A Virtual Instruction Set Interface for Operating System Kernels John Criswell, Brent Monroe, Vikram Adve University of Illinois at Urbana-Champaign.

Slides:



Advertisements
Similar presentations
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.
Advertisements

MODERN OPERATING SYSTEMS Third Edition ANDREW S. TANENBAUM Chapter 3 Memory Management Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,
Chapter 6 Limited Direct Execution
Figure 2.8 Compiler phases Compiling. Figure 2.9 Object module Linking.
OS Fall ’ 02 Introduction Operating Systems Fall 2002.
OS Spring’03 Introduction Operating Systems Spring 2003.
Unix & Windows Processes 1 CS502 Spring 2006 Unix/Windows Processes.
KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.
OS Spring’04 Introduction Operating Systems Spring 2004.
Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,
Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.
CSE 451: Operating Systems Autumn 2013 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
Tanenbaum 8.3 See references
1 CS503: Operating Systems Part 1: OS Interface Dongyan Xu Department of Computer Science Purdue University.
SymCall: Symbiotic Virtualization Through VMM-to-Guest Upcalls John R. Lange and Peter Dinda University of Pittsburgh (CS) Northwestern University (EECS)
System Calls 1.
Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.
Protection and the Kernel: Mode, Space, and Context.
CS533 Concepts of Operating Systems Jonathan Walpole.
Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.
CSC 501 Lecture 2: Processes. Process Process is a running program a program in execution an “instantiation” of a program Program is a bunch of instructions.
OS provide a user-friendly environment and manage resources of the computer system. Operating systems manage: –Processes –Memory –Storage –I/O subsystem.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Introduction to Operating Systems Chapter 1. cs431 -cotter2 Lecture Objectives Understand the relationship between computing hardware, operating system,
Recall: Three I/O Methods Synchronous: Wait for I/O operation to complete. Asynchronous: Post I/O request and switch to other work. DMA (Direct Memory.
Operating Systems ECE344 Ashvin Goel ECE University of Toronto OS-Related Hardware.
OPERATING SYSTEMS Goals of the course Definitions of operating systems Operating system goals What is not an operating system Computer architecture O/S.
1 Zhao Xia Chapter 2 Process , thread, and scheduling Chapter 2 Process , thread, and scheduling —— kernel services.
Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,
Hardware process When the computer is powered up, it begins to execute fetch-execute cycle for the program that is stored in memory at the boot strap entry.
1 CSE 451 Section 2: Interrupts, Syscalls, Virtual Machines, and Project 1.
Topic 2d High-Level languages and Systems Software
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
Operating Systems Lecture November 2015© Copyright Virtual University of Pakistan 2 Agenda for Today Review of previous lecture Hardware (I/O, memory,
1 CSE451 Architectural Supports for Operating Systems Autumn 2002 Gary Kimura Lecture #2 October 2, 2002.
Lecture Topics: 10/29 Architectural support for operating systems –timers –kernel mode –system calls –protected instructions.
Operating Systems CSE 411 CPU Management Sept Lecture 10 Instructor: Bhuvan Urgaonkar.
Processor Structure and Function Chapter8:. CPU Structure  CPU must:  Fetch instructions –Read instruction from memory  Interpret instructions –Instruction.
Hardware process When the computer is powered up, it begins to execute fetch-execute cycle for the program that is stored in memory at the boot strap entry.
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
E Virtual Machines Lecture 2 CPU Virtualization Scott Devine VMware, Inc.
Operating Systems A Biswas, Dept. of Information Technology.
CSCI/CMPE 4334 Operating Systems Review: Exam 1 1.
Chapter 6 Limited Direct Execution Chien-Chung Shen CIS/UD
7-Nov Fall 2001: copyright ©T. Pearce, D. Hutchinson, L. Marshall Oct lecture23-24-hll-interrupts 1 High Level Language vs. Assembly.
Introduction to Operating Systems Concepts
Virtual Machine Monitors
MODERN OPERATING SYSTEMS Third Edition ANDREW S
Operating Systems CMPSC 473
Protection and OS Structure
CS 6560: Operating Systems Design
Session 3 Memory Management
Protection of System Resources
Lecture 24 Virtual Machine Monitors
OS Virtualization.
CSE 451: Operating Systems Spring 2012 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
Lecture Topics: 11/1 General Operating System Concepts Processes
Virtual Memory Overcoming main memory size limitation
Operating Systems Lecture 3.
The Design & Implementation of Hyperupcalls
CSE 451: Operating Systems Autumn 2003 Lecture 10 Paging & TLBs
CSE 451: Operating Systems Autumn 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 596 Allen Center 1.
CSE 451: Operating Systems Autumn 2001 Lecture 2 Architectural Support for Operating Systems Brian Bershad 310 Sieg Hall 1.
CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors
CSE 451: Operating Systems Autumn 2003 Lecture 10 Paging & TLBs
CSE 451: Operating Systems Winter 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 412 Sieg Hall 1.
CSE 471 Autumn 1998 Virtual memory
Operating Systems Structure
Introduction to Computer Systems Engineering
Presentation transcript:

A Virtual Instruction Set Interface for Operating System Kernels John Criswell, Brent Monroe, Vikram Adve University of Illinois at Urbana-Champaign

Outline Motivation LLVA-OS Design Hardware Control State Manipulation Preliminary Performance Results

Motivation OS/Hardware interface is non-standard & often machine code Difficult to analyze OS difficult to infer all control flow information some type information lost no ability to track virtual memory map changes Difficult to adapt OS memory safety transforms (SAFECode) changes in processor instruction set Difficult for hardware to infer OS behavior context switching

Motivation Solution: decouple program representation (Virtual ISA) from hardware control (Native ISA) Execution Engine translates between Virtual ISA and Native ISA Virtual ISA design aids software analysis and transformation Software Hardware Execution Engine Virtual ISA Native ISA

LLVA Code Example [MICRO 03, CGO 04] ;; LLVA Translated Code int %SumArray(int* %Array, int %Num) { bb1: %cond = setgt int %Num, 0 br bool %cond, label %bb2, label %bb3 bb2: %sum0 = phi int [%tmp10, %bb2], [0, %bb1] %i0 = phi int [%inc, %bb2], [0, %bb1] %tmp7 = cast int %i0 to long %tmp8 = getelementptr int* %Array, long %tmp7 %tmp9 = load int* %tmp8 %tmp10 = add int %tmp9, %sum0 %inc = add int %i0, 1 %cond2 = setlt int %inc, %Num br bool %cond2, label %bb2, label %bb3 bb3: %sum1 = phi int [0, %bb1], [%tmp10,%bb2] ret int %sum1 } /* C Source Code */ int SumArray(int Array[], int Num) { int i, sum = 0; for (i = 0; i < Num; ++i) sum += Array[i]; return sum; } Architecture-neutral Low-level operations SSA representation Strictly-typed High-level semantic info

LLVA-OS: Extend LLVA to OS Kernels Kernels require new functionality Hardware Control I/O MMU State Manipulation context switching

Outline Motivation LLVA-OS Design Hardware Control State Manipulation Preliminary Performance Results

Hardware Control Registration functions void llva_register_syscall (int number, int (*f)(…)) void llva_register_interrupt (int number, int (*f)(void * icontext)) void llva_register_exception (int number, int (*f)(void * icontext)) I/O int llva_io_read (void * ioaddress) void llva_io_write (void * ioaddress, int value) Memory Management void llva_load_pgtable (void * table) void * llva_save_pgtable ()

Outline Motivation LLVA-OS Design Hardware Control State Manipulation Preliminary Performance Results

Virtual and Native State Virtual State Virtual Registers Program Counter Privilege Mode Interrupt Flag Stack Pointer MMU State Native State General Purpose Registers Control Registers MMU Registers

Challenges with Virtual State Mapping between virtual state and native state changes over short time intervals, requiring a large mapping structure Manipulating virtual state is cumbersome Many virtual registers per function Many virtual registers are dead

State Saving/Restoring Instructions Solution: Expose existence of native state Define native state based on correlation to virtual state integer state floating point (FP) state Instructions void llva_save_integer (void * buffer) void llva_load_integer (void * buffer) void llva_save_fp (void * buffer, bool save_always) void llva_load_fp (void * buffer)

Interrupted Program State Execution Engine must save program state when entering the OS Problem: Want to minimize the amount of state saved No need to save FP state How do we use low latency interrupt facilities shadow registers (e.g. ARM) register windows (e.g. SPARC)

GPR 1: 0xBEEF0000 ControlReg 2: 0x4EF23465 ControlReg 1: 0xC025E525 Solution: Interrupt Context Definition: Reserved space on kernel stack Conceptually: the saved Integer State of the interrupted program On interrupt, Execution Engine saves subset of Integer State on the kernel stack Can leave state in registers if kernel does not overwrite it Kernel can convert Interrupt Context to/from Integer State Pointer to Interrupt Context passed to system call, interrupt, and trap handlers Kernel StackProcessor ControlReg 1: 0xC025E525 GPR 1: 0xBEEF0000 ControlReg 2: 0x4EF23465 GPR N: 0x GPR N: 0x

Manipulating Interrupt Context Push function frames void llva_ipush_function (void * icontext, void (*f)(…), …) Interrupt Context  Integer State void llva_icontext_save (void * icontext, void * buffer void llva_icontext_load (void * icontext, void * buffer)

Function 1 Example: Signal Handler Dispatch Save program state with llva_icontext_save () Save FP state with llva_save_fp () Push new function frame on to program stack with llva_ipush_function () Interrupt Context Signal Handler Stack User SpaceKernel Space Stack Heap Processor FP Registers Other Registers Trap Handler

Outline Motivation LLVA-OS Design Hardware Control State Manipulation Preliminary Performance Results

LLVA-OS Prototype LLVA-OS C and i386 assembly code for Pentium 3 Compiled to native code library ahead of time Some instructions inlined through header files Linux port to LLVA-OS Like a port to a new architecture Inline assembly replaced with LLVA-OS instructions Compiled with GCC and linked with LLVA-OS library

Performance Evaluation Nano- and micro-benchmarks Based on HBench-OS benchmark suite Run for 100 iterations Identify overheads in key kernel operations Macro-benchmarks Determine impact of overheads on real application loads

Nanobenchmarks

Absolute increase in page fault latency is very small User-Kernel strcpy overhead due to inefficient strcpy routine Trap entry is faster (no VM86 mode)

Microbenchmarks

Signal Handler Dispatch overhead due to extraneous FP state loading on sigreturn() Open/Close has user to kernel strncpy() overhead

Microbenchmarks: Filesystem

Maximum overhead is 2% Benchmark reads file using repeated read() calls No I/O overhead (file in buffer cache)

Microbenchmarks: TCP

Maximum overhead is 21% Server process reads at least 10 MB from client process

Performance: Macrobenchmarks

WebStone: standard workload Less than 8% overhead to thttpd

Performance: Macrobenchmarks 1.01% overhead Primarily CPU bound process

Future Work Performance tuning of LLVA-OS implementation Framework for providing additional security Memory safety for OS kernel Protect application memory from kernel Translator enforced system call policies Install time privilege bracketing

Acknowledgements Pierre Salverda David Raila LLVM Developers, past and present The Reviewers And all the others who gave us feedback and input

Summary LLVA-OS uses novel approaches to virtualize state manipulation More tuning to the implementation is necessary but possible Linux on LLVA-OS No assembly code Many compiler opportunities

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.