PPT

Download Report

Transcript PPT 

Virtualization Technology
Prof. Dan Connors
Virtualization
Real vs. Virtual
• Similar essence, effect
• ”Formally” different
A framework that combines or divides [computing] resources to present
a transparent view of one or more environments
• Hardware/software partitioning (or aggregation)
• Partial or complete machine simulation
• Emulation (partial or complete)
• Time-sharing (in fact, sharing in general)
• In general, can be M-to-N mapping (M “real” resources, N
“virtual” resources)
• Examples: VM (M-N), Grid Computing (M-1) , Multitasking (1-N)
22
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Virtualization: Motivation Areas
Server consolidation
Application Consolidation
Sandboxing
Multiple execution environments
Virtual hardware
Debugging
Software migration (Mobility)
Appliance (software)
Testing/Quality Assurance
33
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Types of Virtualization
Process & application virtualization
•
•
Process executes on CPU with modification of native instructions
Created binary instrumentation and translation systems
CPU/Machine virtualization
•
•
Each process feels like it has its own CPU
Created by OS preemption and scheduler
Memory virtualization
•
•
Process feels like it has its own address space
Created by MMU, configured by OS
Storage virtualization (Input/Output)
•
•
44
Logical view of disks “connected” to a machine
External pool of storage
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Application Level Virtualization
Java Virtual Machine (JVM)
• Executes Java byte code (virtual instructions)
• Provides the implementation for the instruction set interpreter (or JIT compiler)
• Provides code verification, SEH, garbage collection
• Hardware access through underlying OS
JVM Architecture
• Stack-based architecture
• No MMU
• Virtual hardware: PC, register-set, heap, method (code) areas
• Rich instruction set
–
Direct object manipulation, type conversion, exception throws
Provides a runtime environment through JRE
Other Examples: .NET CLI, Parrot (PERL 6)
55
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
CPU Virtualization
66
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Virtual CPUs
Each process feels like it has its own CPU
• But cannot execute privileged instructions (e.g., modify
the MMU or the interval timer, halt the processor, access
I/O)
Created by OS preemption and scheduler
Pseudo-machine with interpreted instructions
• 1966: O-code for BCPL
• 1973: P-code for Pascal
• 1995: Java Virtual Machine
Run anywhere
77
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Virtual Machines
Machine virtualization
• Partition a physical computer to act like several real
machines
• Migrate an entire OS + applications from one machine
to another
Early examples
• 1972: IBM System 370
88
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Machines: Stacked Architecture
APPLICATIONS
API Calls
USER LEVEL LIBRARIES
User Space
System Calls
Kernel Space
KERNEL
Instructions
HARDWARE
99
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Possible Virtual Abstraction Levels
Instruction Set Architecture
• Emulate the ISA in software
– Interprets, translates to host ISA (if required)
– Device abstractions implemented in software
– Inefficient
• Optimizations: Caching? Code reorganization?
• Applications: Debugging, Teaching, multiple OS
Hardware Abstraction Layer (HAL)
• Between “real machine” and “emulator” (maps to real
hardware)
• Handling non-virtualizable architectures (scan, insert
code?)
• Applications: Fast and usable, virtual hardware (in above
too), consolidation, migration
10
10
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Possible Abstraction Levels
Operating System Level
• Virtualized SysCall Interface (may be same)
• May or may not provide all the device abstractions
• Easy to manipulate (create, configure, destroy)
Library (user-level API) Level
• Presents a different subsystem API to application
• Complex implementation, if kernel API is limited
• User-level device drivers
Application (Programming Language) Level
• Virtual architecture (ISA, registers, memory, …)
• Platform-independence ( highly portable)
• Less control on the system (extremely high-level)
11
11
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Machine Virtualization
Privileged vs. unprivileged instructions
Regular applications use unprivileged instructions
• Easy to virtualize
If regular applications execute privileged instructions, they
trap
• VM catches the trap and emulates the instruction
12
12
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Virtual Machine Monitor (VMM)
Hypervisor- Program in charge of virtualization
• Arbitrates access to physical resources
• Presents a set of virtual device interfaces to each host
Guest OS runs until:
•
•
•
•
13
13
Privileged instruction traps
System interrupts
Exceptions (page faults)
Explicit call: VMCALL (Intel) or VMMCALL (AMD)
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Approaches
Intel x86 arch doesn’t support trapping privileged instructions
Two approaches to modifying OS to run on virtual machine:
• Binary translation (BT)
– Scan instruction stream and replace instructions
– Replace privileged instructions with something the VM can
intercept. (VMWare approach)
• Paravirtualization
– Don’t use non-virtualizable instructions (Xen approach)
– Static design approach, paravirtualization support is
designed before dynamic adaptation
14
14
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Binary Translation and Binary Instrumentation
15
15
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Translation Approaches
• Source instrumentation:
– Instrument source programs
• Binary instrumentation:
– Instrument executables directly
Advantages for binary instrumentation
 Language independent
 Machine-level view
 Instrument legacy/proprietary software
16
16
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Instrumentation Approaches
When to instrument:
• Instrument statically
• Instrument dynamically
Advantages for dynamic instrumentation
 No need to recompile or relink
 Discover code at runtime
 Handle dynamically-generated code
 Attach to running processes
17
17
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
www.pintool.org - Support for Binary Translation
Easy-to-use Instrumentation:
•
Uses dynamic instrumentation
– Do not need source code, recompilation, post-linking
Programmable Instrumentation:
• Provides rich APIs to write in C/C++ your own instrumentation tools
(called Pintools)
Multiplatform:
• Supports x86, x86-64, Itanium, Xscale
• Supports Linux, Windows, MacOS
Robust:
•
•
•
Instruments real-life applications: Database, web browsers, …
Instruments multithreaded applications
Supports signals
Efficient:
• Applies compiler optimizations on instrumentation code
18
18
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Pin (VM) Software Architecture of Binary Translation
Address space
Pintool
Pin
Instrumentation APIs
Application
Virtual Machine (VM)
JIT Compiler
Cache
Emulation Unit
Operating System
Hardware
19
19
Code
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
BT: Instrumentation Approaches
JIT Mode
•
•
Pin creates a modified copy of the application on-the-fly
Original code never executes
 More flexible, more common approach
Probe Mode
•
•
Pin modifies the original application instructions
Inserts jumps to instrumentation code (trampolines)
 Lower overhead (less flexible) approach
20
20
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
JIT-Mode Instrumentation
Original code
Code cache
1’
1
2
3
5
Exits point back to Pin
2’
4
7’
6
7
Pin
Pin fetches trace starting block 1
and start instrumentation
21
21
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
JIT-Mode Instrumentation
Original code
Code cache
1’
1
2
3
5
2’
4
7’
6
7
Pin transfers control into
code cache (block 1)
22
22
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Pin
JIT-Mode Instrumentation
Original code
Code cache
trace linking
1
2
3
5
1’
3’
2’
5’
7’
6’
4
6
7
23
23
Pin fetches and instrument
a new trace
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Pin
JIT Code Model
A
B
C
D
E
F
Hot Path,
Found with
Hardware
Original Code
24
24
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
A’
A
C’
B
D’
D
F’
E
Code Cache
Original Code
C
F
Transformation cost: Start-up (initialization) overhead
Light-weight application
Significant demands on the run-time system
time
A black line represents a service request from the virtual
machine. Space between adjacent black lines indicates time
being spent in already compiled code paths.
25
25
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Persistence
Persistent JIT
Traditional JIT
A
26
26
B
C
D
C
Original
dynamic instruction stream
A
1)
JIT
A’ JIT
B’
JIT
C’
JIT
D’
C’
A’
2)
JIT
A’ JIT
B’
JIT
C’
JIT
D’
C’
A’
1)
JIT
A’ JIT
B’
JIT
C’
JIT
D’
C’
A’
2)
A’
B’
C’
D’
C’
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
A’
Instrumentation Approaches
JIT Mode
•
•
Pin creates a modified copy of the application on-the-fly
Original code never executes
 More flexible, more common approach
Probe Mode
•
•
Pin modifies the original application instructions
Inserts jumps to instrumentation code (trampolines)
 Lower overhead (less flexible) approach
27
27
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
A Sample Probe
• A probe is a jump instruction that overwrites
original instruction(s) in the application
– Instrumentation invoked with probes
– Pin copies/translates original bytes so probed functions can
be called
Original function entry point:
0x400113d4: push %ebp
0x400113d5: mov %esp,%ebp
0x400113d7: push %edi
0x400113d8: push %esi
0x400113d9: push %ebx
28
28
Entry point overwritten with probe:
0x400113d4: jmp 0x41481064
0x400113d9: push %ebx
Copy of entry point with
0x50000004: push
0x50000005: mov
0x50000007: push
0x50000008: push
0x50000009: jmp
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
original bytes:
%ebp
%esp,%ebp
%edi
%esi
0x400113d9
Popular VM Platforms
Xen
•
Runs under an OS and provides virtual containers for running
other operating systems. Runs a subset of x86. Routes all
hardware accesses to the host OS.
Altris Software Virtualization Services
•
•
Windows registry & directory tweaking
Allows multiple instances of applications to be installed
Microsoft Virtual Server
Parallels
VMWare
29
29
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Overall Picture
ISA
HAL
OS
Library
PL
Performance
*
****
****
***
**
Flexibility
****
***
**
**
**
Development &
**
*
***
**
**
***
****
**
**
***
Implementation
Degree of
Isolation
30
30
(More stars are better)
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Instruction Set Architecture Level Virtualization
Technologies
• Emulation: Translates guest ISA to native ISA
• Emulates hardware specific IN/OUT instructions to mimic a device
• Translation Cache: Optimizes emulation by making use of similar
recent instructions
• Code rearrangement
• Speculative scheduling (alias hardware)
Issues
• Efficient Exception handling
• Self-modifying code
31
31
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
ISA Level Virtualization: Examples
Bochs: Open source x86 emulator
• Emulates whole PC environment
– x86 processor and most of the hardware (VGA, disk, keyboard, mouse, …)
– Custom BIOS, emulation of power-up, reboot
– Host ISAs: x86, PowerPC, Alpha, Sun, and MIPS
Crusoe (Transmeta)
• “Code morphing engine” – dynamic x86 emulator on VLIW processor
• 16 MB “translation cache”
• Shadow registers: Enables easy exception handling
QEMU:
• Full Implementation
– Multiple target ISAs: x86, ARM, PowerPC, Sparc
– Supports self-modifying code
– Full-software and simulated (using mmap()) MMU
•
32
32
User-space only: Useful for Cross-compilation and cross-debugging
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
HAL Virtualization Techniques
Standalone vs. Hosted
•
•
•
Drivers
Host and VMM worlds
I/O
Protection Rings
•
Multilevel privilege domains
Handling “silent” fails
33
33
•
Scan code and insert/replace
artificial traps
•
Cache results to optimize
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
VMware Architecture
34
34
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Paravirtualization
Traditional architectures do not scale
• Interrupt handling
• Memory management
• World switching
Virtualized architecture interface
• Much simpler architectural interface
• Virtual I/O and CPU instructions, registers, …
Portability is lost
35
35
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners
Examples
Denali
• Simpler customized OS with no VM for network applications
Xen
• Simpler port to commercial OS
• Exposes some “real” hardware, e.g. clock, physical memory
address
36
36
Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without notice.
*Other brands and names are the property of their respective owners