JPH05210568A - Memory manager for operating system of computer - Google Patents

Abstract

PURPOSE: To obtain a memory manager for the operating system of a computer device in which the usage of plural address-oriented services for the task of the operating system is supported. CONSTITUTION: Only one address space is provided to an overall system, an unique address-oriented service is related with the set of an address which is not overlapped, the service is partially attained by deciding the set of the address within the address space whose management by the service is permitted. Thus, the unique service can be prevented from managing the same address in a way the address collides against each other. Moreover in detail, a memory manager includes plural domains 112-116 (indicating the address set which is not adjacent in the address space) combined with the address-oriented services, and plural environments.

Description

Detailed Description of the Invention

[0001]

FIELD OF THE INVENTION This invention relates generally to the field of memory address management and control for computer systems,
In particular, it relates to a memory management device for optimizing the processing and execution of address driven operations in a fault driven, object oriented computer system having a domain based operating system.

[0002]

The most basic task of an operating system is to give an application program an abstract environment in which it should run. The obvious consequence of accomplishing this task is often undesired, where the application program is often limited by the "concept" of the proper environment of the operating system. If the program design does not follow this environment, the program must be adjusted until it can be expressed in operating system terminology, which is not only inconvenient for the user but also reduces the efficiency of the program. There is a fear.
Problems with environmental restrictions are not limited to application programs. The operating system itself often introduces a significant amount of overhead in maintaining a virtual environment that is not needed by certain applications. Another problem is associated with the provision of multiple address spaces by many operating systems, typically multiple independent address spaces, each with multiple paths of control. Multiple address spaces can be used to isolate programs from each other, but in many cases the address spaces are sufficient to isolate the programs, making it difficult for the programs to work together. As a result, for example, implementing a shared code library is much more difficult with multiple address spaces than without.

Also, conventional operating systems are significantly limited in the area of memory management. Over the years, specific hardware has been developed to help support the most common memory management functions of such operating systems. In particular, the memory management unit (MMU), in addition to performing memory access control, is now almost universally designed to optimize the implementation of requested paged virtual memory on behalf of the operating system. However, the MMU has traditionally been considered to be an additional function of the CPU, and does not perform as a unitary device that is the basis of other system designs (such as operating systems) but performs certain address-oriented services such as virtual memory. Was designed to be. Therefore, the conventional MMU implementation is M
Since the MU also limits the way in which the CPU controls access to various addresses, the burden of establishing access to higher level system services is entirely on the operating system. In addition, operating systems generally do not allow access to the lower level operations used to implement such services, making it impossible to utilize those operations to perform other additional services. is there. Even if some access is permitted, that access is severely restricted. For example, in programming, it may be necessary to write code to look like a virtual memory service, but not a virtual memory service, merely to gain access to the appropriate lower level operations.

As mentioned above, due to the above design restrictions, additional tasks such as concurrent garbage collection, which should be feasible but which cannot be easily realized by using the conventional method, should be performed. It is difficult to use MMU for the purpose of performing Although several algorithmic solutions have been proposed that would allow the MMU to perform such desired additional tasks, all of these methods have been comprehensively used in CPU development and programming. It had at least one problem that made it less attractive. For example, Proceedings of the SI
GPLAN'88 Conferenceon Pro
gamming Language Design
and Implementation, ACM SI
GPLAN Notes Volume 23 (7) (1988)
Andre published on pages 11 to 20 of July issue)
w W. Appel, John R. Ellis and Kai Li's "Real-time Concurr"
ent Collection on Stock M
"ultiprocessors" describes an algorithm for implementing concurrent garbage collection using conventional MMUs. As mentioned earlier, a problem associated with this type of scheme is that the restrictions imposed by the operating system running on the CPU limit the effectiveness of the algorithm.

Another way to realize garbage collection
Two methods are ACM Symposium on Li
sp and Functional Program
ming (Austin, TX, August 1984)
Published on pages 235-246 of the month)
A. Moon's "Garbage Collection"
n in a Large Lisp System ”
It is described in. Moon is a Lisp-based CP
Proposed to utilize special hardware in U to support garbage collection. However, this implementation method limits the application of hardware to a single algorithmic solution for garbage collection. Moreover, many other algorithms running on that system and unrelated to garbage collection would not benefit from such a system.

[0006]

SUMMARY OF THE INVENTION A preferred embodiment of the present invention is a memory manager for a computer operating system that provides a configuration that supports making multiple address-oriented services available to operating system tasks. including. The configuration provides only one address space for the entire system, associates independent address-oriented services with non-overlapping sets of addresses, and defines the set of addresses within that address space that the service is allowed to manage. This is partly achieved, thereby preventing independent services from trying to manage the same address in a conflicting manner. More specifically, the memory manager includes a plurality of domains (each representing a possibly non-contiguous set of addresses in the address space) associated with an address-oriented service, and a plurality of environments. Each environment has the ability to control the access of tasks to the domain to utilize the address-oriented services provided by that domain. Addresses can only be combined into one domain, as their domains do not overlap.

[0007]

【Example】

1.0 General Overview of the Invention The present invention relates to a memory management device for use in connection with a CPU running a particular type of operating system. In order to provide the correct basic knowledge in describing the memory management device of the present invention, its operating system is now described in full.
The distinction between this particular operating system and other types of operating systems is that it employs a novel memory management architecture, which is described in full below. Particular attention will be paid to novel elements that help to simplify and optimize the processing and performance of fault-driven, address-oriented operations in object-oriented computer systems, which elements are exposed to the operating system via a memory manager. Incorporated and referred to as "domain" and "environment". The same elements are also incorporated into the memory management device of the present invention to further refine and optimize the processing and performance of address-oriented operations within a computer system.

Briefly, a domain is created by partitioning the system address space into address sets that are as discontinuous as possible. The individual addresses are located in only one domain, and the address sets do not overlap. Each domain is also defined by a set of protocols or controls used to manage the address space of that domain, thereby affecting the performance of memory access operations by the CPU. As mentioned earlier, the domain and environment will be explained in more detail later, but before that, it may be necessary to clarify the background of the surrounding atmosphere that uses the domain and environment.

1.1 Overall operating system
Functional computer system operating system
It manages multiple tasks that embody individual executions of programs running on the CPU. Each program is defined as an operation to be executed in some specified order, ie a set of tasks and a set of data to be utilized during the execution of those operations. The operating system also provides a set of services that a task can utilize during the execution of its program. A task that uses a particular service is called a client task for that service. The services provided by the operating system are
It can be realized as a task that is started when some client task requests a service. The task of being charged to provide a particular service is called the manager task for that service.

There are many different types of operating systems, many of which are specifically designed for operation on a particular CPU. Despite the differences in such systems, memory managers,
There are some common features, including task managers, interprocess synchronization and I / O managers. Each of these features is well known in the art, but probably not under the names listed here, so each is briefly described here. The memory manager controls the use of memory addresses by the application program and the operating system. The task manager operates to create and destroy tasks as well as manage the individual execution of tasks by the operating system in memory. Inter-process synchronization represents a method of managing information exchange between tasks. The I / O manager communicates with the I / O devices that define the expansion of the computer system,
Control its operation. In particular, the I / O manager supports the concept of secondary storage (disk storage) for use by the operating system. The present invention relates to a memory management device for use in connection with an improved operating system memory manager.

1.2 General Memory Management Unit (MMU)
Operation In a typical computer system, a central processing unit (C
PU) retrieves an instruction from memory and performs the operation encoded in the instruction. An operation may consist of one or more address operations, where the CPU generates a processor address and an access type that dictates the type of memory operation desired. Access type is usually either a read, write or instruction fetch operation. The read operation instructs the memory system to read data from the memory location specified by the address and transfer the data so retrieved to the CPU. The write operation supplies the data to be written (in addition to the address and access type) to the specified address. The instruction fetch operation typically functions like a read operation, in which case only the access type is used to indicate that the retrieved data should be used as an instruction.
It should be noted that not all CPU configurations distinguish between read and instruction fetch operations. However, by convention every operation performs at least one address operation, which is the instruction fetch itself.

In many conventional computer systems,
Address operations are managed by the MMU. Typically, the MMU handles virtual addressing and controls physical memory access by the CPU. In some cases, the MMU further bears the burden of controlling access to various parts of memory to implement address space isolation and protection. M
The MU uses a processor address (hereinafter, referred to as an address or virtual address) provided by the CPU as a random access memory (RA) which is a primary memory of a computer system.
Convert to the (memory) address corresponding to the memory location of M). These virtual addresses have traditionally been translated into physical addresses by using a look-up table (called a "page table"), but this table is often very large. Since the address conversion by referring to the conversion table stored in the RAM may impose an almost unacceptable overhead in processing, it is generally preferable to cache the address conversion used at a near time at a high speed. It is normal. Such caches are commonly referred to as translation lookaside buffers (TLBs). TLB remembers the set of virtual addresses used most recently,
Allows multiple address translations to be performed in a single machine cycle.

If the requested virtual address does not have a translation to a physical address in the TLB, the translation must be retrieved from the RAM page table, where it is stored in the TLB. A search for translations from main memory begins when it detects that the proper TLB entry does not exist. If no suitable translation information is found in the page table, the MMU will generate a "translation failure". If the appropriate translation information is found in the page table, it is loaded in the TLB and the memory access operation continues.

According to a typical MMU configuration, the TLB further includes access permissions for each virtual address. Therefore,
If the table entry is valid, the access permission of the translation entry is checked against the CPU access type. If the access type is granted, a memory access is performed with the physical address provided by the TLB (assuming no other failures have occurred, as described below). If the access type is not allowed, "permission failure"
Is generated and transmitted to the CPU.

The purpose of creating a fault, such as a conversion fault, is to
It is to notify the CPU of an exceptional condition that occurs during the execution of one instruction. When a fault is transmitted from the MMU to the CPU, the action currently in progress is canceled and C
The PU executes a fault handling routine (often via a vector table). When the operation is canceled, the CPU typically returns to the state it was in before attempting to perform the failed operation. The fault handling routine determines the cause of the fault and acts on that cause. Unless the fault is a non-recoverable fault, then the CPU continues to execute the operation starting at the point of cancellation. In some computer systems, many faults are combined into a single CPU fault. Therefore, the particular fault that occurred is checked by the fault status register. Also, the faults may be ranked so that some faults mask (ie prohibit) other faults. The fault dispatcher collects various fault sources, maintains a fault status register, and applies a single fault to the CPU.

2.0 Operations used in connection with the present invention
Memory Address Management in Rating Systems The operating system described herein constitutes a versatile general framework that allows users (system designers) to build desired functionality to control memory access. The operating system includes a number of cooperating tasks, but at least some of the most significant tasks for the present invention are address-oriented services such as garbage collection heap, persistent object storage and virtual memory. These services are presented to their clients as special memory areas, previously referred to as "domains," which act in a particular way and keep the operating system overhead relatively low to allow users to Free the functions at the cost of hardware. This type of memory address management of the operating system is particularly useful for the performance of address oriented services as it does not require a special MMU for users of address oriented services to utilize. This concept of memory address management underlying the operating system is described below.

2.1 Tasks, Environments and Domains The memory manager of the operating system of the present invention is designed to constitute a framework that supports the operation of multiple address oriented services. The framework, in part, provides a single address space for the entire system and also defines the services that one task may access, but sets a set of addresses that do not overlap each other to separate services. By associating with, and by defining, within that address space, the set of addresses that one service is allowed to manage, so that individual services can share the same address with each other. The situation of trying to manage inconsistently is prevented. More specifically, it means partitioning the address space of the system into sets of domains, which represent multiple sets of addresses that are as non-contiguous as possible, as explained above. Only one address can be associated with a single domain because those domains do not overlap. The memory manager uses the address space, and
It further utilizes an environment (as defined herein) that controls the access of tasks to related services in one or more domains. Thus, referring to FIGS. 1a, 1b and 1c, the ability of the operating system to provide a set of services includes a single task environment (such as task ₀ in tasks 16 through 26 of FIGS. 1b and 1c). A particular domain (domains 10 to 14 in FIG. 1a) accessed via environment _{0 and the} like in environments 28 and 32.
It is executed via the memory manager by associating with one service (eg, domain ₁ in.

Although the domains are described further below, it should also be noted here that they each have one associated task. That task is called the manager and is responsible for providing services associated with that particular domain, and the domain is a set of controls that influence the performance of memory access operations, including virtual / physical translation and access permissions. Also related.

Therefore, referring to FIGS. 2 and 3, it is possible to more fully understand the environment and domain functions in a computer system. The block diagram of FIG. 2 further illustrates the functional features of the tasks, environments and domains shown in FIG. At step 34, an attempt is made to establish the proper environment for a task. Assuming that such an environment can be determined (which will be discussed in more detail below), the next step is whether the environment is in a domain whose task is part of that environment. Will be asked. If the task resides in one domain in the environment, step 38 permits the task's operation to be performed. If not, the operation of the task is prohibited in step 40.

FIGS. 3a and 3b show a specific one for controlling the access of a task to the address space of one domain according to the invention and FIGS.
Here are two examples of how two environments can be used. Figure 3a
, Two tasks 42 and 44 represent a number of tasks embodied in the programming language C that are considered to be running in the operating system of the present invention. These tasks are performed by the stack domain 48 and the virtual memory domain 5 as described in more detail below.
C run-time environment that controls access of those tasks to address spaces of various domains such as 0
Will form part of six. In FIG. 3b, two tasks 52 and 54 represent a number of tasks embodied by a dynamic language programming language such as Lisp, which is believed to run in the operating system of the present invention. Similar to the situation shown in FIG. 3a, those tasks are the additional addressing service Garbage Collection Heap Domain 58, which is described in more detail below.
And the persistent object storage domain 60, and will form part of the dynamic language runtime environment 56 that controls access of those tasks to the address spaces of various domains.

2.2 Address Management Tool With respect to the present invention, there are two main types of address management tools: constraints and mapping. We'll discuss those tools below, but we'll talk about what the atmosphere is like using the domain.
It should also help define how some of the address-oriented services outlined above work in this ambient atmosphere. However, prior to describing those tools, it is also necessary to describe the failure, at least with respect to the failure-driven computer system, with respect to the operating system of the present invention. A failure is an event generated by the execution of one instruction.
If the appropriate conditions are met, this running process will stop,
Signal a fault. The signal is typically provided to the manager of one domain, as determined by the type of fault and the operand of the instruction. Depending on the situation, the instruction may be restarted after the fault is handled.

2.2.1 Constraints Constraints place restrictions on the address operations that can be allowed. The constraints include global constraints, access control barriers, and control flow barriers. As explained in more detail below, the global constraint is 1
It accepts one or more domain rulers and information about the access type of address operation. Therefore, the global constraint issues a fault when an access violation is detected. Barriers are read access restrictions, write access restrictions, address flow restrictions, or control flow restrictions between domains. Violation of the barrier will signal a failure, resulting in some action being taken. More specifically, there are three types of barriers. (I) Read barriers limit tasks from reading data from memory locations. (Ii) Write barriers restrict tasks from writing addresses located in one domain to another domain. (Iii) Control flow barriers limit program counter movement between domains. Write barriers and control flow barriers are called cross-domain restrictions because they regulate the relationships between domains. The write barrier applies only if the data to be written is an address. To implement the write barrier, the system must be able to clearly distinguish pointer data from non-pointer data. This is a common requirement for address-oriented services such as garbage collectors.

2.2.2 During the execution of mapping instructions, various translations of addresses are performed. Mappings define those transformations. The mapping operates in conjunction with a domain classifier, as described in further detail below. When the translation reveals a constraint, the constraint is compared with the type of address operation. If the conversion is missing, create a conversion barrier. The most important mapping is
A virtual-to-physical address mapping used to translate virtual to physical addresses, and
A virtual address-to-grant mapping used to determine the type of access granted to an address.

2.3 Address Oriented Services Many different types of address oriented services could be realized using the present invention. We still have to think about some of those services. Although many of these services are well known in the art, they are often described in conventional literature in terms that are confusing or inconsistent with each other. Therefore, in order to clarify the meaning of those services with respect to the present invention, some address-oriented services presented as a model of the address management of the present invention will be described next.

2.3.1 Virtual Memory The virtual memory service allows programs running on the operating system to effectively use more memory as RAM than if physical RAM was actually available on the computer system. You can Virtual memory is actually part of the memory of a mass storage device such as a hard disk drive. Therefore, virtual memory is only virtual with respect to RAM. However, clients of the virtual memory service use this virtual memory as if it were totally physically available RAM. The virtual address space is created by "swapping out" some of the data in RAM to mass storage. Traditionally, this virtual memory has been organized as pages. Each page consists of a defined number of bytes that are each associated with a particular memory location in RAM. The virtual memory service interrupts attempts by clients to access pages of virtual memory that have already been swapped out to disk and swaps those pages back into RAM (and leaves room, if possible). If not, swap some pages out of RAM) and then run the client.

A page of virtual memory that is mapped to a page of physical memory is called a "valid" page, and a page of virtual memory that has no associated physical memory and is not allocated or swapped out to disk is an "invalid" page. "
Called a page. When a client tries to access an invalid page, its virtual memory service is usually M
Notified by the MU, the MMU issues a fault called a "translation fault". Upon notification of a conversion failure, the virtual memory service maps physical RAM to pages
The pages with the appropriate data read from storage and free the pages so the client can access them freely. When physical RAM is exhausted, virtual memory must fetch some valid pages and swap them out to prevent clients from accessing those pages again.

With respect to the present invention, a simple paged virtual memory service operates by manipulating the address mapping for its domain. This service maps the available physical memory to valid (swapped-in) virtual memory for that domain, not swapped-out virtual pages. Such simple implementations perform more disk writes than necessary because pages that have been swapped in and unchanged have not to be written to disk when swapped out. By giving the client read-only permission for the newly swapped in page, the service can be advertised when the client writes to it. The page can then be marked as "dirty" and assigned read / write permission. You only need to write dirty pages to disk. Thus, a more complex virtual memory service will manipulate the permission mappings as well as the address mappings for that domain.

2.3.2 Garbage Collector With respect to the garbage collector service, garbage is storage that is no longer accessible due to "legitimate" linguistic behavior. The garbage collector service finds garbage and makes its storage available for use by the operating system. Many garbage collector services do this by finding all storage objects that are not garbage and eliminating the rest. These "non-garbage" objects recursively follow all pointers contained in the system's storage objects, starting with a set of root objects that are considered to contain global variables and the processor state of all tasks. To be found. There are several different types of garbage collector services, three of which are described next.

2.3.2.1 Stop-Copy Garbageco
According to the rector stop-copy garbage collector service, memory is divided into two areas called "from space" and "toe space". During normal execution, the object is in toespace and no fromspace is used. When the tow space is exhausted (or almost exhausted), the process stops. Therefore,
Flip the identities of the spaces, which is why Fromspace becomes To-Space and To-Space becomes Fromspace. Next, the root object is copied to the toe space and the objects in the toe space are scanned to find a pointer to the from space. When such a pointer is found, the referenced object in fromspace is downloaded.
Copy at the end of the space, where it is finally scanned and the pointer of the object being scanned is updated to refer to the new storage location of the referenced object. A forward pointer is left in place of each duplicated object so that later references to that object can be updated. The above process has the effect of copying all of the reachable objects into to-space and updating all pointers of the objects to reference the storage location of the copy. When all reachable objects have been copied, any remaining objects in the fromspace are considered to be garbage, so the fromspace is reclaimed, processing is resumed, and the garbage collector service is repeated. ..

2.3.2.2 Concurrent Collector The concurrent garbage collector service (a) does not require the client to stop running while garbage collection is occurring; and (b) the client is in fromspace. Not allowed to know the address,
Therefore, it is similar to the stop-copy garbage collector service, except that it imposes the requirement that it cannot tell if garbage collection is incomplete. A limitation placed on the ability of a client to know (read) an address in Fromspace is a read barrier, which is accomplished by manipulating the domain's address-to-authorization mapping. After the flip, all memory that may contain addresses in from space is protected from client access by turning off client read access.
Then the copying process begins. When the page in tow-space has been scanned, all pointers on that page have been converted to to-space pointers. That is, the client can access that page of memory without looking at the address of the from-space, thus removing the protection for that page. So when a client tries to access a protected page, the access is interrupted and the collector is signaled. The collector immediately proceeds to scan and translates the page, removing its protection and allowing the client to proceed.

2.3.2.3 Generation-Recovery Collector Since many objects are garbage immediately after allocation, old objects are less likely to be garbage compared to new objects. The generation-recovery collector takes advantage of this phenomenon by focusing its efforts on newer objects. The memory is divided into a plurality of areas called generations, and these areas are arranged in chronological order and can be individually collected (garbage collection). Objects are created in a newer generation. When an object survives several collections,
The object moves to the next generation. Older generations are collected less frequently than newer generations. In order to retrieve generations individually, the collector must be able to determine which objects in one generation are referenced by other generations. This is because they should not be aggregated, even if references to them do not occur in the generation of those objects themselves. To do this, the collector keeps track of pointers pointing from the old generation to the new generation, in other words, "home".
It is necessary to detect addresses that leave generations. This is done by constructing an address flow barrier, in which case one domain is assigned to each generation and an attempt is made to write the address of one domain to a memory location of another domain. It will interfere. Also, since objects rarely refer to newer objects, it is only possible to record references from the old generation to the new generation, which can be done with little overhead. Since a reference from a new object to a newer object is never remembered, when retrieving one generation it is necessary to retire all newer generations at the same time,
It does not require much additional effort.

2.3.3 Persistent Object Storage For the purposes of the present invention, persistent object storage refers to the collection of objects held in mass storage. The addresses of those objects are not necessarily in the same format as the addresses in memory (for example,
The stored address is 64 bits long, while the memory address may only be 32 bits.) These objects may contain pointers in this modified format, but the client may Is still accessed by a pointer in the format of the memory address as if the object simply existed in memory in a useful format. When the store is released, the store's root object is read into memory and converted to memory format. It allocates the virtual address space to the object referenced by the rate object, but does not map physical memory to it, so that whenever a client attempts to read or write to this space, it will advertise its service. Upon notification, the service reads the appropriate object into memory and translates it to allocate space for the object referenced by that object, as before, and repeats this process.

Storage of the type described above includes the functionality of all the services described above. Preventing clients from seeing persistent addresses, for example, by converting persistent objects on demand. Thus, the service is similar to a concurrent garbage collector that blocks clients from seeing the address in fromspace. Accumulation manipulates the domain's permission mapping to prevent reads and writes to untranslated pages. Storage is also similar to virtual memory services in that it dynamically allocates physical memory to the portion of storage that is resident in memory.
Accumulation manipulates the address mapping for that domain,
Allocate physical memory where needed. Also,
Like the generation-recovery garbage collector, the store must detect cross-domain address operations.
In particular, accumulations need to know about pointers from persistent objects to temporary objects, so they can be made persistent objects, which is an address flow barrier.

3.0 operating system notes
Formal Model of Remanager Referring now to FIGS. 4 and 5, there is shown a block diagram illustrating the operation of the memory manager of the operating system of the present invention. 4 and 5 are schematic diagrams and could be interpreted as suggesting that the present invention is implemented in hardware, the blocks in FIGS. 4 and 5 are implemented in software. It is intended to represent a structural element of the invention according to the invention. Of course, the present invention could be implemented by hardware or a combination of hardware and software, if following a general flow similar to that shown. However, since operating systems are typically implemented in software, it is preferred that memory managers for such operating systems be implemented in software as well. However, regardless of which implementation method is employed, FIGS. 4 and 5 serve to fully illustrate the concept of domains and environments as used within the memory manager of an operating system.

Thus, referring to FIG. 4, task 100
During the execution of the task, a memory operation is performed which supplies the operating system with information signals: specification of the environment 102 in which the task is running, target address 104, access type 106 and optionally data 108 associated with the memory operation. The information is then used by the operating system's memory manager to control the execution of memory operations. The domain classifier 110 receives the target address 104 and outputs the target address 1
Establishes the domain in which 04 exists. There can be many domains, for example domain ₀ 112,
Domain ₁ 114 through Domain _n 116 make up the operating system domain. The domain in which the target address 104 exists is the domain classifier 11
If 0 cannot be determined, the domain classifier 110 generates a domain fault signal 118 and sends it to the fault dispatch 120 for task 100. Fault dispatch 120 is described further below. If the domain can be found for the target address 104, the domain classifier 110 generates a domain ruler signal 122 and transmits it to the environmental controller 124 and the domain selector 126.

The environment controller 124 receives the environment ruler 102 from the task 100 and, together with the domain ruler 122, determines whether the domain pointed to by the domain ruler 122 is part of the task environment. If the domain is not part of the task's environment, a domain access violation signal 128 is generated and sent to the fault dispatch 120.
Otherwise, the authorization signal 130 is generated and sent to the domain selector 126. After being so authorized, domain selector 126 uses domain ruler 122 to enable the domain specified by domain classifier 110 via one of a plurality of enable lines 132.

Each of the domains 112-116 receives an environment ruler 102, a target virtual address 104, and an address type 106 from the running task 100. Each domain has a separate enable line 132 and only for the domain indicated by the domain ruler 122,
In fact, the enable signal is supplied via the enable line 132. After enabling, a domain, such as domain 112, determines whether it should perform the desired memory operation. If a memory operation is to be performed, the domain will generate a physical address 134 corresponding to the target address 104 along with the memory operation enable signal 136. OR
After passing through the gate 137, the enable signal 136 is transmitted to the memory 138. Memory 138 is task 100
Further access type 106 of Further, the data 108 is received from the task 100 to the memory 138 or output from the memory 138 to the task 100 depending on the access type 106. If domain 112 determines that it should not perform the memory operation, domain 112 generates an access violation signal 140, which is OR gate 14
It is transmitted to the fault dispatch 120 after passing 2. Upon receiving either a domain fault 118, a domain access violation 128 or an access violation 140, the fault dispatch 120 issues a fault signal 144 to the task 100 to stop the task 100 from executing.

It should also be noted that, according to the present invention, each domain corresponds to an overall predetermined set of rules for controlling the execution of one memory operation. To the extent that a domain performs different address-oriented services from another domain, the rules that define that service are different from the rules between other services. Such kind of rules are domain-dependent rules. The rules controlling the execution of memory operations are the same for each domain in the sense that a domain performs the same function as other domains, such as virtual / physical address translation. Those rules are domain independent rules. 5, the specific operation of the domain and the specific implementation of the above rules will be further described. As indicated above, referring to FIG. 4, a domain such as domain 112 may be
2, target virtual address 104, access type 1
06 and enable 132 are received. After processing this information in accordance with the present invention, the domain enables the requested memory operation to be performed at physical address 134 and enable 136 if domain 112 is enabled to perform such operation. Memory 13
8 or an access violation 140 to the fault dispatch 120 to prohibit the requested memory operation. If domain 112 is enabled,
The address map 145 translates the target address 104 into a physical address 134 or creates an address translation fault 146. Address translation fault 146 is generated when the physical address corresponding to target address 104 is not found. If the address translation fault 146 is generated, it is sent to the domain fault controller 148.

The permission map 150 receives the target virtual address 104 and the environmental rule 102 and maps them to permissions when they overlap. The grant is generated as access grant signal 152. Target virtual address 1
If no permission exists in the overlap between 04 and the environmental ruler 102, a permission conversion failure signal 154 is generated. If the permission mapping is successful, the access controller 155 receives the permission 152 along with the access type 106 and the enable 132. Next, the access control device 155
Generates access denial signal 156 if access type 106 is not allowed by domain 112.

The access denial signal 156 is transmitted to the domain fault controller 148. Fault controller 148 monitors various types of fault conditions and transmits inhibit signal 160 to manager task 162 if any of these fault conditions are present. Upon receipt of the inhibit signal 160 specifying the type of fault that has occurred, the manager task 162 of domain 112 will receive the address map 145 and / or permission map 150 via the map change signal 164 that will enable it to perform memory operations. An access violation 140 is typically generated unless it is determined that the changes to When the manager task 162 does not receive the prohibition signal 160, the task 1 is issued after the enable signal 136 is issued to the memory 138.
The memory operation specified by 00 may be performed.

Although the present invention has been described with particular reference to FIGS. 1-5, focusing on particular MMU embodiments, the drawings are for illustration purposes only and are intended to be limiting of the present invention. It should be understood that it should not be done. It is contemplated that many modifications and variations of the elements, processes and arrangements of process steps of the present invention can be made by those skilled in the art without departing from the spirit of the invention disclosed above.

[Brief description of drawings]

FIG. 1 is a block diagram showing the relationship between domains and environments according to an operating system for use in connection with the memory management device of the preferred embodiment of the present invention.

2 is a flow chart illustrating operation of an operating system according to elements of the system shown in FIG.

FIG. 3 is a block diagram illustrating two examples in which a particular environment can be utilized by an operating system to control access to a task's domain address space.

FIG. 4 is a block diagram showing the structural architecture of a memory manager of an operating system.

5 is a block diagram showing domain _{0 of} FIG. 4 in more detail.

[Explanation of symbols]

 100 tasks 110 domain classifier 112-116 domain 120 fault dispatch device 124 environment controller 126 domain selector 138 memory 202 CPU 206 memory 220 translation lookaside buffer (TLB) 230 translation table lookup logic 236 fault dispatch device 238 multiplexer A 242 control register 246 multiplexer B 250 manager control register 254 admission control logic

Claims (2)

[Claims] 1. A memory manager for an operating system of a computer for making address-oriented services available to tasks of the operating system, the computer having a processor and memory, each said task being executed by the processor. A memory manager including a series of operations operative to each perform, each memory operation specifying a processor address, the processor converting the processor address to a memory address, and having a memory management device for performing the memory operation. Means for providing an extensible set of address-oriented services to the task, and coordinating which of the address-oriented services of the extensible set are available for the task Memory manager, characterized in that it comprises a stage, a. 2. A memory manager for a computer operating system for enabling a plurality of address-oriented services to be used for an operating-system task, a plurality of domains each corresponding to an address-oriented service, and one of the tasks. One or more environments, each having means for controlling whether the user is allowed to access the domain.