Programming Technologies, MIPT, April 7th, 2012
Introduction to Binary Translation Technology
Roman Sokolov SMWare
Elbrus Binary Translation Technology for IA-32 CompatibilityIntroduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
• Binary translation is a process of conversion of source (guest) architecture executable binary codes into executable codes of target (native) architecture.
• Motivations:• binary compatibility w/o source codes recompilation (new archs
enabling – more efficient, less complicated, etc.)• dynamic optimization• JIT• security• instrumentation and analysis of binaries• virtualization• simulation• …
Guest Applications
Guest BIOS,OS & Libraries
GuestApplications
App level BT
NativeApplications
Native BIOS, OS & Libraries
HW
Full System BT
HW
Application-level DBTS Full system DBTS
Elbrus Binary Translation Technology for IA-32 Compatibility
BT systems classes
Static Dynamic
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Elbrus Binary Translation Technology for IA-32 Compatibility
x86nativex86nativex86
x86guestNew native applications
x86x86
Transmeta’s
Approach
x86nativex86
applications
Intel’s Approach
Example: How to use MS Windows on x86-incompatible computer
Elbrus’s Approach
(mode choice at boot time)
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Adaptive binary translation (1/2)
Adaptive dynamic binary translation (1/2)
Optimizing region translation
Guest binaries
Interpretation (and profiling of traces)
Non-optimizing trace translation
Translations cache: execution and
profiling of regions
Adaptive retranslation
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Adaptive dynamic binary translation (2/2): profile of execution
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Adaptive binary translation (1/2)
BTS layout
Guest MemorySpace
BT System(native)Memory SpaceSystem CodeSystem DataCompiler HeapCode CachesAddrMap Table
Code Base
Invisible for guest programsInvisible for guest programs
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Adaptive binary translation (1/2)
Guest control transfer (AddrMap+Cache, GRAS, Native linking)
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Translations cache
Transl.
AddrMap (S/W)AddrMap Cache (H/W)
Transl.
Translateg. brn
n. brn
found
not found
Transl.
GRAS (H/W)
Transl.Transl. g. rtn (pop)
push on g. call
g.rtn (pop)
g. call
Adaptive binary translation (1/2)
Security
Self-modifying code
Interrupts and precise exceptions
Difference in legacy and host ops semantics
Binary Translation ProblemsBinary Translation Problems
Memory mapped I/O devices
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Robust performance required!
Adaptive binary translation (1/2)
Hardware support
Functionality Performance
Compatible TLB, MMU, guest memory space support
Compatible global registers, FP stack
Guest code modification protection (SMC/DMA)
Instruction equivalents
BTS ROM Guest-to-native address translation cache, Guest return address stack
Recovery support
Asynchronous interrupts support
Memory mapped I/O pages protection
H/W thread/core for dynamic opt.
MLT, DAM, …
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Adaptive binary translation (1/2)
Optimized code Compensation code
computes & restorescontext for Current RP
Non-optimized code
Set Recovery Pointinstruction
Exception Handler
GuestException Handler
Program execution
Speculativeinstructionbringing
exceptionreturns
diagnosticvalue
Real exception on
the same guest instr.
Check instr.
causes exception
Back to Current RP
Recovery model
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
0
1
1
0
0
Binary Translated
Code
Guest code
Guest code
Translation
Physical Space Bitmap
Native VM Space
Guest VM Space
Physical memory space is represented via a bitmapBitmap entry represents 4K in physical space Translator tags guest code memory locations in the bitmap
Physical memory protection (1/2): translation
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Adaptive binary translation (1/2)
0
1
1
0
0
Binary Translated
Code
Guest code
Guest code
TLB
Physical Space Bitmap
Chipset
HDD
DMANative VM Space
Guest VM SpaceException
Exception
Writes to the tagged memory locations result in exceptions TLB protects tagged memory locations from CPU memory writes Chipset protects tagged memory locations from DMA memory writes
Bitmap entries are cached internally in hardware Exact memory address reported for each violation attempted
Physical memory protection (2/2): execution
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Dynamic optimization vs. Latency
Execution Execution
New hot region acquired
Interrupt
Interrupt delivery delay (latency)
Interrupt delivery
End of optimizationStart of optimization
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Background optimization
Approach• Optimizing translation is separated in a different thread (optimization
thread), that can run simultaneously with the main execution thread.• Hot regions are detected by the execution thread and are then scheduled to
be optimized in background by the optimization thread.
Dual(many)-coreOptimization is moved onto underutilized processor core Benefits• Improves application’s execution
latency• Removes overhead from the
application’s execution• Enables the application of
more aggressive optimizations.
Single-coreOptimization is interleaved with execution
Benefits• Improves application’s execution
latency
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Single-core background optimization (1/3)
Execution Execution
New hot region acquired
Interrupt
Interrupt delivery
End of optimizationStart of optimization
InterruptInterrupt delivery
Execution
Optimization
Time-sliced optimization
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Dual-core background optimization (1/2)
Core 2· Optimizing translation of region
Core 1· Execution· Run-time support· Interpreter and non-opt. translation
Acquire new hot region
Allocate region translation in translation cache
Offloaded optimization
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Future works
Guest architecture multiprocessor system emulation
Guest Applications
Guest BIOS,OS & Libraries
Full System BT
HW
Guest Applications
Guest BIOS,OS & Libraries
Full System BT
Core0:Exec
Core1:Opt
Full System BT
Core0:Exec
Core1:Opt
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Adaptive binary translation (1/2)
Dynamic Binary Translation: summary
• Key paradigm for resolving compatibility/performancetension is speculation, recovery, and adaptive retranslation
• The devil is in the details: a successful solution must dealwith unpleasant architectural details
• Precise exceptions• Interrupts and DMA• Memory-mapped I/O• Self-modifying code
All techniques developed for real performance problems
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Adaptive binary translation (1/2)
Dynamic Binary Translation: summary
Proc• Enables transparent transition to new architectures• Allows to transparently improve underlying hardware• Optimization of legacy codes with no sources available• Provides run-time optimization opportunities (as compared to static
native compilers)• Hardware bugs masking
Cons• Translation overhead degrades runtime performance• BTS consumes RAM to store internal structures and translated
codes• High-performance BT requires hardware support• Full-system BTS are hard to debug
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Q&A
Further reading: Virtual Machines: Versatile Platforms for Systems and Processes by: Jim Smith, Ravi Nair; Morgan Kaufmann Publishers
Introduction to Binary Translation Technology, Programming Technologies, MIPT, April 7th, 2012
Top Related