DOCSLIB.ORG

DEPARTMENT of COMPUTER SCIENCE Carneg E-Mellon Un

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
DEPARTMENT of COMPUTER SCIENCE Carneg E-Mellon Un CMU-CS-85-159 The Performance Effects of Functional Migration and A rchitectu ral Complexity in Object-Oriented Systems Robert Paul Colwell August 1985 DEPARTMENT of COMPUTER SCIENCE Carneg_e-Mellon Un=vers=ty CMU-CS-85-159 The Performance Effects of Functional Migration and A rchitectu ral Complexity in Object-Oriented Systems Robert Paul Colweil August 1985 Dept. of Electrical and Computer Engineering Carnegie-Mellon University Pittsburgh, Pennsylvania 15213 Submitted to Carnegie-Melhm University in partial fulfilhnent of the requirements for the degree of Doctor of Philosophy in Electrical. and Computer Engineering. Copyright @ 1985 Robert Paul Colwell This research has been supported by the U.S. Army Center for Tactical Computer Systems under contract number DAA B 07-82-C-J 164. The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of the U.S. Army or the U.S. Government. Table of Contents 1. The Computer Architecture Design Problem 7 1.1. Introduction 8 1.2. Issue: Function to l,evel Mapping 11 1.3. Current research for the fi_nction-to-level problem 13 1.3.1.Software Systems 14 1.3.I. 1. ]:unctional Programming 15 1.3.1.2. High l_evel I.anguages 16 1.3.1.3. Smalltalk 17 1.3.2. Microcode 18 1.3.3. An Architecture Study 19 1.3.3.1. Background 19 1.3.3.2.Discussion 19 1.4.Goal: A Function-to-l.e_,el Mapping Methodology 20 1.4.I. Methodologies 20 1.4.2. Using Real Machines 21 1.5. Limits to the Function-to-l.evel Mapping Model 22 1.6.Organization of this dissertation 25 2. Plan of Experimental Work 27 2.1. The Case Study 27 2.1.1. Candidates for a case study 27 2.1.2. Introduction to the [ntel 432 29 2.1.2.1. System Architecture 29 2.1.2.2. Physical Realization 30 2.1.2.3. Instruction Set 30 2.1.3. Functional Migration in the 432 30 2.2. The experiments 33 2.2.1. Performance as a system metric 33 2.2.2. Benchmarking 34 2.2.3. Programming Environments: Large vs. Small 35 2.2.4. Measuring the effects of functional migration 36 3. Object Orientation 41 3.1. Overview of Object-Oriented Systems 41 3.2. Protected Pointers 42 3.3.432 Object-Orientation 43 3.3.1. The Intrinsics of 432 Object-Orientation 45 3.3.2. The Addressing Structure 46 . 3.3.3. Address Caches . 47 3.3.4. Rights Checking 48 3.3.5. Procedure Calls 54 4. Experimental Results 59 4.1. "l'he Baseline 432 59 4.1.1. Berkeley Measurements 59 4.1.2. Release 3.0 Baseline Measurements on the Microsimulator 61 4.2. Major cycle sinks in the 432 67 4.2.1. The 432 Ada Compiler 69 4.2.1.1. Mismanaging the F.ntcred_Environments 69 4.2.1.2. Common Sub-expression Analysis 78 4.2.1.3. Protected Procedu re Calls 80 4.2.1.4. Parameters passed by value/result 85 4.2.2. l,ack of l,ocal l)ata Registers 87 4.2.3.16-bit Buses 91 4.2.4. Bit-Aligned Instructions 93 4.2.5. I,ack of l,iterals or Embedded Data 94 4.2.6. Top_of._Stack: 16 bits 96 4.2.7. Three Entered Environments 99 4.2.8. Garbage Collector 105 4.2.9. The Microinstruction Bus 105 4.2.10. Caches 106 4.2.10.1. "llae Data Segment Cache 107 4.2.10.2. The Object Table Cache 110 4.2.10.3. The Hypothetical AD Cache 114 5. Conclusions 121 5.1. The Synthetic 432 121 5.1.1. The Synthetic Baseline 432 122 5.1.2. Incrementally Better Technology 124 5.1.3. Inherent Overheads and Best-Case Synthetic 432 132 5.2. Functional Migration 133 5.3. RISC/CISC 137 5.3.1. Recent RISC Work 142 5.4. Other Observations on the 432 145 5.4.1. Research vs. commercial ventures 145 5.4.2. Architecture Design Decisions 146 5.5. Contributions made by this thesis " 147 5.6. Conclusions and Future Work 150 References 153 Appendix A. Procedure Call Memory Operations 167 Appendix B. Benchmark Discussions 171 Appendix C. Source Code for Benchmarks 173 Homily 187 List of Figu res Figure 1-1: Con,sequences of Paging-based Protection in tile VAX 24 Figure 2-1: Generic 432 System Multiprocessor Architecture 29 Figure 2-2: Internal architecture of the 432's l)ata Manipulation Unit 31 Figure 2-3: Internal architecture of the 432's Reference Generation Llnit 31 Figure 3-1: The 432",;Full Addressing Path 44 Figure 3-2: A l'_o-l.evcl Addressing Mechanism 46 Figure 3-3:432 On-chip Address Caches 48 Figure 3-4: t:ormat of the 432's Access Descriptor 49 Figure 3-5: Format of the Object 1)escriptor for a Storage Object 49 Figure 3-6: Parameter-Passing mechanism 52 Figure 3-7: Effect of die e_ter__envoperation 52 Figure 3-8:432 state changed during execution of an intramodule procedure call. 55 Figure 4-I: The procedure call/rctu rn graph for l)hrystone. 83 Figure 4-2: A 432 enhanced with a set of eight general purpose registers 88 Figure 4-3: Large Ada system module intcrconncctivity 102 Figure 4-4: The 432 Addressing Caches 107 Figure 4-5: Assumed Fob vs. OT_Cachc entries 113 Figure 4-6: Ave Access Time in cycles for linear and exponential Fob vs. OT_Cache entries 113 Figure 4-7: Proposed 1)S/AI) Cache organization (sample values) 115 Figure 4-8: Average Access cycles for Fah = 0.7 120 Figure 4-10: Average Access cycles for bdh = 0.8 120 Figure 4-9: Averagc Access cycles for Fo,h = 0.9 120 Figure 4-11" Average Access cycles for/;dh = 0.95 120 Figure 5-1: Relative contributions ofcyclc sinks to overall wasted cycles 125 Figure 5-2: Relative contributions ofcyclc sinks to overall wasted cycles by benchmark :. 126 Figure 5-3: Relative contributions of incremental technology improvements 129 Figure 5-4: Relative contributions of incremental technology improvemcnts by benchmark 130 IV List of Tables Table 2-1' 432 Microcode I)istribution 38 Table 3-1" Rights Checking Example: Ada source code segment from CFA8 50 Table 3-2:432 Assembly l.anguage 50 Table 3-3: The Enter Em,iromnent Algorithm 51 Table 3-4: Software equivalent to the 432's base & bounds checking for referencing one 54 operand Table 3-5: Memory Operations in Executing Enter_Env 54 Table 3-6: Memory operations performed by the 432 during a procedure call. 56 Table 3-7: Comparison of 432 procedure call memory traffic vs. VAX and 68010 assuming 56 4 integers passed as parameters Table 3-8: Summary of432 procedure call activities and percentage of total clock cycles 57 'Fable 4-1" Berkeley 4 Mttz lntel 432 Measurements 60 ]'able 4-2:4 MHz Results normalized to VAX 60 Table 4-3: Baseline instruction stream statistics 62 Table 4-4: Total baseline cycles executed with standard 432 and compiler 62 Table 4-5: Baseline reads performed excluding instruction fetches 63 1'able 4-6: Baseline reads by percentage excluding instruction fetches 63 'Fable 4-7: Baseline reads including instruction fetches 63 Table 4-8: Baseline reads including instruction fetches by percentage 64 Table 4-9: Baseline writes 64 Table 4-10: Baseline writes by percentage 64 - Table 4-11" Total combined baseline reads and writes excl. instr, fetches 64 Table 4-12: Baseline ratio of reads to writes, with and without instruction fetches 65 Table 4-13: Average cycles executed per instruction 66 Table 4-14: Per-instruction benchmark statistics 66 Table 4-15: Percentage &cycles spent stalled w_iting on the Instruction Decoder 66 Table 4-16: Percentage of total GDP cycles spent waiting for the memory and bus 67 Table 4-17: Percentage of total benchmark cycles spent on enter_envs and the resulting 70 DS_cache misses. Table 4-18: Ada source code segment from CFA5R, showing the tight loop. 71 Table 4-19:432 Assembly code segment for the tight loop of CFA5R 71 Table 4-20: Another enterLenv in the CFA5R benchmark 72 Table 4-21: Source code segment for the Dhrystone benchmark. 73 Table 4-22: Assembly code for the Dhrystone code segment 74 Table 4-23: Source Code Segment for Dhrystone With Local Pointer 76 ]'able 4-24: Assembly Code Segment for Dhrystone With Local Pointer 77 Table4-25: Total cycles executed per benchmark, adjusted for better environment 78 management. Table4-26: Source and assembly code demonstrating the effects of common sub- 79 expression optimization vl Table 4-27: Source code for the inner loop of file CFA 10 benchmark 80 Tahle 4-28:432 Assembly code for tile inner loop of CFA 10 81 Table 4-29: Improved 432 assembly code R_rthe inner loop of CFA 10 82 Table 4-30: Cycles saved due to hand-optimized 432 assembler code 82 Table 4-31: Summary of" the perl'ormance improvements possible if intra-module calls 83 were protected by the compiler. "Fable4-32: Cimumventing the 432 Ada compiler's "call by value/result" semantics 86 Table 4-33: Clock cycles wasted by the 432 Ada compiler's use of "call by value/result" 86 semantics. Table 4-34: Cycle savings possible if eight 32-bit data registers had been included in the 89 432 Table 4-35: Aria source code for the Sieve inner loop 89 Table 4-36:432 assembly code Ebrthe Sieve inner loop 90 Table 4-37: Assembly code for the Sieve inner loop with 8 registers available 90 Table 4-38: Cycles saved due to wider internal and external buses 92 Table 4-39: Cycles lost to Instruction Decoder Stall 94 Table 4-40: Cycles saved with instruction stream literals 96 Table 4-41: Usage of the STACK0 top-of-stack register in the 432 97 Table 4-42:STACK0 address and data calculations 97 Table 4-43: Number of stack references by data widths 98 Table 4-44: l)ata widths references during Stack operations by percentages 98 Table 4-45: Cycle savings if STACK0 were 32 bits instead of 16 99 Table 4-46: I.arge Ada Program Modularization into Procedures and Functions 100 "fable 4-47: Large Ada Program Modularization by Routine I)eclaration Type 101 Table 4-48: Number of other modules referenced per function or procedure
Load more

Recommended publications
  • Operating Systems and Virtualisation Security Knowledge Area (Draft for Comment)
    OPERATING SYSTEMS AND VIRTUALISATION SECURITY KNOWLEDGE AREA (DRAFT FOR COMMENT) AUTHOR: Herbert Bos – Vrije Universiteit Amsterdam EDITOR: Andrew Martin – Oxford University REVIEWERS: Chris Dalton – Hewlett Packard David Lie – University of Toronto Gernot Heiser – University of New South Wales Mathias Payer – École Polytechnique Fédérale de Lausanne © Crown Copyright, The National Cyber Security Centre 2019. Following wide community consultation with both academia and industry, 19 Knowledge Areas (KAs) have been identified to form the scope of the CyBOK (see diagram below). The Scope document provides an overview of these top-level KAs and the sub-topics that should be covered under each and can be found on the project website: https://www.cybok.org/. We are seeking comments within the scope of the individual KA; readers should note that important related subjects such as risk or human factors have their own knowledge areas. It should be noted that a fully-collated CyBOK document which includes issue 1.0 of all 19 Knowledge Areas is anticipated to be released by the end of July 2019. This will likely include updated page layout and formatting of the individual Knowledge Areas. Operating Systems and Virtualisation Security Herbert Bos Vrije Universiteit Amsterdam April 2019 INTRODUCTION In this knowledge area, we introduce the principles, primitives and practices for ensuring security at the operating system and hypervisor levels. We shall see that the challenges related to operating system security have evolved over the past few decades, even if the principles have stayed mostly the same. For instance, when few people had their own computers and most computing was done on multiuser (often mainframe-based) computer systems with limited connectivity, security was mostly focused on isolating users or classes of users from each other1.
    [Show full text]
  • CHERI Instruction-Set Architecture
    UCAM-CL-TR-876 Technical Report ISSN 1476-2986 Number 876 Computer Laboratory Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son September 2015 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2015 Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son, SRI International Approved for public release; distribution is unlimited. Sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 (“CTSRD”) and FA8750-11-C-0249 (“MRC2”) as part of the DARPA CRASH and DARPA MRC research programs. The views, opinions, and/or findings contained in this report are those of the authors and should not be interpreted as representing the official views or policies, either expressed or implied, of the Department of Defense or the U.S. Government. Additional support was received from St John’s College Cambridge, the SOAAP Google Focused Research Award, the RCUK’s Horizon Digital Economy Research Hub Grant (EP/G065802/1), the EPSRC REMS Programme Grant (EP/K008528/1), the Isaac Newton Trust, the UK Higher Education Innovation Fund (HEIF), and Thales E-Security. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Abstract This technical report describes CHERI ISAv4, the fourth version of the Capability Hardware Enhanced RISC Instructions (CHERI) Instruction-Set Architecture (ISA)1 being developed by SRI International and the University of Cambridge.
    [Show full text]
  • A VLSI Architecture for Enhancing Software Reliability Kanad Ghose Iowa State University
    Iowa State University Capstones, Theses and Retrospective Theses and Dissertations Dissertations 1988 A VLSI architecture for enhancing software reliability Kanad Ghose Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/rtd Part of the Computer Sciences Commons Recommended Citation Ghose, Kanad, "A VLSI architecture for enhancing software reliability " (1988). Retrospective Theses and Dissertations. 9345. https://lib.dr.iastate.edu/rtd/9345 This Dissertation is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Retrospective Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. INFORMATION TO USERS The most advanced technology has been used to photo­ graph and reproduce this manuscript from the microfilm master. UMI films the original text directly from the copy submitted. Thus, some dissertation copies are in typewriter face, while others may be from a computer printer. In the unlikely event that the author did not send UMI a complete manuscript and there are missing pages, these will be noted. Also, if unauthorized copyrighted material had to be removed, a note will indicate the deletion. Oversize materials (e.g., maps, drawings, charts) are re­ produced by sectioning the original, beginning at the upper left-hand comer and continuing from left to right in equal sections with small overlaps. Each oversize page is available as one exposure on a standard 35 mm slide or as a 17" x 23" black and white photographic print for an additional charge.
    [Show full text]
  • Privacy Engineering for Social Networks
    UCAM-CL-TR-825 Technical Report ISSN 1476-2986 Number 825 Computer Laboratory Privacy engineering for social networks Jonathan Anderson December 2012 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2012 Jonathan Anderson This technical report is based on a dissertation submitted July 2012 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Trinity College. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Privacy engineering for social networks Jonathan Anderson In this dissertation, I enumerate several privacy problems in online social net- works (OSNs) and describe a system called Footlights that addresses them. Foot- lights is a platform for distributed social applications that allows users to control the sharing of private information. It is designed to compete with the performance of today’s centralised OSNs, but it does not trust centralised infrastructure to en- force security properties. Based on several socio-technical scenarios, I extract concrete technical problems to be solved and show how the existing research literature does not solve them. Addressing these problems fully would fundamentally change users’ interactions with OSNs, providing real control over online sharing. I also demonstrate that today’s OSNs do not provide this control: both user data and the social graph are vulnerable to practical privacy attacks. Footlights’ storage substrate provides private, scalable, sharable storage using untrusted servers. Under realistic assumptions, the direct cost of operating this storage system is less than one US dollar per user-year.
    [Show full text]
  • Operating Systems & Virtualisation Security Knowledge Area
    Operating Systems & Virtualisation Security Knowledge Area Issue 1.0 Herbert Bos Vrije Universiteit Amsterdam EDITOR Andrew Martin Oxford University REVIEWERS Chris Dalton Hewlett Packard David Lie University of Toronto Gernot Heiser University of New South Wales Mathias Payer École Polytechnique Fédérale de Lausanne The Cyber Security Body Of Knowledge www.cybok.org COPYRIGHT © Crown Copyright, The National Cyber Security Centre 2019. This information is licensed under the Open Government Licence v3.0. To view this licence, visit: http://www.nationalarchives.gov.uk/doc/open-government-licence/ When you use this information under the Open Government Licence, you should include the following attribution: CyBOK © Crown Copyright, The National Cyber Security Centre 2018, li- censed under the Open Government Licence: http://www.nationalarchives.gov.uk/doc/open- government-licence/. The CyBOK project would like to understand how the CyBOK is being used and its uptake. The project would like organisations using, or intending to use, CyBOK for the purposes of education, training, course development, professional development etc. to contact it at con- [email protected] to let the project know how they are using CyBOK. Issue 1.0 is a stable public release of the Operating Systems & Virtualisation Security Knowl- edge Area. However, it should be noted that a fully-collated CyBOK document which includes all of the Knowledge Areas is anticipated to be released by the end of July 2019. This will likely include updated page layout and formatting of the individual Knowledge Areas KA Operating Systems & Virtualisation Security j October 2019 Page 1 The Cyber Security Body Of Knowledge www.cybok.org INTRODUCTION In this Knowledge Area, we introduce the principles, primitives and practices for ensuring se- curity at the operating system and hypervisor levels.
    [Show full text]
  • Object Capabilities and Isolation of Untrusted Web Applications
    Object Capabilities and Isolation of Untrusted Web Applications Sergio Maffeis John C. Mitchell Ankur Taly Imperial College London Stanford University Stanford University [email protected] [email protected] [email protected] Abstract—A growing number of current web sites combine Intel iAPX423, the Amoeba operating system, and others active content (applications) from untrusted sources, as in (see [10], [11]). The main idea is that code possessing a so-called mashups. The object-capability model provides an capability, such as an unforgeable reference to a file or appealing approach for isolating untrusted content: if separate applications are provided disjoint capabilities, a sound object- system object, is allowed to access the resource by virtue of capability framework should prevent untrusted applications possessing the capability. If a system is capability safe, and from interfering with each other, without preventing interaction a process possesses only the capabilities that it is explicitly with the user or the hosting page. In developing language-based given, then isolation between two untrusted processes may foundations for isolation proofs based on object-capability con- be achieved granting them non-overlapping capabilities. cepts, we identify a more general notion of authority safety that also implies resource isolation. After proving that capability An attractive adaptation to programming language con- safety implies authority safety, we show the applicability of texts is the object-capability model [12], [13], which replaces our framework for a specific class of mashups. In addition the traditional subject-object dichotomy with programming to proving that a JavaScript subset based on Google Caja language objects that are both subjects that initiate access is capability safe, we prove that a more expressive subset of and objects (targets) of regulated actions.
    [Show full text]
  • Great Principles of Computing
    Great Principles of Computing Great Principles of Computing Peter J. Denning and Craig H. Martell The MIT Press Cambridge, Massachusetts London, England © 2015 Massachusetts Institute of Technology All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the publisher. MIT Press books may be purchased at special quantity discounts for business or sales promotional use. For information, please email [email protected]. This book was set in Stone Sans Std and Stone Serif Std by Toppan Best-set Premedia Limited, Hong Kong. Printed and bound in the United States of America. Library of Congress Cataloging-in-Publication Data Denning, Peter J., 1942 – Great principles of computing / Peter J. Denning and Craig H. Martell. pages cm Includes bibliographical references and index. ISBN 978-0-262-52712-5 (pbk. : alk. paper) 1. Computer science. I. Martell, Craig H., 1965– II. Title. QA76.D3483 2015 004 — dc23 2014022598 10 9 8 7 6 5 4 3 2 1 To Dorothy, Anne, and Diana To Chaliya and Katie Contents Foreword by Vint Cerf ix Preface xiii 1 Computing 1 2 Domains 19 3 Information 35 4 Machines 59 5 Programming 83 6 Computation 99 7 Memory 123 8 Parallelism 149 9 Queueing 171 10 Design 195 11 Networking 219 12 Afterword 241 Summary of This Book 249 Notes 257 References 271 Index 287 Foreword Peter Denning and Craig Martell have taken on a monumental topic: iden- tifying and elucidating principles that shape and inform the process of coercing computers to do what we want them to do and struggling with the difference between what they actually do (that is, what we told them) and what we want them to do.
    [Show full text]
  • Capability-Based Computer Systems Capability-Based Computer Systems
    Capability-Based Computer Systems Capability-Based Computer Systems Henry M. Levy BBmoBc1” DIGITAL PRESS Copyright 0 1984 Digital Equipment Corporation All rights reserved. Reproduction of this book, in part or in whole, is strictly prohibited. For copy information contact: Digital Press, 12 Crosby Dr., Bedford, Mass. 01730 Printed in the United States of America 10987654321 Documentation Number: EY-00025-DP ISBN: O-932376-22-3 Library of CongressCataloging in Publication Data Levy, Henry M., 1952- Capability-based computer systems. Bibliography: p. 205 Includes index. 1. Computer architecture. 2. Operating systems (Com- puters) 3. System design. I. Title. QA76.9.A73L48 1983 621.3819’58 83-21029 ISBN O-932376-22-3 Trademarks Bell Laboratories: UNIX. Burroughs Corporation: B5000. Cam- bridge University: CAP. Control Data Corporation: CDC 6400, SCOPE. Digital Equipment Corporation: DEC, LSI-11, PDP-1, PDP-11, TOPS-20. Hewlett-Packard Company: HP 3000. Intel Cor- poration: iAPX 432, iMAX, Intel 8086. IBM: CPF, IBM 370, IBM Systemi38, SWARD. International Computers Ltd.: Basic Language Machine. Plessey Telecommunications Ltd. Plessey System 250. Xerox Corporation: Smalltalk. In Memory of Manny and Sonia Preface The purpose of this book is to provide a single source of infor- mation about capability-based computer systems. Although capability systems have existed for nearly two decades, only recently have they appeared in architecture and operating sys- tem textbooks. Much has been written about capability sys- tems in the technical literature, but finding this information is often difficult. This book is an introduction, a survey, a history, and an evaluation of capability- and object-based computer systems.
    [Show full text]
  • Notes on Virtualization
    Notes on Virtualization Version 9.0 Andrew Herbert 6th October 2015 Introduction The story of virtualization and the important role it has played in Operating Systems over the past 50 years. The systems and papers mentioned in the text are the author’s choice of exemplars for the concepts being discussed, they not an exhaustive list of all related research and products, nor a statement about precedence over other systems. What is “Virtualization”? In broad terms, “virtualization” in the context of operating systems principles relates to operating systems that give the illusion of efficiently running multiple independent computers known as “virtual machines”. Depending upon the specific requirements and means of virtualization, the virtual machines be directly executed by (i.e., exactly mimic) the underlying physical machine, or they may comprise a more abstract system, parts or all of which are simulated by the physical machine. Origins The term “virtual” originated with “(dynamic) virtual memory” to express the abstraction of having a large contiguously addressed store available to programs, implemented by swapping portions of data and program between main store and magnetic drum. Some of the pioneers of operating systems (Maurice Wilkes, Brian Randell, Bob Nelson) have suggested the use of the word “virtual” was inspired by optics, in the sense of “virtual” versus “real” images. The term “virtual” was then extended to include “virtual devices” with the advent of input-output spooling and file systems. A typical virtual device interface would replace the hardware input-output instructions and device interrupt handling structures with a more convenient abstract interface with functions such as OPEN, CLOSE, READ, WRITE, CREATE, and DELETE.
    [Show full text]
  • Arxiv:1904.12226V1 [Cs.NI] 27 Apr 2019
    The Ideal Versus the Real: Revisiting the History of Virtual Machines and Containers Allison Randal, University of Cambridge Abstract also have greater access to the host’s privileged software (kernel, operating system) than a physically distinct ma- The common perception in both academic literature and chine would have. the industry today is that virtual machines offer better se- curity, while containers offer better performance. How- Ideally, multitenant environments would offer strong ever, a detailed review of the history of these technolo- isolation of the guest from the host, and between guests gies and the current threats they face reveals a different on the same host, but reality falls short of the ideal. The story. This survey covers key developments in the evo- approaches that various implementations have taken to lution of virtual machines and containers from the 1950s isolating guests have different strengths and weaknesses. to today, with an emphasis on countering modern misper- For example, containers share a kernel with the host, ceptions with accurate historical details and providing a while virtual machines may run as a process in the host solid foundation for ongoing research into the future of operating system or a module in the host kernel, so they secure isolation for multitenant infrastructures, such as expose different attack surfaces through different code cloud and container deployments. paths in the host operating system. Fundamentally, how- ever, all existing implementations of virtual machines and containers
    [Show full text]
  • Design of the SPEEDOS Operating System Kernel
    Universität Ulm Fakultät für Informatik Abteilung Rechnerstrukturen Design of the SPEEDOS Operating System Kernel Dissertation zur Erlangung des Doktorgrades Dr. rer. nat. der Fakultät für Informatik der Universität Ulm vorgelegt von Klaus Espenlaub aus Biberach a.d. Riß 2005 Official Copy, serial number df13c6b7-d6ed-e3f4-58b6-8662375a2688 Amtierender Dekan: Prof. Dr. Helmuth Partsch Gutachter: Prof. Dr. J. Leslie Keedy (Universität Ulm) Gutachter: Prof. Dr. Jörg Kaiser (Otto-von-Guericke-Universität, Magdeburg) Gutachter: Prof. John Rosenberg (Deakin University, Geelong, Victoria, Australia) Prüfungstermin: 11.07.2005 iii Abstract (Eine inhaltsgleiche, deutsche Fassung dieser Übersicht ist ab Seite 243 zu finden.) The design of current operating systems and their kernels shows deficiencies in re- spect to the structuring approach and the flexibility of their protection systems. The operating systems and applications suffer under this lack of extensibility and flexib- ility. The protection model implemented in many operating systems is not powerful enough to represent arbitrary protection conditions on a more fine-grained granu- larity than giving read and/or write access to an entire object. Additionally current operating systems are not capable of controlling the flow of information between software units effectively. Confinement conditions cannot be expressed explicitly and thus confinement problems can only be solved indirectly. Further complications with the protection system and especially the software structure in modern operating systems based on the microkernel approach are caused by the use of the out-of-process model. It is extremely difficult to spe- cify access rights appropriately, because the client/server paradigm does not easily allow a relationship to be established between the role of the client and the per- missions of the server.
    [Show full text]
  • From L3 to Sel4 What Have We Learnt in 20 Years of L4 Microkernels?
    From L3 to seL4 What Have We Learnt in 20 Years of L4 Microkernels? Kevin Elphinstone and Gernot Heiser NICTA and UNSW, Sydney fkevin.elphinstone,[email protected] Abstract vices back into the kernel [Condict et al. 1994]. There were The L4 microkernel has undergone 20 years of use and evo- also arguments that high IPC costs were an (inherent?) conse- lution. It has an active user and developer community, and quence of the structure of microkernel-based systems [Chen there are commercial versions which are deployed on a large and Bershad 1993]. scale. In this paper we examine the lessons learnt in those 20 In this context, the order-of-magnitude improvement of years in relation to microkernel design. We revisit the L4 de- IPC costs Liedtke demonstrated was quite remarkable. It was sign papers, re-examine the approaches and conclusions, and followed by work discussing the philosophy and mechanisms provide insights into the long-term validity, or lack thereof, of L4 [Liedtke 1995; 1996a], the demonstration of a para- of the original design and implementation principles. We fur- virtualized Linux on L4 with only a few percent overhead [Hartig¨ et al. 1997], the deployment of an L4 version on ther examine the design of the seL4 kernel, which has pushed 1 the L4 model furthest and was the first OS kernel to undergo billions of mobile devices, and, finally, the world’s first a complete formal verification of its implementation. We use functional correctness proof of an OS kernel [Klein et al. the seL4 design to illustrate how the microkernel has evolved, 2009].
    [Show full text]