Final Study Questions

22C:116, Spring 2002

These questions are not intended to occupy all of your time prior to the midterm exam! Expect that at least 1/2 of the exam questions will not focus on the material discussed by these study questions, do not expect that the answers to any of these study questions will be the same as the answers to any of the exam questions.

These are study questions! They should motivate you to explore the material we have covered and focus on certain issues that will be central to some of the exam questions.

Background: The FinalOS 2002 operating system relies heavily on the memory management unit. Each process has a paged, segmented address space, where each page table entry for a page of this address space may be in one of 4 states:

Invalid
any reference to this page will cause a fault. This fault will be reported by sending an invalid address exception notice to the process's designated exception handler.

Valid page (4096 bytes)
references to this page will be translated by the MMU, allowing normal program execution to continue. The access rights field for valid pages contains 3 bits governing read, write and execute access to the page. Violation of these access rights will result in an access-rights violation notice.

Valid C-list (1024 capabilities)
references to this page will cause a fault; this fault will be interpreted by the kernel. The valid operations on a C-list object are load, store and call; these manipulate C-list entries, and they are implemented by kernel software, not hardware! The access rights read, write and execute govern the right to load, store or call to an address that maps to a C-list object. If these access rights are violated, if an instruction other than load, store or call is executed, or if the address is not aligned on a 32-bit boundary in the C-list object, the kernel will deliver an access-rights violation.

Valid return object
references to this page will cause a fault; this fault will be interpreted by the kernel. The valid operation on a return object are load, store and return; these are implemented by kernel software, not hardware, and they have complex semantics! The access rights read, write and execute govern the right to load, store or return via an address that maps to a return object. If these access rights are violated, if an instruction other than load, store or return is executed, or if the address is not aligned on a 32-bit boundary in the C-list object, the kernel will deliver an access-rights violation.

Each address-space in FinalOS is described by a C-list. The most significant 10 bits of the virtual address select an entry in the process's C-list; if valid and readable, this capability will refer to a C-list holding capabilities for the pages of one segment; the process may have 1024 such segments! The second 10 bits of each address refers to the capability for a page or C-list in the segment, while the least significant 12 bits refers to a byte in the page or a capability in the C-list.
Given the above, consider the following diagram for the address space of one process, call it process P:
```
                 -- -------------
                |                |
                |    C-list      |
                |    _________   |
        P ---->  ->0|crw_|___o--- 
                   1|____|____|        ______
                   2|pr_x|___o------->| page |
                   3|____|____|       |______|
                   4|____|____|                 ________ 
                   5|cr__|___o---------------->| C-list |
                   6|____|____|                |________|
                   7|____|__                    all 1024 in
                   8|___   ___|                 the above
                       __|____|                 refer to rw
                1023|____|____|                 pages
```
In the above diagram, the first letter shown in the rights field is the type of the capability. If it is blank, the capability is invalid. The following 3 letters say whether that capability is marked read, write or execute, where blank indicates the absence of this right.
Problem What virtual addresses in the address space of process P refer to capabilities? (hint, there are 1027 of them, 1024 of which are consecutive.)
Problem What virtual addresses in the address space of process P refer to locations in memory from which the process could fetch instructions?
Problem What virtual addresses in the address space of process P refer to locations in memory to which the process could store bytes?
More Background: To allow a process to manipulate its own address space, capability zero of the top-level C-list of the process's address-space tree (that is, the capability for segment zero of the address space) refers to the return object that is used to represent the current process's state.
Return objects contain 1024 valid addresses (word aligned). Access to these addresses is implemented by the kernel, and not by software. Words 0 to 15 of the return object behave as if they were in a C-list object. These are the "capability registers" of the process when the return object is page 1 of segment zero, so when the kernel fakes a load or store instructions that manipulates a C-list object as its memory operand, these are used as the register operands. Capability 1 is an enter capability for the process's exception handler. Word 16 of the return object is the address, in this process's address space, where execution should begin when a call notice is delivered to this process. Words 17 and up are copies of the CPU registers when this process is suspended.
The system requires that capability register zero of each process refer to the address space of that process. This allows the process to manipulate its own address space.
Problem: Modify the figure given in the previous study question to show the correct structure of a properly formed process under FinalOS 2002.
More Background: When the kernel's page-fault trap service routine detects a page fault caused by an attempt to load or store from a C-list, where the virtual address is properly word-aligned in that C-list, the kernel copies a capability between the process's capability registers and the indicated C-list entry (the direction of the copy depends on whether the operation was a load or store). The capability registers of the process are simply capabilities 0 to 16 of the return object that is segment zero of that process's address space. If the instruction set allows register numbers outside this range, the kernel will consider them illegal in the context of C-list manipulation instructions.
The abstract operation restrict ANDs the access rights in a capability with a mask, so that a program can take a capability and manufacture a capability for the same object with reduced access rights.
Problem: If the machine has an "and register with memory" instruction, how could the FinalOS 2002 kernel use this to implement a restrict operation.
Problem: If the machine is a pure load-store architecture (with no memory to register or register to memory arithmetic or logic operations), how could the kernel be written to allow users to perform reduce operation.
More Background When the user attempts to use a call instruction, where the destination address is in a C-list object instead of a normal page object, the trap handler in the kernel acts as follows: First, the state of the calling process is saved in the return object that is the caller's segment zero. Second, the address must be word-aligned in the C-list; if it is not, it raises an exception for the caller. If the address is word aligned, the capability it addresses is the operand. This capability must itself refer to a C-list, and it must have the execute access right; if this right is missing, an exception is raised for the caller. If the capability is executable, it is a capability for the called object.
The effect of the call is to deliver a call notice to the process running in the called object. A call notice is delivered to an address space by suspending the process running in that address space (storing its execution state in its segment zero), and then creating a new segment zero for the called process. This new segment zero (still a return object) takes capability 0 and 1 from the original (so it has the same address space and the same exception handler), but it has a read-write-execute return capability for the old segment zero fo the called address space in capability 2, and it has an execute only capability to the caller's return object in capability 3.
The effect of the above is to deliver something like a signal to the called process! When an exception is raised in a process, a call is made to the exception handler for that process -- an executable capability for the handler must be present in capability register 1 of the process! The return notice delivered to the exception handler has read-write-execute rights.
Problem: Does the FinalOS 2002 kernel have an amplification mechanism?
Problem: How could you modify the above description to allow parameter passing on a call operation? Without this, the whole thing is a bit useless!
Problem: The above description included no discussion of process management, only addressing and protection. What alternatives for process management can you think of.
Problem: Can the ExamOS 2002 kernel be fixed so it supports a good hybrid kernel/user thread package? That is, a thread package where it is up to the user to schedule threads in the user's address space, yet with good kernel cooperation.
Problem: Assume that each device driver under ExamOS 2002 runs mostly as a distinct process, a server. How should ExamOS 2002 respond when an interrupt is requested?
Problem: You want to write a file server under ExamOS 2002. What kind of thing do you offer to a process as a handle on an open file? How does a user operate on that file?
Problem: The ExamOS 2002 does no demand paging. Instead, when a process has a page fault, an exception notice is delivered to that process's exception handler. How would you make the exception handler do demand paging for its user?
Problem What else is missing from the FinalOS 2002 kernel specification? (Lots!)