Memory Management

Physical & virtual allocators, address space management, heap providers, and error handling.

Profile Reference

Memory Management

The helix-memory crate provides the entire memory stack — physical frame allocation, virtual address mapping, heap allocators, and address space management. Every layer is trait-based, so you can swap out any allocator without touching the rest of the kernel.

Memory is the first thing initialized after boot (stages 3-6), and every other subsystem depends on it. Understanding this crate is fundamental to working with Helix.

Memory Stack5N · 5E

Minimap100%

100%

☝ Drag to pan·🤏 Pinch to zoom·Tap a node

Ctrl+FSearch

PPath

SStats

FFullscreen

EExport

Shift+DragMove node

↑↓Navigate

+/−Zoom

Physical Allocator Trait

The physical allocator manages raw hardware memory frames. Helix provides four implementations with different tradeoffs — you pick the right one in your profile's helix.toml.

subsystems/memory/src/physical/mod.rs

1912rust

pub trait PhysicalAllocator: Send + Sync {

  fn name(&self) -> &'static str;

  fn init(&mut self, regions: &[PhysicalRegion]) -> MemResult<()>;

  fn allocate(&self, size: PageSize) -> MemResult<Frame>;

  fn allocate_contiguous(&self, count: usize, size: PageSize) -> MemResult<Frame>;

  fn allocate_zone(&self, size: PageSize, zone: MemoryZone) -> MemResult<Frame>;

  fn deallocate(&self, frame: Frame) -> MemResult<()>;

  fn free_frames(&self) -> usize;

  fn total_frames(&self) -> usize;

  fn stats(&self) -> AllocatorStats;

}

5 refs

pub struct Frame {

  address: PhysAddr,   // Private fields, accessed via methods

  size: PageSize,

}

5 refs

pub enum PageSize { Size4KiB, Size2MiB, Size1GiB }

2 refs

pub enum MemoryZone { Dma, Dma32, Normal, High, Device }

6 refs

pub type MemResult<T> = Result<T, MemError>;

Index

Provided Allocators

Each allocator is designed for a specific phase of kernel operation. The profile config controls which one is active.

Allocator	Time Complexity	Supports Free	Best For
`BumpAllocator`	O(1) alloc	❌ No	Early boot (stages 1-3) — fast, no-free temporary heap
`BitmapAllocator`	O(n) worst case	✅ Yes	Simple general-purpose — one bit per frame
`BuddyAllocator`	O(log n)	✅ Yes	Production — efficient power-of-two splitting
`SlabAllocator`	O(1) amortized	✅ Yes	Fixed-size kernel objects (TCBs, inodes, buffers)

Virtual Memory Mapper

The virtual mapper creates the mapping between virtual addresses (what the CPU sees) and physical frames (actual RAM). It works hand-in-hand with the HAL's page table trait.

subsystems/memory/src/virtual_memory/mod.rs

1116rust

bitflags! {

4 refs

  pub struct PageFlags: u64 {

      const PRESENT       = 1 << 0;

      const WRITABLE      = 1 << 1;

      const USER          = 1 << 2;

      const WRITE_THROUGH = 1 << 3;

      const NO_CACHE      = 1 << 4;

      const ACCESSED      = 1 << 5;

      const DIRTY         = 1 << 6;

      const HUGE          = 1 << 7;

      const GLOBAL        = 1 << 8;

      const NO_EXECUTE    = 1 << 63;

}

}

4 refs

impl PageFlags {

  pub const KERNEL_READ:  Self; // PRESENT

  pub const KERNEL_WRITE: Self; // PRESENT | WRITABLE

  pub const KERNEL_CODE:  Self; // PRESENT

  pub const USER_READ:    Self; // PRESENT | USER

  pub const USER_WRITE:   Self; // PRESENT | USER | WRITABLE

  pub const USER_CODE:    Self; // PRESENT | USER

}

pub trait VirtualMapper: Send + Sync {

  fn map(&self, page: Page, frame: Frame, flags: PageFlags) -> MemResult<()>;

  fn unmap(&self, page: Page) -> MemResult<Frame>;

  fn update_flags(&self, page: Page, flags: PageFlags) -> MemResult<()>;

  fn translate(&self, virt: VirtAddr) -> Option<PhysAddr>;

2 refs

  fn flush(&self, page: Page);      // Invalidate single TLB entry

  fn flush_all(&self);              // Full TLB flush (expensive)

}

Index

Address Space Management

Each process gets its own AddressSpace that tracks all virtual memory regions. The address space provides POSIX-compatible memory operations — mmap, munmap, mprotect, and brk.

subsystems/memory/src/virtual_memory/address_space.rs

2181rust

2 refs

pub struct AddressSpace {

  id: AddressSpaceId,

  regions: RwLock<BTreeMap<u64, VmRegion>>,

  mapper: Arc<dyn VirtualMapper>,

  user_start: VirtAddr,

  user_end: VirtAddr,

  brk: RwLock<VirtAddr>,

}

2 refs

impl AddressSpace {

  pub fn new(id: AddressSpaceId, mapper: Arc<dyn VirtualMapper>,

      user_start: VirtAddr, user_end: VirtAddr) -> Self;

  pub fn add_region(&self, region: VmRegion) -> MemResult<()>;

  pub fn remove_region(&self, start: VirtAddr) -> MemResult<VmRegion>;

  pub fn find_region(&self, addr: VirtAddr) -> Option<VmRegion>;

  // POSIX-compatible memory operations

  pub fn mmap_anonymous(&self, hint: Option<VirtAddr>,

      size: u64, flags: PageFlags) -> MemResult<VirtAddr>;

  pub fn munmap(&self, addr: VirtAddr, size: u64) -> MemResult<()>;

  pub fn mprotect(&self, addr: VirtAddr, size: u64,

      flags: PageFlags) -> MemResult<()>;

2 refs

  pub fn brk(&self, new_brk: Option<VirtAddr>) -> VirtAddr;

}

5 refs

pub struct VmRegion {

  pub start: VirtAddr,

  pub size: u64,

  pub flags: PageFlags,

  pub region_type: VmRegionType,

}

2 refs

pub enum VmRegionType {

  Anonymous, File, Device, Kernel, Guard, Reserved,

}

Index

Heap Allocator Trait

The kernel heap is what alloc::vec!, Box::new(), and all dynamic allocations use. The GlobalHeap struct wraps a dyn HeapAllocator and registers itself as Rust's #[global_allocator].

subsystems/memory/src/allocator/mod.rs

1521rust

2 refs

pub trait HeapAllocator: Send + Sync {

  fn allocate(&self, layout: Layout) -> *mut u8;

  unsafe fn deallocate(&self, ptr: *mut u8, layout: Layout);

  unsafe fn reallocate(&self, ptr: *mut u8, old_layout: Layout,

      new_size: usize) -> *mut u8;

  fn name(&self) -> &'static str;

  fn stats(&self) -> HeapStats;

}

2 refs

pub struct HeapStats {

  pub total_size: usize,

  pub used_size: usize,

  pub free_size: usize,

  pub allocations: u64,

  pub deallocations: u64,

}

// Early boot bump heap — no free, just for initialization

pub struct BumpHeap {

  start: usize,

  end: usize,

  next: Mutex<usize>,   // spin::Mutex, not AtomicUsize

}

// Production: the GlobalHeap wraps any HeapAllocator

// and implements core::alloc::GlobalAlloc

#[global_allocator]

static HEAP: GlobalHeap = GlobalHeap::new();

Index

Memory Errors

Every memory operation returns MemResult<T>. These errors are descriptive enough for the self-healing system to decide on recovery strategies.

Error	Description	Recovery
`OutOfMemory`	No frames or pages available	Trigger memory pressure event
`InvalidAddress`	Address outside valid range	Return error to caller
`NotMapped`	Virtual address has no mapping	Page fault handler
`AlreadyMapped`	Page already has a mapping	Unmap first, then remap
`InvalidAlignment`	Address not aligned to page boundary	Caller bug — align up
`PermissionDenied`	Insufficient capability rights	Check capability token

During early boot (stages 1-3), the BumpAllocator provides a 4MB static heap. It's blazing fast (O(1) allocation) but never frees — perfect for the temporary allocations needed to get the full memory subsystem running. Once the buddy allocator is ready, the bump allocator is retired.

Memory Management#

Physical Allocator Trait#

Provided Allocators#

Virtual Memory Mapper#

Address Space Management#

Heap Allocator Trait#

Memory Errors#

Memory Management

Physical Allocator Trait

Provided Allocators

Virtual Memory Mapper

Address Space Management

Heap Allocator Trait

Memory Errors