Unit-5

Virtual Machines and Mobile OS

Syllabus: Virtual Machines – History, Benefits and Features, Building Blocks, Types of Virtual
Machines and their Implementations, Virtualization and Operating-System Components; Mobile
OS - iOS and Android.

Virtual Machines
• The main idea is that a VMM (Virtual Machine Monitor) creates the illusion of multiple
(virtual) machines on the same physical hardware

• A VMM is also known as a hypervisor

• Type 1 hypervisors which run on the bare metal

• Type 2 hypervisors that may make use of all the wonderful services and abstractions
offered by an underlying operating system

• Virtualization allows a single computer to host multiple virtual machines, each

potentially running a completely different operating system

Requirements for Virtualization

Hypervisors should score well in three dimensions:

1. Safety: the hypervisor should have full control of the virtualized resources

2. Fidelity: the behavior of a program on a virtual machine should be identical to that of the
same program running on bare hardware

3. Efficiency: much of the code in the virtual machine should run without intervention by
the hypervisor

Benefits and Features

• Virtualization help organization reduce unnecessary hardware machines such as servers

• A failure in one virtual machine does not bring down any others

• Different servers can run on different virtual machines, thus maintaining the partial-
failure model that a multicomputer has, but at a lower cost and with easier maintainability

• Can run multiple different operating systems on the same hardware

• Benefit from virtual machine isolation in the face of attacks

 • Saves money on hardware and electricity and takes up less rack space

• Checkpointing and migrating virtual machines (e.g., for load balancing across multiple
servers) is much easier than migrating processes running on a normal operating system

• Run legacy applications

Example: Cloud

The key idea of a cloud is straightforward: outsource your computation or storage needs
to a well-managed data center run by a company specializing in this and staffed by
experts in the area

History

• Virtual machines first appeared commercially on IBM mainframes in 1972.

• Virtualization was provided by the IBM VM operating system.

• IBM VM370 divided a mainframe into multiple virtual machines, each running its own
operating system.

• A major difficulty with the VM approach involved disk systems. Suppose that the
physical machine had three disk drives but wanted to support seven virtual machines.

• Clearly, it could not allocate a disk drive to each virtual machine. The solution was to
provide virtual disks— termed minidisks in IBM’s VM operating system.

• The minidisks are identical to the system’s hard disks in all respects except size.

• The system implemented each minidisk by allocating as many tracks on the physical
disks as the minidisk needed.

• Once the virtual machines were created, users could run any of the operating systems or
software packages that were available on the underlying machine.

• For the IBM VM system, a user normally ran CMS—a single-user interactive operating
system.

• For many years after IBM introduced this technology, virtualization remained in its
domain.

• Most systems could not support virtualization.

 • However, a formal definition of virtualization helped to establish system requirements
and a target for functionality.

• The virtualization requirements stated that:

1. AVMM provides an environment for programs that is essentially identical to the

original machine.

2. Programs running within that environment show only minor performance decreases.

3. The VMM is in complete control of system resources.

• These requirements of fidelity, performance, and safety still guide virtualization efforts
today.

• By the late 1990s, Intel 80x86 CPUs had become common, fast, and rich in features.

• Accordingly, developers launched multiple efforts to implement virtualization on that

platform.

• Both Xen and VMware created technologies, still used today, to allow guest operating
systems to run on the 80x86.

• Since that time, virtualization has expanded to include all common CPUs, many
commercial and open-source tools, and many operating systems.

• For example, the open-source VirtualBox project (http://www.virtualbox.org) provides a

program than runs on Intel x86 and AMD64 CPUs and on Windows, Linux, Mac OS X,
and Solaris host operating systems.

• Possible guest operating systems include many versions of Windows, Linux, Solaris, and
BSD, including even MS-DOS and IBM OS/2.

Building Blocks
1. Trap and Emulate

• Problem with VMM is that guest OS expects to have unrestricted access to hardware,
runs privileged instructions, unlike user processes. But one guest cannot access, must be
isolated from other guests.

• All CPUs have multiple privilege levels. There is ring 0,1,2,3 in x86 CPUs. Normally,
user process in ring 3 and OS in ring 0. Privileged instructions only run in ring 0. So,
guest OS must be protected from guest apps. But not fully privileged like host OS/VMM.
It is in ring 1.
• Trap and emulate VMM: Guest OS runs at lower privilege level than VMM, traps to VMM
for privileged operation.

• When the kernel in the guests attempt to execute a privileged instruction, that is an error
because the system is in user mode and causes a trap to the VMM in the real machine. The
VMM gains control and executes the action that attempted by the guest kernel on the part
of the guest. It then returns control to the virtual machine. This is called the trap and
emulate method.

• All non-privileged instructions run natively on the hardware, providing the same
performance for guests as native applications. Privileged instructions create extra
overhead, however, causing the guest to run more slowly than it would natively.

• Drawback

o Guest OS may realize it is running at lower privilege level

o Some x86 instructions which change hardware state , run in both privileged
and unprivileged modes

2. Binary Translation

• Binary translation could be dynamic or static

•
• Static binary translation means using a processor to translate an image from an
architecture to another before execution

• In Dynamic binary translation individual instructions or group of instructions are

translated and the translation is cached to allow reuse in iterations without repeated
translation

• In binary translation the virtualization layer sits at CPU privilege level 0

• The guest OS system were supposed to run on level 0 but since virtual layer occupies that
level, it moves guest OS execution at privilege level 1 and leaves user applications at
level 3

• The non virtualizable kernel code of the guest OS is translated by virtual layer into new
sequences of instructions that have intended effect on virtual hardware

• User code is directly executed on the CPU for high performance

3. Hardware assisted virtualization

• In hardware assisted virtualization the virtual layer sits in a new root mode privilege level
under level 0

• Guest OS privileged and sensitive calls are set to auto trap to the hypervisor while user
request are executed directly to the CPU for high performance

• IO is another area improved by hardware assistance

Types of Virtual Machines and their implementations
Type 0 Hypervisor

• Type 0 hypervisors have existed for many years under many names, including
“partitions” and “domains”.

• They are a hardware feature, and that brings its own positives and negatives.

• Operating systems need do nothing special to take advantage of their features.

• The VMM itself is encoded in the firmware and loaded at boot time. In turn, it loads the
guest images to run in each partition.

• The feature set of a type 0 hypervisor tends to be smaller than those of the other types
because it is implemented in hardware.

• For example, a system might be split into four virtual systems, each with dedicated
CPUs, memory, and I/O devices.

• Each guest believes that it has dedicated hardware because it does, simplifying many
implementation details.

Type 1 Hypervisor

• Type 1 hypervisors are commonly found in company data centers and are in a sense
becoming “the data-center operating system.”
 • They are special-purpose operating systems that run natively on the hardware, but rather
than providing system calls and other interfaces for running programs, they create, run,
and manage guest operating systems.

• In addition to running on standard hardware, they can run on type 0 hypervisors, but not
on other type 1 hypervisors.

• Whatever the platform, guests generally do not know they are running on anything but
the native hardware.

• Type 1 hypervisors run in kernel mode, taking advantage of hardware protection.

• Where the host CPU allows, they use multiple modes to give guest operating systems
their own control and improved performance.

• They implement device drivers for the hardware they run on, because no other
component could do so.

• Because they are operating systems, they must also provide CPU scheduling, memory
management, I/O management, protection, and even security.

• Frequently, they provide APIs, but those APIs support applications in guests or external
applications that supply features like backups, monitoring, and security

Type 2 Hypervisor

• Type 2 hypervisors are less interesting to us as operating-system explorers, because

there is very little operating-system involvement in these application level virtual
machine managers.

• This type of VMM is simply another process run and managed by the host,.

• The operating system running on top of the hypervisor in both cases is called the guest
operating system.

• For a type 2 hypervisor, the operating system running on the hardware is called the host
operating system.

• Type 2 hypervisor on the x86 market was VMware Workstation.

• Type 2 hypervisors, sometimes referred to as hosted hypervisors, depend for much of their
functionality on a host operating system such as Windows, Linux, or OS X.
• When it starts for the first time, it acts like a newly booted computer and expects to find a
DVD, USB drive, or CD-ROM containing an operating system in the drive. This time,
however, the drive could be a virtual device.

• For instance, it is possible to store the image as an ISO file on the hard drive of the host and
have the hypervisor pretend it is reading from a proper DVD drive. It then installs the
operating system to its virtual disk (again really just a Windows, Linux, or OS X file) by
running the installation program found on the DVD.

• Once the guest operating system is installed on the virtual disk, it can be booted and run.

• The various categories of virtualization are summarized in the table below for both type 1
and type 2 hypervisors. For each combination of hypervisor and kind of virtualization, some
examples are given.

Paravirtualization

• A different form of virtualization is known as paravirtualization

• It is quite different from full virtualization, because it never even aims to present a
virtual machine that looks just like the actual underlying hardware

• It is a type of virtualization in which guest OS is recompiled , installed inside a virtual

machine and operated on top of a hypervisor program running on the host OS.

• It involves modifying the OS kernel to replace non-virtualizable instruction with hyper

calls that communicate directly with the virtualization layer hypervisor.

• In paravirtualization, the virtual machine does not necessarily simulate hardware but
instead offers a special API that can only be used by modifying the guest OS.
 • The system call to hypervisor is called hypercall.

Programming-Environment Virtualization

• Another kind of virtualization, based on a different execution model, is the virtualization

of programming environments.

• Here, a programming language is designed to run within a custom-built virtualized

environment.

• For example, Oracle’s Java has many features that depend on its running in the Java
virtual machine (JVM), including specific methods for security and memory
management.

Emulation

• This method works relatively efficiently because the applications were compiled for the
same instruction set as the target system uses.

• Emulation is useful when the host system has one system architecture and the guest
system was compiled for a different architecture.

• Emulation can increase the life of programs and allow us to explore old architectures
without having an actual old machine.

Application Containment

• If the applications are all compiled for the same operating system, then we do not need complete
virtualization to provide these features. We can instead use application containment.

• Consider one example of application containment. Starting with version 10, Oracle Solaris has
included containers, or zones, that create a virtual layer between the operating system and the
applications. In this system, only one kernel is installed, and the hardware is not virtualized.
Rather, the operating system and its devices are virtualized, providing processes within a zone
with the impression that they are the only processes on the system. One or more containers
can be created, and each can have its own applications, network stacks, network address and
ports, user accounts, and so on. CPU and memory resources can be divided among the zones
and the system-wide processes. Each zone in fact can run its own scheduler to optimize the
performance of its applications on the allotted resources. Figure shows a Solaris 10 system
with two containers and the standard “global” user space.
Virtualization and Operating system components
1. CPU Scheduling

2. Memory management

3. IO management

4. Storage management

5. Live migration

CPU Scheduling

• After virtualization, single CPU act like multiprocessor.

 • Here one or more virtual CPUs per guest is created.

• The VMM has number of physical CPUs available and a number of threads to run on
those CPUs and are called VMM threads or guest threads.

Memory management

• Each virtual machine consumes memory based on its configured size and additional
overhead memory for virtualization

• Since hypervisor manages page sharing, the virtual machine OS are unaware of what is
happening in the physical system

• Virtual memory ballooning is a computer memory mechanism technique used by a

hypervisor to allow the physical host system to retrieve unused memory from certain
guest VMs and share it with others.

• Memory ballooning allows the total RAM required by guest VMs to exceed the amount
of physical RAM available on the host.

• When the host system runs low on physical RAM resources, memory ballooning
allocates it selectively to VMs.

IO management

• Virtualization take advantage of dynamically loaded and unloaded device driver by

providing specialized virtualized devices to guest OS.

• With virtualization, each guest needs atleast one IP address for communication.

• So, server running a VMM may have dozens of addresses and the VMM acts as a virtual
switch to route the network packets to the addressed guests.

• VMM provide address translation to hide its address

Storage management

• Both boot block and general data access need to be provided by VMM

• In type 1 hypervisor, storage guest root disk and configuration information within file
system provided by VMM as disk image

• Type 2 hypervisor store as files in file system provided by host OS.

• Guest OS sometimes need more disk space than available in their root disk image.
 • VMM provide a mechanism to capture a physical system as it is currently configured and
convert it to a guest that the VMM can manage and run

o Physical to virtual convert native disk blocks to VMM format

o Virtual to physical convert virtual format to native or disk format

Live migration

• Live migration provides the ability to move a virtual machine between host with no
interruption to service

• Figure below shows live migration of guest between servers.

The VMM migrates a guest via the following steps:

1. The source VMM establishes a connection with the target VMM and confirms that it is
allowed to send a guest.

2. The target creates a new guest by creating a new VCPU, new nested page table, and other state
storage.

3. The source sends all read-only memory pages to the target.

4. The source sends all read-write pages to the target, marking them as clean.
5. The source repeats step 4, as during that step some pages were probably modified by the guest
and are now dirty. These pages need to be sent again and marked again as clean.

6. When the cycle of steps 4 and 5 becomes very short, the source VMM freezes the guest, sends
the VCPU’s final state, sends other state details, sends the final dirty pages, and tells the target to
start running the guest. Once the target acknowledges that the guest is running, the source
terminates the guest.

MOBILE OS –ANDROID
• The Android operating system was designed by the Open Handset Alliance (led primarily
by Google) and was developed for Android smartphones and tablet computers

• Android runs on a variety of mobile platforms and is open-sourced, partly explaining its
rapid rise in popularity

• The structure of Android appears in Figure

• Android is a relatively new operating system designed to run on mobile devices

• It is based on the Linux kernel—Android introduces only a few new concepts to the
Linux kernel itself, using most of the Linux facilities you are already familiar with
(processes, user IDs, virtual memory, file systems, scheduling, etc.) in sometimes very
different ways than they were originally intended
 • A large amount of the Android operating system is written in a high-level language, the
Java programming language.

• The kernel and a large number of low level libraries are written in C and C++

Android and Google

• Android is an unusual operating system in the way it combines open-source code with
closed-source third-party applications

• The open-source part of Android is called the Android Open-Source Project (AOSP)
and is completely open and free to be used and modified by anyone

• Google implemented Android to be able to support a wide variety of proprietary cloud

services, with Google’s extensive set of services being representative cases: Gmail,
calendar and contacts sync, cloud-to-device messaging, and many other services, some
visible to the user, some not

• When it comes to offering compatible apps, the most important service is Google Play

• Google Play uses two main mechanisms to ensure compatibility.

– The first and most important is requiring that any device shipping with it must be
a compatible Android device as per the CDD (Compatibility Definition
Document)

Google Play must know about any features of a device that an application requires so the
application is not made available on devices that lack those features

Design Goals

A number of key design goals for the Android platform evolved during its development:

1. Provide a complete open-source platform for mobile devices

2. Strongly support proprietary third-party applications with a robust and stable API

3. Allow all third-party applications, including those from Google, to compete on a level
playing field

4. Provide an application security model in which users do not have to deeply trust third-
party applications

5. Support typical mobile user interaction: spending short amounts of time in many apps
 6. Manage application processes for users, simplifying the user experience around
applications so that users do not have to worry about closing applications when done with
them

7. Encourage applications to interoperate and collaborate in rich and secure ways

8. Create a full general-purpose operating system

Android Architecture

• Android is built on top of the standard Linux kernel, with only a few significant
extensions to the kernel itself

• As in a traditional Linux system, Android’s first user-space process is init, which is the
root of all other processes

Figure below illustrates the basic process structure of Android

• First is the init process, which spawns a number of low-level daemon processes

• One of these is zygote, which is the root of the higher-level Java language processes

• The first process zygote always starts is called system server, which contains all of the
core operating system services

• Key parts of this are the power manager, package manager, window manager, and
activity manager

• Applications interact with the operating system through calls to libraries provided by it,
which together compose the Android framework
 • Figure below shows the typical design for Android framework APIs that interact with
system services, in this case the package manager

Linux Extensions

1. Wake Locks

Power management on mobile devices is different than on traditional computing systems, so

Android adds a new feature to Linux called wake locks (also called suspend blockers) for
managing how the system goes to sleep

An idle CPU, however, is not the same thing as true sleep. For example:

1. On many chipsets the idle state uses significantly more power than a true sleep state

2. An idle CPU can wake up at any moment if some work happens to become available,
even if that work is not important

3. Just having the CPU idle does not tell you that you can turn off other hardware that
would not be needed in a true sleep

Wake locks on Android allow the system to go in to a deeper sleep mode, without being tied to
an explicit user action like turning the screen off

2. Out-Of-Memory Killer
 • Linux includes an ‘‘out-of-memory killer’’ that attempts to recover when memory is
extremely low

• With paging and swap, it is rare for applications themselves to see out-of-memory
failures

Dalvik

• Dalvik implements the Java language environment on Android that is responsible for
running applications as well as most of its system code

Binder IPC

• Android’s Binder interprocess communication mechanism is a rich general purpose IPC

facility that most of the Android system is built on top of

Android provides a set of core applications

1. Email client

2. SMS program

3. Calendar

4. Maps

5. Browser

6. Contacts and etc.

Application framework

• Offers developers the ability to build rich and innovative applications

• Developers have full access to same framework APIs used by core applications

• Content providers enable applications to access data from other applications or to share
their own data

• A resource manager provides access to non-code resources such as localized strings,

graphics and layout files.

• A notification manager enables all applications to display custom alerts in the status bar

• An activity manager manages the lifecycle of applications and provides a common

navigation backstack.
 Libraries used in Android

• A set of C/C++ libraries used by various components of Android system

• System C library : Tuned for embedded Linux-based services

• Media Libraries: Based on PacketVideo’s OPENCORE, the libraries support playback

and recording of many popular audio and video formats as well as static image files

• Surface Manager: Manages access to the display subsystem and seamlessly composites
2D and 3D graphic layers from multiple applications

• LibWebcore: A modern web browser engine which powers both the Android browser and
an embeddable web view

• SGL/3D libraries: SGL underlying 2D graphics engine

• SQLite : A powerful and lightweight relational database engine available to all

applications

Android File Management

• Android uses a file system that's similar to disk-based file system on other platforms

• All Android devices have two file storage areas: Internal and External storage

• The superblock is the key for maintaining file system. It is an 8KB block of disk space
that maintains current status of the file system

ODEX File

• In Android file system, applications come in packages with the extension .apk

• These application packages or APKs contain certain .odex files whose supposed function
is to save space
 • odex files are actually collections of parts of an application that are optimized before
booting

• Doing so speeds up boot process, as it preloads part of an application

DEODEX

• Deodexing is basically repackaging of these APKs in a certain way, such that they are
reassembled into classes.dex files

• All pieces of an application package are put together back in one place

SQLite

• SQLite is an open source embedded database based on SQL.

• The design goal of SQLite is to allow the programs to be operated without database
installation or administration

• Android comes in with built in SQLite database implementation

• SQLite database allows methods to open the database connection, perform queries and
query updates and close the database

android.database.sqlite classes are as follows

1. SQLiteCloseable : An object created from SQLiteDatabase that can be closed

2. SQLiteCursor: A cursor implementation that exposes results from a query on a

SQLiteDatabase

3. SQLiteDatabase: Exposes methods to manage a SQLite database

4. SQLiteOpenHelper: A helper class to manage database creation and version management

5. SQLiteProgram: A base class for compiled SQLite programs

6. SQLiteQuery: A SQLite program that represents a query that reads the resulting rows in
CursorWindow

7. SQLiteQueryBuilder: A convenience class that helps build SQL queries to be sent to

SQLiteDatabase objects

8. SQLiteStatement: A pre-compiled statement againt SQLiteDatabase that can be reused

iOS
 • iOS was designed to run on Apple iPhone and iPad mobile devices

• iOS is structured on the Mac OS X operating system, with added functionality pertinent
to mobile devices

• The structure of iOS appears in Figure below

iOS Architecture

• Cocoa Touch is an API for Objective-C that provides several frameworks for developing
applications that run on iOS devices

• Cocoa Touch provides support for hardware features unique to mobile devices, such as
touch screens

• The media services layer provides services for graphics, audio, and video

• The core services layer provides a variety of features, including support for cloud
computing and databases
 • The bottom layer represents the core operating system, which is based on the kernel
environment

Cocoa Touch Layer

• Contains key framework for building iOS apps

• It contains the following framework for iPhone App development

o UI Kit framework

o Map Kit framework

o Push notification service

o Message UI framework

o Address book UI framework

o Game Kit framework

o iAd framework

o Event Kit UI framework

o Account framework

o Twitter framework

Media Layer

• To provide iOS with audio, video, animation and graphics capabilities

• Media Layer contains the following frameworks

o Core video framework

– Provides buffering support for the core media framework

o Core text framework

– C-based API designed to ease the handling of advanced text layout and
font rendering requirements

o Image IO framework

– Facilitate the import and export of image data

 – It supports wide range of image formats including PNG, JPEG, TIFF and
GIF

o Assets library framework

– Provides a mechanism for locating and retrieving videos and photo files
located on the device

– It allows new photos and videos to the standard device photo album

o Core graphics framework

– Provides light weight 2D rendering engine

– Features of this framework include PDF format creation and presentation,

vector-based drawing, transparent layers, path-based drawing, anti-aliased
rendering, color manipulation and management, image rendering and
gradients.

o Core image framework

– Provides a set of video and image filtering and manipulation capabilities for
application developers

o Quartz core framework

– Provides animation capabilities

– Provides foundation for majority of visual effects and animation used by UIkit
framework

– Provides an objective C based programming interface for creation and

specialized animation within iPhone apps

o OpenGL ES framework

– Provides full openGL specification for 2D and 3D drawings

o GLKit framework

– Designed to ease the task of creating OpenGL ES based application

o NewsstandKit framework
 – Intended as a central location for users to gain access to newspapers and
magazines

o iOS audio support

– Capable of supporting audio in AAC, ALAC, A-law, IMA/ADPCM, Linear

PCM etc

o AV foundation framework

– Designed to allow playback, recording and management of audio content

Core Service Layer

• Contains individual technologies to support features such as location, iCloud, social

media and networking

• Features

o Peer-to-peer services

o iCloud storage

o Automatic reference counting

o Block objects

o Grand central dispatch

o In-App purchase

o SQLite

o XML support

o File sharing support

o Data protection

• Core Service Layer contains the following frameworks

o Address book framework

– Provides programmatic access to the iPhone address book contact

database allowing applications to retrieve and modify contact entries
 o CFNetwork framework

– Provides C-based interface to the TCP/IP networking protocol stack and

low-level access to BSD sockets

– Enables application code to be written that works with HTTP, FTP and
domain name servers

– Establish secure and encrypted connections using Secure Socket Layer

(SSL) or Transport Layer Security (TLS)

o Core Data framework

– Ease the creation of data modelling and storage in Modelling-View

Controller (MVC) based applications

o Core foundation framework

– Provides basic functionality such as data types, string manipulation, raw

block data management, URL manipulation, threads and run loops, date
and times, basic XML manipulation and port and socket communication

o Core Telephony framework

– Allow application to interrogate the device for information about the

current cell phone service provider and to receive notification of telephony
related events

o EventKit framework

– An API designed to provide applications with access to calendars and

alarms on the device

Core OS Layer

• Contains low level features that most other technologies are built upon

• Provides variety of services including low level networking, access to external

accessories and usual fundamental OS services such as memory management, file system
handling and threads

• Core OS Layer contains the following frameworks

o Accelerate framework

– Contains interface for performing DSP, linear algebra and image

processing calculations
o External accessory framework

– Provides the ability to interrogate and communicate with external

accessories connected physically to the iPhone via 30-pin connector or
wirelessly via Bluetooth

o Security framework

– Provides all the security interfaces that can connect to external networks
including certificates, public and private keys, trust policies, key chains,
encryption, digests and HMAC

o Core Bluetooth framework

– Allows developers to interact specifically with Bluetooth Low-energy

accessories