Chunqiang Li,Zhiwei Liu,Yunhai Shang,Lenian He,Xiaolang Yan

DOI: https://doi.org/10.3390/electronics12143014

IF: 2.9

2023-01-01

Electronics

Abstract:Binary translation, as an important bridge for application compatibility between different instruction set architectures (ISAs), has attracted much attention in the industry. However, due to hardware resource limitations of the target ISA, the translation efficiency and the practicability are poor. Recently, Apple has made it possible to run x86 programs on ARM through a translation technology called Rosetta based on software-hardware collaboration. In this paper, we proposed a hardware non-invasive mapping method for condition bits (HNIMCB) in binary translation, which innovatively implements the setting and referencing operations of the condition bits without changing the original instruction encoding and function of the target processor. This method is applicable for binary translation from source architectures with condition bit operations to target architectures without condition bit operations. It eliminates the difference of conditional bit resources between the source and target ISAs, reduces the computational instructions and memory access operations after translation from the source to the target ISA, and dramatically improves the translation efficiency. We conducted this experiment on a functional simulation level using the QEMU binary translator from ARM to RISC-V. A series of benchmark tests revealed that the total number of instructions decreased by 41%, while the number of memory access instructions decreased by 37% after the translation applying with the HNIMCB.

Chunqiang Li,Zhiwei Liu,Yunhai Shang,Lenian He,Xiaolang Yan

DOI: https://doi.org/10.1142/s0218126624502426

2024-01-01

Journal of Circuits Systems and Computers

Abstract:In the domain of process virtual machine (PVM) binary translation, the difference in address space layout between the guest program and the translated program requires the recalculation of jump instruction targets, resulting in suboptimal execution efficiency. This paper presents a novel method called SPC-Indexed Indirect Branch Hardware Cache Redirecting (SPCIC) technique. SPCIC utilizes specialized branch instruction to represent indirect branches from guest programs while frequently-used target addresses are cached in a customized hardware mapping table. When translating an indirect branch, SPCIC queries the jump target cache first to achieve a fast redirection unless the destination address is not cached. Besides, SPCIC merely falls back to the software-based remapping approach when the query fails, improving the translation efficiency to the greatest extent. SPCIC is implemented on the QEMU platform to accelerate the translation of ARM payloads into RISC-V. Experiments are carried on SPEC2006 to demonstrate the effectiveness of SPCIC for reducing the runtime overhead of indirect branch translation. The experimental results indicate up to 11% average improvement and 35% maximum improvement are obtained on the selected benchmark.

Ding-Yong Hong,Yu-Ping Liu,Sheng-Yu Fu,Jan-Jan Wu,Wei-Chung Hsu

DOI: https://doi.org/10.1145/3173456

2018-06-02

ACM Transactions on Embedded Computing Systems

Abstract:Recent trends in SIMD architecture have tended toward longer vector lengths, and more enhanced SIMD features have been introduced in newer vector instruction sets. However, legacy or proprietary applications compiled with short-SIMD ISA cannot benefit from the long-SIMD architecture that supports improved parallelism and enhanced vector primitives, resulting in only a small fraction of potential peak performance. This article presents a dynamic binary translation technique that enables short-SIMD binaries to exploit benefits of new SIMD architectures by rewriting short-SIMD loop code. We propose a general approach that translates loops consisting of short-SIMD instructions to machine-independent IR, conducts SIMD loop transformation/optimization at this IR level, and finally translates to long-SIMD instructions. Two solutions are presented to enforce SIMD load/store alignment, one for the problem caused by the binary translator’s internal translation condition and one general approach using dynamic loop peeling optimization. Benchmark results show that average speedups of 1.51× and 2.48× are achieved for an ARM NEON to x86 AVX2 and x86 AVX-512 loop transformation, respectively.

computer science, software engineering, hardware & architecture

Yu-Ping Liu,Ding-Yong Hong,Jan-Jan Wu,Sheng-Yu Fu,Wei-Chung Hsu

DOI: https://doi.org/10.1145/3301488

IF: 1.444

2019-03-08

ACM Transactions on Architecture and Code Optimization

Abstract:Single instruction multiple data (SIMD) has been adopted for decades because of its superior performance and power efficiency. The SIMD capability (i.e., width, number of registers, and advanced instructions) has diverged rapidly on different SIMD instruction-set architectures (ISAs). Therefore, migrating existing applications to another host ISA that has fewer but longer SIMD registers and more advanced instructions raises the issues of asymmetric SIMD capability. To date, this issue has been overlooked and the host SIMD capability is underutilized, resulting in suboptimal performance. In this article, we present a novel binary translation technique called spill-aware superword level parallelism (saSLP), which combines short ARMv8 instructions and registers in the guest binaries to exploit the x86 AVX2 host’s parallelism, register capacity, and gather instructions. Our experiment results show that saSLP improves the performance by 1.6× (2.3×) across a number of benchmarks and reduces spilling by 97% (99%) for ARMv8 to x86 AVX2 (AVX-512) translation. Furthermore, with AVX2 (AVX-512) gather instructions, saSLP speeds up several data-irregular applications that cannot be vectorized on ARMv8 NEON by up to 3.9× (4.2×).

computer science, theory & methods, hardware & architecture

Muhui Jiang,Xiaoye Zheng,Rui Chang,Yajin Zhou,Xiapu Luo

DOI: https://doi.org/10.1109/tse.2024.3406900

IF: 7.4

2024-01-01

IEEE Transactions on Software Engineering

Abstract:Emulators are commonly employed to construct dynamic analysis frameworks due to their ability to perform fine-grained tracing, monitor full system functionality, and run on diverse operating systems and architectures. Nonetheless, the consistency of emulators with the real devices, remains uncertain. To address this issue, our objective is to automatically identify inconsistent instructions that exhibit different behavior between emulators and real devices across distinct privileges, including user-level and system-level privilege.We target the Arm architecture, which provides machine-readable specifications. Based on the specification, we propose a sufficient test case generator by designing and implementing the first symbolic execution engine for the Arm architecture specification language (ASL). We generated 2,774,649 representative instruction streams and developed a differential testing engine, EXAMINER PRO. With this engine, we compared the behavior of real Arm devices across different instruction sets (A32, A64, T16, and T32) with the popular QEMU emulator, both at the user-level and system-level. To demonstrate the generalizability of EXAMINER PRO, we also tested two other emulators, namely Unicorn and Angr. We find that undefined implementation in Arm manual and bugs of emulators are the major causes of inconsistencies. Furthermore, we discover 17 bugs, which influence commonly used instructions (e.g., BLX). With the inconsistent instructions, we build three security applications and demonstrate the capability of these instructions on detecting emulators, anti-emulation, and anti-fuzzing.

Alexis Engelke,Dominik Okwieka,Martin Schulz

DOI: https://doi.org/10.1145/3453933.3454022

2021-04-07

Abstract:Emulation of other or newer processor architectures is necessary for a wide variety of use cases, from ensuring compatibility to offering a vehicle for computer architecture research. This problem is usually approached using dynamic binary translation, where machine code is translated, on the fly, to the host architecture during program execution. Existing systems, like QEMU, usually focus on translation performance rather than the overall program execution, and extensions, like HQEMU, are limited by their underlying implementation. Conversely, performance-focused systems are typically used for binary instrumentation. E.g., DynamoRIO reuses original instructions where possible, while Instrew utilizes the LLVM compiler infrastructure, but only supports same-architecture code generation. In this short paper, we generalize Instrew to support different guest and host architectures by refactoring the lifter and by implementing target-independent optimizations to re-use host hardware features for emulated code. We demonstrate this flexibility by adding support for RISC-V as guest architecture and AArch64 as host architecture. Our performance results on SPEC CPU2017 show significant improvements compared to QEMU, HQEMU as well as the original Instrew.

王荣华,孟建熠,陈志坚,严晓浪

DOI: https://doi.org/10.15514/ispras-2012-22-13

2014-01-01

Abstract:An efficient mapping method named compare and condition branch fast mapping algorithm was proposed in order to improve emulating and processing speed of condition flags. The algorithm mainly focuses on 'compare and condition branch' instruction pairs which occupy a large proportion of condition code defining and using instruction pair. The method dynamically identifies and extracts the "compare and condition branch" instruction pair in the source block and completes instruction mapping by using the inherent conditional dependencies of the target machine. By avoiding the complex and uniform traditional processes for these special instruction pairs, dynamic binary translator has achieved great performance improvement. Results of benchmark on QEMU emulator showed that the generated instruction number for translating condition code was reduced by 20% to 90% than that of traditional methods.

Wei Li,Xiaohui Luo,Yiran Zhang,Qingkai Meng,Fengyuan Ren

DOI: https://doi.org/10.1007/978-3-031-12597-3_1

2022-01-01

Abstract:Emulation of Instruction Set Architecture (ISA) is necessary for a wide variety of use cases, such as providing the compatibility to execute programs compiled for a different ISA. This issue is usually solved using Dynamic Binary Translation (DBT), where guest machine code is translated to host ISA on runtime and Just-in-time (JIT) compilation is performed to achieve high-performance emulation. QEMU, a famous emulator, is developed to solve this issue, where Tiny Code Generator (TCG) is constructed to translate guest binary code to TCG Intermediate Representation (IR), and then generate target ISA machine code from TCG IR. Due to the limitations of TCG, some extensions, such as HQEMU, use LLVM as the backend to optimize programs and generate high-performance machine code. However, HQEMU is limited by its underlying implementation. That is, HQEMU still translates guest binary code to TCG IR at first. In this paper, we develop a novel, LLVM-based emulator, where guest machine code is directly lifted to LLVM IR to reduce the extra overhead and produce high-quality machine code. We evaluate our DBT emulator using BYTEmark benchmark and demonstrating its ability to outperform the de facto standard QEMU DBT system. The evaluation results confirm that our emulator delivers an average speedup of 3.3x over QEMU across BYTEmark benchmark compiled for x86-64 running on an ARMv8 platform, meanwhile, demonstrate that our user-level DBT emulator can significantly reduce the overhead to run a program on a cross-ISA system.

Jiunn-Yeu Chen,Wuu Yang,Wei-Chung Hsu,Bor-Yeh Shen,Quan-Huei Ou

DOI: https://doi.org/10.1145/2996458

2017-08-31

ACM Transactions on Embedded Computing Systems

Abstract:Code discovery has been a main challenge for static binary translation, especially when the source instruction set architecture has variable-length instructions, such as the x86 architectures. Due to embedded data such as PC (program counter)-relative data, jump tables, or paddings in the code section, a binary translator may be misled to translate data as instructions. For variable-length instructions, once a piece of data is mis-translated as instructions, decoding subsequent bytes could also go wrong. We are concerned with static binary translation for the very popular Advanced RISC Machine (ARM) architectures. Although ARM is considered a reduced instruction set computer architecture, it does allow the mix of 32-bit (ARM) instructions and 16-bit (Thumb) instructions in the same executables. In addition to different instruction lengths, the ARM and Thumb instructions are located at 4-byte or 2-byte aligned addresses, respectively. Furthermore, because ARM and Thumb instructions share the same encoding space, a 4-byte word could sometimes be decoded as one ARM instruction or two Thumb instructions. The correct decoding of this 4-byte word is actually determined at runtime by the least-significant bit of the program counter. For unstripped binaries, the mapping symbols can be used to identify ARM code regions and Thumb code regions. However, for stripped binaries, such mapping symbols are unavailable. We propose a novel solution to statically translate stripped ARM/Thumb mixed executables. Our solution is implemented in a static binary translator. The binary translator further generates multiple versions of translated code for the code regions whose types cannot be determined with our solution. One of the code versions is selected during runtime. The binary translator also includes a series of analyses that enable the removal of most useless code versions. Based on the experimental results on stripped ARM/Thumb mixed binaries in the SPEC2006 and Embedded Microprocessor Benchmark Consortium (EEMBC) benchmark suites, our static binary translator achieves impressive performance when migrating them to run on x86 machines and the space overhead is no more than 10%.

computer science, software engineering, hardware & architecture

Wenwen Wang,Jiacheng Wu,Xiaoli Gong,Tao Li,Pen-Chung Yew

DOI: https://doi.org/10.1145/3186411.3186413

2018-01-01

ACM SIGPLAN Notices

Abstract:The recent transition in the software industry toward dynamically generated code poses a new challenge to existing dynamic binary translation (DBT) systems. A significant re-translation overhead could be introduced due to the maintenance of the consistency between the dynamically-generated guest code and the corresponding translated host code. To address this issue, this paper presents a novel approach to optimize DBT systems for guest applications with dynamically-generated code. The proposed approach can maximize the reuse of previously translated host code to mitigate the re-translation overhead. A prototype based on such an approach has been implemented on an existing DBT system HQEMU. Experimental results on a set of JavaScript applications show that it can achieve a 1.24X performance speedup on average compared to the original HQEMU.

Wenbing Xie,Qiaoling Luo,Xue Tian,Junyi Huang,Fengbin Qi

DOI: https://doi.org/10.3390/electronics13091608

IF: 2.9

2024-04-24

Electronics

Abstract:The emergence of new instruction set architectures (ISAs) poses challenges in ensuring compatibility with legacy applications. Dynamic binary translation (DBT) serves as a crucial approach for achieving cross-ISA compatibility, enabling legacy applications to run compatibly with cross-ISAs. However, software-based translation encounters significant performance overhead, including substantial memory access and insufficient exploitation of target architecture features. The significant performance overhead challenges hinder the practical implementation of DBT. In this paper, we investigate a novel peephole optimization approach. First, we perform peephole analysis to identify redundant memory access and suboptimal instruction sequences. Next, we leverage live variable analysis to eliminate redundant memory-access instructions. Additionally, we bridge the gaps between cross-ISAs by exploiting ISA-specific features through instruction fusion. Finally, we implement the proposed optimization design using the open-source QEMU and extensively evaluate it on both ARM64 and SW64 platforms. The experimental results reveal that SPEC2006 benchmark effectively gets a maximum performance speedup of 1.52×, alongside a reduction in code size of up to 13.98%. These results affirm the effectiveness of our optimization approach in DBT performance and code sizes.

engineering, electrical & electronic,computer science, information systems,physics, applied

Weihua Zhang,Tao Bao,Binyu Zang,Chuanqi Zhu

DOI: https://doi.org/10.1007/978-3-540-72521-3_5

2006-01-01

Abstract:With the rapid growth of multimedia and game, these applications put more and more pressure on the processing ability of modern processors. Multiple SIMD architecture is widely used in multimedia processing field as a multimedia accelerator. With the consideration of power consumption and chip size, shared memory multiple SIMD architecture is mainly used in embedded SOCs. In order to further fit mobile environment, there is the constraint of limited register number as well. Although shared memory multiple SIMD architecture simplify the chip design, these constraints are the major obstacles to map the real multimedia applications to these architectures. Until now, to our best knowledge, there is little research on the optimizing techniques for shared memory multiple SIMD architecture.In this paper, we present a compiler framework, which aims at automatically generating high performance codes for shared memory multiple SIMD architecture. In this framework, we reduce the competition of shared data bus through increasing the register locality, improve the utilization of data bus by read-only data vector replication and solve the problem of limited register number through a resource allocation algorithm. The framework also handlers the issues concerning on data transformation. As the experimental results shown, this framework is successful in mapping real multimedia applications to shared memory multiple SIMD architecture. It leads to an average speedup by a factor of 3.19 and an average utilization of SM-SIMD architecture with 8 SIMD units by a factor of 52.6%.

Yuan Yao,Zhongyong Lu,Qingsong Shi,Wenzhi Chen

DOI: https://doi.org/10.1109/FPL.2013.6645554

2013-01-01

Abstract:Binary translation is used to allow applications of one instruction set architecture (ISA) to run on another, thereby maintaining the binary level compatibility across ISAs. Conventional software binary translation systems suffer performance loss because of architectural heterogeneity amongst ISAs, control flow translation and context switches. In this paper, we propose an FPGA based hardware-software co-designed dynamic binary translation (DBT) system, which moderates these issues at a low level of hardware cost. In our DBT system, we propose a MIPS condition code flags register and a modest ISA extension to bridge the architectural gap, a hardware address mapping mechanism to accelerate the handling of control flow instructions, and a scratchpad memory to reduce performance loss during context switches. We implement the system on Xilinx XC5VLX110T. Quantitative experiments reveal that the overall performance improvement is 56.1% over the baseline configuration, with only extra 1.4% of slices and 5.4% of BRAMs of Xilinx XC5VLX110T occupied.

Emilio G. Cota,Luca P. Carloni

DOI: https://doi.org/10.1145/3313808.3313811

2019-01-01

Abstract:The rise in instruction set architecture (ISA) diversity and the growing adoption of virtual machines are driving a need for fast, scalable, full-system, cross-ISA emulation and instrumentation tools. Unfortunately, achieving high performance for these cross-ISA tools is challenging due to dynamic binary translation (DBT) overhead and the complexity of instrumenting full-system emulators. In this paper we improve cross-ISA emulation and instrumentation performance through three novel techniques. First, we increase floating point (FP) emulation performance by observing that most FP operations can be correctly emulated by surrounding the use of the host FP unit with a minimal amount of non-FP code. Second, we introduce the design of a translator with a shared code cache that scales for multi-core guests, even when they generate translated code in parallel at a high rate. Third, we present an ISA-agnostic instrumentation layer that can instrument guest operations that occur outside of the DBT’s intermediate representation (IR), which are common in full-system emulators. We implement our approach in Qelt, a high-performance cross-ISA machine emulator and instrumentation tool based on QEMU. Our results show that Qelt scales to 32 cores when emulating a guest machine used for parallel compilation, which demonstrates scalable code translation. Furthermore, experiments based on SPEC06 show that Qelt (1) outperforms QEMU as a full-system cross-ISA machine emulator by 1.76×/2.18× for integer/FP workloads, (2) outperforms state-of-the-art, cross-ISA, full-system instrumentation tools by 1.5×-3×, and (3) can match the performance of Pin, a state-of-the-art, same-ISA DBI tool, when used for complex instrumentation such as cache simulation.

Jinhu Jiang,Chaoyi Liang,Rongchao Dong,Zhaohui Yang,Zhongjun Zhou,Wenwen Wang,Pen-Chung Yew,Weihua Zhang

2024-02-15

Abstract:System-level emulators have been used extensively for system design, debugging and evaluation. They work by providing a system-level virtual machine to support a guest operating system (OS) running on a platform with the same or different native OS that uses the same or different instruction-set architecture. For such system-level emulation, dynamic binary translation (DBT) is one of the core technologies. A recently proposed learning-based DBT approach has shown a significantly improved performance with a higher quality of translated code using automatically learned translation rules. However, it has only been applied to user-level emulation, and not yet to system-level emulation. In this paper, we explore the feasibility of applying this approach to improve system-level emulation, and use QEMU to build a prototype. ... To achieve better performance, we leverage several optimizations that include coordination overhead reduction to reduce the overhead of each coordination, and coordination elimination and code scheduling to reduce the coordination frequency. Experimental results show that it can achieve an average of 1.36X speedup over QEMU 6.1 with negligible coordination overhead in the system emulation mode using SPEC CINT2006 as application benchmarks and 1.15X on real-world applications.

Operating Systems,Performance

JIANG Hai-tao,XU Yun,LIAO Yin,JIN Guo-jie,CHEN Guo-liang

DOI: https://doi.org/10.3969/j.issn.1000-1220.2013.07.008

2013-01-01

Abstract:With the diversification of hardware platforms,software compatibility issues have become increasingly prominent.Binary translation system is the key technology to resolve this problem.Majority of the virtual machine execution time consumed in the process of finding and executing back-end instructions,so effective instruction indexing strategies can reduce the instruction addressing overhead and improve the overall efficiency of the system.Based on the statistical analysis of the back-end instruction locality,designed a level based virtual machine instruction indexing strategy w hich can fully exploit the capacity of modern computer hardw are.Based on the special locality of the virtual machine back-end instruction,this strategy uses targeted replacement algorithms to cache the back-end instructions,significantly reduces the overhead of the instruction addressing.With the help of LIIS,the back-end instruction addressing time of QEMU have been reduced by 70%,and the efficiency of full QEMU system have been improved by 15%.

Joseph Huber,Weile Wei,Giorgis Georgakoudis,Johannes Doerfert,Oscar Hernandez

DOI: https://doi.org/10.48550/arXiv.2106.14332

2021-06-28

Abstract:This paper presents a methodology for using LLVM-based tools to tune the DCA++ (dynamical clusterapproximation) application that targets the new ARM A64FX processor. The goal is to describethe changes required for the new architecture and generate efficient single instruction/multiple data(SIMD) instructions that target the new Scalable Vector Extension instruction set. During manualtuning, the authors used the LLVM tools to improve code parallelization by using OpenMP SIMD,refactored the code and applied transformation that enabled SIMD optimizations, and ensured thatthe correct libraries were used to achieve optimal performance. By applying these code changes, codespeed was increased by 1.98X and 78 GFlops were achieved on the A64FX processor. The authorsaim to automatize parts of the efforts in the OpenMP Advisor tool, which is built on top of existingand newly introduced LLVM tooling.

Distributed, Parallel, and Cluster Computing,Materials Science,Hardware Architecture,Computation and Language,Software Engineering

Xiaoqi Yang,Qilong Zheng,Guoliang Chen,Zhen Yao

DOI: https://doi.org/10.1109/PDCAT.2006.94

2006-01-01

Abstract:Multi-core processors can easily provide benefits for multithreaded workloads, but many applications written for uniprocessors cannot automatically benefit from chip multiprocessors (CMP) designs. This paper presents a reverse compilation framework, which translates existing binary code without source code to the Static Single Assignment (SSA) form, and then the internal SSA form is applied by the compilation phase to generate the Speculative Parallel Threading (SPT) code. A profiler is applied to optimize the code dynamically during execution. The evaluation results show that these existing binary codes without source codes execute on CMP with performance improved, due to taking advantage of the speculative parallel threading support provided by the processor.

Jie Shen,Biao Long,Chun Huang

DOI: https://doi.org/10.1007/s11390-021-1203-5

IF: 1.871

2023-08-09

Journal of Computer Science and Technology

Abstract:Transcendental functions are important functions in various high performance computing applications. Because these functions are time-consuming and the vector units on modern processors become wider and more scalable, there is an increasing demand for developing and using vector transcendental functions in such performance-hungry applications. However, the performance of vector transcendental functions as well as their accuracy remain largely unexplored. To address this issue, we perform a comprehensive evaluation of two Single Instruction Multiple Data (SIMD) intrinsics based vector math libraries on two ARMv8 compatible processors. We first design dedicated microbenchmarks that help us understand the performance behavior of vector transcendental functions. Then, we propose a piecewise, quantitative evaluation method with a set of meaningful metrics to quantify their performance and accuracy. By analyzing the experimental results, we find that vector transcendental functions achieve good performance speedups thanks to the vectorization and algorithm optimization. Moreover, vector math libraries can replace scalar math libraries in many cases because of improved performance and satisfactory accuracy. Despite this, the implementations of vector math libraries are still immature, which means further optimization is needed, and our evaluation reveals feasible optimization solutions for future vector math libraries.

computer science, software engineering, hardware & architecture

Weiwu Hu,Qi Liu,Jian Wang,Songsong Cai,Menghao Su,Xiaoyu Li

DOI: https://doi.org/10.1109/iccd.2009.5413138

2009-01-01

Abstract:Binary translation is one of the most important approaches for system migration. However, software binary translation systems often suffer from the inefficiency and traditional hardware-software co-designed virtual machines require the unavoidable re-design of the processor architecture. This paper presents a novel hardware-software co-designed method to accelerate the binary translation on an existing architecture. The hardware supports for source-architecture-only functions, partial decodes and binary translation system acceleration are proposed. These hardware supports help the binary translation system to achieve high performance and simplify the design of the binary translation software. In the meantime, the hardware cost is well controlled in a certain low level. These supports are implemented in Godson-3 processors to speedup the x86 binary translation to the native MIPS instruction set. Performance evaluations on RTL simulation and FPGA emulation platforms show that the proposed method can speedup most benchmark programs by nearly 10 times compared to pure software-based binary translation and achieves about 70% performance of the native program execution. The chip is fabricated in ST 65nm CMOS technology, and the physical design results show that the chip area cost is less than 5%.