Computers include general purpose central processing units (CPUs) that are designed to execute a specific set of system instructions. A group of processors that have similar architecture or design specifications may be considered to be members of the same processor family. Examples of current processor families include the Motorola 680X0 processor family, manufactured by Motorola, Inc. of Phoenix, Ariz.; the Intel 80X86 processor family, manufactured by Intel Corporation of Sunnyvale, Calif.; and the PowerPC processor family, which is manufactured by Motorola, Inc. and used in computers manufactured by Apple Computer, Inc. of Cupertino, Calif. Although a group of processors may be in the same family because of their similar architecture and design considerations, processors may vary widely within a family according to their clock speed and other performance parameters.
Each family of microprocessors executes instructions that are unique to the processor family. The collective set of instructions that a processor or family of processors can execute is known as the processors instruction set. As an example, the instruction set used by the Intel 80X86 processor family is incompatible with the instruction set used by the PowerPC processor family. The Intel 80X86 instruction set is based on the Complex Instruction Set Computer (CISC) format. The Motorola PowerPC instruction set is based on the Reduced Instruction Set Computer (RISC) format. CISC processors use a large number of instructions, some of which can perform rather complicated functions, but which require generally many clock cycles to execute. RISC processors use a smaller number of available instructions to perform a simpler set of functions that are executed at a higher rate.
The uniqueness of the processor family among computer systems also typically results in incompatibility among the other elements of hardware architecture of the computer systems. A computer system manufactured with a processor from the Intel 80X86 processor family will have a hardware architecture that is different from the hardware architecture of a computer system manufactured with a processor from the PowerPC processor family. Because of the uniqueness of the processor instruction set and a computer system's hardware architecture, application software programs are typically written to run on a particular computer system running a particular operating system.
A computer manufacturer will want to maximize its functionality by having more rather than fewer applications run on the microprocessor family associated with the computer manufacturer's product line. To expand the number of operating systems and application programs that can run on a computer system, a field of technology has developed in which a given computer having one type of CPU, called a host, will run an emulator program that allows the host computer to emulate receiving and executing the instructions of an unrelated type of CPU, called a guest. Thus, the host computer will execute an application that will cause one or more host instructions to be called in response to a given guest instruction. In some cases, the host computer can both run software designed for its own hardware architecture, other than the emulation program, and software written for computers having an unrelated hardware architecture. As a more specific example, a computer system manufactured by Apple Computer, for example, may run operating systems and programs written for PC-based computer systems. It may also be possible to use an emulator program to concurrently operate multiple incompatible operating systems on a single CPU. In this arrangement, although each operating system is incompatible with the other, an emulator program can host one of the two operating systems, allowing the otherwise incompatible operating systems to run concurrently on the same computer system.
When a guest computer system is emulated on a host computer system, the guest computer system is said to be a virtual machine, as the guest computer system exists only as a software representation of the operation of the hardware architecture of the guest computer system. The terms emulator and virtual machine are sometimes used interchangeably to denote the ability to mimic or emulate the hardware architecture of an entire computer system. As an example, the Virtual PC software created by Connectix Corporation of San Mateo, Calif. emulates an entire computer that includes an Intel 80X86 Pentium processor and various motherboard components and cards. The operation of these components is emulated in the virtual machine that is being run on the host machine. An emulator program executing on the operating system software and hardware architecture of the host computer, such as a computer system having a PowerPC processor, mimics the operation of the entire guest computer system. The emulator program acts as the interchange between the hardware architecture of the host machine and the instructions transmitted by the software running within the emulated environment.
Virtual machines are sometimes used to support software programs that expect to control the entire computer system. For example, two virtual machine instances can each support an independent instance of the same operating system (OS). The operating system running within a virtual machine can be referred to as a “guest operating system”. Some operating systems are written assuming that only one OS is operating on a computer system at a time, allowing the OS to act as a final arbiter of all resources that make up that system (including memory, processor cycles, and access to I/O devices). Because of these built-in assumptions, OS-level code includes instructions that are meant to affect the entire computer system that the OS is controlling. In some virtual machine environments, however, it is necessary to isolate different guest OS instances from each other. Each such OS, therefore, cannot be allowed to directly execute instructions that will affect the entire host system. The virtual machine program can be designed to handle such instructions in a way that is transparent to the guest OS (meeting that OS's original assumptions) while preventing any guest OS from obtaining complete control over a particular host system resource. For example, if a guest operating system errantly executes an “infinite loop” (i.e. a loop of code that fails to terminate), the virtual machine program can prevent that guest operating system from consuming all of the processor cycles on the host machine, and hence “locking out” all other guest OS instances.
Some conventional virtual machines accomplish this task through the use of a multi-level privilege mechanism incorporated into most modern microprocessors. This privilege mechanism allows code to run in one of two (or more) privilege levels. Instructions that affect the state of the entire computer system are often considered “more privileged” than generic computational instructions. The former class of instructions is allowed only in the “more privileged” state, whereas the latter class of instructions is allowed at all privilege levels. Typically, an operating system runs at the “more privileged” mode, and user-level (application) code runs in the “less privileged” mode. A virtual machine can run guest OS code (which was originally written to assume more privilege access) within a lesser privileged mode. When the processor encounters an instruction within the guest OS code that is only allowed at a more privileged level, it will report the “privilege violation” in the form of a processor trap. This trap invokes an exception handler within the virtual machine program that is able to emulate the effects of the privileged instruction without affecting the entire host system.
For example, a guest OS can temporarily disable processor interrupts using the processor's “interrupt mask” feature. If the guest OS were allowed to disable all interrupts on the host system, it could prevent input and output from all devices to the host and all other virtual machines. This would not be consistent with “isolation” between guest environments and the host environment. However, access to the interrupt mask feature is considered “privileged”, so any attempt by the guest OS to modify the interrupt mask setting would result in a trap, which would invoke the virtual machine program's exception handler. The exception handler could emulate the modification of the interrupt mask, for example, by modifying some state that is private to the virtual machine, allowing the host system's interrupt mask to remain unmodified.
This method of relying on the processor to trap attempts to execute privileged instructions can slow performance. The OS may execute such privileged instructions often, because it was designed to function on a system that would allow such instructions with minimal overhead. By contrast, the trap mechanism in most processors is much slower. Consequently, the code may run significantly slower within a virtual machine because of the overhead imposed by the trap mechanism and the execution of the exception handler.