A traditional computer operating system (OS) shares the resources of a single machine between multiple user programs or applications. The OS kernel controls all system resources, including execution time, access to instruction and data memory, I/O devices, and inter-process communication. A kernel is the smallest separately compiled unit of an OS that contains task scheduling functions.
The system resources typically include a microprocessor with at least two levels of privilege, a set of privileged machine-control instructions and registers, a virtual memory system using address translation, and an exception system. Kernel privilege is a state that allows all operations to be performed.
Virtualization is a technique by which multiple operating systems share a single machine. Each “guest” operating system runs within a virtual machine (VM), which appears to have the same privileged instructions, registers and I/O devices as the real machine, but this appearance is an illusion managed by a piece of software known as a hypervisor. The hypervisor is in full control of machine resources at all times. Guest operating systems no longer have unrestricted access to machine resources—they are “de-privileged”. All operations performed by a guest must be explicitly permitted by the hypervisor.
The hypervisor is responsible for sharing system resources between multiple VMs, and maintaining the expected behavior of each VM. The hypervisor performs the same basic functions as the traditional OS kernel, except that the hypervisor's clients are full operating systems rather than user applications.
FIG. 1 illustrates a prior art virtualization system 100. The system 100 includes a first set of applications 102_1 through 102_N executing on a first operating system 104, and a second set of applications 106_1 through 106_N operating on a second operating system 108. A hypervisor 110 operates between the operating systems 104 and 108 and a set of hardware resources 112_1 through 112_N. In particular, the hypervisor 110 controls access to the hardware resources 112 while executing functions specified by the applications. The hardware resources 112 may be a central processing unit, a graphics processing unit, memory, input/output devices, and the like.
The traditional approach to virtualization for a microprocessor with two levels of privilege (e.g., user and kernel) is known as de-privileging. With de-privileging, a guest operating system kernel is executed in user mode instead of the expected kernel mode. Accesses to a privileged resource from the guest kernel results in an exception (trap) that is handled (emulated) by the hypervisor. This scheme is possible if all privileged operations result in exceptions when executed from user mode, and the full user-mode address space can be translated. The performance of such a trap-and-emulate system is limited by the many hypervisor exceptions that must be processed.
The system of FIG. 1 is successfully deployed in connection with various microprocessor architectures that have significant computational resources. A class of microprocessors, known as microcontrollers or embedded processors, does not have significant computational resources. Microcontrollers are used in automatically controlled products and devices, such as automobile engine control systems, implantable medical devices, remote controls, office machines, appliances, power tools, toys and other embedded systems. One use case for virtualization as described in connection with FIG. 1 is consolidation of workloads from multiple systems.
It would be desirable to utilize virtualization techniques in connection with microcontrollers. Such virtualization techniques must be minimalistic in view of the limited computational and memory resources associated with a microcontroller. Such virtualization techniques should also be operationally consistent with other virtualization techniques supported by more powerful processors in a common processor architecture so as to promote uniformity and consistency across a common processor architecture. Virtualization in this context would provide security whereby different address spaces are isolated and are therefore protected from one another.