Skip to content

Terms

Jump to bottom
Berkus Decker edited this page Mar 11, 2017 · 1 revision

Some terms collected over from old wiki, may be irrelevant.

Protection domains consist of a set of memory pages and a set of portals accessible to threads executing in that domain. Protection domains may share memory and portals. Protection domain can shortly be called a task.

A region is a way to share (export) memory from a task and a mapping is a way to accept (import) memory from another task.

A thread is a scheduleable entity that executes inside a task and may switch to another task by portal traversal. An activation record is a point of entry of a thread into a task.

A portal is a piece of trusted code that transfers the calling thread from the invoking task to the invoked task and may perform additional actions (parameter modification, virtual memory, etc.).

  • portal code is generated dynamically and performs portal-specific actions.
  • portal code runs in kernel mode and may access or modify private data structures belonging to certain servers (e.g. VM).
  • portal code has no loops and may not be blocked (fixme: page faults?).
  • each task has a private portal table.
  • portals are managed by portal manager.
  • portals are created in pairs, a call portal and a return portal. The return portal may be shared.
  • a short-circuit portal implements the operation without switching to another task. It is similar to the Unix null system call getpid().
  • managing the portal table is crucial for enforcing protection (file access, server access, etc.) and safety (sandboxing, interposition, etc.).
  • the portal code is specialized for the particular client and server.
  • the portal code is instantiated from a template at the time that the portal is opened.
  • a task may invoke only the portals it can explicitly open or those it has inherited from its parent.
  • portal code and portal tables may be shared between domains.

IPC mechanism is atomic. Any minimal IPC operation is restartable. To make multistep IPC operations restartable portal code updates thread activation record to point to next step (or, if IPC operation is idempotent, does nothing).

The nucleus which is basically used to transfer control between protection domains is actually "glue code". The actual "kernel" is just a separate loadable component running in supervisor mode.

vesper logo

Metta Systems website

Clone this wiki locally