A Generic Operating System Kernel
The authors explain physical and virtual machines, including the topics of communicating virtual machines, the concrete kernel, the runvm primitive, simulation of CVM steps, and page fault handling.
- PDF / 417,657 Bytes
- 73 Pages / 439.37 x 666.142 pts Page_size
- 44 Downloads / 236 Views
Joint Work with Jonas Oberhauser
Finally, we specify and implement what we call a generic operating system kernel. In a nutshell a kernel has two tasks: • to simulate on a single physical processor multiple virtual processors of almost the same ISA; • to provide services to these virtual processors via system calls. As long as no system call is executed, a program on a virtual machine is executed as if the program were running alone on its machine. The physical machine is also called the host whereas the virtual machines are called users or guests. Usually, the physical or host machine is slightly more powerful than the virtual machines. In particular, in a classical kernel the host can run in translated/system mode whereas the guests can only run in untranslated mode. However, some kernels — called hypervisors — permit guests to run in translated mode. Thus the guests of hypervisors can themselves be kernels which in turn have user processes. Under a hypervisor therefore one can run several kernels or several operating systems on the same hardware. Here we restrict our attention to classical kernels. The two main tasks of a kernel mentioned above suggests splitting the kernel implementation into two layers, one for each of the tasks: i) a lower virtualization layer and ii) an upper layer which includes the scheduler and the handlers for system calls. In this text we treat the lower layer and leave the programmer the freedom to program the upper layer in any way she or he wishes. With all the computational models developed so far in place and justified, we follow our usual pattern of specification, implementation, and correctness proof. In Sect. 15.1 we explain the differences between physical and virtual processors: roughly speaking virtual processors cannot use address translation and not all interrupts are visible. In particular the virtual machine sees page faults only if it tries to access pages that are not allocated by it. Page
© Springer International Publishing Switzerland 2016 W.J. Paul et al., System Architecture, DOI 10.1007/978-3-319-43065-2_15
429
430
15 A Generic Operating System Kernel
faults due to invalid page table entries are invisible and must be handled transparently by the implementation of the kernel. In Sect. 15.2 we formally specify a computational model called CVM (Communicating Virtual Machines), which is realized by the virtualization layer. The user of the virtualization layer simply sees a number of virtual user machines communicating with a so-called abstract kernel. The latter is an arbitrary (!) C0 program which is allowed to call a very small number of special functions that we call CVM primitives. The specification of the CVM model including the semantics of all special functions is extremely concise. No reference to inline assembly is necessary in the specification. Only the semantics of ISA, of C0, and the parallelism of CVM are used. CVM is implemented by what we call a concrete kernel written in ‘C+A + disk + interrupts’. The concrete kernel and its main data structure
Data Loading...
