Memory management units (MMUs) are incorporated in, or available for, a wide range of embedded CPUs. Under some circumstances their use is mandatory; in other situations they might represent an unwanted overhead. This article looks at what MMUs do and how they might be applied. Process and thread models for multi-tasking are compared and contrasted, and an intermediate option is considered that might provide a compromise between security and performance requirements.
Physical and logical addresses
When you first start learning how to program, the concept of an address is unimportant, as high level languages insulate the programmer from such nastiness. It is only when a developer wants to understand or write assembly language or really appreciate what is happening with pointers that addresses become a concern.
Every byte of memory has a unique address. Actually that is not quite true, as some processor architectures utilize multiple address spaces, but ultimately every byte may be specified uniquely in some way. Commonly, a system has a single area of memory with a starting address of zero. This is not a firm rule, as the memory architecture could be set up such that the address space starts at some other value. Other systems have multiple areas of memory that may not be contiguous – maybe the program and data memory are separate, for example.
Such addresses are physical addresses and are the values emitted by the CPU and systems immediately around it, and are decoded by the memory system. For many systems, physical addresses correspond directly to logical addresses, which are the ones used by software. In other systems, there is no such matching. A difference between a logical and physical address may occur for a number of reasons.
If a CPU has a paged memory architecture, the software may work with shorter (logical) addresses than would be needed to access the complete (physical) address space. Adjusting the “page” moves a window of addresses through the physical address space. For example, the original x86 architecture used 16-bit logical addresses (giving a 64K range) and 20-bit physical addresses (accessing up to 1M). Setting up the base register enabled the logical address space to be mapped onto a 64K area within the 1M space (on a 16-byte boundary).
Paged addressing is uncommon nowadays. More typically CPUs use 32-bit addresses to access a flat 4G address space. However, there may still be a non-correspondence between logical and physical addresses because a memory management unit (MMU) processes addresses emitted by the CPU. An MMU gives a lot of flexibility to remap physical memory to convenient logical addresses. It can also render parts of the physical address space inaccessible to software, which is a powerful protection mechanism.
Operating systems and multi-tasking
Most modern embedded systems are built using an operating system of some kind. This may be a simple multi-tasking kernel, or it may be a real-time operating system (RTOS) with a wide range of services, or it could be a “full” operating system like Linux. Broadly speaking, any kind of operating system supports a multi-tasking model, which may be “thread model” or “process model”; these two types are essentially characterized by their use or non-use of an MMU.
Multi-tasking – thread model
Most RTOS products on the market are thread model. This means that all the tasks’ (now called threads) code and data occupy the same address space, along with that of the RTOS itself, as illustrated in Figure 1 .
Theoretically, but hopefully not in practice, one thread can access and/or corrupt the code and data of another thread or of the RTOS. Obviously, this possibility is only of passing interest if the code is properly debugged and from a trustworthy source. The big benefit of thread model is that the context switch is fast, as only the CPU registers need to be saved and restored.
Multi-tasking – process model
Higher end operating systemslike Linux and Windows, along with a few RTOS products, use processmodel. By using the MMU, each task (now called a process) occupies itsown private address space, starting at address 0, as illustrated in Figure 2 . In effect, a process is given the impression that it has exclusive access to the entire machine.
Thismodel has the great benefit that each process has no access to, or evenawareness of, other processes’ memory or that of the OS itself. Thispermits the construction of more secure systems, where a badly behavedor seriously buggy process should have no effect on the rest of thesystem. The downside is that a context switch is significantly slowerthan with thread model, as apart from the save and restore of the CPUregisters, the memory needs to be remapped using the MMU.
Thread protected mode
SomeRTOS products offer an interesting compromise by making limited use ofan MMU, while still using thread mode. This is commonly called “threadprotected mode”. This facility is implemented such that, on a contextswitch, only memory which the current thread has authorization to access(i.e. its own along with any shared or specific RTOS memory areas) isrendered visible. This slightly increases the context switch time, asthe MMU needs to be set up, but this is a lower overhead than a fullremapping required for process model. Figure 3 shows a system where Task 2 is in control while Figure 4 illustrates the result of adjusting the MMU when Task 4 gains control.
Figure 3: Memory management using a thread protected mode with Task 2 in control
Figure 4: Memory management using a thread protected mode with Task 4 gaining control
Modernembedded CPUs commonly incorporate an MMU, or one may be available asan option. To use high-end operating systems like Linux, an MMU isessential. For most RTOS products, an MMU is not required, but in manycases it may be used to provide some additional security.
Colin Walls has over thirty years experience in the electronics industry, largelydedicated to embedded software. A frequent presenter at conferences andseminars and author of numerous technical articles and two books onembedded software, Colin is an embedded software technologist with the Mentor Graphics Embedded Software Division], and is based in the UK. His regular blog is located at: blogs.mentor.com/colinwalls . He may be reached by email at .