Porting the Chorus Supervisor and Related Low-Level Functions to the PA-RISC by Konuru, Ravi et al.
Portland State University
PDXScholar
Computer Science Faculty Publications and
Presentations Computer Science
1-1992
Porting the Chorus Supervisor and Related Low-Level Functions
to the PA-RISC
Ravi Konuru
Oregon Graduate Institute of Science & Technology
Marion Hakanson
Oregon Graduate Institute of Science & Technology
Jon Inouye
Oregon Graduate Institute of Science & Technology
Jonathan Walpole
Oregon Graduate Institute of Science & Technology
Let us know how access to this document benefits you.
Follow this and additional works at: https://pdxscholar.library.pdx.edu/compsci_fac
Part of the Computer and Systems Architecture Commons, and the Computer Sciences
Commons
This Technical Report is brought to you for free and open access. It has been accepted for inclusion in Computer Science Faculty Publications and
Presentations by an authorized administrator of PDXScholar. For more information, please contact pdxscholar@pdx.edu.
Citation Details
"Porting the Chorus Supervisor and Related Low-Level Functions to the PA-RISC," Ravi Konuru, Marion Hakanson, Jon Inouye and
Jonathan Walpole, OGI Technical Report No. CS/E-92-006, January 1992.
Porting the Chorus Supervisor and 
B.elated Low-level Functions to the PA-nISC 
Ravindranath 1(onuru, 
Marion Hakanson, 
Jon Inouye, 
Jonathan Walpole: 
Department of Computer Science and Engineering 
Oregon Craduate Institute of Science and Technology 
January 27, 1992 
Ahstract 
ThiR do('.ument. is part of a series of report.s descTihing the design deeisions made in porting 
the Chorus Operating SystClll to the Hcwlctt-Packard 9000 Series 800 workstation. 
The Supervisor is the name given by Chorus to a colledion of low-level functions that are 
machine dependent. <':Ind have 1.0 he implement.ed when Chorus is port.ed from one machine 1.0 
another. The SUPCT'1.'iSOT is responsible for interrupt, trap and exception handling, managing 
low-level thread initialization, eon text switch, kernel initialization, managing simple deviees 
(timer and console) and offering a low-level debugger [7]. This document describes the port of 
the Supervisor and related low-level funetions. 
The informacion cont.ained in ['h is paper will be of int.erest, Lo people who wish 1,0 underst.and: 
• The main characteristics of Chorus and PA-RISe a.rchitecture tha.t are useful in under-
standing the port of the Chorus S'upcn:isor . 
• The rcquirC111cnts and implementa.tion of the Chorus 8upcn:isor . 
• The rcquirclllcnts and implementation of Chorus page fault interface 
• The requirements and implement.ation Chorm, SYf.JLem Call Int.errace 
• The requirements and implement.at.ion of muler inLerf<1ce which is a pnft. of t.he Chorm, 
system call interface for efficient thread synchroniza.tion. 
• R.ea.sons for the modifica.tions to the porta.ble layers of Chorus kernel to implc111cnt the 
above requirelllents. A smlllllary of the lllodifications is also presented. 
H is useful t.o read t.he port. overview [17J hefore rending chis document. It, is also a good 
idea to have the Precision Architecture and Instruction Set Reference Manual [10J and Chorus 
v3.3 illlplclllcntation guidc[7J on hand although it is not absolutely nccessary. 
"'This research is sllpportf'd by thf' Hf'wlf'tt-Packard Company (HP), Chorus Systemes, and Oregon Advancf'd 
Computing Instil ute (OAeIS). 
1 
Contents 
1 Introduction 
1. -I Supervisor Port Overview 
1.2 Chorus Overview .... 
1.3 PA-RISC 
1.3.1 Control Rcglstcn; 
1.3.2 Interruption, .. 
1.:1.3 Vlemory Vlanagement Support 
2 Supervisor 
2.1 Supervisor requirements ........ . 
2.1.1 Supervisor interface requirements 
2.1.2 Super vi"" Actor Interface .... 
2.1.3 Event (h,terrupt, Trap and Exception) IIandling 
2.-1.4 Timer and Console l'vlanagernent 
2.1 .. 5 Low-level Ilebugging facility. 
2.1.6 Kernel initialization ... 
2.2 Supervisor implementation 
2.2.1 Thread Regioter Context 
2.2.2 Ylachirw Dependent Thread Deocriptor . 
2.2.3 SupCtxInit() ... 
2.2.1 SupCtxSwitchO 
2.2.Ei SupGetU serCtx() . 
2.2.6 SupCtxRe,etO .. 
2.2.7 SupCtxI,U,erModO 
2.2.8 The variolJs connect and disconnect functions 
2.2.9 Supervisor Actor Interface Implementation 
2.2.10 Interrupt masking and monitoring functions 
2.2.11 Event Handling ......... . 
2.2.12 Tinwr and Console 11anagcIIlcnt 
2.2.13 Debugger ..... . 
2.2.14 Kernel Initialization 
3 Chorus Page Fault Interface 
3.1 Requirements. 
3.2 Implementation ... 
4 System Call Interface 
4.1 RcqulrcIIlcnts ................ . 
4.2 Implementation ............... . 
4.2.1 System call interface for user actors 
4.2.2 System call interface for supervisor actors 
5 Mutex Interface 
5.1 Requirements 
5.2 IrnpleIIlcntatloIl 
2 
4 
4 
Ei 
t, 
7 
8 
9 
12 
13 
13 
17 
18 
18 
18 
19 
19 
19 
21 
21 
21 
2Ei 
2.5 
25 
26 
29 
32 
32 
37 
37 
:38 
39 
39 
39 
41 
41 
42 
42 
45 
46 
16 
47 
6 Modifications to the Chorus Portable Layers 
7 Future Work 
8 Acknowledgements 
3 
49 
50 
51 
1 Introduction 
This document is part of a senes of reports describing the design decisions made in porting the 
Chorus Operating System to the Hewlett-Packard 9000 Series SOO workstation. 
Chorus is horizontally divided into a machine independent layer and a machine dependent layer. 
The IIlachinc dependent la~ycr cxport~ a rnadunc indtpendent interface that i~ expected to rcrnaln 
unchanged as the operat.ing ~y~tcln i~ ported froIH one rnadunc to another. The rnachinc depen-
dent layer is divided vertically into two major partitions: the Sl1PfTvisor and the rmn.u (memory 
management unit). The rnrnl1 is responsible for the implementing the machine dependent memory 
management functions [1]. This document deals with the implementation of the Supervisor and 
other related low-level functions. The port of the mill" is discussed elsewhere [11]. 
An overview of the port of the Choru~ Supe,,"vi.so,t and related functions is given in section 1.1. 
Dr.ief reviews of senne of the characteristics of Chorus and the PA-RISC architecture are given in 
sections -1.2 and 1.~j respectively. The pu rpose of these reviews is to give sufficient backgrou nd for 
discussing the machine dependent layer. For detailed information about Chorus, refer to the Chorus 
technical reports CS/TR-90-71 [7] and CS/TR-89-30.1 [2]. For information about PA-RISC, refer 
to [15, 10]. 
The Supe'f'vi.so,t requirerllents and irnplerllentation an~ presented in section 2. The Chorus page 
fault interface is presented in section 3, the System call interface in section 4, and the Tntdt;r 
interface in section .5. 
T he main reasons for the modifications to the portable layers of the Chorus kernel and a 
summary of the modifications is given in section 0. Future work is presented in section 7. 
1.1 Supervisor Port Overview 
\Ve started our ground work for the port in Sep go. The operating system as well as the architecture 
were completely new to us at that time. \Ve spent about a month reading the documentation and 
pape"., on PA-RISC aJThitecture [10, 15, 16, 13] and Choru, operating 'y,teIIl [2, 1, 4]. The 
Tut books [8,3] documenting the mach 2.0 port by HP to PA-RTSC proved valuable sources of 
information. 
In Oct 90 we had a I-week course on porting Chorus at Chorus Systemes, France. Various 
components were identified. As Chorus personnel were also not familiar with PA-RISC, the Cho-
rus port to 110torola 88000 \\ias used as a case study to explain the vaJ'ious rnadune dependent 
cornponents and the porting process. Tlus proved useful for the design of the Chorus Supervisor. 
Assembly language programs were written to understand the PA-RTSC architecture especially 
with respect to nullification, delayed branches, procedure calling conventions and the usage of adb, 
the assembly language debugger. 
The following basic principles of design were applied as often as possible: 
• r;se 32 bit addresses. Initially, we considered using 0·1-bit addresses. However, it would have 
caused extensive changes in the portable layers of the kernel and is was not clear how to 
design an interface with 54-bit address pararneters. In an~y case l it would have increased the 
tlme of the port. \Ve ldt thl, for future work . 
• Keep the design as simple as possible. The aim was to get the first working port as quickly 
as possible. Tlus was one of the principles that was reiterated during our course at France. 
We whole heartedly agreed with that. 
1 
• l~ ~e the a vailahle Tnt code for the rIlachine dependent la~yer irnpkrIlentation. The goal again 
was to get the port up afl quickly as posflible. (-'or example the code for initiali;;ation would 
have taken us a long time to figure out, write and debug if did not use the Tut code albeit 
with modifications. 
The design and implementation of the SUPf'lTisor did not prove very difficult once we had a 
good grasp of the architecture and the Chorus machine dependent layer. The availability of Tut 
code was also very beneficial. 
Chorul:) provide~ a kernel test ~uite[9] for validating the kernel. Thil:) "vas the only IIwthod we 
employed to validate ou r kernel port. 
1.2 Chorus Overview 
Chorul:) il:) a IIw~sage ba~ed rIlicro-kernel that ~upportl:) the follo"ving ah~tractionsl: 
• Actor 
• Thread 
• Vlessage 
• Port 
An Actor forms the unit of resource ailocation and identifies a protected address space. An 
address space is split into a user address space and system address space. On a given site", 
each actoe~ systerIl address ~pace il:) identical and its acces~ is re~tricted to privikged level~ of 
execution. An actor in Chorufl can be a Superviflor actor or Cser Actor. A supervisor actor lives in 
the syfltem addresfl space along with the kernel. Superviflor actors have higher privilege than user 
Actors. 
A thread is the basic unit of execution and runs in the context of an Actor. A thread is a 
I:)equential How of control and i~ characterized by a thread context corresponding to the ~tate of 
the procel:)~or at any gi ven point during the execution of thread. There can be rIlultipk threads per 
actor. 
Th reads com m u nicate and flynch ronize by excha ngi ng n1essages between thei r actors' ports. 
Threads sharing the same address space can use share memory for communication and synchro· 
nization. Semaphores and M utexes provided by the Chorus interface are useful for this purpose. 
A thread belonging to a u~er Actor i~ called a u~er thread. However during a s~y~terIl call~ it 
becomes a superviflor thread. A user thread has 2 fltacks: a user fltack for executing user code and 
a flyfltem fltack for executing system callfl, traps, and storing the context of the thread when the 
thread is blocked. A thread belonging to a supervisor actor is cailed a supervisor thread. Since a 
supervisor thread lives entirely in the system address space, it has only a system stack and no user 
,tack. 
1.3 PA-RISC 
This section consists of extracts from the PA-RISe architecture reference manual useful for under· 
I:)tanding the rnachine depen(knt layer irnpkInentation. For Inore details see the cited referencel:). 
1 Choru~ is written in an objed oriented language C++. These ab~tra.ctions are implemented a~ C++ dasse~ 
LA sit.e i~ a grouping or tightly-coupled resources controlled by a ~ingle Chorus Nudeus[f)] 
5 
PA-RISC Architecture is the frame work for IIewlett-Padmrd's IIP3000/900, IIP9000/800, and 
HP9000/700 oeries computer oyotems. 
It is based on the principles of RISC and has 1·10 fixed length instructions. It employs a virtually 
addressed cache and the I/O sub-system is memory mapped. PA-RISe supports ·18-bit, .')(;-bit or 
64-hit virtual a,dclre~~el:) and provides SOIIlC hard ware protection support. The global virtual IIwIIlory 
is organised as a set of linear spaces with each space being 4 gigabytes (2 32 ) long. Each space is 
specified with a opace identifier. 
PA-RTSe supports 4 privilage levels numbered 0-:1. The higheot privilege level is 0 and the 
lowest privilege level is 3. 
PA-RISC architecture has the following resources: 
• :12 General Regioters. eRO is tied permanently to zero. GRl is the target of Aridil instruc-
tions. GR31 is the link register for an inter-space branch and link external (Ble) instruction. 
GR27 used as the base pointer for data accesses. This is specified by the procedure calling 
con vcntions of the architecture. 
• 2.5 Control Registers. CRI-CR7 do not exist. Control registers are discussed in more detail 
in the section 1.3.1. 
• 8 Space Registers. SRO is the instruction address space link Register for Ble instruction. 
SRO-SR4 can be modiJied at any privilege level. SR5-SR7 can be IllodlJied at privilege level 
O. The usage of the space registers is left to the operating SystCIIl. The space registers an~ 
IG-bit long on a level 1 PA-RISC, 24-bit long on a level 1..5 PA-RTSC and :~2-bit long on a 
level 2 PA-RISC. On a level 0 PA-RISC, the space registero do not exiot. A level 0 PA-RTSC 
supports absolute addressing only. 
• Processor Status Word (PSW) The processor state is encoded in a 32-bit register PSW. PSW 
does not appear as an operand in instructions. IYhen an inlerruplion J occurs, the old value 
of the PSVV is saved in the IPSIY register(CR22). Sorile of the bits in the PSVV arc reserved. 
It is software's responsiblllty that these arc zero when written. The PSIY is set from IPSvV 
by a retnrn from. interruption instruction. 
The PSIY bits that are important for the discussion are: 
C bit (PSW_C) Code (instruction) address translation enable. When 1, instruction 
addresses are translated and access rights checked. 
Q bit (PSW_Ql Interruption Collection Enable. When 1, inlerruplion state is collected. 
vVhen an inlerruplion occurs the details of the instruction being executed are recorded 
in the control registers (sec 1.3.1). 
P bit (PSW..P) Protection Identifier enable. When this bit and the C-bit are both 1, 
instruction references check for valid protection IdcntiJicrs(PIDs). ",TheIl this bit and 
the D-bit aJ·e both 1, data rcierences check for valid PIDs. IYhen this bit is 1, probe 
i nst ructions check for valid PIDs. 
D bit (PS\V _D) Data address translation enable. \Vhen 1, data addresses arc translated 
and acceoo righto checked. 
I bit (PSvV.1) External interrupt, power failure interrupt, and low-priority mach.irw check 
interrupt uIlrnask. \Vlwn 1, thcl:lc interrupts arc uIllnaskcd and can cause an interrupt. 
when 0 the interrupts are held pending . 
.3 An interruption is PA-1USC specific term. An interruption IS a lrap or an inlcrrupt that can occur on PA-1USC. 
(j 
• Instruction Address queues. 
The instruction Address queues hold the address of the currently executing instruction and 
the address of the instruction that will be executed after the current instruction, termed the 
following InstructIon. There are 2 queues: InstructIon _Address Space Queue (L\SQ) and 
the Instruction Address Offset Queue(IAOQ). r:ach queue is 2 elements deep. The elements 
are referred to TAOQ_I'RONT, IAOCP1ACI" IASCl-I'RONT and IASQ_HACI<. The 2-deep 
queues are used to support the delayed branching capability. 
1.3.1 Control Registers 
Thifl flection defines the main regiflters ufled in the implementation: 
• Protection Identifier Registers: PID1, PID2, PID3, PID1, aliases for CRs 8, 9, 12, and 13. 
These registers designate up to four groups of pages accessible to the currently executing 
process. \Vhen translatIon is enabled~ the four protection I(kntlIiers (PIDs) an_~ cornpared 
with a page access identiJier to validate access. If access is not valid trap is raised. 
• Coprocessor ConIiguration Register (CRIO alias CCR) is an 8-bit register which records the 
presence and usability of coprocesors. A bit is 1 hnplies the coprocessor corresponding to that 
bit is preflent and operational. J-<Jse it is logically decoupled. Tn the current implementation 
the entire CCR is set to O. 
• int~l"'l1ption Vector Address Register (CR14 alias IVA) contains the absolute address of 
the bafle of an array of flervic:e procedurefl aflfligned to the interruption daflfles. Thifl address 
must be a multiple of 1021. 
• r:xternal Interrupt r:nable Mask (CRI.5 alias r:n:VI) is a :32-bit register containing a bit for 
each of the 32 external interrupts. When 0, bits in the EIEYI mask interrupts pending for 
the external interrupts corresponding to those bit positions. 
• r:xternal Interrupt Request Register (eRn alias URR) is a :i2-bit register containing a bit 
[or each external interrupt. vVhen 1, a bit designates that an interrupt is pending [or the 
corresponding external interrupt. Doth the PS\V.l bit and the corresponding bit position in 
the EIE::\I IIlUSt be 1 for an interrupt to occur. 
• Interval Timer Register (CR16 alias ITYIR) consists of 2 internal registers. One of the internal 
registers IS continually countIng up b~y 1. ReadIng the ITJ\,fR gi ves the value of thIS Internal 
register. vVriting to ITMR updates the other (cOInpaJ·ison) register. '.Vhen the two registers 
have identical values, an external interrupt is raised and bit 0 of f:IRR is set to I. 
• inierTuption Instruction Address Space and Offset Queues (CRU alias IIASQ, CR18 alias 
TTAOQ): '1\\'0 ofFset registers and two flpace registerfl are ufled to save the instruction address 
and and privilege level information for use in processing interruptions. The registers are 
arranged as two two-element deep queues. The queues generally contain the address(induding 
the privilege level field in the rightmost two bits o[ the offset part) o[ the two instructions in 
the L\ queues at the tirne of the interruption. 
The ITA queues are continually updated whenever the PSW_Q bit is 1 and are frozen by 
an interruption (PS'.V -Ql bit becomes o. After such an interruption these registers contain 
copies of tIll' L\' queues. These queue dements will also be referred to as PCOQII, PCOQT, 
PCSQII and PCSQT in the context of the implementation. 
7 
• Interrupt10n pararlleter reg1l:lterl:l are the Interrupt10n In~truct1on Reg1l:lter (CR19 alial:l IIR), 
Interruption Space Register (CR20 alias ISR) and Interruption Offset Register (CR21 alias 
lOR). As the names indicate, these registers contain interrupted instruction and the virtual 
address the instruction was attempting to access. 
1.3.2 Interruptions 
Table 1: PA-RISC Interruption 
Interruption # Description 
1 High-priority machine check 
2 Pm,ver failu re interrupt 
a Recovery counter trap 
4 External interrupt 
.') Low-pr1or1t~y rllach1ne chcck 
(j h"truction TLll mi" fault 
7 Infltruction memory protection trap 
R Illegal instruction trap 
9 Break instruction trap 
III Pr1v1legcd operat1on trap 
11 Privileged register trap 
12 Overflow trap 
13 Conditional trap 
14 Assist exception trap 
1.5 Data TLB miss fault 
Hi N on-accel:ll:l 1nl:ltruct1on TLD rIl1~~ fault 
17 Non-access data TLll miss fault 
18 I )ata memory protection trap! C naligned data reference trap 
19 Data memory break trap 
20 TLB dirty bit trap 
21 Pagc refercnce trap 
22 .A.BI:l1I:lt crllulat10n trap 
23 Higher-privilege transfer trap 
24 tower-privilege transfer trap 
25 Taken Branch trap 
All interruptions (traps or interrupts) on PA-RISC are precise, i.e., the software sees a single 
unpipelined processor executing one instruction at a time. PA-RISC supports 25 interruptions 
d1v1ded 1nto 4 pr1or1ty groupl:l~ w1th group 1 hav1ng the h1ghest pr1or1ty and group 4 thc kl\·ve~t. 
The interruptions a re listed in table I. 
Interruption 1 belongs to group 1. Interruptions 2-.5 belong to group 2. Interruptions 6-22 
belong to group 3 and the rest to group -i. 
8 
1.3.3 Memory Management Support 
Like most microprocessor architectures, the PA-RISe contains some form of memory management 
unit (YIYIT;). 
Thll:l section describes the features of the PA-RlSC that arc used to support virtual IIwIIlory 
operations. These features Induck a translation look-aside buffer (TLD) for transforIning virtual 
add resses to physical add resses, bit traps for memory management fllJpport, and memory protection 
mechaniflllls. The material preflented in this section is covered in more detail in chapter 3 of the 
Precision Architeclucc and Instruction Set Reference JUanltal [10]. 
Page Tables and the TLB : 
The PA-RISe (along with the MIPS R2000/R3(00) is unusual in that it requires software to 
handle TLll rnisses4 . lly allowing software to perform TLll loads, the PA-RISe architecture gives 
the operating system lots of flexibi1ity in the format of page tables. Normally, architectures specify 
some page table format to follow so the hardware can perform TLH loads. 
Rather than develop our own page table design for the initial port, we decide to use the Physical 
Page Directory (PDIR) format suggested by the PA-RISe architecture manual [10]. We made litis 
decision because it alio\lYccl lU; to reuse a great deal of Tnt code for the low level TLD IIllSS haJLdler~. 
Figure 1 shows the structure of a, Physical Page Directory (PDIR) entry. 
H o (6) ):ext PDE Index (21) 0(4) 
Space Id (:l2) 
Page Frame (21) o (11) 
R 0 T D n Access Rights 0 Access ID 0 
1 1 1 1 1 7 4 L1 1 
Figure 1: PDm Entry (PDE) 
Bit Flags: 
The TLB and PDIR contain a variety of bit flags which can be used to generate traps. The 
followIng InfoIInatlon cLel:lcrIbel:l the functIon of each of the 1-blt IidcL~. 
T Page Reference Trap. \Vhen 1, data references using this translation cause a page reference 
trap interruption. The T-bit is most commonly used for program debugging. 
D Dirty. IVhen 0, store and semaphore instructions cause a TLB dirty bit trap on systems with 
software TLB miss handling. \Vhen 0, store and semaphore instructions cause the D-bit in 
4The T'A -RTSC A rchilccllln; (}nd rn~l,nu-,li()n Sci M(Htwd mentions t.hat. hardware implement.at.ions can exist. bllt. 
to our knowledge no such implementation exists at this time. 
9 
the DTLD entry and the PDIR to be sd to Ion systems with hard wan' TLD miss handling. 
When I, no trap or update occurs. The Il-bit may be used by the operating system to 
determine which pages have been modified. 
H Hreak. When I , instructions that could modWy data using this translation cause a data 
memory break trap interruption, if enabled. Store instructions, the PURe: r: IlATA eACH r: 
instruction, and semaphore instructions are the only instructions that potentially modify 
data. The D-bit is most cOInrllonly used for program debugging. 
R is the reference bit (only present in the PDIR entry). If R = 1, the page has been accessed 
(read, write, execute, or non-access) by a processor since the bit was last set to O. For systems 
with software TLD miss handling, this bit is managed by the software and not clirectly set by 
the hard\vare.'-; 
Memory Protection 
The TLB is also responsible for enforcing memory protection. The PA-RISC protection mecha-
nisms are disabled when physical addressing is used or when the PSIV _P bit is disabled. The TLD 
rnaintalns protection infonnationln two Ildcb: the ([eeest! f'iyht.s and the aC('ViS ID. The '(-bit access 
right field encodes the allowed access types and privilege levels into three sub-fields: type, privilege 
level 1 (/'1,/), and privilege level 2 (1'1,2). The access If) is a IS-bit field that can be thought of 
as a capability. This field must match one of the four protection ID's in the PA-RISC's control 
registers (CR8,9,12,13). 
Logical Page Replacement 
The PA-RTSC allows the software to operate on a logical page size of2K, 4K, 8K, or 161, bytes. 
\Vhen operating on a logical page size greater than 2K bytes, the TLB miss handling procedures 
may insert ail translations for that page group provided that the translation for the faulting page 
is inserted last. This is probably because the software has no ability to know which TLD entry 
is invalidated to IIlakc IOOIn for a He"" insertion. Dy inserting the faulting page cntry last~ the 
Roft\vare enfllJreS that upon return, the 'ITH rniflfl has been flatisned. 
PA-RIse Memory Management Traps: 
Out of the 25 interruptions that can occur on PA-RISC, 9 of the interruptions are traps to be 
dealt b~y the rncIIlory rnanagcIIwnt unit of the operating s~ystcln. These IIlcIIlor~y IIlanagcIIlcnt traps 
are listed in table 2. 
Thefle trapfl can be partitioned into four groups: TLH miss faults, non-access TLH miss faultfl, 
meory protection faults, and bit flag traps. 
TLB Miss Faults (#6,#15) : 
The P,\-RISC architecture allows both software and hardware TLD miss handling. The lIP 
9000/8:14, the target processor for the port, does not have hardware TLH miss handling. Tt has 
separate trapfl for instruction and data T'f..H miflfles \vith the hard\vare making no distinction be-
tween TLB misses and page faults. IVhen a TLB miss fault occurs, the handler must determine 
·'The unused bit is used by some implementations. This A bit acts similarly to t.he R bit except non-access raults 
will not sct it. 
10 
Table 2: PA-RISe Memory Ylanagement Exceptions 
Trap # I )eflcription 
(j Instruction TLD miss fault 
7 Instruct.ion IneIIlor~y protection trap 
L5 Ilata TLK mi" fault 
16 SOil-access instruction 'II, K miss fault 
17 :'Ion-access data TLB miss fault 
18 Data memory protection trap/Unaligned data reference trap 
19 Data, IIlcIIlory break trap 
20 'ILK dirty bit trap 
21 Page reference trap 
whether or not the 1ll1ss1ng page is in memory. One difladvantage of an inverted page table(i.e, 
PDIR) is that it is more expensive to determine whether a particular virtual page is in memory. 
\Ve use a hashing function and linked list search to determine whether a virtual page entry is 
present in the PDIR. The handkr hadws the faulting (virtual) address to obtain an offset into a 
hash table. This hash table contains a reference to the PDIR list that represents the hash bin. 
This bin is organized as a linked list of PllTR entries. The handler then sequentially searches this 
list for the desired virtual page. A successful match results in the entry being placed in the TLK. 
A failure in the matching process results in a page fault. Figure 2 presents a flow chart of the steps 
for handling a TLB miss. 
Non-access TLB miss faults (#16,#17) : 
The PA-RISC architecture also has the notion of non-access TLD faults which dilkr from other 
TL.D faults in that the fault.ing page need not be loaded into IIwIIlory. Our platfoIIn requires both 
infltruction and data non-access T'f..H miss faults to be handled by software. 
Non-access data TLK miss faults are caused by LOA I) PH YSIeA I, A I) I)R~;SS (LPA), PRO K~;, 
and PT;RGE/FLUSH DATA CACHE instructions. When the requested page entry is not present 
in the PDIR, the action of the trap handler depends on the type of instruction causing the fault. 
For LP,\ and PRODES, zero is returned if the desired page cannot be found in the PDIR. There is 
a problem \vith the PROHI-<: infltrudion that ifl covered in more detail in sedion ~j.2. 
In HP-UX and Tut, cache PURC:~: and I'TUSH instructions that cause non-access TI,K miss 
faults are handled as if a TLB miss occurred, i.e. the page is loaded into physical memory and the 
page descriptor is inserted into both the PDIR and TLB. :'Ion-access instruction TLB miss faults 
are caused by FLUSH INSTRCCTION CACHE (FIC) instructions. These an, handled similar to 
other cachc non-accc~~ fault~ clcl:)crlbccl ahovc. 
Memory Protection Traps (#7,#18) : 
The PA-RJSC has two traps used to detect memory protection violations. The instruction 
lHf'11wry protf'ction trap (7) ifl the reflult of invalid acceflfl rightfl or invalid protection TJ)fl for an 
instruction fetch". The data memory protection trap (18) is the result of an invalid access right 
or protection ID for any load, store, semaphore, and PURGE DATA CACHE instruction. This 
(;Prote:d,ion TD che:cking is only done: whe:n the: PS\V P-bit is sd,. 
11 
'lHAP 
IIash address 
Empty 
'! 
Yes 
Page Faull 
\[0 Sf'arch 
PDlH 
1'0 
lnsert 
inlo'lLB 
Figure 2: TLB Miss Handling 
trap is alflo caused by any load or store to addreflfles not aligned at the boundaries required by the 
infltructions. Detection of unaligned addressefl ifl performed by examining the least flignificant bits 
of the virtual address. 
TLB Dirty, Page reference and Data memory break traps (#20,#21,#19) : 
The HP 9000 Series 831 workstation does not have a hardware supported TLB, so the manip-
ulation of the D (dirty) and R (reference) bit Hags is left to the operating system. 
'.Vlwn the D bit is 0, stores and semaphore operations will cause a TID dirty bit tmp (20). The 
trap handler must then set the J) bit in both the PIHR and 'ILK entry. Once the J) bit has been 
set, further modifications to that page are ignored. If the T bit is set, data reference using the 
translation causes a page reference trap (21). The data memory break trap (19) is triggered when 
instructions that could possibly modify data require the translation and the B bit in the Processor 
Status 'Nord (PS\V) is 1. '.Vhen software loads an entry into the TLD, it should set the R bit to 
indicate that the page has been referenced. 
2 Supervisor 
The Supervisor is the component that directly interacts with the underlying hardware. It is respon-
sible for managing interrupts, traps and exceptions and other machine dependent functions. The 
SUjJf'''''Ui.so,t along "v1th the lInn'll layer fornm the rnachlnc dependent layer and 11:) expected to olfer 
a machine independent interface to the portable layerfl of the Chorus kerne1. The requirernentfl to 
be satisfied by the S/Jp~l·vi"m· layer are detailed in section 2.1 and the implementation is detailed 
in section 2.2. 
12 
Thread 
. t· Tl _D. , ,t' 
Real-Time Virtual Mem 
mThread Executive portable 
SupThreadDcsc 
Supervisor Mmu Layer 
"igure :3: thread Claoo hierarchy 
2.1 Sapervi80T requiren1ents 
The Chorus Suptrvisor ifl expected to export a flpec:ified machine independent interface l and is 
responsible for interrupl, trap and exception handling, limer and console management, kernel 
initializalion, and offering a low-level debugger. The SlIpervisor interface is detailed in section 
2.1.1. The sections on event hanclling~ tlrllcr and commIe rnanagcIIlcnt and low-level debugger 
regroup the functionfl in the interface according to their fUllctionality and provide the requirements 
for the fu nction group 3fl a whole. 
In addition lo the above functions, the SlIpervisor is responsible for defining two fundamen-
tal structure lypes : KnThreadCtx, and SupThreadDesc. KnThreadCtx defines the register con-
text fraIIlc that .is used to save state dur.ing .interrupts, traps, exceptions and context s\lvitchcs. 
SupThreadDesc dclincs the Iuachinc dependent thread descriptor. As IIwnt.ionccl in section 1.2, a 
thread in Chorus has a user fltack and a flYfltem stacie The descriptor SupThreadDesc keepfl track 
of the stacks and other machine dependent thread attributes (if any) of the thread and is the base 
class for the Thread class. The Thread class hierarchy is shown in fig 3. The dolled lines show 
the levels of definition and managemenl of base and derived classes. Variables and pointers of type 
KnThreadCtx and SupThreadDesc get ddined and pa"edln the portable layer, of the kernel but 
are treated as black boxefl. Functions are defined in the S'npel'vifwl' interface (see flection 2.1.1) 
that allow the portable layers to query and update the contents of the data structures in a machine 
independenl manner. 
A portion of the Chorus Inlerface lo supervisor actors allows handlers to be attached for inler-
rupts, traps~ exceptIons and tiIIle-outs. In vocation of senIle of these handlers Is the responsIbility 
of the Supe'(Ti.'w'(' . This requlreIIlent Is detailed In sectIon 2.1.2. 
2.1.1 SlIpervisor interface requirements 
The followIng functIons IIlUSt be lIIlpleIIlented by the SuptTviso'(' . 
SupCtxInitO: H uild the initial context fra me on the system stack ofthe new th read and initialize 
it's machine dependent thread descriptor SupThreadDesc. The initial values inserted into the 
conlext frame on the syslem slack are used by SupCtxSwitchO when swilching to the new 
thread. SupCtxInitO should build the frame as if the thread is relurning from an exception. 
This function takes the followIng paraIIlders: 
• The system stack bottom, unsigned char *stackbot . 
• Thread parameters descriptorl KnThreadDesc *threadParams. Thifl descriptor has the 
entry poinl of the thread, the thread privilege, priority, the user stack bottom, and the 
inItIal executIon status. The user stack bottoIIl Is used onl~y when the thread Is a user 
thread. In the case of a supervIsor thread~ this Jield is Ignored. 
13 
• Pointcr to thc thrcad\; rIlachinc dcpcndcnt thrcad dCl:)criptor, SupThreadDesc *ptThreadDesc. 
• Pointer to the virtual address space descriptor of the actor in which the thread will be 
crcatcd, context *ptContext. Notc that context il:) a dasl:) ul:)cd by thc virtual rIlcrIlory 
system and is not the same as the machine dependent thread context \vhich is basically 
a set of registers. 
SupCtxSwitch(): Switch thrcad rIlaclunc dcpcndent contcxt. Thi~ function takc~ thc following 
parameters: 
• Pointer to the old thread, SupThreadDesc* oldThread 
• Pointer to the new thread, SupThreadDesc* ne"Thread 
SupGetUserCtx(): Retu rn a Pointer to a th read's saved context, KnThreadCtx* SupGetUserCtx(. .. ). 
This function takes the following parameter: 
• Pointer to the machine dependent thread context descriptor, SupThreadDesc* desc. 
SupCtxReset(): Rcsct thrca(r~ contcxt fraJIle on thc stack by thc valucl:) given in thc rIlachinc 
dependent th read context descriptor. This fu nction takes the follcnvi ng parameters: 
• Pointcr to thrcad rnachinc dcpcndcnt contcxt l SupThreadDesc* desc 
• Pointer to exception context frame on the stack, KnThreadCtx* ctx 
SupCtxIsU sel'Mod(): Return trUE if th read execution is in User mode else false. This function 
takes the followi ng para meters: 
• Poi nter to a context frame, KnThreadCtx* ctx. 
SupCallConnect(): Conncct a vcctor of handlcrs to a trap. This function takcs thc following 
pararllctcrs: 
• Thc trap nurIlbcr, unsigned trapNb 
• Pointer to the vector of handlers, KnCallEntry* hdl Vect 
• Nurnbcr of ckrIlcnts in the vcctorl unsigned NoRdl 
• The privilege level unsigned sup. Basically there are two privilege levels: Supervisor 
and User. If sup il:) Supervisor in thil:) call thcn thi~ vcctor i~ exccutcd for ~upcrvil:)or 
actor~ cau~ing a trap cqual to trapNb. If a ul:)cr Actor causc~ a trap cqual to trapNb, 
this vector will not be executed u nless another S upCallConnect has been explicitly called 
with the same parameters and sup is set to User. 
SupCallDisConnect(): Disconnect a Vector oftrap handlers. This function takes the following 
parameters: 
• Thc trap nurIlbcr, unsigned trapNb 
• The privilege level, unsigned sup 
SupItConnect(): Connect a handler to an interrupt. This function takes the following paramo 
eters: 
• The interrupt number, unsigned intrNb 
11 
• The handler to be executed on the Interrupt occurrence, KnHdl hdl. 
• The prlvllege level l unsigned sup 
SupItDisconnect(): Disconnect a TnterrlJpt handler. This flJnction takes the following param-
eters: 
• The interrupt number, unsigned intrNb 
• The handler to be executed on the interrupt occurrence, KnHdl hdl. 
The handler parameter is required since there can be a list of interrupt handlers connected 
to the interrupt. The (intrNb, hdl) pair uniquely identifies the element to be removed from 
the li,t. 
SupItLevel{): Rcturn thc current Interrupt nel:ltlng lcvcl. T hll:l function takel:l no paJoaJIwtcrl:l. 
svMask(): Set the interrupt level. All interrupt' equal or Ie" than thi, level arc masked. Return, 
previous interrupt level. This function takes the following parameters: 
• Interrupt level mask, int intLvlMask. 
svU nMaskO: Reset the i nterrlJpt level. All i nterrlJpts eq lJal or less than this level are IJ nmaBked. 
Ret urns previous interrupt level. This function takes the following parameters: 
• Interrupt level unmask, int intL vlUnMask. 
svMaskAll(): Mask all interrupts. This function has no parameters. 
svUnMaskAll(): Unmask all interrupts. Tltis function has no parameters. 
svCopyln{): copy fnun User space Into kernel spacc. Thll:l function takes the following paJoarnc-
ters: 
• Sourcc addrel:ls In ul:lcr space, char* src 
• Destlnatlon address In kcrncl space, char* dst 
• Slze of transfcr In b~ytes, unsigned int count. 
svCopyOutO: copy from Kernel space to User space. This flJnction takes exactly the same 
parameters as svCopyInO, only that the source and destination spaces are reversed. 
The functions sv*{) are also part of the Chorus Supervisor actor interface. 
SupTrapConnect(): Connect a handler to a trap. This function takes the following parameters: 
• The trap number, unsigned trapNb 
• The handler to be executed on the trap occurrence, KnHdl hdl. 
SupTrapDisConnect(): Disconnect a Trap handler. This function takes the following parame-
ters: 
• The trap nurnbcr, unsigned trapNb 
• The handler to be cxccuted on the trap occurrencc l KnHdl hdl. 
SupPanic{): Fatal abort. Thls function takcs no pararneterl:l. 
15 
SupDebugger(): Call the debugger. Thi, function take" the following paranwtero: 
• The except.ion context fraJIw polntcr~ KnThreadCtx* ctx 
• The trap or exception number, unsigned no 
SupPreciseTilneO: Return the current precise time. This function takes no parameters. 
SupPutCharO: ",Trite a chaJoactcr 011 the COIll:lok device. Thi~ is a synchronous operation, i.e., 
the \vrite returns only after the output is completed. This fundion takes the following pa-
rameters: 
• the character to be written, int c 
SupGetChar(): Returns a characler from the input device. This is a synchronous operation. 
This function takes no paraIIwtcrs. 
SupPoliChar(): Poll the input device. This funclion returns () if no input is waiting else it 
rdurns the character. This function takes no paraIIlctcrs. 
Tn addition to exporting the interface, the Supervisor is expected to make up-calls into the 
kernel upper layers for various synchronous and asynchronous events. The calls are: 
KnDebugEnter(): The Supervisor is expected to call this function to inform the portable layers 
whenever it enters the deb ugger. This fu nctions informs the portable layers not to perform 
context switching when the debugger is entered. This function takes no parameters. 
KnDebugLeave(): The SIJperV;80r is expected to call this fu nction to inform the portable layers 
whenever it leaves the debugger. This function takes no parameters. 
KnLock(): Lock the kerne1. This function takes no parameters. 
KnUnLock(): L.ock the kernel. ThIs function takes no paraJIleters. 
KnHandler(): Exception Handler of the kerneL This funclion should be called for all unrecov· 
erable exceptIons. This functIon executes the actor speciJic exceptIon handler if present else 
calh KnIpcIIandlerO to abort the thread. Thi, function take, the following parametero: 
• Pointer to the exception frame on the stack, KnThreadCtx* ctx 
• ~:xception n umber int excNb 
KnltRetSup(): Return from interrupt to supervisor thread. The supervisor after executing 
the interrupt handlers connected by SupTtConnect() prepares to return from the interrupt. 
This function should be called by the Supervisor if the thread executing at the time of the 
interrupt was a supervisor thread. This function takes no parameters. A supervisor thread 
can be preernpted only if there Is a supervIsor thread of higher prIority ready to run. 
KnItRetUserO: Return from interrupt to supervisor thread. The supervisor after executing 
the interrupt handlers connected by SupllConnecl() prepares to return from the interrupt. 
This functIon should be called by the Supe,,"vi.so,t If the thread executIng at the tlnw of the 
interrupt waB a user thread. This function takes no parameters. This function can cause 
preemption of the user thread. 
Hi 
KnAbortHandler(): Abort Hamlln. If the thread i, found to be aborted while returning from 
an interrupt, then I<nAbortHand1er() is called. This function takes the following parameters: 
• The exception frame on the stac:k l KnThreadCtx* ctx as parameter. 
KnTimeIn(): Record a clock tick. Thi, function dlOUld be called by the SuptTviso{" every time 
a dock interrupt occurs. This routine increments the Chorus software dock and executes any 
routines that have reached their timeout period. This function takes the following parameters: 
• The execution mode at the time of the dock interrupt, int supOrUsr. 
• The prograIIl counter at the tlIne of the dock IntcITuptl int pc. 
2.1.2 Supervisor Actor Interface 
A portion of the Chorus interface is available only to supervisor actors and would be referred to as 
the supervisor actor inlerface. Some of the functions of the supervisor actor interface get directly 
rnappccl to corrcl:lponcllng fUIlctions of the supcrviscn interface and the rest of the functions an~ 
handled in the portable layer' of the Choru, kernel. Ideally, all the call, of the ,uperviwr actor 
interface except svCheckUserSpaceO. svCopy[InjOut]O. sv[Un]Mask[All]O are expected 
to be implemented in the portable layers of the Chorus kernel by calling the appropriate functions 
in the Supervisor interface. However. due to the way in which instructions are generated on the PA-
RISC by the compiler. additional work and portable layer modifications were required to implement 
thi~ fUIlct.ionalit~y (See I:)cction 2.2.9 for details and functionalit~y lIIlplcIIlcntation). 
On ly those fu ndions of the supervisor actor i nterfac:e that needed additional i Illplementation are 
specified below. Note that svCopy[InjOut]O. sv[Un]Mask[All]O have already been covered 
under the Supervisor interface. 
sv A bortHandler(): Define an abort handler for the Actor. This function takes the following 
parameters: 
• Actor Capability, KnCap *actcap. 
• Abort Handler. KnHdl routine. 
This function is expected to be entirely implemented 1n the portable layers of the kernel. 
svCallConnectO: Exactly the same function and parameters as SupCallConnectO (see sec-
tion 2.1.1). This function is expected to be entirely implemented in the portable layers of 
the kernel. 
svCheckUserSpaceO: verify that an address is within the IJser address space. This function 
takes the following parameters: 
• the address to be checked. char* addr. 
This fu nction is expected to be i Illplemented d IJ ri ng the port to the target arc:hitec:tu reo 
svExcHandlerO: define an exception handler for the Actor. This function takes the following 
parameters: 
• Actor Capability, KnCap *actcap. 
• Exception Haneller. KnHdl routine. 
17 
Thil:) function il:) expected to be entirely irnpkrnented in the portabk laJ'T~rl:) of the kerneL 
svItConnect(): 
2.1.1). This 
kernel. 
Exactly the same function and parameters as SupItConnect() (see section 
function il:) expected to be entirely irnpkrnented in the portabk layer~ of the 
svTrapConnect(): Exactly the same function and parameters as SupTrapConnect() (see sec-
tion 2.1.1). This function is expected to be entirely implemented in the portable layers of 
the kernel. 
svTimeOut(): set a time out and call the given routine when the time-out occurs. This function 
takel:) the following pararnder~: 
• The routi ne to be called by kernel on ti me out, KnToHdl routine. 
• The paJoaJIwter to be pasl:)ed to routine, void pararn 
• TimeOut period in millisecondfl, unsigned int delay. 
Thi~ function is expected to be entirely irnpleIIwnted in the portabk layerl:) of the kerneL 
2.1.3 Event (Interrupt, Trap and Exception) Handling 
The Supervisor is expected to save the register context on the stack, call the appropriate handlers 
and restore regi~ter context when required. The function~ in the SUjJf',t'Ui.so,t interface that fall 
in this group are SupTrap[Dis]ConnectO, SupIt [Dis] ConnectO, SupCall[Dis]ConnectO, 
SupItLevelO. and sv[Un]Mask[All]O. The SIJpuvisor implements the data structures and 
code for these functions and calls the appropriate connected handlers. In the case of interrupts, the 
Supervisor should execute the list of handlers in the decreasing order of priority and acknowledges 
the interrupt to the external device raising the interrupt. In all case~, up-call~ should be rnade at 
the precise points in execution a~ i(kntiIied by the ~upervil:)or interface. The general algorithrns 
to be ufled for interrupt, trap, and exception handling are detailed in the Chorufl implementation 
guide [7]. 
2.1.4 Timer and Console Management 
The 5'uptrrisor manages the timer and console devices. It programfl the timer device flO that it gen-
erates clock ticks at a freq uency den ned by the (,_CH" constant den ned in include/ chorusConf.h. 
Each time a timer interrupt is received, the supervisor calls the KnTimeIn() function (see section 
2.1.1). The functions of the Supervisor interface that fall under this group are SupPutChar(), 
SupGetCharO, SupPollCharO. 
The SUjJtT'Ui.so"o il:) rel:)ponsible for conIHxting, at least, SupPutChar{) and SupGetChar{) 
behind a trap. This trap is used in the implementation of library functions PutCharO and 
GetChar(). 
2.1.5 Low-level Debugging facility 
The 5'uptrrisor ifl responflible for implementing the kernel debugger. The function that implements 
the debugger is SupDebuggerO (see section 2.1.1). 
The Supervisor is responsible for connecting the debugger entry point to a trap number. This 
trap number wlll be used by the implementation of the callDebugO library function. The callDe-
hug{) function il:) paJt of the Chorus kernel interface exported to Chorus Actors. 
18 
The Supervisor dlOuld call KnDebugEnterO and KnDebugLeaveO when entering or kav-
ing the debugger. This avoids context switches when in the debugger. 
2.1.6 Kernel initialization 
The Supccvisor implements the function (usually called startO) that performs the kernel initial-
Ization. This function perforrns all the IIlachinc dependent and rnachinc independent initialization 
necessary for calling the portable layers of the kerneL The fUIlction startO fOrIns the entry point of 
the Chorufl kernel image. Transfer of control to this entry point ifl performed by the boot program 
portion of the boot archive loaded by the resident boot monitor. For more detailfl on the boot 
archive and Chorus booting procedures see the PA-Chorus booting document[12]. 
The kernel initialization function is responsible for: 
• Initialization of processor spedfic data like interrupt vector) setting the process fltatus word 
for appropriate execution mode, etc. 
• Static: confltruc:torfl' invocation. Chorus is \vritten in C++, an object oriented language and 
the static constructors for the various static objects of the kernel mUflt be called. 
• Initialization of memory management) by calling Vn1InitO. 
• Initialization of var.ious devlccs and connection of dcvice handlcrs and trap handlers. This 
function is crllbedded in thc routine SupBoardlnitO. 
• Calling KnlnitO, a function that initializcs thc portablc part of the kcrncl. This includes 
schedulcr data structure initialization) connection of systcrll call handlcrs~ and creation of thc 
first thread of the system. This first thread is the transformation of the kernel initialization 
code being executed into a Chorus abstraction. KnlnitO rettHnfl the new fltack pointer to 
be used by the executing first thread. 
• Switching to the new stack pointer and call knMainO \vhich lfl the maln routine of the 
kerne1. knMainO never retlHnfl. 
2.2 Sapervi80T Implementation 
The fundamental data structures KnThreadCtx and SupThreadDesc manipulated by the S/J,p~l'vi.,m' 
code are defined first in sections 2.2.1 and 2.2.2 respectively. This will establish the background to 
detail the implementation of the Supccvisor in the rest of the sub-sections. 
2.2.1 Thread Register Context 
The thrcad registcr context is basicall~y is the sd of gcncral rcgisters and control rcgistcrs of thc 
processor and any other information that ifl needed for monitoring~ manipulating and refluming the 
thread at a later stage. The thread register context is required to be typedefined as KnThreadCtx 
and is declared for PA-RISe in inciude/PARISC/threadCtx.h. The following are the elements 
of the KnThreadCtx structure: 
• state-.flags, a software register used to track current stat us of the thread, ex: in-system-call, 
in- trap, etc. 
19 
• General regioters grl, .. ,gr31. PA-RISC has only 31 32-bit general registers. GrO io perrna-
nently tied to O. 
• Control regi~terl:) crO,cr8, .. ,cr31. Crl-cr7 do not exi~t. 
• Instruelion space queue tail pcsqe(alias PCSQT), instruction offset queue tail pcoqe(alias 
PCOQT). These Jidds contain the addreoo (space and oJI'sct) of the next inotruction to be 
executed. 
• Kernel I:ltack pointer ksp~ tlli~ Held is a soft\lvare register. It is 0 when rUIlning OIl the kernel 
stack and contains the stack pointer to the kernel stack when running 011 the user stack in 
user mode. 
• Space registers srO .. sr7. 
• Floating point registers frO .. fr15. 
• Special functional unit statufl registerfl, mdhi, mdlo, mdov, keep track of the status of the 
special funelional units, emulated or actual hardware. 
The -Aoating point registers and flpec:ial fUllctional unit fields are ignored in the current imple-
mentation. This implies that code having floating point instructions or special function instructions 
wiil currently abort. The next version of the implementation wiil have floating point and special 
function unit crllulation. 
Discussion : 
The cldinit.ion of the thread context follows frorll our design objective of reu~ing as lIluch of the 
Tnt code afl possible. The Tnt projed was done in two phasefl. I"irst the HP-CX virtual memory 
system \vas replaced by ,'Vlach virtual memory system. Tn the flecond phase, HP-UX wafl modified 
to provide the mach thread abstraction and interface. In the case of the Tut kernel with threads, 
there are 3 different struel ures used to store the thread context depending on the execution mode 
of the thread and the purpol:)c of acccs~ing the contcxt. 
The purpose of each of the I:)tructurel:) of the Tnt kernel i~ gi ven below: 
• save_state structure il:) ul:)cd whcn thc thrcad cntcrl:) the kernel lIlode through l:)y~tClIl call~, 
trapl:) and interruptI:). 
• PCB struel ure is used when the thread was executing in kernel mode. 
• hppa_thread_state structure is the context visible to the user for interrogation and modifi-
cation. 
Tn the case of Chorus, the machine independent layers recognize only one structure for the 
thread context, i.e., KnThreadCtx. For the PA-Chorus port, we defined KnThreadCtx structure as 
the union of the three structures. This enabled us to use the same structure uniformly through out 
the kcrnel and allowed U~ to UI:)C the low-level Tnt cock for the ~~y~telIl-call interface, interrupt and 
trap handling as our I:)tarting point and IIlakc the Chorus I:)peciIic IIlodiIications relati vely ea~ily. 
li'urther, \ve saw no reason to have distinct structures as a flingle structure can be used to store 
different levels and types of information. 
20 
typedef struct { 
unsigned 
long 
reserved; 
typeCtx; 
KnThreadCtx *currCtx; 
KnThreadCtx *userCtx; 
} SupThreadDesc; 
f* reserved for simple links *f 
f* Supervisor or User Thread *f 
1* indirect pointer to saved context of 
* thread *f 
f* indirect pointer to initial context 
* of the thread *f 
Figure 4: Ylachine dependent thread descriptor: SupThreadDesc 
2.2.2 Machine Dependent Thread Descriptor 
The machine dependent thread descriptor is typedefined as SupThreadDesc. As described in section 
2.1, thi~ descriptor is used to keep track of the thrcacl\; systcrll stack, user stack and the thread's 
context. In the case of PA-RISC, SupThreadDesc is ddined in include/PARISC/sv.h as in Jig 
4. 
The fields of SupThreadDesc, except the link field, get initialized in SupCtxInitO (see section 
2.2.3), and remain fixed during the Jife time of the thread. 
2.2.3 SupCtxInitO 
This function is implemented in kern/PARISC/sv.cxx. The initialization of the new thread 1S 
performed in the following manner: 
1. If the thread is the first thread of the kernel then exit from the function. The first thread 
of the kernel is nothing but the kernel initialization code being made part of the thread 
abstraction and recognizable b~y the Chorus portahle layers. This thread ultiIIlatdy bCCOIIlCS 
the icllc thread oftlw s~ystcln. Since this ~~thrcacll1 was already executing before it was created, 
there is nothing to be done at this stage. The machine dependent initialization for the first 
thread would have been already performed in startO in kern/PARISC/sv.cxx during 
kernel initialization. 
2. Force the allocation of the system stack of the thread. At the point of calling SupCtxIllitO, 
the syfltem stack of the lle\V thread is mapped, but phYflical memory is not allocated, by 
the virtual memory layerfl. It ifl necessary for the syfltem stack to be actually allocated in 
physical memory before starting up the new thread since traps caused by the new thread 
must be handled on its system stack and this would cause recursive traps if the system stack 
is not physically allocated. 
3. Allocate two frames of type KnThreadCtx*: userFrame and switchFrame on the system stack 
(see fig 5). 
4. Initialize the user Frame as follows: 
(a) Tfthe thread is a IIser thread then initialize the stack pointer as follows: 
userFrame~sp = threadParams~sp + FlVLSIZE. 
FlVLSIZE is the frame size needed to satisfy the PA-RISC procedure calling conventions. 
21 
(b) If the thread io a oupervi"" thread then initialize the ,tack pointer ao follow" 
fLsize = sizeof(KnThreadCtx) + FYLSIZE + Fl\LFIXED_ARG_SIZE. 
userFraIIlc-----;.-sp = stackbot + 2 *' fr _size. 
The FM* operands above are needed to satisfy the PA-RISe procedure calling; conven-
tions. 
(e) Initialize the thread's Proeesoor Status Word. As mentioned earlier, the thread frame 
should be initialized as if the thread is returning; from exception. So the required inlcr-
'('uption paJoaIIlcter rcgistcn; an~ updated as follow: 
userFrame---+ips,", = Q + C + Il + I, 
userFrame---+eiem = Enable-ali-inlcrrupls 
(d) Initialize the thread\ protection identity registers 3fl followfl: 
userFrame---+pidl = 0, 
userFrame---+pid3 = 0, 
userFrame---+pid4 = 0, 
userFrame-----;.-pid2 = Protection Id of the Actor's context. 
(e) Initialize the thread\ flpace registers and the instruction address queues as follows: 
userFrame-----;.-sr4 = spaccld of thread's Actor, 
userFrame----;..sr5 = spac:eTd of thread's Actor, 
userFrame---+pcsqh = spaeeId of thread's Actor, 
userFrame---+pcsqt = spaceId of thread's Actor, 
userFrame---+sr6 = KernelSpaceID. 
userFrame---+sr7 = KnndSpacclD. 
userFrame---+pcoqh = threadParamo--cpc, 
userFrame---+pcoqt = userFrame---+pcoqh + Instruction length (4 bytes). 
(f) Initialization of the data pointer (dp) of the thread i, performed ao follow" 
1. If the thread is a kernel thread then set dp as follows: 
userFrarne-----'o-dp = data_pointer (the kernel's data pointer). 
11. If the thread belongs to a user Actor then set dp as follows: 
userFrarne---+dp = Ox40000000 (the ahwlutc virtual addre" ofa u,n Actor', 
data pointer). 
111. If the thread is not the first thread of the supervisor actor then initialize the dp 
from the datapointer value in the saved context of the first thread of the supervisor 
actor. This value can be found by looking; at the thread list attached to the thread's 
actor. 
1V. Tf none of the above caRes is true, then do nothing to initialize the dp. This is 
the case when the new thread is the first thread of the supervisor actor. Since this 
thread is the main thread of the actor, the start up sequence will be similar to a unix 
proce~l:), l.e., the executIon starts at an entry point in a crtO.o equivalent and thcn 
branches to rnainO after SOIIlC initialization. The dp in this case \lvould be set by the 
code in utO.o. The code for the ertO.o equivalent is in ktests/PARISC/kLass.s. 
It is lIIlportant for the dp to be set before aJL~y part of the rna.1n prograJIl gets executed 
since instruct.ions produced by the COIIlpikr an~ generated with respect to the dp. 
22 
S. The varlable swi tchFrarne polntl:l to the frarlle that ll:l equlvalent to a context frarlle I:laved 
by the ocheduler during a context switch operation. The fields are initialized such that on a 
context switch to the new thread, control is transferred to the kernel procedure SupThread-
StartO which executes in privileged mode without preemption. SupThreadStartO is im-
plemented in kern/PARISC/supctx.s. Thi, routine loa(b the value, from the userFrarne 
portlon of the l:lyl:lterIl I:ltack and perforrll~ a rdurn froIIl exceptlon ~equence to tranl:lfer control 
to the new thread's actual entry point. The return from exception sequence is deflcribed 1n 
section 2.2.1-1. The frame poi nted by swi tchFrame ifl initialized as follows: 
(a) Inltlalize the Processor ~tatu~ word as follo\lvs: 
switchFrarne--+ipsw = Q + C + I), Note that Interrupts are not enabled. 
(b) Initialize the data pointer dp to the kerne]', data pointer: 
switchFrame-+dp = data_pointer 
(c) Inltlalize the I:lpace regll:lter~: 
swi tchFrarne--+sr4 = I<ernelSpaceId: 
swi tchFrarne--+sr5 = KernelS paceId; 
swi tchFrarne--+sr6 = KernelS paceId; 
swi tchFrame--+sr7 = KerndSpaccld; 
(d) Initialize the instruction address queues: 
swi tchFrame--+pcsqh = KerndSpaccld: 
swi tchFrarne--+pcsqt = I<ernelSpaceId; 
swi tchFrarne--+pcoqh = SupThreadStart, 
swi tchFrarne--+pcoqt = SupThreadStart + Instruction length (-1 bytes). 
G. Th read descriptor ptThreadDesc fieldo are initialized as follows: 
(a) typeCtx = privilege value passed in threadParams. 
(b) currCtx = stackbot + 2 * fLsize. 
(c) userCtx = stackbot + fr_size. 
Discussion : 
Note that to change a value in the switchFrame, we have to subtract fLsize bytes from currCtx 
and then u~e the re~ultant address a~ KnThreadCtx*. The I:larlle aJogurllent Is true for the userFraJIle. 
The pointer~ currCtx and u~erCtx are lixed for the life tlrIle of the thread. There i~ an indIiclency 
in space usage and time of access to the context by this definition. ii'irst l 2*fr_size bytes are lost 
in the sYfltem stacie To access a register in the current context, one hafl to firflt get the context 
pointer from the context pointed to by currCtx and then access the register. This would not have 
been necessary if currCtx was not fixed but pointed directly to the current context. The advantage 
of the current approach i~ In debugglng. Slnce the currCtx l~ alwa~y~ available at a lixed posltlon 
relati ve to the bottorIl of the s~y~tern I:ltack, It oifers an easy way of looklng up the current context 
of the thread during memory dumps. 
The initialization of the dp io complicated by the fact that the dp io not always available to the 
kernel at the time of performing the machine dependent initialization. 
Thll:l ll:l a consequence of the fact that we clid not have a data polnter Jield as paJt of the rIlachlne 
dependent context mmuContext. IIavlng a dp Jield In the class mmuContext works line as long as 
23 
::~i~~'t::~V 
------------
KnThreadCtx Structure 
l1serCl.x 
Frame for Proc Callin~ Convn. 
! 
I 
I 
I 
I 
stack growth 
towards 
higher memory 
Sup ThreadDesc pcoqh = ·C ser Specified Entry pt 1+-_____ userFrame 
pcsqh = thread's Actor Space Id 
KnThreadCtx Structure 
stackbot 
______ ~L-------------~ 
Thread's system stack 
l'igllre .5: Machine dependent Thread Tnitialization 
there 11:) one executable lInage per virtual address space. hL the case of Chorus all supervisor actors, 
which are independent executable images) share the same context) i.e., KernelContext. Tn slJch 
a cafle, it ifl no longer fllJffident to have one dp field per IIllILuContext. One solution to simplifying 
the initialization code for dp is to have a dp in the actor and have this field initialized during the 
startup sequence of the main thread of the actor. Then for all the threads created then onwards in 
this actor, this Jield can be used to initialize the dp in their startup thread context. '\ote that in 
this case, a thread of actor A canIlot create any other thread other than the rnain thread of actor B 
IJnleflfl the main thread of adorB hafl already executed its fltartup fleqlJence and initialized it's ador 
specific dp. The most elegant solution would be to do the dp initialization at the time of creating 
an actor. But there is no clear way of initializing; the data pointer of an actor in the portable layers. 
2.2-4 SupCtxSwitchO 
SupCtxSwitch()~ the thread IIlachlnc depen(knt context I:l\lvltch functl0n~ Is lIIlpkrrwnted In 
kern/PARISC/supctx_s. This function performs the switch in the following manner7 . 
1. Allocate a fLsize frame on the system stack ofthe old thread from the current stack pointer. 
Save gcncral registers Inducl.ing the current I:lp and thread speciJic control regil:ltcrl:l. Thc 
rdurn address of SupCtxSwitch() becornes the new point of resumption for the oldThread. 
This implies that when a context switch loads back the old thread, it will be as though it has 
returned from SupCtxSwitchO. To achieve this pcoqh and pcoqt are set to RP and RP+1 
Note that old Thread is really the runl1lng thread and the purpose or SllpCtxSwitc:hO lS to save the register 
context of the running thread and switch to the new thread 
21 
respectively. T.:pdate the stack pointer value in the lixed switchFrarne pointed to by currCtx 
R 
2. FInd the pOI:l.itlon of the sa ve context fralne froIH the stack pointer Jield in the lixcd context 
frame pointed to by newThread----j-currCtx. Restore general regiflters and !'lome control regis-
ters. Perform a retu rn from exception seq uence (see step ( :If) of trap handli ng) to set the 
instruction queue registers and the process status word. 
Discussion : 
Doing a return from exception sequence is not necessary to implement the context switch. An 
alternate way is to do a procedure call return into the context of the new thread (the thread to be 
scheduled). This can be achieved by performing a branch to the value in the RP of the context of 
the lle\V thread. The reason the return from exception sequence was choflen is to have more control 
over the PSW bits during debugging. The PSW bits can be changed in the saved context of the 
blocked thread and thus enable any debug traps if required. The disadvantage is the inefficiency in 
this rncthod of iIIlpkIIlcntation due to the greater rLlnnbcr of operations that need to be pcrforIncd. 
2.2.5 SupGetUserCtx() 
This function is implemented in kern/PARISC/sv.h. 
2.2.6 SupCtxResetO 
This function is implemented in kern/PARISC/sv.cxx. The function blindly overwrites the 
context frame on the stack by the user context frame portion of the SupThreadDesc. 
Discussion : 
This function needs to be changed to perf OrIn senne sanity and protection checks before Inodi{ying 
the thread context. 
2.2.7 SupCtxIsUserMod() 
This fucntion is implemented in kern/PARISC/sv.h. The function returns true if the sr4 of the 
context is not the same as the kernel's space id. Other wise it returns false. 
Discussion : 
One of the experiInents which we ",rant to do is to take the supervisor actors froIn the saIne space 
as the kernel and use the multiple pri vikge kvelo. One of the interesting aopecto of the architecture 
is the cheap mechanism for system calls and the multiple privilege levels. This function would 
den nitely break if such a fleparation is done. 
3 Adually currCtx points to lhe top of the switchl'rame. Therefore, fLsize bytes have to be subtracted from 
currCtx before accessing a field in the EnThreadCtx structure portion of the s",ritchFrame 
25 
2.2.8 The various connect and disconnect functions 
This section details the implementation of SupCall[Dis]ConnectO, SupIt[Dis]ConnectO and 
SupTrap[Dis]ConnectO. These three pairs of functions are implemented in svConnect.cxx in 
the directory kern/P ARISC. 
The~e function~ an_~ provided by Chorul:l I:lO that the portahle la~yer~ of the Chorul:l kernel can 
attach handlers to traps, interrupts l system calls in a machine independent manner. The chorufl 
kernel maps the ConnectO syfltem calls provided to supervisor adors to the corresponding Con-
nectO calls of the Supervisor interface. IVe found that we needed to have more information than 
the I:lpeclIicd paraIIwter~ for thc ConnectO calls to ~atil:l{y the ~y~tcrll call intcrface for ~upervil:lor 
actors. Thi~ probkrll is di~cu~~cd in detail in section 2.2.9. In thi~ section l we ""ill di~cu~1:l thc 
different semantics that apply to some of the parameters to these *ConnectO calls on PA-RlSC 
1 n cont rast to \vhat Chorus origi nally envisaged. The flema ntic differencefl are as follcnvs: 
• The Chorus interface expects the Iirst parameter to SupCaliConnectO and SupTrapCon-
nectO to be a trap n umber. SupCallConnectO is used in the Chorus kernel to con ned 
a vector of handlers behind a trap. In the case of implementing T;NIX as a collection of 
actors ( sub-system), a SupCaliConnectO is made from the sub-system actor called the 
PJ\,f to connect a vector of sy~teln call routincs behind a ~pccllied trap nUlnbcr to handk 
L:NIX system calls. In the case of PA-RISC, it is not necessary to cause a trap to perform a 
system cal1. There ifl an efficient gnJelDa;l) mechaniflm (flee fledion 4) by which a controlled 
transfer behveen privilege levels can be achieved. This method is the proper mechanism for 
making system calls on this architecture (HP-T;X and YIPE use the same approach) and 
has been used in the implementation of system calls for PA-Chorus. The consequence is 
that calling the Iirst parameter to SupCaliConnect() as trapNb is not quite correct. Since 
the purpose of having SupCaliConnect() and SupTrapConnect() is to build sub-systems 
(including Chorus as the bafle case), this number is distingushed in the SUPf'lTisor layer as 
a real hardware trap number or a sub-system number to which a vector of handlers (Sup-
CaliConnect()) or a single handler (SupTrapConnectO) should be connected. Hence an 
appropriate name for the Iirst parameter would be subSysOrTrap:'\b. Additional constants 
were added in include/P ARISC / syscall.h to map symbolic constants for sub-systems to 
numbers. I'or example:CHORUS_SUHSYS is defined to be:31. The range of hardware trap 
numberfl does not overlap \vith the range of flub-flystem numberfl pOflsible. Thifl makes difFer-
entiation bet ween a sub-system number and a trap number simple . 
• The Chorus interface expeds the first parameter to SupltConnectO to be a hardware in-
terrupt number. ln the case ofPA-RJSC, all the external devices including the clock raise the 
same interrupt #1 (External Interrupt). vVe found it more elegant to pass the number of the 
external device as a parameter to SupItConnectO rather than the interrupt number. For ex-
ample:To connect dock and clisk handlers, two calls SupItConnect(CLOCK, dockIIcll, dock-
prio), SupItCoILIwct(DISKOl, cliskIIcll, diskOlprio) are required. The interface is not changed, 
only the meaning of the fi rst parameter is slightly diiferent. However l it is possible to conned 
all the device handlers to the external interrupt #1. Hence an appropriate name for the first 
parameter would be DeviceOrIntrNb. An include file include/PARISC /extern_intr.h was 
creatcd to IIlap ~~Ylnbolic constants for devicel:l to Inapped to integcrs. The nUlnber~ po~~ibk 
for hanl""are intcrrupt~ do not overlap with that of the devicel:l. This Inakel:l dilfercntiation 
bet\veen a device number and a interrupt number simple. 
The basic data ~tructure~ that havc bcen ul:lcd for the irllpkIIlcntation arc pre~ented in ligurc 6. 
26 
typedef struct { 
unsigned long 
KnCallEntry* 
} vector_dese; 
typedef struct { 
unsigned int 
union { 
funcNb; 
calls; 
connectType; 
vector_dese vector; 
KnHdl hdl; 
}; 
VmAddr 
} supCall Tbl; 
dataPointer; 
1* No of functions in the array being connected *1 
1* address of the array *1 
/* Array or function connected */ 
1* The $global$ of the Supervisor Actor *1 
1* MAX_SYS_NUM = 25 from include/PARISC/syscall.h; the maximum number * 
* of sub-systems that can simultaneously run on top of Chorus *1 
supCallTbl userTrapVect[MAX_SYS_NUM]; 1* For User Actor System Calls *1 
supCallTbl kernTrapVect[MAX_SYS_NUM]; 1* For Sup Actor System Calls *1 
Figure 6: Data structures for System Call Handling 
• The structu res userTrapVect and kernTrapVect are used by SupCaliConnectO, Sup-
TrapConnectO.SupCaliHandlerO fi nds and executes the routi ne attached by the Con-
nectO calls during system call execution . 
• vect, DeviceVect are updated by SupItConnectO and SupTrapConnectO. The rou-
tines attached to the various interrupts and traps by the ConnectO calls are executed by 
SupItHandlerO,SupItSelectorO or SupTrapHandlerO on the occurrence of the those 
inttTf'Uptions. The data structures for interruption handling are presented in ligurc 7. 
In addition to the 25 PA-RISC interrupt.ions, there an_~ 3 psucdo-intcrruptions generated by 
the low-level event handling layers. Therefore, we maintain an TNTRVIAX element array 
(2.5+:3 elements) and a110w handlers to be attached to one single vector vect. Currently the 
psuedo-interruptions are handled in the kernel itself. 
PA-RISC has one external interrupt for all external devices including the ITMR. This implies 
that all handlers for different external devices would have to be connected to the same position 
in vect. To avoid this~ DeviceVect IS introduced to keep the interrupt handlers clcvicc-spccllic 
rather than connect1ng all the devlce handierl:) to one pOl:)lt1on 1n the vect array. 
The 1rnpierrwntat1on of the var1ou~ ConnectO call~ 11:) now prel:)ented: 
SupItConnect(itN um, hdl) : ca11s SupItConnectPariscO with kernel's $global$ as addi-
tional parameter. SupItConnectPariscO allocates a itLink structure from the it Pool, 
stores the parameters of the function in the structure and aiiaches it to vect or DeviceVect 
depend1ng on the actual1nterrupt nurnber pararneter (itNurn) being a PA-RISC 1nterrupt 
nurnber or a I:)~yrnbolic devlce narne. Two or rnore handler~ for the I:)arrw 1nterrupt or devlce 
are li n ked in desc:endi ng order of priority. 
typedef struct { 
itLink* lnk; 
KnHdl routine; 
unsigned long priority; 
VmAddr dataPointer; 
} itLink; 
typedef struct { 
KnHdl routine; 
VmAddr dataPointer; 
} KnHdlEntry; 
typedef union { 
itLink* Ink; 
KnHdlEntry hdlEnt; 
} VectEntry; 
VectEntry vect[INTRMAX]; 
VectEntry DeviceVect[NurnOfExternalDevices] 
FIgure '7: Data Structure~ for Inte,('f'Uldion handling 
The ad va ntage of havi ng a sepa rate table for external devices is for efficiency of search d lJ ri ng 
interrupt handli ng. 
SupTrapConnect(trapOrSubSysNum, hdl) : calls SupTrapConnectPariscO with the ker-
nel's $global$ as an additional parameter. SupItConnectPariscO does the following: 
• If trapOrSubSysNum is a PA-RISe trap, then store the dataPointer and hdl at 
vect[trapOrSubSysNurn]. 
• If trapOrSubSysNurn 11:) sub-s~ysteln InlInber~ then this tHlplies a single rout.ine interface 
for systcrll calls in contrast to a vector of handlers cOIlIlected by SupCallConnect(). 
Update both userTrapVect and kernTrapVect by the same parameters and update 
connectType to be FT;NCTYPE. 
• If neither of the above condition holds, then return illegal value status. 
As explained in the beginning of this section, it is not necessary to cause a trap to perform a 
system call on this architecture. If a sub-system manager requires a single routine to handle 
all the systcrll calls iIlstead of a vector of handlers, there arc now two ways of cloing it: 
• SupTrapConnect() "vith subSystCIIl IluIIlbcr Inl:ltcad of trap nUlnbcr al:l I.irl:lt paraJIwtcr 
and the ha ndler as second parameter. This is the interface used by the U NTX su b-system 
i rnplelllentation to provide U .\TX syfltelll call flervic:efl to the ac:torfl of the flU b-systelll. 
• SupCaliConnectO with size of the array equal to one. Tn this case the stub li-
brary should always have the system call number equal to 1, and the single handler 
In vectorOfHandlers rCl:lponslbk for dll:ltlngul:llung varIous SYStCIIl calls of thc acton; 
runnIng on that sub-s~ystcln. 
28 
SupCaliConnect(no, vectorOtHandlers, NoRdl, privilege) : calb SupCaliConnectParisc() 
with the kernel's $global$ as an additional parameter. SupCaliConnectParisc() connects 
the vectorOfHandlers to userTrapVect [noJ if privilage is User or to kernTrapVect [noJ 
if privilage is Supervisor. The connectType is set to VECTOR_TYPE. 
DisConnect functions : All the disconnect functions are straight forward and basically reset 
the corresponding locat.ions to Nl~Ll or deallocate the allocated structure as in the case of 
interrupts. 
2.2.9 Supervisor Actor Interface Implementation 
In the case of PA-RISC, the compiler generates instructions that access data relative to general 
register 27 (DP or DataPointer). During the startup of a thread this register is set to $global$ 
(of the address space) before the actual code gets executed. The $global$ refers to the staJting 
address of the the $DATA$ section of a typical UNIX process. Chorus requires the kernel and 
supervisor actor to live in the kernel address space. Chorus aflSlJrnefl that it ifl possible to make 
a simple procedure call to a procedure in the the supervisor actor from the kernel as the actors 
are in the same address space, i.e., the kernel address space, even though the two actors are 
t\lYO separate executable lInages. During the port~ this rcquirCIIwnt that the supervisor acton; 
should live in the saIne context as the kernel has been satidiccl by laying out the supervisor acton; 
including the kernel in difltinct regions in the :30-bit virtual addreflfl space corresponding to the 
same spaceTd=KernelSpaceTd. Hecauoe of thio, the $global$ address is diiferent for each of the 
supervisor actors and the kernel. The consequence of this design decision is that it is no more a 
simple procedure call from the kernel into the supervisor actors. If a procedure Jh of a supervisor 
actor .~ has to be called In the interrupt handling sequence~ then the procedure Ps can be called 
only after the DP register has been updated to that of the supervisor actor. h, addition the 
kernel's dp should be restored when returning from p!j. \Ve (;{1nflidered the following implementation 
approaches: 
• IlP of the supervioor actor ohould be known by the kernel at the time of calling the interrupt 
handler. 
• The routine should know that it should set the IlP to its $global$ and restore the kernel'o 
$global$ at the end of the routine. 
• The routine should know that it should the set the DP to its $global$ and the kernel should 
restore its own DP after returning from the call. 
The second approach was rejected because, even if submerged, the setting and restoring of DP 
using static variables in the system call stub at the time of the Connect(), it is not a robust 
rnechanisrn and can be broken by a rnisbehaving supervIsor actor. Of course~ as supervIsor actors 
are trusted, there are other ways in wh.ich a rnisbehaving supervIsor can crash the kernel but we 
did not want add more ways. 
The third approach required modification in the kernel interface and the stubs. Tt was rejected 
because using static variables in system call stubs did not appear to be elegant and it required 
kernel modification. 
\Ve exarnined t\lYO alternatives of obtainIng supervIsor actor's DP at tirne of calling the handler: 
• Ylodify the Supervisor Actor interface and the SlIpervisor interface to pass the datapointer 
as an addItIonal paJ'aJIwter to all those functions that required a routIne in the supervIsor 
actor to be called. 
29 
• Pasl:) the DP al:) a hidden pararlleter during the ~~y~terll call and keep the rllachine dependency 
in the the machine dependent layers as much afl possible. 
The Jirl:)t approach wa~ rejectcd bccause it would rllodify the rllachinc indepcndent interfacc of 
the Choru~ Kernel and would rcquire rllodiJications in thc supervil:)or actor~ alread~y written. 
Tn the current implementation, the DP of the superviflor actor ifl paflsed as a hidden parame-
ter during the oyotem call. I'or all the calls given in the oection 2.1.2, the following ocheme has 
been adopted. If the system call name is 8C] then this would call a PA-RISe specific function 
":HJPo'f'isc which takes the DP of the actor al:) an additional aJ'gurllent. The stub will bc gcncr-
ated for scjPaf'isc rather than for "HI For exaJIlplc: svTimeOut( routine, paraln, delay) calls 
svTimeOutParisc(routine, param, delay, geLdpO). geLdpO returno the IlP of the actor. 
The system call otub is generated for svTimeOutPariscO rather than for svTimeOutO. 
In the kernel, kern/ scSystem.cxx is modified. All the kernel routines which now require the 
knowledge of the DP of the requesting supervisor actor are replaced by functions that have the 
l:)arllC narllC with Parisc l:)uJIix. For exarllple: KnThneOut() i~ replaccd KnThneOutParisc() 
and the nurllber of argurllentl:) Jield is increrllented by 1. 
The following is a liot of the changes at the supervisor otub library level: 
• svAbortHandler(actcap, routine) calls svAbortHandlerParisc(actcap, routine, geLdpO). 
A stub is generated for sv AbortHandlerPariscO. 
• svExcHandler(actcap, routine) calls svExcHandlerParisc(actcap, routine, geLdpO). 
A ~tub il:) generatcd for svExcHandlerParisc(). 
• svCaliConnect(trapNo, hdlVect, NoHdl) calls svCaliConnect(trapNo, hdlVect, 
NoHdl, geLdpO). A stub is generated for svCaliConnectParisc(). 
• svItConnect(trapNo, hdlVect, NoHdl) calls svItConnect(trapNo, hdlVect, NoHdl, 
geLdpO). A stub is generated for svItConnectPariscO. 
• svTrapConnect(trapNo, hdlVect, NoHdl) calls svTrapConnect(trapNo, hdlVect, 
NoHdl, geLdpO). A stub is generated for svTrapConnectPariscO. 
• svTimeOut(routine, paran1, delay) callfl svTilneOutParisc(routine, paran1, delay, 
geLdpO). A stub is generated for svTimeOutPariscO. 
The following is a list of changes in kern/scSysten1.cxx: All the modifications are done under 
compilation flag PARISe. 
• Replace scSv AbortHandlerO taking 2 parameters by scSv AbortHandlerO that takes 
an additional pararlleter DP. 
The call workActor-setAbortHdl(f) is changed to workActor-+setAbortHdl(f, dataPointer). 
• Replace scSvExcHandler() taking 2 parameters by scSvExcHandlerO that takes an ad-
ditional IlP parameter. 
The call workActor-setExcHdl(f) is changed to workActor-setExcHdl(f, dataPointer). 
• Replace SupCaliConnectO taking 2 parameters by SupCaliConnectParisc() that takes 
an additional Ill' parameter. 
30 
• Replace SupItConnectO taking 2 parameter, by SupItConnectPariscO that take" an 
additional IlP parameter. 
• Replace SupTrapConnectO taking 2 parameter, by SupTrapConnectPariscO that take, 
an additional IlP parameter. 
• Replace KnTimeOutO taking 2 parameter, by KnTimeOutPariscO that take, an addi-
tional IlP parameter. 
T he following is a list of changes in kern/knMk.hxx: All the modifications are done under 
compilation Hag PARISe. 
• Add two fields acPariscExcDp, acPariscAboDp for recording the DPs of the supervisor actors 
that have performed svExcHandlerO, svAbortHandlerO respectively. 
• r:xtend the parameter list of setExcHdlO, setAboHdlO to take IlP as a parameter. Add 
an additional assignment of the DP to acPariscExcDp and acPariscAboDp respectively. 
• Vlodi~y execExcHdlO/execAboHdlO to call SupTrapStubO with exception context, 
exception number, exception/abort handler to be called and the DP of the exception/abort 
handler routine as parameters. 
The following is a list of changes in kern/knMk.cxx. All the modifications are done under 
compilation flag PARISe. 
• The timeOutItem ,tructure has an additional Held: DataPointer that give, the $global$ 
of the supervisor actor to which the routine belongs. 
• KnTimeOutO calb KnTimeOutPariscO which has an additional parameter DP. The DP 
i, the $global$ of the kernel. 
• KnTimeOutPariscO IS exactly the SaJIle as KnTiIneOut() but takes an additional pa-
raIIlctcr and pcrforIrm the data poInter ass.ignIIlcnt Into the tiIIlcOutItcrll structure. 
• KnProcessTimeOutsO has been modified at the point of calling the timeOut routine. 
SupTrapStubO i, called to take caJ·e of ,witching to the data pointer of the timeOut routine 
before executIng the routine and then restoring the data pointer of the kernel when returning 
to the kernel. 
SupTrapStubO i, implemented in kern/PARISC/SupTrapStub.s. It allow, the kernel to 
call the supervisor actor routines that have instructions generated with a clilfcrcnt $global$ . It 
takes the followi ng parameters: 
• Pointer to the thread~s context, KnThreadCtx* ctx 
• Interruption number, int no 
• Routine address, int (HnPtr) 0; 
• $global$ of the actor to which the routine belongs, VrnAddr global. 
31 
HardWare Software 
loeore.s asrnJv.s: ehorus_trap.exx . svConnect.exx, vrntrap.c 
........... '.' ........ '.' ............ '.' ............... . 
TV;\ Reg . Sivaaddr: 
: eigh~ instruct.ions: ihandler(itype J: I $ivaaddrl . per mterruptIOn. . . interrupt(itype, etx): SupItHandlcr( ctx, itypc) 
: SupTrapHanlder(ctx, itype 
. 2') interruptions. : 
: Sreslore_ss_lrap . thandlcr( itype) trap(itype, ctx) 
: VrnHandlcr(ctx, itype) 
Layer 1 Layer 2 Layer :1 
I'igu re 8: Chorus ~;vent H andli ng Seq uenee 
2.2.10 Interrupt masking and monitoring functions 
The oeetion detaib the impkmentation of SupItLevdO, ovMask[All]O and sv UnMask[All]O. SupItLevdO 
is implemented in kern/PARISe/sv.h and the functions sv[l'n]Vlask[All]O are implemented in 
lib/HP800/svMask.s The mask/unmasking functions are implemented by calling the appropriate 
splO routines of Tut code implemented in lib /P ARIse / asnLutl.s. 
2.2.11 Event Handling 
The event handling ~equcIlcc has been lrnpkIIlcntccl in 3 la~ycrl:) and 11:) I:lhO\lVIl in Iig 8. 
The IVA control register is fi rot initialized with the code add r $ivaaddr in kern/PARISe/locore.s 
during the kernel Initialization phase. This address is page-aligned and is therefore l024-byte 
aligned as required by the PA-RISC interrupt architecture. This will be referred to as the inter-
rupt vector table in the following discussion. 
PA-RISC iIltClTupt.ion~ an~ da~~iJicd in the follo\lving lnanIler: 
• PA-RISe Interruptions #1, #2, #·1 and #5 have been classified as interrupts . 
• The remaining PA-RISe Interruptions are handled as traps. Ofthese traps, #6, #7, and #1.5 
to #'21 pertain to memory management. HP 9000/831 (the target architecture) has software 
TLB handling. So the interruptions #6, #15, #1(;, #17 are actually TLB misses but may 
result in page faults if the page io not in the PDIR (see section 1.3.3). 
Recall that on an interruption, hardware branches to the code address given by the following 
relation: 
code address = IE4 + 8*1*inlerraplion number. 
])epending on the interruption, the interruption parameter registers are updated by hardware. The 
processor is in physical mode. Interrupts are turned off. The PSW _Q bit in the PSW is disabled. 
All the interrupt and trap handling code resides in the directory kern/PARISe. An overview 
of the interrupt and trap handling is ao follow" 
32 
• IIanlv"are branche~ to the dfective addrel:)~ In the interrupt vector table as detalkd above. 
At this level a fe\v registers are fla,ved in control regiflters to obtain some working registerfl. 
A branch is performed to ihandler() for handling interrupts or to thandler() for handling 
trapsD. 
• ihandlerO and thandlerO oave the context of the executing thread. thandlerO alwayo 
stores the context on the system stack of the current thread and executes on the same. ihan-
dler() uses the system stack of the current thread for storing the context and for execution if 
lntcrrupt nel:)tlng kvcl 11:) zero. OthcrwIl:)e, the functIon ul:)es the inte'('f'UIJt contT'01 .stack (leS). 
Tn the general caoe thandlerO callo trapO and ihandlerO callo interruptO. 
• interruptO executcl:) the Interrupt routine~ attached by {Sup, sv}ItConnectO by calling 
SupItHandler(). trap() directs all the memory manageIIwnt traps to V mHandlerO and 
non-memory management traps to SupTrapHandlerO. 
• ihandlerO, after returning fnun thc call to interruptO~ chccks if rel:)chccLuling or abortIng 
the thread io neceooary, and by default, restores the context of the current thread. Ilepending 
on whether ihandlerO was running on the lCS or on the flyfltem stack of the current thread, 
it has to perform a different restore sequence to return to normal execution. The reason for 
the difference is that threads' system stacks are not equivalently mapped, whereas the IeS 
11:) equIvalently Inapped, i.e.~ virtual and phYl:)ical addrel:)ses are thc ~aJIle. $restore_ss IS thc 
Linal restorc sequence used on the leS and $restore-Bs_trap 11:) the Linal rcstore ~cqucnce 
used on the flystem stack. $restore_ss_trap and $restore_ss are text add reflfles in locore.s. 
A branch is taken to this code to cause a potential TLH refill and then the code geto executed. 
This branch is necessary because code updating the interruption instruction queues and IPSvV 
should not cause TLB misses as the PSW _Q bit is turned off. 
thandler() after returning from the call to trap() restores the context not connected with 
ln~truction queuel:) and PS\V etc~ and pcrforIrll:l the Linal rel:)tore sequence to rel:)taJt cxccutlng 
thc codc of the current thread by branching to restore-Bs_trap. 
Thi~ COIIlpkte~ the overvlev" of the ilnplelnentation of trap and lntcrrupt handling. 
A dctailed de~crlption of the controlllow of lntcrrupt handling l~ nov" prcsented. Thc vaJ·iahlc 
istackptr containo the pointer to the bottom of the TCS if the code is not executing on the TCS. 
istackptr is set to zero whenever the code is running on the lCS. The variable nbit indicatefl 
the current interrupt nesting level. 
The detailed flow of control for interrupt handling is given below. 
1. Hardware branches to one of the first level interrupt handlers in locore.s. The processor is 
in physical mode. Interrupts and the PSW _Q bit are disabled. 
2. The fi rst-level handler oaves registers ARGO, SP, rl which will be uoed ao scratch and brancheo 
to ihandler(itype) in asnLrv.s 
3. ihandlerO performs the followi ng operations: 
9PA_IUSC interruptions #6, #15, #16, #17 are are treated slightly differently. All TL13 misses are first handled 
in kcrn/PARISC/locorc.s. If the page is found in the PDIR then the tlb is refilled and control is returned to 
the executing thread. If the page is not found in the PDIR (see Inouye [11]), then thandlcrO is called ¥!ith the 
appropr-jat~ pag~ rault typ~ (Tnstruction [non-ao::e:ss] pag~ rault. or Data [non-ac.ce:ss] page: rault) as the: case: may be:. 
33 
(a) Incremcnt nbi t. If nbi t e~uab two, thcn ,wItch to thc ICS. 
(b) If nbi t is greater than two, continue using the current SP as we will be definitely on 
thc ICS. 
(c) If nbi t equals one, then check for which one of the following cases is true and execute 
the corresponding code: 
i. Already on TeS. This cafle "vas posfli ble as interrupts were tu rned on d IJ ri ng booti ng. 
T his case can arise only if interrupts are enabled during booting. The interrupts are 
not enabled during booting in the nOrIIlal execution. In an~y case, if .iIltcrrupt~ an~ 
Ie-enahled eluring booting~ the current SP 11:) used. 
11. Check if we are running 011 the user stack or system fltack of the thread. The state 
has to be saved on the system stack in this case. This requires saving the interruption 
parameter registers in the equivalently mapped tmp_save_state struelure, turning 
on virtual rIlcrIlory and checking CurThread\; ksp. If ksp (XIUab zero, the thread 
was executing on its SystCIIl stack and so keep the SP unchanged. If ksp is not equal 
to zero, the thread was executing on itfl IJser stack and ksp contains the pointer to 
its system stack. Set SP equal to ksp and set ksp to o. 
(d) lVIake sure there ifl enough flpace on the selected stackfl. If executing on the flystem 
stack and flyfltem stack overflow is detected, switch to TCS and change interrupt number 
to kernel stack overflow pseudo-interrupt. If executing on the ICS and ICS overflow 
is detected, change the protections of the overflow page available just after the ICS. 
Change the interruption rLlnnber to ICS overflow p~uedo-interrupt. Doth the~e event~ 
are cUlTentl~y unrecoverahle. interruptO pa~se~ thern to trapO whleh gives a panle 
message and craflhefl. 
(e) _Allocate the context frarne of size fr_size(see ~ection 2.2.3) on the selected ~tack. 
(f) save context on the stack, set DP to $global$ of the kernel and call interruptO in 
chorus_trap.cxx with arguments context pointer and interrupt number. 
1. There are two ways interrnptO could be called: If a trap occur~ on the leS or a 
genuine interrupt hafl occurred. Tn the first case, redirect the parameters to trapO. 
Tn the latter case, call SupItHandlerO. 
ll. SupItHandlerO calls routines attached by the ItConnectO calls. The various 
interrupt~ are handled a~ follows: 
• r"';rierna! Int~lTl1pt #4: the attached routine is SupItSelectorO. This routine 
is attached in SupBoardInitO in svBoard.c during kernel initialization. The 
clock handlers connected in SupBoardInitO get executed by SupItSelectorO 
every tIme Interrupt #4 occur, and the EIRR 0 bit I, ,d. Thc"" handle" aJ·c 
part of the kernel and are nece~~aJ·y to satisfy the irnplernentation ~peciJication. 
• Power failucc interrupt #2, Low-priority machine check #5: These interrupts 
do not have a real handler in the current implementation. 
• IIigh [Jl·iol'ity ;VIachifie check #1: Thi, interrupt I, handled at the Jir,t levd it,df 
in locore.s and is u ncha nged from the Tnt implementation. 
(g) Disable interrupts. Decrement nbi t. If nbi t equals one, then restore istackptr to ICS 
stack bottom. This is because the interrupt handling at nesting level () is performed on 
the ~ysteln stack of the current thread. 
31 
(h) Ifnbi t equab zero then check for execution mode of tIll' interrupted thread. if the thread 
was executing supervisor mode then call KnRetSupO and go to step (:3j. Otherwise 
call KnRetUserO. 
(i) If KnRetUserO returns non-zero, call KnAbortHandlerO. 
(j) Restore saved context by loading all the context except those related with PC queues, 
SP l PS\V ~ and .interruption paraIIwtcr rcgi~tcrl:). If executing on the interrupt ~tackl thcn 
branch to $restore_ss in locore.s. Othenvise, branch to $restore_ss_trap in locore.s. 
4. In $restore_ss interrupt.ion instruct.ion CJUCHes and pararllctcr registers an~ going to be \lvrittcn 
into and since the Q-bit will be disabled, there can not be any TIn nusscs. Disable interrupts. 
Turn off VM and Q bit and Protection bits. Restore the remainder of the state from the 
previolJs interrupt after calculating the new psw. Restore SP and perform l~fi instructioll. 
The new psw is given by the following relation: 
New psw = (CLOHAL_VAR_MASI< && ipsw) II globaLpsw 
The operations at $restore_ss_trap will be de,cribed in the trap handling description. 
Once the restore sequence is done, the normal mode of execution is resumed. A detailed flow 
of execut.ion for trap handling i~ now prcl:)cntcd: 
1. Hardware branches to one of the first level trap handlers in locore.s. 
2. The fi rst-level handler saves registers A RCO. SP, "1"1 which will be used as scratch registers 
and branches to thandler(itype) in asnLrv.S 
3. thandlerO performs the following operations: 
(a,) If currently executing on the ICS~ then allocate a context fraIIlc 011 the ~tack~ storc the 
interruption paJoaIIlctcr rcgistcn; and branch to step ( 3f) in ihandlerO. IncrCIIlcnt nbi t 
to 8nfllJre compatibility \vith interrupt handler code to execute correctly. 
(b) If not executing on the leS. then the context has to be ,aved on the system stack of 
the thread. Find ,tack on which the thread was executing. This requires the v:vr to be 
enabled. Hefore turning on VM, store the registers that might get trampled by turning 
on v:vr due to tlb misses into the equivalently mapped tmp_save_state structure. If 
current thread's ksp equals zero. the thread is executing on system stack. Otherwise, 
ksp contains the sy,tem stack pointer of the thread. Obtain the stack pointer if ksp is 
nOll-zero and sd the SP register to ksp. Otherwise, do nothing. 
(c) If sufficient space is unavailable on kernel stack, switch to the lCS and change interrup-
tion number to the psuedo interruption "e,.nel-~tack-ocerjlow (LKS_OVFL) and allow 
the interruption nUlubcr to lloat up to the next layer just as in ihandler{). 
(d) Allocate space on the selected stack. store the context onto the stack. Set DP to 
$global$ of kernel and call trap(). 
(e) trap() passes all the memory management traps to V mHandler(). The traps Break, 
High Privilege Transfer, Low Privilege Transfer, Taken Branch are passed to Sup-
TrapHandlerO. The traps /1.ssist Ernulation and /1.ssist E:ntptio'(l an~ not currently 
I:lupported. The default behavIor for un-I:lupported or Irrecoverable errorl:l II:l to panle 
with a message. 
35 
SupTrapHandlerO calls the connected handkr if a handler to the trap is connected. 
Otherwise, it calls KnHandlerO. SupBrkHandlerO is connected to the Hren,j, trap. 
This checks the parameter of the break instruction available in the context and cails the 
Kernel debugger if the condition succeeds otherwise, it calls KnHandlerO. 
VmHandlerO chech the type of trap and the space (user or system) in which the trap 
hafl occurred. (-'or Rome of corn bi natiollfl that are unrecoverable (for example:Tnstruc:tion 
page fault in the system space), the function panics. For the various trap and space pairs 
for which the portable layers can make a decision, V mHandlerO calls faulLhandleO 
which cails execPageFaultO. The Chorus page fault interface requires execPage-
FaultO to be impkmented by the machine dependent layer (sec section 3). The han-
dling ofvariolJfl memory management traps ifl outlined belcn\': 
TLB miss faults : Before performing any other action, the Chorus memory manage-
ment data struct ures need to be consulted. fault_handleO cails execPageFaultO 
to detennlnc \lvlwtlwr the page has been rnappcd .in the portahle I:ltructuTCI:) but not 
yet allocated by the machine-dependent layer. 
Non-access TLB miss faults: For non-access TLB misses, PDIR search failure for 
LPA and PROBE instructions does not result in a page being brought into memory. 
Therefore, fault handling for these cases abo ends in stage one. For LPA, we IIlay 
have to modify the base register (if speciJied in the faulting instruction). PROBE 
and LPA handling ends by setting the N bit which nullifies the next instruction. 
Memory Protection Faults: Protection and alignment faults are handled exclu-
sively in stage three. AligIlIIwnt faults result whcn a either a storc or a load in-
struct.ion access an address "vllich is not aligned as per the rCCJU1rCIIlcnts of the 
flpec:ific instruction. Alignment faults are exclusively due to bad code and their han-
dling ends in stage three by sending an error message to the user process. Protection 
faults may occur due to iilegal accesses to pages or due to copy-on-write violations. 
The latter necessitates a call to execPageFaultO. 
(f) Hegin the return from exception sequence. Restore mOflt of the context from the context 
frame except those pertai ni ng to interruption add reSfl q ueues l pSTJ and \vorki ng registerfl. 
Branch to restore.ss_trap. 
4. $restore-Bs_trap is more complicated tha n restore_ss si nce we are deali ng with non-eq uivalently 
mapped system stacks. \Ve need to first copy the context to be restored in to the equiva-
lently mapped tmp_save_state structure before we can turn off VM. Operations similar to 
restore_ss are perfonIled. In add.ition l if the thread .is returning to user rIlo(k, the ksp of 
the thread is updated. This check can be done by check.ing the nest.ing level of the traps on 
the system stack. 
Discussion : 
IVe reused most of the Jirst and second level handling code from the Tut project and this greatly 
s.irIlpliIied the irIlpleIIlentation. The Iirst level of .interrupt.ion handling in locore.s is unchanged 
from Tilt. The second level of Trap handling code asm_rv.s remained basically the same except for 
a few modifications related to the accesfling the current thread and its descriptor. The ofFsetfl had 
to be modified to access the appropriate fields in the KnThreadCtx structure. Interrupt handling 
code required extensive changes. Chorus requires that on the Jirst interrupt (nest level O)~ the 
context of the current thread .is saved on the systerIl stack and not on the IeS as .in the case of 
36 
Tut . This means all the probkms of non-e~ui valently mapped stacks that arise in trap handling 
also find their way into interrupt handling. Chorus requires the current interrupt nesting level to 
be maintained by the machine dependent layers. This was one of the additions. The third level of 
handling is more operating system specific and had to be wrillen for Chorus, although some pieces 
of Tnt code were rcw:;ccl. 
2.2.12 Timer and Console Management 
Timer management ifl implemented in kern/PARISC/svBoard.c. 
The fu nction SupBoardInitO connects clock handler clockO and clock_ackO to the clock 
interrupt in descending order of priority. ciock() calls the portable kernel exported function Kn-
TimeInO and returns. clocLack() acknowledges the interrrupt by resetting the dock interrupt 
bit in BIRR and rescheduks the interrupt by writing ( currentTime + rescheduling interval) into 
the TTfvlR register. 
SupPreciseTimeO is trivially implemented in the sallle file by returning the value in the 
ITMR register. 
SupPutChar(), SupGetChar(), SupPoliChar() are also implemented in 
kern/PARISC/svBoard.c. For details on their implementation, see [14]. 
The Sllpt./'vi~o/' is responsibk for connecting at kast SupPutChar() and SupGetChar() 
behind a trap so that library functions can be implemented. Tn the case ofPA-RTSC, three system 
calls PutCharO, GetCharO, PoliCharO are implemented using the system call interface and 
can be called from user or supervisor actors. 
2.2.13 Debugger 
The debugger function SupDebugger() is implemented in kern/PARISC/debug.c. yIost of 
the code to implement the debugger has been ported from Chorus 3.3 sources for the compaq386. 
The debugger is minimal and can perform the following functions: 
• Show what cornrnands aJ·e available and syntax (help facility). 
• Recover froIH a, break lIl~tructioIl. The debugger does not have the capability of setting a, 
break point. Currcntly thc dcbugging il:) donc b~y having an cxplicit uf'(:ak inl:)truction in thc 
sou rce code. 
• YIodify data 
• Hex dump of memory 
• Show interruption context if the debugger is called during the interruption handling phase. 
• Changc dcbug tracc level 
• Toggle thc Inorc option in during traccl:). Sctting thil:) option "vould cau~c traccl:) to paul:)c for 
input aftcr cvcry 24 linc~. 
• Show the context switch history of whole system or that of a particular thread. The history 
di~play~ thc following infonnation ahout thc I:)witch: 
Is the switch voluntary or caused by preemption 
cause of preemption 
37 
- The thread descriptor oftlw thread which is the destination thread of the context switch. 
The hil:ltory is IIlalntalncd in a clrcular bulfcr. 
• Show the history of the interrupts and traps. The histories of traps and interrupts are 
maintained in separate circular buffers . 
• Visualize the scheduler, actor, thread, message and port data structures. This functionality 
is provided by the portable layers of the kernel (kern/knPrint.cxx, kern/knMk.cxx) and 
the appropriate fUIlct.ions ""ere calleel fnnn SupDebuggerO 
The debugger has been connected behind the PA-RISe break Trap (#9). The instruction 
break causes a break Trap. The break instruction takes two parameters that can be used in re-
solving the break instruction processing. The instruction b'('eak BI1_DEBUG,O causes the pro-
gram to enter the debugger. To achieve this, a generic break handler function SupBrkHan-
dlerO is first connected to the H"mle trap using SupTrapConnectO. See SupBoardInitO 
in kern/PARISC/svBoard.c. This handler is invoked by the event handling code(see section 
2.2.11). SupBrkHandlerO calls SupDebuggerO if the first parameter of the break instruction 
is DILDED"CG. 
The library function callDebugO is impleIIwnted in lib/PARISC/utDbg.s and basically 
contains the bren,j:instruction with HTLIH:HUC as it's first parameter. 
2.2.14 Kernel Initialization 
The function startO is implemented in kern/PARISC/sv.cxx but is not the entry point of 
the kernel image. In most other Chorus implementations, virtual memory initialization is done 
cntlrd~y in the boot prograIIl portion of the boot archive and the kernel has to perfoTIn oIll~y its 
own initialization. Tn the c:afle ofPA-RTSC, because of the reUfle of Tnt code, it ""vas easier having 
the kernel do all the initialization in one, mostly unchanged, procedure than try to break up and 
modularize the low-level code. For more details on booting, see [12]. 
Control is transferred to the kernel entry point rdb_bootstrap in kern/PARISC/locore.s 
fnnn the boot prograrn part of the boot archIve. At thll:) poInt InterruptI:) an~ dll:)abled and the 
procel:)l:)or 11:) In phYl:)lcal rno(k. DP, EIRR, IVA l SP~ I:)pace regll:)terl:) and ~orne global varlablc~1:) an~ 
initialized fo11owed by a ca11 to realmainO in kern/PARISC/vm_machdep.c. realmainO 
maps the kernel and returnfl the next available phYflical page. Then virtual memory is turned on 
in kern/PARISC/locore.s and control transfers to startO. 
startO performs all the functions specified in section 2.1.6 in addition to disabling the scheduler 
and Initializing the CurThread variable that pointl:) to thc current executing thrcad. Thc initializa-
tion of Cur Thread is neceflsary so that trap and interrupt handling code that refer to CurThread see 
a legal value even though the thread has not actua11y been created. startO ca11s KnInitO which 
makes the executing kernel initialization code the first thread of the operating system. KnInitO 
returns the system stack pointer to be used by the first thread. At this point, the first thread's 
dCl:)crlptor getl:) rnanually built, in a rnanner I:)lrnilaJ· to that b~y SupCtxInit(). Thll:) 11:) nccel:)~aJ·y 
because the thread i~ already runnIng. It i~ like bootl:)trapPlng the thread abstraction. Then a 
stack switch from the interrupt control stack (TCS) to the a110cated system stack is done fo11owed 
by a branch to KnMainO. This function never returnfl. 
38 
Page Fault :rviaehine Dependent :rviaehine Independent 
I 
exeePageFault() VmFtHandler{) 
I'igure 9: Chorus Page I'ault Interface 
3 Chorus Page Fault Interface 
AI:) there 11:) little dOClunentatlon on portIng the Chorul:) virtual rnernory urut, rno~t of thl~ Infonnatlon 
was gathered through word-of-mouth and aSflumptions made from reading Chorus flource code. 
3.1 Requirements 
FIgure 9 showl:) the procedural Interface bd\lveen the rnachine-dependent cock and the rnachlne-
independent code. The routine execPageFaultO should be called by all the low-level trap handlers 
requesting access to the portable layers. This procedure represents the machine specific end of the 
bridge between the machine dependent (ynn;) and the machine independent (VY!) layers. The 
routine VmFtHandlerO repre",nts the VM end. The Ilk kern/vrn/pvm/pvrn.hxx contains a 
fault descriptor structure (grniPullInArgs) (shown in Figure 10) that is used to pass information 
between these two layers and is the only parameter paflfled to Vn1FtHandlerO. The deflcriptor is 
created in execPageFaultO. The machi ne-dependent layer is responsi ble for filii ng in the fields for 
jtAddr. jtAcccss. nonAccess and prContext. The field jtAddr contains the address which caused the 
faul\. The type of access i.e., read or write, is specified in the field jtAcccss. A pointer to the faulting 
context Is Inserted Into p,.Contt'J:t. ~on-access page faults an_~ IndIcated when the non/icct'88 Hag 
Is non-zero. The norL:\ccel:)l:) Hag IndIcates that the portable layers are onl~y being consulted about 
page protections and that the faulting page should not be swapped back into memory. 
If the page fault is resolved by the upper layers then VlllFtHandler() returns K_OK. The 
prPage field should now contain a refererence to the mmuPage descriptor that represents the desired 
page. The jJl'Pmt Jidd represents the protections that should be assigned to the page. It is then 
the respon~lbillty of the rnachlne-depen(knt ~ectlon to load the page Into the proper context. 
3.2 Implementation 
The routIne VmHandler(KnThreadCtx* ssp, int type) lrnplernents the rnernor~y rnanage-
ment trap hamllers. All the handlers in stage three which need access to execPageFaultO call 
fault_handleO , which performfl additional checks on the space T]) and performs certain recovery 
actionfl as described below. 
execPageFault() is implemented in kern/PARISC/llllllU.CXX. This routine sets up the 
fault descriptor and calls the portable layer. 
The Chorus portable layer, speciJically VrnFtHandlerO, is called by execPageFau1tO and 
Is pa~l:)ed a poInter to a fault de~crlptor. Should the page fall to be found, then the kernel exceptIon 
39 
struct grniFaultArgs { 
grniAddr 
}; 
grniFlags 
grniOffset 
grniCache* 
grniFlags 
struct grniPulllnArgs 
int 
}; 
grniContext* 
vrnPage* 
grniFlags 
grniOffset 
gmiSize 
operationDesc* 
grniCache* 
int 
grniFlags 
grniOffset 
grniSize 
grniCache* 
grniOffset 
grniFlags 
ftAddr; 
ftAccess; 
ftOffset; 
ftCache; 
ftFlags; 
grniFaultArgs { 
nonAccess; 
prContext; 
prPage; 
prProt; 
prOffset; 
prSize; 
prOper; 
II Set in MMU layer 
II Set in MMU layer 
II Set in MMU layer 
II Set in MMU layer 
II Returned to MMU layer 
II Returned to MMU layer 
prCache; 
rnapWasOut; 
rnpRequeredAccess; 
mpAccessOffset; 
rnpDataSize; 
rnpTransitSegrnent; 
rnpTransi tOffset; 
rnpGrantedAccess; 
I'igure 10: I'ault Ilescriptor 
handler, KnHandlerO, must be called. In the M88K sources, this is not done in execPage-
FaultO but by either codefault() or dataFault(). This is probably done in this manner because 
KnHandler() locks the kernel, but execPageFault() runs with the kernel locked. 
The routi ne execPageFaultO is responsi ble for determi ni ng the fau Iti ng context, fa u lti ng 
address, and the faulting page and loading this information in a fault descriptor. 
The fault address is passed to this routine by the low-level trap handlers i.e., VmHandlerO. 
The page address can be found by masking off the lower page offset bits from the faulting address. 
The faulting context can be dctcnnlnccl by cxarn1nlng the acldrc~1:) I:lpacc.in \\Ihich the fault occurred. 
If the address space is STIlO, then the l<ernelContext is responsible for generating the fault. 
Discussion : 
There are loopholes that still need to be plugged. 
One serious problem is the PROBE instruction. This instruction presents a problem in the 
presence of copy-on-write pages. The non-access TLB miss routines can return the correct values if 
they arc called, but if a page 11:) in IncIIlor~y and rnaJokcd cOPy-oIl-\lvritc then the PROllE instruct.ion 
10 
that checks for write a,cce" will fail. The way the Tut group wIved this problem was to track 
down all the OC;ClJrences of PROHI-<: instructions in the kernel and add another procedure call 
when PROBE fails. This cail would check with the Mach portable layers and is similar to our 
execPageFaultO routine when the nonAccess flag is set. Unfortunately, user programs which use 
the PRODE instruction are 011 the.ir own. This issue is not addressed in the current port. It rnight 
be "vise for future PA-RISC iIIlpkIIlcntations to lIIlpkrrwnt the PROnE instruction as a software 
trap which would allow user programs to receive the correct treatment of the infltruction. 
The presence of non-access T'f..H rniSfl faultfl requirefl that certain additions be made to the page 
fault handler in the portable layers. Non-access TLB miss faults are not supposed to cause the 
faulting page to be brought into memory. Since the portable layer is cailed to resolve access rights 
in the case of nOll-access faults caused b~y PA-RIse [J'rouf: .instructioIlS~ it was necessary to Iuake a 
fev" changes to the interface so that the faulting page "vas not ~wapped back into Inelnory. 
Rather than change the number of arguments passed to each procedure in the fault handling 
sequence, a field, nonAccess, was added to the fault descriptor, i.e.,the structure gmiPullInArgs. 
This modification results in not having to change the format of any procedure cail in the portable 
layer. "Vhen the nonAccess Jidd is non-zero, it indicates that the current fault should be handled 
as a non-acce~~ fault and the swapper should not be called. 
4 System Call Interface 
The system call interface dea1fl with the code and control flcnv that OCCIHfl during the execution of 
a system call. The purpOfle of a system call is to gain higher privilege flO that a Ufler can execute 
privileged operations in a controiled fashion. 
The usual method of making a system cail on many architectures is to execute a trap instruction. 
SOIIW arllount of state get~ storcd~ at "vhich point thc operating systern recognize~ the trap a~ a 
request for a s~y~teln call. Then the user pararnetcr~ get copied into kernel space and thc ~J'rsteln 
call routine ifl performed in privileged mode. The return values are then copied to user space and 
regiflters are appropriately flet. FinallYl a return to user mode OCClHfl afl \vith an exception. 
T he Chorus system cail interface requirements and system cail stub generation environment is 
detailed in section 1.1 and the implementation on PA-RISC is detailed in section 1.2. 
4.1 Requirement.s 
Chorus supports two types of actors: supervisor actorfl and Ufler actors. Supervisor actorfl are 
privileged and live in the kernel space. Although Chorus can conceptually use the same system 
cail interface for user and supervisor actors, it is expected that different system cail interface 
is ilnplcrllented for each type of actor. The rationale is that ~upervi~or actors do not require 
the protection chccks and the cop~ying that is needed for user actor~ and thu~ can have a Inorc 
streamlined interface. It is important to note that this is only an implementation dec:iflion and that 
the same interface can be ufled for both user and supervisor actors if flO deflired. Our goal was to 
implement both types of interfaces. 
Chorus provides a general frame work for writing the stubs for supervisor and user system 
cails. The stubs are expected to be generated by the utilities mk[s]lib(). The Jile lib/mklib.c 
is expected to produce the cxccutable mkslib for gcncrating ~upervi~or s~ysteln call ~tubs when 
compiled with -llSl"P_CALLS flag, or produce the executable mklib by default for generating user 
system call stubs. The executables mklib and mkslib have the following command line syntax. 
Ink[ s ]lib tiystt'IIl-call-lulIIlt' tiy.,:;iurl-call- l1undJt',t 
11 
The otandard output for mk[s]lib io stdout. 
All the compiled stubs for the supervisor acto", are expected to be in lib/chorusSv.a and 
those for user actors in lib / chorus.a. 
The kernel attaches the system call routines for user and supervisor actors by executing scSys-
temInit() and sc U serInit() which, in turn, call SupCaliConnect() with appropriate paJ·ame-
ters. It .is the rcspollsihillty of the Supf'f'visof' and the systcrll call interface lIIlpleIIwntat.ion to call 
the corred system call routine inside the kernel \vith the parameters for the system call given by 
the IJfler or slJperViflor thread. 
4.2 Implementation 
Tn the case ofPA-RJSC) there are hvo mechanisms that can be IJfled for implementing a system call 
interface for a user . 
• By causing a trap in the system call stub. This method is similar to that described in the 
introduction of system call interface (section ·1. An example for PA-RISe is to have a break 
instruction with an appropriate paraIIlctcr value as the last instruction in the stub . 
• ily UI:,ing the gatt,way IIlcchanlsIIl. PA-RISC provides a (iJITE instruction [10] to pcrfonn 
a controlled transition from a lower privilege level to a higher privilege level. Pagefl can 
be mapped with special access control information and are called gateway pagefl. A gate 
instruction executed in these pages promotes the privilege level of the code that is executing. 
The pri vilege kvel obtained depends on the access control inforrllation for that page. 
The gateway mechanism was chosen in PA-RISe for implementing the system call interface for 
user actors. The advantage of this rllechanisrll over trap-based systerll calls is eHiciency because no 
saving and restoring of full user state is necessary (as for any trap or interrupt) before it is realized 
that the trap is a deliberate mechanism to enter the kernel to perform privileged operationfl. Tnt 
code uses the same mechanism for implementing system calls. The stub interface for user actors is 
detailed in section 1.2.l. 
For rllost Chorus irllplerllentations~ the supervisor actor systerll call stubs rllake a procedure call 
to the required systerll routine in the kerneL The address of the systerll routine was calculated 
from the starti ng add reflfl of the kernel's vedor of system routi nefl for flupervisor ador flystem callfl. 
Thifl add ress is made available in the /loot structure for all the supervisor actors and is set by the 
kernel during kernel initialization. \Ve decided to adopt the same approach. The implementation 
of this interface turned out to be more complicated than most chorus implementations on other 
architectures and is ddalled in section 4.2.2. 
Tn ollr port, code executes at privilege level 0 (the higheot privilege) or at privilege level a 
(lowest privilege). l,evels 1 and 2 are not used. Code in superviflor adorfl and kernel executefl at 
privilege level () and that of user actors at privilege level 3. 
4.2.1 System call interface for user actors 
The s~ysterll call interface for user actors is irllpkrllented in lib / lTIklib.c, kern/PARISe /locore.s~ 
kern/PARISC / asm...scall.s, and kern/PARISC / svConnect.cxx. 
The gateway pages are mapped d II ri ng the kernel initialization phaoe and are oet lip such that 
promotion to privilege level () occurs at the target address of the gate instruction. 
A new gate\lvay page has been ddined exdusi vely for chorus systerll calls that rllirll1cs the IIP-UX 
gateway page. It is physically contiguouo with the IIP-UX page but is mapped at virtual address 
12 
""'" , 
begining of stub ;;;;;;;;;;;;; 
.code 
.export threadCreate,code 
threadCreate 
Idil L%Oxc0006004,r1 
Idi 31,r21 ; Sub System No 
ble R%Oxc0006004(sr7,r1) 
Idi 30,r22 ; Call No for threadCreate 
bV,n rO(rp) 
nop 
""'" , 
end of stub 
"""""" , 
Figure 11: T; ser Actor System call stub example 
CHORl'S_SYSCALLCXIT defined in include/PARISC/syscall.h. This virtual address is six 
4K pages greater than SYSCAT.T.CAT~;, the virtual address of the HP-l'X gateway page. The 
address assignment is based on lhe following constraints: 
• The new gateway page address should not clash or overlap with HP-UX gateway pages. 
• Thcrc ~hould bc suHicicnt rOOln for growth in thc virtual addrcss spacc for Inorc IIP-UX 
gateway pages. 
• The addre," should be in the fourth quadrant. 
lib/mklib.c has been modified to produce lhe user and supervisor stubs for various syslem 
call~. Thc a,sscIIlbly languagc stub for thc SYStCIIl call thrcadCrcatc is ~hown in ligurc 11 as an 
cxaJIlplc. 
The stubs for the user actor system calls are similar to the system call stubs for HP-l'X except 
that one more temporary register has a dedicated Ufle. Tn HP- U X , the system call n umber is loaded 
into gr22 (referred to as CN). In Chorus, HP-T;X or unix-like operating systems are expected lo 
be implemented as sub-systems on top of the micro-kernel. Therefore, the syslem call stub should 
specify the sub-system which should handle the system call. IIence, in PA-Chorus, the sub-system 
number is also passed (in register gr21) to the kernel. The IIP-rx gateway page has been retained 
for the long term goal of maintaining HP-CX binary compatibility. The idea is that when a binary 
image makes a system call using a slandard HP-T;X slub and branches to lhe HP-UX gateway page, 
we just branch lo the Chorus gateway page with lhe hpux subsystem number sel. The system call 
can thcn bc handlcd in thc ~alnc way for all SYStCIIl call~, \lvhcthcr fnuIl Chorus or froIIl othcr 
subSYStCIIlS. 
The control flcnv during a system call is as follows: 
• A uscr actor IIlakc~ a s~y~tcln call by cxccuting thc corrcsponding labelcd stub in lib / chorus.a. 
• The system call stub loads the sub-system number in gr21, lhe system call number in gr22, and 
performs an inter-space branch and link (ble) to the virtual addw," CIIORCS_SYSCALLGATE. 
Thc uscr arguIIlcnt~ to thc SYStCIIl call arc in gr~ 23-26 and/or on thc u~cr stack. Thc Chorus 
gateway page is implemented in kern/PARISC/locore.s. 
13 
• The code In the Choru~ gate"vay page rajl:)e~ the prlvllege level to 0 and perfonnl:) a vectored 
branch to a potentially different label based on the sub-flYfltem number. Tn the current im-
plementation, a single label (chorus->;yscallinit) is used [or system call handling [or all sub-
system numbers. This is a hook in case system call handling needs to be per [armed differently 
bal:)(xl on the ~ub-I:)yl:)tern nurnber. chorus~yscallinit 11:) In kern/PARISC/asm~calLs. 
• At chorus~yscallinit, the followlng operatlon~ an~ perfonned: 
Switch to the current thread's kernel stack to perform the system call. To achieve the 
switch, the sYfltem fltack pointer is read from the ksp field of the current thread's currCtx 
structure. 
Allocate a context frame on the kernel stack by incrementing the system stack pointer 
by fr->;ize. Ylark that we are on the kernel stack by zeroing the ksp field in the context 
frarne. Thc bcglnlng of contcxt frarnc would be refcrred to as ssp. 
Save thread 'peel!ic register, SP, DP, GR31 (contain, '''LT ,tub rdurn addre,,), RP, 
SR4, in the and mark that this is the first frame on the system stack. 
lVIark that \ve are performing a flystem call: 
ssp--+state-.flags = TCH_L\SYSCALL, 
Pass the system call number in the context by setting a temporary register in ssp: 
ssp--+TCH_RXII = CN 
This system call number is used by SupCaliHandlerO. 
Copy argO-arg3 into the context frame. These arguments are passed to the system rou-
tine by SupCaliHandlerO. Call SupCaliHandlerO (kern/PARISC /svConnect.cxx) 
"vlth thc polnter to sa vcd context (~~p) and sub-systcrn nurnbcr. 
• SupCallHandler{) perfonrll:l the followlng operatlons: 
Get sYfltem call number from ssp: 
SysCallNo = ssp--+TCH_RXII. 
Check the userTrapVect table. Check if a handler is present. 
If a handler is present then check ifthe num ber of arguments to the system call is greater 
than [our. If true, then copy the extra arguments [rom the user stack using svCopyInO. 
Otherwise do nothing. Call the handler with all the parameters. The decision to copy 
the extra user aJogurnents Into a tcrnporary space before calling thc handler l~ rnakc 
Ufle of the compiler in creating the stack frame to call the handler routine. Copying of 
parameters that are passed by reference from Ufler space to kernel space ifl left to the 
individual system calls. 
If a handler is not present, then call KnHandlerO. 
• Check if system call needs to perform a complete restore sequence. This check was needed in 
IIP- UX to handling ,ignal" It wa, retained ,ince it could be a u,dul faellity for ,ub-sy,tem 
managers. This check is done by checking state31ags Held of ssp for the TCll_DORFI 
bit. If the bit is set) then perform a full restore flequence that ifl very similar to return-
ing from an exception. Othenvifle, the thread flpec:ific registers that have been stored at 
chorus->;yscallinit are restored, the ksp field in the thread's currCtx is updated, and an 
cxtcrnal branch Is perfonned to thc uscr actor'~ return addrc~s, I:)lrnultancousl~y lowerlng the 
pri vilege level to 3. 
11 
Thll:) corIlpletel:) the outline of l~ ~(T actor l:)~y~terIl call1nterface. 
Discussion : 
T his implementation is another instance where Tut code was reused. The main file of reuse is 
asm_scall.s. vVe started from this file and modified to suit Chorus calling conventions and thread 
acccl:)l:). 
4.2.2 System call interface for supervisor actors 
Tn the cafle of flyfltem call interface for superviflor actors, the flystem call fltub is flimilar to a 
procedure call in most Chorus implementations. This was possible as the requirement of Chorus 
that supervisor actors live in the kernel context was sufficient to perform this optimization. 
In the case of PA-RISC~ thls was not qulte the ca~e. Thls l~ because of the l:)aIIle data polnter 
($glabal$ ) probkm mentioned in section 2.2.9. Since each image in the kernel space has its 
own datapointer ($glabal$ ), calling a rolltine directly in another execlltable is not possible even 
though all the flupervisor actorfl flhare the same flpace id. To execute a procedure of the kernel 
from a supervisor actor, the processor's DP register should be set to that of the kernel's $glabal$ 
before calling the kernel's procedure and restore the supervisor actor's $glabal$ on return from the 
kernel procedure. This 11:) exactl~y what the ~upervl~or stub perforrIl~. An exaIIlple of a ~upervll:)or 
system call stllb generated by lib/mkslib is given in figllre 12. The stllb is for the system call 
threadCreateO· 
The stub performs the following actions: 
• Save the cllrrent DP and RP in the frame marker allocated by the calling conventions, 
• Initialize the DP register by the Kernel's DP available in the Root Stl'uctu'('e [12] which is 
mapped, privilege level 0 read-write, into qlladrant 4. 
• Gd the address of the Supervisor system call tabk from the Root St'l'llcfllre and calculate the 
olr~et of the l:)y~teIIl call routlne a~~oclated wlth the ~~y~terIl call nUIIlber. 
• invoke the system routine 
• Restore the supervisor actor's DP and RP from the frame marker and return to the supervisor 
actor code. 
Hy branching directly to the system rolltine, the parameters to the system call can be directly 
reused by the system routine thus avoiding the copying of parameters on the system stack. 
Discussion : 
The system call table is an array of structures. The structure has 2 elements: a function 
pointer and the number of arguments. T,\llL_ELYIT_SIZE and yeN C_OFFSET deJine the size of 
the structure and offset to the function pointer respectively. Thefle definitions are fragile and mUflt 
be automatically generated from the structu re defi nitions. 
·15 
""'" , 
begining of stub ;;;;;;;;;;;;; 
.code 
.export threadCreate,code 
threadCreate 
#define TABL_ELMT_SIZE 8 
#define FUNC_OFFSET 4 
stw dp,-32(sp) ; fm_edp posn in the frame 
stw rp,-24(sp) ; fm_erp posn in the frame 
ldil L%Oxd0000448,dp 
ldw R%Oxd0000448(dp),dp 
ldil L%Oxd0000024,r1 
ldw R%Oxd0000024(r1) ,r1 
ldw 30 * TABL_ELMT_SIZE + FUNC_OFFSET(r1),r1 
blr rO,rp 
bv rO(r1) 
nop 
ldw -32(sp) ,dp 
ldw -24(sp) ,rp 
bv rO(rp) 
nop 
#undef TABL_ELMT SIZE 
#undef FUNC_OFFSET 
""'" , 
end of stub 
fm_edp posn in the frame 
fm_erp posn in the frame 
"""""" , 
Figure 12: Supervisor Actor System call stub example 
5 M utex Interface 
In Chorus, Semaphores and l'iIutexes are data struelures that are defined by an aelor in it's address 
space. The kernel is invoked for ail semaphore operations. For mutex operations, the kernel is 
Invoked only only when the threadl:) have to be blocked behInd a IIlutex or unblocked. In the 
Ideal ca~el ""here the thread~ never atteIIlpt to enter a crItIcal regIon w hlle another thread l~ In Itl:) 
critical region, the kernel will never have to be invoked. Thus, mutexes provide an efficient means 
of synchronization at the cost of fairness. Semaphores, in contrast, guarantee fairness at the cost 
of efficiency. 
In the case of I:)upervlsor actor, the seIIlaphore or IIlutex data I:)tructure 11:) dIrectly acces~ed, 
whereal:) In the ca~e of user actor, the seIIlaphore or IIlutex data I:)tructure 11:) copIed Into the kernel 
space (as in any IIser system call). 
5.1 Requirements 
The IIlutex Interface con~l~t~ of the followIng functlonl:). .All the functlon~ take the addre~~ of 
mutex (KnMutex *mutex) as parameter. The specification is taken from the Chorus Programmer's 
manllal[.5]. 
mutexlnitO The Illutex Is InitIalized to I('t£. 
16 
mutexTryO : Acquire a rllutex. If rllutex il:) free l then rIlutex i~ lockexl l returns value 1 and 
execution proceeds normally. If mutex is locked, then the call returns O. 
mutexGet() : Acquire a mutex. If mutex is free, then mutex is locked, returns value 1 and 
execution proceeds normally. If mulex is locked, block the thread until the mutex becomes 
free. 
mutexRelO : Release a rIlutex. If threads are blocked on the rIlutex~ one of therIl is awakened. 
5.2 Implementation 
The following atorIlic read-rIloclify-v..irite in~truction~ are available on PA-RISC. Thel:)e an~ basically 
load and clear instrudions: 
• Idew;/:: Load and Clear ,Vonl Indexed 
• IdClD8: Load and Clear Word Short; Short refers to usi ng a short displacement parameter 
rather than a short \vord. 
Doth instructions clear the location at the dfective addre~s and the previou~ contents of the IIwrIlory 
location are loaded into the destination register. (-'or details on the instrudions l see the PA-RTSC 
architecture manual[lO). Anyone of the inslructions can be used for mutex implementation. The 
Idcw.t instruction was chosen for PA-Chorus. 
The factor~ to be n~l:)olved in irllpkrIlenting rlluteXel:) were: 
1. PA-RISC load and clear inslructions require the effective address of the memory location lo 
be aligned on a 16-byte boundaJ·Y. 
2. Since rlluteXel:) are declared in an actor'l:) addresl:) I:)pace, there i~ no kernel control over what 
the align ment will be. 
3. The m utex strudu re is a black box to the user or supervisor ador and all operations are 
performed lhrough kernel exported functions. 
·1. There should nol be any change in the syslem call interface. 
5. The portable la~yers of the kernel involved in irllpkrIlenting the kernel paJt of the rllutex 
operations a~~urIle that a value of 1 indicate~ locked and 0 indicate~ unlocked. In the case 
of PA-RISC it is not possible to have a value 1 for locked as the instructions provided are 
load and clear i nst rUdions. 
The fi rst alternative \vas to enter the kernel for every mutex system call. Tn the kerne1 l the system 
call routine \vou1d disable interrupts, perform the read and write operations in separate steps) re-
enable interrupts and return. This allernative was rejected since it decreased the performance of 
mutex opera lions greatly. It made them as costly as semaphore operations which defeated the 
purpose of using rllutexe~. 
The following alternative was adopted. The }Iutex structure ddinition given in the choru~ 
public interface file includejchorus.h has been modified. The structure prior to modification is 
given in figure 1:3. 
The alomic operalions for mulexes need lo be performed on the lock field of the Knl'iIu-
tex/KnSerIl structure. The other rIlerIlber~ corlle into play onl~y when the rllutex is not free or there 
are thread~ to be rdea~ed. 
17 
typedef struct 
int 
SemQueue* 
int 
unsigned 
} KnSem; 
typedef KnSem 
{ 
lock; 
threads; 
count; 
key; 
KnMutex; 
/* 
/* 
/* 
/* 
used by the mutex operations only */ 
pointer to blocked thread queue */ 
Semaphore Count value */ 
Semaphore key */ 
F.igure 13: KnSeIIl structure ddiultlon before rIlocliJicatlon 
typedef struct 
int 
SemQueue* 
int 
unsigned 
} KnSem; 
typedef KnSem 
{ 
lock[4] ; 
threads; 
count; 
key; 
KnMutex; 
/* 
/* 
/* 
/* 
ARRAY used by the mutex operations only */ 
pointer to blocked thread queue */ 
Semaphore Count value */ 
Semaphore key */ 
Figure 1-1: KnSem structure definition after the modification 
To guarantee a 16-byte aligned lock field, the KniV1utex structure definition was modified as 
shown in figure -14. 
Since lock is now ·1 words or Hi bytes long, there will be one word that is l(i-byte aligned among 
the 1 words allocated for lock. 
The lIIlpkrrwntation of the various IIlutcx functions is given belcn-v. 
mutexInitO : The stub is generated by /lib/mk[s]lib. The corresponding system call routines 
ScUsMutexInit() and ScMutexInitO in kern/scUser.cxx and kern/scSystem.cxx 
have been modified to handle the changed data type of lock and the lock status values. 
mutexTryO : This function is implemented in lib /P ARISe / mutex.c. This function performs 
the follo\lving operations: 
• l'ind the address of the aligned word in the lock array. This is done by the macro 
alignLock . 
• Pass this address to the assembly routine low _mutexTry() in lib /P ARISe / chorusSync.s 
and return the rdurn value. 
This function is entirely an user level librar~y fUIlction. ~o kernclinvocatioll is needed. 
mutexGetO : This function implemented in terms of mutexTryO in lib/PARISe/mutex.c. 
Tfthe mutex is available, then call returns immediately. Otherwise, kernel is invoked to block 
the thread. The blocking call ret urns when the mutex becomes free and the procedure is 
repeated again until the IIlutex becoIIle~ available. The call returnl:l to the u~er only when the 
Illutex i~ obtained by the I:ltub. 
18 
mutexRelO : Thi, function i, implemented in lib/PARISC/mutex.c. Thi, function write, 
VIl"'ITX_U NLOCIO;1l into the J6-byte aligned word ofthe lock array. Tfthreads are waiting 
on this mutex, then the system call k_m utexRel() is invoked to release the threads. The 
function then ret urns to user. 
The stubR for k_lllutexGet and IClllutexRel are generated from lib/mk[s]lib. IVlodifications 
were made to kern/scSystem.cxx and kern/scUser.cxx to deal with the change of lock from 
an int to an int array and to address the l(i-byte aligned word of the lock array. Note that 
.in the case of the kernel routines to handler user-actor systcrll calls there .is an added factor to 
be cOllflidered. Since the user data fltrudure ifl copied into a correflponding temporary kernel data 
structure, finding the aligned word in the kernel copy of the mutex may not be the same as that of 
the user mutex. Additional code was required to take care of the potential difference in alignment. 
6 Modifications to the Chorus Portable Layers 
Several sInali IIlodiJicatioIlS were rnadc to the "portable11 la~ycrs of Chorus to carr~y out our port to 
PA-RISC. This section 811IIlIIlaJ-1:ZCS these IIlodiJicatioIlS and outlines the reasons for rnaking thCIU: 
• Calling the handlers attached by supervisor actors: Chorus requires the kernel and supervisor 
actors to share the SystCIIl addre~1:l I:lpace. The initial del:lign that all ~upervil:lor actor~ and the 
kernel have the ,arne 'pace identity meant that each one of them had a ,eparate $global$ 
. This complicated the calling of attached handlers as Chorus assumed in its portable layers 
that these routi nes can be called di rectly ( (*fn)( ... ) ) as the supervisor actors are in the same 
system space. This cannot be done on PA-RISe (see section 2.2.9). This accounted for most 
of our modifications to the portable layers. See the Supervisor actor interface implementation 
I:lection for a fuillil:lt of the IIlodiJicationl:l and additional functionl:l iIIlpkIIlented. 
Of COlUl:le, even if the kernel and I:lupervi~or actor~ were put in different ~pacel:l "vith different 
'pace Id, but with the ,ame value for $global$ (For example: all u,er actor, on Choru, have 
their $global$ equal to Ox40000000), we will have to deal with other problems of inter space 
linkages similar to a system call. In either case it entails some modification in the kernel 
and/ or the Chorus interface. 
• Stack direction: The portable layers of Chorus aflflurne that stackfl gro\vs tcnvards knver ad-
dresses. For example, the system stack bottom is taken as the end of the stack area, whereas 
on PA-RISC it is the begining of the stack area. This is actually a problem in the Chorus in-
terface ddinition for threadereate "vllich takel:l stack bottOIIl as paraIIleter. The stack bOttOIIl 
would be dilkrent if the ,tack direction i, dil!"erent. A better ddinition would be to 'pecify 
two parameters: 
Addre" of the bulkr allocated for the ,tack. 
Size of the buffer 
On PA-RTSC\ the second parameter could be ignored. On architectures on which the stack 
grows towards lower addresses the size parameter could be used to locate the bottom of the 
stack. 
• Stack initialization: In addition to finding the stack bottom, a frame must be allocated on 
the stack for PA-RISC in accordance with procedure calling conventions of the architecture. 
19 
For cxarIlple~ for ul:)cr thrcad stack initialization~ it is 48 bytcl:). Thcrc is onc instancc in 
knMain.cxx where Chorus does not submerge this fu ndion in the machi ne dependent layers. 
• Stack allocation: The system stack has to be physically allocaled during the thread initial-
ization. Thcrc il:) onc instancc ""hcrc thc portable la~ycrl:) of Chorul:) assurnc that thc sizc of 
the system stack is one physical page. Tn our port it \vas 4 logical pages. This could have 
been done in a portable manner by using the symbolic: constants exported by the included 
machine dependent header files. 
• 16-b~ytc alignrIlcnt constraInt on addrcl:)scl:) for atorn1c load and dcar instructions: This rc-
quired a modification in the mutex data strudure definition in the Chorus public interface 
file. This \VaB the only modification necessary to guarantee a 16-byte aligned address for 
mutexes. The user lreats the mulex slruelure as a black box and this feature aided in main-
taining exactly the same inlerface to the user, wilh very little degradalion in space utilization 
and perforrnancc. 
• Values for mutex unlocked and locked status: This is far more senous than the earlier 
problem. The code in the kernel implementing the mulex operations assumes thal lock 
= 1 implies a locked mutex and lock=O implied an unlocked mutex. vVith load and clear 
Instructions, this assignrncnt will not guarantcc s~ynchronization. A bctter approach \\ioulcL 
havc bccn to irnport a rIlachlnc dcpcndcnt rnutcx hcadcr Jile and UI:)C thc valucs cxportcd by 
this header file in checking for mutex status. The list of modifications is specified in sedion 
.5. 
• ~on-acccss TIn rniss faultl:): Thcsc faults do not rcquirc a pagc to bc brought into rncrnory. 
The portable layers need to know that they need not have to bring in the page. This resulted 
in some modification. See sedion ~j. 
Thc rIlodlJicatlonl:) that Involvcd stack direction, allocation and InItIalization arc as follows. All 
have been done under the compilation Hag PARISe: 
• KnlnitO in kernjknMain.cxx. Correded for stack di redion and allocation. 
• ActorInitO in kern/knMain.cxx. Corrected for stack inilializalion and direction. 
• }Icrnbcr function init() of class mThread. Corrcctcd for stack dircction. 
A qualitative evaluation of Chorus on HP PA-RTSC is presented in[IR]. 
7 Future Work 
The first item that will receive the highest priority is the -Aoating point and coprocessor emulation. 
Right now, any thread performing lhose inslruclions is aborted. This has to be rectified. 
Thc ncxt I:)tcp is to enable thc Iloating point coproccssor and handle the varIoul:) cxccptions. 
Thc Tut codc I:)hould bc ul:)cful in reaching thcl:)c two short-tcrrIl goals. 
Some of the more i nteresti ng experi ments \ve would li ke to do are: 
• li'aster context s\vitches based on recognizing the thread's type and status. For example: A 
system thread uses no -Aoating point coprocessor. This charaderistic: can be used in making 
a fasler context switch. Ylore generally, we would like lo recognize the characteristics of 
thc thrcad that can bc utilizcd to providc dIlcicnt contcxt switchcs. l~ sing thc cornpllcr 
Inforrnation about thc thrcad il:) also an Intcrcsting pOl:)l:)lbility. 
50 
• Taking the I:lupervil:lor acton; out of the ~aJIW I:lpace a~ the kernel and put theln in I:leparate 
spaces. l'vlultiple privilege levels and protection ids can be used to control the access of these 
actors. Inter space calls are very cheap on PA-RISC. System call costs are marginally higher 
but approximately 3 orders of magnitude beller than using a trap to implement system calls 
on PA-RISC. PA-RISC ,eern, to be ,uitable for decoupling of function, becau"" oftlw global 
virtual IIlelnory, Inultiple privilege levell:l l orthogonal protectiOIll:l~ dc. It "vould be interesting 
to get some experimental results with various configurations and interfaces . 
• Evaluate the usc of 64 bit addre~~el:l and to detenIline where the operating I:lYl:lteIIl inter-
faces need to be broadened in the interests of globally addressable memory, efficiency and 
identifi cation. 
8 Acknowledgements 
\Ve thank Chorus for their sources and the valuable time spent in making us understand the machine 
dependent la~yer~ of Chorus. \Ve espec.ially thank Jean-Jacques Gennond, Freder.ick IIenIlann~ and 
\ladiIIl Abl"(m~iII10v for being very re~ponl:live and helpfuL 
Our sincere thanks to Hart Sears for providing us \vith the Tut sources and his visit \vhic:h saved 
us a considerable amount of time. \Ve thank Ahmed Ezzat for answering the 'help!!' questions 
at the time we didn't have the low-level documentation. \Ve would also like to thank the other 
IneIIlber~ of the Tut project "vho provided Ul:l "vith such high quality infonnation. 
Srikanth Karnbhatla of OGI rnodlJied the original Tut trap.c Jile '0 that it could cornpile in 
ou r envi ron ment. 
I'inally, the project would not have reached this stage without helpful discussion and input with 
the other members of the PA-Chorus group. 
References 
[1] \lacLiIIl Abrossilnov~ }Iarc Rozier~ and 11ichd Gien. \lirtua111eIIlory 11ana,gelnent in Chorul:l. 
Tn l)l'OCtFriings of Vrogrt'ss in /Jistrifnded Operating System.s and /Jistributt'd Systerns il1anage-
ment. Springer Verlag, April 1989. Also published aB technical report CS/TR-89-30. 
[2] Fran~:ois Annand, 11.ichd Gien, Frecl6r.ic IIernnann, and }Iarc Rozier. Revolution 89 or ~~Dis­
tributing rNIX Hrings it Hack to its Original Virtues". In 1',."eFedinqs of the Workshop on 
Experiences with Building Distributed and ]'viuitiprocessor Systems, October .5-0 1989. Also 
published as technical report CS/TR-89-30. 
[:3] Chia Chao, Milon ';Iackey, and Hart Sears. Tut Threads Hoole Technical Report HPL-IlSIl-
90-23, Hewlett-Packard Laboratories, 1990. 
[4] CHORrS Kernel v3.2 Implementation Cuide. Technical Report CS/TR-90-.5, Chorus 
Systemes, 1990. 
[.5] C H ORr S v3.3 Progra mmers Reference Manual. Tech nical Report CS /TR-90-.59, Chorus 
Systemes,1990. 
[6] Overview of the CHORUS Distributed Operating Sy,tem. Technical Report CS/TR-90-2.5, 
Chorus Systemes, 1990. 
51 
[7] CHORCS Kernel v3.3 Impkmentation Guide. Technical Report CS/TR-90-71, Chorus 
Systernes,1991. 
[8] Ahmed Ezzat, Chia Chao, Milon Mackey, and Bart Sears. Tut VM Book. Technical Report 
H PL-I)S I )-89-:32, H ewlett-Packard La boratories, 1989. 
[9] Jean-Jacques Germond. SpeclJlcations ofthe CHORUS/YIlX Kernel v3.2 Test Suites. Tedmical 
Report CS/TR-90-27, Chorus Systernes, 1990. 
[10] Hewktt-Packa,.,!. Prcci~ion firchitcd",rc and Instruction Set RtJcnnc(" Manual, third edition, 
April 1989. 
[11] .Ton Inouye, YIarion Hakanson, R.avindranath Konuru, and .Tonathan IYalpole. Porting Chorus 
to the PA-RISC: Virtual Memory Manager. Technical Report CSE-91-.5, Oregon Graduate 
Institute, .JanuaryI992. 
[12] Jon Inouyc l }Iarlon IIakanl:lon, Ravindranath Konuru l and Jonathan \Valpolc. Porting Chorus 
to the PA-RISC: Booting. Technical Report CSE-91-4, Oregon Graduate hLStitute, 1992. 
[13] David V . .Tames, Stephen G. Burger, and Robert D. OdineaL Hewlett-Packard Precision 
Architecture: The Input/Output System. Ilewldt-Packard Jml'f"{wl, 37(8):23-30, August 1986. 
[11] Ravindranath Konuru, Marion Hakanson, .Ton Inouye, and .Tonathan IYalpole. Porting Chorus 
to the PA-RISC: Building, Ddmgging, Testing and Validation. Technical Report CSE-92-7, 
Oregon Graduate hLStitute, January 1992. 
[Hi] Ruby B. Lee. Precision Architecture. IEEE Compuler, 22(1):78-91, .Tanuary 1989. 
[Hi] YIichael .T. Ylahon, Ruby Bei-Loh Lee, Terrence C. Miller, .Terome C. Huck, and William R. 
Bryg. Hewlett-Packard Precision Architecture: The Processor. Hewlell-Packard .Journal, 
37(8):4-22, August 1986. 
[17] .Tonathan \Valpole, Marion Hakanson, .Ton Inouye, and Ravindranath Konuru. Porting Chorus 
to the PA-RISC: Project Overview. Technical Report CSE-92-3, Oregon Graduate Institute, 
1992. 
[18] .Tonathan \Valpole, Marion Hakanson, .Ton Inouye, and Ravindranath Konuru. Porting Chorus 
to the PA-RISC: Overall Evaluation. Technical Report CSE-92-8, Oregon Graduate Institute, 
January 1992. 
52 
