previous | contents | next
370 Part 2 ½
Regions of Computer Space
Section 4 ½ Multiple-Processor Systems
The auto-restart mechanism is responsible for reloading the system and is invoked by the suspect/monitor mechanism. Three basic steps are involved: adjusting the configuration masks for any deleted or quiesced processors, constructing a free memory list (deleting pages that have been marked errant), and loading a fresh copy of the kernel from disk. The new system is entered and initialization begins. This sequence is normally accomplished without human intervention and is so reliable that C.mmp runs without an operator.
The last mechanism associated with failure recovery is the automatic diagnostic driver, which initiates and monitors the deleted processors execution of a diagnostic. The driver maintains a history of the failures found by each processor as well as the processor's successful executions of the diagnostic. The histories may be printed on command and are also accessible from Hydra. If a processor is able to successfully run the diagnostic for a period of time determined by its failure history over the previous few days, the driver automatically returns it to the system. Automatic return is accomplished by executing the standard per-processor initialization and does not require pausing or reloading the system.
The successful implementation of systems such as Harpy, ZOG, several language compilers, several file and directory systems, ARPANET support, and measurement tools such as the script driver has shown that C. mmp and Hydra provide a useful, general-purpose computing environment on a multiprocessor. The symmetric design of C. mmp has proved to be valuable in error-recovery techniques and in simplifying process scheduling. Also, the kernel approach to operating-system design, the protection system, and the mechanisms for data abstraction have effectively allowed construction of much of the operating system as user-level programs:
The problems, such as reliability, memory contention, and the small-address problem, have been effectively managed, if not solved entirely. These problems were challenging and the reliability problems, especially, motivated a profitable research effort.
Almes and Robertson ; Bellis ; Bhandarkar ; Cohen and Jefferson ; DEC ; Dijkstra [1968a]; Fuller, Almes, Broadley, Porgy, Karlton, Lesser, and Teter ; Fuller and Harbison ; Jam [19781; Levin, Cohen, Corwin, Pollack, and Wulf ; Lowerre ; Marathe ; McGehearty 11980]; Newcomer, Cohen, Jefferson, Lane, Levin, Pollack, and Wulf ; Oleinick ; Oleinick and Fuller ; Parnas ; Robertson and Ramakrishna ; Rubin, Guggenheim, and Bihary ; Schroeder ; Siewiroek, Kini, Joobbani, and Bellis ; Strecker ; Swan ; Wulf and Bell ; Wulf, Cohen, Corwin, Jones, Levin, Pierson, and Pollack ; Wulf and Harbison ; Wulf Levin, and Harbison ; Wulf, Levin, and Pierson ; Wulf, Russell, and Habermann .
previous | contents | next