pointer representation (was: Re: effect of free())

Sun Sep 10 21:13:03 AEST 1989

In article <2072 at munnari.oz.au> ok at cs.mu.oz.au (Richard O'Keefe) writes:
>In article <11016 at smoke.BRL.MIL>, gwyn at smoke.BRL.MIL (Doug Gwyn) writes:
>: In article <2064 at munnari.oz.au> ok at cs.mu.oz.au (Richard O'Keefe) writes:
>: >If that is so, then a C compiler which exploits x == y to use y where x
>: >was written is _not_ guaranteed to preserve things like a ring number,
>: >which could be Bad News for people trying to write operating system
>: >kernels in C.
>: If they're trying to represent (address+ring) as a C pointer, they're
>: ALREADY in trouble!
>I don't quite follow this.  On the PR1ME 50 series -- and some others --
>the native "address" format *always* has a ring number in it.  It's not
>a question of someone implementing C on such a machine _choosing_ to
>represent address+ring as a C pointer, it's a question of them choosing
>to represent C pointers as native hardware-type addresses, and those
>addresses always have ring numbers in them.

You're reading it backwards -- of course C pointers would be represented
using machine addresses, which in this case happen to have ring numbers
attached to them.  Your original concern was with OS kernels trying to
rely on the ring number extracted from a C pointer.  If the OS kernel
needs to deal with the ring number, it needs to do the bookkeeping some
other way.  Your example is essentially
	struct mach_addr { ... ring; ... loc; } x, y;
	if ( x.loc == y.loc )
		operation_on( y.ring, y.loc );
		/* where operation_on( x.ring, x.loc ) was intended */
When spelled out in detail, it looks more like the bug that it is.
The OS, in dealing with multiple active rings, has failed to check
whether the ring is appropriate, and if it were able to know that x.ring
was appropriate, it should also be able to retain the knowledge of what
x.ring happens to be and do the operation using that explicit ring
knowledge.  In fact a data structure similar to my "struct mach_addr"
may be desirable in such an OS implementation.

I don't think the difficulty of a ring-supporting OS implementation is
a very strong argument for imposing additional constraints on C pointer
implementation.

Pointer implementation that ignores ring number in comparisons will
perhaps work for user processes, but the kernel would have to be more
careful.  (It's probably written in PL/I anyhow.  You think C is hard
to use for such an OS implementation...)

Almost any reasonable multi-tasking OS is going to have to keep
straight which context a given address value belongs to.  It hasn't
been a big problem in UNIX so far; one merely has functions for
facilitating data access "across the OS/user interface", or even
better in some implementations, uses remapping to temporarily share
a portion of address space.  Right off hand, I don't see how it would
be much worse on a ring-based machine.