1 / 26

What the paper is trying to present

SMU SRG reading by Tey Chee Meng: Gerwin Klein and Harvey Tuch, “Towards Verified Virtual Memory in L4,” in TPHOLs Emerging Trends '04 , ed. Konrad Slind (Park City, Utah, USA, 2004), 16 pages. All figures in this presentation are taken from the paper. What the paper is trying to present.

sasson
Télécharger la présentation

What the paper is trying to present

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SMU SRG reading by Tey Chee Meng:Gerwin Klein and Harvey Tuch, “Towards Verified Virtual Memory in L4,” in TPHOLs Emerging Trends '04, ed. Konrad Slind (Park City, Utah, USA, 2004), 16 pages.All figures in this presentation are taken from the paper

  2. What the paper is trying to present

  3. Proof of functionality of the VM subsystem of the L4 microkernel • L4 - microkernel (10000 lines of C++ and assembly code) • Main abstractions: • threads • address space • IPC

  4. Scope • Paper covers • abstract model + properties derived from abstract model • Refinement + how properties were preserved • This SRG covers only the first part

  5. Abstract address space model

  6. Operations - unmap • unmap n v • 'a space n unmaps v if it removes all mappings that depend on Virtual n v, or in terms of paths if it removes all edges leading to Virtual n v'

  7. Operations - unmap • unmap implemented using function clear • clear: • 'given name n, page v, and address space σ in a state s, returns σ with all v' leading to Virtual n v mapped to None'

  8. Isabelle/HOL explanations

  9. Operations - unmap • For every v' in the space σ in state s • For the case v' has no mapping, return unchanged • For the case where there is some mapping m • if m leads to a path to virtual n v, then remove the mapping • else leave it unchanged

  10. Operations - unmap • For every space n' in the state s • For the case where n' does not correspond to any space, return unchanged • For the case where n' is defined, execute the function n v s σ

  11. Operations - flush • flush n v • 'unmap followed by setting n,v to None'

  12. Operations - map • map n v n' v' s • 'Address space n maps page v to n' at v'. The destination n',v' is first flushed and then updated with the new mapping Virtual n v. '

  13. Preliminary definitions • m valid in state s • if it is a physical page • or if it is of the form Virtual n v and is the source of some direct path

  14. Preliminary definitions • update • Before the kernel establishes a new value, the destination is always flushed. This may invalidate the source. The operation only continues if the source is still valid, otherwise it stops

  15. Operations - map • if the mapping virtual n,v is not valid, return unchanged • else update n',v' with virtual n v

  16. Operations - grant • grant n v n' v' s • 'updates n', v' to the value of n at v and flushes the source n,v '

  17. Operations - grant • if the mapping virtual n,v is not valid, return unchanged • else • substitute σ for state s, space name n • substitute m for space σ space v • flush n,v, then update n', v' with mapping m

  18. MMU lookup • MMU lookup leads to a physical page r • or MMU lookup leads to None • if there exists a space σ corresponding to state s space name n but there is no mapping for virtual address v in n • or the space name n does not exist

  19. Initial state and changes

  20. Properties

  21. Properties

  22. Properties

  23. Conclusion • Defined an abstract model of virtual memory subsystem of L4 • Proved 3 properties using the proof assistant Isabelle/HOL

More Related