10/29/2023
Intro
I want to learn a bit about virtualization, so I decided to start at the beginning and read
"Formal Requirements
for Virtualizable
Third Generation
Architecture" by Popek and Goldberg. This paper is responsible for the famous Popek-Golberg virtualization requirements,
which describe conditions for a hardware architecture to support virtualization.
The trap and emulate style virtual machines describe by this paper weren't possible to implement on architectures like x86.
The x86 ISA contained sensitive instructions which didn't trap, or which performed differently in user mode vs. kernel mode.
Thus, virtual machine adoption didn't take off until the early 2000s.
Around this time, VMware introduced their first commercial VMM product,
which relied on
dynamic binary translation.
My notes on this paper
1. Virtual Machine Concepts
- Virtual Machine Monitor (VMM) - a control program with three characteristics. Firstly, the VMM provides an environment for programs
to execute as if they were running directly on the underlying host.
Secondly, the VMM must be efficient, and allow most instructions to execute directly
on the processor, without VMM intervention. Lastly, the VMM must have complete control of system resources
- it shouldn't allow virtual machines to access resources that haven't been allocated to them,
and the VMM must be able to regain control of resources that it has already allocated.
2. A Model of Third Generation Machines
- The machines that the authors define in this section follow the same principles as computers today.
The processor can execute in separate user and supervisor modes, use segmentation to address memory
, and contain a large enough instruction set
to perform key-value table lookups. The machines also support traps, like memory traps, where a program
tries accessing memory it does not have access to, and the processor transfers control to another routine to handle the trap (exception).
3. Instruction Behavior
- Privileged instructions - instructions that can only be executed from supervisor mode, and trap otherwise
- Control sensitive instructions - instructions that change the configuration of system resources (e.g. allocate memory) or affect the processor mode, without going through
the trap sequence.
- Behavior sensitive instructions - instructions that depend on the current mode and state of the processor. For example,
this includes instructions that are location sensitive and perform differently based on where in executable storage the instruction is,
and mode sensitive, that perform differently based on the mode the processor is in.
4. The Virtual Machine Monitor
- The VMM program contains 3 modules. The dispatcher handles traps from the virtual machine, and can be considered the top level control
module of the VMM. It is the first program to execute after a trap occurs.
The second module, the allocator, is invoked by the dispatcher whenever the VM executes a privileged instruction for acquiring system resources, like memory.
The allocator is in change of handing out system resources to VMs.
Lastly, the third set of modules are the interpreters for all other instructions which trap. There is one interpreter for
each instruction that may trap, the goal of the interpreter is to simulate the behavior of the instruction.
5. The Virtual Machine Properties
- The big theorem! A VMM can be built for a processor if the set of sensitive instructions is a subset of
the privileged instructions. In other words, an architecture is virtualizable if every control or behavior sensitive
instructions traps when executed in user mode.