The Duality of Memory and Communication in the Implementation of a
------------------------------------------------------------------
Multiprocessor Operating System : Young et.al, 1987
-------------------------------

External memory management facility in Mach: Uses memory objects which
can be managed by either the kernel or the user through a message
interface.

Goals for Mach: OO interface with small number of system objects;
distributed computing and multiprocessor support; portability; Unix
compatibility; good performance

Key idea is the notion that communication (message-passing) and
virtual memory (VM) can play complementary roles in the OS
kernel. This is an extension to the duality between shared memory and
message passing in traditional multiprocessor systems. Mach implements
VM by mapping process addresses onto memory objects which are accessed
via messages using communication channels. These ideas were developed
from the Accent system. Accent provided a mechanism of a single level
store in primary memory which was a cache for the secondary memory
including files. This means that I/O was memory-mapped directly into
user memory making it more efficient. Disadvantages of Accent were
that it could not survive the introduction of new hardware and did not
have Unix emulation. Also, Accent did not provide the system designer
access to the VM objects, which were completely under the kernel
control. 

Mach has five abstractions: task, thread (program execution), port
(internal program VM management), message (inter-process
communication), and memory object (secondary memory management).

task = paged virtual address space + protected access to system
resources such as CPU; thread = LWP; multiple threads in a task share
the address space and resources

port = communication channel = finite length queue controlled by
kernel. only one receiver but many senders; capabilities guard access
to ports. ports are used for RPCs. Most facilities in Mach are
performed using these RPCs. The RPC calls themselves are network
transparent. Tasks allocate or deallocate ports and serve the requests
at these ports.

message = fixed length header + variable length typed data
objects. send and receive operations are available for messages.

VM: VM regions must be aligned on system-page boundaries. read/write
sharing of memory among tasks sharing a common ancestry through
inheritence.

The secondary storage is abstracted in Mach using memory objects. The
Mach kernel allows data managers (external pagers) to allocate memory
objects which contain swapped pages. When a page fault occurs in the
kernel, it sends a request to the port of the appropriate memory
object. This is different from the V++ approach in which the page
tables themselves are made apparent to the data managers. The data
managers have to take care of allocation/deallocation of storage in
the memory objects, and caching and consistency.

Examples: A simple file system (using only memory mapped files with
copy-on-write) and consistent network shared memory (using a shared
memory server)

Kernel Data structures for implementing the above:
Two-level address maps: map an address range to a memory object and
offset within it. task level maps and sharing maps
Virtual Memory Object Structures: contains information about each
memory object such as its port etc.,
Resident Memory structures: mapping between pages and the memory
objects (both forward and backward) implemented using fast hash
tables. Similar to page tables for memory objects.
Page Replacement Queues: active (LRU order), inactive, and free page queues.

External memory management is good but it raises security and
robustness concerns, eg., if the data manager does not return data,
fails to flush free data, floods the cache, changes the data, or backs
its own data.

solutions to the last problem include the task obtaining the makeup of
its address space and checking for deadlock, using multiple threads
etc.,

Thus, a memory failure in Mach is similar to communication failure in other OSes. So, there could be timeouts, notification and recovery etc., for data managers in Mach. 

A trusted default pager is provided along with the Mach kernel. Also,
a pool of memory is reserved by the kernel so that it does not run out
of memory itself while doing important operations such as sending
messages etc.,