) estégalementestégalement un autre type que nous n'avons pas présenté, qui se nettoye comme un table de pages ,
Autres points de conception du noyau C.3.4 Autres points de conception du noyau C.3.4.1 Points de préemption explicites et pending preemption Nous avons vu que certaines parties du code de mémoire virtuelle nécessitent d'? etre exécutées demanì ere non-préemptible (en particulier, cela permet d'assurer que le compteur de mappings reste « proche » du nombre réel de mappings) En général, l'implémentation de notre noyau suit le modèle d'exécution « par interrupt » [FHL + 99], i.e. avec une pile par processeur, et l'exécution du noyau ne peut donc pas s'arrêter n'importe o` u. Comme certaines opérations peuventêtrepeuventêtre longues, on permet néanmoins des préemptions dans le noyaù a des endroits contrôlés ; ce sont les points de préemption explicites. Lamanì ere la plusévidenteplusévidente d'implémenter ce mécanisme consistè a démasquer puis remasquer les interruptions (c'est ainsi que c'est réalisé dans L4/Fiasco [STT + 09 Ainsi si une interruption est en attente, elle va pouvoir s'exécuterexécuter`exécuterà ce moment. Leprobì eme de cette implémentation est son coût caché : quand on pose un point de préemption explicite, il fautêtrefautêtre prêtprêt`prêtàprêtàêtre interrompu, Cela signifie avoir libéré tous les verrous, fait tout le nettoyage nécessaire etc ; pour les reprendre ensuite dans le cas commun o` u il n'y a pas eu de préemption. Plutôt que de faire cela, nous avons mis en place un drapeau pending preemption ,
Cache coherence protocols: evaluation using a multiprocessor simulation model, ACM Transactions on Computer Systems, vol.4, issue.4, pp.273-298, 1986. ,
DOI : 10.1145/6513.6514
Mach : A new kernel foundation for unix development, pp.45-55, 1986. ,
Scheduler activations: effective kernel support for the user-level management of parallelism, ACM Transactions on Computer Systems, vol.10, issue.1, pp.53-79, 1992. ,
DOI : 10.1145/146941.146944
A theory of timed automata, Theoretical Computer Science, vol.126, issue.2, pp.183-235, 1994. ,
DOI : 10.1016/0304-3975(94)90010-8
A method and a technique to model and ensure timeliness in safety critical real-time systems, Fourth IEEE ICECCS'98, pp.2-13, 1998. ,
The mils architecture for high-assurance embedded systems. International journal of embedded systems, pp.239-247, 2006. ,
Static-priority scheduling on multiprocessors, Proceedings 22nd IEEE Real-Time Systems Symposium (RTSS 2001) (Cat. No.01PR1420), pp.27-31, 2003. ,
DOI : 10.1109/REAL.2001.990610
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.21.7889
Stack-based scheduling for realtime processes. Real-Time Syst, pp.67-99, 1991. ,
Lightweight remote procedure call, SOSP '89 : Proceedings of the twelfth ACM symposium on Operating systems principles, pp.102-113, 1989. ,
DOI : 10.1145/74851.74861
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.361.2695
Dynamic integrated scheduling of hard real-time, soft real-time and non-real-time processes, RTSS '03 : Proceedings of the 24th IEEE International Real-Time Systems Symposium, pp.396-423, 2003. ,
Understanding the Linux Kernel - 3rd edition. O'reilly, pp.22-132, 2005. ,
Generalized multiframe tasks. Real-Time Systems, pp.5-22, 1999. ,
Proportionate progress, Proceedings of the twenty-fifth annual ACM symposium on Theory of computing , STOC '93, pp.600-625, 1996. ,
DOI : 10.1145/167088.167194
Checking for race conditions in file accesses Computing systems, pp.131-152, 1996. ,
Xen and the art of virtualization Resource containers : A new facility for resource management in server systems, Proceedings of ACM SOSP '03 : Proceedings of OSDI '99, pp.164-177, 1999. ,
The mils component integration approach to secure information sharing Guide for the use of the ada ravenscar profile in high integrity systems Practical considerations for non-blocking concurrent objects, Proceedings of the 13th International Conference on Distributed Computing Systems, pp.15-102, 1993. ,
Some thoughts on security after ten years of qmail 1.0 Hybrid-priority scheduling of resource-sharing sporadic task systems, CSAW '07 : Proceedings of the 2007 ACM workshop on Computer security architecture Real-Time and Embedded Technology and Applications Symposium, pp.1-10, 2007. ,
The keykos nanokernel architecture, Proceedings of the USENIX Workshop on Micro-Kernels and Other Kernel Architectures, pp.95-112, 1992. ,
Fast mutual exclusion for uniprocessors, ASPLOS-V : Proceedings of the fifth international conference on Architectural support for programming languages and operating systems, pp.223-233, 1992. ,
Translation lookaside buffer consistency : a software approach ,
Extensibility, safety and performance in the SPIN operating system, 15th Symposium on Operating Systems Principles, pp.267-284, 1995. ,
Rate Monotonic vs. EDF: Judgment Day, Real-Time Systems, vol.29, issue.1, pp.5-26, 2005. ,
DOI : 10.1023/B:TIME.0000048932.30002.d9
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.107.214
Runtime performance analysis of the m-to-n scheduling model, p.177, 1996. ,
A caching model of operating system kernel functionality, Proceedings of the 1st Symposium on Operating Systems Design and Implementation (OSDI), pp.179-193, 1994. ,
Deterministic distributed safety-critical real-time systems within the OASIS approach, 17th IASTED PDCS'05, pp.33-212, 2005. ,
An experiment using registers for fast message-based interprocess communication, SIGOPS Oper. Syst. Rev, vol.18, issue.4, pp.12-20, 1984. ,
An experimental time-sharing system, Proceedings of the May 1-3, pp.335-344, 1962. ,
Introduction and overview of the Multics system. In AFIPS '65 (Fall, part I) : Proceedings of the, fall joint computer conference, part I, pp.185-196, 1965. ,
The OASIS based qualified display system, Proceedings ANS (NPIC&HMIT 2004), pp.33-65, 2004. ,
Fault tolerant operating systems, ACM Computing Survey, vol.8, issue.102, pp.359-389, 1976. ,
Control robotics : The procedural control of physical processes Programming semantics for multiprogrammed computations, IFIP Congress, pp.807-813, 1966. ,
The structure of the " the " -multiprogramming system Multiprocessor online scheduling of hard-real-time tasks, Commun. ACM IEEE Transactions on Software Engineering, vol.11, issue.1512, pp.341-3461497, 1968. ,
Implementing atomic sequences on uniprocessors using rollforward. Software : Practice and Experience, pp.1-23, 1996. ,
A portable kernel abstraction for low-overhead ephemeral mapping management USENIX Association Kernel design for isolation and assurance of physical memory, ATEC '05 : Proceedings of the USENIX Annual Technical Conference 1st Workshop on Isolation and Integration in Embedded Systems (IIES'08), pp.28-28, 2005. ,
Dpf : fast, flexible message demultiplexing using dynamic code generation, SIGCOMM Comput. Commun. Rev, vol.26, issue.4, pp.53-59, 1996. ,
Exokernel : an operating system architecture for application-level resource management, Proceedings of SOSP '95, pp.251-266, 0200. ,
Future directions in the evolution of the l4 microkernel, pp.25-58 ,
Process management for highly parallel unix systems, USENIX Workshop on Unix and Supercomputers, pp.1-17, 1988. ,
The design and implementation of a prototype exokernel system. Master's thesis, Massachussets Institute of Technology, 1995. ,
A Nitpicker's guide to a minimalcomplexity secure GUI, ACSAC '05 : Proceedings of the 21st Annual Computer Security Applications Conference, pp.85-94, 2005. ,
Design of the bastei os architecture, pp.62-128, 2006. ,
Microkernels meet recursive virtual machines, Proceedings of the Second Symposium on Operating Systems Design and Implementation, pp.70-96, 1996. ,
Interface and execution models in the fluke kernel, OSDI '99 : Proceedings of the third symposium on Operating systems design and implementation, pp.101-115, 1999. ,
Evolving Mach 3.0 to a migrating thread model On serializability of iterated transactions, Usenix Winter Conference PODC '82 : Proceedings of the first ACM SIGACT-SIGOPS symposium on Principles of distributed computing, pp.97-114, 0200. ,
A language theoretic approach to serialization problem in concurrent systems, FCT '85 : Fundamentals of Computation Theory, pp.128-145, 1985. ,
Practical lock-freedom Fuss, futexes and furwocks : Fast userlevel locking in Linux, Ottawa Linux Symposium, pp.43-274, 2002. ,
CPU Inheritance Scheduling, Usenix OSDI'96, pp.91-105, 1996. ,
The rise of worse is better, 1991. www.jwz.org/ doc/worse-is-better.html, p.184 ,
Building a Secure Computer System. Van Nostrand Reinhold, pp.44-47, 1988. ,
The synergy between nonblocking synchronization and operating system structure, Operating Systems Design and Implementation, pp.123-136, 0199. ,
A Hierarchical CPU Scheduler for Multimedia Operating Systems, Usenix Association Second Symposium on Operating Systems Design and Implementation (OSDI), pp.107-121, 1996. ,
The Pebble component-based operating system, Proceedings of the 1999 USENIX Technical Conference, pp.267-282, 1999. ,
Sealing OS processes to improve dependability and safety, ACM SIGOPS Operating Systems Review, vol.41, issue.3, pp.341-354, 1970. ,
DOI : 10.1145/1272998.1273032
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.93.211
Self-paging in the nemesis operating system, Operating Systems Design and Implementation, pp.73-86, 1999. ,
KeyKOS architecture, ACM SIGOPS Operating Systems Review, vol.19, issue.4, pp.50-83, 1985. ,
DOI : 10.1145/858336.858337
A Pragmatic Implementation of Non-blocking Linked-lists, Lecture Notes in Computer Science, vol.2180, pp.300-153, 2001. ,
DOI : 10.1007/3-540-45414-4_21
Adequacy between AUTOSAR OS specification and real-time scheduling theory, Industrial Embedded Systems SIES'07. International Symposium on, pp.225-233, 2007. ,
User-Level Management of Kernel Memory, Proceedings of the 8th Asia-Pacific Computer Systems Architecture Conference, p.25, 2003. ,
DOI : 10.1007/978-3-540-39864-6_23
A methodology for implementing highly concurrent data structures, PPOPP '90 : Proceedings of the second ACM SIGPLAN symposium on Principles & practice of parallel programming, pp.197-206, 1990. ,
A methodology for implementing highly concurrent data objects, ACM Transactions on Programming Languages and Systems, vol.15, issue.5, pp.745-770, 1993. ,
DOI : 10.1145/161468.161469
Revocable locks for non-blocking programming, Proceedings of the tenth ACM SIGPLAN symposium on Principles and practice of parallel programming , PPoPP '05, pp.72-82, 2005. ,
DOI : 10.1145/1065944.1065954
The performance of µ-kernel-based systems, SOSP '97 : Proceedings of the sixteenth ACM symposium on Operating systems principles, pp.66-77, 1997. ,
An architectural overview of qnx, Proceedings of the Workshop on Micro-kernels and Other Kernel Architectures, pp.113-126, 1992. ,
The Spring nucleus : A microkernel for objects, pp.58-60, 1993. ,
Jails : Confining the omnipotent root On-line scheduling of real-time tasks Obstruction-free synchronization : Double-ended queues as an example, Proc. 2nd Intl. SANE Conference Proceedings of the 23rd IEEE International Conference on Distributed Computing Systems, pp.1991326-1331, 1992. ,
Transactional memory : architectural support for lock-free data structures, ISCA '93 : Proceedings of the 20th annual international symposium on Computer architecture, pp.289-300, 1993. ,
Reducing TCB size by using untrusted components, Proceedings of the 11th workshop on ACM SIGOPS European workshop: beyond the PC , EW11, pp.43-84, 2004. ,
DOI : 10.1145/1133572.1133615
Linearizability: a correctness condition for concurrent objects, Int09] Intel. Intel 64 and IA-32 Architectures Software Developer's Manual, pp.463-492, 1990. ,
DOI : 10.1145/78969.78972
Modular real-time resource management in the rialto operating system. hotos, pp.12-52, 1995. ,
CPU reservations and time constraints, ACM SIGOPS Operating Systems Review, vol.31, issue.5, pp.198-211, 1997. ,
DOI : 10.1145/269005.266689
Distributed fault-tolerant real-time systems: the Mars approach, IEEE Micro, vol.9, issue.1, pp.25-40, 1989. ,
DOI : 10.1109/40.16792
Application performance and flexibility on exokernel systems, SOSP '97 : Proceedings of the sixteenth ACM symposium on Operating systems principles, pp.52-65, 0198. ,
seL4, Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, SOSP '09, pp.45-260, 1988. ,
DOI : 10.1145/1629575.1629596
Evolution of the PikeOS microkernel, MIKES 2007 : 1st International Workshop on Microkernels for Embedded Systems Lampson. A note on the confinement problem, pp.50-58, 1971. ,
A new solution of Dijkstra's concurrent programming problem, Communications of the ACM, vol.17, issue.8, pp.453-455, 1974. ,
DOI : 10.1145/361082.361093
Concurrent reading and writing, Communications of the ACM, vol.20, issue.11, pp.806-811, 1977. ,
DOI : 10.1145/359863.359878
How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs, IEEE Transactions on Computers, vol.28, issue.9, pp.690-691, 1979. ,
DOI : 10.1109/TC.1979.1675439
Concurrent reading and writing of clocks, ACM Transactions on Computer Systems, vol.8, issue.4, pp.305-310, 1990. ,
DOI : 10.1145/128733.128736
Policy/mechanism separation in Hydra, Proceedings of SOSP '75, pp.132-140, 1975. ,
ChristopheAussagù es, and Guy Vidal-Naquet. A new representation for the scheduling problem and BIBLIOGRAPHIE its applications, Proceedings WiP IEEE RTSS'06, pp.89-92, 2006. ,
Equivalence between schedule representations : Theory and applications Extension d'un système temps-réel sur multiprocesseur, RTAS, vol.0, issue.33, pp.237-247, 2006. ,
DOI : 10.1109/rtas.2008.17
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.537.5104
Os-controlled cache predictability, Proceedings of the 3rs IEEE Real-time Technology and Applications Symposium (RTAS), pp.25-280, 1984. ,
Improving IPC by kernel design On micro-kernel construction, Proceedings of SOSP'93 SOSP '95 : Proceedings of the fifteenth ACM symposium on Operating systems principles, pp.45-128, 1993. ,
Improved address-space switching on Pentium processors by transparently multiplexing user address spaces Arbeitspapiere der GMD No. 933, GMD ? German National Research Center for Information Technology Preventing denialof-service attacks on a microkernel for weboses, Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI), pp.99-124, 1995. ,
Operating system structures to support security and reliable software, ACM Comput. Surv, vol.8, issue.112, pp.409-445, 1976. ,
Number of faults per line of code Software Engineering Scheduling algorithms for multiprogramming in a hard-real-time environment, 34 BIBLIOGRAPHIE [LMR00] S. Loureiro, R. Molva, and Y. Roudier. Mobile code security. Proceedings of ISYPAR, pp.437-439, 1973. ,
Mach 3 Kernel Principles. Open Software Foundation and Carnegie Mellon University Reflections on an operating system design, Commun. ACM, vol.119, issue.25, pp.62-260251, 1976. ,
Synthesis : An Efficient Implementation of Fundamental Operating System Services Making paths explicit in the scout operating system, Proceeding of the USENIX 2nd Symposium on OS Design and Implementation (OSDI '96), pp.30-274, 1992. ,
Eliminating receive livelock in an interrupt-driven kernel Paradigm regained : Abstraction mechanism for access control, ACM Transactions on Computer Systems, vol.15, issue.84, pp.217-252, 1997. ,
First-class user-level threads, Proceedings of the13th ACM Symposium on Operating Systems Principle, pp.110-121, 1991. ,
Processor capacity reserves for multimedia operating systems Capability myths demolished, pp.64-67, 1993. ,
DOI : 10.1109/mmcs.1994.292439
Principled assuredly trustworthy composable architectures The cambridge cap computer and its protection system, SOSP '77 : Proceedings of the sixth ACM symposium on Operating systems principles, pp.43-76, 1977. ,
Single unix specification, version 3 An empirical study into the security exposure to host of hostile virtualized environments. CanSecWest Myths about the mutual exclusion problem, BIBLIOGRAPHIE Information Processing Letters, vol.12, issue.3, pp.24-65, 1981. ,
Overview of the chorus distributed operating systems, pp.45-56, 1991. ,
Automatic device driver synthesis with termite, Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, SOSP '09, pp.145-219, 2009. ,
DOI : 10.1145/1629575.1629583
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.163.3940
Dingo, Proceedings of the fourth ACM european conference on Computer systems, EuroSys '09, pp.145-185, 1974. ,
DOI : 10.1145/1519065.1519095
Protection dans les architectures de systèmes flexibles, pp.65-67, 2003. ,
Resource Kernels: A Resource-Centric Approach to Real-Time and Multimedia Systems, SPIE/ACM Conference on Multimedia Computing and Networking, p.29, 1998. ,
DOI : 10.1016/B978-155860651-7/50127-3
The Structure of a Multi-Service Operating System, pp.72-204, 0200. ,
A Distributed Secure System, Computer, vol.16, issue.7, pp.55-67, 1983. ,
DOI : 10.1109/MC.1983.1654443
The UNIX time-sharing system, Commun. ACM, vol.17, issue.7, pp.365-375, 1974. ,
Design and verification of secure systems, Eighth ACM Symposium on Operating System Principles (SOSP), pp.12-21, 1981. ,
DOI : 10.1145/1067627.806586
A trusted computing base for embedded systems, 7th DoD/NBS Computer Security Initiative Conference, pp.294-311, 1984. ,
Kernels for safety, Safe and Secure Computing SystemsProceedings of a Symposium, pp.210-220, 1986. ,
transitivity, and channel-control security policies SRI International, dec 1992 Partitioning in avionics architectures : Requirements, 1998, pp.38-39 ,
Design evolution of the eros single-level store, ATEC '02 : Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference, pp.59-72, 2002. ,
Towards a verified, general-purpose operating system kernel, NICTA Formal Methods Program Workshop on Operating Systems Verification, pp.1-19, 2004. ,
Dealing with disaster, IWOOOS '96 : Proceedings of the 5th International Workshop on Object Orientation in Operating Systems (IWOOOS '96), pp.213-227, 1996. ,
DOI : 10.1145/248155.238779
EROS: a principle-driven operating system from the ground up, IEEE Software, vol.19, issue.1, pp.26-33, 2002. ,
DOI : 10.1109/52.976938
A capability system, pp.25-116, 1999. ,
Vulnerabilities in synchronous IPC designs, Proceedings 19th International Conference on Data Engineering (Cat. No.03CH37405), pp.58-118, 2003. ,
DOI : 10.1109/SECPRI.2003.1199341
Defending against denial of service attacks in Scout, Proceedings of USENIX OSDI'99, pp.53-81, 1999. ,
The Spring kernel: a new paradigm for real-time operating systems, ACM SIGOPS Operating Systems Review, vol.23, issue.3, pp.54-71, 1989. ,
DOI : 10.1145/71021.71024
Real-time operating systems Priority inheritance protocols : An approach to real-time synchronization, Real-Time Syst. IEEE Trans. Comput, vol.28, issue.399, pp.237-2531175, 1990. ,
A hardware architecture for implementing protection rings The protection of information in computer systems, Commun. ACM Communication of the ACM, vol.15, issue.100, pp.157-170, 1972. ,
Eros : a fast capability system, ACM Symposium on Operating Systems Principles (SOSP'99), pp.170-185, 1999. ,
Network subsystems reloaded : a high-performance, defensible network subsystem, Proceedings of the USENIX Annual Technical Conference, pp.19-19, 2004. ,
Preemption Abstraction, LNCS / Proceeding of FMICS 2009, p.289, 2009. ,
DOI : 10.1007/978-3-642-04570-7_12
Design of the eros trusted window system, SSYM'04 : Proceedings of the 13th conference on USENIX Security Symposium, pp.165-178, 2004. ,
Fast Component Interaction for Real-Time Systems, 17th Euromicro Conference on Real-Time Systems (ECRTS'05), pp.89-97, 2005. ,
DOI : 10.1109/ECRTS.2005.16
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.67.9449
Modern Operating Systems ,
Secretly monopolizing the cpu without superuser privileges, USENIX Security Symposium, p.32, 2007. ,
UNIX implementation. The Bell System Technical Journal, pp.1931-1940, 1978. ,
Kea -a dynamically extensible and configurable operating system kernel. iccds, 00 :236, pp.59-60, 1996. ,
A critique of the GNU Hurd multi-server operating system, SIGOPS Oper. Syst. Rev, vol.41, issue.4, pp.30-39, 2007. ,
Hydra : The kernel of a multiprocessor operating system, Commun. ACM, vol.17, issue.84, pp.337-345, 1974. ,
The Campridge CAP Computer and Its Operating System, Global variable considered harmful. SIG- PLAN Not, vol.8, issue.2, pp.51-5928, 1973. ,
Scale and performance in the Denali isolation kernel, ACM SIGOPS Operating Systems Review, vol.36, issue.SI, pp.195-209, 2002. ,
DOI : 10.1145/844128.844147
Implementation of Fast Address-Space Switching and TLB Sharing on the StrongARM Processor, Proceedings of the 8th Asia-Pacific Computer Systems Architecture Conference, pp.99-122, 2003. ,
DOI : 10.1007/978-3-540-39864-6_28