COMP 3000 2012 Week 12 Notes
Virtualization is an over used word. Learn it in context.
- exmaples include: JVM, VMware, virtual private server
We'll use the JVM as an example.
- multi threaded process(es) on system.
- Runs Java Bytecodes
- Java is compiled to bytocodes
- close to machine code
- contains more than jsut machine code mappings.
- platform independent
- Traditional bytecode execution: table lookup. Find machine code mappings on table
- Modern bytocode interpreters:Uses a JIT compiler.
Just in time compiler:
- compiles the bytecodes into machine code on the fly.
- feedback directed optimization: run time optimization on the fly. Only compiles what's needed.
- the longer the program runs, the more it'll be optimized adn the faster it'll get
- startup is slow though. More overhead.
- Experimental system: Dynamo for PA-RISC: Experimental system for JIT compilation on chips. YOu could run PA-RISC code on both the chip and a software JVM. Surprisingly, it ran faster on software due to on the fly optimizaton
JIT compilation and other such trickery allow programs written in high level languges to run almost as fast as lower lever languages. If someone says the opposite, tell them to shove it.
VPS (virtual private servers)
- many OSes working with a hypervisor. All OSes are separate. They all have their own userlands.
- can have many different OSes on one systems. Heterogeneous OSes.
OS virtualisation (Jails (BSD), Containers (SOlaris), Vserver(Linux))
- One kernel, many userlands.
- Every userland is rooted at a different directory (/randomdir/), not at the root directed (/)
- chroot environment
- Only runs one OS
- Much lighter weight than traditional hardware virtualisation
- difference between this and multiple users? Every instance has it's own root user that controls that instance. Tradition *nix installations have one root.
- Open source
- Written before HW virtualisation
- implemented using paravirtulisation
- modifythe OS kernel to use hypervisor for the CPU , memory and privileged operations
- to run Xen on an older box, you need to special version of the linux kernel that use paravirtulisaton
- All OSes are divided in domains (Dom 0, Dom 1, Dom 2, etc). Dom 0 is an admin type dom. The rest are "user doms". Dom U's.
- Device drivers are loaded into Dom0. Whenever they other OSes (DomU) need to use a device, they connect to the zen ssytem whicch routes the call to Dom 0 which uses the hardware.
- All complexity is kept in Dom 0. All I/O goes there.
- Keeps the hypervisor (xen) small.
- DOM 0 is very closely linked to the hypervisor. When you install xen, it modifies the Dom 0's kernel to have it merge with the hypervisor
- user is a programmer
- therefor, programs have the priviledges of the user
- user is consumer
- apps have certain priviledges
- resources are shared, but they're super restricted. Only "Apple" can let you use these services.
- a program can't access systems files, or most facilities
- programs are virtualised in "jails"
- similar to OS virtualisation (see VPSes)
- jailbreaking allows programs to access files locally on the desktop
- similar to converting an app to a desktop program
- removing much security
- Write programs in a Java variant that compiles to the Dalvik JVM (one per process).
- you can call in C/C++ libraries (ex. the webkit library)
- android does not have jails.
- Android permissions control an app's capabilities ("SD card, Phone State, GPS, Interweb access")
- These are all "IPC/File restrctions"
- Any IPC happens happens with the "System Server" instead of the kernel
- Every app is it's own user. This allows us to use typical linux permissions with an app
- Rooting just install's sudo access for apps
- android is designed to use current linux constructs in a way that limits a program's privileges
- intents -> custom IPC
- every resource (physical or otherwise) is a service (keyboards, sound player, etc)
- intents declare what you want to access. The system server receives and dispatches the request to the appropriate resource
- binders -> sharing virtual memory for short periods for IPC
Windows Mobile uses a similar security model to that of Android's.
Windows 8 is a passionate "hate"-child of M$'s Office and OS divisions. This is what happens when you have competing interests but are joined at the hip. See Organizational Design