← Church Machine

Figure 17 — DATA Objects: Church/Turing Bridge

DATA objects are namespace entries that bridge the Church and Turing domains. Church-domain Golden Tokens provide access control (R/W permissions via mLoad). Turing-domain DREAD/DWRITE instructions perform the actual data operations. mLoad validates permissions and enforces bounds checking on every access within the Location..Limit range. No raw pointers, no unchecked access.

DATA Object: Bridging Church and Turing Domains Church Domain (Access Control) Golden Token (in CR) Ver(7) Index(17) R W Type(2) LOAD CR0, [CR15, #DataObj] Church instruction loads GT into context register mLoad Validation Version match Seal verify R perm → DREAD W perm → DWRITE Bounds: Location ≤ offset ≤ Limit Church domain controls WHO can access and WHAT permissions they hold (R, W) DATA Object Bridge ← → Turing Domain (Data Operations) DREAD DR_dst, CR_src, offset Read data word from DATA object into data register Requires R permission on GT Bounds-checked access DWRITE CR_dst, DR_src, offset Write data word from data register into DATA object Requires W permission on GT Bounds-checked access Turing domain controls HOW data is manipulated (integer arithmetic, bit fields, comparisons) DREAD/DWRITE are the ONLY Turing data access path No raw pointers, no unmediated memory access DATA Object Memory Layout & Bounds Checking Namespace Entry (Metadata) Location Limit Seal Ver G Location = start address of DATA region Limit = end address (inclusive) of DATA region Memory (Unified Address Space) ✘ Before Location — ACCESS DENIED (FAULT) Location (0x1000) Valid DATA Region DREAD/DWRITE operate here Each access: Location + offset ≤ Limit offset from DREAD/DWRITE instruction immediate Limit (0x10FF) ✘ Beyond Limit — ACCESS DENIED (FAULT) points to DREAD Access Flow (Step by Step) 1 DREAD DR1, CR0, #8 2 mLoad gate R perm on CR0? 3 Bounds check Loc+8 ≤ Limit? 4 Memory read addr = Loc + 8 5 DR1 loaded data in register no R out of bounds Any failure → FAULT (single handler) DWRITE follows the same flow but checks W permission at step 2 and writes DR_src to memory at step 4 DATA Object Permission Matrix GT Permissions DREAD DWRITE Result R W ✔ allowed ✔ allowed Full read/write access within bounds R only ✔ allowed ✘ FAULT Read-only DATA (constants, config) W only ✘ FAULT ✔ allowed Write-only (audit log, output buffer) no R, no W ✘ FAULT ✘ FAULT Opaque handle (metadata only) Why DATA Objects Matter DATA objects let Turing abstractions work with structured data without breaking Church security. Church controls access (who, what permissions). Turing controls operations (how). Neither domain can bypass the other.
Church domain (GT access control)
Turing domain (DREAD/DWRITE)
mLoad gate (validation)
Bounds checking
DATA object (bridge)
FAULT (access denied)