13. Exceptions

Definition
Event occurring in the computer system which requires breaking the current instruction sequence and passing the control to OS

Classification of exceptions (logical)

Asynchronous - not caused by instruction/program being executed

• Interrupts
• Non-correctable errors which cannot be attributed to any instruction
  Synchronous - result of instruction execution, must be services immediately
• Traps - taken at the end of instruction
• Errors - brak the instruction execution
  • correctable (faults)
  • non-correctable (aborts)

Interrupts

Generated mostly outside of the processor
Asynchronous with respect to the executed instruction - not directly related to the executed program
Used to signal events important to operating system
Changes in peripheral device context
- key press, mouse move
- network packet arrival
- disk data transfer completion
Passage of defined time period
- System timer interrupt - task/thread switching
- process wake-up

Traps

Generated by execution unit
Caused by instructions, triggered during last phase of execution - strictly synchronous with respect to instructions
Types:

• Operating system service call - ECALL/SYSCALL
• Application-detected exec error in OS
• Trace trap - generated by any instruction while trace mode is set in the processor - used for debugging

Errors (faults, aborts)

Mostly generated by the processor - exec unit and MMU
physical transfer error - generated by ext. hardware
Result from executed instruction, not always directly
Signal errors and protection violations caused by software and hardware

• undefined instruction execution
• misaligned memory access
• protection rules violation
  Essential for implementing virtual memory
  Modern OS use errors for optimizing resource management

Exception service

Every exception should be services. Two meanings:

• Software level - software reaction of OS to the event
  transmitting next data block to the device signaling readiness
  process switching initiated by timer interrupt
  displaying error message
• Hardware (processor) level - sequence of hardware actions resulting in suspending the current instruction stream and invoking OS exception handler
  Software service starts when hardware service ends

Exception service by processor

1. Detection of an exception
2. Identification of exception source
3. Stopping the execution of current instruction sequence and storing current processor context
4. Loading new context and starting exception handler

Exception identification

If exception was raised by CPU - source is already known
In other situations:
Detailed information may be performed in hardware at the start of service or in software
Hardware identification requires hardware querying - initiated by processor as a special access cycle - interrupt acknowledge
During interrupt acknowledge, interrupt controller/arbiter selects the interrupt to be services
Int response to interrupt acknowledge cycle, processor receives the interrupt identifier.

Storing the context during exception processing

Why? - to return after error service (if possible).
What is stored:

• PC and status register
• Information essential to identify detailed cause of exception (access addresses and attributes if error detected by MMU)
  Where to store?
  CISC and RISC with stack - on the stack
  RISC without stack - dedicated registers

Context changes during hardware service

During exception service processor switched to system mode
privilege level must be stored, to be restored on return
Trace mode switched off during service
During interrupt service, interrupt sensitivity level is modified - original level must be stored
All this information is usually in system status register

Storing OC and status register

Simple RISC - PC and SR copied to shadow registers
CISC - PC and SR stored on stack
Application does not guarantee integrity and availability of the stack
Must be on system stack - every privilege level has its own stack
Sequence of actions:
1. SR copied to temporary register
2. SR modified to switch to system mode
3. Temp register restored

Sequence of events during exception service

Traditional

• Detection of exception
• Arbitration and identification
• Storing the context
• Loading new context
  Optimized
• Detection of exception
• Storying context
• Arbitration & identification
• Loading new context

Stack switching in CISC processors

Every privilege level has its own stack
When privilege level changes, stack is switched. Two ways:

• Separate stack for every privilege level
• Reloading SP during privilege level change
  At given privilege level, software may access SPs of lower privilege levels

Information needed to service an error

Error makes it impossible to execute the current instruction
nextPC not accessible/invalid - currPC must be stored
Error detected by MMU - instruction or data access error
Some architectures allow system mode memory access with user privilege level

Information stored during page fault - x86

On system stack:

• Processor status register
• Address of instruction causing the fault
• Error code - 32bit word (type of error)
  In CR2 register - virtual address of faulting reference

Interrupt system - processor priority

Several priority levels with different interrupt sensitivities

• Single level (classic x86) - interrupts disabled/enabled
• Multilevel (3...16 levels) - interrupts have assigned priority levels based on their required response time
  • Slow devices (keyboard, printer) - lower levels
  • Fast devices (disk, network controller) - higher
    Current interrupt sensitivity level defined by bits stored in processor status register - interrupt mask/interrupt priority level. May be changed by system software.
    Some kernel routines must execute with no interrupts (critical sections)

Changes of processor priority

Interrupt services if priority is higher than current processor's priority.
otherwise - interrupt is waiting for service
On Interrupt Service Routine start, processor sets the priority to priority of an interrupt being serviced
during execution of ISR - no lower priority interrupts will be accepted
Because interrupt mask is adjusted by hardware, original value must be stored on entry to interrupt processing
Some interrupts must be services regardless of the setting of interrupt mask - non-maskable interrupts
Non-maskable interrupts are used to signal critical conditions, like power failure

Loading new context - starting the exception service routine

After current context is stored, processor loads new context and starts execution of ESR
new values in PC and SR
Possible solutions:

• one common routine servicing all exceptions (MIPS, RISC-V)
• 4...16 routines places in memory at fixed addresses (microcontrollers)
• Table of addresses or descriptors pointing to service routines of all exceptions (vectored interrupt system). Used in majority of g.p. processors

Vectored exception system

Exception identification phase generated an identifier
Table stored in memory contains vital information on how to invoke every exception service routine
table places at fixed address or pointer to by special processor register
Table may contain:
starting addresses of routines
one or more starting instructions of routines - ARM
descriptor containing the starting address of a routine and other information about the routine - x86

Exception types in x86

• Interrupts
• Traps - saved PC points to next instruction
• Faults - saved PC points to current instruction, continue after fixing the problem
• Aborts - saved PC may be invalid. cannot continue program.

Return from exception service

Return not always possible
During return, processor context is restored (PS and SR)
In real OS - exception service ends by passing the control to system task scheduler

Error service return

Return possible only if error may be corrected
errors signaled by MMU, user for memory virtualization and allocation
errors used to implement virtual machines
During errors service entry, the processor:

• restored state before instruction causing error
• or stored extra information allowing for continuing from the point of abort
  Upon return - aborted instruction is (respectively to above)
• executed again
• continued from the point at which it was aborted

Asynchronous software interrupt

Useful in real-time systems
Allows processor to generate asynchronous interrupt via software means
Usually used to initiate lower priority software action from within higher priority interrupt service routine

Double fault

While servicing exception, CISC processors perform a series of memory references (context store and load) which do not result in the execution of any instruction
During these actions, processor does not have valid PC value
There references may cause memory access error detected by MMU
The error cannot be handled as normal exception, because PC is not valid
In simple architectures - processor shut down
In complex ones - double fault signaled as special exception of very high priority
Good handling should result in safe system shutdown.

Process initialization - reset

Reset is treated as exception of highest priority
Causes setting the highest privilege mode and PC to predefined value
No context stored
To be ready for exception service, processor with stack must initialize its system SP during reset
initial SP may be fixed in hardware or it may be loaded from a special entry of exception vector table

Exception priorities

Reflects importance of timely reaction
Two aspects of exception service define two different priority orders - at processor/OS level
At OS level result from required software reaction time

• interrupts - critical, may be lost if not serviced on time
• traps - influence application speed
• errors - termination time not critical
  At processor level - result from sequence of actions
• interrupts - handled between instructions
• traps - taken as the last phase of instruction execution
• errors - if occur, instruction cannot be completed

Interrupt service time

In real-time systems, interrupt response time is critical
if not serviced in time, controlled object may fail
Critical timing parameters

• software reaction time
• hardware interrupt service delay
• response jitter
  Software reaction is started by handling of an interrupt in hardware

Hardware interrupt response time

If interrupt has highest priority and processor's is lower, interrupt is serviced after an instruction is finished
If processor is not executing any instruction when interrupt is signaled, it must first finish microcode action
In some processors with slow instructions, such instruction may be aborted
Iterative instructions may be interrupted after any iteration

Late arrival

Occurs when higher-priority interrupt is raised during lower-priority interrupt hardware service
Classic processor - handling of higher intr. will start after executing the first instruction of lower intr.
The intr. latency in this case exceeds $2\times$ interrupt service entry time
Solution - store context upon interrupt detection, resolve interrupt priorities after context is stored

Tail-chaining

In classic architecture, if during ISR a same level/lower intr. is raised, it will be executed after finishing current ISR and restoring context (creates delay)

Virtual memory - principle of operation

Address space divided into many small pages
Currently used pages are placed in RAM (cache for VM)
Pages that cannot fit into main memory moved to mass storage
Attempt to reference non-present page causes OS to load missing page from disk to main memory - transparent to user process. Implementation requires OS-hardware collaboration

Implementation

Pages allocated to the process but not present in main memory have invalid descriptors
Attempt to reference such page results in an error signaled by PU
When page access is legal but page not present in main memory, OS loads it from mass storage
After page loading, suspended process is restarted

Page swapping algorithm

OS tries to swap out pages which were not used recently
A (accessed) bit in page desc. set by PU when accessing page
D (dirty) bit in page desc. set by PU when page is written