QEMU Internals(airbus-seclab.github.io) |
QEMU Internals(airbus-seclab.github.io) |
On the same subject can someone recommend a book or any other resource to learn about virtual machine internals? My goal is to try to build a toy clone of VirtualBox/VMWare.
So far I have found one -- Virtual Machines by James E. Smith and Ravi Nair.
[1] https://www.amazon.com/Hardware-Software-Virtualization-Synt...
Another book on Libvirt will be handy since it is the de facto API for most virtualization including VMs and containers[1].
[1]https://www.amazon.com/Foundations-Libvirt-Development-Maint...
It's a really great fun way to learn the key concepts.
https://www.morganclaypool.com/doi/abs/10.2200/S00754ED1V01Y...
Bringing Virtualization to the x86 Architecture with the Original VMware Workstation (2012)
https://m.youtube.com/playlist?list=PLSkhUfcCXvqHsOy2VUxuoAf...
What I've found difficult is the step beyond that. NES and GameBoy are typical steps, however, I've been very frustrated by the confusing documentation of the GameBoy. There are 3/4 references, but one of them has significant mistakes, while another is incomplete. On the other hand, the Pan Docs should be complete and accurate.
I'm not sure if there is an easy middle ground, that, at the same time, is also well documented.
The Atary 2600 is architecturally simpler but less documented, and also requires very accurate timings. I've read somebody suggesting systems like Channel F, Astrocade and Odyssey2, but I'm not sure they're well documented.
I've personally lost my interest once I've found that building an emulator was essentially fighting specifications rather than actually building something.
thou I wouldn’t buy a Toyota that exploded every 400,000 trips world wide Or bank with a bank that lost all my money every 400,000 transactions world wide
Here's a quick, high level, run-down:
https://jalopnik.com/heres-everything-boeing-did-to-fix-the-...
"In practice, the MCAS system accepted readings from only a single angle of attack (AOA) sensor. In the event of a bad sensor reading, the MCAS initiated repeated nose-down inputs. The cockpit alarm for AOA disagreement was also an expensive upcharge.
So Boeing made some changes to the MAX and the MCAS system. The MCAS system now has a maximum limit of one nose-down input during a single event of high angle of attack. The limit doesn’t reset if the pilots activate the electric trim switches. Further, an AOA sensor monitor was added to make sure MCAS doesn’t use AOA input if sensors disagree with each other by more than 5.5 degrees. The Flight Control Computer itself also no longer relies on a single sensor. Another important change is with the AOA DISAGREE alert. Previously, this alert was part of an optional AOA Gauge offered by Boeing. Now the AOA DISAGREE alert is always enabled, regardless of whether the airline has the option or not. All these changes are in the FAA summary."
More detail in a Nytimes article of the flaws:
https://www.nytimes.com/interactive/2019/03/29/business/boei...
Making safety critical software is a totally different world than what is seen on HN. The culture needed is safety culture and it is all about doing boring code, following strict coding rules, doing tons of documentation and analysis prior coding and a doing tons of review of tests. I don't think it will arouse interest here.
However, this is probably not about the airplane part of Airbus. Like Boeing, Airbus also have huge defense and space divisions.
Obviously, this does not excuse their actions as they still made a system at least 100x more dangerous than the standard, but it should give perspective on the difficulty of the problems actually being solved. It is not a bunch of amateurs or below-average engineers who need to adopt basic practices. It is a bunch of highly-skilled professionals developing systems with a level of reliability far beyond what most software developers even think is possible. Even the abysmal processes of the 737 MAX that are far below the standard in the airplane industry would, relative to most software, be very good. It is just that the problems they need to solve are very, very, very hard and very good does not cut it when lives, not data, are at stake.
Although I find the GM ignition key issue way worse than Toyota which was an oversight.
Even ignoring that, I am discussing the uptime of a system using AWS which only guarantees 99.99% uptime for AWS service in any given AWS region and only a 10% refund (which is less than their profit margin) as long as they keep your system up more than 99% of the time. Downtime for a system due to AWS downtime in a region constitutes a critical failure of AWS to deliver expected service. That their lack of service does not result in deaths unlike an airplane is immaterial to a reliability analysis, it only tells us if their critical failures matter and what level of reliability we should require/demand when making reliability-cost tradeoffs. In other words, the probability and costs of failure are not actually related. It is just that costly failures result in more effort being spent on developing mitigations. In the case of airplanes, critical failure in the form of a crash is very costly, so they take great pains to minimize the whole-system risk of that failure mode.
All that said, emulating the CPU was pretty fun. There's a CPU test rom out there you can run with tracing and compare to the published results. I also got the background tiling from the PPU done, but the foreground processing has a lot of steps, so I indefinitely paused for now. Also, I had amazingly poor performance, so I wasn't super motivated to continue.
The 2600 has a very similar cpu, but the very limited Stella output chip means most games are very timing dependent, which means you have to be super accurate, which adds difficulty. I think you should try to be cycle accurate anyway, but it's easy to mess that up, and having some freedom would be nice.
But the foreground / object sprites have this huge pipeline. IIRC, the PPU determines which sprites to draw in line X + 1 during line X. After that, it has to load the data for each object, etc etc. It was just discouraging. Plus since my frame rate is so low, I have to sit at a blank screen for quite some time waiting for the game to show anything, and longer for the demo to start (I don't have controls)...
Anyhow, glad I'm not alone ;)