popek & goldberg’s notation
DESCRIPTION
Popek & Goldberg’s notation. Haipeng Cai and Siyuan Jiang. Conventional third generation computer Virtual machine monitor(VMM). Haipeng Cai and Siyuan Jiang. Conventional Third Generation Computer. Haipeng Cai and Siyuan Jiang. Processor Mode M s: supervisor mode u: user mode. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/1.jpg)
1
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Popek & Goldberg’s notation
Haipeng Cai and Siyuan Jiang
![Page 2: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/2.jpg)
2
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
•Conventional third generation computer•Virtual machine monitor(VMM)
Haipeng Cai and Siyuan Jiang
![Page 3: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/3.jpg)
3
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
ConventionalThird Generation Computer
Haipeng Cai and Siyuan Jiang
![Page 4: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/4.jpg)
4
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Processor Mode M•s: supervisor mode•u: user mode
Conventional Third Generation Computer
![Page 5: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/5.jpg)
5
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
No I/O instructions
Conventional Third Generation Computer
![Page 6: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/6.jpg)
6
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Memory as Executable storage E• Linear• Uniformly addressable
0 q-1… …
iE[i]
E
Conventional Third Generation Computer
![Page 7: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/7.jpg)
7
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Relocation-bounds Register R• R=(l, b)• An index to E
0 q-1… …E
l l+b
Conventional Third Generation Computer
![Page 8: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/8.jpg)
8
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
R=(l, b),address a is reached like:
0 q-1… …E
l l+b
a<b
l+a
a>b-1Memorytrap(Discuss later)
a+l>q-1Memorytrap
(Discuss later)
Conventional Third Generation Computer
![Page 9: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/9.jpg)
9
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Conventional Third Generation Computer
Relocation-bounds Register Rworks in both processor modes• supervisor mode• user mode
![Page 10: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/10.jpg)
10
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Program Counter PAddress of next instruction• Relative to R
0 q-1… …E
l l+b
P=p
l+p
Conventional Third Generation Computer
![Page 11: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/11.jpg)
11
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
State S=<E, M, P, R>The current state of the real computer system• E: executable storage• M: processor mode• P: program counter• R: relocation-register
PSW:Program status word
Conventional Third Generation Computer
![Page 12: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/12.jpg)
12
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
PSW=<M, P, R>
0 q-1… …E
l l+b
1
Old-PSW
Next-PSWConventional Third Generation
Computer
![Page 13: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/13.jpg)
13
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
State S=<E, M, P, R>Notation C • is the finite set of states
Conventional Third Generation Computer
![Page 14: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/14.jpg)
14
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Conventional Third Generation Computer
Instruction i• is a function f: C C
C Ci
![Page 15: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/15.jpg)
15
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Conventional Third Generation Computer
Trap(an action of instruction)
0 q-1… …E1
l1 l1+b1
1
S1=<E1, M1, P1, R1>
<M’,P’,R’>
trap
<M1, P1, R1>
S2,=<E2, M’, P’, R’>
E2 l' l'+b'
![Page 16: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/16.jpg)
16
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Conventional Third Generation Computer
MemoryTrap• A trap that caused by an attempt to access an address which is beyond the bounds
0 q-1… …E
l l+b
address a>b-1(memorytrap)
a>q-1(memorytrap)
![Page 17: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/17.jpg)
17
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Conventional Third Generation Computer
Privileged instruction i• For any PSW=<e, p, r> that i does
not memorytrap, • if M=u, i traps • else if M=s, i does not trap
![Page 18: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/18.jpg)
18
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Conventional Third Generation Computer
Sensitive instruction i• Control sensitive• Behavior
sensitive
![Page 19: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/19.jpg)
19
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Conventional Third Generation Computer
Control sensitive instruction iThere exists a state S1=<e1, m1, p1, r1> , note i(S1)=<e2,m2,p2,r2>such that i(S1) does not memorytrap AND (r1≠r2 OR m1≠m2) is true
In other words, i is control sensitive if i intends to change one or both of• R: the available memory resources• M: the processor mode
![Page 20: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/20.jpg)
20
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Conventional Third Generation Computer
Operator Å (for Behavior sensitive instruction)
0 q-1… …E
l l+b
r
0 q-1……E
l+x l+x+b
rÅx
![Page 21: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/21.jpg)
21
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Conventional Third Generation Computer
Behavior sensitive instruction ii is behavior sensitive if there exists integer x and S1, S2 where S1 has m1, r1, p1 and S2 has m2(≠m1), r2=r1Åx, p2=p1such that i(S1) and i(S2) differ in one or both of• the values of available memory• the program counter
![Page 22: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/22.jpg)
22
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Conventional Third Generation Computer
Behavior sensitive instruction i• is location sensitive, if the difference is caused by R• is mode sensitive , if the difference is caused by M
Behavior
Sensitive
Location
Sensitive
Mode Sensitiv
e
Relocation-bounds Register Processor Mode
![Page 23: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/23.jpg)
23
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Conventional third generation computerWrap Up
Conventional Third Generation Computer
• S=<E,M,P,R>• Executable storage• PSW• Processor Mode• Program counter• Relocation-bounds
Register
• Instruction• Trap• Memorytrap
• Privileged instruction
• Sensitive instruction• Control Sensitive• Behavior Sensitive
![Page 24: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/24.jpg)
24
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Virtual Machine Monitor(VMM)
Virtual Machine Monitor
![Page 25: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/25.jpg)
25
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Control Program(CP)
VMM is a kind of CP
Virtual Machine Monitor
![Page 26: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/26.jpg)
26
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Control ProgramAssume• Control Program runs in s mode• Other programs run in u mode(In later discussion, ”program” represents the other programs)
Virtual Machine Monitor
![Page 27: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/27.jpg)
27
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Control Program CP=<D, A, {vi}>• Dispatcher D• Allocator A• Interpreters {vi}
Virtual Machine Monitor
![Page 28: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/28.jpg)
28
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Dispatcher D
Virtual Machine Monitor
D decides which module to call.E[1] has P set to D
0 q-1… …E
l l+b
1PSWnext=<M, P->D, R>
![Page 29: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/29.jpg)
29
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Allocator A
Virtual Machine Monitor
A decides what resource(s) are to be provided.
![Page 30: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/30.jpg)
30
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Interpreters {vi}
Virtual Machine Monitor
One interpreter routine vi for one privileged instruction i
![Page 31: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/31.jpg)
32
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Virtual Machine MonitorA CP with three properties:• Efficiency property• Resource control property• Equivalence property
Virtual Machine Monitor
![Page 32: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/32.jpg)
33
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Efficiency property:All innocuous instructions are executed by hardware directly(with no intervention on the part of the control program)
Virtual Machine Monitor
![Page 33: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/33.jpg)
34
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Resource control property:Programs cannot affect the system resources.(Whenever an attempt to affect system resources, A is to be invoked.)
Virtual Machine Monitor
![Page 34: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/34.jpg)
35
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Equivalence property:With two exceptions(listed in the next slide), any program k performs in a manner indistinguishable from:(1)CP does not exist(2)k has freedom of access to privileged instructions
Virtual Machine Monitor
![Page 35: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/35.jpg)
36
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Exceptions for equivalence property:(1) The length of time required for execution changes when program runs with a CP present(2) A may not satisfy a particular request for space, then k will not execute in a same manner
Virtual Machine Monitor
![Page 36: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/36.jpg)
37
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Virtual MachineThe environment
which any program sees when running with a VMM present
Virtual Machine Monitor
![Page 37: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/37.jpg)
38
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Virtual machine monitorWrap up
• Control Program (CP)• Dispatcher• Allocator• Interpreters{vi}
• Virtual machine monitor properties• Efficiency• Resource control• Equivalence
Virtual Machine Monitor
![Page 38: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/38.jpg)
39
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Formal Requirements for Conventional Third Generation Computer
to be Virtualizable
Formal requirements for virtualizable third generation computer
![Page 39: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/39.jpg)
40
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Theorem 1For any conventional third generation computer,a VMM can be constructed, if the set of sensitive instructions (for that computer) is a subset of the set of privileged instructions
Formal requirements for virtualizable third generation computer
![Page 40: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/40.jpg)
41
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Formal requirements for virtualizable third generation computer
Construct a VMM (in conventional 3rd generation computer)• VM Map• Define “Equivalence property”• VM Map that satisfies three VMM properties
![Page 41: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/41.jpg)
42
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Formal requirements for virtualizable third generation computer
VM Map • is a function f: Cr->Cv which is a one-one homomorphism that is for any Si, ei, there exists a e’i, such that f(ei(Si))=e’i(f(Si))
Cr(states without VMM) Cvf(states with VMM)
Si S’i
S’jSjf
ei e'i
![Page 42: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/42.jpg)
43
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Formal requirements for virtualizable third generation computer
VM MapVM Map only maps states:• after the completion of one instruction in the real machine• before the beginning of the next instruction
![Page 43: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/43.jpg)
44
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Formal requirements for virtualizable third generation computer
Equivalence (Formal)Assume a real machine runs from S1, VM runs from f(S1).The VM is equivalent to the real machine, if and only if, for any S1,if the real machine halts in S2, then the VM halts in f(S2).
![Page 44: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/44.jpg)
45
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Formal requirements for virtualizable third generation computer
Standard VM Map(detail in next slide)
0 w-1… …
E l l+b
0 w+k-1… …E’
l+k l+k+b
Sr
Sv
…k
CP2
<m’, p’, r’>
Standard VM Map
<m, p, r>
<m’=s, p’=CP, r’=(0,q-1)>same
set by trap handler
![Page 45: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/45.jpg)
46
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Formal requirements for virtualizable third generation computer
Standard VM MapSr<E,M,P,R>Sv<E’, M’, P’, R’>where R=(l, b), |E|=w, |CP|=k-2• E’[i+k] E[i], for i=0, w-1• E’[i] CP, for i=2 to k-1• E’[1] <m’, p’, r’>
where m’=s, p’=1st location of CP, r’=(0, q-1)• E’[0] <m, p, r> as last set by trap handler• M’ u, P’P, R’(l+k, b)
![Page 46: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/46.jpg)
47
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Formal requirements for virtualizable third generation computer
Standard VM MapIt can satisfies three propertiesif the sensitive instructions are all privileged instructionsin third generation computer
![Page 47: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/47.jpg)
48
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Formal requirements for virtualizable third generation computer
Overall Wrap up• Conventional third generation computer• Virtual machine monitor (control program)• The condition under which
VMM can be built in the conventional third generation computer
![Page 48: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/48.jpg)
49
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Formal requirements for virtualizable third generation computer
Related results: Recursive virtualization• Can a VM run a copy of the VMM?• Theorem 2: A conventional third
generation computer is recursively virtualizable if it is:
(a) virtualizable, and (b) a VMM without any timing dependencies can be constructed for it
![Page 49: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/49.jpg)
50
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Formal requirements for virtualizable third generation computer
Relax VMM definition: Hybrid VMM• Relax VMM definition so that more
third generation computers can be virtualizable
• Theorem 3: A hybrid VMM may be constructed for any conventional third generation computer where user sensitive instructions are privileged.Note1: in Theorem 1, it is all ”sensitive instructions”
Note2: user sensitive instructions are defined in next slide
![Page 50: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/50.jpg)
51
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Formal requirements for virtualizable third generation computer
User Sensitive Instructions• Def. i is said to be user sensitive, if there
exists a state S=<E, u, P, R>, for which i is sensitive
• In other words, i is user sensitive if i is sensitive under user mode
![Page 51: Popek & Goldberg’s notation](https://reader034.vdocument.in/reader034/viewer/2022051700/56816380550346895dd46313/html5/thumbnails/51.jpg)
Formal Requirements for Virtualizable Third Generation
ArchitectureGerald J. Popek and Robert P. Goldberg
Haipeng Cai and Siyuan Jiang 5
2Haipeng Cai and Siyuan Jiang
[1] G. Popek, R. Goldberg, “Formal requirements for virtualizable third generation architectures”, Commun. ACM, vol. 17, pp. 412-421, 1974.
Reference