# L4 eXperimental Kernel Reference Manual

Version X.2

System Architecture Group Dept. of Computer Science Universität Karlsruhe (L4Ka Team) 14spec@14ka.org

Document Revision 6 November 17, 2006



# **Contents**

| Al |                                          | vi  |
|----|------------------------------------------|-----|
|    | Introductory Remarks                     | vi  |
|    | Understanding This Document              | vii |
|    | Notation                                 | i>  |
|    | Using the API                            |     |
|    | Revision History                         | X   |
| 1  | Basic Kernel Interface                   | 1   |
| •  | 1.1 Kernel Interface Page                | -   |
|    | 1.2 KernelInterface                      |     |
|    | 1.3 Virtual Registers                    |     |
|    |                                          |     |
| 2  | Threads                                  | 13  |
|    | 2.1 ThreadId                             |     |
|    | 2.2 Thread Control Registers (TCRs)      |     |
|    | 2.3 EXCHANGEREGISTERS                    |     |
|    | 2.4 ThreadControl                        | 22  |
| 3  | Scheduling                               | 25  |
|    | 3.1 Clock                                | 26  |
|    | 3.2 SystemClock                          | 27  |
|    | 3.3 Time                                 | 28  |
|    | 3.4 ThreadSwitch                         | 30  |
|    | 3.5 SCHEDULE                             |     |
|    | 3.6 Preempt Flags                        | 35  |
| 4  | Address Spaces and Mapping               | 37  |
| •  | 4.1 Fpage                                |     |
|    | 4.2 UNMAP                                |     |
|    | 4.3 SpaceControl                         |     |
|    |                                          |     |
| 5  | IPC                                      | 47  |
|    | 5.1 Messages And Message Registers (MRs) |     |
|    | 5.2 MapItem                              |     |
|    | 5.3 GrantItem                            |     |
|    | 5.4 StringItem                           |     |
|    | 5.6 IPC                                  |     |
|    | 5.0 110                                  | 0.  |
| 6  | Miscellaneous                            | 69  |
|    | 6.1 ExceptionHandler                     | 70  |
|    | 6.2 Cop Flags                            |     |
|    | 6.3 ProcessorControl                     |     |
|    | 6.4 MEMORYCONTROL                        | 74  |
| 7  | Protocols                                | 77  |
| •  | 7.1 Thread Start Protocol                | 78  |
|    | 7.2 Interrupt Protocol                   | 79  |
|    | 7.3 Pagefault Protocol                   | 80  |
|    | 7.4 Preemption Protocol                  | 81  |
|    | 7.5 Exception Protocol                   | 82  |
|    | 7.6 Sigma0 RPC protocol                  | 83  |
|    | 7.7 Generic Rooting                      | 26  |

iv CONTENTS

| Δ | TA-3        | 32 Interface             | 89         |
|---|-------------|--------------------------|------------|
| 7 |             | Virtual Registers        |            |
|   |             |                          |            |
|   |             | Systemcalls              |            |
|   |             | Kernel Features          |            |
|   |             | IO Ports                 |            |
|   |             | Space Control            |            |
|   |             | Cacheability Hints       |            |
|   | A.7         | Memory Attributes        | 00         |
|   | A.8         | Exception Message Format | 01         |
|   | A.9         | Processor Mirroring      | 02         |
|   | A.10        | ) Booting                | 03         |
|   |             |                          |            |
| В |             | -                        | 05         |
|   | B.1         | Virtual Registers        | 06         |
|   | B.2         | PAL and SAL Access       | 08         |
|   |             | Systemcalls              |            |
|   |             | PCI Configuration Space  |            |
|   |             | Cacheability Hints       |            |
|   |             | Memory Attributes        |            |
|   |             |                          |            |
|   |             | Memory Descriptors       |            |
|   | В.8         | Exception Message Format | 18         |
| ~ | ъ           | POT 4 A                  | 10         |
| C |             |                          | 19         |
|   |             | Virtual Registers        |            |
|   |             | Systemcalls              |            |
|   |             | Memory Attributes        |            |
|   |             | Exception Message Format |            |
|   | C.5         | Processor Mirroring      | 29         |
|   | C.6         | Booting                  | 30         |
|   |             |                          |            |
| D |             |                          | 31         |
|   | D.1         | Virtual Registers        | 32         |
|   |             | Systemcalls              |            |
|   |             | Memory Attributes        |            |
|   |             | Exception Message Format |            |
|   |             | Booting                  |            |
|   | <b>D</b> .5 | 20011115                 |            |
| E | Alp         | ha Interface 1           | 43         |
| _ | E 1         | Virtual Registers        |            |
|   |             | Systemcalls              |            |
|   |             | Booting                  |            |
|   | E.J         | Booting                  | 50         |
| F | мп          | PS-64 Interface          | 51         |
| r |             | Virtual Registers        |            |
|   |             | Systemcalls              |            |
|   |             |                          |            |
|   |             | Memory Attributes        |            |
|   |             | Exception Message Format |            |
|   | F.5         | Booting                  | 62         |
| ~ |             |                          |            |
| G |             |                          | 63         |
|   | G.1         | Virtual Registers        |            |
|   | G.2         |                          |            |
|   | G.3         | IO Ports                 | 72         |
|   | G.4         | Cacheability Hints       | 73         |
|   | G.5         | Memory Attributes        | 74         |
|   | G.6         | Exception Message Format | 75         |
|   |             | Processor Mirroring      |            |
|   |             | Booting                  |            |
|   |             |                          | ĺ          |
| Н | SPA         | RC v9 Interface          | <b>7</b> 9 |
|   | H.1         | Virtual Registers        | 80         |
|   |             | Systemcalls              |            |
|   |             | •                        |            |

CONTENTS

| I  | ARM Interface                       | 187   |
|----|-------------------------------------|-------|
|    | I.1 Virtual Registers               | . 188 |
|    | I.2 Systemcalls                     | . 190 |
|    | I.3 Memory Attributes               | . 193 |
|    | I.4 Space Control                   | . 194 |
|    | I.5 Exception Message Format        |       |
|    | I.6 Booting                         |       |
| J  | Generic BootInfo                    | 199   |
| -  | J.1 Generic BootInfo                | . 200 |
|    | J.2 BootInfo Records                |       |
| K  | Development Remarks                 | 205   |
|    | K.1 Exception Handling              | . 205 |
| Ta | able of Procs, Types, and Constants | 207   |
|    | •                                   | 215   |
| In | ndex                                | 215   |

vi *CONTENTS* 

# **About This Manual**

# **Introductory Remarks**

# **Purpose of This Document**

This L4 Reference Manual serves as defining document for all L4 APIs and ABIs. Primarily, it addresses L4 microkernel implementors as API/ABI suppliers and code-generator or library implementors as API/ABI users. The reference manual assumes intimate knowledge of basic L4 concepts and hardware architecture. Its key point is precise definition, not explanation and illustration. The

#### L4 System Programmer's Manual

is intended to support programmers using L4. It explains and illustrates fundamental concepts and describes in more detail how (and why) to use which function, etc.

## **Maintainers**

The document is maintained by the following members of the L4Ka Team:

- Uwe Dannowski (ud3@ira.uka.de)
- Joshua LeVasseur (jtl@ira.uka.de)
- Espen Skoglund (esk@ira.uka.de)
- Volkmar Uhlig (volkmar@ira.uka.de)

# Credits

This manual is based on a final draft by **Jochen Liedtke**. It reflects his outstanding work on the L4 microkernel and systems research in general. Only his vision of system design made this work possible. Jochen defined the state of the art of microkernel design for nearly a decade. We thank him for his support and try to continue the work in his spirit.

Helpful contributions for improving this reference manual and the L4 interface came from many persons, in particular from Alan Au, Marcus Brinkmann, Philip Derrin, Kevin Elphinstone, Bryan Ford, Andreas Haeberlen, Hermann Härtig, Gernot Heiser, Michael Hohmuth, Trent Jaeger, Ben Leslie, Jork Löser, Frank Mehnert, Yoonho Park, Marc Salem, Carl van Schaik, Sebastian Schönberg, Cristan Szmajda, Harvey Tuch, Marcus Völp, Neal Walfield, Adam Wiggins, Simon Winwood, and Jean Wolter.

# **Document History**

| draft by Jochen Liedtke | ??/?? - 06/01 |
|-------------------------|---------------|
| review by L4Ka Team     | 06/01 - 09/01 |
| L4 developers review    | Q4/01         |
| release                 | 01/02         |

viii ABOUT THIS MANUAL

# **Understanding This Document**

This L4 Reference Manual defines the generic API for all 32-bit and 64-bit machines. As such, the generic reference manual is independent of specific processor architectures. It is complemented by processor-specific ABI specifications. Some of them can be found in the appendix of this document.

In this document, we differentiate between Logical Interface, Generic Binary Interface, Generic Programming Interface, Convenience Programming Interface and Processor-specific Binary Interface.

Logical Interface The logical interface defines all concepts and logical objects such as system-call operations, logical data objects, data types and their semantics. Altogether, they form the logical L4 API.

#### Generic Binary Interface

Binary representations of most data types and generic data objects are defined independently of specific processors (although there are two different versions, one for 32-bit and a second one for 64-bit processors). Both versions together form the generic binary interface of L4.

From a purist point of view, logical interface plus generic binary interface could be regarded as a complete specification of the hardware-independent L4 microkernel interface. However, for ease-of-use and standardization reasons, the mentioned two fundamental interfaces are complemented by two more interface classes:

## Generic Programming Interface

The generic programming interface defines the objects of the logical interface and the generic binary interface as pseudo C++ classes. The language binding for regular C is for the most part identical to C++. For the cases where the C language causes function naming conflicts, the C version of the function name is given in brackets.

For the time being, only the C and C++ versions of the API are specified. The concrete syntax of other language interfaces will be left open. Later on, all language bindings will be included in the generic programming interface.

#### Convenience Programming Interface

This interface is not part of the L4 microkernel specification in the strict sense. All of its data types and procedures can be implemented using the generic programming interface. Strictly speaking, it is an interface on top of the microkernel that makes the most common operations more easily usable for the programmer.

It is important to understand that convenience and ease-of-use, not completeness, is the criterion for this interface. The convenience programming interface supports programmers by offering operations that together cover about 95% of the required microkernel functionality. For the remaining 5%, the programmer has to use the basic (not so convenient) operations of the generic programming interface.

Obviously, the convenience programming interface is not mandatory. Consequently, from a minimalist point of view, there is no need to include it in the generic L4 specification.

Nevertheless, for reasons of standardization and thus portability of software, every complete L4 language binding has to include the entire convenience programming interface.

Implementation remark: Although the convenience interface can be completely implemented on top of the generic programming interface, i.e., processor independently, the implementor of the convenience interface may implement it hardware-dependently and thus incorporate any optimization that becomes possible through a specific processor-specific binary interface.

The last interface class is not part of the generic L4 API specification.

# Processor-specific Binary Interface

Defines the processor-specific binary interface.

ABOUT THIS MANUAL ix

# **Notation**

# **Basic Data Types**

This reference manual describes the L4 API and ABI for both 32-bit and 64-bit processors. The data type Word denotes a 32-bit unsigned integer on a 32-bit processor and a 64-bit unsigned integer on a 64-bit processor. Word64, Word32, and Word16 denote 64, 32, and 16-bit words independent of the processor type.

# **Privileged Threads**

Some system calls can only be executed by privileged threads. Any thread belonging to the same address space as one of the initial threads created by the kernel upon boot-time (see page 86) are treated as privileged.

#### **Bit Fields**

Bit-field lengths are denoted as subscripts (i/j) where i relates to a 32-bit processor and j to a 64-bit processor. Bit-field subscripts (i) specify bit fields that have the same size for both 32-bit and 64-bit processors. Byte offsets are given as  $\pm i/\pm j$  for 32-bit and 64-bit processors. If all bit-fields of a specified word only add up to 32 bits, the remaining upper 32 bits on 64-bit processors are *undefined* or *ignored*.

# Undefined, Ignored, and Unchanged

| ~ | Output parameters or bit fields can be <i>undefined</i> . Corresponding parameters or fields are denoted by $\sim$ . They have no defined value on output, i.e., they may have any value or may even be inaccessible. Any algorithm relying on the value of undefined parameters or bit fields is defined to be incorrect. + No covert channel.                               |
|---|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| _ | Input parameters or bit fields can be specified as <i>ignored</i> , denoted by –. Such parameters or fields can hold any value without affecting the invoked service. – is also used to define bit fields that are available for additional information. For example, fpage denotations contain some ignored bits that are used for access control bits in some system calls. |
|   | In processor-specific interfaces, registers are sometimes defined to be unchanged. This is denoted by $\equiv$ .                                                                                                                                                                                                                                                              |

# **Upward Compatibility**

The following holds for future API versions and sub-versions that are specified as *upward-compatible* to the current version.

Output parameters and bit fields.

Fields currently defined as undefined  $(\sim)$  may be specified as defined. Such newly defined fields will only deliver additional information. They can be ignored if the system call is used exactly like specified in the current API.

Input parameters and bit fields.

Fields currently defined as ignored (–) may be specified as defined. However, the content of such fields will be only relevant for newly defined features. Such fields will be ignored if a system call is used with the "old" semantics specified in this API.

x ABOUT THIS MANUAL

# **Using the API**

# **Naming**

A programmer can use all function, type, and constant definitions defined in the generic and convenience programming interfaces throughout this manual. All definitions must, however, be prefixed with the string "L4\_" and type names must contain the "\_t" suffix (e.g., use "L4\_Ipc ()" and "L4\_MsgTag\_t" rather than "Ipc ()" and "MsgTag"). The interfaces are currently only defined for C++ and C. In some cases the naming used for function names causes conflicts in the C language. These conflicts must be resolved using the alternative name specified in brackets after the function definition.

# **Include Files**

The relevant include files containing the required definitions and declarations are specified in the beginning of the generic and convenience interface sections. In general there is one include file for each chapter in the manual. If only the basic L4 data types are needed they can be included using <14/types.h>.

ABOUT THIS MANUAL xi

# **Revision History**

#### **Revision 1**

Intial revision.

# **Revision 2**

- Clarified the specification of the kernel-interface page and kernel configuration page magic.
- UntypedWords and StringItems Acceptor constants collided with function UntypedWords(MsgTag) and StringItems(MsgTag) function declaration. Renamed to UntypedWordsAcceptor and StringItemsAcceptor.
- Changed kernel ids for L4Ka kernels.
- Fixed return types for operators on the Time type.
- Changed wrx access rights in fpages to rwx. Also changed WRX reference bits in fpages returned from UNMAP system call to RWX.
- Renamed Put functions operating on MsgBuffer to Append.
- Address space deletion is now performed by deleting the last thread of an AS. This makes creation and deletion symmetrical (via ThreadControl). Before, all threads but the last were deleted by ThreadControl, and the last by SpaceControl.
- Added functions for creating ThreadIDs and for retrieving version and thread numbers from them. Fixed size of MyLocalId and MyGlobalId TCRs.
- Specified that the first three thread version numbers available for user threads are dedicated to  $\sigma_0$ ,  $\sigma_1$ , and root task respectively.
- Changed the encoding of  $\mu$  in the magic field of the KIP back to 0xE6 to be compatible with previous versions of the kernel
- Changed memory descriptors (e.g., dedicated memory) in the kernel-interface page and kernel configuration page to
  use an array of typed descriptors instead of a static number of predefined ones.
- Added an appendix for the PowerPC interface.
- Added Niltag MsgTag constant.
- Decreased size of MsgBuffer structure to 32.
- Changed single Fpage& argument of Unmap() and Flush() into pass by value.
- Changed the ia32 kernel feature string "small" to "smallspaces".
- Added appendix for the ia64 interface.
- Changed the ia32 IPC and LIPC ABI to be better suitable for common hardware featuring sysenter/sysexit and gcc.
- Added ProcDesc convenience functions.
- Specified which include files to use for the various parts of the API.
- Allow privileged threads to access ia 32 Model-Specific Registers.
- Changed the ia64 ABI for system-call links and the IPC and LIPC system-calls.
- The UTCB location of a new thread is now explicitly specified by a parameter to the THREADCONTROL system-call.
- Added C versions of conflicting function names.

xii ABOUT THIS MANUAL

 Added a number of convenience functions for fpages, map items, grant items, string items and kernel interface page fields.

- Added description of the send base in map and grant items.
- Changed subversion numbering for Version X.2 and Version 4 API.
- Renamed the XferTimeout TCR to XferTimeouts and split into separate send and receive timeouts.
- Added two thread specific words to each the architecture specific TCR sections. These words are free to be used by, e.g., IDL compilers.
- Changed name of L4Ka kernels to the official name. Added L4Ka::Strawberry.
- Added appendices for Alpha and MIPS64.

## **Revision 3**

- Clarified description of the *supplier* field in the kernel-interface page.
- Added NumMemoryDescriptors() convenience function.
- Clarified the return value of MemoryDescType() function.
- Fixed faulty specification of Wait\_Timeout() and ReplyWait\_Timeout().
- Added a new h-flag to control parameter in the EXCHANGEREGISTERS system-call. The h-flag controls whether the
  resume/halt flag should be ignored or not.
- Changed parameter type of TimePeriod() from "int" to "Word64".
- Fixed typo in specification of the MsgTag input/output IPC parameter.
- Added comment to IPC system-call about the read-once semantics of message registers.
- Added member name "raw" to all L4 types declared as structs.
- Renamed start() and stop() functions to Start() and Stop().
- Describe semantics of undefined UTCB memory regions.
- The first 10 message registers on PowerPC are now defined as backed by physical registers.
- The first 9 message registers on Alpha are now defined as backed by physical registers.
- Fixed MR<sub>0</sub> register allocation for IA32 syscalls and adapted syscalls accordingly.

# **Revision 4**

- Added appendix for AMD64.
- Changed MIPS64 IPC ABI to include 9 message registers.
- Added SYSTEMCLOCK syscall for MIPS64.
- Clarified the fact that an interrupt thread may be the originator thread during IPC propagation.
- Added appendix for SPARC v9.
- The *high* field of memory descriptors now specifies the last addressable byte in the memory region.

ABOUT THIS MANUAL xiii

## **Revision 5**

- The ErrorCode TCR is now a generic placeholder for error descriptions of failed system-calls.
- MEMORYCONTROL now returns a result parameter.
- Defined error codes for various system-calls (EXCHANGEREGISTERS, THREADCONTROL, SCHEDULE, SPACECONTROL, PROCESSORCONTROL and MEMORYCONTROL).
- Defined convenience definitons for error code values.
- Changed the IA32 SYSTEMCLOCK ABI to clobber the EDI register.
- Specify that the KIP area and the UTCB area of an address space must not overlap.
- For the PowerPC system call trap exception IPC, use a message label of -5, and preserve register LR.
- The EXCHANGEREGISTERS system-call can no longer activate an inactive thread.
- The Fpage argument to Set\_Rights() is now passed by reference.
- Fixed inconsistencies about the number of available buffer registers.
- Renamed Void to void, Char to char, and bool to Bool.
- The Start() convenience function now aborts any ongoing IPC operations.
- The Unmap() and Flush() convenience functions operating on a single fpage now deliver the status bits of the modified fpage.
- MIPS64 now uses the k0 (\$26) register for holding the UTCB address.
- Added two new memory types for MEMORYCONTROL on MIPS64.
- Added appendix for generic BootInfo.
- Make it clear that it is not possible to activate a thread in an address space which has not been properly configured with SPACECONTROL.
- Added appendix for ARM.
- If using a 64 bit kernel, define second 32 bit word of kernel interface page to 0.
- Changed the ABI for the PowerPC system calls UNMAP and MEMORYCONTROL .

# **Revision 6**

- Removed control parameter from PROCESSORCONTROL system call binding and from the PROCESSORCONTROL Alpha system call ABI.
- Added delivery parameter to EXCHANGEREGISTERS controlling whether the syscall should deliver the thread's old values or not. Targeted at MP systems.
- Added operators for adding and subtracting two Clock values.
- Specified that  $\sigma_0$  also understands the pagefault protocol, and that anonymous  $\sigma_0$  requests will only regard conventional memory as available.
- Added ARM general exception IPC message format.
- Changes MIPS64 syscall exception IPC message format to closer match the general exception message format.
- Clarified order of IPC send and receive.
- Changed the AMD64 and IA32 specific IO port mapping interface. The kernel now uses a custom pagefault label to propagate IO pagefaults to the pager.
- Updated valid encodings for API Version, Kernel Id, and Supplier in the kernel-interface page.
- Make it clear on which processor a new thread starts executing.

xiv ABOUT THIS MANUAL

- ProcessorNo now returns a word rather than int.
- Added functions for reading IO fpages. Fixed include path for using IO fpages.
- Define that the SCHEDULE system call is also allowed if the calling thread resides in same address space as the destination thread.

 Redefine values for IA32 memory attributes to better correspond with the architecture's default Page Attribute Table (PAT) values.

# **Chapter 1**

# Basic Kernel Interface

# 1.1 Kernel Interface Page [Data Structure]

2

The kernel-interface page contains API and kernel version data, system descriptors including memory descriptors, and system-call links. The remainder of the page is undefined.

The page is a microkernel object. It is directly mapped through the microkernel into each address space upon address-space creation. It is *not* mapped by a pager, can *not* be mapped or granted to another address space and can *not* be unmapped. The creator of a new address space can specify the address where the kernel interface page has to be mapped. This address will remain constant through the lifetime of that address space. Any thread can obtain the address of the kernel interface page through the KERNELINTERFACE system call (see page 7).

|                      | L4 versi              | on parts               |                                     |             |
|----------------------|-----------------------|------------------------|-------------------------------------|-------------|
| Supplier             | KernelVer             | KernelGenDate          | KernelId                            | KernDescPtı |
|                      |                       |                        |                                     | 7           |
|                      |                       | InternalFreq           | ExternalFreq                        | ProcDescPtr |
|                      |                       | Memoi                  | ·yDesc                              | MemDescPtr  |
|                      |                       |                        | <u></u>                             | ]           |
| ~                    | SCHEDULE SC           | ThreadSwitch <i>SC</i> | SystemClock SC                      | +F0 / +1E0  |
| EXCHANGEREGISTERS SC | Unmap <i>SC</i>       | Lipc <i>SC</i>         | IPC SC                              | +E0 / +1C0  |
| MEMORYCONTROL pSC    | PROCESSOR CONTROL pSC | THREADCONTROL pSC      | SPACECONTROL pSC                    | +D0/+1A0    |
| ProcessorInfo        | PageInfo              | ThreadInfo             | ClockInfo                           | +C0 / +180  |
| ProcDescPtr          | BootInfo              | ^                      | J                                   | +B0 / +160  |
| KipAreaInfo          | UtcbInfo              | ^                      | J                                   | +A0 / +140  |
|                      | ^                     | J                      |                                     | +90 / +120  |
|                      | ^                     | J                      |                                     | +80 / +100  |
|                      | ^                     | J                      |                                     | +70 / +E0   |
|                      |                       | J                      |                                     | +60 / +C0   |
| •                    | V                     | MemoryInfo             | ~                                   | +50 / +A0   |
|                      | ^                     | J                      |                                     | +40 / +80   |
|                      | ^                     | J                      |                                     | +30 / +60   |
|                      | ^                     | J                      |                                     | +20 / +40   |
|                      | ^                     |                        |                                     | +10 / +20   |
| KernDescPtr          | API Flags             | API Version            | 0 <sub>(0/32)</sub> 'K' 230 '4' 'L' | +0          |
| +C / +18             | +8 / +10              | +4 / +8                | +0                                  |             |

Note that this kernel interface page is basically upward compatible to the *kernel info page* of versions 2 and X.0. The magic byte string "L4 $\mu$ K" at the beginning of the object identifies the kernel interface page.

**Version/id number convention:** Version/subversion/subsubversion numbers and id/subid numbers with the most significant bit 0 denote official versions/ids and are globally unique through all suppliers. Version/id numbers that have the most significant bit set to 1 denote experimental versions/ids and may be unique only in the context of a supplier.

# **API Description**

API Version

|--|

| version | subversion |                                         |
|---------|------------|-----------------------------------------|
| 0x02    |            | Version 2                               |
| 0x83    | 0x80       | Experimental Version X.0                |
| 0x83    | 0x81       | Experimental Version X.1                |
| 0x84    | rev        | Experimental Version X.2 (Revision rev) |
| 0x85    |            | Dresden L4.Sec                          |
| 0x86    | rev        | NICTA N1 (Revision rev)                 |
| 0x04    | rev        | Version 4 (Revision rev)                |

**API Flags** 



ee = 00 : little endian, = 01 : big endian.

00 00 11 17

ww = 00 : 32-bit API, = 01 : 64-bit API.

Note that this field can not be used directly to differentiate between little endian and big endian mode since the ee field resides in different bytes for both modes. Furthermore, the offset address of the API Flags is different for 32-bit and 64-bit modes. In summary, a direct inspection of the kernel interface page is not sufficient to securely differentiate between 32/64-bit modes and little/big endian modes.

Secure mode detection is enabled through the KERNELINTERFACE system call (see page 7). It delivers the API Flags in a register.

# System Description

**ProcessorInfo** 

s

| $rs - 1_{(16)}$ |
|-----------------|
|                 |

The size of the area occupied by a single processor description is  $2^s$ . Location of description fields for the first processor is denoted by ProcDescPtr. Description fields for subsequent processors are located directly following the previous one.

processors

Number of available system processors.

**PageInfo** 



page-size mask

If bit k-10 of the page-size mask field (bit k of the entire word) is set to 1 hardware and kernel support pages of size  $2^k$ . If the bit is 0 hardware and/or kernel do not support pages of size  $2^k$ . Note that fpages of size  $2^k$  can be used, even if  $2^k$  is no supported hardware page size. Information about supported hardware page sizes is only a performance hint.

rwx

Identifies the supported access rights (read, write, execute) that can be set independently of other access rights. A 1-bit signals that the right can be set and reset on a mapped page. For rwx = 010, only write permission could be controlled orthogonally. The processor would implicitly permit read and execute access on any mapped page. For rwx = 111, all three rights could be set and reset independently.

## ThreadInfo

| $UserBase_{\ (12)}$ | $SystemBase\ _{(12)}$ | t (8) |
|---------------------|-----------------------|-------|
|---------------------|-----------------------|-------|

Number of valid thread-number bits. The thread number field may be larger but only bits  $0 \dots t - 1$  are significant for this kernel. Higher bits must all be 0.

#### UserBase

Lowest thread number available for user threads (see page 14). The first three thread numbers will be used for the initial thread of  $\sigma_0$ ,  $\sigma_1$ , and root task respectively (see page 86). The version numbers (see page 14) for these initial threads will equal to one.

#### SystemBase

Lowest thread number used for system threads (see page 14). Thread numbers below this value denote hardware interrupts.

#### ClockInfo

| SchedulePrecision (16) | ReadPrecision (16) |
|------------------------|--------------------|
|------------------------|--------------------|

# ReadPrecision

Specifies the minimal time difference  $\neq 0$  that can be detected by reading the system clock through the SYSTEMCLOCK system call. Basically, this is the precision of the system clock when reading it.

#### SchedulePrecision

Specifies the maximal jitter  $(\pm)$  for a scheduled thread activation based on a wakeup time (provided that no thread of higher or equal priority is active and timer interrupts are enabled). Precisions are given as time periods (see page 28).

# UtcbInfo

| $m_{(10)}$ |
|------------|
|            |

- The minimal area size for an address space's UTCB area is  $2^s$ . The size of the UTCB area limits the total number of threads k to  $2^a mk \le 2^s$ .
- m UTCB size multiplier.
- The UTCB location must be aligned to  $2^a$ . The total size required for one UTCB is  $2^a m$ .

# ${\it KipAreaInfo}$



s The size of the kernel interface page area is  $2^s$ .

## BootInfo

Prior to kernel initialization a boot loader can write an arbitrary value into the BootInfo field of the kernel configuration page (see page 86). Post-initialization code, e.g., a root server can later read the field from the kernel interface page. Its value is neither changed nor interpreted by the kernel. This is a generic method for passing system information across kernel initialization.

# **Processor Description**

ProcDescPtr

Points to an array containing a description for each system processor. The *ProcessorInfo* field contains the dimension of the array. *ProcDescPtr* is given as an address relative to the kernel interface page's base address.

ExternalFreq Extern

External Bus frequency in kHz.

*InternalFreq* 

Internal processor frequency in kHz.

# **Kernel Description**

**KernDescPtr** 

Points to a region that contains 4 kernel-version words (see below) followed by a number of 0-terminated plaintext strings. The first plaintext string identifies the current kernel followed by further optional kernel-specific versioning information. The remaining plaintext strings identify architecture dependent kernel features (see Appendix A.3). A zero length string (i.e., a string containing only a 0-character) terminates the list of feature descriptions.

KernelDescPtr is given as an address relative to the kernel interface page's base address.

KernelId

Can be used to identify the microkernel.

| id | subid | kernel                    | supplier         |
|----|-------|---------------------------|------------------|
| 0  | 1     | L4/486                    | GMD              |
| 0  | 2     | L4/Pentium                | IBM              |
| 0  | 3     | L4/x86                    | UKa              |
| 1  | 1     | L4/Mips                   | UNSW             |
| 2  | 1     | L4/Alpha                  | TUD, UNSW        |
| 3  | 1     | Fiasco                    | TUD              |
| 4  | 1     | L4Ka::Hazelnut            | UKa              |
| 4  | 2     | L4Ka::Pistachio           | UKa, UNSW, NICTA |
| 4  | 3     | L4Ka::Strawberry          | UKa              |
| 5  | 1     | NICTA::Pistachio-embedded | NICTA            |

KernelGenDate

Kernel generation date.

KernelVer

| ver (8) | subver (8) | subsubver (16) |
|---------|------------|----------------|

Can be used to identify the microkernel version. Note that this kernel version is not necessarily related to the API version.

Supplier

The four least significant bytes of the supplier field specify a character string identifying the kernel supplier:

"GMD<sub>\_</sub>" "IBM<sub>\_</sub>" **GMD** 

IBM Research

"UNSW" University of New South Wales, Sydney

"TUD\_" Technische Universität Dresden "UKa\_" Universität Karlsruhe (TH) "NICT" National ICT Australia (NICTA)

# System-Call Links

pSC

SCLink for normal system call.

> Link for privileged system call, i.e., a system call that can only be performed by a privileged thread.

> The system-call links specify how the application can invoke system-calls for the current microkernel. The interpretation of the system-call links is ABI specific, but will typically be addresses relative to the kernel interface page's base address where kernel provided system-call stubs are located.

# **Memory Description**

# MemoryInfo

6

| MemDescPtr (16/32) | $n_{\ (16/32)}$ |
|--------------------|-----------------|
|--------------------|-----------------|

# MemDescPtr

Location of first memory descriptor (as an offset relative to the kernel-interface page's base address). Subsequent memory descriptors are located directly following the first one. For memory descriptors that specify overlapping memory regions, later descriptors take precedence over earlier ones.

*n* Number of memory descriptors.

# MemoryDesc

| $high/2^{10}~_{(22/54)}$ |   | ~ (10) |       | +4 / +8  |    |
|--------------------------|---|--------|-------|----------|----|
| $low/2^{10}$ (22/54)     | v | ~      | t (4) | type (4) | +0 |

high Address of last byte in memory region. The ten least significant address bits are all hardwired to 1.

low Address of first byte in memory region. The ten least significant address bits are all hardwired to 0.

Indicates whether memory descriptor refers to physical memory (v=0) or virtual memory (v=1).

type Identifies the type of the memory descriptor.

| Description                                           |
|-------------------------------------------------------|
| Undefined                                             |
| Conventional memory                                   |
| Reserved memory (i.e., reserved by kernel)            |
| Dedicated memory (i.e., memory not available to user) |
| Shared memory (i.e., available to all users)          |
| Defined by boot loader                                |
| Architecture dependent                                |
|                                                       |

# t, type = 0xE

The type of the memory descriptor is dependent on the bootloader. The t field specifies the exact semantics. Refer to boot loader specification for more info.

# t, type = 0xF

The type of the memory descriptor is architecture dependent. The t field specifies the exact semantics. Refer to architecture specific part for more info (see page 117).

# t, $type \neq 0xE$ , $type \neq 0xF$

The type of the memory descriptor is solely defined by the type field. The content of the t field is undefined.

# 1.2 KERNELINTERFACE [Slow Systemcall]

→ void\* kernel interface page
Word API Version
Word API Flags
Word KernelId

Delivers base address of the *kernel interface page*, *API version*, and *API flags*. The latter two values are copies of the corresponding fields in the kernel interface page. The API information is delivered in registers through this system call (a) to enable unrestricted structural changes of the kernel interface page in future versions, and (b) to enable secure detection of the kernel's endian mode (little/big) and word width (32/64).

The structure of the *kernel interface page* is described on page 2. The page is a microkernel object. It is directly mapped through the microkernel into each address space upon address-space creation. It is *not* mapped by a pager, can *not* be mapped or granted to another address space and can *not* be unmapped. The creator of a new address space can specify the address where the kernel interface page has to be mapped. This address will remain constant through the lifetime of that address space.

Any thread can determine the address of the kernel interface page through this system call. Since the system call may be slow it is highly recommended to store the address in a static variable for further use.

It is also possible to use a unique address for the kernel interface page in all address spaces of a (sub)system. Then, the kernel interface page can be accessed by fixed absolute addresses without using the current system call.

Besides other things, the page describes the current API, ABI, and microkernel version so that a server or an application can find out whether and how it can run on the current microkernel. Since the kernel interface page also contains API-and ABI-specific data for most other system calls the page's base address is typically required before any other system call can be used.

To enable version detection independently of the API and ABI, the current system call is guaranteed to work in all L4 versions. The systemcall code will never change and will be the same on compatible processors. (If a processor is upward compatible to multiple incompatible processors the kernel should offer multiple systemcall codes for this function.)

# **Output Parameters** kernel interface page Ver X.1 and above base address (32/64) Kernel interface page address, always page aligned. 0 is no valid address. Ver X.0 and below $0_{(32/64)}$ Older versions (2, X.0, etc.) do not include the kernel interface page as a kernel mapped page. No address is delivered. **API Version** version (8) subversion (8) $\sim$ (16) see page 3, "Kernel Interface Page" **API Flags** wwee $\sim$ (28/60) see page 3, "Kernel Interface Page"

KernelId

| id (8) subid (8) | ~ (16) |
|------------------|--------|
|------------------|--------|

see page 5, "Kernel Interface Page"

# **Pagefaults**

No pagefaults will happen.

# **Generic Programming Interface**

# **System-Call Function:**

```
#include <l4/kip.h>
```

void \* KernelInterface (Word& ApiVersion, ApiFlags, KernelId)

Word ThreadIdBits (void\* KernelInterface)

 $Word \ \textit{ThreadIdSystemBase} \ \ (void*KernelInterface)$ 

# **Convenience Programming Interface**

#### **Derived Functions:**

```
#include <I4/kip.h>
struct MEMORYDESC { Word raw [2] }
struct PROCDESC { Word raw [4] }
void* KernelInterface ()
                                                                                      [GetKernelInterface]
                 Delivers a pointer to the kernel interface page.
Word ApiVersion ()
Word ApiFlags ()
Word KernelId ()
void KernelGenDate (void* KernelInterface, Word& year, month, day)
Word KernelVersion (void* KernelInterface)
Word KernelSupplier (void* KernelInterface)
                 Delivers the API Version/API Flags/Kernel Id/kernel generation date/kernel version/kernel sup-
                 plier.
Word NumProcessors (void* KernelInterface)
Word NumMemoryDescriptors (void* KernelInterface)
                 Delivers number of processors in the system/number of memory descriptors in the kernel-
                 interface page.
Word PageSizeMask (void* KernelInterface)
Word PageRights (void* KernelInterface)
```

Delivers supported page sizes/page rights for the current kernel/hardware architecture.

Word ThreadIdUserBase (void\* KernelInterface)

Delivers number of valid bits for thread numbers/lowest thread number for system threads/lowest thread number for user threads.

Word ReadPrecision (void\* KernelInterface)

Word SchedulePrecision (void\* KernelInterface)

Delivers the SYSTEMCLOCK read precision/maximal jitter for wakeups (both in  $\mu$ s).

Word UtcbAreaSizeLog2 (void\* KernelInterface)

Word UtcbAlignmentLog2 (void\* KernelInterface)

Word UtcbSize (void\* KernelInterface)

Delivers required minimum size of UTCB area/alignment requirement for UTCBs/size of a single UTCB.

Word KipAreaSizeLog2 (void\* KernelInterface)

Delivers size of kernel interface page area.

Word **BootInfo** (void\* KernelInterface)

Delivers the contents of the boot info field.

char\* KernelVersionString (void\* KernelInterface)

Delivers the kernel version string.

char\* Feature (void\* KernelInterface, Word num)

Delivers the numth kernel feature string, or a null pointer if num exceeds the number of available feature strings.

MemoryDesc\* MemoryDesc (void\* KernelInterface, Word num)

Delivers the numth memory descriptor, or a null pointer if num exceeds the number of available descriptors.

ProcDesc\* ProcDesc (void\* KernelInterface, Word num)

Delivers the numth processor descriptor, or a null pointer if num exceeds the number of processors of the system (see ProcessorInfo).

# **Support Functions:**

#include <I4/kip.h>

Word UndefinedMemoryType

Word Conventional Memory Type

Word ReservedMemoryType

Word DedicatedMemoryType

Word SharedMemoryType

Word BootLoaderSpecificMemoryType

Word ArchitectureSpecificMemoryType

Bool IsVirtual (MemoryDesc& m)

[IsMemoryDescVirtual]

Delivers true if memory descriptor specifies a virtual memory region.

Word **Type** (MemoryDesc& m)

[MemoryDescType]

Word **Low** (MemoryDesc& m)

[MemoryDescLow]

Word **High** (MemoryDesc& m)

[MemoryDescHigh]

Delivers type (t\*16 + type), low limit, and high limit of memory region.

 $\label{eq:word_externalFreq} Word_{\begin{subarray}{c} \begin{subarray}{c} \begin{su$ 

[ProcDescExternalFreq]
[ProcDescInternalFreq]

VIRTUAL REGISTERS 11

# 1.3 Virtual Registers [Virtual Registers]

Virtual registers are implemented by the microkernel. They offer a fast interface to exchange data between the microkernel and user threads. Virtual registers are *registers* in the sense that they are static per-thread objects. Dependent on the specific processor type, they can be mapped to hardware registers or to memory locations. Mixtures, some virtual registers to hardware registers, some to memory are also possible. The ABI for virtual-register access depends on the specific processor type and on the virtual-register type, see Appendices A.1, B.1 and C.1 for specific hardware details.

There are three classes of virtual registers:

- Thread Control Registers (TCRs), see page 16
- Message Registers (MRs), see page 48
- Buffer Registers (BRs), see page 59

Loading illegal values into virtual registers, overwriting read-only virtual registers, or accessing virtual registers of other threads in the same address space (which may be physically possible if some are mapped to memory locations) is illegal and can have undefined effects on all threads of the current address space. However, since virtual registers can *not* be accessed across address spaces, they are safe from the kernel's point of view: Illegal accesses can like any other programming bug only compromise the originator's address space.

Remark:

In general, virtual registers can only be addressed directly, not indirectly through pointers. The generic API therefore offers no operations for indirect virtual-register access. However, processor-specific code generators might use indirect access techniques if the ABI permits it.

# **Generic Programming Interface**

```
#include <|4/message.h>

void StoreMR (int i, Word& w)

void LoadMR (int i, Word w)

Delivers/sets MR _i.

void StoreMRs (int i, k, Word& [k] w)

void LoadMRs (int i, k, Word& [k] w)

Stores/loads MR _{i...i+k-1} to/from memory.

void StoreBR (int i, Word& w)

void LoadBR (int i, Word w)

Delivers/sets the value of BR _i.

void StoreBRs (int i, k, Word& [k])

void LoadBRs (int i, k, Word& [k])

Stores/loads BR _{i...i+k-1} to/from memory.
```

12 VIRTUAL REGISTERS

# **Chapter 2**

# Threads

14 THREADID

# 2.1 ThreadId [Data Type]

Thread IDs identify threads and hardware interrupts. A thread ID can be *global* or *local*. Global thread IDs are unique through the entire system. They identify threads independently of the address space in which they are used. Local thread IDs exist per address space; the scope of a thread's local ID is only the thread's own address space. In different address spaces, the same local thread ID may identify different and unrelated threads.

Note that any thread has a global and a local thread ID. Both global and local thread IDs are encoded in a single word.

#### **Global Thread ID**

A global thread ID consists of a word, where 18 bits (32-bit processor) or 32 bits (64-bit processor) determine the thread number and 14 bits (32-bit processor) or 32 bits (64-bit processor) are available for a version number. At least one of the lowermost 6 version bits must be 1 to differentiate a global from a local thread ID.

User-thread numbers can be freely allocated within the interval [UserBase,  $2^t$ ), where t denotes the upper limit of thread IDs. The thread-number interval [SystemBase, UserBase) is reserved for L4-internal threads. Hardware interrupts are regarded as hardware-implemented threads. Consequently, they are identified by thread IDs. Their corresponding thread numbers are within the interval [0, SystemBase). The values SystemBase, UserBase, and t are published in the kernel interface page (see page 4).

| global thread ID    | thread no $(18/32)$        | $version_{\left(14/32\right)} \neq 0 \pmod{64}$ |  |
|---------------------|----------------------------|-------------------------------------------------|--|
| global interrupt ID | intr no <sub>(18/32)</sub> | 1 (14/32)                                       |  |

Global thread IDs have a version field whose content can be freely set by those threads that can create and delete threads. However, the lowermost 6 bits of the version must not all be 0, i.e.  $v \mod 64 \neq 0$  must hold for every version v. For hardware interrupts, the version field is always 1.

The microkernel checks version fields whenever a thread is accessed through its global thread ID. However, the semantics of the version field are not defined by the microkernel. OS personalities are free to use this field for any purpose. For example, they may use it to make thread IDs unique in time.

# **Local Thread ID**

Local thread IDs identify threads within the same address space. They are identified by the 6 lowermost bits being 0.

# **Special Thread IDs**

Special IDs exist for *nilthread* and two wild cards. The thread ID *anythread* matches with any given thread ID, including all interrupt IDs. The ID *anylocalthread* matches all threads that reside in the same address space.

| nilthread      | 0 (32/64)             |        |  |
|----------------|-----------------------|--------|--|
| anythread      | $-1_{(32/64)}$        |        |  |
| anylocalthread | <sup>-1</sup> (26/58) | 000000 |  |

THREADID 15

# **Generic Programming Interface**

```
#include <|4/thread.h>

struct ThreadId Nord raw }

ThreadId nilthread

ThreadId anythread

ThreadId anylocalthread

ThreadId GlobalId (Word threadno, version)

Delivers a thread ID with indicated thread and version number.

Word Version (ThreadId t)

Word ThreadNo (ThreadId t)

Delivers version/thread number of indicated global thread ID.
```

# **Convenience Programming Interface**

```
#include <l4/thread.h>
Bool == (ThreadId \ l, \ r)
                                                                                               [IsThreadEqual]
Bool != (ThreadId l, r)
                                                                                           [IsThreadNotEqual]
                   Check if thread IDs match or differ. The result of comparing a local ID with a global ID will
                  always indicate a mismatch, even if the IDs refer to the same thread.
Bool SameThreads (ThreadId l, r)
                   \{ GlobalId (l) == GlobalId (r) \}
                  Check if thread IDs refer to the same thread. Also works if one ID is local and the other is
Bool IsNilThread (ThreadId t)
                   \{ t == nilthread \}
Bool IsLocalId (ThreadId t)
Bool IsGlobalId (ThreadId t)
                  Check if thread ID is a local/global one.
ThreadId LocalId (ThreadId t)
                                                                                                   [LocalIdOf]
ThreadId GlobalId (ThreadId t)
                                                                                                  [GlobalIdOf]
                  Delivers the local/global ID of the specified local thread. Specifying a non-local thread delivers
                  nilthread (see EXCHANGEREGISTERS, page 18).
ThreadId MyLocalId ()
ThreadId MyGlobalId ()
                  Delivers the local/global ID of the currently running thread (see TCRs, page 16).
ThreadId Myself ()
                   { MyGlobalId () }
```

# 2.2 Thread Control Registers (TCRs) [Virtual Registers]

TCRs are a fast mechanism to exchange relatively static control information between user thread and microkernel. TCRs are static non-transient per-thread registers.

| VirtualSender/ActualSender (32/64) | R/W    | see IPC           |
|------------------------------------|--------|-------------------|
| IntendedReceiver (32/64)           | R-only | see IPC           |
| XferTimeouts (32/64)               | R/W    | see IPC           |
| ErrorCode (32/64)                  | R-only | see system-calls  |
| Preempt Flags (8)                  | R/W    | see Scheduling    |
| Cop Flags (8)                      | W-only | see Miscellaneous |
| ExceptionHandler (32/64)           | R/W    | see Miscellaneous |
| Pager (32/64)                      | R/W    | see Protocols     |
| UserDefinedHandle (32/64)          | R/W    | see Threads       |
| ProcessorNo (32/64)                | R-only | see Miscellaneous |
| MyLocalId (32/64)                  | R-only | see Threads, IPC  |
| MyGlobalId (32/64)                 | R-only | see Threads, IPC  |

| MyGlobalId  | Global ID of the thread.                                     |
|-------------|--------------------------------------------------------------|
| MyLocalId   | Local ID of the thread.                                      |
| ProcessorNo | The processor number on which the thread currently executes. |

# ${\it User Defined Handle}$

This field can be freely set and read by user threads. It can, e.g., be used for storing a thread number, a pointer to an additional user thread control block, etc.

# **Generic Programming Interface**

The listed generic functions permit user code to access TCRs independently of the processor-specific TCR model. All functions are user-level functions; the microkernel is not involved.

```
#include <l4/thread.h>
ThreadId MyLocalId ()
ThreadId MyGlobalId ()
                  Delivers the local/global ID of the currently running thread (see TCRs, page 16).
ThreadId Myself ()
                   { MyGlobalId () }
Word ProcessorNo ()
                   Delivers the processor number the current thread is running on. Delivered value is a valid index
                  into the processor description array (see Kernel Interface Page, page 4).
Word UserDefinedHandle ()
void Set_UserDefinedHandle (Word NewValue)
                  Delivers/sets the user defined handle of the currently running thread.
ThreadId Pager ()
void Set_Pager (ThreadId NewPager)
                  Delivers/sets the pager for the currently running thread.
ThreadId ExceptionHandler ()
void Set_ExceptionHandler (ThreadId NewHandler)
                  Delivers/sets the exception handler for the currently running thread.
void Set_CopFlag (Word n)
void Clr_CopFlag (Word n)
                  Sets/clears coprocessor flag c_n.
Word ErrorCode ()
                   Delivers the error code of the last system-call.
Word XferTimeouts ()
void Set_XferTimeouts (Word NewValue)
                  Delivers/sets the transfer timeouts for the currently running thread (see IPC, page 63).
ThreadId IntendedReceiver ()
                  Delivers the intended receiver of last received IPC (see IPC, page 64).
ThreadId ActualSender ()
                  Delivers the actual sender of the last propagated IPC (see IPC, page 63).
void Set_VirtualSender (ThreadId t)
                  Sets the virtual sender for the next deceiving IPC (see IPC, page 63).
```

Code generators of IDL and other compilers are not restricted to the generic interface. They can use any processor-specific methods and optimizations to access TCRs.

#### 2.3 **EXCHANGEREGISTERS** [Systemcall]

| ThreadId | dest -            | $\longrightarrow$ | ThreadId | result            |
|----------|-------------------|-------------------|----------|-------------------|
| Word     | control           |                   | Word     | control           |
| Word     | SP                |                   | Word     | SP                |
| Word     | IP                |                   | Word     | IP                |
| Word     | FLAGS             |                   | Word     | FLAGS             |
| ThreadId | pager             |                   | ThreadId | pager             |
| Word     | UserDefinedHandle |                   | Word     | UserDefinedHandle |

Exchanges or reads a thread's FLAGS, SP, and IP hardware registers as well as pager and UserDefinedHandle TCRs. Furthermore, thread execution can be suspended or resumed. The destination thread must be an active thread (see page 22) residing in the invoker's address space.

Any IP, SP, or FLAGS modification changes the corresponding user-level registers of the addressed thread. In general, ongoing kernel activities are not influenced. However, a currently active IPC operation can be canceled or aborted. For details see the SR-bit specification below.

Modifications of the pager TCR and the UserDefinedHandle TCR become immediately effective, whether the destination thread executes in user mode or in kernel mode.

# **Input Parameters**

| A | '^ | _ | 4 |
|---|----|---|---|
|   |    |   |   |

Thread ID of the addressed thread. This may be a local or a global ID. However, the addressed

| aesi    | thread must reside in the current address space. faster in some implementations.                                                                                                                                                                                                                                                                               | ,                                             |  |
|---------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------|--|
| control | 0 (22/54)                                                                                                                                                                                                                                                                                                                                                      | dhpufisSRH                                    |  |
| hpufis  | The $s$ -flag refers to the $SP$ register, $i$ to $IP$ , $f$ to $FLAGS$ , $u$ to the $UserDefinedHandle$ TCR, $p$ to the $pager$ TCR, and $h$ to the $H$ -flag. If a flag is set to 1, the register/state is overwritten by the corresponding input parameter. Otherwise, the corresponding input parameter is ignored and the register/state is not modified. |                                               |  |
| SR      | Controls whether the addressed thread's ongoin through the system call or not.                                                                                                                                                                                                                                                                                 | ng IPC opereration should be canceled/aborted |  |
| S = 0   | An IPC operation of the addressed thread that is a message will continue as usual. <i>SP</i> , <i>IP</i> or <i>F</i> operation terminates.                                                                                                                                                                                                                     |                                               |  |
| S = 1   | An IPC operation of the addressed thread that canceled. An IPC operation that is currently sen                                                                                                                                                                                                                                                                 |                                               |  |
| R = 0   | An IPC operation of the addressed thread that receiving a message will continue as usual. <i>SP</i> , <i>I</i> IPC operation terminates.                                                                                                                                                                                                                       |                                               |  |
| R = 1   | An IPC operation of the addressed thread that is <i>canceled</i> . An IPC operation that is currently rec                                                                                                                                                                                                                                                      | , ,                                           |  |
| H       | Halts/resumes the thread if $h = 1$ . Ignored for $h$                                                                                                                                                                                                                                                                                                          | a = 0.                                        |  |

- H = 0No effect if the thread was not halted. Otherwise, thread execution is resumed.
- User-level thread execution is halted. Note that ongoing IPCs and other kernel operations are H = 1not affected by H. (See SR for also aborting active IPC.)

| d            | If $d=1$ the result parameters (IP, SP, FLAGS, UserDefinedHandle, pager, control) are delivered. If $d=0$ the return values are undefined.        |  |
|--------------|---------------------------------------------------------------------------------------------------------------------------------------------------|--|
| SP           | The current user-level stack pointer is set to $SP$ if $s=1$ . Ignored for $s=0$ .                                                                |  |
| IP           | The current user-level instruction pointer is set to $IP$ if $i=1$ . Ignored for $i=0$ .                                                          |  |
| FLAGS        | Sets the user-level processor flags of the thread if $f=1$ . Ignored for $f=0$ . The semantics of the $FLAGS$ word depends on the processor type. |  |
| UserDefinedI | UserDefinedHandle Sets the thread's UserDefinedHandle TCR if $u=1$ . Ignored for $u=0$ .                                                          |  |
| pager        | Sets the thread's pager TCR if $p=1$ . Ignored for $p=0$ .                                                                                        |  |

# **Output Parameters**

result ≠ nilthread, input parameter dest was a local thread ID global thread ID of the addressed thread. EXCHANGEREGISTERS succeeded.

 $\textit{result} \neq \textit{nilthread}, \textit{input parameter} \textit{ dest was a global thread ID}$ 

local thread ID of the addressed thread. EXCHANGEREGISTERS succeeded.

**result** = nilthread Operation failed. The ErrorCode TCR indicates the reason for the failure.

**ErrorCode** [TCR] Set if result = nilthread. Undefined if  $result \neq nilthread$ .

=2 Invalid thread. The *dest* parameter specified an invalid thread ID, an inactive thread, or a thread within a different address space.

| control |       | $0_{(29/61)}$ $SRH$                                                                                                                                                                                                                                                                                                                    |
|---------|-------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|         |       | The control parameter is only valid if $d=1$ and undefined otherwise.                                                                                                                                                                                                                                                                  |
| Н       |       | Reports whether the addressed thread was halted $(H=1)$ or not $(H=0)$ when EXCHANGE-REGISTERS was invoked. Note that this output $control$ bit is independent of the input parameter $control$ .                                                                                                                                      |
| SR      |       | Reports whether the addressed thread was within an IPC operation when EXCHANGEREGISTERS was invoked. A value of 0 reports that the addressed thread was not within a send phase $(S=0)$ or not within a receive phase $(R=0)$ , respectively. Note that these output $control$ bits are independent of the input parameter $control$ . |
|         | R = 1 | Operation was executed while the addressed thread was within the receive phase of an IPC operation. Iff the input control word had $R=1$ the IPC operation was canceled or aborted.                                                                                                                                                    |
|         | S = 1 | Operation was executed while the addressed thread was within the send phase of an IPC operation. Iff the input control word had $S=1$ the IPC operation was canceled or aborted.                                                                                                                                                       |

| SP                                                                                                  | Old user-level stack pointer of the thread, if $d=1$ and undefined for $d=0$ .                                           |  |
|-----------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|--|
| IP                                                                                                  | Old user-level instruction pointer of the thread, if $d=1$ and undefined for $d=0$ .                                     |  |
| FLAGS                                                                                               | Old user-level flags of the thread, if $d=1$ and undefined for $d=0$ . The semantics of this word is processor specific. |  |
| UserDefinedHandle Old content of thread's UserDefinedHandle TCR, if $d=1$ and undefined for $d=0$ . |                                                                                                                          |  |
| pager                                                                                               | Old content of thread's $pager$ TCR, if $d=1$ and undefined for $d=0$ .                                                  |  |

# **Pagefaults**

No pagefaults will happen.

# **Generic Programming Interface**

# System-Call Function:

#include < 14/thread.h>

ThreadId ExchangeRegisters (ThreadId dest, Word control, sp, ip, flags, UserDefinedHandle, ThreadId pager, Word& old\_control, old\_sp, old\_flags, old\_UserDefinedHandle, ThreadId& old\_pager)

# **Convenience Programming Interface**

# **Derived Functions:**

#include <l4/thread.h>

ThreadId GlobalId (ThreadId t) [GlobalIdOf]  $\{ \text{ if (IsLocalId (t)) ExchangeRegisters (t,0,-...) else t } \}$ 

Delivers global ID of specified local thread. Specifying a non-local thread delivers nilthread.

ThreadId LocalId (ThreadId t) [LocalIdOf]

 $\big\{ \text{ if (IsGlobalId (t)) ExchangeRegisters (t,0,-...) else t } \big\}$ 

Delivers local ID of specified local thread. Specifying a non-local thread delivers nilthread.

Word UserDefinedHandle (ThreadId t) [UserDefinedHandleOf]

void **Set\_UserDefinedHandle** (ThreadId t, Word handle) [Set\_UserDefinedHandleOf]

Delivers/sets the user defined handle of specified local thread. Result of specifying a non-local thread is undefined.

ThreadId Pager (ThreadId t) [PagerOf]

void Set\_Pager (ThreadId t, p) [Set\_PagerOf]

Delivers/sets the pager for specified local thread. Result of specifying a non-local thread is undefined.

```
void Start (ThreadId t)
void Start (ThreadId t, Word sp, ip)
                                                                                                    [Start_SpIp]
void Start (ThreadId t, Word sp, ip, flags)
                                                                                               [Start_SpIpFlags]
                   Resume execution of specified local thread (if halted). Abort any ongoing IPC operations. Op-
                   tionally modify stack pointer, instruction pointer, and processor flags according to function pa-
                   rameters. Result of specifying a non-local thread is undefined.
ThreadState Stop (ThreadId t)
ThreadState Stop (ThreadId t, Word& sp, ip, flags)
                                                                                               [Stop_SpIpFlags]
                   Halt execution of specified local thread and return its current thread state. Do not abort any on-
                   going IPC operation. Optionally return thread's stack pointer, instruction pointer, and processor
                   flags in output parameters. Result of specifying a non-local thread is undefined.
ThreadState AbortReceive_and_stop (ThreadId t)
ThreadState AbortReceive_and_stop (ThreadId t, Word& sp, ip, flags)
                                                                             [AbortReceive_and_stop_SpIpFlags]
                   As stop (), except any ongoing IPC receive operation is immediately aborted.
ThreadState AbortSend_and_stop (ThreadId t)
ThreadState AbortSend_and_stop (ThreadId t, Word& sp, ip, flags)
                                                                                [AbortSend_and_stop_SpIpFlags]
                   As stop (), except any ongoing IPC send operation is immediately aborted.
ThreadState AbortIpc_and_stop (ThreadId t)
ThreadState AbortIpc_and_stop (ThreadId t, Word& sp, ip, flags)
                                                                                 [AbortIpc_and_stop_SpIpFlags]
                   As stop (), except any ongoing IPC send or receive operations are immediately aborted.
```

# **Support Functions:**

```
#include <|4/thread.h>

struct ThreadState { Word raw }

Bool ThreadWasHalted (ThreadState s)

Bool ThreadWasSending (ThreadState s)

Bool ThreadWasReceiving (ThreadState s)

Bool ThreadWasIpcing (ThreadState s)

Query the thread state returned from one of the stop () functions.

Word ErrorCode ()

Word ErrInvalidThread
```

22 THREADCONTROL

# 2.4 THREADCONTROL [Privileged Systemcall]

ThreadId dest → Word result
ThreadId SpaceSpecifier
ThreadId scheduler
ThreadId pager
void\* UtcbLocation

A privileged thread, e.g., the root server, can delete and create threads through this function. It can also modify the global thread ID (version field only) of an existing thread.

Threads can be created as *active* or *inactive* threads. Inactive threads do not execute but can be activated by active threads that execute in the same address space.

An actively created thread starts immediately by executing a short receive operation from its pager. (An active thread must have a pager.) The activeted thread expects a start message (MsgTag and two untyped words) from its pager. Once it receives the start message, it takes the value of MR  $_1$  as its new IP, the value of MR  $_2$  as its new SP, and then starts execution at user level with the received IP and SP. The new thread will execute on the same processor where the activating ThreadControl was invoked

Interrupt threads are treated as normal threads. They are active at system startup and can *not* be deleted or migrated into a different address space (i.e., SpaceSpecifier must be equal to the interrupt thread ID). When an interrupt occurs the interrupt thread sends an IPC to its pager and waits for an empty end-of-interrupt acknowledgment message (MR  $_0$ =0). Interrupt threads never raise pagefaults. To deactivate interrupt message delivery the pager is set to the interrupt thread's own ID.

# **Input Parameters**

# dest

Addressed thread. *Must be a global thread ID*. Only the thread number is effectively used to address the thread. If a thread with the specified thread number exists, its version bits are overwritten by the version bits of *dest id* and any ongoing IPC operations are aborted. Otherwise, the specified version bits are used for thread creations, i.e., a thread creation generates a thread with ID *dest*.

# **SpaceSpecifier** ≠ nilthread, dest not existing

*Creation.* The space specifier specifies in which address space the thread will reside. Since address space do not have own IDs, a thread ID is used as *SpaceSpecifier*. Its meaning is: the new thread should execute in the same address space as the thread *SpaceSpecifier*.

The first thread in a new address space is created with *SpaceSpecifier = dest*. This operation implicitly creates a new empty address space. Note that the new address space is created with an empty UTCB and KIP area. The space creation *must* therefore be completed by a SPACECONTROL operation before the thread(s) can execute.

# $SpaceSpecifier \neq nilthread, dest exists$

*Modification Only.* The addressed thread *dest* is neither deleted nor created. Modifications can change the version bits of the thread ID, the associated scheduler, the pager, or the associated address space, i.e., migrate the thread to a new address space.

# **SpaceSpecifier** = nilthread, dest exists

Deletion. The addressed thread dest is deleted. Deleting the last thread of an address space implicitly also deletes the address space.

# scheduler ≠ nilthread

Defines the scheduler thread that is permitted to schedule the addressed thread. Note that the scheduler thread must exist when the addressed thread starts executing.

THREADCONTROL 23

#### **scheduler** = nilthread

The current scheduler association is not modified. This variant is illegal for a creating THREAD-CONTROL operation.

pager ≠ nilthread

The pager of *dest* is set to the specified thread. If *dest* was inactive before, it is *activated*.

pager = nilthread

The current pager association is not modified.

If used with a creating THREADCONTROL operation, *dest* is created as an *inactive* thread.

 $UtcbLocation \neq -1$ 

The start address of the UTCB of the thread is set to UtcbLocation. Upon thread activation the UTCB must fit entirely into the UTCB area of the configured address space, and must be properly aligned according to the UtcbInfo field of the kernel interface page. It is the application's responsibility to ensure that UTCBs of multiple threads do not overlap. Changing the UtcbLocation of an already active thread is an illegal operation. Note that since a newly created space has an empty UTCB area, it is not possible to activate a thread in an address space which has not been properly configured with SPACECONTROL.

*UtcbLocation* = -1 The UTCB location is not modified.

#### UtcbInfo [KernelInterfacePage Field]

Permits to calculate the appropriate page size of the UTCB area fpage and specifies the size and alignment of UTCBs. Note that the size restricts the total number of threads that can reside in an address space.

| $\sim_{(10/42)}$ $s_{(6)}$ | a (6) | m <sub>(10)</sub> |
|----------------------------|-------|-------------------|
|----------------------------|-------|-------------------|

The minimal area size for an address space's UTCB area is  $2^s$ . The size of the UTCB area limits the total number of threads k to  $2^a mk \le 2^s$ .

m UTCB size multiplier.

The UTCB location must be aligned to  $2^a$ . The total size required for one UTCB is  $2^a m$ .

#### **Output Parameters**

result

s

The result is 1 if the operation succeeded, otherwise the result is 0 and the ErrorCode TCR indicates the failure reason.

#### **ErrorCode** [TCR] Set if result = 0. Undefined if $result \neq 0$ .

- = 1 No privilege. Current thread does not have have privilege to perform the operation.
- = 2 Unavailable thread. The *dest* parameter specified a kernel thread or an unavailable interrupt thread.
- =3 Invalid space. The *SpaceSpecifier* parameter specified an invalid thread ID, or activation of a thread in a not yet initialized space.
- = 4 Invalid scheduler. The *scheduler* paramter specified an invalid thread ID, or was set to *nilthrad* for a creating THREADCONTROL operation.
- =6 Invalid UTCB location. *UtcbLocation* lies outside of UTCB area, or attempt to change the *UtcbLocation* for an already active thread.

24 THREADCONTROL

= 8 Out of memory. Kernel was not able to allocate the resources required to perform the operation.

#### **Pagefaults**

No pagefaults will happen.

#### **Generic Programming Interface**

#### **System-Call Function:**

#include <I4/thread.h>

Word ThreadControl (ThreadId dest, SpaceSpecifier, Scheduler, Pager, void\* UtcbLocation)

#### **Convenience Programming Interface**

#### **Derived Functions:**

```
#include < I4/thread.h>
```

Word AssociateInterrupt (ThreadId InterruptThread, InterruptHandler)

{ ThreadControl (InterruptThread, InterruptThread, nilthread, InterruptHandler, -1) }

Associate a handler thread with the specified interrupt source.

Word DeassociateInterrupt (ThreadId InterruptThread)

 $\{\ ThreadControl\ (InterruptThread,\ InterruptThread,\ nilthread,\ InterruptThread,\ -1)\ \}$ 

Remove association between the specified interrupt source and any potential handler thread.

#### **Support Functions:**

Word ErrorCode ()

Word ErrNoPrivilege

Word ErrInvalidThread

Word ErrInvalidSpace

Word ErrInvalidScheduler

Word ErrUtcbArea

Word ErrNoMem

## **Chapter 3**

# Scheduling

26 CLOCK

#### 3.1 Clock [Data Type]

On both 32-bit and 64-bit processors, the system clock is represented as a 64-bit unsigned counter. The clock measures time in 1  $\mu$ s units, independent of the processor frequency. Although the clock base is undefined, it is guaranteed that the counter will not overflow for at least 1,000 years.

#### **Generic Programming Interface**

#include < I4/schedule.h>

struct CLOCK { Word64 raw }

#### **Convenience Programming Interface**

#include <l4/schedule.h>

 $Clock + (Clock \, l, \, r)$  [ClockAdd]

Clock + (Clock l, Word64 r) [ClockAddUsec]

Clock + (Clock l, int r)

Clock - (Clock l, r) [ClockSub]

Clock - (Clock l, Word64 r) [ClockSubUsec]

Clock - (Clock l, int r)

Adds/subtracts a number of  $\mu s$  to/from a clock value. Delivers new clock value. Does not modify the old clock value.

Bool < (Clock l, r) [IsClockEarlier]

Bool > (Clock l, r) [IsClockLater]

Bool <= (Clock l, r)

Bool >= (Clock l, r)

 $Bool == (Clock \, l, \, r)$  [IsClockEqual]

 $Bool != (Clock \ l, r)$  [IsClockNotEqual]

Compares two clock values.

SYSTEMCLOCK 27

| 3.2 | SYSTEMCLOCK | [Systemcall] |
|-----|-------------|--------------|
|-----|-------------|--------------|

 $\longrightarrow$  Clock clock

Delivers the current system clock. Typically, the operation does not enter kernel mode.

#### **Pagefaults**

No pagefaults will happen.

#### **Generic Programming Interface**

#### **System-Call Function:**

#include <l4/schedule.h>

Clock SystemClock ()

28 TIME

#### 3.3 Time [Data Type]

Time values are used to specify send/receive timeouts for IPC operations (see page 62) and time quanta for scheduling (see page 31). The unit for time periods as well as for time points is 1  $\mu$ s. Clock ticks thus happen every  $\mu$ s.

Relative time values specify a time period. Time periods are encoded as un-normalized 16-bit floating-point numbers. (Note that for easier handling the mantissa can have leading 0-bits.) The shortest non-zero time period that can be specified is 1  $\mu$ s, the longest finite period slightly exceeds 610 hours. Two special periods frequently used for timeouts are 0 and  $\infty$ , a never ending period. The values 0 and  $\infty$  have special encodings.

Absolute time values specify a point in time. They are only valid for a limited period, at maximum 67 seconds.



For a semantical description of time-point values, we use Clock to denote the current clock value in  $\mu$ s,  $x_{[i]}$  to denote bit i of x, and  $x_{[i,j]}$  to denote the number consisting of bits i to j of x. Then, the time-point value (c, m, e) specifies the point:

$$t \ = \ \left\{ \begin{array}{ll} 2^e \cdot \left( m + Clock_{_{[63,e+9]}} \cdot 2^{10} \right) & \text{if} \quad Clock_{_{[e+10]}} = c \\ \\ 2^e \cdot \left( m + Clock_{_{[63,e+9]}} \cdot 2^{10} + 2^{10} \right) & \text{if} \quad Clock_{_{[e+10]}} \neq c \end{array} \right.$$

Absolute time values are thus the more precise the nearer in the future they are.

Absolute time values with maximal precision become invalid just after the clock has reached the specified point in time. The validity interval can be expanded, but only by reducing the precision. In general, a time-point value (c, m, e) that is constructed when the current clock value is  $C_0$  is valid from  $C_0$  up to

$$C_0 + (2^{10} - 1) \cdot 2^e$$

Therefore, a time-point value that should remain valid for 10 ms can have a precision of 10  $\mu$ s whereas a value that should remain valid for an entire second can only have a precision of 1 ms. In general, a precision of 0.1% of the required validity interval can be achieved.

#### **Generic Programming Interface**

#include <l4/schedule.h>

struct **TIME** { Word16 raw }

Time Never

Time ZeroTime

Time **TimePeriod** (Word64 microseconds)

TIME 29

Time TimePoint (Clock at)

#### **Convenience Programming Interface**

#include <l4/schedule.h>

 $Time + (Time \ l, Word \ r)$  [TimeAddUsec]

 $Time += (Time \ l, \ Word \ r)$  [TimeAddUsecTo]

 $Time - (Time \ l, Word \ r)$  [TimeSubUsec]

 $Time -= (Time \ l, \ Word \ r)$  [TimeSubUsecFrom]

Adds/subtracts a number of microseconds to/from a time value.

 $Time + (Time \ l, \ r)$  [TimeAdd]

Time += (Time l, r) [TimeAddTo]

 $Time - (Time \ l, r)$  [TimeSub]

 $Time -= (Time \ l, r)$  [TimeSubFrom]

Adds/subtracts a time period to/from a time value. The result of adding/subtracting a time point is undefined.

 $Bool > (Time \ l, r)$  [IsTimeLonger]

 $Bool >= (Time \ l, \ r)$ 

Bool < (Time l, r) [IsTimeShorter]

 $Bool <= (Time \ l, \ r)$ 

 $Bool == (Time \ l, r)$  [IsTimeEqual]

 $Bool != (Time \ l, r)$  [IsTimeNotEqual]

Compares two time values. The result of comparing a time period with a time point, or vice versa, is undefined.

30 THREADSWITCH

#### 3.4 THREADSWITCH [Systemcall]

ThreadId dest  $\longrightarrow$  void

The invoking thread releases the processor (non-preemptively) so that another ready thread can be processed.

#### **Input Parameter**

dest = nilthread

Processing switches to an undefined ready thread which is selected by the scheduler. (It might be the invoking thread.) Since this is "ordinary" scheduling, the thread gets a new timeslice.

dest ≠ nilthread

If *dest* is ready, processing switches to this thread. In this "extraordinary" scheduling, the invoking thread donates its remaining timeslice to the destination thread. (This one gets the donation in addition to its ordinarily scheduled timeslices, if any.)

If the destination thread is not ready or resides on a different processor, the system call operates as described for dest = nilthread.

#### **Pagefaults**

No pagefaults will happen.

#### **Generic Programming Interface**

#### **System-Call Function:**

#include <l4/schedule.h>

void ThreadSwitch (ThreadId dest)

#### **Convenience Programming Interface**

#### **Derived Functions:**

#include <l4/schedule.h>

void Yield ()

{ ThreadSwitch (nilthread) }

Switch processing to a thread selected by the scheduler.

#### 3.5 SCHEDULE [Systemcall]

 $\begin{array}{cccc} \textit{ThreadId} & \textit{dest} & \longrightarrow & \textit{Word} & \textit{result} \\ \textit{Word} & \textit{time control} & & \textit{Word} & \textit{time control} \end{array}$ 

Word processor control

Word prio

Word preemption control

The system call can be used by schedulers to define the *priority, timeslice length*, and other scheduling parameters of threads. Furthermore, it delivers thread states.

The system call is only effective if the calling thread resides in the same address space as the destination thread's scheduler (see *thread control*, page 22).

#### **Input Parameters**

dest

Destination thread ID. The destination thread must be existent (but can be inactive) and the current thread must reside in the same address space as the destination thread's scheduler (see *thread control*). Otherwise, the destination thread is not affected.

All further input parameters have no effect if the supplied value is -1, ensuring that the corresponding internal thread variable is *not* modified. The following description always refers to values  $\neq -1$ .

| time control | ts len (16) | total quantum (16) |
|--------------|-------------|--------------------|
|              | (10)        | (10)               |

ts len

New timeslice length for the destination thread. The timeslice length is specified as a time period (see page 28). Absolute time values and the value 0 are illegal. A timeslice length of  $\infty$ , however, can be specified. In that case, the thread never experiences a preemption due to exhausted time slice. The specified value is always rounded up to the nearest possible timeslice length. In particular, a time period of 1  $\mu$ s results in the shortest possible timeslice.

Writing the timeslice length initializes the current quantum with the new length. After the quantum is exhausted, the thread is preempted while the quantum is reloaded with *ts len* for the next timeslice.

total quantum

Defines the total quantum for the thread. Exhaustion of the total quantum results in an RPC to the thread's scheduler (i.e., the current thread). (Re)writing the total quantum re-initializes the quantum, independent of the already consumed total quantum. The total quantum is specified as a time period (see page 28). Absolute time values are illegal. A total quantum of  $\infty$  can be specified.

| prio | 0 (24/56) | prio (8) |
|------|-----------|----------|
|      |           |          |

New priority for destination thread. Must be less than or equal to current thread's priority.

| preemption control | 0 (8/40) | sensitive prio (8) | maximum delay (16) |
|--------------------|----------|--------------------|--------------------|
|                    | (8/40)   | sensure prio (8)   | maximum delay (16) |

sensitive prio

Preemptions by threads that run on a priority lower or equal to this sensitive prio will, (a) if the *delay-preemption* flag is set, be delayed until the thread executes a *thread switch* (*nilthread*) system call; and (b) if the signal-preemption flag is set, raise a preemption fault to the exception handler.

No preemption delays or signaling will occur if preempted by a thread having a higher priority than sensitive prio, regardless of the state of the delay-preemption and signal-preemption flags.

maximum delay

The maximum time in  $\mu s$  a pending preemption can be delayed in the destination thread. The value 0 effectively disables preemption delay.

#### processor control

processor number (16)  $0_{(16/48)}$ 

time control

processor number Specifies the processor number to which the thread should be migrated. The processor number must be valid, i.e., smaller than the total number of processors (see kernel interface page at page 3). Otherwise, the parameter is ignored. The first processor number is denoted as 0.

#### **Output Parameters**

| result          | ~ (24/56)                                                                                                                 | tstate (8)                                  |  |
|-----------------|---------------------------------------------------------------------------------------------------------------------------|---------------------------------------------|--|
| tstate =        | Thread state:                                                                                                             |                                             |  |
| 0               | Error. The operation failed completely. The ErrorCod                                                                      | e TCR indicates the reason for the failure. |  |
| 1               | Dead. The thread is unable to execute or does not exist                                                                   | st.                                         |  |
| 2               | <i>Inactive</i> . The thread is inactive/stopped.                                                                         |                                             |  |
| 3               | <i>Running</i> . The thread is ready to execute at user-level.                                                            |                                             |  |
| 4               | 4 Pending send. A user-invoked IPC send operation currently waits for the destination (recipi to become ready to receive. |                                             |  |
| 5               | 5 Sending. A user-invoked IPC send operation currently transfers an outgoing message.                                     |                                             |  |
| 6               | Waiting to receive. A user-invoked IPC receive operation currently waits for an incoming m sage.                          |                                             |  |
| 7               | 7 Receiving. A user-invoked IPC receive operation currently receives an incoming message.                                 |                                             |  |
| ErrorCode [TCR] | Set if lower 8 bits of $result = 0$ . Undefined if lower 8                                                                | bits of $result \neq 0$ .                   |  |
| = 1             | No privilege. Current thread is not the scheduler of th                                                                   | e destination thread.                       |  |
| =2              | = 2 The <i>dest</i> parameter specified an invalid thread ID.                                                             |                                             |  |
| = 5             | = 5 Invalid parameter. The specified time-slice length, total quantum, priority, or processor numb was invalid.           |                                             |  |
|                 |                                                                                                                           |                                             |  |

rem total (16)

rem ts (16)

rem ts Remainder of the current timeslice.

rem total Remaining total quantum of the thread.

#### **Pagefaults**

No pagefaults will happen.

#### **Generic Programming Interface**

#### **System-Call Function:**

```
#include <l4/schedule.h>
```

Word Schedule (ThreadId dest, Word TimeControl, ProcessorControl, prio, PreemptionControl, Word&old\_TimeControl)

#### **Convenience Programming Interface**

#### **Derived Functions:**

```
#include <|4/schedule.h>

Word Set_Priority (ThreadId dest, Word prio)
{ Schedule (dest, -1, -1, prio, -1) }

Word Set_ProcessorNo (ThreadId dest, Word ProcessorNo)
{ Schedule (dest, -1, ProcessorNo, -1, -1) }

Word Timeslice (ThreadId dest, Time & ts, Time & tq)
Delivers the remaining timeslice and total quantum of the given thread.

Word Set_Timeslice (ThreadId dest, Time ts, Time tq)
{ Schedule (dest, ts * 2<sup>16</sup> + tq, -1, -1, -1) }

Word Set_PreemptionDelay (ThreadId dest, Word sensitivePrio, Word maxDelay)
{ Schedule (dest, -1, -1, -1, SensitivePrio * 2<sup>16</sup> + MaxDelay) }
```

#### **Support Functions:**

```
Word ErrorCode ()
Word ErrNoPrivilege
Word ErrInvalidThread
```

Word ErrInvalidParam

PREEMPT FLAGS 35

#### 3.6 Preempt Flags [TCR]

The *preemption flags* TCR controls asynchronous preemptions (timeslice exhausted or activation of a higher-priority thread including device interrupts).

#### Preempt Flags The ds-flags are used to control the microkernel. User threads can set/reset them. The I-flag signals an event to the user. It is set by the microkernel and typically read/reset by the user. Asynchronous preemptions are not signaled to the exception handler. s = 0Asynchronous preemptions are signaled as preemption faults to the exception handler. If d=0s = 1this happens immediately. Otherwise, it is delayed until the thread continues execution after the preemption. All asynchronous preemptions happen immediately. If they are signaled as preemption faults d = 0(s = 1), this happens after the preemption took place, i.e., when the thread gets reactivated. Asynchronous preemptions are delayed if the priority of the preemptor is lower or equal than d = 1the sensitive priority for the current thread. (The sensitive priority is set by the scheduler, see page 32.) A delayed preemption does not interrupt the current thread immediately but is postponed until the current thread invokes a systemcall thread switch (nilthread). However, a pending preemption must not be delayed for longer than the maximum delay that was set by the thread's scheduler. Such a preemption-delay overflow resets the d bit and is signaled to the exception handler. I = 0No asynchronous preemption is pending. An asynchronous preemption is currently pending, i.e., the thread should as soon as possible I = 1reset the d-flag and invoke thread switch. Invoking thread switch re-enables the maximum delay for the next delayed asynchronous preemption. Invoking thread switch is not required if no asynchronous preemption is pending (I=0) after

#### **Generic Programming Interface**

#include <|4/schedule.h>

Bool EnablePreemptionFaultException ()

Bool DisablePreemptionFaultException ()

Sets/resets the s-flag and delivers the old s-flag value (true = set).

Bool DisablePreemption ()

Bool EnablePreemption ()

Sets/resets the d-flag and delivers the old d-flag value (true = set).

Bool PreemptionPending ()

Resets the I-flag and delivers the old I-flag value (true = set).

the user thread has reset the d-flag.

36 PREEMPT FLAGS

### **Chapter 4**

# Address Spaces and Mapping

38 FPAGE

#### 4.1 Fpage [Data Type]

Fpages (Flexpages) are regions of the virtual address space. An fpage consists of all pages mapped actually in this region sans kernel mapped objects, i.e., kernel interface page and UTCBs. Fpages have a size of at least 1 K. For specific processors, the minimal fpage size may be larger; e.g., a Pentium processor offers a minimal page size of 4 K while the Alpha processor offers smallest pages of 8 K. Fpages smaller than the minimal page size are treated as nilpages. The kernel interface page (see page 3) specifies which page sizes are supported by the hardware/kernel. An fpage of size  $2^s$  has a  $2^s$ -aligned base address b, i.e.,  $b \equiv 0 \pmod{2^s}$ , where  $s \ge 10$  for all architectures. Mapped fpages are considered inseparable objects. That is, if an fpage is mapped, the mapper can not later partially

Mapped fpages are considered inseparable objects. That is, if an fpage is mapped, the mapper can not later partially unmap the mapped page; the whole fpage must be unmapped in a single operation. The mappee can, however, separate the fpage and map fpages (objects) of smaller size. Partially unmapping an fpage might or might not work on some systems. The kernel will give no indication as to whether such an operation succeeded or not.

| $fpage\ (b,2^s)$ | $b/2^{10}$ (22/54) | S (6) | 0  r  w  x |
|------------------|--------------------|-------|------------|
|                  | , (22/01)          | (0)   |            |

Special fpage denoters describe the *complete* user address space and the *nilpage*, an fpage which has no base address and a size of 0:

| complete | 0 (22/54) | $s = 1_{(6)}$ | $\left[ 0rwx ight]$ |
|----------|-----------|---------------|---------------------|
| nilpage  | 0 (32/64) |               |                     |

#### **Access Rights**

rwx The rwx bits define the accessibility of the fpage:

r readable

w writable

x executable

A bit set to one permits the corresponding access to the newly-mapped/granted page *provided* that the mapper itself possesses that access right. If the mapper does not have the access right itself or if the bit is set to zero the mapped/granted page will not get the corresponding access right.

Note that processor architectures may impose restrictions on the access-right combinations. However, read-only (including execute), rwx=101, and read/write/execute, rwx=111, should be valid for any processor architecture. The kernel interface page (see page 3) specifies which access rights are supported in the processor architecture.

#### **Generic Programming Interface**

#include <l4/space.h>

struct **FPAGE** { Word raw }

Word Readable

Word Writable

FPAGE 39

```
Word eXecutable
Word FullyAccessible
Word ReadeXecOnly
Word NoAccess
Fpage Nilpage
Fpage CompleteAddressSpace
Bool IsNilFpage (Fpage f)
                                                            \{ f == Nilpage \}
Fpage Fpage (Word BaseAddress, int FpageSize \geq 1K)
Fpage FpageLog2 (Word BaseAddress, int Log2FpageSize < 64)
                                                            Delivers an fpage with the specified location and size.
Word Address (Fpage f)
Word Size (Fpage f)
Word SizeLog2 (Fpage f)
                                                           Delivers address/size of specified fpage.
Word Rights (Fpage f)
void Set_Rights (Fpage& f, Word AccessRights)
                                                            Delivers/sets the access rights for the specified fpage.
Fpage + (Fpage f, Word AccessRights)
                                                                                                                                                                                                                                                                                                        [FpageAddRights]
Fpage += (Fpage f, Word AccessRights)
                                                                                                                                                                                                                                                                                                 [FpageAddRightsTo] % \label{fig:pageAddRightsTo} % \label{fig:pa
Fpage - (Fpage f, Word AccessRights)
                                                                                                                                                                                                                                                                                            [FpageRemoveRights]
Fpage -= (Fpage f, Word Access Rights)
                                                                                                                                                                                                                                                                            [FpageRemoveRightsFrom] \\
                                                            Adds/removes specified access rights from fpage. Delivers new fpage value.
```

40 UNMAP

#### 4.2 UNMAP [Systemcall]

Word control  $\longrightarrow$  void

The specified fpages (located in MR  $_{0...}$ ) are unmapped. Fpages are mapped as part of the IPC operation (see page 61).

#### **Input Parameters**

control  $0_{(25/57)}$  $k_{(6)}$ Specifies the highest  $MR_k$  that holds an fpage to be unmapped. The number of fpages is thus kThe fpages are unmapped recursively in all address spaces in which threads of the current adf = 0dress space have mapped them before. However, the fpages remain unchanged in the current address space. f = 1The fpages are unmapped like in the f=0 case and, in addition, also in the current address space. **FpageList**  $MR_{0...k}$  Fpages to be processed. Fpage MR i fpage (28/58) $0 \, r \, w \, x$ Fpage to be unmapped. (The term unmapped is used even if effectively no access right is removed.) A nilpage specifies a no-op. Any access bit set to 1 revokes the corresponding access right. A 0-bit specifies that the corre-0rwxsponding access right should not be affected. Typical examples: =0111Complete unmap of the fpage. =0010 Partial unmap, revoke writability only. As a result, the fpage is set to read-only. No unmap. This case is particularly useful if only dirty and accessed bits should be read and =0000reset without changing the mapping.

#### **Output Parameters**

**FpageList**  $MR_{0...k}$  The accessed status bits in the fpages are updated.

UNMAP 41

| Fpage MR $_i$ | fpage (28/58) 0 R W X                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
|---------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|               | The status bits <i>Referenced</i> , <i>Written</i> , and <i>eXecuted</i> of all pages processed by the unmap operation are reset and the bitwise OR-ed old values of all the processed pages are delivered in $MR_{0k}$ . For processors that do not differentiate between read access and execute access, the $R$ and $X$ bits are unified: either both are set or both are reset. Resetting status bits is not a recursive operation. However, the status bit values for pages within the current space will also reflect accesses performed on recursive mappings. |
| R = 0         | No part of the fpage has been <i>Referenced</i> after the last unmap operation (or after the initial map operation). This includes all recursively mapped pages. <i>Remark:</i> The meaning of <i>referenced</i> slightly differs from <i>read.</i> Not being referenced means that not only no read access but that also no write and execute access occurred.                                                                                                                                                                                                       |
| R = 1         | At least one page of the specified fpage (including all recursive mappings) has been referenced after the last unmap operation (or after the initial map operation). All in-kernel $R$ bits are reset $Remark$ : The meaning of $referenced$ slightly differs from $read$ . Write accesses and execute accesses also set the $R$ bit.                                                                                                                                                                                                                                 |
| W = 0         | No part of the fpage has been written after the last unmap operation (or after the initial map operation), i.e., the fpage is <i>clean</i> . This includes all recursively mapped pages.                                                                                                                                                                                                                                                                                                                                                                              |
| W = 1         | At least one page of the specified fpage (including all recursive mappings) has been written after the last unmap operation (or after the initial map operation), i.e., the fpage is <i>dirty</i> . All in-kernel dirty bits are reset.                                                                                                                                                                                                                                                                                                                               |
| X = 0         | No part of the fpage has been <i>eXecuted</i> after the last unmap operation (or after the initial map operation). This includes all recursively mapped pages.                                                                                                                                                                                                                                                                                                                                                                                                        |
| <i>X</i> = 1  | At least one page of the specified fpage (including all recursive mappings) has been executed after the last unmap operation (or after the initial map operation). All in-kernel $X$ bits are reset. Remark: For processors that do not differentiate between read and execute accesses, the $X$ bit is set to 1 iff $R=1$ .                                                                                                                                                                                                                                          |

#### **Pagefaults**

No pagefaults will happen.

#### **Generic Programming Interface**

#### **System-Call Function:**

#include <14/space.h>

void Unmap (Word control)

#### **Convenience Programming Interface**

#### **Derived Functions:**

```
#include <I4/space.h>
```

Recursively unmaps the specified fpage(s) from all address spaces except the current one.

42 UNMAP

```
Fpage Flush (Fpage f) { LoadMR (0, f); Unmap (64); StoreMR (0, f); f } 

void Flush (Word n, Fpage& [n] fpages) [FlushFpages] { LoadMRs (0, n, fpages); Unmap (64 + n - 1); StoreMRs (0, n, fpages); } 

Recursively unmaps the specified fpage(s) from all address spaces, including the current one.

Fpage GetStatus (Fpage f) { LoadMR (0, f - FullyAccessible); Unmap (0); StoreMR (0, f); f } 

Resets and delivers the status bits of the specified fpage.

Bool WasReferenced (Fpage f) Bool WaseXecuted (Fpage f) Checks the status bits of specified fpage. The specified fpage must be the output of an Unmap (), Flush (), or GetStatus () function.
```

#### 4.3 SPACECONTROL [Privileged Systemcall]

 $\begin{array}{ccccc} ThreadId & SpaceSpecifier & \longrightarrow & Word & result \\ Word & control & & Word & control \end{array}$ 

Fpage KernelInterfacePageArea

Fpage UtcbArea ThreadId Redirector

A privileged thread, e.g., the root server, can configure address spaces through this function.

#### **Input Parameters**

#### SpaceSpecifier

Since address spaces do not have ids, a thread ID is used as *SpaceSpecifier*. It specifies the address space in which the thread resides. The *SpaceSpecifier* thread must exist although it may be inactive or not yet started. In particular, the thread may reside in an empty address space that is not yet completely created.

#### KernelInterfacePageArea

Specifies the fpage where the kernel should map the kernel interface page. The supplied fpage must have a size specified in the *KipAreaInfo* field of the kernel interface page, must fit entirely into the user-accessible part of the address space and must not overlap with the UTCB area (see below). Address 0 of the kernel interface page is mapped to the fpage's base address.

The value is ignored if there is at least one active thread in the address space.

#### KipAreaInfo [KernelInterfacePage Field]

Permits calculation of the appropriate page size of the KernelInterface area fpage.

|     | $\sim$ (26/58) | s (6) |
|-----|----------------|-------|
| - 1 |                |       |

s The size of the kernel interface page area is  $2^s$ .

#### UtcbArea

Specifies the fpage where the kernel should map the UTCBs of all threads executing in the address space. The fpage must fit entirely into the user-accessible part of an address space and must not overlap with the KIP area. The fpage size has to be at least the smallest supported hardware-page size. In fact, the size of the UTCB area restricts the maximum number of threads that can be created in the address space. See the kernel interface page for the space and alignment that is required for UTCBs.

The value is ignored if there is at least one active thread in the address space.

#### UtcbInfo [KernelInterfacePage Field]

Permits to calculate the appropriate page size of the UTCB area fpage and specifies the size and alignment of UTCBs. Note that the size restricts the total number of threads that can reside in an address space.

| ~ (: | 10/42) | s (6) | $a_{(6)}$ | $m_{(10)}$ |
|------|--------|-------|-----------|------------|

The minimal area size for an address space's UTCB area is  $2^s$ . The size of the UTCB area limits the total number of threads k to  $2^a mk \le 2^s$ .

m UTCB size multiplier.

The UTCB location must be aligned to  $2^a$ . The total size required for one UTCB is  $2^a m$ .

**Redirector** = nilthread

a

The current redirector setting for the specified space is not modified.

**Redirector** = anythread

All threads within the specified space are allowed to communicate with any thread in the system.

 $Redirector \neq anythread, \neq nilthread$ 

All threads within the specified address space are only allowed to send an IPC to a local thread or to a thread in the same address space as the specified redirector. All other send operations will be deflected to the redirector, the *redirected bit* (see page 64) in the received message will be set, and the *IntendedReceiver* TCR will indicate the intended receiver of the message.

control

The control field is architecture specific (see Appendix A.5). It is undefined for some architectures, but should for reasons of upward compatibility be set to zero.

#### **Output Parameters**

result

The result is 1 if the operation succeeded, otherwise the result is 0 and the ErrorCode TCR indicates the failure reason.

**ErrorCode** [TCR] Set if result = 0. Undefined if  $result \neq 0$ .

- = 1 No privilege. Current thread does not have privilege to perform operation.
- = 3 Invalid space. The *SpaceSpecifier* parameter specified an invalid thread ID.
- = 6 Invalid UTCB area. Specified UTCB area too small (see UTCB info on page 4) or not within user accessible virtual memory region (see Memory Descriptors on page 6).
- = 7 Invalid KIP area. Specified KIP area too small (see KIP area info on page 4) or not within user accessible virtual memory region (see Memory Descriptors on page 6) or KIP area overlaps with UTCB area.

control

Delivers the space control value that was effective for the thread when the operation was invoked. The value is architecture specific.

#### **Pagefaults**

No pagefaults will happen.

#### **Generic Programming Interface**

#### **System-Call Function:**

#include <l4/space.h>

 $Word~\textbf{SpaceControl}~(ThreadId~SpaceSpecifier,~Word~control,~Fpage~KernelInterfacePageArea,~UtcbArea,~ThreadId~Redirector,~Word\&~old\_Control)$ 

#### **Convenience Programming Interface**

#### **Support Functions:**

Word ErrorCode ()

Word ErrNoPrivilege

Word ErrInvalidSpace

Word ErrUtcbArea

Word ErrKipArea

## **Chapter 5**

# IPC

#### 5.1 Messages And Message Registers (MRs) [Virtual Registers]

Messages can be sent and received through the IPC system call (see page 61). Basically, the sender writes a message into the sender's message registers (MRs) and the receiver reads it from the receiver's MRs. Each thread has 64 MRs,  $MR_{0...63}$ . A message can use some or all MRs to transfer untyped words; it can include memory strings and fpages which are also specified using MRs.

MRs are *virtual registers* (see page 11), but they are more transient than TCRs. *MRs are read-once registers*: once an MR has been read, its value is undefined until the MR is written again. The send phase of an IPC implicitly reads all MRs; the receive phase writes the received message into MRs.

The read-once property permits to implement MRs not only by special registers or memory locations, but also by general registers. Writing to such an MR has to block the corresponding general register for code-generator use; reading the MR can release it. Typically, code generated by an IDL compiler will load MRs just before an IPC system call and store them to user variables just afterwards.

#### Messages

A message consists of up to 3 sections: the mandatory *message tag*, followed by an optional *untyped-words* section, followed by an optional *typed-items* section. The message tag is always held in MR<sub>0</sub>. It contains message control information and the *message label* which can be freely set by the user. The kernel associates no semantics with it. Often, the message label is used to encode a request key or to define the method that should be invoked by the message.

| MsgTag [MR <sub>0</sub> ] | $\begin{array}{ c c c c c c c c c c c c c c c c c c c$                                                                                                                                   |
|---------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| u                         | Number of untyped words following word 0. MR $_{1\dots u}$ hold the untyped words. $u=0$ denotes a message without untyped words.                                                        |
| t                         | Number of typed-item words following the untyped words or the message tag if no untyped words are present. The typed items use $MR_{u+1u+t}$ . A message without typed items has $t=0$ . |
| flags                     | Message flags, see IPC systemcall, page 61.                                                                                                                                              |
| label                     | Freely available, often used to specify the request type or invoked method.                                                                                                              |

#### untyped words [MR<sub>1...u</sub>]

The optional untyped-words section holds arbitrary data that is untyped from the kernel's point of view. The data is simply copied to the receiver. The kernel associates no semantics with it.

typed items  $[MR_{u+1...u+t}]$ 

The optional typed-items section is a sequence of items such as *string items* (page 56), *map items* (page 53), and *grant items* (page 55). Typed message items have their type encoded in the lowermost 4 bits of their first word:

| 0hhC | StringItem | see page 56 |
|------|------------|-------------|
| 100C | MapItem    | see page 53 |
| 101C | GrantItem  | see page 55 |
| 110C | Reserved   |             |
| 111C | Reserved   |             |

The C bit signals whether the typed item is followed by another typed item (C=1) or is the last one of the typed-item section (C=0). The typed items *must* exactly fit into MR u+1...u+t.

Note that C and t redundantly describe the message. This is by intention. The C bit allows efficient message parsing, whereas t+u can be used to store all MRs of a message to memory without parsing the complete message. Upon message sending, the C bits are completely ignored. The kernel will, however, ensure that the MRs on the receiver side will have the C bits set properly.

#### **Example Messages**



#### struct (label, MapItem m)



#### struct (label, Word w, StringItem $s_1, s_2$ )



struct (label, Word [3] w, MapItem m, GrantItem g, StringItem s)

| StringItem s 0 h h                                                                               | 0 MR <sub>8,9</sub> |  |
|--------------------------------------------------------------------------------------------------|---------------------|--|
| GrantItem g 101                                                                                  | 1 MR 6,7            |  |
| MapItem $m$ 1001                                                                                 |                     |  |
| Word w <sub>3 (32/64)</sub>                                                                      | MR 3                |  |
| Word w <sub>2 (32/64)</sub>                                                                      | MR 2                |  |
| Word $w_{1\ (32/64)}$                                                                            |                     |  |
| $\begin{array}{ c c c c c }\hline & label_{(16/48)} & & flags & t=6 & u=3 \\ \hline \end{array}$ | MR <sub>0</sub>     |  |

#### **Generic Programming Interface**

The listed generic functions permit user code to access message registers independently of the processor-specific MR model. All functions are user-level functions; the microkernel is not involved.

#### MsgTag

```
#include <l4/ipc.h>
struct MsgTag { Word raw }
MsgTag Niltag
                  A message tag with no untyped or typed words, no label, and no flags.
Bool == (MsgTag \ l, \ r)
                                                                                          [IsMsgTagEqual]
Bool != (MsgTag \ l, \ r)
                                                                                      [IsMsgTagNotEqual]
                  Compares all field values of two message tags.
Word Label (Msg Tag t)
Word UntypedWords (Msg Tag t)
Word TypedWords (Msg Tag t)
                 Delivers the message label, number of untyped words, and number of typed words, respectively.
MsgTag + (MsgTag t, Word label)
                                                                                        [MsgTagAddLabel]
MsgTag += (MsgTag t, Word label)
                                                                                      [MsgTagAddLabelTo]
                  Adds a label to a message tag. Old label information is overwritten by the new label.
MsgTag MsgTag ()
void Set_MsgTag (MsgTag t)
                  Delivers/sets MR 0.
```

#### **Convenience Programming Interface**

#### **IDL-compiler generated Operations**

IDL code generators are not restricted to the generic interface for accessing MRs. Instead, they can use processor-specific methods and thus generate heavily optimized code for MR access.

However, such processor-specific MR operations are not generally defined and should be used exclusively by processor-specific IDL code generators. All other programs must use the operations defined in this generic interface.

#### Msg

#include <l4/ipc.h>

struct Msg { Word raw [64] }

void **Put** (Msg& msg, Word l, int u, Word& [u] ut, int t, {MapItem, GrantItem, StringItem} & Items) [MsgPut]

Loads the specified parameters into the memory object msg. The parameters u and t respectively indicate number of untyped words and number of typed words (i.e., the total size of all typed items). It is assumed that the msg object is large enough to contain all items.

void Get (Msg& msg, Word& ut, {MapItem, GrantItem, StringItem} & Items) [MsgGet]

Stores the msg object into the specified parameters. Type consistency between the message in the memory object and the specified parameter list is not checked.

MsgTag MsgTag (Msg& msg) [MsgMsgTag]

void Set\_MsgTag (Msg& msg, MsgTag t)

[Set\_MsgMsgTag]

Delivers/sets the message tag of the msg object.

Word Label (Msg& msg) [MsgLabel]

void Set\_Label (Msg& msg, Word label)

[Set\_MsgLabel]

Delivers/sets the label of the *msg* object.

void Load (Msg& msg) [MsgLoad]

Loads message registers MR  $_{0...}$  from the msg object.

void **Store** (MsgTag t, Msg& msg)

[MsgStore]

Stores the message tag t and the current message beginning with MR  $_1$  to the memory object msg. The number of message registers to be stored is derived from t.

void Clear (Msg& msg) [MsgClear]

Empties the msg object (i.e., clears the message tag).

void Append (Msg& msg, Word w) [MsgAppendWord]

void Append (Msg& msg, MapItem m) [MsgAppendMapItem]

void Append (Msg& msg, GrantItem g) [MsgAppendGrantItem]

void Append (Msg& msg, StringItem s) [MsgAppendSimpleStringItem]

void Append (Msg& msg, StringItem& s)

[MsgAppendStringItem]

Appends an untyped or a typed item to the *msg* object. Compound strings must always be passed in by reference. A compound string passed by value will be treated as a simple string (see page 56). It is assumed that there is enough memory in the *msg* object to contain the new item.

void **Put** (Msg& msg, Word u, Word w)

[MsgPutWord]

Puts an untyped word at untyped word position u (first untyped word has position 0) in the msg object. It is assumed that the object contains at least u+1 untyped words.

void Put (Msg& msg, Word t, MapItem m)

[MsgPutMapItem]

[MsgGetWord]

void Put (Msg& msg, Word t, GrantItem g) [MsgPutGrantItem]

void Put (Msg& msg, Word t, StringItem s) [MsgPutSimplStringItem]

void **Put** (Msg& msg, Word t, StringItem& s) [MsgPutStringItem]

Puts a typed item into the msg object, starting at typed word position t (first typed word has position 0). Compound strings must always be passed in by reference. A compound string passed by value will be treated as a simple string (see page 56). It is assumed that that the object has enough typed words to contain the new item.

Word Get (Msg& msg, Word u) [MsgWord]

void Get (Msg& msg, Word u, Word& w)

Delivers the untyped words at position u. It is assumed that the object contains at least u+1

untyped words.

Word Get (Msg& msg, Word t, MapItem& m) [MsgGetMapItem]

Word Get (Msg& msg, Word t, GrantItem& g) [MsgGetGrantItem]

Word Get (Msg& msg, Word t, StringItem& s) [MsgGetStringItem]

Delivers the typed item starting at typed word position t. It is assumed that the requested item is of the right size and type. Returns the size (in words) of the delivered item.

#### **Low-Level MR Access**

#include <l4/ipc.h>

void StoreMR (int i, Word& w)

void LoadMR (int i, Word w)

Delivers/sets MR i.

void **StoreMRs** (int i, k, Word& [k] w)

void **LoadMRs** (int i, k, Word& [k] w)

Stores/loads MR i...i+k-1 to/from memory.

**MAPITEM** 53

#### 5.2 MapItem [Data Type]

An *fpage* (see page 38) or IO fpage that should be mapped is sent to the mappee as part of a message. A map operation is a no-op within the same address space. The fpage is specified by a two-word descriptor:

| snd fpage (28/60)                  |       | 0  r  w  x | $MR_{i+1}$ |
|------------------------------------|-------|------------|------------|
| snd base / 1024 <sub>(22/54)</sub> | 0 (6) | 100C       | $MR_{\;i}$ |

access rights rwx The effective access rights for the newly mapped page are calculated by bitwise AND-ing the access rights specified in the snd fpage and the access rights that the mapper itself has on that fpage. As such, the mapper can restrict the effective access rights but not widen them.

snd base

The send base specifies the semantics of the map operation if the size of the *snd fpage* is larger or smaller than the window in which the receiver is willing to accept a mapping (see page 59). If the size of the *snd fpage*,  $2^s$ , is larger than the receive window,  $2^r$ , the send base indicates which region of the *snd fpage* is transmitted. More precisely:

send region = fpage (
$$addr_s + 2^r k, 2^r$$
), for some  $k \ge 0$ :  
 $addr_s + 2^r k \le addr_s + (snd base \mod 2^s) < addr_s + 2^r k + 2^r$ 

and where  $addr_s$  is the base address of the snd fpage. If the size of the snd fpage,  $2^s$ , is smaller than the receive window,  $2^r$ , the send base indicates where in the receive window the snd fpage is mapped. More precisely:

receive region = fpage (
$$addr_r + 2^s k, 2^s$$
), for some  $k \ge 0$ :  
 $addr_r + 2^s k \le addr_r + (snd base \mod 2^r) < addr_r + 2^s k + 2^s$ 

and where  $addr_r$  is the base address of the receive window.

Pages already mapped in the mappee's address space that would conflict with new mappings are implicitly unmapped before new pages are mapped. For performance reasons extension of access rights is possible without prior unmapping, iff the very same mapping already exists. This is the case, when

- the mapper maps from the same address space as the existing mapping; and
- the mapper maps from the same virtual source address as the existing mapping; and
- the mapper maps to the same virtual destination address as the existing mapping; and
- the object (physical address) is the same as the existing mapping.

Access rights can not be revoked by mapping. The access rights of the resulting mapping are a bitwise OR of the existing and the new mapping's access rights. Access rights are not extended recursively.

#### Generic Programming Interface

#include <I4/ipc.h>

struct MAPITEM { Word raw [2] }

MapItem MapItem (Fpage f, Word SndBase)

Delivers a map item with the specified fpage and send base.

54 MAPITEM

Bool MapItem (MapItem m) [IsMapItem]

Delivers true if map item is valid. Otherwise delivers false.

Fpage SndFpage (MapItem m)[MapItemSndFpage]Word SndBase (MapItem m)[MapItemSndBase]

Delivers fpage/send base of map item.

**GRANTITEM** 55

#### 5.3 GrantItem [Data Type]

An *fpage* (see page 38) or IO fpage that should be granted is sent to the mappee as part of a message. It is specified by a two-word descriptor:

| snd fpage (28/60)                  |       | 0  r  w  x | $MR_{i+1}$          |
|------------------------------------|-------|------------|---------------------|
| snd base / 1024 <sub>(22/54)</sub> | 0 (6) | 101C       | $\mathrm{MR}_{\;i}$ |

access rights rwx The effective access rights for the granted page are calculated by bitwise anding the access rights specified in the snd fpage and the access rights that the mapper itself has on that fpage. As such, the granter can restrict the effective access rights but not widen them.

snd base

The send base specifies the semantics of the map operation if the size of the snd fpage is larger or smaller than the window in which the receiver is willing to accept a mapping (see page 59). If the size of the *snd fpage*,  $2^s$ , is larger than the receive window,  $2^r$ , the send base indicates which region of the *snd fpage* is transmitted. More precisely:

send region = fpage (
$$addr_s + 2^r k, 2^r$$
), for some  $k \ge 0$ :  
 $addr_s + 2^r k \le addr_s + (snd base \mod 2^s) < addr_s + 2^r k + 2^r$ 

and where  $addr_s$  is the base address of the snd fpage. If the size of the snd fpage,  $2^s$ , is smaller than the receive window,  $2^r$ , the send base indicates where in the receive window the  $snd\ fpage$ is mapped. More precisely:

receive region = fpage (
$$addr_r + 2^s k, 2^s$$
), for some  $k \ge 0$ :  
 $addr_r + 2^s k \le addr_r + (snd base \mod 2^r) < addr_r + 2^s k + 2^s$ 

and where  $addr_r$  is the base address of the receive window.

Pages already mapped in the grantee's address space that would conflict with new mappings are implicitly unmapped before new pages are mapped.

#### **Generic Programming Interface**

#include <I4/ipc.h>

struct GRANTITEM { Word raw [2] }

GrantItem GrantItem (Fpage f, Word SndBase)

Delivers a grant item with the specified fpage and send base.

Bool GrantItem (GrantItem g)

[IsGrantItem]

Delivers true if grant item is valid. Otherwise delivers false.

Fpage **SndFpage** (GrantItem g)

[GrantItemSndFpage]

Word SndBase (GrantItem g)

[GrantItemSndBase]

Delivers fpage/send base of grant item.

56 STRINGITEM

#### StringItem 5.4 [Data Type]

A string item specifies a sequence of bytes in user space. No alignment is required, the maximal string size is 4 MB. In send messages, such a string is copied to the receiver buffer when transferring the message. String items are also used to specify receive buffers in buffer registers on the receiver's side.

#### Simple String

A simple string is a contiguous sequence of bytes.

|     | string ptr (32/64)                                                                                                                                                                                                                                      |      |               | $MR_{i+1}$ |                          |
|-----|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------|---------------|------------|--------------------------|
|     | string length (22/54)                                                                                                                                                                                                                                   | 0    | 0 (5)         | 0 h h C    | $MR_i$                   |
|     | The start address of the string to be sent or the sta<br>alignment restrictions). However, the string/buff<br>user space.                                                                                                                               |      |               |            | υ                        |
|     | The length of the string to be sent or the size of the receive buffer. In the second case, strings up to (including) this length can be received. Maximum string length is 4 M bytes, even if the according field is 54 bits wide on 64-bit processors. |      |               |            |                          |
| h h | Cacheability hint. Except for $hh=00$ , the semantype (see Appendices A.6 and B.5).                                                                                                                                                                     | ntio | es of this pa | rameter o  | depends on the processor |

Use the processor's default cacheability strategy. Typically, cache lines are allocated for data

read and written (assuming that the processor's default strategy is write-back and write-allocate).

#### **Compound String**

A compound string is a noncontiguous string that consists of multiple contiguous substrings which can be scattered around the entire user address space. The substrings must not overlap. For send and receive IPC operations, a compound string is handled as a single logical string. When sending such a string through IPC, the substrings are transferred as if they were one contiguous string (gather). On the receiver side, a compound string buffer is treated as one logical buffer. The corresponding received string is scattered among the compound buffer's substrings.

A compound string can be specified as a sequence of substrings where each substring has the form of a simple string except that the *continuation* flag c is set for all but the last substring. If j subsequent substrings have the same size, e.g., for equally sized buffers, a single length word can be used for all j substrings so that only j+1 words instead of 2jwords are required.

| length word |                                                                                                                                                                        |  |  |
|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|
|             | The type information $0hhC$ is only required for the first word of a string descriptor. The field is ignored for further length words in a compound-string descriptor. |  |  |
| j           | Number of subsequent string-ptr words. These string ptrs specify $j$ substrings that have all the same substring length.                                               |  |  |
| c = 0       | Continuation flag reset. The compound string descriptor ends with the $j^{th}$ string ptr word following the current length word.                                      |  |  |
| c = 1       | Continuation flag set. The current length word and $j$ string-ptr words are followed by (at least) one substring descriptor, i.e., another length word, etc.           |  |  |

STRINGITEM 57

Example



#### **Generic Programming Interface**

#include <l4/ipc.h>

struct StringItem { Word raw[\*] }

Bool StringItem (StringItem&s)

[IsStringItem]

Delivers true if string item is valid. Otherwise delivers false.

Bool CompoundString (StringItem& s)

Delivers the c-flag value (true = set).

*Word Substrings* (StringItem& s)

void\* **Substring** (StringItem& s, Word n)

Delivers number of substrings/address of nth substring.

 $\textit{StringItem} \hspace{0.2cm} \textit{StringItem} \hspace{0.2cm} (\textit{int size, void*} \textit{address})$ 

Delivers a simple string item with the specified size and location.

StringItem & += (StringItem & dest, StringItem AdditionalSubstring)

[AddSubstringTo]

Append substring to the string item. It is assumed that there is enough memory in the string item

to contain the new substring.

StringItem & += (StringItem& dest, void\*AdditionalSubstringAddress)

[AddSubstringAddressTo]

Append a new substring pointer to the string item. It is assumed that there is enough memory in

the string item to contain the new substring pointer.

#### **Convenience Programming Interface**

#### **Support Functions:**

#include <l4/ipc.h>

struct CacheAllocationHint { Word raw }

 $Cache Allocation Hint \ \ \textit{UseDefault Cache Line Allocation}$ 

58 STRINGITEM

CacheAllocationHint CacheAllocationHint (StringItem s)

Delivers the cache allocation hint of the string item.

StringItem + (StringItem s, CacheAllocationHint h) [AddCacheAllocationHint] StringItem += (StringItem s, CacheAllocationHint h) [AddCacheAllocationHintTo]
Adds a cache allocation hint to a string item. An already existing hint is overwritten.

#### 5.5 String Buffers And Buffer Registers (BRs) [Pseudo Registers]

For receiving messages that contain string items, the receiver has to specify appropriate string buffers. Such buffers are described by string items (see page 56). A buffer can be contiguous (simple string) or non-contiguous (compound string).

Such buffer descriptors are held in 33 per-thread Buffer Registers BR  $_{0...32}$ . The number of buffer registers is sufficient to specify, for example, one compound buffer of 31 equally-sized sub-buffers. Up to 16 buffers can be specified provided that not more than 33 BRs are required.

When a message is received, the first message string item is copied into the first buffer string item which starts at BR 1; the next message string item is copied to the next buffer string item, etc. The list of buffer strings is terminated by having the C bit in the item type specifier of the last string zeroed.

BRs are registers in the sense that they are per-thread objects and can only be addressed directly, not indirectly through pointers. BRs are static objects like TCRs, i.e., they keep their values until explicitly modified. BRs can be mapped to either special registers or to memory locations.

| Acceptor [BR <sub>0</sub> ] | RcvWindow (28/60)                                                                                                                                                                                       | 000s                         |
|-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------|
| RcvWindow                   | BR <sub>0</sub> specifies which typed items are accepted when a message Fpage (without access bits) that specifies the address-space grants are accepted. <i>Nilpage</i> denies any mapping or granting | window in which mappings and |
| 8                           | any mapping or granting. $ \label{eq:string}                                    $                                                                                                                       |                              |
| buffer string items         | [BR <sub>1</sub> ] contain the valid buffer string items. Ignored if $s=0$ in BR $_0$ .                                                                                                                 |                              |

#### **Generic Programming Interface**

The listed generic functions permit user code to access buffer registers independently of the processor-specific BR model. All functions are user-level functions; the microkernel is not involved.

#### **Acceptor**

```
#include <l4/ipc.h>
struct ACCEPTOR { Word raw }
Acceptor UntypedWordsAcceptor
Acceptor StringItemsAcceptor
Acceptor MapGrantItems (Fpage RcvWindow)
                  Delivers an acceptor which allows untyped words, string items, or mappings and grants.
Acceptor + (Acceptor l, r)
                                                                                             [AddAcceptor]
Acceptor += (Acceptor l, r)
                                                                                           [AddAcceptorTo]
                  Adds mappings/grants or string items to an acceptor. Adding a non-nil receive window will
                  replace an existing window.
Acceptor - (Acceptor l, r)
                                                                                          [RemoveAcceptor]
Acceptor -= (Acceptor l, r)
                                                                                     [RemoveAcceptorFrom]
                  Removes mappings/grants or string items from an acceptor. Removing a non-nil receive window
                  will deny all mappings or grants, regardless of the size of the receive window.
```

```
Bool StringItems (Acceptor a) [HasMapGrantItems]

Bool MapGrantItems (Acceptor a) [HasMapGrantItems]

Checks whether string items/mappings are allowed.

Fpage RcvWindow (Acceptor a)

Delivers the address space window where mappings and grants are accepted. Delivers nilpage if mappings or grants are not allowed.

void Accept (Acceptor a)

Sets BR 0.

Void Accept (Acceptor a, MsgBuffer& b)

Sets BR 0 and loads the buffer description b into BR 1....

Acceptor Accepted ()

Delivers BR 0.
```

#### **Convenience Programming Interface**

#### MsgBuffer

#### **Low-Level BR Access**

```
#include <|4/ipc.h>

void StoreBR (int i, Word& w)

void LoadBR (int i, Word w)

Delivers/sets the value of BR _i.

void StoreBRs (int i, k, Word& [k])

void LoadBRs (int i, k, Word& [k])

Stores/loads BR _{i...i+k-1} to/from memory.
```

Code generators of IDL and other compilers are not restricted to the generic interface. They can use any processor-specific methods and optimizations to access BRs.

### 5.6 **IPC** [Systemcall]

IPC is the fundamental operation for inter-process communication and synchronization. It can be used for intra- and inter-address-space communication. All communication is synchronous and unbuffered: a message is transferred from the sender to the recipient if and only if the recipient has invoked a corresponding IPC operation. The sender blocks until this happens or until a period specified by the sender has elapsed without the destination becoming ready to receive.

IPC can be used to copy data as well as to *map* or *grant* fpages from the sender to the recipient. For the description of messages see page 48. A single IPC call combines an optional send phase followed by an optional receive phase. Which phases are included is determined by the parameters *to* and *FromSpecifier*. Transitions between send phase and receive phase are atomic.

Ipc operations are also controlled by MRs, BRs and some TCRs. *RcvTimeout* and *SndTimeout* are directly specified as system-call parameters. Each timeout can be  $0, \infty$  (i.e., never expire), relative or absolute. For details on timeouts see page 28.

#### **Variants**

To enable implementation-specific optimizations, there exist two variants of the IPC system call. Functionally, both variants are identical. Transparently to the user, a kernel implementation can unify both variants or implement differently optimized functions.

IPC Default IPC function. Must always be used except if all criteria for using LIPC are fulfilled.

IPC function that may be optimized for sending messages to local threads. Should be used whenever it is absolutely clear that in the overwhelming majority of all invocations

• a send phase is included; and

- the destination thread is specified as a local thread ID; and
- a receive phase is included; and
- the destination thread runs on the same processor; and
- the RcvTimeout is ∞, and
- the IPC includes no map/grant operations.

#### **Input Parameters**

*to* = *nilthread* IPC includes no send phase.

*to* ≠ *nilthread* Destination thread; IPC includes a send phase

From Specifier = nilthread

LIPC

IPC includes no receive phase.

#### From Specifier = anythread

IPC includes a receive phase. Incoming messages are accepted from any thread (including hardware interrupts).

#### **FromSpecifier** = anylocalthread

IPC includes a receive phase. Incoming messages are accepted from any thread that resides in the current address space.

#### $From Specifier \neq nilthread, \neq anythread, \neq anylocal thread$

Ipc includes a receive phase. Incoming messages are accepted only from the specified thread. (Note that hardware interrupts can be specified.)

#### **Timeouts**

SndTimeout (16) RcvTimeout (16)

RcvTimeout

The receive phase waits until either a message transfer starts or the *RcvTimeout* expires. Ignored for send-only IPC operations.

For relative receive timeout values, the receive timeout starts to run *after* the send phase has successfully completed. If the receive timeout expires before the message transfer has been started IPC fails with "receive timeout". A pending incoming message *is* received if the timeout period is 0.

**SndTimeout** 

If the send timeout expires before the message transfer could start the IPC operation fails with "send timeout". A send timeout of 0 ensures that IPC happens only if the addressed receiver is ready to receive when the send IPC operation is invoked. Otherwise, IPC fails immediately, i.e., without blocking.

#### MsgTag [MR<sub>0</sub>]

label  $_{(16/48)}$   $0_{(3)}$  p  $t_{(6)}$   $u_{(6)}$ 

Message head of the message to be sent. Only the upper 16/48 bits are freely available. The lower 16 bits hold the *SndControl* parameter. It describes the message to be sent and contains some control bits; ignored if no send phase.

Number of untyped words following word 0.  $MR_{1...u}$  hold the untyped words. u = 0 denotes a message with no untyped words.

Number of words holding typed items that follow the untyped words (or the message tag if no untyped words are present). The typed items use MR  $_{u+1}$  and following MRs, potentially up to MR  $_{63}$ . t=0 denotes a message without typed items.

p=0 Normal (unpropagated) send operation. The recipient gets the original sender's id.

Propagating send operation. The *VirtualSender* TCR specifies the id of the originator thread. (i.e., the thread to send the message on behalf of). If originator thread and current sender, or current sender and receiver reside in the same address space, propagation is always permitted. Otherwise, IPC occurs unpropagated. Propagation is also allowed if the originator thread is an interrupt thread waiting (closed) for the current thread, or if the current sender is a redirector for the originator thread (or there exists a chain of redirectors from the originator to the current sender).

If propagation is permitted, the receiver receives the originator's id instead of the current sender's id, the p bit in the receiver's MsgTag is set, and the current sender's id is stored in the receiver's ActualSender TCR. If the originator thread is waiting (closed) for a reply from the current sender, the originator's state is additionally modified so that it now waits for the new receiver instead of the current sender.

Freely available, often used to specify the request type or invoked method, respectively.

 $[\mathbf{MR}_{1...u}]$  Untyped words to be sent. Ignored if no send phase.

 $[\mathbf{MR}_{u+1...u+t}]$  Typed items to be sent. Ignored if no send phase.

# p=1

label

#### XferTimeouts [TCR]

| XferTimeout Snd (16) | XferTimeout Rcv (16) |
|----------------------|----------------------|
|----------------------|----------------------|

Once a message transfer has been started, the time for transferring the message is roughly bounded by the minimum of sender's and receiver's *XferTimeout*. "Roughly" means that xfer timeouts are only checked when message copy raises a pagefault in the sender's or in the receiver's address space. Copying data and mapping/granting is assumed to take no time. A relative transfer timeout always refers to the beginning of the message transfer (actually when the first page fault is raised). Logically, at that point it is transferred into an absolute timeout which then is used as send and receive timeout for the first and all subsequent page-fault RPCs in the message transfer.

If the effective transfer timeout expires during the message transfer, IPC fails with "xfer timeout" (on both sides). Additional information specifies whether the page fault was in the receiver's or in the sender's address space and which part of the message was already transferred. Each thread has two transfer timeouts. One for the send phase and one for the receive phase.

#### Acceptor [BR<sub>0</sub>]

RcvWindow (28/60) 000 s

BR<sub>0</sub> specifies which typed items are accepted when a message is received.

RcvWindow

Fpage (without access bits) that specifies the address-space window in which mappings and grants are accepted. *Nilpage* denies any mapping or granting; *CompleteAddressSpace* accepts any mapping or granting.

StringItems are accepted iff s = 1.

#### buffer string items [BR1...]

contain the valid buffer string items. Ignored if s = 0 in BR  $_0$ .

#### **Output Parameters**

from

u

p

Thread ID of the sender from which the IPC was received. Thread IDs are delivered as *local thread IDs* iff they identify a thread executing in the same address space as the current thread. It does not matter whether the sender specified the destination as local or global id. Only defined for IPC operations that include a receive phase.

#### MsgTag [MR<sub>0</sub>]



If the IPC operation included a receive phase,  $MR_0$  contains the message tag of the received message. The upper 16/48 bits contain the user-specified label. The lower bits describe the received message, contain the error indicator, and the cross-processor IPC indicator.

 $MR_0$  is defined even if the IPC operation did not include a receive phase. In the send-only case,  $MR_0$  returns the error indicator.

Number of untyped words following word 0. u=0 means no untyped words. For IPC operations without receive phase, u=0 is delivered.

Number of received words that hold typed items. t=0 means no typed items. For IPC operations without receive phase, t=0 is delivered.

Propagated IPC. If reset (p=0) the IPC was not propagated. If set (p=1) the IPC was propagated and the FromSpecifier indicates the originator thread's id. The ActualSender specifies the id of the thread which performed the propagation.

Redirected IPC. If reset (r=0) the IPC was not a redirected one. If set (r=1) the IPC was redirected to the current thread, and the IntendedReceiver TCR specifies the id of the thread supposed to receive the message.

X Cross-processor IPC. If reset (X=0) the received IPC came from a thread running on the same processor as the receiver. If set (X=1) the received IPC was cross-processor. For IPC operations without receive phase, X=0 is delivered.

Error indicator. If reset (E = 0) the IPC operation terminated successful.

If set (E=1) IPC failed. If the send phase was successful but a receive timeout occurred afterwards, or if a message could only be partially transferred, the entire IPC fails. The error code and additional information can be retrieved from the ErrorCode TCR. The fields *label*, t, and u are valid if the error code signals a partially received message.

Label of the received message. For IPC operations without receive phase, the label is 0.

 $[\mathbf{MR}_{1...u}]$  Untyped words that have been received. Undefined if no receive phase.

 $[\mathbf{MR}_{u+1...u+k}]$  Typed items that have been received. Undefined if no receive phase.

#### ErrorCode [TCR]

label



Only defined if the error indicator E in  $MR_0$  is set. IPC failed, i.e., was not correctly completed. The x field depends on the error code, see below. The p field specifies whether the error occurred during send or receive phase. If the error occurred during the receive phase the send phase (if any) was completed successfully before. If the error occurred during the send phase, the receive phase (if any) was skipped.

p Specifies whether the error occurred during the send phase (p = 0) or the receive phase (p = 1).

#### errors 1, 2,3



Error happened before a partner thread was involved in the message transfer. Therefore, the error is signaled only to the thread that invoked the failing IPC operation.

e = 1 Timeout.

From is undefined in this case.

- e=2 Non-existing partner. If the error occurred in the send phase, to does not exist. (Anythread as a destination is illegal and will also raise this error.) If the error occurred in the receive phase, FromSpecifier does not exist. (FromSpecifier = anythread is legal, and thus will never raise this error.)
- e = 3 Canceled by another thread (system call exchange registers).

#### errors 4,5,6,7



A partner thread is already involved in the IPC operation, and the error is therefore signaled to both threads.

offset

The message transfer has been started and could not be completed. The *offset* identifies exactly the number of bytes that have been been transferred successfully so far through string items.

e = 4 Message Overflow.

A message overflow can occur (1) if a receiving buffer string is too short, (2) if not enough buffer string items are present, and (4) if a map/grant of an fpage fails because the system has not enough page-table space available. The *offset* in conjunction with the received MRs permits sender and receiver to exactly determine the reason.

e = 5 Xfer timeout during page fault in the invoker's address space.

- e = 6 Xfer timeout during page fault in the partner's address space.
- e = 7 Aborted by another thread (system call exchange registers).

#### **Pagefaults**

Three different types of pagefault can occur during ipc: pre-send, post-receive, and xfer pagefaults. Only xfer pagefault are critical from a security point of view. Fortunately, messages without strings will never raise xfer pagefaults and need thus no special pagefault provisions:

#### Pre-send pagefaults

happen in the sender's context *before* the message transfer has really started. The destination thread is not involved; in particular, it is not locked. Therefore, the destination thread might receive another message or time out while the sender's pre-send pagefault is handled. Send and transfer timeouts do not control pre-send pagefaults. Pre-send pagefaults are uncritical from a security point of view, since only the sender's own pager is involved and only the sender could suffer from its potential misbehavior.

#### Post-receive pagefaults

happen in the receiver's context *after* the message has been transferred. The sender thread is no longer involved, especially, it is no longer locked. Consequently, post-receive pagefault are not subject to send and transfer timeouts. Like pre-send pagefaults, post-receive pagefaults are also uncritical from a security perspective since only the receiver and its pager are involved.

#### Xfer pagefaults

happen while the message is being transferred and both sender and receiver are involved. Therefore, xfer pagefaults are critical from a security perspective: If such a pagefault occurs in the receiver's space, the sender may be starved by a malicious receiver pager. An xfer pagefault in the sender's space and a malicious sender pager may starve the receiver. As such, xfer pagefaults are controlled by the minimum of sender's and receiver's xfer timeouts.

However, xfer pagefaults can only happen when transferring strings. Send messages without strings or receive messages without receive string buffers are guaranteed not to raise xfer pagefaults.

#### **Generic Programming Interface**

#### System-Call Function:

```
#include <|4/ipc.h>

MsgTag Ipc (ThreadId to, FromSpecifier, Word Timeouts, ThreadId& from)

MsgTag Lipc (ThreadId to, FromSpecifier, Word Timeouts, ThreadId& from)
```

Note that message registers have read-once semantics and that returning the message tag implies reading  $MR_0$ . The contents of the message tag is therefore lost if the application does not implicitly store the return value of IPC or LIPC.

#### **Convenience Programming Interface**

#### **Derived Functions:**

```
#include <|4/ipc.h>

MsgTag Call (ThreadId to)
{ Call (to, never, never) }
```

```
MsgTag Call (ThreadId to, Time SndTimeout, RcvTimeout)
                                                                                             [Call_Timeouts]
                  { Ipc (to, to, Timeouts (SndTimeout, RcvTimeout), -) }
MsgTag Send (ThreadId to)
                  { Send (to, never) }
MsgTag Send (ThreadId to, Time SndTimeout)
                                                                                             [Send_Timeout]
                  { Ipc (to, nilthread, Timeouts (SndTimeout, -), -) }
MsgTag Reply (ThreadId to)
                  { Send (to, ZeroTime) }
MsgTag Receive (ThreadId from)
                  { Receive (from, never) }
MsgTag Receive (ThreadId from, Time RcvTimeout)
                                                                                           [Receive_Timeout]
                  { Ipc (nilthread, from, Timeouts (-, RcvTimeout), -) }
MsgTag Wait (ThreadId& from)
                  { Wait (never, from) }
MsgTag Wait (Time RcvTimeout, ThreadId& from)
                                                                                              [Wait_Timeout]
                  { Ipc (nilthread, anythread, Timeouts (-, RcvTimeout), from) }
MsgTag ReplyWait (ThreadId to, ThreadId& from)
                  { ReplyWait (to, never, from) }
MsgTag ReplyWait (ThreadId to, Time RcvTimeout, ThreadId& from)
                                                                                        [ReplyWait_Timeout]
                  { Ipc (to, anythread, Timeouts (TimePeriod(0), RcvTimeout), from) }
void Sleep (Time t)
                  { Set_MsgTag (Receive (MyLocalId, t)) }
MsgTag Lcall (ThreadId to)
                  { Lipc (to, to, Timeouts (never, never), -) }
MsgTag LreplyWait (ThreadId to, ThreadId& from)
                  { Lipc (to, anylocalthread, Timeouts (TimePeriod (0), never), from) }
```

#### **Support Functions:**

```
#include <|4/ipc.h>

Bool IpcSucceeded (MsgTag t)

Bool IpcFailed (MsgTag t)

Delivers the state of the error indicator (the E bit of MR 0).

Bool IpcPropagated (MsgTag t)

Bool IpcRedirected (MsgTag t)

Bool IpcXcpu (MsgTag t)

Checks if the IPC was propagated/redirected/cross cpu.

Word ErrorCode ()

ThreadId IntendedReceiver ()
```

ThreadId ActualSender ()

Delivers the error code/intended receiver TCR/actual sender.

void **Set\_Propagation** (MsgTag& t)

Sets the propagation bit.

 $void \ \textit{Set\_VirtualSender} \ (ThreadId \ t)$ 

Sets the virtual sender TCR.

Word Timeouts (Time SndTimeout, RcvTimeout)

Delivers a word containing both timeout values.

# **Chapter 6**

# Miscellaneous

70 EXCEPTIONHANDLER

# 6.1 ExceptionHandler [TCR]

An exception handler thread can be installed to receive exception IPCs.

#### **ExceptionHandler**

≠nilthread

Specifies the exception handler thread. When a thread raises an exception the kernel sends an exception IPC message on the thread's behalf to the thread's exception handler thread and waits for a response from the exception handler containing the instruction pointer where the thread should continue execution in MR  $_{\rm 1}$ . The format of the exception IPC message is architecture specific.

The architectural registers of the faulting thread, BR $_0$ , TCRs, and the MRs containing the exception message are preserved.

=nilthread

No exception handler is specified. If an exception is raised the thread is halted and not scheduled anymore. *nilthread is the default value for newly created threads*.

#### **Generic Programming Interface**

#include <I4/thread.h>

ThreadId ExceptionHandler ()

void Set\_ExceptionHandler (ThreadId new)

Delivers/sets the exception handler TCR.

COP FLAGS 71

# 6.2 Cop Flags [TCR]

The coprocessor flags TCR helps the kernel to optimize thread switching for some hardware architectures.

#### Cop Flags



By resetting a  $c_i$ -bit to 0, a thread tells the system that it no longer needs coprocessor i. If the kernel finds  $c_i=0$ , it concludes that registers and state of coprocessor i do not have to be saved. However, the kernel ensures that the coprocessor can not be used as a covert channel between different address spaces.

Once a thread has reset bit  $c_i$  it *must* set  $c_i$  to 1 *before* it issues the next operation on coprocessor i. Otherwise, coprocessor registers and state might be arbitrarily modified while using it. Note that the  $c_i$ -bits are *write-only*. Reading them results in an undefined value. Upon thread creation, all  $c_i$ -bits are set to 1.

#### **Generic Programming Interface**

#include < I4/thread.h>

void Set\_CopFlag (Word n)
void Clr\_CopFlag (Word n)

Sets/clears coprocessor flag  $c_n$ .

72 PROCESSORCONTROL

### 6.3 PROCESSORCONTROL [Privileged Systemcall]

Word ProcessorNo → Word result Word InternalFrequency

Word ExternalFrequency Word voltage

Control the internal frequency, external frequency, or voltage for a system processor.

#### **Input Parameters**

**ProcessorNo** Specifies the processor to control. Number must be a valid index into the processor descriptor array (see Kernel Interface Page, page 4).

All further input parameters have no effect if the supplied value is -1, ensuring that the corresponding value is *not* modified. The following description always refers to values  $\neq -1$ .

**InternalFrequency** Sets internal frequency for processor to the given value (in kHz).

#### **ExternalFrequency**

Sets external frequency for processor to the given value (in kHz).

voltage

Sets voltage for processor to the given value (in mV). A value of 0 shuts down the processor.

#### **Output Parameters**

result

The result is 1 if the operation succeeded, otherwise the result is 0 and the ErrorCode TCR indicates the failure reason.

**ErrorCode** [TCR] Set if result = 0. Undefined if  $result \neq 0$ .

= 1 No privilege. Current thread does not have privilege to perform operation.

Note that the active internal and external frequency of all processors are available to all threads via the kernel interface page.

#### **Pagefaults**

No pagefaults will happen.

PROCESSORCONTROL 73

#### **Generic Programming Interface**

#### **System-Call Function:**

#include <I4/misc.h>

 $Word\ \textit{ProcessorControl}\ \ (Word\ ProcessorNo,\ Internal Frequency,\ External Frequency,\ voltage)$ 

#### **Convenience Programming Interface**

#### **Support Functions:**

Word ErrorCode ()
Word ErrNoPrivilege

74 MEMORYCONTROL

## 6.4 MEMORYCONTROL [Privileged Systemcall]

Set the page attributes of the fpages  $(MR_{0...k})$  to the *attribute* specified with the fpage.



result

The result is 1 if the operation succeeded, otherwise the result is 0 and the ErrorCode TCR indicates the failure reason.

**ErrorCode** [TCR] Set if result = 0. Undefined if  $result \neq 0$ .

- = 1 No privilege. Current thread does not have privilege to perform operation.
- =5 Invalid parameter. Invalid or unsupported memory attribute.

#### **Pagefaults**

No pagefaults will happen.

MEMORYCONTROL 75

#### **Generic Programming Interface**

#### **System-Call Function:**

```
#include <|4/misc.h>

Word MemoryControl (Word control, Word& attributes[4])

Word DefaultMemory
```

#### **Convenience Programming Interface**

#### **Derived Functions:**

#### **Support Functions:**

Word ErrorCode ()
Word ErrNoPrivilege
Word ErrInvalidParam

76 MEMORYCONTROL

# **Chapter 7**

# Protocols

# 7.1 Thread Start Protocol [Protocol]

Newly created active threads start immediately by receiving a message from its pager. The received message contains the initial instruction-pointer and stack-pointer for the thread.

#### From Pager



INTERRUPT PROTOCOL 79

# 7.2 Interrupt Protocol [Protocol]

Interrupts are delivered as an IPC call to the interrupt handler thread (i.e., the pager of the interrupt thread). The interrupt is disabled until the interrupt handler sends a re-enable message.

#### From Interrupt Thread

| $-1_{(12/44)}$ | 0 (4) | 0 (4) | $t = 0_{(6)}$ | $u = 0_{(6)}$ | MR <sub>0</sub> |
|----------------|-------|-------|---------------|---------------|-----------------|
|                |       |       |               |               |                 |

#### To Interrupt Thread

| 0 (16/48) | 0 (4) | $t = 0_{(6)}$ | $u = 0_{(6)}$ | MR <sub>0</sub> |
|-----------|-------|---------------|---------------|-----------------|
|-----------|-------|---------------|---------------|-----------------|

80 PAGEFAULT PROTOCOL

# 7.3 Pagefault Protocol [Protocol]

A thread generating a pagefault will cause the kernel to transparently generate a pagefault IPC to the faulting thread's pager. The behavior of the faulting thread is undefined if the pager does not exactly follow this protocol.

To Pager



rwx

The rwx bits specify the fault reason:

 $egin{array}{ll} r & {
m read \ fault} \ w & {
m write \ fault} \ x & {
m execute \ fault} \end{array}$ 

A bit set to one reports the type of the attempted access. On processors that do not differentiate between read and execute accesses, x is never set. Read and execute accesses will both be reported by the r bit.

Acceptor [BR<sub>0</sub>]



The acceptor covers the complete user address space. The kernel accepts mappings or grants into this region on behalf of the faulting thread. The received message is discarded.

From Pager



PREEMPTION PROTOCOL 81

# 7.4 Preemption Protocol [Protocol]

#### From Preempted Thread



The preemption message contains the system clock when the thread was preempted. The preemption message is sent with relative timeout 0. If the message can not be delivered (e.g., due to timeouts) the message is dropped.

82 EXCEPTION PROTOCOL

# 7.5 Exception Protocol [Protocol]

The exception IPC contains a label, the faulting instruction pointer, and additional architecture specific exception words. The reply from the exception handler contains a label, an instruction pointer where the faulting thread is resumed, and an optional number of additional architecture specific words.

Note that the stack pointer is not explicitly specified to allow architecture specific optimizations.

#### To Exception Handler



k Number of exception words.

label specifies the exception type.

- = -4 System exceptions are defined for all architectures.
- = -5 Architecture specific exceptions.

#### From Exception Handler



- k Number of exception reply words.
- *IP* Location where execution is resumed in the faulting thread.

SIGMA0 RPC PROTOCOL 83

## 7.6 Sigma0 RPC protocol [Protocol]

 $\sigma_0$  is the initial address space. Although it is *not* part of the kernel, its basic protocol is defined with the kernel. Specific  $\sigma_0$  implementations may extend this protocol.

The address space  $\sigma_0$  is idempotent, i.e., all virtual addresses in this address space are identical to the corresponding physical address. Note that pages requested from  $\sigma_0$  continue to be mapped idempotently if the receiver specifies its complete address space as receive fpage.

 $\sigma_0$  gives pages to the kernel and to arbitrary tasks, but only once. The idea is that all pagers request the memory they need in the startup phase of the system so that afterwards  $\sigma_0$  has exhausted all its memory. Further requests will then automatically be denied.

#### **Kernel Protocol**



#### **From** $\sigma_0$

Kernel memory recommendation



amount Amount of memory recommended for kernel use (in bytes).



84 SIGMA0 RPC PROTOCOL

#### Grant Reject



#### **User Protocol**

**To**  $\sigma_0$ 



requested fpage

| $b/2^{10}$ (22/54) | S (6) | 0 r w x |  |
|--------------------|-------|---------|--|
|                    |       |         |  |

 $\sigma_0$  deals with fpages of arbitrary size. A successful response from  $\sigma_0$  contains an fpage of physically contiguous memory.

- $b \neq -1$  Requests the specific fpage with base address b and size  $2^s$ . If the fpage is neither owned by the kernel nor by a user thread (not even partially), the requested fpage is mapped to the requestor's address space and the fpage is marked as owned by the requesting thread (i.e., fpage is *not* marked as being owned by the address space in which thread resides). Any fpage not belonging to *reserved memory* (see page 87) can be requested. If the requested fpage is already owned by the requestor only the page attributes are modified. No new mapping operation happens.
- b=-1 Requests an fpage of size  $2^s$  but with arbitrary address. If a free fpage of size  $2^s$  is available, it is mapped to the requestor's address space and marked as owned by the requesting thread (i.e., fpage is *not* marked as being owned by the address space in which thread resides).  $\sigma_0$  is free to use the *requested-attribute* for choosing a best fitting page. Only fpages belonging to *conventional memory* (see page 87) are considered free and handed out upon such anonymous requests.

rwx The rwx bits are ignored.  $\sigma_0$  always maps fpages with maximum access rights to the requestor.

#### requested attributes

- = 0 The page is requested with default attributes.
- $\neq 0$  The page is requested with some architecture dependent attributes.

#### *From* $\sigma_0$

Map Response



SIGMA0 RPC PROTOCOL 85

Map Reject

| nilpage (32/64)                                 |  |  |  |  |  |  |
|-------------------------------------------------|--|--|--|--|--|--|
| 0 (28/60) 1000                                  |  |  |  |  |  |  |
| $0_{(16/48)}$ $0_{(4)}$ $t=2_{(6)}$ $u=0_{(6)}$ |  |  |  |  |  |  |

 $\sigma_0$  responds with a *map reject* message if the page is reserved (i.e., kernel space) or already mapped to a different thread, or if memory is exhausted.

#### **Pagefault Protocol**

 $\sigma_0$  also understands the pagefault protocol (see page 80) and will convert pagefault requests into  $\sigma_0$  user protocol requests. Further, only memory marked as *conventional memory* (see page 87) can be requested using the pagefault protocol. Any non-conventional memory (including boot loader specific memory) must be requested explicitly using the regular  $\sigma_0$  protocol.

#### Incoming pagefault message

| faulting user-level IP (32/64)                         |  |  |  |  |  |  |  |
|--------------------------------------------------------|--|--|--|--|--|--|--|
| fault address (32/64)                                  |  |  |  |  |  |  |  |
| $\begin{array}{ c c c c c c c c c c c c c c c c c c c$ |  |  |  |  |  |  |  |

#### Converted pagefault message



The minimum supported page size as defined by the PageInfo field in the kernel interface page (see page 3).

86 GENERIC BOOTING

# 7.7 Generic Booting [Protocol]

Machine-specific boot procedures are described on pages 103 ff.

After booting, L4 initializes itself. It generates the basic address space-servers  $\sigma_0$ ,  $\sigma_1$  and a *root server* which is intended to boot the higher-level system.

 $\sigma_0$ ,  $\sigma_1$  and the *root server* are user-level servers and not part of the pure kernel. The predefined ones can be replaced by modifying the following table in the L4 image before starting L4. An empty area specifies that the corresponding server should not be started. Note, that  $\sigma_0$  is a mandatory service. The kernel debugger *kdebug* is also not part of the kernel and can accordingly be replaced by modifying the table.

|                  |                         | Memo                | ryDesc                          | MemDescPtr |  |
|------------------|-------------------------|---------------------|---------------------------------|------------|--|
| ~                | ~ BootInfo ~            |                     |                                 |            |  |
|                  | ^                       | ·                   |                                 | +A0 / +140 |  |
|                  | +90 / +120              |                     |                                 |            |  |
| ~                |                         |                     |                                 |            |  |
|                  | ~                       |                     | +70 / +E0                       |            |  |
|                  | ~                       |                     |                                 |            |  |
| Kdebug.config1   | Kdebug.config0          | MemoryInfo          | ~                               | +50 / +A0  |  |
| root server.high | root server.low         | root server.IP      | root server.SP                  | +40 / +80  |  |
| $\sigma_1$ .high | $\sigma_1.\mathrm{low}$ | $\sigma_1.	ext{IP}$ | $\sigma_1.{ m SP}$              | +30 / +60  |  |
| $\sigma_0$ .high | $\sigma_0$ .low         | $\sigma_0.	ext{IP}$ | $\sigma_0.{ m SP}$              | +20 / +40  |  |
| Kdebug.high      | Kdebug.low              | Kdebug.entry        | +10 / +20                       |            |  |
| ,                | >                       | API Version         | $\sim_{(0/32)}$ 'K' 230 '4' 'L' | +0         |  |
| +C / +18         | +8 / +10                | +4 / +8             | +0                              |            |  |

The addresses are offsets relative to the configuration page's base address. The configuration page is located at a page boundary and can be found by searching for the magic " $L4\mu K$ " starting at the load address. The IP and SP values however, are absolute addresses. The appropriate code must be loaded at these addresses before L4 is started.

**IP** Physical address of a server's initial instruction pointer (start).

**SP** Physical address of a server's initial stack pointer (stack bottom).

**Kdebug.init** Physical address of *kdebug*'s initialization routine.

GENERIC BOOTING 87

Kdebug.entry

Physical address of kdebug's exception handler entry point.

Kdebug.low

Physical address of first byte of kernel debugger. Must be page aligned.

Kdebug.high

Physical address of last byte of kernel debugger. Must be the last byte in page.

Kdebug.config

Configuration fields which can be freely interpreted by the kernel debugger. The specific semantics of these fields are provided with the specific kernel debuggers.

**BootInfo** 

Prior to kernel initialization a boot loader can write an arbitrary value into this field. Post-initialization code, e.g., a root server can later read the field. Its value is neither changed nor interpreted by the kernel. This is the generic method for passing system information across kernel initialization.

#### MemoryInfo

| MemDescPtr (16/32) | n (16/32) |
|--------------------|-----------|
|--------------------|-----------|

MemDescPtr

Location of first memory descriptor (as an offset relative to the configuration page's base address). Subsequent memory descriptors are located directly following the first one. For memory descriptors that specify overlapping memory regions, later descriptors take precedence over earlier ones.

n

Initially equals the number of available memory descriptors in the configuration page. Before starting L4 this number must be initialized to the number of inserted memory descriptors.

#### MemoryDesc

| $high/2^{10}$ (22/54) |   |   | ~ (10 | +4 / +8      |    |
|-----------------------|---|---|-------|--------------|----|
| $low/2^{10}$ (22/54)  | v | ~ | t (4) | $type_{(4)}$ | +0 |

Memory descriptors should be initialized before starting L4. The kernel may after startup insert additional memory descriptors or modify existing ones (e.g., for reserved kernel memory).

high

Address of last byte in memory region. The ten least significant address bits are all hardwired to 1.

low

Address of first byte in memory region. The ten least significant address bits are all hardwired to 0.

v

Indicates whether memory descriptor refers to physical memory (v=0) or virtual memory (v=1).

type

t

Identifies the type of the memory descriptor.

| Type | Description                                           |
|------|-------------------------------------------------------|
| 0x0  | Undefined                                             |
| 0x1  | Conventional memory                                   |
| 0x2  | Reserved memory (i.e., reserved by kernel)            |
| 0x3  | Dedicated memory (i.e., memory not available to user) |
| 0x4  | Shared memory (i.e., available to all users)          |
| 0xE  | Defined by boot loader                                |
| 0xF  | Architecture dependent                                |

Identifies the precise type for boot loader specific or architecture dependent memory descriptors.

88 GENERIC BOOTING

type = 0xE

The type of the memory descriptor is dependent on the bootloader. The t field specifies the exact semantics. Refer to boot loader specification for more info.

type=0xF

The type of the memory descriptor is architecture dependent. The t field specifies the exact semantics. Refer to architecture specific part for more info (see page 117).

 $type \neq 0xE$ ,  $type \neq 0xF$ 

The type of the memory descriptor is solely defined by the type field. The content of the t field is undefined.

# **Appendix A**

# IA-32 Interface

90 VIRTUAL REGISTERS

# A.1 Virtual Registers [ia32]

#### **Thread Control Registers (TCRs)**

TCRs are implemented as part of the ia32-specific user-level thread control block (UTCB). The address of the current thread's UTCB will not change over the lifetime of the thread. Setting the UTCB address of an active thread via Thread-Control is similar to deletion and re-creation. There is a fixed correlation between the UtcbLocation parameter when invoking ThreadControl and the UTCB address. The UTCB address of the current thread can be loaded through a machine instruction

mov 
$$\%$$
gs:[0],  $\%$ r

UTCB objects of the current thread can then be accessed as any other memory object. UTCBs of other threads must not be accessed, even if they are physically accessible. ThreadWord0 and ThreadWord1 are free to be used by systems software (e.g., IDL compilers). The kernel associates no semantics with these words.





The TCR MyLocalId is not part of the UTCB. On ia32 it is identical with the UTCB address and can be loaded from memory location gs:[0].

VIRTUAL REGISTERS 91

#### Message Registers (MRs)

Memory-mapped MRs are implemented as part of the ia32-specific user-level thread control block (UTCB). The address of the current thread's UTCB will not change over the lifetime of the thread. Setting the UTCB address of an active thread via ThreadControl is similar to deletion and re-creation. There is a fixed correlation between the UtcbLocation parameter when invoking ThreadControl and the UTCB address. The UTCB address of the current thread can be loaded through a machine instruction

mov 
$$\%$$
gs:[0],  $\%$ r

UTCB objects of the current thread can then be accessed as any other memory object. UTCBs of other threads must not be accessed, even if they are physically accessible.

MR  $_0$  is always mapped to a general register. MR  $_1$  and MR  $_2$  are mapped to general registers when reading a received message; in all other cases, MR  $_1$  and MR  $_2$  are mapped to memory locations. MR  $_{3...63}$  are always mapped to memory.



#### **Buffer Registers (BRs)**

BRs are implemented as part of the ia32-specific user-level thread control block (UTCB). The address of the current thread's UTCB will not change over the lifetime of the thread. Setting the UTCB address of an active thread via THREAD-CONTROL is similar to deletion and re-creation. There is a fixed correlation between the UtcbLocation parameter when invoking THREADCONTROL and the UTCB address. The UTCB address of the current thread can be loaded through a machine instruction

mov 
$$\%$$
gs:[0],  $\%$ r

UTCB objects of the current thread can then be accessed as any other memory object. UTCBs of other threads must not be accessed, even if they are physically accessible.

92 VIRTUAL REGISTERS



#### **UTCB Memory With Undefined Semantics**

The kernel will associate no semantics with memory located at UTCB address... UTCB address + 3. The application can use this memory as thread local storage, e.g., for implementing the L4 API. Note, however, that the memory contents within this region may be overwritten during a system-call operating on message registers.

All undefined UTCB memory which is not covered by the above mentioned region may have kernel defined semantics.

SYSTEMCALLS 93

## A.2 Systemcalls [ia32]

The system-calls which are invoked by the call instruction take the target of the calls from the system-call link fields in the kernel interface page (see page 2). Each system-call link specifies an address relative to the kernel interface page's base address. An application may use instructions other than call to invoke the system-calls, but must ensure that a valid return address resides on the stack.

#### KERNELINTERFACE [Slow Systemcall]

```
- \ KernelInterface \rightarrow
EAX
                                     EAX
                                             base address
                                             API Version
ECX
                                     ECX
                                             API Flags
EDX
                                     EDX
                lock: nop
                                     ESI
                                             Kernel ID
ESI
EDI
                                     EDI
EBX
                                     EBX
                                             \equiv
EBP
                                     EBP
                                             \equiv
ESP
                                     ESP
                                             \equiv
```

#### EXCHANGEREGISTERS [Systemcall]

| dest                 | EAX | - Exchange Registers $ ightarrow$ | EAX | result              |
|----------------------|-----|-----------------------------------|-----|---------------------|
| control              | ECX |                                   | ECX | control             |
| SP                   | EDX |                                   | EDX | SP                  |
| IP                   | ESI | call ExchangeRegisters            | ESI | IP                  |
| FLAGS                | EDI |                                   | EDI | FLAGS               |
| User De fined Handle | EBX |                                   | EBX | User Defined Handle |
| pager                | EBP |                                   | EBP | pager               |
| _                    | ESP |                                   | ESP | ≡                   |

<sup>&</sup>quot;FLAGS" refers to the user-modifiable ia32 processor flags that are held in the EFLAGS register.

#### THREADCONTROL [Privileged Systemcall]

```
- Thread Control \rightarrow
          dest
                 EAX
                                                            result
        Pager
                 ECX
                                                    ECX
    Scheduler
                 EDX
                                                    EDX
                           call ThreadControl
Space Specifier
                 ESI
                                                    ESI
 UtcbLocation
                 EDI
                                                    EDI
                 EBX
                                                    EBX
                 EBP
                                                    EBP
                 ESP
                                                    ESP
```

#### SYSTEMCLOCK [Systemcall]

94 SYSTEMCALLS

### THREADSWITCH [Systemcall]

```
- \ ThreadSwitch \rightarrow
dest
      EAX
                                             EAX
       ECX
                                             ECX
                                                     \equiv
       EDX
                                             EDX
                                                     \equiv
                   call ThreadSwitch
                                             ESI
       ESI
                                                     \equiv
       EDI
                                             EDI
                                                     \equiv
                                             EBX
       EBX
                                                     \equiv
                                             EBP
                                                     \equiv
      EBP
                                             ESP
       ESP
```

### SCHEDULE [Systemcall]

| dest               | EAX | - Schedule $ ightarrow$ | EAX | result       |
|--------------------|-----|-------------------------|-----|--------------|
| prio               | ECX |                         | ECX | $\sim$       |
| time control       | EDX |                         | EDX | time control |
| processor control  | ESI | call <i>Schedule</i>    | ESI | $\sim$       |
| preemption control | EDI |                         | EDI | $\sim$       |
| _                  | EBX |                         | EBX | $\sim$       |
| _                  | EBP |                         | EBP | $\sim$       |
| _                  | ESP |                         | ESP | =            |
|                    |     |                         |     |              |

#### IPC [Systemcall]

| m     |
|-------|
| эт    |
|       |
| $R_0$ |
|       |
| $R_1$ |
| $R_2$ |
|       |
| F     |

#### LIPC [Systemcall]

```
to
               EAX
                              -\; Lipc \rightarrow
                                                 EAX
                                                        from
    Timeouts
               ECX
                                                 ECX
                                                        \sim
From Specifier \\
               EDX
                                                 EDX
        MR_0
                ESI
                              call Lipc
                                                 ESI
                                                        MR_0
       UTCB
               EDI
                                                 EDI
                                                        \equiv
                                                        MR_1
               EBX
                                                 EBX
                                                 EBP
                                                        MR_2
               EBP
                ESP
                                                 ESP
```

#### UNMAP [Systemcall]

controlEAX- UnmapEAX
$$\sim$$
-ECXECX $\sim$ -EDXEDX $\sim$ MR 0ESIcall UnmapESI $MR$  0UTCBEDIEDI $\equiv$ -EBX $\sim$ EBX $\sim$ -EBP $\sim$ EBP $\sim$ -ESP $\equiv$ ESP $\equiv$ 

# SPACECONTROL [Privileged Systemcall]

| SpaceSpecifier             | EAX | - Space Control $ ightarrow$ | EAX | result   |
|----------------------------|-----|------------------------------|-----|----------|
| control                    | ECX |                              | ECX | control  |
| Kernel Interface Page Area | EDX |                              | EDX | $\sim$   |
| UtcbArea                   | ESI | call SpaceControl            | ESI | $\sim$   |
| Redirector                 | EDI |                              | EDI | $\sim$   |
| _                          | EBX |                              | EBX | $\sim$   |
| _                          | EBP |                              | EBP | $\sim$   |
| _                          | ESP |                              | ESP | $\equiv$ |
|                            |     |                              |     |          |

# PROCESSORCONTROL [Privileged Systemcall]

| ProcessorNo       | EAX | $- \ Processor \ Control \rightarrow$ | EAX | result   |
|-------------------|-----|---------------------------------------|-----|----------|
| InternalFrequency | ECX |                                       | ECX | $\sim$   |
| ExternalFrequency | EDX |                                       | EDX | $\sim$   |
| voltage           | ESI | call <i>ProcessorControl</i>          | ESI | $\sim$   |
| _                 | EDI |                                       | EDI | $\sim$   |
| _                 | EBX |                                       | EBX | $\sim$   |
| _                 | EBP |                                       | EBP | $\sim$   |
| _                 | ESP |                                       | ESP | $\equiv$ |

# MEMORYCONTROL [Privileged Systemcall]

| control       | EAX | $- \ \textbf{Memory Control} \rightarrow$ | EAX | result   |
|---------------|-----|-------------------------------------------|-----|----------|
| $attribute_0$ | ECX |                                           | ECX | $\sim$   |
| $attribute_1$ | EDX |                                           | EDX | $\sim$   |
| $MR_{0}$      | ESI | call <i>MemoryControl</i>                 | ESI | $\sim$   |
| UTCB          | EDI |                                           | EDI | $\sim$   |
| $attribute_2$ | EBX |                                           | EBX | $\sim$   |
| $attribute_3$ | EBP |                                           | EBP | $\sim$   |
| _             | ESP |                                           | ESP | $\equiv$ |

96 KERNEL FEATURES

# A.3 Kernel Features [ia32]

The ia32 architecture supports the following kernel feature descriptors in the kernel interface page (see page 5).

| String     |      | Feature                                  |
|------------|------|------------------------------------------|
| "smallspac | ces" | Kernel has small address spaces enabled. |

IO PORTS 97

## A.4 IO Ports [ia32]

#### **IO Fpages**

On IA-32 processors, IO-ports are handled as fpages. IO fpages can be mapped, granted, and unmapped like memory fpages. Their minimal granularity is 1. An IO-fpage of size  $2^{s'}$  has a  $2^{s'}$ -aligned base address p, i.e.  $p \mod 2^{s'} = 0$ . An fpage with base port address p and size  $2^{s'}$  is denoted as described below.

IO fpage 
$$(p,2^{s'})$$
 
$$p_{(16)} \hspace{1cm} s'_{(6)} \hspace{1cm} s=2_{(6)} \hspace{1cm} 0\,1\,1\,0$$

IO-ports can only be mapped idempotently, i.e., physical port x is either mapped at IO address x in the task's IO address space, or it is not mapped at all. There are no distinct rights associated with IO ports, i.e., a task can be granted either read- and write-access to an IO port, ore none at all.

#### **IO Pagefault Protocol**

A thread generating an IO port exception will cause the kernel to transparently generate an IO-pagefault IPC to the faulting thread's pager. The behavior of the faulting thread is undefined if the pager does not exactly follow this protocol.



The acceptor covers the complete IO-address space. The kernel accepts mappings or grants into this region on behalf of the faulting thread. The received message is discarded.

## **Generic Programming Interface**

```
#include <|4/arch.h>

Fpage IoFpage (Word BasePort, int FpageSize)

Fpage IoFpageLog2 (Word BasePort, int Log2FpageSize <= 16)

Delivers an IO fpage with the specified location and size.

Word IoFpagePort (Fpage f)

Word IoFpageSize (Fpage f)

Delivers port/size of specified IO fpage.

Bool IsIoFpage (Fpage f)

Delivers true if fpage is an IO fpage.
```

98 SPACE CONTROL

## A.5 Space Control [ia32]

The SPACECONTROL system call has an architecture dependent *control* parameter to specify various address space characteristics. For ia32, the *control* parameter has the following semantics.

#### **Input Parameter**

#### control



A value of 1 indicates the intention to change the *small address space number* for the specified address space. The small space number will remain unchanged if s = 0.

small

If s=1, sets the small address space number for the specified address space. Small address space numbers from 1 to 255 are available. A value of 0 indicates a regular large address space. An assigned small space number is effective on *all* CPUs in an SMP system.

The position (pos) of the least significant bit of small indicates the size of the small space by the following formula:  $size = 2^{pos}*4$  MB. After removing the least significant bit, the remaining bits of small indicate the location of the space within a 512 MB region using the following formula: location = small\*2 MB. Setting the small space number fails if the specified region overlaps with an already existing one.

The *small* field is ignored if s=0, or if the kernel does not support small spaces (see Kernel Features, page 96).

#### **Output Parameter**

#### control

| _   |    |        |           |
|-----|----|--------|-----------|
|     |    |        |           |
| 16  | el | 0 (23) | small (8) |
| - 1 |    | " (23) | Sinan (8) |

Indicates if the change of small space number was effective (e = 1). Undefined if s = 0 in the input parameter.

small

The old value for the small space number. A value of 0 is possible even if the space has previously been put into a small address space. An implicit change to small space number 0 can happen if a thread within the space accesses memory beyond the specified small space size.

#### **Generic Programming Interface**

#include <l4/space.h>

Word LargeSpace

Word SmallSpace (Word location, size)

Delivers a small space number with the specified *location* and size (both in MB). It is assumed that  $size = 2^p * 4$  for some value p < 8.

CACHEABILITY HINTS 99

# A.6 Cacheability Hints [ia32]

String items can specify cacheability hints to the kernel (see page 56). For ia32, the cacheability hints have the following semantics.

hh=00 Use the processor's default cacheability strategy. Typically, cache lines are allocated for data read and written (assuming that the processor's default strategy is write-back and write-allocate).

hh=01 Allocate cache lines in the entire cache hierarchy for data read or written.

hh=10 Do not allocate new cache lines (entire cache hierarchy) for data read or written.

hh=11 Allocate only new L1 cache line for data read or written. Do not allocate cache lines in lower cache hierarchies.

#### **Convenience Programming Interface**

#include <l4/ipc.h>

CacheAllocationHint UseDefaultCacheLineAllocation

CacheAllocationHint AllocateNewCacheLines

CacheAllocationHint DoNotAllocateNewCacheLines

 $Cache Allocation Hint \ \ \textbf{AllocateOnlyNewL1CacheLines}$ 

100 MEMORY ATTRIBUTES

# A.7 Memory Attributes [ia32]

The ia32 architecture in general supports the following memory attributes values.

| attribute       | value |
|-----------------|-------|
| Default         | 0     |
| Write Back      | 1     |
| Write Through   | 2     |
| Uncacheable     | 4     |
| Write Combining | 5     |
| Write Protected | 8     |

Note that some attributes are only supported on certain processors. See the "IA-32 Intel Architecture Software Developer's Manual, Volume 3: System Programming Guide" for the semantics of the memory attributes and which processors they are supported on.

#### **Generic Programming Interface**

#include <I4/misc.h>

Word DefaultMemory

Word WriteBackMemory

Word WriteThroughMemory

Word UncacheableMemory

Word WriteCombiningMemory

Word WriteProtectedMemory

# A.8 Exception Message Format [ia32]

#### To Exception Handler

| EAX (32)                                               | MR <sub>12</sub> |
|--------------------------------------------------------|------------------|
| ECX (32)                                               | MR <sub>11</sub> |
| EDX (32)                                               | MR 10            |
| EBX (32)                                               | MR 9             |
| ESP (32)                                               | MR <sub>8</sub>  |
| EBP (32)                                               | MR 7             |
| ESI (32)                                               | MR <sub>6</sub>  |
| EDI (32)                                               | MR $_5$          |
| ErrorCode (32)                                         | MR $_4$          |
| ExceptionNo (32)                                       | MR 3             |
| EFLAGS (32)                                            | MR $_2$          |
| EIP (32)                                               | MR 1             |
| $\begin{array}{ c c c c c c c c c c c c c c c c c c c$ | MR <sub>0</sub>  |

#PF (page fault), #MC (machine check exception), and some #GP (general protection), #SS (stack segment fault), and #NM (no math coprocessor) exceptions are handled by the kernel and therefore do not generate exception messages.

Note that executing an INT n instructions in 32-bit mode will always raise a #GP (general protection). The exception handler may interpret the error code (8n + 2, see processor manual) and emulate the INT n accordingly.

102 PROCESSOR MIRRORING

# A.9 Processor Mirroring [ia32]

#### **Segments**

L4 uses a flat (unsegmented) memory model. There are only three segments available: user\_space, a read/write segment, user\_space\_exec, an executable segment, and utcb\_address, a read-only segment. Both user\_space and user\_space\_exec cover (at least) the complete user-level address space. Utcb\_address covers only enough memory to hold the UTCB address.

The values of segment selectors *are undefined*. When a thread is created, its segment registers SS, DS, ES and FS are initialized with *user\_space*, GS with *utcb\_address*, and CS with *user\_space\_exec*. Whenever the kernel detects a general protection exception and the segment registers are not loaded properly, it reloads them with the above mentioned selectors. From the user's point of view, the segment registers cannot be modified.

However, the binary representation of *user\_space* and *user\_space\_exec* may change at any point during program execution. Never rely on any particular value.

Furthermore, the LSL (load segment limit) machine instruction may deliver wrong segment limits, even floating ones. The result of this instruction is always *undefined*.

#### **Debug Registers**

User-level debug registers exist per thread. DR0...3, DR6 and DR7 can be accessed by the machine instructions mov n,DRx and mov DRx,r. However, only task-local breakpoints can be activated, i.e., bits G0...3 in DR7 cannot be set. Breakpoints operate per thread. Breakpoints are signaled as #DB exception (INT 1).

Note that user-level breakpoints are suspended when kernel breakpoints are set by the kernel debugger.

#### **Model-Specific Registers**

All privileged threads in the system have read and write access to all the Model-Specific Registers (MSRs) of the CPU. Modification of some MSRs may lead to undefined system behavior. Any access to an MSR by an unprivileged thread will raise an exception.

BOOTING 103

# A.10 Booting [ia32]

## **PC-compatible Machines**

L4 can be loaded at any 16-byte-aligned location beyond 0x1000 in physical memory. It can be started in real mode or in 32-bit protected mode at address 0x100 or 0x1000 relative to its load address. The protected-mode conditions are compliant to the Multiboot Standard Version 0.6.

| Start Preconditions             |                                  |                           |  |
|---------------------------------|----------------------------------|---------------------------|--|
|                                 | Real Mode                        | 32-bit Protected Mode     |  |
| load base $(L)$                 | $L \ge 0$ x1000, 16-byte aligned | $L \ge 0$ x1000           |  |
| load offset $(X)$               | X = 0x100  or  X = 0x1000        | X = 0x100  or  X = 0x1000 |  |
| Interrupts                      | disabled                         | disabled                  |  |
| Gate A20                        | ~                                | open                      |  |
| EFLAGS                          | I=0                              | I=0, VM=0                 |  |
| CR0                             | PE=0                             | PE=1, PG=0                |  |
| (E)IP                           | X                                | L + X                     |  |
| CS                              | L/16                             | 0, 4GB, 32-bit exec       |  |
| SS,DS,ES                        | ~                                | 0, 4GB, read/write        |  |
| EAX                             | ~                                | 0x2BADB002                |  |
| EBX                             | ~                                | $^*P$                     |  |
| $\langle P+0 \rangle$           |                                  | ∼ OR 1                    |  |
| $\langle P+4 \rangle$           | n/a                              | below 640 K mem in K      |  |
| $\langle P+8 \rangle$           |                                  | beyond 1M mem in K        |  |
| all remaining registers & flags |                                  |                           |  |
| (general, floating point,       | ~                                | ~                         |  |
| ESP, xDT, TR, CRx, DRx)         |                                  |                           |  |

 $L4\ relocates\ itself\ to\ 0x1000,\ enters\ protected\ mode\ if\ started\ in\ real\ mode,\ enables\ paging\ and\ initializes\ itself.$ 

104 BOOTING

# **Appendix B**

# IA-64 Interface

106 VIRTUAL REGISTERS

# B.1 Virtual Registers [ia64]

#### **Thread Control Registers (TCRs)**

TCRs are mapped to memory locations. They are implemented as part of the ia64-specific user-level thread control block (UTCB). The address of the current thread's UTCB will not change over the lifetime of the thread. (In fact, the ia64 UTCB address is identical to the thread's local ID.) Register ar.k6 always contains the UTCB address of the current thread. UTCBs of other threads must not be accessed, even if they are physically accessible. ThreadWord0 and ThreadWord1 are free to be used by systems software (e.g., IDL compilers). The kernel associates no semantics with these words.

| ThreadV         | ThreadWord 1 (64)      |                   |                    |  |  |
|-----------------|------------------------|-------------------|--------------------|--|--|
| ThreadV         | ThreadWord 0 (64)      |                   |                    |  |  |
| Error           | Code (64)              |                   | +72                |  |  |
| VirtualSender/. | ActualSender (64)      |                   | +64                |  |  |
| Intended        | Receiver (64)          |                   | +56                |  |  |
| XferTin         | neouts (64)            |                   | +48                |  |  |
| ~ (48)          | cop flags (8)          | preempt flags (8) | +40                |  |  |
| Exception       | Handler (64)           |                   | +32                |  |  |
| Pag             | er <sub>(64)</sub>     |                   | +24                |  |  |
| UserDefine      | UserDefinedHandle (64) |                   |                    |  |  |
| Process         | sorNo <sub>(64)</sub>  |                   | ← UTCB address + 8 |  |  |
|                 |                        |                   |                    |  |  |
| MyLocalid - U   | TCB address (64)       |                   | ar.k6              |  |  |
| wyŁocand = C    | 1CD address (64)       |                   | ui.ku              |  |  |
|                 |                        |                   |                    |  |  |

ar.k5

#### Message Registers (MRs)

Memory-mapped MRs are implemented as part of the ia64-specific user-level thread control block (UTCB). The address of the current thread's UTCB will not change over the lifetime of the thread. (In fact, the ia64 UTCB address is identical to the thread's local ID.) Register ar.k6 always contains the UTCB address of the current thread. UTCBs of other threads must not be accessed, even if they are physically accessible.

MyGlobalId (64)

MR <sub>0...7</sub> are mapped to the eight first output registers on the register stack. The exact location of the first eight message registers therefore depends on the configuration of the *current frame marker* (CFM). MR <sub>8...63</sub> are mapped to memory. It is valid to configure less than eight output registers in the current register frame if a message to be transferred spans less than eight message registers. The number of message registers must not exceed the number of output registers, however.

VIRTUAL REGISTERS 107

| <b>MR</b> <sub>07</sub> | MR 7             | out7                 |
|-------------------------|------------------|----------------------|
|                         | MR <sub>6</sub>  | out6                 |
|                         | MR 5             | out5                 |
|                         | MR 4             | out4                 |
|                         | MR <sub>3</sub>  | out3                 |
|                         | MR <sub>2</sub>  | out2                 |
|                         | MR <sub>1</sub>  | out1                 |
|                         | MR <sub>0</sub>  | out0                 |
|                         |                  |                      |
| $MR_{863}$ [UTCB fie    | elds]            |                      |
|                         | MR <sub>63</sub> | +888                 |
|                         | <u>:</u> :       |                      |
|                         | MR <sub>9</sub>  | +456                 |
|                         | MR 8             | ← UTCB address + 448 |

#### **Buffer Registers (BRs)**

BRs are implemented as part of the ia64-specific user-level thread control block (UTCB). The address of the current thread's UTCB will not change over the lifetime of the thread. (In fact, the ia64 UTCB address is identical to the thread's local ID.) Register ar.k6 always contains the UTCB address of the current thread. UTCBs of other threads must not be accessed, even if they are physically accessible.



## **UTCB Memory With Undefined Semantics**

The kernel will associate no semantics with memory located at *UTCB address* + 384... *UTCB address* + 447. The application can use this memory as thread local storage, e.g., for implementing the L4 API. Note, however, that the memory contents within this region may be overwritten during a system-call operating on message registers.

All undefined UTCB memory which is not covered by the above mentioned region may have kernel defined semantics.

108 PAL AND SAL ACCESS

# B.2 PAL and SAL Access [ia64]

The microkernel provides special system-calls for accessing Processor Abstraction Level (PAL) and System Abstraction Layer (SAL) procedures. The location of the additional system-call links in the kernel interface page are as follows:

| Location                      | System-call |
|-------------------------------|-------------|
| Kernel Interface Page + 0x220 | PAL_CALL    |
| Kernel Interface Page + 0x228 | SAL_CALL    |

#### **Generic Programming Interface**

#### System-Call Function:

#include <14/arch.h>

Word PAL\_Call (Word idx, a1, a2, a3, Word& r1, r2, r3)

Invoke the PAL procedure specified by idx. a1...a3 are the arguments to the PAL procedure. r1...r3 are the return values. The system-call returns the status of the procedure invocation. See the "Intel Itanium Architecture Software Developer's Manual, Volume 2: System Architecture" for the possible values of idx, and the contents of arguments and return values. As of now, no invocation of PAL procedures is allowed by any user-level thread.

Word **SAL\_Call** (Word idx, a1, a2, a3, a4, a5, a6, Word& r1, r2, r3)

Invoke the SAL procedure specified by idx. a1...a6 are the arguments to the SAL procedure. r1...r3 are the return values. The system-call returns the status of the procedure invocation. See the "Itanium Processor Family System Abstraction Layer Specification" for possible values of idx, and the contents of arguments and return values.

As of now, only the PCLCONFIG\_READ and PCLCONFIG\_WRITE procedure calls can be invoked from a user-level thread.

## **Convenience Programming Interface**

#### **Derived Functions:**

#include <l4/arch.h>

Word SAL\_PCI\_ConfigRead (Word address, size, Word& value)

Read from the PCI configuration space at *address* with the indicated word size (1, 2 or 4 bytes). The read value is returned in *value*. Return the status of the operation (0 if success).

The operation will only succeed if the address in the PCI configuration space is mapped readable (see page 114)

Word SAL\_PCI\_ConfigWrite (Word address, size, value)

Write *value* to the PCI configuration space at *address* with the indicated word size (1, 2 or 4 bytes). Return the status of the operation (0 if success).

The operation will only succeed if the address in the PCI configuration space is mapped writeable (see page 114).

# B.3 Systemcalls [ia64]

The system-calls which are invoked by the br.call instruction take the target of the calls the from system-call link fields in the kernel interface page (see page 2). Each system-call link value, v, specifies either an absolute address (if  $v \geq 1 \mathrm{MB}$ ) or an address relative to the kernel interface page's base address (if  $v < 1 \mathrm{MB}$ ). An application may use instructions other than br.call to invoke the system-calls, but must ensure that a valid return address resides in the b0 register. For the IPC and LIPC system-calls the application must additionally ensure that message registers are mapped into input registers after invoking the system-call (i.e., the output registers if one were to use a br.call instruction).

The system-call definitions below only specify the contents of the general registers. Except for the KERNELINTERFACE, IPC and LIPC system-calls, the contents of the remaining user accessible registers closely resembles the IA-64 software calling conventions. More precisely, the register contents of these registers are ignored upon system-call entry, and the contents after system-call exit are defined as follows:

| Floating-point Registers: |              | Application Registers:     |             |                     |
|---------------------------|--------------|----------------------------|-------------|---------------------|
|                           | f0f1         | fixed                      | ar.fpsr     | special (see below) |
|                           | f2f5         | preserved                  | ar.rnat     | preserved           |
|                           | f6f15        | scratch                    | ar.unat     | preserved           |
|                           | f16f127      | preserved                  | ar.pfs      | scratch             |
|                           |              |                            | ar.bsp      | preserved           |
| Predic                    | ate Register | s:                         | ar.bspstore | preserved           |
|                           | p0           | fixed                      | ar.rsc      | special (see below) |
|                           | p1p5         | preserved                  | ar.lc       | preserved           |
|                           | p6p15        | scratch                    | ar.ec       | preserved           |
|                           | p16p63       | preserved                  | ar.ccv      | scratch             |
|                           |              |                            | ar.itc      | scratch             |
| Branc                     | h Registers: |                            | ar.k0k4     | scratch             |
|                           | b0           | system-call return address | ar.k5       | MyGlobalId          |
|                           | b1b5         | preserved                  | ar.k6       | MyLocalId           |
|                           | b6b7         | scratch                    | ar.k7       | scratch             |

The ar.fpsr and ar.rsc registers are special. The second and third status fields of ar.fpsr, and the loadrs field of ar.rsc have scratch semantics. The remaining fields have preserved semantics.

#### KERNELINTERFACE [Slow Systemcall]

```
- KernelInterface \rightarrow
                                                                     base address
r8
                                                      r8
r9
                                                      r9
                                                                     API Version
                                                                     API Flags
r10
                                                      r10
                 { .mlx
                 (qp) break.m
                                                      r11
                                                                     Kernel ID
                                     0x1face
r12...r31
                 (qp)
                                     r0 = 0x0;
                                                      r12...r31
                         movl
                                                                     \equiv
in0...in95
                                                      in0...in95
                                                                     \equiv
loc0...loc95
                                                      loc0...loc95
out0...out95
                                                      out0...out95
```

All other registers remain unchanged. A qualifying predicate, qp, can be used to conditionally execute the KERNELIN-TERFACE system-call.

## **EXCHANGEREGISTERS** [Systemcall]

| _                 | r1                    | - ExchangeRegisters $ ightarrow$ | r1        | ≡                 |
|-------------------|-----------------------|----------------------------------|-----------|-------------------|
| _                 | <i>r</i> 2 <i>r</i> 3 |                                  | r2r3      | $\sim$            |
| _                 | r4r7                  |                                  | r4r7      | =                 |
| _                 | r8r11                 | br.call $b0 = ExchangeRegisters$ | r8r11     | $\sim$            |
| _                 | r12r13                |                                  | r12r13    | =                 |
| dest              | r14                   |                                  | r14       | result            |
| contol            | r15                   |                                  | r15       | control           |
| SP                | r16                   |                                  | r16       | SP                |
| IP                | r17                   |                                  | r17       | IP                |
| FLAGS             | r18                   |                                  | r18       | FLAGS             |
| UserDefinedHandle | r19                   |                                  | r19       | UserDefinedHandle |
| pager             | r20                   |                                  | r20       | pager             |
| _                 | r21r31                |                                  | r21r31    | $\sim$            |
| _                 | out0out95             |                                  | out0out95 | $\sim$            |

## THREADCONTROL [Privileged Systemcall]

| _              | r1        | - ThreadControl $ ightarrow$ | r1        | ≡        |
|----------------|-----------|------------------------------|-----------|----------|
| _              | r2r3      |                              | r2r3      | $\sim$   |
| _              | r4r7      |                              | r4r7      | $\equiv$ |
| _              | r8        | br.call $b0 = ThreadControl$ | r8        | result   |
| _              | r9r11     |                              | r9r11     | $\sim$   |
| _              | r12r13    |                              | r12r13    | $\equiv$ |
| dest           | r14       |                              | r14       | $\sim$   |
| SpaceSpecifier | r15       |                              | r15       | $\sim$   |
| Scheduler      | r16       |                              | r16       | $\sim$   |
| Pager          | r17       |                              | r17       | $\sim$   |
| UtcbLocation   | r18       |                              | r18       | $\sim$   |
| _              | r19r31    |                              | r19r31    | $\sim$   |
| _              | out0out95 |                              | out0out95 | $\sim$   |

## SYSTEMCLOCK [Systemcall]

```
\begin{array}{ccc} . & & \equiv \\ r2...r3 & & \sim \\ r4...r^7 & & \end{array}
                           - \ SystemClock \rightarrow
r2...r3
                                                                  r4...r7
r4...r7
                       br.call b0 = SystemClock
                                                                                   clock
r8
                                                                  r8
r9...r11
                                                                  r9...r11
r12...r13
                                                                  r12...r13
                                                                                   \equiv
r14...r31
                                                                  r14...r31
out0...out95
                                                                  out0...out95 \sim
```

# THREADSWITCH [Systemcall]

# SCHEDULE [Systemcall]

| _                  | r1        | - Schedule $ ightarrow$ | r1        | =            |
|--------------------|-----------|-------------------------|-----------|--------------|
| _                  | r2r3      |                         | r2r3      | $\sim$       |
| _                  | r4r7      |                         | r4r7      | =            |
| _                  | r8        | br.call $b0 = Schedule$ | r8        | result       |
| _                  | r9        |                         | r9        | time control |
| _                  | r10r11    |                         | r10r11    | $\sim$       |
| _                  | r12r13    |                         | r12r13    | =            |
| dest               | r14       |                         | r14       | $\sim$       |
| time control       | r15       |                         | r15       | $\sim$       |
| processor control  | r16       |                         | r16       | $\sim$       |
| prio               | r17       |                         | r17       | $\sim$       |
| preemption control | r18       |                         | r18       | $\sim$       |
| _                  | r19r31    |                         | r19r31    | $\sim$       |
| _                  | out0out95 |                         | out0out95 | $\sim$       |

## IPC [Systemcall]

| _             | r1         | - Ipc $ ightarrow$ | r1        | =        |
|---------------|------------|--------------------|-----------|----------|
| _             | r2r8       | _                  | r2r8      | $\sim$   |
| _             | r9         |                    | r9        | from     |
| _             | r10r11     | br.call $b0 = Ipc$ | r10r11    | $\sim$   |
| _             | r12        |                    | r12       | $\equiv$ |
| _             | r13        |                    | r13       | $\sim$   |
| to            | r14        |                    | r14       | $\sim$   |
| FromSpecifier | r15        |                    | r15       | $\sim$   |
| Timeouts      | r16        |                    | r16       | $\sim$   |
| _             | r17r31     |                    | r17r31    | $\sim$   |
| $MR_{0}$      | out0       |                    | out0      | $MR_{0}$ |
| $MR_{1}$      | out1       |                    | out1      | $MR_{1}$ |
| $MR_{2}$      | out2       |                    | out2      | $MR_2$   |
| $MR_3$        | out3       |                    | out3      | $MR_3$   |
| $MR_{4}$      | out4       |                    | out4      | $MR_4$   |
| $MR_{5}$      | out5       |                    | out5      | $MR_{5}$ |
| $MR_{6}$      | out6       |                    | out6      | $MR_{6}$ |
| $MR_{7}$      | out7       |                    | out7      | $MR_{7}$ |
| _             | out8 out95 |                    | out8out95 | $\sim$   |

All remaining registers (including application registers) will have scratch semantics over the IPC system-call. Upon entry to the IPC system-call, the register stack backing store must be able to contain the dirty partition of the register stack.

# LIPC [Systemcall]

| _             | r1        | - Lipc $ ightarrow$ | r1        | $\equiv$ |
|---------------|-----------|---------------------|-----------|----------|
| _             | r2r8      |                     | r2r8      | $\sim$   |
| _             | r9        |                     | r9        | from     |
| _             | r10r11    | br.call $b0 = Lipc$ | r10r11    | $\sim$   |
| _             | r12       |                     | r12       | $\equiv$ |
| _             | r13       |                     | r13       | $\sim$   |
| to            | r14       |                     | r14       | $\sim$   |
| FromSpecifier | r15       |                     | r15       | $\sim$   |
| Timeouts      | r16       |                     | r16       | $\sim$   |
| _             | r17r31    |                     | r17r31    | $\sim$   |
| $MR_{0}$      | out0      |                     | out0      | $MR_{0}$ |
| $MR_{1}$      | out1      |                     | out1      | $MR_{1}$ |
| $MR_2$        | out2      |                     | out2      | $MR_2$   |
| $MR_3$        | out3      |                     | out3      | $MR_3$   |
| $MR_{4}$      | out4      |                     | out4      | $MR_4$   |
| $MR$ $_5$     | out5      |                     | out5      | $MR_{5}$ |
| $MR_{6}$      | out6      |                     | out6      | $MR_{6}$ |
| $MR_{7}$      | out7      |                     | out7      | $MR_{7}$ |
| _             | out8out95 |                     | out8out95 | $\sim$   |

All remaining registers (including application registers) will have scratch semantics over the LIPC system-call. Upon entry to the LIPC system-call, the register stack backing store must be able to contain the dirty partition of the register stack.

### UNMAP [Systemcall]

| _        | r1        | - Unmap $ ightarrow$ | r1        | $\equiv$ |
|----------|-----------|----------------------|-----------|----------|
| _        | r2r3      |                      | r2r3      | $\sim$   |
| _        | r4r7      |                      | r4r7      | $\equiv$ |
| _        | r8r11     | br.call $b0 = Unmap$ | r8r11     | $\sim$   |
| _        | r12r13    |                      | r12r13    | $\equiv$ |
| control  | r14       |                      | r14       | $\sim$   |
| _        | r15r31    |                      | r15r31    | $\sim$   |
| $MR_{0}$ | out0      |                      | out0      | $MR_{0}$ |
| $MR_{1}$ | out1      |                      | out1      | $MR_{1}$ |
| $MR_2$   | out2      |                      | out2      | $MR_2$   |
| $MR_3$   | out3      |                      | out3      | $MR_3$   |
| $MR_{4}$ | out4      |                      | out4      | $MR_4$   |
| $MR_{5}$ | out5      |                      | out5      | $MR_{5}$ |
| $MR_{6}$ | out6      |                      | out6      | $MR_{6}$ |
| $MR_{7}$ | out7      |                      | out7      | $MR_7$   |
| _        | out8out95 |                      | out8out95 | $\sim$   |

## SPACECONTROL [Privileged Systemcall]

```
- \ Space \ Control \rightarrow
                             r1
                             r2...r3
                                                                                   r2...r3
                                                                                                 \sim
                             r4...r7
                                                                                   r4...r7
                                               br.call \quad b0 = SpaceControl
                                                                                                 result
                            r8
                                                                                   r8
                                                                                   r9
                                                                                                 control
                            r10...r11
                                                                                   r10...r11
                            r12...r13
                                                                                   r12...r13
                                                                                                 \equiv
          SpaceSpecifier
                            r14
                                                                                   r14
                  control
                            r15
                                                                                   r15
KernelInterfacePageAra
                            r16
                                                                                   r16
               UtcbArea
                            r17
                                                                                   r17
              Redirector
                             r18
                                                                                   r18
                                                                                   r19...r31
                            r19...r31
                             out0...out95
                                                                                   out0...out95
```

## PROCESSORCONTROL [Privileged Systemcall]

```
- Processor Control \rightarrow
                       r1
                                                                             r1
                                                                                            \equiv
                       r2...r3
                                                                                            \equiv
                      r4...r7
                                                                             r4…r7
                                       br.call b0 = ProcessorControl
                                                                             r9...r11
                      r9...r11
                                                                                            \sim
                      r12...r13
                                                                             r12...r13
      {\it ProcessorNo}
                                                                             r14
                      r14
InternalFrequency
                       r15
                                                                             r15
ExternalFreqyency
                       r16
                                                                             r16
            voltage
                       r17
                                                                             r17
                       r18...r31
                                                                             r18...r31
                       out0...out95
                                                                             out0...out95
```

# MEMORYCONTROL [Privileged Systemcall]

| _             | r1        | $-\mathbf{M}$ | Iemory Conti | $rol \rightarrow$ | r1        | =        |
|---------------|-----------|---------------|--------------|-------------------|-----------|----------|
| _             | r2r3      |               |              |                   | r2r3      | $\sim$   |
| _             | r4r7      |               |              |                   | r4r7      | =        |
| _             | r8        | br.call       | b0 = Memory  | yControl          | r8        | result   |
| _             | r9r11     |               |              |                   | r9r11     | $\sim$   |
| _             | r12r13    |               |              |                   | r12r13    | $\equiv$ |
| control       | r14       |               |              |                   | r14       | $\sim$   |
| $attribute_0$ | r15       |               |              |                   | r15       | $\sim$   |
| $attribute_1$ | r16       |               |              |                   | r16       | $\sim$   |
| $attribute_2$ | r17       |               |              |                   | r17       | $\sim$   |
| $attribute_3$ | r18       |               |              |                   | r18       | $\sim$   |
| _             | r19r31    |               |              |                   | r19r31    | $\sim$   |
| $MR_{0}$      | out0      |               |              |                   | out0      | $\sim$   |
| $MR_{1}$      | out1      |               |              |                   | out1      | $\sim$   |
| $MR_{2}$      | out2      |               |              |                   | out2      | $\sim$   |
| $MR_3$        | out3      |               |              |                   | out3      | $\sim$   |
| $MR_{4}$      | out4      |               |              |                   | out4      | $\sim$   |
| $MR$ $_5$     | out5      |               |              |                   | out5      | $\sim$   |
| $MR$ $_{6}$   | out6      |               |              |                   | out6      | $\sim$   |
| $MR_{7}$      | out7      |               |              |                   | out7      | $\sim$   |
| _             | out8out95 |               |              |                   | out8out95 | $\sim$   |

# PAL\_CALL [Architecture Specific Systemcall]

| _     | r1        | - PAL Call $ ightarrow$  | r1        | =        |
|-------|-----------|--------------------------|-----------|----------|
| _     | r2r3      |                          | r2r3      | $\sim$   |
| _     | r4r7      |                          | r4r7      | $\equiv$ |
| _     | r8        | br.call $b0 = PAL\_Call$ | r8        | status   |
| _     | r9        |                          | r9        | ret1     |
| _     | r10       |                          | r10       | ret2     |
| _     | r11       |                          | r11       | ret3     |
| _     | r12r13    |                          | r12r13    | $\equiv$ |
| _     | r14r27    |                          | r14r27    | $\sim$   |
| idx   | r28       |                          | r28       | $\sim$   |
| arg I | r29       |                          | r29       | $\sim$   |
| arg2  | r30       |                          | r30       | $\sim$   |
| arg3  | r31       |                          | r31       | $\sim$   |
| _     | out0out95 |                          | out0out95 | $\sim$   |

# $\textbf{SAL\_CALL} \quad \textbf{[Architecture Specific Systemcall]}$

| _    | r1        | - SAL Call $ ightarrow$  | r1        | ≡        |
|------|-----------|--------------------------|-----------|----------|
| _    | r2r3      |                          | r2r3      | $\sim$   |
| _    | r4r7      |                          | r4r7      | $\equiv$ |
| _    | r8        | br.call $b0 = SAL\_Call$ | r8        | status   |
| _    | r9        |                          | r9        | ret1     |
| _    | r10       |                          | r10       | ret2     |
| _    | r11       |                          | r11       | ret3     |
| _    | r12r13    |                          | r12r13    | =        |
| _    | r14r31    |                          | r14r31    | $\sim$   |
| idx  | out0      |                          | out0      | $\sim$   |
| arg1 | out1      |                          | out1      | $\sim$   |
| arg2 | out2      |                          | out2      | $\sim$   |
| arg3 | out3      |                          | out3      | $\sim$   |
| arg4 | out4      |                          | out4      | $\sim$   |
| arg5 | out5      |                          | out5      | $\sim$   |
| arg6 | out6      |                          | out6      | $\sim$   |
| _    | out7out95 |                          | out7out95 | $\sim$   |
|      |           |                          | •         |          |

# B.4 PCI Configuration Space [ia64]

On ia64 processors, the PCI configuration space is handled as fpages. PCI Config fpages can be mapped, granted, and unmapped like memory fpages. Their minimal granularity is 256 (i.e., one single device function). A PCI config fpage of size  $2^{s'}$  has a  $2^{s'}$ -aligned base address p, i.e.  $p \mod 2^{s'} = 0$ . An fpage with base PCI configuration address p and size  $2^{s'}$  is denoted as described below.



The execute bit of the PCI config fpage is ignored.

#### **Generic Programming Interface**

#include <l4/space.h>

Fpage PCIConfigFpage (Word BaseAddress, int FpageSize  $\geq 256$ )

Fpage PCIConfigFpageLog2 (Word BaseAddress, int Log2FpageSize < 64)

Delivers a PCI config fpage with the specified location and size.

CACHEABILITY HINTS 115

# B.5 Cacheability Hints [ia64]

String items can specify cacheability hints to the kernel (see page 56). For ia64, the cacheability hints have the following semantics.

- hh=00 Use the default cacheability strategy. Temporal locality is assumed for all cache levels. That is, cache lines are allocated on all levels for both data read and written.
- hh=01 No temporal locality is assumed for the first level cache. Temporal locality is assumed for all lower cache levels. That is, cache lines are allocated on all cache levels below L1 for both data read and written.
- hh=10 No temporal locality is assumed for the first and second level caches. Temporal locality is assumed for all lower cache levels. That is, cache lines are allocated on all cache levels below L2 for both data read and written.
- hh = 11 No temporal locality is assumed on any cache level. That is, cache lines are not allocated on any cache level.

Note that support for cacheability hints is processor dependent. Refer to the processor specification to see what type of locality hints the processor supports for load and store instructions.

#### **Convenience Programming Interface**

#include <l4/ipc.h>

CacheAllocationHint UseDefaultCacheLineAllocation

CacheAllocationHint CacheNonTemporalL1

CacheAllocationHint CacheNonTemporalL2

CacheAllocationHint CacheNonTemporalAllLevels

116 MEMORY ATTRIBUTES

# B.6 Memory Attributes [ia64]

The ia64 architecture in general supports the following memory attributes values.

| attribute            | value |
|----------------------|-------|
| Default              | 0     |
| Write Back           | 1     |
| Write Coalescing     | 7     |
| Uncacheable          | 5     |
| Uncacheable Exported | 6     |
| NaT Page             | 8     |

Note that some attributes are only supported on certain processors. See the "Intel Itanium Architecture Software Developer's Manual, Volume 2: System Architecture" for the semantics of the memory attributes.

## **Generic Programming Interface**

#include <I4/misc.h>

Word DefaultMemory

Word WriteBackMemory

Word WriteCoalescingMemory

Word UncacheableMemory

 $Word\ \ Uncacheable Exported Memory$ 

Word NaTPageMemory

MEMORY DESCRIPTORS 117

# B.7 Memory Descriptors [ia64]

The following memory descriptors (see page 6) are specific to the ia64 architecture.

| t   | type | Description |
|-----|------|-------------|
| 0x1 | 0xF  | ACPI Memory |

## **Generic Programming Interface**

#include <I4/kip.h>

Word ACPIMemoryType

# B.8 Exception Message Format [ia64]

To be defined.

# **Appendix C**

# PowerPC Interface

120 VIRTUAL REGISTERS

# C.1 Virtual Registers [powerpc]

#### **Thread Control Registers (TCRs)**

TCRs are mapped to memory locations. They are implemented as part of the PowerPC-specific user-level thread control block (UTCB). The address of the current thread's UTCB is identical to the thread's local ID, and is thus immutable. The UTCB address is provided in the general purpose register R2 at application start. The R2 register must contain the UTCB address for every system call invocation. UTCB objects of the current thread can be accessed as any other memory object. UTCBs of other threads must not be accessed, even if they are physically accessible. ThreadWord0 and ThreadWord1 are free to be used by systems software (e.g., IDL compilers). The kernel associates no semantics with these words.



The TCR MyLocalId is not part of the UTCB. On PowerPC it is identical with the UTCB address and can be loaded from register R2.

#### Message Registers (MRs)

Message registers  $MR_0$  through  $MR_9$  map to the processor's general purpose register file. The remaining message registers map to memory locations in the UTCB.  $MR_{10}$  starts at byte offset 40 in the UTCB, and successive message registers follow in memory.

VIRTUAL REGISTERS 121





#### **Buffer Registers (BRs)**

The buffer registers map to memory locations in the UTCB. BR  $_{0}$  is at byte offset -64 in the UTCB, BR  $_{1}$  at byte offset -68, etc.



## **UTCB Memory With Undefined Semantics**

The kernel will associate no semantics with memory located at *UTCB address*... *UTCB address* + 39. The application can use this memory as thread local storage, e.g., for implementing the L4 API. Note, however, that the memory contents within this region may be overwritten during a system-call operating on message registers.

All undefined UTCB memory which is not covered by the above mentioned region may have kernel defined semantics.

# C.2 Systemcalls [powerpc]

The PowerPC system calls are invoked by changing the location of the instruction pointer to the location of the system call address, with the return address in the link-return (LR) register. The invocation may take place via any mechanism which changes the instruction pointer location. The precise locations of the system calls are stored in the kernel interface page (see page 2).

The locations of the system calls are fixed during the life of an application, although they may change outside of the life of an application. It is not valid to prelink an application against a set of system call locations. The official locations are always provided in the kernel interface page.

The registers defined to survive across system-call invocations (unless otherwise noted) are: R1, R2, R30, R31, and the floating point registers. All other registers contain return values, are undefined, or may be preserved according to processor specific rules.

The R2 register must contain the UTCB pointer when invoking all system calls.

PowerPC uses one alternative system call invocation mechanism, for the KERNELINTERFACE system call. This system call is invoked via the 'tlbia' instruction, and most registers are preserved across the function call.

## KERNELINTERFACE [Slow Systemcall]

UTCB
$$R2$$
- KernelInterface $R2$  $\equiv$ -  $R3$ -  $R4$ -  $R4$  $R4$  $R5$  $R4$  $R4$  $R4$  $API$  Version-  $R5$ -  $R6$ -  $R5$  $R5$  $API$  Flags-  $R6$ -  $R7$ -  $R6$  $R6$  $R6$  $R6$  $R6$  $R6$ -  $R7$ -  $R8$ -  $R8$  $R8$  $R8$  $R8$ -  $R9$ -  $R10$  $R10$  $R10$  $R10$ 

For this system-call, all registers other than the output registers are preserved. The tlbia instruction encoding is 0x7c0002e4.

#### **EXCHANGEREGISTERS** [Systemcall]

```
UTCB
                                 - Exchange Registers \rightarrow
                      R2
                                                                 R2
                                                                        \equiv
                                                                        result
               dest
                      R3
                                                                 R3
            control
                                                                        control
                      R4
                                                                 R4
                                  call ExchangeRegisters
                                                                        SP
                SP
                      R5
                                                                 R5
                 ΙP
                                                                 R6
                                                                        ΙP
                      R6
            FLAGS
                      R7
                                                                 R7
                                                                        FLAGS
                                                                        User Defined Handle\\
UserDefinedHandle
                                                                 R8
                      R8
             pager
                                                                        pager
```

"FLAGS" refers to the user-modifiable PowerPC processor flags that are held in the MSR register. See the PowerPC Processor Mirroring section (page 129).

# THREADCONTROL [Privileged Systemcall]

| UTCB           | R2  | - Thread Control $ ightarrow$ | R2  | =      |
|----------------|-----|-------------------------------|-----|--------|
| dest           | R3  |                               | R3  | result |
| SpaceSpecifier | R4  |                               | R4  | $\sim$ |
| Scheduler      | R5  | call <i>ThreadControl</i>     | R5  | $\sim$ |
| Pager          | R6  |                               | R6  | $\sim$ |
| UtcbLocation   | R7  |                               | R7  | $\sim$ |
| _              | R8  |                               | R8  | $\sim$ |
| _              | R9  |                               | R9  | $\sim$ |
| _              | R10 |                               | R10 | $\sim$ |

# SYSTEMCLOCK [Systemcall]

| UTCB | R2  | - SystemClock $ ightarrow$ | R2  | =          |
|------|-----|----------------------------|-----|------------|
| _    | R3  |                            | R3  | clock 3263 |
| _    | R4  |                            | R4  | clock 031  |
| _    | R5  | call SystemClock           | R5  | $\sim$     |
| _    | R6  |                            | R6  | $\sim$     |
| _    | R7  |                            | R7  | $\sim$     |
| _    | R8  |                            | R8  | $\sim$     |
| _    | R9  |                            | R9  | $\sim$     |
| _    | R10 |                            | R10 | $\sim$     |
|      |     |                            | '   |            |

# THREADSWITCH [Systemcall]

| UTCB | R2  | - ThreadSwitch $ ightarrow$ | R2  | $\equiv$ |
|------|-----|-----------------------------|-----|----------|
| dest | R3  |                             | R3  | $\sim$   |
| _    | R4  |                             | R4  | $\sim$   |
| _    | R5  | call <i>ThreadSwitch</i>    | R5  | $\sim$   |
| _    | R6  |                             | R6  | $\sim$   |
| _    | R7  |                             | R7  | $\sim$   |
| _    | R8  |                             | R8  | $\sim$   |
| _    | R9  |                             | R9  | $\sim$   |
| _    | R10 |                             | R10 | $\sim$   |

# SCHEDULE [Systemcall]

| UTCB               | R2  | - Schedule $ ightarrow$ | R2  | =            |
|--------------------|-----|-------------------------|-----|--------------|
| dest               | R3  |                         | R3  | result       |
| time control       | R4  |                         | R4  | time control |
| processor control  | R5  | call <i>Schedule</i>    | R5  | $\sim$       |
| prio               | R6  |                         | R6  | $\sim$       |
| preemption control | R7  |                         | R7  | $\sim$       |
| _                  | R8  |                         | R8  | $\sim$       |
| _                  | R9  |                         | R9  | $\sim$       |
| _                  | R10 |                         | R10 | $\sim$       |
|                    |     | •                       |     |              |

# IPC [Systemcall]

| $MR_{9}$ R0 $\left  \qquad -\mathbf{Ipc}  ightarrow \left  \qquad R0 \right $ | $MR_{9}$ |
|-------------------------------------------------------------------------------|----------|
| - R1 R1                                                                       | $\equiv$ |
| UTCB R2 R2                                                                    | $\equiv$ |
| $MR_1$ $R3$ call $Ipc$ $R3$                                                   | $MR_{1}$ |
| $MR_2$ $R4$ $R4$                                                              | $MR_2$   |
| $MR_3$ $R5$ $R5$                                                              | $MR_3$   |
| $MR_4$ $R6$ $R6$                                                              | $MR_4$   |
| MR 5 R7 R7                                                                    | $MR_{5}$ |
| MR 6 R8 R8                                                                    | $MR_{6}$ |
| MR 7 R9 R9                                                                    | $MR_{7}$ |
| MR 8 R10 R10                                                                  | $MR_{8}$ |
| - R11 R11                                                                     | $\sim$   |
| - R12 R12                                                                     | $\sim$   |
| - R13 R13                                                                     | $\sim$   |
| $MR_0$ R14                                                                    | $MR_0$   |
| to R15 R15                                                                    | $\sim$   |
| FromSpecifier R16 R16                                                         | from     |
| Timeouts R17 R17                                                              | $\sim$   |

## LIPC [Systemcall]

| MR 9          | RO  | - Lipc $ ightarrow$ | R0  | $MR_{9}$ |
|---------------|-----|---------------------|-----|----------|
| _             | R1  |                     | R1  | $\equiv$ |
| UTCB          | R2  |                     | R2  | $\equiv$ |
| $MR_{1}$      | R3  | call <i>Lipc</i>    | R3  | $MR_{1}$ |
| $MR_{2}$      | R4  |                     | R4  | $MR_2$   |
| $MR_3$        | R5  |                     | R5  | $MR_3$   |
| $MR_{\ 4}$    | R6  |                     | R6  | $MR_4$   |
| $MR_{5}$      | R7  |                     | R7  | $MR_{5}$ |
| $MR_{6}$      | R8  |                     | R8  | $MR_{6}$ |
| $MR_{7}$      | R9  |                     | R9  | $MR_{7}$ |
| $MR$ $_8$     | R10 |                     | R10 | $MR_{8}$ |
| _             | R11 |                     | R11 | $\sim$   |
| _             | R12 |                     | R12 | $\sim$   |
| _             | R13 |                     | R13 | $\sim$   |
| $MR_{0}$      | R14 |                     | R14 | $MR_{0}$ |
| to            | R15 |                     | R15 | $\sim$   |
| FromSpecifier | R16 |                     | R16 | from     |
| Timeouts      | R17 |                     | R17 | $\sim$   |
|               |     |                     |     |          |

# UNMAP [Systemcall]

```
MR_9
           R0
                               - \ Unmap \rightarrow
                                                              R0
                                                                     MR_9
           R1
                                                              R1
                                                                     \equiv
UTCB
                                                                     \equiv
           R2
                                                              R2
 MR <sub>1</sub>
MR <sub>2</sub>
                                                                     MR <sub>1</sub>
           R3
                                call Unmap
                                                              R3
 MR <sub>3</sub>
MR <sub>4</sub>
           R5
                                                              R5
                                                                     MR_3
                                                              R6
                                                                     MR_4
           R6
 MR 5
MR 6
                                                              R7
                                                                     MR_{\,5}
           R7
                                                              R8
                                                                     MR_{6}
           R8
  MR_7
                                                              R9
                                                                     MR_{7}
           R9
  MR_{8}
                                                              R10
                                                                     MR_{8}
           R10
           R11
                                                              R11
           R12
                                                              R12
                                                                     \sim
           R13
                                                              R13
  MR_0
           R14
                                                              R14
                                                                     MR_0
control
                                                              R15
           R15
```

# SPACECONTROL [Privileged Systemcall]

| UTCB                    | R2        | - Space Control $ ightarrow$ | R2  | =       |
|-------------------------|-----------|------------------------------|-----|---------|
| SpaceSpecifier          | R3        |                              | R3  | result  |
| control                 | R4        |                              | R4  | control |
| KernelInterfacePageArea | R5        | call SpaceControl            | R5  | $\sim$  |
| UtcbArea                | R6        |                              | R6  | $\sim$  |
| Redirector              | <i>R7</i> |                              | R7  | $\sim$  |
| _                       | R8        |                              | R8  | $\sim$  |
| _                       | R9        |                              | R9  | $\sim$  |
| _                       | R10       |                              | R10 | $\sim$  |

# PROCESSORCONTROL [Privileged Systemcall]

| UTCB         | R2  | - Processor Control $ ightarrow$ | R2  | ≡      |
|--------------|-----|----------------------------------|-----|--------|
| processor no | R3  |                                  | R3  | result |
| InternalFreq | R4  |                                  | R4  | $\sim$ |
| ExternalFreq | R5  | call ProcessorControl            | R5  | $\sim$ |
| voltage      | R6  |                                  | R6  | $\sim$ |
| _            | R7  |                                  | R7  | $\sim$ |
| _            | R8  |                                  | R8  | $\sim$ |
| _            | R9  |                                  | R9  | $\sim$ |
| _            | R10 |                                  | R10 | $\sim$ |

## MEMORYCONTROL [Privileged Systemcall]

| MD            |     | M C                           | l = 0 |        |
|---------------|-----|-------------------------------|-------|--------|
| $MR_{9}$      | R0  | - Memory Control $ ightarrow$ | R0    | $\sim$ |
| _             | R1  |                               | R1    | =      |
| UTCB          | R2  |                               | R2    | =      |
| $MR_{1}$      | R3  | call <i>MemoryControl</i>     | R3    | result |
| $MR_{2}$      | R4  |                               | R4    | $\sim$ |
| $MR_3$        | R5  |                               | R5    | $\sim$ |
| $MR_{\ 4}$    | R6  |                               | R6    | $\sim$ |
| MR 5          | R7  |                               | R7    | $\sim$ |
| $MR_{6}$      | R8  |                               | R8    | $\sim$ |
| $MR_{7}$      | R9  |                               | R9    | $\sim$ |
| $MR_{8}$      | R10 |                               | R10   | $\sim$ |
| _             | R11 |                               | R11   | $\sim$ |
| _             | R12 |                               | R12   | $\sim$ |
| _             | R13 |                               | R13   | $\sim$ |
| $MR_{0}$      | R14 |                               | R14   | $\sim$ |
| control       | R15 |                               | R15   | $\sim$ |
| $attribute_0$ | R16 |                               | R16   | $\sim$ |
| $attribute_1$ | R17 |                               | R17   | $\sim$ |
| $attribute_2$ | R18 |                               | R18   | $\sim$ |
| $attribute_3$ | R19 |                               | R19   | $\sim$ |
|               |     |                               |       |        |

126 MEMORY ATTRIBUTES

# C.3 Memory Attributes [powerpc]

The PowerPC architecture supports the following memory/cache attribute values, to be used with the MEMORYCONTROL system-call:

| attribute                   | value |
|-----------------------------|-------|
| Default                     | 0     |
| Write-through               | 1     |
| Write-back                  | 2     |
| Caching-inhibited           | 3     |
| Caching-enabled             | 4     |
| Memory-global (coherent)    | 5     |
| Memory-local (not coherent) | 6     |
| Guarded                     | 7     |
| Speculative                 | 8     |

The default attributes enable write-back, caching, and speculation. Only if the kernel is compiled with support for multiple processors will memory coherency be enabled by default.

The PowerPC architecture places a variety of restrictions on the usage of the memory/cache attributes. Some combinations are meaningless (such as combining write-through with caching-inhibited), or are not permitted and will lead to undefined behavior (for example, instruction fetching is incompatible with some combinations of attributes). The precise semantics of the memory/cache access attributes are described in the "Programming Environments Manual For 32-Bit Implementations of the PowerPC Architecture."

Before disabling the cache for a page, the software must ensure that all memory belonging to the target page is flushed from the cache.

#### **Generic Programming Interface**

#include <I4/misc.h>

Word DefaultMemory

Word WriteThroughMemory

Word WriteBackMemory

Word CachingInhibitedMemory

Word CachingEnabledMemory

Word GlobalMemory

Word LocalMemory

Word GuardedMemory

Word SpeculativeMemory

# C.4 Exception Message Format [powerpc]

## **System Call Trap**

#### System Call Trap Message to Exception Handler

| Flags (32)                                             | MR <sub>12</sub> |
|--------------------------------------------------------|------------------|
| SP (32)                                                | MR <sub>11</sub> |
| IP (32)                                                | MR 10            |
| R0 (32)                                                | MR 9             |
| R10 (32)                                               | MR 8             |
| R9 (32)                                                | MR 7             |
| R8 (32)                                                | MR 6             |
| R7 (32)                                                | MR 5             |
| R6 (32)                                                | MR 4             |
| R5 (32)                                                | MR 3             |
| R4 (32)                                                | MR 2             |
| R3 (32)                                                | MR 1             |
| $\begin{array}{ c c c c c c c c c c c c c c c c c c c$ | MR <sub>0</sub>  |

When user code executes the PowerPC 'sc' instruction, the kernel delivers the system call trap message to the exception handler. The kernel preserves only partial user state when handling an 'sc' instruction. State is preserved similarly to the SVR4 PowerPC ABI for function calls. The non-volatile registers are R1, R2, R13...R31, CR2, CR3, CR4, LR, and FPSCR. The volatile registers are R0, R3...R12, CR0, CR1, CR5...CR7, CTR, and XER. Thread virtual registers may also be clobbered.

## **Generic Traps**

Generic Trap Message To Exception Handler

| LocalID (32)                                           | MR 6            |  |  |  |  |  |
|--------------------------------------------------------|-----------------|--|--|--|--|--|
| ErrorCode (32)                                         |                 |  |  |  |  |  |
| ExceptionNo (32)                                       |                 |  |  |  |  |  |
| Flags (32)                                             |                 |  |  |  |  |  |
| SP (32)                                                |                 |  |  |  |  |  |
| IP (32)                                                |                 |  |  |  |  |  |
| $\begin{array}{ c c c c c c c c c c c c c c c c c c c$ | MR <sub>0</sub> |  |  |  |  |  |

The kernel synthesizes exception messages in response to architecture specific events. Some traps are handled by the kernel and therefore do not generate exception messages. The kernel preserves all user state, including thread virtual registers.

PROCESSOR MIRRORING 129

# C.5 Processor Mirroring [powerpc]

The kernel will expose the following supervisor instructions to all user level programs via emulation: MFSPR for the PVR, MFSPR and MTSPR for the DABR and other cpu-specific debug registers.

The kernel will emulate the MFSPR and MTSPR instructions for accessing cpu-specific performance monitor registers on behalf of privileged tasks. The performance monitor registers are global, and not per-thread.

The EXCHANGEREGISTERS system-call accesses the flags of the processor. The flags map directly to the PowerPC MSR register. The following bits may be read and modified by user applications: LE, BE, SE, FE0, and FE1. The kernel also exposes additional cpu-specific bits.

130 BOOTING

# C.6 Booting [powerpc]

#### **Apple New World Compatible Machines**

L4 must be loaded into memory at the physical location defined by the kernel's ELF header. It can be started with virtual addressing enabled or disabled. Execution of L4 must begin at the entry point defined by the kernel's ELF header.

When entering the kernel, the registers which support in-register file parameter passing, R3–R10 according to the SVR4 ABI, must be cleared for upwards compatibility, except as noted below. All other registers in the register file are undefined at kernel entry.

The kernel may use OpenFirmware for debug console I/O. To support OpenFirmware I/O, the OpenFirmware virtual mode client call-back address must be passed to the kernel in register R5, and OpenFirmware must be prepared to handle client call-backs using virtual addressing. In all other cases, register R5 must be zero.

The boot loader must copy the OpenFirmware device tree to memory, and record its physical location in a memory descriptor of the kernel interface page. The copy of the device tree must include the package handles of the device tree nodes

# **Appendix D**

# PowerPC64 Interface

#### D.1 Virtual Registers [powerpc64]

#### **Thread Control Registers (TCRs)**

TCRs are mapped to memory locations. They are implemented as part of the ppc64-specific user-level thread control block (UTCB). The address of the current thread's UTCB is identical to the thread's local ID, and is thus immutable. Setting the UTCB address of an active thread via ThreadControl is similar to deletion and re-creation. There is a fixed correlation between the UtcbLocation parameter when invoking ThreadControl and the UTCB address. The UTCB address is provided in the abi thread register r13 at application start. UTCB objects of the current thread can then be accessed as any other memory object. UTCBs of other threads must not be accessed, even if they are physically accessible. ThreadWord0 and ThreadWord1 are free to be used by systems software (e.g., IDL compilers). The kernel associates no semantics with these words.





The TCR *MyLocalId* is not part of the UTCB. On PowerPC64 it is identical with the UTCB address and can be loaded from register *r13*.

#### Message Registers (MRs)

Message registers MR  $_0$  through MR  $_9$  map to local registers in the processor's general purpose register file for IPC and LIPC calls, otherwise they are located in the UTCB. The remaining message registers map to memory locations in the UTCB. MR  $_0$  starts at byte offset 512 in the UTCB, and successive message registers follow in memory.

| <b>MR</b> <sub>09</sub> | MR 9            | r23 |
|-------------------------|-----------------|-----|
|                         | MR 8            | r22 |
|                         | MR 7            | r21 |
|                         | MR <sub>6</sub> | r20 |
|                         | MR 5            | r19 |
|                         | MR 4            | r18 |
|                         | MR 3            | r17 |
|                         | MR <sub>2</sub> | r16 |
|                         | MR <sub>1</sub> | r15 |
|                         | MR <sub>0</sub> | r14 |
|                         |                 |     |
| $MR_{063}$ [UTCB fie    | lds]            |     |

# Buffer Registers (BRs)

The buffer registers map to memory locations in the UTCB. BR  $_{\rm 0}$  is at byte offset 248 in the UTCB, BR  $_{\rm 1}$  at byte offset 256, etc.

MR  $_{63}$   $_{(64)}$ 

MR  $_{0\ (64)}$ 

+1016

← UTCB address + 512



#### **UTCB Memory With Undefined Semantics**

The kernel will associate no semantics with memory located at *UTCB address* + 80... *UTCB address* + 247. The application can use this memory as thread local storage, e.g., for implementing the L4 API. Note, however, that the memory contents within this region may be overwritten during a system-call operating on message registers.

All undefined UTCB memory which is not covered by the above mentioned region may have kernel defined semantics.

#### D.2 Systemcalls [powerpc64]

The system-calls which are invoked by the bctrl or instruction take the target of the calls from the system call link fields in the kernel interface page (see page 2). Each system-call link value specifies an address relative to the kernel interface page's base address. One may invoke the system calls with any instruction that branches to the appropriate target, as long as the return-address is contained in lr.

The locations of the system-calls are fixed during the life of an application, although they may change outside of the life of an application. It is not valid to prelink an application against a set of system call locations. The official locations are always provided in the KIP.

The system call definitions below only specify the contexts of the general purpose registers. Except for the KERNELINTERFACE system-call, the contents of user accessible state registers are assumed to be scratched. The floating-point registers are assumed to be preserved accross system calls.

#### KERNELINTERFACE [Slow Systemcall]

| _ | r0r2  | - KernelInterface $ ightarrow$ | r0r2  | =                |
|---|-------|--------------------------------|-------|------------------|
| _ | r3    |                                | r3    | KIP base address |
| _ | r4    |                                | r4    | API Version      |
| _ | r5    | tlbia                          | r5    | API Flags        |
| _ | r6    |                                | r6    | Kernel ID        |
| _ | r7r31 |                                | r7r31 | ≡                |
| _ | lr    |                                | lr    | =                |
| _ | ctr   |                                | ctr   | =                |
| _ | cr    |                                | cr    | =                |
| _ | xer   |                                | xer   | =                |

For this system-call, all registers other than the output registers are preserved.

#### EXCHANGEREGISTERS [Systemcall]

| _                 | r0       | $-$ Exchange Registers $\rightarrow$ | r0       | ~                    |
|-------------------|----------|--------------------------------------|----------|----------------------|
| _                 | r1       |                                      | r1       | ≡                    |
| _                 | r2       |                                      | r2       | =                    |
| dest              | r3       | betrl                                | r3       | result               |
| control           | r4       |                                      | r4       | control              |
| SP                | r5       |                                      | r5       | SP                   |
| IP                | r6       |                                      | r6       | IP                   |
| FLAGS             | r7       |                                      | r7       | FLAGS                |
| UserDefinedHandle | r8       |                                      | r8       | User De fined Handle |
| pager             | r9       |                                      | r9       | pager                |
| isLocal           | r10      |                                      | r10      | isLocal              |
| _                 | r11, r12 |                                      | r11, r12 | $\sim$               |
| UTCB              | r13      |                                      | r13      | UTCB                 |
| _                 | r14r29   |                                      | r14r29   | $\sim$               |
| _                 | r30, r31 |                                      | r30, r31 | =                    |
| _                 | lr       |                                      | lr       | $\sim$               |
| ExchangeRegisters | ctr      |                                      | ctr      | $\sim$               |
| _                 | cr       |                                      | cr       | ~                    |
| _                 | xer      |                                      | xer      | $\sim$               |

<sup>&</sup>quot;FLAGS" refers to the user-modifiable powerpc64 processor flags that are held in the msr register.

#### THREADCONTROL [Privileged Systemcall]

| _             | r0       | - Thread Control $ ightarrow$ | r0       | $\sim$   |
|---------------|----------|-------------------------------|----------|----------|
| _             | r1       |                               | r1       | $\equiv$ |
| _             | r2       |                               | r2       | $\equiv$ |
| dest          | r3       | betrl                         | r3       | result   |
| space         | r4       |                               | r4       | $\sim$   |
| scheduler     | r5       |                               | r5       | $\sim$   |
| pager         | r6       |                               | r6       | $\sim$   |
| UtcbLocation  | r7       |                               | r7       | $\sim$   |
| _             | r8r12    |                               | r8r12    | $\sim$   |
| UTCB          | r13      |                               | r13      | UTCB     |
| _             | r14r29   |                               | r14r29   | $\sim$   |
| _             | r30, r31 |                               | r30, r31 | $\equiv$ |
| _             | lr       |                               | lr       | $\sim$   |
| ThreadControl | ctr      |                               | ctr      | $\sim$   |
| _             | cr       |                               | cr       | $\sim$   |
| _             | xer      |                               | xer      | $\sim$   |

# SYSTEMCLOCK [Systemcall]

| _           | r0       | - SystemClock $ ightarrow$ | r0       | $\sim$   |
|-------------|----------|----------------------------|----------|----------|
| _           | r1       |                            | r1       | $\equiv$ |
| _           | r2       |                            | r2       | $\equiv$ |
| _           | r3       | bctrl                      | r3       | clock    |
| _           | r4r12    |                            | r4r12    | $\sim$   |
| UTCB        | r13      |                            | r13      | UTCB     |
| _           | r14r29   |                            | r14r29   | $\sim$   |
| _           | r30, r31 |                            | r30, r31 | $\equiv$ |
| _           | lr       |                            | lr       | $\sim$   |
| SystemClock | ctr      |                            | ctr      | $\sim$   |
| _           | cr       |                            | cr       | $\sim$   |
| _           | xer      |                            | xer      | $\sim$   |

## THREADSWITCH [Systemcall]

| _            | r0       | $-$ ThreadSwitch $\rightarrow$ | r0       | $\sim$   |
|--------------|----------|--------------------------------|----------|----------|
| _            | r1       | 1                              | r1       | $\equiv$ |
| _            | r2       |                                | r2       | $\equiv$ |
| dest         | r3       | betrl                          | r3       | $\sim$   |
| _            | r4r12    | 1                              | r4r12    | $\sim$   |
| UTCB         | r13      |                                | r13      | UTCB     |
| _            | r14r29   |                                | r14r29   | $\sim$   |
| _            | r30, r31 | ,                              | r30, r31 | $\equiv$ |
| _            | lr       |                                | lr       | $\sim$   |
| ThreadSwitch | ctr      |                                | ctr      | $\sim$   |
| _            | cr       |                                | cr       | $\sim$   |
| _            | xer      |                                | xer      | $\sim$   |
|              |          |                                |          |          |

#### SCHEDULE [Systemcall]

| _                  | r0       | - Schedule $ ightarrow$ | r0       | $\sim$       |
|--------------------|----------|-------------------------|----------|--------------|
| _                  | r1       |                         | r1       | =            |
| _                  | r2       |                         | r2       | =            |
| dest               | r3       | betrl                   | r3       | result       |
| time control       | r4       |                         | r4       | time control |
| processor control  | r5       |                         | r5       | $\sim$       |
| priority           | r6       |                         | r6       | $\sim$       |
| preemption control | r7       |                         | r7       | $\sim$       |
| _                  | r8r12    |                         | r8r12    | $\sim$       |
| UTCB               | r13      |                         | r13      | UTCB         |
| _                  | r14r29   |                         | r14r29   | $\sim$       |
| _                  | r30, r31 |                         | r30, r31 | =            |
| _                  | lr       |                         | lr       | $\sim$       |
| Schedule           | ctr      |                         | ctr      | $\sim$       |
| _                  | cr       |                         | cr       | $\sim$       |
| _                  | xer      |                         | xer      | $\sim$       |

#### IPC [Systemcall]

```
-\;Ipc \rightarrow
                   r0
                                                                        r0
                   r1
                                                                        r1
                                                                                     \equiv
                  r2
                                                                        r2
             to
                  r3
                                               bctrl
                                                                        r3
                                                                                    from
FromSpecifier
                  r4
                                                                        r4
                                                                                     \sim
                                                                                     \sim
     Timeouts
                  r5
                                                                        r5
                   r6...r12
                                                                        r6...r12
        UTCB
                                                                        r13
                                                                                     UTCB
                  r13
          MR_0
                                                                                     MR_0
                  r14
                                                                        r14
         MR <sub>1</sub>
MR <sub>2</sub>
                  r15
                                                                        r15
                                                                                     MR_{1}
                                                                                     MR_2
                  r16
                                                                        r16
         MR 3 r17
MR 4 r18
MR 5 r19
                                                                                     MR_3
                                                                        r17
                                                                                     MR_4
                                                                        r18
                                                                                     MR_{5}
                  r19
                                                                        r19
         MR 6
MR 7
MR 8
                  r20
                                                                        r20
                                                                                     MR_{6}
                                                                                     MR_7
                  r21
                                                                        r21
                  r22
                                                                        r22
                                                                                     MR_{8}
          MR_{9}
                                                                                     MR 9
                  r23
                                                                        r23
                  r24...r29
                                                                        r24...r29
                                                                                     \equiv
                  r30, r31
                                                                        r30, r31
                  lr
                                                                        lr
                                                                                     \sim
            Ipc ctr
                                                                        ctr
                                                                                     \sim
                   cr
                                                                        cr
                                                                        xer
                  xer
```

#### LIPC [Systemcall]

| _             | r0       | $-\operatorname{\mathbf{Lipc}}\rightarrow$ | r0       | $\sim$   |
|---------------|----------|--------------------------------------------|----------|----------|
| _             | r1       |                                            | r1       | $\equiv$ |
| _             | r2       |                                            | r2       | ≡        |
| to            | r3       | betrl                                      | r3       | from     |
| FromSpecifier | r4       |                                            | r4       | $\sim$   |
| Timeouts      | r5       |                                            | r5       | $\sim$   |
| _             | r6r12    |                                            | r6r12    | $\sim$   |
| UTCB          | r13      |                                            | r13      | UTCB     |
| $MR_{0}$      | r14      |                                            | r14      | $MR_{0}$ |
| $MR_{1}$      | r15      |                                            | r15      | $MR_{1}$ |
| $MR_2$        | r16      |                                            | r16      | $MR_2$   |
| $MR_3$        | r17      |                                            | r17      | $MR_3$   |
| $MR_{\ 4}$    | r18      |                                            | r18      | $MR_{4}$ |
| $MR$ $_5$     | r19      |                                            | r19      | $MR_{5}$ |
| $MR_{6}$      | r20      |                                            | r20      | $MR_{6}$ |
| $MR_{7}$      | r21      |                                            | r21      | $MR_{7}$ |
| $MR_{8}$      | r22      |                                            | r22      | $MR_{8}$ |
| $MR_{9}$      | r23      |                                            | r23      | $MR_{9}$ |
| _             | r24r29   |                                            | r24 r29  | $\sim$   |
| _             | r30, r31 |                                            | r30, r31 | =        |
| _             | lr       |                                            | lr       | $\sim$   |
| Lipc          | ctr      |                                            | ctr      | $\sim$   |
| _             | cr       |                                            | cr       | $\sim$   |
| _             | xer      |                                            | xer      | $\sim$   |

#### UNMAP [Systemcall]

| _       | r0       | - Unmap $ ightarrow$ | r0       | $\sim$   |
|---------|----------|----------------------|----------|----------|
| _       | r1       |                      | r1       | $\equiv$ |
| _       | r2       |                      | r2       | =        |
| control | r3       | betrl                | r3       | $\sim$   |
| _       | r4r12    |                      | r4r12    | $\sim$   |
| UTCB    | r13      |                      | r13      | UTCB     |
| _       | r14r29   |                      | r14r29   | $\sim$   |
| _       | r30, r31 |                      | r30, r31 | $\equiv$ |
| _       | lr       |                      | lr       | $\sim$   |
| Unmap   | ctr      |                      | ctr      | $\sim$   |
| _       | cr       |                      | cr       | $\sim$   |
| _       | xer      |                      | xer      | $\sim$   |
|         |          |                      |          |          |

#### SPACECONTROL [Privileged Systemcall]

```
r0
                                                  - \, \textbf{Space Control} \rightarrow
                               r1
                                                                                  r1
                                                                                              \equiv
                              r2
                                                                                  r2
                                                                                              \equiv
           SpaceSpecifier
                              r3
                                                          bctrl
                                                                                              result
                                                                                  r3
                   control r4
                                                                                              control
KernelInterfacePageArea
UtcbArea
                              r5
                                                                                  r5
                                                                                              \sim
                Redirector
                              r7
                                                                                  r7
                              r8...r12
                                                                                  r8...r12
                    UTCB
                                                                                               UTCB
                              r13
                                                                                  r13
                              r14...r29
                                                                                  r14...r29
                               r30, r31
                                                                                  r30, r31
                                                                                               \equiv
                                                                                  lr
             SpaceControl
                               cr
                                                                                  cr
```

# PROCESSORCONTROL [Privileged Systemcall]

| _                | r0       | - Processor Control $ ightarrow$ | r0       | $\sim$ |
|------------------|----------|----------------------------------|----------|--------|
| _                | r1       |                                  | r1       | ≡      |
| _                | r2       |                                  | r2       | ≡      |
| ProcessorNo      | r3       | betrl                            | r3       | result |
| InternalFreq     | r4       |                                  | r4       | $\sim$ |
| ExternalFreq     | r5       |                                  | r5       | $\sim$ |
| voltage          | r6       |                                  | r6       | $\sim$ |
| _                | r7r12    |                                  | r7r12    | $\sim$ |
| UTCB             | r13      |                                  | r13      | UTCB   |
| _                | r14r29   |                                  | r14r29   | $\sim$ |
| _                | r30, r31 |                                  | r30, r31 | ≡      |
| _                | lr       |                                  | lr       | $\sim$ |
| ProcessorControl | ctr      |                                  | ctr      | $\sim$ |
| _                | cr       |                                  | cr       | $\sim$ |
| _                | xer      |                                  | xer      | $\sim$ |

#### MEMORYCONTROL [Privileged Systemcall]

| _             | r0       | - Memory Control $ ightarrow$ | r0       | $\sim$   |
|---------------|----------|-------------------------------|----------|----------|
| _             | r1       |                               | r1       | ≡        |
| _             | r2       |                               | r2       | ≡        |
| control       | r3       | bctrl                         | r3       | result   |
| $attribute_0$ | r4       |                               | r4       | $\sim$   |
| $attribute_1$ | r5       |                               | r5       | $\sim$   |
| $attribute_2$ | r6       |                               | r6       | $\sim$   |
| $attribute_3$ | r7       |                               | r7       | $\sim$   |
| _             | r8r12    |                               | r8r12    | $\sim$   |
| UTCB          | r13      |                               | r13      | UTCB     |
| _             | r14r29   |                               | r14r29   | $\sim$   |
| _             | r30, r31 |                               | r30, r31 | $\equiv$ |
| _             | lr       |                               | lr       | $\sim$   |
| MemoryControl | ctr      |                               | ctr      | $\sim$   |
| _             | cr       |                               | cr       | $\sim$   |
| _             | xer      |                               | xer      | $\sim$   |

MEMORY ATTRIBUTES 139

# D.3 Memory Attributes [powerpc64]

The powerpc64 architecture supports the following memory/cache attribute values, to be used with the MEMORYCONTROL system-call:  $\frac{1}{2} \left( \frac{1}{2} \right) = \frac{1}{2} \left( \frac{1}{2} \right) \left( \frac{1}$ 

| attribute | value |
|-----------|-------|
| Default   | 0     |
| Uncached  | 1     |
| Coherent  | 2     |

The default attributes depend on the platform and not all modes are defined for all processors.

## D.4 Exception Message Format [powerpc64]

#### **System Call Trap**

#### System Call Trap Message to Exception Handler

| Flags (64)                                             | MR 12            |  |  |  |  |
|--------------------------------------------------------|------------------|--|--|--|--|
| SP <sub>(64)</sub>                                     | MR 11            |  |  |  |  |
| IP <sub>(64)</sub>                                     | MR <sub>10</sub> |  |  |  |  |
| r0 <sub>(64)</sub>                                     |                  |  |  |  |  |
| r10 <sub>(64)</sub>                                    | MR 8             |  |  |  |  |
| r9 <sub>(64)</sub>                                     | MR 7             |  |  |  |  |
| r8 <sub>(64)</sub>                                     | MR $_6$          |  |  |  |  |
| r7 <sub>(64)</sub>                                     |                  |  |  |  |  |
| r6 <sub>(64)</sub>                                     | MR <sub>4</sub>  |  |  |  |  |
| r5 <sub>(64)</sub>                                     | MR $_3$          |  |  |  |  |
| r4 <sub>(64)</sub>                                     | MR $_2$          |  |  |  |  |
| r3 <sub>(64)</sub>                                     | MR 1             |  |  |  |  |
| $\begin{array}{ c c c c c c c c c c c c c c c c c c c$ | MR $_0$          |  |  |  |  |

When user code executes the PowerPC sc instruction, the kernel delivers the system call trap message to the exception handler. The kernel preserves only partial user state when handling a sc instruction. State is preserved similarly for the inclusive set of saved registers according the 64-bit PowerPC ELF ABI for function calls.

The non-volatile registers are: r1, r2, r13 ... r31, CR2 ... CR4

The volatile registers are: r0, r3 ... r12, LR, CTR, XER, CR0, CR1, CR5 ... CR7

Thread virtual registers may also be clobbered.

#### **Generic Traps**

Generic Trap Message To Exception Handler

| ErrorAddress (64)                       |  |  |  |  |  |
|-----------------------------------------|--|--|--|--|--|
| LocalID (64)                            |  |  |  |  |  |
| ErrorCode (64)                          |  |  |  |  |  |
| ExceptionNo (64)                        |  |  |  |  |  |
| Flags (64)                              |  |  |  |  |  |
| SP <sub>(64)</sub>                      |  |  |  |  |  |
| IP (64)                                 |  |  |  |  |  |
| $0_{(4)}$ $t = 0_{(6)}$ $u = 6/7_{(6)}$ |  |  |  |  |  |

The kernel synthesizes exception messages in response to architecture specific events. Some traps are handled by the kernel and therefore do not generate exception messages. Exceptions that provide an error address use the *ErrorAddress* register and specify 7 Untyped words, otherwise only 6 Untyped words will be sent. The kernel preserves all user state, including thread virtual registers.

For some exceptions, The following is a table of values for the Generic Trap *ExceptionNo*:

| Exception       | ExceptionNo | ErrorCode | Delivered             | ErrorAddress |
|-----------------|-------------|-----------|-----------------------|--------------|
| System Reset    | 0x100       | -         | No                    | -            |
| Machine Check   | 0x200       | -         | No                    | -            |
| DSI             | 0x300       | DSISR     | If not paging related | Yes          |
| ISI             | 0x400       | -         | If not paging related | No           |
| Interrupt       | 0x500       | _         | No                    | No           |
| Alignment       | 0x600       | DSISR     | Yes                   | Yes          |
| Program         | 0x700       | _         | Yes                   | Yes          |
| FPU Unavailable | 0x800       | -         | No                    | -            |
| Decrementer     | 0x900       | _         | No                    | _            |
| System Call     | 0xc00       | _         | No                    | _            |
| Trace           | 0xd00       | -         | If kdb not using      | No           |
| FPU Assist      | 0xe00       | _         | Yes                   | No           |
| Performance     | 0xf00       | -         | Yes                   | No           |
| Breakpoint      | 0x1300      | _         | Yes                   | No           |
| Soft Patch      | 0x1500      | -         | Yes                   | No           |
| Maintenance     | 0x1600      | -         | Yes                   | No           |
| Instrumentation | 0x2000      | _         | Yes                   | No           |

Note, not all of these exceptions will be delivered via exception IPC. Some will be handled by the kernel. Delivered exceptions are indicated in the last column of the table above.

142 BOOTING

#### D.5 Booting [powerpc64]

#### **IBM OpenFirmware Machines**

L4 must be loaded into memory at the physical location defined by the kernel's ELF header. It can be started with virtual addressing enabled or disabled. Execution of L4 must begin at the entry point defined by the kernel's ELF header.

When entering the kernel, the registers which support in-register file parameter passing, R3–R10 according to the Open-Power ABI, must be cleared for upwards compatibility, except as noted below. All other registers in the register file are undefined at kernel entry.

The kernel may use OpenFirmware for debug console I/O. To support OpenFirmware I/O, the OpenFirmware virtual mode client call-back address must be passed to the kernel in register R5, and OpenFirmware must be prepared to handle client call-backs using virtual addressing???. In all other cases, register R5 must be zero.

The boot loader must copy the OpenFirmware device tree to memory, and record its physical location in a memory descriptor of the kernel interface page. The copy of the device tree must include the package handles of the device tree nodes

# **Appendix E**

# Alpha Interface

#### E.1 Virtual Registers [alpha]

#### **Thread Control Registers (TCRs)**

TCRs are mapped to memory locations. They are implemented as part of the Alpha-specific user-level thread control block (UTCB). The address of the current thread's UTCB is identical to the thread's local ID, and is thus immutable. The UTCB (and hence local ID) is available through the rdunique PAL call. UTCB objects of the current thread can be accessed as any other memory object. UTCBs of other threads must not be accessed, even if they are physically accessible.

| ThreadWord1 (64)                            | +88    |
|---------------------------------------------|--------|
| ThreadWord0 (64)                            | +80    |
| VirtualSender/ActualSender (64)             | +72    |
| IntendedReceiver (64)                       | +64    |
| ErrorCode (64)                              | +56    |
| XferTimeouts (64)                           | +48    |
| $\sim$ (48) cop flags (8) preempt flags (8) | +40    |
| ExceptionHandler (64)                       | +32    |
| Pager (64)                                  | +24    |
| UserDefinedHandle (64)                      | +16    |
| ProcessorNo (64)                            | +8     |
| MyGlobalId (64)                             | ← UTCB |



The TCR *MyLocalId* is not part of the UTCB. On Alpha it is identical with the UTCB address and can be found using the rdunique PAL call.

#### Message Registers (MRs)

Message registers  $MR_0$  through  $MR_8$  map to the processor's general purpose register file for IPC and LIPC calls. The remaining message registers map to memory locations in the UTCB.  $MR_9$  starts at byte offset 200 in the UTCB, and successive message registers follow in memory.

For the other system calls, message registers map to memory locations in the UTCB, with MR  $_0$  starting at byte offset 128



#### $MR_{9...63}$ [UTCB fields]



#### **Buffer Registers (BRs)**

The buffer registers map to memory locations in the UTCB. BR  $_0$  is at byte offset 640 in the UTCB, BR  $_1$  at byte offset 648, etc.



#### **UTCB Memory With Undefined Semantics**

The kernel will associate no semantics with memory located at *UTCB address* + 128... *UTCB address* + 199. The application can use this memory as thread local storage, e.g., for implementing the L4 API. Note, however, that the memory contents within this region may be overwritten during a system-call operating on message registers.

All undefined UTCB memory which is not covered by the above mentioned region may have kernel defined semantics.

### E.2 Systemcalls [alpha]

The system-calls invoked via the 'jsr' instruction are located in the kernel's area of the virtual address space. Their precise locations are stored in the kernel interface page (see page 2). One may invoke the system calls with any instruction that branches to the appropriate target, as long as the return-address register (RA) contains the correct return address.

The locations of the system-calls are fixed during the life of an application, although they may change outside of the life of an application. It is not valid to prelink an application against a set of system call locations. The official locations are always provided in the kip.

Unless explicitly stated, the kernel follows the Alpha calling convention for the system call interface. This means that arguments are passed in the a0 - a5 registers and the result is placed in the v0 register. All 's' registers are preserved and all 't' registers are undefined. The sp and ra registers are also preserved.

All floating point registers are preserved across a system call.

All other registers contain return values, are undefined, or may be preserved according to processor specific rules.

#### KERNELINTERFACE [Slow Systemcall]

```
- KernelInterface \rightarrow
                                                                       KIP base address
                         v0
0x4c34754b4b495034
                                                                      API Version
                                                                       API Flags
                                                                  a1
                         a1
                        a2
                                       call_pal cserve
                                                                  a2
                                                                       Kernel ID
                        a3
                                                                  а3
                                                                       \sim
                                                                  a4
                        a4
                         a5
                                                                  a5
```

#### **EXCHANGEREGISTERS** [Systemcall]

```
v0

    Exchange Registers →

                                                                 result
                                                                 control
              dest
                     a0
                                                            a0
           control
                                                                 SP
                     a1
                                                            a1
               SP
                                                                 ΙP
                              jsr ra, ExchangeRegisters
                     a2
                                                            a2
                                                                 FLAGS
                     а3
                                                            а3
           FLAGS
                                                                 UserDefinedHandle
                     a4
UserDefinedHandle
                     a5
                                                            a5
                                                                 pager
            pager
                                                            t1
```

#### THREADCONTROL [Privileged Systemcall]

```
- Thread Control \rightarrow
                                                                  result
          dest
                                                             a0
                 a0
SpaceSpecifier
                 a1
                                                             a1
                              jsr ra, ThreadControl
    Scheduler
                  a2
                                                             a2
                                                                  \sim
        Pager
                  а3
                                                             a3
 UtcbLocation
                  a4
                                                             a4
                  a5
                                                             a5
```

#### SYSTEMCLOCK [Systemcall]

Note that the SystemClock system call is currently UNIMPLEMENTED on Alpha.

## THREADSWITCH [Systemcall]

| _    | v0 | - ThreadSwitch $ ightarrow$ | v0 | $\sim$ |
|------|----|-----------------------------|----|--------|
| dest | a0 |                             | a0 | $\sim$ |
| _    | a1 |                             | a1 | $\sim$ |
| _    | a2 | jsr ra, <i>ThreadSwitch</i> | a2 | $\sim$ |
| _    | а3 |                             | а3 | $\sim$ |
| _    | a4 |                             | a4 | $\sim$ |
| _    | a5 |                             | a5 | $\sim$ |

#### SCHEDULE [Systemcall]

| _                  | v0 | - Schedule $ ightarrow$ | v0 | result       |
|--------------------|----|-------------------------|----|--------------|
| dest               | a0 |                         | a0 | Time Control |
| TimeControl        | a1 |                         | a1 | $\sim$       |
| Processor Control  | a2 | jsr ra, <i>Schedule</i> | a2 | $\sim$       |
| Priority           | a3 |                         | аЗ | $\sim$       |
| Preemption Control | a4 |                         | a4 | $\sim$       |
| _                  | a5 |                         | a5 | $\sim$       |
|                    |    |                         |    |              |

#### IPC [Systemcall]

| _        | v0 | - <b>Ipc</b> $ ightarrow$ | v0 | result   |
|----------|----|---------------------------|----|----------|
| dest     | a0 |                           | a0 | $\sim$   |
| source   | a1 |                           | a1 | $\sim$   |
| timeout  | a2 | jsr ra, <i>Ipc</i>        | a2 | $\sim$   |
| _        | а3 |                           | а3 | $\sim$   |
| _        | a4 |                           | a4 | $\sim$   |
| _        | a5 |                           | a5 | $\sim$   |
| $MR_{0}$ | s6 |                           | s6 | $MR_{0}$ |
| $MR_{1}$ | t6 |                           | t6 | $MR_{1}$ |
| $MR_2$   | t7 |                           | t7 | $MR_2$   |
| $MR_3$   | s0 |                           | s0 | $MR_3$   |
| $MR_{4}$ | s1 |                           | s1 | $MR_4$   |
| $MR_{5}$ | s2 |                           | s2 | $MR_{5}$ |
| $MR_{6}$ | s3 |                           | s3 | $MR_{6}$ |
| $MR_{7}$ | s4 |                           | s4 | $MR_{7}$ |
| $MR_{8}$ | s5 |                           | s5 | $MR_{8}$ |
|          |    |                           |    |          |

#### LIPC [Systemcall]

| _        | v0         | - Lipc $ ightarrow$ | v0 | result   |
|----------|------------|---------------------|----|----------|
| dest     | a0         |                     | a0 | $\sim$   |
| source   | a1         |                     | a1 | $\sim$   |
| timeout  | a2         | jsr ra, <i>Lipc</i> | a2 | $\sim$   |
| _        | a3         |                     | а3 | $\sim$   |
| _        | a4         |                     | a4 | $\sim$   |
| _        | a5         |                     | a5 | $\sim$   |
| $MR_{0}$ | s6         |                     | s6 | $MR_{0}$ |
| $MR_{1}$ | <i>t</i> 6 |                     | t6 | $MR_{1}$ |
| $MR_2$   | t7         |                     | t7 | $MR_2$   |
| $MR_3$   | s0         |                     | s0 | $MR_3$   |
| $MR_4$   | s1         |                     | s1 | $MR_{4}$ |
| $MR_{5}$ | s2         |                     | s2 | $MR_{5}$ |
| $MR_{6}$ | s3         |                     | s3 | $MR_{6}$ |
| $MR_{7}$ | s4         |                     | s4 | $MR_{7}$ |
| $MR_{8}$ | s5         |                     | s5 | $MR_{8}$ |

Note that on Alpha LIPC is not implemented: use IPC instead.

#### UNMAP [Systemcall]

#### SPACECONTROL [Privileged Systemcall]

```
- \ Space \ Control \rightarrow
                                                            result
                v0
SpaceSpecifier
                                                             control
                a0
                                                        a0
      control a1
                                                        a1
                           jsr ra, SpaceControl
     KIPArea
                                                        a2
               a2
   UTCBArea a3
                                                        a3
   Redirector
                                                        a4
                                                             \sim
                a4
                a5
```

#### PROCESSORCONTROL [Privileged Systemcall]

| _              | v0 | - Processor Control $ ightarrow$ | v0 | result |
|----------------|----|----------------------------------|----|--------|
| ProcessorNo    | a0 |                                  | a0 | $\sim$ |
| $\sim$         | a1 |                                  | a1 | $\sim$ |
| Internal Freq. | a2 | jsr ra, ProcessorControl         | a2 | $\sim$ |
| ExternalFreq.  | a3 |                                  | аЗ | $\sim$ |
| voltage        | a4 |                                  | a4 | $\sim$ |
| _              | a5 |                                  | a5 | $\sim$ |

Note that on Alpha the ProcessorControl system call is not implemented.

#### MEMORYCONTROL [Privileged Systemcall]

| _           | v0 | - Memory Control $ ightarrow$ | v0 | result |
|-------------|----|-------------------------------|----|--------|
| control     | a0 |                               | a0 | $\sim$ |
| attribute0  | a1 |                               | a1 | $\sim$ |
| attribute l | a2 | jsr ra, MemoryControl         | a2 | $\sim$ |
| attribute2  | аЗ |                               | аЗ | $\sim$ |
| attribute3  | a4 |                               | a4 | $\sim$ |
| _           | a5 |                               | a5 | $\sim$ |

Note that on Alpha the MemoryControl system call is not implemented: the memory attributes for a page are defined by the system, and cannot be controlled by the application (or kernel).

150 BOOTING

# E.3 Booting [alpha]

#### All SRM based machines

L4 must be loaded at the virtual address defined in the ELF header (corresponding to the physical region of the virtual address space). The kernel also requires the bootloader to initialise some kernel data structures, so the supplied bootloader is recommended.

The preferred method for booting the kernel is via BootP. Consult the SRM documentation for instructions on setting up SRM to boot a file from a remote host.

# **Appendix F**

# MIPS-64 Interface

#### F.1 Virtual Registers [MIPS-64]

#### **Thread Control Registers (TCRs)**

TCRs are mapped to memory locations. They are implemented as part of the mips64-specific user-level thread control block (UTCB). The address of the current thread's UTCB is identical to the thread's local ID, and is thus immutable. The UTCB (and hence local ID) is available in the  $k\theta$  register. UTCB objects of the current thread can be accessed as any other memory object. UTCBs of other threads must not be accessed, even if they are physically accessible.

| +88            |
|----------------|
| +80            |
| +72            |
| +64            |
| +56            |
| +48            |
| +40            |
| +32            |
| +24            |
| +16            |
| +8             |
| ← UTCB address |
|                |



The TCR MyLocalId is not part of the UTCB. On mips64 it is identical with the UTCB address and is always in the k0 register. The register should be treated as read-only. If modified, the effects are undefined.

#### Message Registers (MRs)

Message registers  $MR_0$  through  $MR_8$  map to the processor's general purpose register file for IPC and LIPC calls. The remaining message registers map to memory locations in the UTCB.  $MR_9$  starts at byte offset 200 in the UTCB, and successive message registers follow in memory.

The first nine message registers are mapped to the registers v1, s0 to s7. MR 9...63 are mapped to memory in the UTCB.

| MR <sub>08</sub> | MR <sub>0 (64)</sub> | v1 |
|------------------|----------------------|----|
|                  | MR <sub>1 (64)</sub> | s0 |
|                  | MR <sub>2 (64)</sub> | s1 |
|                  | MR <sub>3 (64)</sub> | s2 |
|                  | MR <sub>4 (64)</sub> | s3 |
|                  | MR <sub>5 (64)</sub> | s4 |
|                  | MR <sub>6 (64)</sub> | s5 |
|                  | MR <sub>7 (64)</sub> | s6 |

#### 

s7

MR  $_{8\ (64)}$ 

#### **Buffer Registers (BRs)**

The buffer registers map to memory locations in the UTCB. BR  $_0$  is at byte offset 640 in the UTCB, BR  $_1$  at byte offset 648, etc.



#### **UTCB Memory With Undefined Semantics**

The kernel will associate no semantics with memory located at *UTCB address* + 128... *UTCB address* + 191. The application can use this memory as thread local storage, e.g., for implementing the L4 API. Note, however, that the memory contents within this region may be overwritten during a system-call operating on message registers.

All undefined UTCB memory which is not covered by the above mentioned region may have kernel defined semantics.

#### F.2 Systemcalls [MIPS-64]

The system-calls invoked via the *jal* instruction are located in the kernel's area of the virtual address space. Their precise locations are stored in the kernel interface page (see page 2). One may invoke the system calls with any instruction that branches to the appropriate target, as long as the return-address register *RA* contains the correct return address.

The locations of the system-calls are fixed during the life of an application, although they may change outside of the life of an application. It is not valid to prelink an application against a set of system call locations. The official locations are always provided in the KIP.

In general, the kernel follows the MIPS ABI64 calling convention for the system call boundary. This means that arguments are passed in the a0 - a7 registers, and the result is placed in the v0 register. All floating point registers are preserved across a system call. All other registers contain return values, are undefined, or may be preserved according to processor specific rules.

#### KERNELINTERFACE [Slow Systemcall]

For this system-call, all registers other than the output registers are preserved.

#### **EXCHANGEREGISTERS** [Systemcall]

```
- Exchange Registers \rightarrow
                         at
                         v0
                                                                           v0
                                                                                     result
                         v1
                                                                           v1
                                         jal ExchangeRegisters
                 dest
                         a0
                                                                           a0
                                                                                     control
                                                                                     SP
             control
                                                                           a1
                        a1
                  SP
                                                                                     IP
                        a2
                                                                           a2
                  IP
                                                                                     FLAGS
                        a3
                                                                           а3
             FLAGS
                        t0
                                                                           a4
                                                                                     pager
User Defined Handle
                                                                                     UserDefinedHandle
                        t1
                                                                           a5
               pager
                        t2
                                                                           а6
                        t3
                                                                           a7
                        t4...t7
                                                                           t4...t7
                         s0...s7
                                                                           s0...s7
                        t8, t9
                                                                           t8, t9
                         gp
                                                                           gp
                                                                                     \equiv
                         sp
                                                                           sp
                         s8
                                                                           s8
                                                                                     \equiv
                                                                           ra
```

## THREADCONTROL [Privileged Systemcall]

| _         | at     | - Thread Control $ ightarrow$ | at     | $\sim$   |
|-----------|--------|-------------------------------|--------|----------|
| _         | v0     |                               | v0     | result   |
| _         | v1     |                               | v1     | $\sim$   |
| dest      | a0     | jal <i>ThreadControl</i>      | a0     | $\sim$   |
| space     | a1     |                               | a1     | $\sim$   |
| scheduler | a2     |                               | a2     | $\sim$   |
| pager     | a3     |                               | a3     | $\sim$   |
| UTCB      | t0     |                               | a4     | $\sim$   |
| _         | t1t3   |                               | a5a7   | $\sim$   |
| _         | t4t7   |                               | t4t7   | $\sim$   |
| _         | s0s7   |                               | s0s7   | $\sim$   |
| _         | t8, t9 |                               | t8, t9 | $\sim$   |
| _         | gp     |                               | gp     | $\sim$   |
| _         | sp     |                               | sp     | $\equiv$ |
| _         | s8     |                               | s8     | $\equiv$ |
| _         | ra     |                               | ra     | $\sim$   |

#### SYSTEMCLOCK [Systemcall]

| _ | at     | - SystemClock $ ightarrow$ | at     | $\sim$   |
|---|--------|----------------------------|--------|----------|
| _ | v0     |                            | v0     | clock    |
| _ | v1     |                            | v1     | $\sim$   |
| _ | a0a3   | jal <i>SystemClock</i>     | a0a3   | $\sim$   |
| _ | t0t3   |                            | a4a7   | $\sim$   |
| _ | t4t7   |                            | t4t7   | $\sim$   |
| _ | s0s7   |                            | s0s7   | $\sim$   |
| _ | t8, t9 |                            | t8, t9 | $\sim$   |
| _ | gp     |                            | gp     | $\sim$   |
| _ | sp     |                            | sp     | $\equiv$ |
| _ | s8     |                            | s8     | $\equiv$ |
| _ | ra     |                            | ra     | $\sim$   |

## THREADSWITCH [Systemcall]

| _    | at     | $-$ <b>ThreadSwitch</b> $\rightarrow$ at | $\sim$     |
|------|--------|------------------------------------------|------------|
| _    | v0, v1 | v0, v1                                   | $\sim$     |
| dest | a0     | a0                                       | $\sim$     |
| _    | a1a3   | jal ThreadSwitch a1a.                    | <i>3</i> ∼ |
| _    | t0t3   | a4a                                      | <i>7</i> ∼ |
| _    | t4t7   | t4t7                                     | $\sim$     |
| _    | s0s7   | s0s7                                     | 7 ~        |
| _    | t8, t9 | t8, t9                                   | $\sim$     |
| _    | gp     | gp                                       | $\sim$     |
| _    | sp     | sp                                       | $\equiv$   |
| _    | s8     | s8                                       | $\equiv$   |
| _    | ra     | ra                                       | $\sim$     |

# SCHEDULE [Systemcall]

| _                  | at     | - Schedule $ ightarrow$ | at     | $\sim$       |
|--------------------|--------|-------------------------|--------|--------------|
| _                  | v0     |                         | v0     | result       |
| _                  | v1     |                         | v1     | $\sim$       |
| dest               | a0     | jal <i>Schedule</i>     | a0     | time control |
| time control       | a1     |                         | a1     | $\sim$       |
| processor control  | a2     |                         | a2     | $\sim$       |
| priority           | a3     |                         | a3     | $\sim$       |
| preemption control | t0     |                         | a4     | $\sim$       |
| _                  | t1t3   |                         | a5a7   | $\sim$       |
| _                  | t4t7   |                         | t4t7   | $\sim$       |
| _                  | s0s7   |                         | s0s7   | $\sim$       |
| _                  | t8, t9 |                         | t8, t9 | $\sim$       |
| _                  | gp     |                         | gp     | $\sim$       |
| _                  | sp     |                         | sp     | =            |
| _                  | s8     |                         | s8     | =            |
| _                  | ra     |                         | ra     | $\sim$       |

## IPC [Systemcall]

| _             | at     | - <b>Ipc</b> $ ightarrow$ | at     | $\sim$     |
|---------------|--------|---------------------------|--------|------------|
| _             | v0     |                           | v0     | result     |
| $MR_{(0)}$    | v1     |                           | v1     | $MR_{(0)}$ |
| to            | a0     | jal <i>Ipc</i>            | a0     | $\sim$     |
| FromSpecifier | a1     |                           | a1     | $\sim$     |
| Timeouts      | a2     |                           | a2     | $\sim$     |
| _             | a3     |                           | a3     | $\sim$     |
| _             | t0t3   |                           | a4a7   | $\sim$     |
| _             | t4t7   |                           | t4t7   | $\sim$     |
| $MR_{1}$      | s0     |                           | s0     | $MR_{1}$   |
| $MR_2$        | s1     |                           | s1     | $MR_2$     |
| $MR_3$        | s2     |                           | s2     | $MR_3$     |
| $MR_{4}$      | s3     |                           | s3     | $MR_{4}$   |
| $MR_{5}$      | s4     |                           | s4     | $MR_{5}$   |
| $MR_{6}$      | s5     |                           | s5     | $MR_{6}$   |
| $MR_{7}$      | s6     |                           | s6     | $MR_{7}$   |
| $MR_{8}$      | s7     |                           | s7     | $MR_{8}$   |
| _             | t8, t9 |                           | t8, t9 | $\sim$     |
| _             | gp     |                           | gp     | $\sim$     |
| _             | sp     |                           | sp     | ≡          |
| _             | s8     |                           | s8     | ≡          |
| _             | ra     |                           | ra     | $\sim$     |

#### LIPC [Systemcall]

| _             | at     | - Lipc $ ightarrow$ | at     | $\sim$   |
|---------------|--------|---------------------|--------|----------|
| _             | v0     |                     | v0     | result   |
| _             | v1     |                     | v1     | $\sim$   |
| to            | a0     | jal <i>Lipc</i>     | a0     | $\sim$   |
| FromSpecifier | a1     |                     | a1     | $\sim$   |
| Timeouts      | a2     |                     | a2     | $\sim$   |
| _             | a3     |                     | a3     | $\sim$   |
| _             | t0t3   |                     | a4a7   | $\sim$   |
| _             | t4t7   |                     | t4t7   | $\sim$   |
| $MR_{0}$      | s0     |                     | s0     | $MR_{0}$ |
| $MR_{1}$      | s1     |                     | s1     | $MR_{1}$ |
| $MR_{2}$      | s2     |                     | s2     | $MR_2$   |
| $MR_3$        | s3     |                     | s3     | $MR_3$   |
| $MR_{\ 4}$    | s4     |                     | s4     | $MR_4$   |
| $MR_{5}$      | s5     |                     | s5     | $MR_{5}$ |
| $MR_{6}$      | s6     |                     | s6     | $MR_{6}$ |
| $MR_{7}$      | s7     |                     | s7     | $MR_{7}$ |
| _             | t8, t9 |                     | t8, t9 | $\sim$   |
| _             | gp     |                     | gp     | $\sim$   |
| _             | sp     |                     | sp     | $\equiv$ |
| _             | s8     |                     | s8     | $\equiv$ |
| _             | ra     |                     | ra     | $\sim$   |

#### UNMAP [Systemcall]

| _       | at     | - Unmap $ ightarrow$ | at     | $\sim$   |
|---------|--------|----------------------|--------|----------|
| _       | v0, v1 | -                    | v0, v1 | $\sim$   |
| control | a0     |                      | a0     | $\sim$   |
| _       | a1a3   | jal <i>Unmap</i>     | a1a3   | $\sim$   |
| _       | t0t3   |                      | a4a7   | $\sim$   |
| _       | t4t7   |                      | t4t7   | $\sim$   |
| _       | s0s7   |                      | s0s7   | $\sim$   |
| _       | t8, t9 |                      | t8, t9 | $\sim$   |
| _       | gp     |                      | gp     | $\sim$   |
| _       | sp     |                      | sp     | $\equiv$ |
| _       | s8     |                      | 88     | $\equiv$ |
| _       | ra     |                      | ra     | $\sim$   |

# SPACECONTROL [Privileged Systemcall]

| _                       | at     | - Space Control $ ightarrow$ | at     | $\sim$   |
|-------------------------|--------|------------------------------|--------|----------|
| _                       | v0     |                              | v0     | result   |
| _                       | v1     |                              | v1     | $\sim$   |
| SpaceSpecifier          | a0     | jal <i>SpaceControl</i>      | a0     | control  |
| control                 | a1     |                              | a1     | $\sim$   |
| KernelInterfacePageArea | a2     |                              | a2     | $\sim$   |
| UtcbArea                | аЗ     |                              | a3     | $\sim$   |
| Redirector              | tO     |                              | a4     | $\sim$   |
| _                       | t1t3   |                              | a5a7   | $\sim$   |
| _                       | t4t7   |                              | t4t7   | $\sim$   |
| _                       | s0s7   |                              | s0s7   | $\sim$   |
| _                       | t8, t9 |                              | t8, t9 | $\sim$   |
| _                       | gp     |                              | gp     | $\sim$   |
| _                       | sp     |                              | sp     | $\equiv$ |
| _                       | s8     |                              | s8     | ≡        |
| _                       | ra     |                              | ra     | $\sim$   |
|                         |        | !                            | •      |          |

# PROCESSORCONTROL [Privileged Systemcall]

| _            | at     | - Processor Control $ ightarrow$ | at     | $\sim$   |
|--------------|--------|----------------------------------|--------|----------|
| _            | v0     |                                  | v0     | result   |
| _            | v1     |                                  | v1     | $\sim$   |
| processor no | a0     | jal <i>ProcessorControl</i>      | a0     | $\sim$   |
| InternalFreq | a1     |                                  | a1     | $\sim$   |
| ExternalFreq | a2     |                                  | a2     | $\sim$   |
| voltage      | a3     |                                  | a3     | $\sim$   |
| _            | t0t3   |                                  | a4a7   | $\sim$   |
| _            | t4t7   |                                  | t4t7   | $\sim$   |
| _            | s0s7   |                                  | s0s7   | $\sim$   |
| _            | t8, t9 |                                  | t8, t9 | $\sim$   |
| _            | gp     |                                  | gp     | $\sim$   |
| _            | sp     |                                  | sp     | $\equiv$ |
| _            | s8     |                                  | s8     | $\equiv$ |
| _            | ra     |                                  | ra     | $\sim$   |

## MEMORYCONTROL [Privileged Systemcall]

| _             | at     | - Memory Control $ ightarrow$ | at     | $\sim$   |
|---------------|--------|-------------------------------|--------|----------|
| _             | v0     |                               | v0     | result   |
| _             | v1     |                               | v1     | $\sim$   |
| control       | a0     | jal <i>MemoryControl</i>      | a0     | $\sim$   |
| $attribute_0$ | a1     |                               | a1     | $\sim$   |
| $attribute_1$ | a2     |                               | a2     | $\sim$   |
| $attribute_2$ | a3     |                               | a3     | $\sim$   |
| $attribute_3$ | tO     |                               | a4     | $\sim$   |
| _             | t1t3   |                               | a5a7   | $\sim$   |
| _             | t4t7   |                               | t4t7   | $\sim$   |
| _             | s0s7   |                               | s0s7   | $\sim$   |
| _             | t8, t9 |                               | t8, t9 | $\sim$   |
| _             | gp     |                               | gp     | $\sim$   |
| _             | sp     |                               | sp     | $\equiv$ |
| _             | s8     |                               | s8     | $\equiv$ |
| _             | ra     |                               | ra     | $\sim$   |

MEMORY ATTRIBUTES 159

# F.3 Memory Attributes [MIPS-64]

The mips64 architecture supports the following memory/cache attribute values, to be used with the MEMORYCONTROL system-call:

| attribute                         | value |
|-----------------------------------|-------|
| Default                           | 0     |
| Uncached                          | 1     |
| Write-back                        | 2     |
| Write-through                     | 3     |
| Write-through (no allocate)       | 4     |
| Coherent                          | 5     |
| Flush-I (Flush instruction cache) | 30    |
| Flush-D (Flush data cache)        | 31    |

The default attributes depend on the platform and not all modes are defined for all processors.

Before disabling the cache for a page, the software must ensure that all memory belonging to the target page is flushed from the cache.

#### F.4 Exception Message Format [MIPS-64]

#### **System Call Trap**

#### System Call Trap Message to Exception Handler

| a7/t3 <sub>(64)</sub>                                                              | MR <sub>13</sub> |
|------------------------------------------------------------------------------------|------------------|
| a6/t2 <sub>(64)</sub>                                                              | MR <sub>12</sub> |
| a5/t1 <sub>(64)</sub>                                                              | MR <sub>11</sub> |
| a4/t0 (64)                                                                         | MR 10            |
| a3 <sub>(64)</sub>                                                                 | MR 9             |
| a2 <sub>(64)</sub>                                                                 | MR 8             |
| a1 <sub>(64)</sub>                                                                 | MR 7             |
| a0 <sub>(64)</sub>                                                                 | MR <sub>6</sub>  |
| V1 (64)                                                                            | MR 5             |
| v0 <sub>(64)</sub>                                                                 | MR 4             |
| Status (64)                                                                        | MR 3             |
| SP (64)                                                                            | MR 2             |
| IP (64)                                                                            | MR 1             |
| -5 <sub>(44)</sub> 0 <sub>(4)</sub> $t = 0$ <sub>(6)</sub> $u = 13$ <sub>(6)</sub> | MR <sub>0</sub>  |

When user code executes the Mips *syscall* instruction, the kernel delivers the system call trap message to the exception handler. The kernel preserves only partial user state when handling a *syscall* instruction. State is preserved similarly for the inclusive set of saved registers according the MIPS ABI 64,n32,o32 for function calls. The *Status* value is described under *Generic Traps*.

The non-volatile registers are:  $s0 \dots s7$ , gp, sp, fp/s8

The volatile registers are: AT, v0, v1,  $a0 \dots a7$ ,  $t4 \dots t9$ , k0, k1, ra, hi, lo

Thread virtual registers may also be clobbered.

#### **Generic Traps**

Generic Trap Message To Exception Handler

| LocalID (64)                                           |                 |  |  |
|--------------------------------------------------------|-----------------|--|--|
| ErrorCode (64)                                         |                 |  |  |
| ExceptionNo (64)                                       |                 |  |  |
| Status (64)                                            |                 |  |  |
| SP (64)                                                |                 |  |  |
| IP (64)                                                |                 |  |  |
| $\begin{array}{ c c c c c c c c c c c c c c c c c c c$ | MR <sub>0</sub> |  |  |

The kernel synthesizes exception messages in response to architecture specific events. Some traps are handled by the kernel and therefore do not generate exception messages. The kernel preserves all user state, including thread virtual registers. The *Status* value is encoded as *bits*: 31..1 = Flags: 31..1, *bit*: 0 = Branch. *Branch* indicates whether the exception took place in a branch delay slot or not.

The following is a table of values for the Generic Trap *ExceptionNo*:

| Exception                       | ExceptionNo | ErrorCode   | Delivered                   |
|---------------------------------|-------------|-------------|-----------------------------|
| Interrupt                       | 0           | -           | No                          |
| TLB Write Denied                | 1           | _           | No                          |
| TLB Miss Load                   | 2           | -           | No                          |
| TLB Miss Store                  | 3           | -           | No                          |
| Address Error (load/execute)    | 4           | BadVAddress | Yes                         |
| Address Error (store)           | 5           | BadVAddress | Yes                         |
| Bus Error (instruction)         | 6           | -           | Yes                         |
| Bus Error (data)                | 7           | _           | Yes                         |
| System Call                     | 8           | -           | $v0 \ge 0$                  |
| Break Point                     | 9           | _           | $!(-111 \ge AT \ge -100)$   |
| Reserved Instruction            | 10          | Instruction | $AT \neq MAGIC_KIP_REQUEST$ |
| Coprocessor Unavailable         | 11          | Number      | CP0, CP2, CP3               |
| Arithmetic Overflow             | 12          | -           | Yes                         |
| Trap                            | 13          | -           | Yes                         |
| Virtual Coherency (instruction) | 14          | _           | Yes                         |
| Floating Point                  | 15          | _           | Yes                         |
| Watch Point                     | 23          | _           | Unless used by kdb          |
| Virtual Coherency (data)        | 31          | -           | Yes                         |

Note, not all of these exceptions will be delivered via exception IPC. Some will be handled by the kernel. Delivered exceptions are indicated in the last column of the table above.

162 BOOTING

# F.5 Booting [MIPS-64]

The kernel is provided as an ELF file and must be loaded according to the load addresses defined in the ELF header (corresponding to the physical region of the virtual address space). The kernel must be started in 64bit mode.

# **Appendix G**

# AMD64 Interface

#### G.1 Virtual Registers [amd64]

#### **Thread Control Registers (TCRs)**

TCRs are implemented as part of the amd64-specific user-level thread control block (UTCB). The address of the current thread's UTCB will not change over the lifetime of the thread. Setting the UTCB address of an active thread via Thread-Control is similar to deletion and re-creation. There is a fixed correlation between the UtcbLocation parameter when invoking Thread-Control and the UTCB address. The UTCB address of the current thread can be loaded through a machine instruction

mov 
$$\%$$
gs:[0],  $\%$ *r*

UTCB objects of the current thread can then be accessed as any other memory object. UTCBs of other threads must not be accessed, even if they are physically accessible. ThreadWord0 and ThreadWord1 are free to be used by systems software (e.g., IDL compilers). The kernel associates no semantics with these words.



The TCR *MyLocalId* is not part of the UTCB. On amd64 it is identical with the UTCB address and can be loaded from memory location gs:[0].

#### Message Registers (MRs)

Memory-mapped MRs are implemented as part of the amd64-specific user-level thread control block (UTCB). The address of the current thread's UTCB will not change over the lifetime of the thread. Setting the UTCB address of an active thread via ThreadControl is similar to deletion and re-creation. There is a fixed correlation between the UtcbLocation parameter when invoking ThreadControl and the UTCB address. The UTCB address of the current thread can

be loaded through a machine instruction

mov 
$$\%$$
gs:[0],  $\%$ r

UTCB objects of the current thread can then be accessed as any other memory object. UTCBs of other threads must not be accessed, even if they are physically accessible.

The first 8 message registers MR  $_0$  through MR  $_7$  are always mapped to general register. MR  $_{8...63}$  are always mapped to memory.

| <b>MR</b> <sub>07</sub> | MR <sub>7</sub> | R15 |
|-------------------------|-----------------|-----|
|                         | MR <sub>6</sub> | R14 |
|                         | MR 5            | R13 |
|                         | MR 4            | R12 |
|                         | MR 3            | R10 |
|                         | MR <sub>2</sub> | RBX |
|                         | MR 1            | RAX |
|                         | MR <sub>0</sub> | R09 |

#### 

#### **Buffer Registers (BRs)**

BRs are implemented as part of the amd64-specific user-level thread control block (UTCB). The address of the current thread's UTCB will not change over the lifetime of the thread. Setting the UTCB address of an active thread via Thread-Control is similar to deletion and re-creation. There is a fixed correlation between the UtcbLocation parameter when invoking ThreadControl and the UTCB address. The UTCB address of the current thread can be loaded through a machine instruction

mov 
$$\%$$
gs:[0],  $\%$ r

UTCB objects of the current thread can then be accessed as any other memory object. UTCBs of other threads must not be accessed, even if they are physically accessible.

 $BR_{0...32}$  [UTCB fields]

| BR <sub>0 (64)</sub>  | ← UTCB address –128 |
|-----------------------|---------------------|
| BR <sub>1 (64)</sub>  | -136                |
| :                     | '                   |
| BR <sub>32 (64)</sub> | -384                |

# G.2 Systemcalls [amd64]

The system-calls which are invoked by the call instruction take the target of the calls the from system-call link fields in the kernel interface page (see page 2). Each system-call link specifies an address relative to the kernel interface page's base address. An application may use instructions other than call to invoke the system-calls, but must ensure that a valid return address resides on the stack.

#### KERNELINTERFACE [Slow Systemcall]

| _ | RAX | - KernelInterface $ ightarrow$ | RAX | base address |
|---|-----|--------------------------------|-----|--------------|
| _ | RCX |                                | RCX | API Version  |
| _ | RDX |                                | RDX | API Flags    |
| _ | RSI | lock: nop                      | RSI | Kernel ID    |
| _ | RDI |                                | RDI | =            |
| _ | RBX |                                | RBX | =            |
| _ | RBP |                                | RBP | =            |
| _ | R08 |                                | R08 | =            |
| _ | R09 |                                | R09 | =            |
| _ | R10 |                                | R10 | =            |
| _ | R11 |                                | R11 | =            |
| _ | R12 |                                | R12 | =            |
| _ | R13 |                                | R13 | =            |
| _ | R14 |                                | R14 | =            |
| _ | R15 |                                | R15 | =            |
| _ | RSP |                                | RSP | =            |

#### **EXCHANGEREGISTERS** [Systemcall]

```
- Exchange Registers \rightarrow
                dest
                       RAX \\
                                                                      result
                       RCX
                                                               RCX
                 SP
                        RDX
                                                               RDX
                                                                      SP
                                 {\it call} \ {\it ExchangeRegisters}
             control
                        RSI
                                                               RSI
                                                                      control
                                                               RDI
              pager
                        RDI
                                                                      pager
                                                               RBX
                       RBX
                                                                      \sim
                                                               RBP
                        RBP
                  IP
                                                                      ΙP
                        R08
                                                               R08
            FLAGS
                                                                      FLAGS
                        R09
                                                               R09
User Defined Handle \\
                                                                      User Defined Handle \\
                        R10
                                                               R10
                        R11
                                                               R11
                        R12
                                                               R12
                       R13
                                                               R13
                                                                      \sim
                        R14
                                                               R14
                                                               R15
                       R15
                        RSP
                                                               RSP
```

<sup>&</sup>quot;FLAGS" refers to the user-modifiable amd64 processor flags that are held in the RFLAGS register.

# THREADCONTROL [Privileged Systemcall]

| _              | RAX | $-$ Thread Control $\rightarrow$ | RAX | result |
|----------------|-----|----------------------------------|-----|--------|
| _              | RCX |                                  | RCX | $\sim$ |
| scheduler      | RDX |                                  | RDX | $\sim$ |
| pager          | RSI | call <i>ThreadControl</i>        | RSI | $\sim$ |
| dest           | RDI |                                  | RDI | $\sim$ |
| _              | RBX |                                  | RBX | $\sim$ |
| _              | RBP |                                  | RBP | $\sim$ |
| SpaceSpecifier | R08 |                                  | R08 | $\sim$ |
| UTCBLocation   | R09 |                                  | R09 | $\sim$ |
| _              | R10 |                                  | R10 | $\sim$ |
| _              | R11 |                                  | R11 | $\sim$ |
| _              | R12 |                                  | R12 | $\sim$ |
| _              | R13 |                                  | R13 | $\sim$ |
| _              | R14 |                                  | R14 | $\sim$ |
| _              | R15 |                                  | R15 | $\sim$ |
| _              | RSP |                                  | RSP | $\sim$ |

# SYSTEMCLOCK [Systemcall]

| _ | RAX | $-$ SystemClock $\rightarrow$ | RAX | clock  |
|---|-----|-------------------------------|-----|--------|
|   |     | System Clock 7                |     |        |
| _ | RCX |                               | RCX | $\sim$ |
| _ | RDX |                               | RDX | $\sim$ |
| _ | RSI | call SystemClock              | RSI | $\sim$ |
| _ | RDI |                               | RDI | $\sim$ |
| _ | RBX |                               | RBX | $\sim$ |
| _ | RBP |                               | RBP | $\sim$ |
| _ | R08 |                               | R08 | $\sim$ |
| _ | R09 |                               | R09 | $\sim$ |
| _ | R10 |                               | R10 | $\sim$ |
| _ | R11 |                               | R11 | $\sim$ |
| _ | R12 |                               | R12 | $\sim$ |
| _ | R13 |                               | R13 | $\sim$ |
| _ | R14 |                               | R14 | $\sim$ |
| _ | R15 |                               | R15 | $\sim$ |
| _ | RSP |                               | RSP | $\sim$ |
|   |     |                               |     |        |

# THREADSWITCH [Systemcall]

| _    | RAX | - ThreadSwitch $ ightarrow$ | RAX | $\sim$ |
|------|-----|-----------------------------|-----|--------|
| _    | RCX |                             | RCX | $\sim$ |
| _    | RDX |                             | RDX | $\sim$ |
| _    | RSI | call <i>ThreadSwitch</i>    | RSI | $\sim$ |
| dest | RDI |                             | RDI | $\sim$ |
| _    | RBX |                             | RBX | $\sim$ |
| _    | RBP |                             | RBP | $\sim$ |
| _    | R08 |                             | R08 | $\sim$ |
| _    | R09 |                             | R09 | $\sim$ |
| _    | R10 |                             | R10 | $\sim$ |
| _    | R11 |                             | R11 | $\sim$ |
| _    | R12 |                             | R12 | $\sim$ |
| _    | R13 |                             | R13 | $\sim$ |
| _    | R14 |                             | R14 | $\sim$ |
| _    | R15 |                             | R15 | $\sim$ |
| _    | RSP |                             | RSP | $\sim$ |

# SCHEDULE [Systemcall]

| _                  | RAX | - Schedule $ ightarrow$ | RAX | time control |
|--------------------|-----|-------------------------|-----|--------------|
| _                  | RCX |                         | RCX | $\sim$       |
| time control       | RDX |                         | RDX | $\sim$       |
| prio               | RSI | call <i>Schedule</i>    | RSI | $\sim$       |
| dest               | RDI |                         | RDI | $\sim$       |
| _                  | RBX |                         | RBX | $\sim$       |
| _                  | RBP |                         | RBP | $\sim$       |
| processor control  | R08 |                         | R08 | $\sim$       |
| preemption control | R09 |                         | R09 | $\sim$       |
| _                  | R10 |                         | R10 | $\sim$       |
| _                  | R11 |                         | R11 | $\sim$       |
| _                  | R12 |                         | R12 | $\sim$       |
| _                  | R13 |                         | R13 | $\sim$       |
| _                  | R14 |                         | R14 | $\sim$       |
| _                  | R15 |                         | R15 | $\sim$       |
| _                  | RSP |                         | RSP | $\sim$       |

#### IPC [Systemcall]

| $MR_{1}$      | RAX | $-$ Ipc $\rightarrow$ | RAX | $MR_{1}$ |
|---------------|-----|-----------------------|-----|----------|
| _             | RCX |                       | RCX | $\sim$   |
| FromSpecifier | RDX |                       | RDX | $\sim$   |
| to            | RSI | call <i>Ipc</i>       | RSI | from     |
| UTCB          | RDI |                       | RDI | $\equiv$ |
| $MR_2$        | RBX |                       | RBX | $MR_2$   |
| _             | RBP |                       | RBP | $\sim$   |
| Timeouts      | R08 |                       | R08 | $\sim$   |
| $MR_{0}$      | R09 |                       | R09 | $MR_{0}$ |
| $MR_3$        | R10 |                       | R10 | $MR_3$   |
| _             | R11 |                       | R11 | $\sim$   |
| $MR_{\ 4}$    | R12 |                       | R12 | $MR_4$   |
| $MR_{5}$      | R13 |                       | R13 | $MR_{5}$ |
| $MR_{6}$      | R14 |                       | R14 | $MR_{6}$ |
| $MR_{7}$      | R15 |                       | R15 | $MR_{7}$ |
| _             | RSP |                       | RSP | $\sim$   |

#### LIPC [Systemcall]

```
-\; Lipc \rightarrow
       MR_{1}
                                                     MR_{1}
               RAX
                                               RAX
                                               RCX
               RCX
FromSpecifier
               RDX
                                               RDX
      to
UTCB
                                                     from
                             call Lipc
               RSI
                                               RSI
               RDI
                                               RDI
                                                     MR_2
       MR_2
               RBX
                                               RBX
               RBP
                                               RBP
    Timeouts
               R08
                                               R08
       MR_0
MR_3
                                                     MR_0
               R09
                                               R09
               R10
                                               R10
                                                      MR_3
                                               R11
               R11
                                                      MR_4
        MR_4
               R12
                                               R12
       MR_{\,5}
                                                      MR_{\,5}
               R13
                                               R13
       MR_{6}
                                                      MR_{6}
               R14
                                               R14
       MR_7
                                                     MR_7
               R15
                                               R15
               RSP
                                               RSP
```

# UNMAP [Systemcall]

| MD       |     | TT                   |     | MD       |
|----------|-----|----------------------|-----|----------|
| $MR_{1}$ | RAX | - Unmap $ ightarrow$ | RAX | $MR_{1}$ |
| _        | RCX |                      | RCX | $\sim$   |
| control  | RDX |                      | RDX | $\sim$   |
| $\sim$   | RSI | call <i>Unmap</i>    | RSI | $\sim$   |
| UTCB     | RDI |                      | RDI | $\equiv$ |
| $MR_2$   | RBX |                      | RBX | $MR_2$   |
| _        | RBP |                      | RBP | $\sim$   |
| _        | R08 |                      | R08 | $\sim$   |
| $MR_{0}$ | R09 |                      | R09 | $MR_{0}$ |
| $MR_3$   | R10 |                      | R10 | $MR_3$   |
| _        | R11 |                      | R11 | $\sim$   |
| $MR_{4}$ | R12 |                      | R12 | $MR_4$   |
| $MR_{5}$ | R13 |                      | R13 | $MR_{5}$ |
| $MR_{6}$ | R14 |                      | R14 | $MR_{6}$ |
| $MR_{7}$ | R15 |                      | R15 | $MR_{7}$ |
| _        | RSP |                      | RSP | $\sim$   |

# SPACECONTROL [Privileged Systemcall]

| _                       | RAX | - Space Control $ ightarrow$ | RAX | result  |
|-------------------------|-----|------------------------------|-----|---------|
| _                       | RCX |                              | RCX | $\sim$  |
| KernelInterfacePageArea | RDX |                              | RDX | control |
| control                 | RSI | call SpaceControl            | RSI | $\sim$  |
| SpaceSpecifier          | RDI |                              | RDI | $\sim$  |
| _                       | RBX |                              | RBX | $\sim$  |
| _                       | RBP |                              | RBP | $\sim$  |
| UTCBArea                | R08 |                              | R08 | $\sim$  |
| Redirector              | R09 |                              | R09 | $\sim$  |
| _                       | R10 |                              | R10 | $\sim$  |
| _                       | R11 |                              | R11 | $\sim$  |
| _                       | R12 |                              | R12 | $\sim$  |
| _                       | R13 |                              | R13 | $\sim$  |
| _                       | R14 |                              | R14 | $\sim$  |
| _                       | R15 |                              | R15 | $\sim$  |
| _                       | RSP |                              | RSP | $\sim$  |
|                         |     |                              |     |         |

# PROCESSORCONTROL [Privileged Systemcall]

| _                 | RAX | $-$ Processor Control $\rightarrow$ | RAX | result |
|-------------------|-----|-------------------------------------|-----|--------|
| _                 | RCX |                                     | RCX | $\sim$ |
| ExternalFrequency | RDX |                                     | RDX | $\sim$ |
| InternalFrequency | RSI | call <i>ProcessorControl</i>        | RSI | $\sim$ |
| ProcessorNo       | RDI |                                     | RDI | $\sim$ |
| _                 | RBX |                                     | RBX | $\sim$ |
| _                 | RBP |                                     | RBP | $\sim$ |
| voltage           | R08 |                                     | R08 | $\sim$ |
| _                 | R09 |                                     | R09 | $\sim$ |
| _                 | R10 |                                     | R10 | $\sim$ |
| _                 | R11 |                                     | R11 | $\sim$ |
| _                 | R12 |                                     | R12 | $\sim$ |
| _                 | R13 |                                     | R13 | $\sim$ |
| _                 | R14 |                                     | R14 | $\sim$ |
| _                 | R15 |                                     | R15 | $\sim$ |
| _                 | RSP |                                     | RSP | $\sim$ |
|                   |     |                                     |     |        |

# MEMORYCONTROL [Privileged Systemcall]

| MD            | D 4 37 | Massacs Cantral               | 1 5.27 |        |
|---------------|--------|-------------------------------|--------|--------|
| $MR_{1}$      | RAX    | - Memory Control $ ightarrow$ | RAX    | $\sim$ |
| $attribute_0$ | RCX    |                               | RCX    | $\sim$ |
| control       | RDX    |                               | RDX    | result |
| $attribute_1$ | RSI    | call <i>MemoryControl</i>     | RSI    | $\sim$ |
| UTCB          | RDI    |                               | RDI    | =      |
| $MR_{2}$      | RBX    |                               | RBX    | $\sim$ |
| _             | RBP    |                               | RBP    | $\sim$ |
| $attribute_2$ | R08    |                               | R08    | $\sim$ |
| $MR_{0}$      | R09    |                               | R09    | $\sim$ |
| $MR_3$        | R10    |                               | R10    | $\sim$ |
| $attribute_3$ | R11    |                               | R11    | $\sim$ |
| $MR_{4}$      | R12    |                               | R12    | $\sim$ |
| $MR$ $_5$     | R13    |                               | R13    | $\sim$ |
| $MR_{6}$      | R14    |                               | R14    | $\sim$ |
| $MR_{7}$      | R15    |                               | R15    | $\sim$ |
| _             | RSP    |                               | RSP    | $\sim$ |

172 IO PORTS

# G.3 IO Ports [amd64]

#### **IO Fpages**

On AMD64 processors, IO-ports are handled as fpages. IO fpages can be mapped, granted, and unmapped like memory fpages. Their minimal granularity is 1. An IO-fpage of size  $2^{s'}$  has a  $2^{s'}$ -aligned base address p, i.e.  $p \mod 2^{s'} = 0$ . An fpage with base port address p and size  $2^{s'}$  is denoted as described below.

IO fpage 
$$(p,2^{s'})$$
 
$$p_{\;(48)} \hspace{1cm} s'_{\;(6)} \hspace{1cm} s=2_{\;(6)} \hspace{1cm} 0\,1\,1\,0$$

IO-ports can only be mapped idempotently, i.e., physical port x is either mapped at IO address x in the task's IO address space, or it is not mapped at all. There are no distinct rights associated with IO ports, i.e., a task can be granted either read- and write-access to an IO port, ore none at all.

#### **IO Pagefault Protocol**

A thread generating an IO port exception will cause the kernel to transparently generate an IO-pagefault IPC to the faulting thread's pager. The behavior of the faulting thread is undefined if the pager does not exactly follow this protocol.



| faulting user-level IP $_{(64)}$ |         |       |         |         | MR 2 |         |                 |
|----------------------------------|---------|-------|---------|---------|------|---------|-----------------|
| faulting port (48)               | size (6 | i)    | s = 2 ( | (6)     | 0110 | MR 1    |                 |
| -8 (44)                          | 0110    | 0 (4) | t =     | = 0 (6) | u    | = 2 (6) | MR <sub>0</sub> |

Acceptor [BR<sub>0</sub>]



The acceptor covers the complete IO address space. The kernel accepts mappings or grants into this region on behalf of the faulting thread. The received message is discarded.

#### **Generic Programming Interface**

#include <l4/amd64/specials.h>

Fpage IoFpage (Word BaseAddress, int FpageSize)

 $\textit{Fpage IoFpageLog2} \ \ (\textit{Word BaseAddress, int Log2FpageSize} <= 16)$ 

Delivers an IO fpage with the specified location and size.

CACHEABILITY HINTS 173

# G.4 Cacheability Hints [amd64]

String items can specify cacheability hints to the kernel (see page 56). For amd64, the cacheability hints have the following semantics.

hh=00 Use the processor's default cacheability strategy. Typically, cache lines are allocated for data read and written (assuming that the processor's default strategy is write-back and write-allocate).

hh=01 Allocate cache lines in the entire cache hierarchy for data read or written.

hh=10 Do not allocate new cache lines (entire cache hierarchy) for data read or written.

hh=11 Allocate only new L1 cache line for data read or written. Do not allocate cache lines in lower cache hierarchies.

#### **Convenience Programming Interface**

#include <l4/ipc.h>

CacheAllocationHint UseDefaultCacheLineAllocation

CacheAllocationHint AllocateNewCacheLines

CacheAllocationHint DoNotAllocateNewCacheLines

 $Cache Allocation Hint \ \ \textbf{AllocateOnlyNewL1CacheLines}$ 

174 MEMORY ATTRIBUTES

# G.5 Memory Attributes [amd64]

The AMD64 architecture in general supports the following memory attributes values.

| attribute       | value |
|-----------------|-------|
| Default         | 0     |
| Uncacheable     | 1     |
| Write Combining | 2     |
| Write Through   | 5     |
| Write Protected | 6     |
| Write Back      | 7     |

Note that some attributes are only supported on certain processors. See the "AMD64 Architecture Programmer's Manual Volume 2: System Programming" for the semantics of the memory attributes and which processors they are supported on.

#### **Generic Programming Interface**

#include <I4/misc.h>

Word DefaultMemory

Word UncacheableMemory

 $Word \ \ Write Combining Memory$ 

Word WriteThroughMemory

Word WriteProtectedMemory

Word WriteBackMemory

# G.6 Exception Message Format [amd64]

#### To Exception Handler

| ErrorCode   |       |       |               |                |                  |  |
|-------------|-------|-------|---------------|----------------|------------------|--|
| ExceptionNo |       |       |               |                |                  |  |
|             | RFL   | AGS   |               |                | MR <sub>18</sub> |  |
|             | RS    | SP    |               |                | MR 17            |  |
|             | R     | 11    |               |                | MR 16            |  |
|             | R     | 09    |               |                | MR <sub>15</sub> |  |
|             | R     | 08    |               |                | MR <sub>14</sub> |  |
|             | RI    | 3P    |               |                | MR 13            |  |
|             | Rl    | DI    |               |                | MR 12            |  |
|             | R     | SI    |               |                | MR 11            |  |
|             | RI    | ΟX    |               |                | MR 10            |  |
|             | RC    | CX    |               |                | MR 9             |  |
|             | R.A   | AX    |               |                | MR 8             |  |
|             | R     | 15    |               |                | MR 7             |  |
|             | R     | 14    |               |                | MR 6             |  |
|             | R     | 13    |               |                | MR 5             |  |
| R12         |       |       |               |                | MR 4             |  |
| R10         |       |       |               |                | MR 3             |  |
|             | RI    | ЗX    |               |                | MR 2             |  |
|             | R     | IP    |               |                | MR 1             |  |
| -4/-5 (44)  | 0 (4) | 0 (4) | $t = 0_{(6)}$ | $u = 20_{(6)}$ | MR <sub>0</sub>  |  |

#PF (page fault), #MC (machine check exception), and some #GP (general protection), #SS (stack segment fault), and #NM (no math coprocessor) exceptions are handled by the kernel and therefore do not generate exception messages.

Note that executing an INT n instructions in 32-bit mode will always raise a #GP (general protection). The exception handler may interpret the error code (8n+2, see processor manual) and emulate the INT n accordingly.

176 PROCESSOR MIRRORING

# G.7 Processor Mirroring [amd64]

#### **Segments**

L4 uses a flat (unsegmented) memory model. There are only three segments available: user\_space, a read/write segment, user\_space\_exec, an executable segment, and utcb\_address, a read-only segment. Both user\_space and user\_space\_exec cover (at least) the complete user-level address space. Utcb\_address covers only enough memory to hold the UTCB address.

The values of segment selectors *are undefined*. When a thread is created, its segment registers SS, DS, ES and FS are initialized with *user\_space*, GS with *utcb\_address*, and CS with *user\_space\_exec*. Whenever the kernel detects a general protection exception and the segment registers are not loaded properly, it reloads them with the above mentioned selectors. From the user's point of view, the segment registers cannot be modified.

However, the binary representation of *user\_space* and *user\_space\_exec* may change at any point during program execution. Never rely on any particular value.

Furthermore, the LSL (load segment limit) machine instruction may deliver wrong segment limits, even floating ones. The result of this instruction is always *undefined*.

#### **Debug Registers**

User-level debug registers exist per thread. DR0...3, DR6 and DR7 can be accessed by the machine instructions mov n,DRx and mov DRx,r. However, only task-local breakpoints can be activated, i.e., bits G0...3 in DR7 cannot be set. Breakpoints operate per thread. Breakpoints are signaled as #DB exception (INT 1).

Note that user-level breakpoints are suspended when kernel breakpoints are set by the kernel debugger.

#### **Model-Specific Registers**

All privileged threads in the system have read and write access to all the Model-Specific Registers (MSRs) of the CPU. Modification of some MSRs may lead to undefined system behavior. Any access to an MSR by an unprivileged thread will raise an exception.

BOOTING 177

# G.8 Booting [amd64]

#### **PC-compatible Machines**

L4 can be loaded at any 16-byte-aligned location beyond 0x1000 in physical memory. It can be started in real mode or in 32-bit protected mode at address 0x100 or 0x1000 relative to its load address. The protected-mode conditions are compliant to the Multiboot Standard Version 0.6.

| Start Preconditions             |                                  |                           |  |  |
|---------------------------------|----------------------------------|---------------------------|--|--|
|                                 | Real Mode                        | 32-bit Protected Mode     |  |  |
| load base (L)                   | $L \ge 0$ x1000, 16-byte aligned | $L \ge 0$ x1000           |  |  |
| load offset $(X)$               | X = 0x100  or  X = 0x1000        | X = 0x100  or  X = 0x1000 |  |  |
| Interrupts                      | disabled                         | disabled                  |  |  |
| Gate A20                        | ~                                | open                      |  |  |
| EFLAGS                          | I=0                              | I=0, VM=0                 |  |  |
| CR0                             | PE=0                             | PE=1, PG=0                |  |  |
| (E)IP                           | X                                | L + X                     |  |  |
| CS                              | L/16                             | 0, 4GB, 32-bit exec       |  |  |
| SS,DS,ES                        | ~                                | 0, 4GB, read/write        |  |  |
| EAX                             | ~                                | 0x2BADB002                |  |  |
| EBX                             | ~                                | $^*P$                     |  |  |
| $\langle P+0 \rangle$           |                                  | ∼ OR 1                    |  |  |
| $\langle P+4 \rangle$           | n/a                              | below 640 K mem in K      |  |  |
| $\langle P+8 \rangle$           |                                  | beyond 1M mem in K        |  |  |
| all remaining registers & flags |                                  |                           |  |  |
| (general, floating point,       | ~                                | ~                         |  |  |
| ESP, xDT, TR, CRx, DRx)         |                                  |                           |  |  |

L4 relocates itself to 0x1000, enters protected mode if started in real mode, enables paging and initializes itself.

178 BOOTING

# **Appendix H**

# SPARC v9 Interface

180 VIRTUAL REGISTERS

# H.1 Virtual Registers [SPARC v9]

#### **Thread Control Registers (TCRs)**

TCRs are mapped to memory locations. They are implemented as part of the sparc64-specific user-level thread control block (UTCB). The address of the current thread's UTCB is identical to the thread's local ID, and is thus immutable. Setting the UTCB address of an active thread via ThreadControl is similar to deletion and re-creation. There is a fixed correlation between the UtcbLocation parameter when invoking ThreadControl and the UTCB address. The UTCB address is provided in the general purpose register g7 at application start. UTCB objects of the current thread can then be accessed as any other memory object. UTCBs of other threads must not be accessed, even if they are physically accessible. ThreadWord0 and ThreadWord1 are free to be used by systems software (e.g., IDL compilers). The kernel associates no semantics with these words.





The TCR *MyLocalId* is not part of the UTCB. On SPARC v9 it is identical with the UTCB address and can be loaded from register g7.

#### Message Registers (MRs)

Message registers MR  $_0$  through MR  $_7$  map to the local registers of the current window in the processor's general purpose register file for IPC and LIPC calls, otherwise they are located in the UTCB. The remaining message registers map to memory locations in the UTCB. MR  $_0$  starts at byte offset 512 in the UTCB, and successive message registers follow in memory.

VIRTUAL REGISTERS 181





#### **Buffer Registers (BRs)**

The buffer registers map to memory locations in the UTCB. BR  $_0$  is at byte offset 248 in the UTCB, BR  $_1$  at byte offset 256, etc.



#### **UTCB Memory With Undefined Semantics**

The kernel will associate no semantics with memory located at *UTCB address* + 80... *UTCB address* + 247. The application can use this memory as thread local storage, e.g., for implementing the L4 API. Note, however, that the memory contents within this region may be overwritten during a system-call operating on message registers.

All undefined UTCB memory which is not covered by the above mentioned region may have kernel defined semantics.

# H.2 Systemcalls [SPARC-v9]

The system-calls which are invoked by the *jmpl* instruction take the target of the calls from the system call link fields in the kernel interface page (see page 2). Each system-call link value specifies an address relative to the kernel interface page's base address. One may invoke the system calls with any instruction that branches to the appropriate target, as long as the return-address is contained in o7.

The locations of the system-calls are fixed during the life of an application, although they may change outside of the life of an application. It is not valid to prelink an application against a set of system call locations. The official locations are always provided in the KIP.

The system call definitions below only specify the contexts of the general purpose registers. Except for the KERNELINTERFACE system-call, the contents of user accessible state registers are assumed to be scratched. The floating-point registers are assumed to be preserved accross system calls.

#### KERNELINTERFACE [Slow Systemcall]

#### **EXCHANGEREGISTERS** [Systemcall]

| _                 | g1     | - Exchange Registers $ ightarrow$ | g1     | $\sim$            |
|-------------------|--------|-----------------------------------|--------|-------------------|
| _                 | g2,g3  |                                   | g2,g3  | ≡                 |
| FLAGS             | g4     |                                   | g4     | FLAGS             |
| _                 | g5,g6  | jmpl ExchangeRegisters            | g5,g6  | $\sim$            |
| UTCB              | g7     | · -                               | g7     | UTCB              |
| dest              | 00     |                                   | 00     | result            |
| control           | 01     |                                   | 01     | control           |
| SP                | 02     |                                   | 02     | SP                |
| IP                | 03     |                                   | 03     | IP                |
| pager             | 04     |                                   | 04     | pager             |
| UserDefinedHandle | 05     |                                   | 05     | UserDefinedHandle |
| _                 | 06, 07 |                                   | 06, 07 | =                 |
| _                 | 1017   |                                   | 1017   | =                 |
| _                 | i0i0   |                                   | i0i0   | ≡                 |

<sup>&</sup>quot;FLAGS" refers to the user-modifiable flags held in the SPARC v9 PSTATE register. At present only the CLE (current little-endian) flag can be set.

# THREADCONTROL [Privileged Systemcall]

| _            | g1     | - Thread Control $ ightarrow$ | g1     | $\sim$   |
|--------------|--------|-------------------------------|--------|----------|
| _            | g2,g3  |                               | g2,g3  | $\equiv$ |
| _            | g4g6   |                               | g4g6   | $\sim$   |
| UTCB         | g7     | jmpl <i>ThreadControl</i>     | g7     | UTCE     |
| dest         | o0     |                               | 00     | result   |
| space        | 01     |                               | 01     | $\sim$   |
| scheduler    | 02     |                               | 02     | $\sim$   |
| pager        | 03     |                               | 03     | $\sim$   |
| UtcbLocation | 04     |                               | 04     | $\sim$   |
| _            | 05     |                               | 05     | $\sim$   |
| _            | 06, 07 |                               | 06, 07 | $\equiv$ |
| _            | 1017   |                               | 1017   | $\equiv$ |
| _            | i0i7   |                               | i0i7   | $\equiv$ |

# SYSTEMCLOCK [Systemcall]

| _    | g1     | $-\operatorname{\mathbf{SystemClock}} \rightarrow$ | g1     | $\sim$   |
|------|--------|----------------------------------------------------|--------|----------|
| _    | g2,g3  |                                                    | g2,g3  | $\equiv$ |
| _    | g4g6   |                                                    | g4g6   | $\sim$   |
| UTCB | g7     | jmpl SystemClock                                   | g7     | UTCB     |
| _    | 00     |                                                    | 00     | clock    |
| _    | 0105   |                                                    | 0105   | $\sim$   |
| _    | 06, 07 |                                                    | 06, 07 | =        |
| _    | 1017   |                                                    | 1017   | =        |
| _    | i0i7   |                                                    | i0i7   | =        |

# THREADSWITCH [Systemcall]

| _    | g1     | - ThreadSwitch $ ightarrow$ | g1     | $\sim$   |
|------|--------|-----------------------------|--------|----------|
| _    | g2,g3  |                             | g2,g3  | $\equiv$ |
| _    | g4g6   |                             | g4g6   | $\sim$   |
| UTCB | g7     | jmpl <i>ThreadSwitch</i>    | g7     | UTCB     |
| dest | 00     |                             | 00     | $\sim$   |
| _    | 0105   |                             | 0105   | $\sim$   |
| _    | 06, 07 |                             | 06, 07 | =        |
| _    | 1017   |                             | 1017   | $\equiv$ |
| _    | i0i7   |                             | i0i7   | =        |

# SCHEDULE [Systemcall]

| _                  | g1     | - Schedule $ ightarrow$ | g1     | ~            |
|--------------------|--------|-------------------------|--------|--------------|
| _                  | g2,g3  |                         | g2,g3  | =            |
| _                  | g4g6   |                         | g4g6   | $\sim$       |
| UTCB               | g7     | jmpl <i>Schedule</i>    | g7     | UTCB         |
| dest               | 00     |                         | 00     | result       |
| time control       | 01     |                         | 01     | time control |
| processor control  | 02     |                         | 02     | $\sim$       |
| priority           | 03     |                         | 03     | $\sim$       |
| preemption control | 04     |                         | 04     | $\sim$       |
| _                  | 05     |                         | 05     | $\sim$       |
| _                  | 06, 07 |                         | 06, 07 | =            |
| _                  | 1017   |                         | 1017   | =            |
| _                  | i0i7   |                         | i0 i7  | =            |
|                    |        |                         |        |              |

## IPC [Systemcall]

| _             | g1     | - <b>Ipc</b> $ ightarrow$ | g1     | $\sim$   |
|---------------|--------|---------------------------|--------|----------|
| _             | g2,g3  |                           | g2,g3  | $\equiv$ |
| _             | g4g6   |                           | g4g6   | $\sim$   |
| UTCB          | g7     | jmpl <i>Ipc</i>           | g7     | UTCB     |
| to            | 00     |                           | 00     | from     |
| FromSpecifier | 01     |                           | 01     | $\sim$   |
| Timeouts      | 02     |                           | 02     | $\sim$   |
| _             | 0305   |                           | 0305   | $\sim$   |
| _             | 06, 07 |                           | 06, 07 | $\equiv$ |
| $MR_{0}$      | 10     |                           | 10     | $MR_{0}$ |
| $MR_{1}$      | 11     |                           | 11     | $MR_{1}$ |
| $MR_2$        | 12     |                           | 12     | $MR_2$   |
| $MR_3$        | 13     |                           | 13     | $MR_3$   |
| $MR_{4}$      | 14     |                           | 14     | $MR_4$   |
| $MR$ $_5$     | 15     |                           | 15     | $MR_{5}$ |
| $MR_{6}$      | 16     |                           | 16     | $MR_{6}$ |
| $MR_{7}$      | 17     |                           | 17     | $MR_{7}$ |
| _             | i0i5   |                           | i0i5   | $\sim$   |
| _             | i6, i7 |                           | i6, i7 | =        |

# LIPC [Systemcall]

| _             | g1         | - Lipc $ ightarrow$ | g1     | $\sim$          |
|---------------|------------|---------------------|--------|-----------------|
| _             | g2,g3      |                     | g2,g3  | $\equiv$ $\sim$ |
| _             | g4g6       |                     | g4g6   | $\sim$          |
| UTCB          | g7         | jmpl <i>Lipc</i>    | g7     | UTCB            |
| to            | 00         |                     | 00     | from            |
| FromSpecifier | 01         |                     | 01     | $\sim$          |
| Timeouts      | 02         |                     | 02     | $\sim$          |
| _             | 0305       |                     | 0305   | $\sim$          |
| _             | 06, 07     |                     | 06, 07 | $\equiv$        |
| $MR_{0}$      | 10         |                     | 10     | $MR_{0}$        |
| $MR_{1}$      | 11         |                     | 11     | $MR_{1}$        |
| $MR_{2}$      | 12         |                     | 12     | $MR_2$          |
| $MR_3$        | 13         |                     | 13     | $MR_3$          |
| $MR_{\ 4}$    | <i>l</i> 4 |                     | 14     | $MR_4$          |
| $MR_{5}$      | 15         |                     | 15     | $MR_{5}$        |
| $MR_{6}$      | 16         |                     | 16     | $MR_{6}$        |
| $MR_{7}$      | 17         |                     | 17     | $MR_{7}$        |
| _             | i0i5       |                     | i0i5   | $\sim$          |
| _             | i6, i7     |                     | i6, i7 | =               |

## UNMAP [Systemcall]

```
- \ Unmap \rightarrow
          g1
                                                                       \equiv
          g2,g3
                                                             g2,g3
                                                             g4...g6
          g4...g6
UTCB g7
                                \mathsf{jmpl}\ \mathit{Unmap}
                                                             g7
                                                                       UTCB
                                                             00
control
         00
          01...05
                                                             01...05
          06, 07
                                                             06, 07
          10...17
                                                             10...17
                                                                       \equiv
          i0...i7
                                                             i0...i7
```

# SPACECONTROL [Privileged Systemcall]

| _                          | g1     | - Space Control $ ightarrow$ | g1     | $\sim$   |
|----------------------------|--------|------------------------------|--------|----------|
| _                          | g2,g3  |                              | g2,g3  | ≡        |
| _                          | g4g6   |                              | g4g6   | $\sim$   |
| UTCB                       | g7     | jmpl SpaceControl            | g7     | UTCB     |
| SpaceSpecifier             | 00     |                              | 00     | result   |
| control                    | o1     |                              | 01     | control  |
| Kernel Interface Page Area | 02     |                              | 02     | $\sim$   |
| UtcbArea                   | 03     |                              | 03     | $\sim$   |
| Redirector                 | 04     |                              | 04     | $\sim$   |
| _                          | 05     |                              | 05     | $\sim$   |
| _                          | 06, 07 |                              | 06, 07 | $\equiv$ |
| _                          | 1017   |                              | 1017   | $\equiv$ |
| _                          | i0i7   |                              | i0i7   | =        |

# PROCESSORCONTROL [Privileged Systemcall]

| _            | g1     | - Processor Control $ ightarrow$ | g1     | $\sim$   |
|--------------|--------|----------------------------------|--------|----------|
| _            | g2,g3  |                                  | g2,g3  | $\equiv$ |
| _            | g4g6   |                                  | g4g6   | $\sim$   |
| UTCB         | g7     | jmpl ProcessorControl            | g7     | UTCB     |
| ProcessorNo  | 00     |                                  | 00     | result   |
| InternalFreq | 01     |                                  | 01     | $\sim$   |
| ExternalFreq | 02     |                                  | 02     | $\sim$   |
| voltage      | 03     |                                  | 03     | $\sim$   |
| _            | 04, 05 |                                  | 04, 05 | $\sim$   |
| _            | 06, 07 |                                  | 06, 07 | $\equiv$ |
| _            | 1017   |                                  | 1017   | $\equiv$ |
| _            | i0i7   |                                  | i0i7   | $\equiv$ |

# MEMORYCONTROL [Privileged Systemcall]

| _             | g1     | - Memory Control $ ightarrow$ | g1     | $\sim$   |
|---------------|--------|-------------------------------|--------|----------|
| _             | g2,g3  |                               | g2,g3  | $\equiv$ |
| _             | g4g6   |                               | g4g6   | $\sim$   |
| UTCB          | g7     | jmpl <i>MemoryControl</i>     | g7     | UTCB     |
| control       | 00     |                               | 00     | result   |
| $attribute_0$ | 01     |                               | 01     | $\sim$   |
| $attribute_1$ | 02     |                               | 02     | $\sim$   |
| $attribute_2$ | 03     |                               | 03     | $\sim$   |
| $attribute_3$ | 04     |                               | 04     | $\sim$   |
| _             | 05     |                               | 05     | $\sim$   |
| _             | 06, 07 |                               | 06, 07 | $\equiv$ |
| _             | 1017   |                               | 1017   | $\equiv$ |
| _             | i0i7   |                               | i0i7   | $\equiv$ |
|               |        |                               |        |          |

# Appendix I

# ARM Interface

188 VIRTUAL REGISTERS

# I.1 Virtual Registers [ARM]

#### **Thread Control Registers (TCRs)**

TCRs are mapped to memory locations. They are implemented as part of the ARM-specific user-level thread control block (UTCB). The address of the current thread's UTCB will not change over the lifetime of the thread. The UTCB address of the current thread can be read from the memory location 0xFF000000. UTCB objects of the current thread can then be accessed as any other memory object. UTCBs of other threads must not be accessed, even if they are physically accessible.





The TCR *MyLocalId* is not part of the UTCB. On ARM it is identical with the UTCB address and can be obtained by a load from memory location 0xFF0000000.

#### Message Registers (MRs)

Message registers MR  $_0$  through MR  $_4$  map to the processor's general purpose register file for IPC, LIPC and unmap calls. The remaining message registers map to memory locations in the UTCB. MR  $_5$  starts at byte offset 84 in the UTCB, and successive message registers follow in memory.

The first five message registers are mapped to the registers r3 to r7. MR 5...63 are mapped to memory in the UTCB.

VIRTUAL REGISTERS 189



#### **Buffer Registers (BRs)**

The buffer registers map to memory locations in the UTCB. BR  $_{0}$  is at byte offset 320 in the UTCB, BR  $_{1}$  at byte offset 324, etc.



#### **UTCB Memory With Undefined Semantics**

The kernel will associate no semantics with memory located at *UTCB address* + 452...*UTCB address* + 511. The application can use this memory as thread local storage, e.g., for implementing the L4 API. Note, however, that the memory contents within this region may be overwritten during a system-call operating on message registers.

All undefined UTCB memory which is not covered by the above mentioned region may have kernel defined semantics.

# I.2 Systemcalls [ARM]

The system-calls, which are invoked by the bl instruction, take the target of the calls from the system call link fields in the kernel interface page (see page 2). Each system-call link value specifies an address relative to the kernel interface page's base address. One may invoke the system calls with any instruction that branches to the appropriate target, as long as the return-address is contained in r14.

The locations of the system-calls are fixed during the life of an application, although they may change outside of the life of an application. It is not valid to prelink an application against a set of system call locations. The official locations are always provided in the KIP.

The sp and lr registers are always preserved across system calls. Registers r8..r12 have undefined values following system calls other than KernelInterface.

#### KERNELINTERFACE [Slow Systemcall]

```
- \ KernelInterface \rightarrow
                                                   KIP base address
                                                   API Version
                                              r1
r1
r2
                                              r2
                                                   API Flags
                bl 0xFE0000B4
                                                   Kernel ID
r3
                                              r3
                                              r4
r4
                                              r5
                                                   \equiv
                                              r6
                                                   \equiv
r6
                                              r7
                                                    \equiv
```

For this system-call all registers other than the output registers are preserved.

#### **EXCHANGEREGISTERS** [Systemcall]

```
- Exchange Registers \rightarrow
               dest
                                                                      result
                                                                      control
            control
                      r1
                                                                 r1
                SP
                                                                      SP
                      r2
                 ΙP
                                  {\tt bl}\ {\it Exchange Registers}
                                                                     ΙP
                      r3
                                                                 r3
            FLAGS
                                                                      FLAGS
                      r4
                                                                 r4
UserDefinedHandle
                                                                 r5
                                                                      UserDefinedHandle
                      r5
                                                                 r6
                                                                      pager
             pager
```

#### THREADCONTROL [Privileged Systemcall]

```
- Thread Control \rightarrow
     dest
                                                         r0
                                                              result
             r0
    space
             r1
scheduler
                                                         r2
             r2
                           bl ThreadControl
   pager
             r3
                                                         r3
   .
UTCB
             r4
                                                         r4
                                                         r5
             r5
             r6
                                                         r6
             r7
```

## SYSTEMCLOCK [Systemcall]

# THREADSWITCH [Systemcall]

| dest | r0 | - ThreadSwitch $ ightarrow$ | r0 | $\sim$ |
|------|----|-----------------------------|----|--------|
| _    | r1 |                             | r1 | $\sim$ |
| _    | r2 |                             | r2 | $\sim$ |
| _    | r3 | bl <i>ThreadSwitch</i>      | r3 | $\sim$ |
| _    | r4 |                             | r4 | $\sim$ |
| _    | r5 |                             | r5 | $\sim$ |
| _    | r6 |                             | r6 | $\sim$ |
| _    | r7 |                             | r7 | $\sim$ |

# SCHEDULE [Systemcall]

| - Schedule $ ightarrow$ | r0 | result                     |
|-------------------------|----|----------------------------|
|                         | r1 | result<br>TimeControl      |
|                         | r2 | $\sim$                     |
| bl <i>Schedule</i>      | r3 | $\sim$                     |
|                         | r4 | $\sim$                     |
|                         | r5 | $\sim$                     |
|                         | r6 | $\sim$                     |
|                         | r7 | $\sim$                     |
|                         |    | bl Schedule r2<br>r3<br>r4 |

#### IPC [Systemcall]

| dest          | r0 | $-$ <b>Ipc</b> $\rightarrow$ | r0 | result                                         |
|---------------|----|------------------------------|----|------------------------------------------------|
| FromSpecifier | r1 |                              | r1 | $\sim$                                         |
| Timeouts      | r2 |                              | r2 | $\sim$                                         |
| $MR_0$        | r3 | bl <i>Ipc</i>                | r3 | $MR_0$                                         |
| $MR_1$        | r4 |                              | r4 | $MR_1$                                         |
| $MR_2$        | r5 |                              | r5 | $MR_2$                                         |
| $MR_3$        | r6 |                              | r6 | $MR_3$                                         |
| $MR_4$        | r7 |                              | r7 | $\sim \\ MR_0 \\ MR_1 \\ MR_2 \\ MR_3 \\ MR_4$ |

# LIPC [Systemcall]

| dest          | r0 | - <b>Lipc</b> $ ightarrow$ | r0 | result |
|---------------|----|----------------------------|----|--------|
| FromSpecifier | r1 |                            | r1 | $\sim$ |
| Timeouts      | r2 |                            | r2 | $\sim$ |
| $MR_0$        | r3 | bl <i>Lipc</i>             | r3 | $MR_0$ |
| $MR_1$        | r4 |                            | r4 | $MR_1$ |
| $MR_2$        | r5 |                            | r5 | $MR_2$ |
| $MR_3$        | r6 |                            | r6 | $MR_3$ |
| $MR_4$        | r7 |                            | r7 | $MR_4$ |
|               |    |                            |    |        |

## UNMAP [Systemcall]

# SPACECONTROL [Privileged Systemcall]

| SpaceSpecifier          | r0 | - Space Control $ ightarrow$ | r0 | result  |
|-------------------------|----|------------------------------|----|---------|
| control                 | r1 |                              | r1 | control |
| KernelInterfacePageArea | r2 |                              | r2 | $\sim$  |
| UtcbArea                | r3 | bl SpaceControl              | r3 | $\sim$  |
| Redirector              | r4 |                              | r4 | $\sim$  |
| _                       | r5 |                              | r5 | $\sim$  |
| _                       | r6 |                              | r6 | $\sim$  |
| _                       | r7 |                              | r7 | $\sim$  |
| _                       | r/ |                              | 17 | $\sim$  |

# PROCESSORCONTROL [Privileged Systemcall]

| ProcessorNo  | r0 | - Processor Control $ ightarrow$ | r0 | result |
|--------------|----|----------------------------------|----|--------|
| InternalFreq | r1 |                                  | r1 | $\sim$ |
| ExternalFreq | r2 |                                  | r2 | $\sim$ |
| voltage      | r3 | bl ProcessorControl              | r3 | $\sim$ |
| _            | r4 |                                  | r4 | $\sim$ |
| _            | r5 |                                  | r5 | $\sim$ |
| _            | r6 |                                  | r6 | $\sim$ |
| _            | r7 |                                  | r7 | $\sim$ |

## MEMORYCONTROL [Privileged Systemcall]

| control       | r0 | - Memory Control $ ightarrow$ | r0 | result |
|---------------|----|-------------------------------|----|--------|
| $attribute_0$ | r1 |                               | r1 | $\sim$ |
| $attribute_1$ | r2 |                               | r2 | $\sim$ |
| $attribute_2$ | r3 | bl MemoryControl              | r3 | $\sim$ |
| $attribute_3$ | r4 |                               | r4 | $\sim$ |
| _             | r5 |                               | r5 | $\sim$ |
| _             | r6 |                               | r6 | $\sim$ |
| _             | r7 |                               | r7 | $\sim$ |

**MEMORY ATTRIBUTES** 193

#### 1.3 Memory Attributes [ARM]

The ARM architecture supports the following memory/cache attribute values, to be used with the MEMORYCONTROL system-call:

| attribute       | value |
|-----------------|-------|
| Default         | 0     |
| Uncached        | 1     |
| Flush $(I + D)$ | 31    |

The default memory attributes specify cached access.

Before disabling the cache for a page, the software must ensure that all memory belonging to the target page is flushed from the cache.

194 SPACE CONTROL

# I.4 Space Control [ARM]

The SPACECONTROL system call has an architecture dependent *control* parameter to specify various address space characteristics. For ARM, the *control* parameter has the following semantics.

#### **Input Parameter**

| control | 0 (25) | PID (7) |
|---------|--------|---------|

PID Sets the PID register value that will be loaded for threads in this address space. The effect of this is described in the Fast Context Switch Extension section of the ARM Architecture Reference Manual

All addresses supplied to and returned from kernel syscalls (e.g. UTCB location) correspond to the MVA.

# I.5 Exception Message Format [ARM]

#### Syscall emulation exception message

| Flags (32)         |       |       |               |                |                  |  |
|--------------------|-------|-------|---------------|----------------|------------------|--|
| Syscall (32)       |       |       |               |                |                  |  |
|                    | LR    | (32)  |               |                | MR <sub>11</sub> |  |
|                    | SP    | (32)  |               |                | MR <sub>10</sub> |  |
|                    | r7 (  | (32)  |               |                | MR 9             |  |
|                    | r6 (  | (32)  |               |                | MR 8             |  |
| r5 <sub>(32)</sub> |       |       |               |                |                  |  |
| r4 (32)            |       |       |               |                |                  |  |
| r3 (32)            |       |       |               |                |                  |  |
| r2 (32)            |       |       |               |                |                  |  |
| r1 <sub>(32)</sub> |       |       |               |                |                  |  |
| r0 (32)            |       |       |               |                | MR 2             |  |
| PC (32)            |       |       |               |                | MR 1             |  |
| -5 (12)            | 0 (4) | 0 (4) | $t = 0_{(6)}$ | $u = 13_{(6)}$ | $MR_0$           |  |

On execution of an ARM SWI instruction, the above message is delivered to the thread's exception handler.

The *Syscall* field contains the encoding of the instruction causing the system call exception. The exception handler can decode the system call number from the lower 24 bits.

#### **Generic Traps**

Generic Trap Message To Exception Handler

| LocalID (32)     |       |       |               |               |                 |  |  |
|------------------|-------|-------|---------------|---------------|-----------------|--|--|
| ErrorCode (32)   |       |       |               |               |                 |  |  |
| ExceptionNo (32) |       |       |               |               |                 |  |  |
| Flags (32)       |       |       |               |               |                 |  |  |
| SP (32)          |       |       |               |               |                 |  |  |
| IP (32)          |       |       |               |               |                 |  |  |
| -5 (12)          | 0 (4) | 0 (4) | $t = 0_{(6)}$ | $u = 6_{(6)}$ | MR <sub>0</sub> |  |  |

The kernel synthesizes exception messages in response to architecture specific events. Some traps are handled by the kernel and therefore do not generate exception messages. The kernel preserves all user state.

The following is a table of values for the Generic Trap *ExceptionNo*:

| Exception             | ExceptionNo            | ErrorCode     | Delivered                   |
|-----------------------|------------------------|---------------|-----------------------------|
| Undefined instruction | 1                      | Instruction   | Yes                         |
| Data abort            | 0x100 + (fault status) | Fault address | (external aborts/unhandled) |
| Reset exception       |                        |               | No                          |
| FIQ exception         |                        |               | No                          |

Note, not all of these exceptions will be delivered via exception IPC. Some will be handled by the kernel. Delivered exceptions are indicated in the last column of the table above.

BOOTING 197

# I.6 Booting [ARM]

The kernel is provided as an ELF file and must be loaded at the physical load address defined in the ELF header. It must begin execution at the corresponding physically addressed entry point with MMU disabled.

198 BOOTING

# **Appendix J**

# Generic BootInfo

200 GENERIC BOOTINFO

## J.1 Generic BootInfo [Data Structure]

The generic BootInfo structure contains boot loader specific data such as loaded modules or files, location of system tables, etc. The data structure can be located anywhere in memory, but must be aligned at a word size.

The BootInfo structure is a pure boot loader specific object. That is, the kernel does not associate any semantics with its contents. A boot loader is free to choose whether to provide a BootInfo structure or not. Starting a system without a generic BootInfo structure is perfectly valid.



The base address of the bootinfo structure is specified by the Bootinfo field in the kernel interface page (see page 4). Note that the base address as specified by the BootInfo field is a physical address. An application running on virtual memory must determine the location of the BootInfo structure within its own address space by other means.

#### BootInfo Description

| Magic       | The magic number 0x14B0021D. The magic also determines the endianess of the structure (i.e., the value 0x1D02B014 indicates that the endian is wrong). The word size of the BootInfo structure is defined by the word size specified in the kernel interface page (see page 3).                                                                                                                                                  |
|-------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Version     | API version of the BootInfo structure. This document describes version 1. Note that any changes in the BootInfo records themselves do not influence the version in the main BootInfo structure. This enables BootInfo records to be added or modified without introducing major incompatibilities with a program that parses the BootInfo structure. Only the added/modified BootInfo record types are influenced by the update. |
| Size        | The size (in bytes) of the complete BootInfo structure, including all BootInfo records and data referenced by these records.                                                                                                                                                                                                                                                                                                     |
| First Entry | Points to the first BootInfo record. <i>First Entry</i> is given as an address relative to the base address of the BootInfo structure itself.                                                                                                                                                                                                                                                                                    |
| Num Entries | Number of BootInfo records in the BootInfo structure.                                                                                                                                                                                                                                                                                                                                                                            |

#### Generic BootInfo Record

The exact structure of a BootInfo record is determined by the type of the record. Only the three first words of the record are defined for all BootInfo record types.

| Offset Next | Version | Туре |
|-------------|---------|------|
| +8 / +10    | +4 / +8 | +0   |

*Type* Specifies the type of the BootInfo record.

GENERIC BOOTINFO 201

Version

Specifies the API version of the BootInfo record type. Increasing the version of a BootInfo record type does not also require an increase in the main BootInfo version. Later versions of a BootInfo record are guaranteed to be backwards compatible with older versions.

Offset Next

The offset (in bytes) to the next BootInfo record. Note that the offset may vary from record to record, even for records of the same type. This enables the boot loader to have variable length records, place data in between records, or otherwise align records for ease of implementation. It is wrong to assume that the offset associated with a particular version of a record type is constant.

#### **Convenience Programming Interface**

#include <14/bootinfo.h>

struct **BOOTREC** { Word raw [\*] }

#### Bool BootInfo\_Valid (void\* BootInfo)

Checks whether specified BootInfo structure is valid or not (i.e., whether the magic number and the version number are correct).

#### Word BootInfo\_Size (void\* BootInfo)

Delivers the size (in bytes) of the BootInfo structure. It is assumed that *BootInfo* specifies a valid BootInfo structure.

#### BootRec\* BootInfo\_FirstEntry (void\* BootInfo)

Delivers the first BootInfo record of the BootInfo structure. It is assumed that *BootInfo* specifies a valid BootInfo structure.

#### Word BootInfo Entries (void\* BootInfo)

Delivers the number of BootInfo records in the BootInfo structure. It is assumed that *BootInfo* specifies a valid BootInfo structure.

#### Word Type (BootRec\* BootRec)

[BootRec\_Type]

Delivers the type of the BootInfo record.

#### BootRec\* Next (BootRec\* BootRec)

[BootRec\_Next]

Delivers the next BootInfo record. The value returned by the last BootInfo record in the BootInfo structure is undefined.

202 BOOTINFO RECORDS

# J.2 BootInfo Records [BootInfo]

BootInfo records can be listed in any order. This section lists currently defined BootInfo records. A program encountering an unknown BootInfo record can skip past the record using the ubiquitous *Offset Next* field.

Simple Module

The Simple Module BootInfo record specifies a binary file loaded into main memory by the boot loader.

|        |             | Cmdline Off | Size       | +10 / +20 |
|--------|-------------|-------------|------------|-----------|
| Start  | Offset Next | version = 1 | type = 0x1 |           |
| +C/+18 | +8 / +10    | +4 / +8     | +0         | -         |

Start Physical address of first byte in loaded module.

Size Size of loaded module (in bytes).

Cmdline Off Address of command line associated with loaded module, or 0 if no command line exists. Address is specified relative to base address of current BootInfo record.

Simple Executable The Simple Executable BootInfo record specifies an executable file which has been loaded into main memory and relocated by the boot loader. The record can only specify simple executables with single code, data, and bss sections.

| Cmdline Off | Label       | Flags       | Initial IP  | +30 / +60 |
|-------------|-------------|-------------|-------------|-----------|
| Bss.Size    | Bss.Vstart  | Bss.Pstart  | Data.Size   | +20 / +40 |
| Data.Vstart | Data.Pstart | Text.Size   | Text.Vstart | +10 / +20 |
| Text.Pstart | Offset Next | version = 1 | type = 0x2  |           |
| +C / +18    | +8 / +10    | +4 / +8     | +0          | '         |

Pstart Physical address of first byte in code/data/bss section of the loaded executable.

Virtual address of first byte in code/data/bss section of the loaded executable.

Size Size of code/data/bss section (in bytes).

Initial IP Virtual address of entry point for loaded executable.

Flags Flags for the loaded executable (defined by boot loader or application programs). Note that regular applications may not necessarily have write permissions on the Flags field.

Label Freely available word (defined by boot loader or application programs). Note that regular applications may not necessarily have write permissions on the Label field.

Cmdline Off Address of command line associated with loaded executable, or 0 if no command line exists. Address is specified relative to base address of current BootInfo record.

BOOTINFO RECORDS 203

EFI Tables

The *EFI Tables* BootInfo record specifies the location and size of the EFI memory map, and the location of the EFI system table.

| Memdesc Version | Memdesc Size | Memmap Size | Memmap       | +10 / +20 |
|-----------------|--------------|-------------|--------------|-----------|
| Systab          | Offset Next  | version = 1 | type = 0x101 |           |
| +C / +18        | +8 / +10     | +4 / +8     | +0           |           |

Systab Physical address of EFI system table, or 0 if EFI system table is not present.

Memmap Physical address of EFI memory map. Undefined if Memmap Size = 0.

Memmap Size Size (in bytes) of the EFI memory map, or 0 if EFI memory map is not present.

Memdesc Size Size (in bytes) of descriptor entries in the EFI memory map. Undefined if Memmap Size = 0.

Memdesc Version Version of descriptor entries in the EFI memory map. Undefined if Memmap Size = 0.

#### Multiboot info

The Multiboot info BootInfo record specifies the location of the first byte in the multiboot header.

| Multiboot Addr | Offset Next | version = 1 | type = 0x102 |
|----------------|-------------|-------------|--------------|
| +C / +18       | +8 / +10    | +4 / +8     | +0           |

Multiboot Addr

Physical address of first byte in multiboot header.

### **Convenience Programming Interface**

#include < I4/bootinfo.h>

Word BootInfo\_Module

Word BootInfo\_SimpleExec

Word BootInfo\_EFITables

Word BootInfo\_Multiboot

Word Module\_Start (BootRec\* b)

Word Module\_Size (BootRec\* b)

Delivers the start and size of the specified boot module.

char\* Module\_Cmdline (BootRec\* b)

Delivers the command line of the specified boot module, or 0 if command line does not exist.

Word SimpleExec\_TextPstart (BootRec\* b)

Word SimpleExec\_TextVstart (BootRec\* b)

 $Word \ \textit{SimpleExec\_TextSize} \ \ (BootRec*b)$ 

Word SimpleExec\_DataPstart (BootRec\* b)

Word SimpleExec\_DataVstart (BootRec\*b)

Word SimpleExec DataSize (BootRec\*b)

Word SimpleExec\_BssPstart (BootRec\* b)

Word SimpleExec\_BssVstart (BootRec\* b)

204 BOOTINFO RECORDS

Word SimpleExec\_BssSize (BootRec\*b)

Delivers physical start address, virtual start address, and size of the code/data/bss section of the specified executable.

Word SimpleExec InitialIP (BootRec\* b)

Delivers virtual address of entry point for the specified executable.

Word SimpleExec\_Flags (BootRec\* b)

void SimpleExec\_Set\_Flags (BootRec\* b, Word w)

Delivers/sets the flags field for the specified executable.

Word SimpleExec\_Label (BootRec\*b)

void SimpleExec\_Set\_Label (BootRec\* b, Word w)

Delivers/sets the label field for the specified executable.

char\* SimpleExec\_Cmdline (BootRec\* b)

Delivers the command line of the specified executable, or 0 if command line does not exist.

Word **EFI\_Systab** (BootRec\* b)

Delivers the EFI system table, or 0 if system table not present.

Word **EFI\_Memmap** (BootRec\* b)

Word **EFI\_MemmapSize** (BootRec\* b)

Word **EFI\_MemdescSize** (BootRec\* b)

Word **EFI\_MemdescVersion** (BootRec\* b)

Delivers location of the EFI memory map, size of memory map, size of memory map descriptor entries, and version of memory map descriptor entries. If *EFI\_MemmapSize* () delivers 0, the other return values are undefined.

Word MBI\_Address (BootRec\* b)

Delivers the physical location of the first byte in the multiboot header.

## Appendix K

# Development Remarks

These remarks illuminate the design process from version 2 to version 4.

### K.1 Exception Handling

The current model decided upon for exception handling in L4 is to associate an exception handler thread with each thread in the system (see page 70). This model was chosen because it allowed us to handle exceptions generically without introducing any new concepts into the API. It also closely resembles the current page fault handling model.

Another model for exception handling is to use callbacks. Using this model an instruction pointer for a callback function and a pointer to an exception state save area is associated with each thread. Upon catching an exception the kernel stores the cause of the exception into the save area and transfers execution to the exception callback function.

It is evident that the callback model can be faster than the IPC model because the callback model may require only one control transfer into the kernel whereas the IPC model will require at least two. Nevertheless, the IPC model was chosen because it introduces no new mechanisms into the kernel, and we are currently not aware of any real life scenario where the extra performance gains you very much. There exists a challenge to prove these claims wrong. See http://l4hq.org/fun/ for the rules of the challenge.

## **Table of Procs, Types, and Constants**

|                                                                          | used system call  | page     |
|--------------------------------------------------------------------------|-------------------|----------|
|                                                                          |                   |          |
| != (CacheAllocationHint l, r) Bool                                       | -none-            | 58       |
| ! = (Clock l, r) Bool                                                    | -none-            | 26       |
| ! = (MsgTag l, r) Bool                                                   | -none-            | 50       |
| != (ThreadId l, r) Bool                                                  | -none-            | 15       |
| ! = (Time l, r) Bool                                                     | -none-            | 29       |
| + (Acceptor l, r) Acceptor                                               | -none-            | 59       |
| + (Clock l, r) Clock                                                     | -none-            | 26       |
| + (Clock l, int r) Clock                                                 | -none-            | 26       |
| + (Clock I, Word64 r) Clock                                              | -none-            | 26       |
| + (Fpage f, Word AccessRights) Fpage                                     | -none-            | 39       |
| + (MsgTag t, Word label) MsgTag                                          | -none-            | 50       |
| + (StringItem s, CacheAllocationHint h) StringItem                       | -none-            | 58       |
| + (Time l, r) Time                                                       | -none-            | 29       |
| + (Time I, Word r) Time                                                  | -none-            | 29       |
| += (Acceptor l, r) Acceptor                                              | -none-            | 59       |
| += (Fpage f, Word AccessRights) Fpage                                    | -none-            | 39       |
| += (MsgTag t, Word label) MsgTag                                         | -none-            | 50       |
| += (StringItem& dest, StringItem AdditionalSubstring) StringItem &       | -none-            | 57       |
| += (StringItem& dest, void* AdditionalSubstringAddress) StringItem &     | -none-            | 57       |
| += (StringItem s, CacheAllocationHint h) StringItem                      | -none-            | 58       |
| += (Strington s, CacheAnocation int ii) Strington<br>+= (Time l, r) Time | -none-            | 29       |
| += (Time I, I) Time<br>+= (Time I, Word r) Time                          |                   | 29       |
| - (Acceptor l, r) Acceptor                                               | -none-            | 59<br>59 |
| - (Clock l, r) Clock                                                     | -none-            | 26       |
| - (Clock I, i) Clock<br>- (Clock I, int r) Clock                         | -none-            | 26       |
|                                                                          | -none-            | 26       |
| - (Clock l, Word64 r) Clock                                              | -none-            |          |
| - (Fpage f, Word AccessRights) Fpage                                     | -none-            | 39<br>29 |
| - (Time I, r) Time                                                       | -none-            |          |
| - (Time I, Word r) Time                                                  | -none-            | 29       |
| -= (Acceptor l, r) Acceptor                                              | -none-            | 59       |
| -= (Fpage f, Word AccessRights) Fpage                                    | -none-            | 39       |
| -= (Time l, r) Time                                                      | -none-            | 29       |
| -= (Time I, Word r) Time                                                 | -none-            | 29       |
| < (Clock l, r) Bool                                                      | -none-            | 26       |
| < (Time l, r) Bool                                                       | -none-            | 29       |
| $\langle = (Clock  l,  r)  Bool$                                         | -none-            | 26       |
| $\langle = (\text{Time } l, r) \text{ Bool}$                             | -none-            | 29       |
| == (CacheAllocationHint l, r) Bool                                       | -none-            | 58       |
| $== (\operatorname{Clock} l, r) \operatorname{Bool}$                     | -none-            | 26       |
| == (MsgTag l, r) Bool                                                    | -none-            | 50       |
| == (ThreadId l, r) Bool                                                  | -none-            | 15       |
| == (Time l, r) Bool                                                      | -none-            | 29       |
| > (Clock l, r) Bool                                                      | -none-            | 26       |
| > (Time l, r) Bool                                                       | -none-            | 29       |
| >= (Clock l, r) Bool                                                     | -none-            | 26       |
| >= (Time l, r) Bool                                                      | -none-            | 29       |
| AbortIpc_and_stop (ThreadId t) ThreadState                               | ExchangeRegisters | 21       |
| AbortIpc_and_stop (ThreadId t, Word& sp, ip, flags) ThreadState          | EXCHANGEREGISTERS | 21       |
| AbortReceive_and_stop (ThreadId t) ThreadState                           | EXCHANGEREGISTERS | 21       |

|                                                                                                                                                                                    | used system call                    | page           |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------|----------------|
| AbortReceive_and_stop (ThreadId t, Word& sp, ip, flags) ThreadState  AbortSend_and_stop (ThreadId t) ThreadState  AbortSend_and_stop (ThreadId t, Word& sp, ip, flags) ThreadState | EXCHANGEREGISTERS EXCHANGEREGISTERS | 21<br>21<br>21 |
| AbortSend_and_stop (ThreadId t, Word& sp, ip, flags) ThreadState Accepted () Acceptor                                                                                              | EXCHANGEREGISTERS -none-            | 60             |
| Acceptor data type                                                                                                                                                                 | -none-<br>-n/a-                     | 59             |
| Accept (Acceptor a) void                                                                                                                                                           | -none-                              | 60             |
| Accept (Acceptor a, MsgBuffer& b) void                                                                                                                                             | -none-                              | 60             |
| ACPIMemoryType Word const                                                                                                                                                          | -n/a-                               | 117            |
| ActualSender () ThreadId                                                                                                                                                           | -none-                              | 17             |
| ActualSender () ThreadId                                                                                                                                                           | -none-                              | 67             |
| Address (Fpage f) Word                                                                                                                                                             | -none-                              | 39             |
| AllocateNewCacheLines CacheAllocationHint const AllocateNewCacheLines CacheAllocationHint const                                                                                    | -n/a-<br>-n/a-                      | 173<br>99      |
| AllocateOnlyNewL1CacheLines CacheAllocationHint const                                                                                                                              | -n/a−<br>-n/a−                      | 173            |
| AllocateOnlyNewL1CacheLines CacheAllocationHint const                                                                                                                              | -n/a-                               | 99             |
| anylocalthread ThreadId const                                                                                                                                                      | -n/a-                               | 15             |
| anythread ThreadId const                                                                                                                                                           | -n/a-                               | 15             |
| ApiFlags () Word                                                                                                                                                                   | -none-                              | 8              |
| ApiVersion () Word                                                                                                                                                                 | -none-                              | 8              |
| Append (MsgBuffer& b, StringItem * s) void                                                                                                                                         | -none-                              | 60             |
| Append (MsgBuffer& b, StringItem s) void                                                                                                                                           | -none-                              | 60             |
| Append (Msg& msg, GrantItem g) void                                                                                                                                                | -none-                              | 51<br>51       |
| Append (Msg& msg, MapItem m) void Append (Msg& msg, StringItem& s) void                                                                                                            | –none–<br>–none–                    | 51             |
| Append (Msg& msg, StringItem s) void                                                                                                                                               | -none-                              | 51             |
| Append (Msg& msg, Word w) void                                                                                                                                                     | -none-                              | 51             |
| ArchitectureSpecificMemoryType Word const                                                                                                                                          | -n/a-                               | 9              |
| AssociateInterrupt (ThreadId InterruptThread, InterruptHandler) Word                                                                                                               | -none-                              | 24             |
| BootInfo_EFITables Word const                                                                                                                                                      | -n/a-                               | 203            |
| BootInfo_Entries (void* BootInfo) Word                                                                                                                                             | -none-                              | 201            |
| BootInfo_FirstEntry (void* BootInfo) BootRec*                                                                                                                                      | -none-                              | 201            |
| BootInfo_Module Word const                                                                                                                                                         | -n/a-                               | 203<br>203     |
| BootInfo_Multiboot Word const BootInfo_SimpleExec Word const                                                                                                                       | -n/a-<br>-n/a-                      | 203            |
| BootInfo_Size (void* BootInfo) Word                                                                                                                                                | -none-                              | 201            |
| BootInfo_Valid (void* BootInfo) Bool                                                                                                                                               | -none-                              | 201            |
| BootInfo (void* KernelInterface) Word                                                                                                                                              | -none-                              | 9              |
| BootLoaderSpecificMemoryType Word const                                                                                                                                            | -n/a-                               | 9              |
| BootRec data type                                                                                                                                                                  | -n/a-                               | 201            |
| CacheAllocationHint (StringItem s) CacheAllocationHint                                                                                                                             | -none-                              | 58             |
| CacheAllocationHint data type                                                                                                                                                      | -n/a-                               | 57             |
| CacheNonTemporalAllLevels CacheAllocationHint const                                                                                                                                | -n/a-                               | 115            |
| CacheNonTemporalL1 CacheAllocationHint const CacheNonTemporalL2 CacheAllocationHint const                                                                                          | -n/a-<br>-n/a-                      | 115<br>115     |
| CachingEnabledMemory Word const                                                                                                                                                    | -n/a-                               | 126            |
| CachingInhibitedMemory Word const                                                                                                                                                  | -n/a-                               | 126            |
| Call (ThreadId to) MsgTag                                                                                                                                                          | IPC                                 | 65             |
| Call (ThreadId to, Time SndTimeout, RcvTimeout) MsgTag                                                                                                                             | IPC                                 | 66             |
| Clear (MsgBuffer& b) void                                                                                                                                                          | -none-                              | 60             |
| Clear (Msg& msg) void                                                                                                                                                              | -none-                              | 51             |
| Clock data type                                                                                                                                                                    | -n/a-                               | 26             |
| Clr_CopFlag (Word n) void<br>Clr_CopFlag (Word n) void                                                                                                                             | –none–<br>–none–                    | 17<br>71       |
| CompleteAddressSpace Fpage const                                                                                                                                                   | -none-<br>-n/a-                     | 39             |
| CompoundString (StringItem& s) Bool                                                                                                                                                | -none-                              | 57             |
| Conventional Memory Type Word const                                                                                                                                                | -n/a-                               | 9              |
| DeassociateInterrupt (ThreadId InterruptThread) Word                                                                                                                               | -none-                              | 24             |
| DedicatedMemoryType Word const                                                                                                                                                     | -n/a-                               | 9              |
| DefaultMemory Word const                                                                                                                                                           | -n/a-                               | 100            |
| DefaultMemory Word const                                                                                                                                                           | -n/a-                               | 116            |
| DefaultMemory Word const                                                                                                                                                           | –n/a–<br>–n/a–                      | 126<br>174     |
| DefaultMemory Word const DefaultMemory Word const                                                                                                                                  | -n/a-<br>-n/a-                      | 174<br>75      |
| Demonstration of the const                                                                                                                                                         | —14 u—                              | 13             |

|                                                                                       | used system call  | page      |
|---------------------------------------------------------------------------------------|-------------------|-----------|
| Problem of a Forker of a O.D. I                                                       |                   | 25        |
| DisablePreemptionFaultException () Bool                                               | -none-            | 35<br>35  |
| DisablePreemption () Bool DoNotAllocateNewCacheLines CacheAllocationHint const        | –none–<br>–n/a–   | 33<br>173 |
| DoNotAllocateNewCacheLines CacheAllocationHint const                                  | -n/a-<br>-n/a-    | 99        |
| EFI_MemdescSize (BootRec* b) Word                                                     | -nvu-<br>-none-   | 204       |
| EFI_MemdescVersion (BootRec* b) Word                                                  | -none-            | 204       |
| EFI_MemmapSize (BootRec* b) Word                                                      | -none-            | 204       |
| EFI_Memmap (BootRec* b) Word                                                          | -none-            | 204       |
| EFL-Systab (BootRec* b) Word                                                          | -none-            | 204       |
| EnablePreemptionFaultException () Bool                                                | -none-            | 35        |
| EnablePreemption () Bool                                                              | -none-            | 35        |
| ErrInvalidParam Word const                                                            | -n/a-             | 34        |
| ErrInvalidParam Word const                                                            | -n/a-             | 75        |
| ErrInvalidScheduler Word const                                                        | -n/a-             | 24        |
| ErrInvalidSpace Word const                                                            | -n/a-             | 24        |
| ErrInvalidSpace Word const                                                            | <i>−n/a−</i>      | 45        |
| ErrInvalidThread Word const                                                           | -n/a-             | 21        |
| ErrInvalidThread Word const                                                           | -n/a-             | 24        |
| ErrInvalidThread Word const                                                           | -n/a-             | 33        |
| ErrKipArea Word const ErrNoMem Word const                                             | -n/a-<br>-n/a-    | 45<br>24  |
| ErrNoPrivilege Word const                                                             | -n/a-<br>-n/a-    | 24        |
| ErrNoPrivilege Word const                                                             | -n/a-             | 33        |
| ErrNoPrivilege Word const                                                             | -n/a-<br>-n/a-    | 45        |
| ErrNoPrivilege Word const                                                             | -n/a-             | 73        |
| ErrNoPrivilege Word const                                                             | -n/a-             | 75        |
| ErrorCode () Word                                                                     | -none-            | 17        |
| ErrorCode () Word                                                                     | -none-            | 21        |
| ErrorCode () Word                                                                     | -none-            | 24        |
| ErrorCode () Word                                                                     | -none-            | 33        |
| ErrorCode () Word                                                                     | -none-            | 45        |
| ErrorCode () Word                                                                     | -none-            | 66        |
| ErrorCode () Word                                                                     | -none-            | 73        |
| ErrorCode () Word                                                                     | -none-            | 75        |
| ErrUtcbArea Word const                                                                | -n/a-             | 24        |
| ErrUtcbArea Word const                                                                | -n/a-             | 45        |
| ExceptionHandler () ThreadId ExceptionHandler () ThreadId                             | –none–<br>–none–  | 17<br>70  |
| ExchangeRegisters (ThreadId dest, Word control, sp, ip, flags, UserDe-                | EXCHANGEREGISTERS | 20        |
| finedHandle, ThreadId pager, Word& old_control, old_sp, old_ip, old_flags,            | EXCHANGEREGISTERS | 20        |
| old_UserDefinedHandle, ThreadId& old_pager) ThreadId                                  |                   |           |
| eXecutable Word const                                                                 | -n/a-             | 39        |
| ExternalFreq (ProcDesc& p) Word                                                       | -none-            | 10        |
| Feature (void* KernelInterface, Word num) char*                                       | -none-            | 9         |
| Flush (Fpage f) Fpage                                                                 | Unmap             | 42        |
| Flush (Word n, Fpage& [n] fpages) void                                                | Unmap             | 42        |
| <b>FpageLog2</b> (Word BaseAddress, int Log2FpageSize < 64) Fpage                     | -none-            | 39        |
| <b>Fpage</b> (Word BaseAddress, int FpageSize $\geq 1$ K) Fpage                       | -none-            | 39        |
| Fpage data type                                                                       | -n/a-             | 38        |
| FullyAccessible Word const                                                            | <i>−n/a</i> −     | 39        |
| GetStatus (Fpage f) Fpage                                                             | -none-            | 42        |
| Get (Msg& msg, Word& ut, {MapItem, GrantItem, StringItem}& Items) void                | -none-            | 51        |
| Get (Msg& msg, Word t, GrantItem& g) Word Cot (Msg& msg, Word t, MapItem& m) Word     | -none-            | 52<br>52  |
| Get (Msg& msg, Word t, MapItem& m) Word<br>Get (Msg& msg, Word t, StringItem& s) Word | -none-            | 52<br>52  |
| Get (Msg& msg, Word u) Word                                                           | –none–<br>–none–  | 52        |
| Get (Msg& msg, Word u) Word& w) void                                                  | -none-<br>-none-  | 52        |
| GlobalId (ThreadId t) ThreadId                                                        | EXCHANGEREGISTERS | 15        |
| Globalid (ThreadId t) ThreadId                                                        | EXCHANGEREGISTERS | 20        |
| GlobalId (Word threadno, version) ThreadId                                            | -none-            | 15        |
| GlobalMemory Word const                                                               | -n/a-             | 126       |
| GrantItem (Fpage f, Word SndBase) GrantItem                                           | -none-            | 55        |
| GrantItem (GrantItem g) Bool                                                          | -none-            | 55        |
|                                                                                       |                   |           |

|                                                                                                                                                   | used system call                   | page      |
|---------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------|-----------|
|                                                                                                                                                   | ,                                  |           |
| GrantItem data type GuardedMemory Word const                                                                                                      | -n/a-<br>-n/a-                     | 55<br>126 |
| High (MemoryDesc& m) Word                                                                                                                         | -n/u-<br>-none-                    | 9         |
| IntendedReceiver () ThreadId                                                                                                                      | -none-                             | 17        |
| IntendedReceiver () ThreadId                                                                                                                      | -none-                             | 66        |
| InternalFreq (ProcDesc& p) Word                                                                                                                   | -none-                             | 10        |
| IoFpageLog2 (Word BaseAddress, int Log2FpageSize <= 16) Fpage                                                                                     | -none-                             | 172       |
| IoFpageLog2 (Word BasePort, int Log2FpageSize <= 16) Fpage                                                                                        | -none-                             | 97        |
| IoFpagePort (Fpage f) Word                                                                                                                        | -none-                             | 97        |
| IoFpageSizeLog2 (Fpage f) Word<br>IoFpageSize (Fpage f) Word                                                                                      | -none-                             | 97<br>97  |
| IoFpage (Word BaseAddress, int FpageSize) Fpage                                                                                                   | -none-<br>-none-                   | 172       |
| IoFpage (Word BasePort, int FpageSize) Fpage                                                                                                      | -none-                             | 97        |
| IpcFailed (MsgTag t) Bool                                                                                                                         | -none-                             | 66        |
| IpcPropagated (MsgTag t) Bool                                                                                                                     | -none-                             | 66        |
| IpcRedirected (MsgTag t) Bool                                                                                                                     | -none-                             | 66        |
| IpcSucceeded (MsgTag t) Bool                                                                                                                      | -none-                             | 66        |
| IpcXcpu (MsgTag t) Bool                                                                                                                           | -none-                             | 66        |
| Ipc (ThreadId to, FromSpecifier, Word Timeouts, ThreadId& from) MsgTag IsGlobalId (ThreadId t) Bool                                               | IPC                                | 65<br>15  |
| IsloFpage (Fpage f) Bool                                                                                                                          | -none-<br>-none-                   | 97        |
| IsLocalId (ThreadId t) Bool                                                                                                                       | -none-                             | 15        |
| IsNilFpage (Fpage f) Bool                                                                                                                         | -none-                             | 39        |
| IsNilThread (ThreadId t) Bool                                                                                                                     | -none-                             | 15        |
| IsVirtual (MemoryDesc& m) Bool                                                                                                                    | -none-                             | 9         |
| KernelGenDate (void* KernelInterface, Word& year, month, day) void                                                                                | -none-                             | 8         |
| Kernelld () Word                                                                                                                                  | -none-                             | 8         |
| KernelInterface () void*  KernelInterface (Word & AriVension, AriFlege, KernelId) void *                                                          | KERNELINTERFACE                    | 8<br>8    |
| KernelInterface (Word& ApiVersion, ApiFlags, KernelId) void * KernelSupplier (void* KernelInterface) Word                                         | KernelInterface -none-             | 8         |
| KernelVersionString (void* KernelInterface) char*                                                                                                 | -none-                             | 9         |
| KernelVersion (void* KernelInterface) Word                                                                                                        | -none-                             | 8         |
| KipAreaSizeLog2 (void* KernelInterface) Word                                                                                                      | -none-                             | 9         |
| Label (Msg& msg) Word                                                                                                                             | -none-                             | 51        |
| Label (Msg Tag t) Word                                                                                                                            | -none-                             | 50        |
| LargeSpace Word const                                                                                                                             | -n/a-                              | 98        |
| Line (ThreadId to) MsgTag  Line (ThreadId to Fram Specifier Word Timeouts ThreadId & fram) MagTag                                                 | LIPC                               | 66<br>65  |
| <b>Lipc</b> (ThreadId to, FromSpecifier, Word Timeouts, ThreadId& from) MsgTag <b>LoadBRs</b> (int <i>i</i> , <i>k</i> , Word& [ <i>k</i> ]) void | Lipc<br>-none-                     | 65<br>11  |
| <b>LoadBRs</b> (int $i, k$ , Word& $[k]$ ) void                                                                                                   | -none-                             | 60        |
| <b>LoadBR</b> (int $i$ , Word $w$ ) void                                                                                                          | -none-                             | 11        |
| <b>LoadBR</b> (int $i$ , Word $w$ ) void                                                                                                          | -none-                             | 60        |
| <b>LoadMRs</b> (int $i, k$ , Word& $[k]$ $w$ ) void                                                                                               | -none-                             | 11        |
| <b>LoadMRs</b> (int $i, k$ , Word& $[k]$ $w$ ) void                                                                                               | -none-                             | 52        |
| LoadMR (int i, Word w) void                                                                                                                       | -none-                             | 11        |
| LoadMR (int i, Word w) void                                                                                                                       | -none-                             | 52        |
| Load (Msg& msg) void LocalId (ThreadId t) ThreadId                                                                                                | <i>–none–</i><br>ExchangeRegisters | 51<br>15  |
| Localid (ThreadId t) ThreadId                                                                                                                     | EXCHANGEREGISTERS                  | 20        |
| LocalMemory Word const                                                                                                                            | -n/a-                              | 126       |
| Low (MemoryDesc& m) Word                                                                                                                          | -none-                             | 9         |
| LreplyWait (ThreadId to, ThreadId& from) MsgTag                                                                                                   | Lipc                               | 66        |
| MapGrantItems (Acceptor a) Bool                                                                                                                   | -none-                             | 60        |
| MapGrantItems (Fpage RevWindow) Acceptor                                                                                                          | -none-                             | 59        |
| MapItem (Fpage f, Word SndBase) MapItem MapItem (MapItem m) Page                                                                                  | -none-                             | 53<br>54  |
| MapItem (MapItem m) Bool                                                                                                                          | –none–<br>–n/a–                    | 54<br>53  |
| MapItem data type MBI_Address (BootRec* b) Word                                                                                                   | –n/a–<br>–none–                    | 204       |
| MemoryControl (Word control, Word& attributes[4]) Word                                                                                            | MEMORYCONTROL                      | 75        |
| MemoryDesc (void* KernelInterface, Word num) MemoryDesc*                                                                                          | -none-                             | 9         |
| MemoryDesc data type                                                                                                                              | -n/a-                              | 8         |
| Module_Cmdline (BootRec* b) char*                                                                                                                 | -none-                             | 203       |
| Module_Size (BootRec* b) Word                                                                                                                     | -none-                             | 203       |
|                                                                                                                                                   |                                    |           |

|                                                                                           | used system call  | page     |
|-------------------------------------------------------------------------------------------|-------------------|----------|
|                                                                                           |                   |          |
| Module_Start (BootRec* b) Word                                                            | -none-            | 203      |
| MsgBuffer data type                                                                       | <i>−n/a</i> −     | 60       |
| MsgTag () MsgTag                                                                          | -none-            | 50       |
| MsgTag (Msg& msg) MsgTag                                                                  | -none-            | 51       |
| MsgTag data type                                                                          | -n/a-             | 50       |
| Msg data type MyGlobalId () ThreadId                                                      | –n/a–<br>–none–   | 51<br>15 |
| MyGlobalId () ThreadId                                                                    | -none-            | 17       |
| MyLocalId () ThreadId                                                                     | -none-            | 15       |
| MyLocalId () ThreadId                                                                     | -none-            | 17       |
| Myself () ThreadId                                                                        | -none-            | 15       |
| Myself () ThreadId                                                                        | -none-            | 17       |
| NaTPageMemory Word const                                                                  | -n/a-             | 116      |
| Never Time const                                                                          | -n/a-             | 28       |
| Next (BootRec* BootRec) BootRec*                                                          | -none-            | 201      |
| Nilpage Fpage const                                                                       | -n/a-             | 39       |
| Niltag MsgTag const                                                                       | -n/a-             | 50       |
| nilthread ThreadId const                                                                  | -n/a-             | 15       |
| NoAccess Word const                                                                       | -n/a-             | 39       |
| NumMemoryDescriptors (void* KernelInterface) Word                                         | -none-            | 8        |
| NumProcessors (void* KernelInterface) Word                                                | -none-            | 8        |
| PageRights (void* KernelInterface) Word                                                   | -none-            | 8        |
| Pager () ThreadId                                                                         | -none-            | 17       |
| Pager (ThreadId t) ThreadId                                                               | EXCHANGEREGISTERS | 20       |
| PageSizeMask (void* KernelInterface) Word                                                 | -none-            | 8        |
| PAL_Call (Word idx, a1, a2, a3, Word& r1, r2, r3) Word                                    | PAL_CALL          | 108      |
| PCIConfigFpageLog2 (Word BaseAddress, int Log2FpageSize < 64) Fpage                       | -none-            | 114      |
| PCIConfigFpage (Word BaseAddress, int FpageSize ≥ 256) Fpage                              | -none-            | 114      |
| PreemptionPending () Bool PreemptionPending () Bool Ward numb Preemption                  | -none-            | 35<br>9  |
| ProcDesc (void* KernelInterface, Word num) ProcDesc* ProcDesc data type                   | –none–<br>–n/a–   | 8        |
| ProcessorControl (Word ProcessorNo, InternalFrequency, ExternalFrequency,                 | -none-            | 73       |
| voltage) Word                                                                             | -none-            | 13       |
| ProcessorNo () Word                                                                       | -none-            | 17       |
| <b>Put</b> (Msg& msg, Word l, int u, Word& [u] ut, int t, {MapItem, GrantItem, StringItem | -none-            | 51       |
| }& Items) void                                                                            |                   |          |
| Put (Msg& msg, Word t, GrantItem g) void                                                  | -none-            | 52       |
| Put (Msg& msg, Word t, MapItem m) void                                                    | -none-            | 51       |
| Put (Msg& msg, Word t, StringItem& s) void                                                | -none-            | 52       |
| Put (Msg& msg, Word t, StringItem s) void                                                 | -none-            | 52       |
| Put (Msg& msg, Word u, Word w) void                                                       | -none-            | 51       |
| RcvWindow (Acceptor a) Fpage                                                              | -none-            | 60       |
| Readable Word const                                                                       | <i>−n/a−</i>      | 38       |
| ReadeXecOnly Word const                                                                   | <i>−n/a−</i>      | 39       |
| ReadPrecision (void* KernelInterface) Word                                                | -none-            | 9        |
| Receive (ThreadId from) MsgTag                                                            | IPC               | 66       |
| Receive (ThreadId from, Time RcvTimeout) MsgTag                                           | IPC               | 66       |
| ReplyWait (ThreadId to, ThreadId& from) MsgTag                                            | IPC               | 66       |
| ReplyWait (ThreadId to, Time RcvTimeout, ThreadId& from) MsgTag                           | IPC<br>IPC        | 66<br>66 |
| Reply (ThreadId to) MsgTag ReservedMemoryType Word const                                  | -n/a-             | 9        |
| Rights (Fpage f) Word                                                                     | -none-            | 39       |
| SAL_Call (Word idx, a1, a2, a3, a4, a5, a6, Word& r1, r2, r3) Word                        | SAL_CALL          | 108      |
| SAL_PCI_ConfigRead (Word address, size, Word& value) Word                                 | SAL_CALL          | 108      |
| SAL_PCI_ConfigWrite (Word address, size, value) Word                                      | SAL_CALL          | 108      |
| SameThreads (ThreadId l, r) Bool                                                          | EXCHANGEREGISTERS | 15       |
| SchedulePrecision (void* KernelInterface) Word                                            | -none-            | 9        |
| Schedule (ThreadId dest, Word TimeControl, ProcessorControl, prio, Preemption-            | SCHEDULE          | 33       |
| Control, Word& old_TimeControl) Word                                                      |                   |          |
| Send (ThreadId to) MsgTag                                                                 | IPC               | 66       |
| Send (ThreadId to, Time SndTimeout) MsgTag                                                | IPC               | 66       |
| Set_CopFlag (Word n) void                                                                 | -none-            | 17       |
| Set_CopFlag (Word n) void                                                                 | -none-            | 71       |
|                                                                                           |                   |          |

|                                                                                                       | used system call  | page       |
|-------------------------------------------------------------------------------------------------------|-------------------|------------|
| Set_ExceptionHandler (ThreadId new) void                                                              | -none-            | 70         |
| Set.ExceptionHandler (ThreadId NewHandler) void                                                       | -none-            | 17         |
| Set Label (Msg& msg, Word label) void                                                                 | -none-            | 51         |
| Set_MsgTag (MsgTag t) void                                                                            | -none-            | 50         |
| Set_MsgTag (Msg& msg, MsgTag t) void                                                                  | -none-            | 51         |
| Set_PageAttribute (Fpage f, Word attribute) Word                                                      | MEMORYCONTROL     | 75         |
| Set_Pager (ThreadId NewPager) void                                                                    | -none-            | 17         |
| Set_Pager (ThreadId t, p) void                                                                        | EXCHANGEREGISTERS | 20         |
| <b>Set_PagesAttributes</b> (Word n, Fpage& [n] fpages, Word& [4] attributes) Word                     | MEMORYCONTROL     | 75         |
| Set_PreemptionDelay (ThreadId dest, Word sensitivePrio, Word maxDelay) Word                           | -none-            | 33         |
| Set_Priority (ThreadId dest, Word prio) Word                                                          | -none-            | 33         |
| Set_ProcessorNo (ThreadId dest, Word ProcessorNo) Word                                                | -none-            | 33         |
| Set Propagation (MsgTag& t) void                                                                      | -none-            | 67<br>39   |
| Set_Rights (Fpage& f, Word AccessRights) void Set_Timeslice (ThreadId dest, Time ts, Time tq) Word    | –none–<br>–none–  | 33         |
| Set_UserDefinedHandle (ThreadId t, Word handle) void                                                  | EXCHANGEREGISTERS | 20         |
| Set_UserDefinedHandle (Word NewValue) void                                                            | -none-            | 17         |
| Set_VirtualSender (ThreadId t) void                                                                   | -none-            | 17         |
| Set_VirtualSender (ThreadId t) void                                                                   | -none-            | 67         |
| Set_XferTimeouts (Word NewValue) void                                                                 | -none-            | 17         |
| SharedMemoryType Word const                                                                           | -n/a-             | 9          |
| SimpleExec_BssPstart (BootRec* b) Word                                                                | -none-            | 203        |
| SimpleExec_BssSize (BootRec* b) Word                                                                  | -none-            | 204        |
| SimpleExec_BssVstart (BootRec* b) Word                                                                | -none-            | 203        |
| SimpleExec_Cmdline (BootRec* b) char*                                                                 | -none-            | 204        |
| SimpleExec_DataPstart (BootRec* b) Word                                                               | -none-            | 203        |
| SimpleExec_DataSize (BootRec* b) Word                                                                 | -none-            | 203        |
| SimpleExec_DataVstart (BootRec* b) Word                                                               | -none-            | 203        |
| SimpleExec_Flags (BootRec* b) Word                                                                    | -none-            | 204        |
| SimpleExec_InitialIP (BootRec* b) Word SimpleExec_Label (BootRec* b) Word                             | -none-            | 204<br>204 |
| SimpleExec_Set_Flags (BootRec* b, Word w) void                                                        | –none–<br>–none–  | 204        |
| SimpleExec_Set_Label (BootRec* b, Word w) void                                                        | -none-            | 204        |
| SimpleExec_TextPstart (BootRec* b) Word                                                               | -none-            | 203        |
| SimpleExec.TextSize (BootRec* b) Word                                                                 | -none-            | 203        |
| SimpleExec_TextVstart (BootRec* b) Word                                                               | -none-            | 203        |
| SizeLog2 (Fpage f) Word                                                                               | -none-            | 39         |
| Size (Fpage f) Word                                                                                   | -none-            | 39         |
| Sleep (Time t) void                                                                                   | IPC               | 66         |
| SmallSpace (Word location, size) Word                                                                 | -none-            | 98         |
| SndBase (GrantItem g) Word                                                                            | -none-            | 55         |
| SndBase (MapItem m) Word                                                                              | -none-            | 54         |
| SndFpage (GrantItem g) Fpage                                                                          | -none-            | 55<br>54   |
| SndFpage (MapItem m) Fpage<br>SpaceControl (ThreadId SpaceSpecifier, Word control, Fpage KernelInter- | -none-            | 54<br>45   |
| facePageArea, UtcbArea, ThreadId Redirector, Word& old_Control) Word                                  | SPACECONTROL      | 43         |
| SpeculativeMemory Word const                                                                          | -n/a-             | 126        |
| Start (ThreadId t) void                                                                               | EXCHANGEREGISTERS | 21         |
| Start (ThreadId t, Word sp, ip) void                                                                  | EXCHANGEREGISTERS | 21         |
| Start (ThreadId t, Word sp, ip, flags) void                                                           | EXCHANGEREGISTERS | 21         |
| Stop (ThreadId t) ThreadState                                                                         | EXCHANGEREGISTERS | 21         |
| Stop (ThreadId t, Word& sp, ip, flags) ThreadState                                                    | EXCHANGEREGISTERS | 21         |
| StoreBRs (int $i, k$ , Word& $[k]$ ) void                                                             | -none-            | 11         |
| <b>StoreBRs</b> (int $i$ , $k$ , Word& $[k]$ ) void                                                   | -none-            | 60         |
| <b>StoreBR</b> (int $i$ , Word& $w$ ) void                                                            | -none-            | 11         |
| <b>StoreBR</b> (int $i$ , Word& $w$ ) void                                                            | -none-            | 60         |
| StoreMRs (int $i, k$ , Word& $[k] w$ ) void                                                           | -none-            | 11         |
| StoreMRs (int $i, k$ , Word& $[k]$ $w$ ) void                                                         | -none-            | 52         |
| StoreMR (int i, Word& w) void                                                                         | -none-            | 11         |
| StoreMR (int i, Word& w) void                                                                         | -none-            | 52<br>51   |
| Store (MsgTag t, Msg& msg) void StringItams A coenter A coenter const                                 | -none-            | 51<br>59   |
| StringItemsAcceptor Acceptor const<br>StringItems (Acceptor a) Bool                                   | –n/a–<br>–none–   | 59<br>60   |
| oringations (Acceptor a) boot                                                                         | -none-            | 00         |

|                                                                                       | used system call  | page     |
|---------------------------------------------------------------------------------------|-------------------|----------|
|                                                                                       |                   |          |
| StringItem (int size, void* address) StringItem                                       | -none-            | 57<br>57 |
| StringItem (StringItem& s) Bool                                                       | -none-            | 57       |
| StringItem data type Substrings (StringItem& s) Word                                  | -n/a-             | 57<br>57 |
| Substring (StringItem& s) Word n) void*                                               | –none–<br>–none–  | 57       |
| SystemClock () Clock                                                                  | SystemClock       | 27       |
| ThreadControl (ThreadId dest, SpaceSpecifier, Scheduler, Pager, void* UtcbLoca-       | THREADCONTROL     | 24       |
| tion) Word                                                                            | Time Corvine      |          |
| ThreadIdBits (void* KernelInterface) Word                                             | -none-            | 8        |
| ThreadIdSystemBase (void* KernelInterface) Word                                       | -none-            | 8        |
| ThreadIdUserBase (void* KernelInterface) Word                                         | -none-            | 9        |
| ThreadId data type                                                                    | -n/a-             | 15       |
| ThreadNo (ThreadId t) Word                                                            | -none-            | 15       |
| ThreadState data type                                                                 | <i>−n/a−</i>      | 21       |
| ThreadSwitch (ThreadId dest) void                                                     | THREADSWITCH      | 30       |
| ThreadWasHalted (ThreadState s) Bool                                                  | -none-            | 21       |
| ThreadWasIpcing (ThreadState s) Bool                                                  | -none-            | 21       |
| ThreadWasReceiving (ThreadState s) Bool                                               | -none-            | 21<br>21 |
| ThreadWasSending (ThreadState s) Bool Timeouts (Time SndTimeout, RcvTimeout) Word     | -none-            | 67       |
| TimePeriod (Word64 microseconds) Time                                                 | –none–<br>–none–  | 28       |
| TimePoint (Clock at) Time                                                             | -none-            | 29       |
| Timeslice (ThreadId dest, Time & ts, Time & tq) Word                                  | -none-            | 33       |
| Time data type                                                                        | -n/a-             | 28       |
| TypedWords (Msg Tag t) Word                                                           | -none-            | 50       |
| Type (BootRec* BootRec) Word                                                          | -none-            | 201      |
| Type (MemoryDesc& m) Word                                                             | -none-            | 9        |
| UncacheableExportedMemory Word const                                                  | -n/a-             | 116      |
| UncacheableMemory Word const                                                          | -n/a-             | 100      |
| UncacheableMemory Word const                                                          | -n/a-             | 116      |
| UncacheableMemory Word const                                                          | -n/a-             | 174      |
| UndefinedMemoryType Word const                                                        | <i>−n/a−</i>      | 9        |
| Unmap (Fpage f) Fpage                                                                 | UNMAP             | 41       |
| Unmap (Word n, Fpage& [n] fpages) void                                                | UNMAP             | 41       |
| Unmap (Word control) void                                                             | UNMAP             | 41       |
| UntypedWords Acceptor Acceptor const                                                  | -n/a-             | 59<br>50 |
| UntypedWords (Msg Tag t) Word UseDefaultCacheLineAllocation CacheAllocationHint const | –none–<br>–n/a–   | 115      |
| UseDefaultCacheLineAllocation CacheAllocationHint const                               | -n/a-             | 173      |
| UseDefaultCacheLineAllocation CacheAllocationHint const                               | -n/a-<br>-n/a-    | 57       |
| UseDefaultCacheLineAllocation CacheAllocationHint const                               | -n/a-             | 99       |
| UserDefinedHandle () Word                                                             | -none-            | 17       |
| UserDefinedHandle (ThreadId t) Word                                                   | EXCHANGEREGISTERS | 20       |
| UtcbAlignmentLog2 (void* KernelInterface) Word                                        | -none-            | 9        |
| UtcbAreaSizeLog2 (void* KernelInterface) Word                                         | -none-            | 9        |
| UtcbSize (void* KernelInterface) Word                                                 | -none-            | 9        |
| Version (ThreadId t) Word                                                             | -none-            | 15       |
| Wait (ThreadId& from) MsgTag                                                          | IPC               | 66       |
| Wait (Time RcvTimeout, ThreadId& from) MsgTag                                         | IPC               | 66       |
| WaseXecuted (Fpage f) Bool                                                            | -none-            | 42       |
| WasReferenced (Fpage f) Bool                                                          | -none-            | 42       |
| WasWritten (Fpage f) Bool Writable Word const                                         | -none-            | 42<br>38 |
| WriteBackMemory Word const                                                            | -n/a-<br>-n/a-    | 100      |
| WriteBackMemory Word const                                                            | -n/a-<br>-n/a-    | 116      |
| WriteBackMemory Word const                                                            | -n/a-             | 126      |
| WriteBackMemory Word const                                                            | -n/a-<br>-n/a-    | 174      |
| WriteCoalescingMemory Word const                                                      | -n/a-             | 116      |
| WriteCombiningMemory Word const                                                       | -n/a-             | 100      |
| WriteCombiningMemory Word const                                                       | -n/a-             | 174      |
| WriteProtectedMemory Word const                                                       | -n/a-             | 100      |
| WriteProtectedMemory Word const                                                       | -n/a-             | 174      |
| WriteThroughMemory Word const                                                         | -n/a-             | 100      |

|                               | used system call | page |
|-------------------------------|------------------|------|
|                               |                  |      |
| WriteThroughMemory Word const | <i>−n/a−</i>     | 126  |
| WriteThroughMemory Word const | <i>−n/a−</i>     | 174  |
| XferTimeouts () Word          | -none-           | 17   |
| Yield () void                 | THREADSWITCH     | 30   |
| ZeroTime Time const           | <i>−n/a−</i>     | 28   |

## Index

| !=, 15, 26, 29                         | BR, see buffer registers                                          |
|----------------------------------------|-------------------------------------------------------------------|
| +, 26, 29, 39, 50, 58, 59              | buffer registers, 59                                              |
| +=, 29, 39, 50, 57–59                  | alpha, 145                                                        |
| -, 26, 29, 39, 59                      | amd64, 165–166                                                    |
| – (ignored), vii                       | arm, 189                                                          |
| -=, 29, 39, 59                         | ia32, 91–92                                                       |
| <, 26, 29                              | ia64, 107                                                         |
| <=, 26, 29                             | mips64, 153                                                       |
| ≡ (unchanged), vii                     | powerpc, 121                                                      |
| ==, 15, 26, 29, 50, 58                 | ppc64, 133                                                        |
| >, 26, 29                              | sparc64, 181                                                      |
| >=, 26, 29                             | r ,                                                               |
| $\sim$ (undefined), vii                | cacheability, 56, 99, 100, 115, 116, 126, 139, 159, 173, 174, 193 |
| $\sigma_0$ , see sigma0                | CacheAllocationHint, 58                                           |
| <i>"</i>                               | CacheNonTemporalAllLevels, 115                                    |
| AbortIpc_and_stop, 21                  | CacheNonTemporalL1, 115                                           |
| AbortReceive_and_stop, 21              | CacheNonTemporalL2, 115                                           |
| AbortSend_and_stop, 21                 | CachingEnabledMemory, 126                                         |
| Accept, 60                             | CachingInhibitedMemory, 126                                       |
| Accepted, 60                           | Call, 65, 66                                                      |
| acceptor, 59                           | Clear, 51, 60                                                     |
| ACPIMemoryType, 117                    | clock, 26                                                         |
| ActualSender, 17, 67                   | reading, 27                                                       |
| Address, 39                            | Clr_CopFlag, 17, 71                                               |
| address space                          | CompleteAddressSpace, 39                                          |
| creation/deletion, 43                  | CompoundString, 57                                                |
| initial, 83                            | convenience programming interface, vi                             |
| AllocateNewCacheLines, 99, 173         | ConventionalMemoryType, 9                                         |
| AllocateOnlyNewL1CacheLines, 99, 173   | coprocessors, 71                                                  |
| anylocalthread, 15                     | •                                                                 |
| anythread, 15                          | DeassociateInterrupt, 24                                          |
| ApiFlags, 8                            | debug registers, 102, 176                                         |
| ApiVersion, 8                          | DedicatedMemoryType, 9                                            |
| Append, 51, 60                         | DefaultMemory, 75, 100, 116, 126, 174                             |
| ArchitectureSpecificMemoryType, 9      | DisablePreemption, 35                                             |
| AssociateInterrupt, 24                 | DisablePreemptionFaultException, 35                               |
| ······································ | DoNotAllocateNewCacheLines, 99, 173                               |
| BootInfo, 9                            | , ,                                                               |
| BootInfo_EFITables, 203                | EFI_MemdescSize, 204                                              |
| BootInfo_Entries, 201                  | EFI_MemdescVersion, 204                                           |
| BootInfo_FirstEntry, 201               | EFI_Memmap, 204                                                   |
| BootInfo_Module, 203                   | EFI_MemmapSize, 204                                               |
| BootInfo_Multiboot, 203                | EFI_Systab, 204                                                   |
| BootInfo_SimpleExec, 203               | EnablePreemption, 35                                              |
| BootInfo_Size, 201                     | EnablePreemptionFaultException, 35                                |
| BootInfo_Valid, 201                    | endian, 3                                                         |
| booting, 86–88                         | ErrInvalidParam, 34, 75                                           |
| alpha, 150                             | ErrInvalidScheduler, 24                                           |
| amd64, 177                             | ErrInvalidSpace, 24, 45                                           |
| arm, 197                               | ErrInvalidThread, 21, 24, 33                                      |
| ia32, 103                              | ErrKipArea, 45                                                    |
| mips64, 162                            | ErrNoMem, 24                                                      |
| powerpc, 130                           | ErrNoPrivilege, 24, 33, 45, 73, 75                                |
| ppc64, 142                             | ErrorCode, 17, 21, 24, 33, 45, 66, 73, 75                         |
| BootLoaderSpecificMemoryType, 9        | ErrUtcbArea, 24, 45                                               |
|                                        |                                                                   |

216 INDEX

| exception                             | IsNilThread, 15                         |
|---------------------------------------|-----------------------------------------|
| handling, 70                          | IsVirtual, 9                            |
| message                               | 13 vii iiiii, )                         |
| amd64, 175                            | kernel features, 5                      |
| arm, 195                              | ia32, 96                                |
| ia32, 101                             | kernel interface page                   |
| ia64, 118                             | location, 43                            |
| mips64, 160                           | kernel interface page, 2–10             |
| powerpc, 127                          | data structure, 2-6                     |
| ppc64, 140                            | retrieving, 7–10                        |
| protocol, 82                          | KernelGenDate, 8                        |
| ExceptionHandler, 17, 70              | KernelId, 8                             |
| ExchangeRegisters, 20                 | KernelInterface, 8                      |
| eXecutable, 39                        | KernelSupplier, 8                       |
| ExternalFreq, 10                      | KernelVersion, 8                        |
| Facture 0                             | KernelVersionString, 9                  |
| Feature, 9<br>Flush, 42               | KipAreaSizeLog2, 9                      |
| Fpage, 39                             | Label, 50, 51                           |
| fpage, 38–39                          | LargeSpace, 98                          |
| mapping, 61                           | Lcall, 66                               |
| receiving, 59                         | <i>Lipc</i> , 65                        |
| unmapping, 38, 40–42                  | lipc, 61                                |
| FpageLog2, 39                         | Load, 51                                |
| FullyAccessible, 39                   | LoadBR, 11, 60                          |
|                                       | LoadBRs, 11, 60                         |
| generic binary interface, vi          | LoadMR, 11, 52                          |
| generic bootinfo, 199–204             | LoadMRs, 11, 52                         |
| data structure, 199–200               | local ipc, 61                           |
| generic record, 200–201               | local thread ID, 14                     |
| generic programming interface, vi     | LocalId, 15, 20                         |
| Get, 51, 52<br>GetStatus, 42          | LocalMemory, 126                        |
| global thread ID, 14                  | logical interface, vi<br>Low, 9         |
| Globalld, 15, 20                      | LreplyWait, 66                          |
| GlobalMemory, 126                     | Liepty wait, 00                         |
| GrantItem, 55                         | MapGrantItems, 59, 60                   |
| GuardedMemory, 126                    | <i>MapItem</i> , 53, 54                 |
| · ·                                   | MBI_Address, 204                        |
| High, 9                               | memory descriptor, 6, 87-88             |
|                                       | ia64, 117                               |
| include files, viii                   | MemoryControl, 75                       |
| IntendedReceiver, 17, 66              | MemoryDesc, 9                           |
| InternalFreq, 10                      | message registers, 48–49                |
| interrupt 22                          | alpha, 144–145                          |
| association, 22<br>thread ID, 14      | amd64, 164–165<br>arm, 188–189          |
| IO fpage, 97, 172                     | ia32, 91                                |
| IoFpage, 97, 172                      | ia64, 106–107                           |
| IoFpageLog2, 97, 172                  | mips64, 152–153                         |
| IoFpagePort, 97                       | powerpc, 120–121                        |
| IoFpageSize, 97                       | ppc64, 132–133                          |
| IoFpageSizeLog2, 97                   | sparc64, 180–181                        |
| IPC, 61–67                            | messages                                |
| aborting, 18                          | generating, 48–52                       |
| cross cpu, 64                         | model specific registers, 102, 176      |
| propagation, 62                       | Module_Cmdline, 203                     |
| <i>Ipc</i> , 65                       | Module_Size, 203                        |
| IpcFailed, 66                         | Module_Start, 203                       |
| IpcPropagated, 66                     | MR, see message registers               |
| IpcRedirected, 66<br>IpcSucceeded, 66 | MsgTag, 50, 51                          |
| IpcXcpu, 66                           | MyGlobalId, 15, 17<br>MyLocalId, 15, 17 |
| IsGlobalId, 15                        | Myself, 15, 17                          |
| IsloFpage, 97                         | ,                                       |
| IsLocalId, 15                         | NaTPageMemory, 116                      |
| IsNilFpage, 39                        | Never, 28                               |
|                                       |                                         |

INDEX 217

| Next, 201                               | Send, 66                      |
|-----------------------------------------|-------------------------------|
| Nilpage, 39                             | send base, 53                 |
| Niltag, 50                              | sensitive prio, 32            |
| nilthread, 15                           | Set_CopFlag, 17, 71           |
| NoAccess, 39                            | Set_ExceptionHandler, 17, 70  |
| NumMemoryDescriptors, 8                 | Set_Label, 51                 |
| NumProcessors, 8                        | <i>Set_MsgTag</i> , 50, 51    |
|                                         | Set_PageAttribute, 75         |
| page                                    | <i>Set_Pager</i> , 17, 20     |
| access rights, 4, 38, 53, 55, 80, 84    | Set_PagesAttributes, 75       |
| changing, 40, 53, 55                    | Set_PreemptionDelay, 33       |
| inspecting, 41                          | Set_Priority, 33              |
| attributes, 84                          | Set_ProcessorNo, 33           |
| amd64, 174                              | Set_Propagation, 67           |
| arm, 193                                | Set_Rights, 39                |
| ia32, 100                               | Set_Timeslice, 33             |
| ia64, 116                               | Set_UserDefinedHandle, 17, 20 |
| mips64, 159                             | Set_VirtualSender, 17, 67     |
| powerpc, 126<br>ppc64, 139              | Set_XferTimeouts, 17          |
| size, 3                                 | SharedMemoryType, 9           |
| pagefault                               | sigma0, 83                    |
| protocol, 80                            | protocol, 83–85               |
| Pager, 17, 20                           | SimpleExec_BssPstart, 203     |
| pager, 80                               | SimpleExec_BssSize, 204       |
| changing, 17, 20, 23                    | SimpleExec_BssVstart, 203     |
| PageRights, 8                           | SimpleExec_Cmdline, 204       |
| PageSizeMask, 8                         | SimpleExec_DataPstart, 203    |
| PAL procedure calls, 108                | SimpleExec_DataSize, 203      |
| PAL_Call, 108                           | SimpleExec_DataVstart, 203    |
| PCI Config fpage, 114                   | SimpleExec_Flags, 204         |
| PCI Configuration Space                 | SimpleExec_InitialIP, 204     |
| ia64, 108, 114                          | SimpleExec_Label, 204         |
| PCIConfigFpage, 114                     | SimpleExec_Set_Flags, 204     |
| PCIConfigFpageLog2, 114                 | SimpleExec_Set_Label, 204     |
| preemption, 32, 35                      | SimpleExec_TextPstart, 203    |
| protocol, 81                            | SimpleExec_TextSize, 203      |
| PreemptionPending, 35                   | SimpleExec_TextVstart, 203    |
| privileged threads, vii                 | Size, 39                      |
| ProcDesc, 9                             | SizeLog2, 39                  |
| processor-specific binary interface, vi | Sleep, 66                     |
| ProcessorControl, 73                    | small spaces, 98              |
| ProcessorNo, 16                         | SmallSpace, 98                |
| ProcessorNo, 17                         | SndBase, 54, 55               |
| propagation, 62                         | SndFpage, 54, 55              |
| Put, 51, 52                             | SpaceControl, 45              |
|                                         | SpeculativeMemory, 126        |
| RcvWindow, 60                           | Start, 21                     |
| RDMSR, 102, 176                         | Stop, 21                      |
| Readable, 38                            | Store, 51                     |
| ReadeXecOnly, 39                        | StoreBR, 11, 60               |
| ReadPrecision, 9                        | StoreBRs, 11, 60              |
| Receive, 66                             | StoreMR, 11, 52               |
| redirection, 44, 62                     | StoreMRs, 11, 52              |
| Reply, 66                               | StringItem, 57                |
| ReplyWait, 66                           | StringItems, 60               |
| ReservedMemoryType, 9                   | StringItemsAcceptor, 59       |
| Rights, 39                              | strings, 56–58                |
| CAI 1 11 100                            | receiving, 59                 |
| SAL procedure calls, 108                | Substring, 57                 |
| SAL_Call, 108                           | Substrings, 57                |
| SAL_PCI_ConfigRead, 108                 | system thread, 14             |
| SAL_PCI_ConfigWrite, 108                | system thread, 66             |
| SameThreads, 15                         | system-call links, 5          |
| Schedule, 33                            | alpha, 146–149                |
| SchedulePrecision, 9                    | amd64, 167                    |
| segments, 102, 176                      | arm, 190                      |
|                                         |                               |

218 INDEX

| ia32, 93<br>ia64, 109<br>mips64, 154–158<br>powerpc, 122–125<br>ppc64, 134<br>sparc64, 182<br>SystemBase, 4                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | location, 43 size, 4, 23, 43 UtcbAlignmentLog2, 9 UtcbAreaSizeLog2, 9 UtcbSize, 9  Version, 15                                                                                                                                                                                                                                               |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| SystemClock, 27                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | virtual registers, 11                                                                                                                                                                                                                                                                                                                        |
| TCR, see thread control registers thread  creation, 22 halting, 18 ID, 14 id, 15, see thread ID migration, 32 priority, 31 privileged, vii startup protocol, 78 state, 21, 32 version, 14, 22 thread control registers, 16–17 alpha, 144 amd64, 164 arm, 188 ia32, 90 ia64, 106 mips64, 152 powerpc, 120 ppc64, 132 sparc64, 180 thread ID, 14–15 retrieving, 17, 20 ThreadControl, 24 ThreadIdBits, 8 ThreadIdSystemBase, 8 ThreadIdSystemBase, 9 ThreadWasHalted, 21 ThreadWasPacing, 21 ThreadWasSending, 21 ThreadWasSending, 21 time, 28–29 time quantum, 31 Timeouts, 67 TimePeriod, 28 TimePoint, 29 Timeslice, 33 timeslice, 31 donation, 30 Type, 9, 201 TypedWords, 50  UncacheableExportedMemory, 116 UncacheableMemory, 100, 116, 174 | Wait, 66 WaseXecuted, 42 WasReferenced, 42 WasWritten, 42 Word, vii Word16, vii Word22, vii Word64, vii Writable, 38 WriteBackMemory, 100, 116, 126, 174 WriteCoalescingMemory, 116 WriteCombiningMemory, 100, 174 WriteProtectedMemory, 100, 174 WriteThroughMemory, 100, 126, 174 WRMSR, 102, 176  XferTimeouts, 17 Yield, 30 ZeroTime, 28 |
| UndefinedMemoryType, 9<br>Unmap, 41<br>UntypedWords, 50                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |                                                                                                                                                                                                                                                                                                                                              |
| UntypedWordsAcceptor, 59 upward compatibility, vii UseDefaultCacheLineAllocation, 57, 99, 115, 173 UserBase, 4 UserDefinedHandle, 16, 19 UserDefinedHandle, 17, 20 using the API, viii                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |                                                                                                                                                                                                                                                                                                                                              |
| UTCB                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |                                                                                                                                                                                                                                                                                                                                              |