System virtualization has recently gained a resurgent interest and made system research more relevant. Evidences include many systems and innovations, as well as commercial successes. It is claimed that VMMs have become “the new foundation for system software”. Many system-related researches have been conducted in VMM layer due to its global view on system resources. Meanwhile, commercial pressures also push the improvement of VMM to support new business models and new applications.

Modern VMMs are partly derived from contemporary operating systems, e.g., reusing their code, and sharing their design decisions. Unfortunately, many of the design decisions “have remained unchanged, even as hardware and software have evolved”, thus are somewhat inadequate in the context of advances in modern architecture and programming languages. For example, the monolithic design using unsafe procedure-based languages (i.e. C) results in poor maintainability and robustness, while the use of global policies (including global data structures and locks) limits its scalability for large-scale processors

Ideally, we believe the following possibly absent but demanding features are demanding for modern VMMs to match their roles in software stack and satisfy business needs: scalability, customizability, extensibility && aintainability and Reliability. Unfortunately, these features are not fully satisfied by current VMMs.

To meet the above requirements, we believe that a reconstruction of modern VMM is necessary to suit the evolution of modern hardware and software techniques. Specifically, we believe the following language techniques could be helpful to remedy the situation. First, a type-safe language with verifiable extension can improve the code quality of VMMs by enabling formal verification and soundness analysis. Second, object-oriented and aspect-oriented design should be helpful to improve the customizability, extensibility and maintainability. Third, deliberate object management (e.g. clustered objects, cache-aware data dis- tribution and local locks) should be promising to improve the locality and scalability of VMMs. Finally, proper object replication and partition should be helpful to improve the fault containment of VMMs. The combination of language advances and VMMs results in our ongoing research VMM, namely OVM, aiming at satisfying the described features above.

“Good languages lead to good systems”. To build a robust VMM, language is thus a critical issue. Any replacement of C programming language in system software should not sacrifice its expressiveness and efficiency, which are critical for efficiently managing low level objects (e.g. page tables and segments). Also, it should retain programmers' custom and be easy to ascertain the correctness. Here, we choose to use Sing# which is an extension to Spec#. Spec# itself is an extension to Microsoft's C# which provides constructs for specifying program behavior(such as pre- and post-conditions).

To assist the static extension or adjustment of crossing-cutting code (such as logging and debugging), OVM also supports the use of aspect-oriented programming. While Sing# don't have existing support for aspects, aspects can be supported through language extensions or using features of the existing language to specify aspect behavior and cross cutting.

Performance Scalability. Two key elements in VMM scalability are good cache locality and less lock contention. To improve cache locality, a VMM should be designed to avoid possible false sharing. To reduce lock contention, a VMM should avoid the use of global locks and data structures. As a result, OVM widely adopts clustered objects, by which objects accessed by different processors are mapped to different physical addresses, yet in a uniform object-oriented interface. The adoption of clustered object can efficiently support object replication, migration and distribution, to minimize cache eviction and lock contention. Moreover, OVM avoids the use of global data structures and mostly relies on per-object locks. Large system objects are partitioned or replicated among processors to avoid access contention. Customizability. The adoption of object-oriented design naturally fits the requirement for customizability. OVM relies on inheritance and polymorphism to implement customizability. OVM provides a modular implementation for each system resource and control. One can provide various implementations of policies to manage system resources, under a uniform interface. To support runtime transformation among different policies, each implementation should provide a state trans forming function to transfer the resident state to a new instance. The means to customize the system thus mainly relies on changing different policies of each system resource. To efficiently resolve conflicts among various policies, we intend to provide a simple policy language as well as a tool to check the validity of an overall policy description. Extensibility and Maintainability. As with customizability, OVM also relies on inheritance and polymorphism to implement extensibility. Extending a VMM can be done via inheriting and extending existing objects. To assist dynamic extensions, OVM also supports dynamically downloading code into the VMM. The downloaded code is first verified by the VMM and then is relinked and relocatsed to the VMM. To assist the static extension or adjustment of crossingcutting code (such as logging and debugging) code, OVM also supports the use of aspect-oriented programming. Reliability. Using a type-safe language and software verification tool can significantly improve the robustness of the VMM. As the case for fault containment, OVM provides two levels of containment of failures: core-level and node level.

Figure 1. The general architecture of OVM.

Figure 1 shows the general architecture of the OVM systems. OVM is implemented in a modular manner to enable reuses of each modules. The detailed objects are not listed on due to space contraints. The base system contains several modules managing and virtualizing underlying processors and memory. Extensible modules such as inter-VM communication, security manager and fault-containment are built upon these basic modules. The Garbage collector manages object allocation and deallocation in OVM. The object adaptor controls the policies of each object. The object loader handles runtime extension of the VMM, which resembles module loader in Linux. All communications between the virtual machines and OVM are handled by the virtual machine interface. The virtual environment manager resides in a control virtual machine and provides an interface to customize and extend the VMM.

Figure 2. The compilation process of OVM and its modules.

Figure 2 depicts the compilation process of OVM and its modules. Code must first be preprocessed by Sing# weaver to transfer it to normal Sing# files, which are then applied with soundness analysis and verification by the verifying compiler. Then the code is compiled using Sing# compiler into OVM binary or linkable OVM modules. The modules can be dynamically loaded into a running OVM to take effect. The OVM linker validates the module by verifying the signature embedded in the module, which was signed by the verifying compiler.

Experiment Results:

The development of OVM is ongoing.

Advances in languages, compilers and hardware make it possible and demanding to improve system software. In this project, we have argued that object-oriented design, aspect-oriented design, type-safe and verifiable language extension could be helpful to address various issues of modern VMMs, to suit their new role in the software stack. We have also argued that applying software innovations to VMMs is both practical and cost-effective, due to its medium code size and little backward compatibility issues. To demonstrate the effect and applicability, we have discussed how specifically language innovations are useful in improve the scalability, customizability, extensibility, maintainability and reliability of VMMs. As an initial effort to applying language innovations to VMMs, we have presented the initial design of the OVM, our ongoing research OVM aiming at combining innovations in languages, compilers and systems.

• When OO Meets System Software: Rethinking the Design of VMMs. Haibo Chen, Pengcheng Liu, Rong Chen and Binyu Zang. Parallel Processing Institute Technical Report, Number: FDUPPITR-2007-08003, Fudan University, July, 2007. [pdf][bib][ppt]

We thank the singularity team of Microsoft for tools of Sing#, we also thank the members of system research group in parallel Processing Institute for their hard working and suggestions.