In today's technological environment, it is common for an operating system—the low-level software that manages the interface to a computing device's hardware, schedules tasks, allocates storage, and generally provides common services for application software executing on the computer—to be built and deployed with fixed and well-defined features such as an application program interface (API) to support a range of customer requirements. That is, the operating system's API provides an interface (i.e., a set of calling conventions) by which application programs access the operating system and other services on a particular computing device (e.g., server, desktop, laptop, notebook, tablet computer, personal digital assistant (PDA), mobile telephone, smart telephone and the like). The fixed API surface of an operating system deployed in a computing device offers application developers a fixed set of binary features (e.g., executables, shared libraries such as dynamically-loaded libraries, and the like). For example, the Windows® 7 operating system (available from Microsoft Corporation of Redmond, Wash.) provides the “Windows Software Development Kit (SDK)” API which gives application developers a fixed and well-known API surface with which to develop application programs.
Operating systems are typically burned into the memory (e.g., ROM, Flash, HDD, SSD, etc.) of a mobile, desktop or embedded computing device in a configuration that meets the general purpose needs of the device. Despite being conventionally shipped as pre-built images, the operating system may include features or API components that are never used by client applications executing on the particular computing device platform. For fixed function devices or devices that run in a regulated environment (e.g., gaming, medical, financial, military and like environments), these features should not exist in the device hardware as shipped. In these instances, the unused (or not required) features or API components waste memory on the computing device, and potentially exposes the device to malicious attack because such features are still installed and potentially operational on the device. Conversely, a user may need to run an application that relies on a set of operating system features/frameworks that were not included in a specific version (i.e., SKU) of the operating system shipped with the computing device. Thus, if an operating system component which normally handles a particular API call does not exist within the particular operating system implementation, the execution of an application will produce a run-time error and fail.