Subversion Repositories HelenOS-doc

<?xml version="1.0" encoding="UTF-8"?>

<chapter id="mm">

  <?dbhtml filename="mm.html"?>

  <title>Memory management</title>

  <section>

    <title>Virtual memory management</title>

    <section>

      <title>Introduction</title>

      <para>Virtual memory is a special memory management technique, used by

      kernel to achieve a bunch of mission critical goals. <itemizedlist>

          <listitem>

             Isolate each task from other tasks that are running on the system at the same time.

          </listitem>

          <listitem>

             Allow to allocate more memory, than is actual physical memory size of the machine.

          </listitem>

          <listitem>

             Allowing, in general, to load and execute two programs that are linked on the same address without complicated relocations.

          </listitem>

        </itemizedlist></para>

      <para><!--

                <para>

                        Address spaces. Address space area (B+ tree). Only for uspace. Set of syscalls (shrink/extend etc).

                        Special address space area type - device - prohibits shrink/extend syscalls to call on it.

                        Address space has link to mapping tables (hierarchical - per Address space, hash - global tables).

                </para>

--></para>

    </section>

    <section>

      <title>Address spaces</title>

      <section>

        <title>Address space areas</title>

        <para>Each address space consists of mutually disjunctive continuous

        address space areas. Address space area is precisely defined by its

        base address and the number of frames/pages is contains.</para>

        <para>Address space area , that define behaviour and permissions on

        the particular area. <itemizedlist>

            <listitem>

              <emphasis>AS_AREA_READ</emphasis>

               flag indicates reading permission.

            </listitem>

            <listitem>

              <emphasis>AS_AREA_WRITE</emphasis>

               flag indicates writing permission.

            </listitem>

            <listitem>

              <emphasis>AS_AREA_EXEC</emphasis>

               flag indicates code execution permission. Some architectures do not support execution persmission restriction. In this case this flag has no effect.

            </listitem>

            <listitem>

              <emphasis>AS_AREA_DEVICE</emphasis>

               marks area as mapped to the device memory.

            </listitem>

          </itemizedlist></para>

        <para>Kernel provides possibility tasks create/expand/shrink/share its

        address space via the set of syscalls.</para>

      </section>

      <section>

        <title>Address Space ID (ASID)</title>

        <para>When switching to the different task, kernel also require to

        switch mappings to the different address space. In case TLB cannot

        distinguish address space mappings, all mapping information in TLB

        from the old address space must be flushed, which can create certain

        uncessary overhead during the task switching. To avoid this, some

        architectures have capability to segregate different address spaces on

        hardware level introducing the address space identifier as a part of

        TLB record, telling the virtual address space translation unit to

        which address space this record is applicable.</para>

        <para>HelenOS kernel can take advantage of this hardware supported

        identifier by having an ASID abstraction which is somehow related to

        the corresponding architecture identifier. I.e. on ia64 kernel ASID is

        derived from RID (region identifier) and on the mips32 kernel ASID is

        actually the hardware identifier. As expected, this ASID information

        record is the part of <emphasis>as_t</emphasis> structure.</para>

        <para>Due to the hardware limitations, hardware ASID has limited

        length from 8 bits on ia64 to 24 bits on mips32, which makes it

        impossible to use it as unique address space identifier for all tasks

        running in the system. In such situations special ASID stealing

        algoritm is used, which takes ASID from inactive task and assigns it

        to the active task.<classname></classname></para>

      </section>

    </section>

    <section>

      <title>Virtual address translation</title>

      <section id="pagING">

        <title>Paging</title>

        <section>

          <title>Introduction</title>

          <para>Virtual memory is usually using paged memory model, where

          virtual memory address space is divided into the

          <emphasis>pages</emphasis> (usually having size 4096 bytes) and

          physical memory is divided into the frames (same sized as a page, of

          course). Each page may be mapped to some frame and then, upon memory

          access to the virtual address, CPU performs <emphasis>address

          translation</emphasis> during the instruction execution.

          Non-existing mapping generates page fault exception, calling kernel

          exception handler, thus allowing kernel to manipulate rules of

          memory access. Information for pages mapping is stored by kernel in

          the <link linkend="page_tables">page tables</link></para>

          <para>The majority of the architectures use multi-level page tables,

          which means need to access physical memory several times before

          getting physical address. This fact would make serios performance

          overhead in virtual memory management. To avoid this <link

          linkend="tlb">Traslation Lookaside Buffer (TLB)</link> is

          used.</para>

          <para>HelenOS kernel has two different approaches to the paging

          implementation: <emphasis>4 level page tables</emphasis> and

          <emphasis>global hash table</emphasis>, which are accessible via

          generic paging abstraction layer. Such different functionality was

          caused by the major architectural differences between supported

          platforms. This abstraction is implemented with help of the global

          structure of pointers to basic mapping functions

          <emphasis>page_mapping_operations</emphasis>. To achieve different

          functionality of page tables, corresponding layer must implement

          functions, declared in

          <emphasis>page_mapping_operations</emphasis></para>

          <para>Thanks to the abstract paging interface, there was a place

          left for more paging implementations (besides already implemented

          hieararchical page tables and hash table), for example B-Tree based

          page tables.</para>

        </section>

        <section>

          <title>Hierarchical 4-level page tables</title>

          <para>Hierarchical 4-level page tables are the generalization of the

          hardware capabilities of most architectures. Each address space has

          its own page tables.<itemizedlist>

              <listitem>

                 ia32 uses 2-level page tables, with full hardware support.

              </listitem>

              <listitem>

                 amd64 uses 4-level page tables, also coming with full hardware support.

              </listitem>

              <listitem>

                 mips and ppc32 have 2-level tables, software simulated support.

              </listitem>

            </itemizedlist></para>

        </section>

        <section>

          <title>Global hash table</title>

          <para>Implementation of the global hash table was encouraged by the

          ia64 architecture support. One of the major differences between

          global hash table and hierarchical tables is that global hash table

          exists only once in the system and the hierarchical tables are

          maintained per address space. </para>

          <para>Thus, hash table contains information about all address spaces

          mappings in the system, so, the hash of an entry must contain

          information of both address space pointer or id and the virtual

          address of the page. Generic hash table implementation assumes that

          the addresses of the pointers to the address spaces are likely to be

          on the close addresses, so it uses least significant bits for hash;

          also it assumes that the virtual page addresses have roughly the

          same probability of occurring, so the least significant bits of VPN

          compose the hash index.</para>

          <para>- global page hash table: existuje jen jedna v celem systemu

          (vyuziva ji ia64), pozn. ia64 ma zatim vypnuty VHPT. Pouziva se

          genericke hash table s oddelenymi collision chains. ASID support is

          required to use global hash tables.</para>

        </section>

      </section>

      <section id="tlb">

        <title>Translation Lookaside buffer</title>

        <para>Due to the extensive overhead during the page mapping lookup in

        the page tables, all architectures has fast assotiative cache memory

        built-in CPU. This memory called TLB stores recently used page table

        entries.</para>

        <section id="tlb_shootdown">

          <title>TLB consistency. TLB shootdown algorithm.</title>

          <para>Operating system is responsible for keeping TLB consistent by

          invalidating the contents of TLB, whenever there is some change in

          page tables. Those changes may occur when page or group of pages

          were unmapped, mapping is changed or system switching active address

          space to schedule a new system task. Moreover, this invalidation

          operation must be done an all system CPUs because each CPU has its

          own independent TLB cache. Thus maintaining TLB consistency on SMP

          configuration as not as trivial task as it looks on the first

          glance. Naive solution would assume that is the CPU which wants to

          invalidate TLB will invalidate TLB caches on other CPUs. It is not

          possible on the most of the architectures, because of the simple

          fact - flushing TLB is allowed only on the local CPU and there is no

          possibility to access other CPUs' TLB caches, thus invalidate TLB

          remotely.</para>

          <para>Technique of remote invalidation of TLB entries is called "TLB

          shootdown". HelenOS uses a variation of the algorithm described by

          D. Black et al., "Translation Lookaside Buffer Consistency: A

          Software Approach," Proc. Third Int'l Conf. Architectural Support

          for Programming Languages and Operating Systems, 1989, pp.

          113-122.</para>

          <para>As the situation demands, you will want partitial invalidation

          of TLB caches. In case of simple memory mapping change it is

          necessary to invalidate only one or more adjacent pages. In case if

          the architecture is aware of ASIDs, when kernel needs to dump some

          ASID to use by another task, it invalidates only entries from this

          particular address space. Final option of the TLB invalidation is

          the complete TLB cache invalidation, which is the operation that

          flushes all entries in TLB.</para>

          <para>TLB shootdown is performed in two phases.</para>

          <formalpara>

            <title>Phase 1.</title>

            <para>First, initiator locks a global TLB spinlock, then request

            is being put to the local request cache of every other CPU in the

            system protected by its spinlock. In case the cache is full, all

            requests in the cache are replaced by one request, indicating

            global TLB flush. Then the initiator thread sends an IPI message

            indicating the TLB shootdown request to the rest of the CPUs and

            waits actively until all CPUs confirm TLB invalidating action

            execution by setting up a special flag. After setting this flag

            this thread is blocked on the TLB spinlock, held by the

            initiator.</para>

          </formalpara>

          <formalpara>

            <title>Phase 2.</title>

            <para>All CPUs are waiting on the TLB spinlock to execute TLB

            invalidation action and have indicated their intention to the

            initiator. Initiator continues, cleaning up its TLB and releasing

            the global TLB spinlock. After this all other CPUs gain and

            immidiately release TLB spinlock and perform TLB invalidation

            actions.</para>

          </formalpara>

        </section>

      </section>

    </section>

    <section>

      <title>---</title>

      <para>At the moment HelenOS does not support swapping.</para>

      <para>- pouzivame vypadky stranky k alokaci ramcu on-demand v ramci

      as_area - na architekturach, ktere to podporuji, podporujeme non-exec

      stranky</para>

    </section>

  </section>

  <section>

    <title>Physical memory management</title>

    <section id="zones_and_frames">

      <title>Zones and frames</title>

      <para>On some architectures not whole physical memory is available for

      conventional usage. This limitations require from kernel to maintain a

      table of available and unavailable ranges of physical memory addresses.

      Main idea of zones is in creating memory zone entity, that is a

      continuous chunk of memory available for allocation. If some chunk is

      not available, we simply do not put it in any zone.</para>

      <para>Zone is also serves for informational purposes, containing

      information about number of free and busy frames. Physical memory

      allocation is also done inside the certain zone. Allocation of zone

      frame must be organized by the <link linkend="frame_allocator">frame

      allocator</link> associated with the zone.</para>

      <para>Some of the architectures (mips32, ppc32) have only one zone, that

      covers whole physical memory, and the others (like ia32) may have

      multiple zones. Information about zones on current machine is stored in

      BIOS hardware tables or can be hardcoded into kernel during compile

      time.</para>

    </section>

    <section id="frame_allocator">

      <title>Frame allocator</title>

      <figure>

        <mediaobject id="frame_alloc">

          <imageobject role="html">

            <imagedata fileref="images/frame_alloc.png" format="PNG" />

          </imageobject>

          <imageobject role="fop">

            <imagedata fileref="images.vector/frame_alloc.svg" format="SVG" />

          </imageobject>

        </mediaobject>

        <title>Frame allocator scheme.</title>

      </figure>

      <formalpara>

        <title>Overview</title>

        <para>Frame allocator provides physical memory allocation for the

        kernel. Because of zonal organization of physical memory, frame

        allocator is always working in context of some zone, thus making

        impossible to allocate a piece of memory, which lays in different

        zone, which cannot happen, because two adjacent zones can be merged

        into one. Frame allocator is also being responsible to update

        information on the number of free/busy frames in zone. Physical memory

        allocation inside one <link linkend="zones_and_frames">memory

        zone</link> is being handled by an instance of <link

        linkend="buddy_allocator">buddy allocator</link> tailored to allocate

        blocks of physical memory frames.</para>

      </formalpara>

      <formalpara>

        <title>Allocation / deallocation</title>

        <para>Upon allocation request, frame allocator tries to find first

        zone, that can satisfy the incoming request (has required amount of

        free frames to allocate). During deallocation, frame allocator needs

        to find zone, that contain deallocated frame. This approach could

        bring up two potential problems: <itemizedlist>

            <listitem>

               Linear search of zones does not any good to performance, but number of zones is not expected to be high. And if yes, list of zones can be replaced with more time-efficient B-tree.

            </listitem>

            <listitem>

               Quickly find out if zone contains required number of frames to allocate and if this chunk of memory is properly aligned. This issue is perfectly solved bu the buddy allocator.

            </listitem>

          </itemizedlist></para>

      </formalpara>

    </section>

    <section id="buddy_allocator">

      <title>Buddy allocator</title>

      <section>

        <title>Overview</title>

        <figure>

          <mediaobject id="buddy_alloc">

            <imageobject role="html">

              <imagedata fileref="images/buddy_alloc.png" format="PNG" />

            </imageobject>

            <imageobject role="fop">

              <imagedata fileref="images.vector/buddy_alloc.svg" format="SVG" />

            </imageobject>

          </mediaobject>

          <title>Buddy system scheme.</title>

        </figure>

        <para>In the buddy allocator, the memory is broken down into

        power-of-two sized naturally aligned blocks. These blocks are

        organized in an array of lists, in which the list with index i

        contains all unallocated blocks of size

        <mathphrase>2<superscript>i</superscript></mathphrase>. The index i is

        called the order of block. Should there be two adjacent equally sized

        blocks in the list i<mathphrase />(i.e. buddies), the buddy allocator

        would coalesce them and put the resulting block in list <mathphrase>i

        + 1</mathphrase>, provided that the resulting block would be naturally

        aligned. Similarily, when the allocator is asked to allocate a block

        of size <mathphrase>2<superscript>i</superscript></mathphrase>, it

        first tries to satisfy the request from the list with index i. If the

        request cannot be satisfied (i.e. the list i is empty), the buddy

        allocator will try to allocate and split a larger block from the list

        with index i + 1. Both of these algorithms are recursive. The

        recursion ends either when there are no blocks to coalesce in the

        former case or when there are no blocks that can be split in the

        latter case.</para>

        <!--graphic fileref="images/mm1.png" format="EPS" /-->

        <para>This approach greatly reduces external fragmentation of memory

        and helps in allocating bigger continuous blocks of memory aligned to

        their size. On the other hand, the buddy allocator suffers increased

        internal fragmentation of memory and is not suitable for general

        kernel allocations. This purpose is better addressed by the <link

        linkend="slab">slab allocator</link>.</para>

      </section>

      <section>

        <title>Implementation</title>

        <para>The buddy allocator is, in fact, an abstract framework wich can

        be easily specialized to serve one particular task. It knows nothing

        about the nature of memory it helps to allocate. In order to beat the

        lack of this knowledge, the buddy allocator exports an interface that

        each of its clients is required to implement. When supplied with an

        implementation of this interface, the buddy allocator can use

        specialized external functions to find a buddy for a block, split and

        coalesce blocks, manipulate block order and mark blocks busy or

        available. For precise documentation of this interface, refer to

        <emphasis>"HelenOS Generic Kernel Reference Manual"</emphasis>.</para>

        <formalpara>

          <title>Data organization</title>

          <para>Each entity allocable by the buddy allocator is required to

          contain space for storing block order number and a link variable

          used to interconnect blocks within the same order.</para>

          <para>Whatever entities are allocated by the buddy allocator, the

          first entity within a block is used to represent the entire block.

          The first entity keeps the order of the whole block. Other entities

          within the block are assigned the magic value

          <constant>BUDDY_INNER_BLOCK</constant>. This is especially important

          for effective identification of buddies in a one-dimensional array

          because the entity that represents a potential buddy cannot be

          associated with <constant>BUDDY_INNER_BLOCK</constant> (i.e. if it

          is associated with <constant>BUDDY_INNER_BLOCK</constant> then it is

          not a buddy).</para>

          <para>The buddy allocator always uses the first frame to represent

          the frame block. This frame contains <varname>buddy_order</varname>

          variable to provide information about the block size it actually

          represents (

          <mathphrase>2<superscript>buddy_order</superscript></mathphrase>

          frames block). Other frames in block have this value set to magic

          <constant>BUDDY_INNER_BLOCK</constant> that is much greater than

          buddy <varname>max_order</varname> value.</para>

          <para>Each <varname>frame_t</varname> also contains pointer member

          to hold frame structure in the linked list inside one order.</para>

        </formalpara>

        <formalpara>

          <title>Allocation algorithm</title>

          <para>Upon <mathphrase>2<superscript>i</superscript></mathphrase>

          frames block allocation request, allocator checks if there are any

          blocks available at the order list <varname>i</varname>. If yes,

          removes block from order list and returns its address. If no,

          recursively allocates

          <mathphrase>2<superscript>i+1</superscript></mathphrase> frame

          block, splits it into two

          <mathphrase>2<superscript>i</superscript></mathphrase> frame blocks.

          Then adds one of the blocks to the <varname>i</varname> order list

          and returns address of another.</para>

        </formalpara>

        <formalpara>

          <title>Deallocation algorithm</title>

          <para>Check if block has so called buddy (another free

          <mathphrase>2<superscript>i</superscript></mathphrase> frame block

          that can be linked with freed block into the

          <mathphrase>2<superscript>i+1</superscript></mathphrase> block).

          Technically, buddy is a odd/even block for even/odd block

          respectively. Plus we can put an extra requirement, that resulting

          block must be aligned to its size. This requirement guarantees

          natural block alignment for the blocks coming out the allocation

          system.</para>

          <para>Using direct pointer arithmetics,

          <varname>frame_t::ref_count</varname> and

          <varname>frame_t::buddy_order</varname> variables, finding buddy is

          done at constant time.</para>

        </formalpara>

      </section>

    </section>

    <section id="slab">

      <title>Slab allocator</title>

      <section>

        <title>Overview</title>

        <para><termdef><glossterm>Slab</glossterm> represents a contiguous

        piece of memory, usually made of several physically contiguous

        pages.</termdef> <termdef><glossterm>Slab cache</glossterm> consists

        of one or more slabs.</termdef></para>

        <para>The majority of memory allocation requests in the kernel are for

        small, frequently used data structures. For this purpose the slab

        allocator is a perfect solution. The basic idea behind the slab

        allocator is to have lists of commonly used objects available packed

        into pages. This avoids the overhead of allocating and destroying

        commonly used types of objects such threads, virtual memory structures

        etc. Also due to the exact allocated size matching, slab allocation

        completely eliminates internal fragmentation issue.</para>

      </section>

      <section>

        <title>Implementation</title>

        <figure>

          <mediaobject id="slab_alloc">

            <imageobject role="html">

              <imagedata fileref="images/slab_alloc.png" format="PNG" />

            </imageobject>

            <imageobject role="fop">

              <imagedata fileref="images.vector/slab_alloc.svg" format="SVG" />

            </imageobject>

          </mediaobject>

          <title>Slab allocator scheme.</title>

        </figure>

        <para>The slab allocator is closely modelled after <ulink

        url="http://www.usenix.org/events/usenix01/full_papers/bonwick/bonwick_html/">

        OpenSolaris slab allocator by Jeff Bonwick and Jonathan Adams </ulink>

        with the following exceptions: <itemizedlist>

            <listitem>

               empty slabs are deallocated immediately (in Linux they are kept in linked list, in Solaris ???)

            </listitem>

            <listitem>

               empty magazines are deallocated when not needed (in Solaris they are held in linked list in slab cache)

            </listitem>

          </itemizedlist> Following features are not currently supported but

        would be easy to do: <itemizedlist>

            <listitem>

               - cache coloring

            </listitem>

            <listitem>

               - dynamic magazine grow (different magazine sizes are already supported, but we would need to adjust allocation strategy)

            </listitem>

          </itemizedlist></para>

        <section>

          <title>Magazine layer</title>

          <para>Due to the extensive bottleneck on SMP architures, caused by

          global slab locking mechanism, making processing of all slab

          allocation requests serialized, a new layer was introduced to the

          classic slab allocator design. Slab allocator was extended to

          support per-CPU caches 'magazines' to achieve good SMP scaling.

          <termdef>Slab SMP perfromance bottleneck was resolved by introducing

          a per-CPU caching scheme called as <glossterm>magazine

          layer</glossterm></termdef>.</para>

          <para>Magazine is a N-element cache of objects, so each magazine can

          satisfy N allocations. Magazine behaves like a automatic weapon

          magazine (LIFO, stack), so the allocation/deallocation become simple

          push/pop pointer operation. Trick is that CPU does not access global

          slab allocator data during the allocation from its magazine, thus

          making possible parallel allocations between CPUs.</para>

          <para>Implementation also requires adding another feature as the

          CPU-bound magazine is actually a pair of magazines to avoid

          thrashing when during allocation/deallocatiion of 1 item at the

          magazine size boundary. LIFO order is enforced, which should avoid

          fragmentation as much as possible.</para>

          <para>Another important entity of magazine layer is the common full

          magazine list (also called a depot), that stores full magazines that

          may be used by any of the CPU magazine caches to reload active CPU

          magazine. This list of magazines can be pre-filled with full

          magazines during initialization, but in current implementation it is

          filled during object deallocation, when CPU magazine becomes

          full.</para>

          <para>Slab allocator control structures are allocated from special

          slabs, that are marked by special flag, indicating that it should

          not be used for slab magazine layer. This is done to avoid possible

          infinite recursions and deadlock during conventional slab allocaiton

          requests.</para>

        </section>

        <section>

          <title>Allocation/deallocation</title>

          <para>Every cache contains list of full slabs and list of partialy

          full slabs. Empty slabs are immediately freed (thrashing will be

          avoided because of magazines).</para>

          <para>The SLAB allocator allocates lots of space and does not free

          it. When frame allocator fails to allocate the frame, it calls

          slab_reclaim(). It tries 'light reclaim' first, then brutal reclaim.

          The light reclaim releases slabs from cpu-shared magazine-list,

          until at least 1 slab is deallocated in each cache (this algorithm

          should probably change). The brutal reclaim removes all cached

          objects, even from CPU-bound magazines.</para>

          <formalpara>

            <title>Allocation</title>

            <para><emphasis>Step 1.</emphasis> When it comes to the allocation

            request, slab allocator first of all checks availability of memory

            in local CPU-bound magazine. If it is there, we would just "pop"

            the CPU magazine and return the pointer to object.</para>

            <para><emphasis>Step 2.</emphasis> If the CPU-bound magazine is

            empty, allocator will attempt to reload magazin, swapping it with

            second CPU magazine and returns to the first step.</para>

            <para><emphasis>Step 3.</emphasis> Now we are in the situation

            when both CPU-bound magazines are empty, which makes allocator to

            access shared full-magazines depot to reload CPU-bound magazines.

            If reload is succesful (meaning there are full magazines in depot)

            algoritm continues at Step 1.</para>

            <para><emphasis>Step 4.</emphasis> Final step of the allocation.

            In this step object is allocated from the conventional slab layer

            and pointer is returned.</para>

          </formalpara>

          <formalpara>

            <title>Deallocation</title>

            <para><emphasis>Step 1.</emphasis> During deallocation request,

            slab allocator will check if the local CPU-bound magazine is not

            full. In this case we will just push the pointer to this

            magazine.</para>

            <para><emphasis>Step 2.</emphasis> If the CPU-bound magazine is

            full, allocator will attempt to reload magazin, swapping it with

            second CPU magazine and returns to the first step.</para>

            <para><emphasis>Step 3.</emphasis> Now we are in the situation

            when both CPU-bound magazines are full, which makes allocator to

            access shared full-magazines depot to put one of the magazines to

            the depot and creating new empty magazine. Algoritm continues at

            Step 1.</para>

          </formalpara>

        </section>

      </section>

    </section>

    <!-- End of Physmem -->

  </section>

  <section>

    <title>Memory sharing</title>

    <para>Not implemented yet(?)</para>

  </section>

</chapter>