Formal Models of Operating System Kernels phần 1 pdf

... Introduction 1 1.2 Feasibility 2 1. 3 WhyBuildModels? 4 1. 4 ClassicalKernelsandRefinement 5 1. 5 HardwareandItsRoleinModels 11 1. 6 OrganisationofthisBook 13 1. 7 ChoicesandTheirJustifications 14 2 Standard ... an operating system. OS Kit is a software kit, not a formal specification or modelling tool. Iain D. Craig Formal Models of Operating System Kernels Contents...

Ngày tải lên: 23/07/2014, 23:20

... 11 7 AddProcessToTable 11 7 AddProcessToZombies 11 9 AllDescendants 11 9 CanGenPId 11 6 CreateIdleProcess 68, 11 5 DelChildOfProcess 11 9 DelCodeOwner 11 8 DelCodeSharer 11 8 deleteProcessFromTable 11 7 DelProcess ... 68, 11 7 DescrOfProcess 68, 11 7 GotZombies 12 0 INIT 69, 11 3, 209 IsCodeOwner 11 9 IsKnownProcess 11 6 KillAllZombies 12 0 MakeZombieProcess 12 0 MessageForD...

Ngày tải lên: 23/07/2014, 23:20

... N pgallocstart =0 The value of 0 is completely arbitrary, as is now explained. Some systems map a virtual copy of the operating system onto the vir- tual address space of each user space (and some ... 1} N 256 == 0 255 (N 256 is just the naturals 0 2 16 − 1 i.e., a 16 -bit unsigned.) The computation of the counter value forms part of the predicate of schema ComputeHitCou...

Ngày tải lên: 23/07/2014, 23:20

... comprising the system- call library all send and receive messages. Therefore, the rest of the proof must be in terms of the properties of the message-passing subsystem. The message-passing subsystem is ... KernIntf process. ✷ Corollary 10 . Message passing can be used to implement mutual exclusion. Proof. By Propositions 11 2 and 11 4. ✷ 5.6 Kernel Interface 237 RunProcess = ∀ i :1...

Ngày tải lên: 23/07/2014, 23:20

... prove some fairly general properties of the message-passing system. Proposition 11 2. The message-passing mechanism is synchronous. Proof. By the predicates of SendMessage and RcvMessage. If the ... bound to the value of currentp by sched.CurrentProcess. ✷ Proposition 11 9. The receiver of a message is always the current process. Proof. By reasoning similar to the first paragraph...

Ngày tải lên: 23/07/2014, 23:20

... processes, where s = s 1, 1  s 1, 2 . (More simply but less generally assume s  1 = s 1  s m .) If #s 1 = n and #s m = m,ands 1 = s 1, 1  s 1, 2 and #s 1, 1 +#s 1, 2 = n,then #(s 1, 1  s m  s 1, 2 )=n + m.Sinceqprio(p) ... the priority of p is not recomputed. Proof. Let procs = s 1  p  s 2 with #s 1 = n. By Proposition 21 (case 2iii), s  1 = s 1, 1  s m ...

Ngày tải lên: 23/07/2014, 23:20

... composed of operations that are identical to those defined in the last chapter. 4.8 General Results 19 9 Proposition 10 1. When a process is swapped in, it enters the ready queue. Proof. The predicate of ... an idea of some of the other things that might need to be handled during termination). If a process is on disk when it is terminated (say, because of system ter- mination or...

Ngày tải lên: 23/07/2014, 23:20

... h 2 ) = # ran((holes \{h 1 }) \{h 2 })+#ranmergememholes(h 1 , h 2 ) = # ran((holes \{h 1 }) \{h 2 }) +1 = (#(ran holes \{h 1 }) − 1) + 1 = (#(ran holes) − 2) + 1 = # ran holes − 1 ≤ # ran holes ✷ If ... a hole of size n 1 + n 2 . Proof. Since h 1 and h 2 are adjacent, they can be merged. The definition of mergememholes is: ∀ h 1 , h 2 : MEMDESC • (lower hole addr(...

Ngày tải lên: 23/07/2014, 23:20

... procs ran childof ⊆ known procs ∧ ran childof = ran parent childof ∼ = parentof ∧ code owners ⊆ dom parentof (∀ p 1 , p 2 : APREF • p 1 ∈ dom blockswaiting ∧ p 2 ∈ blockswaiting(p 1 ) ⇒ (p 1 ∈ code ... Management 12 1 ProcessHasParent p?:APREF (∃ p 1 : APREF • parentof (p 1 , p?)) RemoveProcessFromParent ∆(parentof ) parent?, child?:APREF parentof  = parentof \{(parent?, child?)...

Ngày tải lên: 23/07/2014, 23:20

... instantiation of the generic QUEUE type or of a new type. 28 2 Standard and Generic Components The hardware process is defined as: HW = start.HW 1 HW 1 =(i 1 .saveregs + HW 1 +setregs.HW 1 +getregs.HW 1 +restoreregs.HW 1 ) ... interrupts occur during the execution of a piece of code. They are used as a kind of low- level mutual exclusion mechanism. 4.3 Common Structures...

Ngày tải lên: 23/07/2014, 23:20