WO2015088374A1 - Systems and methods for cross-architecture container virtualization - Google Patents

Systems and methods for cross-architecture container virtualization Download PDF

Info

Publication number
WO2015088374A1
WO2015088374A1 PCT/RU2013/001121 RU2013001121W WO2015088374A1 WO 2015088374 A1 WO2015088374 A1 WO 2015088374A1 RU 2013001121 W RU2013001121 W RU 2013001121W WO 2015088374 A1 WO2015088374 A1 WO 2015088374A1
Authority
WO
WIPO (PCT)
Prior art keywords
operating system
software application
container
call
binary
Prior art date
Application number
PCT/RU2013/001121
Other languages
French (fr)
Inventor
Artjom Borisovich ANISIMOV
Vadim Dmitrievich GIMPELSON
Semion Mihajlovich KRYLOV
Maksim Vladimirovich MASLOV
Original Assignee
Obschestvo S Ogranichennoy Otvetstvennostju "Elbrus Tehnologii"
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Obschestvo S Ogranichennoy Otvetstvennostju "Elbrus Tehnologii" filed Critical Obschestvo S Ogranichennoy Otvetstvennostju "Elbrus Tehnologii"
Priority to PCT/RU2013/001121 priority Critical patent/WO2015088374A1/en
Publication of WO2015088374A1 publication Critical patent/WO2015088374A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • G06F9/45516Runtime code conversion or optimisation
    • G06F9/4552Involving translation to a different instruction set architecture, e.g. just-in-time translation in a JVM
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • G06F9/45516Runtime code conversion or optimisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45537Provision of facilities of other operating environments, e.g. WINE

Definitions

  • the disclosed embodiments relate in general to virtualization technology and, more specifically, to systems and methods for cross-architecture container virtualization.
  • Binary translation is understood to mean the technique of emulation of instruction sets for one architecture (guest) by those of another architecture (host) so that applications written and compiled for the guest architecture can run on computers with the host architecture, even where both architectures are incompatible at the machine code level.
  • Virtualization refers to the creation of software systems (virtual machines) that make it possible to execute software applications without making them aware of their actual hardware and sottware environment.
  • the system that provides hardware and software resources is called a host, and the systems it emulates, guests.
  • Virtualization has the following main subtypes:
  • Emulation full virtualization
  • hypervisor fully emulates all guest hardware, enabling the start of the guest operating system and guest applications without any modification.
  • Paravirtualization - the hypervisor can emulate the guest hardware to a certain extent. Guest operating system(s) and application(s) are executed in virtual domains and require special pre-modification.
  • Application virtualization (containerization) - an application or a group of applications is placed in a container, an isolated user-space instance implemented at the operating system level.
  • the degree of isolation and control over the applications within the container depends on the properties and implementation details of the container and includes, without limitation, isolation of the file system and the monitoring of the usage of the disk space, RAM and/or CPU resources.
  • JAVA technology does not allow virtualizing an operating system, only applications. What is more, a JAVA application only knows how to communicate with a JAVA virtual machine (JVM). In a sense, a JAVA application is written for a non-existent JAVA architecture, and JVM enables running it in an incompatible hardware environment, provided it has JVM.
  • JVM JAVA virtual machine
  • a JAVA application is also subject to a number of key constraints on the interface with the host operating system and therefore with host applications.
  • a computer-implemented method for executing a software application which is configured to execute in connection with a first computer architecture associated with a first operating system, in a computerised system of a second computer architecture different from the first computer architecture, the computerised system of the second computer architecture executing a second operating system, the method involving: providing, in connection with the second operating system a first binary container for executing the software application, wherein the software application executed inside the binary container appears to the second operating system and a plurality of native software applications executed in the second operating system as a native software application of the second computer architecture and wherein the software application executed in connection with the binary container interacts with the plurality of the native software applications executed in the second operating system by means of native interprocess communication mechanisms of the second operating system; intercepting a first call from the software application to the first operating system associated with the first computer architecture; and handling the intercepted first call from the software application to the first operating system associated with the first computer architecture, wherein the
  • a memory space of the software application is placed inside a memory space of the binary container and is fully accessible by the binary container, and wherein the memory space of the binary container is protected from the software application.
  • the second operating system is not aware of the software application, which is fully loaded into the binary container and operates within the binary container and wherein the software application is not visible as a separate application to the second operating system.
  • the second operating system is standard operating system without any modifications.
  • the binary container is enabled to use any of a plurality of functions of the second operating system to provide a container functionality.
  • the binary container is enabled to provide a container functionality if the second operating system does not have a corresponding operating system functionality.
  • the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, based on a request or parameter received from a user.
  • the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, for one or more arguments or specifications of the intercepted first call.
  • the method further involves: translating a binary code of the software application between a first code specific to the first computer architecture and the second code specific to the second computer architecture.
  • the first binary container is configured to additionally execute a second software application.
  • the method further involves: intercepting and processing synchronous or asynchronous events addressed to the software application.
  • a non-transitory computer readable medium embodying a set of instructions, which, when executed in connection with one or more processors, cause the one or more processors to perform a computer-implemented method for executing a software application, which is configured to execute in connection with a first computer architecture associated with a first operating system, in a computerised system of a second computer architecture different from the first computer architecture, the computerised system of the second computer architecture executing a second operating system, the method involving: providing, in connection with the second operating system a first binary container for executing the software application, wherein the software application executed inside the binary container appears to the second operating system and a plurality of native software applications executed in the second operating system as a native software application of the second computer architecture and wherein the software application executed in connection with the binary container interacts with the plurality of the native software applications executed in the second operating system by means of native interprocess communication mechanisms of the second operating system; intercepting a first call from the
  • a memory space of the software application is placed inside a memory space of the binary container and is fully accessible by the binary container, and wherein the memory space of the binary container is protected from the software application.
  • the second operating system is not aware of the software application, which is fully loaded into the binary container and operates within the binary container and wherein the software application is not visible as a separate application to the second operating system.
  • the second operating system is standard operating system without any modifications.
  • the binary container is enabled to use any of a plurality of functions of the second operating system to provide a container functionality.
  • the binary container is enabled to provide a container functionality if the second operating system does not have a corresponding operating system functionality.
  • the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, based on a request or parameter received from a user.
  • the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, for one or more arguments or specifications of the intercepted first call.
  • the method further involves: translating a binary code of the software application between a first code specific to the first computer architecture and the second code specific to the second computer architecture.
  • the first binary container is configured to additionally execute a second software application.
  • the method further involves: intercepting and processing synchronous or asynchronous events addressed to the software application.
  • a computerized system comprising a central processing unit and a memory, the memory storing a set of instructions, which, when executed in connection with one or more processors, cause the one or more processors to perform a computer- implemented method for executing a software application, which is configured to execute in connection with a first computer architecture associated with a first operating system, in a computerised system of a second computer architecture different from the first computer architecture, the computerised system of the second computer architecture executing a second operating system, the method involving: providing, in connection with the second operating system a first binary container for executing the software application, wherein the software application executed inside the binary container appears to the second operating system and a plurality of native software applications executed in the second operating system as a native software application of the second computer architecture and wherein the software application executed in connection with the binary container interacts with the plurality of the native software applications executed in the second operating system by means of native interprocess communication mechanisms of the second operating system; intercepting
  • a memory space of the software application is placed inside a memory space of the binary container and is fully accessible by the binary container, and wherein the memory space of the binary container is protected from the software application.
  • the second operating system is not aware of the. software application, which is fully loaded into the binary container and operates within the binary container and wherein the software application is not visible as a separate application to the second operating system.
  • the second operating system is standard operating system without any modifications.
  • the binary container is enabled to use any of a plurality of functions of the second operating system to provide a container functionality.
  • the binary container is enabled to provide a container functionality if the second operating system does not have a corresponding operating system functionality.
  • the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, based on a request or parameter received from a user.
  • the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, for one or more arguments or specifications of the intercepted first call.
  • the method further involves: translating a binary code of the software application between a first code specific to the first computer architecture and the second code specific to the second computer architecture.
  • the first binary container is configured to additionally execute a second software application.
  • the method further involves: intercepting and processing synchronous or asynchronous events addressed to the software application.
  • Figure 1 illustrates an exemplary embodiment of an inventive cross- architecture container virtualization system.
  • Figure 2 illustrates an exemplary embodiment of method for processing systems calls by the inventive cross-architecture container virtualization system.
  • Figure 3 is a block diagram that illustrates an embodiment of a computer system upon which an embodiment of the inventive functionality may be implemented.
  • a cross-architecture container virtualization system that executes a guest application as a standard application of the host operating system, which can fully interface with the host applications and the host operating system itself.
  • the host operating system is a standard-configuration operating system, i.e. it does not require any custom patches or modules that are not part of the operating system default configuration.
  • the inventive cross-architecture container virtuaiization system may include the following two components:
  • a dynamic binary translator providing translation, storage and execution of the translated code. Translation is only applied to the code of the guest application and the guest libraries loaded into the application memory. Certain aspects of an exemplary dynamic binary translator are described, for example, in PCT patent application entitled “SYSTEMS AND METHODS FOR HANDLING ASYNCHRONOUS EVENTS IN MULTI-THREADED BINARY CODE TRANSLATOR” (date of filing 13 December 2013), incorporated herein by reference.
  • a guest application may be started as follows:
  • the operating system starts the inventive cross-architecture container virtuaiization system.
  • the inventive cross- architecture container virtuaiization system loads the guest application into its address space and begins executing it.
  • Figure 1 illustrates an exemplary embodiment of an inventive cross- architecture container virtuaiization system 100.
  • the embodiment of the inventive cross-architecture container virtuaiization system 100 is deployed on a host hardware 101 executing operating system 102 executing on the host hardware 101.
  • the inventive cross-architecture container virtuaiization system 100 provides a binary container 103, a binary container 104 and a binary container 105 for executing guest applications 106, 07, 108 and 109. Additional applications 1 10 and 1 1 1 native to the operating system 02 of the host can also be executed.
  • the inventive cross-architecture container virtuaiization system and the guest application divide the address space and are seen by the host operating system as one and the same application.
  • this feature provides a number of advantages, including, without limitation:
  • the guest application can use the mechanism of shared memory to interface with other applications running under the host operating system. These can include both host applications and other guest applications running under the inventive cross-architecture container virtuaiization system.
  • the guest process started under the inventive cross-architecture container virtuaiization system is given access to resources, for example it is queued for execution by the host operating system kernel, as is usual.
  • the execution of a guest application under the inventive cross-architecture container virtuaiization system involves three core tasks:
  • guest instructions are translated into sequences of host instructions. If the host architecture has no substitute for a guest instruction, or if a guest instruction is semantically sophisticated, then it can be replaced with a call for the inventive cross-architecture container virtualization system function implementing the guest instruction.
  • Figure 2 illustrates an exemplary embodiment of method 200 for processing systems calls by the inventive cross-architecture container virtualization system 100.
  • the guest application's calls to the operating system kernel 206 are replaced with calls to a special function provided by the inventive cross-architecture container virtualization system that processes requests to the operating system 206.
  • some requests are simply converted (205) to similar host requests; others are emulated, in part (204) or in whole (203).
  • full emulation 203 of requests to operating system is used where: the host operating system has no substitute for the guest request and/or the inventive cross-architecture container virtualization system settings provide for full virtualization of the request.
  • partial emulation 204 of requests to operating system is used where: [0071] 1 .
  • the host has no adequate substitute for the system call, and the guest system call can be implemented through a sequence of host system calls with recoding of input and output data structures.
  • a request for a change in the application's address space is fulfilled because, the inventive cross-architecture container virtualization system sharing the address space with the guest application, there is a risk of corruption of the code or the data of the inventive cross-architecture container virtualization system itself. By, for example, removal of an address range from the address space. Neither is the operating system aware of the guest application, and direct forwarding of system calls controlling a "heap" will affect the "heap" of dynamic binary translator rather than the guest application.
  • calls to operating system interfaces implementing IPC can be forwarded to the host operating system, enabling the guest application to interface with guest or host applications using IPC mechanisms.
  • they can be restricted to emulation within the inventive cross-architecture container virtualization system.
  • interception and processing of synchronous and asynchronous events addressed to the guest application shall be as follows:
  • CCVS will save all information about the guest processor and provide its own processor, recognized as valid by the host operating system.
  • the guest application for A1 architecture can without any customization/modification:
  • [0087] 1 be run on host A2 incompatible hardware architecture under the host operating system for A2 architecture, also without customization.
  • the inventive cross-architecture container virtualization system can restrict the interfacing between guest applications and the current container's external environment based on the settings specified by the user running the guest application under the inventive cross-architecture container virtualization system.
  • [0092] 1 Instead of file system virtualization within the inventive cross- architecture container virtualization system, it is possible to use the functionality provided by the host operating system.
  • the containerization functionality of Linux operating system For example, the containerization functionality of Linux operating system.
  • the simplest solution for the Linux operating system is to use a combination of chroot command (or a substitute) and mount command with bind argument passed to it, which is well within knowledge of persons of ordinary skill in the art.
  • any other appropriate functionality available in the operating system may also be used.
  • file system virtualization functionality can be removed to the operating system modules, if supported, or to separate dedicated processes, or using any other functionality provided by the operating system.
  • Linux operating system allows some of file system virtualization operations to be removed from the inventive cross-architecture container virtualization system and implemented using the FUSE module.
  • File system virtualization can be replaced with environment variables, using them to specify for the application the paths to libraries etc.
  • a guest application's memory allocation/release requests can be either fully complied with, up to and including search for free address space, or just monitored, checking only that the requests do not involve the inventive cross- architecture container virtualization system addresses and relying on the operating system to do the rest.
  • a container can hold either one or more than one application.
  • FIG. 3 is a block diagram that illustrates an embodiment of a computer system 300 upon which various embodiments of the inventive concepts described herein may be implemented.
  • the system 300 includes a computer platform 301 , peripheral devices 302 and network resources 303.
  • the computer platform 301 may include a data bus 304 or other communication mechanism for communicating information across and among various parts of the computer platform 301 , and a processor 305 coupled with bus 304 for processing information and performing other computational and control tasks.
  • Computer platform 301 also includes a volatile storage 306, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 304 for storing various information as well as instructions to be executed by processor 305, including the software application for proxy detection described above.
  • the volatile storage 306 also may be used for storing temporary variables or other intermediate information during execution of instructions by processor 305.
  • Computer platform 301 may further include a read only memory (ROM or EPROM) 307 or other static storage device coupled to bus 304 for storing static information and instructions for processor 305, such as basic input-output system (BIOS), as well as various system configuration parameters.
  • ROM or EPROM read only memory
  • a persistent storage device 308, such as a magnetic disk, optical disk, or solid-state flash memory device is provided and coupled to bus 304 for storing information and instructions.
  • Computer platform 301 may be coupled via bus 304 to a touch-sensitive display 309, such as a cathode ray tube (CRT), plasma display, or a liquid crystal display (LCD), for displaying information to a system administrator or user of the computer platform 301 .
  • a touch-sensitive display 309 such as a cathode ray tube (CRT), plasma display, or a liquid crystal display (LCD)
  • An input device 310 is coupled to bus 304 for communicating information and command selections to processor 305.
  • cursor control device 31 1 is Another type of user input device, such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 305 and for controlling cursor movement on touch- sensitive display 309.
  • This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane.
  • the display 309 may incorporate a touchscreen interface configured to detect user's tactile events and send information on the detected events to the processor 305 via the bus 304.
  • An external storage device 312 may be coupled to the computer platform 301 via bus 304 to provide an extra or removable storage capacity for the computer platform 301 .
  • the external removable storage device 312 may be used to facilitate exchange of data with other computer systems.
  • the invention is related to the use of computer system 300 for implementing the techniques described herein.
  • the inventive system may reside on a machine such as computer platform 301 .
  • the techniques described herein are performed by computer system 300 in response to processor 305 executing one or more sequences of one or more instructions contained in the volatile memory 306.
  • Such instructions may be read into volatile memory 306 from another computer-readable medium, such as persistent storage device 308.
  • Execution of the sequences of instructions contained in the volatile memory 306 causes processor 305 to perform the process steps described herein.
  • hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention.
  • embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
  • Non-volatile media includes, for example, optical or magnetic disks, such as the persistent storage device 308.
  • Volatile media includes dynamic memory, such as volatile storage 306.
  • Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD- ROM, any other optical medium, punchcards, papertape, any other physical medium with patterns of holes, a RAM, a PROM, an EPROM, a FLASH-EPROM, a flash drive, a memory card, any other memory chip or cartridge, or any other medium from which a computer can read.
  • Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to processor 305 for execution.
  • the instructions may initially be carried on a magnetic disk from a remote computer.
  • a remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem.
  • a modem local to computer system can receive the data on the telephone line and use an infrared transmitter to convert the data to an infra-red signal.
  • An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on the data bus 304.
  • the bus 304 carries the data to the volatile storage 306, from which processor 305 retrieves and executes the instructions.
  • the instructions received by the volatile memory 306 may optionally be stored on persistent storage device 308 either before or after execution by processor 305.
  • the instructions may also be downloaded into the computer platform 301 via Internet using a variety of network data communication protocols well known in the art.
  • the computer platform 301 also includes a communication interface, such as network interface card 313 coupled to the data bus 304.
  • Communication interface 313 provides a two-way data communication coupling to a network link 314 that is coupled to a local network 3 5.
  • communication interface 313 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line.
  • ISDN integrated services digital network
  • communication interface 313 may be a local area network interface card (LAN NIC) to provide a data communication connection to a compatible LAN.
  • Wireless links such as well-known 802.1 1 a, 802.1 1 b, 802.11 g and Bluetooth may also used for network implementation.
  • communication interface 313 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
  • Network link 314 typically provides data communication through one or more networks to other network resources.
  • network link 314 may provide a connection through local network 315 to a host computer 316, or a network storage/server 322.
  • the network link 314 may connect through gateway/firewall 317 to the wide-area or global network 318, such as an Internet.
  • the computer platform 301 can access network resources located anywhere on the Internet 318, such as a remote network storage/server 319.
  • the computer platform 301 may also be accessed by clients located anywhere on the local area network 315 and/or the Internet 318.
  • the network clients 320 and 321 may themselves be implemented based on the computer platform similar to the platform 301 .
  • Local network 315 and the Internet 318 both use electrical, electromagnetic or optical signals that carry digital data streams.
  • the signals through the various networks and the signals on network link 314 and through communication interface 313, which carry the digital data to and from computer platform 301 , are exemplary forms of carrier waves transporting the information.
  • Computer platform 301 can send messages and receive data, including program code, through the variety of network(s) including Internet 318 and LAN 315, network link 315 and communication interface 313.
  • network(s) including Internet 318 and LAN 315, network link 315 and communication interface 313.
  • the system 301 when the system 301 acts as a network server, it might transmit a requested code or data for an application program running on client(s) 320 and/or 321 through the Internet 318, gateway/firewall 317, local area network 315 and communication interface 31 3. Similarly, it may receive code from other network resources.
  • the received code may be executed by processor 305 as it is received, and/or stored in persistent or volatile storage devices 308 and 306, respectively, or other non-volatile storage for later execution.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

Described is a cross-architecture container virtualization system (CCVS) that executes a guest application as a standard application of the host operating system, which can fully interface with the host applications and the host operating system itself. The host operating system is a standard-configuration operating system, i.e. it does not require any custom patches or modules that are not part of the operating system default configuration. The inventive cross-architecture container virtualization system may include the following two components: 1) a dynamic binary translator providing translation, storage and execution of the translated code. Translation is only applied to the code of the guest application and the guest libraries loaded into the application memory; and 2) a system implementing the container for the guest application.

Description

SYSTEMS AND METHODS FOR CROSS-ARCHITECTURE CONTAINER
VIRTU ALIZATION
BACKGROUND OF THE INVENTION
Technical Field
[0001] The disclosed embodiments relate in general to virtualization technology and, more specifically, to systems and methods for cross-architecture container virtualization.
Description of the Related Art
[0002] The global research and development community is making a major effort to solve the problem of migration of individual applications and entire operating systems from one microprocessor architecture to another. This is due to the fact that the amount of code written is so great as to make it extremely difficult, inefficient and sometimes outright impossible to port to or rewrite code for novel microprocessor architectures. Among the techniques for software migration to new architectures is a binary translation. Binary translation is understood to mean the technique of emulation of instruction sets for one architecture (guest) by those of another architecture (host) so that applications written and compiled for the guest architecture can run on computers with the host architecture, even where both architectures are incompatible at the machine code level.
[0003] Another area of importance that receives as much attention from the research and development community is a virtual machine technology, also known as virtualization. Virtualization refers to the creation of software systems (virtual machines) that make it possible to execute software applications without making them aware of their actual hardware and sottware environment. The system that provides hardware and software resources is called a host, and the systems it emulates, guests. Virtualization has the following main subtypes:
[0004] 1 . Emulation (full virtualization) - the virtual machine (hypervisor) fully emulates all guest hardware, enabling the start of the guest operating system and guest applications without any modification.
[0005] 2. Paravirtualization - the hypervisor can emulate the guest hardware to a certain extent. Guest operating system(s) and application(s) are executed in virtual domains and require special pre-modification.
[0006] 3. Application virtualization (containerization) - an application or a group of applications is placed in a container, an isolated user-space instance implemented at the operating system level. The degree of isolation and control over the applications within the container depends on the properties and implementation details of the container and includes, without limitation, isolation of the file system and the monitoring of the usage of the disk space, RAM and/or CPU resources.
[0007] It should be noted that the state of the art includes a number of various binary translation systems as well as a number of virtualization systems. However, there are very few systems encompassing both technologies.
[0008] For example, Hewlett-Packard developed the MagiXen system, well known in the art, combining Itanium Execution Layer and XEN hypervisor, thus creating a hypervisor with binary translation functionality. The system enables the execution of the code of guest (ia32) operating systems on the host hardware platform (ia64). The technology is described in the US patent No. 8,327,354, incorporated herein by reference. The core feature of the solution is that the guest application "lives" totally in the guest environment under the guest operating system run by the hypervisor and cannot fully interface with host applications, but only with applications started on a remote computer. Therefore, starting a guest application requires migrating the entire guest operating system with the necessary services to the host and running it under a hypervisor with binary translation. One should also take into account the fact that a binary translator processes not only the code of the application to be started, but also the code of possible helper applications, the code of operating system services and the code of the operating system itself. This inevitably slows down the entire system.
[0009] Another way to combine visualization and binary translation is using JAVA technology, also well known to persons of ordinary skill in the art. This technology was originally developed by Sun Microsystems, and is quite dissimilar to the above solution. JAVA technology does not allow virtualizing an operating system, only applications. What is more, a JAVA application only knows how to communicate with a JAVA virtual machine (JVM). In a sense, a JAVA application is written for a non-existent JAVA architecture, and JVM enables running it in an incompatible hardware environment, provided it has JVM. A JAVA application is also subject to a number of key constraints on the interface with the host operating system and therefore with host applications.
[0010] Therefore, new and improved techniques for cross-architecture container virtualization are needed. SUMMARY OF THE INVENTION
[0011] The embodiments described herein are directed to systems and methods that substantially obviate one or more of the above and other problems associated with the conventional cross-architecture container virtualization technology.
[0012] In accordance with one aspect of the embodiments described herein, there is provided a computer-implemented method for executing a software application, which is configured to execute in connection with a first computer architecture associated with a first operating system, in a computerised system of a second computer architecture different from the first computer architecture, the computerised system of the second computer architecture executing a second operating system, the method involving: providing, in connection with the second operating system a first binary container for executing the software application, wherein the software application executed inside the binary container appears to the second operating system and a plurality of native software applications executed in the second operating system as a native software application of the second computer architecture and wherein the software application executed in connection with the binary container interacts with the plurality of the native software applications executed in the second operating system by means of native interprocess communication mechanisms of the second operating system; intercepting a first call from the software application to the first operating system associated with the first computer architecture; and handling the intercepted first call from the software application to the first operating system associated with the first computer architecture, wherein the handling of the intercepted first call comprises: performing a simple conversion of the intercepted first call into a corresponding second call to the second operating system and processing the second call using the second operating system; performing a partial emulation of the first operating system; or performing a full emulation of the first operating system.
[0013] In one or more embodiments, a memory space of the software application is placed inside a memory space of the binary container and is fully accessible by the binary container, and wherein the memory space of the binary container is protected from the software application.
[0014] In one or more embodiments, the second operating system is not aware of the software application, which is fully loaded into the binary container and operates within the binary container and wherein the software application is not visible as a separate application to the second operating system.
[0015] In one or more embodiments, the second operating system is standard operating system without any modifications.
[0016] In one or more embodiments, the binary container is enabled to use any of a plurality of functions of the second operating system to provide a container functionality.
[0017] In one or more embodiments, the binary container is enabled to provide a container functionality if the second operating system does not have a corresponding operating system functionality.
[0018] In one or more embodiments, the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, based on a request or parameter received from a user.
[0019] In one or more embodiments, the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, for one or more arguments or specifications of the intercepted first call.
[0020] In one or more embodiments, wherein the method further involves: translating a binary code of the software application between a first code specific to the first computer architecture and the second code specific to the second computer architecture.
[0021] In one or more embodiments, the first binary container is configured to additionally execute a second software application.
[0022] In one or more embodiments, wherein the method further involves: intercepting and processing synchronous or asynchronous events addressed to the software application.
[0023] In accordance with another aspect of the embodiments described herein, there is provided a non-transitory computer readable medium embodying a set of instructions, which, when executed in connection with one or more processors, cause the one or more processors to perform a computer-implemented method for executing a software application, which is configured to execute in connection with a first computer architecture associated with a first operating system, in a computerised system of a second computer architecture different from the first computer architecture, the computerised system of the second computer architecture executing a second operating system, the method involving: providing, in connection with the second operating system a first binary container for executing the software application, wherein the software application executed inside the binary container appears to the second operating system and a plurality of native software applications executed in the second operating system as a native software application of the second computer architecture and wherein the software application executed in connection with the binary container interacts with the plurality of the native software applications executed in the second operating system by means of native interprocess communication mechanisms of the second operating system; intercepting a first call from the software application to the first operating system associated with the first computer architecture; and handling the intercepted first call from the software application to the first operating system associated with the first computer architecture, wherein the handling of the intercepted first call comprises: performing a simple conversion of the intercepted first call into a corresponding second call to the second operating system and processing the second call using the second operating system; performing a partial emulation of the first operating system; or performing a full emulation of the first operating system.
[0024] In one or more embodiments, a memory space of the software application is placed inside a memory space of the binary container and is fully accessible by the binary container, and wherein the memory space of the binary container is protected from the software application. [0025] In one or more embodiments, the second operating system is not aware of the software application, which is fully loaded into the binary container and operates within the binary container and wherein the software application is not visible as a separate application to the second operating system.
[0026] In one or more embodiments, the second operating system is standard operating system without any modifications.
[0027] In one or more embodiments, the binary container is enabled to use any of a plurality of functions of the second operating system to provide a container functionality.
[0028] In one or more embodiments, the binary container is enabled to provide a container functionality if the second operating system does not have a corresponding operating system functionality.
[0029] In one or more embodiments, the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, based on a request or parameter received from a user.
[0030] In one or more embodiments, the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, for one or more arguments or specifications of the intercepted first call.
[0031] In one or more embodiments, wherein the method further involves: translating a binary code of the software application between a first code specific to the first computer architecture and the second code specific to the second computer architecture.
[0032] In one or more embodiments, the first binary container is configured to additionally execute a second software application.
[0033] In one or more embodiments, wherein the method further involves: intercepting and processing synchronous or asynchronous events addressed to the software application.
[0034] In accordance with another aspect of the embodiments described herein, there is provided a computerized system comprising a central processing unit and a memory, the memory storing a set of instructions, which, when executed in connection with one or more processors, cause the one or more processors to perform a computer- implemented method for executing a software application, which is configured to execute in connection with a first computer architecture associated with a first operating system, in a computerised system of a second computer architecture different from the first computer architecture, the computerised system of the second computer architecture executing a second operating system, the method involving: providing, in connection with the second operating system a first binary container for executing the software application, wherein the software application executed inside the binary container appears to the second operating system and a plurality of native software applications executed in the second operating system as a native software application of the second computer architecture and wherein the software application executed in connection with the binary container interacts with the plurality of the native software applications executed in the second operating system by means of native interprocess communication mechanisms of the second operating system; intercepting a first call from the software application to the first operating system associated with the first computer architecture; and handling the intercepted first call from the software application to the first operating system associated with the first computer architecture, wherein the handling of the intercepted first call comprises: performing a simple conversion of the intercepted first call into a corresponding second call to the second operating system and processing the second call using the second operating system; performing a partial emulation of the first operating system; or performing a full emulation of the first operating system.
[0035] In one or more embodiments, a memory space of the software application is placed inside a memory space of the binary container and is fully accessible by the binary container, and wherein the memory space of the binary container is protected from the software application.
[0036] In one or more embodiments, the second operating system is not aware of the. software application, which is fully loaded into the binary container and operates within the binary container and wherein the software application is not visible as a separate application to the second operating system.
[0037] In one or more embodiments, the second operating system is standard operating system without any modifications. [0038] In one or more embodiments, the binary container is enabled to use any of a plurality of functions of the second operating system to provide a container functionality.
[0039] In one or more embodiments, the binary container is enabled to provide a container functionality if the second operating system does not have a corresponding operating system functionality.
[0040] In one or more embodiments, the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, based on a request or parameter received from a user.
[0041] In one or more embodiments, the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, for one or more arguments or specifications of the intercepted first call.
[0042] In one or more embodiments, wherein the method further involves: translating a binary code of the software application between a first code specific to the first computer architecture and the second code specific to the second computer architecture.
[0043] In one or more embodiments, the first binary container is configured to additionally execute a second software application. [0044] In one or more embodiments, wherein the method further involves: intercepting and processing synchronous or asynchronous events addressed to the software application.
[0045] Additional aspects related to the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. Aspects of the invention may be realized and attained by means of the elements and combinations of various elements and aspects particularly pointed out in the following detailed description and the appended claims.
[0046] It is to be understood that both the foregoing and the following descriptions are exemplary and explanatory only and are not intended to limit the claimed invention or application thereof in any manner whatsoever.
BRIEF DESCRIPTION OF THE DRAWINGS
[0047] The accompanying drawings, which are incorporated in and constitute a part of this specification exemplify the embodiments of the present invention and, together with the description, serve to explain and illustrate principles of the inventive technique. Specifically:
[0048] Figure 1 illustrates an exemplary embodiment of an inventive cross- architecture container virtualization system.
[0049] Figure 2 illustrates an exemplary embodiment of method for processing systems calls by the inventive cross-architecture container virtualization system.
[0050] Figure 3 is a block diagram that illustrates an embodiment of a computer system upon which an embodiment of the inventive functionality may be implemented. DETAILED DESCRIPTION
[0051] In the following detailed description, reference will be made to the accompanying drawing(s), in which identical functional elements are designated with like numerals. The aforementioned accompanying drawings show by way of illustration, and not by way of limitation, specific embodiments and implementations consistent with principles of the present invention. These implementations are described in sufficient detail to enable those skilled in the art to practice the invention and it is to be understood that other implementations may be utilized and that structural changes and/or substitutions of various elements may be made without departing from the scope and spirit of present invention. The following detailed description is, therefore, not to be construed in a limited sense. Additionally, the various embodiments of the invention as described may be implemented in the form of a software running on a general purpose computer, in the form of a specialized hardware, or combination of software and hardware.
[0052] In accordance with one aspect of the embodiments described herein, there is provided a cross-architecture container virtualization system (CCVS) that executes a guest application as a standard application of the host operating system, which can fully interface with the host applications and the host operating system itself. In one or more embodiments, the host operating system is a standard-configuration operating system, i.e. it does not require any custom patches or modules that are not part of the operating system default configuration. [0053] In one or more embodiments, the inventive cross-architecture container virtuaiization system may include the following two components:
[0054] 1. A dynamic binary translator providing translation, storage and execution of the translated code. Translation is only applied to the code of the guest application and the guest libraries loaded into the application memory. Certain aspects of an exemplary dynamic binary translator are described, for example, in PCT patent application entitled "SYSTEMS AND METHODS FOR HANDLING ASYNCHRONOUS EVENTS IN MULTI-THREADED BINARY CODE TRANSLATOR" (date of filing 13 December 2013), incorporated herein by reference.
[0055] 2. A system implementing the container for the guest application.
[0056] In one or more embodiments, a guest application may be started as follows:
[0057] 1. First, the operating system starts the inventive cross-architecture container virtuaiization system.
[0058] 2. Second, having initialized its structures, the inventive cross- architecture container virtuaiization system loads the guest application into its address space and begins executing it.
[0059] Figure 1 illustrates an exemplary embodiment of an inventive cross- architecture container virtuaiization system 100. As shown in Figure 1 , the embodiment of the inventive cross-architecture container virtuaiization system 100 is deployed on a host hardware 101 executing operating system 102 executing on the host hardware 101. The inventive cross-architecture container virtuaiization system 100 provides a binary container 103, a binary container 104 and a binary container 105 for executing guest applications 106, 07, 108 and 109. Additional applications 1 10 and 1 1 1 native to the operating system 02 of the host can also be executed.
[0060] In one or more embodiments, the inventive cross-architecture container virtuaiization system and the guest application divide the address space and are seen by the host operating system as one and the same application. As it would be appreciated by those of ordinary skill in the art, this feature provides a number of advantages, including, without limitation:
[0061] 1 . The guest application can use the mechanism of shared memory to interface with other applications running under the host operating system. These can include both host applications and other guest applications running under the inventive cross-architecture container virtuaiization system.
[0062] 2. The guest process started under the inventive cross-architecture container virtuaiization system is given access to resources, for example it is queued for execution by the host operating system kernel, as is usual.
[0063] In one or more embodiments, the execution of a guest application under the inventive cross-architecture container virtuaiization system involves three core tasks:
[0064] 1 . translation of the guest code into host code, storage and execution of the translated code;
[0065] 2. interception and processing of the guest application's requests to the operating system kernel; and W
[0066] 3. interception and processing of synchronous and asynchronous events addressed to the guest application.
[0067] In one or more embodiments, guest instructions are translated into sequences of host instructions. If the host architecture has no substitute for a guest instruction, or if a guest instruction is semantically sophisticated, then it can be replaced with a call for the inventive cross-architecture container virtualization system function implementing the guest instruction.
[0068] Figure 2 illustrates an exemplary embodiment of method 200 for processing systems calls by the inventive cross-architecture container virtualization system 100. In one or more embodiments, the guest application's calls to the operating system kernel 206 are replaced with calls to a special function provided by the inventive cross-architecture container virtualization system that processes requests to the operating system 206. In one or more embodiments, some requests are simply converted (205) to similar host requests; others are emulated, in part (204) or in whole (203).
[0069] In one or more embodiments, full emulation 203 of requests to operating system is used where: the host operating system has no substitute for the guest request and/or the inventive cross-architecture container virtualization system settings provide for full virtualization of the request.
[0070] In one or more embodiments, partial emulation 204 of requests to operating system is used where: [0071] 1 . the host has no adequate substitute for the system call, and the guest system call can be implemented through a sequence of host system calls with recoding of input and output data structures.
[0072] 2. a request for a change in the application's address space is fulfilled because, the inventive cross-architecture container virtualization system sharing the address space with the guest application, there is a risk of corruption of the code or the data of the inventive cross-architecture container virtualization system itself. By, for example, removal of an address range from the address space. Neither is the operating system aware of the guest application, and direct forwarding of system calls controlling a "heap" will affect the "heap" of dynamic binary translator rather than the guest application.
[0073] 3. a call to the file system is fulfilled because there is a risk that the guest application can:
[0074] i. load a host executable;
[0075] li. access a section of the file system with data relevant for the host system only, whereas a similar file must have totally different contents for the guest application; and/or
[0076] lii. access file system section the user wishes to keep out of bounds for the guest application.
[0077] 3. an attempt is made to install a handler for synchronous or asynchronous events since such an event causes the operating system to give it control, though it is implemented in guest code and cannot be executed by the host hardware.
[0078] For example, calls to operating system interfaces implementing IPC can be forwarded to the host operating system, enabling the guest application to interface with guest or host applications using IPC mechanisms. Alternatively, they can be restricted to emulation within the inventive cross-architecture container virtualization system.
[0079] In one or more embodiments, interception and processing of synchronous and asynchronous events addressed to the guest application shall be as follows:
[0080] 1 . Should a guest application attempt to install an event handler,
CCVS will save all information about the guest processor and provide its own processor, recognized as valid by the host operating system.
[0081] 2. Upon receipt of information about an event, the inventive cross- architecture container virtualization system will:
[0082] i. Convert its details from the host format into the guest format.
[0083] ii. Make preparations for the delivery of the event to the guest application in accordance with rules of the guest operating system.
[0084] lii. Transfer control to the guest processor.
[0085] In one or more embodiments, from the point of view of the guest application, everything is transparent, exactly as if the guest application received the event directly from operating system. [0086] Therefore, the guest application for A1 architecture can without any customization/modification:
[0087] 1 . be run on host A2 incompatible hardware architecture under the host operating system for A2 architecture, also without customization.
[0088] 2. interface with host applications running in parallel on this operating system, without any customization of these applications.
[0089] 3. interface with other guest applications developed for guest architectures hardware incompatible with guest architecture 1 and started under the inventive cross-architecture container virtualization system.
[0090] In one or more embodiments, the inventive cross-architecture container virtualization system can restrict the interfacing between guest applications and the current container's external environment based on the settings specified by the user running the guest application under the inventive cross-architecture container virtualization system.
[0091] It should be further noted that may modifications and substitution may be made to the inventive cross-architecture container virtualization system, including, without limitation:
[0092] 1 . Instead of file system virtualization within the inventive cross- architecture container virtualization system, it is possible to use the functionality provided by the host operating system. For example, the containerization functionality of Linux operating system. The simplest solution for the Linux operating system is to use a combination of chroot command (or a substitute) and mount command with bind argument passed to it, which is well within knowledge of persons of ordinary skill in the art. In one or more embodiments, any other appropriate functionality available in the operating system may also be used.
[0093] 2. Some of file system virtualization functionality can be removed to the operating system modules, if supported, or to separate dedicated processes, or using any other functionality provided by the operating system. For example, Linux operating system allows some of file system virtualization operations to be removed from the inventive cross-architecture container virtualization system and implemented using the FUSE module.
[0094] 3. File system virtualization can be replaced with environment variables, using them to specify for the application the paths to libraries etc.
[0095] 4. A guest application's memory allocation/release requests can be either fully complied with, up to and including search for free address space, or just monitored, checking only that the requests do not involve the inventive cross- architecture container virtualization system addresses and relying on the operating system to do the rest.
[0096] 5. A container can hold either one or more than one application.
[0097] 6. The children of an application started in a container can either remain therein or move to another container.
[0098] Figure 3 is a block diagram that illustrates an embodiment of a computer system 300 upon which various embodiments of the inventive concepts described herein may be implemented. The system 300 includes a computer platform 301 , peripheral devices 302 and network resources 303.
[0099] The computer platform 301 may include a data bus 304 or other communication mechanism for communicating information across and among various parts of the computer platform 301 , and a processor 305 coupled with bus 304 for processing information and performing other computational and control tasks. Computer platform 301 also includes a volatile storage 306, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 304 for storing various information as well as instructions to be executed by processor 305, including the software application for proxy detection described above. The volatile storage 306 also may be used for storing temporary variables or other intermediate information during execution of instructions by processor 305. Computer platform 301 may further include a read only memory (ROM or EPROM) 307 or other static storage device coupled to bus 304 for storing static information and instructions for processor 305, such as basic input-output system (BIOS), as well as various system configuration parameters. A persistent storage device 308, such as a magnetic disk, optical disk, or solid-state flash memory device is provided and coupled to bus 304 for storing information and instructions.
[00100] Computer platform 301 may be coupled via bus 304 to a touch-sensitive display 309, such as a cathode ray tube (CRT), plasma display, or a liquid crystal display (LCD), for displaying information to a system administrator or user of the computer platform 301 . An input device 310, including alphanumeric and other keys, is coupled to bus 304 for communicating information and command selections to processor 305. Another type of user input device is cursor control device 31 1 , such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 305 and for controlling cursor movement on touch- sensitive display 309. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane. To detect user's gestures, the display 309 may incorporate a touchscreen interface configured to detect user's tactile events and send information on the detected events to the processor 305 via the bus 304.
[00101 ] An external storage device 312 may be coupled to the computer platform 301 via bus 304 to provide an extra or removable storage capacity for the computer platform 301 . In an embodiment of the computer system 300, the external removable storage device 312 may be used to facilitate exchange of data with other computer systems.
[00102] The invention is related to the use of computer system 300 for implementing the techniques described herein. In an embodiment, the inventive system may reside on a machine such as computer platform 301 . According to one embodiment of the invention, the techniques described herein are performed by computer system 300 in response to processor 305 executing one or more sequences of one or more instructions contained in the volatile memory 306. Such instructions may be read into volatile memory 306 from another computer-readable medium, such as persistent storage device 308. Execution of the sequences of instructions contained in the volatile memory 306 causes processor 305 to perform the process steps described herein. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus, embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
[00103] The term "computer-readable medium" as used herein refers to any medium that participates in providing instructions to processor 305 for execution. The computer-readable medium is just one example of a machine-readable medium, which may carry instructions for implementing any of the methods and/or techniques described herein. Such a medium may take many forms, including but not limited to, non-volatile media and volatile media. Non-volatile media includes, for example, optical or magnetic disks, such as the persistent storage device 308. Volatile media includes dynamic memory, such as volatile storage 306.
[00104] Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD- ROM, any other optical medium, punchcards, papertape, any other physical medium with patterns of holes, a RAM, a PROM, an EPROM, a FLASH-EPROM, a flash drive, a memory card, any other memory chip or cartridge, or any other medium from which a computer can read.
[00105] Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to processor 305 for execution. For example, the instructions may initially be carried on a magnetic disk from a remote computer. Alternatively, a remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system can receive the data on the telephone line and use an infrared transmitter to convert the data to an infra-red signal. An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on the data bus 304. The bus 304 carries the data to the volatile storage 306, from which processor 305 retrieves and executes the instructions. The instructions received by the volatile memory 306 may optionally be stored on persistent storage device 308 either before or after execution by processor 305. The instructions may also be downloaded into the computer platform 301 via Internet using a variety of network data communication protocols well known in the art.
[00106] The computer platform 301 also includes a communication interface, such as network interface card 313 coupled to the data bus 304. Communication interface 313 provides a two-way data communication coupling to a network link 314 that is coupled to a local network 3 5. For example, communication interface 313 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, communication interface 313 may be a local area network interface card (LAN NIC) to provide a data communication connection to a compatible LAN. Wireless links, such as well-known 802.1 1 a, 802.1 1 b, 802.11 g and Bluetooth may also used for network implementation. In any such implementation, communication interface 313 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
[00107] Network link 314 typically provides data communication through one or more networks to other network resources. For example, network link 314 may provide a connection through local network 315 to a host computer 316, or a network storage/server 322. Additionally or alternatively, the network link 314 may connect through gateway/firewall 317 to the wide-area or global network 318, such as an Internet. Thus, the computer platform 301 can access network resources located anywhere on the Internet 318, such as a remote network storage/server 319. On the other hand, the computer platform 301 may also be accessed by clients located anywhere on the local area network 315 and/or the Internet 318. The network clients 320 and 321 may themselves be implemented based on the computer platform similar to the platform 301 .
[00108] Local network 315 and the Internet 318 both use electrical, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on network link 314 and through communication interface 313, which carry the digital data to and from computer platform 301 , are exemplary forms of carrier waves transporting the information.
[00109] Computer platform 301 can send messages and receive data, including program code, through the variety of network(s) including Internet 318 and LAN 315, network link 315 and communication interface 313. In the Internet example, when the system 301 acts as a network server, it might transmit a requested code or data for an application program running on client(s) 320 and/or 321 through the Internet 318, gateway/firewall 317, local area network 315 and communication interface 31 3. Similarly, it may receive code from other network resources.
[001 0] The received code may be executed by processor 305 as it is received, and/or stored in persistent or volatile storage devices 308 and 306, respectively, or other non-volatile storage for later execution.
[00 11] Finally, it should be understood that processes and techniques described herein are not inherently related to any particular apparatus and may be implemented by any suitable combination of components. Further, various types of general purpose devices may be used in accordance with the teachings described herein. It may also prove advantageous to construct specialized apparatus to perform the method steps described herein. The present invention has been described in relation to particular examples, which are intended in all respects to be illustrative rather than restrictive. Those skilled in the art will appreciate that many different combinations of hardware, software, and firmware will be suitable for practicing the present invention. For example, the described software may be implemented in a wide variety of programming or scripting languages, such as Assembler, C/C++, Objective-C, perl, shell, PHP, Java, as well as any now known or later developed programming or scripting language.
[00112] Moreover, other implementations of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. Various aspects and/or components of the described embodiments may be used singly or in any combination in the systems and methods for cross- architecture container virtualization. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

Claims

WHAT IS CLAIMED IS:
1 . A computer-implemented method for executing a software application, which is configured to execute in connection with a first computer architecture associated with a first operating system, in a computerised system of a second computer architecture different from the first computer architecture, the computerised system of the second computer architecture executing a second operating system, the method comprising:
a. providing, in connection with the second operating system a first binary container for executing the software application, wherein the software application executed inside the binary container appears to the second operating system and a plurality of native software applications executed in the second operating system as a native software application of the second computer architecture and wherein the software application executed in connection with the binary container interacts with the plurality of the native software applications executed in the second operating system by means of native interprocess communication mechanisms of the second operating system;
b. intercepting a first call from the software application to the first operating system associated with the first computer architecture; and
c. handling the intercepted first call from the software application to the first operating system associated with the first computer architecture, wherein the handling of the intercepted first call comprises: i. performing a simple conversion of the intercepted first call into a corresponding second call to the second operating system and processing the second call using the second operating system;
ii. performing a partial emulation of the first operating system; or iii. performing a full emulation of the first operating system.
2. The computer-implemented method of claim 1 , wherein in a., a memory space of the software application is placed inside a memory space of the binary container and is fully accessible by the binary container, and wherein the memory space of the binary container is protected from the software application.
3. The computer-implemented method of claim 1 , wherein the second operating system is not aware of the software application, which is fully loaded into the binary container and operates within the binary container and wherein the software application is not visible as a separate application to the second operating system.
4. The computer-implemented method of claim 1 , wherein the second operating system is standard operating system without any modifications.
5. The computer-implemented method of claim 1 , wherein the binary container is enabled to use any of a plurality of functions of the second operating system to provide a container functionality.
6. The computer-implemented method of claim 1 , wherein the binary container is enabled to provide a container functionality if the second operating system does not have a corresponding operating system functionality.
7. The computer-implemented method of claim 1 , wherein in c, the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, based on a request or parameter received from a user.
8. The computer-implemented method of claim 1 , wherein the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, for one or more arguments or specifications of the intercepted first call.
9. The computer-implemented method of claim 1 , further comprising translating a binary code of the software application between a first code specific to the first computer architecture and the second code specific to the second computer architecture.
10. The computer-implemented method of claim 1 , wherein the first binary container is configured to additionally execute a second software application.
1 1 . The computer-implemented method of claim 1 , further comprising intercepting and processing synchronous or asynchronous events addressed to the software application.
12. A non-transitory computer readable medium embodying a set of instructions, which, when executed in connection with one or more processors, cause the one or more processors to perform a computer-implemented method for executing a software application, which is configured to execute in connection with a first computer architecture associated with a first operating system, in a computerised system of a second computer architecture different from the first computer architecture, the computerised system of the second computer architecture executing a second operating system, the method comprising:
a. providing, in connection with the second operating system a first binary container for executing the software application, wherein the software application executed inside the binary container appears to the second operating system and a plurality of native software applications executed in the second operating system as a native software application of the second computer architecture and wherein the software application executed in connection with the binary container interacts with the plurality of the native software applications executed in the second operating system by means of native interprocess communication mechanisms of the second operating system;
b. intercepting a first call from the software application to the first operating system associated with the first computer architecture; and
c. handling the intercepted first call from the software application to the first operating system associated with the first computer architecture, wherein the handling of the intercepted first call comprises:
i. performing a simple conversion of the intercepted first call into a corresponding second call to the second operating system and processing the second call using the second operating system;
ii. performing a partial emulation of the first operating system; or iii. performing a full emulation of the first operating system.
13. The non-transitory computer readable medium of claim 12, wherein in a., a memory space of the software application is placed inside a memory space of the binary container and is fully accessible by the binary container, and wherein the memory space of the binary container is protected from the software application.
14. The non-transitory computer readable medium of claim 2, wherein the second operating system is not aware of the software application, which is fully loaded into the binary container and operates within the binary container and wherein the software application is not visible as a separate application to the second operating system.
15. The non-transitory computer readable medium of claim 12, wherein the second operating system is standard operating system without any modifications.
16. The non-transitory computer readable medium of claim 12, wherein the binary container is enabled to use any of a plurality of functions of the second operating system to provide a container functionality.
17. The non-transitory computer readable medium of claim 12, wherein the binary container is enabled to provide a container functionality if the second operating system does not have a corresponding operating system functionality.
18. The non-transitory computer readable medium of claim 12, wherein in c, the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, based on a request or parameter received from a user.
19. The non-transitory computer readable medium of claim 12, wherein the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, for one or more arguments or specifications of the intercepted first call.
20. The non-transitory computer readable medium of claim 12, wherein the method further comprises translating a binary code of the software application between a first code specific to the first computer architecture and the second code specific to the second computer architecture.
21 . The non-transitory computer readable medium of claim 12, wherein the first binary container is configured to additionally execute a second software application.
22. The non-transitory computer readable medium of claim 12, wherein the method further comprises intercepting and processing synchronous or asynchronous events addressed to the software application.
23. A computerized system comprising a central processing unit and a memory, the memory storing a set of instructions, which, when executed in connection with one or more processors, cause the one or more processors to perform a computer- implemented method for executing a software application, which is configured to execute in connection with a first computer architecture associated with a first operating system, in a computerised system of a second computer architecture different from the first computer architecture, the computerised system of the second computer architecture executing a second operating system, the method comprising: a. providing, in connection with the second operating system a first binary container for executing the software application, wherein the software application executed inside the binary container appears to the second operating system and a plurality of native software applications executed in the second operating system as a native software application of the second computer architecture and wherein the software application executed in connection with the binary container interacts with the plurality of the native software applications executed in the second operating system by means of native interprocess communication mechanisms of the second operating system;
b. intercepting a first call from the software application to the first operating system associated with the first computer architecture; and
c. handling the intercepted first call from the software application to the first operating system associated with the first computer architecture, wherein the handling of the intercepted first call comprises:
i. performing a simple conversion of the intercepted first call into a corresponding second call to the second operating system and processing the second call using the second operating system;
ii. performing a partial emulation of the first operating system; or iii. performing a full emulation of the first operating system.
24. The computerized system of claim 23, wherein in a., a memory space of the software application is placed inside a memory space of the binary container and is fully accessible by the binary container, and wherein the memory space of the binary container is protected from the software application.
25. The computerized system of claim 23, wherein the second operating system is not aware of the software application, which is fully loaded into the binary container and operates within the binary container and wherein the software application is not visible as a separate application to the second operating system.
26. The computerized system of claim 23, wherein the second operating system is standard operating system without any modifications.
27. The computerized system of claim 23, wherein the binary container is enabled to use any of a plurality of functions of the second operating system to provide a container functionality.
28. The computerized system of claim 23, wherein the binary container is enabled to provide a container functionality if the second operating system does not have a corresponding operating system functionality.
29. The computerized system of claim 23, wherein in c, the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, based on a request or parameter received from a user.
30. The computerized system of claim 23, wherein the handling of the intercepted first call is selected to be one of: performing the simple conversion; performing the partial emulation; and performing the full emulation, for one or more arguments or specifications of the intercepted first call.
31 . The computerized system of claim 23, wherein the method further comprises translating a binary code of the software application between a first code specific to the first computer architecture and the second code specific to the second computer architecture.
32. The computerized system of claim 23, wherein the first binary container is configured to additionally execute a second software application.
33. The computerized system of claim 23, wherein the method further comprises intercepting and processing synchronous or asynchronous events addressed to the software application.
PCT/RU2013/001121 2013-12-13 2013-12-13 Systems and methods for cross-architecture container virtualization WO2015088374A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/RU2013/001121 WO2015088374A1 (en) 2013-12-13 2013-12-13 Systems and methods for cross-architecture container virtualization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/RU2013/001121 WO2015088374A1 (en) 2013-12-13 2013-12-13 Systems and methods for cross-architecture container virtualization

Publications (1)

Publication Number Publication Date
WO2015088374A1 true WO2015088374A1 (en) 2015-06-18

Family

ID=53371542

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/RU2013/001121 WO2015088374A1 (en) 2013-12-13 2013-12-13 Systems and methods for cross-architecture container virtualization

Country Status (1)

Country Link
WO (1) WO2015088374A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9898354B2 (en) 2016-03-21 2018-02-20 Microsoft Technology Licensing, Llc Operating system layering
US9928062B2 (en) 2016-03-04 2018-03-27 International Business Machines Corporation ISA-ported container images
GB2558879A (en) * 2017-01-04 2018-07-25 Cisco Tech Inc Method and apparatus for container-based virtualisation
JP2018526759A (en) * 2015-09-14 2018-09-13 アプックス リミテッドAppux Limited Running an application on a computing device
US10489354B2 (en) 2016-07-29 2019-11-26 Hewlett Packard Enterprise Development Lp Storage systems for containers
CN114721719A (en) * 2022-04-20 2022-07-08 上海道客网络科技有限公司 Method and system for containerized deployment of heterogeneous applications in cluster
US11995449B2 (en) 2019-12-16 2024-05-28 Microsoft Technology Licensing, Llc Layered composite boot device and file system for operating system booting in file system virtualization environments

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080216073A1 (en) * 1999-01-28 2008-09-04 Ati International Srl Apparatus for executing programs for a first computer architechture on a computer of a second architechture
US8327354B1 (en) * 2007-05-31 2012-12-04 Hewlett-Packard Development Company, L.P. Virtualization with binary translation

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080216073A1 (en) * 1999-01-28 2008-09-04 Ati International Srl Apparatus for executing programs for a first computer architechture on a computer of a second architechture
US8327354B1 (en) * 2007-05-31 2012-12-04 Hewlett-Packard Development Company, L.P. Virtualization with binary translation

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018526759A (en) * 2015-09-14 2018-09-13 アプックス リミテッドAppux Limited Running an application on a computing device
US9928062B2 (en) 2016-03-04 2018-03-27 International Business Machines Corporation ISA-ported container images
US10831474B2 (en) 2016-03-04 2020-11-10 International Business Machines Corporation ISA-ported container images
US9898354B2 (en) 2016-03-21 2018-02-20 Microsoft Technology Licensing, Llc Operating system layering
US10489354B2 (en) 2016-07-29 2019-11-26 Hewlett Packard Enterprise Development Lp Storage systems for containers
GB2558879A (en) * 2017-01-04 2018-07-25 Cisco Tech Inc Method and apparatus for container-based virtualisation
US11995449B2 (en) 2019-12-16 2024-05-28 Microsoft Technology Licensing, Llc Layered composite boot device and file system for operating system booting in file system virtualization environments
CN114721719A (en) * 2022-04-20 2022-07-08 上海道客网络科技有限公司 Method and system for containerized deployment of heterogeneous applications in cluster
CN114721719B (en) * 2022-04-20 2023-08-01 上海道客网络科技有限公司 Method and system for containerized deployment of heterogeneous applications in cluster

Similar Documents

Publication Publication Date Title
TWI705375B (en) Interrupt request processing method, apparatus, virtualization device and readable storage medium
US7945436B2 (en) Pass-through and emulation in a virtual machine environment
WO2015088374A1 (en) Systems and methods for cross-architecture container virtualization
US8635612B2 (en) Systems and methods for hypervisor discovery and utilization
EP2843552B1 (en) Method and system for executing callback functions delivered via a communication between a user-space application and the operating system kernel
US10176007B2 (en) Guest code emulation by virtual machine function
US8091086B1 (en) System and method for virtualization using an open bus hypervisor
US8522238B2 (en) Feature driven backend switching
JP6458959B2 (en) Co-designed dynamic language accelerator for processors
JP2015503784A (en) Migration between virtual machines in the graphics processor
NO340567B1 (en) Hierarchical virtualization with a multi-level virtualization mechanism
US11055186B2 (en) Managing related devices for virtual machines using robust passthrough device enumeration
Armand et al. A practical look at micro-kernels and virtual machine monitors
US20180239715A1 (en) Secure zero-copy packet forwarding
US10860523B2 (en) Universal asynchronous receiver/transmitter (UART) data pass-through for virtualized environments
US10620963B2 (en) Providing fallback drivers for IO devices in a computing system
US11734048B2 (en) Efficient user space driver isolation by shallow virtual machines
US11693722B2 (en) Fast memory mapped IO support by register switch
CN108292233B (en) Application processor for starting virtual machine
US10754796B2 (en) Efficient user space driver isolation by CPU page table switching
US20170329622A1 (en) Shared virtual data structure of nested hypervisors
US20230266984A1 (en) Container-based operating system translation
US11194606B2 (en) Managing related devices for virtual machines utilizing shared device data
US11748136B2 (en) Event notification support for nested virtual machines
US11074114B1 (en) System and method for executing applications in a non-native environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13899068

Country of ref document: EP

Kind code of ref document: A1

WA Withdrawal of international application
NENP Non-entry into the national phase

Ref country code: DE