virtualization

What is virtualization?

Virtualization has been in use in compute servers for decades. IBM’s VM/370 provided the image of a complete hardware mainframe to a guest operating system, potentially with more memory and resources than the actual hardware that VM/370 ran on. As VM/370 would have to keep spooling the virtual memory to disk, the actual performance would far lower than a dedicated machine. However, in most respects, the guest operating system saw a ‘real’ machine. Virtualization made it possible to mix batch and interactive compute jobs on the same machine, saving the cost of buying additional dedicated mainframes.

Originally employed to deal with the high cost of compute hardware, virtualization has re-emerged as a potential answer to high energy usage in servers, and for security and resource optimization in embedded systems.

Virtualization makes it more economical to consolidate multiple server computers into a single blade. Because many servers run well below full capacity, consolidation not only cuts costs but improves power consumption. As each server draws close to full power even when running an idle loop, improving processor utilization by bringing multiple environments onto the same machine is more energy efficient.

A similar principle has been applied to low-end smartphones where virtualization is, invisible to the consumer, being used to cut the bill of materials. A popular approach to smartphone design, for example, splits responsibilities between at least two microprocessors. On one, a real-time operating system (RTOS) running on the baseband processor co-ordinates the interface between the phone and the wireless network. The other processor, usually a higher-performance model, is one intended to run user-visible operating systems such as Android, Apple’s iOS or Windows Phone 7.

Why is it useful?

Similar to the situation for compute servers, the baseband processor is often underused in a multicore handset, leaving some spare capacity for the applications-oriented operating system. According to Open Kernel Labs, one of the suppliers of hypervizors for mobile phones, it is feasible to run an Android installation on a 200MHz ARM926 with 128MB of memory alongside the baseband RTOS.

A further argument for using virtualization in embedded systems is software portability. Application writers can develop code for a generic canonical machine that will run on any platform that can emulate the behaviour of that machine even if the physical implementation has completely different registers and memory maps. This should reduce the cost of porting code to new hardware as only low-level firmware needs to change – something that phone vendors with large hardware portfolios are keen to have.

Conventionally, embedded systems have used forms of virtualization primarily for resilience. An example is the ARINC 653 executive for avionics systems. This provides slices of time for guest operating systems, ensuring that one environment does not starve another of processor time.

Because it offers the ability to seal off guest operating systems from physical I/O, virtualization has acquired the image of making embedded systems more secure. This is only partially true. As long as the hypervizor is secure, it’s true. But it is easy to introduce sneak paths that allow attacks to sneak through, particularly through device drivers. Because drivers need low-level access to peripherals, they often need to run in a privileged mode. If they are not sufficiently protected against attacks such as buffer overflows, they can provide a means for a hacker to take control of the entire machine by acting as a trap door into the hypervizor functions.

One advantage that a hypervizor has in terms of security is that its codebase can often be much smaller than that of a full operating system, making it more amenable to intensive testing and formal verification. And the hypervizor can block calls to peripherals that are deemed potentially harmful or remove access to ports that should not be available to unprivileged code.

By locking down parts of the hardware, it becomes possible to use a wider range of software in systems that previously only had access to a highly restricted approved list of operating systems and applications. For example, industrial control and military systems can make use of the user-interface development tools available for Android and similar products but leave vital functions to a dedicated RTOS.

October 26, 2018
Philip Vanness is a product marketing manager at Mentor, a Siemens business.

8.8 billion miles to verify

How the digital twin can fuel automotive verification flows impossible in the real world.
Expert Insight  |  Topics: EDA - Verification  |  Tags: , , , , , , , ,   |  Organizations: ,
December 4, 2017
Richard Pugh featured image SSD expert insight

Data-hungry applications demand emulation

Richard Pugh shows how the fast-growing market for drone silicon highlights emulation's power where high data volumes are critical.
Expert Insight  |  Topics: EDA - Verification  |  Tags: , , , , , , ,   |  Organizations:
October 14, 2016
networking-soc-mentor-ixia-featim

Taking risk out of software-driven networking SoCs

How virtualization and integration with hardware testers are enabling networking SoCs in the billion-gate era.
Article  |  Topics: EDA - DFT, Verification  |  Tags: , , , ,   |  Organizations: ,
September 9, 2016

The inside track on emulation growth

Analysts say there is a $1B market on the horizon. We talk with Mentor's Jean-Marie Brunet about where such a number could come from.
February 4, 2014
Featured image - virtual prototyping big.Little case study

Debugging with virtual prototypes – Part Four

The fourth installment discusses the extra levels of debug capability available when using virtual prototypes through the example of an ARM big.LITTLE-based embedded system.
September 6, 2013
Richard Goering, senior manager of technical communications, Cadence

Real-world multicore embedded systems: review

If you're going to be working on any aspect of multicore embedded system design, a newly published book titled "Real World Multicore Embedded Systems" will be an excellent guide.
July 26, 2012
Cloud image

Optimizing cloud computing for faster semiconductor design

How Cadence, Intel and Xuropa accelerated the semiconductor design process by squeezing 15% more capacity out of a virtualized server farm
January 15, 2012

Virtualization

Virtualization makes it possible to run multiple operating system images on one processor core – with benefits for memory protection, power efficiency and cost reduction.
September 10, 2010

Hypervisors and the Power Architecture

The use of multicore processors is on the rise to meet inexorable demand for increasingly sophisticated functionality in embedded systems. Hardware virtualization technology provides a complementary and game-changing approach to maximizing the utility of that extra silicon horsepower. The Power Architecture has included hardware virtualization support since 2001 in its server-based instruction set architecture (ISA). [...]
June 1, 2009

Embedded software virtualization comes of age

New separation kernels and embedded hypervisors can help ease the pain of migrating legacy systems to new hardware platforms, including multicore processing systems. Bringing multiple OSs and applications on to the same hardware also opens up new possibilities for combining systems that offer real-time performance within a familiar GUI environment. The LynxSecure separation kernel and […]

PLATINUM SPONSORS

Synopsys Cadence Design Systems Mentor - A Siemens Business
View All Sponsors