|
|
|
| United States Patent | 5187790 |
| Link to this page | http://www.wikipatents.com/5187790.html |
| Inventor(s) | East; Jeffrey A. (Aptos, CA);
Walker; James J. (Redmond, WA);
Jenness; Steven M. (Redmond, WA);
Ozur; Mark C. (Redmond, WA);
Kelly, Jr.; James W. (Redmond, WA) |
| Abstract | In a multitasking, multiuser computer system, a server process temporarily
impersonates the characteristics of a client process when the client
process preforms a remote procedure call on the server process. Each
process has an identifier list with a plurality of identifiers that
characterize the process. The server process generates a new identifier
list which is either the same as the client process's list, or is the
union of the server's and the client's lists. Each object in the system
can have an access control list which defines the identifiers that a
process must have in order to access the object. The operation system has
access checking software for enabling a selected process access to a
specified object when the identifers for the process match the list of
identifiers in the access control list of the specified object. The server
can therefore access all objects accessible to the client while the server
is working for the client. The server can restore its original identifier
list after completing the services that it performs for the client. |
|
|
 |
Title Information  |
|
|
|
|
|
Drawing from US Patent 5187790 |
|
|
Server impersonation of client processes in an object based computer
operating system |
|
|
|
|
|
| Publication Date |
February 16, 1993 |
|
|
|
|
|
| Filing Date |
April 21, 1992 |
|
|
|
|
|
|
|
|
|
|
|
| Parent Case |
This is a continuation of application Ser. No. 07/373,878 filed Jun. 29,
1989, now abandoned. |
|
|
|
|
|
|
|
|
|
|
 |
|
 |
Title Information |
|
|
|
References |
|
|
| *references marked with an asterisk below are user-added references |
 |
U.S. References |
|
|
| Add a new US reference: |
| | Reference | Relevancy | Comments | Reference | Relevancy | Comments | 5136712
Perazzoli, Jr.
718/104
Aug,1992 |  Your vote accepted
[0 after 0 votes] | | 5129083
Cutler
707/103R
Jul,1992 | Your vote accepted
[0 after 0 votes] | | 5129084
Kelly, Jr.
718/104
Jul,1992 | Your vote accepted
[0 after 0 votes] | | 5057996
Cutler
718/106
Oct,1991 | Your vote accepted
[0 after 0 votes] | | 4901231
Bishop
707/205
Feb,1990 | Your vote accepted
[0 after 0 votes] | | 4849877
Bishop
709/226
Jul,1989 | Your vote accepted
[0 after 0 votes] | | 4825354
Agrawal
707/10
Apr,1989 | Your vote accepted
[0 after 0 votes] | | 4809160
Mahon
726/4
Feb,1989 | Your vote accepted
[0 after 0 votes] | | 4800488
Agrawal
709/225
Jan,1989 | Your vote accepted
[0 after 0 votes] | | 4714996
Gladney
707/203
Dec,1987 | Your vote accepted
[0 after 0 votes] | | 4713753
Boebert
711/164
Dec,1987 | Your vote accepted
[0 after 0 votes] | | 4656579
Bachman
711/147
Apr,1987 | Your vote accepted
[0 after 0 votes] | | 4621321
Boebert
707/8
Nov,1986 | Your vote accepted
[0 after 0 votes] | | 4584639
Hardy
726/2
Apr,1986 | Your vote accepted
[0 after 0 votes] | | 4525780
Bratt
711/163
Jun,1985 | Your vote accepted
[0 after 0 votes] | | 4455602
Baxter, III
710/5
Jun,1984 | Your vote accepted
[0 after 0 votes] | | 4135240
Ritchie
711/164
Jan,1979 | Your vote accepted
[0 after 0 votes] | | 4701840
Boebert
726/4
Dec,1969 | Your vote accepted
[0 after 0 votes] | | |
|
 |
|
|
|
U.S. References |
|
|
|
Foreign References |
|
|
|
|
|
|
|
|
Foreign References |
|
|
|
Other References |
|
|
|
|
|
|
|
|
Other References |
|
|
|
|
|
|
|
References |
|
|
|
|
|
|
| Market Size |
|
Estimate the gross annual revenues of the relevant market
sector:
|
| | |
| |
|
|
| Market Share |
|
Estimate the percentage of the relevant market sector this invention will capture:
|
| | |
| |
|
|
| Reasonable Royalty |
|
What percentage of gross sales should the inventor or assignee be paid?
|
| | |
| |
|
|
|
Public's "Guesstimation" of Royalty Value
|
| Market Size | N/A | [No votes] | | x | Market Share | N/A | [No votes] | | x | Reasonable Royalty | N/A | [No votes] |
| | N/A | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Market Review |
|
|
|
Technical Review |
|
|
|
Claims |
|
|
What is claimed is:
1. In a computer system, having
memory means for storing data and data structures;
a multiplicity of objects comprising data structures stored in said memory
means; each of a multiplicity of said objects having an associated access
control list for limiting access to said each object, each access control
list including a list of entries, wherein each entry includes a
conjunction of one or more identifiers required to access said each
object; and
a multiplicity of processes running concurrently on said computer system;
said processes including at least one server process and plurality of
client processes; each of said processes having an associated identifier
list denoting a set of identifiers;
a method of operating said computer system comprising the steps of:
one of said at least one server process responding to requests by one of
said plurality of client processes by performing tasks on behalf of the
requesting client process;
said one server process impersonating said requesting client process by
adopting a set of identifiers to replace said identifier list associated
with said one server process, wherein said adopted set of identifiers is
said identifiers in the identifier list associated with said requesting
client process when said one server process is responding to a first
request by said requesting client process, and wherein said adopted set of
identifiers is the union of said identifiers in said identifier list
associated with said requesting client process and said identifiers in
said identifier list associated with said one server process when said one
server process is responding to a second request by said requesting client
process; and
said one server process initiating access to a specified one of said
multiplicity of objects, said system enabling access by said one server
process to said one specified object when said adopted set of identifiers
match the identifiers of at least one entry in said one specified object's
access control list.
2. A method of operating a computer system as set forth in claim 1, further
including the steps of
storing the identifier list of said one server process that was replaced by
said adopted set of identifiers, and later restoring said stored
identifier list to said one server process after said one server process
finishes performing said tasks on behalf of said requesting client
process.
3. In a computer system having
memory means for storing data and data structures;
a multiplicity of objects comprising data structures stored in said memory
means; each of a multiplicity of said objects having an associated access
control list for limiting access to said each object, each access control
list including a list of entries, wherein each entry includes a
conjunction of one or more identifiers required to access said each
object; and
a multiplicity of processes running concurrently on said computer system;
said processes including a plurality of server processes and a plurality
of client processes; each of said processes having an associated
identifier list denoting a set of identifiers;
a method of operating said computer system comprising the steps of:
each respective server process responding to requests by respective ones of
said plurality of client processes by performing tasks on behalf of the
respective requesting client process; and
each respective server process, prior to performing said tasks on behalf of
the respective requesting client process, impersonating said respective
requesting client process by adopting a set of identifiers to replace said
identifier list associated with said respective server process; wherein at
least a first one of said plurality of server processes, in response to a
first request by said respective requesting client process, adopts a set
of identifiers comprising the identifiers in the identifier list
associated with said respective requesting client process;
wherein at least a second one of said plurality of server processes, in
response to a second request by said respective requesting client process,
adopts a set of identifiers comprising the union of said identifiers in
said identifier list associated with said respective requesting client
process and said identifiers in said identifier list associated with said
second server process; and
each respective server process initiating access to a respective one of
said multiplicity of objects, said system enabling access by said
respective server process to said one respective object when said set of
identifiers adopted by said respective server process match the
identifiers of at least one entry in said one respective object's access
control list.
4. A method of operating a computer system as set forth in claim 3, further
including the steps of:
storing the identifier list of said respective server process that was
replaced by said adopted set of identifiers, and later restoring said
stored identifier list to said respective server process after said
respective server process finishes performing said tasks on behalf of said
respective requesting client process.
5. A computer system, comprising:
memory means for storing data and data structures;
a multiplicity of objects comprising data structures stored in said memory
means;
a multiplicity of processes running concurrently on said computer system;
each of said multiplicity of processes including characteristic denoting
means for denoting a set of identifiers; said multiplicity of processes
including at least one server process and a plurality of client processes;
each of a multiplicity of said objects having an associated access control
list for limiting access to said each object, each object's access control
list including a list of entries, wherein each entry includes a
conjunction of one or more identifiers required to access said each
object;
access checking means, coupled to said memory means and said multiplicity
of processes, for enabling access by any one of said processes to a
specified one of said multiplicity of objects when said set of identifiers
in the characteristic denoting means of said one process match the
identifiers of one of said entries in said specified object's access
control list; and
impersonation means, responsive to requests from one of said client
processes, for generating an adopted set of identifiers to replace said
set of identifiers denoted by the characteristic denoting means of one of
said at least one server process, said impersonation means including first
means for generating said adopted set of identifiers by replacing said one
server process' set of identifiers with said set of identifiers denoted by
the characteristic denoting means of said requesting client process, and
second means for generating said adopted set of identifiers by replacing
said server process' set of identifiers with the union of said identifiers
denoted by the characteristic denoting means of said requesting client
process and said identifiers denoted by the characteristic denoting means
of said one server process;
said one server process including means, coupled to said access checking
means, for performing tasks on behalf of said requesting client process
including accessing ones of said multiplicity of objects using the adopted
set of identifiers generated by said impersonation means;
said impersonation means utilizing one of said first means and second means
for generating said adopted set of identifiers in accordance with the
tasks to be performed by said one server process on behalf of said
requesting client process.
6. The computer system set forth in claim 5, further including:
restoration means for storing said set of identifiers of said one server
process replaced by said impersonation means, and for restoring said
stored set of identifiers to said one server process after said one server
process finishes performing said tasks on behalf of said requesting client
process.
7. A computer system, comprising:
memory means for storing data and data structures;
a multiplicity of objects comprising data structures stored in said memory
means;
a multiplicity of processes running concurrently on said computer system;
each of said multiplicity of processes including characteristic denoting
means for denoting a set of identifiers; said multiplicity of processes
including at least one server process and a plurality of client processes;
each of a multiplicity of said objects having an associated access control
list for limiting access to said each object, each object's access control
list including a list of entries, wherein each entry includes a
conjunction of one or more identifiers required to access said each
object;
access checking means, coupled to said memory means and said multiplicity
of processes, for enabling access by any one of said processes to a
specified one of said multiplicity of objects when said set of identifiers
in the characteristic denoting means of said one process match the
identifiers of one of said entries in said specified object's access
control list;
each of a multiplicity of said objects, comprising impersonation objects,
having means for denoting said plurality of identifiers denoted by a
specified one of said processes;
impersonation object generating means, responsive to requests from one of
said client processes, for creating an impersonation object denoting the
set of identifiers denoted in the characteristic denoting means of said
one client process; and
impersonation means for generating an adopted set of identifiers to replace
said set of identifiers denoted by the characteristic denoting means of
one of said at least one server process, wherein said adopted set of
identifiers generated by said impersonation means is said set of
identifiers denoted in said created impersonation object when said one
server process is responding to a first request by said one client
process, and wherein said adopted set of identifiers generated by said
impersonation means is the union of said identifiers denoted by the
characteristic denoting means of said one client process and said
identifiers denoted by the characteristic denoting means of said one
server process when said one server process is responding to a second
request by said one client process;
said one server process including means, coupled to said access checking
means, for performing tasks on behalf of said one client process including
accessing specified ones of said multiplicity of objects using the adopted
set of identifiers generated by said impersonation means;
wherein the adopted set of identifiers generated by said impersonation
means is selected in accordance with each request from said requesting
client process.
8. The computer system set forth in claim 7, further including:
restoration means for storing said set of identifiers of said one server
process replaced by said impersonation means, and for restoring said
stored set of identifiers to said one server process after said one server
process finishes performing said tasks on behalf of said one client
process.
9. A computer system, comprising:
memory means for storing data and data structures;
a multiplicity of objects comprising data structures stored in said memory
means; each object having an associated access control list for limiting
access to said each object, each access control list including a list of
entries, wherein each entry includes a conjunction of one or more
identifiers required to access said each object;
a multiplicity of processes running concurrently on said computer system;
each of said multiplicity of processes including characteristic denoting
means for denoting a set of identifiers; said multiplicity of processes
including a plurality of server processes and a plurality of client
processes;
access checking means, coupled to said memory means and said multiplicity
of processes, for enabling access by any one of said processes to a
specified one of said multiplicity of objects when said set of identifiers
in the characteristic denoting means of said one process match the
identifiers of one of said entries in said specified object's access
control list;
each server process including means, coupled to said access checking means,
for responding to requests from one of said client processes by performing
tasks on behalf of said requesting client process, said tasks including
accessing ones of said multiplicity of objects;
impersonation means, coupled to said plurality of server processes, for
generating an adopted set of identifiers to replace said set of
identifiers denoted by the characteristic denoting means of a specified
one of said server processes, said impersonation means including first
means for generating said adopted set of identifiers by replacing said
specified one server process' set of identifiers with said set of
identifiers denoted by the characteristic denoting means of said
requesting client process, and second means for generating said adopted
set of identifiers by replacing said one server process' set of
identifiers with the union of said identifiers denoted by the
characteristic denoting means of said requesting client process and said
identifiers denoted by the characteristic denoting means of said specified
one server process;
said specified one server process accessing ones of said multiplicity of
objects using the adopted set of identifiers generated by said
impersonation means;
said impersonation means utilizing one of said first means and second means
for generating said adopted set of identifiers in accordance with each
request from said requesting client process.
10. The computer system set forth in claim 9, further including:
restoration means for storing said set of identifiers of said specified one
server process replaced by said impersonation means, and for restoring
said stored set of identifiers to said specified one server process after
said specified one server process finishes performing said tasks on behalf
of said requesting client process. |
|
|
|
|
|
|
Claims |
|
|
|
Description |
|
|
This application is related to the application entitled RPC BASED COMPUTER
SYSTEM USING TRANSPARENT CALLBACKS AND ASSOCIATED METHOD, in the name of
Mark Ozur et al., Ser. No. 07/830,730, filed Feb. 4, 1992, which is a
continuation of Ser. No. 07/374,100, filed on the same date as this
application, and is hereby incorporated by reference.
The present invention relates generally to multitasking digital computer
systems and particularly to methods and systems for managing the data
structures used by a multitasking digital computer system.
BACKGROUND OF THE INVENTION
Large computer systems generally allow many users to simultaneously use a
single computer's resources. Such systems are herein called multitasking
digital computer systems. Such computers include virtually all mainframe
computers and most minicomputers.
One of the primary jobs of the operating system for a multitasking computer
system is to support and keep track of the operations of a multiplicity of
users who are running numerous concurrent processes. Thus the computer's
operating system must have data structures which represent the status of
each user. Such status information includes the memory and other resources
being used by each user process.
If every user process were completely independent, had its own dedicated
resources, and there were no concerns about which resources each process
could use, operating systems could be relatively simple. However, in
actuality, computer resources are shared and many user processes need to
access commonly used or owned resources. In fact, each user may generate a
number of execution threads which run simultaneously and which need to be
able to share resources and to communicate with other ones of the user's
threads.
Another concern in multitasking computer systems is security and data
integrity. Ideally, the computer system should provide an access security
system which enables each user to control the extent or amount of sharing
of information that belongs to the user. Further, the system should
provide several types of protection. For example, when multiple processes
are allowed access to a resource, the identity of each process which
attempts to access the resource should be tested to determine if that
particular process is authorized to access the resource. The system of
access control should also provide limited "visibility" of computer
resources so that an unauthorized user cannot obtain information about
another user by repeated attempts to access resources with various names.
In addition, to protect data integrity, the system must protect against
simultaneous accesses by different authorized processes.
Yet another concern of multitasking operating systems is clearing the
system of "objects" (i.e., files and data structures) which are no longer
needed by any of the systems users. Ideally, the system should also be
able to automatically deallocate resources, such as input/output devices,
no longer needed by a process.
SUMMARY OF THE INVENTION
In summary, the present invention is an object based operating system for a
multitasking computer system. The present invention, which is also called
an object based architecture, is "object based" because it provides
objects which represent the architecture or interrelationships of the
system's resources. The present invention provides an extensible, yet
rigorous framework for the definition and manipulation of object data
structures.
Objects, generally, are data structures which store information about the
user processes running in the system, and which act as gateways to using
the system's resources. Resources, generally, include sets of information,
physical devices such as a tape drive, and various programs or
"operations". Such resources are not available to a user unless the user
has explicit permission to use that resource. More specifically, access to
certain objects is required in order to use the corresponding resources of
the computer system.
A multiplicity of processes run concurrently in the computer system,
including at least one server process and a plurality of client processes.
Each process has a list of identifiers that represent the process' object
access rights.
Each object has an access control list, which is list of identifiers, for
use in determine which processes can access that object. Access control
software in the computer's operating system compares the identifier list
of a process requesting access to a specified object with the object's
access control list, and allows the requested access when the process'
identifier list matches at least one of the identifiers in the specified
object's access control list.
For the purpose of facilitating server/client remote procedure calls, the
operating system includes special software that enables a server process
to "impersonate" a client process. When one of the client processes calls
a server process, the impersonation software generates an adopted set of
identifiers to temporarily replace the server process' usual list of
identifiers. The impersonation software has two modes of operation. In one
mode, the adopted set of identifiers is generated by replacing the server
process' list of identifiers with the list of identifiers of the
requesting client process. In the second mode, the adopted set of
identifiers is generated by replacing said server process' list of
identifiers with the union of the requesting client process' identifiers
and the server process' list of identifiers.
After receiving the adopted set of identifiers, the server process performs
tasks on behalf of the requesting client process, including accessing
various objects using the adopted set of identifiers generated by said
impersonation software.
BRIEF DESCRIPTION OF THE DRAWINGS
Additional objects and features of the invention will be more readily
apparent from the following detailed description and appended claims when
taken in conjunction with the drawings, in which:
FIG. 1 is a block diagram of a computer with a multitasking operating
system.
FIG. 2 is a block diagram of the virtual memory spaces of several
concurrently running user processes.
FIG. 3 is a block diagram showing how data structure objects in the system
are organized in a three level hierarchy.
FIG. 4 is a block diagram showing the hierarchical relationship between a
user object, a job, the processes for a job, and the execution threads for
a process.
FIG. 5 is a block diagram showing the range of objects visible to a
particular execution thread.
FIG. 6 is a block diagram of the container directory and object container
data structures at one level of the three level hierarchy shown in FIG. 3.
FIG. 6A is a more detailed diagram of the process level container
directory for a process.
FIG. 7 is a block diagram of an object ID.
FIG. 8 is a block diagram of the data structure of an object.
FIG. 9 is a block diagram an object type descriptor.
FIG. 10 is a block diagram of the process for adding a new object type to
the system by creating an object type descriptor for the new object type.
FIG. 11 is a block diagram showing the reference pointers for a specified
object.
FIG. 12 is a flow chart of the process for creating a reference ID for a
specified object.
FIG. 13 is a flow chart of the process for deleting an object ID.
FIG. 14 is a flow chart of the process for transferring an object from one
object container to another object container.
FIG. 15 is a flow chart of the process for transferring an object container
to a specified container directory.
FIG. 16 is a flow chart of the process for conditionally creating a
specified object.
FIG. 17 is a block diagram of the access control list for an object and a
execution thread which is attempting to access the object.
FIG. 18 is a block diagram of the data structures for privileged operation
objects.
FIG. 19 is a block diagram of the data structures for allocating a set of
objects to a thread, process, job or user.
FIG. 20 is a block diagram of the data structures for implementing user
defined waitable objects.
FIG. 21 is a block diagram of the data structures for a server thread
impersonating the characteristics of a client thread.
FIG. 22 is a flow chart of the impersonation process.
DESCRIPTION OF THE PREFERRED EMBODIMENT
Referring to FIG. 1, a computer system 100 in accordance with the present
invention includes a high speed central processing unit (CPU) 102 which
concurrently runs several processes 104-110. The CPU 102 may be either a
single powerful processor or may contain multiple processors. As is
standard in multitasking computer systems, each process has its own
virtual memory space which is mapped partially into high speed primary
memory 112 and partially into lower speed secondary memory 114 by a
virtual memory manager 116. More generally, each process 104-110 is
allocated a certain portion of computer's resources, including selected
peripheral devices such as terminals 120-122 and other input/output
devices 124 and 126. Other types of resources which are allocated to
selected ones of the processes include specified sets of data and data
structures in the system's memory 112-114.
The set of software which controls the computer's operation and the
allocation of resources to the processes 104-110 running the computer is
called the operating system 130. For the purposes of the present
discussion it can be assumed that the operating system 130 is resident in
primary memory 112, although certain infrequently used portions of the
operating system may be swapped out to secondary memory by the memory
manager 116.
One feature of the present invention is that the computer system 100 can
serve as a "computer server" to one or more client computers 132. Client
computers 132, coupled to the CPU 102 by a bus interface 134, can send
tasks to the computer system 100 for execution. The computer system 100 is
a mainframe or other high performance computer system which can execute
tasks in a relatively short period of time compared to the client
computers 132. The operating system 130 of the present invention includes
a mechanism for setting up a process in the computer system 100 which
adopts the "profile" or characteristics of the process in the client
computer which is being served.
Referring to FIG. 2, there is shown a block diagram of the virtual memory
spaces of several concurrently running user processes 104-108. The virtual
memory space of every process includes a portion 140 which can be accessed
by "user mode" programs as well as "kernel mode" programs, and a portion
142-144 which can be accessed only by "kernel mode" programs. The kernel
mode portion 142-144 includes two sets of software called "the kernel" 142
and "the executive" 144.
As shown in FIG. 2, the portion of the virtual memory space which comprises
the kernel mode portion 142-144 is common to all user processes running in
the computer system. In other words, a predefined portion of the address
space of every user process is occupied by the operating system 130 and
its data structures. The user mode portion of each user process 140
occupies a distinct virtual memory space.
"Kernel mode" is a mode of operation used only by kernel and executive
software routines. Only kernel mode routines can access the data
structures used to control the operation of the computer system and to
define the system resources allocated to each user process.
When a user mode program 145 in a user process 104 creates an object, or
performs any one of a number of operations on an object, the user process
calls a kernel mode routine 146 in the kernel mode portion 142-144 of its
address space to perform the necessary operations. When the kernel mode
routine 146 completes the necessary operations on the kernel mode data
structures, it returns control to the user mode program 145.
The kernel 142 is the "lowest layer" of the operating system 130 which
interacts most directly with the computer's hardware 148. The kernel 142
synchronizes various activities, implements multiprocessing capabilities,
dispatches execution threads, and provides services to device drivers for
handling interrupts.
The executive 144, which also runs in kernel mode, implements system
services, memory management, user-level object support, the computer's
file system, network access, and device drivers. The executive defines
"system policy", such as the rules which govern the visibility of user
accessible objects.
OBJECT ARCHITECTURE
The object architecture of the present invention is a set of data
structures and procedures which controls the use of user definable
objects.
GLOSSARY
To clarify the following discussion, the following definitions are
provided.
"Objects" are data structures used to hold information that is used by the
operating system and which must be protected from unauthorized access by
users of the system. While users cannot themselves "define" objects, they
can ask the operating system to create specified objects on their behalf.
The resultant objects are system data structures that are accessible by
the user through system routines which protect the integrity of those
objects. For instance, a "process object" is a type of object used in the
present invention to store the information needed by the operating system
to keep track of the status of a particular user process. "User accessible
objects" are objects used by user processes, and will be referred to
herein simply as "objects."
"Kernel objects" are a distinct set of data abstractions used by the
system's kernel and are called kernel objects in order to distinguish them
from the regular objects which are part of the object architecture of the
present invention.
A "user" is herein defined to mean a person or other entity recognized by
the computer system as being authorized to create processes and to use
resources in the computer system.
A "job" represents the current set of system resources being used by a
particular user.
A "process" is the entity to which a virtual memory address space is
assigned, and is the entity to which process-level objects are assigned.
There can be multiple processes in a job. Whenever a job is created, a
"top level" process is created for that job. Any process, including the
top level process, can cause the creation of additional processes, called
subprocesses or child processes. Any process which creates another process
is referred to as a parent process.
A "thread", also called an "execution thread", is the entity which actually
executes programs and thus provides a stream of execution (sometimes
called a context state). It is the schedulable entity which executes
program steps and consumes resources. More technically, a thread is a
system defined object that executes a program that is resident in a
process' address space. A thread contains a machine state that consists of
the computer's register contents, a program counter, and other privileged
information needed to cause the thread to execute a program. Each process
many create a number of execution threads which run "simultaneously" and
which can share resources and communicate with one another. Multiple
threads can run simultaneously when multiple CPUs are available. On a
single CPU system the operating system makes the threads appear to run
simultaneously. All resource limitation data structures for a thread
belong to the thread's process.
An "object container" is a data structure for storing pointers to objects.
It is essentially a table which is used to keep track of a set of objects.
A "container directory" is a data structure for storing pointers to a set
of object containers. Thus a container directory is a table used to keep
track of a set of object containers.
OBJECT HIERARCHY
Referring to FIG. 3, the object architecture of the present inventi | | |
