PPT
advertisement
Virtual Memory (Review)
Programs refer to virtual memory addresses
00∙∙∙∙∙∙0
movl (%ecx),%eax
Conceptually very large array of bytes
Each byte has its own address
Actually implemented with hierarchy of different
memory types
System provides address space private to particular
“process”
Allocation: Compiler and run-time system
Where in single virtual address space each program
object is to be stored
But why virtual and not physical memory?
FF∙∙∙∙∙∙F
Problem 1: How Does Everything Fit?
64-bit addresses:
16 Exabyte
Physical main memory:
Few Gigabytes
?
And there are many processes ….
Problem 2: Memory Management
Physical main memory
Process 1
Process 2
Process 3
…
Process n
x
stack
heap
.text
.data
…
What goes
where?
Problem 3: How To Protect
Physical main memory
Process i
Process j
Problem 4: How To Share?
Physical main memory
Process i
Process j
Solution: Level Of Indirection
Virtual memory
Process 1
Physical memory
mapping
Virtual memory
Process n
Each process gets its own private memory space
Solves the previous problems
Address Spaces
Linear address space: Ordered set of contiguous non-negative integer
addresses:
{0, 1, 2, 3, … }
Virtual address space: Set of N = 2n virtual addresses
{0, 1, 2, 3, …, N-1}
Physical address space: Set of M = 2m physical addresses
{0, 1, 2, 3, …, M-1}
Clean distinction between data (bytes) and their attributes (addresses)
Each object can now have multiple addresses
Every byte in main memory:
One physical address
One (or more) virtual addresses
A System Using Physical Addressing
CPU
Physical address
(PA)
Main memory
0:
1:
2:
3:
4:
5:
6:
7:
8:
...
M-1:
Data word
Used in “simple” systems with embedded microcontrollers
In devices such as like cars, elevators, digital picture frames, ...
A System Using Virtual Addressing
CPU Chip
CPU
Virtual address
(VA)
MMU
Physical address
(PA)
Main memory
0:
1:
2:
3:
4:
5:
6:
7:
8:
...
M-1:
Data word
Used in all modern desktops, laptops, workstations
One of the great ideas in computer science
MMU checks the cache
Why Virtual Addressing?
Simplifies memory management for programmers
Each process gets an identical, full, private, linear address space
Isolates address spaces
One process can’t interfere with another’s memory
Because they operate in different address spaces
User process cannot access privileged information
Different sections of address spaces have different permissions
Why Virtual Memory?
Efficient use of limited main memory (RAM)
Use RAM as a cache for the parts of a virtual address space
Some non-cached parts stored on disk
Some (unallocated) non-cached parts stored nowhere
Keep only active areas of virtual address space in memory
Transfer data back and forth as needed
VM as a Tool for Caching
Virtual memory: array of N = 2n contiguous bytes
Think of the array (allocated part) as being stored on disk
Physical main memory (DRAM) = cache for allocated virtual memory
Blocks are called pages; size = 2p
Virtual memory
VP 0 Unallocated
VP 1 Cached
Disk
VP 2n-p-1
Uncached
Unallocated
Cached
Uncached
Cached
Uncached
Physical memory
0
0
Empty
PP 0
PP 1
Empty
Empty
2m-1
PP 2m-p-1
2n-1
Virtual pages (VP's)
stored on disk
Physical pages (PP's)
cached in DRAM
Memory Hierarchy: Core 2 Duo
Not drawn to scale
L1/L2 cache: 64 B blocks
~4 MB
~4 GB
L2
unified
cache
Main
Memory
~500 GB
L1
I-cache
32 KB
CPU
L1
D-cache
Reg
Throughput: 16 B/cycle
Latency:
3 cycles
8 B/cycle
14 cycles
2 B/cycle
100 cycles
1 B/30 cycles
millions
Miss penalty (latency): 30x
Miss penalty (latency): 10,000x
Disk
DRAM Cache Organization
DRAM cache organization driven by the enormous miss penalty
DRAM is about 10x slower than SRAM
Disk is about 10,000x slower than DRAM
For first byte, faster for next byte
Consequences
Large page (block) size: typically 4-8 KB, sometimes 4 MB
Fully associative
Any VP can be placed in any PP
Requires a “large” mapping function – different from CPU caches
Highly sophisticated, expensive replacement algorithms
Too complicated and open-ended to be implemented in hardware
Write-back rather than write-through
Address Translation: Page Tables
A page table is an array of page table entries (PTEs) that
maps virtual pages to physical pages. Here: 8 VPs
Per-process kernel data structure in DRAM
Physical page
number or
Valid disk address
PTE 0 0
null
1
1
0
1
0
0
PTE 7 1
null
Physical memory
(DRAM)
VP 1
VP 2
VP 7
VP 4
Virtual memory
(disk)
VP 1
Memory resident
page table
(DRAM)
VP 2
VP 3
VP 4
VP 6
VP 7
PP 0
PP 3
Address Translation With a Page Table
Virtual address
Page table
base register
(PTBR)
Page table address
for process
Virtual page number (VPN)
Virtual page offset (VPO)
Page table
Valid
Physical page number (PPN)
Valid bit = 0:
page not in memory
(page fault)
Physical page number (PPN)
Physical address
Physical page offset (PPO)
Page Hit
Page hit: reference to VM word that is in physical memory
Virtual address
Physical page
number or
Valid disk address
PTE 0 0
null
1
1
0
1
0
0
PTE 7 1
null
Physical memory
(DRAM)
VP 1
VP 2
VP 7
VP 4
Virtual memory
(disk)
VP 1
Memory resident
page table
(DRAM)
VP 2
VP 3
VP 4
VP 6
VP 7
PP 0
PP 3
Page Miss
Page miss: reference to VM word that is not in physical
memory
Virtual address
Physical page
number or
Valid disk address
PTE 0 0
null
1
1
0
1
0
0
PTE 7 1
null
Physical memory
(DRAM)
VP 1
VP 2
VP 7
VP 4
Virtual memory
(disk)
VP 1
Memory resident
page table
(DRAM)
VP 2
VP 3
VP 4
VP 6
VP 7
PP 0
PP 3
Handling Page Fault
Page miss causes page fault (an exception)
Virtual address
Physical page
number or
Valid disk address
PTE 0 0
null
1
1
0
1
0
0
PTE 7 1
null
Physical memory
(DRAM)
VP 1
VP 2
VP 7
VP 4
Virtual memory
(disk)
VP 1
Memory resident
page table
(DRAM)
VP 2
VP 3
VP 4
VP 6
VP 7
PP 0
PP 3
Handling Page Fault
Page miss causes page fault (an exception)
Page fault handler selects a victim to be evicted (here VP 4)
Virtual address
Physical page
number or
Valid disk address
PTE 0 0
null
1
1
0
1
0
0
PTE 7 1
null
Physical memory
(DRAM)
VP 1
VP 2
VP 7
VP 4
Virtual memory
(disk)
VP 1
Memory resident
page table
(DRAM)
VP 2
VP 3
VP 4
VP 6
VP 7
PP 0
PP 3
Handling Page Fault
Page miss causes page fault (an exception)
Page fault handler selects a victim to be evicted (here VP 4)
Virtual address
Physical page
number or
Valid disk address
PTE 0 0
null
1
1
1
0
0
0
PTE 7 1
null
Physical memory
(DRAM)
VP 1
VP 2
VP 7
VP 3
Virtual memory
(disk)
VP 1
Memory resident
page table
(DRAM)
VP 2
VP 3
VP 4
VP 6
VP 7
PP 0
PP 3
Handling Page Fault
Page miss causes page fault (an exception)
Page fault handler selects a victim to be evicted (here VP 4)
Offending instruction is restarted: page hit!
Virtual address
Physical page
number or
Valid disk address
PTE 0 0
null
1
1
1
0
0
0
PTE 7 1
null
Physical memory
(DRAM)
VP 1
VP 2
VP 7
VP 3
Virtual memory
(disk)
VP 1
Memory resident
page table
(DRAM)
VP 2
VP 3
VP 4
VP 6
VP 7
PP 0
PP 3
Why does it work? Locality
Virtual memory works because of locality
At any point in time, programs tend to access a set of active
virtual pages called the working set
Programs with better temporal locality will have smaller working sets
If (working set size < main memory size)
Good performance for one process after compulsory misses
If ( SUM(working set sizes) > main memory size )
Thrashing: Performance meltdown where pages are swapped (copied)
in and out continuously
VM as a Tool for Memory Management
Key idea: each process has its own virtual address space
It can view memory as a simple linear array
Mapping function scatters addresses through physical memory
Well chosen mappings simplify memory allocation and management
Virtual
Address
Space for
Process 1:
0
VP 1
VP 2
Address
translation
0
PP 2
...
Physical
Address
Space
(DRAM)
N-1
PP 6
Virtual
Address
Space for
Process 2:
0
PP 8
VP 1
VP 2
...
...
N-1
M-1
(e.g., read-only
library code)
VM as a Tool for Memory Management
Memory allocation
Each virtual page can be mapped to any physical page
A virtual page can be stored in different physical pages at different times
Sharing code and data among processes
Map virtual pages to the same physical page (here: PP 6)
Virtual
Address
Space for
Process 1:
0
VP 1
VP 2
Address
translation
0
PP 2
...
Physical
Address
Space
(DRAM)
N-1
PP 6
Virtual
Address
Space for
Process 2:
0
PP 8
VP 1
VP 2
...
...
N-1
M-1
(e.g., read-only
library code)
Simplifying Linking and Loading
Kernel virtual memory
Linking
0xc0000000
Each program has similar virtual
User stack
(created at runtime)
address space
Code, stack, and shared libraries
always start at the same address
Memory
invisible to
user code
%esp
(stack
pointer)
Memory-mapped region for
shared libraries
0x40000000
Loading
execve() allocates virtual pages
brk
Run-time heap
(created by malloc)
for .text and .data sections
= creates PTEs marked as invalid
The .text and .data sections
are copied, page by page, on
demand by the virtual memory
system
Read/write segment
(.data, .bss)
Read-only segment
(.init, .text, .rodata)
0x08048000
0
Unused
Loaded
from
the
executable
file
VM as a Tool for Memory Protection
Extend PTEs with permission bits
Page fault handler checks these before remapping
If violated, send process SIGSEGV (segmentation fault)
SUP
Process i:
READ WRITE
Address
VP 0:
No
Yes
No
PP 6
VP 1:
No
Yes
Yes
PP 4
VP 2:
Yes
Yes
Yes
•
•
•
PP 2
Physical
Address Space
PP 2
PP 4
PP 6
SUP
Process j:
READ WRITE
Address
VP 0:
No
Yes
No
PP 9
VP 1:
Yes
Yes
Yes
PP 6
VP 2:
No
Yes
Yes
PP 11
PP 8
PP 9
PP 11
Address Translation: Page Hit
2
PTEA
CPU Chip
CPU
1
VA
PTE
MMU
3
PA
4
Data
5
1) Processor sends virtual address to MMU
2-3) MMU fetches PTE from page table in memory
4) MMU sends physical address to cache/memory
5) Cache/memory sends data word to processor
Cache/
Memory
Address Translation: Page Fault
Exception
Page fault handler
4
2
PTEA
CPU Chip
CPU
1
VA
7
MMU
PTE
3
Victim page
5
Cache/
Memory
Disk
New page
6
1) Processor sends virtual address to MMU
2-3) MMU fetches PTE from page table in memory
4) Valid bit is zero, so MMU triggers page fault exception
5) Handler identifies victim (and, if dirty, pages it out to disk)
6) Handler pages in new page and updates PTE in memory
7) Handler returns to original process, restarting faulting instruction
Speeding up Translation with a TLB
Page table entries (PTEs) are cached in L1 like any other
memory word
PTEs may be evicted by other data references
PTE hit still requires a 1-cycle delay
Solution: Translation Lookaside Buffer (TLB)
Small hardware cache in MMU
Maps virtual page numbers to physical page numbers
Contains complete page table entries for small number of pages
TLB Hit
CPU Chip
CPU
TLB
2
PTE
VPN
3
1
VA
MMU
Data
5
A TLB hit eliminates a memory access
PA
4
Cache/
Memory
TLB Miss
CPU Chip
TLB
2
4
PTE
VPN
CPU
1
VA
MMU
3
PTEA
PA
Cache/
Memory
5
Data
6
A TLB miss incurs an add’l memory access (the PTE)
Fortunately, TLB misses are rare (WHY?)
From virtual address to memory location
• Translation Lookaside Buffer (TLB) is a special cache
just for the page table.
• Usually fully associative.
CPU
hit
Virtual address
cache
miss
TLB
miss
hit
Physical address
Main
memory
(page
table)
Translation Lookaside Buffer
Virtual to Physical translations are cached in a TLB.
Virtual address
31 30 29
15 14 13 12 11 10 9 8
Virtual page number
3210
Page offset
20
Valid Dirty
12
Physical page number
Tag
TLB
TLB hit
20
Physical page number
Page offset
Physical address
Physical address tag
Cache index
14
16
Valid
Tag
Data
Cache
32
Cache hit
Data
Byte
offset
2
What Happens on a Context Switch?
Page table is per process
So is TLB
TLB flush
TLB tagging
Review of Abbreviations
Components of the virtual address (VA)
TLBI: TLB index
TLBT: TLB tag
VPO: virtual page offset
VPN: virtual page number
Components of the physical address (PA)
PPO: physical page offset (same as VPO)
PPN: physical page number
CO: byte offset within cache line
CI: cache index
CT: cache tag
Simple Memory System Example
Addressing
14-bit virtual addresses
12-bit physical address
Page size = 64 bytes
13
12
11
10
9
8
7
6
5
4
3
2
1
VPN
VPO
Virtual Page Number
Virtual Page Offset
11
10
9
8
7
6
5
4
3
2
1
PPN
PPO
Physical Page Number
Physical Page Offset
0
0
Simple Memory System Page Table
Only show first 16 entries (out of 256)
VPN
PPN
Valid
VPN
PPN
Valid
00
28
1
08
13
1
01
–
0
09
17
1
02
33
1
0A
09
1
03
02
1
0B
–
0
04
–
0
0C
–
0
05
16
1
0D
2D
1
06
–
0
0E
11
1
07
–
0
0F
0D
1
Simple Memory System TLB
16 entries
4-way associative
TLBT
13
12
11
10
TLBI
9
8
7
6
5
4
3
2
1
0
VPO
VPN
Set
Tag
PPN
Valid
Tag
PPN
Valid
Tag
PPN
Valid
Tag
PPN
Valid
0
03
–
0
09
0D
1
00
–
0
07
02
1
1
03
2D
1
02
–
0
04
–
0
0A
–
0
2
02
–
0
08
–
0
06
–
0
03
–
0
3
07
–
0
03
0D
1
0A
34
1
02
–
0
Simple Memory System Cache
16 lines, 4-byte block size
Physically addressed
Direct mapped
CT
11
10
9
CI
8
7
6
5
4
CO
3
PPN
2
1
0
PPO
Idx
Tag
Valid
B0
B1
B2
B3
Idx
Tag
Valid
B0
B1
B2
B3
0
19
1
99
11
23
11
8
24
1
3A
00
51
89
1
15
0
–
–
–
–
9
2D
0
–
–
–
–
2
1B
1
00
02
04
08
A
2D
1
93
15
DA
3B
3
36
0
–
–
–
–
B
0B
0
–
–
–
–
4
32
1
43
6D
8F
09
C
12
0
–
–
–
–
5
0D
1
36
72
F0
1D
D
16
1
04
96
34
15
6
31
0
–
–
–
–
E
13
1
83
77
1B
D3
7
16
1
11
C2
DF
03
F
14
0
–
–
–
–
Address Translation Example #1
Virtual Address: 0x03D4
TLBT
TLBI
13
12
11
10
9
8
7
6
5
4
3
2
1
0
0
0
0
0
1
1
1
1
0
1
0
1
0
0
VPN
VPN 0x0F
___
3
TLBI ___
VPO
0x03
TLBT ____
Y
TLB Hit? __
N
Page Fault? __
PPN: 0x0D
____
Physical Address
CI
CT
11
10
9
8
7
6
5
4
3
2
1
0
0
0
1
1
0
1
0
1
0
1
0
0
PPN
0
CO ___
CO
0x5
CI___
0x0D
CT ____
PPO
Y
Hit? __
0x36
Byte: ____
Address Translation Example #2
Virtual Address: 0x0020
TLBT
TLBI
13
12
11
10
9
8
7
6
5
4
3
2
1
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
VPN
VPN 0x00
___
0
TLBI ___
VPO
0x00
TLBT ____
N
TLB Hit? __
N
Page Fault? __
PPN: 0x28
____
Physical Address
CI
CT
11
10
9
8
7
6
5
4
3
2
1
0
1
0
1
0
0
0
1
0
0
0
0
0
PPN
0
CO___
CO
0x8
CI___
0x28
CT ____
PPO
N
Hit? __
Mem
Byte: ____
Address Translation Example #3
Virtual Address: 0x0B8F
TLBT
TLBI
13
12
11
10
9
8
7
6
5
4
3
2
1
0
0
0
1
0
1
1
1
0
0
0
1
1
1
1
VPN
VPN 0x2E
___
2
TLBI ___
VPO
0x0B
TLBT ____
N
TLB Hit? __
Y
Page Fault? __
TBD
PPN: ____
Physical Address
CI
CT
11
10
9
8
7
6
PPN
CO ___
CI___
CT ____
5
4
CO
3
PPO
Hit? __
Byte: ____
2
1
0
Summary
Programmer’s view of virtual address space
Each process has its own private linear address space
Cannot be corrupted by other processes
System view of VAS & virtual memory
Uses memory efficiently by caching virtual memory pages
Efficient only because of locality
Simplifies memory management and programming
Simplifies protection by providing a convenient interpositioning point
to check permissions
Allocating Virtual Pages
Example: Allocating VP5
Physical page
number or
Valid disk address
PTE 0 0
null
1
1
1
0
0
0
PTE 7 1
null
Physical memory
(DRAM)
VP 1
VP 2
VP 7
VP 3
Virtual memory
(disk)
VP 1
Memory resident
page table
(DRAM)
VP 2
VP 3
VP 4
VP 6
VP 7
PP 0
PP 3
Allocating Virtual Pages
Example: Allocating VP 5
Kernel allocates VP 5 on disk and points PTE 5 to it
Physical page
number or
Valid disk address
PTE 0 0
null
1
1
1
0
0
0
PTE 7 1
Physical memory
(DRAM)
VP 1
VP 2
VP 7
VP 3
Virtual memory
(disk)
VP 1
Memory resident
page table
(DRAM)
VP 2
VP 3
VP 4
VP 5
VP 6
VP 7
PP 0
PP 3
Page Tables Size
Given:
4KB (212) page size
48-bit address space
4-byte PTE
How big is the page table?
Multi-Level Page Tables
Given:
4KB (212) page size
48-bit address space
4-byte PTE
Problem:
Would need a 256 GB page table!
Level 1
Table
248 * 2-12 * 22 = 238 bytes
Common solution
Multi-level page tables
Example: 2-level page table
Level 1 table: each PTE points to a page table
Level 2 table: each PTE points to a page
(paged in and out like other data)
Level 1 table stays in memory
Level 2 tables paged in and out
...
Level 2
Tables
...
A Two-Level Page Table Hierarchy
Level 1
page table
Level 2
page tables
Virtual
address space
VP 0
PTE 0
PTE 0
...
PTE 1
...
VP 1023
PTE 2 (null)
PTE 1023
VP 1024
0
2K allocated VM pages
for code and data
...
PTE 3 (null)
VP 2047
PTE 4 (null)
PTE 0
PTE 5 (null)
...
PTE 6 (null)
PTE 1023
Gap
PTE 7 (null)
6K unallocated VM pages
PTE 8
(1K - 9)
null PTEs
1023 null
PTEs
PTE 1023
1023
unallocated
pages
VP 9215
1023 unallocated pages
1 allocated VM page
for the stack
...
Translating with a k-level Page Table
Virtual Address
n-1
p-1
VPN 1
VPN 2
Level 2
page table
Level 1
page table
...
...
VPN k
...
0
VPO
Level k
page table
PPN
m-1
p-1
PPN
Physical Address
0
PPO
x86-64 Paging
Origin
AMD’s way of extending x86 to 64-bit instruction set
Intel has followed with “EM64T”
Requirements
48-bit virtual address
256 terabytes (TB)
Not yet ready for full 64 bits
– Nobody can buy that much DRAM yet
– Mapping tables would be huge
52-bit physical address = 40 bits for PPN
Requires 64-bit table entries
Keep traditional x86 4KB page size, and same size for page tables
(4096 bytes per PT) / (8 bytes per PTE) = only 512 entries per page
Intel Core i7
Core x4
Registers
Instruction
fetch
L1 d-cache
32 KB, 8-way
L1 i-cache
32 KB, 8-way
L2 unified cache
256 KB, 8-way
MMU
(addr translation)
L1 d-TLB
64 entries, 4-way
L1 i-TLB
128 entries, 4-way
L2 unified TLB
512 entries, 4-way
QuickPath interconnect
4 links @ 25.6 GB/s
102.4 GB/s total
L3 unified cache
8 MB, 16-way
(shared by all cores)
DDR3 Memory controller
3 x 64 bit @ 10.66 GB/s
32 GB/s total (shared by all cores)
Processor package
Main memory
To other
cores
To I/O
bridge
Intel Core i7
How many caches (including TLBs) are on this chip?
High end of Intel
“core” brand, 731M
transistors, 1366 pins.
Quadcore Core i7 announced late 2008,
six-core addition was launched in March 2010
Review of Abbreviations
Components of the virtual address (VA)
TLBI: TLB index
TLBT: TLB tag
VPO: virtual page offset
VPN: virtual page number
Components of the physical address (PA)
PPO: physical page offset (same as VPO)
PPN: physical page number
CO: byte offset within cache line
CI: cache index
CT: cache tag
Overview of Core i7 Address Translation
32/64
result
CPU
L2, L3 and
main memory
Virtual address (VA)
36
VPN
32
TLBT
12
VPO
L1
miss
L1
hit
4
TLBI
L1 d-cache
(64 sets, 8 lines/set)
TLB
hit
TLB
miss
...
...
L1 TLB (16 sets, 4 entries/set)
9
9
9
9
VPN1 VPN2 VPN3 VPN4
CR3
PTE
PTE
PTE
Page tables
PTE
40
PPN
40
CT
12
PPO
Physical
address
(PA)
6 6
CI CO
TLB Translation
1. Partition VPN into TLBT
and TLBI.
CPU
2. Is the PTE for VPN cached
in set TLBI?
3. Yes: Check permissions,
build physical address
12 virtual address
VPO
36
VPN
32
TLBT
4
TLBI
TLB
miss
1
2
PTE
PTE
...
TLB
hit 3
40
PPN
partial
TLB hit
page table translation
4
12
PPO
physical
address
4. No: Read PTE (and others
as necessary) from
memory and build physical
address
TLB Miss: Page Table Translation
CR3
9
VPN1
9
VPN2
9
VPN3
Page global
directory
Page upper
directory
Page middle
directory
Page
table
L1 PTE
L2 PTE
L3 PTE
L4 PTE
40
PPN
9
VPN4
12
VPO
12
PPO
Virtual address
Physical address
BONUS SLIDES
PTE Formats
63 62
XD
52 51
12 11
Page table physical base addr
Unused
9
Unused
8
7
G
PS
6
5
A
4
3
2
1
CD WT U/S R/W P=1
Available for OS (page table location on disk)
Level 1-3 PTE
Level 4 PTE
63 62
XD
P=0
P:
Page table is present in memory
R/W: read-only or read+write
U/S: user or supervisor mode access
WT: write-through or write-back cache policy for this page table
CD: cache disabled or enabled
A:
accessed (set by MMU on reads and writes, cleared by OS)
D:
dirty (set by MMU on writes, cleared by OS)
PS:
page size 4K (0) or 4MB (1), For level 1 PTE only
G:
global page (don’t evict from TLB on task switch)
Page table physical base address: 40 most significant bits of physical page table address
XD: disable or enable instruction fetches from this page
52 51
Unused
0
12 11
Page physical base address
Available for OS (page location on disk)
9
Unused
8
7
6
5
G
0
D
A
4
3
2
1
0
CD WT U/S R/W P=1
P=0
L1 Cache Access
32/64
data
L2, L3 and
main memory
L1
miss
L1
hit
L1 d-cache
(64 sets, 8 lines/set)
...
physical
address (PA)
40
CT
6 6
CI CO
Partition physical
address: CO, CI, and CT
Use CT to determine if
line containing word at
address PA is cached in
set CI
No: check L2
Yes: extract word at
byte offset CO and
return to processor
Speeding Up L1 Access: A “Neat Trick”
Tag Check
40
CT
6 6
CI CO
PPN
PPO
Physical address (PA)
Address
Translation
Virtual address (VA)
No
Change
VPN
VPO
36
12
CI
Observation
Bits that determine CI identical in virtual and physical address
Can index into cache while address translation taking place
Generally we hit in TLB, so PPN bits (CT bits) available quickly
“Virtually indexed, physically tagged”
Cache carefully sized to make this possible
Linux VM “Areas”
task_struct
vm_area_struct
mm_struct
mm
pgd
mmap
vm_end
vm_start
vm_prot
vm_flags
vm_next
Address of level 1 page table
vm_end
vm_start
vm_prot
vm_flags
vm_prot:
vm_next
pgd:
Read/write permissions for
all pages in this area
vm_flags
Shared/private status of all
pages in this area
process virtual memory
shared libraries
0x40000000
data
0x0804a020
text
vm_end
vm_start
vm_prot
vm_flags
vm_next
0x08048000
0
Linux Page Fault Handling
vm_area_struct
process virtual memory
i.e., Is it in area defined
vm_end
vm_start
vm_prot
vm_flags
vm_next
vm_end
vm_start
vm_prot
vm_flags
by a vm_area_struct?
If not (#1), then signal
segmentation violation
shared libraries
1
read
data
3
read
Is the operation legal?
i.e., Can the process
read/write this area?
If not (#2), then signal
protection violation
2
write
vm_next
text
vm_end
vm_start
vm_prot
vm_flags
vm_next
Is the VA legal?
Otherwise
Valid address (#3):
handle fault
Memory Mapping
Creation of new VM area done via “memory mapping”
Create new vm_area_struct and page tables for area
Area can be backed by (i.e., get its initial values from) :
Regular file on disk (e.g., an executable object file)
Initial page bytes come from a section of a file
Nothing (e.g., .bss) aka “anonymous file”
First fault will allocate a physical page full of 0's (demand-zero)
Once the page is written to (dirtied), it is like any other page
Dirty pages are swapped back and forth between a special
swap file.
Key point: no virtual pages are copied into physical memory
until they are referenced!
Known as “demand paging”
Crucial for time and space efficiency
User-Level Memory Mapping
void *mmap(void *start, int len,
int prot, int flags, int fd, int offset)
start
len
bytes
offset
(bytes)
len
bytes
Disk file specified by
file descriptor fd
Process virtual memory
(or address
chosen by
kernel)
User-Level Memory Mapping
void *mmap(void *start, int len,
int prot, int flags, int fd, int offset)
Map len bytes starting at offset offset of the file specified
by file description fd, preferably at address start
start: may be 0 for “pick an address”
prot: PROT_READ, PROT_WRITE, ...
flags: MAP_PRIVATE, MAP_SHARED, ...
Return a pointer to start of mapped area (may not be start)
Example: fast file-copy
Useful for applications like Web servers that need to quickly copy files.
mmap()allows file transfers without copying into user space.
mmap() Example: Fast File Copy
#include
#include
#include
#include
#include
<unistd.h>
<sys/mman.h>
<sys/types.h>
<sys/stat.h>
<fcntl.h>
int main() {
struct stat stat;
int i, fd, size;
char *bufp;
/* open the file & get its size */
fd = open("./input.txt", O_RDONLY);
fstat(fd, &stat);
size = stat.st_size;
/*
* a program that uses mmap to copy
* the file input.txt to stdout
*/
/* map the file to a new VM area */
bufp = mmap(0, size, PROT_READ,
MAP_PRIVATE, fd, 0);
/* write the VM area to stdout */
write(1, bufp, size);
exit(0);
}
Exec() Revisited
To run a new program p in the
current process using exec():
process-specific data
structures
(page tables,
task and mm structs)
Free vm_area_struct’s and page
tables for old areas
Create new vm_area_struct’s and
page tables for new areas
Stack, BSS, data, text, shared libs.
Text and data backed by ELF
physical memory
same for
each
process
kernel code/data/stack
0xc0…
%esp
stack
kernel
VM
demand-zero
process
VM
Memory mapped region
for shared libraries
.data
.text
executable object file
BSS and stack initialized to zero
libc.so
brk
runtime heap (via malloc)
0
uninitialized data (.bss)
initialized data (.data)
program text (.text)
forbidden
demand-zero
.data
.text
p
Set PC to entry point in .text
Linux will fault in code, data pages
as needed
Fork() Revisited
To create a new process using fork():
Make copies of the old process’s mm_struct, vm_area_struct’s, and
page tables.
At this point the two processes share all of their pages.
How to get separate spaces without copying all the virtual pages
from one space to another?
– “Copy on Write” (COW) technique.
Copy-on-write
Mark PTE's of writeable areas as read-only
Writes by either process to these pages will cause page faults
Flag vm_area_struct’s for these areas as private “copy-on-write”
– Fault handler recognizes copy-on-write, makes a copy of the
page, and restores write permissions.
Net result:
Copies are deferred until absolutely necessary (i.e., when one of the
processes tries to modify a shared page).
Discussion
How does the kernel manage stack growth?
How does the kernel manage heap growth?
How does the kernel manage dynamic libraries?
How can multiple user processes share writable data?
How can mmap be used to access file contents in arbitrary
(non-sequential) order?
9.9: Dynamic Memory Allocation
Motivation
Size of data structures may be known only at runtime
Essentials
Heap: demand-zero memory immediately after bss area, grows
upward
Allocator manages heap as collection of variable sized blocks.
Two styles of allocators:
Explicit: allocation and freeing both explicit
C (malloc and free), C++ (new and free)
Implicit: allocation explicit, freeing implicit
Java, Lisp, ML
Garbage collection: automatically freeing unused blocks
Tradeoffs: ease of (correct) use, runtime overhead
Heap Management
kernel virtual memory
memory protected
from user code
stack
%esp
Allocators request
additional heap memory
from the kernel using the
sbrk() function:
the “brk” ptr
error = sbrk(amt_more)
run-time heap (via malloc)
uninitialized data (.bss)
initialized data (.data)
program text (.text)
0
Heap Management
Classic CS problem
Handle arbitrary request sequence
Respond immediately to allocation requests
Meet alignment requirements
Avoid modifying allocated blocks
Maximize throughput and memory utilization
Avoid fragmentation
Specific issues to consider
How are free blocks tracked?
Which free block to pick for next allocation?
What to do with remainder of free block when part allocated?
How to coalesce freed blocks?
Heap Management
Block format
Allocators typically maintain header, optional padding
Stepping beyond block bounds can really mess up allocator
header
Format of
allocated and
free blocks
size
payload
a
a = 1: allocated block
a = 0: free block
size: block size
payload: application data
(allocated blocks only)
optional
padding
9.10: Garbage Collection
Related to dynamic memory allocation
Garbage collection: automatically reclaiming allocated blocks that
are no longer used
Need arises when blocks are not explicitly freed
Also a classic CS problem
9.11: Memory-Related Bugs
Selected highlights
Dereferencing bad pointers
Reading uninitialized memory
Overwriting memory
Referencing nonexistent variables
Freeing blocks multiple times
Referencing freed blocks
Failing to free blocks
Dereferencing Bad Pointers
The classic scanf bug
scanf(“%d”, val);
Reading Uninitialized Memory
Assuming that heap data is initialized to zero
/* return y = Ax */
int *matvec(int **A, int *x)
{
int *y = malloc(N*sizeof(int));
int i, j;
for (i=0; i<N; i++)
for (j=0; j<N; j++)
y[i] += A[i][j]*x[j];
return y;
}
Overwriting Memory
Allocating the (possibly) wrong sized object
int **p;
p = malloc(N*sizeof(int));
for (i=0; i<N; i++)
{
p[i] = malloc(M*sizeof(int));
}
Overwriting Memory
Off-by-one error
int **p;
p = malloc(N*sizeof(int *));
for (i=0; i<=N; i++)
{
p[i] = malloc(M*sizeof(int));
}
Overwriting Memory
Not checking the max string size
char s[8];
int i;
gets(s);
/* reads “123456789” from stdin */
Basis for classic buffer overflow attacks
1988 Internet worm
Modern attacks on Web servers
AOL/Microsoft IM war
Overwriting Memory
Referencing a pointer instead of the object it points to
Code below intended to remove first item in a binary heap of *size
items, then reheapify the remaining items.
int *BinheapDelete(int **binheap, int *size)
{
int *packet;
packet = binheap[0];
binheap[0] = binheap[*size - 1];
*size--;
Heapify(binheap, *size, 0);
return(packet);
}
Problem: * and -- have equal precedence, associate r to l
Programmer intended (*size)-Compiler interprets as *(size--)
Other Pointer Pitfalls
Misunderstanding pointer arithmetic
Code below intended to scan array of ints and return a pointer to
the first occurrence of val.
int *search(int *p, int val)
{
while (*p && *p != val)
p += sizeof(int);
return p;
}
Referencing Nonexistent Variables
Forgetting that local variables disappear when a function
returns
int *foo ()
{
int val;
return &val;
}
Freeing Blocks Multiple Times
Nasty!
x = malloc(N*sizeof(int));
/* do some stuff with x */
free(x);
y = malloc(M*sizeof(int));
/* do some stuff with y */
free(x);
Referencing Freed Blocks
Evil!
x = malloc(N*sizeof(int));
/* do some stuff with x */
free(x);
...
y = malloc(M*sizeof(int));
for (i=0; i<M; i++)
y[i] = x[i]++;
Failing to Free Blocks (Memory Leaks)
Slow, long-term killer!
foo()
{
int *x = malloc(N*sizeof(int));
...
return;
}
Failing to Free Blocks (Memory Leaks)
Freeing only part of a data structure
struct list {
int val;
struct list *next;
};
foo() {
struct list *head =
malloc(sizeof(struct list));
head->val = 0;
head->next = NULL;
/* create, manipulate rest of the list */
...
free(head);
return;
}
Before You Sell Book Back…
Consider useful content of remaining chapters
Chapter 10: System level I/O
Unix file I/O
Opening and closing files
Reading and writing files
Reading file metadata
Sharing files
I/O redirection
Standard I/O
Chapter 11
Network programming
Client-server programming model
Networks
Global IP internet: IP addresses, domain names, DNS servers
Sockets
Web servers
Chapter 12
Concurrent programming
CP with processes (e.g., fork, exec, waitpid)
CP with I/O multiplexing
Ask kernel to suspend process, returning control when certain
I/O events have occurred
CP with threads, shared variables, semaphores for synchronization
Class Wrap-up
Final exam in testing center: both days of finals
Check testing center hours, days!
50 multiple choice questions
Covers all chapters (4-7 questions each from chapters 2-9)
3 hour time limit: but unlikely to use all of it
Review midterm solutions, chapter review questions
Remember:
Final exam score replaces lower midterm scores
4 low quizzes will be dropped in computing overall quiz score
Assignments
Deadline for late labs is tomorrow (15 June).
Notify instructor immediately if you are still working on a lab
All submissions from here on out: send instructor an email
Reminder + Request
From class syllabus:
Must complete all labs to receive passing grade in class
Must receive passing grade on final to pass class
Please double check all scores on Blackboard
Contact TA for problems with labs, homework
Contact instructor for problems with posted exam or quiz scores
Parting Thought
Again and again I admonish my students both in Europe and
in America: “Don’t aim at success – the more you aim at it
and make it a target, the more you are going to miss it. For
success, like happiness, cannot be pursued; it must ensue,
and it only does so as the unintended side-effect of one’s
personal dedication to a cause greater than oneself or as the
by-product of one’s surrender to a person other than oneself.
Happiness must happen, and the same holds for success: you
have to let it happen by not caring about it. I want you to
listen to what your conscience commands you to do and go
on to carry it out to the best of your knowledge. Then you
will live to see that in the long run – in the long run, I say! –
success will follow you precisely because you had forgotten
to think of it.”
Viktor Frankl
