1
…02… …02… …02… …02…
Figure 5.6.1.1.4-1…01…KERNEL Interfaces…86…1 …02… …02… …02… …02…
1. I/O Activation
2. I/O Completion Notification
3. I/O Instruction
4. Device Interrupt
5. Process creation, deletion, activation, and deactivation
6. Timer Interrupt 7. Send,
Await
and
I/O
System
Functions
8. Page Fault Interrupt
9. Segment creation, deletion, transfer, and mapping
10. Set Time
11. Read Time, Schedule and Cancel Time Signal
12. Time Signal
13. Timer Interrupt
14. Error Report to CallingProcess
15. Error Report to Parent
FIGURE 5.6.1.1.4-1 (CONT.)
5.6.1.2 F̲u̲n̲c̲t̲i̲o̲n̲s̲
5.6.1.2.1 D̲i̲r̲e̲c̲t̲o̲r̲y̲ ̲F̲u̲n̲c̲t̲i̲o̲n̲s̲
Directory Functions are KERNEL tools for resource allocation.
Examples of system resources, from here on called o̲b̲j̲e̲c̲t̲s̲,
are emory segments, processes, CPU's and synchronization
elements. Objects are dynamically created and removed
by processes, and exchanged between processes.
KERNEL controls, that whenever a process has obtained
access to an object, either by creatin it or by obtaining
it from another process, the process can not access
or manipulate the object beyond a limit defined at
creation time or time of granting the access. This
limit is called the capabilities of the process with
respect to the object For each object a process can
only grant a subset of the capabilities that it has
got itself.
The ability of a process to create new objects is further
limited by a socalled claim on each type of resource.
A process can never create more instancs of a specific
object type than defined by its claim for that object
type.
Even if KERNEL contains tools for limiting access to
existing objects and limits ability to create new objects,
it does not take any high level decisions about distributin
of available resources between processes and the dynamic
behaviour of the system in terms of creation and removal
of objects.
These decisions must be taken by special processes
playing the role of o̲p̲e̲r̲a̲t̲i̲n̲g̲ ̲s̲y̲s̲t̲e̲m̲s̲.̲ This is further
described i section 5.6.1.2.4.
In CAMPS, the operating system functions are performed
by SSC, having responsibility for all resource management.
5.6.1.2.1.1 A̲c̲c̲e̲s̲s̲ ̲t̲o̲ ̲O̲b̲j̲e̲c̲t̲s̲
There are three ways for a process to gain access to
an object:
a) C̲r̲e̲a̲t̲i̲o̲n̲
The process which originally created the object
has capabilities whch it specified itself at creation
time. At that time Directory Functions checked
if the specified capabilities were compatible with
security rules.
b) I̲n̲h̲e̲r̲i̲t̲a̲n̲c̲e̲
A child may at creation time inherit specified
objects with specified capabilites from the parent.
The capabilities versus a given object can only
be a subset of those possessed by the parent. The
capabilities of the child can never be changed.
Directory functions check at creation time if the
capabilities are consistent withsecurity rules.
c) C̲a̲t̲a̲l̲o̲g̲u̲i̲n̲g̲
Directory functions have a directory, where objects
may be catalogued. Each catalogue entry consists
of an object identifier and an access control list.
Each entry of the access control list specifies
the capabilties of a user group to the object.
When a process wants access to a particular object,
it calls the directory function L̲o̲o̲k̲u̲p̲ ̲O̲b̲j̲e̲c̲t̲,̲
which then checks if the user group of the process
has any capabilities to the object and if the access
is consisent with security rules.
5.6.1.2.2 S̲e̲c̲u̲r̲i̲t̲y̲
KERNEL contains tools which may be used by SSC to enforce
very rigid limitations upon the information exchange
between processes, and access to objects by processes.
As described in section 4.8, thes tools are used as
the second level in a two level checking mechanism.
