Operating SystemsVirtual Machines

Virtual Machines

LevelIntermediate

Duration90 mins

TopicVirtual Machines

3 / 5

Benefits for OS Development: The VM Revolution

How VMs Transformed OS Development

Before virtualization, operating system development was a painstaking endeavor. Every kernel modification required rebooting a physical machine. A bug in memory management could corrupt the disk. Hardware debugging required serial consoles, physical switches, and hours of downtime. Building an OS was as much about patience and physical endurance as it was about programming skill.

Virtual machines changed everything. Today, OS developers can boot a modified kernel in seconds, attach source-level debuggers, take snapshots before risky changes, and run multiple OS versions simultaneously. What once required a dedicated lab now runs on a laptop. This transformation hasn't just made OS development faster—it's made it accessible, opening the field to students, hobbyists, and researchers who would never have had access to specialized hardware.

What You Will Learn

By the end of this page, you will understand how virtual machines enable rapid kernel development cycles, source-level kernel debugging, safe experimentation with system components, multi-version testing, hardware device emulation for driver development, and OS research that would be impractical on physical hardware.

The Pre-Virtualization Era

To appreciate virtualization's impact, we must understand what OS development looked like before it became mainstream.

The Traditional OS Development Workflow (circa 1990s):

Edit source code on a development machine
Cross-compile the kernel (if not developing on the target)
Transfer the kernel to target hardware (floppy disk, network boot, serial cable)
Reboot the target machine
Wait for boot (potentially minutes)
Test the changes
Crash (likely, during development)
Inspect via console output, LED codes, or logic analyzer
Reboot and repeat from step 1

The Pain Points:

Challenges of Physical Hardware Development

•Slow Iteration — Each test cycle required a full reboot. Complex boot processes could take minutes. Testing multiple configurations meant hours of rebooting.
•Limited Debugging — No source-level debuggers for kernel code. Debugging was limited to printf statements (when the console worked), core dumps (when the machine remained stable enough to write them), and hardware debuggers (expensive, specialized).
•Data Loss Risk — Kernel bugs could corrupt file systems. Wise developers kept critical data on separate machines. Recoveries often meant reinstalling the entire system.
•Hardware Dependency — Need to test on different hardware? Buy it. Different CPU? Different motherboard? Each configuration required physical equipment.
•Single User — One developer per machine at a time. Team development required multiple physical machines or careful time-sharing.
•Reproducibility — "It works on my machine" was even more problematic when "my machine" had a specific motherboard revision, BIOS version, and peripheral configuration.

The Heroic Debugging Sessions

Stories from early OS development describe marathon debugging sessions with oscilloscopes connected to address lines, LED displays showing CPU registers, and careful examination of memory dumps written to printers. The skill required was immense—but much of it was overcome-ing limitations, not core computer science.

Rapid Development Cycles

Virtual machines compress the edit-compile-test cycle from minutes to seconds, fundamentally changing how developers approach OS problems.

The Modern VM-Enabled Workflow:

Edit source code in your favorite IDE
Compile the kernel (incremental builds: seconds to minutes)
Launch VM with new kernel (seconds)
Test changes
VM crash? Restart instantly (seconds)
Attach debugger if needed (seamless)
Rollback to snapshot if changes corrupted state (instant)
Iterate rapidly, potentially dozens of times per hour

Development Cycle Comparison
Activity	Physical Hardware	Virtual Machine
Full boot (kernel to user space)	30 seconds - 3 minutes	2-10 seconds
Recovery from kernel panic	1-5 minutes (reboot, fsck)	1-2 seconds (VM restart)
Test different kernel config	Minutes (rebuild, reboot)	Seconds (keep multiple VMs)
Restore known-good state	10-60 minutes (reinstall)	< 1 second (snapshot restore)
Test on different hardware	Days (acquire, setup)	Minutes (configure VM settings)

Practical Impact:

This speed difference isn't just convenient—it changes how developers think about experimentation. When each test costs minutes, you think carefully before trying something. When each test costs seconds, you try ten variations. This leads to:

More experimentation: Developers try speculative changes they wouldn't risk otherwise
Better testing: Running tests frequently catches regressions early
Faster learning: Students can make mistakes and recover instantly
Higher quality: Rapid iteration allows more polish and edge case handling

QEMU + KVM kernel development example:

# Compile kernel with debugging symbols
make -j$(nproc)

# Boot directly without creating a full image
qemu-system-x86_64 \
  -kernel arch/x86/boot/bzImage \
  -append "console=ttyS0 nokaslr" \
  -initrd initramfs.cpio.gz \
  -nographic \
  -enable-kvm \
  -m 2G

This command boots a newly compiled kernel in approximately 2-3 seconds. Iterating on kernel code becomes as fast as iterating on user-space applications.

Source-Level Kernel Debugging

Perhaps the most transformative benefit of virtual machines for OS development is the ability to debug kernel code with familiar source-level debuggers.

The GDB Stub Integration:

QEMU (and other emulators) can expose a GDB debugging interface. When the guest hits a breakpoint or stops for any reason, control transfers to GDB on the host, providing full visibility into kernel state.

gdb-kernel-debug.sh
Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#!/bin/bash
# Terminal 1: Start QEMU with GDB server
qemu-system-x86_64 \
  -kernel arch/x86/boot/bzImage \
  -append "console=ttyS0 nokaslr" \
  -initrd initramfs.cpio.gz \
  -nographic \
  -enable-kvm \
  -m 2G \
  -s -S  # -s: GDB server on :1234, -S: pause at start
 
# Terminal 2: Connect GDB
gdb vmlinux
(gdb) target remote :1234
(gdb) break start_kernel
(gdb) continue
# Execution pauses at start_kernel...
(gdb) break do_sys_open
(gdb) continue
# Now debugging the open() system call path

What You Can Do with Kernel Debugging:

Debugging Capabilities

•Set breakpoints in any kernel function—scheduler, memory manager, file system, device drivers.
•Inspect data structures with full type information: task_struct, inode, page tables, and beyond.
•Step through code instruction by instruction, watching exactly how the kernel handles a system call or interrupt.
•Examine registers (general-purpose, control registers like CR0/CR3, segment registers).
•Traverse complex structures like linked lists of processes, mount trees, or device hierarchies.
•Watch memory locations and break when they change—crucial for tracking down memory corruption.
•Examine stack traces for any thread or interrupt context.

Advanced Debugging Features:

Reverse Debugging: Some VM-based debug setups support record and replay. You can "rewind" execution to understand how you reached a particular state. This is invaluable for investigating non-deterministic bugs.

KGDB (Kernel GDB): Linux includes a kernel debugger agent (KGDB) that allows debugging a running kernel via serial or network connection. Combined with a VM's virtual serial port (easily connected to the host), this provides interactive debugging without QEMU-specific GDB stubs.

Hardware Watchpoints: Using the CPU's debug registers, you can break on memory read, write, or execute for specific addresses. VMs expose this functionality through GDB, allowing you to track down buffer overflows, use-after-free bugs, and wild pointers.

Comparison with Physical Debugging:

Debugging: Physical vs Virtual
Capability	Physical (JTAG/ICE)	Virtual (GDB + QEMU)
Setup cost	$1000s+ for equipment	Free (open source)
Setup complexity	Physical connections, driver config	Command-line arguments
Source-level debugging	Requires special toolchains	Standard GDB
Breakpoints	Limited by hardware registers	Unlimited software breakpoints
Time-travel debugging	Rarely available	Possible with record/replay
Hardware peripheral access	Full access	Emulated (may differ from real HW)

Snapshots and State Management

VM snapshots provide something impossible on physical hardware: instant, complete state preservation and restoration.

What Snapshots Capture:

Complete memory contents (every byte of RAM)
CPU state (all registers, including hidden state)
Device state (virtual disk positions, network buffers, pending interrupts)
Timer state (exact time offsets, pending timers)

Essentially, a snapshot freezes the VM at a precise moment. Restoring that snapshot puts the VM back in exactly that state—mid-instruction if necessary.

Use Cases for OS Development:

Snapshot Applications

•Before Risky Changes: Snapshot before running a kernel that might corrupt the file system. If it does, restore in seconds.
•Bug Reproduction: Reach a state that reproduces a bug, snapshot it, share the snapshot with teammates. Everyone can debug the exact same state.
•Checkpoint Testing: Boot to login, snapshot. Each test restores to login, runs test, resets. No boot time during test suite.
•A/B Comparisons: Snapshot before a change. After change, compare behavior. Restore and try different change. Compare again.
•Long-Running Experiments: Running a multi-hour stress test? Snapshot periodically. If something goes wrong at hour 8, restore hour 7 snapshot and investigate.
•Kernel Bisection: Binary searching for a bug across kernel versions? Snapshot known-good and known-bad states for rapid comparison.

Snapshot Implementation:

Snapshots are typically stored as:

Memory dump: Entire RAM contents (can be compressed, often significantly)
Device state files: Serialized state of each virtual device
Disk state: Either a separate copy or, more commonly, a copy-on-write overlay

Copy-on-Write Disks:

To avoid duplicating gigabytes of disk data for each snapshot, hypervisors use copy-on-write (CoW) overlays:

┌─────────────────────────────────┐
│ Current Disk State              │
│ (Overlay: tracks changes)       │
├─────────────────────────────────┤
│ Snapshot 2 Overlay              │
├─────────────────────────────────┤
│ Snapshot 1 Overlay              │
├─────────────────────────────────┤
│ Base Image (shared by all)      │
└─────────────────────────────────┘

Each snapshot only stores the blocks that changed since the previous snapshot (or base image). This allows maintaining many snapshots with minimal disk space—the base image dominates.

Live vs Offline Snapshots:

Offline: VM paused, state captured, VM resumed (brief pause)
Live/Online: State captured without pausing (more complex, may have consistency implications)

For OS development, offline snapshots with a brief pause are typically fine and simpler.

Snapshot Hygiene

Name snapshots descriptively: 'before-scheduler-changes', 'bug-123-reproduction-state'. Periodically consolidate or delete old snapshots to manage disk space. Use a branching model similar to git: main development line, experimental branches via snapshot trees.

Hardware Simulation and Driver Development

Virtual machines provide emulated hardware that behaves consistently and predictably—ideal for device driver development and testing.

Advantages for Driver Development:

Driver Development Benefits

•Consistent Hardware Behavior — Emulated devices behave according to their specification every time. No hardware errata, no revision differences, no intermittent failures.
•Full Observability — The emulator can log every I/O port access, MMIO read/write, DMA transfer, and interrupt. This visibility into device interactions is invaluable for debugging.
•Fault Injection — Emulators can simulate hardware failures: failed disk reads, dropped network packets, delayed interrupts. Test error handling code paths that rarely trigger on real hardware.
•No Physical Hardware Needed — Develop NVMe drivers without NVMe SSDs. Develop network drivers without network cards. Develop USB drivers without USB devices.
•Multiple Configurations — Test against different device configurations (variable speeds, capacities, feature sets) by changing emulator settings.
•Safe Testing — A buggy driver in a VM can't damage anything. On physical hardware, DMA bugs can corrupt memory, causing file system damage or permanent hardware issues.

Example: Developing a Block Device Driver

# QEMU with detailed virtio-blk tracing
qemu-system-x86_64 \
  -drive file=disk.img,if=virtio \
  -trace enable=virtio_blk_* \
  -trace file=virtio-trace.log \
  --enable-kvm \
  ...

# The trace log shows every buffer submission,
# completion, and device state change:
# virtio_blk_req_submit: sector=1024 nsectors=8 type=read
# virtio_blk_req_complete: sector=1024 status=0

With this visibility, you can verify that your driver correctly formats requests, handles completions, and manages queues—all without instrumenting the driver itself.

Developing for Non-Existent Hardware:

Researchers and hardware designers often develop software before hardware exists. QEMU's modular device architecture allows creating a software model of future hardware:

Write a QEMU device model implementing the proposed hardware interface
Develop and debug drivers against this model
When physical hardware arrives, drivers work immediately (or nearly so)

This approach was used for NVMe, RISC-V, and many other technologies.

Emulation vs Reality

Emulated hardware is the specification, not reality. Real hardware has bugs, timing variations, and undocumented behaviors. Use VMs for initial development and testing, but validate against physical hardware before production deployment. Some classes of bugs (timing-dependent, interrupt-related) may only manifest on real hardware.

Multi-Version and Multi-Architecture Testing

Operating systems must support diverse configurations. VMs enable testing across this diversity without maintaining hardware zoos.

Multi-Version Testing:

Maintaining a complex software project means supporting multiple OS versions. VMs allow running multiple versions simultaneously:

Version Testing Matrix Example
VM Name	Purpose	Resource Allocation
linux-5.15	LTS kernel testing	2 vCPU, 4GB RAM
linux-6.1	Current stable	2 vCPU, 4GB RAM
linux-6.6	Latest LTS	2 vCPU, 4GB RAM
linux-mainline	Development kernel	4 vCPU, 8GB RAM
linux-next	Bleeding edge	2 vCPU, 4GB RAM

Multi-Architecture Testing:

QEMU's full-system emulation supports dozens of architectures, enabling cross-platform development without owning exotic hardware:

# Test on 32-bit x86
qemu-system-i386 -kernel bzImage-i386 ...

# Test on ARM64
qemu-system-aarch64 -M virt -cpu cortex-a72 -kernel Image ...

# Test on RISC-V
qemu-system-riscv64 -M virt -kernel Image-riscv64 ...

# Test on PowerPC
qemu-system-ppc64 -kernel vmlinux-ppc64 ...

Performance Note: Cross-architecture emulation (x86 host running ARM guest) is much slower than native virtualization (x86 host, x86 guest). But for functional testing and debugging, the speed is usually acceptable.

Use Cases:

Cross-Platform Testing Scenarios

•Kernel Feature Testing — Verify that a feature works on x86, ARM64, and RISC-V before submitting a patch.
•Endianness Verification — Test on big-endian (PowerPC in BE mode) to catch byte-order bugs.
•32-bit vs 64-bit — Ensure compat layers work and no pointer truncation bugs exist.
•Embedded Development — Develop for ARM Cortex-M or MIPS embedded systems without physical hardware.
•Historic Preservation — Run old operating systems (IRIX, Solaris SPARC, AIX) in emulation for research or legacy support.
•Architecture Ports — When porting a kernel to a new architecture, emulation starts before hardware is available.

Configuration Permutation Testing:

Kernel configuration options create exponential test matrices. VMs enable automated testing across many configurations:

# Example: Test a file system across configurations
for config in "EXT4_FS=y" "BTRFS_FS=y" "XFS_FS=y"; do
  make defconfig
  echo "CONFIG_$config" >> .config
  make olddefconfig
  make -j$(nproc)
  run_test_in_vm "fs-stress-test"
done

Automated CI systems run thousands of such configurations nightly, catching regressions before they reach users.

Safe Experimentation and Research

Virtual machines create a safe sandboxed environment for experiments that would be dangerous or impossible on production systems.

Research Enabled by VMs:

OS Research Areas Benefiting from VMs

•Scheduler Research — Test new scheduling algorithms that might starve processes or cause system hangs. In a VM, just reset.
•Memory Management — Experiment with page replacement algorithms, memory allocation strategies, or address space layouts that could corrupt user data.
•File System Development — Test file systems with intentional crash/recovery cycles. Corrupt VM disk, restore, test recovery.
•Security Research — Analyze malware, develop exploits (for defensive purposes), and test security features—all isolated from real systems.
•Kernel Fuzzing — Feed random or malformed input to kernel interfaces (system calls, ioctl, network packets) to find bugs. VMs restart instantly after crashes.
•Performance Analysis — Collect detailed performance metrics without the noise of production workloads, using VM introspection capabilities.

Case Study: Kernel Fuzzing with syzkaller

syzkaller, a leading kernel fuzzer, leverages VMs extensively:

Spawn multiple VMs in parallel for maximum fuzzing throughput
Each VM runs a fuzzing agent that generates random system calls
On crash, syzkaller captures the crash log, extracts a reproducer, and restarts the VM instantly
Automated bisection finds which kernel commit introduced the bug
Report generation creates a bug report suitable for submission

This approach has found thousands of kernel bugs. Without VMs, such aggressive fuzzing would require an impractical amount of physical hardware and generate significant downtime for each crash.

Academic Research Acceleration:

Published OS research papers routinely describe experiments run on VMs. The reproducibility is invaluable:

Share a VM image alongside the paper for reproducibility
Collaborators can run experiments without replicating hardware setups
Reviewers can verify results independently
Students can learn from experiments by running them hands-on

Reproducible Research

When publishing OS research, consider distributing a VM image or automated scripts that recreate your experimental environment. This dramatically increases the value and impact of your work by enabling others to build upon it.

Education and Learning

VMs have democratized OS education. Activities that once required dedicated hardware labs are now possible on any student's laptop.

Educational Benefits:

VMs in OS Education

•Hands-on Kernel Modification — Students can modify, compile, and run real kernels. Assignments can require implementing scheduler policies, memory management features, or new system calls.
•Safe Learning Environment — Making mistakes is essential for learning. VMs ensure mistakes don't destroy homework, corrupt data, or require hours of reinstallation.
•Standardized Environment — Every student has the exact same environment, eliminating 'works on my machine' issues. TAs spend time on concepts, not setup troubleshooting.
•Advanced Topics Accessible — Topics like kernel debugging, driver development, and boot process modification—once requiring lab access—are available to all students.
•Historical Exploration — Run historical operating systems (Minix, original UNIX, early Windows) to understand OS evolution firsthand.
•Exam Environments — Controlled VM environments ensure fair testing conditions for practical exams.

Popular Educational OS Projects:

Educational Operating Systems
Project	Description	VM Support
xv6	MIT teaching OS (UNIX v6 reimplementation)	QEMU primary platform
MINIX 3	Microkernel teaching OS by Tanenbaum	VirtualBox, QEMU, Bochs
Pintos	Stanford teaching OS for x86	QEMU, Bochs
GeekOS	Maryland teaching OS	Bochs primary
OS/161	Harvard/OPS-Class teaching OS	sys161 (dedicated simulator), QEMU
Nachos	Berkeley teaching OS	MIPS emulator included

The xv6 Example:

xv6, developed by MIT for their 6.S081 operating systems course, is explicitly designed for QEMU:

# Clone, build, and run xv6 in minutes
git clone https://github.com/mit-pdos/xv6-riscv.git
cd xv6-riscv
make qemu

# You're now in a running UNIX-like OS
# Modify kernel.c, run 'make qemu' again
# Full development cycle in seconds

This accessibility has made xv6 the foundation for OS courses worldwide. Thousands of students have had their first kernel development experience through this VM-based approach.

Summary: VMs Transform OS Development

We've explored how virtual machines have revolutionized operating system development. Let's consolidate the key insights:

Key Takeaways

•VMs compress development cycles from minutes to seconds, enabling rapid experimentation and iteration.
•Source-level kernel debugging with GDB transforms the debugging experience from cryptic to comfortable.
•Snapshots provide instant state management, enabling risk-free experimentation and perfect reproducibility.
•Hardware emulation enables driver development without physical hardware, with superior observability.
•Cross-architecture and multi-version testing is practical without hardware collections.
•Safe experimentation opens research avenues that would be dangerous on physical systems.
•Education is democratized—OS development is accessible to anyone with a laptop.

What's Next:

We've seen how VMs benefit OS development. Next, we'll explore the hardware virtualization support that makes efficient virtualization possible—the CPU extensions (Intel VT-x, AMD-V), memory virtualization features (EPT, NPT), and I/O virtualization technologies that transform software virtualization into near-native performance.

Page Complete

You now understand how virtual machines have transformed OS development from a slow, hardware-bound discipline to a rapid, flexible, software-defined practice. This knowledge prepares you to leverage VMs effectively in your own systems programming work.

3 / 5

Loading learning content...

Operating SystemsVirtual Machines

Virtual Machines

LevelIntermediate

Duration90 mins

TopicVirtual Machines

3 / 5

Benefits for OS Development: The VM Revolution

How VMs Transformed OS Development

What You Will Learn

The Pre-Virtualization Era

To appreciate virtualization's impact, we must understand what OS development looked like before it became mainstream.

The Traditional OS Development Workflow (circa 1990s):

Edit source code on a development machine
Cross-compile the kernel (if not developing on the target)
Transfer the kernel to target hardware (floppy disk, network boot, serial cable)
Reboot the target machine
Wait for boot (potentially minutes)
Test the changes
Crash (likely, during development)
Inspect via console output, LED codes, or logic analyzer
Reboot and repeat from step 1

The Pain Points:

Challenges of Physical Hardware Development

•Slow Iteration — Each test cycle required a full reboot. Complex boot processes could take minutes. Testing multiple configurations meant hours of rebooting.
•Limited Debugging — No source-level debuggers for kernel code. Debugging was limited to printf statements (when the console worked), core dumps (when the machine remained stable enough to write them), and hardware debuggers (expensive, specialized).
•Data Loss Risk — Kernel bugs could corrupt file systems. Wise developers kept critical data on separate machines. Recoveries often meant reinstalling the entire system.
•Hardware Dependency — Need to test on different hardware? Buy it. Different CPU? Different motherboard? Each configuration required physical equipment.
•Single User — One developer per machine at a time. Team development required multiple physical machines or careful time-sharing.
•Reproducibility — "It works on my machine" was even more problematic when "my machine" had a specific motherboard revision, BIOS version, and peripheral configuration.

The Heroic Debugging Sessions

Rapid Development Cycles

Virtual machines compress the edit-compile-test cycle from minutes to seconds, fundamentally changing how developers approach OS problems.

The Modern VM-Enabled Workflow:

Edit source code in your favorite IDE
Compile the kernel (incremental builds: seconds to minutes)
Launch VM with new kernel (seconds)
Test changes
VM crash? Restart instantly (seconds)
Attach debugger if needed (seamless)
Rollback to snapshot if changes corrupted state (instant)
Iterate rapidly, potentially dozens of times per hour

Development Cycle Comparison
Activity	Physical Hardware	Virtual Machine
Full boot (kernel to user space)	30 seconds - 3 minutes	2-10 seconds
Recovery from kernel panic	1-5 minutes (reboot, fsck)	1-2 seconds (VM restart)
Test different kernel config	Minutes (rebuild, reboot)	Seconds (keep multiple VMs)
Restore known-good state	10-60 minutes (reinstall)	< 1 second (snapshot restore)
Test on different hardware	Days (acquire, setup)	Minutes (configure VM settings)

Practical Impact:

More experimentation: Developers try speculative changes they wouldn't risk otherwise
Better testing: Running tests frequently catches regressions early
Faster learning: Students can make mistakes and recover instantly
Higher quality: Rapid iteration allows more polish and edge case handling

QEMU + KVM kernel development example:

# Compile kernel with debugging symbols
make -j$(nproc)

# Boot directly without creating a full image
qemu-system-x86_64 \
  -kernel arch/x86/boot/bzImage \
  -append "console=ttyS0 nokaslr" \
  -initrd initramfs.cpio.gz \
  -nographic \
  -enable-kvm \
  -m 2G

This command boots a newly compiled kernel in approximately 2-3 seconds. Iterating on kernel code becomes as fast as iterating on user-space applications.

Source-Level Kernel Debugging

Perhaps the most transformative benefit of virtual machines for OS development is the ability to debug kernel code with familiar source-level debuggers.

The GDB Stub Integration:

gdb-kernel-debug.sh
Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#!/bin/bash
# Terminal 1: Start QEMU with GDB server
qemu-system-x86_64 \
  -kernel arch/x86/boot/bzImage \
  -append "console=ttyS0 nokaslr" \
  -initrd initramfs.cpio.gz \
  -nographic \
  -enable-kvm \
  -m 2G \
  -s -S  # -s: GDB server on :1234, -S: pause at start
 
# Terminal 2: Connect GDB
gdb vmlinux
(gdb) target remote :1234
(gdb) break start_kernel
(gdb) continue
# Execution pauses at start_kernel...
(gdb) break do_sys_open
(gdb) continue
# Now debugging the open() system call path

What You Can Do with Kernel Debugging:

Debugging Capabilities

•Set breakpoints in any kernel function—scheduler, memory manager, file system, device drivers.
•Inspect data structures with full type information: task_struct, inode, page tables, and beyond.
•Step through code instruction by instruction, watching exactly how the kernel handles a system call or interrupt.
•Examine registers (general-purpose, control registers like CR0/CR3, segment registers).
•Traverse complex structures like linked lists of processes, mount trees, or device hierarchies.
•Watch memory locations and break when they change—crucial for tracking down memory corruption.
•Examine stack traces for any thread or interrupt context.

Advanced Debugging Features:

Comparison with Physical Debugging:

Debugging: Physical vs Virtual
Capability	Physical (JTAG/ICE)	Virtual (GDB + QEMU)
Setup cost	$1000s+ for equipment	Free (open source)
Setup complexity	Physical connections, driver config	Command-line arguments
Source-level debugging	Requires special toolchains	Standard GDB
Breakpoints	Limited by hardware registers	Unlimited software breakpoints
Time-travel debugging	Rarely available	Possible with record/replay
Hardware peripheral access	Full access	Emulated (may differ from real HW)

Snapshots and State Management

VM snapshots provide something impossible on physical hardware: instant, complete state preservation and restoration.

What Snapshots Capture:

Complete memory contents (every byte of RAM)
CPU state (all registers, including hidden state)
Device state (virtual disk positions, network buffers, pending interrupts)
Timer state (exact time offsets, pending timers)

Essentially, a snapshot freezes the VM at a precise moment. Restoring that snapshot puts the VM back in exactly that state—mid-instruction if necessary.

Use Cases for OS Development:

Snapshot Applications

•Before Risky Changes: Snapshot before running a kernel that might corrupt the file system. If it does, restore in seconds.
•Bug Reproduction: Reach a state that reproduces a bug, snapshot it, share the snapshot with teammates. Everyone can debug the exact same state.
•Checkpoint Testing: Boot to login, snapshot. Each test restores to login, runs test, resets. No boot time during test suite.
•A/B Comparisons: Snapshot before a change. After change, compare behavior. Restore and try different change. Compare again.
•Long-Running Experiments: Running a multi-hour stress test? Snapshot periodically. If something goes wrong at hour 8, restore hour 7 snapshot and investigate.
•Kernel Bisection: Binary searching for a bug across kernel versions? Snapshot known-good and known-bad states for rapid comparison.

Snapshot Implementation:

Snapshots are typically stored as:

Memory dump: Entire RAM contents (can be compressed, often significantly)
Device state files: Serialized state of each virtual device
Disk state: Either a separate copy or, more commonly, a copy-on-write overlay

Copy-on-Write Disks:

To avoid duplicating gigabytes of disk data for each snapshot, hypervisors use copy-on-write (CoW) overlays:

┌─────────────────────────────────┐
│ Current Disk State              │
│ (Overlay: tracks changes)       │
├─────────────────────────────────┤
│ Snapshot 2 Overlay              │
├─────────────────────────────────┤
│ Snapshot 1 Overlay              │
├─────────────────────────────────┤
│ Base Image (shared by all)      │
└─────────────────────────────────┘

Each snapshot only stores the blocks that changed since the previous snapshot (or base image). This allows maintaining many snapshots with minimal disk space—the base image dominates.

Live vs Offline Snapshots:

Offline: VM paused, state captured, VM resumed (brief pause)
Live/Online: State captured without pausing (more complex, may have consistency implications)

For OS development, offline snapshots with a brief pause are typically fine and simpler.

Snapshot Hygiene

Hardware Simulation and Driver Development

Virtual machines provide emulated hardware that behaves consistently and predictably—ideal for device driver development and testing.

Advantages for Driver Development:

Driver Development Benefits

•Consistent Hardware Behavior — Emulated devices behave according to their specification every time. No hardware errata, no revision differences, no intermittent failures.
•Full Observability — The emulator can log every I/O port access, MMIO read/write, DMA transfer, and interrupt. This visibility into device interactions is invaluable for debugging.
•Fault Injection — Emulators can simulate hardware failures: failed disk reads, dropped network packets, delayed interrupts. Test error handling code paths that rarely trigger on real hardware.
•No Physical Hardware Needed — Develop NVMe drivers without NVMe SSDs. Develop network drivers without network cards. Develop USB drivers without USB devices.
•Multiple Configurations — Test against different device configurations (variable speeds, capacities, feature sets) by changing emulator settings.
•Safe Testing — A buggy driver in a VM can't damage anything. On physical hardware, DMA bugs can corrupt memory, causing file system damage or permanent hardware issues.

Example: Developing a Block Device Driver

# QEMU with detailed virtio-blk tracing
qemu-system-x86_64 \
  -drive file=disk.img,if=virtio \
  -trace enable=virtio_blk_* \
  -trace file=virtio-trace.log \
  --enable-kvm \
  ...

# The trace log shows every buffer submission,
# completion, and device state change:
# virtio_blk_req_submit: sector=1024 nsectors=8 type=read
# virtio_blk_req_complete: sector=1024 status=0

With this visibility, you can verify that your driver correctly formats requests, handles completions, and manages queues—all without instrumenting the driver itself.

Developing for Non-Existent Hardware:

Researchers and hardware designers often develop software before hardware exists. QEMU's modular device architecture allows creating a software model of future hardware:

Write a QEMU device model implementing the proposed hardware interface
Develop and debug drivers against this model
When physical hardware arrives, drivers work immediately (or nearly so)

This approach was used for NVMe, RISC-V, and many other technologies.

Emulation vs Reality

Multi-Version and Multi-Architecture Testing

Operating systems must support diverse configurations. VMs enable testing across this diversity without maintaining hardware zoos.

Multi-Version Testing:

Maintaining a complex software project means supporting multiple OS versions. VMs allow running multiple versions simultaneously:

Version Testing Matrix Example
VM Name	Purpose	Resource Allocation
linux-5.15	LTS kernel testing	2 vCPU, 4GB RAM
linux-6.1	Current stable	2 vCPU, 4GB RAM
linux-6.6	Latest LTS	2 vCPU, 4GB RAM
linux-mainline	Development kernel	4 vCPU, 8GB RAM
linux-next	Bleeding edge	2 vCPU, 4GB RAM

Multi-Architecture Testing:

QEMU's full-system emulation supports dozens of architectures, enabling cross-platform development without owning exotic hardware:

# Test on 32-bit x86
qemu-system-i386 -kernel bzImage-i386 ...

# Test on ARM64
qemu-system-aarch64 -M virt -cpu cortex-a72 -kernel Image ...

# Test on RISC-V
qemu-system-riscv64 -M virt -kernel Image-riscv64 ...

# Test on PowerPC
qemu-system-ppc64 -kernel vmlinux-ppc64 ...

Use Cases:

Cross-Platform Testing Scenarios

•Kernel Feature Testing — Verify that a feature works on x86, ARM64, and RISC-V before submitting a patch.
•Endianness Verification — Test on big-endian (PowerPC in BE mode) to catch byte-order bugs.
•32-bit vs 64-bit — Ensure compat layers work and no pointer truncation bugs exist.
•Embedded Development — Develop for ARM Cortex-M or MIPS embedded systems without physical hardware.
•Historic Preservation — Run old operating systems (IRIX, Solaris SPARC, AIX) in emulation for research or legacy support.
•Architecture Ports — When porting a kernel to a new architecture, emulation starts before hardware is available.

Configuration Permutation Testing:

Kernel configuration options create exponential test matrices. VMs enable automated testing across many configurations:

# Example: Test a file system across configurations
for config in "EXT4_FS=y" "BTRFS_FS=y" "XFS_FS=y"; do
  make defconfig
  echo "CONFIG_$config" >> .config
  make olddefconfig
  make -j$(nproc)
  run_test_in_vm "fs-stress-test"
done

Automated CI systems run thousands of such configurations nightly, catching regressions before they reach users.

Safe Experimentation and Research

Virtual machines create a safe sandboxed environment for experiments that would be dangerous or impossible on production systems.

Research Enabled by VMs:

OS Research Areas Benefiting from VMs

•Scheduler Research — Test new scheduling algorithms that might starve processes or cause system hangs. In a VM, just reset.
•Memory Management — Experiment with page replacement algorithms, memory allocation strategies, or address space layouts that could corrupt user data.
•File System Development — Test file systems with intentional crash/recovery cycles. Corrupt VM disk, restore, test recovery.
•Security Research — Analyze malware, develop exploits (for defensive purposes), and test security features—all isolated from real systems.
•Kernel Fuzzing — Feed random or malformed input to kernel interfaces (system calls, ioctl, network packets) to find bugs. VMs restart instantly after crashes.
•Performance Analysis — Collect detailed performance metrics without the noise of production workloads, using VM introspection capabilities.

Case Study: Kernel Fuzzing with syzkaller

syzkaller, a leading kernel fuzzer, leverages VMs extensively:

Spawn multiple VMs in parallel for maximum fuzzing throughput
Each VM runs a fuzzing agent that generates random system calls
On crash, syzkaller captures the crash log, extracts a reproducer, and restarts the VM instantly
Automated bisection finds which kernel commit introduced the bug
Report generation creates a bug report suitable for submission

This approach has found thousands of kernel bugs. Without VMs, such aggressive fuzzing would require an impractical amount of physical hardware and generate significant downtime for each crash.

Academic Research Acceleration:

Published OS research papers routinely describe experiments run on VMs. The reproducibility is invaluable:

Share a VM image alongside the paper for reproducibility
Collaborators can run experiments without replicating hardware setups
Reviewers can verify results independently
Students can learn from experiments by running them hands-on

Reproducible Research

Education and Learning

VMs have democratized OS education. Activities that once required dedicated hardware labs are now possible on any student's laptop.

Educational Benefits:

VMs in OS Education

•Hands-on Kernel Modification — Students can modify, compile, and run real kernels. Assignments can require implementing scheduler policies, memory management features, or new system calls.
•Safe Learning Environment — Making mistakes is essential for learning. VMs ensure mistakes don't destroy homework, corrupt data, or require hours of reinstallation.
•Standardized Environment — Every student has the exact same environment, eliminating 'works on my machine' issues. TAs spend time on concepts, not setup troubleshooting.
•Advanced Topics Accessible — Topics like kernel debugging, driver development, and boot process modification—once requiring lab access—are available to all students.
•Historical Exploration — Run historical operating systems (Minix, original UNIX, early Windows) to understand OS evolution firsthand.
•Exam Environments — Controlled VM environments ensure fair testing conditions for practical exams.

Popular Educational OS Projects:

Educational Operating Systems
Project	Description	VM Support
xv6	MIT teaching OS (UNIX v6 reimplementation)	QEMU primary platform
MINIX 3	Microkernel teaching OS by Tanenbaum	VirtualBox, QEMU, Bochs
Pintos	Stanford teaching OS for x86	QEMU, Bochs
GeekOS	Maryland teaching OS	Bochs primary
OS/161	Harvard/OPS-Class teaching OS	sys161 (dedicated simulator), QEMU
Nachos	Berkeley teaching OS	MIPS emulator included

The xv6 Example:

xv6, developed by MIT for their 6.S081 operating systems course, is explicitly designed for QEMU:

# Clone, build, and run xv6 in minutes
git clone https://github.com/mit-pdos/xv6-riscv.git
cd xv6-riscv
make qemu

# You're now in a running UNIX-like OS
# Modify kernel.c, run 'make qemu' again
# Full development cycle in seconds

This accessibility has made xv6 the foundation for OS courses worldwide. Thousands of students have had their first kernel development experience through this VM-based approach.

Summary: VMs Transform OS Development

We've explored how virtual machines have revolutionized operating system development. Let's consolidate the key insights:

Key Takeaways

•VMs compress development cycles from minutes to seconds, enabling rapid experimentation and iteration.
•Source-level kernel debugging with GDB transforms the debugging experience from cryptic to comfortable.
•Snapshots provide instant state management, enabling risk-free experimentation and perfect reproducibility.
•Hardware emulation enables driver development without physical hardware, with superior observability.
•Cross-architecture and multi-version testing is practical without hardware collections.
•Safe experimentation opens research avenues that would be dangerous on physical systems.
•Education is democratized—OS development is accessible to anyone with a laptop.

What's Next:

Page Complete

3 / 5