You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/manual.md
+24Lines changed: 24 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -102,6 +102,7 @@ This document attempts to clearly describe all of these terms, however as the co
102
102
*[notification](#notification)
103
103
*[interrupt](#irq)
104
104
*[fault](#fault)
105
+
*[domain scheduling](#domain)
105
106
106
107
## System {#system}
107
108
@@ -173,6 +174,10 @@ Runnable PDs of the same priority are scheduled in a round-robin manner.
173
174
174
175
The **passive** determines whether the PD is passive. A passive PD will have its scheduling context revoked after initialisation and then bound instead to the PD's notification object. This means the PD will be scheduled on receiving a notification, whereby it will run on the notification's scheduling context. When the PD receives a *protected procedure* by another PD or a *fault* caused by a child PD, the passive PD will run on the scheduling context of the callee.
175
176
177
+
#### Domain scheduling (experimental)
178
+
179
+
If the SDK is built with experimental domain support, the PD can be assigned to a scheduling **domain** in the system description. If a PD is assigned to a domain, then the PD will only be allowed to execute when that domain is active. Which domain is active at any given point in time is determined by the [domain schedule](#domain).
180
+
176
181
## Virtual Machine {#vm}
177
182
178
183
A *virtual machine* (VM) is a runtime abstraction for running guest operating systems in Microkit. It is similar
@@ -311,6 +316,10 @@ protection domain. The same applies for a virtual machine.
311
316
This means that whenever a fault is caused by a child, it will be delivered to the parent PD instead of the system fault
312
317
handler via the `fault` entry point. It is then up to the parent to decide how the fault is handled.
313
318
319
+
## Domain scheduling (experimental) {#domain}
320
+
321
+
Microkit can be built with experimental support for a method of temporally isolating different groups of PDs called domain scheduling. On a Microkit system, only one domain is active at a time, and the kernel alternates between domains according to a round-robin schedule. A domain schedule consists of an ordered list of domains, each with an associated length of time to run. The kernel will then activate a domain for the specified length of time; after that time has passed, it will deactivate that domain and activate the next domain for its length of time, and so on, proceeding through the list until it wraps back to the first domain. PDs are assigned to domains, such that when a certain domain is active, only PDs belonging to that domain will be scheduled to run.
322
+
314
323
# SDK {#sdk}
315
324
316
325
Microkit is distributed as a software development kit (SDK).
@@ -630,6 +639,7 @@ Within the `system` root element the following child elements are supported:
630
639
*`protection_domain`
631
640
*`memory_region`
632
641
*`channel`
642
+
*`domain_schedule` (if SDK is built with domain scheduling support)
633
643
634
644
## `protection_domain`
635
645
@@ -646,6 +656,7 @@ It supports the following attributes:
646
656
*`stack_size`: (optional) Number of bytes that will be used for the PD's stack.
647
657
Must be be between 4KiB and 16MiB and be 4K page-aligned. Defaults to 4KiB.
648
658
*`smc`: (optional, only on ARM) Allow the PD to give an SMC call for the kernel to perform. Only available when the kernel has been configured with `KernelAllowSMCCalls`. Defaults to false.
659
+
*`domain`: (optional, experimental) Specifies the name of the scheduling domain the PD belongs to.
649
660
650
661
Additionally, it supports the following child elements:
651
662
@@ -736,6 +747,19 @@ The `end` element has the following attributes:
736
747
The `id` is passed to the PD in the `notified` and `protected` entry points.
737
748
The `id` should be passed to the `microkit_notify` and `microkit_ppcall` functions.
738
749
750
+
## `domain_schedule` (experimental)
751
+
752
+
The `domain_schedule` element has has a list of up to 256 `domain` child elements. Each child specifies information about a particular domain, and the order of the child elements specifies the order in which the domains will be scheduled.
753
+
754
+
The `domain` element has the following attributes:
755
+
756
+
*`name`: Name of the domain.
757
+
*`length`: Length of time the domain will run each time it is active, in microseconds.
758
+
759
+
The `name` attribute of each `domain` element can be referenced in the `domain` attribute of a `protection_domain` element.
760
+
761
+
The `domain_schedule` element is only valid if the SDK is built with the `--experimental-domain-support` flag.
762
+
739
763
# Board Support Packages {#bsps}
740
764
741
765
This chapter describes the board support packages that are available in the SDK.
0 commit comments