Chapter 2. KeyKOS Kernel Constructs

This chapter describes the primitive elements (keys, nodes, and pages) and the compound objects (domains, meters and segments) in KeyKOS. It describes how they are used and how they interact.


Keys are the tokens of authority in KeyKOS. It does not matter who uses a key. A key has the same behavior for any user.

In a fundamental sense, there are exactly two ways that a key can be used:

The most fundamental example of rights amplification is the compare key function of the Discrim key. Other examples are order codes 2 through 11 of the Domain Tool key.

Programming note: It is useful to think of building structures that the kernel interprets as a third way of using keys.

Keys and Objects

If the result of invoking key F depends on the parameters passed on the most recent invocation of key N, then there exists a relationship between the two keys. This is an operational description. It has the benefit of not describing any more than necessary. It does not imply a specific implementation.

A more intuitive description is to say that keys F and N each point to (designate) a common object with the ability to store parameters, and that F and N contain some other component that distinguishes them. (e.g. F may be a fetch key and N a node key to the same node.)

When using this second description, it is important to recognize that the characteristics of the object may be very different when viewed through the two keys. (e.g. A segment key and a meter key may both designate the same node.)

If keys are thought of as designating objects, they can be described as having up to three components:

  1. Key type - defines how the object is to be viewed.
  2. Key value - For keys that designate a page or node, this value contains information that the kernel can use to locate the designated object.
  3. Data byte - may modify the interpretation or authority of the key.

It is important to realize that one key can be viewed in different ways. For example, a key that can be viewed as a start key that designates a node may be viewed as a start key to a domain, a start key to an OS/360 domain, or a Filedef key.

The following list describes the keys that are implemented in the kernel. These keys may be divided into two classes. The start and resume keys are gate keys, all others are primary keys. KeyKOS Object Reference (KL230) defines the effects of invoking each type of primary key.

A gate key designates a node that will be interpreted as the root of domain. It is important to note that a gate key restricts the holder merely to starting the domain program and offering some data and authority. The starting address is specified by the started domain.

Keys that Designate Nodes

A node key provides the holder with the greatest authority over the node that it designates. Keys can be placed into and retrieved from arbitrary slots in the node with a node key. However, there is no direct way to determine the state of the .process-running bit in the node or to change that state.

A fetch key only allows keys to be retrieved from the node.

A sense key only allows keys to be retrieved from the node. The operation of retrieving a key from the node may be accompanied by an attenuation of the authority of the fetched key (only sensory versions of keys may be retrieved by use of a sense key).

A domain key provides the holder with some authority to the node viewed as the root of a domain. It also gives certain authority over the two other nodes that make up the domain.

The start and resume keys provide the authority to invoke the node viewed as the root of a domain.

A segment key provides authority to access the segment defined by the node.

A meter key provides authority to consume the resources defined by the contents of certain slots of the node.

Keys that Designate Pages

A page key provides authority to access data in a page.

Other Keys

The data key directly holds a non-negative integer. It provides no authority. The notation DK(n) is used to designate a data key that holds the value "n", which is less than 2^128. (In some implementations of KeyKOS the limit is smaller than 2^128.)

The value in a data key is frequently interpreted or produced by the kernel. In these situations the value is interpreted in binary and the bits numbered by negative integers. The unit's position is -1, the two's position is -2, the four's position is -3, etc.

A node range key (or page range key) is a closely held key that provides the holder with strong authority over a group of nodes (or pages). It is used to allocate space on disks.

Miscellaneous keys are several individual keys that provide special services (that are implemented by the kernel, as described in Chapter 3).


Figure 2-1

A node is 16 slots and a single boolean value called the process-running bit. A slot is a storage area for one key. A node is completely described by giving the contents of its 16 slots and the process-running bit. Nodes are not directly accessible to System/370 problem mode instructions. Nodes and their contents may be accessed by invoking keys.

A node that has the process-running bit TRUE will be viewed as a domain root by the kernel. Processes have no identity in themselves, so it is not meaningful to ask which process is associated with a given node. Start and resume keys can be used, by invoking them, to change the state of the process-running bit. There is no explicit test for the process-running bit.

Design note: It is necessary to hide the process-running bit to ensure that meters can stop domains non-destructively.


Pages hold 4096 bytes of data or programs. They are used in the construction of segments which make up the address space of domains. Keys to pages may also be called directly to access the page.