Download Using statistical simulation to achieve fast and accurate performance

Virtual Machines
Supporting Changing Technology
and New Applications
Computing Frontiers
May 2005
J. E. Smith
Introduction
Why are virtual machines interesting?
They involve computer architecture in a pure sense
They allow transcending of interfaces
(which often seem to be an obstacle to innovation)
They enable innovation in flexible, adaptive software &
hardware, security, network computing (and others)
Virtualization technologies will be a key part of most future
computer systems
VMs (c) 2005, J. E. Smith
2
Outline







Virtualization
The Architecture of Virtual Machines
Emulation
Enhancing Security
The Grid
Portable Environments
Co-Designed VMs
VMs (c) 2005, J. E. Smith
3
Abstraction
Software



Computer systems are built
on levels of abstraction
Higher level of abstraction
hide details at lower levels
Example: files are an
abstraction of a disk
Application
Programs
fileLibraries
file
Operating System
abstraction
Memory
Manager
Drivers
Scheduler
Execution Hardware
System Interconnect
(bus)
Memory
Translation
Controllers
Controllers
I/O devices
and
Networking
Main
Memory
Hardware
VMs (c) 2005, J. E. Smith
4
Virtualization

Similar to abstraction
Except
• Details not necessarily hidden

Construct Virtual Disks
•
•
•

virtualization
file
file
As files on a larger disk
Map state
Implement functions
VMs: do the same thing
with the whole “machine”
VMs (c) 2005, J. E. Smith
5
The Family of Virtual Machines
Including
There
are things
lots of not
“virtual
called
machines”
“virtual machines”
IBM VM/370
IA-32
EL
Java
HP
Dynamo
VMware products
Transmeta
Crusoe
“The subjects of virtual machines and
emulators have been treated as entirely
separate. … they have much in common. Not
only do the usual implementations have many
shared characteristics, but this commonality
extends to the theoretical concepts on which
they are based”
-- Efrem G. Wallach, 1973
VMs (c) 2005, J. E. Smith
6
“Machines”




Different perspectives on
what the Machine is:
OS developer
Compiler developer
Application programmer
Application
Programs
Libraries
Operating System
Execution Hardware
Instruction Set
Architecture
Application
Binary
Program
Interface
Interface
••
•
•
ISA
API
ABI
Major
division
User
User ISA
ISA
++ library
OSbetween
calls
calls hardware
and software
System Interconnect
(bus)
I/O devices
and
Networking
VMs (c) 2005, J. E. Smith
Memory
Translation
Main
Memory
7
System Virtual Machines




Provide a system
environment
Constructed at ISA
level
Persistent
Examples: IBM
VM/360, VMware,
Transmeta Crusoe
guest
guest
process process
guest
process
guest
guest
guest
process process process
Guest OS
Guest OS2
VMM
VMM
HOST PLATFORM
virtual
network communication
VMs (c) 2005, J. E. Smith
8
Process Virtual Machines







Constructed at ABI level
Runtime manages guest
process
Guest processes may
intermingle with host
processes
Not persistent
As a practical matter, guest
and host OSes are often
the same
Dynamic optimizers are a
special case
Examples: IA-32 EL, FX!32,
Dynamo
guest
process
host
process
runtime
guest
process
guest
process
runtime
host
process
runtime
create
HOST OS
file sharing
VMs (c) 2005, J. E. Smith
Disk
network communication
9
High Level Language Virtual Machines


Raise the “ABI” level of abstraction
• User higher level virtual ISA
• OS abstracted as standard libraries
A form of process VM
HLL Program
HLL Program
Compiler front-end
Intermediate Code
Compiler
Portable Code
( Virtual ISA )
Compiler back-end
VM loader
Object Code
(ISA)
Virt. Mem. Image
VM Interpreter/Translator
Loader
Memory Image
Host Instructions
Traditional
HLL VM
VMs (c) 2005, J. E. Smith
10
The Virtual Machine Space
Process VMs
same ISA
Multi
programmed
Systems
Dynamic
Binary
Optimizers
System VMs
different
ISA
same ISA
Dynamic
Translators
Classic
OS VMs
Whole
System VMs
HLL VMs
Hosted
VMs
Co-Designed
VMs
VMs (c) 2005, J. E. Smith
different
ISA
11
Key Feature – State/Resource Mapping

VM SW can Re-map
logical to physical state
•
•
•
•
Via pointers or copying
Registers to registers
Registers to memory
Memory to disk
Host Registers
Host
Register
Space
Guest Registers
Runtime
Data
Runtime
Code
Guest Data
Host ABI
Address
Space
Guest Code
VMs (c) 2005, J. E. Smith
12
Key Feature – Emulation

Interpretation
•

Binary translation and code caching
•
•
•

Software loop decodes and dispatches each instruction
Translate blocks of instructions at a time
Hold translated blocks in code cache
With same-ISA scanning/patching is an alternative
Staged Emulation
•
•
Emulation techniques invoked in staged manner
Based on performance tradeoffs
VMs (c) 2005, J. E. Smith
13
Code Caches

Contain
•
•
•

Basic blocks
Superblocks (one entrance, multiple exits)
Optimized Superblocks
A base technology for many VMs
•
•
•
•
•
•
Dynamic binary translators: Intel IA-32 EL, Compaq FX!32
Dynamic binary optimizers: Dynamo family
Co-designed virtual machines: Transmeta, IBM DAISY
High performance Java virtual machines
System VMs with “inefficiently virtualizable” ISAs
“Sandboxing” secure VMs (x86 DynamoRIO)
VMs (c) 2005, J. E. Smith
14
Code Caching with Chaining

Chaining of blocks in code cache minimizes VM
overhead
Code Cache
Super
block
Dispatch
table
lookup
code
Super
block
Super
block
Super
block
VMs (c) 2005, J. E. Smith
15
Staged Emulation



An important part of many
VM implementations
Start
Profile
interpreting
to find
“hot”&code
Translate,
optimize
cache
regions
frequent code sequences
Interpreter
Profile Data
Binary Memory
Image
Code Cache
runtime
Translator/
Optimizer
VMs (c) 2005, J. E. Smith
16
Key Feature – VMM/Runtime Control

Interpretation
•
•

Binary translation and code caching
•
•
•

Fine grain control
Every dynamic instruction “inspected” before execution
Coarser grain control
Every static instruction inspected before execution
Jumps to VM SW can be inserted anywhere
Protection levels
•
•
•
Very coarse grain control
Every resource-related instruction trapped by protection system
Otherwise, use interpretation/translation techniques
Used in system VMs to manage resource mappings
VMs (c) 2005, J. E. Smith
17
VMM Resource Control in System VMs
Application

Traps and interrupts (& sys calls)
•
•
•

Transfer to VMM
VMM determines appropriate Guest OS
VMM transfers to Guest OS
Guest OS “return” to user app.
•
•
system call/trap
Guest OS
privileged operation
next instruction
Transfer to VMM
VMM bounces return back to Guest app.
virtual vector location:

Resource sensitive instructions
•
•
•
•
Trap to VMM
VMM checks correctness
VMM reads/modifies guest resource
Returns to Guest
VMM
check privileges
perform operation
return
vector location:
VMs (c) 2005, J. E. Smith
18
VMM as a Smart Interconnect

Two modes:
•
•

Execution mode
VM mode
After it gains control
•
•
VM SW can manage resources via state mapping
VM SW can alter/enhance functions via emulation
apps 2
OS 2
apps 2
OS 2
apps 1
apps 1
apps 1
OS 1
ISA 1
OS 1
OS 1
ISA 1
VMs (c) 2005, J. E. Smith
ISA 1
19
Security

Many security threats
•

Worms, viruses, Trojan horses, etc.
Typical attack – get access to privileged part of system
•
•
Often with little effort
Compromised passwords
“Easy” passwords
Mechanically repeated efforts
Exploit weakness in system software
Unchecked accesses to system data structures
Can get control in privileged state by causing overflows
VMs (c) 2005, J. E. Smith
20
Buffer Overflow
User Mode
User Mode
Supervisor Mode
Supervisor Mode
User invokes
system program
with faulty input that
causes buffer
overflow in stack
User invokes
system program
with normal input
System program
performs function
and returns to user
Return address in stack
clobbered due to
overflow. Vulnerable
system program peforms
function and returns to
illegal address
User performs
subsequent task
System
exception!
(a) Normal Input
(b) Faulty Input
VMs (c) 2005, J. E. Smith
21
Malicious Input – Intrusion
User Mode
Malicious user invokes
system program with
tailored input that causes
buffer overflow in stack
Supervisor Mode
Return address in stack
changed due to overflow.
Vulnerable system program
peforms function and returns to
user-specified address, e.g.
address of shell program
User gets full control of system
through shell program running
in supervisor mode
VMs (c) 2005, J. E. Smith
22
Intrusion Detection Systems

Isolation is not an option
•

Language-level checking
•
•

Increasing dependence on communication over networks
Java, MSIL – range- and type-checking
Legacy applications and legacy style not protected
Need for Intrusion Detection Systems (IDS)
•
•
•
Depend on knowledge of potential attacks
Network-based Intrusion Detection Systems (NIDS)
Host-based Intrusion Detection Systems (HIDS)
VMs (c) 2005, J. E. Smith
23
Host Intrusion Detection Systems

Directly examine activity on host
•
•


Knowledge of host operating system
Look for repeated attempts
To crack password
To access unauthorized files, etc.
HIDS has significantly better viewpoint
compared to NIDS
But HIDS can be disabled by attack
•
Or can provide misleading information
VMs (c) 2005, J. E. Smith
24
Monitoring and Recovering from Attacks

Importance of understanding attacks
•
•

To recover from an attack
To prevent future attacks
Logging
•
•
Save information about critical activity on system
Know the events that caused the failure
Save checkpoint of state of system
Reconstruct the attack from a known good state
VMs (c) 2005, J. E. Smith
25
Virtual Machines as a Sandbox


Fault containment important feature of VMs
VM Isolation helps in close examination of attack
•

Clone system that has been attacked for later analysis
Use VM as a “honey-pot”
•
Permit attacks that can be monitored
Production Virtual Machines
VM1
VM2
VM3
VM4
Virtual Machine Monitor
Hardware
VMs (c) 2005, J. E. Smith
26
Virtual Machine for Monitoring

Livewire system (Stanford)
• Separates IDS from VMM
• IDS configures the VMM to monitor activity at more
than the usual points
Signature of suspicious activity may be specified
• After initialization, IDS enters the picture only in
analyzing data from suspicious activity
• Feedback – suggest new monitoring based on analysis
E.g. monitor system call activity after repeated login
attempts
• May need knowledge of OS to analyze data, e.g. crash
dumps
VMs (c) 2005, J. E. Smith
27
Livewire IDS
IDS
Policy Engine
Guest Virtual
Machine
Policy Modules
Guest Apps
Config
File
Guest
OS
Metadata
Policy Framework
Command
Query
Response
OS Interface Library
Guest OS
Callback
Virtual Machine Monitor
Hardware
VMs (c) 2005, J. E. Smith
28
Policy Modules in Livewire

Polling modules
•
•
•

Lie detector module
VMM knows hardware state for each virtual machine
Lie detector compares this state to the state provided as
feedback from intruder
User program integrity detector module
Compare signatures of memory pages with saved signatures
Signature detector module
Scan memory with signature of known viruses, Trojan horse
programs, etc.
Event-driven modules
•
Memory access enforcer module
VMM intercepts attempts to change page access privileges
VMs (c) 2005, J. E. Smith
29
Dynamic Binary Rewriting

Program shepherding
•

Control execution of program
Prevent program from being attacked
Prevent program from being launching point for attacks
RIO System (MIT)
•
•
Based on Dynamo binary optimization system
Target of every control transfer instruction verified
Not to unauthorized locations
Only to safe locations
VMs (c) 2005, J. E. Smith
30
RIO Dynamic Binary Rewriting System
Indirect Branch
Lookup Routine
Basic Block Cache
Superblock Cache
Application Mode
RIO Mode
Dispatch Routine
START
Basic Block Builder

Superblock Selector
Two levels of translation
Quick translation (basic blocks)
• High performance translation (superblocks)
•

Security Checks
All code inspected during translation
• All control transfers are checked before caching/table placement
• Code cache and map table are protected
• Small performance loss
•
VMs (c) 2005, J. E. Smith
31
Migration of Computing Environments

Identical environment at any work location
•
•

Entire state of machine must be transported
•
•

When moving from one location to another
E.g. Home to work and back
Effect similar to carrying hardware back and forth
Physical security has to be taken care of
State of processor resources
For OS as well as applications
Includes active code and data
Concept of a capsule
•
Compressed information about entire system
Can be transported from one location to another
VMs (c) 2005, J. E. Smith
32

Encapsulation
simplified through
use of virtual
machines
Encapsulation has
the effect of
checkpointing
Suspend operation on
one platform and
resume execution at
exactly same point on
another platform
Apps1
Traditional Data
Migration
Data

Data
Virtual Computers
Apps2
OS1
OS2
Hardware 1
Hardware 2
Virtual Machine
Virtual Machine
•
Guest Apps
Guest OS
VM Migration
Guest Apps
Guest OS
Virtual Machine Monitor 1
Virtual Machine Monitor 2
Hardware 1
Hardware 2
VMs (c) 2005, J. E. Smith
33
VMotion (VMware)
VC Client
(User 1)

VC Client
(User 2)
Migration of virtual
machines in commercial
environment
•
•
•
•
•
•
Load balancing
Security, e.g. quarantine
attacked machine
Co-location
Fault-tolerance
Power management
Maintenance
VC Client
(User 3)
VC Management
Server
VCagent
VM1
VM2
VC Client
(User 4)
VC
Database
VCagent
VM3
VM4
hostA
VM5
VCagent
VM6
VM7
hostB
Data
Store
VMs (c) 2005, J. E. Smith
VM8
VM9
hostC
SAN
34
Migration Steps


Step 1: Ensure that VM is stable on current host
Step 2: Perform baseline copy
•


Step 3: Suspend VM on current host
Step 4: Perform final copy
•

Copy of current memory state and data
Send incremental capsule containing changes since baseline copy
Step 5: Activate VM on new host
VMs (c) 2005, J. E. Smith
35
Grids: Virtual Organizations
“Participants in P
can run Program A”
Virtual Organization P
“Participants in Q can
use idle cycles if
budget not exceeded”
Multidisciplinary design using
programs and data at multiple
locations
Virtual Organization Q
Ray Tracing using cycles provided
by cycle-sharing consortium
“Participants in P
can run Program B”
“Participants in P
can use Data D”
VMs (c) 2005, J. E. Smith
36
Comparison with Conventional VMs






Efficient utilization of resources
• Similar in motivation to original system VMs
Sharing of resources
• Grid concerned with sharing of content also
Not just sharing of resources
Distributed control
• Grid has global scope
Users negotiate with each other to share and use resources
Heterogeneous nodes
• Nodes in a grid may be different types of machines
Adaptation of applications
• Applications may need to be adapted for the grid
Portability of applications
• Conceptually similar to goals of HLL VMs
VMs (c) 2005, J. E. Smith
37
Role of System VMs in a Grid

Grid has to manage and schedule resources
•

However, grid has to deal with heterogeneity
•

Like an operating system
Accounting, for example, is dependent on
accounting policies of each grid participant
System VM-based approach
•
Treat a VM as the unit of transactions on a grid
Not tasks, or programs
( Figuieredo and Fortes)
VMs (c) 2005, J. E. Smith
38
System-VM Based Grid
Application Server
(Front End F)
Information
Service
V1
V2
V3
Vn
Virtual Machines
(Back End)
The Internet
User X
Physical ServerP
Image Server I
Data Server D
VMs (c) 2005, J. E. Smith
39
Advantages of SVM based Approach

User isolation
•
•

Platform independence
•

User specifies type of machine, not actual machine
Task management and accounting
•

Protect user from host and other users
Protect host from users
Simplifies allocation and accounting
Allocate based on compute requirements
Charge based on performance of VM
Portability
•
•
Allows applications to be written for execution on the widest
range of platforms
Eases encapsulation and migration of jobs between nodes
on grid; e.g. Java VMs can be migrated
VMs (c) 2005, J. E. Smith
40
Co-Designed Virtual Machines


Separate the hardware/software interface from the
ISA level of abstraction
Restore the ISA to its “natural” place
 as an Implementation ISA that reflects actual hardware

Support existing ISAs
 as a Virtual ISA


Let processor designers use both
hardware and software
A form of system VM
User Applications
Applications
User
libs.
libs.
OS
V-ISA
ISA
Software
I-ISA
Hardware
Hardware
VMs (c) 2005, J. E. Smith
41
Co-Designed VMs

Should be of interest to both architects and
micro-architects
•
•
•
•
Offers opportunities for performance, power saving,
fault tolerance and other implementationdependent features
Allows transcending conventional ISAs
IBM Daisy and Transmeta Crusoe
Don’t confuse them with VLIW!
“pioneers are the ones with arrows in their backs”
VMs (c) 2005, J. E. Smith
42
Architecture Issues: Concealed Memory
VM software resides in memory concealed from
all conventional software

concealed memory
Code
Cache
VM Code
ICache
Hierarchy
Processor
Core
VM Data
Source ISA Code
conventional
memory
Source ISA Data
DCache
Hierarchy
VMs (c) 2005, J. E. Smith
43
Another Way of Doing Things
conventional
Main Memory
Translation
Unit
(form uops)
Cache
Hierarchy
Processor
Pipeline
Func.
Unit
Func.
Unit
. ..
Func.
Unit
Main Memory
Software
dynamic translation
Func.
Unit
Translator
Code Cache
Cache
Hierarchy
Processor
Pipeline
. ..
Translation
Unit
(form uops)
Func.
Unit
VMs (c) 2005, J. E. Smith
44
Fused Instruction Set

Co-designed VM x86 implementation
•

Combine pairs of dependent instructions
•

For single “unit” for pipeline processing
Use VM software to
•
•
•

Shorten and simplify pipeline front-end
“Crack” x86 instructions into RISC-ops
Re-order RISC-ops
Reassemble into (new) fused pairs
Related: Pentium-M fuses in front-end
•
•
Using original x86 instructions
“Reduced Splitting” is more accurate description
VMs (c) 2005, J. E. Smith
45
Fusing Profile

About 50% of operations are fused
Only 5-10% of non-fused are single-cycle ALU ops
100%
90%
Percentage of Dynamic Instructions

80%
70%
60%
50%
ALU
40%
FP or NOPs
30%
BR
20%
ST
LD
10%
Fused
0%
VMs (c) 2005, J. E. Smith
46
Performance
M0: Base + Code Cache
M1:= M0 + fusing
M2:= M1 + shorter pipe
Macro-op:= M2 + 3-1 ALU
70
50
40
30
20
10
0
-10
16
4.g
zip
17
5.v
pr
17
6.g
cc
18
1.m
cf
18
6.c
raf
ty
19
7.p
ars
er
25
2.e
on
25
3.p
erl
bm
k
25
4.g
ap
25
5.v
ort
ex
25
6.b
zip
2
30
0.t
wo
lf
Ha
rm
on
ic
Nomarlized IPC speedup (%)
60
VMs (c) 2005, J. E. Smith
47
Summary

Many types of VMs
•

A smart interconnect component
•
•

But common implementation technologies
Should be studied/taught as a discipline on its own
Alongside OS, Application SW, HW
Many avenues for research
•
•
•
Lots of applications
Architecture meta-issues –
What features of OS, Applications, HW are
“VM friendly”?
E.g. Goldberg work in early 70s for system VMs
Primitives for supporting VMs
VMs (c) 2005, J. E. Smith
48