 All right good morning. Ah, I like that. Let's do that again. Good morning. Yeah, it's very enthusiastic. Good morning from this side of the room. All right, so Something is strange about this picture Okay, so Today and Friday we're going to talk about virtualization We are it's the last little thing we get to cover It's really cool. I wish I had you know two weeks to talk about virtualization, but we have two days So we're gonna do our best. I'm keep things that are probably a fairly high level for the next couple days Hopefully that won't bother anybody. The details get kind of gooey But what I'm going to try to do is give you some sense of of what the objective is and why this is interesting Why we want to do this and some of the techniques that are used to actually accomplish this, right? So how many just by a show of hands how many people have some idea what they think virtualization is hardware virtualization? Okay, good. How many people well actually how many people have used hardware virtualization recently? Everybody's hands should go up right if you're working on the assignment, right? If you're not then, okay? Well, then you have other problems All right, so so and we'll just talk a little bit today about some of the details and sort of get you Started with this because it's it's cool stuff, right? And it's definitely really relevant to operating systems that operate system design certainly, you know in this century, right? All right, so a couple of announcements. So next Monday. I've decided we'll do an exam review session from 8 to 10 a.m. right that is not a typo John that is the actual Time for the review session and that's also the time for the exam sadly so that is and this will give you guys some practice in the art of waking up even earlier than you've been waking up all semester, right? I really Don't want you guys wandering in at 9 a.m. On exam day, right? That would be tough on you guys So anyway, so and I'm also just not going to tape this, right? There's two reasons for that one is to encourage people to come the only time I've done this all semester, so don't give me a hard time about it and the second more probably You know defendable reason is simply the video camera battery only last 80 minutes, right? so I can't tape hold and So the exam is going to be on all the material. We're going to cover up to Friday Right, I mean we you can then you can think you know proportionally about what's going to be in the exam We've done we're going to do two lectures on virtualization What percentage of the class that is that they go have done a total of 36 lectures So you know I mean there's not going to be massive amounts of stuff on the exam about this But there probably will be something And then finally how many people have got a link to the feedback form for the class I Think everybody should have got this. Okay, so I would love if people would provide feedback This is the first time this class has been taught There's parts of it that I think have gone. Well, there's other parts that have been little mini ongoing disasters So some of those things I know about but other things I think it would be great if you guys could help me find out So I'm assuming the feedback is anonymous So please go on ahead fill that out and and again, I'll come up with some sort of either self facing or point Distributing incentive if if the class participation rate gets above a certain percentage, right? I don't know what it's at now. I have to check recently But I don't know maybe if we can get to like 75 percent or something then I don't know I'll think about it. I'm sure Calvin or so one of these guys will have a good idea something embarrassing that I can do Yeah, a lot of anger built up All right, so Quick review of performance analysis and improvement So we spent a few lectures on that, you know, maybe went a little bit too slowly But anyway, we're finished with it and did people have any questions about that material? Any questions about performance analysis improved? Something that you can probably expect to see in some form on the exam as well as in later in life Okay, so how do we do it? You know, you guys just told me you you don't have any questions about it So how do we improve the performance of a system or a component of the system or anything, right? What are what were our steps? What's the recipe? Step what's the first thing we have to do first thing we have to do it start Measure we have to measure something, right? I didn't hopefully hopefully measure the thing that we're trying to improve, right? So you have to measure the system and and how do we you know, how do we go about doing that, right? What are some of the challenges inherent in measurement? What are some of the stumbling blocks? people remember Sean Right, so I have to I okay, so it's great. I have to choose what to measure, right? Do you remember what my choices were I had three options? What can I measure? So Sean got one of them models. There's two more Right side of the room Simulations is another one left side of the room Model simulations. What's the third thing that I could measure? potentially I hear somebody whispering something that sounds right that's that The real system right the actual thing right that that's that's a useful thing potentially to measure, right? So I've got to choose what to measure and then what else do I have to do I? Have to choose what environment to measure things in Michael Oh No, don't go to step two yet. We're still in step one, right? All right, so I've picked let's say I'm gonna run simulations Okay, now. What do I do? What's the next step? Windows what's that? Oh, it's a max. Okay, sorry. I should know what it sounds like All right. Don't get distracted. I've got a simulator. I've decided on a simulator. What do I need to do now? What is it going to do? Keep hopefully keep running right, but what is it going to be doing while I measure it? Well, I'm going to collect data about it, but what what is what is it going to what? What's the input right? What do we call these things? inputs to systems frequently used during performance testing Test cases no Somebody knows the answer bench marks. Oh, right. So I've got to do some benchmarks I need to decide what the system is going to be doing while I measure right? And I probably need to pick some measurement tools Right I need to get a measurement harness set up so that I can actually measure the time it takes or the Some variable of interest to the system, right? So we talked a little bit about all these different challenges. All right now Analyze the results and Michael got us there a little fast. What are the challenges here? Got this. So I've collected some data and I'm gonna sit down and look at the data right no problem What are some of the pit balls challenges best practices measurement else John? I don't ignore outliers, right? Love your outliers, right? The outliers have potentially something to tell you there. They're not just noise, right? They might be important. Okay, what else? Yeah, beware of summary statistics, right? Don't compute statistics over data sets before you look at them, right? Look at them examine them closely, right? I think you guys got this right use appropriate statistical techniques, right? Don't don't you know summarize data before you understand the data, okay? All right now final step. What's the final step? Improve the system, right? Improve the slow parts no problem, right? What are how do I do this? What are the two steps to doing this to do little sub steps, right? Identify the slow parts, right? And then and then what? Right, so I need to think about on doll soft. We're gonna come doing the second and then make them faster, right? We talked about some ways hints potential ways to improve things make things faster, right? What is one and I should have put this in the last slide. What is one potential way? So we've talked a lot in this class about sort of the the keep it simple stupid principle, right? And I've been encouraging people to apply this to assignment 3, right? You know don't use a fancy data structure world simple data structure will do when you're improving the performance of the system When might that rule break down? What's one case where I might want to use a fancy data structure? It's faster, right? So one way to improve performance that that I forgot to include in the last set of slides is simply Use a more sophisticated data structure, right? You know you started off with something simple. You were doing this You were walking this whole linked list to look up something and then you realize that those lookups were really what was killing you Now is the time to go in and put your sophisticated data structure because now is when you know that you need it, right? Turns out that probably what you'll find is if you start off with simple data structures throughout your programs a Lot of them never stop being simple because they just don't matter for performance And you won't know what matters up front. All right, so three formulations of Omdol's law, right? Well, what was the Oh, okay. What was so what was the original sort of colloquial formulation of Omdol's law that we came up with? Omdol's law who could explain Omdol's law? I think if someone explains it to me, that'll be colloquial enough, right, right? Okay, so I like that it's it's got most of it in there, right? So the colloquial statement of this was simple The the impact of any effort that you're making to improve system performance is constrained by the parts of the system that you're not working out Right, and that's frustrating because you're working on one part of the system, right? And and you're you know, but the system the rest of the system is not going to slow down because they're not working Right, sorry. It's not going to speed up. It might work, right? What's an even more colloquial? statement of Omdol's law it's another way of Restating that same thing Or what was what was the general sort of design principle that we came up with right? What is Omdol's law really telling us about our intuition about you know The the powers that we have as scientists. What is Omdol's tall telling us Omdol's law really telling us not to do? Anybody back here? But even so when I'm deciding what to improve what should I not do? What should I not rely on? What's the one thing that you'll let you down over and over and over again when you try to improve the performance of the system say it's something you wrote What's the temptation? What's the temptation that will allow you to avoid all of this painful benchmarking and Measurement and simulator development and all the things. What what could you do instead? Yeah Just work on the part of the system that you want to work on right work on the part that you think is slow Right work on the part that you remember being messy and gross right so on some level Omdol's law tells us to you know Ignore your intuition right ignore the parts of the system that you think are gross and ugly and slow that you think are broken That you remember not being happy Those parts don't matter to the computer right what matters to the computer is what code paths are being executed And you don't know what's doing the most damage you know what you remember not like right, but you don't know what actually really matters All right finally What was the sad sort of corollary of Omdol's law? That forces us to rerun this benchmarking cycle over and over So okay, so I followed on those law. I picked the part to improve I'm making some improvements. I've sped up that part of the system now. What's my problem? I'm not working on the right part of the system anymore Right as soon as I made some improvement to one part of the system assuming that I have several parts of the system that are contributing to the speed of the system and and and one of them isn't completely dominant as Soon as I've worked on one part I've got to step back Rebalance and figure out what to do next right because as soon as I've sped up one part of the system I'm not working on the right problem anymore You have to stay in this tight loop right you don't run your benchmarks and do your analysis and get obsessed with one particular module Right you run those you rerun them when you're done making your changes and you figure out. Okay. What's the next mole? I need to whack right. What's the next thing at the top of the two dudes? Okay, cool any other questions about? performance analysis and improvement All right stuff must be just really breathtakingly obvious, okay so Today, I'm going to introduce you to the con or I think people on think they understand it or probably do understand it Right so so today we're going to talk about hardware virtualization right and virtualization itself is a broader term Right and we've actually throw the other class will come back to a way that we've used the idea of virtualization in this class Right virtualization has to do with creating levels of indirection when we talk about Hardware virtualization right what we're talking about is the ability to create a Hardware virtual machine So throughout the class what we've been talking about primarily operating systems that run on physical machines physical machines Real collections of hardware that the operating system has privileged access to and controls in their entirety Right, I mean when you install Windows or a new install Mac on your machine You couple the operating system to that actual physical machine, okay? And that operating system again has all the privileges that it needs to multiplex resources and support applications, etc etc, right and You know these are again I mean here's one way of thinking about what a physical machine is real hardware resources We give the operating system exclusive access to and the operating system communicates with those resources through So through the hardware interface right we've talked a lot about what the operating system interface is right But hardware also has an interface right CPUs have instructions that they support devices have commands that they are they allow you to send okay, so and And it turns out that if we if we are careful about how we set things up We can also run operating system inside these virtual machines and the terminology becomes a little bit confusing here because there's two very I think when I started to learn this stuff this really threw me off right there's two very similar Acronyms that we start to use right one is virtual machine or VM The other is a virtual machine monitor, okay? The virtual machine monitors a piece of software right the virtual machine itself is Really almost an abstraction right a virtual machine is a set of virtualized resources that looks like a real machine and If we do our jobs right if we write our virtual machine monitor Correctly the virtual machine itself can look so real that we can actually run a real operating system inside that virtual machine We can actually run a real unmodified operating system that is used to running on real hardware We can run it inside a virtual machine on virtualized heart right so this this is this is the thing to keep in mind We'll talk a lot more about VMMs than we will about VMs right because VMM is really the kind of interesting software component, right? Three other pieces of terminology so we talk when we talk about the operating system that's running inside the virtual machine We refer to that as the guest operating system, okay? For the type for the type of virtualization We're going to talk today talk about today. There is a real host operating system, right? So the host operating system is running on the real hardware right the host operating system runs on real hardware And it's full access to that real hardware the guest operating system runs inside a virtual machine With the assistance of a virtual machine monitor and has access to virtualized heart, right? And you know as you might imagine I mean virtual machines differ from physical machines in a lot of really important ways, right? So a virtual machine does not provide the guest OS with this exclusive privileged access to the underlying physical machine that it's used the virtual machine provides the Guest OS with access to a subset of the hardware or a certain portion of the memory Or some piece of the system or in certain cases virtualized devices that we'll talk about a little bit more tomorrow, right? And again almost an equivalent formulation of this is they don't give the guest OS privileged access to the system If they did then the whole concept of this virtual machine would would be really kind of silly, right? Because essentially the guest OS would be like hey, you know, this is my machine, right? You know, I know that there's this host OS down there that's supposed to be in charge But you put me on here and now I'm going to take over right and and I can think of a few things uglier than trying to run You know several real operating systems on the same machine that just sounds like a recipe for total chaos, right? So so we cannot and one of the big challenges here is we have to take these programs, right? The operating system is a program We have to take these programs that are used to having privileged access to hardware and figure out how to safely You know take away that privilege so they can run safely inside a virtual machine, right? This is one of the big challenges, okay? So the virtual machine monitor right the VMM is a piece of software, right? So the virtual machine is an idea it's an abstraction the virtual machine monitor is something that people write, right? it's a piece of software and The idea is that the virtual machine monitors in charge of creating a virtual machine, okay? And that virtual machine can't there are certain cases where that virtual machine you can run anything inside of it, right? You could run an application inside of it like if you had you know There were old games that people used to run on you know people like me who are you know semi-ancient, right? Does anyone remember has anyone ever used like an Apple 2 computer? You know like a 2gs 2e, you know these these computers they didn't have operating systems, right? They were they were disk based machine So you put in a disk you booted it up and the operating system the computer just started executing the instructions that were on this floppy disk, right? And so every application there was really no it was a kind of a single-use computer, right? If you booted up the game you finished the game you turned off the computer And if you wanted to switch to your word processor you booted it up with the word processor disk, right? And if you wanted to play the game again you shut down the computer took out the word processor disk So there was really no notion of multi-programming or multi-processing on these old machines, right? so and and and these and these I'm assuming that these games didn't really have a little Operating system built into them that would be kind of dumb They just assumed that they would have privileged hardware access So one thing that we could do with virtual machines is use them to play old Apple 2 games Right? That seems kind of like a dumb dumb use, but but anyway, but normally when we talk about virtualization We're talking about virtual machines that are that are real enough that you can run entire operating systems inside it But that's not always the case You can imagine virtual machines that are missing some critical features that the operating system would need to function But can run applications right but in this case we're today We're talking about virtual machines that are so real right so real and so So similar to the underlying physical hardware that you can run other operate systems inside them alongside other applications under system All right, and and again I mean this this kind of comes back to this idea that the operating system is in a hopeful I've convinced you of this this semester the operating system is not this Mythical creature right the operating system is a piece of software It's a piece of software that executes instructions. It's just another program, right? And you know again, I mean you've been using your virtual box virtual machine, right? That's running a you know an un I don't know if it's unmodified or not I think it is pretty much unmodified version of Linux inside there And that unmodified version thinks that the resources that you've provided to it is what the machine is It's like hey, this is great. You know I'm running a you know circa 1990 machine with 512 megs of RAM Right like too bad that you know the future hasn't dawned on this person But you know like that the operating system really has no idea Mate, but certainly has a little enough idea that it can run Relatively unmodified inside of that virtual machine all right, so I Know that there's this big sort of lingering question of how on earth do we accomplish this right? But I just want to motivate the Why this is cool right because this is actually a really exciting area There's still a lot of really interesting stuff going on You guys have probably heard about EC2 and there's all these different types of you know Software as a service infrastructure as a service right the cloud Etc etc right so this is this is all really exciting stuff right but but let's and maybe I think we kind of probably have Maybe from watching too many IBM commercials or something We probably internalize some of the reasons for doing this but let's let's review right because it's hard right there There's some effort that went into this and so it's worth talking about why did we bother right? Was just this just the product of geeks like me who wanted to like run Microsoft Windows and its own little protective container and Run old Apple 2 games now. I mean there are a lot of good reasons, okay? So so again, we've been talking about operating systems all semester We've learned about how awesome they are and how great they are about you know multiplexing resources and you know Providing really nice interfaces for applications et cetera et cetera So why would we want to kind of ditch them in favor of this new idea of virtualization? And And there's a number of reasons and a lot of those reasons I'm going to start off with couple sides that are really kind of weaknesses of operating systems themselves Right, and then we'll talk about kind of we'll flip it around to talk a little bit more about the positive things of virtualized environments, right? So so again, I mean just for the sake of argument What are some of the weaknesses or problems with operating systems that we as we presented, right? I mean and they seem great You know they seem like they're really a you know a nice solution, but but what are some problems that in particular? Think about hardware coupling, right? So what are some problems with operating systems? In in the way that we've described right in terms of like installing an operating system on a machine What are what are some of the limitations or weaknesses of this model? Okay. Oh, okay. That actually that's that's really just a point that's something I thought of right? So you have to support a lot of different hardware, right? There's a lot of different real devices and we're talking about real systems with real devices, right? So, you know, I have to you know have a different different device driver for every stupid Nick that's on the market, right? If you're Microsoft and that's kind of terrible, right, but what else right? I mean what what what is this what is strange kind of about this world of computers that were used to use right? You have a computer, right? It's a set of hardware resources and and what is what is kind of like intimately coupled with that computer, right? What's that? The OS, right? I mean you we you know your machine is not fundamentally a Windows computer right or a Mac computer or a Linux computer It's a processor memory set of you know devices a couple of this whatever, right? and but the problem is that we've kind of like embedded the Identity of the software that runs on this machine and we've coupled it with the hardware that's there, right? So how many people have run things like boot camp or you know parallels or whatever on their machine? So I mean these solutions provide some limited ability to sort of dual boot or you know I remember when I was in college it was like the Holy Grail was the triple boot Although I don't remember what we were triple booting into I mean maybe it was like now Maybe it's a triple boot Mac Windows and Linux all running on the same machine, right? Whoo, but what do you have to do to switch between them? Reboot that's kind of a pain, right? So so not necessarily super super awesome. So essentially again I mean we've taken these bundles of hardware resources that are much more flexible and we've embedded an operating system on top of it, right? And you know at some level that you can think about that as being bad. I mean what happened, right? What You know you you install Mac on your machine and what have you done? What have you what have you done that you might might regret later you have a Mac, okay? Well, yeah, okay, so what about having a Mac might you might you regret? What's that? Can't play games. Okay. Yeah, that's a good point, right? Yeah, there's some games that you can't play because you know they only run on Windows There's a lot of software that that still is unfortunately tied to particular environments, right? I mean you can't use Internet Explorer, which is really what everybody wants to do, right? No, no, I mean I kid I kid you not I have a I have a Windows 7 virtual machine on my desktop that is for one reason only which is that there is this totally broken website that My department uses to book travel that only works on Internet Explorer, right? Like how many websites on earth are left that are like that, right? I mean nothing else doesn't work on spore. It doesn't run on firefox. I thought it was just fundamentally broken I couldn't believe it and then I you know I Borrowed a friend's computer at Internet Explorer and it worked. That's like oh my god. It's terrible. So anyway I mean yeah, there's there's some things like that out there So yeah, if you really wanted to use Internet Explorer or whatever or some game or some piece of software you would you would be stuck, okay? What about you know, what about what happens if you get a new machine? What do you have to do? You have to set it up the way you like you have to reconfigure everything, right? There's not this idea of just somehow being able to you know grab your entire environment and just plop it somewhere else, right? That could be nice, right and then what about what about hardware provisioning, right? What about so so think about things like you know like an automobile, right? An automobile It's like I need the car today. So I take the car tomorrow. My wife needs the car. So she takes the car What if you could do that with can you do that with things like memory? You know again, I guess you could you know Now my wife and I could have some memory sticks at home That are kind of our shared memory sticks and when I need the big memory stick I stick it in my computer, right and when she needs it that she sticks in her computer or whatever But that's kind of gross, right? I mean, what do you have to do to get that to work? I? Mean literally do what do you have to do? I've talked to my wife. Yeah, that's that That part's easy, right? We might fight a little bit over who gets the memory today, right? We have you know, we yeah We'd have to have some sort of like Way to figure out whose computer is actually slower and you know at the given moment But but what else do you have to do like I have this nice math, right? How easy is it to get memory in and out of that thing? It's impossible right probably violates my warranty and it was like 60 screws that are specific to Mac I don't know what I'm gonna find something dead buried in there. Anyway, so the point is that this is gross, right? So so flexible hardware provisioning is really really hard when you have these systems that are tightly coupled between hardware itself, right? So here here here are my here my list so right so again You have this coupling between hardware resources in the operating system You know hardware is hardware hard a computer is a collection of hardware components the operating system is software There's no reason not priori that we need to embed the software so far in there that it's really hard to get out Which is kind of what we do now, right? You know if you wanted to run multiple operating systems at the same time on the same machine that's hard This is a little geeky, right? This is a little one of those things where it's like not everybody is a weird computer scientist So this is not like a super compelling reason It's difficult to transfer entire setups to another machine, right? I mean how many how many people have ever installed a piece of software, okay? How many people have ever installed a piece of software that required you to install like 80 other things, right? And that took you know most of your day and sometimes your entire weekend, right? So that's a pain in the butt, right? It's really gross trying to tailor hardware to the needs that you have at a particular moment, right? On your PC this is not much of an issue, but you think about servers, right? I mean some servers, you know have two hours of the day where they're heavily loaded and the rest of the day They're pretty they're pretty likely loaded and this is really hard to do when I've got this tight couple in between hardware and software Okay, and again So what this means is that I do this static up-front provision of machine resources when I buy a laptop I need a laptop that's big enough to fit everything I could possibly do with it, right? If you Alright Okay, so so what else let's talk a little bit about application isolation So this is another kind of weak area of operating systems potentially We've talked through the semester about one of the things that operating systems are trying to do is protect applications from each other And in certain cases that is true, right? So what are what are parts of the system where the operating system does a pretty good job of isolating applications from each other? Processor, right? I mean processor is easy I yank something off the processor I move all traces of its execution and I start something else running, right? So we had this nice idea that I'm creating the illusion that every process has its own CPU, right? What else what other part of the system is pretty we're pretty good at what? Virtual memory, right? So memory again I mean to some degree memory doesn't provide perfect isolation and neither does process scheduling because there's still one resource And I've still got to divide it up between processes so that you know if one process gets really pig ish It can affect other processes but the for these resources were pretty good. What resources aren't we as good at? What's that? So so there's certain pieces of hardware, but I have what I have one particular part of the system in mind I'm curious about Right, so again, we're concerned about this lack of true isolation between multiple applications What's one big part of the system where it changes that are made are visible to everybody on? the disk right file systems We don't provide processes with our own file system We give them a file view of the file system and they may not have the right privileges to change parts of the file system But again, there's all sorts of you know information that operate systems essentially a leak between multiple processes Sometimes this is on purpose, right? I mean operate systems weren't really designed to completely isolate applications from each other because applications work together to do things on the system So that's not necessarily something that we would want to do. Okay So, you know and again to go back to the software installation How many people have installed a piece of software that had requirements that broke every other piece of software on the machine, right? You know like something needs Python 3.0 something needs Python 2.6 something this library So this again this gets kind of gross and the reason that this gets gross on some levels The file system is shared and this is where this stuff gets installed, right? And if you're not careful you end up with things that are you know you update a package that's used by somebody else It's really difficult sometimes to avoid doing this, right? The other thing is that you know certain applications. We talked about this a little bit when we talked about some of a kernel Structure models certain applications have really specific requirements, right? So certain applications may really want to tailor the performance of the operate system to their to their own needs and to some degree this goes so far as to say I remember I was you know that I was somewhere listening to the guy who one of the guys from the Zen team Which is came up with one of the big interesting approaches to virtualization. We'll talk about Friday talked about You know the fact that there are certain pieces of software where if you run that piece of software on a machine that has anything else running on it You are violating the terms of service Like you you know if you have Microsoft, I'm just going to pick an example I don't know if this is true, but if you were going to sell like Microsoft sequel server, right? The only supported configuration is if it is the only application running on the entire system, right? Otherwise something else weird could be happening like you're trying to run a web server and you're ready sequel server No, no, no can't do that, right? So so what ends up happening here, right? You're a you know You know pre virtualization you're a company you're trying to set up some sort of web Website with the back end. You've got a database server. You've got a web server. You've got a file server What what what is your server room end up looking like? What's that a big mess of what? Machines right one machine to run the sequel server another machine to run the web server a third machine to run the file server a Fourth machine is you know and it just it goes on and on right and each machine You know, what's the likelihood you're going to get the right configuration for each machine? It's tiny right you start to realize oh my web server is a bottleneck well now You got to buy a new machine for the web server, right? So this gets this gets really really gross so Virtualization you know in addition to giving us some sort of geeky properties as far as you know the ability to run multi-operates and stuff like that Has a lot of really nice features, right? There's a lot of nice things that come along in the box with virtualization, right? One is that essentially we can do what I did for you guys this semester with your with your VM You can package and distribute an entire environment as it right so I could put together the software tools I didn't have to put up instructions and I knew when you guys booted up that virtual machine that everything would be exactly as I left Right, which is nice, right because it actually took me a couple days to figure out how to get the stupid tools to compile You can take one of the nice things that companies love of course is that you can dynamically divide up and The degree to which you can do this dynamically varies but on some of you can divide up one large machine You can buy one big machine and you can divide it up into little pieces and hand those pieces out to people or to different Uses right so rather than the four machines. I have one big machine and the machine runs multiple virtual machines One of them runs the web server one of them runs the file server, whatever right each of them can be tuned individually for its own application And then the other nice thing is Virtualization gives us a way to kind of freeze and encapsulate the entire state of a machine meaning that once I've done that I Have a disk image essentially some file that represents the entire state of virtualized hardware And I can move that to another machine and restart it I can branch it, you know, I can duplicate it and essentially again What I did when I distributed the thing to you is I took one machine one virtual machine and it suddenly became you know 100 right and this is something and every one of those booted up You know, I mean, I think I shut it down before I distributed it But if I distributed a snapshot it would have booted up, you know into the exact same place Right where where I had left which can be really nice all right so And the idea of you know, the other thing I don't want to give the impression of is that this is a new idea Right so virtualization as a concept has been around for a long time right in the 1974 There were two pure scientists that essentially provided three requirements For a virtual machine monitor, right? These are these are kind of design requirements in order to implement a virtual machine model The first is remember the virtual machine monitors in charge of creating a virtualized machine creating a virtual environment Okay, the first thing is the virtual environment has to be realistic so an application or an operating system running inside the VM Cannot be able to distinguish the VM from a real system Except maybe with some timing things right? I mean timing is not going to be quite right because I'm going to play some games underneath the covers But essentially the software on the VMM should execute identically to how it would on real hard. Okay The second requirement is performance So so go back up to Fidele. What is one way of solving this problem? And in fact, what is what is one way of solving this problem that you guys are currently using? It's not virtualization something a little bit different. I want to provide a complete And the sorry animals said the answer. I want to provide a complete You know virtual machine that that that faithfully Behaves like a piece of real hardware right? What's one way to do it that again? You guys are using daily. I hope I can emulate it right? So system 161 is a MIPS emulator every instruction that your kernel executes until it panics is Emulated by that piece of software right so that software is not virtualization that software is emulation The problem with emulation is it is really slow. I mean your machines don't run that fast We're talking about like a bear bones kernel running inside an emulator. So emulators and it can introduce, you know hundreds to thousands to ten thousand factor slowdowns right in Taking an instruction and figuring out how to emulate it right so emulators are not an option here the performance is too bad and The way that we achieve performance in a virtualized environment is that we run as many instructions as we can on the real hardware Okay, and what we'll talk about it Today or maybe on Friday is figuring out which instructions we can't run on real hardware and figuring out what to do about those instructions Right, but most instructions you can imagine. I mean if you look at the instruction stream That's being generated by something running in a virtual machine a lot of those instructions are safe to execute directly on the hardware Right all they do is they modify registers And so it just looks like a regular application, right? but there are instructions and in particular their instructions that the Guest operating system is going to want to use that are going to create problems for They're going to modify the global state of the machine in a way that the virtual machine cannot do that So we'll talk about how to fix that and Finally again This is the safety criteria right that the virtual machine monitor has to ensure that Applications including potentially an operating system running inside the virtual machine Don't make changes that are visible outside the virtual machine Right so if the operating when you start up the virtual machine as an application and the operating system says Here's the memory that's allocated to you You can't let the things running inside the virtual machine make changes to other parts of memory And and there's some complications of this particularly because one of the things that you're running inside a virtual machine is used to making global changes to the system Right namely the operating system All right So there are there are two different approaches to virtualization right or you know I've there's probably more than two actually there's two that we're going to talk about right The second one which we'll talk about on Friday is what's called para virtualization I mean para virtualization means that we're going to require some small number Hopefully of changes to the operating system in order to allow it to run inside the virtual machine, right? So we're going to say okay, you know There's a couple of you know We didn't really need to do this with hardware And so there's a couple of little changes that we're going to need to make right and and that the efforts to make those Changes are supposed to pay off in terms of increased performance Full virtualization on the other hand means this idea that I should be able to take a copy of Windows 7 That was compiled and designed to run on real physical hardware and run it inside a virtual machine Unmodified right so again the guest operating system has no idea or or let's put it this way Shouldn't have to make any changes to run inside the VM, right? Okay, so So again, here's our goal, right? We have this application the on the unmodified operating system and we want to run it inside a virtual machine right and VMWare and virtual box and other Software solutions essentially allow you to run that virtual machine monitors an application, right? So you boot up your virtual box and it just starts running and essentially there is your little copy of Windows running inside an application So why is this hard? What is hard? What is hard about? There's a couple I mean there's a lot of things that are hard, but what's what's one thing that's hard in particular about the Apple about the Operating system that's running the guest OS What about multiplexing? Well, okay, but let's let's say I get around that problem Let's say what I do is when I start up the VM. I just give it a static set of resources And I think actually this is what some of these systems do right when they start out They just request a certain amount of memory like a big chunk of memory from the underlying host operating system And then they just use that right so again and to some degree they do that because the Guest operating system is not used to the amount of memory change Right on the system. That's kind of a weird thing and there's actually some hackish ways to work around this But guest operating systems, especially unmodified ones aren't used to you reaching into the machine and grabbing out 512 megs of memory or sticking in a gig halfway through execution. That doesn't really tend to work out very well, right? So let's say I just pick a static set of resources when I start up the virtual machine monitor And that's all that I use for the virtual machine, right? So now what's hard about supporting the things that are going to run inside the virtual machine. What is so? What is the operating system inside the virtual machine? What are some of the things that it's going to do that I need to be concerned about? So what what pieces of hardware on the system might it try to manage that might? Pierce as we put it that the virtual machine might give it access to other resources on the system So that it writes so okay TLB, right? So the TLB and virtual man memory management are great examples, right? So on a next 86 system remember I have this hardware managed TLB But you can you know it doesn't really matter, right? If I'm an operating system running inside the guest, oh if I'm the guest OS, sorry Yeah, just this stuff messes with my mind a little bit too actually gets complicated. So if I'm the guest OS How can I and again remember the goal of the virtual machine monitor is to prevent the guest operating system from accessing Pieces of memory. It doesn't have access to on the system, right? How would it do this? What's one easy way that the guest OS? If left on sort of unsupervised could gain access to any part of the memory on the system What's that? No, but but I mean what but again if I was just running like an unmodified operating system, right? Let's say it's running with full privilege. What can it do? And you guys are writing writing kernel code that does this right now, right? Well, first of all depending on the architecture and might just have Access to like again the MIPS architecture that you guys are using has an area of memory that is just provides direct mapped access onto potentially all of memory, right? So I can just use those addresses and they work fine, right? But let's say I have to map let's say the kernel has to use the TLB as well Right, so the kernel has to load edges in the TLB, but I'm the kernel. So what can I do? No, let's say I want to access a physical page, right? I know which physical page I want to access. What do I do to access that page? I just load an entry into the TLB, right? I am the kernel. I manage the TLB, right? So if I run the guest operating system in privilege mode, it could just do all sorts of things, right? It's essentially the host operating system. So the host operating system is supposed to be running in privilege mode It's supposed to be able to do this. The guest operating system thinks it's running in privilege mode And so it's going to try to do things like this. It's going to try to write things into the TLB So we have a choice. Can we let it do that? Does anybody think we can let it just, the guest operating system just write anything it wants to into the TLB? No, because then it's the host operating system, right? And then it can see any part of memory it wants, right? The other, the other case that's hard is what do we do when an application that runs inside the guest operating system executes a system call, for example, or you know, has a virtual memory exception Who needs to handle this? So I've got a application. I, you know, think about it. I, you're System 161 Simulator, running inside virtual box, running inside whatever it is, Windows, okay? So, actually Windows is a good example. So it makes a system call Who needs to handle that system call? Windows? The guest OS But how do I get to the guest OS? Because if it executes an instruction that traps in the operating system Which operating system do I need to trap into? I need to get to the guest OS, but what it turns out is going to happen is I'm going to end up in the host OS, right? So this is another issue and and again as we said the guest OS will try to execute these privileged instructions, right? So this is one of the things that that makes full virtualization hard. All right So let me let's let's walk through one example before before people go of of how this works Because I think I've like unraveled a ball of feel like I've unraveled a big ball of yarn and I haven't put it back together yet So all right, so Okay So that the the goal here is that all traps and exceptions originated inside the virtual machine have to be handled first by the Virtual machine monitor and eventually by the guest operating system, right? I mean in if let's say you're using virtual box on Windows and you're using the Linux environment for this class Windows doesn't even know how to handle those traps, right? You're not even making a Windows system call Windows is gonna be like, what is this? You know like I don't even know what that number is that's loaded into the register That tells me what to do and that the arguments are all wrong like Windows would just punt, right? Actually, I hope what it was probably just kill the process, right? So eventually when an application running inside the guest OS traps or makes a system call I need to get the guest OS to handle that, right? So here's so here's what happens most the time the guest of applications and the guest OS Normally use the physical processor normally, right? This is when they're executing instructions that are safe to execute normally like simple stuff adds, you know Subtracts branching anything like that, right? So these are just executed normal, right? But when an application running inside the virtual machine on the guest OS makes a system call The first thing that's going to happen. Okay. So the first thing that's going to happen. Sorry is that Because of the fact that you know, I need to I need to allow the host OS to manage the machine So the first thing that's going to happen is I'm going to trap into the host OS The host OS needs to know that the virtual machine monitor is Actually what needs to handle this trap, right? So I trap it in the host OS the host OS is going to hand off that trap to the virtual machine monitor Is this something that normally happens on systems? Do I normally get to tell the operating system that I should be able to handle traps that handle and that happened inside my application? No, right so normally virtual machine monitors require special kernel drivers or other kernel support on the host OS to allow them to work, right? Otherwise the host OS would just bail it would say oh, this is a weird-looking trap and it would kill the processor Or it would do something wrong, right? So I hand off the trap to the VMM The VMM I inspects this system call, right? And essentially what it's going to do is it's going to invoke the guest operating system, right? It knows where the guest operating system is it knows where the guest operating system system call entry point is And it's just going to branch to that point and get and set up things properly So the guest operating system it just looks like a system call happen, right? Remember what happens when a system call happens normally? I jump to a specific place a specific address and I start executing code, right? So as long as I can get to that specific place in the guest operating system with the argument set up properly I'm okay, right and this is actually what happened So the VMM looks at it says okay an application inside the virtual machine trying to make a system call I know where the system call handlers are for the guest OS I'm just going to jump to that portion of code, right? So now I'm in the guest OS. This is good. This is what I wanted to do, okay? When the guest OS is done, what it's going to do is it's actually going to try to execute a privileged instruction, right? On MIPS, this would be something like return from exception, right? That's an instruction that's normally not allowed to be executed If I'm not running in kernel mode, right? And it turns out as I'm going to we'll talk about in a sec the guest OS is not running in kernel mode It's actually running in user mode You'd like three more slides to make this all clear so what's what's going to happen is that the VMM that the host I'm going to trap again into the host operating system, right? The host operating system is going to hand that track back to the virtual machine monitor The virtual machine monitor is going to see that the guest OS has finished Processing the system call and it's going to restart the process that trapped in the first place, right? So I've turned this on a normal system. This would be two boundary crossings, right? I would go from the application to the OS and back on a virtual eyes on a virtual machine This is for I go from the guest OS to the host OS Back to the so I go from the application to the host OS to the guest OS back to the host OS back to the application Right and the virtual machine monitor is what's interposing here We will go over this again on Friday, right? Because this is this is this is tough stuff to get your head around and there probably should be more pictures All right, and on Friday. We will continue talking about how do we get the guest operating system to work? Despite the fact that it does not have its usual kernel privileges. All right. See you then