Chunqiang Li,Zhiwei Liu,Yunhai Shang,Lenian He,Xiaolang Yan

DOI: https://doi.org/10.1142/s0218126624502426

2024-01-01

Journal of Circuits Systems and Computers

Abstract:In the domain of process virtual machine (PVM) binary translation, the difference in address space layout between the guest program and the translated program requires the recalculation of jump instruction targets, resulting in suboptimal execution efficiency. This paper presents a novel method called SPC-Indexed Indirect Branch Hardware Cache Redirecting (SPCIC) technique. SPCIC utilizes specialized branch instruction to represent indirect branches from guest programs while frequently-used target addresses are cached in a customized hardware mapping table. When translating an indirect branch, SPCIC queries the jump target cache first to achieve a fast redirection unless the destination address is not cached. Besides, SPCIC merely falls back to the software-based remapping approach when the query fails, improving the translation efficiency to the greatest extent. SPCIC is implemented on the QEMU platform to accelerate the translation of ARM payloads into RISC-V. Experiments are carried on SPEC2006 to demonstrate the effectiveness of SPCIC for reducing the runtime overhead of indirect branch translation. The experimental results indicate up to 11% average improvement and 35% maximum improvement are obtained on the selected benchmark.

Ning Jia,Chun Yang,Yu He,Xu Cheng

DOI: https://doi.org/10.1145/2597917.2597944

2014-01-01

Abstract:ABSTRACTIndirect branch handling is a major source of performance overhead in Dynamic Binary Translation (DBT) systems. Most existing solutions for indirect branches involve a run-time address translation from Source Program Counter (SPC) of the branch target to Translated Program Counter (TPC) at every execution of the indirect branches. This paper analyzes the program structures that cause indirect branches, and finds out that most of the branch targets are prestored in the program's memory as some kind of address tables. In other words, the branch target of an indirect branch is not obtained by "calculating", but by "selecting" from the memory. Based on this observation, we propose a program structure-aware indirect branch handling mechanism called Direct TPC Table (DTT). Our DTT approach probes the target address table of an indirect branch by a passive exception-based scheme, and generates a TPC table from the probed SPC address table at the translation time. Thus, the translated program can load the TPC of a branch target from the TPC table directly, which avoids performing an expensive SPC-to-TPC translation at every execution. In many cases, only 2 instructions are need to handle an indirect branch execution. We implemented the DTT mechanism on a public x86 DBT system. The experiment shows that, DTT improves the system performance by 19.0% compared with hash lookup on a set of indirect intensive benchmarks. Furthermore, DTT does not depend on the underlying architecture or special hardware, so that it can be deployed on various platforms. Meanwhile, DTT can cooperate with other optimization technique of different DBT systems to enhance the performance.

Wei Chen,Dan Chen,Zhiying Wang

DOI: https://doi.org/10.1007/s11227-011-0636-y

IF: 3.3

2011-06-22

The Journal of Supercomputing

Abstract:Dynamic Binary Translation (DBT) has been widely utilized to convert binary code for one Instruction Set Architecture (ISA) to another at run-time and optimize the code when necessary. A two-stage strategy often applies to DBT, which handles hot code and cold code separately using translation and interpretation respectively to ensure execution efficiency. However, an excessively high overhead of interpretation remains to be tackled. It has been observed that interpretation usually involves a large number of redundant redecoding operations. This paper introduces an approach, namely Decoded Instruction Cache (DICache), which caches the information of the interpreted instructions in the history and attempts to reuse the information as much as possible in the future. Performance benchmark has been carried out with the software and the hardware implementations of DICache. The experimental results indicate that DICache can significantly remove the redundancy of redecoding operations, and this results in a dramatic decline of interpretation overhead.

Chunqiang Li,Zhiwei Liu,Yunhai Shang,Lenian He,Xiaolang Yan

DOI: https://doi.org/10.3390/electronics12143014

IF: 2.9

2023-01-01

Electronics

Abstract:Binary translation, as an important bridge for application compatibility between different instruction set architectures (ISAs), has attracted much attention in the industry. However, due to hardware resource limitations of the target ISA, the translation efficiency and the practicability are poor. Recently, Apple has made it possible to run x86 programs on ARM through a translation technology called Rosetta based on software-hardware collaboration. In this paper, we proposed a hardware non-invasive mapping method for condition bits (HNIMCB) in binary translation, which innovatively implements the setting and referencing operations of the condition bits without changing the original instruction encoding and function of the target processor. This method is applicable for binary translation from source architectures with condition bit operations to target architectures without condition bit operations. It eliminates the difference of conditional bit resources between the source and target ISAs, reduces the computational instructions and memory access operations after translation from the source to the target ISA, and dramatically improves the translation efficiency. We conducted this experiment on a functional simulation level using the QEMU binary translator from ARM to RISC-V. A series of benchmark tests revealed that the total number of instructions decreased by 41%, while the number of memory access instructions decreased by 37% after the translation applying with the HNIMCB.

Wenbing Xie,Qiaoling Luo,Xue Tian,Junyi Huang,Fengbin Qi

DOI: https://doi.org/10.3390/electronics13091608

IF: 2.9

2024-04-24

Electronics

Abstract:The emergence of new instruction set architectures (ISAs) poses challenges in ensuring compatibility with legacy applications. Dynamic binary translation (DBT) serves as a crucial approach for achieving cross-ISA compatibility, enabling legacy applications to run compatibly with cross-ISAs. However, software-based translation encounters significant performance overhead, including substantial memory access and insufficient exploitation of target architecture features. The significant performance overhead challenges hinder the practical implementation of DBT. In this paper, we investigate a novel peephole optimization approach. First, we perform peephole analysis to identify redundant memory access and suboptimal instruction sequences. Next, we leverage live variable analysis to eliminate redundant memory-access instructions. Additionally, we bridge the gaps between cross-ISAs by exploiting ISA-specific features through instruction fusion. Finally, we implement the proposed optimization design using the open-source QEMU and extensively evaluate it on both ARM64 and SW64 platforms. The experimental results reveal that SPEC2006 benchmark effectively gets a maximum performance speedup of 1.52×, alongside a reduction in code size of up to 13.98%. These results affirm the effectiveness of our optimization approach in DBT performance and code sizes.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ning Jia,Chun Yang,Jing Wang,Dong Tong,Keyi Wang

DOI: https://doi.org/10.1145/2517326.2451516

2013-01-01

ACM SIGPLAN Notices

Abstract:Dynamic binary translation system must perform an address translation for every execution of indirect branch instructions. The procedure to convert Source binary Program Counter (SPC) address to Translated Program Counter (TPC) address always takes more than 10 instructions, becoming a major source of performance overhead. This paper proposes a novel mechanism called SPc-Indexed REdirecting (SPIRE), which can significantly reduce the indirect branch handling overhead.SPIRE doesn't rely on hash lookup and address mapping table to perform address translation. It reuses the source binary code space to build a SPC-indexed redirecting table. This table can be indexed directly by SPC address without hashing. With SPIRE, the indirect branch can jump to the originally SPC address without address translation. The trampoline residing in the SPC address will redirect the control flow to related code cache. Only 2-6 instructions are needed to handle an indirect branch execution. As part of the source binary would be overwritten, a shadow page mechanism is explored to keep transparency of the corrupt source binary code page. Online profiling is adopted to reduce the memory overhead.We have implemented SPIRE on an x86 to x86 DBT system, and discussed the implementation issues on different guest and host architectures. The experiments show that, compared with hash lookup mechanism, SPIRE can reduce the performance overhead by 36.2% on average, up to 51.4%, while only 5.6% extra memory is needed.SPIRE can cooperate with other indirect branch handling mechanisms easily, and we believe the idea of SPIRE can also be applied on other occasions that need address translation.

Wei Chen,Li Shen,Hongyi Lu,Zhiying Wang,Nong Xiao

DOI: https://doi.org/10.1109/ICPADS.2009.134

2009-01-01

Abstract:Interpretation and basic block translation (BBT) are two typical strategies for cold code emulation in a dynamic binary translation (DBT) system. More and more DBT systems employ BBT as the generated native code runs more efficient than the interpretation routines. We observe that BBT's high efficiency is based on those special hardware assists. With certain simple hardware techniques, interpretation could outperform BBT. In our pervious work, we proposed a hardware interpreted code cache (Pcache) mechanism to speedup interpretation by saving the decoded instruction information during interpretation. This light-weight code cache design could be extended to assist the hotspots translation, thus further reduce the DBT systems' overhead. We add the translation entry into the Pcache design thus saving most decoding operations during translation. We use eight SPEC 2000 integer benchmarks on our DBT simulator. Results show that the modified Pcache design causes a speedup of 1.94 according to the referenced DBT with basic interpretation and the interpretation based DBT system assisted by the modified Pcache performs more efficiently than the DBT system which employs BBT for the cold code.

Yuan Yao,Zhongyong Lu,Qingsong Shi,Wenzhi Chen

DOI: https://doi.org/10.1109/FPL.2013.6645554

2013-01-01

Abstract:Binary translation is used to allow applications of one instruction set architecture (ISA) to run on another, thereby maintaining the binary level compatibility across ISAs. Conventional software binary translation systems suffer performance loss because of architectural heterogeneity amongst ISAs, control flow translation and context switches. In this paper, we propose an FPGA based hardware-software co-designed dynamic binary translation (DBT) system, which moderates these issues at a low level of hardware cost. In our DBT system, we propose a MIPS condition code flags register and a modest ISA extension to bridge the architectural gap, a hardware address mapping mechanism to accelerate the handling of control flow instructions, and a scratchpad memory to reduce performance loss during context switches. We implement the system on Xilinx XC5VLX110T. Quantitative experiments reveal that the overall performance improvement is 56.1% over the baseline configuration, with only extra 1.4% of slices and 5.4% of BRAMs of Xilinx XC5VLX110T occupied.

王荣华,孟建熠,陈志坚,严晓浪

DOI: https://doi.org/10.15514/ispras-2012-22-13

2014-01-01

Abstract:An efficient mapping method named compare and condition branch fast mapping algorithm was proposed in order to improve emulating and processing speed of condition flags. The algorithm mainly focuses on 'compare and condition branch' instruction pairs which occupy a large proportion of condition code defining and using instruction pair. The method dynamically identifies and extracts the "compare and condition branch" instruction pair in the source block and completes instruction mapping by using the inherent conditional dependencies of the target machine. By avoiding the complex and uniform traditional processes for these special instruction pairs, dynamic binary translator has achieved great performance improvement. Results of benchmark on QEMU emulator showed that the generated instruction number for translating condition code was reduced by 20% to 90% than that of traditional methods.

Benyi Xie,Yue Yan,Chenghao Yan,Sicheng Tao,Zhuangzhuang Zhang,Xinyu Li,Yanzhi Lan,Xiang Wu,Tianyi Liu,Tingting Zhang,Fuxin Zhang

DOI: https://doi.org/10.1145/3640813

IF: 1.444

2024-01-15

ACM Transactions on Architecture and Code Optimization

Abstract:Dynamic binary translators (DBTs) are widely used to migrate applications between different instruction set architectures (ISAs). Despite extensive research to improve DBT performance, noticeable overhead remains, preventing near-native performance, especially when translating from complex instruction set computer (CISC) to reduced instruction set computer (RISC). For computational workloads, the main overhead stems from translated code quality. Experimental data show state-of-the-art DBT products have dynamic code inflation of at least 1.46. This indicates on average over 1.46 host instructions are needed to emulate one guest instruction. Worse, inflation closely correlates with translated code quality. However, the detailed sources of instruction inflation remain unclear. To understand the sources of inflation, we present Deflater, an instruction inflation analysis framework comprising a mathematical model, a collection of black-box unit tests called BenchMIAOes, and a trace-based simulator called InflatSim. The mathematical model calculates overall inflation based on the inflation of individual instructions and translation block (TB) optimizations. BenchMIAOes extract model parameters from DBTs without accessing DBT source code. InflatSim implements the model and uses the extracted parameters from BenchMIAOes to simulate a given DBT’s behavior. Deflater is a valuable tool to guide DBT analysis and improvement. Using Deflater, we simulated inflation for three state-of-the-art CISC-to-RISC DBTs: ExaGear, Rosetta2, and LATX, with inflation errors of 5.63%, 5.15%, and 3.44% respectively for SPEC CPU 2017, gaining insights into these commercial DBTs. Deflater also efficiently models inflation for the open-source DBT QEMU and suggests optimizations that can substantially reduce inflation. Implementing the suggested optimizations confirms Deflater’s effective guidance, with 4.65% inflation error, and gains 5.47x performance improvement.

computer science, theory & methods, hardware & architecture

Wei Chen,Hongyi Lu,Li Shen,Zhiying Wang,Nong Xiao

DOI: https://doi.org/10.1109/ispa.2009.83

2009-01-01

Abstract:Dynamic binary translation (DBT) converts codes written for a source instruction set architecture (ISA) into optimized code for a target ISA. DBT has emerged as an important tool with real world applications. Interpretation is always adopted to handle the non-hotspot code in a two-stage DBT system. An important consideration in such DBT systems is the interpretation overhead. We investigate that repeated redecoding operations are the bottleneck of interpretation overhead. We propose interpreted code cache (Pcache), a hardware assist to save the information of the decoded instruction for reuse. We analyze and model Pcache performance via simulation on a DBT system simulator. Results from SPEC2000 integer benchmarks show that Pcache could significantly reduce redecoding operations and the overhead of interpretation in a DBT system. The speedup of interpretation is up to 17.12 on average with assist of Pcache. We also analyze the extra overhead caused by Pcache, which is neglectable compared to the performance gains.

Wenwen Wang,Jiacheng Wu,Xiaoli Gong,Tao Li,Pen-Chung Yew

DOI: https://doi.org/10.1145/3186411.3186413

2018-01-01

ACM SIGPLAN Notices

Abstract:The recent transition in the software industry toward dynamically generated code poses a new challenge to existing dynamic binary translation (DBT) systems. A significant re-translation overhead could be introduced due to the maintenance of the consistency between the dynamically-generated guest code and the corresponding translated host code. To address this issue, this paper presents a novel approach to optimize DBT systems for guest applications with dynamically-generated code. The proposed approach can maximize the reuse of previously translated host code to mitigate the re-translation overhead. A prototype based on such an approach has been implemented on an existing DBT system HQEMU. Experimental results on a set of JavaScript applications show that it can achieve a 1.24X performance speedup on average compared to the original HQEMU.

JIANG Hai-tao,XU Yun,LIAO Yin,JIN Guo-jie,CHEN Guo-liang

DOI: https://doi.org/10.3969/j.issn.1000-1220.2013.07.008

2013-01-01

Abstract:With the diversification of hardware platforms,software compatibility issues have become increasingly prominent.Binary translation system is the key technology to resolve this problem.Majority of the virtual machine execution time consumed in the process of finding and executing back-end instructions,so effective instruction indexing strategies can reduce the instruction addressing overhead and improve the overall efficiency of the system.Based on the statistical analysis of the back-end instruction locality,designed a level based virtual machine instruction indexing strategy w hich can fully exploit the capacity of modern computer hardw are.Based on the special locality of the virtual machine back-end instruction,this strategy uses targeted replacement algorithms to cache the back-end instructions,significantly reduces the overhead of the instruction addressing.With the help of LIIS,the back-end instruction addressing time of QEMU have been reduced by 70%,and the efficiency of full QEMU system have been improved by 15%.

Changheng Song,Wenwen Wang,Pen-Chung Yew,Antonia Zhai,Weihua Zhang

2019-01-01

Abstract:Dynamic binary translation (DBT) is a key system technology that enables many important system applications such as system virtualization and emulation. To achieve good performance, it is important for a DBT system to be equipped with high-quality translation rules. However, most translation rules in existing DBT systems are created manually with high engineering efforts and poor quality. To solve this problem, a learning-based approach was recently proposed to automatically learn semantically-equivalent translation rules, and symbolic verification is used to prove the semantic equivalence of such rules. But, they still suffer from some shortcomings. In this paper, we first give an in-depth analysis on the constraints of prior learning-based methods and observe that the equivalence requirements are often unduly restrictive. It excludes many potentially high-quality rule candidates from being included and applied. Based on this observation, we propose an enhanced learning-based approach that relaxes such equivalence requirements but supplements them with constraining conditions to make them semantically equivalent when such rules are applied. Experimental results on SPEC CINT2006 show that the proposed approach can improve the dynamic coverage of the translation from 55.7% to 69.1% and the static coverage from 52.2% to 61.8%, compared to the original approach. Moreover, up to 1.65X performance speedup with an average of 1.19X are observed.

Ding-Yong Hong,Yu-Ping Liu,Sheng-Yu Fu,Jan-Jan Wu,Wei-Chung Hsu

DOI: https://doi.org/10.1145/3173456

2018-06-02

ACM Transactions on Embedded Computing Systems

Abstract:Recent trends in SIMD architecture have tended toward longer vector lengths, and more enhanced SIMD features have been introduced in newer vector instruction sets. However, legacy or proprietary applications compiled with short-SIMD ISA cannot benefit from the long-SIMD architecture that supports improved parallelism and enhanced vector primitives, resulting in only a small fraction of potential peak performance. This article presents a dynamic binary translation technique that enables short-SIMD binaries to exploit benefits of new SIMD architectures by rewriting short-SIMD loop code. We propose a general approach that translates loops consisting of short-SIMD instructions to machine-independent IR, conducts SIMD loop transformation/optimization at this IR level, and finally translates to long-SIMD instructions. Two solutions are presented to enforce SIMD load/store alignment, one for the problem caused by the binary translator’s internal translation condition and one general approach using dynamic loop peeling optimization. Benchmark results show that average speedups of 1.51× and 2.48× are achieved for an ARM NEON to x86 AVX2 and x86 AVX-512 loop transformation, respectively.

computer science, software engineering, hardware & architecture

GAO Jin-jia,MENG Jian-yi,CHEN Zhi-jian

DOI: https://doi.org/10.3969/j.issn.1001-3695.2012.03.054

2012-01-01

Abstract:Branch target buffer(BTB) is one of the most power-hungry components in high-performance embedded CPUs.This paper proposed a loop access filtering mechanism to eliminate the redundant BTB operations for sequential instructions in loops.Furthermore,it proposed a branch tracing method to compensate the performance penalty due to the over-filtering of the loop filter for the not-loop branch instructions.It could reduce remarkable BTB power consumption by removing sequential instructions accessing the BTB.Simulation on Powerstone benchmark demonstrates that under the configuration of 128-entry BTB,two-level loop filter and 4-entry branch trace table can achieve approximately 71.9% power reduction while only bring 0.66% cycle loss per instruction(CPI) on average.

Ning Jia,Chun Yang,Yu He,Xu Cheng

DOI: https://doi.org/10.1145/2611354.2611368

2014-01-01

Abstract:In dynamic translation system, handling indirect branch is a major source of performance overhead, because it must perform an on-the-fly address translation at each indirect branch execution. The translation systems usually adopt software prediction to reduce the overhead of address translation, but the low prediction accuracy restricts the performance improvement. This paper analyzes the performance bottleneck of software prediction, and proposes a novel prediction mechanism called Software Prediction with Target Updating (SPTU), which can significantly improve the prediction accuracy with an acceptable overhead. Based on the observation of the phase characteristic of branch targets, SPTU adopts a coarse-grained target updating mechanism, which updates the prediction targets at a proper frequency. SPTU leverages software prediction miss count to detect phase status, and triggers target updating only when the branch phase changes. The experiment shows that, compared with software prediction, SPTU can improve the average prediction accuracy from 48.0% to 77.5%, and reduces the performance overhead by 21.6% on average. Furthermore, SPTU could cooperate with other optimization techniques for handling indirect branches.

Wei Chen,Zhiying Wang,Qiang Dou,Yongwen Wang

DOI: https://doi.org/10.1007/978-3-642-23300-5_24

2011-01-01

Abstract:Both dynamic binary translation systems and optimization systems store the translated or optimized code in the software maintained code cache for reuse. The performance of the code cache is crucial. Translated code is usually organized as code blocks in the code cache and each code block transfer control to the next one through a control transfer instruction. As the target address of a control transfer instruction is in the form of its source program counter, the conventional code cache system has to check the address mapping table for the translated target address to find the required target code block, which will cause considerable performance degradation. Control transfer instructions can be divided into two categories as direct control transfer instructions and indirect control transfer instructions. For indirect control transfer instructions, the target address is hold in the register or memory element whose content can be changed during the execution of the program. It is difficult to chain the indirect control transfer instructions with a fixed translated target address through pure software approaches. A novel indirect control transfer chaining approach is proposed in this paper. The principle of the technique is to insert custom chaining instructions into the translated code block while translating the indirect control transfer instructions and execute those chaining instructions to implement dynamical chaining. Some special hardware and software assists are proposed in this paper. Evaluation of the proposed approach is conducted on a code cache simulator. Experiment results show that our hardware assisted indirect control transfer instruction chaining approach can improve the performance of the code cache system dramatically.

HaiBing Guan,RuHui Ma,HongBo Yang,YinDong Yang,Liang Liu,Ying Chen

DOI: https://doi.org/10.1007/s11432-011-4414-5

2011-01-01

Science China Information Sciences

Abstract:Dynamic optimization has been proposed to overcome many limitations caused by static optimization and is widely applied in dynamic binary translation (DBT) to effectively enhance system performance. However, almost all the existing dynamic optimization techniques or methods employed in DBT systems for a single-threaded executive environment considerably increase the complexity of the hardware or the striking runtime overhead. We propose a multithreaded DBT framework with no associated hardware called the MTCrossBit, where a helper thread for building a hot trace is employed to significantly reduce the overhead. In addition, the main thread and helper thread are each assigned to different cores to use the multi-core resources efficiently to attain better performance, two novel methods yet to be implemented in the MTCrossBit are presented: the dual-special-parallel translation caches and the new lock-free threads communication mechanism—assembly language communication (ASLC). We then apply quantitative analysis to prove that MTCrossBit can speed up the original CrossBit. Simultaneously, we present results from the implementation of the MTCrossBit on the uniprocessor machines with multi-cores utilizing the benchmark-SPECint 2000, and illustrate that we achieved some success with the above concurrent architecture.

Xuhao Chen,Zhong Zheng,Li Shen,Wei Chen,Zhiying Wang

DOI: https://doi.org/10.1109/PAAP.2011.34

2011-01-01

Abstract:Dynamic binary translation is an effective way to address binary compatibility problem. Embedded systems and other novel RISC ISAs are developing fast without consideration of the binary compatibility with off-the-shelf x86 applications, making dynamic binary translator (DBT) from CISC to RISC more important. However, dynamic code generation is still inefficient due to the code expansion. Conventional code generators in DBTs use one-to-many mapping scheme between source and target code which cannot take full advantage of the target ISA. We propose a novel lightweight code generation algorithm GSM (Greedy Sub graph Mapping), which can generate compact code with low overhead using many-to-one mapping. GSM is implemented and evaluated in a DBT prototype system called TransARM. Experimental results demonstrate that GSM generates higher quality target code compared to a conventional implementation, which brings code expansion rate close to 1.3. Moreover, GSM causes slightly extra overhead and negligible slowdown of translation, and enables 10% performance improvement for target code execution.