The Intel® IA-64 architecture, also called the IPF architecture, provides instruction, internal register, and application register support for automatic stacking of register values into backing store memory following routine calls, and automatic restoring of register values from backing store memory upon completion of called routines. The IA-64 architecture provides a set of stacked registers that are architecturally treated as a circular register buffer on which register stack frames can be allocated for nested routine calls. An IA-64 processor can store, or spill, register values to backing store memory and restore register values from backing store memory automatically, using otherwise idle processor cycles, essentially asynchronously to instruction stream execution.
The cover instruction is provided by the IA-64 architecture to, among other things, facilitate register stack management and stack frame allocation by interrupt handling routines. The cover instruction allocates a new, empty, current register stack frame, nesting the stack frame of the interrupted routine and placing registers in the stack frame of the interrupted routine into a dirty-register category. In addition, under certain circumstances, the cover instruction copies the contents of a current-frame-marker register into a control register to facilitate eventual restoration of the register-based processor state of the interrupted process. However, the conditions under which the cover instruction copies the contents of the current-frame-marker register into the control register include setting of a field in a privileged register to a particular value. The cover instruction is not, itself, a privileged instruction. In general, a non-privileged routine may execute a cover instruction to allocate a new, empty, current register stack frame, but the contents of the CFM register are not stored in the control register, as happens when the privileged register field is set to the particular value, including following the occurrence of an interruption and transition from non-privileged to privileged execution.
Virtual monitors are low-level software systems that run directly above the hardware level of a computer system. A virtual monitor is intended to provide a virtual hardware interface to one or more operating systems. Virtual monitors allow for concurrent execution of multiple operating systems on a single machine, and allow for operating systems developed for the virtual machine interface provided by the virtual monitor to run on various different hardware/virtual monitor combinations. This, in turn, facilitates running operating systems on different types of machines without undertaking the extremely expensive, time consuming, and error-prone task of porting an operating system designed for one machine interface to a different machine.
Virtual monitors designed for the IA-64 architecture normally run at privilege level 0, the highest privilege level provided by an IA-64 processor. In general, operating systems are also designed to execute at privilege level 0. However, a virtual monitor is designed to provide an interface that virtualizes privilege level, so that an operating system can be run at a lower privilege level, for example, privilege level 1, so that the virtual monitor can trap attempts by the operating system to execute privileged instructions and access privileged memory. By trapping privileged-instruction execution and privileged-memory access, the virtual monitor can emulate privileged instructions provided by the virtual-monitor interface, but not supported by the hardware, and can juggle system resources between concurrently running operating systems that are developed to have full and complete control of machine hardware.
The cover instruction is a special problem for virtual monitors because it is not privileged, and can be executed both by privilege-level-0 virtual-monitor routines as well as by lower-privilege-level operating system routines. Therefore, a virtual monitor cannot easily trap attempts by an operating system to execute the cover instruction. However, in general, the operating system assumes that it can raise the privilege level to machine privilege level 0, while, in a virtualized environment controlled by a virtual monitor, the operating system is, in fact, running at virtual privilege level 0 and machine privilege level 1 or an even lower privilege level. Therefore, when the operating system executes a cover instruction, it expects that the contents of a current-frame-marker register are copied to a special, privileged control register when a field within another, privileged register is set to a particular value. But, because the operating system is actually executing at privilege level 1 or lower, the cover instruction does not copy the contents of the current-frame-marker register to the privileged control register. Thus, the cover instruction may not have the intended effect when executed by the operating system, and the virtual monitor cannot easily trap cover instruction execution by an operating system in order to emulate the cover instruction on behalf of the operating system.
In one currently available technique, operating system code can be altered by inserting break instructions, or other instructions that trap or that generate exceptions, in order to provide a virtual monitor with the ability to detect attempts by the operating system to execute the cover instruction, allowing the virtual monitor to then emulate the instruction on behalf of the operating system. However, such alteration of operating system code may be time consuming, and may also be error prone, since cover-instruction behavior depends on the current processor state, which in turn may depend on prior execution of instructions far removed from a particular cover instruction. For these reasons, designers, implementers, manufacturers, and users of virtual monitors have recognized the need for alternative methods for virtualizing an IA-64 cover instruction.