1. A computer-implemented method comprising:
loading, at a computing device, a process into a virtual machine operating under control of a hypervisor communicatively interfaced with a host operating system kernel of a host operating system of the computing device, the hypervisor executing under control of the host operating system;
exposing, at the computing device, a subset of an Application Programming Interface (API) to the virtual machine, wherein the process interfaces with the host operating system kernel via the subset of the API; and
executing the process in the virtual machine.
2. The computer-implemented method of claim 1, further comprising:
exposing, at the computing device, a copy-on-write memory image associated with the operating system kernel to the virtual machine.
3. The computer-implemented method of claim 2, further comprising:
exposing, at the computing device, a read-only memory image of the operating system kernel to the virtual machine.
4. The computer-implemented method of claim 1, further comprising:
receiving, at the hypervisor, a request from the process to write to a copy-on-write memory image;
allocating a private copy portion of the copy-on-write memory image to the process executing in the virtual machine; and
writing to the private copy portion of the copy-on-write memory image based on the request from the process.
5. The computer-implemented method of claim 1, wherein the hypervisor controls a plurality of virtual machines, each of which comprises a read-only view of the operating system kernel in memory, and wherein:
each virtual machine contains a single executing process;
the hypervisor exposes a subset of the API to each virtual machine; and wherein
the hypervisor exposes a copy-on-write memory image associated with the operating system kernel to each virtual machine.
6. The computer-implemented method of claim 1, wherein the process executes as a guest operating system under control of the hypervisor.
7. The computer-implemented method of claim 1, wherein exposing the subset of the API to the virtual machine comprises:
exposing non-restricted operations of the operating system kernel accessible via the API to the virtual machine; and
hiding restricted operations accessible to the operating system kernel accessible via the API from the virtual machine.
8. The computer-implemented method of claim 1, wherein:
the API comprises interfaces to restricted operations of the operating system kernel and interfaces to non-restricted operations of the operating system kernel;
the subset of the API exposed to the virtual machine comprises the interfaces to the non-restricted operations; and wherein
the interfaces to the restricted operations are not exposed to the virtual machine.
9. The computer-implemented method of claim 8, wherein the restricted operations are selected from a group comprising:
requests to load executable code after an initial process load associated with a computer application;
requests to access memory locations which are not allocated to the computer application;
requests to make executable memory locations writable;
requests to make writable memory locations executable;
requests to commit modifications to dynamic shared objects; and
requests to self-modify the computer application.
10. The computer-implemented method of claim 1, further comprising:
marking an executable image associated with the process as read-only in the copy-on-write memory image; and
disabling interfaces in the subset of the API to mark all or a portion of the executable image associated with the process as writable in the copy-on-write memory image.
11. The computer-implemented method of claim 1, further comprising:
loading a second process into a second virtual machine operating under control of the hypervisor;
exposing a copy-on-write memory image associated with the operating system kernel to the virtual machine; and
exposing a read-only memory image of the operating system kernel to the virtual machine.
12. The computer-implemented method of claim 11, wherein a first process of a first virtual machine is hidden from a second process of a second virtual machine via the hypervisor, and wherein the second process of the second virtual machine is hidden from the first process of the first virtual machine via the hypervisor.
13. The computer-implemented method of claim 1, further comprising:
removing the virtual machine when the process terminates; and
removing the virtual machine from a plurality of virtual machines operating under control of the hypervisor.
14. The computer-implemented method of claim 1, wherein executing the process in the virtual machine comprises executing the process in recording mode to generate an operations profile.
15. The computer-implemented method of claim 14, wherein executing the process in recording mode comprises:
executing the process in the virtual machine;
recording all requests made to the API from the executing process; and
storing the recorded requests in the operations profile.
16. The computer-implemented method of claim 15, wherein the subset of the API exposed to the virtual machine is based on the operations profile.
17. The computer-implemented method of claim 16, wherein the subset of the API exposed to the virtual machine is based further on a restricted operations profile.
18. A non-transitory computer-readable medium, having instructions stored thereon that, when executed by a processor, perform a method comprising:
loading a process into a virtual machine operating under control of a hypervisor communicatively interfaced with a host operating system kernel of a host operating system of the computing device, the hypervisor executing under control of the host operating system;
exposing a subset of an Application Programming Interface (API) to the virtual machine, wherein the process interfaces with the host operating system kernel via the subset of the API; and
executing the process in the virtual machine.
19. The computer-readable medium of claim 18, wherein the method to be performed further comprises:
exposing a copy-on-write memory image associated with the operating system kernel to the virtual machine.
20. The computer-readable medium of claim 19, wherein the method to be performed further comprises:
exposing at least a portion of a read-only memory image of the operating system kernel to the virtual machine, wherein the portion of the read-only memory image comprises one or more modular components of the operating system in the read-only memory image.
21. A computing device comprising:
a memory; and
a processor, coupled to the memory, to execute a hypervisor under control of a host operating system, the hypervisor communicatively interfaced with a host operating system kernel of the host operating system via an Application Programming Interface (API), the hypervisor to load a process into a virtual machine operating under control of the hypervisor, and to expose a subset of the API to the virtual machine, wherein the process interfaces with the host operating system kernel via the subset of the API, and wherein the processor is to execute the process in the virtual machine.
22. The computing device of claim 21, further comprising:
an operations recorder, coupled with the memory and the processor, to record all API requests initiated by the executing process, regardless of whether the API requests are supported by the subset of the API exposed to the virtual machine; and wherein
the operations recorder is operable to further store the recorded API requests in an operations profile.
23. The computing device of claim 21, further comprising:
a copy-on-write memory controller, coupled with the memory, to manage a copy-on-write memory image stored in the memory and associated with the operating system kernel, and wherein
the copy-on-write memory controller is operable to further:
expose the read-only memory image of the operating system kernel to the virtual machine via the hypervisor,
receiving from the hypervisor, a request to write to the copy-on-write memory image on behalf of the process,
allocate a private copy portion of the copy-on-write memory image to the process executing in the virtual machine, and
write to the private copy portion of the copy-on-write memory image based on the request from the hypervisor.
24. A computer-implemented method comprising:
loading, at a computing device, a process within a virtual machine under control of a hypervisor, the hypervisor being communicatively interfaced with a host operating system kernel of a host operating system via an Application Programming Interface (API), the hypervisor executing under control of the host operating system;
exposing a subset of the API to the virtual machine, wherein the subset of the API comprises a plurality of non-restricted operations of the host operating system kernel to the process loaded within the virtual machine; and
initiating execution of the process in the virtual machine.
25. The computer-implemented method of claim 24, further comprising:
receiving a request from the process executing in the virtual machine to perform an operation; and
transacting the operation requested by the process to the operating system kernel when the operation is exposed to the virtual machine via the subset of the API.
26. The computer-implemented method of claim 24, wherein a portion of the API unexposed to the virtual machine via the subset of the API comprises one or more restricted operations selected from a group comprising:
requests to load executable code after an initial process load associated with a computer application;
requests to access memory locations which are not allocated to the computer application;
requests to make executable memory locations writable;
requests to make writable memory locations executable;
requests to commit modifications to dynamic shared objects; and
requests to self-modify the computer application.
The claims below are in addition to those above.
All refrences to claim(s) which appear below refer to the numbering after this setence.
1. A dimensional measurement device configured to send a first beam of light to a remote target, the target having a position in space, the target returning a reflected portion of the first beam as a second beam, the measurement device comprising:
a first light source configured to emit a first light;
a fiber coupler assembly including a coupler input port, a coupler output port, a coupler measure port, and a coupler reference port, the fiber coupler assembly configured to receive a first portion of the first light through the coupler input port, to send a second portion of the first portion out of the coupler output port, and to send a third portion of the first portion out of the coupler reference port;
a fiber-optic switch including a switch input port, a switch measure port, and a switch reference port, the fiber-optic switch configured to receive the second portion through the switch input port, to receive a first electrical signal in a first state or a second state, and to send the second portion out of the switch measure port if the first electrical signal is in the first state or to send the second portion out of the switch reference port if the first electrical signal is in the second state;
an optical system configured to receive the second portion from the switch measure port and to send the second portion out of the dimensional measurement device as the first beam, the optical system further configured to receive the second beam as a fourth portion, to send the fourth portion into the switch measure port, the fiber-optic switch configured to receive the fourth portion and to send the fourth portion into the coupler output port, the fiber coupler assembly configured to send a fifth portion of the fourth portion out of the coupler measure port;
a reference retroreflector configured to receive the second portion from the switch reference port and to return it to the coupler output port as a sixth portion, the fiber coupler assembly configured to send a seventh portion of the sixth portion to the coupler measure port;
a first electrical circuit configured to provide the first electrical signal in the first state or the second state, to convert the third portion into a first reference value, to convert the fifth portion into a first measure value if the first electrical signal is in the first state, and to convert the seventh portion into a second reference value if the first electrical signal is in the second state; and
a processor configured to determine a first distance from the dimensional measurement device to the target, the first distance based at least in part on the first measure value, the first reference value, and the second reference value.
2. The dimensional measurement device of claim 1, wherein the third portion is converted into a first reference electrical signal by a reference optical detector, the fifth portion is converted into a first measure electrical signal by a measure optical detector, and the seventh portion is converted into a second reference electrical signal by the measure optical detector.
3. The dimensional measurement device of claim 1, further comprising:
a first motor and a second motor that together are configured to direct the first beam of light to a first direction, the first direction determined by a first angle of rotation about a first axis and a second angle of rotation about a second axis, the first angle of rotation produced by the first motor and the second angle of rotation produced by the second motor; and
a first angle measuring device configured to measure the first angle of rotation and a second angle measuring device configured to measure the second angle of rotation, wherein the processor is further configured to provide three-dimensional coordinates of the retroreflector target, the three-dimensional coordinates based at least in part on the first distance, the first angle of rotation, and the second angle of rotation.
4. The dimensional measurement device of claim 2 wherein the target is a retroreflector target.
5. The dimensional measurement device of claim 4 wherein the target is a spherically mounted retroreflector.
6. The dimensional measurement device of claim 1 wherein the dimensional measurement device further comprises a modulator to modulate the first light.
7. The dimensional measurement device of claim 6, wherein the modulator is configured to modulate the optical power of the first light approximately as a sinusoid of constant frequency.
8. The dimensional measurement device of claim 7, wherein the first electrical circuit is configured to extract a first reference phase of the third portion, a first measure phase of the fifth portion, and a second reference phase of the seventh portion.
9. The dimensional measurement device of claim 6, wherein the modulator is configured to modulate the optical power of the first light in a pulsed fashion.
10. The dimensional measurement device of claim 6, wherein the modulator is configured to modulate the optical power of the first light as a waveform having a time-varying frequency.
11. The dimensional measurement device of claim 4, wherein the first electrical circuit is configured to select one of the first state and the second state based at least in part on the first measure value.
12. The dimensional measurement device of claim 4, wherein the first electrical circuit is configured to select the first state and the second state based at least in part on a time since the second reference value was last obtained.
13. The dimensional measurement device of claim 4, wherein the first electrical circuit is configured to select one of the first state and the second state based at least in part on a change in measured temperature since the second reference value was last obtained.
14. The dimensional measurement device of claim 4, wherein the first electrical circuit is configured to select one of the first state and the second state based at least in part on whether the processor is in a mode to determine first distance values.
15. A method for a dimensional measurement device that sends a first beam of light to a target, the target returning a portion of the first beam as a second beam, the method comprising steps of:
providing a first light source, a fiber coupler assembly, a fiber-optic switch, an optical system, a reference retroreflector, a first electrical circuit, and a processor, the first light source configured to emit a first light, the fiber coupler assembly including a coupler input port, a coupler output port, a coupler measure port, and a coupler reference port, the fiber-optic switch including a switch input port, a switch measure port, and a switch reference port;
receiving a first portion of the first light through the coupler input port;
sending a second portion of the first portion out of the coupler output port;
sending a third portion of the first portion out of the coupler reference port;
receiving the second portion through the switch input port;
receiving by the fiber-optic switch a first electrical signal in a first state or a second state;
sending the second portion out of the switch measure port if the first electrical signal is in the first state or sending the second portion out of the switch reference port if the first electrical signal is in the second state;
receiving by the optical system the second portion from the switch measure port and sending the second portion out of the dimensional measurement device as a first beam;
receiving by the optical system the second beam as a fourth portion and sending the fourth portion into the switch measure port;
receiving by the fiber-optic switch the fourth portion and sending the fourth portion into the coupler output port;
sending a fifth portion of the fourth portion to the coupler measure port;
receiving by the reference retroreflector the second portion from the switch reference port and returning a sixth portion to the coupler output port;
sending a seventh portion of the sixth portion to the coupler measure port;
converting the third portion into a first reference value, converting the fifth portion into a first measure value if the first electrical signal is in the first state, and converting the seventh portion into a second reference value if the first electrical signal is in the second state;
determining a first distance from the dimensional measurement device to the target, the first distance based at least in part on the first measure value, the first reference value, and the second reference value; and
storing the determined first distance.
16. The method of claim 15, further comprising steps of:
providing a reference optical detector and a measure optical detector;
converting the third portion into a first reference electrical signal with the reference optical detector;
converting the fifth portion into a first measure electrical signal with the measure optical detector; and
converting the seventh portion into a second reference electrical signal with the measure optical detector.
17. The method of claim 16, further comprising steps of:
providing a first motor, a second motor, a first angle measuring device, and a second angle measuring device, the first motor and the second motor together configured to direct the first beam of light to a first direction, the first direction determined by a first angle of rotation about a first axis and a second angle of rotation about a second axis;
producing the first angle of rotation with the first motor;
producing the second angle of rotation with the second motor;
measuring the first angle of rotation;
measuring the second angle of rotation; and
determining three-dimensional coordinates of the retroreflector target based at least in part on the first distance, the first angle of rotation, and the second angle of rotation.
18. The method of claim 17, wherein the step of receiving by the fiber-optic switch the fourth portion and sending the fourth portion into the coupler output port further includes the step of selecting one of the first state and the second state based at least in part on the first measure value.
19. The method of claim 17, wherein the step of receiving by the fiber-optic switch the fourth portion and sending the fourth portion into the coupler output port further includes the step of selecting one of the first state and the second state based at least in part on a change in measured temperature since the second reference value was last obtained.
20. The method of claim 17, wherein the step of receiving by the fiber-optic switch the fourth portion and sending the fourth portion into the coupler output port further includes the step of selecting one of the first state and the second state based at least in part on whether the processor is in a mode to determine first distance values.