-
The most widely deployed mobile virtualization solution
Data Sheets
Open Kernel Labs Blog
July 23, 2008
When does size matter?
Since many embedded systems are highly resource-constrained, it is important for developers to understand how much memory a particular software component requires. However, like with any other form of benchmark, the devil is in the detail, and it is essential to make an "apples to apples" comparison. This is important to keep in mid when reading competitor claims of having a "20KB hypervisor".
For one, quantifying the real memory requirements of a hypervisor requires understanding both the static memory requirements (what is required to boot up the hypervisor without it doing useful work) and the dynamic memory requirements (which depend on what is running on top).
The presently-shipping version of OKL4 has a static memory requirement of less than 64KiB. This pales in comparison to the guest operating systems it is supporting, eg a Linux system will require megabytes of memory. Hence it is quite irrelevant whether the hypervisor needs 10, 60 or 100KiB.
Dynamic memory requirements are dominated by page tables. The ARM architecture defines a page table format that requires a minimum of 24KiB per address space (guest OS or guest application). OKL4 uses unique compression technology that reduces this space overhead to as little as 8KiB. As a consequence, the complete (static plus dynamic) memory use of an OKL4-based system may be smaller than with hypervisors claiming a smaller (static) footprint. This may be relevant if you use OKL4 as an opertaing system on a very small device, or maybe for virtualizing RTOSes. It's not particularly important if you use it to run Linux.
Second, there are other concerns that frequently outweigh memory footprint, even in resource-constrained systems, such as reliability, security, and flexibility.
Reliability and Security
Small size advantages can be gained for example by implementing the complete hypervisor in assembly language. This comes at a significant cost, however. Assembly code requires in average 5–10 times the lines of code of C to achieve the same functionality. This massively increased source code leads to a correspondingly higher number of defects. Furthermore, automatic checking for bugs (using static analysis tools), very successful for C code, has very limited applicability to assembly code. The result is that assembly code can be expected to be about an order of magnitude more buggy than well-engineered C code, and the resulting system will therefore be less reliable and less secure. The TCB of a hypervsior implemented in assembler is bigger than that of a C implementation.
C code will also be much easier to adapt to new requirements.
For these reasons, OKL4 is predominantly implemented in C.
Flexibility and Configurability
A bare-bones hypervisor can be made smaller than a system with the generality and flexibility of OKL4. However, it will not be able to meet all the requirements of modern embedded systems, which go well beyond what basic virtualization offers. For example, OKL4 offers the ability to run applications directly, with a minimal trusted computing base that does not include a guest OS, and supports encapsulating device drivers for security and reliability reasons. Furthermore, it allows to control information flow, a requirement of security-critical systems.
So, when comparing the memory requirements of software components make sure you get enough detail to conduct an apples to apples comparison and remember memory footprint is only one characteristic of design requirements for an optimized system. A slight increase in memory footprint may translate in an ability to meet other design requirements.
And of course, remember that OKL4 is open source. Everyone can verify our claims. Our competitors are hiding their code. They are even hiding their white papers behind NDAs!
Posted by Gernot Heiser on July 23 at 04:09 AM
blog comments powered by Disqus
About Gernot Heiser:
Gernot Heiser, Co-founder and Consulting Scientist, never thought he would be in the business world. Prior to NICTA's creation in 2003, Dr Heiser was a full-time faculty member at the University of New South Wales. However, this die-hard academic couldn’t pass up the opportunity to see the commercialization of this research. Gernot still loves teaching, almost as much as he loves good wine and good food. And anyone will tell you that Gernot knows his wine.