Requirements for Virtualization

Hypervisors need to score well on

1. Safety: the hypervisor has full control of the virtualized resources.
2. Fidelity: the behavior of a program running on the virtual machine should be the same as if it were running on the machine being imitated.
3. Efficiency: as much code as possible should run without intervention by the hypervisor.

An interpreter can be safe and faithful, but performance will be bad.

Sensitive instructions: behave differently if executed in kernel mode than when executed in user mode.
Privileged instructions: trap if executed in user mode.

Popek and Goldberg showed that a machine is virtualizable only if the sensitive instructions are a subset of the privileged instructions.

The Intel family did not have this property until 2005. Also, user mode programs could read senstive info, like whether they were in user mode. (We don't want the guest OS doing this.)

What we need is trap-and-emulate.

So how were hypervisors possible before 2005?! Answer: binary translation.

Another approach: paravirtualization. Here, the host presents a "machine-like" software interface that allows the guest to make hypercalls.

Drawback: the guest has to be aware it is running on a VM, since it has to make the hypercalls.

1. Hypervisors should be
1. running as much code as possible directly on the hardware
2. in control of the virtual resources
3. faithful to the imitated machine
4. all of the above.
2. An interpreter implementing a virtual machine is going to fall short in
1. performance
2. fidelity
3. safety
4. all of the above.
3. Sensitive instructions
1. cause a trap
2. cause a segmentation error
3. behave differently if executed in kernel versus user mode
4. should never be called.