.. mode: -*- rst -*-

VM for Solaris
==============

:Tag: design.mps.vmso
:Author: David Jones
:Date: 1998-05-08
:Status: incomplete document
:Revision: $Id: //info.ravenbrook.com/project/mps/version/1.113/design/vmso.txt#1 $
:Copyright: See `Copyright and License`_.
:Index terms:   pair: VM for Solaris; design

.. warning::

    As of 2013-05-26, the MPS is no longer supported on Solaris, so
    this document is only of historical interest.


Introduction
------------

_`.intro`: This is the design for the VM implementation on Solaris 2.x
(see os.so for OS details). The implementation is in MMsrc!vmso.c
(impl.c.vm). The design follows the design for and implements the
contract of the generic VM interface (design.mps.vm). To summarize:
The VM module provides a mechanism to reserve large (relative to the
amount of RAM) amounts of address space, and functions to map (back
with RAM) and unmap portions of this address space.

_`.source`: Much of the implementation (and hence the design) was
inherited from the SunOS4 implementation. Not that there's any design
for that. You'll find the ``mmap(2)`` (for the system call ``mmap()``)
and the ``zero(7d)`` (for the device ``/dev/zero``) man pages useful
as well. The generic interface and some generic design is in
design.mps.vm.


Definitions
-----------

_`.def`: See design.mps.vm.def.* for definitions common to all VMs.


Overview
--------

_`.over`: The system calls ``mmap()`` and ``munmap()`` are used to
access the underlying functionality. They are used in slightly unusual
ways, typically to overcome baroque features or implementation details
of the operating system.

_`.over.reserve`: In order to reserve address space, a mapping to a
file (``/etc/passwd`` as it happens) is created with no protection
allowed.

_`.over.map`: In order to map memory, a mapping to ``/dev/zero`` is
created.

_`.over.destroy`: When the VM is destroyed, ``munmap()`` is used to
remove all the mappings previously created.


Implementation
--------------

_`.impl.create`: ``VMCreate()``

_`.impl.create.vmstruct`: Enough pages to hold the ``VMStruct`` are
allocated by creating a mapping to ``/dev/zero`` (a read/write private
mapping), and using initializing the memory as a ``VMStruct``.

_`.impl.create.reserve`: The size parameter is rounded up to page size
and this amount of address space is reserved. The address space is
reserved by creating a shared mapping to ``/etc/passwd`` with no
access allowed (the ``prot`` argument is ``PROT_NONE``, and the
``flags`` argument is ``MAP_SHARED``).

_`.impl.create.reserve.mmap.justify`: ``mmap()`` gives us a flexible
way to allocate address space without interfering with any other
component in the process. Because we don't specify ``MAP_FIXED`` we
are guaranteed to get a range of addresses that are not in use. Other
components must cooperate by not attempting to create mappings
specifying ``MAP_FIXED`` and an address in the range that the MPS has
reserved.

_`.impl.create.reserve.passwd.justify`: Mapping ``/etc/passwd`` like
this worked on SunOS 4 (so this implementation inherited it). Mapping
``/dev/zero`` with ``prot=PROT_NONE`` and ``flags=MAP_PRIVATE`` does
not work because Solaris gratuitously allocates swap (even though you
can't use the memory).

_`.impl.create.reserve.improve`: However, it would appears that or-ing
in ``MAP_NORESERVE`` mapping ``/dev/zero`` will reserve address space
without allocating swap, so this might be worth trying. That is, with
``prot=PROT_NONE`` and ``flags=MAP_PRIVATE|MAP_NORESERVE``. However
the following caveat comes from the original implementation:
"Experiments have shown that attempting to reserve address space by
mapping ``/dev/zero`` results in swap being reserved. This appears to
be a bug, so we work round it by using ``/etc/passwd``, the only file
we can think of which is pretty much guaranteed to be around." So that
might not work after all.

_`.impl.map`: ``VMMap()``

_`.impl.map.zero`: A mapping to ``/dev/zero`` is created at the
relevant addresses (overriding the map to ``/etc/passwd`` that was
previously in place for those addresses). The ``prot`` argument is
specified as ``PROT_READ|PROT_WRITE|PROT_EXEC`` (so that any access is
allowed), the ``flags`` argument as ``MAP_PRIVATE|MAP_FIXED``. The
flag ``MAP_PRIVATE`` means that the mapping is not shared with child
processes (child processes will have a mapping, but changes to the
memory will not be shared). The flag ``MAP_FIXED`` guarantees that we
get the mapping at the specified address). The ``zero(7d)`` man page
documents this as a way to create a "zero-initialized unnamed memory
object".

_`.impl.map.error`: If there's not enough swap space for the mapping,
``mmap()`` will return ``EAGAIN``, not ``ENOMEM``, although you might
not think so from the man page.

_`.impl.unmap`: ``VMUnmap()``

_`.impl.unmap.reserve`: The relevant addresses are returned to the
reserved state by creating a mapping to ``/etc/passwd`` (overriding
the map ``/dev/zero`` that was previously in place for those
addresses). As for ``VMCreate()`` (see `.impl.create.reserve`_ above)
the ``prot`` argument is ``PROT_NONE``, but the ``flags`` argument has
the addition ``MAP_FIXED`` flags (so is ``MAP_SHARED|MAP_FIXED``).

_`.impl.unmap.reserve.offset`: The offset argument is specified to be
the offset of the addresses being unmapped from the base of the
reserved VM area.

_`.impl.unmap.reserve.offset.justify`: Not specifying the offset like
this makes Solaris create a separate mapping (in the kernel) each time
Unmap is used, eventually the call to ``mmap()`` will fail. Specifying
offset like this does not cause Solaris to create any extra mappings,
the existing mapping to ``/etc/passwd`` gets reused.


Document History
----------------

- 1998-05-08 David Jones. Incomplete document.

- 2002-06-07 RB_ Converted from MMInfo database design document.

- 2013-05-26 GDR_ Converted to reStructuredText.

.. _RB: http://www.ravenbrook.com/consultants/rb/
.. _GDR: http://www.ravenbrook.com/consultants/gdr/


Copyright and License
---------------------

Copyright © 2013-2014 Ravenbrook Limited. All rights reserved.
<http://www.ravenbrook.com/>. This is an open source license. Contact
Ravenbrook for commercial licensing options.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:

#. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.

#. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.

#. Redistributions in any form must be accompanied by information on how
   to obtain complete source code for this software and any
   accompanying software that uses this software.  The source code must
   either be included in the distribution or be available for no more than
   the cost of distribution plus a nominal fee, and must be freely
   redistributable under reasonable conditions.  For an executable file,
   complete source code means the source code for all modules it contains.
   It does not include source code for modules or files that typically
   accompany the major components of the operating system on which the
   executable file runs.

**This software is provided by the copyright holders and contributors
"as is" and any express or implied warranties, including, but not
limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement, are disclaimed.  In no event
shall the copyright holders and contributors be liable for any direct,
indirect, incidental, special, exemplary, or consequential damages
(including, but not limited to, procurement of substitute goods or
services; loss of use, data, or profits; or business interruption)
however caused and on any theory of liability, whether in contract,
strict liability, or tort (including negligence or otherwise) arising in
any way out of the use of this software, even if advised of the
possibility of such damage.**
