Retargetable and Effi cient Dynamic Binary Translation Framework
Date Issued
2015
Date
2015
Author(s)
Hsu, Chun-Chen
Abstract
Dynamic binary translation is one of the core technologies in virtualization to boost the performace of instruction set architecture (ISA) simulation. The key factors to the performace of dynamic binary translators are the quality of translated code and the ability to detect hot regions at runtime. This dissertation builds a retargetable dynamic binary translator framework and provides two hot region detection approaches to improve the performance of dynamic binary translators. The quality of translated code is critical to the performance of a dynamic binary translator, which implements the semantics of the guest ISA instructions with the host ISA instructions, so the translated code is often carefully hand-optimized. However a hand-optimized translator is not retargetabile because it takes tremen- dous implementation e orts for software engineers to port it to a new host ISA. This dissertation rst proposes an LLVM+QEMU (LnQ) framework for build- ing high performance and retargetable binary translators with existing compiler modules. The goal of LnQ framework is to enable the process of building high performance and retargetable dynamic binary translators with existing industry- strength compiler optimization passes and code generation backends. Compared to QEMU, the LnQ shows more than 2X speedup in CINT2006 for ARM-to-x86_64 and x86-to-ARM dynamic binary translators compared to QEMU. Besides the quality of translated code, the ability to detect hot regions of guest applications also determines the performance of dynamic binary translators. Most dynamic binary translators target traces, i.e. frequently executed code paths, as code regions to be translated and optimized. The Next-Executing-Tail (NET) trace formation method is an important example of such techniques. Many existing trace formation schemes are variants of NET. This dissertation examines the ine ciency of NET-like trace formation algorithms. We found the formed traces may contain a large number of early exits that could be branched out during the execution. If this happens frequently, the program execution will spend more time in the slow binary interpreter or in the unopti- mized code regions than in the optimized traces in code cache. The bene t of the trace optimization is thus lost. Traces with frequently taken early-exits are called delinquent traces. This dissertation proposes a light-weight region formation technique called Early- Exit Guided Region Formation (EEG) to improve the e ciency of traces. It itera- tively identi es and merges delinquent regions into larger code regions. It is shown the EEG achieves 1.23X and 1.11X speedup in CINT2006 for ARM-to-x86_64 and x86-to-ARM DBTs compared to NET. This dissertation also studies the procedure-based dynamic binary translator that detects hot procedures as its compilation (i.e. translation and optimization) unit. We compare the performance of our EEG region formation algorithm with proce- dure region.
Subjects
binary translator
region formation
just-in-time compilation
QEMU
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-104-D95922006-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):b537337d78116b71caf0ef8dfd9807cc