MULTICS SYSTEM-PROGRAMMERS' MANUAL Section BA.2
Approved: 7/23/65
Identification
Summary of multics technical policy
E.L. Glaser, P.G. Neumann, 7/26/65
Purpose
Following is a terse summary of the most important axioms which are hereby established as inviolable for the Multics software. This section is intended as a reference section, and makes little effort to be a tutorial section.
USE OF ABSOLUTE AND MASTER MODES. The normal mode for all code is slave mode. Absolute mode is to he used only where necessary in bootstrapping, in fault and interrupt handling routines (until the segment descriptor is obtained), in catastrophe recovery, and in product service (maintenance) routines. Since bugs involving master mode routines are likely to be catastrophic, master mode is to be used only when necessary to obtain correct execution, or when all interrupts must be inhibited by using bit 28, or when needed in product service routines. (Inhibiting of interrupts should be done sparingly, and only for as long as absolutely essential.) Slave mode should be left at the last possible occasion, and reentered at the next possible occasion. Master mode routines are closed, and always check the validity of the call. There is one routine for writing each type of descriptor, and that routine is in slave mode. Similarly, there is one routine for writing each type of DCW (MSU, IOC, GlOC). Only one routine per controller issues connects.
PAGING. Everything except absolute code must be capable of being executed unpaged, paged to 1024 words, or paged to 64 words, with the choice left to the discretion of the monitor. That is, paging or nonpaging should be invisible to the user. Everything is swappable when not busy (i.e., directly accessible to a device, such as a GIOC mailbox), except for the paging algorithm, the core map, the bare-bones input-output routines, the catastrophe restart toehold, the fault and interrupt handlers, and that part of the scheduler which must be invoked in response to interrupts. There is one page table per segment (i.e., a page is pointed at by a single page table entry), except that the core allocator must be able to reach the core map, the segment descriptor, and the page table entries themselves. The core management modules (page and segment handling) are distinct from secondary storage management (the file system).
TRAP HANDLING. In order to facilitate debugging and repartitioning, there will be a standard trap-handling strategy, with reflection back to the user or transfer to some particular system program permitted for a given trap class on an administratively established basis. There is always some process in control of a processor, namely that one which has its descriptor in the descriptor base register. There will be software facilities for 64 faults and 64 interrupts per processor.
MISCELLANEOUS. All data layouts for the initial 645 Multics implementation will be compatible with those of PL/I. All modules of this implementation will be written in PL/I.
EXCEPTIONS. Any exception requires the explicit approval of the Triumvirate.