1. Give two examples that can cause a trap to the OS (just regular OS, with no virtualization).
2. Why does the VMM (hypervisor) need to go to the guest OS for syscall handling?

1. Formal Requirements for Virtualizable Third Generation Architectures (Comm ACM 1974)
2. Disco: Running Commodity Operating Systems on Scalable Multiprocessors (TOCS'97)
3. Scale and Performance in the Denali Isolation Kernel

1. Why is x86 un-virtualizable with trap-and-emulate? Give one example.
2. With hardware virtualization extensions (e.g., Intel VT), do we still need binary translation? Why or why not?

1. Software Techniques for Avoiding Hardware Virtualization Exits
2. Embra: Fast and Flexible Machine Simulation
3. Fast Dynamic Binary Translation for the Kernel
4. Enabling Intel Virtualization Technology Features and Benefits

1. List at least one pro and one con for software MMU
2. List at least one pro and one con for hardware MMU

1. What is the double paging problem and what caused it?
2. What is the benefit of keeping a "hint" entry for each scanned (but unshared) page (as compared to not maintaining anything for the page)

None

1. Difference Engine: Harnessing Memory Redundancy in Virtual Machines

1. Is virtio a full virtualization or a paravirtualization technique? What's its main benefit?
2. List at least one limitation of SR-IOV
3. What are the similarities and differences between network virtualization and traditional server virtualization?

1. vIC: Interrupt Coalescing for Virtual Machine Storage Device IO
2. ELI: Bare-Metal Performance for I/O Virtualization
3. Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor (ATC'01)
4. Network Virtualization in Multi-tenant Datacenters (NSDI'14)
5. The Design and Implementation of Open vSwitch (NSDI'15)

1. Why do you think cloud computing has been a huge success and gained majority of IT market?
2. What challenges mentioned in the Bekerley cloud paper do you think still remain today?
3. If you could change one thing about the cloud with a magic wand, what would you change?

1. What types of isolations does Linux containers achieve?
2. Can one Linux container affect the performance of another Linux container on the same machine (i.e., performance isolation)? Why or why not?
3. Why do you think containers are less "secure" than virtual machines?

1. LXC/LXD
2. Docker
3. Understanding Security Implications of Using Containers in the Cloud
4. Container Security: Issues, Challenges, and the Road Ahead
5. Slacker: Fast Distribution with Lazy Docker Containers

1. What is a Kubernetes Pod? How do you think it is useful in container orchestration?
2. What does Kubernetes use etcd for? Why is having a consistent, atomic key-value store important for Kubernetes' control plane?

1. Borg, Omega, and Kubernetes (Google)

1. Vulnerabilities in the Linux kernel makes it unsafe for containers to call Linux system calls. How does gVisor solve this problem?
2. Name one benefit and one drawback of compiling a single-image VM.
3. Comparing gVisor and Unikernels, which one do you think is more secure and which is more lightweight?

1. The True Cost of Containing: A gVisor Case Study
2. Container Isolation at Scale (Introducing gVisor) - Dawn Chen & Zhengyu He, Google
3. Unikernels as Processes
4. Unikernels are unfit for production
5. Rethinking the Library OS from the Top-Down
6. Mirage OS
7. Nabla Containers
8. ClickOS and the Art of Network Function Virtualization
9. Libra: a library operating system for a JVM in a virtualized execution environment
10. Exokernel: an operating system architecture for application-level resource management
11. Dune: Safe User-level Access to Privileged CPU Features (OSDI'12)

1. Today's serverless functions are stateless. How do you think different functions can share data and communicate?
2. Can you think of any security threats of serverless computing? Bonus points if you can outline a real threat/attack.

1. Amazon Lambda
2. Google Cloud Functions
3. Azure Functions
4. Serverless Computing: Current Trends and Open Problems
5. Serverless Workflows with Durable Functions and Netherite
6. Serverless Computing: One Step Forward, Two Steps Back

1. Can you think of any other ways to reduce or avoid cold start for serverless computing (other than what the ATC'20 paper talks about).

1. What is the implication of KVM forwarding I/O requests to the user space?

1. KVM Documentation

1. What is the benefit of QEMU first translating the source instructions (guest) into micro-operations implemented in C and their compiled object files and then translating the object files into the target instructions (host)?
2. Why can Xen allow guest OS system call handlers to be accessed directly (without any ring-0 Xen involvement) but not guest page fault handler?
3. What's the benefit of using asynchronous event notifications from Xen to a VM?

1. What is the benefit of Firecracker over gVisor in terms of the specific goals Amazon has for their cloud production environments?
2. What mechanism(s) allow Firecracker to run thousands of MicroVMs on the same machine (with 10x-20x oversubscription rate)?

1. With Amazon Nitro, virtualization functions are mostly offloaded to hardware. Do we still need a hypervisor (or an OS)? Can everything just run in user space and interact with Nitro cards directly?
2. Can you think of a drawback of offloading tasks to hardware (i.e., Nitro's approach)?

1. Intel Unveils Infrastructure Processing Unit

1. By making the pipeline more smooth (less pipeline bubbles), what tradeoff does PipeDream make? i.e., in what aspect is GPipe better than PipeDream?
2. What type of parallelism do you think is most widely adopted in practice? Why?

1. GPipe: Efficient Training of Giant Neural Networks using Pipeline Parallelism
2. Memory-Efficient Pipeline-Parallel DNN Training (PipeDream-2BW)
3. Scaling Distributed Machine Learning with the Parameter Server
4. Optimization of Collective Communication Operations in MPICH

1. Try to come up with an alternative approach to automatically figure out a parallelism plan (instead of Alpa's way). Is it better/worse than Alpa?

1. GEMINI: Fast Failure Recovery in Distributed Training with In-Memory Checkpoints (SOSP'23)
2. Distributed training of large language models on AWS Trainium (SoCC'24)
3. DeepSeek-V3 Technical Report
4. DeepSeek-R1: Incentivizing Reasoning Capability in LLMs via Reinforcement Learning
5. s1: Simple test-time scaling

1. List one benefit and one drawback of iterative scheduling (as compared to request-level scheduling.
2. List at least two reasons why GPU memory for KV cache is wasted without PagedAttention.
3. What are the tradeoffs of using larger/smaller block sizes in PagedAttention?

1. FlashAttention: Fast and Memory-Efficient Exact Attention with IO-Awareness
2. FasterTransformer
3. Orca: A Distributed Serving System for Transformer-Based Generative Models (OSDI'22)
4. FlexGen: High-Throughput Generative Inference of Large Language Models with a Single GPU
InferCept: Efficient Intercept Support for Augmented Large Language Model Inference

1. What are the three ways of dealing with KV cache when a model calls an API?
2. What will happen if all requests are scheduled only based on where their matched prefix cache reside?

1. AlpaServe: Statistical Multiplexing with Model Parallelism for Deep Learning Serving (OSDI'23)
2. Ray Serve: Scalable and Programmable Serving
3. DeepSpeed Ulysses: System Optimizations for Enabling Training of Extreme Long Sequence Transformer Models
4. Ring Attention with Blockwise Transformers for Near-Infinite Context
5. Efficiently Programming Large Language Models using SGLang

1. Why can't gen-AI workflows be trained with traditional SGD?
2. Name two reasons why you think workflows will be needed even when single models like GPT-5 become more powerful?

1. Large Language Model based Multi-Agents: A Survey of Progress and Challenges
2. SPy: Programming—not prompting—Foundation Models
3. Trace is the Next AutoDiff: Generative Optimization with Rich Feedback, Execution Traces, and LLMs
4. TextGrad: Automatic "Differentiation" via Text
5. Language Agents as Optimizable Graphs
6. Agent AI: Surveying the Horizons of Multimodal Interaction

1. Can you think of some drawback of enforcing security mechanisms at the hypervisor level (compared to at the guest OS or above)?
2. When a zone and/or an instance type are used more frequently (i.e., having higher loads from more tenants), do you think the co-location attack would be come easier or harder? Why?
3. Do you think a similar co-location attack exist with serverless computing (i.e., one function attacking another function on the same physical machine)? Does serverless computing make such attacks harder or easier and why?

1. Secure Container Isolation: Problem Statement & Solution Space
2. When Virtual Is Better Than Real (HotOS'01)
3. Secure Pods: Sandboxing workloads in Kubernetes
4. TrustVisor: Efficient TCB Reduction and Attestation
5. SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes (SOSP'07)
6. Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor (SOSP'11)
7. InkTag: Secure Applications on an Untrusted Operating System (ASPLOS'13)
8. Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems
9. VirtuOS: An Operating System with Kernel Virtualization
10. SCONE: Secure Linux Containers with Intel SGX
11. Understanding Security Implications of Using Containers in the Cloud (ASPLOS'08)
12. Container Security: Issues, Challenges, and the Road Ahead

1. List two to three pros of resource disaggregation
2. List two to three cons of resource disaggregation

1. Clio: A Hardware-Software Co-Designed Disaggregated Memory System
2. Mira: A Program-Behavior-Guided Far Memory System
3. Make It Real: An End-to-End Implementation of A Physically Disaggregated Data Center
4. Hermit: Low-Latency, High-Throughput, and Transparent Remote Memory via Feedback-Directed Asynchrony
5. Canvas: Isolated and Adaptive Swapping for Multi-Applications on Remote Memory
6. Disaggregating Persistent Memory and Controlling Them Remotely: An Exploration of Passive Disaggregated Key-Value Stores

1. Other than the examples given in the UDC paper, can you think of another cloud usage case that could benefit from UDC? and how exactly it can benefit from UDC?
2. What do you think is the biggest obstacle for cloud users to adopt sky computing? for cloud providers to adopt it?

Read the "Hints for Computer System Design" paper and summarize what you have learned over the course. Feel free to write about anything else you want to comment on the course.