HOME

TheInfoList



OR:

Plessey System 250, also known as PP250, was the first operational
computer A computer is a machine that can be Computer programming, programmed to automatically Execution (computing), carry out sequences of arithmetic or logical operations (''computation''). Modern digital electronic computers can perform generic set ...
to implement capability-based addressing, to check and balance the computation as a pure Church–Turing machine.
Plessey The Plessey Company plc was a British electronics, defence and telecommunications company. It originated in 1917, growing and diversifying into electronics. It expanded after World War II by acquisition of companies and formed overseas compani ...
built the systems for a
British Army The British Army is the principal Army, land warfare force of the United Kingdom. the British Army comprises 73,847 regular full-time personnel, 4,127 Brigade of Gurkhas, Gurkhas, 25,742 Army Reserve (United Kingdom), volunteer reserve perso ...
message routing project.


Description

A Church–Turing machine is a digital computer that encapsulates the symbols in a thread of computation as a chain of protected abstractions by enforcing the dynamic binding laws of
Alonzo Church Alonzo Church (June 14, 1903 – August 11, 1995) was an American computer scientist, mathematician, logician, and philosopher who made major contributions to mathematical logic and the foundations of theoretical computer science. He is bes ...
's
lambda calculus In mathematical logic, the lambda calculus (also written as ''λ''-calculus) is a formal system for expressing computability, computation based on function Abstraction (computer science), abstraction and function application, application using var ...
Other capability based computers, which includ
CHERI
and CAP computers, are hybrids. They retain default instructions that can access every word of accessible physical or logical (paged) memory. It is an unavoidable characteristic of the
von Neumann architecture The von Neumann architecture—also known as the von Neumann model or Princeton architecture—is a computer architecture based on the '' First Draft of a Report on the EDVAC'', written by John von Neumann in 1945, describing designs discus ...
that is founded on shared random access memory and trust in the sharing default access rights. For example, every word in every page managed by the virtual memory manager in an operating system using a
memory management unit A memory management unit (MMU), sometimes called paged memory management unit (PMMU), is a computer hardware unit that examines all references to computer memory, memory, and translates the memory addresses being referenced, known as virtual mem ...
(MMU) must be trusted. Using a default privilege among many compiled programs allows corruption to grow without any method of error detection. However, the range of virtual addresses given to the MMU or the range of physical addresses produced by the MMU is shared undetected corruption flows across the shared memory space from one software function to another. PP250 removed not only
virtual memory In computing, virtual memory, or virtual storage, is a memory management technique that provides an "idealized abstraction of the storage resources that are actually available on a given machine" which "creates the illusion to users of a ver ...
or any centralized, precompiled
operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...
, but also the
superuser In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of the ...
, removing all default machine privileges. It is default privileges that empower undetected malware and hacking in a computer. Instead, the pure object capability model of PP250 always requires a limited capability key to define the authority to operate. PP250 separated binary data from capability data to protect access rights, simplify the computer and speed
garbage collection Waste collection is a part of the process of waste management. It is the transfer of solid waste from the point of use and disposal to the point of treatment or landfill. Waste collection also includes the curbside collection of recyclable ...
. The Church machine encapsulates and context limits the Turing machine by enforcing the laws of the
lambda calculus In mathematical logic, the lambda calculus (also written as ''λ''-calculus) is a formal system for expressing computability, computation based on function Abstraction (computer science), abstraction and function application, application using var ...
. The typed digital media is program controlled by distinctly different
machine instruction In computer programming, machine code is computer code consisting of machine language instructions, which are used to control a computer's central processing unit (CPU). For conventional binary computers, machine code is the binaryOn nonbi ...
s. Mutable binary data is programmed by 28 RISC instruction set for
Imperative programming In computer science, imperative programming is a programming paradigm of software that uses Statement (computer science), statements that change a program's state (computer science), state. In much the same way that the imperative mood in natural ...
and
procedural programming Procedural programming is a programming paradigm, classified as imperative programming, that involves implementing the behavior of a computer program as Function (computer programming), procedures (a.k.a. functions, subroutines) that call each o ...
the binary data using binary data registers confined to a capability limited memory segment. The immutable capability keys, exclusive to six Church instructions, navigate the computational context of a Turing machine through the separately programmed structure of the object-capability model. Immutable capability keys represent named lambda calculus variables. This Church side is a
lambda calculus In mathematical logic, the lambda calculus (also written as ''λ''-calculus) is a formal system for expressing computability, computation based on function Abstraction (computer science), abstraction and function application, application using var ...
meta-machine. The other side is an object-oriented machine of binary objects, programmed functions, capability lists defining function abstractions, storage for threads of computation (lambda calculus applications) or storage for the list of capability keys in a namespace. The laws of the lambda calculus are implemented by the Church instructions with micro-programmed access to the reserved (hidden) capability registers. The software is incrementally assembled as object-oriented machine-code linked by the capability keys. The structure of function abstractions, including those for memory management, input, and output, scheduling and communication services are protected as private frames in a thread. Threads computer inline or as parallel computations activated by program controlled Church instruction. Conceptually, the PP250 operates as a digitally secure, functional Church–Turing Machine for trusted software. As a
real-time Real-time, realtime, or real time may refer to: Computing * Real-time computing, hardware and software systems subject to a specified time constraint * Real-time clock, a computer clock that keeps track of the current time * Real-time Control Syst ...
controller, the PP250 provided fail-safe software applications for computerized telephone and military communication systems with decades of software and hardware reliability. Capability limited addressing detects and recovers from errors on contact without any harmful corruption or information theft. Furthermore, no unfair, default privileges exist for an operating system or a superuser, thereby blocking all hacking and malware. The
multiprocessing Multiprocessing (MP) is the use of two or more central processing units (CPUs) within a single computer system. The term also refers to the ability of a system to support more than one processor or the ability to allocate tasks between them. The ...
hardware architecture and the dynamically bound, type limited memory, exclusively accessed through capability limited addressing, replace the statically bound, page based linear compilations with dynamically bound instructions, crosschecked and authorized at run time. By checking all memory references as an offset within the base, limit, and access types specified bugs, errors and attacks are detected by the type limited capability register. The imperative Turing commands must bind to binary data objects as defined by the selected capability register. The access rights of the selected capability register must approve data access rights (Read Binary Data, Write Binary Data or Execute Machine Code). On the other hand, functional Church instructions are bound dynamically to a capability key in a capability list held in a capability register with capability access rights (Load Capability Key, Save Capability Key or Enter Capability List). In this way, object-oriented machine code is encapsulated as a function abstraction in private execution space. It is a register-oriented architecture, with 8 program accessible data registers and 8 program accessible capability registers. Data registers are 24-bit; capability registers are 48-bit and contain the base address of the segment to which the capability refers, the size of the segment, and the access rights granted by the capability. Capabilities in memory are 24-bit and contain the access rights and an index into the System Capability Table for the segment to which the capability refers; entries in that table contain the segment base address and length for the segment to which the entry refers. Instructions that access memory have an
opcode In computing, an opcode (abbreviated from operation code) is an enumerated value that specifies the operation to be performed. Opcodes are employed in hardware devices such as arithmetic logic units (ALUs), central processing units (CPUs), and ...
, a field specifying a data register operand, a field specifying a data register used as an
index register An index register in a computer's central processing unit, CPU is a processor register (or an assigned memory location) used for pointing to operand addresses during the run of a program. It is useful for stepping through String (computer science ...
containing an offset into a segment, a field specifying a capability register referring to the segment containing the memory location, and a field containing a base offset into the segment. The offset into the segment is the sum of the base offset and the contents of the index register. The software was modular based on the universal model of computation and the
lambda calculus In mathematical logic, the lambda calculus (also written as ''λ''-calculus) is a formal system for expressing computability, computation based on function Abstraction (computer science), abstraction and function application, application using var ...
. Six Church instructions hide the details of a named
function application In mathematics, function application is the act of applying a function to an argument from its domain so as to obtain the corresponding value from its range. In this sense, function application can be thought of as the opposite of function abs ...
using capability keys for the typed concepts of variables, functions, abstractions, applications and a namespace. Instead of binding instructions to static linear memory as a default shared privilege used by malware and hackers, instructions are bound to typed and protected, private digital objects using capability keys in a
capability-based security Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that ref ...
system of immutable mathematical symbols. The result achieved many decades of trusted software reliability.


History

Manufactured by Plessey company plc in the
United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Northwestern Europe, off the coast of European mainland, the continental mainland. It comprises England, Scotlan ...
in 1970, it was successfully deployed by the
Ministry of Defence A ministry of defence or defense (see American and British English spelling differences#-ce.2C -se, spelling differences), also known as a department of defence or defense, is the part of a government responsible for matters of defence and Mi ...
for the British Army Ptarmigan project and served in the first
Gulf War , combatant2 = , commander1 = , commander2 = , strength1 = Over 950,000 soldiers3,113 tanks1,800 aircraft2,200 artillery systems , page = https://www.govinfo.gov/content/pkg/GAOREPORTS-PEMD-96- ...
as a tactical mobile communication
network switch A network switch (also called switching hub, bridging hub, Ethernet switch, and, by the IEEE, MAC bridge) is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destinat ...
. The PP250 was sold commercially circa 1972.


See also

* Army Communications and Information Systems (United Kingdom) *
Flex machine The Flex Computer System was developed by Michael Foster and Ian Currie of Royal Signals and Radar Establishment (RSRE) in Malvern, England, during the late 1970s and 1980s. It used a tagged storage scheme to implement a capability architect ...


References


External links

* * * * * *
System 250 ICC Papers
- four papers presented at the inaugural International Conference on Computer Communications
System 250 ISS Papers
- four papers presented at the International Switching Symposium *
Photograph of the 250 Multiprocessor System (1975)

Civilizing Cyberspace - The Fight for Digital Democracy, Book on PP250
* Winning World War III: Industrial Strength Computer Science, Book on PP250,br>
{{Object-capability security British Army equipment Computers designed in the United Kingdom Capability systems History of computing in the United Kingdom Military computers Plessey