Computer systems implementing protected mode operating systems segment physical memory into separate virtual address spaces or regions that are accessible by certain processes or protection domains. Some memory may be allocated to and accessible only by the computer system's kernel, referred to as kernel space or the kernel domain, while other memory is made accessible by applications, referred to as user space or a user domain. When multiple processes are running simultaneously, each process is allocated its own virtual memory space or memory domain, and unless explicitly provided, cannot access the memory domain of other processes. This protection of memory domains improves system reliability by reducing opportunities for processes to interfere with each other or the operation of the system.
In many operations, a user process in one protection domain may need to call or access an object or function located (i.e., stored or running) in another protection domain. In such situations, the system needs to enable communications across the respective protection domains. A number of methods for providing such inter-process communications include “pipes,” kernel services, message passing, virtual memory remapping, and shared memory. However, such traditional methods exhibit undesirable inefficiencies.
For instance, a protection domain system may implement pipes to provide inter-process communication by first copying data from one user protection memory domain into the kernel domain, and then copying the same data from the kernel domain into the memory space of another user protection domain. In the case of a remote object call where input and output data need to be communicated, this process is repeated when the output data is returned across the protection domains to the process that initiated the remote object call. Thus, inter-process communication using pipes is inefficient as two separate copy operations are involved in each direction.
Shared memory may also be used for inter-process communications; however, implementing shared memory requires that the two protection domains agree upon a non-generic data-sharing scheme. Notably, agreeing upon a non-generic data-sharing scheme is not easily accomplished since the invoking process needs to predict the manner the receiving process will receive the data.