Spaceborne computer executive routine functional design specification.  Volume 3:  Executive routine primitives and process control by Kennedy, J. R., Sr.
1. .# "I 
N A S A C O N T R A C T O R  
R E P O R T  
o* 
*o 
00 
P 
I 
PC: 
V 
SPACEBORNE COMPUTER EXECUTIVE ROUTINE 
FUNCTIONAL DESIGN SPECIFICATION 
Volume 111. Executive Routine Primitives 
and Process Control 
by Jumes R. Kennedy, Sr. 
Prepared by 
COMPUTER SCIENCES CORPORATION 
FIELD SERVICES DIVISION, AEROSPACE SYSTEMS CENTER 
Huntsville, Ala. 3 5 802 
for George C. MarshaZZ Space Flight Center 
NATIONAL  AERONAUTICS  AND  SPACE  ADMINISTRATION WASHINGTON, D. C. OCTOBER 1971 
https://ntrs.nasa.gov/search.jsp?R=19710028301 2020-03-11T21:32:45+00:00Z
TECH LIBRARY KAFB, NM 
TECHNICAL R I lll Il11 1111 1111 III lllll11lIlS I 
I .  REPORT NO. 12. C O Y R M Y W T  ACCESSION NO. 13. OObLOL4 
" NASA CR-1869 I 
1. TITLE AND SUBTITLE 
~~ ~~ 
5. R E P m T  DATE 
Spaceborne  Computer  Executive  Routine  Functional Design . October 1971 
Specification, Volume III. Executive Routine Primitives 6. ' P E R F O R ~ M I N G ~ Z A T I O N  CODE 
4- PrEnss cnntrnl 
7. AUTHOR(S1 
~- 
1-8. PERFORMING ORGANIZATION fiEPORr # 
James R. Kennedy, Sr. 
Computer  Sciences Corporation 
Field Services Division, Aerospace Systems Center CONTRACT OR GRANT NO. 
"
" .~ ~ ~ . . . .  ~ 
B. PERFORMING ORGANIZATION NAME 'ND ADDRESS 
. ~~ - ~ ~ ~ ~ 
lo .  WORK UNIT, NO. 
National  Aeronautics  and  Space  Administration 
Washington, D. C. 20546 14. SPONSORING  AGENCY  CODE 
. ." ~ I . . .  . . . . .  
5. SUPPLEMENTARY  NOTES 
. ." ~ ~~ 
6. -ABSTRACT 
.~ " - "" ~ .~ 
This report  discusses the  concept of a process, and formalizes the process 
state transitions activated by application program usage of system primitives. 
Approaches for implementing  the required control capabilities in both  software 
(the traditional approach)  and  digital hardware ,logic are detailed.  Logic  network 
and control sequencing requirements are derived, and  the associated circuit  diagrams 
are shown.  Software prockdures for performing a similar function are developed  and 
depicted in an ALGOL-like source program form. A brief comparison of the two 
approaches is made. 
This document is Volume I11 of a three-volume report entitled  "Spaceborne 
Computer  Executive  Routine  Functional  Design  Specification. ' I  The other two volumes 
are: 
Volume I: Functional Design of a Flight Computer Executive Program 
for the  Reusable Ehuttle 
Volume 11: Executive Design for Space Station/Base 
7.  KEY WORDS - la ,  D l 8 T R l r ~ - l O H ~ ~ A T C M C N T  
Executive  Routine Multiprocessor Unclassified - Unlimited 
Operating  System Multiprogramming 
Hardware  Executive Scheduling 
Real  Time  Monitor Spaceborne  Computer 
Y 
19. SECURITY CLASSIF. (d thh rap-) 
- 
20. SECURITY CLASSIF. (or tkt. -10) 
. . , , A L L .  
21. NO. OF PAGES 
Unclassified  Unclassified 95 
. .  . .  
For sale by the  National Technical Information Service, Springfield, Virginia  22151 
L 
- - -  I 
. . . . . . . . . . . . . . . . . . . . . . . . . . .  
VOLUME 111 
EXECUTIVE ROUTINE PRIMITIVES 
AND 
PROCESS  CONTROL 
.... 
SECTION I . 
SECTION 11 . 
SECTION 111 . 
SECTION IV . 
SECTION V . 
TABLE OF CONTENTS 
INTRODUCTION . . . . . . . . . . . . . . . . .  3 
A . Concept of a Process . . . . . . . . . . . . .  4 
B . Construction . . . . . . . . . . . . . . . .  5 
PRIMITIVES . . . . . . . . . . . . . . . . . . .  9 
A . Wai t  . . . . . . . . . . . . . . . . . . .  9 
B . Continue . . . . . . . . . . . . . . . . . . .  9 
C . Wake . . . . . . . . . . . . . . . . . . . .  10 
D . Stop . . . . . . . . . . . . . . . . . . . . .  10 
E . Suspend . . . . . . . . . . . . . . . . . . .  10 
F . Release . . . . . . . . . . . . . . . . . . .  11 
G . Termination . . . . . . . . . . . . . . . . .  12 
PROCESS  CONTROL STATES . . . . . . . . . .  
A . Compute  Cycle . . . . . . . . . . . . . . .  
B . The  Work Variable . . . . . . . . . . . . .  
C . Dispatching . . . . . . . . . . . . . . . . .  
D . Cooperative  Processes . . . . . . . . . . .  
E . Suspended States . . . . . . . . . . . . . .  
F . Process  Termination . . . . . . . . . . . .  
G . Example of Usage . . . . . . . . . . . . . .  
13 
13 
15 
1 7  
18 
18 
20 
22 
IMPLEMENTATION . . . . . . . . . . . . . . . .  25 
A . Transition  Matrix . . . . . . . . . . . . . .  25 
B . Control  Variables . . . . . . . . . . . . . .  29 
C . Sum  of Products . . . . . . . . . . . . . .  31 
D . Processor  Control . . . . . . . . . . . . .  34 
1 . Dispatcher . . . . . . . . . . . . . .  34 
a . Ready List . . . . . . . . . . . .  34 
b . Dispatcher Overview . . . . . . .  35 
2 . Trap  Processing . . . . . . . . . . .  37 
E . Hardware  Implementation . . . . . . . . .  41 
1 . Logic  Network . . . . . . . . . . . .  43 
2 . ~ Process  Control Sequencing . . . . .  43 
F . Software  Implementation . . . . . . . . . .  52 
- 
MONITORING . . . . . . . . . . . . . . . . . . .  6 1  
iii 
. 
VOLUME 111 
EXECUTIVE ROUTINE PRIMITIVES 
AND 
PROCESS CONTROL 
TABLE OF CONTENTS (Continued) 
Page 
SECTION  VI. COMPARISONS . . . . . . . . . . . . . . . . . . .  65 
SECTION  VII. CONCLUSIONS . . . . . . . . . . . . . . . . . . .  67 
SECTION  VIII. RECOMMENDATIONS . . . . . . . . . . . . . . .  69 
APPENDIX A LOGIC  MAPS FOR PROCESS  CONTROL . . . . .  71 
APPENDIX B PROCESS  CONTROL  FUNCTIONS . . . . . . . . .  77 
iv 
- .__. . . . . . . . . . . . . . . . . .  - . ..... . . . . . .  . . . . . . . .  r -  
LIST OF ILLUSTRATIONS 
Figure 
10 
11  
12 
13 
14 
15 
16 
17 
A1 
B1 
Title 
Process Control Block . . . . . . . . . . . . . . . . .  
Initial State Transitions . . . . . . . . . . . . . . . . .  
Revised State Transitions . . . . . . . . . . . . . . . .  
Extended State Transitions . . . . . . . . . . . . . . .  
Final State Transitions . . . . . . . . . . . . . . . . .  
Alternate  Form  for STOP Transition . . . . . . . . . .  
Evaluation of X . . . . . . . . . . . . . . . . . . . . .  
Dispatcher Overview . . . . . . . . . . . . . . . . . .  
Processor  States . . . . . . . . . . . . . . . . . . . . .  
Logic  Network for  Process  Control . . . . . . . . . . .  
R-S Flip-Flop . . . . . . . . . . . . . . . . . . . . . .  
Process  Control Sequencing . . . . . . . . . . . . . . .  
Logic  Overview . . . . . . . . . . . . . . . . . . . . .  
Process  Control  Primitives . . . . . . . . . . . . . . .  
Control Flow Diagram . . . . . . . . . . . . . . . . . .  
Interprocessor Interrupt Procedure (TRAP) . . . . . .  
Source  Form  Statement  Listings  for  Process  Control . 
Maps fo r  Derivation of Boolean Expressions . . . . . .  
Process Control Functions . . . . . . . . . . . . . . .  
V 
14 
16 
19 
2 1  
28 
33  
36 
39 
47  
48 
51  
53 
56-57 
58 
59 
60 
72 
78 
.. . . . . . . . . . . .  . "" . . " - " "" 
LIST OF TABLES 
Table 
1 
2 
3 
4 
5 
6a 
6b 
7 
8 
9 
Title 
Process  Control Block Entry  Descriptions . . . . . . .  
State Transition Matrix . . . . . . . . . . . . . . . . .  
Work Variable Control . . . . . . . . . . . . . . . . .  
Example  Standard  Basis . . . . . . . . . . . . . . . . .  
Expanded Matrix . . . . . . . . . . . . . . . . . .  : . .  
Expanded Standard Basis . . . . . . . . . . . . . . . .  
Control Variables . . . . . . . . . . . . . . . . . . . .  
Sum of Products  Expressions . . . . . . . . . . . . . .  
Steps in  Control Sequence . . . . . . . . . . . . . . . .  
Cost and Time Comparison . . . . . . . . . . . . . . .  
Page 
7 
26 
27 
30 
42 
44 
45 
46 
50 
65 
vi 
. .  . .  . . . " . .  . .. .- 
DEFINITION OF SYRlBOLS 
AAIJ 
Backlog 
Compute  Cycle 
I11 
L PS 
LSR 
PCB 
Preempt  Dispatcher Action 
Process 
Process  Construction 
State Diagram 
Task 
Allow all interrupts and jump. The jump in- 
struction which transfers  processor  control 
to a process  return  address or entry point. 
An amount of work which has  been  scheduled 
but  has not been  completely  processed. 
The  complete  transition  cycle  ("idle, f t  "ready, 
r'running''). 
Initiate Interprocessor Interrupt. A computer 
instruction used by  one central  processor, 
under  executive  control, to signal  another 
central  processor  for the  purpose of assigning 
tasks. 
Load Processor State Register. The executive 
instruction which enables  the  executive  to set 
the  state of a  processor  to  insure  system 
protection. 
Load Storage Register. The executive instruc- 
tion which sets  the  memory  access  boundaries 
to  those of a  given  process. 
Process  Control Block 
The  act of seizing  control of a  processor  from 
a  process for assignment  to  a  higher  priority 
process. 
The  sequence of actions  performed  in  order  to 
complete a task. 
The  act of executing  a set of procedures  that 
create  a  process. 
A representation  for  a finite state machine 
that  has  inputs  and  outputs. 
A specific  quantity of work to  be  accomplished. 
vii 
TCL 
TDR 
TDS 
TPL 
Trap 
DEFINITION OF SYMBOLS (Continued) 
Trap  Control Line. Indicator denoting that a 
trap has  occurred. 
Trap Designator Register. Indicator denoting 
whether a processor is the  trap  processor or 
not. 
Trap  Designator  Set 
Trap Processing Line. Indicator to denote 
that  trap  processing is occurring. 
A list-driven  processor  capability  activated 
by the  process  control  mechanism; a transfer 
of processor  control  to a specified  location as 
a result of some  event or condition  requiring 
special  attention. 
viii 
FOREWORD 
The  work  reported  herein was administered  in the Systems  Research 
Branch, Computer Systems Division, Computation Laboratory, MSFC, with 
Bobby C. Hodges assigned as Contracting Officer's Representative. In 
addition to his routine  duties as Technical  Monitor, Mr. Hodges has added 
significantly  to  our  insight  into  and  understanding of related NASA programs 
through  careful  planning,  coordination  with in-house effort, and encouragement. 
I. . .  
ix 
VOLUME III 
EXECUTIVE ROUTINE PRIMITIVES 
AND 
PROCESS CONTROL 
SUMMARY 
~" 
The  feasibility of partitioning  an  executive  routine  into  primitive 
controls, scheduling functions, and supporting supervisory software is shown. 
The report  outlines  an  approach  to a functional  partitioning that lends itself 
wel l  to  automation. 
Based upon general  requirements  for  run-time  support  to  arbitrary 
processes, a basic set of executive routine primitives is defined. Using 
an inductive  approach, a state transition  diagram is developed,  thus  forming 
the  basis  for  the  development of a finite state automata to  control  all  processes. 
The state  diagram is then  used  to  derive  a  digital  hardware  logic  device  that 
provides  the  necessary  sequential  processing. A stacking mechanism is 
introduced  to  link  the  control  hardware  to  certain  software  support  procedures. 
The  stack is processed  through  the  use of a hardware  trap  scheme  for  executing 
procedures  that have been  stacked. 
A software  approach  to  mechanizing  a  comparable  capability is devel- 
oped. The method of depicting  this  approach is comprised of showing program 
flow diagrams and high-level source language statements. The architectural 
framework  for specifying  the  software  approach is taken  to  be the UNIVAC 1108 
Multiprocessor  System. 
Finally a comparison of the two approaches  shows  that  a  hardware 
implementation is practical and displays  significant  advantages  in  terms of 
cost and system  overhead. Although no explicit  comparisons are given  to 
contrast the two approaches with respect  to  weight,  volume,  reliability, and 
power  consumption,  the  overwhelming  simplicity of the  hardware  approach 
is felt to obviate the need for  detailed  comparisons. The results  are  clearly 
in  support of a hardware  logic  design  approach. 

r 
SECTION  .I.  INTRODUCTION 
The  supervisory  aspects of controlling  program  execution  with  a 
general  purpose  digital  computer  environment have become so complex  that 
not  only is it now difficult  to  implement  scheduling  procedures  that have 
predictable  effects,  but it has  also  become  difficult  to  establish  design 
require'ments and describe a control  method  that  exhibits  desirable features. 
This  complexity is, of course,  an  inevitable result of a tendency to want 
more out of computing systems  in  terms of the  total  number of tasks  com- 
pleted  in a given  time  interval. Since faster  program development is also 
desirable,  systems have been  further  complicated by the  addition of functional 
responsibility  in  the  area or" development support  through program debug, 
text edit, language translation, and file maintenance  capabilities. 
Relatively good success  has  resulted  from  recognizing  that  many .func- 
tional  responsibilities  can  be  simplified through partitioning o r  segmentation 
into  well defined  and easily  managed  subfunctions.  The  purpose of this mono- 
graphy is to outline  an  approach to applying partitioning  procedures  to  the 
supervisory  function.  The  objective is to show simplicity  in  the  methods in- 
volved, and to  analyze and compare  several  possible  methods  for  implemen- 
tation. 
The  following discussion ou.tlines  the  concept of a  "process" as it re- 
lates to  the  computer  executive function. Based on this concept,  the  important 
features of process "construction, "primitives, '' "control, "termination, ' I  
and "monitol-ing" are  discussed. Techniques for  control  implementation  are 
examined, and examples of usage are  cited.  The  discussion  ends with con- 
cluding remarks and recommendations  for  further  e€fort. 
Implementation of the  control  concepts  discussed  in  the  report  has 
historically  been  accomplished  through  the  application of software  engineering 
in  order to design,  fabricate, and test executive  system  programs  that per- 
form  the  required functions.  Recent research and development has  isolated 
program  control  principles  that  are  reasonably  general  purpose, and neces- 
sary  in all but  the  simplest  sequential  batch  programming  systems.  The 
report expands on these  principles, and emphasizes a digital  logic  approach 
to  implementation;  a  software  approach is also indicated. 
TQ  establish a frame of reference  for the major points of interest  that 
follow,  the  concept of a process and the  meaning  of.construction of a process 
are outlined. 
A. Concept of a Process 
The  usual quantity of work  referred  to in discussions  regarding compu- 
ter systems is the "task. "User  tasks" and "system tasks" have been accepted 
as terms  for  describing  the ntities that an executive  system  deals  with  in its 
supervisory  capacity. A task will  be  similarly  regarded  in  this  discussion as a 
specific quantity of work  to be accomplished. 
Most of the  discussion,  however,  will  be  concerned with the  sequence 
of actions  performed  in  order  to  complete a $ask.  This  sequence  is  referred  to 
as a llprocesslf and is discussed by Lampson /1/ and others /2/3/4/. It is im- 
portant  to  note that a process  may  execute  code  from  either  system o r  user  
(application) programs, o r  both, in a more-or-less  arbitrary  order. Since the 
control  devices of process-oriented  systems  may include  those  for  stopping 
process execution,  code which is shared  among  several  (possibly  concurrent) 
processes  must be structured  to  support unsynchronized,  multiple  (simultaneous) 
execution  instances. Such a program is often referred  to as reentrant  in that 
one  execution  instance  can be suspended and another begun, both at (virtually) 
any location  in the code. With a multiprocessor  system,  literal  simultaneity 
is possible. 
The  definition of a "processfr  can be extended recursively by also con- 
sidering  a set of sequential  processes  to be a process. Such a definition  would 
allow for (and require) a nested control capability. However, this discussion is 
concerned only with the  simpler definition  since no generality is lost. 
1 Lampson, B. W. : A Scheduling Philosophy for  Multiprocessor  Systems. 
Comm ACM, V 11, N5, pp. 347-360, May, 1968. 
'Dijkstra, E. W. : The  Structure of "THE" - Multiprogramming System. 
Comm ACM, V 11, N5, pp. 341-346, May, 1968. 
3Wirth, N. : On Multiprogramming, Machine Coding, and Computer 
Organization. Comm ACM, V 12, N9,  pp.  489-498, September, 1969. 
4Hansen, P. B. : The Nucleus of a Multiprogramming System, Comm ACM, 
V 13, N4, pp. 238-250, April, 1970. 
4 
B . C snstructim 
Process  construction is the  act of executing a set of procedures  that 
create a process. In its broadest  sense,  process  construction  consists of pro- 
gram design and  coding  followed by translation  to  machine-executable  code, 
collection  into a module  that is mapped  onto  main  (instruction)  memory, input 
to  main  memory, and creation and initialization of a block of main  memory  that 
constitutes a set of state variables  for  control of the  process. 
For  purposes of this  discussion, a truncated  definition  will be sufficient. 
It includes : 
0 Collection and mapping, 
0 Input to  instruction  memory, and 
0 Process  control block formations. 
Collection is a  gathering  together,  from  several  sources, of the  various uncol- 
lected  routines  constituting a set of process code. As the  code is gathered, it 
is mapped one-for-one  word-wise  onto some contiguous set of instruction  memory 
locations.  Once  collection and  mapping has been accomplished,  the  code  can be 
written  into  instruction  memory and a process  control block  (PCB) constructed. 
Figure 1 shows a possible  structure  for a typical  PCB /5/ beginning at 
the ring  pointer PCBRING. The  contents of this block are  for the most  part  self- 
explanatory;  table 1 defines  these  entries. (In the  event  that  multiple  processors 
a re  allowed to  concurrently  execute .common  code from a  given process,  the  entire 
process  must be reentrant.  The  PCB  structure shown  will  not support  this  require- 
ment. Although it is certainly of academic  interest, this possibility is not con- 
sidered  further  here. ) 
5The process  control block discussed  here is similar  to  the "Exchange 
Package"  discussed  in /6/ and the "Job Area" of /7/. 
'Reference  Manual - Control Data 7600 "Preliminary  Computer  System, I'  
Control  Data  Corporation  Publication  Number 60258200, Revision 02, 1969. 
7Huberman, B. J. : Principles of Operation of the  Venus  Microprogram, 
Mitre Technical  Report MTR-1843, The Mitre Corporation,  Bedford,  Mass., 
1 May 1970. 
5 
Previousprocess I Nextprocess 
PCBRING Processname 
a l b l c l w l  C PUnumber 
1 
Startentrv 
4 
Breaktmintaddress 
Breskpointoperand I BPOtrapaddress 
i Machineregisters 
v PROCESSID 
U 
Status Word 
c 
s , o  
FIGURE 1. PRQCESS CONTROL BLOCK 
" 
TABLE 1. PROCESS CONTROL BLOCK ENTRY DESCRIPTIONS 
ENTRY 
Previousprocess 
Nextprocess 
Processname 
a b c  
Priority 
Startentry 
Returnaddress 
.._____ "" -~ ~~~~ 
Highmemory 
Eowmemory 
C PUnumber 
Breakpointaddress 
Breakpointoperand 
Machineregisters 
. .. 
DESCRIPTION 
. .  
Pointer  to  the  predecessor PCB on the ring. 
Pointer  to  the  successor PCB on the  ring. 
Unique name  for this process. 
Three  bit  process  state  indicator. 
Relative protess priority. 
Instruction  memory  address of the first instruction. * 
Instruction  memory  address of next instruction  in case process 
activity is stopped;  execution will be  resumed at this  location. 
Initially  has  the  value of startentry. 
Largest  instruction  memory  address  associated,  for  protection 
and  access  purposes, with tMs process. 
Sma.llest instruction  memory  address  associated,  for  protectior 
and access  purposes, with this process. 
Hardware address of the  processor unit  associated,  during 
execution,  with  this  process. 
Instruction  memory  address  which, if it becomes  the  argument 
of an  instruction  fetch  cycle, will cause  an  internal  processor 
trap  to a predetermined  instruction  memory  address  specified 
by BPAtrapaddress. ** 
Instruction  memory  address  which, if it becomes  the  argument 
of a datum  fetch  cycle, will cause an internal  processor  trap 
to a predetermined  instruction  memory  address  specified  by 
BPQtrapaddress. ** 
A block of words  reserved  for  saving all programmable 
processor  registers when process  activity is stopped. Must 
include all registers depicting procem state information. 
Counter showing the  number of unserviced WAKE primitives 
invoked for this procesa. 
~ . 
* The  exact  meaning of dl main memory  addresses is dependent on the  details of 
hardware  addressing.  The  preliminary  organization shown here is merely  rep- 
resentative.  For  instance, if data and instructions are separated a high and low 
data  memory  address would be  required; if a paged memory is used,  the page 
file  map would be saved. 
operating in a debug mode. 
**These  values would have meaning only when the  associated  processor is 
At the  time of construction,  the  values of a, b, and c, discussed  in 
detail below, are all set to  zero, as is the case with  Returnaddress,  CPUnumber, 
Breakpointaddress,  and  Machineregisters,  while Startentry is stored  in its 
designated  space  for  the life of the  process. It should be pointed  out  that no 
specific  memory  word  size  or  processor egister set is assumed;  the  organi- 
zation of the  PCB is, therefore,  subject  to  optimization  in a specific  architectural 
case. Also, the  storage area reserved  for  PCB's is assumed  to be protected 
through  definition of a set of privileged  instructions (at least a "store-PCB" 
instruction). 
8 
SECTION I. PRIMITIVES 
In  order  to  accomplish  control of processes, a set of primitive  opera- 
tors,  o r  instructions, is defined. The exact effect of these  primitives, when 
invoked by a process, is discussed  in  the next  section;  the  general effect, how- 
ever, is to alter the state of a process  through  specific  executive  system  action. 
The states of all processes known to  the  system are kept current by recording 
these  values as three bit binary  numbers  in  the  appropriate  PCB's.  The  names 
used  here  for  the  primitives  were  chosen  because of the  intuitive  thoughts  evoked 
by them. 
A. Wai t  
This  primitive  has no explicit  arguments  (parameters)  associated with it. 
It i s  a command executed by a  process when the  process is executing  and  cannot 
proceed  until  some  arbitrary,  requested  event  has  occurred. The effect of this prim- 
itive is to  stop  process  action  and  thereby  make  the  associated  relinquished  processor 
available  for  assignment  to  another  process  that  is  ready  to  proceed. The implied 
argument of this  primitive is the "Processname" of the invoking process. Be- 
cause no other  arguments  are  recognized, it is not possible  for  process "A" to 
keep  another  process, "B, I '  from  proceeding by direct  use of the WAIT primitive. 
When execution of a process  that  has invoked a WAIT primitive is resumed, 
it will continue at the instruction  immediately  following  the  instruction  sequence 
that invoked the WAIT. The  address of this  instruction is saved as  Returnaddress 
in  the  appropriate  PCB by the WAIT mechanism.  The WAIT mechanism  also  saves 
all  pertinent  processor  registers  in the PCB  and sets the  values of a, b, and c to 
indicate  that  the  process  is  in a "waiting" state. Other WAIT mechanism  functions 
are discussed  in  the  section on  "Control. 
B.  Continue 
When a process  has  placed  itself  in  an  inacti\.e state through a WAIT, it 
can be resumed only by another  (cooperative)  process  through  use of a CONTINUE 
primitive.  This  primitive  specifies  the  name of the  waiting  process as a parameter. 
The  PCB  for  the  specified  process is located by use of its unique  name  (for  instance, 
by searching a hash-coded  table  that  associates a pointer,  such as PROCESSID in 
figure 1, with  the  name);  the  process is then  placed in  a tfreadyTf state wherein it 
may compete, on the  basis of its relative  priority,  for  assignment of a processor. 
9 
It is important  to  note  that,  prior  to  use of WATT, every  process  must 
be assured  that  some  cooperative  process  will  invoke a CONTINUE in behalf of 
the  waiting  process.  Normally,  certain  system  support  routines  in  the  form of 
subrcutines or  supervisor calls would be provided  to  allow a process  to request 
that it be continued for  specific  reasons.  Examples  might  include  completion of 
an input operation,  expiration of a specified time interval,  granting of a request 
for  device assignment or storage  allocation, etc. 
C.  Wake 
A-fter a process  has been constructed, it is in the "idle" state. In this 
state, the  process is prepared  for execution but is not yet  activated.  The WAKE 
primitive is the  mechanism  for  causing a specified idle process  to be placed  in 
the  rrreadyrr state where it will  have processor  time  allocated for execution. 
When a process is ??idlef1 and a WAKE for it is invoked, the WAKE 
primitive will  cause the process  "startentry, If stored  in  the PCB, to be  copied 
into  the  returnaddress  space in the PCB. The WAKE primitive  specifies  the 
object  process  name as an  argunlent. 
D. Stop 
This  primitive is invoked by a process  that is in  the  T1runningl' state in 
order  to  indicate  to  the  system  that i has  completed  its  execution  and  wishes  to 
return to the idle state. -Once a STOP has  been invoked, subsequent  execution 
instances occur only as a result of WAKE primitives invoked for this  process. 
Each  such  execution  instance wil l  begin at  the process  "startentry"  saved  in 
the PCB. 
E. Suspend 
This  primitive  and its converse, RELEASE, are defined  to  enable a 
process, "A, to stop and restart another process I'B. This capability is pro- 
vided primarily  for  the  purpose of stopping a specified  process  to  enable it to 
be examined  intimately by some  other  process.  From  the point of view of the 
suspended process,  there is no discernible  effect; it therefore  has no knowledge 
of having been suspended. While suspended, the process's data, instructions, 
and machine  register  contents  can be examined or modified  dynamically. 
While the  uses of SUSPEND are many, only debugging  and synchroni- 
zation a re  mentioned here.  Several  processes  can be synchronized  to  the  nearest 
instruction by breakpointing and suspending  until all processes have  been  suspended. 
Then, upon release, they will be closely  synchronized. In order  to debug process 
code or  analyze  algorithm  failures, it is necessary  to  suspend  execution non- 
destructively  to  permit  observation. 
10 
F. Release 
The  act of invoking a RELEASE primitive  for a specified  process  will 
cause  the  process  to  revert  back  to  the  state it was  in  at  the  time of the  most 
recent SUSPEND for  the  process (an  exception is discussed below). For instance, 
if the  process  was  executing  code at the  time of a SUSPEND, a cancelling RELEASE 
will  cause  it  to  continue  execution  where it was  suspended. 
G. Termination 
The  discussion  has  considered  process  construction  and  control. For 
completeness,  primitive  controls  are  specified  to allow a  process  to  terminate 
itself or  for  another  process  to  cause its termination. 
Self-termination  can be accomplisfied by a process  through  an EXIT 
primitive,  while  termination of a process by an  external  mechanism is accom- 
plished  through  an ABORT primitive.  Processes  that are aware of an  internal 
anomaly  may ABORT themselves  also. 
In effect,  an EXIT will  cause  a  process  to be placed  in  the 'Wlerr state, 
followed by release of main  memory  assigned  for  appropriate  process  code  and 
PCB  residence. An ABORT has all of the effects of an EXIT with  additional 
capability  for  "post-mortem"  main  memory  dumps  and  other  terminal  actions 
to aid  in debugging. 
11 
I 

SECTION III. PROCESS CONTROL STATES 
In this  section,  the  use of system  primitives is discussed  through con- 
siderations with respect  to state diagrams. Also, an alternate form  for  the 
state diagram is introduced  in  order  to  support  the development of logic  expres- 
sions  for  process  control by an executive  system. 
Many of the  details  related  to  logic  techniques ar? considered  to be 
routine  in  the  field of digital systems  engineering.  Similarly,  many of the 
historically-"software"  concepts are routine  to  the  systems  programming  field. 
The  (sometimes)  tutorial nattbe of the  discussions  that follow has  the  major 
purpose of introducing readers in  each  field  to  the  concepts and techniques of 
the  other  in  order  that  more  integrated  systems  will be appreciated. 
The  conventions  used  in  the state diagrams developed here are standard 
in  that  arrows  are  used  to show transitions;  the  name o r  symbol  adjacent  to 
the  tail of each arrow is the  identifier  for  the  primitive, o r  input, which will 
cause  the  associated  transition. Given a particular  state,  certain  primitives may 
cause no state change. Also, certain primitives may not be valid. For instance, 
in the rrready''  state, a WAIT primitive cannot occur. Such transitions as are 
nonvalid, o r  cause no state change o r  action, are not shown to avoid clutter. 
A. Compute Cycle 
A process  enters  the  domain of the  state  diagram  to be developed  through 
process  construction when the  values of a, b, and c a r e  set to  zero in  its PCB. 
For this reason, the discussion  begins with state zero.  The  normal  sequence of 
state transitions for  a process is 'tidle"-"ready"-'trunning. This is shown in 
figure 2. A process  in  an "idle" state (state 000) will  go to  the  "ready"  state  as a 
result of some  other  process having invoked a WAKE in  behalf of the  idle process. 
In the "ready"  state, a process  competes for processor  time. An executive procedure, 
known as the  "dispatcher, ' I  examines a queue of entries  representing all processes 
in  the  ready  state. Once the  dispatcher  determines a match  between  some  process 
and processor,  it  will "dispatch" the  process through a special  system  primitive 
which causes  the  processor  to start execution of the  appropriate  process.  The 
process is thereby  placed  in  the  ('runningIf state. While a process is "running, 1' 
it can invoke a STOP, thereby  placing itself in  the "idle" state again. 
13 
wake 
ready idle 
d = dispatch 
p = preempt 
I 
/' \ 
I 
/ 
k-2 / 
\ 
FIGURE 2. INITIAL STATE  TRANSITIONS 
14 
The  complete  transition  cycle I t  "ready,  "runningvf) will be 
referred  to as a "compute"  cycle. Many processes  can be satisfied by simple, 
repeated  loops  through  the  compute  cycle.  Each  time  through  the  cycle, 
0 an idle process would be waked up by another process 
or  the  system, 
0 processor  time would be allocated, 
0 the process would execute, and 
0 a STOP would be invoked to delay progress until the next 
compute  cycle  occurred or  was needed. 
B. The Work Variable 
The diagram of figure 2, while  satisfying  many of the  process  control 
requirements, is nevertheless inadequate. For instance, it is possible that 
some event may  occur  causing a WAKE to be invoked while the  affected  process 
is in  the running  state.  This is shown by the  dotted  transition  in  figure 2. In 
order  to avoid the  loss of such a WAKE, the state diagram is augmented  to  pro- 
vide it with the  ability  to  remember WAKES that  occur while a process is not 
in the I1idlerr state. This is accomplished through a state variable, "w, as 
shown in  figure 3. 
The  scheme  operates as follows: Each WAKE increases  the  value of 
!?wTf by 1 and each STOP decreases  the  value by 1. When a process invokes a 
STOP, a "testing" state is entered  wherein  the  value of trwrr is compared  to  zero, 
If T r ~ l f  is greater  than  zero, it means  that  some  event  requiring  processing  has 
occurred, and the  process is returned  to  the  running  state at the start address 
to  execute  another  pass  through  the  compute  cycle. If r r ~ "  is zero,  the  process 
is placed  in  the "idler1 state as shown /8/. 
The  state  variable, I1w, is located in the PCB and can be initialized 
during  process  construction  to any  value. If it is initialized  to  zero,  the  normal 
compute  cycle  will  occur as discussed above. If it is given a positive initial 
value of, say, n, the first n  STOPS will  loop  through  the  testing  state  and  back 
to  the running state thereby  effectively  ignoring  the first n  STOPs. This is a 
useful  capability  that  aids  the  programming of initialization  for  certain  cyclic 
processes  for  the first (n) time(s)  the  process  enters  the running state. No con- 
sideration  has  been  given-in  this  report  to  possible  uses of initializing r r ~ "  to a 
negative  value; only non-negative values  are  treated  properly  in  the state diagrams 
shown. 
8The  interpretation of vlwfr as a semaphore /2/7/ is valid  where STOP is 
similar  to  Dijkstra's rrPrt operator and WAKE is similar  to IrV. 
15 
FIGURE 3. REVISED STATE TRANSITIONS 
16 
The state variable, 'k, has several useful side attractions that result 
from its role in the  control  diagram. First, the  instantaneous  value of r l ~ "  i s  a 
count of the  number of WAKE primitives  that have not been "serviced"  through 
dispatching and subsequent  processing. In the  special  case  where, as a result 
of cooperative  process  action, a process is "waked up" periodically,  say  every 
10 milliseconds,  to  perform  some  calculation,  the  value of ' W r  can be measured 
by the  system  to  determine  whether the  calculations a re  lagging behind. If, be- 
cause of a low relative  priority,  the waked-up process is not dispatched  before 
the next WAKE, the r ' w , r r  can be used as a direct  measure of how far behind the 
process is. rrwrr will be referred  to as the  process "work variable"  because of 
the  apparently  close  relation  to  system  workload. 
C . Dispatching 
Returning  to  the  state  diagram of figure 3 ,  it is seen that a process  in 
the "running" state can  have its processor  seized by the  dispatcher  for  assign- 
ment  to a higher  priority  process.  This is known as a "preempt"  dispatcher 
action. It causes  the  preempted  process  to be returned  to  the  t'ready" state to 
await a  future  "dispatch"  primitive that will  allow it  to  proceed.  "Preemptf1 and 
"dispatch" a r e  special  system  primitives  that  can be invoked only by the  dispatcher 
which, as  part  of the  process  control  mechanism, has privileged  access  to  the 
necessary  control  devices  to  assign  processor  time  to a process. 
Extending the  discussion farther, it  seems  clear that the  dispatcher 
might be designed  to  dispatch processes with higher "w" values first, all  other 
factors  (such  as  priority) being the  same. If l lwll  is interpreted as a measure of 
work  scheduled  for a process,  then  the  sum of all rrwrr values  over all processes 
known to  the  control  system  can be thought of as an indication of the  total  scheduled 
work  for  the  system  at any given time. With this interpretation,  the  "system  work- 
load"  can be measured as a function of ?lw. t 1  
In  a system - such as certain  industrial  process  control,  mes- 
sage switching, avionics, ballistic missile defense, air traffic control, airline 
reservation, and other  similar  real-time  systems - it wculd seem  to be useful  to 
sample rW,rr dynamically. Analytical techniques applied to  probability  distributions 
of sampled rtwrt values  might  then be used  to  develop  feedback  scheduling and dis- 
patching  algorithms  to  dynamically  optimize  system  performance  under  varying 
workloads. 
17 
D. Cooperative  Processes 
We have  thus far developed a scheme  that shows the  relation between 
WAKE and  STOP through  the  introduction of the  concept of a compute  cycle  and 
the process work variable, "w. This scheme is particularly applicable in the 
case of cyclic o r  repetitive  processes  such as those found in all computer con- 
trolled  real-time  systems. It is necessary  to  incorporate  an  additional  pair of 
primitives  to  support  control of a process  that is "waiting" for  some  requested 
event  to  occur  before it can  proceed. 
Consider  the case of a request  for  data input. Unless the  data are 
already  buffered  in  main  memory  at  the  time of the  request, it would be neces- 
sary  in  most  cases  to  queue  the  request and  place  the  requestor  in a waiting 
state until  the  data  have been  input  and  converted for  use. A similar  situation 
arises  in  the  case of requests  for  main  memory  space,  peripheral  devices, 
timed delays, etc. 
Figure 4 depicts a "waiting" state which is entered by a process  that 
invokes  the WAIT primitive. When the  condition  necessitating  a WAIT has been 
eliminated,  the  process is placed  in  the  ready state through  the  use of the CON- 
TINUE primitive. When the  dispatcher  assigns a processor,  control  resumes 
at the  "returnaddress"  saved  in  the  PCB by the WAIT mechanism. 
It is interesting  to  consider what  would  happen if an "unauthorized" 
CONTINUE were invoked as a result of either a hardware o r  software  error. 
The  waiting  process would, upon entering  the  running state, assume  erroneously 
that  the  request had been  granted  and  proceed  to  cause a further  promulgation of 
the  original  failure - possibly beyond the point of recovery if this point had not 
already  been  reached. 
One  way of preventing  such  a CONTINUE  would be to build  into the 
WAIT mechanism  a  procedure  for  generating a unique "key. I '  This key would be 
made  available  to  the  procedure  authorized  to  invoke  the  corresponding  valid 
CONTINUE. Then, whenever a CONTINUE i s  invoked, the key supplied by the 
invoker would be matched  to  the  unique key generated at the  time of the WAIT. 
Mismatches would determine  program  errors o r  system  failures.  The  details 
of th i s  form of validity  checking  will not be considered  further  in  this  report, 
but they  certainly  form  the  basis  for  further  examination and  definition. 
E. Suspended States 
The  final  alteration  to  the state diagram  is  an  extension of figure 4 to 
include optional "suspendedf' states. The mspended states are companions to 
corresponding nonsuspended ("waiting, "ready, "idle, ) I  and "runningT') states 
and are provided as a mechanism  for  stopping  the  progress of a process.  The 
18 
\ 
running testing w 
3 
/ w4w - 1 
FIGURE 4. EXTENDED STATE TRANSITIONS 
effect of a WAKE and CONTINUE primitive is preserved  through  an  appropriate 
transition  from "idle suspended"  and "waiting suspended"  to  "ready  suspended. 
Figure 5 shows  the  complete state diagram. 
Suspended states can be associated with a special  mode of processor 
operation  which  will  support  extensive  observation by external  processes of 
processing  activity.  This  mode  might be referred  to as the "debug" mode. 
Figure 5 shows  process state changes  with  regard  to  certain debugging primi- 
tives, namely I f  suspend" and "release. Other debugging primitives that influ- 
ence  processor  states, but are unknown to  processes,  can be defined to  enable 
the specification of a comprehensive  automatic debug program as part of an 
executive. These concepts are properly discussed elsewhere. For the purposes 
of the  present  discussion, "suspend"  can be considered  to be equivalent  to  the 
(manual)  depression of a  console  r'stopf' button in a single  processor  configuration; 
"release" is equivalent  to  a  trgo'' button depression. In a multiprocessor configu- 
ration,  the  concepts  assume  more  meaning  in  that  actions  equivalent  to  rrstopl' 
and  rrgoll  can be carried out under  program  control on one  processor  to  'Tsuspend7' 
and v7releasef1 a process  executing  on  another  processor. A s  was  mentioned be- 
fore,  these  primitives  will  have  meaning only when the  affected  processor is 
operating  in  the debug  mode. While in  this  mode,  special  logic  sequences  can be 
invoked to  accomplish  single-step  and  phase-step  processor  operation,  register 
content readout and alteration, breakpointing, etc. The associated fully-integrated 
processor/process  capabilities are not discussed here. 
F. Process Termination 
The  diagram of figure 4 contains  the  essential  ingredients of process 
control  and  will  be  the  basis  for  discussion in subsequent  sections.  However, 
it does not include  the two termination  states  into which EXIT and ABORT take 
a process. The reason  for not showing the termination states is that  they  over- 
complicate  the  diagrams  and  add  little  to  the  concept. EXIT and ABORT are  
considered,  however,  in  the  implementation  schemes  to  be  developed. 
EXIT can  be  invoked only by a process  in  the running state in its own 
behalf. The primitive wil l  place  the  process  in  the "unload" state and activate 
a system  unload  procedure  to  return all of the resources  allocated  to  the  pro- 
cess. In addition, all incomplete activities, such as input and output, initiated 
by the  process will  be  completed by the  system. An ABORT will  cause  the 
specified  process  to be placed  in  the  "post-mortem''  state  and wil l  activate  a 
system abort procedure. This procedure will  perform various debug functions 
such a s  dumping main  memory at machine  registers. Upon completion, the 
abort  procedure wil l  invoke an EXIT,  thus  causing  the  process  to  be  unloaded. 
20 
w 4 w+l 
r 
running 
suspended 
3 
d = dispatch 
p = preempt 
r = release 
s = suspend 
FIGURE 5. FINAL STATE TRANSITIONS 
21 
G. Example of Usage 
Before  proceeding  with  a  discussion of implementation  concepts,  a 
specific  programming  example is offered  to show the  use of WAm and CONTINUE. 
Shown  below is an "intuitive-ALGOL" source-form  listing of two cooperative 
procedures. One, named "free, is intended to illustrate a procedure for finding 
and allocating  to  the caller a  block of contiguous  main-memory  words. It is a 
function  that  returns the address of the block to  the  caller;  the  caller  specifies  the 
size of the  requested block as a formal  parameter. ''Putback''  provides  the  means 
whereby  a  caller  may  return  a  previously  allocated block to  the  system. In this 
way,  blocks  which a re  no longer needed by the  caller  are  made  available  for  allo- 
cation  to  future  callers of "free. 
"""" . 
procedure  free(request.  size) 
then begin 
look: - if another. block 
-
look. at.  size; 
remove(b1ock. address) ; 
- if too.  small  then gg to look; - "
found : 
scan: 
- if too.  big - then  insert.  block(excess. block. address,  excess.  size); 
free:=block. address; 
return. to. caller 
end 
queue(request.  size,  processid, caller. return) ; 
get(b1ock. address,  caller.  return); 
gg - to found 
-
- else begin 
> wait; 
" end. 
"""" 
procedure putback(b1ock. address, block. size) 
then begin 
- if more. queued. requests 
-
- if this. queued. request.  size block. size  then go to  scan- 
dequeue(this.  queued.  request) ; 
fix. block(b1ock. address); 
fix.  size(b1ock. size) 
continue@rocessid) ; 
if block. size = 0 then  return. to. caller; 
end. 
insert. block(b1ock. address,  blocksize) ; 
return.  to.  caller; 
"'
go to  scan 
- -
" 
22 """" 
llFreell is an algorithm  that  locates a block by looking through a list o r  
map of available  storage  blocks until em large enoclgh to  satisfy  the  caller's 
request is found. When one is located, it may  be  too big, in which case the 
excess sub-block is placed back in the  map by a call to "insert-block.  In case 
no available  block is large enough to satisfy the caller's request,  the  size of 
the  requested block, along  with the caller return  address and a pointer  to  the 
caller's PCB, is queued to allow the  system  to proceed.  Until  the  request  can 
be  satisfied,  the  process  remains  in  the  waiting state. 
"Putback" has  the  job of updating  the  map which specifies  available 
*rage so that llfreell is made aware of the returned space. lfPutbackll first I 
scans  the queue of requests  to  determine  whether  the block being returned will 
satisfy  some  waiting  request. If a request  can be satisfied,  the  waiting  process 
is CONTINUED. Tutbackfl  continues to  scan  the queued requests  until  there 
a r e  no more requests to  check, o r  all of the  returned  space  has been used  to 
satisfy queued requests. When scanning is complete,  the remirining space is 
inserted in the  storage map. 
Several  interesting  points  can be deriued  from  the example. The  most 
important is the  implication  that,  in a multiprocessor  system  wherein  the  example 
code can be shared  among  several  processors  simultaneously,  the code  must be 
reentrant.  The  code of "free, If  for  example,  represents  part of the  mechaniza- 
tion of all processes having  queued requests.  This is an  important  example of 
code  and data  sharing. 
The  reentrant coding requirement could be eliminated by provision of 
duplicates of the code as part of the  mechanization of every  process. Since the 
algorithm is likely  to be rather  complicated due to  "garbage  collection" and 
memory  map  characteristics,  the  cost  in  storage  space would probably be 
accessible  to  (shared by) all processes.  This  requires  some  form  processor 
lockout capability  such as "Test and Set" /1/9/. This same lockout capability 
could be used  to  obviate  the need for  multiple  copies of man-reentrant  code but 
would require  special  attention  to  process coding. Reentrant code combined 
with Test and Set applied to  the global data is preferable. 
'Blakeney, G. R. , Cudney, L. F. , and Eickhorn, C. R. : An Application- 
Oriented  Multiprocessing  System - Design  Characteristics of the 9020 System. 
IBM Systems Journal, V6, N2, pp. 88, 1967. 
23 

SECTION m. IMPLEMENTATION 
This  section  outlines  an  implementation of the  concepts of process 
control  discussed  previously. Two design  approaches a re  developed for 
comparison  purposes.  The first is comprised of a combination of hardware 
and software; the emphasis is on digital logic. The second is predominantly 
software. While the hardware  design is comprised of digital  logic, and the 
software is depicted as a high-level  language, it is important  to  realize  that 
stored logic could replace any (or all) of the implementation  media.  This 
fact  confirms the  observation  that  there  are no  longer well-defined demarca- 
tions  in  the  selection of implementation  metlia for executive  control. Such 
selections  must  be  based on appropriate  trade  studies  that  include  preliminary 
designs  such as those  discussed below. 
Before  depicting  the  actual  implementation, it is necessary  to  discuss 
some  concepts and techniques of general  use  as digital design aids. The 
applicability of transition  matrices and  the  evaluation of control  variables is 
outlined briefly  to  support  the  design  rationale that follows. 
A. Transition  Matrix 
The  information shown in a state diagram can be represented in other 
forms  that are often more compact. For  the  purposes of further  discussion,  an 
example is shown in  table 2. This matrix  depicts  the  important  state  transition 
aspects of the  figure 4 state  diagram with the  exception of ffd"  and Ifp. If (All 
future  references  to  state  diagrams developed in this report will  imply  that of 
figure 4 unless  specifically  indicated  otherwise.) A state  diagram is considered 
to  be /lO/ll/ a representation  for a finite  state  machine  that  has  inputs,  rep- 
resented  in  these  discussions by the  primitives, and outputs, represented  in 
report  examples  by  increasing,  decreasing, or  doing nothing to  the  work 
variable.  Table 3 shows an output matrix  that could be  used  to  control  the 
value of "w. If 
10 
-: Minsky , M. : Computation: Finite and Infinite Machines. pp. 21, Prentice- 
Hall, Inc. , Englewood Cliffs,  N. J . ,  1967. 
11-: Chu, Y.: Digital Computer Design Fundamentals. pp. 375, McGraw-Hill 
Book Company, Inc., New York, N. Y . ,  1962. 
25 
TABLE 2. STATE TRANSITION AMATRE 
11 
X 
11 
X 
01. 
F Should not happen. (Could be used to flag software/ 
hardware  error. ) 
X Cannot logically happen. (Could be used to flag 
hardware  error. ) 
Indicates  tate change. 
Y Final state depends on w. 
26 
TABLE 3. WORK VARIABLE CONTROL 
Primitive 
STOP 
. ~ ___ 
WAKE 
WAIT 
CONTINUE 
" 
Matrix element  values: 
-1 Implies  decrement w.  
0 Implies no change in w.  
+1 Implies  increment w.  
X, F Same as in previous figure. 
11 
X 
+1 
0 
27  
I 
The  "Testing w" state,  in  effect, does not exist as  far as processes  are 
concerned; it acts  like  a pseudo, o r  "transient, ( I  state  in  that while the  machine 
is in this state, it is merely  in the process of deciding, on the basis of "w, If 
whether  the  required  transition  should  be "lO"-to-"lO" or "lO"-to-"OO. If When 
a STOP is invoked (in  the  running  state), w will  be  decremented and tested 
immediately  to  determine  which  transition  to  make.  This could  have been 
indicated  in  the  state  diagram as shown in the  illustration below. 
w - w-1: w=o 
FIGURE 6. ALTERNATE FORM FOR STOP TRANSITION 
WAKE is the only valid  primitive  that could conceivably  be invoked 
while a process is in the "Testing w'l state.  There  are  several  alternatives 
to  controlling this situation. The simplest way would be to have an  access 
lock  placed on the  value of w until i t  has been  tested.  After the proper  transi- 
tion has been  made,  the  access lock would be removed. The only drawback 
to  this  scheme  occurs  in  those  cases  where  the  process is placed in  the  idle 
state, only to have its state changed immediately  to  "ready"  thus  causing  a 
large amount of work to be required to  place it back in the running state.  This 
problem  arises only in a multiprocessor/multiprogramming environment, of 
course. 
An alternative  to the above scheme would be  for  each  machine  to  set 
a control  line  indicating  that it is executing  a process  in  the  "Testing w" 
state. Al l  other  process  control  machines would sense this line and delay 
further  processing  until  the  line is reset. For the  particular  conflict we are  
considering, this alternative  has  the advantage that no value access lock 
mechanism is required,  the  control  line  accomplishing  the  necessary  control. 
However, the disadvantage of the first scheme is still inherent. This report 
wil l  assume the  second  scheme although it is not necessarily  best, and there 
may be other schemes. The shown in table 2 could be used to indicate 
that the "Testing w" control  line should be  set. 
28 
The llX's, shown as elements of both matrices, indicate combinations 
of input and state which are not valid by definition. These combinations would not 
normally go unrecognized,  however,  because of their value in  detecting e r r o r s  in 
a logic  circuit  designed  to  function  like  the finite machine. For  this  reason, a 
second output matrix  might  be  constructed  to  control  the  detection f this  class 
of e r r o r  (caused by an  input [e. g. , primitive]  or  the  machine [e. g. , state]  itself). 
An "F" is used as an  element  to  indicate  those  combinations  which, 
although they  could occur, would indicate  another  (possibly  different  from 
the "X") type of error .  The relation  between WAIT and CONTINUE is 
one which would be prohibited, by programming  standards,  from  existing be- 
tween  more  than one pair of processes  or  procedures  at any given instance. 
Another,  perhaps  more  precise, way of looking at this is to state that  every 
WAIT has one and only one  logically  valid,  matching CONTINUE. Also,  every 
CONTINUE will always "unlock" (match)  one and only one waiting  process. 
An e r ro r  would occur i f  some  unauthorized  process invoked a CONTINUE when, 
in  fact,  either  the  object  (process) of the CONTINUE is not waiting o r  the event 
being  waited  upon has not occurred.  The "F" indicator will flag  the first of 
these two possible  mismatches; a key of some sort would  be required, as dis- 
cussed  previously,  to  flag  the second. 
B. Control  Variables 
In order to  develop  a  valid  logic  device to  represent the finite  machine 
of the process  control  state  diagram,  it is necessary  to define several output 
variables,  each having an appropriate output matrix  to define  the variable 
values. The form shown in tables 2 and 3 is awkward for  space  reasons 
and a  tabular  form,  sometimes  called  a  "standard  basis" /12/ truth  table, 
is preferred.  Table 4 is a standard  basis  for  representing all combinations of 
A, B, C and D (from  the  transition  matrix) in the first four rows. The 
column  numbers at the  top indicate  the  sixteen  possible  elements of the 
matrix of table 2. Although it may  be confusing, these  numbers are referred 
to,  in  conformance with generally  accepted  policy, as  "state  numbers. If Thus, 
state 5 represents  the  occurrence of the WAKE primitive ( B  = 0 , A = 1) when 
a process is "ready" (D = 0,  C = 1). 
12-: Digital Systems Engineering: pp. 1.28,  Lecture Notes, 5th Edition, 
RCA Institutes, Clark, N. J. , 1965. 
29 
TABLE 4. EXAMPLE STANDARD BASIS 
VARIABLE STATE 
0 0 0 0  0 0 0 0  
0 1 2 3  4 5 6 7  8 9 0 1  
A 
0 0 1 1   0 0 1 1   0 0 1 1   0 0 1 1  B 
0 1 0 1   0 1   0 1   0 1  
0 0 0 0  0 0 0 0  1 1 1 1   1 1 1 1  D 
0 0 0 0  1 1 1 1  0 0 0 0  1 1 1 1  c 
-1 
X 
F 
N 
G 
H 
Y 
w 
V 
I 
0 0 0 0  
0 0 0 1  
a 0 1 -  
0 - 1 -  
b - l -  
1 0 0 -  
1 1 0 -  
0 1 "  
1 0 1 0  
- 0 - 0  
- 0 - 1  
1 
0 
- 0 - 0  
- 1 "  
- 1 "  
" -  
- "  
X: 
F: 
N: 
G: 
H: 
Y: 
w: 
V: 
-. 
Invalid - flag hardware  error. 
Illogical - flag  hardware/software  error. 
State  change ( 0  in  transition  matrix). 
New C when N = 1. 
New D  when N = 1. 
Indicates entering Testing w. Set appropriate control line, 
Change  value of w (Test and  Set  could be used  to  gain  access). 
Increment (= 1) or decrement (= 0) value when W = 1. 
Don't care. 
Note: "a" is a 1 if and only if W = 0 when tested. 
'fbff is a 0 if and only if W = 0 when tested. 
- - 
30 
Each row below the  top f a r  represents  an output variable  whose 
possible (Boolean) values  are shown at the  intersections with  the different 
states  (columns).  The X condition  defined in  the  transition  matrix and dis- 
cussed above is an  example of a  condition  that  must  be  detected.  Therefore, 
X is defined as an output variable  whose  value will be ''1" (Boolean True)  for 
those  combinations of A, B, C and D which are invalid; i. e. , cannot  logically 
happen. Therefore, a lllff is placed at the  intersection of the X row with states 
0 ,  2,  4, 6 ,  12 and 14. All  other state numbers are valid; X is therefore 
(Boolean False)  for  these states. 
Notice that for  some  state-number/row-value  intersections  in  the 
standard  basis, a 1 1 - 1 1  is shown. If a logic circuit is developed to  provide 
values  for all of the output variables, and the  value  provided for X turns out 
to  be I l l ,  the  values of all  other output variables  are  useless  since  some 
e r ro r  has  occurred.  For this reason, 'l-lf is used  to  indicate  a  '?don't  care" 
value for  certain  variables at certain  state  numbers.  Furthermore, if a 
don't-care condition exists  for  a  particular  variable,  it does not matter 
whether the  logic circuit  produces  a 110" or a "1" for that variable in  that 
condition. It is common  practice  in  digital  design  to  take advantage of 
don't-care  conditions  in order to  minimize or simplify  the  overall  logic 
circuitry. Simplification often occurs when a  specific  circuit is intentionally 
designed  to  produce, say,  a "1" for  certain  don't-care  state  numbers. 
C. Sum of Products 
A simple  procedure is available  for  the  derivation of equations  to  eval- 
uate  the  various output variables  for  all combinations of inputs.  Referring  to 
the  standard  basis, it is clear that X must  be "1" when A, B, C and D a re  
"0, I'  A, C and D are  ''0" and B is "1, I '  etc.  It  must  be "0" for  all  other 
combinations. 
Taking state 0 first, it is clear that if the False (''0") A, B, C and D 
values  are negated and "ANDed" (logical  product)  together,  the  logical  result 
is 1'1'' (True).  State 1 can  result  in  a rrl" if the  False  values of B, C and D 
are  negated and ANDed together with the True value of A. State 3 suggests 
ANDing a negated C and D together with A and B, and so on. The input stan- 
dard basis thus  provides  an  indicator for obtaining the  desired  logical  values 
for all output variables. 
31 
The logical entities thus  formed are sometimes  called  "minterms" and 
are designated  by a lower case trmr' subscripted by the  appropriate state number. 
Thus, /13/ 
m = A B C D  
m = A B C D  
m = A B E ' D  
m = A B C D  
m , = X B c D  
0 
1 
2 
3 
"" 
-" 
" 
m = A B C D  - 6 
m = A B C B  7 
are the first eight  possible  minterms.  It is clear  that  each  minterm  has a True 
Boolean  value  provided  the variables A ,  B, C and D have  the  values  depicted  in 
the  standard  basis  for  the  subscript  state  number. In fact, it is also  clear 
that  for all combinations  other  than  those of the  appropriate  state  number, a 
given minterm will  have a False value.  That is, mi is ''1" if and only if the 
variables A ,  B, C and D have the  values  associated with state i. 
Therefore, X can  be  evaluated by use of the  expression 
X = m   + m   + m   + m   + m   + m  
0 2 4 6 1 2  14 
This  sum of products  forms  the  basis,  therefore,  for a computer  program  or a 
logic  circuit  to  evaluate X. Expressions  can  similarly be  derived  for  all of the 
other output variables. 
Considerable  simplification of expressions  such as that shown for X 
will  accrue  from  factoring and the  application of deMorgan's  Theorem. Addi- 
tional  simplification  can  result  from  the  use of Karnough maps, Mahoney maps, 
and other  derivatives of the Venn diagram.  These  simplifications are "tricks 
of the  trade"  for  digital  systems  designers and are not discussed  here although 
the  serious  systems  programmer should master at least one of the set of 
techniques (see, for example, reference 11). Figure 7 shows a somewhat 
simplified  logic  circuit  that will evaluate X using AND and OR gates. A map 
is also shown  with minterms  shaded  according  to  the  standard  basis. The 
value of X can  be  used as input to a flip-flop to  interrupt  further  processing 
or  to  cause a trap  to a fault  diagnosis  program. 
13 The  logical  product is denoted by simple concatenation;  the  logical sum is 
denoted by ? I + .  1 t  'V'' is taken to  mean "not V. 
32 
C 
- 
D 
AND X 
1 
10 I 11 
j X = K E + A C  
I = A (E + C) 
D 
819 
- . -  - - - 
C C 
FIGURE 7. EVALUATION OF X 
33 
D. Processor  Control 
The output variables shown in  Table 2 a re  defined in  that  table. The 
justification  for  each of these  variables is clear  from  the  discussions  since 
they were all derived  from  the  matrices of tables 2 and 3. Several additional 
input and output variables  are  required in  order  to enable a complete definition 
of the process control mechanism. These variable requirements are derived 
from  further  consideration of the  dispatching  function and processor  state 
transitions. 
1. Dispatcher.  Previous  discussions have mentioned  a dispatching 
function  without going into  detail a s  to what it  does. While i t  is not desirable 
to  explicitly define a  particular  dispatcher, its main  features  can  nevertheless 
be outlined. The dispatcher is an a l g o r i t h  or se t  of rules  for  matching  a 
process in the  ready  state with a  system  processor. Once a  match has been 
made, the process can begin executing. Since there will  normally  be  more 
than one process in  the  ready  state,  the  dispatcher is actually  an  algorithm 
for deciding which "ready" process  to  dispatch and  then  making the  appropriate 
change to the state of the  affected processor and process  to  start execution if  
a process is dispatched. 
a.  Ready  List. The dispatcher  represents a portion  (sometimes 
large) of system  overhead.  It  should  therefore  be  able  to  operate  efficiently. 
It cannot be defined efficiently if  it examines  the  various  PCB's  in  the  system 
to  make its decisions. For this reason, a separate list containing an entry  for 
each  process  that is not idle or waiting is usually defined. Entries  in  this list, 
often referred  to  as  the  "ready list" or  "switch list,  ' I  contain  the addresses of 
(pointers to) the PCB corresponding  to  their  associated  processes.  This  list 
effectively  isolates  the  dispatching  algorithm from  the  order and structure of 
PCB's and thereby  makes it possible  to  order and structure the  ready  list  to 
enable  optimization of the  dispatching  algorithm. 
In order  to  construct  the  ready list, a  procedure is necessary for the 
creation of an  entry  for a specified  process and insertion of the  entry  into  the 
ready list at the  appropriate  place.  Each  time a process  makes  the  state 
transitions  "idle-to-ready'' and  "waiting-to-ready, If this  procedure  must  be 
invoked by the  process  control  mechanism.  Conversely, a procedure  must  be 
defined and properly invoked to  remove  an  entry  from the  ready list and destroy 
it. 
When a process is running, it may  remain  in  the  ready list for  conven- 
ience,  but  with its state  indicator showing that it is running instead of ready. 
An alternative is to  maintain two lists: a ready list for  processes  in the  ready 
state, and an  active, o r  running, list for  processes  in  the running state. If 
34 
this  scheme is used,  the  "insert"  procedure  discussed above inserts  entries 
in the  ready list as  mentioned;  but  the  flremove't  procedure  removes  entries 
from  the running list. In either  case, a separate  procedure is necessary and 
sufficient  for  removal and insertion,  since RELEASE and SUSPEND (involving 
a different  pair of procedures) are not part of the  current  discussion. 
Based on the  discussions  thus far, it is evident  that  a  variable is re- 
quired to trigger  activation of the  dispatcher  as  a  result of primitive  operations. 
Furthermore, a variable is necessary  to signal whether  an  entry  must  be  placed  into 
or removed  from  the list(s). The dispatcher, of course, or some  other  proce- 
dure,  such  as a priority  control  procedure , may  manipulate and reorganize 
the list( s) . 
b.  Dispatcher Overview.  It was  mentioned  previously  that 
special  privileged  primitives are required by the  dispatcher  to  dispatch and 
preempt  processes. Through the proper  design  approach,  both of these  prim- 
itives could be  incorporated  into a single primitive  to  switch  execution  from 
one process  to  another. In a  single  processor  multiprogramming  system this 
approach would perhaps be adequate. However, in a multiprocessor, multi- 
programming  system,  a  process  might  stop when there is no  other  ready 
process  to which a  switch can be made. For this reason, and because of 
the  greater  inherent  flexibility, the two controls are kept  separate  in  this 
report. 
Figure 8 shows an overview to a processor  allocation  scheme showing 
the  various  functions of a dispatcher.  Control is passed  to  the  dispatcher 
through a mechanism referred to as a "trap. This mechanism, a list-driven 
processor  capability  activated by the  process  control  mechanism, is discussed 
below under  Trap  Processing. 
The basic  functions of the  dispatcher as shown in  figure 8 are self- 
explanatory. A given processor is considered,  for  simplicity,  to have only 
two possible states. These are referred  to as "executing" and "stopped. I t  
When a processor is stopped, it can  be  placed  in  the  executing state only  by 
a DISPATCH primitive.  This  primitive  specifies  an  identifier  for  both  the 
processor and the  dispatched  process  (Processid  in  Figure 1). 
When a processor  recognizes a dispatch  signal, it will: 
0 Load the address of the associated PCB from a pre- 
specified  memory  location, 
0 Load its  volatile registers from the process-associated 
PCB machineregister  space, 
0 Store its identification in the CPUnumber space of the PCB, 
35 
Return  from 
processing 
r - -  - - .- - 1 
I Selection I 
I Algorithm !- - - - - -  
Get highest 
priority  ready 
I I process 
L""""l 
V 
no 
Pick  the  lowest 
such  process 
Preempt Stops the I 
the  lowest  associated I 
priority I executing I 
process I processor I 
I- - '- .- " " --" 
I 
L -  - - _ _ - _ _ _ _  J 
Dispatch 
ready  process 
to  processor 
just  stopped 
Dispatch  ready 
process  to  "some" 
stopped processor 
Set  identity of trap 
processor to be 
CPUnumber of 
some stopped 
processor or of the 
processor  executing 
the  lowest  priority 
process 
I 
I 
FIGURE 8. DISPATCHER  OVERVIEW 
36 
0 Load the memory address register from Returnaddress 
in  the  PCB, 
0 Start an  instruction  fetch  cycle. 
This sequence of operations is referred to as a dispatch  cycle.  The  dispatch 
signal is transmitted  to  the  affected  processor by the processor executing  the 
DISPATCH primitive. In the  case  where the  affected processor is the one 
executing  the  primitive (i. e. , it is executing  the  dispatcher), no processor- 
to-processor  communications is required and the  primitive is not  recognized 
until trap  processing is complete. 
A PREEMPT  primitive  specifies  the  identification of the  affected 
processor. When the  processor  recognizes  a  preempt  signal, it will  sequence 
through  the  preempt  cycle a s  follows: 
e Save its volatile registers in the PCB machineregister 
space  for  the  process it is executing, 
0 Erase its identification  from  the PCB CPUnumber 
space, and 
0 stop. 
2. Trap Processing. A trap is a transfer of processor control to 
a specified  location as a result of some  event or condition requiring  special 
attention. From  the viewpoint of process  control,  trap  processing  offers  a 
flexible and efficient  means of initiating  certain  procedures,  such  as  the 
dispatcher, or the  "remove" and "insert"  procedures that operate on the 
ready list as mentioned  previously. 
Each  processor is required  to have a one-bit trap  designator  register (TDR) 
indicating  whether it is the  trap  processor or not. Only one processor  in  a 
multiprocessor,  multiprogramming  system will  be  designated at any given 
time as the trap  processor. The selection and designation is controlled by 
the  dispatcher  as shown in box 7 of figure 8. Selecting in this Way, on the 
basis of processor  state and process  priority,  insures  that  trap  processing, 
a  system  overhead  item,  interferes only with the  lowest  priority  process and 
then only if there is no stopped  processor. 
Traps  are  implemented by each  processor upon recognition of an  event 
requiring  software  support. The mechanism  consists of first placing a  pre- 
specified  main  memory  location  (entry point of a  support  routine)  in  a list that 
is normally  treated  as a first-in-first-aut (FIFO) stack; and then  setting a 
37 
I 
trap  control  line.  The  stack beginning address  and  ending  address are stored 
either  in common  main  memory or  local  scratch-pad  memory  for  each  pro- 
cessor.  Also,  the first word  in  the  stack is reserved  for the location of the 
first unused  stack  word. 
A t  the  completion of an  instruction  sequence, all processors  match 
(by use of a logical  product)  the  trap  control  line  (TCL)  with  their  trap  desig- 
nator  register; a resulting rrl" will  cause  the  designated  processor  to  access 
the FIFO  stack for the trap  instruction  fetch  address (a policy  may  be invoked 
to  save  certain  machine  registers  also). The trap  control  line is not reset 
until the trap  stack is empty. Upon completion of the  processing of each  trap, 
the trap  processor  must  check  to see if i t  is still the  designated  trap  processor, 
since the designation may have been changed during  processing.  Also,  a  trap 
processing  line (TPL) must be provided  to  prevent  a newly designated  proces- 
sor from taking action  during  trap  processing. The need for  this is dictated 
by the  requirement  in the reported  approach  to  maintain  the  FIFO  order. 
Perhaps  this  requirement could be relaxed by a different  approach. To 
complete the scheme, it is necessary to provide  a  trap  stack  access  control 
capability  to  lock-out  access by other  processors  (attempting  to  place  a  trap 
entry on the  stack) when the  designated  processor is removing  an  entry. 
In summary,  the  trap  processing  discussion  shows a need for  the 
following controls: 
0 Trap  designator register (TDR) , 
0 Trap designator register set line (TDS) , 
0 Trap  processing  inhibit  line  (TPL) , 
0 Trap  control  line  (TCL), 
0 Trap  stack and  manipulation  capability, and 
0 Trap  stack access lock-out  capability. 
3. Processor States. In order to show more clearly the relation- 
ship  between  processes  and  processors, the  effect of control  signals and 
trap  processing is displayed  in  the state transition  illustrations of figure 9. 
Transitions are caused by 
0 d - the  dispatch  primitive  us d to set processor 
dispatch  control  lines  through  processor-to- 
processor  communications, 
0 P - the  pr empt  primitive  used  to set processor 
preempt  control  lines, 
38 
sit 
P 
rft 
tclotdr 
"" 
a. State Diagram 
e - I 
N - 
b.  Transition  Matrix 
X: hardware  error or illegal  use of primitive o r  control  signal 
N: not used 
-: not checked/not possible/don't care 
FIGURE 9. PROCESSOR STATES 
39 
0 TCLOTDR - for  each  processor this is the  logical  product 
of the  trap  control  line  and  the  processorls  trap 
designator  register  contents,  and 
0 rft - the  return  f om  trap  processing  i struction. 
In these  illustrations, "p" will  cause a preempt  cycle  after which the 
processor state is changed; "d" causes a dispatch  cycle; and rrrftr' tests  the 
logical  product of the trap  control  line  level  and  the  contents of the processor 
trap  designator  register. When ''rft'' finds  the  product  to be a Boolean true, 
it forces the transition  to  either rrterr or "tsrt so that the corresponding ''err and 
r r ~ f ?  states become  transient states in this case. 
The symbols "p" and "d" play a dual role  in  that they are  interpreted 
as either  executed  primitives  or  control  line  contents. In the case when a 
processor  executes a "p" or "d" primitive, the control  logic  for  that  primitive 
is invoked. These primitives provide, as arguments, the identification of the 
affected  processor. In the  case of 'Id, the identification of the process  to  be 
executed is also  provided as an  argument. 
When a processor  recognizes  that  either its "p" or "d" control  line is 
at the rr17f level  (these  lines  might  be  checked at the  end of each  instruction 
sequence),  the  control  logic  for  processor state transitions is invoked. Two 
cases (one with two subcases)  must  be  considered  in  the  design of the control 
logic : 
0 Case 1: 
0 Case 2: 
0 Case 2a: 
The processor  has  received  and  recognized a 
''1'' level on either its "p" o r  "d" control  line; 
in this case,  its  processor state transition 
control logic is invoked. This logic then in- 
vokes  the  process  control state transition  logic 
(to  be developed  and depicted  in  figures 10 and 
12) if the initial processor state was "executing" 
(in  the  case of a recognized "p") or "stopped" (in 
the  case of a  recognized Ild''). 
The processor  has  fetched and must  execute a 
"p" or "d" primitive; the primitive  logic verifies 
that  the  primitive is not an  illegal  instruction. 
Then, two subcases  are  considered: 
The "p" or  "d" primitive  argument  processor is 
not  that of the  cognizant processor;  in  this  case, 
the  argument  processorfs  f'pl'  or "d" control  line 
(whichever is appropriate) is set. 
40 
0 Case 2b: The "p" or "d" primitive  argument  processor is 
that of the  cognizant processor;  in this case  the 
processor invokes its processor state transition 
control  logic. It then  checks  to see if it was 
initially  in  either the trap/executing or trap/stopped 
state. If so, the process control state transition 
logic  (figures 10 and 12) is invoked. In the case 
of a Ifp, the logic shown in  figure 12 wil l  trigger 
a "stop  processor"  function  (F21). F21 would be 
disabled  in  this  case (only) by the processor  state 
transition  control logic prior  to invoking  the process 
state  transition  control logic. 
When a processor  executes a "p" or "d" primitive, a validity  check is 
first made  to  insure  that the processor is in a trap/"anything" state. Since the 
"p" and "d" primitives are regarded as privileged,  they wil l  be treated as 
illegal instructions if they  appear  in  an  instruction  stream while  the processor 
is in the  executing  state. Once this  check  has  been  made,  the  logic  for  these 
primitives  checks the CPUnumber  (or  processor  identification)  associated  with 
the  primitive. If the processor's own identification  does not agree with that 
of the  primitive  argument,  the "p" or "d" control  line  associated with the 
argument  processor is raised (set) to the lllff level.  It is the  recognition of 
this "p" o r  "d" control  line which causes  a  subsequent state transition by that 
processor. 
If the processor executing  the "p" or "d" primitive  finds that i t  is the 
argument  processor, it invokes  the processor  state  transition  control logic 
as if it  had recognized  an  associated  control  line set by another  processor. 
Although development of the control  logic  for  processor  state  transi- 
tions is beyond the  scope of this report,  sufficient  detail  has  been  presented 
to  clarify the  impact of the "p" and "d" primitives on processors.  Also, 
the  controls €or trap  processing  can  be  designed  easily on the basis of the 
discussion. 
E. Hardware- Implementation 
The state transition  matrix shown in  table 5 is an expansion of 
table 2 to include  the  primitives for dispatching,  preempting.  exiting, 
and aborting. Additional states should be included to show that a process 
is terminated o r  suspended. However, these additions expand the number of 
standard  basis states beyond the point where  mapping  for Boolean expression 
simplification is trivial. The intent of this  report is to  indicate  the  necessary 
considerations, and work  through a reasonable  subset of the  required states 
41 
TABLE 5. EXPANDED MATRIX 
Primitive 
STOP 
WAKE 
WAIT 
CONTINUE 
DISPATCH 
PREEMPT 
EXIT 
ABORT 
I I 
\ E D  I 
I 
X, F, Y ,  0 - Same as Figure 6. 
T - Stack exit and mark  terminated. 
R - Stack abort and mark  terminated. 
42 
-. 
to show comparative  results  for  both  hardware  and  software  approaches. It 
is felt that  the  requirercents of table 5 accomplish this objective  without 
overcomplicating  the  techniques. 
1. Logic Network. Table 6 gives the variable designations corres- 
ponding to  table 5 in a standard  basis form. The maps  in Appendix A were 
used  to  derive  the  expressions shown in  table 7. Note that don't-care 
minterms are shaded in the  maps as if they were "1s" to simplify  expres- 
sions.  Figure 10 is a feasible  logic  network that evaluates  the  expressions 
of table 7. Network elements are shown only for X, F, N and G to  illustrate 
the  scheme. 
Operation is initiated by input of a suitable (logic 11111) pulse,  P, which 
' goes into the R-S flip-flop (FF) on its set line, S. This FF is initially in 
the reset (or clear) state wherein  the output line Q is set to "0" thus  disabling 
the AND gates shown directly above it. A logic  diagram of the R-S FF is 
shown in  figure 11. The Q line is labeled "l'.' to show that a lllff input on 
the S line wil l  cause  this  line  to  go  to a !?l. It wil l  stay this way until a "1" 
is subsequently  input on the R line  to  clear it (set it to "0 ' I ) .  
The  Boolean values of A , By C , D and E are input to  their  respective 
enable/disable AND gates so that, when P arrives,  they wil l  be  applied, along 
with their  complement  values,  to  the  network  to  give  values  for X ,  F,  etc. 
Inputs A , By C , D and E are assumed  to  be  logic  levels  that  are held at  their 
value (possibly by'flip-flop registers). Therefore the outputs X, F, etc. and 
their  complements  are  also  levels and wil l  be  held at their value from the 
time P arrives  until a re'set  pulse is input on the R terminal of FF. A finite 
time is required  for the  outputs  to  achieve  their  correct  values  after P 
arrives. This time delay is a characteristic of the logic and is duplicated 
in the dashed box labeled F2. The delay wi l l  cause  the  start  pulse, P, to 
be delayed  until  the  outputs are  stabilized, at which time the P-pulse appears 
a s  an output on line P'. P' is used  to  signal  that  the  network is ready  to 
supply  values  for X , F , etc. 
2. Process  Control Sequencing. The  output variables have a 
hierarchical or precedence  relationship as follows: X,F,I ,Y,W,V,N,G, 
H ,  S ,  My T,  R, J. For  instance, if X is ??l, If no other  variables have  meaning. 
In this case, a trap  to a hardware  failure  procedure is stacked and X is used 
to  stop  the  processor. If X is " 0 ,  an F value of "1" is allowed to  cause a 
trap  to be  stacked  and  the  processor  to  be  stopped. If both X and F are "0 , 
a "1" value for I will  delay  the  processor  until  the  Testing w control  line 
(indicated  in  succeeding  figures  by f fLff )  is reset ,  whereupon E and D are  
accessed again and processing cycled. When I is '?O, a Y value of lfl" 
will  cause  the  Testing w control  line  to  be  set, etc. 
The reason for precedence is the  need to place  entries on the trap 
stack in the proper order. Therefore, the actions necessary for process 
control  must  be  sequenced in the proper  order. The  actions are shown in 
43 
TABLE 6a. EXPANDED STANDARD BASIS 
VARIABLE* 
A 
B 
C 
D 
E 
X 
F 
N 
G 
H 
Y 
W 
V 
S 
M 
T 
R 
I 
J 
STATES 
0000 0000 0011 1111 1111 2222 2222 2233 
0123 4567 8901 2345 6789 0123 4567 8901 
0101 
0011 
1111 
0000 
0000 
1110 
"-0 
"-1 
"- C 
-" C 
"-0 
"-0 
"" 
"-0 
"" 
"-0 
"-1 
"-0 
"-0 
0101 
0011 
1111 
1111 
0000 
0110 
O"0 
1" 1 
0°C 
1°C 
O"0 
O"0 
"" 
O"1 
"-0 
O"0 
O"1 
O"0 
0--0 
0101 
0011 
0000 
0000 
1111 
0000 
0001 
a0 1- 
0- 1- 
b- 1- 
100- 
110- 
01" 
a0 1- 
o-o- 
000- 
000- 
010- 
a0 11 
0101.  0101 
0011 
1111 
0000 
1111 
1000 
-000 
-111 
- lcc 
-0cc 
-000 
-000 
"" 
-011 
"00 
-010 
-00 1 
-000 
1111 
0011 
0000 
1111 
1111 
10  10 
-0-0 
-0-1 
"-1 
"-0 
-0-0 
- 1" 
-1" 
-0-1 
"-1 
-0-0 
-0-0 
-0-0 
-0-0 
0101 
0011 
1111 
1111 
1111 
1110 
"-0 
"- 1 
"- C 
- " C 
"-0 
"-0 
"" 
"-0 
"" 
"-0 
"-1 
"-0 
"-0 
>te: "a" is a 1 if and only if W = 0 when tested. 
'13" is a 0 if and only if W = 0 when tested. 
%"  indicates  terminated state. 
rariable  definitions are shown in Table 6b. 
44 
TABLE 6b. CONTROL VARIABLES 
- 
lymbol " 
x .  
F 
N 
G 
H 
Y 
W 
V 
S 
M 
I 
J 
T 
R 
- 
- 
Definition 
Invaiid - flag hardware  error. 
Illogical - flag hardware/software  error. 
State  change (0 in  transition  matrix). 
New D when N = 1. 
New E when N = 1. 
Indicates  entering  Testing w. Set appropriate  control  line. 
Change value of w (Test and Set  could  be used  to  gain  access). 
Increment (= 1) or decrement ( = 0) value when W = 1. 
Activate  dispatcher. 
Remove ( = 0) or insert ( = 1) a  ready list entry when S = 1. 
Check Testing w control  line. If Testing w control  line is set ,  
a delay occurs. After the  delay,  another  access of the  process 
state is made and the  control  logic is invoked  again. 
Stop this processor  after  setting  trap  indicator  or  saving 
machine registers. 
Stack exit and set  state  to  indicate  terminated. 
Stack abort and set  state  to  indicate  terminated. 
Don't care. 
~~ 
45 
Variable 
X 
F 
‘ N  
G 
H 
Y 
w 
V 
S 
M 
I 
J 
T 
R 
TABLE 7. SUM OF PRODUCTS EXPRESSIONS 
Boolean  Expression 
ACE + ABCE + XEcD + XBE + ADE + BCDE 
BCE + ABEG 
D E + B + C  
eE + ECE + BE 
”_ 
” 
I 
BD + XE 
ABC 
AE + 
”_ 
AC 
”- 
CDE + BDE + BEE + B e  
CE + 
AEDE 
CDE + BEE 
TiCb 
” 
ABC 
46 
A A 1 
A 
J 
I EllABLE 
r"-- "-1 
F2 
R 
SET II = 0 
SET ti = 1 
FIGUFE 10. LOGIC NETWORK FOR PROCESS CONTROL 
47 
1 
R 
S 
1 
0 
FIGURE 11. R-S FLIP-FLOP 
48 
table 8 a s  a set  of ordered  functions. Notice that  the  functions at  steps 10 
(F10) and 11 (F11) involve setting  the  values of certain of the  variables 
previously  evaluated by the network of figure 10. The  network arrangement 
for the  variable N shows how this capability  can  be  implemented.  The net- 
work reset  signal  R is applied  through  the OR-gate to  the FF associated with 
N,  thereby  presetting it to "0. The logic network will  subsequently set  it 
to a "1" if and only if N's value is "1. I f  When F10 or  F11 is subsequently 
activated,  a ffllf pulse  can  be  fed  back  to  the network to  insure  that  future 
samples of N will  be  the  desired  value. 
Software support  procedures have been  specified  to  take  action on 
certain conditions a s  follows: 
0 HWFAULT - 
0 HSFAULT - 
0 INSERT - 
0 REMOVE - 
0 DISPATCHER - 
0 EXIT1 
0 ABORT1 
A hardware  fault  has  occurred. 
A hardware  or  software  fault  has  occurred. 
Insert an entry  in  the  ready list for the 
specified  process. 
Remove an entry  from  the  ready list for 
the  specified  process. 
Review all ready  processes  for  possible 
changes  in  processor  allocation and make 
all necessary changes. Designate the 
trap  processor. 
hitiate  the  removal of the  specified  process 
from  the  process  control  domain and release 
of all allocated  resources. 
The  specified  process  has  aborted,  or has 
been aborted by another process. Initiate 
the  appropriate  diagnostic  action  (the  least 
should be a short dump). Preempt the 
process if it did not  abort  itself. 
These  support  procedures a re  executed  by  the  designated  trap  proces- 
sor. If a particular  application is completely  predetermined  with  respect  to 
one or  more of the  above procedures, it would be  possible  to  implement  part 
or all of them  in  digital  logic o r  microcode depending on the  processor  design. 
It is not  advisable,  however, to assume  that  flexibility is not needed;  the 
open-ended approach is clearly  superior  for  general  usage. 
Figure 12 gives a sequence  control  logic  diagram  that shows  the 
scheme  for  ordering the functions of table 8. Control is accomplished 
49 
TABLE 8. STEPS IN CONTROL SEQUENCE 
50 
STEP FUNCTION 
0 Generate or receive start signal. 
1 
2 
Fetch state of process. 
Invoke logic of Figure 10. 
3 
IL = 1 implies When L = 0 ,  continue sequence at  5 
F = l  implies Stack HSFAULT; continue  sequence 4 
X = l  implies Stack HWFAULT; continue  sequence 
at   STEP 20. 
at STEP 20. 
STEP 0. Delay while L = 1. 
6 Y = l  implies  Set L to "1. ' I  
7 W = l  implies  Fetch w. 
8 w v = 1  implies  Increment w. Continue at STEP 12. 
9 w v = 1  implies  Decrement w. 
10 Test w 
11 Test w 
( w = O ) .  S e t S = l ,  N = l ,  J = l ,  
H = 0. 
(w >O). S e t S = O ,  N = O ,  J=O.  
12 N = l  implies  Store new state HG. 
13 
M = l  implies Stack INSERT; continue  seq nce at 14 
S = 1  implies Continue  seq nce at STEP  17. 
STEP 16. 
15 M = l  implies  Stack REMOVE. 
16 
T = l  implies Stack EXITI. 17 
Stack DISPATCHER. 
R = l  implies Stack ABORTI. Set J=O i f  required. 18 
- 
19 
X+F+J = 1 implies Stop Processor. 21 
X+F+S+T+R = 1 implies Set trap  control  line. 20 
Y = l  implies  Cl ar  L  to "0. I '  
22 I 
I 
End of Sequence. Reset Flip-Flops. 
Activate next instruction  fetch  cycle. 
I I 
I c 
TO RESET R-S 
FLIP - FLOPS 
FIGURE 12. PROCESS CONTROL  SEQUENCING 
i STOP PROCESSOR ( " 2  
through  propagation of a "start  sequence''  pulse  (labeled P) through  the  circuit. 
The  pulse is "steered" to the  appropriate  functions  in  proper  order by pairs of 
AND-gates that  have  been conditioned by network variable  values  and  their 
complements. Z is a disable/enable control to allow the processor control 
logic  (discussed  previously)  to  determine  whether a stop is to  occur when 
J = 1. The gate is normally  enabled, but should be  disabled when a preempt 
occurs  under  some  processor state conditions. Logic flow for  the  various 
functions is outlined in Appendix B. 
By way of summary,  figure 13 shows  conceptually  the  relation of the 
logic discussed with the instruction decode circuitry. It should be clear that 
some  degree of parallelism could  be  incorporated;  in  the  interest of simplicity, 
no  attempt  has  been  made  to show advanced  concepts  such as  instruction over- 
lap or stacks,  pipelining, parallelism, etc. Also, consideration must be 
given to  several  important  questions  such as: what policy prevails in the case 
when the  trap  processor  detects a fault condition;  and, is it reasonable  to 
assume  that  the  processor  that  detected a fault  condition is the  offender? 
F. Software  Implementation 
The  concepts of process  control have  historically been implemented 
with software. The reasons are numerous; the foremost, perhaps, is that they 
were not understood well  enough to  permit  otherwise.  Furthermore,  formalism 
of operating  systems  has only recently  attracted  attention  and, as shown in  this 
report,  can  be extended to include  many  previously  ill-defined  programming 
techniques . 
Because  the  author is not aware  that any precedence  has  been set in 
the  hardware  implementation of process  control,  considerable  attention  has 
been  given  to  digital  logic  formulation  and  design.  This is not to  imply  that 
the  hardware  design  techniques are in any way complex o r  unique; quite  the 
opposite is true, a fact  that  tends  to  support  the  premise  that  such  executive 
control  capabilities  can  readily  be  transferred  from the  domain of software  to 
that of hardware. 
In order  to  emphasize  the  hardware  approach by contrast,  the  design 
concepts a re  presented below in an abbreviated software form. The presenta- 
tion is comprised  primarily of high-level flow charts and source language 
procedures. While no particular  computer is felt  to  be  specifically  designed 
to enhance the software approach, the UNrVAC 1108 Multiprocessor System /14/ 
141108 Multiprocessor System; System Description. UP-4046 Rev. 1, 
UNrVAC Data Processing  Division,  Sperry Rand Corporation. 
52 
I 
PROCESSOR 
P‘ STATE 
TRANSITION I CONTROL Clear  TPL 
L - LOGIC 
- A ‘  1 
INSTRUCTION 
DECODE ‘B’ 
4)  
“c,+’ 
P ,A Dl?Wli!!XS 
L-q TRANSITION STATE 
P’ CONTROL 
LOGIC Set L 
Clear L 4 
c 
I 
Set TCL “ - 4  k 
FIGURE 13. LOGIC  OVERVIEW 
is selected as being  representative of the class of system  the  discussion is 
directed  toward. 
Briefly,  the  maximum  configuration is represented by five  processors 
(three  central  processors and two inpt/output  processors) and four  memory 
modules of 65,000 words (36 bits) each. Central processors, under executive 
control,  can  signal one another  through  the  execution of a special  executive 
(privileged)  instruction known as the  "Initiate  Interprocessor  Interrupt (111). 
This  instruction  enables  the  executive,  while  being  executed by processor A, 
to  interrupt  processor B (#A) o r  C (#A) for  the  purpose of assigning  them  to 
the  execution of arbitrary  tasks. If the  identity of A is known by the  executive, 
the  identity of the interrupted  processor  can  be  determined. 
Other  specific  executive  instructions  that are needed in the  approach 
to  be  depicted are: 
e Load  Storage  Register (LSR) 
e Load Processor State  Register  (LPS) and 
e Allow All  Interrupts  and  Jump  (AAIJ). 
LSR provides  the  means  for  setting  the  memory  access  boundaries  to 
those of a given process.  LPS  enables  the  executive  to set the state of a 
processor  such  that  certain  privileged  instructions and capabilities wil l  be 
prohibited to insure system protection. Finally, AAIJ is the jump instruction 
which, when used  in  conjunction  with LSR and LPS,  transfers  processor 
control  to a process  return  address or entry point. In addition  to  the above 
special  instructions,  each  processor is equipped  with a set of unique control 
registers which can be used by the  executive  to  save  processor-related 
variables  such as identification, etc. 
Because of the  nature of the  instructions  available  to  implement  the 
software  approach,  the  mechanisms  naturally  assume a form  different  from 
that of the  hardware  approach.  From  the  potential  user's viewpoint, the 
primitives  become,  in  the  software  implementation,  "executive  requests, If 
i. e. , "supervisor  calls, I f  rather than instructions. Furthermore, "preempt" 
and  "dispatch" are functions  initiated  directly  by  the  dispatcher, and are 
therefore neither instructions nor supervisor calls. And, finally, traps are 
implemented by use of the I11 instruction.  Except  for  these  changes,  the 
process  control  concepts  remain  the  same. While it is possible  (and  perhaps 
even  desirable)  in  the  software  case  to follow a vastly  different  approach 
than  the  scheme  outlined  in  the  hardware  implementation,  an  intentional 
effort was  made  to  keep  the two approaches as near  the same as possible  for 
comparison  purposes  and  to ease the  transition  for  readers not  heavily 
oriented  toward  programming. 
54 
Figure 14 gives flow diagrams of the  executive  requests  for  primitive 
functions  considered  in  the  hardware  implementation  (except  PREEMPT  and 
DISPATCH). All  primitives  require  similar  testing  in  order for the  validity 
of the  request  to  be checked. For this  reason, they are organized as "set-up" 
procedures;  each  primitive is a unique procedure  that performs initial- 
ization and then  transfers  processor  control  to a common  procedure for 
validation  and  action. Figure 15 gives an overview to  the  common  procedure 
"CONTROL. I t  
CONTROL plays  the  role of the  logic of figures 10 and 12. It eval- 
uates  the  Boolean  expressions,  and tests their  values in order to make  branch- 
ing decisions  to  perform  the  appropriate  functions. In order  to  perform  the 
functions implied by HWFAULT, HSFAULT, EXIT, and ABORT, the  entry 
address and arguments  for  initialization  routines  for  each of these  procedures 
is queued in much  the  same way as in  the  hardware  case. REMOVE, INSERT, 
and DISPATCHER calls are made  directly  because  their  frequency of usage 
is assumed  to  be  higher  and  their  program  size  smaller  than  those of the 
four  queued  entries. 
In the  case of a "preempt" or "dispatch"  primitive, a unique  code is 
queued by the  dispatcher  along with  the identification of the  affected  cpu. 
Whenever entries are queued, CONTROL wi l l  initiate  an  interprocessor  inter- 
rupt  requiring  the  trap  processor  to  service  the queue. An overview to  this 
capability is shown in  figure 16. Notice that  the  interrupted  processor 
checks first to  see if it  has a queued "preempt" or "dispatch"  primitive. If 
not, it is the  trap  processor and therefore  executes the  queued initiation 
routines . 
Figure 1 7  gives  approximate  source-form  listings of the  statements 
that  make up the  various  procedures. The listings  are  sprinkled with comments 
to  make  them  self-explanatory  for  the  most  part. The - own declarator w a s  
used  to  approximate  the  need for all procedures  to  be  reentrant  since all 
processors  may he executing the same code simultaneously. Those procedures 
not explicitly defined a re  defined  implicitly by context or  by comments. See 
reference /15/ for a description of ALGOL. 
15Naur, P. , et al: Revised Report on the Algorithmic Language ALGOL 60. 
Comm of ACM, V6N1, January 1963. 
55 
a. 
ci 
b. 
(7) 
ie[_i 
rccessname 
C. 
(7 wait 
d. 
qunumber cpunumber  cpunumber  cpunumber 
processid  processid 
c = false 
b = false 
a = false 
c = false 
b = false 
\ cba / 
processid 
I 
set 
c = false 
b = true 
a = false 
control 
processid 
cpunumber 
I processid 
I 
1 
set 
c = false 
b = true 
a = true 
! 
control 
processid 
nil 
cba 
1 
FIGURE 14. PROCESS  CONTROL  PRIMITIVES 
e .  
get 
cpunumber 
L r-- 
r - .  get 
' processid 
"I 
L "1- 
c = true 
b = true 
f.  
fl processname 
I 
cpunumber 
I processid 
i 
C J  a = true I 
c ontr ol 
processid 
cpunumber 
FIGURE 14. PROCESS CONTROL PRIMITIVES (Continued) 
(7 Crntro1 "0 Evaluate r".? PCB Sate = H G  Y P = X + F + J  
+" 
Q V I =  PCB (3- 
RETURN 6"- 
'$= , 
0 S + F + T + R  I 
FIGURE 15. CONTROL FLOW DIAGRAM 
Jump 
to 
Process 
Returnaddress 
I11 - - - - - <:- .--I 
0 cpunumber 
Save 
Process 
Machine 
-1 
dispatch no 
Machine 
Register r 
no 
\ 
1 
Get next 
I 
Specified 
Procedure 
Return  to 
Interrupted  Location 
FIGURE 16. INTERPROCESSOR INTERRUPT PROCEDURE (TRAP) 
ox" hs!TAn 8 .  11. c ;  
Integer procedure cpuld. IdhashMme; 
comment epu and procesq are amsumad to be s p s c h l  control reglatar 
procedure  control; 
addresees  contalnlng the lmpllsd  Idantlflcatlon dah; 
cpunumber:; z; 
procedure  atop &be 
proceesld:= p~ofe~~; 
b:= e; 
control (cpunumber.process1d.I.b.c) 
a: = false; 
c:= w; 
@ stop; 
processid:= Idhashname (procesename); 
procedure w&e (processname) b& 
idhashname  searches B hash-coded table correlating 
processname wlth B ulllque proceseld; 
cOmment cpuld can be II speclal functlm  thst retumils the c p n u m b e r  
cpunumber.=  cpuld  (proceasld); 
b:= f a l s e ;  
8:' true; 
control (cpunumber.process1d.a.b.c) 
@ w a k e ;  
from the FCB; 
-
c.= false; 
cpunumber:= *; procedure Walt 
processid:= pTocBBB; 
b:= e; 
a:= false; 
c : =  false; 
control (cpmwnbr.procsss ld .~ ,b .c )  
end walk 
processid:= I d h a s h e  (proceaaname); 
procedure cmtlme (processnme)  
cpunumber:= cpuld  (processld); 
*:= s; 
b:= e; 
e: = e: 
control (epunumber,proceaeid.a.b.c) 
@ contlnue; 
cpuoumber:= *; 
procedure  exit b- 
pmcessld:= ~TOCBBB; 
-
P = fnlse; 
b:= e: 
control (cpunumber,proceseld,a,b,c) 
c:= e; 
@ eJt; 
procedure abort (processname) 
proceseld;= ldhashnnrne ( p r o c e s s m e ) ;  
cpuaumber:=  cpuld  (processld); 
b:= e; 
a:= e; 
nucleus 
LI: 
L2: 
13: 
u: 
L6: 
LO: 
La: 
LB: 
L10: 
L11: 
LIZ: 
L1: 
L2: 
60 
x queue (hwfault,cpnumber.procaasldl; 
I:= h . 6 . e  6 a.b.6.a;  
I f  f then queue (hsfault,cpunwber,pmcassld): 
I : =  a. E .  a. e: 
* 
y:= a. b. c ;  
If y * L:= 1; 
w:= L. I + 8 .  E ;  
":= a.a + b + e ;  
I:= +b.a..; 
" _  
a : = c . a . ~ + b . d . a + b . a . e * b . a ;  
g:= E.* + 6.c.e + b.l; 
h:= 6.d + i . 5 ;  
If then go to L5; 
&:= workvrrhble (proceaaId); 
v:= L C ;  
l f v s  b- * 
w:= w + 1: stnrawor*vulabla  (procesa1d.w); 
w:= w - I;  
storeworkvarlable (process1d.w): 
e @ L5 end; 
procedure  trap bedn in-er queue; 
awn Integer cpurmmber. procesald; 
procedure a w e .  land. nextentry; 
booleam array preempt. diepatch I 0:2 I ; 
cpurumber:= 9; 
prmeesId:= process; 
if presmpt [ cpunumber 1 
b- 
mve  (cpmumber.   pmcsestd);  - If dlspatch I cpunumber I then go to L1; 
ti&; 
load  (cpunumber.  pmcesstd); 
&!?T 
end; 
comment  Jump  transfers control to the proceas; 
dlspatch 1 cpuwmber I then go to L1: 
If queue = 0 Uleo T(lhllp; 
nextantry (routlne.cpunumber.proceeeid); 
rmUm (cpunumber.prccessld); 
comment thle call to I queued rmtlne hM to bo "faked-In" mime 
goto- 
4 t rap  
the langungs doean?  permit  thia  exmt squence; 
procedure dlapatcher be& . . . etc. 
nucleus 
FIGURE 17.  SOURCE FORM STATEMENT LISTINGS 
FOR PROCESS CONTROL 
SECTION V. MONITORlNcr 
Through  the use of the  PCB as a store  for  special  data and  main  memory 
addresses, a powerful  monitoring  and/or debugging facility  can be implemented 
as an  integral  part of the  logic  for  process  control.  Three areas of usage  are 
discussed  here  in  order  to expand on the  application of the  control  mechanism  to 
include  program debugging , dynamic  scheduling, and system  stability  measurement. 
A. Program Debugging 
A s  shown in  the PCB of figure 1, the  Breakpointaddress  provides 
an  address which is loaded, when a process is dispatched,  into a special 
processor  compare  register.  Every  instruction  fetch  address is compared 
with  Breakpointaddress; a match  causes a trap  to the  associated  BPAtrapaddress. 
Breakpointoperand is similar in  that it is also loaded  into a special 
processor  register. The effective address for all operand fetches is compared; 
a match  causes a trap  to  BPOtrapaddress. In the  case of post-indexing, every 
address  in  the  (possibly infinite) sequence is compared. 
Other  parameters  could  be  included  in  the PCB to  facilitate  capabilities 
such as "traces , or   to  specify  special  processor  mode  flags  to  indicate "debug, If  
"phase step, ' I  and "single  step"  modes of processor execution. 
In addition to  the obvious aids  to debugging provided by breakpointing, 
etc. , sampling of the  work  variable as mentioned  previously  provides a basis 
fo r  dynamic  operation  scheduling and detection of a trend  toward  system  instability. 
B. Sys tern Stability 
A s  mentioned  previously  under  the  subheading on Process  States,  samp- 
ling  the  work  variable, w ,  for all system  processes  provides a means of measur- 
ing  the  scheduled  system  workload. If attention is restricted  to  "closed" real 
time  systems, definitions for  backlog,  degradation, and time-bounded stability 
can  be given. The discussion  that  follows is intuitive  in  nature;  concepts are not 
rigorously  developed and are intended primarily  to  suggest  possible  further  study. 
1. Backlog. This name is given to an amount of work which has been 
scheduled  but  has not been  completely  processed by the  system.  Backlog is clearly 
a complicated  function of time;  in  the  context of process  control, w provides a 
61 
good linear  measure  for it. Suppose that at time  t,   process Pi has a non-zero 
w. The value is denoted by wi(t) .  Since the system is closed, the average 
values of m h o r y  space and processor  time  for Pi can  be  measured or calcu- 
lated and stored as constants  in  the  associated PCB. Assuming they a re  constant 
and  denoting the  memory space and processor  time as si and pi ,  respectively,  for 
the ith process,  the  space-time  constant for Pi is 
Therefore, if n is the  number of processes known to  the  system, 
B(t) =Ei wi(t),  summed  over all [ i = 1,. . . ,nlwi(t)>o ] 
is the  system  backlog at time t. If because of the  nature of the system it is 
known that  the  backlog at time  t  must  be  eliminated by time to = t + A t o ,  then 
an  estimate of the system's  ability  to  accomplish  the  backlog  work  in  the 
allowable interval  can  be  made as follows: Suppose there  are M equivalent 
processors  in  the  system and S is the  total  amount of (shared)  main  memory 
space. Then, the fraction of system capability, measured as the available 
system  space-time,  required  to  eliminate  the  backlog is 
F(t,Ato) = B(t) = B(t) where eSMAt SMA t .-h ' 
system efficiency is represented by e< 1 and h is overhead.  Clearly, if  F>1, 
the  system  cannot  complete  the  backlog  in  the  allotted  time  interval. If the 
configuration  allows spare processors  to  be switched  into  active  operation, F 
would be  used as a first approximation  to  determine when spares should  be 
switched in  or out in  anticipation of the expected loading. In the  case of many 
relatively  simple  systems,  the  number of processes is small and their compute 
cycle space-time constant can be accurately measured o r  calculated. If these 
systems  are  repetitive  or  cyclic  in  nature, it is possible  to  measure backlog 
and  plot it as a time  function.  To find the  minimum  number of processors  that 
wil l  allow completion of the backlog,  B(t) , set F = 1 giving 
Mmin = greatest  integer in + 1. 
e SAt 
2 .  System  Degradation. Suppose the  processes of a system a re  
ordered  such  that  l>m  implies  that  the  priority  (relative  importance) of 
pl &priority of Pm for  all 1,  m 4 n. Suppose further  that when  the  maximum 
62 
number of available processors, My is in  use, F>1. If the system has the 
ability  to  schedule only the  higher  priority  processes  such  that F can  be  made 
less than 1, then  the  system is said to be  operating in  a degraded  mode  and 
degradation,  D(t), is defined to be 
D(t, A t )  = Zciwi(t), i = 1,. . . , k ,  
i 
That i s ,  degradation is simply  that  portion of the backlog at time t which  can- 
not be  eliminated  in  the  allotted A t  interval. 
If a system  exhibits  the  property  that  the  degradation is strictly  increas- 
ing on At, then it is clearly  unstable on A t .  * O n  the  other  hand, i f  D(t, At) is 
monotonically decreasing on At, then  the  system  can  be  said  to  exhibit  the 
property of time-bounded stability  (over  the  interval At) .  
C. Dynamic Scheduling 
Development of a scheduling philosophy per  se is beyond the  scope of 
this report. However, several points should be clarified. The process 
control  mechanism  provides  inherently  for  what  might  be  termed "demand 
scheduling. I '  The primitives will insure  that  the  dispatcher  gets  control 
whenever certain process state transitions occur. However, this is not 
sufficient  in  the  general  case  since a process could  conceivably  gain  control 
of a processor and  not relinquish it. 
This  problem  can  be  resolved by defining a system  process  that is 
periodically  given  control  because of its intentionally  assigned high priority. 
Once this  process  gains  control, it requests  activation  (that it be placed in  the  ready 
state) at some  prespecified  future  time and then  invokes  the STOP primitive. 
The  sequence is repeated  in  order  to  insure  that  the  dispatcher is given  an 
opportunity to  reschedule all processes.  This  scheme  supports what might 
be  termed  "time-slice  scheduling. I t  
If a process is dispatched and its work  cannot  be  completed  in  some 
predetermined  time  interval, it must  be  preempted,  assuming  other  processes 
of higher or equal  priority are not  executing.  Indiscriminate  application of 
this kind of policy can  result  in  processes  that are never  quite  caught up on 
the  work  requested of them. A scheme  that  gives  preferential  treatment  to 
processes having a greater "age x work  variable'!  product  may  be  applied  in 
special  cases  such as this. For instance, a low priority  process  might  be 
63 
dispatched when its age x work variable product exceeds  some  threshold 
value. This will tend to give a periodic  boost  to  processes that add to the 
backlog, but don't have a high enough priority  or work variable  value  to  be 
dispatched. 
64 
SECTION VI. COMPARISONS 
This section  compares  the  conventional  software  approach to the  hard- 
ware  approach on the  basis of reasonable (although crude)  estimates. Execu- 
tion  time and hardware  cost are the  comparison  factors shown here; it is 
believed  that a similar trend  can  be shown for  other  factors  such as weight, 
volume, reliability, and power. 
Reference /16/ indicates  that  cost/bit of core  memory is 3 cents and 
cost/gate is 10 cents. On the basis of the logic and software shown, it is 
estimated  that 20K bits (based on an  estimated  program  length of 490 10 
[ 40 bit ] words) of memory are required  for the depicted  software, while 
201'gates are  estimated  for  the  hardware logic. This yields a cost  comparison of 
Memory for  software - $600.00 
Logic for  hardware - 20.00. 
An execution time  comparison is even  more  startling:  assuming a 
gate  time of 14 nanoseconds (1 nanosecond is achievable) and an  average 
instruction  operation  time of 2 microseconds, a conservative  comparison is 
possible. 
In the  case of the  hardware  approach, it seems  that a reasonable  upper 
boundary on the time is 10 main  memory  cycle  times  (assume 10 micro- 
seconds). A reasonable  lower  boundary on the  software  approach  time is 
obtained by assuming  that only half the main  memory  words a re  fetched. 
This  gives a time of 490 microseconds. 
The two comparisons,  admittedly  gross but  believed  to show the 
correct  relationships,  result  in the following illustration: 
TABLE 9. COST AND TIME COMPARISON 
Hardware 20 
1 /49 Ratio (H/S) 1/30 
490 Software 600 
10 
I 
~ d 
16 Kerner, H. and Gellman, L. : Memory Reduction Through Higher Level 
Language Hardware. NASA TM X-53962, Research Achievements Review, 
V. III, N. 9, 1969. 
65 

SECTION VII. CONCLUSIONS 
The effort  reported upon had as its principal  thesis the belief,  shared 
by  many computer  system  specialists,  that  portions of the  executive system 
can  be  pared away from  the  total  system and formalized  through a supporting 
theory. The objective of the  report is to outline an  approach,  based on current 
trends in the NASA space  program and ideas  within  the  computer  systems 
community, to  describing a significant  aspect of an  executive  routine, and 
showing how this aspect  can be  formalized. 
Much discussion  has  taken  place  in  the  spaceborne  computer  systems 
area regarding  the  feasibility and definition of a "hardware  executive. If Some 
have  coined this phrase  in  the  context of a capability  for  system  fault  detection, 
isolation and reconfiguration  control, while others have  outlined  "hardware 
executivesff  that  embrace  the  entire  functional  domain of a real  time  monitor. 
The author feels that  the  former  interpretation is too  restricted  in  the  sense 
that  the  specified  functional  responsibility is a subset of that of an  executive 
routine. The latter interpretation is valid  from  the  point of view of functional 
responsibility, but implementation  schemes  invariably  make  extensive  use of all the 
capabilities of a general  purpose  computer  resulting  principally  in  an  extrac- 
tion of the  executive  from  the  "application"  computer,  and  the  corresponding 
dedication of a second "executive" computer. 
There is little doubt that  an  extraction of the  executive is desirable; 
but, it is not desirable  to  merely  transliterate the  function from the  domain 
of software  into  either  the  domain of digital  logic or stored logic.  It  seems 
reasonable  to  assume  that a reformulation of the  control  concepts is necessary 
in  order  to  insure a cost-effective  transformation.  That i s ,  the  control func- 
tions should be  reexamined  from  the point of view of the target domain,  and 
analyzed  with  the  engineering  techniques found most  successful  to  that domain. 
The report  has  attempted  to  display  the  concepts of extraction and 
reformulation as applied to the  digital  logic  domain. The executive functions 
discussed are extensions of functions  needed  in all real time  systems  and, as 
a superset, all multiprogramming systems. The report defines the functions 
and  inductively derives a state diagram  for  the  necessary  control  in a multi- 
processor  environment. 
The state diagram  represents a sequential finite state machine  which 
relates program  dynamic  requirements  for  computation  time with  the means 
for  determining  the  validity of the  requirements  and  the  means  for  allocating 
the  time. Having defined a machine, a mechanization  for it is discussed  in 
tutorial  form. The rationale  for this approach is that it should  strengthen 
the  computer  hardware  designer's  understanding of a systems  programming 
67 
view of executive  control; in  addition, it should better equip  the  systems 
programmer  to  devise  such  transformations  for  himself. It is expected  that 
the  overall  result of this approach  (aside  from  substantiating  the  results) 
wi l l  be a better  mutual  understanding  between  the  programmer and hardware 
architect. 
It should  be clear that  many  details were excluded, and  many questions 
left unanswered.  It was not  intended  that a final  detailed  design  be  displayed. 
Naturally,  the  lack of detail  in  certain areas vitiates  the  comparison of soft- 
ware and digital logic approaches. However, a comparison was made and the 
results are felt  to  display  the  general  relationships  with  fidelity.  obviously 
a more in-depth analysis is required  to  substantiate  this  supposition. 
68 
I "  
SECTION VIII. FLEXOMMENDATIONS 
The report  has outlined an  approach  to  hardwired  digital logic imple- 
mentation of a nucleus for  executive  control of processes  in a multiprogram- 
ming, multiprocessor computer complex. While the approach appears 
promising on the  basis of intuition and the  gross  comparisons-given,  more 
detailed  analysis is required  to  strengthen  the  credibility of the  concept and 
to  more  rigorously  define  the  actual  requirements.  Based on these  obser- 
vations,  the following recommendations are offered  to  direct  further  effort: 
0 Further analysis is required to complete the specification 
of the  multiprocessor  control  logic.  This  includes expan- 
sion  to  embrace  all  process and processor  states, and 
transition  activation  inputs  (primitives and control  lines). 
0 Based on the complete specification, a careful evaluation 
should be  made and documented. 
0 The concepts should be reduced to operable form for the 
case of a single processor  multiprogramming  system 
with similar  evaluations. 
If the  resulting  eva1uations.prove  favorable  to a digital  logic  imple- . 
mentation  scheme,  the following recommendations are offered: 
0 An analysis should be performed to determine the feasibility 
and effectiveness of implementing  some or all of the  support- 
ing software  procedures  (such  as HWFAULT, INSERT, etc. ) 
in  the  form of microprogrammed  stored  logic. 
0 In the case of both the Space Shuttle and Space Station, there 
is a  strong  likelihood  that  some  aspects of the support 
functions can be rigorously defined. If so, they become 
candidates for possible  stored or discrete logic  implemen- 
tation.  It is recommended  that  feasibility  be  determined 
and that  the  appropriate  trade  studies be performed  to 
ascertain the most  effective  means of implementation. 
0 Finally,  the  feasibility and effectiveness of an all- 
microprogrammed  approach  to  implementation  should  be 
determined  for  the  case of the NASA Space Ultrareliable 
Modular  Computer . 
69 

APPENDIX A 
LOGIC MAPS FOR PROCESS CONTROL 
The  maps shown on the following pages  (figure A l )  aid  in  the  deriva- 
tion of Boolean expressions  for  the  evaluation of the output variables for  
process  control.  The r'/f' is used  to  mark  those  minterms  that  are "1. " 
The shaded area is the union of all "1" and "don't-care" minternls. Unshaded 
areas  represent "0" minterms. 
The  process of reading  the  map, i. e. , determining  the  variables  to  be 
used  in  composing  the  expression, is normally guided by a set of design objec- 
tives. Since many different  but  logically equiv'alent expressions  can  usually 
be developed for  each  variable,  the  design  objectives are used as criteria  for 
the selection of a particular expression. Some typical criteria are: desired 
degree of redundancy;  the  number of gate  inputs;  whether  inverters  are  desir- 
able;  whether  each input variable and its complement a re  both available; 
what type of logic devices are  to be used,  e.  g.  nand/nor,  and/or,  etc. 
In the  development of expressions  for  this  report, no specific  logic 
circuits  were  assumed, and the  main  objective was to  adhere  to a "transparent" 
reading philosophy for  simplicity.  (The  author  does not claim  to have exper- 
ience i n  the  application of digital  design  techniques;  tricky  derivations  were 
accordingly  avoided  intentionally. ) An attempt w a s  made , however,  to couple 
the  largest  number of variables  in  each  term.  Also, all maps were read to 
satisfy "true"  minterms with "don't-care''  minterms  forced  to  "true"  values  to 
eliminate  terms  where  possible. 
71 
X x ACE + AECE + XEC'j + + "- 
ADE + ECDE 
E 
- 
E 
FIGURE A l .  MAPS FOR DERIVATION OF 
BOOLEAN  EXPRESSIONS (Sheet 1 of 5) 
72 
G = eE + BCE + BE 
( r k l f  is taken to  be "0" for 
worst case. ) 
H = E D  + 
I = ACBE 
FIGURE A l .  MAPS FOR DERIVATION OF 
BOOLEAN EXPRESSIONS (Sheet 2 of 5) 
73 
V = AC 
FIGURE A l .  MAPS FOR DERIVATION OF 
BOOLEAN EXPRESSIONS (Sheet 3 of 5) 
74 
8 T = ACD 
" 
R ABC 
s = CbE + BDE .+ BEE + BE 
FIGURE A l .  MAPS FOR D E W A T I O N  OF 
BOOLEAN  EXPRESSIONS (Sheet 4 of 5) 
75 
Y = ABC 
"_ 
J = CDE + BEE 
FIGURE A l .  MAPS FOR DERIVATION OF 
BOOLEAN EXPRESSIONS (Sheet 5 of 5) 
76 
APPENDIX B 
The  functions  outlined  in  figure B1 are those  required  as  indicated  in 
figure 12, V r o c e s s  Control Sequencing. If Only an overview is shown; no 
attempt was  made  to  give  details  since  the  peculiar  architecture of a candidate 
processor  must be considered  for  proper definition. 
It is clear  from  the following diagrams  that all functions are  simple. 
Showing this simplicity is the  main  objective of the appendix. (Note that 
function F2 is shown in  figure 10 and is not repeated  here. ) 
77 
Pulse In 
For F1, word number = 2 
For F7, word number = 2 
For F1, appropriate  regisbrs 
For  F7,  appropriate  register 
a re  State FFs D and E. 
is adder. 
I 
Pulse Out 
Functions F1 and F7  
FIGURE B1. PROCESS CONTROL FUNCTIONS (Sheet 1 of 10) 
78 
I 
NAME address 
into 
MBR 
Invoke 
Not  Specified - - - - - stack entry 
insert logic 
NAME 
HWFAULT 
HSFAULT 
INSERT 
REMOVE 
DISPATCHER 
EXIT1 
ABORTI 
FUNC TIBN 
F3 
F4 
F 14 
F15 
F16 
F17 
F18 
" PROCEDURE STACKING FUNCTIQNS 
FIGURE El. PROCESS CONTROL FUNCTIONS (Sheet 2 of 10) 
79 
Pulse In (P) Pulse Out (PI) R Q 
DELAY 
FF 
L S Q 
- - 
Pulse P delayed until L drops 
to false. 
80 
Fulse In: f 
S e t L = O  R Q L 
(F19) 
L 
FF 
S 
Pulse In: 
S e t L = l  
Pulse Out 
(F6) 
FUNCTIONS  F6  AND  F19 
FIGURE B1. PROCESS CONTROL FUNCTIONS (Sheet 4 of 10) 
81 
Pulse In 
Strobe 
Memory 
W r i t e  
Line 
If w is imbedded in a 
word, additional packing 
is required. 
82 
Pulse In 
complement 
of 1 to  the 
adder 
r Route 
adder  contents 
to 
MBR 
Strobe 
Memory 
Write 
Pulse Out 
FUNCTION F9 
FIGURE B1. PROCESS CONTROL FUNCTIONS (Sheet 6 of 10) 
83 
I 
Pulse In 
Pulse Out to 
Set S = 1, 
N = 1, 
J =1, 
H =O. 
Pulse out 
FUNCTION F10 
?: . 
FIGURE B1. PROCESS CONTROL FUNCTIONS (Sheet 7 of 10) 
84 
Pulse In 
Pulse Out to 
Sets = o ,  
N = 0, 
J =O. 
Note: F10 and F11 
could be 
combined. 
Pulse Out 
FUNCTION F11 
FIGURE B1. PROCESS CONTROL FUNCTIONS (Eheet 8 of 10) 
85 
Pulse In 
Gate HG 
into 
MBR 
J 
Memory 
Write 
Line 
Pulse Out 
FUNCTION F12 
Packing  may be required. 
FIGURE B1. PROCESS CONTROL FUNCTIONS (Sheet 9 of 10) 
86 
Pulse In - + 
S Q .  TCL 
TCL 
FF 
R 
Pulse Out 
FUNCTION F20 
FIGURE 131. PROCESS CONTROL FUNCTIONS (Sheet 10 of 10) 
NASA-Langley, 1971 - 8 
87 
