ICL VME

VME (Virtual Machine Environment) is a mainframe operating system developed by the UK company International Computers Limited (ICL, now part of the Fujitsu group). Originally developed in the 1970s (as VME/B, later VME 2900) to drive ICL's then new 2900 Series mainframes, the operating system is now known as OpenVME incorporating a Unix subsystem, and runs on ICL Series 39 and Trimetra mainframe computers, as well as industry-standard x64 servers.

Origins
The development program for the New Range system started on the merger of International Computers and Tabulators (ICT) and English Electric Computers in 1968. One of the fundamental decisions was that it would feature a new operating system. A number of different feasibility and design studies were carried out within ICL, the three most notable being:


 * VME/B (originally System B), targeted at large processors such as the 2970/2980 and developed in Kidsgrove, Staffordshire and West Gorton, Manchester
 * VME/K (originally System T), targeted at the mid-range systems such as the 2960 and developed at Bracknell after the original design for these small processors, System D, was dropped. VME/K was developed and introduced to the market but was eventually replaced by VME/B
 * VME/T, which was never actually launched, but warrants a mention as it was conceived to support "fault tolerance", and predated the efforts of the successful American startup company Tandem Computers in this area.

The chief architect of VME/B was Brian Warboys, who subsequently became professor of software engineering at the University of Manchester. A number of influences can be seen in its design, for example Multics and ICL's earlier George 3 operating system; however it was essentially designed from scratch.

VME/B was viewed as primarily competing with the System/370 IBM mainframe as a commercial operating system, and adopted the EBCDIC character encoding.

History
When New Range was first launched in October 1974, its operating system was referred to as "System B". By the time it was first delivered it had become "VME/B".

VME/K (originally known internally as "System T" for "Tiny") was developed independently (according to Campbell-Kelly, "on a whim of Ed Mack"), and was delivered later with the smaller mainframes such as the 2960. At the time VME/B was still plagued with performance and reliability problems, and the mainly American management team had misgivings about it.

There was also a project known as System D, which was an advanced, highly modular operating system designed for configuring and building customized near real-time applications. Although it was used to bid on a system for British Rail it was subsequently cancelled because of engineering resource constraints.

ICL had sold a large system to the European Space Agency to process data from Meteosat at its operation centre in Darmstadt. A bespoke variant of VME/K, known as VME/ESA was developed on-site to meet the customer's requirements.

Following a financial crisis in 1980, new management was brought into ICL: Christophor Laidlaw as Chairman, and Robb Wilmot as Managing Director. An early decision of the new management was to drop VME/K. Thus in July 1981, VME 2900 was launched. Although presented to the customer base as a merger of VME/B and VME/K, it was in reality the VME/B base with a few selected features from VME/K grafted on. This provided the opportunity to drop some obsolescent features, which remained available to customers who needed them in the form of the "BONVME" option.

The "2900" suffix was dropped at System Version 213 (SV213) when ICL launched Series 39 in 1985 as the successor to the original 2900 series, and the "Open" prefix was added after SV294. VME became capable of hosting applications written originally for Unix through a UNIX System V Release 3 based subsystem, called VME/X, adapted to run under VME and using the ASCII character encoding. ICL had originally announced a hosted Unix facility for VME in 1985, with availability and support for strategic applications to arrive within eighteen months. This ultimately unreleased product, VNS, informed the design of VME/X, itself released in 1991.

In 2007 Fujitsu announced a VME version run as a hosted subsystem, called superNova, within Microsoft Windows, or SUSE or Red Hat Enterprise Linux on x86-64 hardware.

In 2012 the VME user group, AXiS, announced that after almost 40 years it would be disbanding because of the reduced user base.

Fujitsu intended to support VME on customer computers until 2020.

In 2020 Fujitsu transferred 13 HM Revenue and Customs applications from their computers onto Fujitsu's virtual managed VME hosting platform.

As of 2021, the Department for Work and Pensions completely replaced its VME based systems, following the completion of its award winning VME-R replacement programme.

Architecture
VME is structured as a set of layers, each layer having access to resources at different levels of abstraction. Virtual resources provided by one layer are constructed from the virtual resources offered by the layer below. Access to the resources of each layer is controlled through a set of Access Levels: in order for a process to use a resource at a particular access level, it must have an access key offering access to that level. The concept is similar to the "rings of protection" in Multics. The architecture allows 16 access levels, of which the outer 6 are reserved for user-level code.

Orthogonally to the access levels, the operating system makes resources available to applications in the form of a Virtual Machine (VM). A VM can run multiple processes. In practice, a VM in VME is closer to the concept of a process in other operating systems, while a VME process (or application-created sub-process) is more like a thread in other systems. However, processes running within a VM cannot run concurrently and thus resemble user threads found in other systems. A dedicated instruction is involved in the transfer of control between processes sharing the same VM.

The allocation of resources to a virtual machine uses a stack model: when the stack is popped, all resources allocated at that stack level are released. Calls from an application to the operating system are therefore made by a call that retains the same process stack, but with a change in protection level; the resulting efficiency of system calls is one of the features that makes the architecture competitive.

Communication between Virtual Machines is achieved by means of Events (named communication channels) and shared memory areas. The hardware architecture also provides semaphore instructions INCT (increment-and-test) and TDEC (test-and-decrement).

Files and other persistent objects are recorded in a repository called the Catalogue. The file naming hierarchy is independent of the location of a file on a particular tape or disk volume. In days where there was more need for offline storage, this made it easy to keep track of files regardless of their location, and to move files between locations without renaming them. As well as files, the Catalogue keeps track of users and user groups, volumes, devices, network connections, and many other resources. Metadata for files can be held in an object called a File Description. The Catalogue was probably the first example of what would later be called an entity-relationship database.

Interrupts are handled by creating a new stack frame on the stack for the relevant process, handling the interrupt using this new environment, and then popping the stack to return to the interrupted process.

Run-time exceptions, referred to as contingencies, are captured by the Object Program Error Handler (OPEH), which can produce a report (equivalent to a stack trace), either interactively or written to a journal.

OMF
Compiled object code is maintained in a format called OMF (Object Module Format), which is both the compiler output and the format used by the loader. Various compilers are available, as well as utilities, notably the Collector, which links the code in several OMF modules into a single module, for more efficient loading at run-time, and the Module Amender, which allows patching of the instructions in an OMF module to fix bugs, using assembly language syntax.

SCL
The command language for VME is known as SCL (System Control Language).

This is much more recognizably a typed high-level programming language than the job control or shell languages found in most other operating systems: it can be likened to scripting languages such as JavaScript, though its surface syntax is derived from Algol 68.

SCL is designed to allow both line-at-a-time interactive use from a console or from a command file, and creation of executable scripts or programs (when the language is compiled into object module format in the same way as any other VME programming language). The declaration of a procedure within SCL also acts as the definition of a simple form or template allowing the procedure to be invoked from an interactive terminal, with fields validated according to the data types of the underlying procedure parameters or using the default procedure parameter values.

The built-in command vocabulary uses a consistent naming convention with an imperative verb followed by a noun: for example DELETE_FILE or DISPLAY_LIBRARY_DETAILS. The command can be written in full, or in an abbreviated form that combines standard abbreviations for the verb and noun: for example XF (X for DELETE, F for FILE) or DLBD (D for DISPLAY, LB for LIBRARY, D for DETAILS).

SCL is block-structured, with begin/end blocks serving the dual and complementary roles of defining the lexical scope of variable declarations, and defining the points at which resources acquired from the operating system should be released. Variables in the language (which are accessible from applications in the form of environment variables) can have a number of simple types such as strings, superstrings (sequences of strings), booleans, and integers, and are also used to contain references to system resources such as files and network connections.

It is possible to "disassemble" an SCL program from OMF back into SCL source code using the READ_SCL (or RSCL) command. However the output is not always perfect, and will often include errors that would stop re-compilation without user intervention.

A simple code example can be seen on the 99 bottles of beer website.

A more realistic example, where SCL is used to compile a program written in S3, is shown below. This example is taken from the Columbia University Archive of implementations of Kermit.

BEGIN WHENEVER RESULT GT 0 +_ THEN       +_ SEND_RESULT_MESSAGE (RES = RESULT,                             ACT = "QUIT") FI  INT KMT_SRC, KMT_OMF, KMT_REL ASSIGN_LIBRARY (NAM = KERMIT.SOURCE,                  LNA = KMT_SRC) ASSIGN_LIBRARY (NAM = KERMIT.OMF,                  LNA = KMT_OMF) ASSIGN_LIBRARY (NAM = KERMIT.REL,                  LNA = KMT_REL) BEGIN DELETE_FILE (NAM = *KMT_OMF.KMT_DATA_MODULE(101)) DELETE_FILE (NAM = *KMT_OMF.KMT_DH_MODULE(101)) DELETE_FILE (NAM = *KMT_OMF.KMT_EH_MODULE(101)) DELETE_FILE (NAM = *KMT_OMF.KMT_FH_MODULE(101)) DELETE_FILE (NAM = *KMT_OMF.KMT_HELP_MTM(101)) DELETE_FILE (NAM = *KMT_OMF.KMT_MAIN_MODULE(101)) DELETE_FILE (NAM = *KMT_OMF.KMT_PH_MODULE(101)) DELETE_FILE (NAM = *KMT_OMF.KMT_PP_MODULE(101)) DELETE_FILE (NAM = *KMT_OMF.KMT_SP_MODULE(101)) DELETE_FILE (NAM = *KMT_OMF.KMT_SP_MTM(101)) DELETE_FILE (NAM = *KMT_OMF.KMT_UI_MODULE(101)) DELETE_FILE (NAM = *KMT_REL.KERMIT(101)) DELETE_FILE (NAM = *KMT_REL.KERMIT_MODULE(101)) END S3_COMPILE_DEFAULTS (LIS = OBJECT & XREF,                       DIS = ERRORLINES) S3_COMPILE (INP = *KMT_SRC.KMT_DATA_MODULE(101),              OMF = *KMT_OMF.KMT_DATA_MODULE(101)) S3_COMPILE (INP = *KMT_SRC.KMT_DH_MODULE(101),              OMF = *KMT_OMF.KMT_DH_MODULE(101)) S3_COMPILE (INP = *KMT_SRC.KMT_EH_MODULE(101),              OMF = *KMT_OMF.KMT_EH_MODULE(101)) S3_COMPILE (INP = *KMT_SRC.KMT_FH_MODULE(101),              OMF = *KMT_OMF.KMT_FH_MODULE(101)) NEW_MESSAGE_TEXT_MODULE (CON = *KMT_SRC.KMT_HELP_MTM(101),                           OMF = *KMT_OMF.KMT_HELP_MTM(101)) S3_COMPILE (INP = *KMT_SRC.KMT_MAIN_MODULE(101),              OMF = *KMT_OMF.KMT_MAIN_MODULE(101)) S3_COMPILE (INP = *KMT_SRC.KMT_PH_MODULE(101),              OMF = *KMT_OMF.KMT_PH_MODULE(101)) S3_COMPILE (INP = *KMT_SRC.KMT_PP_MODULE(101),              OMF = *KMT_OMF.KMT_PP_MODULE(101)) S3_COMPILE (INP = *KMT_SRC.KMT_SP_MODULE(101),              OMF = *KMT_OMF.KMT_SP_MODULE(101)) NEW_MESSAGE_TEXT_MODULE (CON = *KMT_SRC.KMT_SP_MTM(101),                           OMF = *KMT_OMF.KMT_SP_MTM(101)) S3_COMPILE (INP = *KMT_SRC.KMT_UI_MODULE(101),              OMF = *KMT_OMF.KMT_UI_MODULE(101)) COLLECT

INPUT(*KMT_OMF.KMT_DATA_MODULE(101)     &            *KMT_OMF.KMT_DH_MODULE(101)        &            *KMT_OMF.KMT_EH_MODULE(101)        &            *KMT_OMF.KMT_FH_MODULE(101)        &            *KMT_OMF.KMT_HELP_MTM(101)         &            *KMT_OMF.KMT_MAIN_MODULE(101)      &            *KMT_OMF.KMT_PH_MODULE(101)        &            *KMT_OMF.KMT_PP_MODULE(101)        &            *KMT_OMF.KMT_SP_MODULE(101)        &            *KMT_OMF.KMT_SP_MTM(101)           &            *KMT_OMF.KMT_UI_MODULE(101)) NEWMODULE(*KMT_REL.KERMIT_MODULE(101)) SUPPRESS RETAIN(KERMIT_THE_FROG) LISTMODULE PERFORM ++++ COMPILE_SCL (INP = *KMT_SRC.KERMIT(101),            OUT = *KMT_REL.KERMIT(101),             COD = NOTIFWARNINGS,             OPT = FIL) END

Commands illustrated in this fragment include WHENEVER (declares error handling policy), ASSIGN_LIBRARY (binds a local name for a file directory), DELETE_FILE (Makes a permanent file temporary, and it is then deleted at the END of the block), S3_COMPILE (compiles a program written in S3: this command breaks the usual verb-noun convention), NEW_MESSAGE_TEXT_MODULE (creates a module containing parameterized error messages suitable for localization) and COMPILE_SCL, which compiles an SCL program into object code.

The COLLECT command combines different object code modules into a single module, and is driven by its own local command file which is incorporated inline in the SCL between the delimiters "" and "++++". The sub-commands INPUT and NEWMODULE identify the names of the input and output modules; SUPPRESS and RETAIN determine the external visibility of named procedures within the collected module; and LISTMODULE requests a report describing the output module.

Note that "." is used to separate the parts of a hierarchic file name. A leading asterisk denotes a local name for a library, bound using the ASSIGN_LIBRARY command. The number in parentheses after a file name is a generation number. The operating system associates a generation number with every file, and requests for a file get the latest generation unless specified otherwise. Creating a new file will by default create the next generation and leave the previous generation intact; this program however is deliberately choosing to create generation 101, to identify a public release.

Enhanced security variants
As a result of ICL's heavy involvement with delivery of computer services to the UK Public Sector, in particular those with special security requirements such as OPCON CCIS, it was an early entrant into the market for Secure Systems.

VME formed a core of ICL's activities in the Secure Systems arena. It had the advantage that as the last large-scale operating system ever designed, and one built from scratch, its underlying architecture encompassed many of the primitives needed to develop a Secure System, in particular the hardware assisted Access Control Registers (ACR) to limit to privileges that could be taken by any process (including Users).

This led to the UK Government's Central Computing and Telecommunications Agency (CCTA) funding Project Spaceman in the mid 1980s for ICL Defence Technology Centre (DTC) to develop an enhanced security variant of VME. ICL launched this as a pair of complementary products, with the commercial release being called High Security Option (HSO), and the public sector release, including Government Furnished Encryption (GFE) technologies, being called Government Security Option (GSO).

HSO and GSO were formally tested under the CESG UK (Security) Evaluation Scheme, one of the predecessors to ITSEC and Common Criteria, and in doing so became the first mainstream operating system to be formally Certified.

Series 39
The Series 39 range introduced Nodal Architecture, a novel implementation of distributed shared memory that can be seen as a hybrid of a multiprocessor system and a cluster design. Each machine consists of a number of nodes, and each node contains its own order-code processor (CPU) and main memory. Virtual machines are typically located (at any one time) on one node, but have the capability to run on any node and to be relocated from one node to another. Discs and other peripherals are shared between nodes. Nodes are connected using a high-speed optical bus, which is used to provide applications with a virtual shared memory. Memory segments that are marked as shared (public or global segments) are replicated to each node, with updates being broadcast over the inter-node network. Processes which use unshared memory segments (nodal or local) run in complete isolation from other nodes and processes.

Development process
VME was originally written almost entirely in S3, a specially-designed system programming language based on Algol 68R (however, VME/K was written primarily in the SFL assembly language). Although a high-level language is used, the operating system is not designed to be independent of the underlying hardware architecture: on the contrary, the software and hardware architecture are closely integrated.

From the early 1990s onwards, some entirely new VME subsystems were written partly or wholly in the C programming language.

From its earliest days, VME was developed with the aid of a software engineering repository system known as CADES, originally designed and managed by David Pearson (computer scientist) and built for the purpose using an underlying IDMS database. CADES is not merely a version control system for code modules: it manages all aspects of the software lifecycle from requirements capture, design methodology and specification through to field maintenance. CADES was used in VME module development to hold separate definitions of data structures (Modes), constants (Literals), procedural interfaces and the core algorithms. Multiple versions ('Lives') of each of these components could exist. The algorithms were written in System Development Language (SDL), which was then converted to S3 source by a pre-processor. Multiple versions of the same modules could be generated.

Application development tools
The application development tools offered with VME fall into two categories:
 * third-generation programming languages
 * fourth-generation QuickBuild toolset.

The toolset on VME is unusually homogeneous, with most customers using the same core set of languages and tools. As a result, the tools are also very well integrated. Third-party tools have made relatively little impression.

For many years the large majority of VME users wrote applications in COBOL, usually making use of the IDMS database and the TPMS transaction processing monitor. Other programming languages included Fortran, Pascal, ALGOL 68RS, Coral 66 and RPG2, but these served minority interests. Later, in the mid 1980s, compilers for C became available, both within and outside the Unix subsystem, largely to enable porting of software such as relational database systems. It is interesting that a PL/I subset compiler was written by the EEC, to assist in porting programs from IBM to ICL hardware.

The compilers developed within ICL share a common architecture, and in some cases share components such as code-generators. Many of the compilers used a module named ALICE [Assembly Language Internal Common Environment] and produced an early form of precompiled code (P-Code) termed ROSE, making compiled Object Module Format (OMF) libraries loadable on any machine in the range. .

System Programming Languages: S3 and SFL
The primary language used for developing both the VME operating system itself and other system software such as compilers and transaction processing monitors is S3. This is a high level language based in many ways on Algol 68, but with data types and low-level functions and operators aligned closely with the architecture of the 2900 series.

An assembly language SFL (System Function Language) is also available. This was used for the development of VME/K, whose designers were not confident that a high-level language could give adequate performance, and also for the IDMS database system on account of its origins as a third-party product. SFL was originally called Macro Assembler Programming LanguagE (MAPLE), but as the 2900 architecture was being positioned as consisting of high level language machines the name was changed at the request of ICL Marketing. It had been developed as a part of the toolkit for System D, which was subsequently cancelled. Related families of assemblers for other architectures (CALM-xx running under VME, PALM-xx developed in Pascal and running on various hosts) were developed for internal use.

Neither S3 nor SFL was ever promoted as a commercial development tool for end-user applications, as neither were normally delivered as a standard part of the operating system, nor were they explicitly marketed as products in their own right. Both SFL and S3 were however available as options to user organisations and third parties who had a specific need for them.

QuickBuild
The QuickBuild application development environment on VME has been highly successful despite the fact that applications are largely locked into the VME environment. This environment is centred on the Data Dictionary System (DDS, also called OpenDDS), an early and very successful attempt to build a comprehensive repository supporting all the other tools, with full support for the development lifecycle. As well as database schemas and file and record descriptions, the dictionary keeps track of objects such as reports and queries, screen designs, and 4GL code; it also supports a variety of models at the requirements capture level, such as entity-relationship models and process models.

The QuickBuild 4GL is packaged in two forms:
 * ApplicationMaster for the creation of online TP applications
 * ReportMaster for batch reporting.

Both are high-level declarative languages, using Jackson Structured Programming as their design paradigm. ApplicationMaster is unusual in its approach to application design in that it focuses on the user session as if it were running in a single conversational process, completely hiding the complexity of maintaining state across user interactions. Because the 4GL and other tools such as the screen designer work only with the DDS dictionary, which also holds the database schemas, there is considerable reuse of metadata that is rarely achieved with other 4GLs.