1. Field of the Invention
The present invention relates generally to Virtual Machine (VM) technology and, more particularly, to methods and systems for safe execution of guest code in a VM context.
2. Background Art
With VM technology, a user can create and run multiple operating environments on a computer at the same time. Each operating environment, or virtual machine, requires its own operating system (OS) and can run applications independently. The VM software provides a layer between the hardware of the computing system and the software that runs on it.
Frequently, the problem arises of simultaneously running different operating systems on the same hardware system. For example, with one version of MICROSOFT WINDOWS running on the computing system, it can be necessary to start another instance or another version of WINDOWS or another operating system on the same hardware system.
A typical VMM enables a single physical machine or processor to act as if it were several physical machines. A VMM, typically jointly with a high-ranking OS (although there are VMMs that can be executed on bare hardware, without a high-ranking OS), can run a number of different operating systems simultaneously, such that each of the different operating systems has its own VM. In other words, a typical VMM can handle a number of VMs, each of which represents its own OS, and each of which can run its own application software and control or use its own hardware (if any), including certain types of processors, I/O and data storage devices, and so on, as if they were running on a single processor. The high-ranking OS is typically referred to as a “host OS” (HOS). The multiple operating systems that are running as VMs are typically referred to as “guest operating systems” (“guest OS s”) running “guest code.”
A conventional approach for implementing VMs includes a VMM approach developed by IBM and implemented on mainframes, which support virtualization. Another approach includes implementing VMM on modem processors, which do not support the hardware virtualization, such as full step-by-step or page-by-page interpretation of the original code, or full binary translation of the original code, or combining binary translation of some portions of the original code and direct execution of other portions of the original code.
One conventional VMM approach is based on direct execution of the guest OS code with reduced privileges (for example, the IBM VM/370 approach). It is very efficient, but cannot be easily implemented on modern computers due to a lack of necessary architectural features. A second conventional approach is based on binary translation (together with direct execution) of the guest source code. This approach can be implemented on modem computers, but has a number of significant disadvantages, for example, due to a necessity to translate not only the source code, which cannot be executed in the environment of the VM, but also the linked fragments of the source code, that cannot be executed due to a change in a size of the fragments and a corresponding change or shift in local addresses. In other words, when binary translation is used, the length of the translated code increases, which changes the length of the entire fragment of the code. Accordingly, a need arises to track changes in the address labels in the entire fragment of the original code. Additionally, the binary translation approach increases the difficulty of processing translated pages of code, because the shift in local addresses makes maintaining the validity of the translated code in the cache more difficult with changes in the original code of the guest OS (e.g., in the case of self-modifying code).
Accordingly, what is needed are methods and systems for safe execution of guest code in a VM context with minimal modification of code required for safe execution.