Stefan Weil | 7316329 | 2011-10-05 20:03:02 +0200 | [diff] [blame] | 1 | TCG Interpreter (TCI) - Copyright (c) 2011 Stefan Weil. |
| 2 | |
| 3 | This file is released under the BSD license. |
| 4 | |
| 5 | 1) Introduction |
| 6 | |
| 7 | TCG (Tiny Code Generator) is a code generator which translates |
| 8 | code fragments ("basic blocks") from target code (any of the |
| 9 | targets supported by QEMU) to a code representation which |
| 10 | can be run on a host. |
| 11 | |
| 12 | QEMU can create native code for some hosts (arm, hppa, i386, ia64, ppc, ppc64, |
| 13 | s390, sparc, x86_64). For others, unofficial host support was written. |
| 14 | |
| 15 | By adding a code generator for a virtual machine and using an |
| 16 | interpreter for the generated bytecode, it is possible to |
| 17 | support (almost) any host. |
| 18 | |
| 19 | This is what TCI (Tiny Code Interpreter) does. |
| 20 | |
| 21 | 2) Implementation |
| 22 | |
| 23 | Like each TCG host frontend, TCI implements the code generator in |
| 24 | tcg-target.c, tcg-target.h. Both files are in directory tcg/tci. |
| 25 | |
| 26 | The additional file tcg/tci.c adds the interpreter. |
| 27 | |
| 28 | The bytecode consists of opcodes (same numeric values as those used by |
| 29 | TCG), command length and arguments of variable size and number. |
| 30 | |
| 31 | 3) Usage |
| 32 | |
| 33 | For hosts without native TCG, the interpreter TCI must be enabled by |
| 34 | |
| 35 | configure --enable-tcg-interpreter |
| 36 | |
| 37 | If configure is called without --enable-tcg-interpreter, it will |
| 38 | suggest using this option. Setting it automatically would need |
| 39 | additional code in configure which must be fixed when new native TCG |
| 40 | implementations are added. |
| 41 | |
| 42 | System emulation should work on any 32 or 64 bit host. |
| 43 | User mode emulation might work. Maybe a new linker script (*.ld) |
| 44 | is needed. Byte order might be wrong (on big endian hosts) |
| 45 | and need fixes in configure. |
| 46 | |
| 47 | For hosts with native TCG, the interpreter TCI can be enabled by |
| 48 | |
| 49 | configure --enable-tcg-interpreter |
| 50 | |
| 51 | The only difference from running QEMU with TCI to running without TCI |
| 52 | should be speed. Especially during development of TCI, it was very |
| 53 | useful to compare runs with and without TCI. Create /tmp/qemu.log by |
| 54 | |
| 55 | qemu-system-i386 -d in_asm,op_opt,cpu -singlestep |
| 56 | |
| 57 | once with interpreter and once without interpreter and compare the resulting |
| 58 | qemu.log files. This is also useful to see the effects of additional |
| 59 | registers or additional opcodes (it is easy to modify the virtual machine). |
| 60 | It can also be used to verify native TCGs. |
| 61 | |
| 62 | Hosts with native TCG can also enable TCI by claiming to be unsupported: |
| 63 | |
| 64 | configure --cpu=unknown --enable-tcg-interpreter |
| 65 | |
| 66 | configure then no longer uses the native linker script (*.ld) for |
| 67 | user mode emulation. |
| 68 | |
| 69 | |
| 70 | 4) Status |
| 71 | |
| 72 | TCI needs special implementation for 32 and 64 bit host, 32 and 64 bit target, |
| 73 | host and target with same or different endianness. |
| 74 | |
| 75 | | host (le) host (be) |
| 76 | | 32 64 32 64 |
| 77 | ------------+------------------------------------------------------------ |
| 78 | target (le) | s0, u0 s1, u1 s?, u? s?, u? |
| 79 | 32 bit | |
| 80 | | |
| 81 | target (le) | sc, uc s1, u1 s?, u? s?, u? |
| 82 | 64 bit | |
| 83 | | |
| 84 | target (be) | sc, u0 sc, uc s?, u? s?, u? |
| 85 | 32 bit | |
| 86 | | |
| 87 | target (be) | sc, uc sc, uc s?, u? s?, u? |
| 88 | 64 bit | |
| 89 | | |
| 90 | |
| 91 | System emulation |
| 92 | s? = untested |
| 93 | sc = compiles |
| 94 | s0 = bios works |
| 95 | s1 = grub works |
| 96 | s2 = Linux boots |
| 97 | |
| 98 | Linux user mode emulation |
| 99 | u? = untested |
| 100 | uc = compiles |
| 101 | u0 = static hello works |
| 102 | u1 = linux-user-test works |
| 103 | |
| 104 | 5) Todo list |
| 105 | |
| 106 | * TCI is not widely tested. It was written and tested on a x86_64 host |
| 107 | running i386 and x86_64 system emulation and Linux user mode. |
| 108 | A cross compiled QEMU for i386 host also works with the same basic tests. |
| 109 | A cross compiled QEMU for mipsel host works, too. It is terribly slow |
| 110 | because I run it in a mips malta emulation, so it is an interpreted |
| 111 | emulation in an emulation. |
| 112 | A cross compiled QEMU for arm host works (tested with pc bios). |
| 113 | A cross compiled QEMU for ppc host works at least partially: |
| 114 | i386-linux-user/qemu-i386 can run a simple hello-world program |
| 115 | (tested in a ppc emulation). |
| 116 | |
| 117 | * Some TCG opcodes are either missing in the code generator and/or |
| 118 | in the interpreter. These opcodes raise a runtime exception, so it is |
| 119 | possible to see where code must be added. |
| 120 | |
| 121 | * The pseudo code is not optimized and still ugly. For hosts with special |
| 122 | alignment requirements, it needs some fixes (maybe aligned bytecode |
| 123 | would also improve speed for hosts which support byte alignment). |
| 124 | |
| 125 | * A better disassembler for the pseudo code would be nice (a very primitive |
| 126 | disassembler is included in tcg-target.c). |
| 127 | |
| 128 | * It might be useful to have a runtime option which selects the native TCG |
| 129 | or TCI, so QEMU would have to include two TCGs. Today, selecting TCI |
| 130 | is a configure option, so you need two compilations of QEMU. |