Formal Requirements for Virtualizable Third Generation Architectures Gerald

Virtual machine systems have been implemented on a limited number of third generation computer systems, e.g. CP-67 on the IBM 360/67. From previous empirical studies, it is known that certain third generation computer systems, e.g. the DEC PDP-10, cannot support a virtual machine system. In this paper, model of a third-generation-like computer system is developed. Formal techniques are used to derive precise sufficient conditions to test whether such an architecture can support virtual machines. General permission to republish, but not for profit, all or part of this material is granted provided that ACM's copyright notice is given and that reference is made to the publication, to its date of issue, and to the fact that reprinting privileges were granted by permission of the Association for Computing Machinery. There are currently a number of viewpoints suggesting what a virtual machine is, how it ought to be constructed , and what hardware and operating system implications result [1, 6, 7, 9, 12]. This pap¢r examines computer architectures of third-generation-like machines and demonstrates a simple condition which may be tested to determine whether an architecture can support a virtual machine. This condition may also be employed in machine design. In the following, we specify intuitively what is meant by the above, then develop a more exact model of third-generation-like machines, and finally state and prove a sufficient condition for such a system to be virtualizable. A virtual machine is taken to be an efficient, isolated duplicate of the real machine. We explain these notions through the idea of a virtual machine monitor (V~M). See Figure 1. As a piece of software a VMM has three essential characteristics. First, the VMM provides an environment for programs which is essentially identical with the original machine; second, programs run in this environment show at worst only minor decreases in speed; and last, the VMM is in complete control of system resources. By an "essentially identical" environment, the first characteristic, is meant the following. Any program run under the VMM should exhibit an effect identical with that demonstrated if the program had been run on the original machine directly, with the possible exception of differences caused by the availability of system resources and differences caused by timing dependencies. The latter qualification is required because Fig. 1. The virtual machine monitor. 413 of the intervening level of software and because of the effect of any other virtual machines …