Really great article and blog.

> You can examine binary images using the nm and objdump commands to display symbols, their addresses, segments, and so on.

You can also use my new tool Bloaty McBloatface (https://github.com/google/bloaty). Check out the -v option especially, which will dump a memory map of both the file domain and the VM address domain:

    $ ./bloaty `which ls` -v -d segments
    FILE MAP:
    [0, 19d44] LOAD [RX], LOAD [RX]
    [19d44, 19df0] [None], [Unmapped]
    [19df0, 1a5f4] LOAD [RW], LOAD [RW]
    [1a5f4, 1a700] [None], [Unmapped]
    [1a700, 1ae00] [None], [ELF Headers]
    VM MAP:
    [0, 400000] NO ENTRY
    [400000, 419d44] LOAD [RX], LOAD [RX]
    [419d44, 619df0] NO ENTRY
    [619df0, 61a5f4] LOAD [RW], LOAD [RW]
    [61a5f4, 61b360] LOAD [RW], LOAD [RW]
         VM SIZE                     FILE SIZE
     --------------               --------------
      95.1%   103Ki LOAD [RX]       103Ki  96.1%
       4.9%  5.36Ki LOAD [RW]      2.00Ki   1.9%
       0.0%       0 [ELF Headers]  1.75Ki   1.6%
       0.0%       0 [Unmapped]        440   0.4%
     100.0%   108Ki TOTAL           107Ki 100.0%

If you leave off "-d segments" the map will include all sections too (like .bss, .text, etc). Here is an example of that output: http://pastebin.com/3XGcqA8k

> Once virtual addresses are enabled, they apply to all software running in the machine, including the kernel itself. Thus a portion of the virtual address space must be reserved to the kernel

Reserving a portion of the address space for the kernel is a performance optimization and not necessarily required.

In 32-bit macOS the kernel has its own separate address space just like a process. Syscalls copy or map data in and out. The benefit is user mode processes can use all 4 GB. The obvious downside is the extra overhead and TLB flushes.

32/64-bit iOS and 64-bit macOS use the standard convention if having the kernel's address space mapped into all processes. Especially on 64-bit there is no benefit to doing otherwise.

I'd recommend reading absolutely everything that's on this website. Everything from CS-related stuff to Feynman is worth the time!

Wow this is a cool blog. Seriously.

And now I understand memory segmentation. Wow, that is terrible. Seriously Intel, what is it with you and overcomplicating things?

This blog is the best resource for anything related to the kernel/hw boundary. Better than any book I've seen.

Win9x actually looks more similar to the Linux layout, with ring0 only occupying the highest GB, but has an additional area from 80000000h~BFFFFFFFh which is shared across all user-mode processes and used for things like DLLs.