They say that history repeats itself. At the turn of the century, many in the computing industry were engaged in a fascinating debate about how multithreading and virtualization would become the next big thing in desktop PCs and servers providing a big performance boost for many high-throughput applications.
Ten years later, both concepts are making a dramatic comeback. This time the debating stage is different: we’re not talking about performance in servers anymore, but focusing on next-generation embedded devices and IoT nodes. The conversation has evolved too: we’re using multithreading in a smarter way to improve power and area efficiency while virtualization provides the foundation for system-wide security.
Both concepts are not new: multithreading computer architectures have been around since the 1950s and virtualization held the crown for Most Promising Technology of the Year in the late 1970s.
However both are vitally important for the future of connected computing, particularly when take a step back and observe the big picture of IoT. The latest predictions put the IoT market at several billions of connected devices; this includes smart sensors, gateways, intermediate nodes, or data centers.
Every single category mentioned above can benefit from multithreading and virtualization. In this article, I’ll explain what virtualization is, and then I’ll look at the hardware and software architecture of virtualized systems. Finally, I’ll briefly describe the level of support for virtualization in MIPS CPUs.
A crash course into virtualization
Simply put, virtualization makes one physical device appear as one or more virtual devices. Virtualization can be implemented at the processor level (e.g. CPU or GPU virtualization) or at the system level (i.e. SoC virtualization).
Virtualization separates the software running on virtual machines from the underlying hardware resources.
By adding support for virtualization, a platform can create multiple Virtual Machines (VMs), each running its own operating system, embedded programs or a combination of both.
The hardware and software architecture of virtualized platforms
When reading about virtualization, you will come across some commonly-used terms such as host processors, virtual machines, root and guest contexts, and hypervisors.
The host machine represents the actual physical hardware whose resources are to be virtualized. For MIPS, a host processor is synonymous with a physical instance of a CPU.
The virtual machine (VM) is the virtual context of a processor created by software. In the case where the host machine supports multiple virtual machines, each guest operating system will run on a VM in its own context. Therefore, the root context is the context of the physical system while the guest context belongs to each virtual machine.
The software that creates and controls the VM is called a hypervisor. The hypervisor is a crucial component of virtualized systems and represents an intermediate software layer between virtual machines and the actual hardware. Running in the root context, the hypervisor has direct control of the hardware, and thus creates and maintains the trusted execution environments. The main job of a hypervisor it to load and control the software running in each guest context.
It is vital that all software running in a guest context is not able to detect the presence of this intermediate software layer: from the guest context’s point of view, the software inside a VM appears to be running directly on a hardware platform.
The principles of virtualization
Like multithreading, the idea of virtualization is not new. In 1974, two renowned computer scientists – Gerald J. Popek (UCLA) and Robert P. Goldberg (Harvard University) – wrote an article called Formal requirements for virtualizable third generation architectures; this article contains the three pillars for virtualization:
- Equivalence: A program running on a virtual machine should look identical to one running on the actual hardware
- Resource control: A hypervisor must be in complete control of all virtualized resources
- Behavior sensitive intructions: The majority of instructions executed by virtualized software should not require hypervisor intervention
There are two types of hypervisors: type 1 (or native) hypervisors runs directly on the hardware while the guest software runs in the VMs. SELTECH FEXEROX and PUCRS Hellfire are two examples of native hypervisors for the MIPS architecture
A type 2 (or hosted) hypervisor runs within a conventional operating system environment. Type 2 hypervisors are also referred to as trap and emulate hypervisors because all actions by a guest OS are trapped and the access to hardware is emulated. A common example of a type 2 hypervisor for MIPS CPUs is the KVM hypervisor that runs in the Linux kernel.
On a MIPS CPU, a type 2 hypervisor would run in kernel mode while the guest OS would run in user mode. In this way, any access that the guest OS tries to make to a privileged region of memory or execute a privileged instruction will cause an exception that is handled by the hypervisor running in kernel mode.
The MIPS virtualization module (MIPS VZ) and OmniShield-ready MIPS CPUs
Virtualization can be achieved using software-only methods (e.g. paravirtualization) or by means of hardware assistance (full virtualization). Many MIPS-based processors today support and run paravirtualized operating systems and embedded programs.
Since Release 5, the MIPS architecture has added support for hardware-assisted virtualization. Once incorporated into a MIPS Warrior CPU, full virtualization provides the benefits of improved performance without any modifications of the guest operating systems.
MIPS Warrior CPUs support various levels of full, hardware-assisted virtualization. Remarkably, we’ve implemented this technology across the entire range, from the high-end P-class and energy-efficient I-class application processors to M5150 and M5100 microcontroller-class CPUs.
Full virtualization across the range is a unique feature to the MIPS architecture in the CPU IP landscape.
The diagram below presents the maximum number of guest operating systems that each Warrior CPU is able to run:
For more information on the MIPS VZ module, please visit our dedicated webpage here.
To address the security and reliability requirements of next-generation connected devices, Imagination has also added hardware support for virtualization into PowerVR Series7 GPUs, and other processors. Implementing full hardware virtualization across MIPS and PowerVR processors enables SoC designers to build OmniShield-ready platforms.