Subversion Repositories HelenOS-doc

<?xml version="1.0" encoding="UTF-8"?>

<chapter id="mm">

  <?dbhtml filename="mm.html"?>

  <title>Memory management</title>

  <para>In previous chapters, this book described the scheduling subsystem as

  the creator of the impression that threads execute in parallel. The memory

  management subsystem, on the other hand, creates the impression that there

  is enough physical memory for the kernel and that userspace tasks have the

  entire address space only for themselves.</para>

  <section>

    <title>Physical memory management</title>

    <section id="zones_and_frames">

      <title>Zones and frames</title>

      <para>HelenOS represents continuous areas of physical memory in

      structures called frame zones (abbreviated as zones). Each zone contains

      information about the number of allocated and unallocated physical

      memory frames as well as the physical base address of the zone and

      number of frames contained in it. A zone also contains an array of frame

      structures describing each frame of the zone and, in the last, but not

      the least important, front, each zone is equipped with a buddy system

      that faciliates effective allocation of power-of-two sized block of

      frames.</para>

      <para>This organization of physical memory provides good preconditions

      for hot-plugging of more zones. There is also one currently unused zone

      attribute: <code>flags</code>. The attribute could be used to give a

      special meaning to some zones in the future.</para>

      <para>The zones are linked in a doubly-linked list. This might seem a

      bit ineffective because the zone list is walked everytime a frame is

      allocated or deallocated. However, this does not represent a significant

      performance problem as it is expected that the number of zones will be

      rather low. Moreover, most architectures merge all zones into

      one.</para>

      <para>Every physical memory frame in a zone, is described by a structure

      that contains number of references and other data used by buddy

      system.</para>

    </section>

    <section id="frame_allocator">

      <indexterm>

        <primary>frame allocator</primary>

      </indexterm>

      <title>Frame allocator</title>

      <para>The frame allocator satisfies kernel requests to allocate

      power-of-two sized blocks of physical memory. Because of zonal

      organization of physical memory, the frame allocator is always working

      within a context of a particular frame zone. In order to carry out the

      allocation requests, the frame allocator is tightly integrated with the

      buddy system belonging to the zone. The frame allocator is also

      responsible for updating information about the number of free and busy

      frames in the zone. <figure float="1">

          <mediaobject id="frame_alloc">

            <imageobject role="pdf">

              <imagedata fileref="images/frame_alloc.pdf" format="PDF" />

            </imageobject>

            <imageobject role="html">

              <imagedata fileref="images/frame_alloc.png" format="PNG" />

            </imageobject>

            <imageobject role="fop">

              <imagedata fileref="images/frame_alloc.svg" format="SVG" />

            </imageobject>

          </mediaobject>

          <title>Frame allocator scheme.</title>

        </figure></para>

      <formalpara>

        <title>Allocation / deallocation</title>

        <para>Upon allocation request via function <code>frame_alloc()</code>,

        the frame allocator first tries to find a zone that can satisfy the

        request (i.e. has the required amount of free frames). Once a suitable

        zone is found, the frame allocator uses the buddy allocator on the

        zone's buddy system to perform the allocation. If no free zone is

        found, the frame allocator tries to reclaim slab memory.</para>

        <para>During deallocation, which is triggered by a call to

        <code>frame_free()</code>, the frame allocator looks up the respective

        zone that contains the frame being deallocated. Afterwards, it calls

        the buddy allocator again, this time to take care of deallocation

        within the zone's buddy system.</para>

      </formalpara>

    </section>

    <section id="buddy_allocator">

      <indexterm>

        <primary>buddy system</primary>

      </indexterm>

      <title>Buddy allocator</title>

      <para>In the buddy system, the memory is broken down into power-of-two

      sized naturally aligned blocks. These blocks are organized in an array

      of lists, in which the list with index <emphasis>i</emphasis> contains

      all unallocated blocks of size

      <emphasis>2<superscript>i</superscript></emphasis>. The index

      <emphasis>i</emphasis> is called the order of block. Should there be two

      adjacent equally sized blocks in the list <emphasis>i</emphasis> (i.e.

      buddies), the buddy allocator would coalesce them and put the resulting

      block in list <emphasis>i + 1</emphasis>, provided that the resulting

      block would be naturally aligned. Similarily, when the allocator is

      asked to allocate a block of size

      <emphasis>2<superscript>i</superscript></emphasis>, it first tries to

      satisfy the request from the list with index <emphasis>i</emphasis>. If

      the request cannot be satisfied (i.e. the list <emphasis>i</emphasis> is

      empty), the buddy allocator will try to allocate and split a larger

      block from the list with index <emphasis>i + 1</emphasis>. Both of these

      algorithms are recursive. The recursion ends either when there are no

      blocks to coalesce in the former case or when there are no blocks that

      can be split in the latter case.</para>

      <para>This approach greatly reduces external fragmentation of memory and

      helps in allocating bigger continuous blocks of memory aligned to their

      size. On the other hand, the buddy allocator suffers increased internal

      fragmentation of memory and is not suitable for general kernel

      allocations. This purpose is better addressed by the <link

      linkend="slab">slab allocator</link>.<figure float="1">

          <mediaobject id="buddy_alloc">

            <imageobject role="pdf">

              <imagedata fileref="images/buddy_alloc.pdf" format="PDF" />

            </imageobject>

            <imageobject role="html">

              <imagedata fileref="images/buddy_alloc.png" format="PNG" />

            </imageobject>

            <imageobject role="fop">

              <imagedata fileref="images/buddy_alloc.svg" format="SVG" />

            </imageobject>

          </mediaobject>

          <title>Buddy system scheme.</title>

        </figure></para>

      <section>

        <title>Implementation</title>

        <para>The buddy allocator is, in fact, an abstract framework which can

        be easily specialized to serve one particular task. It knows nothing

        about the nature of memory it helps to allocate. In order to beat the

        lack of this knowledge, the buddy allocator exports an interface that

        each of its clients is required to implement. When supplied with an

        implementation of this interface, the buddy allocator can use

        specialized external functions to find a buddy for a block, split and

        coalesce blocks, manipulate block order and mark blocks busy or

        available.</para>

        <formalpara>

          <title>Data organization</title>

          <para>Each entity allocable by the buddy allocator is required to

          contain space for storing block order number and a link variable

          used to interconnect blocks within the same order.</para>

          <para>Whatever entities are allocated by the buddy allocator, the

          first entity within a block is used to represent the entire block.

          The first entity keeps the order of the whole block. Other entities

          within the block are assigned the magic value

          <constant>BUDDY_SYSTEM_INNER_BLOCK</constant>. This is especially important

          for effective identification of buddies in a one-dimensional array

          because the entity that represents a potential buddy cannot be

          associated with <constant>BUDDY_SYSTEM_INNER_BLOCK</constant> (i.e. if it

          is associated with <constant>BUDDY_SYSTEM_INNER_BLOCK</constant> then it is

          not a buddy).</para>

        </formalpara>

      </section>

    </section>

    <section id="slab">

      <indexterm>

        <primary>slab allocator</primary>

      </indexterm>

      <title>Slab allocator</title>

      <para>The majority of memory allocation requests in the kernel is for

      small, frequently used data structures. The basic idea behind the slab

      allocator is that commonly used objects are preallocated in continuous

      areas of physical memory called slabs<footnote>

          <para>Slabs are in fact blocks of physical memory frames allocated

          from the frame allocator.</para>

        </footnote>. Whenever an object is to be allocated, the slab allocator

      returns the first available item from a suitable slab corresponding to

      the object type<footnote>

          <para>The mechanism is rather more complicated, see the next

          paragraph.</para>

        </footnote>. Due to the fact that the sizes of the requested and

      allocated object match, the slab allocator significantly reduces

      internal fragmentation.</para>

      <indexterm>

        <primary>slab allocator</primary>

        <secondary>- slab cache</secondary>

      </indexterm>

      <para>Slabs of one object type are organized in a structure called slab

      cache. There are usually more slabs in the slab cache, depending on

      previous allocations. If the the slab cache runs out of available slabs,

      new slabs are allocated. In order to exploit parallelism and to avoid

      locking of shared spinlocks, slab caches can have variants of

      processor-private slabs called magazines. On each processor, there is a

      two-magazine cache. Full magazines that are not part of any

      per-processor magazine cache are stored in a global list of full

      magazines.</para>

      <indexterm>

        <primary>slab allocator</primary>

        <secondary>- magazine</secondary>

      </indexterm>

      <para>Each object begins its life in a slab. When it is allocated from

      there, the slab allocator calls a constructor that is registered in the

      respective slab cache. The constructor initializes and brings the object

      into a known state. The object is then used by the user. When the user

      later frees the object, the slab allocator puts it into a processor

      private <indexterm>

          <primary>slab allocator</primary>

          <secondary>- magazine</secondary>

        </indexterm>magazine cache, from where it can be precedently allocated

      again. Note that allocations satisfied from a magazine are already

      initialized by the constructor. When both of the processor cached

      magazines get full, the allocator will move one of the magazines to the

      list of full magazines. Similarily, when allocating from an empty

      processor magazine cache, the kernel will reload only one magazine from

      the list of full magazines. In other words, the slab allocator tries to

      keep the processor magazine cache only half-full in order to prevent

      thrashing when allocations and deallocations interleave on magazine

      boundaries. The advantage of this setup is that during most of the

      allocations, no global spinlock needs to be held.</para>

      <para>Should HelenOS run short of memory, it would start deallocating

      objects from magazines, calling slab cache destructor on them and

      putting them back into slabs. When a slab contains no allocated object,

      it is immediately freed.</para>

      <para>

        <figure float="1">

          <mediaobject id="slab_alloc">

            <imageobject role="pdf">

              <imagedata fileref="images/slab_alloc.pdf" format="PDF" />

            </imageobject>

            <imageobject role="html">

              <imagedata fileref="images/slab_alloc.png" format="PNG" />

            </imageobject>

            <imageobject role="fop">

              <imagedata fileref="images/slab_alloc.svg" format="SVG" />

            </imageobject>

          </mediaobject>

          <title>Slab allocator scheme.</title>

        </figure>

      </para>

      <section>

        <title>Implementation</title>

        <para>The slab allocator is closely modelled after <xref

        linkend="Bonwick01" /> with the following exceptions:<itemizedlist>

            <listitem>

              <para>empty slabs are immediately deallocated and</para>

            </listitem>

            <listitem>

              <para>empty magazines are deallocated when not needed.</para>

            </listitem>

          </itemizedlist>The following features are not currently supported

        but would be easy to do: <itemizedlist>

            <listitem>cache coloring and</listitem>

            <listitem>dynamic magazine grow (different magazine sizes are

            already supported, but the allocation strategy would need to be

            adjusted).</listitem>

          </itemizedlist></para>

        <section>

          <title>Allocation/deallocation</title>

          <para>The following two paragraphs summarize and complete the

          description of the slab allocator operation (i.e.

          <code>slab_alloc()</code> and <code>slab_free()</code>

          functions).</para>

          <formalpara>

            <title>Allocation</title>

            <para><emphasis>Step 1.</emphasis> When an allocation request

            comes, the slab allocator checks availability of memory in the

            current magazine of the local processor magazine cache. If the

            available memory is there, the allocator just pops the object from

            magazine and returns it.</para>

            <para><emphasis>Step 2.</emphasis> If the current magazine in the

            processor magazine cache is empty, the allocator will attempt to

            swap it with the last magazine from the cache and return to the

            first step. If also the last magazine is empty, the algorithm will

            fall through to Step 3.</para>

            <para><emphasis>Step 3.</emphasis> Now the allocator is in the

            situation when both magazines in the processor magazine cache are

            empty. The allocator reloads one magazine from the shared list of

            full magazines. If the reload is successful (i.e. there are full

            magazines in the list), the algorithm continues with Step

            1.</para>

            <para><emphasis>Step 4.</emphasis> In this fail-safe step, an

            object is allocated from the conventional slab layer and a pointer

            to it is returned. If also the last magazine is full, a new slab

            is allocated.</para>

          </formalpara>

          <formalpara>

            <title>Deallocation</title>

            <para><emphasis>Step 1.</emphasis> During a deallocation request,

            the slab allocator checks if the current magazine of the local

            processor magazine cache is not full. If it is, the pointer to the

            objects is just pushed into the magazine and the algorithm

            returns.</para>

            <para><emphasis>Step 2.</emphasis> If the current magazine is

            full, the allocator will attempt to swap it with the last magazine

            from the cache and return to the first step. If also the last

            magazine is empty, the algorithm will fall through to Step

            3.</para>

            <para><emphasis>Step 3.</emphasis> Now the allocator is in the

            situation when both magazines in the processor magazine cache are

            full. The allocator tries to allocate a new empty magazine and

            flush one of the full magazines to the shared list of full

            magazines. If it is successfull, the algoritm continues with Step

            1.</para>

            <para><emphasis>Step 4. </emphasis>In case of low memory condition

            when the allocation of empty magazine fails, the object is moved

            directly into slab. In the worst case object deallocation does not

            need to allocate any additional memory.</para>

          </formalpara>

        </section>

      </section>

    </section>

  </section>

  <section>

    <title>Virtual memory management</title>

    <para>Virtual memory is essential for an operating system because it makes

    several things possible. First, it helps to isolate tasks from each other

    by encapsulating them in their private address spaces. Second, virtual

    memory can give tasks the feeling of more memory available than is

    actually possible. And third, by using virtual memory, there might be

    multiple copies of the same program, linked to the same addresses, running

    in the system. There are at least two known mechanisms for implementing

    virtual memory: segmentation and paging. Even though some processor

    architectures supported by HelenOS<footnote>

        <para>ia32 has full-fledged segmentation.</para>

      </footnote> provide both mechanisms, the kernel makes use solely of

    paging.</para>

    <section id="paging">

      <title>VAT subsystem</title>

      <para>In a paged virtual memory, the entire virtual address space is

      divided into small power-of-two sized naturally aligned blocks called

      pages. The processor implements a translation mechanism, that allows the

      operating system to manage mappings between set of pages and set of

      identically sized and identically aligned pieces of physical memory

      called frames. In a result, references to continuous virtual memory

      areas don't necessarily need to reference continuos area of physical

      memory. Supported page sizes usually range from several kilobytes to

      several megabytes. Each page that takes part in the mapping is

      associated with certain attributes that further desribe the mapping

      (e.g. access rights, dirty and accessed bits and present bit).</para>

      <para>When the processor accesses a page that is not present (i.e. its

      present bit is not set), the operating system is notified through a

      special exception called page fault. It is then up to the operating

      system to service the page fault. In HelenOS, some page faults are fatal

      and result in either task termination or, in the worse case, kernel

      panic<footnote>

          <para>Such a condition would be either caused by a hardware failure

          or a bug in the kernel.</para>

        </footnote>, while other page faults are used to load memory on demand

      or to notify the kernel about certain events.</para>

      <indexterm>

        <primary>page tables</primary>

      </indexterm>

      <para>The set of all page mappings is stored in a memory structure

      called page tables. Some architectures have no hardware support for page

      tables<footnote>

          <para>On mips32, TLB-only model is used and the operating system is

          responsible for managing software defined page tables.</para>

        </footnote> while other processor architectures<footnote>

          <para>Like amd64 and ia32.</para>

        </footnote> understand the whole memory format thereof. Despite all

      the possible differences in page table formats, the HelenOS VAT

      subsystem<footnote>

          <para>Virtual Address Translation subsystem.</para>

        </footnote> unifies the page table operations under one programming

      interface. For all parts of the kernel, three basic functions are

      provided:</para>

      <itemizedlist>

        <listitem>

          <para><code>page_mapping_insert()</code>,</para>

        </listitem>

        <listitem>

          <para><code>page_mapping_find()</code> and</para>

        </listitem>

        <listitem>

          <para><code>page_mapping_remove()</code>.</para>

        </listitem>

      </itemizedlist>

      <para>The <code>page_mapping_insert()</code> function is used to

      introduce a mapping for one virtual memory page belonging to a

      particular address space into the page tables. Once the mapping is in

      the page tables, it can be searched by <code>page_mapping_find()</code>

      and removed by <code>page_mapping_remove()</code>. All of these

      functions internally select the page table mechanism specific functions

      that carry out the self operation.</para>

      <para>There are currently two supported mechanisms: generic 4-level

      hierarchical page tables and global page hash table. Both of the

      mechanisms are generic as they cover several hardware platforms. For

      instance, the 4-level hierarchical page table mechanism is used by

      amd64, ia32, mips32 and ppc32, respectively. These architectures have

      the following page table format: 4-level, 2-level, TLB-only and hardware

      hash table, respectively. On the other hand, the global page hash table

      is used on ia64 that can be TLB-only or use a hardware hash table.

      Although only two mechanisms are currently implemented, other mechanisms

      (e.g. B+tree) can be easily added.</para>

      <section id="page_tables">

        <indexterm>

          <primary>page tables</primary>

          <secondary>- hierarchical</secondary>

        </indexterm>

        <title>Hierarchical 4-level page tables</title>

        <para>Hierarchical 4-level page tables are generalization of the

        frequently used hierarchical model of page tables. In this mechanism,

        each address space has its own page tables. To avoid confusion in

        terminology used by hardware vendors, in HelenOS, the root level page

        table is called PTL0, the two middle levels are called PTL1 and PTL2,

        and, finally, the leaf level is called PTL3. All architectures using

        this mechanism are required to use PTL0 and PTL3. However, the middle

        levels can be left out, depending on the hardware hierarchy or

        structure of software-only page tables. The genericity is achieved

        through a set of macros that define transitions from one level to

        another. Unused levels are optimised out by the compiler.

    <figure float="1">

          <mediaobject id="mm_pt">

            <imageobject role="pdf">

              <imagedata fileref="images/mm_pt.pdf" format="PDF" />

            </imageobject>

            <imageobject role="html">

              <imagedata fileref="images/mm_pt.png" format="PNG" />

            </imageobject>

            <imageobject role="fop">

              <imagedata fileref="images/mm_pt.svg" format="SVG" />

            </imageobject>

          </mediaobject>

          <title>Hierarchical 4-level page tables.</title>

        </figure>

    </para>

      </section>

      <section>

        <indexterm>

          <primary>page tables</primary>

          <secondary>- hashing</secondary>

        </indexterm>

        <title>Global page hash table</title>

        <para>Implementation of the global page hash table was encouraged by

        64-bit architectures that can have rather sparse address spaces. The

        hash table contains valid mappings only. Each entry of the hash table

        contains an address space pointer, virtual memory page number (VPN),

        physical memory frame number (PFN) and a set of flags. The pair of the

        address space pointer and the virtual memory page number is used as a

        key for the hash table. One of the major differences between the

        global page hash table and hierarchical 4-level page tables is that

        there is only a single global page hash table in the system while

        hierarchical page tables exist per address space. Thus, the global

        page hash table contains information about mappings of all address

        spaces in the system.

        <figure float="1">

          <mediaobject id="mm_hash">

            <imageobject role="pdf">

              <imagedata fileref="images/mm_hash.pdf" format="PDF" />

            </imageobject>

            <imageobject role="html">

              <imagedata fileref="images/mm_hash.png" format="PNG" />

            </imageobject>

            <imageobject role="fop">

              <imagedata fileref="images/mm_hash.svg" format="SVG" />

            </imageobject>

          </mediaobject>

          <title>Global page hash table.</title>

        </figure>

</para>

        <para>The global page hash table mechanism uses the generic hash table

        type as described in the chapter dedicated to <link

        linkend="hashtables">data structures</link> earlier in this

        book.</para>

      </section>

    </section>

  </section>

  <section id="tlb">

    <indexterm>

      <primary>TLB</primary>

    </indexterm>

    <title>Translation Lookaside buffer</title>

    <para>Due to the extensive overhead of several extra memory accesses

    during page table lookup that are necessary on every instruction, modern

    architectures deploy fast assotiative cache of recelntly used page

    mappings. This cache is called TLB - Translation Lookaside Buffer - and is

    present on every processor in the system. As it has been already pointed

    out, TLB is the only page translation mechanism for some

    architectures.</para>

    <section id="tlb_shootdown">

      <indexterm>

        <primary>TLB</primary>

        <secondary>- TLB shootdown</secondary>

      </indexterm>

      <title>TLB consistency</title>

      <para>The operating system is responsible for keeping TLB consistent

      with the page tables. Whenever mappings are modified or purged from the

      page tables, or when an address space identifier is reused, the kernel

      needs to invalidate the respective contents of TLB. Some TLB types

      support partial invalidation of their content (e.g. ranges of pages or

      address spaces) while other types can be invalidated only entirely. The

      invalidation must be done on all processors for there is one TLB per

      processor. Maintaining TLB consistency on multiprocessor configurations

      is not as trivial as it might look from the first glance.</para>

      <para>The remote TLB invalidation is called TLB shootdown. HelenOS uses

      a simplified variant of the algorithm described in <xref

      linkend="Black89" />.</para>

      <para>TLB shootdown is performed in three phases.</para>

      <formalpara>

        <title>Phase 1.</title>

        <para>The initiator clears its TLB flag and locks the global TLB

        spinlock. The request is then enqueued into all other processors' TLB

        shootdown message queues. When the TLB shootdown message queue is full

        on any processor, the queue is purged and a single request to

        invalidate the entire TLB is stored there. Once all the TLB shootdown

        messages were dispatched, the initiator sends all other processors an

        interrupt to notify them about the incoming TLB shootdown message. It

        then spins until all processors accept the interrupt and clear their

        TLB flags.</para>

      </formalpara>

      <formalpara>

        <title>Phase 2.</title>

        <para>Except for the initiator, all other processors are spining on

        the TLB spinlock. The initiator is now free to modify the page tables

        and purge its own TLB. The initiator then unlocks the global TLB

        spinlock and sets its TLB flag.</para>

      </formalpara>

      <formalpara>

        <title>Phase 3.</title>

        <para>When the spinlock is unlocked by the initiator, other processors

        are sequentially granted the spinlock. However, once they manage to

        lock it, they immediately release it. Each processor invalidates its

        TLB according to messages found in its TLB shootdown message queue. In

        the end, each processor sets its TLB flag and resumes its previous

        operation.</para>

      </formalpara>

    </section>

  </section>

  <section>

    <title>Address spaces</title>

    <para>In HelenOS, address spaces are objects that encapsulate the

    following items:</para>

    <itemizedlist>

      <listitem>

        <para>address space identifier,</para>

      </listitem>

      <listitem>

        <para>page table PTL0 pointer and</para>

      </listitem>

      <listitem>

        <para>a set of mutually disjunctive address space areas.</para>

      </listitem>

    </itemizedlist>

    <para>Address space identifiers will be discussed later in this section.

    The address space contains a pointer to PTL0, provided that the

    architecture uses per address space page tables such as the hierarchical

    4-level page tables. The most interesting component is the B+tree of

    address space areas belonging to the address space.</para>

    <section>

      <title>Address space areas</title>

      <para>Because an address space can be composed of heterogenous mappings

      such as userspace code, data, read-only data and kernel memory, it is

      further broken down into smaller homogenous units called address space

      areas. An address space area represents a continuous piece of userspace

      virtual memory associated with common flags. Kernel memory mappings do

      not take part in address space areas because they are hardwired either

      into TLBs or page tables and are thus shared by all address spaces. The

      flags are a combination of:</para>

      <itemizedlist>

        <listitem>

          <para><constant>AS_AREA_READ</constant>,</para>

        </listitem>

        <listitem>

          <para><constant>AS_AREA_WRITE</constant>,</para>

        </listitem>

        <listitem>

          <para><constant>AS_AREA_EXEC</constant> and</para>

        </listitem>

        <listitem>

          <para><constant>AS_AREA_CACHEABLE</constant>.</para>

        </listitem>

      </itemizedlist>

      <para>The <constant>AS_AREA_READ</constant> flag is implicit and cannot

      be removed. The <constant>AS_AREA_WRITE</constant> flag denotes a

      writable address space area and the <constant>AS_AREA_EXEC</constant> is

      used for areas containing code. The combination of

      <constant>AS_AREA_WRITE</constant> and <constant>AS_AREA_EXEC</constant>

      is not allowed. Some architectures don't differentiate between

      executable and non-executable mappings. In that case, the

      <constant>AS_AREA_EXEC</constant> has no effect on mappings created for

      the address space area in the page tables. If the flags don't have

      <constant>AS_AREA_CACHEABLE</constant> set, the page tables content of

      the area is created with caching disabled. This is useful for address

      space areas containing memory of some memory mapped device.</para>

      <para>Address space areas can be backed by a backend that provides

      virtual functions for servicing page faults that occur within the

      address space area, releasing memory allocated by the area and sharing

      the area. Currently, there are three backends supported by HelenOS:

      anonymous memory backend, ELF image backend and physical memory

      backend.</para>

      <formalpara>

        <title>Anonymous memory backend</title>

        <para>Anonymous memory is memory that has no predefined contents such

        as userspace stack or heap. Anonymous address space areas are backed

        by memory allocated from the frame allocator. Areas backed by this

        backend can be resized as long as they are not shared.</para>

      </formalpara>

      <formalpara>

        <title>ELF image backend</title>

        <para>Areas backed by the ELF backend are composed of memory that can

        be either initialized, partially initialized or completely anonymous.

        Initialized portions of ELF backend address space areas are those that

        are entirely physically present in the executable image (e.g. code and

        initialized data). Anonymous portions are those pages of the

        <emphasis>bss</emphasis> section that exist entirely outside the

        executable image. Lastly, pages that don't fit into the previous two

        categories are partially initialized as they are both part of the

        image and the <emphasis>bss</emphasis> section. The initialized

        portion does not need any memory from the allocator unless it is

        writable. In that case, pages are duplicated on demand during page

        fault and memory for the copy is allocated from the frame allocator.

        The remaining two parts of the ELF always require memory from the

        frame allocator. Non-shared address space areas backed by the ELF

        image backend can be resized.</para>

      </formalpara>

      <formalpara>

        <title>Physical memory backend</title>

        <para>Physical memory backend is used by the device drivers to access

        physical memory. No additional memory needs to be allocated on a page

        fault in this area and when sharing this area. Areas backed by this

        backend cannot be resized.</para>

      </formalpara>

      <section>

        <title>Memory sharing</title>

        <para>Address space areas can be shared provided that their backend

        supports sharing<footnote>

            <para>Which is the case for all currently supported

            backends.</para>

          </footnote>. When the kernel calls <code>as_area_share()</code>, a

        check is made to see whether the area is already being shared. If the

        area is already shared, it contains a pointer to the share info

        structure. The pointer is then simply copied into the new address

        space area and a reference count in the share info structure is

        incremented. Otherwise a new address space share info structure needs

        to be created. The backend is then called to duplicate the mapping of

        pages for which a frame is allocated. The duplicated mapping is stored

        in the share info structure B+tree called <varname>pagemap</varname>.

        Note that the reference count of the frames put into the

        <varname>pagemap</varname> must be incremented in order to avoid a race condition.

    If the originating address space area had been destroyed before the <varname>pagemap</varname>

    information made it to the page tables of other address spaces that take part in

    the sharing, the reference count of the respective frames

    would have dropped to zero and some of them could have been allocated again.</para>

      </section>

      <section>

        <title>Page faults</title>

        <para>When a page fault is encountered in the address space area, the

        address space page fault handler, <code>as_page_fault()</code>,

        invokes the corresponding backend page fault handler to resolve the

        situation. The backend might either confirm the page fault or perform

        a remedy. In the non-shared case, depending on the backend, the page

        fault can be remedied usually by allocating some memory on demand or

        by looking up the frame for the faulting translation in the ELF

        image.</para>

        <para>Shared address space areas need to consider the

        <varname>pagemap</varname> B+tree. First they need to make sure

        whether the mapping is not present in the <varname>pagemap</varname>.

        If it is there, then the frame reference count is increased and the

        page fault is resolved. Otherwise the handler proceeds similarily to

        the non-shared case. If it allocates a physical memory frame, it must

        increment its reference count and add it to the

        <varname>pagemap</varname>.</para>

      </section>

    </section>

    <section>

      <indexterm>

        <primary>address space</primary>

        <secondary>- ASID</secondary>

      </indexterm>

      <title>Address Space ID (ASID)</title>

      <para>Modern processor architectures optimize TLB utilization by

      associating TLB entries with address spaces through assigning

      identification numbers to them. In HelenOS, the term ASID, originally

      taken from the mips32 terminology, is used to refer to the address space

      identification number. The advantage of having ASIDs is that TLB does

      not have to be invalidated on thread context switch as long as ASIDs are

      unique. Unfortunately, architectures supported by HelenOS use all

      different widths of ASID numbers<footnote>

          <para>amd64 and ia32 don't use similar abstraction at all, mips32

          has 8-bit ASIDs and ia64 can have ASIDs between 18 to 24 bits

          wide.</para>

        </footnote> out of which none is sufficient. The amd64 and ia32

      architectures cannot make use of ASIDs as their TLB doesn't recognize

      such an abstraction. Other architectures have support for ASIDs, but for

      instance ppc32 doesn't make use of them in the current version of

      HelenOS. The rest of the architectures does use ASIDs. However, even on

      the ia64 architecture, the minimal supported width of ASID<footnote>

          <para>RID in ia64 terminology.</para>

        </footnote> is insufficient to provide a unique integer identifier to

      all address spaces that might hypothetically coexist in the running

      system. The situation on mips32 is even worse: the architecture has only

      256 unique identifiers.</para>

      <indexterm>

        <primary>address space</primary>

        <secondary>- ASID stealing</secondary>

      </indexterm>

      <para>To mitigate the shortage of ASIDs, HelenOS uses the following

      strategy. When the system initializes, a FIFO queue<footnote>

          <para>Note that architecture-specific measures are taken to avoid

          too large FIFO queue. For instance, seven consecutive ia64 RIDs are

          grouped to form one HelenOS ASID.</para>

        </footnote> is created and filled with all available ASIDs. Moreover,

      every address space remembers the number of processors on which it is

      active. Address spaces that have a valid ASID and that are not active on

      any processor are appended to the list of inactive address spaces with

      valid ASID. When an address space needs to be assigned a valid ASID, it

      first checks the FIFO queue. If it contains at least one ASID, the ASID

      is allocated. If the queue is empty, an ASID is simply stolen from the

      first address space in the list. In that case, the address space that

      loses the ASID in favor of another address space, is removed from the

      list. After the new ASID is purged from all TLBs, it can be used by the

      address space. Note that this approach works due to the fact that the

      number of ASIDs is greater than the maximal number of processors

      supported by HelenOS and that there can be only one active address space

      per processor. In other words, when the FIFO queue is empty, there must

      be address spaces that are not active on any processor.</para>

    </section>

  </section>

</chapter>