qemu/tcg/tci/README
<<
>>
Prefs
   1TCG Interpreter (TCI) - Copyright (c) 2011 Stefan Weil.
   2
   3This file is released under the BSD license.
   4
   51) Introduction
   6
   7TCG (Tiny Code Generator) is a code generator which translates
   8code fragments ("basic blocks") from target code (any of the
   9targets supported by QEMU) to a code representation which
  10can be run on a host.
  11
  12QEMU can create native code for some hosts (arm, hppa, i386, ia64, ppc, ppc64,
  13s390, sparc, x86_64). For others, unofficial host support was written.
  14
  15By adding a code generator for a virtual machine and using an
  16interpreter for the generated bytecode, it is possible to
  17support (almost) any host.
  18
  19This is what TCI (Tiny Code Interpreter) does.
  20
  212) Implementation
  22
  23Like each TCG host frontend, TCI implements the code generator in
  24tcg-target.inc.c, tcg-target.h. Both files are in directory tcg/tci.
  25
  26The additional file tcg/tci.c adds the interpreter.
  27
  28The bytecode consists of opcodes (same numeric values as those used by
  29TCG), command length and arguments of variable size and number.
  30
  313) Usage
  32
  33For hosts without native TCG, the interpreter TCI must be enabled by
  34
  35        configure --enable-tcg-interpreter
  36
  37If configure is called without --enable-tcg-interpreter, it will
  38suggest using this option. Setting it automatically would need
  39additional code in configure which must be fixed when new native TCG
  40implementations are added.
  41
  42System emulation should work on any 32 or 64 bit host.
  43User mode emulation might work. Maybe a new linker script (*.ld)
  44is needed. Byte order might be wrong (on big endian hosts)
  45and need fixes in configure.
  46
  47For hosts with native TCG, the interpreter TCI can be enabled by
  48
  49        configure --enable-tcg-interpreter
  50
  51The only difference from running QEMU with TCI to running without TCI
  52should be speed. Especially during development of TCI, it was very
  53useful to compare runs with and without TCI. Create /tmp/qemu.log by
  54
  55        qemu-system-i386 -d in_asm,op_opt,cpu -D /tmp/qemu.log -singlestep
  56
  57once with interpreter and once without interpreter and compare the resulting
  58qemu.log files. This is also useful to see the effects of additional
  59registers or additional opcodes (it is easy to modify the virtual machine).
  60It can also be used to verify native TCGs.
  61
  62Hosts with native TCG can also enable TCI by claiming to be unsupported:
  63
  64        configure --cpu=unknown --enable-tcg-interpreter
  65
  66configure then no longer uses the native linker script (*.ld) for
  67user mode emulation.
  68
  69
  704) Status
  71
  72TCI needs special implementation for 32 and 64 bit host, 32 and 64 bit target,
  73host and target with same or different endianness.
  74
  75            | host (le)                     host (be)
  76            | 32             64             32             64
  77------------+------------------------------------------------------------
  78target (le) | s0, u0         s1, u1         s?, u?         s?, u?
  7932 bit      |
  80            |
  81target (le) | sc, uc         s1, u1         s?, u?         s?, u?
  8264 bit      |
  83            |
  84target (be) | sc, u0         sc, uc         s?, u?         s?, u?
  8532 bit      |
  86            |
  87target (be) | sc, uc         sc, uc         s?, u?         s?, u?
  8864 bit      |
  89            |
  90
  91System emulation
  92s? = untested
  93sc = compiles
  94s0 = bios works
  95s1 = grub works
  96s2 = Linux boots
  97
  98Linux user mode emulation
  99u? = untested
 100uc = compiles
 101u0 = static hello works
 102u1 = linux-user-test works
 103
 1045) Todo list
 105
 106* TCI is not widely tested. It was written and tested on a x86_64 host
 107  running i386 and x86_64 system emulation and Linux user mode.
 108  A cross compiled QEMU for i386 host also works with the same basic tests.
 109  A cross compiled QEMU for mipsel host works, too. It is terribly slow
 110  because I run it in a mips malta emulation, so it is an interpreted
 111  emulation in an emulation.
 112  A cross compiled QEMU for arm host works (tested with pc bios).
 113  A cross compiled QEMU for ppc host works at least partially:
 114  i386-linux-user/qemu-i386 can run a simple hello-world program
 115  (tested in a ppc emulation).
 116
 117* Some TCG opcodes are either missing in the code generator and/or
 118  in the interpreter. These opcodes raise a runtime exception, so it is
 119  possible to see where code must be added.
 120
 121* The pseudo code is not optimized and still ugly. For hosts with special
 122  alignment requirements, it needs some fixes (maybe aligned bytecode
 123  would also improve speed for hosts which support byte alignment).
 124
 125* A better disassembler for the pseudo code would be nice (a very primitive
 126  disassembler is included in tcg-target.inc.c).
 127
 128* It might be useful to have a runtime option which selects the native TCG
 129  or TCI, so QEMU would have to include two TCGs. Today, selecting TCI
 130  is a configure option, so you need two compilations of QEMU.
 131