THE DALVIK VIRTUAL MACHINE ARCHITECTURE

redlemonbalmMobile - Wireless

Dec 10, 2013 (3 years and 10 months ago)

100 views

David Ehringer
March, 2010
THE DALVI K VI RTUAL MACHI NE ARCHI TE CTURE
I n t r o d u c t i o n
J a v a h a s a l wa y s b e e n ma r k e t e d a s “ wr i t e o n c e, r u n a n y wh e r e.” T h e c a p a b i l i t y h a s l a r g e l y b e e n
ma d e p o s s i b l e b y t h e J a v a P l a t f o r m, t h e f o u n d a t i o n o f wh i c h i s t h e J a v a V i r t u a l Ma c h i n e ( J V M).
Al t h o u g h t h i s g o a l h a s l a r g e l y b e e n me t f o r t h e J a v a p l a t f o r m o n d e s k t o p ( J S E ) a n d s e r v e r ( J E E )
e n v i r o n me n t s, t h e mo b i l e J a v a e c o s y s t e m ( J ME ) i s a b i t mo r e f r a g me n t e d wi t h v a r i o u s
c o n fi g u r a t i o n s, p r o fi l e s, a n d p a c k a g e s c a u s i n g s i g n i fi c a n t mo d i fi c a t i o n s t o a p p l i c a t i o n s i n o r d e r t o
s u p p o r t d i f f e r e n t d e v i c e s.
Wh i l e Go o g l e h a s s e l e c t e d J a v a a s t h e l a n g u a g e f o r d e v e l o p i n g An d r o i d a p p l i c a t i o n s, i t h a s
c h o s e n t o a b a n d o n b o t h J ME a n d t h e J V M i n f a v o r o f a n a l t e r n a t i v e d e p l oy me n t t a r g e t, t h e Da l v i k
v i r t u a l ma c h i n e. Go o g l e h a s a l s o c h o s e n t o u s e a n a l t e r n a t i v e a n d l i mi t e d i mp l e me n t a t i o n o f t h e
s t a n d a r d J a v a l i b r a r i e s. B o t h o f t h e s e a r e n o n - s t a n d a r d J a v a, a n d e f f e c t i v e l y r e p r e s e n t f o r k i n g o f t h e
J a v a p l a t f o r m. T h i s s e e ms t o b r e a k f r o m t h e t r e n d o f p e o p l e t a r g e t i n g t h e J V M a s a t h e r u n t i me
p l a t f o r m f o r a v e r y wi d e r a n g e o f l a n g u a g e s. S c a l a, Gr o ov y, J R u b y, J y t h o n, a n d Cl o j u r e a r e o n l y a f e w
o f t h e d o z e n s o f l a n g u a g e s t h a t r u n o n t h e J V M. T h e s e l a n g u a g e s c a n n o t o n l y t a k e a d v a n t a g e o f
t h e ma n y f e a t u r e s o f t h e J V M b u t a l s o s e a ml e s s l y l e v e r a g e a l l t h e s t a n d a r d J a v a l i b r a r i e s a n d t h e
c o u n t l e s s c u s t o m l i b r a r i e s c r e a t e d b y i n d i v i d u a l s a n d o r g a n i z a t i o n s. R e c e n t l y, Go o g l e h a s b e e n
s u b t l e t y b u c k i n g t h i s t r e n d b y c r e a t e d n o n - s t a n d a r d J a v a t e c h n o l o g i e s. T h i s i n c l u d e s n o n o n l y t h e
An d r o i d p l a t f o r m b u t a l s o Go o g l e We b To o l k i t ( GWT ) a n d Go o g l e Ap p E n g i n e, t h e r e a s o n s o f
wh i c h t h e y a r e n o n - s t a n d a r d i s b e y o n d t h e s c o p e o f t h i s p a p e r a s t h e y a r e n ’ t mo b i l e t e c h n o l o g i e s.
B u t t h e t r e n d ma y b e a p p l i c a b l e t o wh a t h a s h a p p e n e d i n t h e J ME s p a c e. No n - s t a n d a r d J a v a
i mp l e me n t a t i o n s ma y f u r t h e r f r a g me n t t h e p l a t f o r m c a u s e a d d i t i o n a l h e a d a c h e s f o r d e v e l o p e r s
l o o k i n g t o s u p p o r t t h e wi d e a r r a y d e v i c e s c u r r e n t l y o n t h e ma r k e t.
T h i s p a p e r l o o k s t o u n d e r s t a n d t h e a r c h i t e c t u r e o f Da l v i k v i r t u a l ma c h i n e a n d u n d e r s t a n d t h e
t e c h n i c a l r e a s o n s f o r wh y Go o g l e c h o s e t o d e v e l o p e r t h e i r o wn n o n - s t a n d a r d v i r t u a l ma c h i n e.
Wh i l e t h e r e a r e mo s t l i k e l y a l s o b u s i n e s s r e a s o n s b e h i n d c r e a t i n g Da l v i k, t h i s p a p e r o n l y a d d r e s s e s
t e c h n i c a l c o n s i d e r a t i o n s.
De s i g n Co n s t r a i n t s I mp o s e d b y t h e Ta r g e t P l a t f o r ms
T h e An d r o i d p l a t f o r m wa s c r e a t e d f o r d e v i c e s wi t h c o n s t r a i n e d p r o c e s s i n g p o we r, me mo r y, a n d
s t o r a g e. T h e mi n i mu m d e v i c e r e q u i r e me n t s f o r a n An d r o i d d e v i c e a r e t h e f o l l o wi n g:
1
Feature
Minimum Requirement
Chipset
ARM-based
Memory
128 MB RAM; 256 MB Flash External
Feature
Minimum Requirement
Storage
Mini or Micro SD
Primary Display
QVGA TFT LCD or larger, 16-bit color or better
Navigation Keys
5-way navigation with 5 application keys, power, camera and
volume controls
Camera
2MP CMOS
USB
Standard mini-B USB interface
Bluetooth
1.2 or 2.0
Most full featured smart phones will vastly exceed these minimum recommendations and
devices will only continue to get more powerful, but these requirements clearly indicate that the
platform is targeting a wide array of resource constrained devices. Additionally, a range of
operating systems is intended to be supported with
the baseline system is expected to be a variant of UNIX (Linux, BSD, Mac OS X) running
the GNU C compiler. Little-endian CPUs have been exercised the most heavily, but big-
endian systems are explicitly supported.
2
Given the extremely wide range of target environments, it is critical for the application platform to
be abstracted away from the underlying operating system and hardware device.
Only a core, although robust and powerful, set of applications will be provided with the
platform. An ecosystem of third party developers will be creating thousands of independent,
custom built applications that users can download and run on their devices. To maintain maximum
stability and security of both the individual applications and platform itself, it is critical that
applications are strictly and clearly segregated and cannot interfere in anyway with either the
platform or other applications.
The above requirements can be summarized by saying that the Android runtime must support
the following:

limited processor speed

limited RAM

no swap space

battery powered

diverse set of devices

sandboxed application runtime
Design Overview
Given that the Android application runtime must support a diverse set of devices and that
applications must be sandboxed for security, performance, and reliability, a virtual machine seems
like an obvious choice. But a virtual machine-based runtime doesn’t necessarily help you balance
those requirements with the the limited processor speed and limited RAM that characterizes most
mobile devices. So how did Google address all of these somewhat conflicting requirements? To
summarize, their approach for implementing an application runtime environment given these
constraints is that
every Android application runs in its own process, with its own instance of the Dalvik
virtual machine. Dalvik has been written so that a device can run multiple VMs efficiently.
The Dalvik VM executes files in the Dalvik Executable (.dex) format which is optimized for
minimal memory footprint. The VM is register-based, and runs classes compiled by a Java
language compiler that have been transformed into the .dex format by the included "dx"
tool.
The Dalvik VM relies on the Linux kernel for underlying functionality such as threading and
low-level memory management.
3
Given every application runs in its own process within its own virtual machine, not only must the
running of multiple VMs be efficient but creation of new VMs must be fast as well.
The remainder of this paper surveys the major design choices of the Dalvik VM that were
influenced by the requirements outline previously, mainly the .dex file format, the Zygote, the
register-based architecture, and security.
The Dex File Format
In standard Java environments, Java source code is compiled into Java bytecode, which is stored
within .class files. The .class files are read by the JVM at runtime. Each class in your Java code will
result in one .class file. This means that if you have, say, one .java source file that contains one public
class, one static inner class, and three anonymous classes, the compilation process (javac) will output
5 .class files.
On the Android platform, Java source code is still compiled into .class files. But after .class files
are generated, the “dx” tool is used to convert the .class files into a .dex, or Dalvik Executable, file.
Whereas a .class file contains only one class, a .dex file contains multiple classes. It is the .dex file
that is executed on the Dalvik VM.
The .dex file has been optimized for memory usage and the design is primarily driven by
sharing of data. The following diagram contrasts the .class file format used by the JVM with the .dex
file format used by the Dalvik VM.
4
5
The .dex file format uses shared, type-specific constant pools as it’s primary mechanism for
conserving memory.
6
A constant pool stores all literal constant values used within the class. This
includes values such as string constants used in your code as well as field, variable, class, interface,
and method names. Rather than store these values throughout the class, they are always referred
to by their index in the constant pool. The constant pools in the .class and .dex files are highlighted
in blue above. In the case of the .class file, each class has its own private, heterogeneous constant
pool. It is heterogeneous in that all types of constants (field, variable, class, etc.) are mixed together.
Contrast this to the .dex file that contains many classes, all of which share the same type-specific
constants pools. Duplication of constants across .class files is eliminated in the .dex format.
You may ask why sharing of a single heterogeneous pool is not enough and why type-specific
pools were used. The type-specific pools actually allow for further elimination of repetition by
making the constants more granualr. Consider the two method signatures
(Ljava/lang/String;Ljava/
lang/Object;)Ljava/lang/String;
and
(Ljava/lang/String;Lcom/example/Foo;)Ljava/lang/String;
. This is a
representation in a .class file. The
Ljava/lang/String
constants are repeated. In a .dex file, the
Ljava/
lang/String
constant is stored once and there is a reference from each place where it is used.
By allowing for classes to share constants pools, repetition of constant values is kept to a
minimum. The consequence of the minimal repetition is that there are significantly more logical
pointers or references within a .dex file compared to a .class file.
If the primary goal of utilizing shared constant pools is to save memory, how much memory is
actually being saved? Early in the life of the .class file format, a study found that the average size of
a .class file is actually quite small. But since the time to read the file from storage is a dominant
factor in startup time, the size of the file is still important. When analyzing how much space each
section of the .class file takes on average:
the biggest part of the Java class files is the constant part [pool] (61 percent of the file) and not
the method part that accounts for only 33 percent of the file size. The other parts of the class
file share the remaining 5 percent.
7
So it is clear that optimization of the constant pool can result in significant memory savings. The
Android development team found that the .dex file format cut the size in half of some of the
common system libraries and applications that ship with Android.
8
Code
Uncompressed JAR
File (bytes)
Compressed JAR
File (bytes)
Uncompressed dex
File (bytes)
Common System Libraries
21,445,320 (100%)
10,662,048 (50%)
10,311,972 (48%)
Web Browser App
470,312 (100%)
232,065 (49%)
209,248 (44%)
Alarm Clock App
119,200 (100%)
61,658 (52%)
53,020 (44%)
It must be noted that these memory sharing optimizations do not come for free. Garbage
collection strategies must respect the sharing of memory. Garbage collections are independent
between applications, even though they are sharing some memory, since each application is in a
separate process, with a separate VM and separate heaps. The current strategy in the Dalvik
garbage collector is to keep mark bits, or the bits that indicate that a particular object is “reachable”
and therefore should not be garbage collected, separate from other heap memory.
9
If the mark
bits were stored with the objects on the heap, all shared objects would be immediately “unshared”
during each garbage collection cycle when the garbage collector traverses the heap and sets the
mark bits. Remember that the sharing is predicated on the shared memory being read-only.
Separating the mark bits from the other heap memory avoids this trap.
The Zygote
Since every application runs in its own instance of the VM, VM instances must be able to start
quickly when a new application is launched and the memory footprint of the VM must be minimal.
Android uses a concept called the Zygote to enable both sharing of code across VM instances and
to provide fast startup time of new VM instances. The Zygote design assumes that there are a
significant number of core library classes and corresponding heap structures that are used across
many applications. It also assumes that these heap structures are generally read-only. In other
words, this is data and classes that most applications use but never modify. These characteristics are
exploited to optimize sharing of this memory across processes.
The Zygote is a VM process that starts at system boot time. When the Zygote process starts,
it initializes a Dalvik VM, which preloads and preinitializes core library classes. Generally these core
library classes are read-only and are therefore a good candidate for preloading and sharing across
processes. Once the Zygote has initialized, it will sit and wait for socket requests coming from the
runtime process indicating that it should fork new VM instances based on the Zygote VM instance.
Cold starting virtual machines notoriously takes a long time and can be an impediment to isolating
each application in its own VM. By spawning new VM processes from the Zygote, the startup time
is minimized.
The core library classes that are shared across the VM instances are generally only read, but not
written, by applications. When those classes are written to, the memory from the shared Zygote
process is copied to the forked child process of the application’s VM and written to there. This
“copy-on-write” behavior allows for maximum sharing of memory while still prohibiting applications
from interfering with each other and providing security across application and process
boundaries.
10
11
In traditional Java VM design, each instance of the VM will have an entire copy of the core
library class files and any associated heap objects. Memory is not shared across instances.
Register-based Architecture
Traditionally, virtual machine implementors have favored stack-based architectures over register-
based architectures. This favoritism was mostly due to “simplicity of VM implementation, ease of
writing a compiler back-end (most VMs are originally designed to host a single language and code
density (i.e., executables for stack architectures are invariably smaller than executables for register
architectures).”
12
The simplicity and code density comes at a cost of performance. Studies have
shown that a
register-based architecture requires and average of 47% less executed VM instructions
than the stack based [architecture]. On the other hand the register code is 25% larger
than the corresponding stack code but this increased cost of fetching more VM
instructions due to larger code size involves only 1.07% extra real machine loads per VM
instruction which is negligible. The overall performance of the register-based VM is that it
take[s], on average, 32.3% less time to execute standard benchmarks.
13
Given that the Dalvik VM is running on devices with constrained processing power, the choice
of a register-based VM architecture seems appropriate. Although register-based code is about 25%
larger than stack-based code, the 50% reduction in the code size achieved through shared constant
pools in the .dex file offsets the increased code size so you still have a net gain in memory usage as
compared to the JVM and the .class file format.
Security
Android’s security architecture ensures
no application, by default, has permission to perform any operations that would adversely
impact other applications, the operating system, or the user. This includes reading or writing
the user's private data (such as contacts or e-mails), reading or writing another application's
files, performing network access, keeping the device awake, etc.
14
These features are implemented across the operating system (OS) level and framework level
of Android and not within the Dalvik VM. As mentioned previously, each application is run within
its own instance of the VM, which itself is running in its own OS process. Each process is assigned
its own user ID that can only access a limited set of features within the system and can only access
its own data. Therefore, an application cannot interfere with other applications. If additional
security permissions are required, the application can request them through its Manifest file. These
permissions are verified at application installation time by the framework and are enforced by the
OS at runtime.
To address memory constraints and allow for fast startup times, Dalvik shares core, read-only
libraries between VM processes. The sharing is done securely by giving the VM processes
permission to read the code but not edit it.
Since it is not possible for applications to interfere with each other based on the OS level
security and Dalvik VMs are confined to a single OS process, Dalvik itself is not concerned with
runtime security. Although Dalvik is not relied upon for security, it is interesting to note that most
of the standard Java security classes remain in the Android distribution. These include the
java.lang.SecurityManager and some of the classes in the java.security package. In standard Java
environments, the SecurityManger plays the role analogous to the OS process-level security in
Android. The SecurityManager typically controls access to resources external to the JVM such as
files, processes, and the network. In the Android distribution, the standard security framework is
apparently present for applications to use within their own application space but is neither fully
implemented nor configured (no java.policy files are present) for interprocess security.
15
Conclusion
If you align the Android platform to the JME CDC (the Connected Device Configuration or
the Configuration for More Capable Devices and SmartPhones, which is based on the JVM) as
opposed to the JME CLDC (the Connected Limited Device Configuration, a configuration for
much more resource constrained devices which is based on an optimized, yet-still standard, kVM),
Google’s choice to implement their own non-standard virtual machine appears to be sound from a
technical perspective. But the question remains as to whether or not it would have been better
for Google to work within the standards process (the JCP or Java Community Process) to get the
JME platform back on track and push the standards toward a better future. But given the snails
pace at which the standards process moves and the head start that competitors like Apple’s iPhone
had, working with the standards may not have been an option.
1
“Device Requirements” Android Source Code git://android.git.kernel.org/platform/development/pdk/docs/guide/
system_requirements.jd
2
“Dalvik” Android Source Code git://android.git.kernel.org/platform/development/pdk/docs/guide/dalvik.jd
3
“What is Android?”
Android Developers

http
://developer.android.com/guide/basics/what-is-android.html

4
Lindholm, Tim and Yellin, Frank.
The Java Virtual Machine Specification.
Second Edition. Sun Microsystems, 1999:
Chapter 4
5

Pavone, Michael. “Dex File Format”
<
http://www.retrodev.com/android/dexformat.html

6
Bornstein, Dan. “Dalvik VM Internals”
2008 Google I/O Session Videos and Slides

http://sites.google.com/site/io/
dalvik-vm-internals

7
Antonioli, Denis and Pilz, Markus. “Analysis of the Java Class Format”
Technical Report 98.4
April 1998
8
Bornstein
9
Bornstein
10
Brady, Patrick. “Anatomy & Physiology of an Android”
2008 Google I/O Session Videos and Slides

http://
sites.google.com/site/io/anatomy--physiology-of-an-android

11
Bornstein
12
Jones, Derek. “Register vs. stack based VMs” 
http://shape-of-code.coding-guidelines.com/2009/09/register-vs-stack-
based-vms/

13
Security Engineering Research Group, Institute of Management Sciences. “Analysis of Dalvik Virtual Machine and Class
Path Library” 2009
14
“Security and Permissions.”
Android Developers

http
://developer.android.com/guide/topics/security/security.html

15
“Usage of SecurityManger in Androids Permission-System.”
Android Security Discussions

http://groups.google.com/
group/android-security-discuss/browse_thread/thread/847e99bfb2276eff