You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/manual.md
+24Lines changed: 24 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -102,6 +102,7 @@ This document attempts to clearly describe all of these terms, however as the co
102
102
*[notification](#notification)
103
103
*[interrupt](#irq)
104
104
*[fault](#fault)
105
+
*[domain scheduling](#domain)
105
106
106
107
## System {#system}
107
108
@@ -173,6 +174,10 @@ Runnable PDs of the same priority are scheduled in a round-robin manner.
173
174
174
175
The **passive** determines whether the PD is passive. A passive PD will have its scheduling context revoked after initialisation and then bound instead to the PD's notification object. This means the PD will be scheduled on receiving a notification, whereby it will run on the notification's scheduling context. When the PD receives a *protected procedure* by another PD or a *fault* caused by a child PD, the passive PD will run on the scheduling context of the callee.
175
176
177
+
#### Domain scheduling (experimental)
178
+
179
+
If the SDK is built with experimental domain support, the PD can be assigned to a scheduling **domain** in the system description. If a PD is assigned to a domain, then the PD will only be allowed to execute when that domain is active. Which domain is active at any given point in time is determined by the [domain schedule](#domain).
180
+
176
181
## Virtual Machine {#vm}
177
182
178
183
A *virtual machine* (VM) is a runtime abstraction for running guest operating systems in Microkit. It is similar
@@ -308,6 +313,10 @@ protection domain. The same applies for a virtual machine.
308
313
This means that whenever a fault is caused by a child, it will be delivered to the parent PD instead of the system fault
309
314
handler via the `fault` entry point. It is then up to the parent to decide how the fault is handled.
310
315
316
+
## Domain scheduling (experimental) {#domain}
317
+
318
+
Microkit can be built with experimental support for a method of temporally isolating different groups of PDs called domain scheduling. On a Microkit system, only one domain is active at a time, and the kernel alternates between domains according to a round-robin schedule. A domain schedule consists of an ordered list of domains, each with an associated length of time to run. The kernel will then activate a domain for the specified length of time; after that time has passed, it will deactivate that domain and activate the next domain for its length of time, and so on, proceeding through the list until it wraps back to the first domain. PDs are assigned to domains, such that when a certain domain is active, only PDs belonging to that domain will be scheduled to run.
319
+
311
320
# SDK {#sdk}
312
321
313
322
Microkit is distributed as a software development kit (SDK).
@@ -575,6 +584,7 @@ Within the `system` root element the following child elements are supported:
575
584
*`protection_domain`
576
585
*`memory_region`
577
586
*`channel`
587
+
*`domain_schedule` (if SDK is built with domain scheduling support)
578
588
579
589
## `protection_domain`
580
590
@@ -588,6 +598,7 @@ It supports the following attributes:
588
598
*`budget`: (optional) The PD's budget in microseconds; defaults to 1,000.
589
599
*`period`: (optional) The PD's period in microseconds; must not be smaller than the budget; defaults to the budget.
590
600
*`passive`: (optional) Indicates that the protection domain will be passive and thus have its scheduling context removed after initialisation; defaults to false.
601
+
*`domain`: (optional, experimental) Specifies the name of the scheduling domain the PD belongs to.
591
602
592
603
Additionally, it supports the following child elements:
593
604
@@ -674,6 +685,19 @@ The `end` element has the following attributes:
674
685
The `id` is passed to the PD in the `notified` and `protected` entry points.
675
686
The `id` should be passed to the `microkit_notify` and `microkit_ppcall` functions.
676
687
688
+
## `domain_schedule` (experimental)
689
+
690
+
The `domain_schedule` element has has a list of `domain` child elements. Each child specifies information about a particular domain, and the order of the child elements specifies the order in which the domains will be scheduled.
691
+
692
+
The `domain` element has the following attributes:
693
+
694
+
*`name`: Name of the domain.
695
+
*`length`: Length of time the domain will run each time it is active, in microseconds.
696
+
697
+
The `name` attribute of each `domain` element can be referenced in the `domain` attribute of a `protection_domain` element.
698
+
699
+
The `domain_schedule` element is only valid if the SDK is built with the `--experimental-domain-support` flag.
700
+
677
701
# Board Support Packages {#bsps}
678
702
679
703
This chapter describes the board support packages that are available in the SDK.
0 commit comments