Chunqiang Li,Zhiwei Liu,Yunhai Shang,Lenian He,Xiaolang Yan

DOI: https://doi.org/10.3390/electronics12143014

IF: 2.9

2023-01-01

Electronics

Abstract:Binary translation, as an important bridge for application compatibility between different instruction set architectures (ISAs), has attracted much attention in the industry. However, due to hardware resource limitations of the target ISA, the translation efficiency and the practicability are poor. Recently, Apple has made it possible to run x86 programs on ARM through a translation technology called Rosetta based on software-hardware collaboration. In this paper, we proposed a hardware non-invasive mapping method for condition bits (HNIMCB) in binary translation, which innovatively implements the setting and referencing operations of the condition bits without changing the original instruction encoding and function of the target processor. This method is applicable for binary translation from source architectures with condition bit operations to target architectures without condition bit operations. It eliminates the difference of conditional bit resources between the source and target ISAs, reduces the computational instructions and memory access operations after translation from the source to the target ISA, and dramatically improves the translation efficiency. We conducted this experiment on a functional simulation level using the QEMU binary translator from ARM to RISC-V. A series of benchmark tests revealed that the total number of instructions decreased by 41%, while the number of memory access instructions decreased by 37% after the translation applying with the HNIMCB.

Chunqiang Li,Zhiwei Liu,Yunhai Shang,Lenian He,Xiaolang Yan

DOI: https://doi.org/10.1142/s0218126624502426

2024-01-01

Journal of Circuits Systems and Computers

Abstract:In the domain of process virtual machine (PVM) binary translation, the difference in address space layout between the guest program and the translated program requires the recalculation of jump instruction targets, resulting in suboptimal execution efficiency. This paper presents a novel method called SPC-Indexed Indirect Branch Hardware Cache Redirecting (SPCIC) technique. SPCIC utilizes specialized branch instruction to represent indirect branches from guest programs while frequently-used target addresses are cached in a customized hardware mapping table. When translating an indirect branch, SPCIC queries the jump target cache first to achieve a fast redirection unless the destination address is not cached. Besides, SPCIC merely falls back to the software-based remapping approach when the query fails, improving the translation efficiency to the greatest extent. SPCIC is implemented on the QEMU platform to accelerate the translation of ARM payloads into RISC-V. Experiments are carried on SPEC2006 to demonstrate the effectiveness of SPCIC for reducing the runtime overhead of indirect branch translation. The experimental results indicate up to 11% average improvement and 35% maximum improvement are obtained on the selected benchmark.

Gong-dai ZHOU,Xin-cai WANG,Hai-bin SHEN

DOI: https://doi.org/10.3969/j.issn.1001-4551.2008.09.001

2008-01-01

Abstract:Due to the limitation of the cost,silicon area and power consumption,code size is becoming the bottleneck of embedded system development.Therefore,code compression will be one of the key technologies for embedded system in the future.A scheme was presented using dictionary compression,to reduce the redundancy of program code based on ARMv4 instruction set.A couple of design issues of optimizing the main parts in the decompression hardware was discussed.Finally,the code compression scheme on the 6 benchmarks in MiBench was tested,and 81.8% compression ratio was gained.

Wenbing Xie,Qiaoling Luo,Xue Tian,Junyi Huang,Fengbin Qi

DOI: https://doi.org/10.3390/electronics13091608

IF: 2.9

2024-04-24

Electronics

Abstract:The emergence of new instruction set architectures (ISAs) poses challenges in ensuring compatibility with legacy applications. Dynamic binary translation (DBT) serves as a crucial approach for achieving cross-ISA compatibility, enabling legacy applications to run compatibly with cross-ISAs. However, software-based translation encounters significant performance overhead, including substantial memory access and insufficient exploitation of target architecture features. The significant performance overhead challenges hinder the practical implementation of DBT. In this paper, we investigate a novel peephole optimization approach. First, we perform peephole analysis to identify redundant memory access and suboptimal instruction sequences. Next, we leverage live variable analysis to eliminate redundant memory-access instructions. Additionally, we bridge the gaps between cross-ISAs by exploiting ISA-specific features through instruction fusion. Finally, we implement the proposed optimization design using the open-source QEMU and extensively evaluate it on both ARM64 and SW64 platforms. The experimental results reveal that SPEC2006 benchmark effectively gets a maximum performance speedup of 1.52×, alongside a reduction in code size of up to 13.98%. These results affirm the effectiveness of our optimization approach in DBT performance and code sizes.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yuan Yao,Zhongyong Lu,Qingsong Shi,Wenzhi Chen

DOI: https://doi.org/10.1109/FPL.2013.6645554

2013-01-01

Abstract:Binary translation is used to allow applications of one instruction set architecture (ISA) to run on another, thereby maintaining the binary level compatibility across ISAs. Conventional software binary translation systems suffer performance loss because of architectural heterogeneity amongst ISAs, control flow translation and context switches. In this paper, we propose an FPGA based hardware-software co-designed dynamic binary translation (DBT) system, which moderates these issues at a low level of hardware cost. In our DBT system, we propose a MIPS condition code flags register and a modest ISA extension to bridge the architectural gap, a hardware address mapping mechanism to accelerate the handling of control flow instructions, and a scratchpad memory to reduce performance loss during context switches. We implement the system on Xilinx XC5VLX110T. Quantitative experiments reveal that the overall performance improvement is 56.1% over the baseline configuration, with only extra 1.4% of slices and 5.4% of BRAMs of Xilinx XC5VLX110T occupied.

Wei Chen,Dan Chen,Zhiying Wang

DOI: https://doi.org/10.1007/s11227-011-0636-y

IF: 3.3

2011-06-22

The Journal of Supercomputing

Abstract:Dynamic Binary Translation (DBT) has been widely utilized to convert binary code for one Instruction Set Architecture (ISA) to another at run-time and optimize the code when necessary. A two-stage strategy often applies to DBT, which handles hot code and cold code separately using translation and interpretation respectively to ensure execution efficiency. However, an excessively high overhead of interpretation remains to be tackled. It has been observed that interpretation usually involves a large number of redundant redecoding operations. This paper introduces an approach, namely Decoded Instruction Cache (DICache), which caches the information of the interpreted instructions in the history and attempts to reuse the information as much as possible in the future. Performance benchmark has been carried out with the software and the hardware implementations of DICache. The experimental results indicate that DICache can significantly remove the redundancy of redecoding operations, and this results in a dramatic decline of interpretation overhead.

Jinhu Jiang,Rongchao Dong,Zhongjun Zhou,Changheng Song,Wenwen Wang,Pen-Chung Yew,Weihua Zhang

DOI: https://doi.org/10.1109/micro50266.2020.00043

2020-01-01

Micro

Abstract:Dynamic binary translation (DBT) is widely used in system virtualization and many other important applications. To achieve a higher translation quality, a learning-based approach has been recently proposed to automatically learn semantically-equivalent translation rules. Because translation rules directly impact the quality and performance of the translated host codes, one of the key issues is to collect as many translation rules as possible through minimal training data set. The collected translation rules should also cover (i.e. apply to) as many guest binary instructions or code sequences as possible at the runtime. For those guest binary instructions that are not covered by the learned rules, emulation has to be used, which will incur additional runtime overhead. Prior learning-based DBT systems only achieve an average of about 69% dynamic code coverage for SPEC CINT 2006.In this paper, we propose a novel parameterization approach to take advantage of the regularity and the well-structured format in most modern ISAs. It allows us to extend the learned translation rules to include instructions or instruction sequences of similar structures or characteristics that are not covered in the training set. More translation rules can thus be harvested from the same training set. Experimental results on QEMU 4.1 show that using such a parameterization approach we can expand the learned 2,724 rules to 86,423 applicable rules for SPEC CINT 2006. Its code coverage can also be expanded from about 69.7% to about 95.5% with a 24% performance improvement compared to enhanced learning-based approach.

Wei Li,Xiaohui Luo,Yiran Zhang,Qingkai Meng,Fengyuan Ren

DOI: https://doi.org/10.1007/978-3-031-12597-3_1

2022-01-01

Abstract:Emulation of Instruction Set Architecture (ISA) is necessary for a wide variety of use cases, such as providing the compatibility to execute programs compiled for a different ISA. This issue is usually solved using Dynamic Binary Translation (DBT), where guest machine code is translated to host ISA on runtime and Just-in-time (JIT) compilation is performed to achieve high-performance emulation. QEMU, a famous emulator, is developed to solve this issue, where Tiny Code Generator (TCG) is constructed to translate guest binary code to TCG Intermediate Representation (IR), and then generate target ISA machine code from TCG IR. Due to the limitations of TCG, some extensions, such as HQEMU, use LLVM as the backend to optimize programs and generate high-performance machine code. However, HQEMU is limited by its underlying implementation. That is, HQEMU still translates guest binary code to TCG IR at first. In this paper, we develop a novel, LLVM-based emulator, where guest machine code is directly lifted to LLVM IR to reduce the extra overhead and produce high-quality machine code. We evaluate our DBT emulator using BYTEmark benchmark and demonstrating its ability to outperform the de facto standard QEMU DBT system. The evaluation results confirm that our emulator delivers an average speedup of 3.3x over QEMU across BYTEmark benchmark compiled for x86-64 running on an ARMv8 platform, meanwhile, demonstrate that our user-level DBT emulator can significantly reduce the overhead to run a program on a cross-ISA system.

Wenwen Wang,Jiacheng Wu,Xiaoli Gong,Tao Li,Pen-Chung Yew

DOI: https://doi.org/10.1145/3186411.3186413

2018-01-01

ACM SIGPLAN Notices

Abstract:The recent transition in the software industry toward dynamically generated code poses a new challenge to existing dynamic binary translation (DBT) systems. A significant re-translation overhead could be introduced due to the maintenance of the consistency between the dynamically-generated guest code and the corresponding translated host code. To address this issue, this paper presents a novel approach to optimize DBT systems for guest applications with dynamically-generated code. The proposed approach can maximize the reuse of previously translated host code to mitigate the re-translation overhead. A prototype based on such an approach has been implemented on an existing DBT system HQEMU. Experimental results on a set of JavaScript applications show that it can achieve a 1.24X performance speedup on average compared to the original HQEMU.

Wei Chen,Li Shen,Hongyi Lu,Zhiying Wang,Nong Xiao

DOI: https://doi.org/10.1109/ICPADS.2009.134

2009-01-01

Abstract:Interpretation and basic block translation (BBT) are two typical strategies for cold code emulation in a dynamic binary translation (DBT) system. More and more DBT systems employ BBT as the generated native code runs more efficient than the interpretation routines. We observe that BBT's high efficiency is based on those special hardware assists. With certain simple hardware techniques, interpretation could outperform BBT. In our pervious work, we proposed a hardware interpreted code cache (Pcache) mechanism to speedup interpretation by saving the decoded instruction information during interpretation. This light-weight code cache design could be extended to assist the hotspots translation, thus further reduce the DBT systems' overhead. We add the translation entry into the Pcache design thus saving most decoding operations during translation. We use eight SPEC 2000 integer benchmarks on our DBT simulator. Results show that the modified Pcache design causes a speedup of 1.94 according to the referenced DBT with basic interpretation and the interpretation based DBT system assisted by the modified Pcache performs more efficiently than the DBT system which employs BBT for the cold code.

Wei Chen,Hongyi Lu,Li Shen,Zhiying Wang,Nong Xiao

DOI: https://doi.org/10.1109/ispa.2009.83

2009-01-01

Abstract:Dynamic binary translation (DBT) converts codes written for a source instruction set architecture (ISA) into optimized code for a target ISA. DBT has emerged as an important tool with real world applications. Interpretation is always adopted to handle the non-hotspot code in a two-stage DBT system. An important consideration in such DBT systems is the interpretation overhead. We investigate that repeated redecoding operations are the bottleneck of interpretation overhead. We propose interpreted code cache (Pcache), a hardware assist to save the information of the decoded instruction for reuse. We analyze and model Pcache performance via simulation on a DBT system simulator. Results from SPEC2000 integer benchmarks show that Pcache could significantly reduce redecoding operations and the overhead of interpretation in a DBT system. The speedup of interpretation is up to 17.12 on average with assist of Pcache. We also analyze the extra overhead caused by Pcache, which is neglectable compared to the performance gains.

Emilio G. Cota,Luca P. Carloni

DOI: https://doi.org/10.1145/3313808.3313811

2019-01-01

Abstract:The rise in instruction set architecture (ISA) diversity and the growing adoption of virtual machines are driving a need for fast, scalable, full-system, cross-ISA emulation and instrumentation tools. Unfortunately, achieving high performance for these cross-ISA tools is challenging due to dynamic binary translation (DBT) overhead and the complexity of instrumenting full-system emulators. In this paper we improve cross-ISA emulation and instrumentation performance through three novel techniques. First, we increase floating point (FP) emulation performance by observing that most FP operations can be correctly emulated by surrounding the use of the host FP unit with a minimal amount of non-FP code. Second, we introduce the design of a translator with a shared code cache that scales for multi-core guests, even when they generate translated code in parallel at a high rate. Third, we present an ISA-agnostic instrumentation layer that can instrument guest operations that occur outside of the DBT’s intermediate representation (IR), which are common in full-system emulators. We implement our approach in Qelt, a high-performance cross-ISA machine emulator and instrumentation tool based on QEMU. Our results show that Qelt scales to 32 cores when emulating a guest machine used for parallel compilation, which demonstrates scalable code translation. Furthermore, experiments based on SPEC06 show that Qelt (1) outperforms QEMU as a full-system cross-ISA machine emulator by 1.76×/2.18× for integer/FP workloads, (2) outperforms state-of-the-art, cross-ISA, full-system instrumentation tools by 1.5×-3×, and (3) can match the performance of Pin, a state-of-the-art, same-ISA DBI tool, when used for complex instrumentation such as cache simulation.

Xuhao Chen,Zhong Zheng,Li Shen,Wei Chen,Zhiying Wang

DOI: https://doi.org/10.1109/PAAP.2011.34

2011-01-01

Abstract:Dynamic binary translation is an effective way to address binary compatibility problem. Embedded systems and other novel RISC ISAs are developing fast without consideration of the binary compatibility with off-the-shelf x86 applications, making dynamic binary translator (DBT) from CISC to RISC more important. However, dynamic code generation is still inefficient due to the code expansion. Conventional code generators in DBTs use one-to-many mapping scheme between source and target code which cannot take full advantage of the target ISA. We propose a novel lightweight code generation algorithm GSM (Greedy Sub graph Mapping), which can generate compact code with low overhead using many-to-one mapping. GSM is implemented and evaluated in a DBT prototype system called TransARM. Experimental results demonstrate that GSM generates higher quality target code compared to a conventional implementation, which brings code expansion rate close to 1.3. Moreover, GSM causes slightly extra overhead and negligible slowdown of translation, and enables 10% performance improvement for target code execution.

Jiunn-Yeu Chen,Wuu Yang,Wei-Chung Hsu,Bor-Yeh Shen,Quan-Huei Ou

DOI: https://doi.org/10.1145/2996458

2017-08-31

ACM Transactions on Embedded Computing Systems

Abstract:Code discovery has been a main challenge for static binary translation, especially when the source instruction set architecture has variable-length instructions, such as the x86 architectures. Due to embedded data such as PC (program counter)-relative data, jump tables, or paddings in the code section, a binary translator may be misled to translate data as instructions. For variable-length instructions, once a piece of data is mis-translated as instructions, decoding subsequent bytes could also go wrong. We are concerned with static binary translation for the very popular Advanced RISC Machine (ARM) architectures. Although ARM is considered a reduced instruction set computer architecture, it does allow the mix of 32-bit (ARM) instructions and 16-bit (Thumb) instructions in the same executables. In addition to different instruction lengths, the ARM and Thumb instructions are located at 4-byte or 2-byte aligned addresses, respectively. Furthermore, because ARM and Thumb instructions share the same encoding space, a 4-byte word could sometimes be decoded as one ARM instruction or two Thumb instructions. The correct decoding of this 4-byte word is actually determined at runtime by the least-significant bit of the program counter. For unstripped binaries, the mapping symbols can be used to identify ARM code regions and Thumb code regions. However, for stripped binaries, such mapping symbols are unavailable. We propose a novel solution to statically translate stripped ARM/Thumb mixed executables. Our solution is implemented in a static binary translator. The binary translator further generates multiple versions of translated code for the code regions whose types cannot be determined with our solution. One of the code versions is selected during runtime. The binary translator also includes a series of analyses that enable the removal of most useless code versions. Based on the experimental results on stripped ARM/Thumb mixed binaries in the SPEC2006 and Embedded Microprocessor Benchmark Consortium (EEMBC) benchmark suites, our static binary translator achieves impressive performance when migrating them to run on x86 machines and the space overhead is no more than 10%.

computer science, software engineering, hardware & architecture

Changheng Song,Wenwen Wang,Pen-Chung Yew,Antonia Zhai,Weihua Zhang

2019-01-01

Abstract:Dynamic binary translation (DBT) is a key system technology that enables many important system applications such as system virtualization and emulation. To achieve good performance, it is important for a DBT system to be equipped with high-quality translation rules. However, most translation rules in existing DBT systems are created manually with high engineering efforts and poor quality. To solve this problem, a learning-based approach was recently proposed to automatically learn semantically-equivalent translation rules, and symbolic verification is used to prove the semantic equivalence of such rules. But, they still suffer from some shortcomings. In this paper, we first give an in-depth analysis on the constraints of prior learning-based methods and observe that the equivalence requirements are often unduly restrictive. It excludes many potentially high-quality rule candidates from being included and applied. Based on this observation, we propose an enhanced learning-based approach that relaxes such equivalence requirements but supplements them with constraining conditions to make them semantically equivalent when such rules are applied. Experimental results on SPEC CINT2006 show that the proposed approach can improve the dynamic coverage of the translation from 55.7% to 69.1% and the static coverage from 52.2% to 61.8%, compared to the original approach. Moreover, up to 1.65X performance speedup with an average of 1.19X are observed.

Ding-Yong Hong,Yu-Ping Liu,Sheng-Yu Fu,Jan-Jan Wu,Wei-Chung Hsu

DOI: https://doi.org/10.1145/3173456

2018-06-02

ACM Transactions on Embedded Computing Systems

Abstract:Recent trends in SIMD architecture have tended toward longer vector lengths, and more enhanced SIMD features have been introduced in newer vector instruction sets. However, legacy or proprietary applications compiled with short-SIMD ISA cannot benefit from the long-SIMD architecture that supports improved parallelism and enhanced vector primitives, resulting in only a small fraction of potential peak performance. This article presents a dynamic binary translation technique that enables short-SIMD binaries to exploit benefits of new SIMD architectures by rewriting short-SIMD loop code. We propose a general approach that translates loops consisting of short-SIMD instructions to machine-independent IR, conducts SIMD loop transformation/optimization at this IR level, and finally translates to long-SIMD instructions. Two solutions are presented to enforce SIMD load/store alignment, one for the problem caused by the binary translator’s internal translation condition and one general approach using dynamic loop peeling optimization. Benchmark results show that average speedups of 1.51× and 2.48× are achieved for an ARM NEON to x86 AVX2 and x86 AVX-512 loop transformation, respectively.

computer science, software engineering, hardware & architecture

JIANG Hai-tao,XU Yun,LIAO Yin,JIN Guo-jie,CHEN Guo-liang

DOI: https://doi.org/10.3969/j.issn.1000-1220.2013.07.008

2013-01-01

Abstract:With the diversification of hardware platforms,software compatibility issues have become increasingly prominent.Binary translation system is the key technology to resolve this problem.Majority of the virtual machine execution time consumed in the process of finding and executing back-end instructions,so effective instruction indexing strategies can reduce the instruction addressing overhead and improve the overall efficiency of the system.Based on the statistical analysis of the back-end instruction locality,designed a level based virtual machine instruction indexing strategy w hich can fully exploit the capacity of modern computer hardw are.Based on the special locality of the virtual machine back-end instruction,this strategy uses targeted replacement algorithms to cache the back-end instructions,significantly reduces the overhead of the instruction addressing.With the help of LIIS,the back-end instruction addressing time of QEMU have been reduced by 70%,and the efficiency of full QEMU system have been improved by 15%.

王荣华,孟建熠,陈志坚,严晓浪

DOI: https://doi.org/10.15514/ispras-2012-22-13

2014-01-01

Abstract:An efficient mapping method named compare and condition branch fast mapping algorithm was proposed in order to improve emulating and processing speed of condition flags. The algorithm mainly focuses on 'compare and condition branch' instruction pairs which occupy a large proportion of condition code defining and using instruction pair. The method dynamically identifies and extracts the "compare and condition branch" instruction pair in the source block and completes instruction mapping by using the inherent conditional dependencies of the target machine. By avoiding the complex and uniform traditional processes for these special instruction pairs, dynamic binary translator has achieved great performance improvement. Results of benchmark on QEMU emulator showed that the generated instruction number for translating condition code was reduced by 20% to 90% than that of traditional methods.

Weiwu Hu,Qi Liu,Jian Wang,Songsong Cai,Menghao Su,Xiaoyu Li

DOI: https://doi.org/10.1109/iccd.2009.5413138

2009-01-01

Abstract:Binary translation is one of the most important approaches for system migration. However, software binary translation systems often suffer from the inefficiency and traditional hardware-software co-designed virtual machines require the unavoidable re-design of the processor architecture. This paper presents a novel hardware-software co-designed method to accelerate the binary translation on an existing architecture. The hardware supports for source-architecture-only functions, partial decodes and binary translation system acceleration are proposed. These hardware supports help the binary translation system to achieve high performance and simplify the design of the binary translation software. In the meantime, the hardware cost is well controlled in a certain low level. These supports are implemented in Godson-3 processors to speedup the x86 binary translation to the native MIPS instruction set. Performance evaluations on RTL simulation and FPGA emulation platforms show that the proposed method can speedup most benchmark programs by nearly 10 times compared to pure software-based binary translation and achieves about 70% performance of the native program execution. The chip is fabricated in ST 65nm CMOS technology, and the physical design results show that the chip area cost is less than 5%.

Jinhu Jiang,Chaoyi Liang,Rongchao Dong,Zhaohui Yang,Zhongjun Zhou,Wenwen Wang,Pen-Chung Yew,Weihua Zhang

2024-02-15

Abstract:System-level emulators have been used extensively for system design, debugging and evaluation. They work by providing a system-level virtual machine to support a guest operating system (OS) running on a platform with the same or different native OS that uses the same or different instruction-set architecture. For such system-level emulation, dynamic binary translation (DBT) is one of the core technologies. A recently proposed learning-based DBT approach has shown a significantly improved performance with a higher quality of translated code using automatically learned translation rules. However, it has only been applied to user-level emulation, and not yet to system-level emulation. In this paper, we explore the feasibility of applying this approach to improve system-level emulation, and use QEMU to build a prototype. ... To achieve better performance, we leverage several optimizations that include coordination overhead reduction to reduce the overhead of each coordination, and coordination elimination and code scheduling to reduce the coordination frequency. Experimental results show that it can achieve an average of 1.36X speedup over QEMU 6.1 with negligible coordination overhead in the system emulation mode using SPEC CINT2006 as application benchmarks and 1.15X on real-world applications.

Operating Systems,Performance