学步园

About Virtual Machine

 

 

 

 

By  Eric Kohlbrenner

Dana Morris

Brett Morris

 

 

 

 

From: Core of Information Technology

Date:2005-4-1                     

Editor: Herry

Introduction

The concept of virtual machines is not new to the computer world, it is however a concept that not many people knows about or understand. If you are a typical computer user and you use the Internet to browse the World Wide Web, then you have probably interacted with a virtual machine, that being the Java virtual machine. Now, other than this virtual machine that most computer users use transparently, you are probably wondering why you should care about virtual machines, no?

Well, virtual machines are a concept that is used quite often in the computing world to solve very important problems, but often these are transparent to you as the user because virtual machines are typically used within programs and operating systems that users use everyday. Some of these problems include: sharing the same hardware among many programs by partitioning the hardware, allowing software to be "portable" between various operating systems, as well as running older software on a newer computer. All of these uses of virtual machines are very important to the way that we compute today.

All of these uses of virtual machines are very important to the way that we compute today.

As you read on, we will attempt to show you how virtual machines help to solve these important problems, and therefore why they are an important piece of computers today.

When trying to explain the concept of virtual machines, it is first necessary to understand the meaning of the term virtual. Virtual is a term that originally came from optics, to understand objects in a mirror. Objects in a mirror are reflections of an actual physical object but mirrors are not actually that object. This means that the image looks exactly like the actual object and looks to be in the same location. Virtual has evolved to describe pretty much anything that is a simulation of a real object nowadays, with terms like virtual memory, virtual disks, and virtual reality. We use the term Virtual when talking about virtual machines because we would like our virtual machine to look and behave exactly like the real machine. This means the virtual machine is not really the actual machine, but behaves exactly like the actual machine.

Now, in defining the term virtual, we have used the term simulation. A simulation is something that imitates something else. A good example of a modern day application of a simulation is used in the training of Air Force and Marine pilots. Pilots are trained on flight simulators; computer based machines that look like the cockpit of a jet plane. This machine gives the pilot the look and feel of actually flying a real jet plane, without ever having to leave the ground. This simulator imitates everything from the actual maneuverability of the plane, to the effect of wind and weather conditions on flying the plane. In essence, the simulator allows the pilot to have all of the facilities and feelings of flying a real jet plane from the safety of the ground.

A simulation is something that imitates something else.

This concept of simulation, or imitating another object has been carried over into the design of computer systems. Although there are many incarnations of virtual machines, at its most basic, a virtual machine is the appearance of a machine that is not actually there. This is of course a very general definition and not a very clear one, but bear with us.

Let us now think about the concept of a machine in general. All machines have one thing in common, whether that machine is a refrigerator, a VCR, or a computer; they all have a certain set of instructions that they are designed to carry out. These instructions make up an instruction set. An instruction set for any machine can be thought of as a box of Legos, where these Legos are put together to form a whole object. With machines, these Legos are instructions, and they are used to tell a machine what to do, or what tasks to perform.

With virtual machines, the virtual really refers to these sets of instructions. There are many types of virtual machines, but the common theme between them is the idea of simulating an instruction set. Each virtual machine uses a virtual instruction set which the user has access to, and then the virtual machine "maps" these virtual instructions to the real instruction set of the computer. This mapping is demonstrated in Figure 1.1 below.

There are four major schools of thought in the virtual machine world. The first is a nearly one-to-one mapping, represented by the IBM virtual machine model. The second lineage consists of a mapping of every instruction in the machine with a virtual instruction, represented by the Java virtual machine. The UNIX virtual machine model and the OSI virtual machine model represent the final two models we will cover. These models map some of the instructions directly, while some others are calls to the operating system’s functions directly.

 

 

 

 

The History of Virtual Machines

In today’s computing world the concept of the virtual machine has been used to solve many problems. From partitioning the machine (The IBM model), to creating a semi-platform independent programming language (The Java model), to creating operating systems (The UNIX model and The OSI model), the concept of virtual machines has proven to be a powerful tool in shaping today’s computer. However, this idea was not always clear to everyone and it was not until the mid 1960s that this idea was put into practice.

Around 1965 the researchers at IBM were attempting to measure the actual effectiveness of some new ideas in the computer science field. The researchers needed a way to shut off these new features so they could measure the performance of the machine with the options both on and off. These researchers were based at the IBM Yorktown Research center. They devised a scheme where they needed to be able to partition the machine into "smaller pieces". These pieces needed to be able to manage their own resources so that the researchers could test many different conditions in the system at the same time without altering the other "pieces" of the system. They believed an implementation as a virtual machine could work extremely well for this experiment.

After this experiment, IBM eventually went on and developed an implementation of its notion of a virtual machine and began selling it as a real world Operating System for multiple user environments. Many businesses and universities use this Operating System because it allows them to share the power and resources available on their mainframe computers with many people. Each user has his/her own virtual machine that they work within, thereby sharing the resources with every other user without affecting those other users. This machine is now known as the IBM System 370 (S/370) and the IBM System 390 (S/390). These machines make use of the IBM VM/ESA operating system and are collectively referred to as IBM’s VM lineage.

This implementation of virtual machines has proven to be quite powerful, as it is a machine that is still being sold today. The idea of virtual machines has since been used to solve many other computing problems. Problems such as computer program portability and operating system design. One of the first implementations to utilize virtual machines to address these problems was the UNIX operating system.

The UNIX operating system was spawned from a paper published, in 1974, by Denise Richie and Ken Thompson of Bell Labs. Their idea for the UNIX operating system was quickly adapted in PDP-11 computers used in universities. From universities it was quickly spread to the commercial computer industry by graduating students. From 1980 to 1985 the IEEE standards board began POSIX (Portable Operating System) project to provide a standard for UNIX Library functions. The idea was that any software producer could write program code using the standard library functions and port the code to any UNIX system. In 1990 the IEEE POSIX project published "Information Technology Portable Operating System Interface". This specified the standard for UNIX shell and utility routines, which formalized specification for Unix Application Interface enabling UNIX processes to operate as separate virtual machines.

One problem that has plagued programmers for many years is the idea of creating truly portable computer programs. In other words, programmers want to write one program that will work on any platform. In the mid 1990s this idea has nearly been made possible utilizing the idea of the virtual machines to create the Java programming language.

The idea of the Java programming language, however, was not a new idea in the 1990s. It was actually thought of in the late 1970's by a gentleman named Bill Joy. Joy thought about creating a language that would merge the best features of MESA and C. Other projects (like co-founding Sun), however, intervened and it would be many years before this idea became a reality. By the early 90's Joy was getting tired of huge programs. In late 1990 Joy wrote a paper called Further which outlined his pitch to Sun engineers that they should produce an object environment based on C++. Around this time James Gosling had been working for several months on an SGML editor called "Imagination" using C++. Due to Gosling’s frustration with C++ on this "Imagination" project, the Oak programming language was created.

Patrick Naughton started the Green Project on December 5th, 1990. Naughton defined the project as an effort to "do fewer things better". That December he recruited Gosling and Mike Sheridan to help start the project. Joy showed them his Further paper, and work began on graphics and user interface issues for several months in C.

In April of 1991 the Green Project (Naughton, Gosling and Sheridan) settled on smart consumer electronics as the delivery platform, and Gosling started working heavily on the Oak programming language. Gosling wrote the original compiler in C; and Naughton, Gosling and Sheridan wrote the runtime-interpreter, also in C. Oak was running its first programs in August of 1991.

By the fall of 1992 "*7", a cross between a PDA and a remote control, was ready. This was demoed to Scott McNealy, Sun's president, in October. Following that the Green Project was set up as First Person Inc., a wholly owned Sun subsidiary. In early 1993 the Green team heard about a Time-Warner request for proposal for a set-top box operating system. First Person quickly shifted focus from smart consumer electronics to the set-top box OS market, and placed a bid with Time-Warner. Fortuitously, Sun lost the bid. First Person continued work on set-top boxes until early 1994, when it concluded that like smart consumer electronics set-top boxes were more hype than reality.

Without a market to be seen First Person was rolled back into Sun in 1994. However around this time it was realized that the requirements for smart consumer electronics and set-top box software (small, platform independent secure reliable code) were the same requirements for the nascent web. For a third time the project was redirected, this time at the web. A prototype browser called WebRunner was written by Patrick Naughton. After additional work by Naughton and Jonathan Payne this browser became Hot Java. In 1995 Oak was renamed Java. In May of 1995 the first Java Development Kit (JDK) 1.0 alpha was released. Since that time there have been several revisions leading up to the current version of the JDK 1.2.

Appendix: Events in history

Circa 1965

Yorktown IBM Research Center took the IBM 7044 machine and made an image of the 7044 in each partition on the system. Each image was called a 7044/44X and was created in order for IBM to better understand multiprogrammed operating systems. This was the beginning of IBM's notion of a virtual machine as a copy of an actual machine with reduced memory.

 

 

 

 

1967

Djiskstra built an operating system at THE University which consisted of a series of layered virtual machines which abstracted different levels of the machine. Each level abstracted from the level below. This is the first major lineage of the Virtual Machine.

 

 

 

 

Circa 1968

An IBM group in Cambridge Massachusetts built an Operating System and named it the Cambridge Monitoring System (CMS). CMS was an experiment in time sharing systems and eventually became the architecture used for the VM/370 machine that was sold as a time sharing system.

 

 

 

 

1974

Denise Ritchie and Ken Thompson of Bell Labs publish landmark paper on Unix Operating System. For their work on the Unix Operating system they received the prestigious ACM Turing Award in 1984.

 

 

 

 

1980 - 1985

IEEE Standards Board starts POSIX (Portable Operating System) project to provide a standard for Unix Library functions.

 

 

 

 

1990

IEEE POSIX publishes "Information Technology Portable Operating System Interface". This specified the standard for UNIX shell and utility routines.

 

 

 

 

1990

Patrick Naughton started the Green Project on December 5th, 1990. This project involving James Gosling and Mike Sheridan marked the early development of Java when it was known as the Oak programming language.

 

 

 

 

1995

In 1995, the Green project was redirected at the web. A prototype browser was created and the Oak programming language was renamed Java.

 

 

 

 

1999

In May of 1995 the first Java Development Kit (JDK) 1.0 alpha was released. Since then there have been several revisions on the way to the current version of the JDK, version 1.2.

 

 

 

 

The IBM Virtual Machine Model

IBM’s model is one in which each virtual machine is an exact copy of a real machine with a reduced memory capacity.

One of the major Virtual Machine (VM) models in use today is the International Business Machines (IBM) view of virtual machines. IBM’s model is one in which each virtual machine is an exact copy of a real machine with a reduced memory capacity. With this notion, a large and powerful mainframe computer can be split up, or partitioned, into many virtual machines with slightly less resources available than the original mainframe computer.

The IBM view of virtual machines is similar to the other VM lineages in that it serves as a mapping of functionality. This means that the VM intercepts virtual instructions and then maps these virtual instructions to the actual instructions on the machine. In the case of the IBM lineage of the VM, these instructions basically enjoy a one-to-one mapping, meaning that every virtual instruction is mapped to a single corresponding actual machine instruction and is executed as such. Essentially users actually have access to, and execute all of the instructions directly on the machine.

Now, you are probably wondering how the IBM VM operating system maintains security if it essentially gives a user all of the functionality they would have on the actual machine. Security is accomplished through this mapping method by simply blocking or trapping a certain set of instructions that are deemed sensitive. An example of such instructions would be those that attempt to directly alter the processor’s memory (registers). This type of instruction, if allowed, would allow the user to directly alter the actual machine, thereby altering the other VMs that might be running at any given time. If this were allowed to occur, then each user’s VM would not be completely independent and could therefore damage other user’s environments.

Essentially, the IBM VM system executes all non-sensitive instructions directly, and blocks the sensitive instructions. When the machine blocks these sensitive instructions, it attempts to simulate the desired operation so that the user is not aware they have attempted an illegal operation. The VM system provides virtual execution of the sensitive instructions if possible, thereby providing the user with all of the functionality they expect while still maintaining the OS/370 hardware’s system integrity. All of this functionality is provided by the VM Operating System running on the hardware.

How does it work?

The VM Operating System is the "brains" of the entire IBM Virtual Machine architecture. The entire system, both Operating System and hardware is referred to as the VM System. Each VM system is controlled by a program called the Control Program. In addition to managing the actual physical hardware, this Control Program creates a virtual machine for any and every user of the system, with this virtual machine being an exact simulation of a System/370 or System/390 mainframe computer. The important part of this IBM concept of virtual machines is that each user can run programs, store data and even crash the virtual machine they are running on without ever interfering with the VM system itself, or the other users of the system. Therefore, the IBM VM model not only allows resource sharing, but also protection of system resources.

Therefore, the IBM VM model not only allows resource sharing, but also protection of system resources.

The Control Program is the most important part of a VM system, and actually runs directly on the hardware of the mainframe computer. The Control Program administers the system hardware, system support tasks including startup and shutdown, as well as scheduling and execution of requests. The Control Program also manages the programming features that are supplied to each virtual machine, as well as the creation and maintenance of each virtual machine.

Along with the Control Program, the other main component that users of a VM system interact with is the Conversational Monitor System (or CMS for short). This term sounds complex, but basically the CMS provides the Operating system tasks that users need to work. Some of these services include file system commands, the ability to load and execute programs, memory management, screen and window services and the services that allow a user to write applications. The CMS is an Operating system that has been designed for a single user with a single task at a time. Although the system has the ability to handle multiple tasks at once, it is primarily used for a single task at a time. Each virtual machine has its own copy of CMS, thereby giving all users the same interface and functionality.

In addition to the Control Program and the CMS, there are a few other pieces that make up the VM system architecture. These pieces include the Group Control System, the Transparent System Access Facility, some additional Services, and the Dump Viewing Facility. I know what you are thinking, what does all of that gobbledygook mean? Well, to be honest, none of the aforementioned is essential to achieving a basic understanding of the IBM Virtual Machine system. So, we will now concentrate on the way that the Control Program and the Conversational Monitoring System handle this mapping of instructions.

...the IBM VM system's instruction set is essentially a one-to-one mapping.

As mentioned in the overview above, the instruction set is essentially a one-to-one mapping. For speed and conveniences sake, most every instruction available on the System/370 and System/390 system is run directly by the system. This means that the CMS allows the user to run the instruction and have the functionality that the user would expect, with no penalty in speed. Now, I did say most, and this leaves us with the small subset of instructions, which the VM system deems as sensitive.

A sensitive instruction in this case would be one that essentially would allow the user to alter the state of another user’s virtual machine, alter the state of the system hardware, as well as a few other sensitive or protected functions. Now, to illustrate this, let’s look at an example:

Let’s say a user tries to execute an instruction which grants them access to another user’s virtual machine and its resources. This instruction would be trapped by the CMS, and flagged as a sensitive instruction. This means that the CMS would recognize this instruction as a protected instruction and then pass it on to the Control Program with a special flag which would tell the Control Program, "this is a protected instruction." The computing term is called an interrupt, but that’s not important for this article.

Now, the Control Program would receive this instruction with this flag telling the Control Program that the instruction is a sensitive one. The Control Program would then take this instruction and perform some special routines, or checks, on the instruction to see what it should do. These routines would tell the Control Program whether it can attempt to simulate the execution of the instruction, or whether the instruction should be blocked altogether. If the Control Program simulates the instruction, the user would never know that they had attempted to run a sensitive instruction, and their system would continue as if nothing out of the ordinary occurred. If the Control Program must block the execution of the instruction, then a message would be relayed back to the user telling them the error and the program would most likely stop execution.

Conclusion

After reading through the above paragraphs, you now have a basic understanding of what the IBM model of the Virtual Machine is, and how it works. That’s all well and good, but I will bet you are wondering if this model actually works. Does it perform as advertised? Well, to be perfectly honest, having used the system myself, it does indeed work.

The IBM VM system provides a way to share large systems with multiple users in a secure way.

The IBM VM system provides a way to share large systems with multiple users in a secure way. By creating copies of the actual machine for each user, the IBM system allows each user the same functionality and resources, without compromising any single user’s privacy or security. The system is stable enough after nearly thirty years of development that it is widely used in both businesses and universities as a resource-sharing system.

The Java Virtual Machine Model

One interpretation of a virtual machine (VM) that is used frequently in the computer industry is the idea of the "simulated machine." This notion of the VM is very different from the IBM view of the VM. IBM’s idea was to partition the systems memory and resources into separate exact copies of the current machine. In the case of the simulated machine the system is not separated. A new "machine" or VM is instead placed on the current system, lending its distinct functionality to the user without altering the system. This type of VM has proven to be quite powerful allowing software developers to emulate one machine on a completely different machine. Recently this idea has brought about the creation of the powerful computer programming language, known as Java.