Formal Models of Operating System Kernels phần 1 pdf

... Introduction 1 1.2 Feasibility 2 1. 3 WhyBuildModels? 4 1. 4 ClassicalKernelsandReﬁnement 5 1. 5 HardwareandItsRoleinModels 11 1. 6 OrganisationofthisBook 13 1. 7 ChoicesandTheirJustiﬁcations 14 2 Standard ... an operating system. OS Kit is a software kit, not a formal speciﬁcation or modellingtool.Iain D. Craig Formal Models of Operating System Kernels ContentsPreface vii 1 Introduction 1 1 .1 Introduction ... MessagePassinginVirtualStore 310 6.7 Process Creation and Termination; Swapping 311 7 Final Remarks 313 7 .1 Introduction 313 7.2 Review 313 7.3 FutureProspects 316 References 319 List of Deﬁnitions 3 21 Index 3 31 24 2...

Formal Models of Operating System Kernels phần 10 pot

... 11 7AddProcessToTable 11 7AddProcessToZombies 11 9AllDescendants 11 9CanGenPId 11 6CreateIdleProcess 68, 11 5DelChildOfProcess 11 9DelCodeOwner 11 8DelCodeSharer 11 8deleteProcessFromTable 11 7DelProcess ... 68, 11 7DescrOfProcess 68, 11 7GotZombies 12 0INIT69, 11 3, 209IsCodeOwner 11 9IsKnownProcess 11 6KillAllZombies 12 0MakeZombieProcess 12 0MessageForDriver 210 NewPId 11 6ParentOfProcess 12 1ProcessHasChildren ... 39, 67termination, 19 1, 232, 311 user, 10 6, 12 7zombie, 11 2, 11 8, 11 9, 19 7PSU, 14 5Queue, 93FIFO, 21, 10 3Priority, 77priority, 71 multi-level, 88, 13 0process, 58, 94, 12 7ready, 6, 52RC4000,...

Formal Models of Operating System Kernels phần 9 potx

... Npgallocstart =0The value of 0 is completely arbitrary, as is now explained.Some systems map a virtual copy of the operating system onto the vir-tual address space of each user space (and some ... 1} N256== 0 255(N256is just the naturals 0 2 16 − 1 i.e., a 16 -bit unsigned.)The computation of the counter value forms part of the predicate of schemaComputeHitCounts. To deﬁne a swap-out ... appear, atﬁrst sight, that VM 1 and VM2will be bisimilar. Indeed, this is the case.Proposition 16 6. Processes VM 1 and VM2are not bisimilar.Proof. Both VM 1 and VM2were encoded in the...

Formal Models of Operating System Kernels phần 8 pot

... comprising the system- call library all send and receivemessages. Therefore, the rest of the proof must be in terms of the properties of the message-passing subsystem.The message-passing subsystem is ... KernIntf process. ✷Corollary 10 . Message passing can be used to implement mutual exclusion.Proof. By Propositions 11 2 and 11 4. ✷5.6 Kernel Interface 237RunProcess =∀ i :1 ∞•(∃ m : SYSCALLMSG ... disjointness of segments.(∀ p : APREF | p ∈ dom pagetable •(∀ sg 1 , sg2: SEGMENT •(sg 1 = sg2∧sg 1 ∈ dom pagetable(p) ∧ sg2∈ dom pagetable(p)) ⇒dom pagetable(p)(sg 1 ) ∩ dom pagetable(p)(sg2)=∅))(∀...

Formal Models of Operating System Kernels phần 7 doc

... prove some fairly general properties of themessage-passing system. Proposition 11 2. The message-passing mechanism is synchronous.Proof. By the predicates of SendMessage and RcvMessage.If the ... bound to thevalue of currentp by sched.CurrentProcess. ✷Proposition 11 9. The receiver of a message is always the current process.Proof. By reasoning similar to the ﬁrst paragraph of the previous ... message contains the identiﬁer of the sending process. Italso contains two natural numbers (elements of N). They denote the size of the data area and the size of the stack area that are, respectively,...

Formal Models of Operating System Kernels phần 6 pptx

... processes,where s=s 1, 1s 1, 2. (More simply but less generally assume s 1 = s 1 sm.)If #s 1 = n and #sm= m,ands 1 = s 1, 1s 1, 2and #s 1, 1+#s 1, 2= n,then#(s 1, 1sms 1, 2)=n + m.Sinceqprio(p) ... the priority of p is not recomputed.Proof. Let procs = s 1 ps2with #s 1 = n. By Proposition 21 (case 2iii),s 1 = s 1, 1sms 1, 2,where#sm= m,andsnare sequences of new processes,where ... then: 1. If the length of P is exactly 1, P= P.2. If the length of P is exactly 2, then p is either the ﬁrst or last element of P.Proof. There are two cases. 1. If p ∈ P and #P =1, thenP...

Formal Models of Operating System Kernels phần 5 pps

... composed of operationsthat are identical to those deﬁned in the last chapter.4.8 General Results 19 9Proposition 10 1. When a process is swapped in, it enters the ready queue.Proof. The predicate of ... an idea of some of the other things that might need to be handled during termination).If a process is on disk when it is terminated (say, because of system ter-mination or because of some error ... to determine all the children of a parent process.4.8 General ResultsThis ﬁnal section contains the proof of a number of propositions that dealwith properties of the kernel.The propositions...

Formal Models of Operating System Kernels phần 4 pot

... h2)= # ran((holes \{h 1 }) \{h2})+#ranmergememholes(h 1 , h2)= # ran((holes \{h 1 }) \{h2}) +1 = (#(ran holes \{h 1 }) − 1) + 1 = (#(ran holes) − 2) + 1 = # ran holes − 1 ≤ # ran holes✷If ... a hole of size n 1 + n2.Proof. Since h 1 and h2are adjacent, they can be merged. The deﬁnition of mergememholes is:∀ h 1 , h2: MEMDESC •(lowerhole addr(h 1 , h2), memsize(h 1 )+memsize(h2))The ... p,BlockProcessChildren ⇒ (∀ p 1 : APREF | childof (p 1 , p) • p ∈ ran userqueue )Proof. The predicate of BlockProcessChildren contains an instance of MakeUnready inside the scope of the universal quantiﬁer....

Formal Models of Operating System Kernels phần 3 ppt

... procsran childof ⊆ known procs ∧ ran childof = ran parentchildof∼= parentof ∧ code owners ⊆ dom parentof(∀ p 1 , p2: APREF •p 1 ∈ dom blockswaiting ∧p2∈ blockswaiting(p 1 ) ⇒(p 1 ∈ code ... Management 12 1ProcessHasParentp?:APREF(∃ p 1 : APREF •parentof (p 1 , p?))RemoveProcessFromParent∆(parentof )parent?, child?:APREFparentof= parentof \{(parent?, child?)}ParentOfProcessp?:APREFparent!:APREF(∃ ... =#(s 1 ps2)=#s 1 +#p +#s2=#s 1 +1+ #s2= 1+ #s 1 +#s2= 1+ #elts✷Proposition 54. Let q be readyqueues(pr), where pris the priority of process,p. If p is an element of q, then MakeUnready[p/pid?]...

Formal Models of Operating System Kernels phần 2 pps

... instantiation of the genericQUEUE type or of a new type.28 2 Standard and Generic ComponentsThe hardware process is deﬁned as:HW = start.HW 1 HW 1 =(i 1 .saveregs + HW 1 +setregs.HW 1 +getregs.HW 1 +restoreregs.HW 1 ) ... interruptsoccur during the execution of a piece of code. They are used as a kind of low-level mutual exclusion mechanism.4.3 Common Structures 10 1Proof. By a previous Lemma (Lemma 5), | scnt| ... performed, the inclusion of IdleProcRef and the ex-clusion of NullProcRef are of some importance. They determine the range of possible values for the domains of the components of process descriptors....

Xem thêm