logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

How-does-virtual-memory-work.md (4758B)

    

  1. ---
  2. date: 2018-10-29
  3. layout: page
  4. title: How does virtual memory work?
  5. tags: ["instructional"]
  6. ---
  8. Virtual memory is an essential part of your computer, and has been for several
  9. decades. In my [earlier article on pointers][pointers], I compared memory to a
  10. giant array of octets (bytes), and explained some of the abstractions we make
  11. on top of that. In actual fact, memory is more complicated than a flat array of
  12. bytes, and in this article I'll explain how.
  14. [pointers]: /2016/05/28/Understanding-pointers.html
  16. An astute reader of my earlier article may have considered that pointers on,
  17. say, an x86_64 system, are 64 bits long[^1]. With this, we can address up to
  18. 18,446,744,073,709,551,616 bytes (16 exbibytes[^2]) of memory. I only have 16
  19. GiB of RAM on this computer, so what gives? What's the rest of the address space
  20. for? The answer: all kinds of things! Only a small subset of your address space
  21. is mapped to physical RAM. A system on your computer called the MMU, or Memory
  22. Management Unit, is responsible for managing the abstraction that enables this
  23. and other uses of your address space. This abstraction is called virtual memory.
  25. [^1]: Fun fact: most x86_64 implementations actually use 48 bit addresses internally, for a maximum theoretical limit of 256 TiB of RAM.
  26. [^2]: I had to look that SI prefix up. This number is 2<sup>64</sup>, by the way.
  28. The kernel interacts directly with the MMU, and provides syscalls like
  29. [mmap(2)][mmap] for userspace programs to do the same. Virtual memory is
  30. typically allocated a page at a time, and given a purpose on allocation, along
  31. with various flags (documented on the mmap page). When you call `malloc`, libc
  32. uses the mmap syscall to allocate pages of heap, then assigns a subset of that
  33. to the memory you asked for. However, since many programs can run concurrently
  34. on your system and may request pages of RAM at any time, your physical RAM can
  35. get fragmented.  Each time the kernel hits a context switch[^3], it swaps out
  36. the page table for the next process.
  38. [^3]: This means to switch between which process/thread is currently running on a single CPU. I'll write an article about this sometime.
  39. [mmap]: http://man7.org/linux/man-pages/man2/mmap.2.html
  41. This is used in this way to give each process its own clean address space and to
  42. provide memory isolation between processes, preventing them from accessing each
  43. other's memory. Sometimes, however, in the case of shared memory, the same
  44. physical memory is deliberately shared with multiple processes.  Many pages can
  45. also be any combination readable, writable, or executable - the latter meaning
  46. that you could jump to it and execute it as native code.  Your compiled program
  47. is a file, after all - mmap some executable pages, load it into memory, jump to
  48. it, and huzzah: you're running your program[^4]. This is how JITs, dynamic
  49. recompiling emulators, etc, do their job. A common way to reduce risk here,
  50. popular on *BSD, is enforcing W^X (writable XOR executable), so that a page can
  51. be either writable or executable, but never both.
  53. [^4]: There are actually at least a dozen other steps involved in this process. I'll write an article about loaders at some point, too.
  55. Sometimes all of the memory you think you have isn't actually there, too. If you
  56. blow your RAM budget across your whole system, swap gets involved. This is when
  57. pages of RAM are "swapped" to disk - as soon as your program tries to access it
  58. again, a page fault occurs, transferring control to the kernel. The kernel
  59. restores from swap, damning some other poor process to the fate, and returns
  60. control to your program.
  62. Another very common use for virtual memory is for memory mapped I/O. This can
  63. be, for example, mapping a file to memory so you can efficiently read and write
  64. to disk. You can map other sorts of hardware, too, such as video memory. On 8086
  65. (which is what your computer probably pretends to be when it initially
  66. boots[^5]), a simple 96x64 cell text buffer is available at address `0xB8000`.
  67. On my TI-Nspire CX calculator, I can read the current time from the real-time
  68. clock at `0x90090000`.
  70. [^5]: You can make it stop pretending to do this with [an annoying complicated sequence of esoteric machine code instructions](https://wiki.osdev.org/Protected_Mode). An even more annoying sequence is required to [enter 64-bit mode](https://wiki.osdev.org/Setting_Up_Long_Mode). It gets even better if you want to set up [multiple CPU cores](https://wiki.osdev.org/Symmetric_Multiprocessing)!
  72. In summary, MMUs arrived almost immediately on the computing scene, and have
  73. become increasingly sophisticated ever since. Virtual memory is a powerful tool
  74. which grants userspace programmers elegant, convenient, and efficient access to
  75. the underlying hardware.