Single address space or private address spaces?

Abstract

The appearance of 64 bit address space architectures (DEC Alpha, HP P/A RISC and MIPS R4000), has fostered interest in single address space operating systems. Examples of such implementations are Opal[Chase 1994], Angel[Murray 1993] and Mungi[Heiser 1993]. They all offer the following advantages: a virtual address is the universal means to reference any object in the system; therefore, there is no need for pointer swizzling, when an object is deleted, and because of the size of the address space, there is no need for address reutilization, with the expensive problems it implies (address ambiguities, dangling pointers), and, last but not least, any application program or data in the system may be statically linked. The main challenge is probably the design and implementation of a protection scheme to limit the access rights of each thread or application running in the single space. Radical proponents of pure single address space claim that protection is orthogonal to addressing, which is true. However, due to the limitations of hardware mechanisms to enforce protection rules, and to the distributed environment, the single space is in fact implemented by the cooperation of multiple virtual address spaces. Each protection domain is implemented by a virtual space. Another difficulty is the management of private data which implies some kind of base register addressing.Our claim in this position paper is that the management of data private to domains or threads is an intrinsic function of any distributed virtual memory system. Rather than hiding them in a single space, it is more efficient and simpler to implement these private areas at fixed locations in each virtual address space which will be dynamically bound to distinct physical locations. Hence, each address space is statically divided in two areas: a common area which is managed as a single address space, and a private area. Such a system combines the advantages of Opal-like systems concerning static addressing and linking, and those of classical virtual memory systems concerning the selection of local data.The remainder of this paper is organized as follows. In section 2 are discussed two different schemes for protection, both relying upon the capability concept. Section 3 gives an argument for the use of private data, and shows that they can be implemented at low cost. Section 4 outlines a proposal in which a shared single address space for persistent data coexists with private segments for temporary data. In conclusion, this proposal is compared to previous systems.