Popek and Goldberg virtualization requirements

Popek and Goldberg virtualization requirements

The Popek and Goldberg virtualization requirements are a set of sufficient conditions for a computer architecture to efficiently support system virtualization. They were introduced by Gerald J. Popek and Robert P. Goldberg in their 1974 article "Formal Requirements for Virtualizable Third Generation Architectures" [cite journal | author=Gerald J. Popek and Robert P. Goldberg | title=Formal Requirements for Virtualizable Third Generation Architectures | journal=Communications of the ACM | year=1974 | volume=17 | issue=7 | pages=412 –421 | url=http://doi.acm.org/10.1145/361011.361073 | doi=10.1145/361011.361073 ] . Even though the requirements are derived under simplifying assumptions, they still represent a convenient way of determining whether a computer architecture supports efficient virtualization and provide guidelines for the design of virtualized computer architectures.

Introduction

System virtual machines are virtual machines capable of virtualizing a full set of hardware resources, including a processor (or processors), memory and storage resources and peripheral devices. A virtual machine monitor (VMM) is the piece of software that provides the abstraction of a virtual machine. There are three properties of interest when analyzing the environment created by a VMM:; Equivalence : A program running under the VMM should exhibit a behavior essentially identical to that demonstrated when running on an equivalent machine directly.; Resource control : The VMM must be in complete control of the virtualized resources.; Efficiency : A statistically dominant fraction of machine instructions must be executed without VMM intervention.In Popek and Goldberg terminology, a VMM must present all three properties. In today's terminology, VMM are typically assumed to satisfy the equivalence and resource control properties. So, in a sense, Popek and Goldberg's VMMs are today's efficient VMM.

Popek and Goldberg describe the characteristics that the Instruction Set Architecture (ISA) of the physical machine must possess in order to run VMMs which poses the above properties.Their analysis derives such characteristics using a model of "third generation architectures" (e.g., IBM 360, Honeywell 6000, DEC PDP-10) that is nevertheless general enough to extended to modern machines. This model includes a processor that operates in either system or user mode, and has access to linear, uniformly addressable memory. It is assumed that a subset of the instruction set is available only when in system mode and that memory is addressed relative to a relocation register. I/O and interrupts are not modelled.

Virtualization requirements

To derive their virtualization requirements, Popek and Goldberg introduce a classification of instructions of an ISA into 3 different groups:; Privileged instructions : Those that trap if the processor is in user mode and do not trap if it is in system mode. ; Control sensitive instructions : Those that attempt to change the configuration of resources in the system.; Behavior sensitive instructions : Those whose behavior or result depends on the configuration of resources (the content of the relocation register or the processor's mode).

The main result of Popek and Goldberg's analysis can then be expressed as follows.

Theorem 1. For any conventional third generation computer, a VMM may be constructed if the set of sensitive instructions for that computer is a subset of the set of privileged instructions.

Intuitively, the theorem states that to build a VMM it is sufficient that all instructions that could affect the correct functioning of the VMM (sensitive instructions) always trap and pass control to the VMM. This guarantees the resource control property. Non privileged instructions must instead be executed natively (i.e., efficiently). The holding of the equivalence property also follows.

A related problem is that of deriving the ISA requirements for recursive virtualization, that is, the conditions under which a VMM that can run on a copy of itself can be built. Popek and Goldberg present the following (sufficient) conditions.

Theorem 2. A conventional third generation computer is recursively virtualizable if
# it is virtualizable and
# a VMM without any timing dependencies can be constructed for it.

Handling critical instructions

The conditions for ISA virtualization expressed in Theorem 1 may be relaxed at the expense of the efficiency property. VMMs for non virtualizable ISAs (in the Popek and Goldberg's sense) have routinely been built.

The virtualization of such architectures requires correct handling of "critical instructions", i.e., sensitive but unprivileged instructions. One approach, known as "patching", adopts techniques commonly used in dynamic recompilation: critical instructions are discovered at run-time and replaced with a trap into the VMM. Various mechanisms, such as the caching of emulation code or hardware assists, have been proposed to make the patching process more efficient. A different approach is that of paravirtualization, which requires guest operating systems to be modified ("ported") before running in the virtual environment.

Instruction sets

In this section some relevant architectures and how they relate to the virtualization requirements are presented.

PDP-10

The PDP-10 architecture has a few instructions which are sensitive (alter or query the processor's mode) but not privileged [cite conference | author=S. W. Galley | title=PDP-10 Virtual machines | booktitle=Proc. ACM SIGARCH-SIGOPS Workshop on Virtual Computer Systems | year=1969 | pages=30–34 | url=http://www.cs.ubc.ca/~norm/cs538a/p30-galley.pdf] . These instructions save or restore the condition codes containing USER or IOT bits:
* JSR: jump to subroutine
* JSP: jump and save program counter
* PUSHJ: push down and jump
* JRST: jump and restore

System/370

All sensitive instructions in the System/370 are privileged: it satisfies the virtualization requirements.

Motorola MC68000

The Motorola MC68000 has a single unprivileged sensitive instruction:
* MOVE from SRThis instruction is sensitive because it allows access to the entire status register, which includes not only the condition codes but also the user/supervisor bit, interrupt level, and trace control. In most later family members, starting with the MC68010, the MOVE from SR instruction was made privileged, and a new MOVE from CCR instruction was provided to allow access to the condition code register only.

IA-32 (x86)

(Main article:X86 virtualization)

The IA-32 instruction set contains 17 sensitive, unprivileged instructions [cite conference | author=John Scott Robin and Cynthia E. Irvine | title=Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor | booktitle=Proc. 9th USENIX Security Symposium | year=2000 | url=http://www.usenix.org/events/sec2000/robin.html] . They can be categorized in two groups:
* Sensitive register instructions: read or change sensitive registers and/or memory locations such as a clock register or interrupt registers:
** SGDT, SIDT, SLDT
** SMSW
** PUSHF, POPF
*Protection system instructions: reference the storage protection system, memory or address relocation system:
** LAR, LSL, VERR, VERW
** POP
** PUSH
** CALL, JMP, INT n, RET
** STR
** MOV

IA-64

The effort needed to support virtualization on the IA-64 architecture is described in a 2000 article by Magenheimer and Christian. [cite conference|author=Daniel J. Magenheimer and Thomas W. Christian|year=2000|title=vBlades: Optimized Paravirtualization for the Itanium Processor Family|url=http://www.usenix.org/publications/library/proceedings/vm04/tech/magenheimer.html|booktitle=Proc. 3rd Virtual Machine Research & Technology Symposium|publisher=USENIX|pages=73–82]

SPARC

A "hyperprivileged" mode for the UltraSPARC architecture was specified in "UltraSPARC Architecture 2005".' [cite book | title = UltraSPARC Architecture 2005: One Architecture.... Multiple Innovative Implementations (DraftD0.9) | date = 2007-05-17 | first = David | last = Weaver | publisher = Sun Microsystems, Inc. | location = Santa Clara, CA, USA | url = http://opensparc-t1.sunsource.net/specs/UA2005-current-draft-HP-EXT.pdf] It defines a "sun4v" platform [cite book | title = UltraSPARC Virtual Machine Specification | url = http://opensparc-t1.sunsource.net/specs/Hypervisor-api-current-draft.pdf | date = 2006-01-24 | author = Sun Microsystems, Inc. | location = Santa Clara, CA, USA] which is a super-set of the "sun4u" platform, but is still compliant to the SPARC v9 Level-1 [cite book | title = The SPARC Architecture Manual: Version 9 | first = David L. | last = Weaver | coauthors = Tom Germond | url = http://www.sparc.com/standards/SPARCV9.pdf | publisher = SPARC International, Inc. | location = San Jose, CA, USA | isbn = 0-13-825001-4 | year = 1994] specification.

ee also

* Virtual machine
* Virtualization

References

Further reading

*


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Gerald J. Popek — Infobox Scientist name = Gerald J. Popek death date = Death date and age|2008|6|20|1947|1|1 field = Computer Scientist work institution = UCLA Locus Computing Corporation United Online alma mater = New York University Harvard University known for …   Wikipedia

  • Cross-platform virtualization — is a form of computer virtualization that allows software compiled for a specific CPU and operating system to run unmodified on computers with different CPUs and/or operating systems, through a combination of dynamic binary translation and… …   Wikipedia

  • X86 virtualization — is the method by which x86 based guest operating systems are run under another host x86 operating system, with little or no modification of the guest OS. The x86 processor architecture did not originally meet the Popek and Goldberg virtualization …   Wikipedia

  • Platform virtualization — In computing, platform virtualization is a term that refers to the abstraction of computer resources. Virtualization hides the physical characteristics of computing resources from their users, be they applications, or end users. [ cite web | last …   Wikipedia

  • Hardware-assisted virtualization — In computing, hardware assisted virtualization is a platform virtualization approach that enables efficient full virtualization using help from hardware capabilities, primarily from the host processors. Full virtualization is used to simulate a… …   Wikipedia

  • Full virtualization — The concept of full virtualization is well established in the literature, but not always using this specific term. See virtualization regarding terminology. Full virtualization, in computer science, is a virtualization technique used to implement …   Wikipedia

  • Virtual machine — A virtual machine (VM) is a completely isolated guest operating system installation within a normal host operating system .[1] Modern virtual machines are implemented with either software emulation or hardware virtualization or (in the most… …   Wikipedia

  • Motorola 68000 — This article is about the CPU. For the computer, see Sharp X68000. Motorola 68000 Designer Motorola Bits 16/32 bit Introduced 1979 Design CISC Endianness Big …   Wikipedia

  • Comparison of platform virtual machines — Platform virtual machines are software packages which emulate the whole physical computer machine, often giving multiple virtual machines on one physical platform. The table below compares basic information about platform virtual machine (VM)… …   Wikipedia

  • Win4Lin — was a proprietary software application for Linux which allowed users to run a copy of Microsoft Windows 95, 98, Me, 2000 or XP applications on their Linux desktop.[1] Win4Lin Developer(s) Virtual Bridges, Inc (since September 2006) …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”