tcg/tci/README - qemu-android - Git at Google

 TCG Interpreter (TCI) - Copyright (c) 2011 Stefan Weil.

 This file is released under the BSD license.

 1) Introduction

 TCG (Tiny Code Generator) is a code generator which translates
 code fragments ("basic blocks") from target code (any of the
 targets supported by QEMU) to a code representation which
 can be run on a host.

 QEMU can create native code for some hosts (arm, hppa, i386, ia64, ppc, ppc64,
 s390, sparc, x86_64). For others, unofficial host support was written.

 By adding a code generator for a virtual machine and using an
 interpreter for the generated bytecode, it is possible to
 support (almost) any host.

 This is what TCI (Tiny Code Interpreter) does.

 2) Implementation

 Like each TCG host frontend, TCI implements the code generator in
 tcg-target.c, tcg-target.h. Both files are in directory tcg/tci.

 The additional file tcg/tci.c adds the interpreter.

 The bytecode consists of opcodes (same numeric values as those used by
 TCG), command length and arguments of variable size and number.

 3) Usage

 For hosts without native TCG, the interpreter TCI must be enabled by

         configure --enable-tcg-interpreter

 If configure is called without --enable-tcg-interpreter, it will
 suggest using this option. Setting it automatically would need
 additional code in configure which must be fixed when new native TCG
 implementations are added.

 System emulation should work on any 32 or 64 bit host.
 User mode emulation might work. Maybe a new linker script (*.ld)
 is needed. Byte order might be wrong (on big endian hosts)
 and need fixes in configure.

 For hosts with native TCG, the interpreter TCI can be enabled by

         configure --enable-tcg-interpreter

 The only difference from running QEMU with TCI to running without TCI
 should be speed. Especially during development of TCI, it was very
 useful to compare runs with and without TCI. Create /tmp/qemu.log by

         qemu-system-i386 -d in_asm,op_opt,cpu -D /tmp/qemu.log -singlestep

 once with interpreter and once without interpreter and compare the resulting
 qemu.log files. This is also useful to see the effects of additional
 registers or additional opcodes (it is easy to modify the virtual machine).
 It can also be used to verify native TCGs.

 Hosts with native TCG can also enable TCI by claiming to be unsupported:

         configure --cpu=unknown --enable-tcg-interpreter

 configure then no longer uses the native linker script (*.ld) for
 user mode emulation.


 4) Status

 TCI needs special implementation for 32 and 64 bit host, 32 and 64 bit target,
 host and target with same or different endianness.

             | host (le)                     host (be)
             | 32             64             32             64
 ------------+------------------------------------------------------------
 target (le) | s0, u0         s1, u1         s?, u?         s?, u?
 32 bit      |
             |
 target (le) | sc, uc         s1, u1         s?, u?         s?, u?
 64 bit      |
             |
 target (be) | sc, u0         sc, uc         s?, u?         s?, u?
 32 bit      |
             |
 target (be) | sc, uc         sc, uc         s?, u?         s?, u?
 64 bit      |
             |

 System emulation
 s? = untested
 sc = compiles
 s0 = bios works
 s1 = grub works
 s2 = Linux boots

 Linux user mode emulation
 u? = untested
 uc = compiles
 u0 = static hello works
 u1 = linux-user-test works

 5) Todo list

 * TCI is not widely tested. It was written and tested on a x86_64 host
   running i386 and x86_64 system emulation and Linux user mode.
   A cross compiled QEMU for i386 host also works with the same basic tests.
   A cross compiled QEMU for mipsel host works, too. It is terribly slow
   because I run it in a mips malta emulation, so it is an interpreted
   emulation in an emulation.
   A cross compiled QEMU for arm host works (tested with pc bios).
   A cross compiled QEMU for ppc host works at least partially:
   i386-linux-user/qemu-i386 can run a simple hello-world program
   (tested in a ppc emulation).

 * Some TCG opcodes are either missing in the code generator and/or
   in the interpreter. These opcodes raise a runtime exception, so it is
   possible to see where code must be added.

 * The pseudo code is not optimized and still ugly. For hosts with special
   alignment requirements, it needs some fixes (maybe aligned bytecode
   would also improve speed for hosts which support byte alignment).

 * A better disassembler for the pseudo code would be nice (a very primitive
   disassembler is included in tcg-target.c).

 * It might be useful to have a runtime option which selects the native TCG
   or TCI, so QEMU would have to include two TCGs. Today, selecting TCI
   is a configure option, so you need two compilations of QEMU.
	TCG Interpreter (TCI) - Copyright (c) 2011 Stefan Weil.

	This file is released under the BSD license.

	1) Introduction

	TCG (Tiny Code Generator) is a code generator which translates
	code fragments ("basic blocks") from target code (any of the
	targets supported by QEMU) to a code representation which
	can be run on a host.

	QEMU can create native code for some hosts (arm, hppa, i386, ia64, ppc, ppc64,
	s390, sparc, x86_64). For others, unofficial host support was written.

	By adding a code generator for a virtual machine and using an
	interpreter for the generated bytecode, it is possible to
	support (almost) any host.

	This is what TCI (Tiny Code Interpreter) does.

	2) Implementation

	Like each TCG host frontend, TCI implements the code generator in
	tcg-target.c, tcg-target.h. Both files are in directory tcg/tci.

	The additional file tcg/tci.c adds the interpreter.

	The bytecode consists of opcodes (same numeric values as those used by
	TCG), command length and arguments of variable size and number.

	3) Usage

	For hosts without native TCG, the interpreter TCI must be enabled by

	configure --enable-tcg-interpreter

	If configure is called without --enable-tcg-interpreter, it will
	suggest using this option. Setting it automatically would need
	additional code in configure which must be fixed when new native TCG
	implementations are added.

	System emulation should work on any 32 or 64 bit host.
	User mode emulation might work. Maybe a new linker script (*.ld)
	is needed. Byte order might be wrong (on big endian hosts)
	and need fixes in configure.

	For hosts with native TCG, the interpreter TCI can be enabled by

	configure --enable-tcg-interpreter

	The only difference from running QEMU with TCI to running without TCI
	should be speed. Especially during development of TCI, it was very
	useful to compare runs with and without TCI. Create /tmp/qemu.log by

	qemu-system-i386 -d in_asm,op_opt,cpu -D /tmp/qemu.log -singlestep

	once with interpreter and once without interpreter and compare the resulting
	qemu.log files. This is also useful to see the effects of additional
	registers or additional opcodes (it is easy to modify the virtual machine).
	It can also be used to verify native TCGs.

	Hosts with native TCG can also enable TCI by claiming to be unsupported:

	configure --cpu=unknown --enable-tcg-interpreter

	configure then no longer uses the native linker script (*.ld) for
	user mode emulation.


	4) Status

	TCI needs special implementation for 32 and 64 bit host, 32 and 64 bit target,
	host and target with same or different endianness.

	\| host (le) host (be)
	\| 32 64 32 64
	------------+------------------------------------------------------------
	target (le) \| s0, u0 s1, u1 s?, u? s?, u?
	32 bit \|
	\|
	target (le) \| sc, uc s1, u1 s?, u? s?, u?
	64 bit \|
	\|
	target (be) \| sc, u0 sc, uc s?, u? s?, u?
	32 bit \|
	\|
	target (be) \| sc, uc sc, uc s?, u? s?, u?
	64 bit \|
	\|

	System emulation
	s? = untested
	sc = compiles
	s0 = bios works
	s1 = grub works
	s2 = Linux boots

	Linux user mode emulation
	u? = untested
	uc = compiles
	u0 = static hello works
	u1 = linux-user-test works

	5) Todo list

	* TCI is not widely tested. It was written and tested on a x86_64 host
	running i386 and x86_64 system emulation and Linux user mode.
	A cross compiled QEMU for i386 host also works with the same basic tests.
	A cross compiled QEMU for mipsel host works, too. It is terribly slow
	because I run it in a mips malta emulation, so it is an interpreted
	emulation in an emulation.
	A cross compiled QEMU for arm host works (tested with pc bios).
	A cross compiled QEMU for ppc host works at least partially:
	i386-linux-user/qemu-i386 can run a simple hello-world program
	(tested in a ppc emulation).

	* Some TCG opcodes are either missing in the code generator and/or
	in the interpreter. These opcodes raise a runtime exception, so it is
	possible to see where code must be added.

	* The pseudo code is not optimized and still ugly. For hosts with special
	alignment requirements, it needs some fixes (maybe aligned bytecode
	would also improve speed for hosts which support byte alignment).

	* A better disassembler for the pseudo code would be nice (a very primitive
	disassembler is included in tcg-target.c).

	* It might be useful to have a runtime option which selects the native TCG
	or TCI, so QEMU would have to include two TCGs. Today, selecting TCI
	is a configure option, so you need two compilations of QEMU.