Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 38 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
38
Dung lượng
398,95 KB
Nội dung
[...]... operating systems (for example, [29, 11 , 26] to cite but three from the past twenty years) The classical operating system kernel is to be found in most of the systems today: Unix, POSIX and Linux, Microsoft’s NT, IBM’s mainframe operating systems and many real-time kernels In days of greater diversity, it was the approach adopted in the design of Digital Equipment’s operating systems: RSTS, RSX 11/ M, TOPS10,... sapere aude – Horace, Epistles, I, ii, 40 1. 1 Introduction Operating systems are, arguably, the most critical part of any computer system The kernel manages the computational resources used by applications Recent episodes have shown that the operating system is a significant thorn in the side of those desiring secure systems The reliability of the entire operating system, as well as its performance, depends... model, say Iliffe’s Basic Language Machine [17 ], might turn out to be a different story but one that is outside the scope of the present book and its models 1. 5 Hardware and Its Role in Models Hardware is one of the reasons for the existence of the kernel Kernels abstract from the details of individual items of hardware, even processors in the case of portable kernels Kernels also deal directly with hardware... the NICTA Workshop in 2004 on operating systems verification [23]; Zhou and Black’s work [37] Much of the formal work on operating systems has been verificational in nature That is, given some working software, an attempt is made to justify that software by constructing a formal model This is clearly in evidence in the NICTA Workshop [23] papers about the L4 kernel [13 , 31] Formal methods in this case... existence proof 1. 3 Why Build Models? It has always been clear to the author that a formal specification could serve as more than a basis for refinement to code A formal specification constitutes a formal model; important properties can be proved before any code is written This was one of the reasons for writing [10 ] In addition to that book, formal models and proofs were used by the author as a way of exploring...List of Figures 1. 1 The layers of the classical kernel model 4 .1 4.2 4.3 4.4 The layer-by-layer organisation of the kernel 89 The clock process in relation to its interrupt and alarm requests 17 4 Interaction between clock and swapper processes 18 6 Interaction between clock, swap and dezombifier processes 19 1 6 .1 The layer-by-layer organisation of. .. significant piece of software in its own right, but also a critical module Formal methods have been used in connection with operating systems for a long time The most obvious place for the application of mathematics is in modelling operating system queues There has been previous work in this area, for example: • • • • • the UCLA Security Kernel [32]; the work by Bevier [2] on formal models of kernels; Horning’s... argued, is detailed descriptions of new systems1 The formal specification and derivation of operating system kernels is also of clear benefit to the real-time/embedded systems community Here, the kernels tend to be quite simple and their storage management requirements less complex than in general-purpose systems like Linux, Solaris and Windows NT Embedded systems must be as reliable as possible, fault... exploring a number of new systems during the 19 90s without having to implement them (they were later implemented using the formal models) The approach has the benefit that a system s design or, indeed, an entire approach to a system, can be explored thoroughly without the need for implementation The cost (and risk) of implementation can thereby be avoided In the case of operating systems, implementation... one of the primary data types used in the specification and implementation of operating system kernels For this reason, this section contains the basic specification of the queue type, as well as a collection of proofs The queue type is quite general and is of a FIFO (First-In, First-Out) queue It is essential that a type as important as the FIFO queue is completely understood and supported by proofs of . 2006 Contents Preface vii 1 Introduction 1 1 .1 Introduction 1 1.2 Feasibility 2 1. 3 WhyBuildModels? 4 1. 4 ClassicalKernelsandRefinement 5 1. 5 HardwareandItsRoleinModels 11 1. 6 OrganisationofthisBook 13 1. 7 ChoicesandTheirJustifications.