| AD- | A091 09 | AN                                    | IMPLEME | GRADUAT | I OF MUL | L MON | EREY C | AND PR | DCESS M | ANAGEME |    | /2<br>ETC(U) | ×., |
|-----|---------|---------------------------------------|---------|---------|----------|-------|--------|--------|---------|---------|----|--------------|-----|
|     |         | ED<br>©                               |         |         |          |       |        |        |         |         | NL |              |     |
|     |         |                                       |         |         |          |       |        |        |         |         |    |              |     |
|     |         |                                       |         |         |          |       |        |        |         |         |    |              |     |
|     |         |                                       |         |         |          |       |        |        |         |         |    |              |     |
|     |         |                                       |         |         |          |       |        |        |         |         |    |              |     |
|     |         |                                       |         |         |          |       |        |        |         |         |    |              |     |
|     |         | · · · · · · · · · · · · · · · · · · · |         |         |          |       |        |        |         |         |    |              |     |





| REPORT DOCUMENTATION PAGE                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | READ INSTRUCTIONS<br>BEFORE COMPLETING FORM                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | CCESSION NO. Y RECIPIENT'S CATALOG NUMBER                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| AD-A09                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | 1092-{9}                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
| An Implementation of Multiprogrammi                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | ng and Master's Thesis,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| Process Management for a Security H                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| Operating System 4                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | S. PERFORMING ONG. REPORT NUMBER                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| 7. AU THOR()                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | S. CONTRACT OR GRANT NUMBER(e)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
| Stephen Leslie Reitz                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| PERFORMING ORGANIZATION NAME AND ADDRESS                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | 18. PROGRAM ELEMENT, PROJECT, TAI<br>AREA & WORK UNIT NUMBERS                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| Naval Postgraduate School 🗸<br>Monterey, California 93940                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| nonterey, carroinia 50540                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| 11 CONTROLLING OFFICE NAME AND ADDRESS                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | Jun 80                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
| Naval Postgraduate School                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | 13. NUMBER OF PAGES                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| Monterey, California 93940                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | 140                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| 14. MONITORING AGENCY NAME & ADDRESS/I Alforant from Cant                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | oling Office) 18. SECURITY CLASS. (of this report)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| 4                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | UNCLASSIFIED                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| $(12)^{\perp}$                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | TL THE BECLASSIFICATION DOWNGRADIN                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| 16. DISTRIBUTION STATEMENT (of min Room)<br>Approved for public release; distri                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | bution unlimited                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| Approved for public release; distri                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | bution unlimited                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| Approved for public release; distri                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | bution unlimited                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| Approved for public release; distri<br>17. DISTRIBUTION STATEMENT (of the energed enfored in Block 24<br>18. SUPPLEMENTARY NOTES<br>18. SUPPLEMENTARY NOTES                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | .bution unlimited                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| Approved for public release; distri                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | bution unlimited                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| Approved for public release; distri-<br>17. DISTRIBUTION STATEMENT (of the events) entered in Stock 24<br>18. SUPPLEMENTARY NOTES<br>19. SUPPLEMENTARY NOTES<br>19. KEY WORDS (Continue on researce side if necessary and identify a<br>operating systems, distributed con<br>computer security, microprocessors,<br>This thesis presents an implementa                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | bution unlimited<br>. " different free Report)<br>. " different free Report free Report)<br>. " different free Report free Report free Report<br>. " different free Report free Report free Report free Report free Report<br>. " different free Report free |
| Approved for public release; distri-<br>7. DISTRIBUTION STATEMENT (of the energy and identify a<br>18. SUPPLEMENTARY NOTES<br>19. XEV YORDS (Continue on reverse of a 11 necessary and identify a<br>operating systems, distributed con<br>computer security, microprocessors and<br>This thesis presents an implementar<br>process management functions for the<br>multiprocessor system. The implementar<br>operating systems designed to provid<br>computer network to data bases contar                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | bution unlimited<br>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
| Approved for public release; distri-<br>7. DISTRIBUTION STATEMENT (of the environt entered in Stock 24<br>19. SUPPLEMENTARY NOTES<br>19. SUPPLEMENTARY NOTES<br>19. AESTRACT (Continue on reverse side if necessary and identify a<br>computer security, microprocessors of<br>10. AESTRACT (Continue on reverse side if necessary and identify a<br>Distributed con<br>computer security, microprocessors of<br>10. AESTRACT (Continue on reverse side if necessary and identify a<br>Distributed con<br>computer security, microprocessors of<br>10. AESTRACT (Continue on reverse side if necessary and identify a<br>Distributed con<br>computer security, microprocessors of<br>10. AESTRACT (Continue on reverse side if necessary and identify a<br>Distributed con<br>computer security, microprocessors of the<br>10. AESTRACT (Continue on reverse side if necessary and identify a<br>Distributed con<br>computer security, microprocessors of the<br>10. AESTRACT (Continue on reverse side if necessary and identify a<br>Distributed con<br>computer security, microprocessors of the<br>10. AESTRACT (Continue on reverse side if necessary and identify a<br>Distributed con<br>computer security, microprocessors of the<br>10. AESTRACT (Continue on reverse side if necessary and identify a<br>Distributed con<br>10. AESTRACT (Continue on reverse side if necessary and identify a<br>Distributed con<br>10. AESTRACT (Continue on reverse side if necessary and identify a<br>Distributed con<br>10. AESTRACT (Continue on reverse side if necessary and identify a<br>10. AESTRACT (Continue on reverse side if necessary and identify a<br>10. AESTRACT (Continue on reverse side if necessary and identify a<br>11. AESTRACT (Continue on reverse side if necessary and identify a<br>12. AESTRACT (Continue on reverse side if necessary and identify a<br>13. AESTRACT (Continue on reverse side if necessary and identify a<br>14. AESTRACT (Continue on reverse side if necessary and identify a<br>15. AESTRACT (Continue on reverse side if necessary and identify a<br>15. AESTRACT (Continue on reverse side if necessary and identify a<br>15. AESTRACT (Continue on reverse si | bution unlimited<br>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
| Approved for public release; distri-<br>17. DISTRIBUTION STATEMENT (of the desired mellow and identify a<br>19. SUPPLEMENTARY NOTES<br>10. SUPPLEMENTARY NOTES<br>10. ADSTRACT (Continue on reverse side if necessary and identify a<br>operating systems, distributed con<br>computer security, microprocessors and<br>This thesis presents an implementar<br>process management functions for the<br>multiprocessor system. The implementar<br>operating systems designed to provid<br>computer network to data bases conta<br>tive information.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | bution unlimited<br>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |

environment which frees the remainder of the operating system from a dependence on processor configuration. Processor management coordinates the asynchronous interaction of system processes. This implementation describes a processor multiplexing technique

for a distributed kernel and presents a virtual interrupt mechanism. Its structure is loop free to permit future expansion into more complex members of the design family.

| Acces        | sion Fer   |        |
|--------------|------------|--------|
| NTIS         | GRAAI      |        |
| DTIC         |            |        |
| Unanu        | ಿ ಬಾರಿ ed  | ŕ      |
| Justi        | lection_   |        |
|              | public /   |        |
|              | chility (  | `\$`?3 |
| ist :        | ivedd and, | ur T   |
|              | Spectal    | ł      |
| <b>XX</b>    | 1          |        |
| <b>7</b>   / | 1          |        |

DD Form 1473 5/N 0102-014-6601

and the second

2 SECURITY CLASSIFICATION OF THIS PASSIFIER Bate Shiered

Approved for public release; distribution unlimited.

An Implementation of Multiprogramming and Process Management for a Security Kernel Operating System

by

Stephen Leslie Reitz Lieutennant Commander, United States Navy BS, Purdue University, 1971

Submitted in partial fulfillment of the requirements for the degree of

MASTER OF SCIENCE IN COMPUTER SCIENCE

from the

NAVAL POSTGRADUATE SCHOOL June 1980

Author

Approved by:

Thesis Advisor Second Reader Department of Computer Science Ch ,rman// Dean of Information and Policy Sciences

#### ABSTRACT

This thesis presents an implementation of multiprogramming and process management functions for the security kernel of a distributed multiprocessor system. The implementation is based on a family of operating systems designed to provide controlled access in a microcomputer network to data bases containing multiple levels of sensitive information.

and the states when the second second

Multiprogramming improves system efficiency and creates a virtual environment which frees the remainder of the operating system from a dependence on processor configuration. Processor management coordinates the asynchronous interaction of system processes.

This implementation describes a processor multiplexing technique for a distributed kernel and presents a virtual interrupt mechanism. Its structure is loop free to permit future expansion into more complex members of the design family.

# TABLE OF CONTENTS

100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 - 100 -

A Statistics

| I.  | INTE | ROPUCTION                     |
|-----|------|-------------------------------|
|     | ۸.   | BACKGROUND14                  |
|     | B.   | COMPUTER SECURITY15           |
|     |      | 1. Reference Monitor16        |
|     |      | 2. Security Policy            |
|     |      | a. Non-discretionary Policy18 |
|     |      | b. Discretionary Policy18     |
|     |      | 3. Security Kernel Design     |
|     | c.   | SCOPE OF THESIS               |
| II. | OPE  | RATING SYSTEM DESIGN CONCEPTS |
|     | Δ.   | DESIGN PHILOSOPHY22           |
|     | в.   | GENERAL DESIGN GOALS          |
|     |      | 1. Logical Structure24        |
|     |      | 2. Fault Tolerance            |
|     |      | 3. Efficiency                 |
|     | c.   | SPECIFIC DESIGN GOALS25       |
|     |      | 1. Internal Security          |
|     |      | 2. Configuration Independence |
|     |      | 3. Sub-setting Capability27   |
|     | D.   | DESIGN REQUIREMENTS           |
|     |      | 1. Functional Requirements    |
|     |      | a. Process Organization       |

|      |            | b. Memory Segmentation                  |
|------|------------|-----------------------------------------|
|      | !          | c. Abstraction                          |
|      |            | d. Resource Virtualization              |
|      | 4          | 2. Hardware Requirements                |
|      |            | a. Processor Virtualization             |
|      |            | b. Memory Virtualization                |
|      |            | c. Protection Domains                   |
|      | E.         | HARDWARE SELECTION                      |
|      |            | 1. ZILOG 28001                          |
|      |            | a. Memory Segmentation                  |
|      |            | b. Multiprogramming                     |
|      |            | c. Two-domain Operations                |
|      |            | 2. Selection Rationale                  |
|      | F.         | SUMMART                                 |
| III. | SEC        | JRITY KERNEL DESIGN                     |
|      | A.         | PROCESS VIEW                            |
|      |            | 1. Supervisor Processes                 |
|      |            | <ol> <li>Supervisor Processes</li></ol> |
|      |            | 3. Host Environment                     |
|      | П          | VIRTUAL MACHINE VIEW                    |
|      | <b>B</b> . |                                         |
|      |            |                                         |
|      |            | 2. Traffic Controller Module            |
|      |            | a. Scheduling                           |
|      |            | 3. Non-Discretionary Security Module51  |

the selen

|     |            | 4. Eve       | nt Manager Module51              |
|-----|------------|--------------|----------------------------------|
|     |            | 5. Seg       | ment Manager Module52            |
|     |            | 6. Gat       | ekeeper Module                   |
|     | c.         | REVIEW.      |                                  |
| IV. | IMPI       | LEMENTAT     | ION                              |
|     | <b>A</b> . | DEVELOP      | MENTAL SUPPORT                   |
|     | P.         | INNER 1      | RAFFIC CONTROLLER                |
|     |            | 1. Vir       | tual Processor Table             |
|     |            | 2. Lev       | el-1 Scheduling                  |
|     |            | a.           | Getwork61                        |
|     |            | 3. Vir       | tual Processor Instruction Set65 |
|     |            | a.           | Wait68                           |
|     |            | Ъ.           | Signal                           |
|     |            | c.           | Swap_VDER                        |
|     |            | đ.           | Idle                             |
|     |            | e.           | Set_VPreempt                     |
|     |            | ۰ <b>f</b> . | Test_VPreempt76                  |
|     | с.         | TRAFFIC      | CONTROLLER                       |
|     |            | 1. Act       | ive Process Table                |
|     |            | 2. Lev       | el-2 Scheduling                  |
|     |            | a.           | TC_Getwork                       |
|     |            | Ъ.           | -<br>TC_Preempt Handler62        |
|     |            | 3. Eve       | ntcounts                         |
|     |            | a.           | Advance                          |
|     |            |              |                                  |

|          |            | Ъ.      | Avait  |            |           |         |           | • • • • • | • • • • • |     | 3 |
|----------|------------|---------|--------|------------|-----------|---------|-----------|-----------|-----------|-----|---|
|          |            | c.      | Read.  |            | • • • • • | ••••    | • • • • • | • • • • • | • • • • • | 86  | 5 |
|          |            | đ.      | Ticke  | :t         | ••••      |         | • • • • • | • • • • • | ••••      | 86  | 5 |
|          | D. S       | TSTEM   | INIT   | ALIZ       | ATION     | <b></b> | •••••     | • • • • • | • • • • • |     | 5 |
| ۷.       | CONC       | LUS ION |        |            | ••••      | • • • • | • • • • • | • • • • • | ••••      | 91  | L |
|          | <b>A</b> . | RECOMM  | ENDAT  | IONS       | ••••      |         | • • • • • | • • • • • | • • • • • | 91  | L |
|          | В.         | FOLLOW  | ON V   | ORK.       | ••••      |         |           | • • • • • |           | 92  | 3 |
| APPENDIX | A -        | INNER_  | TRAFI  | PIC_C      | ONTRO     | LLER    | LIST      | ING       | • • • • • | 93  | 5 |
| APPENDIX | B -        | TRAFFI  | .c_cor | TROL       | LER_I     | ISTI    | NG        | • • • • • | • • • • • | 126 | 5 |
| APPENDIX | c –        | EVENTO  | OUNT   | PROC       | EDURI     | s       |           |           | • • • • • | 134 | F |
| LIST OF  | REFER      | ENCES . |        |            |           |         | • • • • • |           | ••••      | 131 | 7 |
| INITIAL  | DISTR      | IBUTIC  | N LIS  | 5 <b>T</b> |           |         |           | ••••      | ••••      | 139 | 3 |

# LIST OF FIGURES

の時間になっていたのである

100

A N R R C R

おいたい、は、たちたのでのないにたちを見たないのであるとのないのであると

Į

معتو مأثر مس

| 1.  | SASS System                  |
|-----|------------------------------|
| 2.  | Reference Monitor            |
| 3.  | Process History              |
| 4.  | Segmented Addressing         |
| 5.  | SASS Protection Rings        |
| 6.  | SASS Process configuration43 |
| 7.  | Distributed Kernel45         |
| 8.  | Two-level Scheduling         |
| 9.  | MMU Image                    |
| 10. | Virtual Processor Table      |
| 11. | Virtual Processor States     |
| 12. | SWAP_DER                     |
| 13. | Kernel Stack Segment         |
| 14. | GETWORK Procedure            |
| 15. | Active Process Table         |
| 16. | Initial Kernel Stack         |

# ACKNOWLEDGEMENT

This research is sponsored in part by Office of Naval Research Project number NR 337-005, monitored by Mr. Joel Trimble.

I am indebted to a number of people for the support they have given me in completing this thesis. Lt. Col Roger Schell, my advisor, was a never ending source of new ideas. He provided me with solutions to many seemingly unsolvable problems, and I greatly appreciate the many hours he has spent helping me to clarify my work. Without his atle and enthusiastic guidance, this thesis could not have been written.

Mike Williams and Bob McDonnell helped me with many hardware problems that I encountered in getting up and running on an unfamiliar system.

Finally, I would like to thank my wife, Madelyn, and my children, Stephen and Monica for their patience and understanding. They won't have to tip-toe around the house any more.

the of the sector is the

A SAN A SAN AREA AND AND A

10

#### I. INTRODUCTION

The application contemporary of microprocessor technology to the design of large-scale multiple processor systems offers many potential benefits. The cost of high-power computer systems could be reduced drastically; fault tolerance in critical real-time systems could be improved; and computer services could be applied in areas where their use is not now cost effective. Designing such systems presents many formidable problems that have not been solved by the specialized single processor systems available today.

Specifically, there is an increasing demand for computer systems that provide protected Storage and controlled access for sensitive information to be shared among a wide range of users. Data controlled by the Privacy Act, classified Department of Defence (DoD) information, and the transactions of financial institutions are but a few of the areas which require protection for multiple levels of sensitive information. Multiple processor systems which share data are well suited to providing such services - if the data security problem can be solved.

A solution to these problems - a multiprocessor system design with verifiable information security - is offered in

a family of secure, distributed multi-microprocessor operating systems designed by O'Connell and Richardson [1]. A subset of this family, the Secure Archival Storage System (SASS) [2,3], has been selected as a testbed for the general design. SASS will provide consolidated file storage for a network of possibly dissimilar "host" computers. The system will provide controlled, shared access to multiple levels of sensitive information (figure 1).

This thesis presents an implementation of a basic monitor for the O'Connell-Richardson family of operating systems. The monitor provides multiprogramming and process management functions specifically addressed to the control of physical processor resources of SASS. Concurrent thesis work [4] is developing a detailed design for a security kernel process, the Memory Manager, which will manage SASS memory resources.



SASS SYSTEM

and the second s

1

Figure 1

Le Line Dates

#### A. BACKGROUND

The general family design is composed of a supervisor and a security kernel. The supervisor provides dynamic linking, a discretionary security policy, demand memory management, and a hierarchical file system in support of the user. The security kernel manages physical resources to provide scheduling, interprocess communication and synchronization, and a non-discretionary security policy. The design is loop-free to permit the implementation of system subsets ranging from a simple monitor to a general purpose computer utility.

SASS is a subset of this system and does not require use of several higher levels of the general system design. Dynamic linking, demand segmentation, transient processes. and a user domain are not necessary for its intended operation, and are excluded. The software of SASS is partitioned into two domains. The security kernel, which is the most privileged domain, manages system physical resources in a manner designed to prevent unauthorized information flow, regardless of action taken by other elements in the system. The less privileged domain, the supervisor [2], provides each host with a hierarchical file system in which it may store and retrieve files and share them with other hosts. The hosts send commands and transfer files via bidirectional digital links. SASS was designed for

implementation of currently available microprocessor hardware. Multiprogramming is used to improve system efficiency and to create a virtual environment which frees the remainder of the operating system from a dependence on the physical processor configuration. Processor management provides a means of coordinating the interaction of the asynchronous processes which comprise the system. This implementation employs a processor multiplexing technique for a distributed kernel and presents a virtual interrupt mechanism. The modular, hierarchical structure of the software is loop-free to support system expansion to higher level functions.

Although the primary goal of the design is security, the clean, logical, process-oriented structure of SASS offers other benefits as well, including fault tolerance, resource configuration independence, and efficiency.

# B. COMPUTER SECURITY

The need for providing protection for information within a computer system is well documented. Development of the security kernel technology [5,6], has transformed the operating system designer's approach from a game of wits with penetrators into a methodical design process.

In general, security is provided by providing protection for information in accordance with a specific protection

policy. In the case of computer security this is accomplished by controlling the access of people to information. Although this protection can be provided by external controls (e.g., confining the computer system and all its users within a physical security perimeter), this method is inefficient and prone to human error. Furthermore, a distributed computer network will probably be dispersed over too wide an area to be physically confined. Supported by the security kernel approach, an internal protection mechanism controlled by the computer operating system is a feasible solution.

### 1. <u>Reference Monitor</u>

The concept of protection is realized within the computer system by the implementation of a mathematical model of information security. This model is based on an abstract representation of security called the Reference Monitor [7]. The Reference Monitor describes a mechanism for controlling the access of subjects to objects, based on a set of access authorizations (figure 2).



# Figure 2

Every time a Subject attempts to access an object, the Reference Monitor checks to determine if the subject has authorization to perform the desired operation (e.g., write, read) on the object. If the policy does not authorize the access, the Reference Monitor will prevent the subject from performing the requested operation. This mechanism is realized within the operating system as the security kernel. Several system features are required in order for the mechanism to function correctly.

First, every reference to information (i.e., every access to primary memory by the processor) must go through the security kernel.

Second, the implementation of the security kernel must be an exact representation of the mathematical model of information security.

Third, the security kernel must be tamper-proof.

2. Security Policy

The security policy to be enforced by the computer system consists of external laws, rules, regulations, etc., which establish permissable information access independent of the computer system. Therefore, a computer system will be secure only with respect to a specific security policy. The security kernel concept supports a broad range of security policies that can be divided into two classes, non-discretionary and discretionary security.

# a. Non-discretionary Policy

Non-discretionary security policy uses labels to insure only permissable access of subjects to objects is provided. Object labels reflect object sensitivity and subject labels reflect subject authorization. (For example, National Security Policy labels include Unclassified, Secret, etc.). A non-discretionary security policy provides compromise protection (from unauthorized reading), integrity protection (from unauthorized modification), and must prevent information leaks resulting from indirect access to unauthorized information as well. A non-discretionary security policy requires that all subjects and objects have labels. Most contemporary computer systems do not provide this explicit labeling and therefore implicitly make all access permissable.

b. Discretionary Policy

Discretionary security policy provides a finer division of access by allowing individual subjects to decide which of the permissable accesses, determined by non-discretionary policy, will actually be allowed (e.g., DoD's "need to know"). Many contemporary computer systems support discretionary security policy with access control lists, file passwords, capability lists and other mechanisms.

# 3. Security Kernel Design

By careful interpretation of the mathematical model of the Reference Monitor, the security kernel is designed to be a subset of operating system functions. Kernel primitives form an interface between this subset and the remainder of the system. If these primitives are implemented correctly, their use guarantees that information will be protected in compliance with system security policy, regardless of any action taken by other portions of the operating system or by the user. A more detailed discussion of the security model is provided in [4,5,6].

#### C. SCOPE OF THESIS

In this chapter a subset of the general operating system design, the Secure Archival Storage System (SASS), was described. The concept of information security was examined and the security kernel was presented as a technically sound approach to the problem of providing internal computer security.

Chapter Two will discuss the design goals of this operating system. Functional design requirements will be developed and the issues of physical resource management and performance will be traced to specific attributes desired in system hardware. The rationale behind the ultimate selection of Zilog's ZE000 Microprocessor and ZE010 memory management

unit (MMU) for use in the SASS testbed implementation of this operating system will be discussed.

Chapter Three will describe the high level design of SASS with an emphasis on the security kernel design. A view of the user (computer host) environment as a collection of cooperating processes will be presented, and the hierarchical structure of the distributed kernel modules will be examined in detail.

Chapter Four will present an implementation of the SASS security kernel modules that provide multiprogramming and processor management. The construction of the virtual machine environment will be described and the advantages of a two-level scheduling mechanism will be explained.

Finally an evaluation of this implementation will be presented with recommendations for improving the design and suggestions for follow on work.

20

· . . .

## II. OPERATING SYSTEMS DESIGN CONCEPTS

The kernel primitives providing multiprogramming and process management form one of the smallest and most basic subsets in the family of operating systems designed by O'Connell and Richardson [4]. As developed here they were implemented specifically to support SASS. In general the same kernel primitives will support all members of this design family.

Before discussing the high level design of the SASS security kernel and presenting an implementation of these primitives, it is useful to investigate the general design methodology applied to the development of this operating system. In this chapter the design goals of SASS will be analyzed and traced to functional requirements and hardware attributes considered necessary or desirable in support of the system's design goals. It is recognized that the operating system user Will probably not address these issues directly when specifying system design goals. The material presented here concerns the approach of the system designer to the definition of requirements implicitly related to user design goals.

21

Alle

#### A. DESIGN PFILOSOPHY

Two issues confront the operating system designer. First, he must provide system functions which support the requested by the user. These functional services requirements affect the logical design of the system. Second, he must address issues of cost and performance. Cost and other management considerations will not be addressed here. Performance issues concern the management of physical resources and ultimately can be reduced to hardware requirements.

There is a considerable amount of literature devoted to the development of the functional design of operating systems. Dijkstra [8] has described a technique for reducing the complexity of the design by allocating operating system activities to a number of cooperating processes. Process structure is simplified in turn by defining its functions in levels of increasing abstraction and by applying the principles of structured programming.

Madnick and Donovan [9] have described an operating system as a hierarchical extended machine. Program modules are added to the system hardware to provide many extended instructions in addition to the hardware instructions available on the tare machine. In complex systems one extended machine may be constructed upon another to form a system composed of levels of abstract (virtual) machines.

Saltzer [10] and Reed [11, 12] have discussed the advantages of resource virtualization and have described some useful interprocess communication mechanisms. The general design strategies presented in this and other research aid the operating system designer in developing system functions in a clean, logical, verifiable design.

The selection of an appropriate computer architecture, which supports both functional requirements and the efficient management of physical resources, often proves to be a more difficult issue. Frequently operating systems design is shaped by the capabilities of system hardware. This may be a result of performance limitations or cost of available hardware, but often this course is taken because traditionally, system design begins with hardware. Since a primary goal in operating systms design is to create a specific operational environment for the user, it would appear to be preferable to design from the desired environment "down to" the hardware. In this way **a**11 components of the system, software and hardware alike, are evaluated in the light of the ultimate goals of the system. and any incompatabilities between required functions and hardware capabilities will be discovered early in the design. Then, if modifications are required, design changes can be made at a high level which will preserve design integrity. LSI technology currently provides a wide variety of relatively inexpensive microprocessor hardware from which

to select specific physical components. Furthermore, it is often feasible to design special purpose hardware to specification. So the traditional restrictions on hardware versatility in systems design need not apply in many cases to microprocessor systems.

In summary, the top-down design philosophy can be applied to operating systems design in the following manner:

1. Identify general and specific design goals.

2. Derive functional design requirements.

3. Identify performance requirements.

4. Select system hardware.

5. Develope kernel software.

6. Develope the remainder of the O/S software.

# **B. GENERAL DESIGN GOALS**

Although many design goals depend upon specific system application, there appear to be some attributes desirable in all operating systems.

#### 1. Logical Structure

Computer system design is an engineering problem and the tools of the engineering design process should be applied to the development of software as well as hardware [13]. Clarity should be a major goal of any design for if the operating system cannot be understood easily it will be difficult to test, difficult to maintain, and its correctness will always be in doubt. A sound enginering design philosophy is not guaranteed to generate error free

24

Kitter Barrist

systems, but if system functions are cleanly organized and well understood, then it is likely that there will be few errors and these can be corrected without difficulty when discovered.

# 2. Fault Tolerence

If an operating system is to be reliable, the software it uses must be protected from damage whenever possible. In particular, tasks performed by the system should be isolated from another so that a malfunction (e.g., as the result of hardware failure) in one task has no effect on others.

# 3. Efficiency

The efficient use of physical resources (processors, memory, periphals, etc.) continues to be a primary design goal. However, since hardware is no longer the scarce, expensive commodity it once was, a concern for overall system efficiency (i.e., higher thorugh-put, faster response time) may be more important. With appropriate component selection many software functions can be replaced by hardware functions that can provide an improvement in system performance at a small additional hardware expense.

# C. SPECIFIC DESIGN GOALS

The family of operating systems designed by O'Connell and Richardson provides all of the services expected of a

state of the art, general purpose operating system. Many of these general services are not necessary in the SASS subset of the family. The number of processes required by SASS is determined by the number of host computers linked to SASS hardware. A design choice was made to fix this number at system generation time. Therefore dynamic process management is not required; SASS processes exist for the life of the system. A primary function of SASS is the transfer of files between host computers and SASS via bidirectional digital links. As a result, the system will have a low transaction rate. and the relatively fast response time desired in a time-sharing system 1, not required here. Sass does not provide programming services to users; the system strictly manages an archival storage system. This eliminates the requirement for a user domain and because the demands on primary memory are not excessive, there is no need for dynamic memory management.

Other services of the general system provide essential support to SASS. These services include I/O management, file management, and the physical resource management and information protection functions provided by the security kernel.

The SASS requirement to provide multiple host computers (users) with controlled, shared access to a multilevel secure "data warehouse" leads to several design goals. These include: internal security to proctect information in a

26

n. to an

distributed computer network; configuration independence for system versatility; and a subsetting capability to support future system expansion to more complex members of the design family.

### 1. Internal Security

A unique feature of SASS is the specification of multilevel security as a primary design goal. Multilevel security provides controlled sharing of information of varying sensitivity among many users in accordance with an access policy implemented internally by the operating system. It is essential that a system supporting a remotely accessed data, base containing information of different access classes be provided with an internally enforced security policy.

## 2. Configuration Independence

The resource configuration of a multicomputer system is highly changeable. Processors are added and removed; memory is reconfigured; interconnection schemes are altered and peripherial equipment is changed. The operating system of such a design should be sufficiently flexible to permit maintenance and to allow for growth and reconfiguration without requiring drastic system redesign or noticeably affecting the user's environment.

3. <u>Sub-setting Capability</u>

Operating system "sub-setting" refers to the ability to form meaningful subsets of the design by eliminating many of the services that can be provided by the system without affecting the usefulness of the remainder of the system. Sub-setting permits the system to be tailored to fit a number of specific designs ranging from a simple monitor to a full service time-shared computer utility. The implementation presented in this thesis creates a monitor that provides multiprogramming and processor management. This subset supports more complex family members of the design such as SASS.

## D. DESIGN REQUIREMENTS

In a top-down approach to design, goals are clarified and defined by requirements which describe either the system functions or address cost and performance issues (hardware requirements). The functional requirements defined below support the specific design goals of SASS and provide features desirable in any operating system, such as a logical structure, fault tolerance, and efficiency of operation.

## 1. Functional Requirements

Functional requirements define services which must be provided to support the user's environment.

a. Process Organization

By designing an operating system as a collection of cooperating processes, system complexity can be greatly

reduced [E]. This is because the asynchronous nature of the system can be structured logically by representing each independent, sequential task as a process and by providing interprocess communication mechanisms to prevent races and deadlocks during process interactions.

The notion of a process provides a complete description of all instructions executed and all memory locations referenced during the performance of a task. A process is defined by an address space and an execution point. The address space is the set of memory locations which could be accessed during process execution. (The process is viewed as a past, present and future "history" of memory locations which actually were referenced.) The execution point is the state of the processor at a given instant during process execution. In the abstract view, an address space is defined by a collection to discrete points, each representing a memory word. The process is described by the path traced through this address space from process creation to destruction. In figure 3 the main path traces the process execution point as it moves from one instruction (i.e., memory word) to another during process execution. The branches from this execution point path represent data references.



Several advantages result from using a process oriented design. As a tool for dealing with the asynchronous nature of system operation, processes provide a simple, logical, high-level structure for the design. For example, the Secure Archival Storage System supports each host with three processes: a I/O Manager, a File Manager, and a Memory Manager, which interact to provide Secure file management services to the host. This interaction will be described further in the next chapter. Since each process is confined to a secific address space, tasks are isolated from one another and system fault tolerance is improved. By providing an internal representation for each user, a process nicely fits the definition of a "subject" in the Reference Monitor and therefore supports the design goal of providing internal security.

# b. Memory Segmentation

The address space of a process is composed of a collection of segments. A segment is a logical collection of information (e.g., procedure, data structure, file, etc.) and is the basic logical object of this design. Figure 4 illustrates the two-dimentional nature of the segment address. Each segment consists of an arbitrary region of memory containing a sequence of words with conventional linear addresses. Two-dimentional addressing frees information from dependence on a particular memory location by making it arbitrarily relocatable.

# Segmented Addressing <<SEG #n>> OFFSET



The descriptor segment provides a list of descriptors for all segments in a process address space. In addition, segmentation supports information sharing since a segment may belong to more than one address space.

Segmention also provides a means of associating logical attributes and labels with each segment, such as access class, domain, etc. This feature supports segments as internal representations of the Reference Monitor's "object".

c. Abstraction

Abstraction provides a method for reducing problem complexity by applying a general solution to a collection of specific cases [14]. Structured programming provides a tool for creating abstraction in software design. By strictly applying two special rules in addition to the general principles of structured programming, a structure consisting of levels of increasing abstraction can be constructured.

First, calls cannot be outward toward higher levels of abstraction. This frees lower levels from a dependence on higher levels by creating a loop-free structure [15] and results in a design which is capable of having subsets.

Second, calls to lower levels must be by special entry points or gates. Each level of abstraction creates an virtual hierarchical machine [9]. The gate to each level provides a set of instructions created for that virtual machine. Thus higher levels may use the resources of lower levels only by applying the instruction set of a lower level machine. (At domain boundaries, use of gates is strictly

enforced by a ring-crossing mechanism; otherwise gate use is implicit in the structure of the software.) Once a level of abstraction has been created, the details of its implementation are no longer an issue. Instead users see layers of virtual machines, each defined by its extended instruction set.

Each process used in SASS is designed in levels of abstraction. When the rules of abstraction are applied to level  $\mathcal{C}$ , the physical resources of the system, these resources are "virtualized". Thus the first level of abstraction creates "virtual processors", "virtual memory", and "virtual devices" from the system's hardware. At each higher level the detail of the design is reduced. The gate at the boundary between the highest level of the security kernel and the lowest level of the supervisor provides a mechanism for isolating the kernel as well as insuring that each memory access is via kernel software. This mechanism is implemented in SASS by a ring-crossing mechanism called the Gatekeeper.

d. Resource Virtualization

The first levels of abstraction above system hardware create virtual representations of physical resources (virtual processors, virtual memory, virtual periphals). Since upper levels of the design operate on these virtual resources, rather than on physical resources, most of the design (i.e., everything above resource

virtualization levels) is independent of the physical configuration of the system. By providing virtual to real resource binding in the kernel, and by enforcing entry into kernel levels with the Gatekeeper. SASS protects physical resources from tampering and insures memory access only via the kernel. As a result, the kernel modules of each process will guarantee that the system's non-discretionary security policy is enforced. Including in the kernel only those functions essential to system security keeps it small and reduces the job of verification to manageable proportions.

# 2. <u>Eardware Requirements</u>

Virtual resources are created by the multiplexing of various types of information on a physical resource. Multiplexing can be defined as the use of a single resource for different purposes at different times. For example the physical bus lines can be used both for addresses and data during different times during the machine cycle. Similarly, logical users of a hardware system can share resources. The ability to multiplex processors and memory efficiently provides a mechanism for the virtualization of these physical resources.

a. Processor Virtualization.

A virtual processor is a data structure that contains a complete description of a process in execution on a physical processor at a given instant. This description is

contained in the process execution point. The address space of the process must be accessable to the virtual processor when it is loaded on (bound to) a CPU. To provide a useful virtualization capability, the CPU must have the ability to efficiently multiplex process exection points and address spaces (i.e., it must support multiprogramming).

b. Memory Virtualization.

In many memory handling schemes Process cannot run unless the entire address space is loaded in primary memory. This may require a large main memory or it may restrict the size of the address space. An alternative plan requires an 'operating system which manages primary and secondary memory to create the illusion of a memory which is larger than the system's primary memory. Since the larger memory is only an illusion, it is often called virtual storage. The logical, relocatable, information objects created by memory Segmentaion, provide an essential memory multiplexing mechanism for the efficient implementation of virtual storage.

c. Protection Domains

An essential requirement of internal security is that the security kernel be isolated from other elements of the system. This can be accomplished by the construction of protection domains. Protection domains are used to arrange process address spaces into rings of different privilege. This arrangement is a hierarchical structure in which the

most priviled ped domain is the innermost ring. The structure essentially divides the address space into levels of abstraction with strictly enforced gates at the ring boundaries (Figure 5).





Protection rings may be created in software, but a hardware implementation, where gate use is enforced by hardware, is much more efficient [16].

The protection provided by the ring structure is not a security policy. (Security protection is implemented by a lattice structure known to the Non-discretionary Security module in the kernel.) It does, however, enforce the hierarchy of the virtual machine by creating a privileged kernel ring within the supervisor ring.

E. HARDWARE SELECTION

The manifestation of an operating system design is, of course, software in execution on system equipment. If system

equipment must be selected early in the design, care must be taken to insure that overall system design goals are compatible with actual hardware capabilities. If design goals must be met (e.g., the enforcement of internal security in SASS), then actual hardware selection should be made late in the design process. Then, even if a poor hardware choice is made, the penalty for correcting it will be small, since only the lowest level of the design (where resources are virtualized) need be changed. In any case the design of the operating system and the design or selection of system hardware must proceed in concert.

1. <u>Zilog Z8001</u>

The Z2001 is a general purpose 16-bit microprocessor [17] with an architecture which supports memory segmentation and two-domain operations. It was selected as the target machine for implementation of the system because of the full range of support and close match it provided to design requirements. These supporting features are described below.

a. Memory Segmentation

The CPU can directly access 8M bytes of address space using a memory segmentation capability provided externally by a Memory Management Unit (Z8010 MMU). The 23-bit address required to address 8M bytes is a logical two dimensional address consisting of a 7-bit segment number and a 16-bit offset. The memory management unit converts this into a 24-bit address for the physical memory. The address

space can be divided into as many as 128 relocatable segments containing up to 64% bytes each. Each memory segment can be assigned several attributes which provide memory access protection (read only , system mode only (i.e., ring #), execute only, etc.) and memory management data (changed, referenced). With these capabilities the 28001 CPU can support all requirements for segmentation, memory virtualization and protection domains.

t. Multiprogramming

Processor multiplexing is supported by the CFU's multiprogramming capabilities. MULTI-MICRO instructions aid in establishing a synchronization mechanism (by mutual exclusion) between multiple processors. Separate stack, data and code address spaces are maintained for each ring of operation. The load multiple instruction allows the contents of registers to be saved and loaded efficiently. These features permit efficient storing and loading of process execution points.

Address space multiplexing is also supported but is somewhat inefficient. In some systems, such as Multics [18], a descriptor base register (DBR) is provided to point to a process descriptor segment in memory, so changing the address space of the physical processor is accomplished merely by changing the DBR. Since the ZE001 CPU implements the descriptor segment as a collection of descriptor registers in the MMU, all of the descriptors for the address

space must be saved and loaded to change processes. This can make processor multiplexing (multiprogramming) quite inefficient. In the worst case, when the entire MMU is saved and loaded, a process switch will take about 2 ms. It may be possible to improve on this performance by increasing the number of MMU's in the system. Then the address space can be changed simply by switching control to another MMU.

c. Two-Domain Operations

The Z8001 CPU can operate in either system mode or normal mode. In the system mode all operations are allowed, but in the user mode, certain system instructions are prohibited. The system call instruction allows controlled entry to the system mode. This two-domain instruction capability supports the two domain sturcture of SASS by providing a single controlled entry into the kernel (SYSTEM CALL instruction). The descriptors contained in the MMU registers provide the capability to partition process address spaces into supervisor and kernel domains.

2. <u>Selection Rationale</u>

The characteristics listed above - processor multiplexing support, a memory segmentation capability, multiple domain insturctions, and multiple domain memory partitioning - are features which are essential to an efficient implementation of SASS. The ZECC1 has other desirable features: vectored and non-vectored interrupts, large, powerful instruction set, many data types, etc. These

39

12:00

attributes make the Zilog system a suitable choice as a bare machine for the Secure Archival Storage System.

F. SUMMARY

This chapter has provided a description of the methodology employed in the design and specification of SASS. In particular it was noted that a top-down design philosophy most effectively supported implementation of system design goals. Requirements supporting the primary design goal of internal security and other general and specific goals were defined and traced to desired hardware capabilities. Finally, capabilities of Zilog's Z2001 microprocessor which support the SASS design were described.

Chapter Three will provide an overview of the SASS design. The design will be described from a process viewpoint and the hierarchical structure of the distributed kernel will be examined.

#### III. SECURITY KERNEL DESIGN

The high level design of the Secure Archival Storage System can be described by a collection of cooperating processes. The use of processes to perform operating system functions greatly simplifies the problem of describing the asynchronous manner in which services are requested.

#### A. PROCESS VIEW

There are two kinds of processes within SASS, supervisor processes and kernel processes. Supervisor processes provide high level services to host computers [2]. Certain functions of the operating system are distributed throughout all of these processes; that is, supervisor processes logically share a collection of distributed kernel modules. Kernel processes provide specialized services within the operating system. The system user is not aware of the existence of these processes, but they are called upon, within the kernel domain, by supervisor processes to perform necessary operating system functions in support of user services.

1. Supervisor Processes

One pair of supervisor processes, an I/C Manager and a File Manager, represents each computer host supported by SASS.

The File Manager controls SASS and directs all interaction between SASS and computer hosts in order to maintain a structure of hierarchical files on behalf of each host It interprets commands received from hosts via the I/C Manager and coordinates the execution of requested services with assistance from the I/O Manager and the Memory Manager (described below).

The I/O Manaper transfers information via a link between each host and SASS. Data is transferred by fixed-size packets in command, data, and synchronization formats. The I/O Manager provides only a transfer service and does not interpret the data.

2. <u>Kernel Processes</u>

The two kernel processes used by SASS are the Memory Manager and the Idle process. The Memory Manager controls primary and secondary memory. The design of this process is the topic of concurrent thesis research [3]. The Memory Manager transfers segments between primary and secondary memory in response to requests from supervisor processes.

The Idle process defines the "no work" state of the system. SASS attempts to schedule useful work on system processors whenever possible. Only when there is no work to

42

be done, (i.e., no commands pending from hosts) will this process be called upon to execute.

# 3. Host Environment

Fost computers view SASS as a remote data warehouse where they may store and retrieve files (figure 6). Each host is provided with a virtual file hierarchy constructed from directory and data files. A pair of SASS supervisor processes (an I/O Manager and a File Manager) provide each host with a set of commands by which it may store and retrieve files in its virtual file system and share files with other hosts. The distributed kernel functions of each process control the physical resources of the system in support host commands and SASS security policy.



#### B. VIRTUAL MACHINE VIEW

The distributed modules of the security kernel create a virtual hierarchical machine which controls process interactions and manages physical processor resources. The kernel is not aware of the details of process tasks. It knows each process only by a name (viz., an entry number in a table) and provides processes with scheduling and interprocess communication services based on this process identifier. All supervisor processes share the modules of this virtual hierarchical machine (Figure 7).

The kernel is constructed in layers of abstraction. Each layer, or level, builds upon the resources created at lower levels. The rules of abstraction described in Chapter 2 were applied to the design of this structure. Level  $\ell$  is the bare machine which provides the physical resources (processors and storage) upon which the virtual machine is constructed. The remainder of this chapter will describe the level of virtualization (or layer of abstraction) created by each distributed kernel module.

# 1. Inner Traffic Controller Module

Level-1 of this virtual machine is the Inner Traffic Controller Module. This module creates a set of virtual processors with the extended instruction set: SIGNAL, WAIT, SWAP\_VDER, IDLE, SET\_VPREEMPT, TEST\_VPREEMPT, and RUNNING\_VP.



Figure 7

45

r

SIGNAL and WAIT provide an interprocessor communication mechanism used within the kernel to provide multiprogramming. These instructions invoke the level-1 scheduling procedure, GETWORK, which multiplexes virtual processors on a physical processor.

SWAP\_VDBR and IDLE are instructions invoked from level-2 by the Traffic Controller Module to schedule processes on a virtual processor.

SET\_VPREEMPT and TEST\_VPREEMPT create a virtual processor interrupt mechanism. SET\_VPREEMPT is invoked from level-2 when the traffic controller desires to load a new process on a virtual processor that is not scheduled. TEST\_VPREEMFT is invoked by the Gatekeeper of each distributed process upon every exit from the kernel domain. The Gatekeeper unmasks virtual interrupts by testing the interrupt flag of the scheduled virtual processor. If the flag is set, a virtual interrupt handler is invoked, otherwise the process enters the supervisor domain normally.

RUNNING\_VP is invoked from level-2 to provide the Traffic Controller with the identity of the currently scheduled virtual processor. The identity of a particular processor must be known in the virtual environment, just as the identity of a physical processor is required in a multiprocessor system.

# 2. Traffic Controller Module

The Traffic Controller resides at level-2. It manages the scheduling of processes on virtual processors by invoking the extended instructions of the virtual processors in level-1. In addition to implementing the level-2 scheduling algorithm, the Traffic Controller creates the extended instruction set: ADVANCE, AWAIT, and PROCESS\_CLASS.

ADVANCE and AWAIT are used to implement eventcounts and sequencers [11], an inter-processor communication (IPC) mechanism invoked by the supervisor. Although SIGNAL and WAIT provided an adequate interprocessor synchronization mechanism within kernel, Parks [2] determined that supervisor process synchronization would be more effectively served in the secure environment of SASS by the use of eventcounts.

PROCESS\_CLASS is invoked from level-3. It returns the label, subject access class, of the current process for determining a subject-object relation.

a. Scheduling

Scheduling functions are divided between the Inner Traffic Controller and the Traffic Controller. The Inner Traffic Controller multiplexes virtual processors on a CPU. The Traffic Controller schedules processes on virtual processors.

The division of the scheduling algorithm between these two levels simplifies its design, because it seperates

the issues of virtual processor management (multiprogramming) from virtual memory management [12]. A design choice was made to provide each system CPU with a small fixed set of virtual processors. Since the virtual processor data base is shared by all system CPU's, it must remain permaently in global memory.

The process data base, used to implement level-2 scheduling will be much larger. Since supervisor processors are known to the entire system, this data must also be kept in global memory. Because level-2 is subject to memory management, this data could be kept on secondary storage and moved to primary memory when requested.

SASS does not provide dynamic memory management, therefore the two-level scheduling design presented here is not essential to the design. However, the structure has been provided in this implementation to support more complex family members of the O'Connell-Richardson design. Figure 8 illustrates the two levels of scheduling employed by the distributed kernel.

The two virtual processors (Mem\_Mgr\_VP and Idle\_VP in Figure 8) are permanently bound to kernel processes and are not in contention for process scheduling. The remaining VP's are temporarily bound to supervisor processes as determined by the Traffic Controller. If no supervisor process is available, the Traffic Controller

invokes the Inner Traffic Controller (IDLE) which loads an Idle process on the virtual processor.

The Inner Traffic Controller schedules virtual processors on the physical processor. Ready virtual processors with temporarily bound idle processes (VP #1 and VP #2 in Figure 6) will be scheduled only to give an Idle process away for a supervisor process (i.e., when virtual preempt flag is set). The Idle process will actually run when the virtual processor to which it is permanently bound (the Idle-VF in Figure 8) is scheduled. This will happen only when all other VP's are waiting or temporarily bound to Idle processes, i.e., when there is no useful work for the CPU.

Sec. Det

# TWO-LEVEL SCHEDULING





50

ndina .......

## 3. Non-Eiscretionary Security Module

The Non-Discretionary Security module in level-3 reflects the system's security policy. It compares two labels, subject and object access classses, passed to it by other modules, and returns the relationship of the labels based on a lattice structure known to it. To perform this function it provides the extended instruction, RELATION, which is used by the Event Manager and the Segment Manager to determine access permission. These modules make decisions about access based on the relationships: equal, less than, greater than, and not related. The Non-discretionary Security module is the only module which interprets the labels themselves. A different security policy (e.g., Privacy Act vs DOD) can be implemented simply by changing the lattice structure used in this module.

### 4. Event Manager Module

The Event Manager is a level-3 module invoked by supervisor processes via the gatekeeper. This module creates a set of extended instructions: ATVANCE, AWAIT, REAT and TICKET. It determines the access permission of desired interprocess communications and obtains a global handle from a Memory Manager data base where event data is stored. If access is permitted, the event manager passes this handle, which identifies the event, to the Traffic Controller where the appropriate event count instruction is invoked. For sequencer operations the Memory Manager is invoked directly.

51

· Contractor

The use of the handle is necessary because of the design choice to store event data in a data base of the Memory Manager [3]. This insures that inter-domain IPC does not violate SASS security policy.

#### 5. Segment Manager Module

The Segment Manager also resides in level-3. This module creates set of extended instructions for a manipulating segments. These instructions are: CREATE. SWAP IN, SWAP OUT, MAKE KNOWN, and TERMINATE. DELETE, Modules of the supervisor domain invoke these instructions to coordinate host support. CREATE and DELETE add and remove segments from the system. SWAP IN and SWAP\_OUT cause a segment to be moved between primary and secondary memory (i.e., between a paged disk and contiguous memory). MAKE KNOWN and TERMINATE add and remove a segment from a process address space.

6. Gatekeeper Module

The Gatekeeper exists on the boundary between the kernel and supervisor domains. It provides the sole entry point into the kernel domain, so when the execution point of a process enters the kernel domain of its address space it must do so through the Gatekeeper.

The hardware of the MMU partitions process address spaces into two domains by setting the ring number (zero or one) in each segment's

attribute register. Software provided by the Gatekeeper performs the following additional functions:

#### Kernel Entry

- 1. Unmask Hardware interrupts.
- 2. Save supervisor domain registers.
- 3. Save supervisor stack pointer in kernel stack segment.
- 4. Check arguments and invoke appropriate kernel entry points. (Virtual machine instructions).

# Kernel Exit

- Invoke TEST\_VPREEMPT (i.e., umnask virtual interrupts).
- 2. Restore supervisor domain stack pointer.
- 3. Restore supervisor domain registers.
- 4. Unmask hardware interrupts.
- 5. Return to process execution point in in supervisor domain.

#### C. REVIEW

This chapter has described the high level design of the Secure Archval Storage System kernel from two points of view. In the process view the system is composed of pairs of supervisor processes (an I/O Manager and a File Manager) for

Sec. 1

each host computer and a pair of kernel processes (a Memory Manager and an Idle process) for each real processor in the system. The supervisor processes provide high level services to host computers while the kernel processes control system memory resources and provide an idle system state. Distributed kernel functions implement two levels of scheduling, provide interprocessor synchronization a nd communication, manage segments, and isolate and protect the kernel domain of process address spaces. The distributed kernel is constructed as a hierarchical virtual machine. Evidence of the versitility of the loop-free, configuration independent structure of this design can be observed in concurrent thesis work in this area [19]. An Intel 5086 multiprocessor operating system implementation, based on the same design, uses essentially the same virtual insturction set described in this chapter. An implementation of the first two levels of this kernel machine is presented in the next chapter.

### IV. IMPLEMENTATION

Implementation of the distributed kernel was simplified by the hierarchical structure of the design for it permitted methodical bottom-up construction of a series of extended machines. This approach was particularly useful in this implementation since the bare machine, the ZEØUC Developmental Module, was provided with only a small amount of software support.

### A. DEVFLOPMENTAL SUPPORT

A. Zilog MCZ Developmental System provided support in developing ZE000 machine code. It provided floppy disk file management, a text editor, a linker and a loader that created an image of each ZE000 load module.

A Z8000 Developmental Module (DM) provided the necessarv hardware support for operation of a Z8002 non-segmented microprocessor and 16K words (32K bytes) of dynamic RAM. It included a clock, a USART, serial and parallel I/O support, and a 2K PROM monitor.

The monitor provided access to processor repisters and memory, single step and break point functions, basic I/O functions, and a download/upload capability with the MCZ system.

Since a segmented version of the processor was not available for system development, segmentation hardware was simulated in software as an MMU image (see Figure 9). Although this data structure did not provide the hardware support (traps) required to protect segments of the kernel domain, it preserved the general structure of the design.

MMU\_IMAGE



Figure 9

### B. INNER TRAFFIC CONTROLLER

The Inner Traffic Controller runs on the bare machine to create a virtual environment for the remainder of the system. Only this module is dependent on the physical processor configuration of the system. All higher levels see only a set of running virtual processors. A kernel data base, the Virtual Processor Table is used by the Inner

Traffic Controller to create the virtual environment of this first level extended machine. A source listing of the Inner Traffic Controller module is contained in Appendix A.

### 1. Virtual Frocessor Table (VPT)

The VPT is a data structure of arrays and records that maintains the data used by the Inner Traffic Controller to multiplex virtual processors on a real processor and to create the extended instruction set that controls virtual processor operation (see Figure 10). There is one table for each physical processor in the system. Since this implementation was for a uniprocessor system (the ZE020 DM), only one table was necessary.

### Virtual Processor Table

LOCK PUNNING\_LIST FEADY\_LIST FREE\_LIST



#### Figure 10

57

J. man Land S. Longe

The table contains a LOCK which supports an exclusion mechanism for a multiprocessor system. It was provided in this implementation only to preserve the generality of the design.

The Descriptor Base Register (DDR) binds a process to a virtual processor. The DBR points to an MMU\_IMAGE containing the list of descriptors for segments in the process address space.

A virtual processor (VP) can be in one of three states: running, ready, and waiting (figure 11).

Virtual Processor States

<u>RITNN I NG</u>





FIGURE 11

A running VP is currently scheduled on a real processor. A ready VP is ready to be scheduled when selected by the level-1 scheduling algorithm. A waiting VP is awaiting a message from some other VP to place it in the ready list. In the meantime it is not in contention for the real processor.

#### 2. <u>Level-1 Scheduling</u>

Virtual processor state changes are initiated by the inter-virtual-processor communication mechanisms, SIGNAL and WAIT. These level-1 instructions implement the scheduling policy by determining what virtual processor to bind to the The actual binding and unbinding is real processor. performed by a Processor switching mechanism called SWAP\_DER [10]. Processor switching implies that somehow the execution point and address space of a new process are acquired by the processor. Care must be taken to insure that the old process is saved and the new process loaded in an orderly manner. A solution to this problem, suggested by Saltzer [10], is to design the switching mechanism so that it is a common procedure having the same segment number in every address space.

In this implementation a processor register (R14) was reserved within the switching mechanism for use as a DBR. Processor switching was performed by saving the old execution point ( i.e., processor registers and flag control

word), loading the new DBR and then loading the new execution point. The processor switch occurs at the instant the DBR is changed (see figure 12). Because the switching procedure is distributed in the same numbered segment in all address spaces, the "next" instruction at the instant of the switch will have the same offset no matter what address space the processor is in. This is the key to the proper operation of SWAP\_DBR.

SWAP\_DBR Process #1 Process #2 Address space Address spare Call SWAP\_DBR Save return point on call stack. (Process #1) Save execution point Swap DBR (R14) -> Swap DER (R14) processor switch Load new execution point. Load return point from call stack (process #2) Figure 12

To convert this switching mechanism to segmented hardware it is necessary merely to replace SWAP\_DEF with special I/O block-move instructions that save the contents of the MMU in the appropriate MMU\_IMAGE and load the contents of the new MMU\_IMAGE into the MMU.

a. Getwork

SWAP\_DBR is contained within an internal Inner Traffic Controller procedure called GETWORK. In addition to multiplexing virtual processors on the CPU, GETWORZ interprets the virtual processor status flags, IDLE and PREEMPT, and modifies VP scheduling accordingly in an attempt to keep the CPU busy doing useful work.

There are actually two classes of idle processes within the system. One class belongs to the Traffic Controller. Conceptually there is a ready level-2 idle process for each virtual processor available to the Traffic Controller for scheduling. When a running process blocks itself, the Traffic Controller schedules the first ready process. This will be an idle process if no supervisor processes are in the ready list.

The second class of idle process exists in the kernel. The kernel Idle process is permanently bound to the lowest priority virtual processor.

The distinction is made between these classes because of the need to keep the CPU busy doing useful work whenever possible. There is no need for GETWORK to schedule a level-2 idle process that has been loaded on a virtual processor, because the idle process does no useful work. The virtual processor IDIE\_FLAG indicates that a virtual processor has been loaded with a level-2 idle process. GETWORK will schedule this virtual processor only if the PREEMPT flag is also set. The PREEMPT flag is a signal from the Traffic Controller that a supervisor process is now ready to run.

When GETWORK can find no other ready virtual processors with IDLE and PREEMPT flags off, it will select the virtual processor permanently bound to the kernel. Idle process. Only then will the Idle process actually run on the CPU.

Getwork contains two entry points. The first, a normal entry, resets the preempt interrupt return flag. (R2 is reserved for this purpose within GETWORK.) The Second, a hardware interrupt entry point, contains an interrupt handler which sets the preempt interrupt return flag. The DBR (R14) must also be set to the current value ty any procedure that calls GETWORK in order to permit the SWAP\_DPR portion of GETWORK to have access to the scheduled process's

address space. Upon completion of the processor switch, GETWORK examines the interrupt return flag to determine whether a normal return or an interrupt return is required.

The hardware interrupt entry point in GETWORK supports the technique used to initialize the system. Each process address space contains a kernel domain stack segment used by SWAP-DBR in GETWORK to save and restore VF states. For the same reason that SWAP-DBR is contained in a system wide segment number, the stack segment in each process address space will also have the same number (Segment #1 in implementation). Each stack segment is initially this created as though it's process had been previously preempted by a hardware interrupt. This greatly\_ simplifies the initialization of processes at system generation time. The details of system initialization will be described later in this chapter. It is important to note here, however, that GETWORK must be able to determine whether it was invoked by a hardware preempt interrupt or by a normal call, before it can execute a return to the calling procedure. This is because a hardware interrupt causes three items to be placed on the system stack: the return location of the caller, the flag control word, and the interrupt identifier, whereas a normal call places only the return location on the stack. Therefore, in order to clean up the stack, GETWORK must

execute an interrupt return (assembly instruction:IRET) if entry was via the hardware preempt handler (i.e., PC set). This instruction will pop the three items off the stack and return to the appropriate location. If the interrupt return flag, RC, is off, a normal return is executed.

During normal operation, SWAP-DER manipulates process stacks to save the old VP state and load the new VP state. This action proceeds as follows (figure 13):

1. The Flag Control Word (FCW), the Stack Pointer (E15) and the preempt return flag (R0) are saved in the cld VP's kernel stack.

2. The DER (R14) is loaded with the new VP's DER. This permits access to the address space of the new process.

3. The Flag Control Word (FCW), the Stack Pointer (R15) and the Interrupt Return Flag (R0), are loaded into the appropriate CPU registers.

4. R0 is tested. If it is set, GETWORK will execute an interrupt return. If it is off, a normal return occurs.



Kernel Stack Segments

FIGURE 13

By constructing GETWORK in this way, both system initialization and normal operations can be handled in the same way. A high level GETWORK algorithm is given in figure 14.

### 3. Virtual Processor Instruction Set

The heart of the SASS scheduling mechanism is the internal procedure, GETWORK. It provides a powerful internal primitive for use by the virtual processors and greatly simplifies the design of the virtual processor instruction set. Virtual processor instructions perform three types of functions: multiprogramming, process management and virtual interrupts.

```
GETWORK Procedure (DER = R14)
 Begin
  Reset Interrupt Return Flag (Re)
  Skip hardware preempt handler
 Hardware Preempt Entry:
    Set DBR
    Save CPU registers
    Save supervisor stack pointer
    Set Interrupt Return Flag (RØ)
  Get first ready 7P
  Do while not Select
   If Idle flag is set then
    if Preempt flag is set then
     select
    else
     get next ready VP
    end if
   else
    select
   end if
  end do
  SWAP DER:
   Save old VP registers in stack segment
   Swap dbr (R14)
   Load new VP registers in stack segment
   If Interrupt Return Flag is set then
    unlock VPT
    simulate GATEKEEPER exit:
     Call TEST_VFREEMPT
     Restore supervvisor registers
     Restore supervvisor stack pointer
    Execute Interrupt Return (IRET)
   end if
   Execute normal return
```

end GETWORK

Figure 14

66

.....

WAIT provide synchronization SIGNAL and and communication between virtual processors. They multiplex virtual processors on a CPU to provide multiprogramming. This implementation used a version of the signal and wait algorithms proposed by Saltzer [10]. In the SASS design each CPU is provided with a unique (fixed) set of virtual processors. The interaction among virtual processors is a result of multiprogramming them on the real processor. Only one virtual processor is able to access the VPT at a time because of the use of the VPT LOCK (SPIN\_LOCK) to provide mutual exclusion. Therefore race and deadlock conditions will not develop and the signal pending switch used by Saltzer is not necessary.

This implementation also included message passing mechamism not provided by Saltzer. The message slots available for use by virtual processors are initially contained in a queue pointed to by FREE-LIST. When a message is sent from one VP to another, a message slot is removed from the free list and placed in a FIFO message queue belonging to the VP receiving the message. The head of each VP's message queue is pointed to by MSG-LIST. Each message slot contains a message, the ID of the sender, and a pointer to the next message in the list (either the free list or the VP message list.

IDLE and SWAP\_VDBR provide the Traffic Controller with a means of scheduling processes on the running VF.

SET\_VPREEMPT and TEST\_VPREEMPT install a virtual interrupt mechanism in each virtual processor. When the Traffic Controller determines that a virtual processor should give up its process because a higher priority process is now ready, it sets the PREEMPT flag in that VP. Then, even if an idle process is loaded on the VP, it will be scheduled and will be loaded with the first ready process. Test\_VPreempt is a virtual interrupt unmasking mechanism which forces a process to examine the preempt flag each time it exists from the kernel.

a. Wait

WAIT provides a means for a virtual processor to move itself from the running state to the waiting state when it has no more work to do. It is invoked only for system events that are always of short duration. It is supported by three internal Procedures.

SPIN\_LOCK enables the running VP to gain control of the Virtual Processor Table. This procedure is only necessary in a multiprocessor environment. The running VP will have to wait only a short amount of time to gain control of the VFT. SFIN\_LOCK returns when the VP has locked the VPT.

GETWORK loads the first eligible virtual processor of the ready list on the real processor. Before this procedure is invoked, the running VP is placed in the ready state. Both ready and running VP's are members of a FIFO queue. GETWORK selects the first VP in this ready list. loads it on the CPU, and places it in the running state. When GETWORK returns, the first VP of the queue will always be running and the second will be the first VP in the ready queue.

GET\_FIRST\_MESSAGE returns the first message of the message list (also managed as a FIFO queue) associated with the running VP. The action taken by WAIT is as follows:

If the running virtual processor calls WAIT and there is a message in its message list (placed there when another VP signaled it) it will get the message and continue to run. If the message list is empty it will place itself in the wait state, schedule the first ready virtual processor, and move it to the running state. The virtual processor will remain in the waiting state until another running VP sends it a message (via SIGNAL). It will then move to the ready list. Finally it will be selected by GETWORK, the next instructions of WAIT will be executed, it will receive the message for which it was waiting, and it will return to the caller.

b. Signal

Messages are passed between virtual processors by the instruction, SIGNAL, which uses four internal procedures, SPIN\_LOCK, ENTER\_MSG\_LIST, MAKE\_READY, and GETWORK.

SPIN\_LOCK, as explained above insures that only one virtual processor has control of the Virtual Processor Table at a time.

ENTER\_MSG\_LIST manages a FIFO message queue for each virtual Processor and for free messages. This queue is of fixed maximum length because of the implementation decision to restrict the use of SIGNAL. A running 7F can send no more than one message (SIGNAL) before it receives a reply (i.e., WAIT's for a message). Therefore if there are N virtual processors per real processors, the message queue length. L. is:

## L = N - 1

MAKE\_READY me ages the virtual processor ready queue. If a message is sent to a VP in the waiting state, MAKE\_READY wakes it up (it places it in the ready state) and enters it in the ready list. If a running VP signals a waiting VP of higher priority, it will place itself back in the ready state and the higher priority VP will be selected. The action taken by signal is as follows: SIGNAL Procedure (Message. Testination\_VF)
Begin
Lock VFT (call SFIN\_LOCK)
Send message (call ENTER\_MSG\_LIST)
If signaled VP is waiting Then
Wake it up and make it ready
 (call MAKE\_READY)
end if
Fut running VP in ready state.
Schedule first elgible ready VP
 (call GETWORK)
Unlock VFT
Return (Success\_code)
End SIGNAL

c. SWAP\_VDBR

SWAP\_VEEP contains the same processor switching mechanism used in SWAP\_DBR, but applies it to a virtual processor rather than a real processor. Switching is quite simple in this virtual environment because both processor execution point and address space are defined by the Descriptor Base Register. SWAP\_VDBR is invoked by the Traffic Controller to load a new process on a virtual processor in support of level-2 scheduling. It uses GETWORK to control the associated level-1 scheduling. The action taken by SWAP\_VDER is:

SWAF\_VDBR Procedure (New\_DFR) Begin Lock VFT (call SPIN\_LOCK) Load running VP with New\_DFR Flace running VP in ready state Schedule first eligible ready VP (call GETWORK) Unlock VPT Return End SWAP\_VDFR

In this implementation one restriction is placed upon the use of this instruction. If a virtual processor's message list contains at least one message, it can not give up its current DER. This problem is avoided as the natural result of using SIGNAL and WAIT only for system events, and "masking" preempts within the kernel. If this were permitted, the messages would lose their context. (The messages in a VP\_MSG\_LIST are actually intended for the process loaded on the VP.)

d. IDLE

The IDLE instruction loads the Idle DEP on the running virtual processor. Only virtual processors in contention for process scheduling will be loaded by this instruction. (The Traffic

Controller is not even aware of virtual processors permanently bound to kernel processes.)

IDLE hās the same scheduling effect as SWAP\_VDBR, but it also sets the IDLE FLAG on the scheduled VP. The distinction is made between the Two cases because, although the Traffic Controller must schedule an Idle process on the VP if there are no other ready processes. the Inner Traffic Controller does not wish to schedule an Idle VP if there is an alternative. This would be a waste of physical processor resources. The setting of the IDLE FLAG by the Traffic Controller aids the Inner Traffic Controller in making this scheduling decision. Logically, there is an idle process for each VP; actually the same address space (DBR) is used for all idle processes for the same CPU, since only one will run at a time. As previously explained, virtual processors loaded by this instruction will be selected by GETWORK only to give the Idle process away for a new process in response to a virtual preempt interrupt. The action of IDLE is:

74

a fresh and a second

IDLE Procedure Begin Lock VPT (call SPIN\_LOCK) Load running VP with Idle DBR Set VP's IDLE\_FLAG Place running VP in ready state Schedule first elgible ready VP (call GETWORK) Unlock VPT Return End IDLE

### e. SET\_VPREEMPT

SET\_VPREEMPT sets the preempt interrupt flag on a specified virtual processor. This forces the virtual processor into level-1 scheduling contention, even if it is loaded with an Idle process. The instruction retrieves an idle virtual processor in the same way a hardware preempt retrieves an idle CPU by forcing the VP to be selected by GETWORK. The only difference between the two cases is the entry point used in GETWORK. The action of SET\_VPREEMPT is:

SET\_VPREEMFT Procedure (VP) Begin Set VP's PREEMPT flag If VP belongs to another CPU Then send hardware interrupt end if Return End SET\_VPREEMPT

Since the action is a safe sequence, no deadlocks or race conditions will arise and no lock is required on the VPT.

f. TEST\_VPREEMPT

Within the kernel of a multiprocessor system all process interrupts (which excludes system I/O interrupts) are masked. If process interaction results in a virtual preempt being sent to the running virtual processor by another CPU, it will not be handled since GETWORK has already been invoked. TEST\_VFREEMPT provides a virtual preempt interrupt unmasking mechanism.

TEST\_VPREEMPT mimics the action of a physical CPU when interrupts are unmasked. It forces the process execution point back down into the kernel each time the process attempts to leave the kernel domain, where the preempt flag of the running VP is examined. If the flag is

off. TEST VPREEMPT returns and the execution point exits through the Gatekeeper into the supervisor domain of the process address space as described above. However, if the PREEMPT flap is on, the TEST\_VPREEMPT executes a virtual interrupt handler located in the Traffic Controller. This jump from the Inner Traffic Controller to the Traffic Controller (TC\_PREEMPT\_HANDLER) is a close parallel to the action of a CPU in response to a hardware interrupt, that is a jump to an interrupt handler. The Traffic Controller Preempt Handler forces level-2 and level-1 scheduling to proceed in the normal manner. The preempt handler forces the Traffic Controller to examine the APT and to apply the level-2 scheduling algorithm, TC\_GETWORK. If the AFT has been changed since the last invocation of this scheduler, it will be reflected in the scheduling selections. Eventually, when the running VP's preempt flag is tested and found to be reset. TEST VPREEMPT will return to the Gatekeeper where the process execution point will finally make a normal exit into its supervisor domain. TEST VFREEMPT performs the following action:

77

A STAR

TEST VPREEMFT Procedure

Begin

Do while running VP's PREEMPT flag is set Reset FREEMPT flag Call preempt handler (call TC\_PREEMPT\_HANDLER) End do Return End TEST\_VFREEMPT

C. TRAFFIC CONTROLLFR

The Traffic Controller runs in a virtual environment created by the Inner Traffic Controller. It sees a set of running virtual processor instructions: SWAF\_VDER, IFLE, SET\_VPREEMPT, and RUNNING\_VP, and provides a scheduler, TC\_GETWORK, which multiplexes processes on virtual processors in response to process interaction. It also creates a level-2 instruction set: ADVANCE, AWAIT, and PROCESS\_CLASS, which is available for use by higher levels of the design. The Traffic Controller uses a global data base, the ACTIVE PROCESS TABLE to support its operation.

1. Active Process Table (APT)

The Active Process Table is a system-wide kernel database containing entries for each supervvisor process in SASS (Figure 15). It is indexed by active process ID.



### Figure 15

The structure of the APT closely parallels that of the Virtual Processor Table. It contains a LOCK to support the implementation of a mutual exclusion mechanism. a RUNNING LIST, and a READY LIST HEAD. The Traffic Controller is only concerned with virtual processors that can be loaded with supervisor processes. Since two VP's are permanently bound to kernel processes (the Memory Manager and the Idle Process), they cannot be in contention for level-2 scheduling; the Traffic Controller is unaware of their existence; since there are a number of available virtual processors, the RUNNING\_LIST was implemented as an array indexed by VP\_ID. The READY\_LIST\_HEAD points to a FIFO queue

that includes both running and ready processes. The running processes will be at the top of the ready list.

Because of their completely static nature, idle processes require no entries in the APT. Logically, there is an idle process at the end of the ready list for each VF available to the Traffic Controller. If the ready list is "virtual" empty, TC GETWORK loads one of these idle processes by calling IDLE, and enters a reserved identifier, appropriate RUNNING LIST entry. This #IDLE. the in identifier is the only data concerning idle processes that APT. Idle process scheduling contained in the is considerations are moved down to level-1, because the Inner Traffic Controller knows about physical processors, and can optimize CPU use by scheduling idle processes only when there is nothing else to do.

The subject access class, S\_CLASS, provides each process with a label that is required by level-3 modules to enforce, the SASS non-discretionary security policy.

2. Level-2 Scheduling

Above the Traffic Controller, SASS appears as a collection of processes in one of the three states: running, ready, or blocked. Running and ready states are analogous to the corresponding virtual processor states of the Inner Traffic Controller. However, because of the use of

eventcount synchronization mechanisms by the Traffic Controller, the blocked state has a slightly different connotation than the VP waiting state.

Blocked processes are waiting for the occurrence of a non-system event, e.g., the event occurrence may be signalled from the supervisor domain. When a specific event happens, all of the blocked processes that were awaiting that event are awakened and placed in the ready state. This broadcast feature of event occurrence is more powerful than the message passing mechanism of SIGNAL, which must be directed at a single recipient.

Just as SIGNAL and WAIT provide virtual processor multiplixing in level-1, the eventcount functions. ADVANCE and AWAIT, control process scheduling in level-2.

a. TC\_GETWORK

Level-2 scheduling is implemented in the internal Traffic Controller procedure, TC\_GETWORK. This procedure is invoked by eventcount functions when a process state change may have occurred. It loads the first ready process on the currently scheduled VP (i.e., the virtual processor that has been scheduled at level-1 and is currently executing on the CPU).

```
TC GETWORK Procedure
Eegin
 VP ID := RUNNING VP
 Do while not end of ready list
   if process is running then
    get next ready process
   else
   RUNNING_LIST [VP_ID] := PROCESS_ID
   Process state := running
  SWAP VDBR
end if
 end do
 If end of running list (no ready processes) Then
 RUNNING LIST := #IDLE
 IDLE
end if
Peturn
End TC_GETWORK
```

A source listing of TC\_GETWORK is contained in Appendix B.

b. TC\_PREEMPT\_HANDLER

Preempt interrupts are masked while a process is executing in the kernel domain. As the process leaves the kernel, the gatekeeper unmasks this virtual interrupt by invoking TEST\_VPREEMPT. This instruction tests the scheduled VP's PREEMPT flag. If this flag is off, the process returns to the Gatekeeper and exits from the kernel; but if the flag is set. TEST\_VPREEMPT calls the Traffic Controller's virtual preempt interrupt handler, TC\_PREEMPT\_HANDLER. This handler

invokes TC GETWORK, which re-evaluates level-2 scheduling. Eventually, when the schedulers have completed their functions, the handler will return control to the preempted process, which will return to te Gatekeeper for a normal exit. This sequence of events closely parallels the action of a hardware interrupt, but in the environment of a virtual processor rather than a CPU. The virtualization of interrupts provides the ability for one virtual processor to interrupt execution of another that may, or may not, be running on a CPU at that time. This is provided without disrupting the logical structure of the system. This capability is particularly useful in a multiprocessor environment where the target virtual processor may be executing on another CPU. Because these interrupts will be virtualized, the operating system will retain control of the system. The action of the TC\_PREEMPT\_HANDLER is described in the procedure below. A source listing is contained in Appendix B.

TC\_PREEMPT\_HANDLER Procedure Begin Call WAIT\_LOCK VP\_ID := RUNNING\_VP Process\_ID := RUNNING LIST [VF\_ID] If process is not idle Then Process state := ready end if Call TC\_GETWORK Call WAIT\_UNLOCK RETURN

End TC\_PREEMPT\_HANDLER

WAIT\_LOCK and WAIT\_UNLOCK provide an exclusion mechanism which prevents simultaneous multiple use of the APT in a multiprocessor configuration. This mechanism invokes WAIT and SIGNAL of the Inner Traffic Controller.

3. Eventcounts

An eventcount is a non-decreasing integer associated with a global object called an event [11]. The Event Manager, a level-3 module, controls access to event data when required and provides the Traffic Controller with a HANDLE, an INSTANCE, and a COUNT. The values for all eventcounts (and sequencers) are maintained at the Memory Manager level and are accessed by calls to the Memory Manager. The HANDLE provides the traffic controller with an

event ID, associated with a particular segment. INSTANCE is a more specific definition of the event. For example, each SASS supervisor segment has two eventcounts associated with it, a INSTANCE\_1 and a INSTANCE\_2, that the supervisor uses keep track of read and write access to the segment [2]. Eventcounts provide information concerning system-wide events. They are manipulated by the Traffic Controller functions ADVANCE and AWAIT and by the Memory Manager functions, READ and TICKET. A proposed high level design for ADVANCE and AWAIT is provided in Appendix C.

a. Advance

ADWANCE signals the occurrence of an event (e.g., a read access to a particular supervisor segment). The value of the eventcount is the number of ADVANCE operations that have been performed on it. When an event is advanced, the fact must be broadcast to all tlocked processes awaiting it and the process must be awakened and placed on the ready list. Some of the newly awakened processes may have a higher priority than some of the running processes. In this case a virtual preempt, SET\_VPREEMPT (VP\_ID), must be sent to the virtual processors loaded with these lower priority processes.

b. Await

When a process desired to block itself until a particular event occurs, it invokes AWAIT. This procedure returns to the calling process when a specified eventcount is reached. Its function is similar to WAIT.

c. Read

READ returns the current value of the eventcount. This is an Event Manager (level three) function. This module calls the Memory Manager module to obtain the eventcount value.

d. Ticket

TICKET provides a complete time-ordering of possibly concurrent events. It uses a non-decreasing integer, called a sequencer, which is also associated with each supervisor segment. As with READ, this is an Event Manager function that calls the Memory Manager to access the sequencer value. Each invocation of TICKET increments the value of the sequencer and returns it to the caller. Two different uses of ticket will return two different values, corresponding to the order in which the calls were made.

# D. SYSTEM INITIALIZATION

Eecause the Inner Traffic Controller's scheduler, GETWORK, can accommodate both normal calls and hardware

interrupt jumps, the problem of system initialization is not difficult.

When SASS is first started at level-1, the Idle VP is running and the memory manager VP, which has the highest priority, is the first ready virtual processor in the ready list. All VP's available to the Traffic Controller for level-2 schedling are ready. Their IDLE\_FLAG's and PREEMPT flags are set.

At level-2, all VP's are loaded with idle processes and all supervisor processes are ready.

The kernel stack segment of each process is initialized to appear as if it had been saved by a hardware Preempt interrupt (Figure 16).





Figure 16

All CPU registers and the supervisor stack pointer are stored on the stack. R15 is reserved as the kernel stack point; R14 contains the DBR. All other registers can be used to pass initial parameters to the process. The order in which these registers appear on the stack supports the Z/ASM block-move instructions.

The status block contains the current value of the stack pointer, R15, and the preempt interrupt return flag. This flag is set to indicate that the process has been saved by a

preempt interrupt. The first three items on the stack: the process entry point, the initial process flag control word, and an interrupt indentifier, are also initialized to support the action of a hardware interrupt.

To start-up the system, R14 (the DBR) is set to the Idle process DBR; the CPU Program counter is assigned the PREEMPT ENTRY point in GETWORK; the CPU Flag Control Word (FCW) is initialized for the kernel domain; and the CFU is started. Because the Idle\_VP is the lowest priority VP in the system, it will place itself back in the ready state and move the Memory Manager in the running state. The Memory Manager will execute an interrupt return because the interrupt return flag was set by system initialization. There will be no Work for this kernel process so it will call WAIT to place itself in the waiting state. The next ready VP is idling, but since it's IDLE\_FLAG and PREEMPT flag are set, GETWORK will select it. It too will execute an interrupt return, but because its PREEMPT flag is set, it will call TC PREEMPT HANDLER. This will cause the first ready process to be scheduled. Each time a supervisor process blocks itself. the next idle VP will be selected and the sequence will be repeated.

The action described above is in accord with normal operation of the system. The only unique features of

initialization are the entry point (PREEMPT-ENTRY: in GETWORK) and the values in the initialized kernel stack.

The implementation presented in this thesis has been run on a Z8000 developmental module. System initialization has been tested and executes correctly. At the current level of multiplexing function is implementation. no process available. There is no provision for unlocking the APT after an initialized process has been loaded as a result, a call to the Traffic Contorller (viz., ADVANCE or AWAIT). In a process multiplexed environment this would cause a system deadlock. Once the process left the kernel domain with a locked APT, no process would be able to unlock it. The Traffic Controller must handle this system initialization problem.

### V. CONCLUSION

The implementation presented in this thesis created a security kernel monitor that runs on the ZECCC Developmental Module. This monitor supports multiprogramming and process management in a distributed operating system. The process executes in a multiple virtual processor environment which is independent of the CPU configuration.

This monitor was designed specifically to support the Secure Archival Storage System (SASS) [1, 2, 3]. However, the implementation is based on a family of Operating Systems [4] designed with a primary goal of providing multilevel security of information. Although the monitor currently runs on a single microprocessor system, the implementation fully supports a multiprocessor design.

### A. RECOMMENDATIONS

Pecause the Zilog MMU is not yet available for the ZE020 Developmental Module, it was necessary to simulate the segmentation hardware. As explained in Chapter IV, this was accomplished by reserving a CPU register, R14. as a Descriptor Base Register (DBR) to provide a link to the loaded addresss space. When the MMU becomes available, this simulation must be removed. This can be done in two steps.

First, the addressing format must be translated to the segmented form. This requires no system redesign.

Second, the switching mechanism most be modified to accomodated to use the MMU. This can be done by modifying the SWAP\_DBR portion of GETWORK to multiplex the MMU\_IMAGE onto the MMU hardware and this can be accomplished by changing about a dozen lines of the existing code.

B. FOILOW ON WORK

Although the monitor appears to execute correctly, it has not been rigorously tested. Before higher levels of the system are added, it is essential that the monitor be highly reliable. Therefore a formal test and evaluation plan should be developed.

Ar automated system generation and initialization mechanism is also required if the monitor to be is a useful tool in the development of higher levels of the design.

Once the monitor has been proven reliable and can be loaded easily, work on the implementation of the Memory Manager kernel process and the remainder of the kernel can continue.

APPENDIX A MACHINE INSTRUCTIONS ARE CONSIDERED ERROR CONDITIONS AND WILL CRASH SYSTEM (RETURNING AN ERROR CODE: RØ). ALL ITC PROCEDURES CALLING GETWORK PASS DBR: R14 AS INPUT PARAMETER.(SIG, WAIT, SWAP\_VDBR, & IDLE) \*\* WILL EVENTUALLY BE AVAILABLE ON THE HARDWARE (MMU). THIS REG IS ESTABLISHED AS THE DBR BY ANY ITC I MSG\_LIST\_NOT EMPTY R14 IS INPUT PARAMETER SUMULATING INFO WHICH PROCEDURE CALLING GETWORK AND BY THE PREEMPT NORMAL ENTRY DOES NOT SAVE ANY REGS. ( THIS FUNCTION OF GATEKEEPER ). INTERRUPT BANDLER (PREEMPT\_ENTRY). j ########## ERRON CODES ######## s S S NB 4 11 ... 8 # il ••• 11 Ħ ALL VIOLATIONS OF VIRTUAL INNER\_TRAFFIC\_CONTROL MODULE UNAUTE LOCK MSG\_LIST\_EMPTY MSG\_LIST\_EMPTY MSG\_LIST\_EMPTY MSG\_LIST\_OVERFLOW SWAP\_NOT\_ALLOWED VP\_INDEX\_ERROR ¥ \* \* VERS. 1.4 1 \*\* NOTE: 2. GENERAL: **GETWORK:** CONSTANT . В ۸. **.** А • ÷ 25 28 28 28 28 28 0 ~ 8 0 <u>0</u> ŝ 

28000ASM 2.02 Loc orj code

STMT SOURCE STATEMENT

FIUNTIUN := XA900 I HBUG ENTRY TC\_PREEMPT\_HANDLER := XA828 XFFFF := XEEEE XFFFF 0 2 Ø H ... H •• u H 11 READY Vaiting INVALID RUNNING ON OFF NIL

I PAGE

|                                                     |                                                                    |                                               |                                                          | ໂຄ                                                                                     |
|-----------------------------------------------------|--------------------------------------------------------------------|-----------------------------------------------|----------------------------------------------------------|----------------------------------------------------------------------------------------|
|                                                     |                                                                    |                                               |                                                          | WORD]                                                                                  |
|                                                     | 0                                                                  | EX<br>EX<br>[5, WORD]                         | ADDRESS<br>Word<br>Word<br>Word<br>Word                  | WORD<br>VP_INDEX<br>MSG_INDEX<br>ARRAY [6,                                             |
|                                                     | ADDRESS<br>WORD                                                    | MESSAGE<br>VP_INDEX<br>MSG_INDEX<br>ARRAY [5. | 1.<br>TAG                                                | ER_1                                                                                   |
| ER                                                  | BASE<br>ATTRI BUTES                                                | MSG<br>Sender<br>Next_msg<br>Filler           | ( DBR<br>PRI<br>State<br>Idle Fla<br>Preempt             | PHYS PHYS PHYS PHYS PHYS PHYS PHYS PHYS                                                |
| WORD<br>WORD<br>INTEGI                              |                                                                    | <b>ч</b> г                                    | Q                                                        | -                                                                                      |
| K<br>EX                                             | LE RECORD                                                          | E RECORD                                      | RECORD                                                   |                                                                                        |
| TYPE<br>MESSAGE<br>ADDRESS<br>VP_INDEX<br>MSG_INDEX | MMU_TABLE                                                          | MSG_TABLE                                     | VP_TÅBLE                                                 |                                                                                        |
|                                                     | 500<br>200<br>200<br>200<br>200<br>200<br>200<br>200<br>200<br>200 | 000<br>00<br>00<br>00<br>00<br>00<br>00<br>00 | 67<br>79<br>70<br>70<br>70<br>70<br>70<br>70<br>70<br>70 | 22<br>23<br>25<br>25<br>25<br>25<br>25<br>25<br>25<br>25<br>25<br>25<br>25<br>25<br>25 |

| <b>UNCLASSIF</b> I<br>2 ه. ب<br>گروند : | ED. | 80 S |                       |  |  | NL |  |
|-----------------------------------------|-----|------|-----------------------|--|--|----|--|
| А́у:                                    |     |      |                       |  |  |    |  |
|                                         |     |      |                       |  |  |    |  |
|                                         |     |      |                       |  |  |    |  |
|                                         |     |      | END                   |  |  |    |  |
|                                         |     |      | DATE<br>FILMED<br>H 2 |  |  |    |  |
|                                         |     |      |                       |  |  |    |  |
|                                         |     |      |                       |  |  |    |  |
|                                         |     |      |                       |  |  |    |  |
|                                         |     |      |                       |  |  |    |  |



|                       |        |                   | H  | SG_INDEX | RRAY [4, WORD] | RAT [NR_VP, VP_TABLE | VP.   |            |        |
|-----------------------|--------|-------------------|----|----------|----------------|----------------------|-------|------------|--------|
| L<br>V DATA           | RECORD | LUCK<br>RUNNING L | E  | E_LIS    | ILLER_         | ٨P                   | MSG_Q |            |        |
| INTERNAL<br>\$SECTION | TTT    |                   |    |          |                |                      |       |            | I PAGE |
| 78<br>79              | 81     | 83<br>83          | 48 | 85       | 86             | 83                   | 88    | <b>6</b> 8 | 96     |

- 44 -

1. 5

1.10

| \$SECTION INT_PROC<br>GETWORK PROCEDURE |    | I SWAPS VIRTUAL PROCESSORS | I ON PHYSICAL PROCESSOR. | · ************************************ | I RECISTER USE: | S REGISTERS | I RO: INTERRUPT_RETURN_FLAG I | DBR (SIMULATIO | I RID: STACK POINTER | I LOCAL VARIABLES: | I R1: READY_VF (NEW) | CURRENT | FLAG |     | I R5: STATUS_REG_BLOCK ADDR I | I R6: NORMAL STACK POINTER ! | ******************************* | ENTRY | I TURN OFF PREEMPT_RETURN_FLAG I | LD R0, #OFF |     | GET STACK |      | LDA R5. R4(#STATUS REG BLOCK) | •   | I SKIP PREEMPT_EANDLER ! | JR END_PREMPT_EANDLER |    |
|-----------------------------------------|----|----------------------------|--------------------------|----------------------------------------|-----------------|-------------|-------------------------------|----------------|----------------------|--------------------|----------------------|---------|------|-----|-------------------------------|------------------------------|---------------------------------|-------|----------------------------------|-------------|-----|-----------|------|-------------------------------|-----|--------------------------|-----------------------|----|
| 91<br>92                                | 93 | 94                         | 9 <b>2</b>               | 96                                     | 67              | <b>96</b>   | 66                            | 166            | 101                  | 102                | 103                  | 104     | 105  | 106 | 107                           | 108                          | 169                             | 110   | 111                              | 112         | 113 | 114       | 115  | 116                           | 117 | 118                      | 119                   | 24 |
|                                         |    |                            |                          |                                        |                 |             |                               |                |                      |                    |                      |         |      |     |                               |                              |                                 |       |                                  | 0000        |     |           | 0004 | 0000                          |     |                          |                       |    |
|                                         |    |                            |                          |                                        |                 |             |                               |                |                      |                    |                      |         |      |     |                               |                              |                                 |       |                                  | 2160        |     |           | 31E4 | 3445                          |     |                          | <b>F817</b>           |    |
| 0000                                    |    |                            |                          |                                        |                 |             |                               |                |                      |                    |                      |         |      |     |                               |                              |                                 |       |                                  | 0000        |     |           | 0004 |                               |     |                          | 000C R817             |    |

A STATE OF STATE OF STATE

I SAVE LAST STATUS\_REGS I Note: Since Processes can be preempted anywhere IT IS NECESSARY TO BANDLE RECURSIVE CALLS AND IRET FLAGS (R15 & R0) ON THE STACK THE CONTEXT OF THESE STATUS REGISTERS IS MAINTAINED TO ANY DEPTH OF RECURSION. 1 TO GETWORK. BY SAVING THE MOST RECENT SP I PUT CURRENT PROCESS IN READY STATE I STACK POINTER (NSP) ! VPT.VP.STATE(R2), #READY I GLOBAL LABEL R2, VPT.RUNNING LIST R14, VPT.VP.DBR(R2) ¥ \* \* PREEMPT\_HANDLER \* I SAVE ALL REGISTERS R15, #32 eR15, R1, #16 I SAVE NORMAL LDCTL RG, NSP PUSH GRIS, RG I SET DER PREEMPT\_ENTRY: SUE LDM 3 2 3 122 122 122 123 125 125 126 126 128 129 129 144 145 146 0014` **3002**° 0016 0020 010P 030F 1CF9 4D25 0001 61 02 612E 7D67 **93F6** 0016 001a 001C 0020 2626 0024 OOOE 0012

98

NEXT READY VP I R3, VPT.VP.NEXT\_READY\_VP(R1) R1, R3 SELECT VP: DO I UNTIL ELGIBLE READY\_VP FOUND IF EQ I PREEMPT INTERUPT IS ON EXIT FROM SELECT\_VP FI NO# SET INTERRUPT RETURN FLAG VPT.VP.IDLE\_FLAG(R1), I SAVE LAST STATUSS\_REGS I LDM R7, GR5, #2 PUSE GR15, R7 PUSE GR15, R8 CP VPT.VP.PREEMPT(R1), #ON I VP IS IDLE ! THEN I GET READY\_VP LIST I LD R1, VPT.READY\_LIST ¥ ¥ ELSE I VP NOT IDLE I EXIT FROM SELECT\_VP FI ¥ \* END\_PREEMPT\_HANDLER: # LD R0, #0N \* \* \* \* \* IF EO I GET 2 ia<sub>8</sub> GP **IPAGE** 170 175 175 175 176 179 180 181 182 183 168 169 172 0050 0058° 0068° 0060° 0068° 0¢1C° 0018 0004 0016 FFF 0761 1051 9357 9378 4D11 FFFF 58 08 58 08 6113 A131 EBEC 0038 2100 5EØE TTT 5E0E 5E 08 CO3C 6101 4D11 0036 0036 0036 0064 0066 0058 0056 0044 0250 0054 0040 0046 004A ee4e 9999

TEEN

99

|                                               | SWAF_DEK:<br>I ** SAVE SP AND INTERRUPT RETURN FLAG * * I<br>NOTE: R14 IS USED AS DBR HERE. WHEN MMU HARDWARE<br>IS AVAILABLE THIS SERIES OF SAVE AND LOAD<br>INSTRUCTIONS WILL BE REPLACED BY SPECIAL I/O<br>INSTRUCTIONS TO THE MMU. I | LDM GR5, R15, #2 | 1 * * SAVE FCW * * 1<br>LDCTL R3, FCW<br>LD R4(#P_C_W), R3 | I PLACE NEW<br>LD vpt | LD VPT.RU<br>I SWAP DBR I | LD R14, VI<br>I LOAD NEW VP | LD R4, R14(#STACK_SEG*4)<br>LDA R5, R4(#STATUS_REG_BLOCK)<br>LDM R15, GR5, #2 |
|-----------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------|------------------------------------------------------------|-----------------------|---------------------------|-----------------------------|-------------------------------------------------------------------------------|
| 184<br>185<br>186<br>188<br>198<br>198<br>198 | 193<br>193<br>195<br>196<br>198                                                                                                                                                                                                          | 199<br>200       | 201<br>202<br>203<br>204                                   | 205<br>206            | 207<br>208<br>209         | 210<br>211<br>212           | 213<br>214<br>215                                                             |
|                                               |                                                                                                                                                                                                                                          | 0P01             | 60E0                                                       | £014´                 | 0005,                     | 0010°                       | 000 <b>4</b><br>0000<br>0701                                                  |
|                                               |                                                                                                                                                                                                                                          | 1059             | 7 <b>D3</b> 2<br>33 <b>4</b> 3                             | 4D15<br>0000          | 6 <b>F0</b> 1             | 6115                        | 3154<br>3445<br>1051                                                          |
|                                               |                                                                                                                                                                                                                                          | 0068             | 006C<br>006E                                               | 0076<br>0076          | <i>00</i> 78              | 007 C                       | 0080<br>0064<br>0088                                                          |

.

| I * * LOAD NEW PCW * * I<br>LD R3, R4(#F_C_W)<br>LDCTL FCW, R3<br>I TEST POD HADDWADF INTEDDIDT I | P R0, #0N<br>F EQ I PREEMPT RETURN I THEN<br>I HARDWAKE PREEMPT INTERRUPT I | CLR VPT.LOCK<br>I TEST FOR PREEMPT I<br>I NOTE: SINCE A BARDWARE INTERAUPT DOES NOT EXIT THE<br>THROUGH THE GATE, THOSE FUNCTIONS PROVIDED<br>BY A GATE EXIT TO HANDLE PREEMPTS MUST BE<br>PROVIDED HERE ALSO. I | PREEMPT<br>LAST STATUS REGS<br>, GR15            | LDM GR5, R7, #2<br>1 RESTORE NSP 1<br>POP R6, GR15<br>LDCTL NSP, R6 |
|---------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|---------------------------------------------------------------------|
|                                                                                                   |                                                                             | 2228<br>2228<br>2338<br>2338<br>2338<br>2338<br>2338<br>2338                                                                                                                                                     |                                                  |                                                                     |
| 31 <b>4</b> 3 0050<br>7D3A                                                                        | 5EØF ØØBC                                                                   | D 28 0 0 0 0 °                                                                                                                                                                                                   | 5 <b>7 00 01 02 '</b><br>97 <b>7</b> 8<br>97 7 9 | 1059 0701<br>97 <b>f</b> 6<br>7D6 <b>f</b>                          |
| 0090 71<br>0090 71                                                                                | 8892 8]<br>8896 5]                                                          | 009a 4D38<br>-                                                                                                                                                                                                   | 0098 51<br>00A2 97<br>00A2 97                    |                                                                     |

. .....

يريني الماري الماريني المنافق المراجع المراجع المنافعات المنافع المنافع المنافع المراجع المراجع

101

-

|     |                          |                   |              |     | -                            |           |     |                        |               |     |             |        |
|-----|--------------------------|-------------------|--------------|-----|------------------------------|-----------|-----|------------------------|---------------|-----|-------------|--------|
|     |                          |                   |              |     | RETUR                        |           |     |                        |               |     |             |        |
|     | I RESTORE ALL REGSTERS I | LDM R1, 0R15, #16 | ADD R15, #32 |     | I EXECUTE EARDWARE INTERRUPT | IRET      |     | ELSE I NORMAL RETURN I | RET           | 14  | END GETWORK | ! PAGE |
| 244 | 245                      | 246               | 247          | 248 | 249                          | 250       | 251 | 252                    | 253           | 254 | 255         | 256    |
|     |                          | 010F              | 0020         |     |                              |           |     | oobe '                 |               |     |             |        |
|     |                          | 1CF1              | 010F         |     |                              | 7800      |     | 5E @8                  | 9 <b>0</b> 16 |     |             |        |
|     |                          | DOAE              | 00B2         |     |                              | 00B6 7B00 |     | 0038                   | OOBC          |     | COFE        |        |
|     |                          |                   |              |     |                              |           |     |                        |               |     |             |        |

44.54 - 24.570

all terrer a

\*

| URE<br> ************************************                       | REGISTER USE:<br>PARAMETERS :<br>RØ:MSG (INPUT)<br>R1: SIGNALED VP (INPUT)<br>R1: SIGNALED VP (INPUT)<br>R2: CURRENT VP<br>R2: CURRENT VP<br>R2: FIRST FREE MSG<br>R4: NEXT FREE MSG<br>R5: NEXT Q MSG<br>R6: PRESENT Q MSG | .RUNNING_LIST<br>FROM FREE LIST !<br>.FREE_LIST | * * * * DEBUG * * *<br>P R3, #NIL<br>F EQ THEN<br>LDA E1, \$<br>LD E0, #MSG_LIST_OVER<br>CALL MONITOR | ! * * * END DEBUG * * * !<br>.MSG Q.NEIT_MSG(R3)<br>:E LIST. R4 |
|--------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------|-------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------|
| PROCEDURE<br>1**<br>1 I<br>1 I<br>1 I                              |                                                                                                                                                                                                                             | VPT.<br>MSG<br>VPT.                             |                                                                                                       | VPT.I<br>Free                                                   |
|                                                                    |                                                                                                                                                                                                                             | R2,<br>FIRST<br>R3,                             |                                                                                                       | К4.<br>VPT.                                                     |
| ENTER_MSG_LIST                                                     |                                                                                                                                                                                                                             | ENTRY<br>LD<br>! Get<br>LD                      |                                                                                                       | 55                                                              |
| 259<br>259<br>258<br>268<br>268<br>268<br>268<br>268<br>268<br>268 | 265<br>266<br>266<br>266<br>266<br>273<br>273<br>275<br>275<br>275<br>275<br>275                                                                                                                                            | 275<br>275<br>278<br>278<br>279<br>280<br>280   | 282<br>283<br>285<br>285<br>285<br>285<br>285<br>285<br>285<br>285                                    | 289<br>298<br>291<br>292                                        |
|                                                                    |                                                                                                                                                                                                                             | 0002°                                           | FFF<br>60da<br>0004<br>1900                                                                           | 0094°<br>0006°                                                  |
|                                                                    |                                                                                                                                                                                                                             | 61 <i>0</i> 2<br>61 <i>0</i> 3                  | 0103<br>5101<br>7601<br>2100<br>5700                                                                  | 6134<br>6704                                                    |
| ØØBE                                                               |                                                                                                                                                                                                                             | 00BE 0                                          | 000000<br>000000<br>000000000000000000000000                                                          | 00DA<br>00DE                                                    |

and the set of the second second

103

A. A. Bren

THEN I INSERT MSG IN LIST I LD VPT.MSG\_Q.NEXT\_MSG(R6), R3 VPT.MSG\_Q.NEXT\_MSG(R3), R5 RG, R5 R5, VPT.MSG\_Q.NEXT\_MSG(R6) I INSERT MESSAGE LIST INFORMATION VPT.MSG\_Q.MSG(R3), RØ VPT.MSG\_Q.SENDER(R3), R2 83 ! INSERT MSG IN MSG LIST ! LD R5, VPT.VP.MSG\_LIST(R1) THEN F EQ I MSG LIST IS EMPTY I I INSERT MSG AT TOP OF LIST VPT.VP.MSG\_LIST(R1), MSG\_Q\_SEARCH: DO \_I WHILE NOT END OF LIST I INSERT MSG IN LIST CP R5, #NIL IF EQ ! END OF LIST ! EXIT FROM MSG\_Q\_SEARCH NEXT LINK R5, #NIL END ENTER MSG LIST I GET IF EO ELSE 130 3 14 3 RET 33 C b 3 0090 0092 9094 0094 fft Øøfe' Ø116° Ø10Å Ø112 0094 ' 001E' 001E ' FFF 5**e**08 A156 6165 E876 6**730** 6**730** 0 B 0 5 5 E 0 E 0805 5805 5808 6115 6F13 Ø112 6F63 0116 6F35 91 08 @11C **0082** 0086 00F6 eepa **J J** 00F2 00FE 0102 0106 **A010** Ø10C 0110 **ØØ**EA

104

| GET_FIRST_MSG PROCEDURE<br>1 ************************************                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | REGISTER USE:PARAMETERS:PARAMETERS:R0: MSG (RETURNED)R1: SENDER VP (RETURNED)R1: SENDER VP (RETURNED)LOCAL VARIABLESR2: CURRENT VPR2: CURRENT VPR3: FIRST MSGR4: NEXT MSGR5: NEXT FREE MSGR6: PRESENT FREE MSG | ENTRY<br>LD R2, VPT.RUNNING_LIST<br>! REMOVE FIRST MSG FROM MSG_LIST !<br>LD R3, VPT.VP.MSG_LIST(R2) | I * * * DEBUG * * * 1<br>CP R3, #NIL<br>IF EQ THEN<br>IDA R1, \$<br>UALL MONITOR<br>FI<br>I * * END DEBUG * * 1 |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------|
| 33 <b>4</b><br>335<br>335<br>338<br>338<br>349<br>341<br>8<br>341<br>8<br>341<br>8<br>341<br>8<br>341<br>8<br>341<br>8<br>341<br>8<br>341<br>8<br>341<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>8<br>348<br>34 | 352 10 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0                                                                                                                                                                                                                                                                                                   | 355<br>355<br>355<br>355<br>355<br>355<br>355<br>355<br>355<br>355                                   | 366<br>362<br>365<br>365<br>365<br>365<br>365<br>365<br>365<br>365<br>365<br>365                                |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |                                                                                                                                                                                                                                                                                                                                              | 0002 <sup>°</sup><br>001e <sup>°</sup>                                                               | FFF<br>0138<br>0130<br>1300<br>1900                                                                             |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |                                                                                                                                                                                                                                                                                                                                              | 61 <i>0</i> 2<br>6123                                                                                | 0803<br>5801<br>7601<br>5709                                                                                    |
| 811C                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |                                                                                                                                                                                                                                                                                                                                              | 011C<br>3120                                                                                         | 0124<br>0128<br>0128<br>0130<br>0134                                                                            |

| LD R4, VPT.MSG_Q.NEXT_MSG(R3)<br>LD VPT.VP.MSG_LIST(R2), R4 | ! INSERT MESSAGE IN FREELLIST !<br>LD R5, VPT.FREELLIST | NIL<br>ELIST IS<br>TOP OF LIS | T.FREELIS<br>T.MSG_Q.NE             | I INSI<br>E.Q_SEAR                          | CP R5.#NIL<br>IF EQ ! END OF LIST ! THEN<br>EXIT FROM FREE_Q_SEARCH<br>FI | I GET NEXT MSG I<br>LD R6, R5<br>LD R5, VPT.MSG_Q.NEXT_MSG(R6)<br>OD |
|-------------------------------------------------------------|---------------------------------------------------------|-------------------------------|-------------------------------------|---------------------------------------------|---------------------------------------------------------------------------|----------------------------------------------------------------------|
| 368<br>369<br>370                                           | 372<br>373<br>374                                       | 375<br>376<br>377             | 378<br>379                          | 380<br>381<br>382<br>38 <del>4</del><br>385 | 386<br>387<br>388<br>389<br>390                                           | 391<br>392<br>393<br>394<br>394                                      |
| 005 <del>1</del> (<br>001E (                                | 0000                                                    | FFF<br>015Å                   | 0006<br>0094                        |                                             | FFF<br>0166<br>016E                                                       | 6894                                                                 |
| e138 6134<br>0136 6F24                                      | 01 <b>40</b> 6105                                       | 0144 0705<br>0148 5805        | 014C 6703<br>0150 4035<br>0154 7777 |                                             | Ø15A ØBØ5<br>Ø15e 5eøe<br>Ø162 5eøb                                       | Ø166 Å156<br>Ø168 6165<br>Ø166 E876                                  |

÷.... 239a

|            |            |                               |                         |     |     | VP)               |                             |      |     |      |                   |     |     |     |       |  |
|------------|------------|-------------------------------|-------------------------|-----|-----|-------------------|-----------------------------|------|-----|------|-------------------|-----|-----|-----|-------|--|
|            |            |                               |                         |     |     | SENDING VP)       |                             |      |     |      |                   |     |     |     |       |  |
|            | I ISII     | LD VPT.MSG_Q.NEXT_MSG(R6), R3 | VPT.MSG_Q.NEXT_MSG(R3), | Id  |     | MSG INFORMATION ( | LD R1, VPT.MSG_Q.SENDER(R3) | E    |     | RET  | END GET_FIRST_MSG |     |     |     |       |  |
|            |            |                               |                         |     |     |                   |                             |      |     |      |                   |     |     |     | IPAGE |  |
| 396<br>306 | 398<br>398 | 399                           | 400                     | 401 | 402 | 403               | 404                         | 405  | 406 | 407  | 408               | 409 | 410 | 411 | 412   |  |
|            |            | <b>6094</b>                   | 0094                    |     |     |                   | 0092                        | 0600 |     |      |                   |     |     |     |       |  |
|            |            | 6 <b>F</b> 63                 | 6F35                    |     |     |                   | 6131                        | 6130 |     | 9888 |                   |     |     |     |       |  |
| -          |            | <b>16E</b>                    | 0172                    |     |     |                   | 176                         | 017A |     | 178  | 0180              |     |     |     |       |  |
|            |            |                               |                         |     |     |                   |                             |      |     |      |                   |     |     |     |       |  |

- Contraction

| 1.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4. | I INSERTS SCHEDULE VP ID INTO I<br>I RFADY LIST IAW PRIORITY AND I<br>I PUTS IT IN READY STATE. I<br> ************************************ | I REGISTER USE:<br>I PARAMETERS:<br>I R1: SIGNALED VP (INPUT) I<br>I LOCAL VARIABLES<br>I R2: SIG VP.PRI | I R3: PRESENT_VP I<br>I R4: NEXT_VP i<br> ************************************ | · I * * * DEBUG * * * I<br>CP R4, #NIL<br>IF EQ I LIST IS EMPTY ! THEN<br>LD R6, #READY_LIST_EMPTY | LDA R1. \$<br>CALL MONITOR<br>F1<br>I * * END DEBUG * * ! |
|----------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|-----------------------------------------------------------|
| MAKE_READY                             |                                                                                                                                            |                                                                                                          | ENTRY<br>LD                                                                    |                                                                                                    |                                                           |
| <b>413</b><br>414<br>415<br>415        | 417<br>418<br>419<br>420                                                                                                                   | 421<br>422<br>423<br>424<br>425<br>425                                                                   | 426<br>429<br>429<br>429                                                       | 432<br>432<br>435<br>435<br>435                                                                    | <b>436</b><br>437<br>438<br>439                           |
|                                        |                                                                                                                                            |                                                                                                          | 0005 °                                                                         | FFFF<br>0198<br>0003                                                                               | Ø190<br>A900                                              |
|                                        |                                                                                                                                            |                                                                                                          | 6104                                                                           | 0B04<br>5E0E<br>2100                                                                               | 7601<br>5 <b>F00</b>                                      |
| 0180                                   |                                                                                                                                            |                                                                                                          | 0180                                                                           | 0184<br>0188<br>0188                                                                               | 0190<br>0194                                              |

and the second second second

| LD R2, VPT.VP.PRI (R1) | R2, VPT.VP.PRI | > READY | INSERT AT FRONT OF LIST I | P.NEXT RE | VPT.READY LIST. RI | 1   | ELSE I INSERT IN LIST ! |     | READY_LIST_SEARCE: | DO I WHILE NOT END OF LIST I |     | CP R4, #NIL | EQ I IF | XIT FROM READY |     |     | R2, VPT.VP.PRI (R4) | I SIG VP.PR   | XIT FROM READT_LIST_SEARCH | l   |     | GET NE | 05  | LD R4, VPT.VP.NEXT_READY_VP(R3) | 00  |     |        |  |
|------------------------|----------------|---------|---------------------------|-----------|--------------------|-----|-------------------------|-----|--------------------|------------------------------|-----|-------------|---------|----------------|-----|-----|---------------------|---------------|----------------------------|-----|-----|--------|-----|---------------------------------|-----|-----|--------|--|
|                        |                |         |                           |           |                    |     |                         |     |                    |                              |     |             |         |                |     |     |                     |               |                            |     |     |        |     |                                 |     |     | I PAGE |  |
| 440<br>441<br>442      | 443            | 444     | 445                       | 446       | 447                | 448 | 449                     | 450 | 451                | 452                          | 453 | 454         | 455     | 456            | 457 | 458 | 459                 | 460           | 461                        | 462 | 463 | 464    | 465 | 466                             | 467 | 468 | 469    |  |
| 0012°                  | 0012'          | 0180    |                           | 0010      | 0004               |     | Ø1D8°                   |     |                    |                              |     | FFF         | Ø1BC    | Ø1DØ '         |     |     | 61                  | Ø1C8´         | 1D0                        |     |     |        |     | 001C'                           |     |     |        |  |
| 6112                   | 4842           | 5E 02   |                           | 6P14      | 6Fe1               |     | 5808                    |     |                    |                              |     | 0B04        | 5EØE    | SECO           |     |     | 4242                | 5 <b>e</b> 02 | 5 <b>E 0</b> 8             |     |     |        | -   | 6134                            | മ   |     |        |  |
| 0198                   | Ø19C           | 01A0    |                           | 01A4      | 01 A B             |     | ØIAC                    |     |                    |                              |     | -           | 01B4    | -              |     |     | 19                  | 0100          | 10                         |     |     |        | 5   | 01CA                            | 5   |     |        |  |

. . . . . . . .

| I INSERT SIG_VP IN LIST I | LD VPT.VP.NEXT_READY_VP(R1), R4 | VPT.VP.NEXT_READT_VP(R3), |     | 14  |     | I CHANGE STATE TO READY I | LD VPT.YP.STATE(R1), #READY |      |     | RET   |     |     | END MAKE READY | I PAGE |
|---------------------------|---------------------------------|---------------------------|-----|-----|-----|---------------------------|-----------------------------|------|-----|-------|-----|-----|----------------|--------|
| 470<br>471<br>472         | 473                             | 474                       | 475 | 476 | 477 | 478                       | 479                         |      | 480 | 401   | 482 | 483 |                |        |
|                           | 001C <sup>°</sup>               | 001C <sup>°</sup>         |     |     |     |                           | 6014                        |      |     |       |     |     |                |        |
|                           | 6714                            | 6731                      |     |     |     |                           | 4D15                        | 0001 |     | 98036 |     |     |                |        |
| -                         |                                 | 01D4                      |     |     |     |                           |                             | ØIDC |     | ØIDE  |     |     | 01E0           |        |

والارتجارية

110

44.

CALL SPIN\_LOCK ! (R4: VPT.LOCK) ! ! NOTE: RETURNS WEEN VPT IS LOCKED BY THIS VP. I LOCAL VARIABLES I R2: CURRENT VP (RUNNING) I R3: NEXT READY VP R4: LOCK ADDRESS |\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* \* \* \* INNER TRAFFIC CONTROL ENTRY POINTS \*\*\*\*\*\*\*\* INTRA\_KERNEL SYNC/COM PRIMATIVE I INVOLED BY KERNEL PROCESSES \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* R14: DBR (PARAM TO GETWORK) RØ: SIGNALED\_MSG (RETURN) R1: SENDING VP (RETURN) GLOBAL VARIABLES R4, VPT.LOCK SPIN\_LQCK 1 HARDWARE\_PREEMPT LABEL PARAMETERS TTV PROCEDURE \$SECTION GLB\_PROC I LOCK CALL LDA ENTRY GLOBAL TIAU 488 490 490 186 187 500 502 504 505 505 508 508 508 510 512 512 513 **1**91 501 0000° 0150° 7604 5700 0304 0000 0000

THEN RO, #READY\_LIST\_EMPTY ¥ ¥ I CUARENT VP'S MSG LIST IS EMPTY VPT.READY\_LIST, R3 VPT.VP.NEXT\_READY\_VP(R2), #NIL \* \* I \* \* \* END DEBUG \* \* ٩P REMOVE CURRENT\_VP FROM READY\_LIST R2, VPT.RUNNING\_LIST R3, VPT.VP.NEXT\_READY\_VP(R2) I SCHEDULE FIRST ELGIBLE READY CALL GETWORK I(R14: DBR) I \* \* \* \* DEBUC \* I PUT IT IN WAITING STATE I LD VPT.VP.STATE(R2), #WAITING VPT.VP.MSG\_LIST(R2), #NIL CP R3, #NIL IF EQ THEN LDA RI, \$ CALL MONITOR LD R14, VPT.VP.DBR(R2) . EDV EDV I SET DBR 1 22 IF EQ 33 СP **I PAGE** 540 541 542 542 542 542 515 515 516 517 518 53**4** 535 536 537 538 539 519 520 0002° 9010° 0014 ' 0028 0028 0026 0026 000**4** ' 001C ' 001E' 0000 0046 0010, FFF 4D25 0002 61*0*2 6123 ØBØ3 5BØE 2100 6703 4025 777 612E FFF 5E0E 5F00 4D21 7601 0042 5P00 9000 9000 ØØJE 00100 0032 0036 0014 0016 0036 003C **A100** 001E 0022 002E 0020 002A

and the second second

|               |                    |             | 545<br>546<br>547 1 | I GET FIRST MSG ON CURRENT (MAYBE NEW) VP'S MSG LIST I |
|---------------|--------------------|-------------|---------------------|--------------------------------------------------------|
| 9 <b>84</b> 6 | 0 <b>04</b> 6 5700 | <b>611C</b> |                     | CALL GET_FIRST_MSG   RETURNS R0:MSG, R1:SENDER_VP      |
|               |                    |             | 550                 | I UNLOCK VPT I                                         |
| 004A          | 4D08               | ,0000       | 551                 | CLR VPT.LOCK                                           |
|               |                    |             | 552                 |                                                        |
|               |                    |             | 553                 | I RETURN: R0:MSG, R1:SENDER_VP I                       |
| 004E          | 98 <b>9</b> 8      |             | 554                 | RET                                                    |
| 0050          |                    |             | 555                 | END WALT                                               |
|               |                    |             | 556                 |                                                        |
|               |                    |             |                     | 1 PAGE                                                 |

| 6050<br>6050<br>559<br>560<br>561<br>556<br>566<br>566<br>566<br>566<br>566<br>566<br>566<br>566 | SIGNAL PROCEDURE<br>INTRA KERNEL STNC /COM PRIMATIVE I<br>INTRA KERNEL STNC /COM PRIMATIVE I<br>INVOKED BY KERNEL PROCESSES<br>I RUSSAGE (INPUT)<br>REGISTER USE:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETERS:<br>RAAMBETE |
|--------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 287                                                                                              | I VAKE IT UP AND MAKE IT READY !                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| 9066 5700 0180 589                                                                               | Call Make Ready I (R1: Signaled VP)) !                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |

and the second

|                                   |                         |              |      |     |     |                        |     | -                                   |                             |     |     |                |              |     |              |            |        |
|-----------------------------------|-------------------------|--------------|------|-----|-----|------------------------|-----|-------------------------------------|-----------------------------|-----|-----|----------------|--------------|-----|--------------|------------|--------|
| I PUT CULABNT VP IN READY STATE I | LD R2, VPT.RUNNING LIST |              |      |     |     | LD R14, VPT.VP.DBR(R2) |     | I SCHEDULE FIRST ELGIBLE READY VP I | CALL GETWORK ! (R14: DBR) ! | 14  |     | I UNLOCK VPT I | CLR VPT.LOCK |     | RET          | END SIGNAL | I PAGE |
| 590<br>591                        | 592                     | 593          |      | 594 | 595 | 596                    | 597 | 598                                 | 599                         | 600 | 601 | 602            | 603          | 604 | 605          |            |        |
|                                   | 0062                    | 0014         |      |     |     | 0010 '                 |     |                                     | 0000                        |     |     |                | ,0003        |     |              |            |        |
|                                   | 6102                    | <b>4</b> 025 | 6001 |     |     | 0074 612E              |     |                                     | 5 <b>700</b>                |     |     |                | 007C 4D08    |     | 9 <b>608</b> |            |        |
|                                   | BBBA                    | <b>006e</b>  | 0072 |     |     | 0074                   |     |                                     | 0078                        |     |     |                | 007C         |     | 0000         | 0082       |        |

22.54

a set and a set of the set of the set of the set

115

- CONTRACTOR NO

| SET_PRERMPT PROCEDURE<br> ++++++++++++++++++++++++++++++++++++ | I REGISTER USE:<br>I PARAMETERS:<br>I R1:TARGET VP ID<br>I LOCAL VARIÀBLES<br>I R1: VP INDEX<br>I R1: VP INDEX | L SE L                   | R BLI                           | D VPT.VP.PREEMPT(R1), #0)<br>Arget VP Not Local (not conne<br>< <pre>conne freempt int</pre> | RET<br>END SET_PREEMPT<br>IPAGE |
|----------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------|--------------------------|---------------------------------|----------------------------------------------------------------------------------------------|---------------------------------|
| 608<br>610<br>613<br>613<br>613<br>613<br>613                  | 616<br>617<br>618<br>619<br>620<br>621                                                                         | 622<br>624<br>625<br>625 | 629<br>628<br>629<br>630<br>630 | 632<br>633<br>634<br>635<br>635<br>636<br>635                                                |                                 |
|                                                                |                                                                                                                |                          | 0020                            | 0018 (                                                                                       |                                 |
|                                                                |                                                                                                                |                          | BD00<br>1900                    | <b>FFF</b>                                                                                   | 9 <b>8 0</b> 8                  |
| 0085                                                           |                                                                                                                |                          | 0084<br>0084                    | 0068<br>0080                                                                                 | 1800<br>1800                    |

116

1.14

|            |      |     | DLE D | I CURRENT VP. CALLED BY I | 0   |     | I REGISTER USE | <b></b> |     | н   | I R2: CURRENT_VP I | TEMP | VPT.L | I B5: TEMP I | · ********************************* | ENTRY | I LOCK VPT I |      | L SPIN LOCK I (R4: VPT.LOCK) |     |     | I GET CURRENT VP I | LD R2, VPT.RUNNING LIST |     | SET DRR 1 | LD R14, VPT.VP.DBR(R2) |  |
|------------|------|-----|-------|---------------------------|-----|-----|----------------|---------|-----|-----|--------------------|------|-------|--------------|-------------------------------------|-------|--------------|------|------------------------------|-----|-----|--------------------|-------------------------|-----|-----------|------------------------|--|
| 641<br>642 | 643  | 644 | 645   | 646                       | 647 | 648 | 649            | 650     | 651 | 652 | 653                | 654  | 655   | 656          | 657                                 | 658   | 659          | 660  | 661                          | 662 | 663 | 664                | 665                     | 666 | 667       | 668                    |  |
|            |      |     |       |                           |     |     |                |         |     |     |                    |      |       |              |                                     |       |              | 0000 | 0150                         |     |     |                    | 0002                    |     |           | 3010                   |  |
|            |      |     |       |                           |     |     |                |         |     |     |                    |      |       |              |                                     |       |              | 7604 | 57 60                        |     |     |                    | 6192                    |     |           | 612E                   |  |
|            | 0600 |     |       |                           |     |     |                |         |     |     |                    |      |       |              |                                     |       |              |      | 0094                         |     |     |                    | 0098                    |     |           | 0600                   |  |

|--|

**F** 

| SWAP_VDBR PROCEDURE<br>1 ************************************          | REGISTER USEPARAMETERSR1: NEW DBR (INPUT)R1: NEW DBR (INPUT)GLOBAL VÄRIABLESIR14: DBRILOCAL VARIABLESIR2: CUÄRENT VPIR4: VPT.LOCK ADDR*********************************** | ENTRY<br>I LOCK VPT I<br>LDA R4, VPT.LOCK<br>CALL SPIN_LOCK I (R4: VPT.LOCK) I<br>I NOTE: RETURNS WHEN VPT S LOCKED BY THIS VP. | I GET CURRENT VP I<br>LD R2, VPT.RUNNING_LIST<br>I * * * DEBUG * * * I<br>CP VPT.VP.MSG_LIST(R2), #NIL | IF NE ! MSG WAITING ! THEN<br>LD R0, #SWAP_NOT_ALLOVED<br>LDA R1, \$ !PC!<br>CALL MONITOR<br>FI<br>I * * END DEBUG * * ! |
|------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|
| 600<br>600<br>600<br>600<br>600<br>600<br>600<br>70<br>600<br>700<br>7 | 698<br>6998<br>7001<br>7002<br>7003<br>7003<br>7003<br>7003<br>7003<br>7003<br>7003                                                                                       | 707<br>708<br>710<br>711                                                                                                        | 715<br>715<br>715<br>716                                                                               | 718<br>719<br>720<br>721<br>722<br>723                                                                                   |
|                                                                        |                                                                                                                                                                           | 8660 (<br>0150 (                                                                                                                | 001E°                                                                                                  | 0054<br>0005<br>0000<br>1900                                                                                             |
|                                                                        |                                                                                                                                                                           | 7604<br>51 00                                                                                                                   | 61 <i>0</i> 2<br>4D21                                                                                  | 55606<br>57601<br>5700                                                                                                   |
| 0 0 C S                                                                |                                                                                                                                                                           | 00C2<br>00C6                                                                                                                    |                                                                                                        | 6600<br>6600<br>6600<br>6600<br>6600<br>6600<br>6600<br>660                                                              |

-----

| I SET DBR I        | LD R14, VPT.VP.DBR(R2) | I LOAD NEW DBR ON CURRENT VP I | LD VPT.VP.DBR(R2), R1 |     | I TURN OFF IDLE FLAG I | LD VPT.VP.IDLE FLAG(R2). #OFF |      |     | I SET VP TO READY STATE I | LD VPT.VP.STATE(R2). #READT | •    |     | I SCHEDULE FIRST ELGIBLE READY VP I | CALL GETWORK I (R14:DBR) I |     | I UNLOCK VPT ! | CLR VPT.LOCK | -   | RET           | END SWAP_VDBR | I P A G E |
|--------------------|------------------------|--------------------------------|-----------------------|-----|------------------------|-------------------------------|------|-----|---------------------------|-----------------------------|------|-----|-------------------------------------|----------------------------|-----|----------------|--------------|-----|---------------|---------------|-----------|
| 72 <b>4</b><br>725 | 726<br>727             | 728                            | 729                   | 730 | 731                    | 732                           |      | 733 | 734                       | 735                         |      | 736 | 737                                 | 738                        | 739 | 740            | 741          | 742 | 743           | 744           | 745       |
|                    | e010´                  | •                              | 0010                  |     |                        | 0016                          |      |     |                           | 0014                        |      |     |                                     | 0000                       |     |                | 0000         |     |               |               |           |
|                    | 612E                   |                                | 6 <b>F</b> 21         |     |                        | <b>4</b> D25                  | 0000 |     |                           |                             | 0001 |     |                                     | 5700                       |     |                | 4D 08        |     | 9 <b>e</b> 08 |               |           |
|                    | 00E4 612E              |                                | 00eb                  |     |                        | COEC                          | 00F0 |     |                           | 00F2                        | 0076 |     |                                     | 00F8                       |     |                | ØØFC         |     | 0100          | 0102          |           |

With Start Lighter T

|            | TEST_PREEMPT PROCEDURE<br>1 #################################### | DR P<br>D HA | LAG IS SET.<br>KED HPON EVERI | I KERNEL. | J REGISTER USE | ARIABL |     | VP<br>***  | ENTRY | ST FL | DO TI WEILE CURRENT VP'S PREEMPT FLAG IS ON ! |     | TATEMENTS MAY NOT BE RACE FREE. | MAY BE REQUIRED HERE FOR | I GET CURRENT VP I | . VPT.RU | I TEST PREEMPT INTERRUPT FLAG I | R1. VPT.VP.PREEMPT(R2) | 81, #ÓFF | EQ I PREEMI | EXIT FROM TEST_FLAG |            | I *** VIRTUAL PREEMPT HANDLER *** I | FE SEQUEN | ED.        |   |
|------------|------------------------------------------------------------------|--------------|-------------------------------|-----------|----------------|--------|-----|------------|-------|-------|-----------------------------------------------|-----|---------------------------------|--------------------------|--------------------|----------|---------------------------------|------------------------|----------|-------------|---------------------|------------|-------------------------------------|-----------|------------|---|
| 746<br>747 | 746<br>749                                                       | 750<br>751   | 752                           | 754       | 755<br>756     | 757    | 758 | 759<br>760 | 761   | 762   | 763                                           | 764 | 292                             | 766<br>767               | 768                | 769      | 221                             | 772                    | 773      | 774         | 275                 | 776<br>777 | 778                                 | 627       | 780<br>781 | • |
|            |                                                                  |              |                               |           |                |        |     |            |       |       |                                               |     |                                 |                          |                    | 0002     |                                 | <b>C018</b>            | 0000     | 0116'       | 0122                |            |                                     |           |            |   |
|            |                                                                  |              |                               |           |                |        |     |            |       |       |                                               |     |                                 |                          |                    | 6102     |                                 | 6121                   | 0B01     | 5eøe        | 5eøe                |            |                                     |           |            |   |
|            | 0102                                                             |              |                               |           |                |        |     |            |       |       |                                               |     |                                 |                          |                    | 0102     |                                 | Ø1Ø6                   | 0101     | 010E        | 0112                |            |                                     |           |            |   |

|                   |                      |       | 762 | I RESET PREMPT FLAG !                                   |
|-------------------|----------------------|-------|-----|---------------------------------------------------------|
| 0116 41<br>0111 0 | <b>4</b> D25<br>0000 | 0018' | 783 | LD VPT.VP.PREEMPT(R2), #OFF                             |
|                   |                      |       | 784 |                                                         |
|                   |                      |       | 785 | I SIMULATE PREEMPT INTERRUPT I                          |
| Ø11C 5            | 5F 00                | A828  | 786 | CALL TC PREEMPT HANDLER                                 |
|                   |                      |       | 787 | I ** NOTE: THIS JUMP TO AN UPPER LEVEL (TRAFFIC CONTROL |
|                   |                      |       | 788 | IS USED ONLY IN THE CASE OF A PREEMPT INTERRUPT.        |
|                   |                      |       | 789 | AND SIMULATES A HARDWARE INTERRUPT. ** 1                |
|                   |                      |       | 966 |                                                         |
|                   |                      |       | 791 | *** END VIRTUAL PREEMPT HANDLER ***                     |
|                   |                      |       | 792 |                                                         |
| Ø120 B(           | B6F0                 |       | 793 | 00                                                      |
|                   |                      |       | 794 |                                                         |
|                   |                      |       | 795 | I RETURN TO GATEKEEPER !                                |
| 0122 9]           | 98036                |       | 796 | RET                                                     |
|                   |                      |       | 797 |                                                         |
| 0124              |                      |       | 798 | END TEST_PREMPT                                         |
|                   |                      |       |     | IPAGE                                                   |

122

ALCONTRACTOR

| PROCEDURE<br> ++++++++++++++++++++++++++++++++++++                                          | I REGISTER USE<br>PARAMETERS<br>R1: VP ID (RETURNED)<br>I LOCAL VÅRIABLES<br>RØ: DIVIDEND<br>RØ: REMAINDER | 0001 ENT<br>##########<br>LOCK         | ND                | PT.KUNNI<br>0<br>INDEX TO             | #SIZEOF VP_ |
|---------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------|----------------------------------------|-------------------|---------------------------------------|-------------|
| RUNNING_PP                                                                                  |                                                                                                            | ENTRY<br>I LOCK V<br>LDA               | L<br>OTE          | LU KI V<br>LDK R0, #(<br>I CONVERT VP | DIU         |
| 8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8 | 800<br>800<br>800<br>810<br>810<br>810<br>810<br>810<br>810<br>810                                         | 813<br>814<br>815<br>815<br>817<br>817 | 818<br>819<br>820 | 822<br>822<br>823<br>824              | 825<br>826  |
|                                                                                             |                                                                                                            | , 0000                                 | 0150              | 2999                                  | 0020        |
|                                                                                             |                                                                                                            | 76 <u>04</u>                           | 5700              | BD00                                  | 1B60        |
| 0124                                                                                        |                                                                                                            |                                        |                   | 0130<br>0130                          | 0132 1B60   |

|      |       |               | 827        |          |                        |      |
|------|-------|---------------|------------|----------|------------------------|------|
|      |       |               | 828        |          |                        |      |
| -    |       | 0000          | 829        |          |                        |      |
|      |       | 014Å          | 830        |          | DER <> 0 1             | THEN |
|      |       | 0006          | 831        |          | LD RØ, #VP_INDEX_ERROR |      |
| 0142 | 7601  | 0142          | 832        |          | LDA R1, \$             |      |
|      |       | <b>9</b> 06 V | <b>833</b> |          | CALL MONITOR           |      |
|      |       |               | 634        |          | 14                     |      |
|      |       |               | 835        |          |                        |      |
|      |       |               | 836        |          | i + + 500 DEB0C + + i  |      |
| 014A | 4D08  | 0000          | 837        | CLR      | VPT.LOCK               |      |
|      |       |               | 838        |          |                        |      |
|      | 98 86 |               | 839        | RET      |                        |      |
| 0150 |       |               | <b>640</b> | END RUNN | (NG_VP                 |      |
|      |       |               | 841        |          | 1                      |      |
|      |       |               | 842        |          |                        |      |
|      |       |               | 643        | I PAGE   |                        |      |
|      |       |               |            |          |                        |      |

e al

AND DESCRIPTION OF THE

| SPIN_LOCK PROCEDURE<br>  ************************************                                    | T ONE<br>LOCK<br>* * *   | F NE ! NO<br>F NE ! NO<br>LDA R1,<br>LDA R1,<br>CALL MONI          | TE PLZ / ASM MA<br>DRE LOCKED 1<br>ZE PLZ / ASM MA<br>OR RESTRICTIO<br>SE OF TSET . * |               |
|--------------------------------------------------------------------------------------------------|--------------------------|--------------------------------------------------------------------|---------------------------------------------------------------------------------------|---------------|
| 8<br>8<br>7<br>7<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8<br>8 | 857<br>856<br>859<br>863 | 865<br>865<br>865<br>865<br>865<br>865<br>865<br>865<br>865<br>865 | 800<br>868<br>878<br>871<br>873<br>873<br>873                                         |               |
|                                                                                                  | 0000                     | 0164<br>0000<br>0150<br>0900                                       |                                                                                       |               |
|                                                                                                  | 0141                     | 51 00<br>51 00<br>51 00                                            | ØD46<br>E5FE                                                                          | 91 <i>0</i> 8 |
| 0150                                                                                             | 5                        | 0158<br>0158<br>0158<br>0158<br>0160                               | 0164<br>0166                                                                          | Ø168<br>Ø16A  |

NT

ZE000ASM 2.02 Loc OBJ CODE

STMT SOURCE STATEMENT

TRAFFIC\_CONTROL MODULE 

I VERS 4 

CONSTANT I ########## SUCCESS CODES ######### ADVANCED := 0 := 1 := 1 EVENT\_NOT\_FOUND

1 \*\*\*\*\*\*\*\*\* DEBUG CODES \*\*\*\*\*\*\*\*\*
BLOCKED LIST ERROR := 0
READY LIST EAROR := 1
READY LIST EAROR := 2
RUNNING\_LIST\_EAROR := 2

126

I \*\*\*\*\*\*\* STSTEM PARAMETERS \*\*\*\*\*\*\* :=64 4= : 4 NR\_PROCESSES NR\_MMU\_REG NR\_VP\_\_\_\_\_ NR\_AVAIL\_VP STACK\_SEG\_SIZE STACK\_SEG\_SIZE

OF STACK) \* \* ! := STACK\_SEG\_SIZE-%1E \* OFFSETS (FROM TOP PROCESS\_ID # -

:=%100

2≞:

:=1

APPENDIX B

######## SISUSIEW CONSISWITS ######## \*\*\*\*\*\*\* IIMP PROCEDURE DEFS \*\*\*\*\*\* -I BEUG ENTRY XA898 XA86C XA310 XA818 XA818 I (JUMP TABLE.4) ITC SET PREMPT := 9 ITC SWAP VDBR := 9 ITC IDLE := 1 ITC RUNNING VP := 9 MONITOR := %A902 l Xfff t= XDDDD t= XFFF INVALID:= XEBEE ---5 BLOCKED:= 2 IDLE := X NIL := X \$ 11 11 11 •• 11 u ll EVENT R := EVENT W := RUNNING:= READY := u TRUE FALSE OFF NO **IPAGE** -

Vinter Black

1.1.1

|           |             |        |                     | VORD                  | VORD  |   | ARRAY [5 VORD] |        |                 | DDRE  | NTEGE | NTEG ER | P_POINTE | 4  | VENT_ |    |      | ORD      | WORD<br>A PRAV [A WADD] | 2        |            |        |            | [6 WORD] |    |
|-----------|-------------|--------|---------------------|-----------------------|-------|---|----------------|--------|-----------------|-------|-------|---------|----------|----|-------|----|------|----------|-------------------------|----------|------------|--------|------------|----------|----|
|           | POINTER VOR | DDRESS | DECORD TARTE DECORD | T RANDLE              | EVENT | U | 3              | ,<br>, | AP_TABLE RECORD | [ DBR | PRI   |         | E-1      | Ę  | Z     |    | LE R | ASE_ADDR | ATTRIBUTES              | ar - + + | TABLE RECO | STE_NO | CLASS WORD | ILLER_4  |    |
| 5 0<br>10 | 51          | 25     | 50                  | 1<br>2<br>2<br>1<br>2 | 50    | 5 | 58             | 59     | 60              | 61    | 62    | 63      | 64       | 50 | 66    | 67 | 68   | 69       | 20                      | 10       | 23<br>23   | 74     | 75         | 76       | 27 |

A 4113 -----

| WORD                                                                         |               | LNR_AVAIL_VP WORDJ |                   |          |            | VORD           | WORD | RUNNING_ARRAY | VORD       |              | ARRAY [2 WORD] | OCES     |    | EG MMU_TABLE]                           |     | [NR.PROCESSES*NR_MMU_REG GAS_TABLE] |     |        |
|------------------------------------------------------------------------------|---------------|--------------------|-------------------|----------|------------|----------------|------|---------------|------------|--------------|----------------|----------|----|-----------------------------------------|-----|-------------------------------------|-----|--------|
| GAS TABLE RECORD<br>[ GAST_LOCK<br>EVENT_1 WORD<br>EVENT_2 WORD<br>TCKT WORD | FILLER_5 ARA  |                    | \$SECTION TC_DATA | TVNV&TNT | APT RECORD | [ SUCCESS_CODE | TOCK | RUNNING_LIST  | READY_LIST | BLOCKED_LIST | FILLER         | AP ARRAY |    | <b>IST ARRAT [NR_MMU_REG MMU_TABLE]</b> |     | GAST ARRAY [NR_PROC]                |     | 1 PAGE |
| 79<br>86<br>81<br>82                                                         | 88<br>84<br>8 | 85<br>86           | 89                | 000      | 96         | 91             | 92   | 93            | <b>94</b>  | 95           | 96             | 6        | 96 | 66                                      | 100 | 101                                 | 201 | 103    |

and the second s

AND AND ALLANG

0090 0490

\*: .t5¥

| 0000      |       |                   | SECTION TC_INT_PROC<br>GETWORE PROCEDURE                         |  |
|-----------|-------|-------------------|------------------------------------------------------------------|--|
|           |       | 107<br>108<br>109 | I LOADS NEXT READY DBR I<br>I ON CURRENT VP.                     |  |
|           |       | 111<br>112<br>112 | ************************************                             |  |
|           |       | 113               | R1: CURRE<br>LOCAL VAR                                           |  |
|           |       | 116               | 1 KZ: NBAT AF<br>1 R3: VP PTR<br>1 **************                |  |
|           |       | 118               | ENTRY                                                            |  |
| 0000 6102 | 0068  | 119               | R2. APT                                                          |  |
|           |       | 120               | READT AP SEARCH:<br>Do 7 While Not (End List or readt process) ! |  |
|           |       | 122               |                                                                  |  |
| 0008 5805 | 30    | 123               | EQ 1 IF NO B                                                     |  |
|           |       | 125               | EALT FROM REAULAP_SEARCH<br>FI                                   |  |
|           | 0014° | 126               | CP APT.AP.STATE(R2), #READY                                      |  |
| 0016 5E0E | 00    | 128               |                                                                  |  |
|           | 0026  | 129<br>130        | EXIT FROM READY AP SEARCH                                        |  |

CP R2,#NIL IF EQ I IF NO PROCESSES READY I THEN I LOAD IDLE PROCESS I LD APT.RUNNING\_LIST(R1), #IDLE I LOAD FIRST READY AP 1 LD APT.RUNNING LIST(R1), R2 LD APT.AP.STATE(R2), #RUNNING LD R1, APT.AP.DBR(R2) CALL ITC\_SWAP\_VDER 1(R1:DBR)1 NEXT READY AP 1 R3, APT.AP.NEXT\_AP(R2) R2, R3 CALL ITC\_IDLE ELSE I GET END GETWORK ,33<sub>8</sub> F1 RET I PAGE 131 132 132 135 135 135 135 135 135 135 135 135 141 142 142 144 145 158 158 158 158 158 158 158 0016° FFFF 003C 0004 ' 0004 0014 A810 004e ' 0010° A80C 6123 A132 Eeef 0B02 5E0E 4015 5700 5208 6712 4025 0000 6121 5700 98 98 001E 0022 0024 0026 0028 0028 0032 0034 0034 0038 003C 0040 0044 0046 0046 **004e** 0050

٠.

131

No. of Contraction of Contraction

| TC_PREEMPT_HANDLER PROCEDURE<br>1 + + + + + + + + + + + + + + + + + + + | ENTRY<br>1** CALL WAIT_LOCK (APT^.LOCK) **!<br>1** RETURNS WHEN PROCESS HAS LOCKED APT **! | ! GET RUNNING_VP ID !<br>Call itc_running_vp !(retuans: A1:VP_ID)! | I GET AP I<br>LD R2, APT.RUNNING_LIST(R1) | I IP NOT AN IDLE PROCESS, SET IT TO READY I<br>CP R2, #IDLE |               | F1   | I LOAD FIRST READY PROCESS I<br>CALL GETWORK !(R1: VP_ID)! |
|-------------------------------------------------------------------------|--------------------------------------------------------------------------------------------|--------------------------------------------------------------------|-------------------------------------------|-------------------------------------------------------------|---------------|------|------------------------------------------------------------|
| 155<br>155<br>155<br>155<br>155<br>166<br>166<br>166<br>166<br>166      | 165<br>166<br>167                                                                          | 168<br>169<br>170                                                  | 172                                       | 175                                                         | 177<br>178    | 179  | 180<br>181<br>182                                          |
|                                                                         |                                                                                            | <b>A818</b>                                                        | 0004 °                                    | DDD                                                         | 0066<br>0014  |      | 0000                                                       |
|                                                                         |                                                                                            | 5F 00                                                              | 6112                                      | <b>3</b> B02                                                | 5E 06<br>4125 | 0001 | 0066 SF00                                                  |
| 00<br>00<br>00                                                          |                                                                                            | 0050                                                               | 0054 6112                                 | 0058                                                        |               | 0064 | 0066                                                       |

and the second second

La la companya da serena da se

| APT **                                                                                                                      |                               |                     |
|-----------------------------------------------------------------------------------------------------------------------------|-------------------------------|---------------------|
| 1** CALL WAIT_UNLOCK (APT^.LOCK) **!<br>1** Returns when process bas unlocked APT **!<br>1** And Advanced on this event **! | RET<br>End tc_preempt_bandler | END TRAFFIC_CONTROL |
|                                                                                                                             | EN                            | END T               |
| 184<br>185<br>185                                                                                                           | 187<br>188<br>189             | 161                 |
|                                                                                                                             | 98916                         |                     |
|                                                                                                                             | 006A<br>006C                  |                     |

Ø errors Assembly complete

## APPENDIX C

ADVANCE Procedure (HANDLE, INSTANCE) Begin Call WAIT\_LOCK (APT) 1 wake up 1 **PROCESS := EVENT\_LIST\_HEAD (HANDLE, INSTANCE)** COUNT := MM\_ADVANCE\_COUNT (HANDLE, INSTANCE) ! make ready ! Do while not end of READY LIST If PROCESS.COUNT <= COUNT THEN Call MAKE\_READY end if end do I initialize preempt array I Do for VP\_ID = 1 TO #NR\_VP RUNNING\_LIST [VP\_ID].PREEMPT := #TRUE end do I find preempt candidates ! CANDIDATES := @ PROCESS := READY\_LIST\_HEAD Do (for VP\_ID := 1 to #NR\_VP) and not end READY\_LIST If PROCESS = #RUNNING THEN RUNNING\_LIST [VP\_ID].PREEMPT := #FALSE else CANDIDATE := CANDIDATE +1 end if Get next ready process end do

```
! preempt candidates !
Do for VP_ID := 1 to CANDIDATES
If RUNNING_VP [VP_ID] = #TRUE Then
Call SET_VPREEMPT (VP_ID)
end if
end do
Call WAIT_UNLOCK (APT)
Return
End ADVANCE
```

en în

star .... The base

AWAIT Procedure (HANDLE, INSTANCE, COUNT) Begin Call WAIT\_LOCK (APT) VP\_ID := RUNNING\_VP PROCESS := RUNNING\_LIST [VP\_ID] CURRENT\_COUNT := MM\_READ\_COUNT (HANDLE, INSTANCE) If CURRENT\_COUNT < COUNT Then Call THREAD\_BLOCKED\_LIST (HANDLE, INSTANCE, PROCESS) PROCESS.HANDLE := HANDLE PROCESS.INSTANCE := INSTANCE PROCESS.COUNT := COUNT PROCESS.STATE := #BLOCKED

Call TC\_GETWORK end if

Return

End AWAIT

1 - 100 at

136

## LIST OF REFERENCES

- 1. Coleman, A. A., <u>Security Kernel Design for a</u> <u>Microprocessor-based Multilevel Archival Storage</u> <u>System</u>, MS Thesis, Naval Postgraduate School, December 1979.
- Parks, E. J., <u>The Design of a Secure File Storage</u> <u>System</u>, MS Thesis, Naval Postgraduate School, December 1979.
- 3. Moore, E. E. and Gary, A. V., <u>The Design and</u> <u>Implementation of the Memory Manager for a Secure</u> <u>Archival Storage System</u>, MS Thesis, Naval Postgraduate School, June 1980.
- 4. O'Connell, J. S., and Richardson, L. D., <u>Distributed</u> <u>Secure Design for a Multi-Microprocessor Operating</u> <u>System</u>, MS Thesis, Naval Postgraduae School, June 1979.
- 5. Schell, LTCOL R. R., <u>Security Kernels: A Methodical</u> <u>Design of System Security</u>, USE Technical Papers (Spring Conference, 1979). pp. 245-250, March 1979.
- 6. Schiller, W. L., <u>The Design and Specification of</u> <u>a Security Kernel for the PDP-11/45</u>. ESD-TR-75-69, The MITRE Corporation, Bedford, Mass., May 1975.
- 7. Lampson, B. W., <u>Protection</u>, Proc. Fifth Princeton Symposium on Information Sciences and Systems, Princeton U., March 1971, pp. 437-443.
- 8. Dijkstra, E. W., "The Structure of the 'THE' Multiprogramming System", <u>Communications of the ACM</u>, v. 11, p. 341-346, May 1968.
- 9. Madnick, S. F. and Donovon, J. J., <u>Operating</u> <u>Systems</u>, McGraw Hill, 1974.

137

and the second second

- Saltzer, J. H., <u>Traffic Control in a Multiplexed</u> <u>Computer System</u>, Ph.D. Thesis, Massachusetts Institute of Technology, July 1966.
- Reed, D. P., and Kanoda, R. K., "Synchronization with Eventcounts and Sequencers", <u>Communications of</u> <u>the ACM</u>, V. 22, No. 2, February 1979, p. 115-123.
- 12. Reed, D. P., <u>Processor Multiplexing in a Layered</u> <u>Operating System</u>, MS, Massachusetts Institute of Technology, MIT/LCS/TR-164, 1976.
- 13. Jensen, R. W., and Tonies, C. C., <u>Software Enginerring</u>, Prentice-Hall, Inc., 1979.
- 14. Dijkstra, F. W., "The Humble Programmer", <u>Communications</u> of the ACM, V. 15, No. 10, p. 859-866, October 1972.
- 15. Schroeder, M. D., Clark, D. D., and Saltzer, J. H., <u>The Multics Kernel Design Project</u>, Paper presented at ACM Symposium, November, 1977.
- Schroeder, M. D., "A Hardware Architecture for Implementating Protection Rings", <u>Communications of</u> <u>the ACM</u>, V. 15, No. 3, p. 157-170, March 1972.
- 17. Peuto, B. L., "Architecture of a New Microprocessor", <u>Computer</u> V. 12, No. 2, p. 10-20, February 1979.
- 18. Organick, E. I., <u>The Multics System: An Examination of</u> <u>its Structure</u>, MIT Press, 1972.
- 19. Wasson, W.J., <u>Detailed Design of the Kernel of</u> <u>Real-time Multiprocessor Operatiing System</u>, MS Thesis, Naval Postgraduate School, June 1980.

1.50

## INITIAL DISTRIBUTION LIST

| •        |                                               | No. Copies |
|----------|-----------------------------------------------|------------|
| 1.       |                                               | 2          |
|          | Cameron Station<br>Alexandria, Virginia 22314 |            |
|          | vicronalia, Alikinia crota                    |            |
| 2.       | Library, Code Ø142                            | 2          |
| -        | Naval Postgraduate School                     |            |
|          | Monterey, Ĉalifornia 93940                    |            |
| _        |                                               | -          |
| 3.       |                                               | 2          |
|          | Department of Computer Science                |            |
|          | Naval Postgraduate School                     |            |
|          | Monterey, California 93940                    |            |
| 4.       | Prof. Lyle A. Cox, Jr., Code 52C1             | 4          |
| <b>4</b> | Department of Computer Science                | *          |
|          | Naval Postgraduate School                     |            |
|          | Monterey, California 93940                    |            |
|          | •                                             |            |
| 5.       | LTCOL Roger R. Schell, Code 52Sj              | 5          |
|          | Department of Computer Science                |            |
|          | Naval Postgraduate School                     |            |
|          | Monterey, California 93940                    |            |
| 6.       | Joel Trimble, Code 221                        | 1          |
| ••       | Office of Naval Research                      | •          |
|          | 800 North Quincy                              |            |
|          | Arlington, Virginia 22217                     |            |
|          | -                                             |            |
| 7.       | LT Alan V. Gary                               | 1          |
|          | 3320 W. Epler Ave.                            |            |
|          | Indianapolis, Indiana 46217                   |            |
| 8.       | LCDR Edmund E. Moore                          | 1          |
| ۰.       | NAVELEISIS COM                                | 1          |
|          | PME 107                                       |            |
|          | Washington, D.C. 20360                        |            |
|          |                                               |            |
| 9.       | CAPT John L. Ross                             | 1          |
|          | 107 Headon St.                                |            |
|          | Weatherford, Texas 76086                      |            |
| 10.      | LT Hal R. Powell                              | •          |
| 1 C •    | 1295 Heatherstone Way                         | 1          |
|          | Sunnyvale, California 94087                   |            |
|          | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~       |            |

139

-----

the last

A Marriela

| 11. | Office of Research Administriati<br>Code Ø12A           | on |
|-----|---------------------------------------------------------|----|
|     | Naval Postgraduate School<br>Monterey, California 93940 |    |
|     |                                                         |    |

- 12. Prof. Uno R. Kodres, Code 52Kr Department of Computer Science Naval Postgraduate School Monterey, California 93940
- 13. I. Larry Avrunin, Code18 DTNSRDC Bethesda, Maryland 20084
- 14. R. P. Crabb, Code 9134 Naval Oceans Systems Center San Diego, California 92152
- 15. Kathryn Heninger, Code 7503 Naval Research Lab Washington, D.C. 20375
- 16. Dr. J. McGraw U.C. - L.L.L. (1-794) P.O. Box 808 Livermore, California 94550
- 17 Mark Underwood NPRDC San Diego, California 92152
- 18. Walter P. Warner, Code K70 NSWC Dahlgren, Virginia 22448
- 19. M. George Michael U.C. - L.L.L. (L-76) P.O. Box 808 Livermore, California 94550
- 20. LCDR Stephen L. Reitz NAVSBA TECHREP St. Paul, Minnesota 30845

2

· · · · ·

1

1

1

1

1

1

1

1

1

