115-417: In computer science , hierarchical protection domains , often called protection rings , are mechanisms to protect data and functionality from faults (by improving fault tolerance ) and malicious behavior (by providing computer security ). Computer operating systems provide different levels of access to resources. A protection ring is one of two or more hierarchical levels or layers of privilege within
230-526: A senior lecturer in the Computer Laboratory , and his PhD student Keir Fraser. The first public release of Xen was made in 2003, with v1.0 following in 2004. Soon after, Pratt and Fraser along with other Cambridge alumni including Simon Crosby and founding CEO Nick Gault created XenSource Inc. to turn Xen into a competitive enterprise product. To support embedded systems such as smartphone/ IoT with relatively scarce hardware computing resources,
345-483: A BSD license (and continues to maintain) PV drivers for Windows. Third-party developers have built a number of tools (known as Xen Management Consoles) to facilitate the common tasks of administering a Xen host, such as configuring, starting, monitoring and stopping of Xen guests. Examples include: The Xen hypervisor is covered by the GNU General Public Licence, so all of these versions contain
460-585: A discipline, computer science spans a range of topics from theoretical studies of algorithms and the limits of computation to the practical issues of implementing computing systems in hardware and software. CSAB , formerly called Computing Sciences Accreditation Board—which is made up of representatives of the Association for Computing Machinery (ACM), and the IEEE Computer Society (IEEE CS) —identifies four areas that it considers crucial to
575-753: A distinct academic discipline in the 1950s and early 1960s. The world's first computer science degree program, the Cambridge Diploma in Computer Science , began at the University of Cambridge Computer Laboratory in 1953. The first computer science department in the United States was formed at Purdue University in 1962. Since practical computers became available, many applications of computing have become distinct areas of study in their own rights. Although first proposed in 1956,
690-432: A guest operating system to run Ring 0 operations natively without affecting other guests or the host OS. Before hardware-assisted virtualization , guest operating systems ran under ring 1. Any attempt that requires a higher privilege level to perform (ring 0) will produce an interrupt and then be handled using software; this is called "Trap and Emulate". To assist virtualization and reduce overhead caused by
805-471: A hierarchy of modes exists (ring-based security), faults and exceptions at one privilege level may destabilize only the higher-numbered privilege levels. Thus, a fault in Ring 0 (the kernel mode with the highest privilege) will crash the entire system, but a fault in Ring 2 will only affect Rings 3 and beyond and Ring 2 itself, at most. Transitions between modes are at the discretion of the executing thread when
920-499: A later date. Xen can scale to 4095 physical CPUs, 256 VCPUs per HVM guest, 512 VCPUs per PV guest, 16 TB of RAM per host, and up to 1 TB of RAM per HVM guest or 512 GB of RAM per PV guest. The Xen hypervisor has been ported to a number of processor families: Xen can be shipped in a dedicated virtualization platform, such as XCP-ng or XenServer (formerly Citrix Hypervisor, and before that Citrix XenServer, and before that XenSource's XenEnterprise). Alternatively, Xen
1035-418: A local database for kernel-based application functions, and to eliminate the context switches that would otherwise occur when kernel functions interact with a database system running in user mode. Functions are also sometimes moved across rings in the other direction. The Linux kernel, for instance, injects into processes a vDSO section which contains functions that would normally require a system call, i.e.
1150-464: A mathematical discipline argue that computer programs are physical realizations of mathematical entities and programs that can be deductively reasoned through mathematical formal methods . Computer scientists Edsger W. Dijkstra and Tony Hoare regard instructions for computer programs as mathematical sentences and interpret formal semantics for programming languages as mathematical axiomatic systems . A number of computer scientists have argued for
1265-443: A mathematics emphasis and with a numerical orientation consider alignment with computational science . Both types of departments tend to make efforts to bridge the field educationally if not across all research. Despite the word science in its name, there is debate over whether or not computer science is a discipline of science, mathematics, or engineering. Allen Newell and Herbert A. Simon argued in 1975, Computer science
SECTION 10
#17327806449631380-500: A monolithic kernel , the operating system runs in supervisor mode and the applications run in user mode. Other types of operating systems , like those with an exokernel or microkernel , do not necessarily share this behavior. Some examples from the PC world: Most processors have at least two different modes. The x86 -processors have four different modes divided into four different rings. Programs that run in Ring 0 can do anything with
1495-463: A network while using concurrency, this is known as a distributed system. Computers within that distributed system have their own private memory, and information can be exchanged to achieve common goals. This branch of computer science aims to manage networks between computers worldwide. Computer security is a branch of computer technology with the objective of protecting information from unauthorized access, disruption, or modification while maintaining
1610-550: A number of terms for the practitioners of the field of computing were suggested in the Communications of the ACM — turingineer , turologist , flow-charts-man , applied meta-mathematician , and applied epistemologist . Three months later in the same journal, comptologist was suggested, followed next year by hypologist . The term computics has also been suggested. In Europe, terms derived from contracted translations of
1725-495: A particular kind of mathematically based technique for the specification , development and verification of software and hardware systems. The use of formal methods for software and hardware design is motivated by the expectation that, as in other engineering disciplines, performing appropriate mathematical analysis can contribute to the reliability and robustness of a design. They form an important theoretical underpinning for software engineering, especially where safety or security
1840-432: A program in supervisor mode is trusted never to fail, since a failure may cause the whole computer system to crash. Supervisor mode is "an execution mode on some processors which enables execution of all instructions, including privileged instructions. It may also give access to a different address space, to memory management hardware and to other peripherals. This is the mode in which the operating system usually runs." In
1955-497: A ring transition. Instead of doing a syscall these functions use static data provided by the kernel. This avoids the need for a ring transition and so is more lightweight than a syscall. The function gettimeofday can be provided this way. Recent CPUs from Intel and AMD offer x86 virtualization instructions for a hypervisor to control Ring 0 hardware access. Although they are mutually incompatible, both Intel VT-x (codenamed "Vanderpool") and AMD-V (codenamed "Pacifica") allow
2070-408: A secure way towards predefined entry points in lower-level (more trusted) rings; this functions as a supervisor call in many operating systems that use the ring architecture. The hardware restrictions are designed to limit opportunities for accidental or malicious breaches of security. In addition, the most privileged ring may be given special capabilities (such as real memory addressing that bypasses
2185-512: A significant amount of computer science does not involve the study of computers themselves. Because of this, several alternative names have been proposed. Certain departments of major universities prefer the term computing science , to emphasize precisely that difference. Danish scientist Peter Naur suggested the term datalogy , to reflect the fact that the scientific discipline revolves around data and data treatment, while not necessarily involving computers. The first scientific institution to use
2300-410: A specific application. Codes are used for data compression , cryptography , error detection and correction , and more recently also for network coding . Codes are studied for the purpose of designing efficient and reliable data transmission methods. Data structures and algorithms are the studies of commonly used computational methods and their computational efficiency. Programming language theory
2415-418: A subroutine in a different section of memory would automatically cause a ring transfer. The hardware severely restricts the ways in which control can be passed from one ring to another, and also enforces restrictions on the types of memory access that can be performed across rings. Using x86 as an example, there is a special gate structure which is referenced by the call instruction that transfers control in
SECTION 20
#17327806449632530-526: A user program in Ring 3 should be prevented from turning on a web camera without informing the user, since hardware access should be a Ring 1 function reserved for device drivers . Programs such as web browsers running in higher numbered rings must request access to the network, a resource restricted to a lower numbered ring. X86S, a recently published Intel architecture, has only ring 0 and ring 3. Ring 1 and 2 will be removed under X86S since modern OSes never utilize them. Multiple rings of protection were among
2645-413: A virtual-machine control. These hardware extensions allow classical "Trap and Emulate" virtualization to perform on x86 architecture but now with hardware support. A privilege level in the x86 instruction set controls the access of the program currently running on the processor to resources such as memory regions, I/O ports, and special instructions. There are 4 privilege levels ranging from 0 which
2760-415: Is a branch of computer science that deals with the design, implementation, analysis, characterization, and classification of programming languages and their individual features . It falls within the discipline of computer science, both depending on and affecting mathematics, software engineering, and linguistics . It is an active research area, with numerous dedicated academic journals. Formal methods are
2875-422: Is an empirical discipline. We would have called it an experimental science, but like astronomy, economics, and geology, some of its unique forms of observation and experience do not fit a narrow stereotype of the experimental method. Nonetheless, they are experiments. Each new machine that is built is an experiment. Actually constructing the machine poses a question to nature; and we listen for the answer by observing
2990-484: Is an open problem in the theory of computation. Information theory, closely related to probability and statistics , is related to the quantification of information. This was developed by Claude Shannon to find fundamental limits on signal processing operations such as compressing data and on reliably storing and communicating data. Coding theory is the study of the properties of codes (systems for converting information from one form to another) and their fitness for
3105-479: Is associated in the popular mind with robotic development , but the main field of practical application has been as an embedded component in areas of software development , which require computational understanding. The starting point in the late 1940s was Alan Turing's question " Can computers think? ", and the question remains effectively unanswered, although the Turing test is still used to assess computer output on
3220-548: Is connected to many other fields in computer science, including computer vision , image processing , and computational geometry , and is heavily applied in the fields of special effects and video games . Information can take the form of images, sound, video or other multimedia. Bits of information can be streamed via signals . Its processing is the central notion of informatics, the European view on computing, which studies information processing algorithms independently of
3335-409: Is considered by some to have a much closer relationship with mathematics than many scientific disciplines, with some observers saying that computing is a mathematical science. Early computer science was strongly influenced by the work of mathematicians such as Kurt Gödel , Alan Turing , John von Neumann , Rózsa Péter and Alonzo Church and there continues to be a useful interchange of ideas between
3450-496: Is currently available for the IA-32 , x86-64 and ARM instruction sets . Xen Project runs in a more privileged CPU state than any other software on the machine, except for firmware . Responsibilities of the hypervisor include memory management and CPU scheduling of all virtual machines ("domains"), and for launching the most privileged domain ("dom0") - the only virtual machine which by default has direct access to hardware. From
3565-508: Is determining what can and cannot be automated. The Turing Award is generally recognized as the highest distinction in computer science. The earliest foundations of what would become computer science predate the invention of the modern digital computer . Machines for calculating fixed numerical tasks such as the abacus have existed since antiquity, aiding in computations such as multiplication and division. Algorithms for performing computations have existed since antiquity, even before
Protection ring - Misplaced Pages Continue
3680-494: Is distributed as an optional configuration of many standard operating systems. Xen is available for and distributed with: Guest systems can run fully virtualized (which requires hardware support), paravirtualized (which requires a modified guest operating system), or fully virtualized with paravirtualized drivers (PVHVM ). Most operating systems which can run on PCs can run as a Xen HVM guest. The following systems can operate as paravirtualized Xen guests: Xen version 3.0 introduced
3795-630: Is generally considered the province of disciplines other than computer science. For example, the study of computer hardware is usually considered part of computer engineering , while the study of commercial computer systems and their deployment is often called information technology or information systems . However, there has been exchange of ideas between the various computer-related disciplines. Computer science research also often intersects other disciplines, such as cognitive science , linguistics , mathematics , physics , biology , Earth science , statistics , philosophy , and logic . Computer science
3910-584: Is intended to organize, store, and retrieve large amounts of data easily. Digital databases are managed using database management systems to store, create, maintain, and search data, through database models and query languages . Data mining is a process of discovering patterns in large data sets. The philosopher of computing Bill Rapaport noted three Great Insights of Computer Science : Programming languages can be used to accomplish different tasks in different ways. Common programming paradigms include: Many languages offer support for multiple paradigms, making
4025-426: Is involved. Formal methods are a useful adjunct to software testing since they help avoid errors and can also give a framework for testing. For industrial use, tool support is required. However, the high cost of using formal methods means that they are usually only used in the development of high-integrity and life-critical systems , where safety or security is of utmost importance. Formal methods are best described as
4140-479: Is known as hardware-assisted virtualization , however, in Xen this is known as hardware virtual machine (HVM). HVM extensions provide additional execution modes, with an explicit distinction between the most-privileged modes used by the hypervisor with access to the real hardware (called "root mode" in x86) and the less-privileged modes used by guest kernels and applications with "hardware" accesses under complete control of
4255-545: Is mathematical and abstract in spirit, but it derives its motivation from practical and everyday computation. It aims to understand the nature of computation and, as a consequence of this understanding, provide more efficient methodologies. According to Peter Denning, the fundamental question underlying computer science is, "What can be automated?" Theory of computation is focused on answering fundamental questions about what can be computed and what amount of resources are required to perform those computations. In an effort to answer
4370-662: Is mostly used for booting. Administrators can "live migrate" Xen virtual machines between physical hosts across a LAN without loss of availability. During this procedure, the LAN iteratively copies the memory of the virtual machine to the destination without stopping its execution. The process requires a stoppage of around 60–300 ms to perform final synchronization before the virtual machine begins executing at its final destination, providing an illusion of seamless migration. Similar technology can serve to suspend running virtual machines to disk, "freezing" their running state for resumption at
4485-519: Is of high quality, affordable, maintainable, and fast to build. It is a systematic approach to software design, involving the application of engineering practices to software. Software engineering deals with the organizing and analyzing of software—it does not just deal with the creation or manufacture of new software, but its internal arrangement and maintenance. For example software testing , systems engineering , technical debt and software development processes . Artificial intelligence (AI) aims to or
4600-584: Is required to synthesize goal-orientated processes such as problem-solving, decision-making, environmental adaptation, learning, and communication found in humans and animals. From its origins in cybernetics and in the Dartmouth Conference (1956), artificial intelligence research has been necessarily cross-disciplinary, drawing on areas of expertise such as applied mathematics , symbolic logic, semiotics , electrical engineering , philosophy of mind , neurophysiology , and social intelligence . AI
4715-476: Is self-governing. Since version 3.0 of the Linux kernel , Xen support for dom0 and domU exists in the mainline kernel. The releases up to 3.0.4 also added: Internet hosting service companies use hypervisors to provide virtual private servers . Amazon EC2 (from August 2006 to November 2017), IBM SoftLayer , Liquid Web, Fujitsu Global Cloud Platform , Linode , OrionVM and Rackspace Cloud use Xen as
Protection ring - Misplaced Pages Continue
4830-483: Is that some hardware architectures that were supported in the past (such as PowerPC or MIPS ) implemented only two privilege levels. Multics was an operating system designed specifically for a special CPU architecture (which in turn was designed specifically for Multics), and it took full advantage of the CPU modes available to it. However, it was an exception to the rule. Today, this high degree of interoperation between
4945-432: Is the field of study and research concerned with the design and use of computer systems , mainly based on the analysis of the interaction between humans and computer interfaces . HCI has several subfields that focus on the relationship between emotions , social behavior and brain activity with computers . Software engineering is the study of designing, implementing, and modifying the software in order to ensure it
5060-783: Is the field of study concerned with constructing mathematical models and quantitative analysis techniques and using computers to analyze and solve scientific problems. A major usage of scientific computing is simulation of various processes, including computational fluid dynamics , physical, electrical, and electronic systems and circuits, as well as societies and social situations (notably war games) along with their habitats, among many others. Modern computers enable optimization of such designs as complete aircraft. Notable in electrical and electronic circuit design are SPICE, as well as software for physical realization of new (or modified) designs. The latter includes essential design software for integrated circuits . Human–computer interaction (HCI)
5175-404: Is the most privileged, to 3 which is least privileged. Most modern operating systems use level 0 for the kernel/executive, and use level 3 for application programs. Any resource available to level n is also available to levels 0 to n, so the privilege levels are rings. When a lesser privileged process tries to access a higher privileged process, a general protection fault exception is reported to
5290-420: Is the quick development of this relatively new field requires rapid review and distribution of results, a task better handled by conferences than by journals. Xen Xen (pronounced / ˈ z ɛ n / ) is a free and open-source type-1 hypervisor , providing services that allow multiple computer operating systems to execute on the same computer hardware concurrently. It was originally developed by
5405-562: Is the study of computation , information , and automation . Computer science spans theoretical disciplines (such as algorithms , theory of computation , and information theory ) to applied disciplines (including the design and implementation of hardware and software ). Algorithms and data structures are central to computer science. The theory of computation concerns abstract models of computation and general classes of problems that can be solved using them. The fields of cryptography and computer security involve studying
5520-764: The Honeywell 6180 , implemented them in hardware, with support for eight rings; Protection rings in Multics were separate from CPU modes; code in all rings other than ring 0, and some ring 0 code, ran in slave mode. However, most general-purpose systems use only two rings, even if the hardware they run on provides more CPU modes than that. For example, Windows 7 and Windows Server 2008 (and their predecessors) use only two rings, with ring 0 corresponding to kernel mode and ring 3 to user mode , because earlier versions of Windows NT ran on processors that supported only two protection levels. Many modern CPU architectures (including
5635-473: The QEMU project to provide I/O virtualization to the virtual machines. The system emulates hardware via a patched QEMU "device manager" (qemu-dm) daemon running as a backend in dom0. This means that the virtualized machines see an emulated version of a fairly basic PC. In a performance-critical environment, PV-on-HVM disk and network drivers are used during the normal guest operation, so that the emulated PC hardware
5750-548: The System Management Mode is referred as "ring −2", the Intel Management Engine and AMD Platform Security Processor are sometimes referred as "ring −3". Many CPU hardware architectures provide far more flexibility than is exploited by the operating systems that they normally run. Proper use of complex CPU modes requires very close cooperation between the operating system and
5865-563: The University of Cambridge Computer Laboratory and is now being developed by the Linux Foundation with support from Intel , Citrix , Arm Ltd , Huawei , AWS , Alibaba Cloud , AMD , Bitdefender and EPAM Systems . The Xen Project community develops and maintains Xen Project as free and open-source software , subject to the requirements of the GNU General Public License (GPL), version 2. Xen Project
SECTION 50
#17327806449635980-475: The "technocratic paradigm" (which might be found in engineering approaches, most prominently in software engineering), and the "scientific paradigm" (which approaches computer-related artifacts from the empirical perspective of natural sciences , identifiable in some branches of artificial intelligence ). Computer science focuses on methods involved in design, specification, programming, verification, implementation and testing of human-made computing systems. As
6095-570: The 100th anniversary of the invention of the arithmometer, Torres presented in Paris the Electromechanical Arithmometer , a prototype that demonstrated the feasibility of an electromechanical analytical engine, on which commands could be typed and the results printed automatically. In 1937, one hundred years after Babbage's impossible dream, Howard Aiken convinced IBM, which was making all kinds of punched card equipment and
6210-456: The 2nd of the only two designs for mechanical analytical engines in history. In 1914, the Spanish engineer Leonardo Torres Quevedo published his Essays on Automatics , and designed, inspired by Babbage, a theoretical electromechanical calculating machine which was to be controlled by a read-only program. The paper also introduced the idea of floating-point arithmetic . In 1920, to celebrate
6325-631: The Analytical Engine, Ada Lovelace wrote, in one of the many notes she included, an algorithm to compute the Bernoulli numbers , which is considered to be the first published algorithm ever specifically tailored for implementation on a computer. Around 1885, Herman Hollerith invented the tabulator , which used punched cards to process statistical information; eventually his company became part of IBM . Following Babbage, although unaware of his earlier work, Percy Ludgate in 1909 published
6440-489: The CPU, and thus tends to tie the OS to the CPU architecture. When the OS and the CPU are specifically designed for each other, this is not a problem (although some hardware features may still be left unexploited), but when the OS is designed to be compatible with multiple, different CPU architectures, a large part of the CPU mode features may be ignored by the OS. For example, the reason Windows uses only two levels (ring 0 and ring 3)
6555-573: The IOPL in order for the task or program to access I/O ports . The IOPL can be changed using POPF(D) and IRET(D) only when the current privilege level is Ring 0. Besides IOPL, the I/O Port Permissions in the TSS also take part in determining the ability of a task to access an I/O port. In x86 systems, the x86 hardware virtualization ( VT-x and SVM ) is referred as "ring −1",
6670-559: The Machine Organization department in IBM's main research center in 1959. Concurrency is a property of systems in which several computations are executing simultaneously, and potentially interacting with each other. A number of mathematical models have been developed for general concurrent computation including Petri nets , process calculi and the parallel random access machine model. When multiple computers are connected in
6785-413: The OS and the hardware is not often cost-effective, despite the potential advantages for security and stability. Ultimately, the purpose of distinct operating modes for the CPU is to provide hardware protection against accidental or deliberate corruption of the system environment (and corresponding breaches of system security) by software. Only "trusted" portions of system software are allowed to execute in
6900-516: The OS. It is not necessary to use all four privilege levels. Current operating systems with wide market share including Microsoft Windows , macOS , Linux , iOS and Android mostly use a paging mechanism with only one bit to specify the privilege level as either Supervisor or User (U/S Bit). Windows NT uses the two-level system. The real mode programs in 8086 are executed at level 0 (highest privilege level) whereas virtual mode in 8086 executes all programs at level 3. Potential future uses for
7015-727: The Secure Xen ARM architecture on an ARM CPU was exhibited at Xen Summit on April 17, 2007, held in IBM TJ Watson. The first public release of Secure Xen ARM source code was made at Xen Summit on June 24, 2008 by Sang-bum Suh , a Cambridge alumnus, in Samsung Electronics. On October 22, 2007, Citrix Systems completed its acquisition of XenSource, and the Xen Project moved to the xen.org domain. This move had started some time previously, and made public
SECTION 60
#17327806449637130-553: The UK (as in the School of Informatics, University of Edinburgh ). "In the U.S., however, informatics is linked with applied computing, or computing in the context of another domain." A folkloric quotation, often attributed to—but almost certainly not first formulated by— Edsger Dijkstra , states that "computer science is no more about computers than astronomy is about telescopes." The design and deployment of computers and computer systems
7245-516: The accessibility and usability of the system for its intended users. Historical cryptography is the art of writing and deciphering secret messages. Modern cryptography is the scientific study of problems relating to distributed computations that can be attacked. Technologies studied in modern cryptography include symmetric and asymmetric encryption , digital signatures , cryptographic hash functions , key-agreement protocols , blockchain , zero-knowledge proofs , and garbled circuits . A database
7360-459: The actual switch (70 from user to kernel space, and 40 back), the rest is "kernel overhead". In the L3 microkernel , the minimization of this overhead reduced the overall cost to around 150 cycles. Maurice Wilkes wrote: ... it eventually became clear that the hierarchical protection that rings provided did not closely match the requirements of the system programmer and gave little or no improvement on
7475-433: The application of a fairly broad variety of theoretical computer science fundamentals, in particular logic calculi, formal languages , automata theory , and program semantics , but also type systems and algebraic data types to problems in software and hardware specification and verification. Computer graphics is the study of digital visual contents and involves the synthesis and manipulation of image data. The study
7590-401: The architecture of a computer system . This is generally hardware-enforced by some CPU architectures that provide different CPU modes at the hardware or microcode level . Rings are arranged in a hierarchy from most privileged (most trusted, usually numbered zero) to least privileged (least trusted, usually with the highest ring number). On most operating systems, Ring 0 is the level with
7705-410: The binary number system. In 1820, Thomas de Colmar launched the mechanical calculator industry when he invented his simplified arithmometer , the first calculating machine strong enough and reliable enough to be used daily in an office environment. Charles Babbage started the design of the first automatic mechanical calculator , his Difference Engine , in 1822, which eventually gave him the idea of
7820-559: The capability to run Microsoft Windows as a guest operating system unmodified if the host machine's processor supports hardware virtualization provided by Intel VT-x (formerly codenamed Vanderpool) or AMD-V (formerly codenamed Pacifica). During the development of Xen 1.x, Microsoft Research , along with the University of Cambridge Operating System group, developed a port of Windows XP to Xen — made possible by Microsoft 's Academic Licensing Program. The terms of this license do not allow
7935-541: The current ring of the executing instruction thread at all times, with the help of a special machine register. In some systems, areas of virtual memory are instead assigned ring numbers in hardware. One example is the Data General Eclipse MV/8000 , in which the top three bits of the program counter (PC) served as the ring register. Thus code executing with the virtual PC set to 0xE200000, for example, would automatically be in ring 7, and calling
8050-750: The design and principles behind developing software. Areas such as operating systems , networks and embedded systems investigate the principles and design behind complex systems . Computer architecture describes the construction of computer components and computer-operated equipment. Artificial intelligence and machine learning aim to synthesize goal-orientated processes such as problem-solving, decision-making, environmental adaptation, planning and learning found in humans and animals. Within artificial intelligence, computer vision aims to understand and process image and video data, while natural language processing aims to understand and process textual and linguistic data. The fundamental concern of computer science
8165-570: The development of operating systems): running the new system as a guest avoids the need to reboot the physical computer whenever a bug occurs. Sandboxed guest systems can also help in computer-security research, allowing study of the effects of some virus or worm without the possibility of compromising the host system. Finally, hardware appliance vendors may decide to ship their appliance running several guest systems, so as to be able to execute various pieces of software that require different operating systems. Xen offers five approaches to running
8280-475: The development of sophisticated computing equipment. Wilhelm Schickard designed and constructed the first working mechanical calculator in 1623. In 1673, Gottfried Leibniz demonstrated a digital mechanical calculator, called the Stepped Reckoner . Leibniz may be considered the first computer scientist and information theorist, because of various reasons, including the fact that he documented
8395-583: The discipline of computer science: theory of computation , algorithms and data structures , programming methodology and languages , and computer elements and architecture . In addition to these four areas, CSAB also identifies fields such as software engineering, artificial intelligence, computer networking and communication, database systems, parallel computation, distributed computation, human–computer interaction, computer graphics, operating systems, and numerical and symbolic computation as being important areas of computer science. Theoretical computer science
8510-424: The distinction more a matter of style than of technical capabilities. Conferences are important events for computer science research. During these conferences, researchers from the public and private sectors present their recent work and meet. Unlike in most other academic fields, in computer science, the prestige of conference papers is greater than that of journal publications. One proposed explanation for this
8625-459: The distinction of three separate paradigms in computer science. Peter Wegner argued that those paradigms are science, technology, and mathematics. Peter Denning 's working group argued that they are theory, abstraction (modeling), and design. Amnon H. Eden described them as the "rationalist paradigm" (which treats computer science as a branch of mathematics, which is prevalent in theoretical computer science, and mainly employs deductive reasoning),
8740-462: The dom0 the hypervisor can be managed and unprivileged domains ("domU") can be launched. The dom0 domain is typically a version of Linux or BSD . User domains may either be traditional operating systems, such as Microsoft Windows under which privileged instructions are provided by hardware virtualization instructions (if the host processor supports x86 virtualization , e.g., Intel VT-x and AMD-V ), or paravirtualized operating systems whereby
8855-602: The existence of the Xen Project Advisory Board (Xen AB), which had members from Citrix , IBM , Intel , Hewlett-Packard , Novell , Red Hat , Sun Microsystems and Oracle . The Xen Advisory Board advises the Xen Project leader and is responsible for the Xen trademark, which Citrix has freely licensed to all vendors and projects that implement the Xen hypervisor . Citrix also used the Xen brand itself for some proprietary products unrelated to Xen, including XenApp and XenDesktop . On April 15, 2013, it
8970-520: The expression "automatic information" (e.g. "informazione automatica" in Italian) or "information and mathematics" are often used, e.g. informatique (French), Informatik (German), informatica (Italian, Dutch), informática (Spanish, Portuguese), informatika ( Slavic languages and Hungarian ) or pliroforiki ( πληροφορική , which means informatics) in Greek . Similar words have also been adopted in
9085-462: The first programmable mechanical calculator , his Analytical Engine . He started developing this machine in 1834, and "in less than two years, he had sketched out many of the salient features of the modern computer". "A crucial step was the adoption of a punched card system derived from the Jacquard loom " making it infinitely programmable. In 1843, during the translation of a French article on
9200-488: The first question, computability theory examines which computational problems are solvable on various theoretical models of computation . The second question is addressed by computational complexity theory , which studies the time and space costs associated with different approaches to solving a multitude of computational problems. The famous P = NP? problem, one of the Millennium Prize Problems ,
9315-591: The guest operating system: Xen provides a form of virtualization known as paravirtualization, in which guests run a modified operating system. The guests are modified to use a special hypercall ABI , instead of certain architectural features. Through paravirtualization, Xen can achieve high performance even on its host architecture (x86) which has a reputation for non-cooperation with traditional virtualization techniques. Xen can run paravirtualized guests ("PV guests" in Xen terminology) even on CPUs without any explicit support for virtualization. Paravirtualization avoids
9430-409: The hypervisor (in x86, known as "non-root mode"; both root and non-root mode have Rings 0–3). Both Intel and AMD have contributed modifications to Xen to exploit their respective Intel VT-x and AMD-V architecture extensions. Use of ARM v7A and v8A virtualization extensions came with Xen 4.3. HVM extensions also often offer new instructions to allow direct calls by a paravirtualized guest/driver into
9545-560: The hypervisor, typically used for I/O or other operations needing high performance. These allow HVM guests with suitable minor modifications to gain many of the performance benefits of paravirtualized I/O. In current versions of Xen (up to 4.2) only fully virtualized HVM guests can make use of hardware facilities for multiple independent levels of memory protection and paging. As a result, for some workloads, HVM guests with PV drivers (also known as PV-on-HVM, or PVH) provide better performance than pure PV guests. Xen HVM has device emulation based on
9660-560: The kernel, drivers and applications typically run on ring 3 (however, this is exclusive to the case where protected-mode drivers or DOS extenders are used; as a real-mode OS, the system runs with effectively no protection), whereas 386 memory managers such as EMM386 run at ring 0. In addition to this, DR-DOS ' EMM386 3.xx can optionally run some modules (such as DPMS ) on ring 1 instead. OpenVMS uses four modes called (in order of decreasing privileges) Kernel, Executive, Supervisor and User. A renewed interest in this design structure came with
9775-502: The machine in operation and analyzing it by all analytical and measurement means available. It has since been argued that computer science can be classified as an empirical science since it makes use of empirical testing to evaluate the correctness of programs , but a problem remains in defining the laws and theorems of computer science (if any exist) and defining the nature of experiments in computer science. Proponents of classifying computer science as an engineering discipline argue that
9890-461: The means for secure communication and preventing security vulnerabilities . Computer graphics and computational geometry address the generation of images. Programming language theory considers different ways to describe computational processes, and database theory concerns the management of repositories of data. Human–computer interaction investigates the interfaces through which humans and computers interact, and software engineering focuses on
10005-523: The most privileges and interacts most directly with the physical hardware such as certain CPU functionality (e.g. the control registers) and I/O controllers. Special mechanisms are provided to allow an outer ring to access an inner ring's resources in a predefined manner, as opposed to allowing arbitrary usage. Correctly gating access between rings can improve security by preventing programs from one ring or privilege level from misusing resources intended for programs in another. For example, spyware running as
10120-589: The most revolutionary concepts introduced by the Multics operating system, a highly secure predecessor of today's Unix family of operating systems. The GE 645 mainframe computer did have some hardware access control, including the same two modes that the other GE-600 series machines had, and segment-level permissions in its memory management unit ("Appending Unit"), but that was not sufficient to provide full support for rings in hardware, so Multics supported them by trapping ring transitions in software; its successor,
10235-530: The multiple privilege levels supported by the x86 ISA family include containerization and virtual machines . A host operating system kernel could use instructions with full privilege access ( kernel mode ), whereas applications running on the guest OS in a virtual machine or container could use the lowest level of privileges in user mode. The virtual machine and guest OS kernel could themselves use an intermediate level of instruction privilege to invoke and virtualize kernel-mode operations such as system calls from
10350-518: The need to emulate a full set of hardware and firmware services, which makes a PV system simpler to manage and reduces the attack surface exposed to potentially malicious guests. On 32-bit x86, the Xen host kernel code runs in Ring 0 , while the hosted domains run in Ring 1 (kernel) and Ring 3 (applications). CPUs that support virtualization make it possible to run unmodified guests, including proprietary operating systems (such as Microsoft Windows). This
10465-399: The operating system is aware that it is running inside a virtual machine, and so makes hypercalls directly, rather than issuing privileged instructions. Xen Project boots from a bootloader such as GNU GRUB , and then usually loads a paravirtualized host operating system into the host domain (dom0). Xen originated as a research project at the University of Cambridge led by Ian Pratt ,
10580-869: The operating system. Operating systems designed to work on multiple hardware platforms may make only limited use of rings if they are not present on every supported platform. Often the security model is simplified to "kernel" and "user" even if hardware provides finer granularity through rings. In computer terms, supervisor mode is a hardware-mediated flag that can be changed by code running in system-level software. System-level tasks or threads may have this flag set while they are running, whereas user-level applications will not. This flag determines whether it would be possible to execute machine code operations such as modifying registers for various descriptor tables, or performing operations such as disabling interrupts. The idea of having two different modes to operate in comes from "with more power comes more responsibility" –
10695-511: The point of view of the guest operating system. The IOPL ( I/O Privilege level ) flag is a flag found on all IA-32 compatible x86 CPUs . It occupies bits 12 and 13 in the FLAGS register . In protected mode and long mode , it shows the I/O privilege level of the current program or task. The Current Privilege Level (CPL) (CPL0, CPL1, CPL2, CPL3) of the task or program must be less than or equal to
10810-462: The popular Intel x86 architecture) include some form of ring protection, although the Windows NT operating system, like Unix, does not fully utilize this feature. OS/2 does, to some extent, use three rings: ring 0 for kernel code and device drivers, ring 2 for privileged code (user programs with I/O access permissions), and ring 3 for unprivileged code (nearly all user programs). Under DOS ,
10925-457: The primary VM hypervisor for their product offerings. Virtual machine monitors (also known as hypervisors) also often operate on mainframes and large servers running IBM, HP, and other systems. Server virtualization can provide benefits such as: Xen's support for virtual machine live migration from one host to another allows load balancing and the avoidance of downtime. Virtualization also has benefits when working on development (including
11040-478: The principal focus of computer science is studying the properties of computation in general, while the principal focus of software engineering is the design of specific computations to achieve practical goals, making the two separate but complementary disciplines. The academic, political, and funding aspects of computer science tend to depend on whether a department is formed with a mathematical emphasis or with an engineering emphasis. Computer science departments with
11155-545: The proliferation of the Xen VMM software, ongoing discussion on monolithic vs. micro-kernels (particularly in Usenet newsgroups and Web forums ), Microsoft's Ring-1 design structure as part of their NGSCB initiative, and hypervisors based on x86 virtualization such as Intel VT-x (formerly Vanderpool). The original Multics system had eight rings, but many modern systems have fewer. The hardware remains aware of
11270-578: The publication of this port, although documentation of the experience appears in the original Xen SOSP paper. James Harper and the Xen open-source community have started developing free software paravirtualization drivers for Windows. These provide front-end drivers for the Xen block and network devices and allow much higher disk and network performance for Windows systems running in HVM mode. Without these drivers all disk and network traffic has to be processed through QEMU-DM. Subsequently, Citrix has released under
11385-563: The reason above, VT-x and AMD-V allow the guest to run under Ring 0. VT-x introduces VMX Root/Non-root Operation: The hypervisor runs in VMX Root Operation mode, possessing the highest privilege. Guest OS runs in VMX Non-Root Operation mode, which allows them to operate at ring 0 without having actual hardware privileges. VMX non-root operation and VMX transitions are controlled by a data structure called
11500-484: The reliability of computational systems is investigated in the same way as bridges in civil engineering and airplanes in aerospace engineering . They also argue that while empirical sciences observe what presently exists, computer science observes what is possible to exist and while scientists discover laws from observation, no proper laws have been found in computer science and it is instead concerned with creating phenomena. Proponents of classifying computer science as
11615-409: The scale of human intelligence. But the automation of evaluative and predictive tasks has been increasingly successful as a substitute for human monitoring and intervention in domains of computer application involving complex real-world data. Computer architecture, or digital computer organization, is the conceptual design and fundamental operational structure of a computer system. It focuses largely on
11730-770: The simple system of having two modes only. Rings of protection lent themselves to efficient implementation in hardware, but there was little else to be said for them. [...] The attractiveness of fine-grained protection remained, even after it was seen that rings of protection did not provide the answer... This again proved a blind alley... To gain performance and determinism, some systems place functions that would likely be viewed as application logic, rather than as device drivers, in kernel mode; security applications ( access control , firewalls , etc.) and operating system monitors are cited as examples. At least one embedded database management system, e X treme DB Kernel Mode , has been developed specifically for kernel mode deployment, to provide
11845-463: The system, and code that runs in Ring 3 should be able to fail at any time without impact to the rest of the computer system. Ring 1 and Ring 2 are rarely used, but could be configured with different levels of access. In most existing systems, switching from user mode to kernel mode has an associated high cost in performance. It has been measured, on the basic request getpid , to cost 1000–1500 cycles on most machines. Of these just around 100 are for
11960-581: The term computer came to refer to the machines rather than their human predecessors. As it became clear that computers could be used for more than just mathematical calculations, the field of computer science broadened to study computation in general. In 1945, IBM founded the Watson Scientific Computing Laboratory at Columbia University in New York City . The renovated fraternity house on Manhattan's West Side
12075-758: The term "computer science" appears in a 1959 article in Communications of the ACM , in which Louis Fein argues for the creation of a Graduate School in Computer Sciences analogous to the creation of Harvard Business School in 1921. Louis justifies the name by arguing that, like management science , the subject is applied and interdisciplinary in nature, while having the characteristics typical of an academic discipline. His efforts, and those of others such as numerical analyst George Forsythe , were rewarded: universities went on to create such departments, starting with Purdue in 1962. Despite its name,
12190-520: The term was the Department of Datalogy at the University of Copenhagen, founded in 1969, with Peter Naur being the first professor in datalogy. The term is used mainly in the Scandinavian countries. An alternative term, also proposed by Naur, is data science ; this is now used for a multi-disciplinary field of data analysis, including statistics and databases. In the early days of computing,
12305-551: The transition is from a level of high privilege to one of low privilege (as from kernel to user modes), but transitions from lower to higher levels of privilege can take place only through secure, hardware-controlled "gates" that are traversed by executing special instructions or when external interrupts are received. Microkernel operating systems attempt to minimize the amount of code running in privileged mode, for purposes of security and elegance , but ultimately sacrificing performance. Computer science Computer science
12420-443: The two fields in areas such as mathematical logic , category theory , domain theory , and algebra . The relationship between computer science and software engineering is a contentious issue, which is further muddied by disputes over what the term "software engineering" means, and how computer science is defined. David Parnas , taking a cue from the relationship between other engineering and science disciplines, has claimed that
12535-481: The type of information carrier – whether it is electrical, mechanical or biological. This field plays important role in information theory , telecommunications , information engineering and has applications in medical image computing and speech synthesis , among others. What is the lower bound on the complexity of fast Fourier transform algorithms? is one of the unsolved problems in theoretical computer science . Scientific computing (or computational science)
12650-434: The unrestricted environment of kernel mode, and then, in paradigmatic designs, only when absolutely necessary. All other software executes in one or more user modes. If a processor generates a fault or exception condition in a user mode, in most cases system stability is unaffected; if a processor generates a fault or exception condition in kernel mode, most operating systems will halt the system with an unrecoverable error. When
12765-781: The virtual memory hardware). ARM version 7 architecture implements three privilege levels: application (PL0), operating system (PL1), and hypervisor (PL2). Unusually, level 0 (PL0) is the least-privileged level, while level 2 is the most-privileged level. ARM version 8 implements four exception levels: application (EL0), operating system (EL1), hypervisor (EL2), and secure monitor / firmware (EL3), for AArch64 and AArch32. Ring protection can be combined with processor modes (master/kernel/privileged/ supervisor mode versus slave/unprivileged/user mode) in some systems. Operating systems running on hardware supporting both may use both forms of protection or only one. Effective use of ring architecture requires close cooperation between hardware and
12880-438: The way by which the central processing unit performs internally and accesses addresses in memory. Computer engineers study computational logic and design of computer hardware, from individual processor components, microcontrollers , personal computers to supercomputers and embedded systems . The term "architecture" in computer literature can be traced to the work of Lyle R. Johnson and Frederick P. Brooks Jr. , members of
12995-440: Was IBM's first laboratory devoted to pure science. The lab is the forerunner of IBM's Research Division, which today operates research facilities around the world. Ultimately, the close relationship between IBM and Columbia University was instrumental in the emergence of a new scientific discipline, with Columbia offering one of the first academic-credit courses in computer science in 1946. Computer science began to be established as
13110-544: Was also in the calculator business to develop his giant programmable calculator, the ASCC/Harvard Mark I , based on Babbage's Analytical Engine, which itself used cards and a central computing unit. When the machine was finished, some hailed it as "Babbage's dream come true". During the 1940s, with the development of new and more powerful computing machines such as the Atanasoff–Berry computer and ENIAC ,
13225-536: Was announced that the Xen Project was moved under the auspices of the Linux Foundation as a Collaborative Project. The Linux Foundation launched a new trademark for "Xen Project" to differentiate the project from any commercial use of the older "Xen" trademark. A new community website was launched at xenproject.org as part of the transfer. Project members at the time of the announcement included: Amazon, AMD, Bromium, CA Technologies, Calxeda, Cisco, Citrix, Google, Intel, Oracle, Samsung, and Verizon. The Xen project itself
#962037