The practice of virtualization has been around for more than a decade, but who's to say which of the three frontrunner methods - binary translation (or runtime handling of system behavior/control-sensitive instructions); OS-assisted (also called para-virtualization); or hardware-assisted (also known as full virtualization) - is best? Or is there a best? While some continue to rely on binary translation as the de facto method, others might think that either para-virtualization or hardware-assisted virtualization - which often includes Intel's VT-x technology - is best. But which would serve the industry best?

Virtualization at a 50,000-foot glance
Simply stated, gone are the days of unlimited rack space and costly computers - and their extra expense. Embedded applications like defense, communications, and industrial are trying to reduce size, weight, and power consumption without sacrificing compute power. Legacy applications no longer have to run on different physical machines than their more updated counterparts. Software migrations are even possible without the hassle of taking down the entire system or application. And forget about redundant hardware - it's no longer necessary because system uptime can be increased through software failover instead.

The magic enabling panacea: virtualization, which enables several disparate OSs (and therefore their dependent applications) to execute within one physical machine through the use of a Virtual Machine Monitor (VMM). A VMM is actually a new software layer sometimes referred to as a "hypervisor," which manages these disparate OSs and applications running on them commonly known as Virtual Machines (VMs) Virtualization is executed through a "context switch" state that makes each separate application on its respective OS think it has sole control over all the hardware[1]. Applicable to both single-core and multi-core scenarios, this delusion or illusion of sole control is highly beneficial to engineers for the aforestated reasons. But which of the three methods is the most effective?

The virtualization triad - which one wins?
Like all things technology, there's more than one way to reach the goal, but is there a perfect route for perfectionists? One can only say for certain ... well, it depends.

Binary translation

How it was developed
The binary translation method of virtualization was developed for good reason: OSs crafted for Intel® Architecture processors are designed to execute on native hardware directly and therefore assume they have sole control over computing resources. Additionally, x86 architectures comprise various privilege levels, which presents no issues because OS code is designed to execute at the top privilege level natively. However, that privilege expectation became a challenge when the x86 architecture was virtualized and the guest OS was therefore relegated to execute at a privilege level lower than the VMM (because the VMM manages shared resource allocation). Additionally, instruction semantics differ when an OS is run natively versus in a virtualized scenario[2].

Pros and cons
With the VMM providing decoupling of the guest OS from the hardware platform, no OS assist nor hardware assist is needed. The primary drawback, though: Performance is somewhat hindered as runtime OS modification is necessary[2]. Another snafu of binary translation is its complexity, says Chris Main, CTO at TenAsys Corporation, an Affiliate member of the Intel® Embedded and Communications Alliance (Intel® ECA). "Binary translation describes the technique where 'problem code' in the guest software ... is replaced by on-the-fly 'safe code.' ... It requires detailed knowledge of the guest software and thus is typically complex to implement."

OS-assisted or para-virtualization

Where it fits in
Para-virtualization schemes feature a hypervisor and modified guest OS collaboration, where the OS's privileged access areas are altered to request hypervisor action instead of executing privileged instructions, explains Mark Hermeling, senior product manager at Wind River, an Intel® ECA Associate member. This technique is most suitable for scenarios when the real hardware environment and guest environment are alike or quite similar. The guest OS is optimized for performance and to ensure it does not commit guest-inappropriate actions.

Plusses and minuses
Para-virtualization typically renders the highest performance amongst the virtualization methods discussed herein[2]. "Para-virtualization can result in good system performance but is generally applicable to situations where the guest is well-known or fixed for a given product," says Main.

"[Para-virtualization] can be done on top of any processor, and the real-time performance is the best of all three methods. Para-virtualization is generally regarded as the best option for real-time behavior. Para-virtualization can be mixed with full virtualization, for example, to execute Microsoft Windows using full virtualization in one virtual [machine] and VxWorks or Linux para-virtualized in another on top of the same processor (both single-core and multi-core)," details Hermerling.

Hardware-assisted or full virtualization
In contrast to binary translation and para-virtualization, the hardware-centric full virtualization method utilizes an unmodified OS that runs on a virtual machine - without the OS knowing it's running in a virtualized environment sharing the physical system with other OSs. Of course, the OS will try to execute a privileged instruction, but in this case, the processor sends the hypervisor an exception. The next step: The hypervisor then performs the requested behavior, Hermeling reports.

Consequently, processors such as Intel® Core 2 Duo, Intel® Xeon, and the latest Intel® Core i7 feature Intel's virtualization technology and support technologies like the Intel® Virtualization Technology (Intel® VT)[3] for IA-32, Intel® 64, and Intel® Architecture (Intel® VT-x).

With VT-x, the processor provides two new operation modes, where VMs run in the "VMX non-Root mode" while the VMM executes in the "VMX Root mode." Here's how it works: Processor behavior in VMX non-Root mode operation is modified and restricted for virtualization facilitation. However, in contrast to ordinary operation, specific events and instructions prompt the VMM (Root mode) to take action. This enables the VMM to keep processor-resource control.

Meanwhile, processor behavior in VMX Root mode operation is very similar to that within its native environment. The primary differences include a newly available set of VMX instructions, in addition to a limitation of the values that might be loaded into specific control registers. VMX operation invokes restrictions on software executing with Current Privilege Level (CPL) 0; therefore, guest software is able to execute at the privilege level to which it was originally designed, simplifying VMM development.

Why or why not use it?
With the exploding popularity of the world's most pervasive OS - Windows - it's important to note that the source code for Windows cannot be modified for a para-virtualization scheme. However, Windows embedded flavors including Windows 7 Professional for Embedded Systems, Windows 7 Ultimate for Embedded Systems, Windows Embedded POSReady, Windows XP Embedded, and others are gaining more acceptance among the embedded community, especially in market segments such as medical, industrial, gaming, and retail, to name a few.

"The advantage of the hardware virtualization technique is that it requires no knowledge of the guest software other than the specific set of interaction with the [VMM]. This makes it more useful in a general-purpose solution to support many different guest runtime environments," states Main.

Hermeling has another point of view. "Full virtualization is really attractive as you don't have to modify the operating system. However, there is a significant impact due to the required emulation work when the processor throws an exception. The impact is very much noticeable in handling devices. This is measurable in throughput, as well as latency and jitter in interrupt handling." This method of virtualization also necessitates hardware assist, something not always found in embedded processors. However, most Intel® processors support Intel's VT-x virtualization technology, as do many other competitive architectures featuring their own hardware extensions for supporting virtualization in embedded.




Now you decide
In a fragmented embedded industry where virtualization is relatively new territory and multiple processors - all with different requirements and IP - could be used, not to mention present costliness of the virtualization equation, standardization is likely a perplexing equation. And then there's the matter of whether to standardize one of the two software-based methods (binary translation and para-virtualization) versus the hardware-assisted method. Should software or hardware be emphasized in potential standardization - or both? Time will tell, but for now, it appears that the pros and cons of standardization are evenly weighted. Typically having no answer means a "no" answer ... so I'm told. What are your thoughts?

Written by Sharon Schnakenburg, OpenSystems Media®, by special arrangement with Intel® ECA


[1] "Virtualization for Embedded and Communications Infrastructure Applications," by Edwin Verplanke, Intel® Corporation, Oct. 31, 2006.

[2] "Intel's CPU extensions transform virtualization," by Stuart Fisher, LynuxWorks, Inc.,

[3] "Intel® Virtualization Technology for Embedded Applications," by Amit Aneja, Intel,
Rev 1.0, July, 2009,