virtualization technology
DESCRIPTION
Virtualization Technology. Prof. Dan Connors. Virtualization. Real vs. Virtual Similar essence, effect ”Formally” different A framework that combines or divides [computing] resources to present a transparent view of one or more environments Hardware/software partitioning (or aggregation) - PowerPoint PPT PresentationTRANSCRIPT
Virtualization Technology
Prof. Dan Connors
2Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
2
Virtualization
Real vs. Virtual
• Similar essence, effect
• ”Formally” different
A framework that combines or divides [computing] resources to present a transparent view of one or more environments
• Hardware/software partitioning (or aggregation)
• Partial or complete machine simulation
• Emulation (partial or complete)
• Time-sharing (in fact, sharing in general)
• In general, can be M-to-N mapping (M “real” resources, N “virtual” resources)
• Examples: VM (M-N), Grid Computing (M-1) , Multitasking (1-N)
3Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
3
Virtualization: Motivation Areas
Server consolidation
Application Consolidation
Sandboxing
Multiple execution environments
Virtual hardware
Debugging
Software migration (Mobility)
Appliance (software)
Testing/Quality Assurance
4Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
4
Types of Virtualization
Process & application virtualization
• Process executes on CPU with modification of native instructions
• Created binary instrumentation and translation systems
CPU/Machine virtualization
• Each process feels like it has its own CPU
• Created by OS preemption and scheduler
Memory virtualization
• Process feels like it has its own address space
• Created by MMU, configured by OS
Storage virtualization (Input/Output)
• Logical view of disks “connected” to a machine
• External pool of storage
5Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
5
Application Level Virtualization
Java Virtual Machine (JVM)
• Executes Java byte code (virtual instructions)
• Provides the implementation for the instruction set interpreter (or JIT compiler)
• Provides code verification, SEH, garbage collection
• Hardware access through underlying OS
JVM Architecture
• Stack-based architecture
• No MMU
• Virtual hardware: PC, register-set, heap, method (code) areas
• Rich instruction set– Direct object manipulation, type conversion, exception throws
Provides a runtime environment through JRE
Other Examples: .NET CLI, Parrot (PERL 6)
6Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
6
CPU Virtualization
7Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
7
Virtual CPUs
Each process feels like it has its own CPU
• But cannot execute privileged instructions (e.g., modify the MMU or the interval timer, halt the processor, access I/O)
Created by OS preemption and scheduler
Pseudo-machine with interpreted instructions
• 1966: O-code for BCPL
• 1973: P-code for Pascal
• 1995: Java Virtual Machine
Run anywhere
8Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
8
Virtual Machines
Machine virtualization
• Partition a physical computer to act like several real machines
• Migrate an entire OS + applications from one machine to another
Early examples
• 1972: IBM System 370
9Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
9
HARDWARE
KERNEL
USER LEVEL LIBRARIES
APPLICATIONS
API Calls
System Calls
Instructions
User Space
Kernel Space
Machines: Stacked Architecture
10Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
10
Possible Virtual Abstraction Levels
Instruction Set Architecture
• Emulate the ISA in software– Interprets, translates to host ISA (if required)– Device abstractions implemented in software– Inefficient
• Optimizations: Caching? Code reorganization?
• Applications: Debugging, Teaching, multiple OS
Hardware Abstraction Layer (HAL)
• Between “real machine” and “emulator” (maps to real hardware)
• Handling non-virtualizable architectures (scan, insert code?)
• Applications: Fast and usable, virtual hardware (in above too), consolidation, migration
11Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
11
Possible Abstraction Levels
Operating System Level
• Virtualized SysCall Interface (may be same)
• May or may not provide all the device abstractions
• Easy to manipulate (create, configure, destroy)
Library (user-level API) Level
• Presents a different subsystem API to application
• Complex implementation, if kernel API is limited
• User-level device drivers
Application (Programming Language) Level
• Virtual architecture (ISA, registers, memory, …)
• Platform-independence ( highly portable)
• Less control on the system (extremely high-level)
12Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
12
Machine Virtualization
Privileged vs. unprivileged instructions
Regular applications use unprivileged instructions
• Easy to virtualize
If regular applications execute privileged instructions, they trap
• VM catches the trap and emulates the instruction
13Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
13
Virtual Machine Monitor (VMM)
Hypervisor- Program in charge of virtualization
• Arbitrates access to physical resources
• Presents a set of virtual device interfaces to each host
Guest OS runs until:
• Privileged instruction traps
• System interrupts
• Exceptions (page faults)
• Explicit call: VMCALL (Intel) or VMMCALL (AMD)
14Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
14
Approaches
Intel x86 arch doesn’t support trapping privileged instructions
Two approaches to modifying OS to run on virtual machine:
• Binary translation (BT)– Scan instruction stream and replace instructions – Replace privileged instructions with something the VM can intercept. (VMWare approach)
• Paravirtualization– Don’t use non-virtualizable instructions (Xen approach)
– Static design approach, paravirtualization support is designed before dynamic adaptation
15Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
15
Binary Translation and Binary Instrumentation
16Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
16
Translation Approaches
•Source instrumentation:– Instrument source programs
•Binary instrumentation:– Instrument executables directly
Advantages for binary instrumentation
Language independent Machine-level view
Instrument legacy/proprietary software
17Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
17
When to instrument:
• Instrument statically
• Instrument dynamically
Advantages for dynamic instrumentation
No need to recompile or relink
Discover code at runtime
Handle dynamically-generated code
Attach to running processes
Instrumentation Approaches
18Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
18
www.pintool.org - Support for Binary Translation
Easy-to-use Instrumentation:
• Uses dynamic instrumentation – Do not need source code, recompilation, post-linking
Programmable Instrumentation:• Provides rich APIs to write in C/C++ your own instrumentation tools (called Pintools)
Multiplatform:• Supports x86, x86-64, Itanium, Xscale• Supports Linux, Windows, MacOS
Robust:
• Instruments real-life applications: Database, web browsers, …
• Instruments multithreaded applications
• Supports signals
Efficient:• Applies compiler optimizations on instrumentation code
19Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
19
Pin (VM) Software Architecture of Binary Translation
JIT Compiler
Emulation Unit
Virtual Machine (VM)
Code
Cache
Instrumentation APIs
Ap
pli
cati
on
Operating SystemHardware
PinPintool
Address space
20Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
20
BT: Instrumentation Approaches
JIT Mode
• Pin creates a modified copy of the application on-the-fly
• Original code never executes
More flexible, more common approach
Probe Mode
• Pin modifies the original application instructions
• Inserts jumps to instrumentation code (trampolines)
Lower overhead (less flexible) approach
21Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
21
JIT-Mode Instrumentation
Original codeCode cache
Pin fetches trace starting block 1 and start instrumentation
7’
2’
1’
Pin
2 3
1
7
45
6
Exits point back to Pin
22Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
22
JIT-Mode Instrumentation
Original codeCode cache
Pin transfers control intocode cache (block 1)
2 3
1
7
45
67’
2’
1’
Pin
23Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
23
JIT-Mode Instrumentation
Original codeCode cache
7’
2’
1’
PinPin fetches and instrument a new trace
6’
5’
3’trace linking
2 3
1
7
45
6
24Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
24
Original Code
A
B C
D
FE
A’
C’
F’
D’
Code Cache
Hot Path,Found withHardware
E
D
B
A
C
Original Code
F
JIT Code Model
25Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
25
Transformation cost: Start-up (initialization) overhead
A black line represents a service request from the virtual machine. Space between adjacent black lines indicates time being spent in already compiled code paths.
time
Significant demands on the run-time system
Light-weight application
26Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
26
Persistence
A B C D C Original dynamic instruction streamA
1) A’ B’ C’ D’ C’ A’JIT JIT JIT JIT
2) A’ B’ C’ D’ C’ A’JIT JIT JIT JIT
1) A’ B’ C’ D’ C’ A’JIT JIT JIT JIT
2) A’ B’ C’ D’ C’ A’
Traditional JIT
Persistent JIT
27Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
27
Instrumentation Approaches
JIT Mode
• Pin creates a modified copy of the application on-the-fly
• Original code never executes
More flexible, more common approach
Probe Mode
• Pin modifies the original application instructions
• Inserts jumps to instrumentation code (trampolines)
Lower overhead (less flexible) approach
28Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
28
A Sample Probe
•A probe is a jump instruction that overwrites original instruction(s) in the application– Instrumentation invoked with probes– Pin copies/translates original bytes so probed
functions can be called
Entry point overwritten with probe:
0x400113d4: jmp 0x41481064
0x400113d9: push %ebxCopy of entry point with original bytes:
0x50000004: push %ebp0x50000005: mov %esp,%ebp0x50000007: push %edi0x50000008: push %esi0x50000009: jmp 0x400113d9
Original function entry point:0x400113d4: push %ebp0x400113d5: mov %esp,%ebp0x400113d7: push %edi0x400113d8: push %esi0x400113d9: push %ebx
29Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
29
Popular VM Platforms
Xen
• Runs under an OS and provides virtual containers for running other operating systems. Runs a subset of x86. Routes all hardware accesses to the host OS.
Altris Software Virtualization Services
• Windows registry & directory tweaking
• Allows multiple instances of applications to be installed
Microsoft Virtual Server
Parallels
VMWare
30Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
30
Overall Picture
ISA HAL OS Library PL
Performance * **** **** *** **
Flexibility **** *** ** ** **
Development &
Implementation
** * *** ** **
Degree of
Isolation
*** **** ** ** ***
(More stars are better)
31Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
31
Instruction Set Architecture Level Virtualization
Technologies
• Emulation: Translates guest ISA to native ISA
• Emulates hardware specific IN/OUT instructions to mimic a device
• Translation Cache: Optimizes emulation by making use of similar recent instructions
• Code rearrangement
• Speculative scheduling (alias hardware)
Issues
• Efficient Exception handling
• Self-modifying code
32Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
32
ISA Level Virtualization: Examples
Bochs: Open source x86 emulator
• Emulates whole PC environment– x86 processor and most of the hardware (VGA, disk, keyboard,
mouse, …)– Custom BIOS, emulation of power-up, reboot– Host ISAs: x86, PowerPC, Alpha, Sun, and MIPS
Crusoe (Transmeta)
• “Code morphing engine” – dynamic x86 emulator on VLIW processor
• 16 MB “translation cache”
• Shadow registers: Enables easy exception handling
QEMU:
• Full Implementation– Multiple target ISAs: x86, ARM, PowerPC, Sparc– Supports self-modifying code– Full-software and simulated (using mmap()) MMU
• User-space only: Useful for Cross-compilation and cross-debugging
33Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
33
HAL Virtualization Techniques
Standalone vs. Hosted
• Drivers
• Host and VMM worlds
• I/O
Protection Rings
• Multilevel privilege domains
Handling “silent” fails
• Scan code and insert/replace artificial traps
• Cache results to optimize
34Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
34
VMware Architecture
35Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
35
Paravirtualization
Traditional architectures do not scale
• Interrupt handling
• Memory management
• World switching
Virtualized architecture interface
• Much simpler architectural interface
• Virtual I/O and CPU instructions, registers, …
Portability is lost
36Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.*Other brands and names are the property of their respective owners
36
Examples
Denali
• Simpler customized OS with no VM for network applications
Xen
• Simpler port to commercial OS
• Exposes some “real” hardware, e.g. clock, physical memory address