标签:
In order to virtualize the CPU, the operating system needs to somehow share the physical CPU
among many jobs running seemingly at the same time. The basic idea is simple: run one process
for a little while, then run another one, and so forth. By time sharing the CPU in this manner,
virtualization is achieved. There are a few challenges, however, in building such virtualization
machinery. The first is performance: how can we implement virtualization withour adding excessive
overhead to the system? The second is control: how can we run processes efficiently while retaining
control over the CPU? Control is particularly important to the OS, as it is in charge of resources;
without control, a process could simply run forever and take over the machine, or access information
that it should not be allowed to access. Attaining performance while maintaining control is thus one
of the central challenges in building an operating system.
Basic Technique: Limited Direct Execution
To make a program runs as fast as one might expect, not surprisingly OS developers came up with
a technique, which we called Limited Direct Execution. The "direct execution" part of the idea is simple:
just run the program directly on the CPU. Thus, when the OS wished to start a program, it creates a process
entry for it in a process list, allocates some memory for it, loads the program code into memory (from
disk), locates its entry point (i.e. the main() routine or something similar), jumps to it, and starts running
the user‘s code. Sounds simple, no? But this approach gives rise to a few problems in our quest to
virtualize the CPU. The first is simple: if we just run a program, how can the OS make sure the program
does not do anything that we do not want it to do, while still running it efficiently? The second: when
we are running a process, how does the operating system stop it from running and switch to another
process; thus implementing the time sharing we require to virtualize the CPU? In answering these questions
below, we will get a much better sense of what is needed to virtualize the CPU. In developing these
techniques, we will also see where the "limited" part of the name arises from; without limits on running
program the OS would not be in control of anything and thus would be "just a library" --- a very sad state
of affairs for an aspiring operating system.
Restricted Operations
Direct execution has the obvious advantage of being fast, the program runs natively on the hardware CPU
and thus executes as quickly as one would expects. But running on the CPU introducing a problem: what if
the process wishes to perform some kind of restricted operation, such as issuing an I/O request to a disk,
or gaining access to more resources such as CPU or memory?
Tip: Use Protected Control Transfer
The hardware assists the OS by providing different modes of execution. In user mode, applications do not
have full access to hardware resources. In kernel mode, the OS has access to the full resources of the
machine. Special instructions to trap into the kernel and return-from-trap back to user mode programs
are also provided, as well instructions that allow the OS to tell the hardware where the trap table in the
memory.
One approach would simply be to let any process do whatever it wants in terms of I/O and other related
operations. However, doing so would prevent the construction of many kinds of systems that are desired.
For example, if we wish to build a file system that checks permissions before granting access to a file, we
can not simply let user process issue I/O to the disk; If we did, a process could simply read or write the
entire disk and thus all protections would be lost. Thus, the approach we take to is introduce a new processor
mode, known as kernel mode; code that runs in user mode is restricted in what it can do. For example,
when running in user mode, a process can not issue I/O request; doing so would result in the processor
raising an exception; the
Operating System: Three Easy Pieces --- Limited Directed Execution (Note)
标签:
原文地址:http://www.cnblogs.com/miaoyong/p/4884967.html
