Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formal Virtual Machines

Published byShon Blankenship Modified over 6 years ago

Similar presentations

Presentation on theme: "Formal Virtual Machines"— Presentation transcript:

1 Formal Virtual Machines
Ryan Solava Graduate Operating Systems Mini-project Dec. 14th, 2012

2 What is a Virtual Machine?
Before we try to formalize it, what is it generally? Virtual Machines (VM): Software emulation of a machine that execute programs like a physical machine An environment for running programs which is basically identical to the original machine A Virtual machine monitor (VMM) is a software tool that creates a VM environment. Guest OS VMM Host OS CPU

3 Why use Virtual Machines?
Virtual Machines are useful because they allow us to run programs in environments where the actual hardware is unavailable. Real examples of VM software: Xen VMware User-mode Linux

4 Why formalize Virtual Machines?
Many modern VMMs don’t really follow the formal definitions So what’s the point? Allows a rigorous form that can be used to proof behaviors of a system Here we present Popek and Goldberg’s Formalization

5 Model of a machine A machine can exist in one of a finite number of states. A state, S, is defined by four components. S = <E,M,P,R> E: executable storage M: processor mode P: program counter R: relocation-bounds register

6 … Executable storage S = <E,M,P,R>
E is the executable storage, a word or byte addressable memory of size q E[i] denotes the ith storage location in E (beginning at address 0). E E[0] E[1] E[2] E[3] E[q-1]

7 Processor mode S = <E,M,P,R>
M, the processor mode, has a value of either u or s u: user mode – some instructions restricted s: supervisor mode – all instructions available

8 Program counter S = <E,M,P,R>
P, the program counter, points to a place in memory that contains the next instruction to be processed It is relative to R

9 Relocation-bounds register
S = <E,M,P,R> R, the relocation-bounds register, consists of a pair (l,b) l gives the absolute address of the beginning of the virtual memory, seen as address 0 b gives the absolute size of the virtual memory l b

10 Instructions Define the set of all states as C
Then an instruction i, is a function from C to C. i: C → C So given S1 = <E1,M1,P1,R1>, i(S1) = S2 for some S2 = <E2,M2,P2,R2>.

11 Program storage word Given a state S = <E,M,P,R>, its program storage word (PSW) is the triple <M,P,R>. Contains all the information for an execution except the state of memory Often E[0] stores an earlier PSW and E[1] stores the PSW of the next execution

12 Traps Intuitively, a trap saves the current machine state, and then switches control to a pre-specified routine. Rigorously, this is captured as follows An instruction t is a trap if, for i(<E1,M1,P1,R1>) = <E2,M2,P2,R2>, the following holds: E1[j] = E2[j] for all j > 0 E2[0] = <M1,P1,R1> E1[1] = <M2,P2,R2> PSW2 Old PSW stored Trap Taken as new PSW PSW1

13 Memory Access A memory trap is a specific type of trap that occurs when a routine attempts to access memory it cannot Thus, any instruction that attempts to access memory address a will work as follows: if a + l ≥ q: memorytrap else if a ≥ b: memorytrap else: use E[a+l]

14 Limitations This is basics of the theoretical framework that Popek and Goldberg use It captures most of the function of a machine, but there is one major limitation It does not deal with I/O instructions However, I/O devices can be treated as part of memory, so it is not a major drawback

15 Privileged instructions
The idea of a privileged instruction is that it traps whenever run in user mode, but does not when run in supervisor mode. Formally, an instruction i is privileged if for any pair of states S1 = <E,u,P,R> and S2 = <E,s,P,R> such that i(S1) and i(S2) do not memory trap, i(S1) traps but i(S2) does not.

16 Sensitive instructions
The idea of a sensitive instruction is that it either changes the processor mode of the system or the amount of memory allocated without memory trapping. Rigorously, an instruction i is sensitive if there a state, S1=<E1,M1,P1,R1> with i(S1) = <E2,M2,P2,R2>, such that i(S1) does not memory trap and M1 ≠ M2 or R1 ≠ R2 .

17 Innocuous instructions
An instruction is innocuous if and only if it is neither privileged or sensitive. All instructions Innocuous Privileged Sensitive

18 Condition for virtualization
Using the above model, the following result can be shown Theorem: A machine is virtualizable if its set of sensitive instructions is a subset of its privileged instructions. All instructions Privileged Sensitive

Download ppt "Formal Virtual Machines"

Similar presentations

Virtualization Dr. Michael L. Collard

Virtualization Dr. Michael L. Collard
Popek & Goldberg’s notation

Popek & Goldberg’s notation
Interrupts Chapter 8 – pp 209-214 Chapter 10 – pp 258-264 Appendix A – pp 537 & 543-545.

Interrupts Chapter 8 – pp Chapter 10 – pp Appendix A – pp 537 &
Formal Requirements for Virtualizable Third Generation Architectures Gerald J. Popek University of California, Los Angeles and Robert P. Goldberg Honeywell.

Formal Requirements for Virtualizable Third Generation Architectures Gerald J. Popek University of California, Los Angeles and Robert P. Goldberg Honeywell.
Virtual Machines What Why How Powerpoint?. What is a Virtual Machine? A Piece of software that emulates hardware.  Might emulate the I/O devices  Might.

Virtual Machines What Why How Powerpoint?. What is a Virtual Machine? A Piece of software that emulates hardware.  Might emulate the I/O devices  Might.
Disco Running Commodity Operating Systems on Scalable Multiprocessors.

Disco Running Commodity Operating Systems on Scalable Multiprocessors.
Computer System Structures memory memory controller disk controller disk controller printer controller printer controller tape-drive controller tape-drive.

Computer System Structures memory memory controller disk controller disk controller printer controller printer controller tape-drive controller tape-drive.
MEMORY MANAGEMENT By KUNAL KADAKIA RISHIT SHAH. Memory Memory is a large array of words or bytes, each with its own address. It is a repository of quickly.

MEMORY MANAGEMENT By KUNAL KADAKIA RISHIT SHAH. Memory Memory is a large array of words or bytes, each with its own address. It is a repository of quickly.
KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.

KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,

Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,
Introduction to Virtual Machines. Administration Presentation and class participation: 40% –Each student will present two and a half times this semester.

Introduction to Virtual Machines. Administration Presentation and class participation: 40% –Each student will present two and a half times this semester.
Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.

Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Virtualization Concepts Presented by: Mariano Diaz.

Virtualization Concepts Presented by: Mariano Diaz.
Virtualization Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation is licensed.

Virtualization Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation is licensed.
Chapter 2: Computer-System Structures 2.1 Computer System Operation 2.5 Hardware Protection 2.6 Network Structure.

Chapter 2: Computer-System Structures 2.1 Computer System Operation 2.5 Hardware Protection 2.6 Network Structure.
Outline Basic VM Concepts Formal Definitions Virtualization Theorems

Outline Basic VM Concepts Formal Definitions Virtualization Theorems
Formal Requirements for Virtualizable Third Generation Architectures

Formal Requirements for Virtualizable Third Generation Architectures

Similar presentations

Ads by Google