7316329aa5
Unlike other tcg target code generators, this one does not generate machine code for some cpu. It generates machine independent bytecode which is interpreted later. This allows running QEMU on any host. Interpreted bytecode is slower than direct execution of generated machine code. Signed-off-by: Stefan Weil <sw@weilnetz.de>
131 lines
4.6 KiB
Plaintext
131 lines
4.6 KiB
Plaintext
TCG Interpreter (TCI) - Copyright (c) 2011 Stefan Weil.
|
|
|
|
This file is released under the BSD license.
|
|
|
|
1) Introduction
|
|
|
|
TCG (Tiny Code Generator) is a code generator which translates
|
|
code fragments ("basic blocks") from target code (any of the
|
|
targets supported by QEMU) to a code representation which
|
|
can be run on a host.
|
|
|
|
QEMU can create native code for some hosts (arm, hppa, i386, ia64, ppc, ppc64,
|
|
s390, sparc, x86_64). For others, unofficial host support was written.
|
|
|
|
By adding a code generator for a virtual machine and using an
|
|
interpreter for the generated bytecode, it is possible to
|
|
support (almost) any host.
|
|
|
|
This is what TCI (Tiny Code Interpreter) does.
|
|
|
|
2) Implementation
|
|
|
|
Like each TCG host frontend, TCI implements the code generator in
|
|
tcg-target.c, tcg-target.h. Both files are in directory tcg/tci.
|
|
|
|
The additional file tcg/tci.c adds the interpreter.
|
|
|
|
The bytecode consists of opcodes (same numeric values as those used by
|
|
TCG), command length and arguments of variable size and number.
|
|
|
|
3) Usage
|
|
|
|
For hosts without native TCG, the interpreter TCI must be enabled by
|
|
|
|
configure --enable-tcg-interpreter
|
|
|
|
If configure is called without --enable-tcg-interpreter, it will
|
|
suggest using this option. Setting it automatically would need
|
|
additional code in configure which must be fixed when new native TCG
|
|
implementations are added.
|
|
|
|
System emulation should work on any 32 or 64 bit host.
|
|
User mode emulation might work. Maybe a new linker script (*.ld)
|
|
is needed. Byte order might be wrong (on big endian hosts)
|
|
and need fixes in configure.
|
|
|
|
For hosts with native TCG, the interpreter TCI can be enabled by
|
|
|
|
configure --enable-tcg-interpreter
|
|
|
|
The only difference from running QEMU with TCI to running without TCI
|
|
should be speed. Especially during development of TCI, it was very
|
|
useful to compare runs with and without TCI. Create /tmp/qemu.log by
|
|
|
|
qemu-system-i386 -d in_asm,op_opt,cpu -singlestep
|
|
|
|
once with interpreter and once without interpreter and compare the resulting
|
|
qemu.log files. This is also useful to see the effects of additional
|
|
registers or additional opcodes (it is easy to modify the virtual machine).
|
|
It can also be used to verify native TCGs.
|
|
|
|
Hosts with native TCG can also enable TCI by claiming to be unsupported:
|
|
|
|
configure --cpu=unknown --enable-tcg-interpreter
|
|
|
|
configure then no longer uses the native linker script (*.ld) for
|
|
user mode emulation.
|
|
|
|
|
|
4) Status
|
|
|
|
TCI needs special implementation for 32 and 64 bit host, 32 and 64 bit target,
|
|
host and target with same or different endianness.
|
|
|
|
| host (le) host (be)
|
|
| 32 64 32 64
|
|
------------+------------------------------------------------------------
|
|
target (le) | s0, u0 s1, u1 s?, u? s?, u?
|
|
32 bit |
|
|
|
|
|
target (le) | sc, uc s1, u1 s?, u? s?, u?
|
|
64 bit |
|
|
|
|
|
target (be) | sc, u0 sc, uc s?, u? s?, u?
|
|
32 bit |
|
|
|
|
|
target (be) | sc, uc sc, uc s?, u? s?, u?
|
|
64 bit |
|
|
|
|
|
|
|
System emulation
|
|
s? = untested
|
|
sc = compiles
|
|
s0 = bios works
|
|
s1 = grub works
|
|
s2 = Linux boots
|
|
|
|
Linux user mode emulation
|
|
u? = untested
|
|
uc = compiles
|
|
u0 = static hello works
|
|
u1 = linux-user-test works
|
|
|
|
5) Todo list
|
|
|
|
* TCI is not widely tested. It was written and tested on a x86_64 host
|
|
running i386 and x86_64 system emulation and Linux user mode.
|
|
A cross compiled QEMU for i386 host also works with the same basic tests.
|
|
A cross compiled QEMU for mipsel host works, too. It is terribly slow
|
|
because I run it in a mips malta emulation, so it is an interpreted
|
|
emulation in an emulation.
|
|
A cross compiled QEMU for arm host works (tested with pc bios).
|
|
A cross compiled QEMU for ppc host works at least partially:
|
|
i386-linux-user/qemu-i386 can run a simple hello-world program
|
|
(tested in a ppc emulation).
|
|
|
|
* Some TCG opcodes are either missing in the code generator and/or
|
|
in the interpreter. These opcodes raise a runtime exception, so it is
|
|
possible to see where code must be added.
|
|
|
|
* The pseudo code is not optimized and still ugly. For hosts with special
|
|
alignment requirements, it needs some fixes (maybe aligned bytecode
|
|
would also improve speed for hosts which support byte alignment).
|
|
|
|
* A better disassembler for the pseudo code would be nice (a very primitive
|
|
disassembler is included in tcg-target.c).
|
|
|
|
* It might be useful to have a runtime option which selects the native TCG
|
|
or TCI, so QEMU would have to include two TCGs. Today, selecting TCI
|
|
is a configure option, so you need two compilations of QEMU.
|