[qemu.git] / tcg / tci / README

TCG Interpreter (TCI) - Copyright (c) 2011 Stefan Weil.

This file is released under the BSD license.

1) Introduction

TCG (Tiny Code Generator) is a code generator which translates
code fragments ("basic blocks") from target code (any of the
targets supported by QEMU) to a code representation which
can be run on a host.

QEMU can create native code for some hosts (arm, hppa, i386, ia64, ppc, ppc64,
s390, sparc, x86_64). For others, unofficial host support was written.

By adding a code generator for a virtual machine and using an
interpreter for the generated bytecode, it is possible to
support (almost) any host.

This is what TCI (Tiny Code Interpreter) does.

2) Implementation

Like each TCG host frontend, TCI implements the code generator in
tcg-target.c, tcg-target.h. Both files are in directory tcg/tci.

The additional file tcg/tci.c adds the interpreter.

The bytecode consists of opcodes (same numeric values as those used by
TCG), command length and arguments of variable size and number.

3) Usage

For hosts without native TCG, the interpreter TCI must be enabled by

        configure --enable-tcg-interpreter

If configure is called without --enable-tcg-interpreter, it will
suggest using this option. Setting it automatically would need
additional code in configure which must be fixed when new native TCG
implementations are added.

System emulation should work on any 32 or 64 bit host.
User mode emulation might work. Maybe a new linker script (*.ld)
is needed. Byte order might be wrong (on big endian hosts)
and need fixes in configure.

For hosts with native TCG, the interpreter TCI can be enabled by

        configure --enable-tcg-interpreter

The only difference from running QEMU with TCI to running without TCI
should be speed. Especially during development of TCI, it was very
useful to compare runs with and without TCI. Create /tmp/qemu.log by

        qemu-system-i386 -d in_asm,op_opt,cpu -singlestep

once with interpreter and once without interpreter and compare the resulting
qemu.log files. This is also useful to see the effects of additional
registers or additional opcodes (it is easy to modify the virtual machine).
It can also be used to verify native TCGs.

Hosts with native TCG can also enable TCI by claiming to be unsupported:

        configure --cpu=unknown --enable-tcg-interpreter

configure then no longer uses the native linker script (*.ld) for
user mode emulation.


4) Status

TCI needs special implementation for 32 and 64 bit host, 32 and 64 bit target,
host and target with same or different endianness.

            | host (le)                     host (be)
            | 32             64             32             64
------------+------------------------------------------------------------
target (le) | s0, u0         s1, u1         s?, u?         s?, u?
32 bit      |
            |
target (le) | sc, uc         s1, u1         s?, u?         s?, u?
64 bit      |
            |
target (be) | sc, u0         sc, uc         s?, u?         s?, u?
32 bit      |
            |
target (be) | sc, uc         sc, uc         s?, u?         s?, u?
64 bit      |
            |

System emulation
s? = untested
sc = compiles
s0 = bios works
s1 = grub works
s2 = Linux boots

Linux user mode emulation
u? = untested
uc = compiles
u0 = static hello works
u1 = linux-user-test works

5) Todo list

* TCI is not widely tested. It was written and tested on a x86_64 host
  running i386 and x86_64 system emulation and Linux user mode.
  A cross compiled QEMU for i386 host also works with the same basic tests.
  A cross compiled QEMU for mipsel host works, too. It is terribly slow
  because I run it in a mips malta emulation, so it is an interpreted
  emulation in an emulation.
  A cross compiled QEMU for arm host works (tested with pc bios).
  A cross compiled QEMU for ppc host works at least partially:
  i386-linux-user/qemu-i386 can run a simple hello-world program
  (tested in a ppc emulation).

* Some TCG opcodes are either missing in the code generator and/or
  in the interpreter. These opcodes raise a runtime exception, so it is
  possible to see where code must be added.

* The pseudo code is not optimized and still ugly. For hosts with special
  alignment requirements, it needs some fixes (maybe aligned bytecode
  would also improve speed for hosts which support byte alignment).

* A better disassembler for the pseudo code would be nice (a very primitive
  disassembler is included in tcg-target.c).

* It might be useful to have a runtime option which selects the native TCG
  or TCI, so QEMU would have to include two TCGs. Today, selecting TCI
  is a configure option, so you need two compilations of QEMU.
Commit	Line	Data
7316329a SW	1	TCG Interpreter (TCI) - Copyright (c) 2011 Stefan Weil.
	2
	3	This file is released under the BSD license.
	4
	5	1) Introduction
	6
	7	TCG (Tiny Code Generator) is a code generator which translates
	8	code fragments ("basic blocks") from target code (any of the
	9	targets supported by QEMU) to a code representation which
	10	can be run on a host.
	11
	12	QEMU can create native code for some hosts (arm, hppa, i386, ia64, ppc, ppc64,
	13	s390, sparc, x86_64). For others, unofficial host support was written.
	14
	15	By adding a code generator for a virtual machine and using an
	16	interpreter for the generated bytecode, it is possible to
	17	support (almost) any host.
	18
	19	This is what TCI (Tiny Code Interpreter) does.
	20
	21	2) Implementation
	22
	23	Like each TCG host frontend, TCI implements the code generator in
	24	tcg-target.c, tcg-target.h. Both files are in directory tcg/tci.
	25
	26	The additional file tcg/tci.c adds the interpreter.
	27
	28	The bytecode consists of opcodes (same numeric values as those used by
	29	TCG), command length and arguments of variable size and number.
	30
	31	3) Usage
	32
	33	For hosts without native TCG, the interpreter TCI must be enabled by
	34
	35	configure --enable-tcg-interpreter
	36
	37	If configure is called without --enable-tcg-interpreter, it will
	38	suggest using this option. Setting it automatically would need
	39	additional code in configure which must be fixed when new native TCG
	40	implementations are added.
	41
	42	System emulation should work on any 32 or 64 bit host.
	43	User mode emulation might work. Maybe a new linker script (*.ld)
	44	is needed. Byte order might be wrong (on big endian hosts)
	45	and need fixes in configure.
	46
	47	For hosts with native TCG, the interpreter TCI can be enabled by
	48
	49	configure --enable-tcg-interpreter
	50
	51	The only difference from running QEMU with TCI to running without TCI
	52	should be speed. Especially during development of TCI, it was very
	53	useful to compare runs with and without TCI. Create /tmp/qemu.log by
	54
	55	qemu-system-i386 -d in_asm,op_opt,cpu -singlestep
	56
	57	once with interpreter and once without interpreter and compare the resulting
	58	qemu.log files. This is also useful to see the effects of additional
	59	registers or additional opcodes (it is easy to modify the virtual machine).
	60	It can also be used to verify native TCGs.
	61
	62	Hosts with native TCG can also enable TCI by claiming to be unsupported:
	63
	64	configure --cpu=unknown --enable-tcg-interpreter
65
66	configure then no longer uses the native linker script (*.ld) for
67	user mode emulation.
68
69
70	4) Status
71
72	TCI needs special implementation for 32 and 64 bit host, 32 and 64 bit target,
73	host and target with same or different endianness.
74
75	\| host (le) host (be)
76	\| 32 64 32 64
77	------------+------------------------------------------------------------
78	target (le) \| s0, u0 s1, u1 s?, u? s?, u?
79	32 bit \|
80	\|
81	target (le) \| sc, uc s1, u1 s?, u? s?, u?
82	64 bit \|
83	\|
84	target (be) \| sc, u0 sc, uc s?, u? s?, u?
85	32 bit \|
86	\|
87	target (be) \| sc, uc sc, uc s?, u? s?, u?
88	64 bit \|
89	\|
90
91	System emulation
92	s? = untested
93	sc = compiles
94	s0 = bios works
95	s1 = grub works
96	s2 = Linux boots
97
98	Linux user mode emulation
99	u? = untested
100	uc = compiles
101	u0 = static hello works
102	u1 = linux-user-test works
103
104	5) Todo list
105
106	* TCI is not widely tested. It was written and tested on a x86_64 host
107	running i386 and x86_64 system emulation and Linux user mode.
108	A cross compiled QEMU for i386 host also works with the same basic tests.
109	A cross compiled QEMU for mipsel host works, too. It is terribly slow
110	because I run it in a mips malta emulation, so it is an interpreted
111	emulation in an emulation.
112	A cross compiled QEMU for arm host works (tested with pc bios).
113	A cross compiled QEMU for ppc host works at least partially:
114	i386-linux-user/qemu-i386 can run a simple hello-world program
115	(tested in a ppc emulation).
116
117	* Some TCG opcodes are either missing in the code generator and/or
118	in the interpreter. These opcodes raise a runtime exception, so it is
119	possible to see where code must be added.
120
121	* The pseudo code is not optimized and still ugly. For hosts with special
122	alignment requirements, it needs some fixes (maybe aligned bytecode
123	would also improve speed for hosts which support byte alignment).
124
125	* A better disassembler for the pseudo code would be nice (a very primitive
126	disassembler is included in tcg-target.c).
127
128	* It might be useful to have a runtime option which selects the native TCG
129	or TCI, so QEMU would have to include two TCGs. Today, selecting TCI
130	is a configure option, so you need two compilations of QEMU.