可重定目標且高效能之動態二元碼轉譯器框架系統

Abstract

動態二元碼翻譯是虛擬化技術的核心技術因為它可用來加速指令集模擬。 對於動態二元碼翻譯器而言,其關鍵在於所翻譯的二元碼的質量, 以及是否可以在程式執行過程找到再優化增進效能的程 式區段。 在這論文中,我們呈現一個可重置的二元碼翻譯系統,此系統可產生高效能的動態二元碼翻譯器。 我們另提出二種執行熱區偵查方法來增加動態二元碼翻譯器的效能。 對一動態二元碼> 翻譯器而言,其翻譯的二元碼對於效能的影響甚為重要。故通常我們會對翻譯碼做手動優化。 然而這樣手動優化過的翻譯器是難以重置到另一系統,因為需要同樣的實作力氣來移植翻譯器到新的> 平台上。此論文首先提出一容易重置的二元碼翻譯系統,稱為 LLVM+QEMU (LnQ), 利用現有的編譯器技術來產生高效能的動態二元碼翻譯器。與 QEMU 相比, LnQ 在 ARM到 x86_64 及 x86 到 ARM 的動態二元碼翻譯器上於SPEC CINT2006中有高於2倍的效能表現。 此外,能否在程式執行過程中偵測出執行程式熱區也是影響效能的一關鍵因素。 在此論文中我們將指出現今熱區偵測方法不好 的地方, 亦即其所偵測的熱區會無法完全執行,如果這樣的熱區很多的話將會導至效能不佳。 我們首先提出測量此一弱點的方法來證明此弱點真的存在。進而我們再提出一改進此弱點的方法。 > 我們在此論文中提出一輕量級的熱區偵測技術稱為「Early-Exit Guided Region Formation (EEG)」。EEG 能持續地尋找出無法完全執行的熱區並將它與其他熱區合併來改進效能。 這方法對於 ARM 到 x86_64 的動態二元碼翻譯器能有效改進之前的方法約23%。對於x86_64 到 ARM的翻譯器約有11% 我們最後提出另一種以程序為單位的熱區偵測方法。並比較EEG與此方法的優劣。

Dynamic binary translation is one of the core technologies in virtualization to boost the performace of instruction set architecture (ISA) simulation. The key factors to the performace of dynamic binary translators are the quality of translated code and the ability to detect hot regions at runtime. This dissertation builds a retargetable dynamic binary translator framework and provides two hot region detection approaches to improve the performance of dynamic binary translators. The quality of translated code is critical to the performance of a dynamic binary translator, which implements the semantics of the guest ISA instructions with the host ISA instructions, so the translated code is often carefully hand-optimized. However a hand-optimized translator is not retargetabile because it takes tremen- dous implementation e orts for software engineers to port it to a new host ISA. This dissertation rst proposes an LLVM+QEMU (LnQ) framework for build- ing high performance and retargetable binary translators with existing compiler modules. The goal of LnQ framework is to enable the process of building high performance and retargetable dynamic binary translators with existing industry- strength compiler optimization passes and code generation backends. Compared to QEMU, the LnQ shows more than 2X speedup in CINT2006 for ARM-to-x86_64 and x86-to-ARM dynamic binary translators compared to QEMU. Besides the quality of translated code, the ability to detect hot regions of guest applications also determines the performance of dynamic binary translators. Most dynamic binary translators target traces, i.e. frequently executed code paths, as code regions to be translated and optimized. The Next-Executing-Tail (NET) trace formation method is an important example of such techniques. Many existing trace formation schemes are variants of NET. This dissertation examines the ine ciency of NET-like trace formation algorithms. We found the formed traces may contain a large number of early exits that could be branched out during the execution. If this happens frequently, the program execution will spend more time in the slow binary interpreter or in the unopti- mized code regions than in the optimized traces in code cache. The bene t of the trace optimization is thus lost. Traces with frequently taken early-exits are called delinquent traces. This dissertation proposes a light-weight region formation technique called Early- Exit Guided Region Formation (EEG) to improve the e ciency of traces. It itera- tively identi es and merges delinquent regions into larger code regions. It is shown the EEG achieves 1.23X and 1.11X speedup in CINT2006 for ARM-to-x86_64 and x86-to-ARM DBTs compared to NET. This dissertation also studies the procedure-based dynamic binary translator that detects hot procedures as its compilation (i.e. translation and optimization) unit. We compare the performance of our EEG region formation algorithm with proce- dure region.