Popek & Goldberg’s notation

Formal Requirements for Virtualizable Third Generation

ArchitectureGerald J. Popek and Robert P. Goldberg

Haipeng Cai and Siyuan Jiang

•Conventional third generation computer•Virtual machine monitor(VMM)

ConventionalThird Generation Computer

Processor Mode M•s: supervisor mode•u: user mode

Conventional Third Generation Computer

No I/O instructions

Memory as Executable storage E• Linear• Uniformly addressable

0 q-1… …

Relocation-bounds Register R• R=(l, b)• An index to E

0 q-1… …E

R=(l, b),address a is reached like:

0 q-1… …E

a>b-1Memorytrap(Discuss later)

a+l>q-1Memorytrap

(Discuss later)

Relocation-bounds Register Rworks in both processor modes• supervisor mode• user mode

Program Counter PAddress of next instruction• Relative to R

0 q-1… …E

State S=<E, M, P, R>The current state of the real computer system• E: executable storage• M: processor mode• P: program counter• R: relocation-register

PSW:Program status word

PSW=<M, P, R>

0 q-1… …E

Old-PSW

Next-PSWConventional Third Generation

Computer

State S=<E, M, P, R>Notation C • is the finite set of states

Instruction i• is a function f: C C

Trap(an action of instruction)

0 q-1… …E1

l1 l1+b1

S1=<E1, M1, P1, R1>

<M’,P’,R’>

<M1, P1, R1>

S2,=<E2, M’, P’, R’>

E2 l' l'+b'

MemoryTrap• A trap that caused by an attempt to access an address which is beyond the bounds

0 q-1… …E

address a>b-1(memorytrap)

a>q-1(memorytrap)

Privileged instruction i• For any PSW=<e, p, r> that i does

not memorytrap, • if M=u, i traps • else if M=s, i does not trap

Sensitive instruction i• Control sensitive• Behavior

sensitive

Control sensitive instruction iThere exists a state S1=<e1, m1, p1, r1> , note i(S1)=<e2,m2,p2,r2>such that i(S1) does not memorytrap AND (r1≠r2 OR m1≠m2) is true

In other words, i is control sensitive if i intends to change one or both of• R: the available memory resources• M: the processor mode

Operator Å (for Behavior sensitive instruction)

0 q-1… …E

0 q-1……E

l+x l+x+b

Behavior sensitive instruction ii is behavior sensitive if there exists integer x and S1, S2 where S1 has m1, r1, p1 and S2 has m2(≠m1), r2=r1Åx, p2=p1such that i(S1) and i(S2) differ in one or both of• the values of available memory• the program counter

Behavior sensitive instruction i• is location sensitive, if the difference is caused by R• is mode sensitive , if the difference is caused by M

Behavior

Sensitive

Location

Sensitive

Mode Sensitiv

Relocation-bounds Register Processor Mode

Conventional third generation computerWrap Up

• S=<E,M,P,R>• Executable storage• PSW• Processor Mode• Program counter• Relocation-bounds

Register

• Instruction• Trap• Memorytrap

• Privileged instruction

• Sensitive instruction• Control Sensitive• Behavior Sensitive

Virtual Machine Monitor(VMM)

Virtual Machine Monitor

Control Program(CP)

VMM is a kind of CP

Control ProgramAssume• Control Program runs in s mode• Other programs run in u mode(In later discussion, ”program” represents the other programs)

Control Program CP=<D, A, {vi}>• Dispatcher D• Allocator A• Interpreters {vi}

Dispatcher D

D decides which module to call.E[1] has P set to D

0 q-1… …E

1PSWnext=<M, P->D, R>

Allocator A

A decides what resource(s) are to be provided.

Interpreters {vi}

One interpreter routine vi for one privileged instruction i

Virtual Machine MonitorA CP with three properties:• Efficiency property• Resource control property• Equivalence property

Efficiency property:All innocuous instructions are executed by hardware directly(with no intervention on the part of the control program)

Resource control property:Programs cannot affect the system resources.(Whenever an attempt to affect system resources, A is to be invoked.)

Equivalence property:With two exceptions(listed in the next slide), any program k performs in a manner indistinguishable from:(1)CP does not exist(2)k has freedom of access to privileged instructions

Exceptions for equivalence property:(1) The length of time required for execution changes when program runs with a CP present(2) A may not satisfy a particular request for space, then k will not execute in a same manner

Virtual MachineThe environment

which any program sees when running with a VMM present

Virtual machine monitorWrap up

• Control Program (CP)• Dispatcher• Allocator• Interpreters{vi}

• Virtual machine monitor properties• Efficiency• Resource control• Equivalence

Formal Requirements for Conventional Third Generation Computer

to be Virtualizable

Formal requirements for virtualizable third generation computer

Theorem 1For any conventional third generation computer,a VMM can be constructed, if the set of sensitive instructions (for that computer) is a subset of the set of privileged instructions

Construct a VMM (in conventional 3rd generation computer)• VM Map• Define “Equivalence property”• VM Map that satisfies three VMM properties

VM Map • is a function f: Cr->Cv which is a one-one homomorphism that is for any Si, ei, there exists a e’i, such that f(ei(Si))=e’i(f(Si))

Cr(states without VMM) Cvf(states with VMM)

Si S’i

S’jSjf

ei e'i

VM MapVM Map only maps states:• after the completion of one instruction in the real machine• before the beginning of the next instruction

Equivalence (Formal)Assume a real machine runs from S1, VM runs from f(S1).The VM is equivalent to the real machine, if and only if, for any S1,if the real machine halts in S2, then the VM halts in f(S2).

Standard VM Map(detail in next slide)

0 w-1… …

E l l+b

0 w+k-1… …E’

l+k l+k+b

<m’, p’, r’>

Standard VM Map

<m, p, r>

<m’=s, p’=CP, r’=(0,q-1)>same

set by trap handler

Standard VM MapSr<E,M,P,R>Sv<E’, M’, P’, R’>where R=(l, b), |E|=w, |CP|=k-2• E’[i+k] E[i], for i=0, w-1• E’[i] CP, for i=2 to k-1• E’[1] <m’, p’, r’>

where m’=s, p’=1st location of CP, r’=(0, q-1)• E’[0] <m, p, r> as last set by trap handler• M’ u, P’P, R’(l+k, b)

Standard VM MapIt can satisfies three propertiesif the sensitive instructions are all privileged instructionsin third generation computer

Overall Wrap up• Conventional third generation computer• Virtual machine monitor (control program)• The condition under which

VMM can be built in the conventional third generation computer

Related results: Recursive virtualization• Can a VM run a copy of the VMM?• Theorem 2: A conventional third

generation computer is recursively virtualizable if it is:

(a) virtualizable, and (b) a VMM without any timing dependencies can be constructed for it

Relax VMM definition: Hybrid VMM• Relax VMM definition so that more

third generation computers can be virtualizable

• Theorem 3: A hybrid VMM may be constructed for any conventional third generation computer where user sensitive instructions are privileged.Note1: in Theorem 1, it is all ”sensitive instructions”

Note2: user sensitive instructions are defined in next slide

User Sensitive Instructions• Def. i is said to be user sensitive, if there

exists a state S=<E, u, P, R>, for which i is sensitive

• In other words, i is user sensitive if i is sensitive under user mode

Haipeng Cai and Siyuan Jiang 5

2Haipeng Cai and Siyuan Jiang

[1] G. Popek, R. Goldberg, “Formal requirements for virtualizable third generation architectures”, Commun. ACM, vol. 17, pp. 412-421, 1974.

Reference

Popek & Goldberg’s notation

Documents

S-notation: A complete musical notation system for ... · PDF fileS-notation: A complete musical notation system for ... Making new music from sampled ... A complete musical notation

8.3 Scientific Notation. Scientific Notation 8-3 Scientific Notation

Www.mathsrevision.com Scientific Notation Standard form / Scientific Notation Scientific Notation very small numbers Scientific Notation

4-4 Scientific Notation Objective: I can write numbers using standard notation and scientific notation. Objective: I can write numbers using standard notation

Interacting with In Mrs. Goldberg’s Kitchen

Scientific Notation to Standard Notation Positive and Negative Exponents

Significant Figures & Scientific Notation Significant Figures & Scientific Notation

Composing and Interpreting Graphic Notation - Yolaannemctighe.yolasite.com/resources/After Reading Plan.pdfComposing and Interpreting Graphic Notation ... notation that demonstrates

Sigma Notation, Upper and Lower Sums Area. Sigma Notation Definition – a concise notation for sums. This notation is called sigma notation because it

Designing Systems for Next-Generation I/O Devices Mitchell Tsai, Peter Reiher, Jerry Popek UCLA May 20, 1999

3.5 – Derivative of Trigonometric Functions Derivative Notation REVIEW: Function Notation

Function Notation and Interval Notation and... · notation, interval notation Objectives: I understand function notation and know what it means to evaluate a function

Scientific Notation And Significant Figures. Scientific Notation

Mexico: Post World War II Jill Popek and Chelsea Peak

Notation Player 3 User's Guide - Notation Software

S-notation: A complete musical notation system for ...alexandersonnenfeld.com/fileadmin/user_upload/S-Notation/S... · S-notation: A complete musical notation system for scratching

13.6 Sigma Notation. Objectives : 1. Expand sequences from Sigma Notation 2. Express using Sigma Notation 3. Evaluate sums using Sigma Notation Vocabulary

Www.mathsrevision.com Scientific Notation Standard form / Scientific Notation Scientific Notation very small

Scientific Notation to Standard Notation

iSargam: music notation representation for Indian Carnatic ... · Sargam notation is a music notation language for Carnatic music. Each notation starts with specification of raga,