README - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
README (4279B)
      1TCG Interpreter (TCI) - Copyright (c) 2011 Stefan Weil.
      2
      3This file is released under the BSD license.
      4
      51) Introduction
      6
      7TCG (Tiny Code Generator) is a code generator which translates
      8code fragments ("basic blocks") from target code (any of the
      9targets supported by QEMU) to a code representation which
     10can be run on a host.
     11
     12QEMU can create native code for some hosts (arm, i386, ia64, ppc, ppc64,
     13s390, sparc, x86_64). For others, unofficial host support was written.
     14
     15By adding a code generator for a virtual machine and using an
     16interpreter for the generated bytecode, it is possible to
     17support (almost) any host.
     18
     19This is what TCI (Tiny Code Interpreter) does.
     20
     212) Implementation
     22
     23Like each TCG host frontend, TCI implements the code generator in
     24tcg-target.c.inc, tcg-target.h. Both files are in directory tcg/tci.
     25
     26The additional file tcg/tci.c adds the interpreter and disassembler.
     27
     28The bytecode consists of opcodes (with only a few exceptions, with
     29the same same numeric values and semantics as used by TCG), and up
     30to six arguments packed into a 32-bit integer.  See comments in tci.c
     31for details on the encoding.
     32
     333) Usage
     34
     35For hosts without native TCG, the interpreter TCI must be enabled by
     36
     37        configure --enable-tcg-interpreter
     38
     39If configure is called without --enable-tcg-interpreter, it will
     40suggest using this option. Setting it automatically would need
     41additional code in configure which must be fixed when new native TCG
     42implementations are added.
     43
     44For hosts with native TCG, the interpreter TCI can be enabled by
     45
     46        configure --enable-tcg-interpreter
     47
     48The only difference from running QEMU with TCI to running without TCI
     49should be speed. Especially during development of TCI, it was very
     50useful to compare runs with and without TCI. Create /tmp/qemu.log by
     51
     52        qemu-system-i386 -d in_asm,op_opt,cpu -D /tmp/qemu.log -singlestep
     53
     54once with interpreter and once without interpreter and compare the resulting
     55qemu.log files. This is also useful to see the effects of additional
     56registers or additional opcodes (it is easy to modify the virtual machine).
     57It can also be used to verify native TCGs.
     58
     59Hosts with native TCG can also enable TCI by claiming to be unsupported:
     60
     61        configure --cpu=unknown --enable-tcg-interpreter
     62
     63configure then no longer uses the native linker script (*.ld) for
     64user mode emulation.
     65
     66
     674) Status
     68
     69TCI needs special implementation for 32 and 64 bit host, 32 and 64 bit target,
     70host and target with same or different endianness.
     71
     72            | host (le)                     host (be)
     73            | 32             64             32             64
     74------------+------------------------------------------------------------
     75target (le) | s0, u0         s1, u1         s?, u?         s?, u?
     7632 bit      |
     77            |
     78target (le) | sc, uc         s1, u1         s?, u?         s?, u?
     7964 bit      |
     80            |
     81target (be) | sc, u0         sc, uc         s?, u?         s?, u?
     8232 bit      |
     83            |
     84target (be) | sc, uc         sc, uc         s?, u?         s?, u?
     8564 bit      |
     86            |
     87
     88System emulation
     89s? = untested
     90sc = compiles
     91s0 = bios works
     92s1 = grub works
     93s2 = Linux boots
     94
     95Linux user mode emulation
     96u? = untested
     97uc = compiles
     98u0 = static hello works
     99u1 = linux-user-test works
    100
    1015) Todo list
    102
    103* TCI is not widely tested. It was written and tested on a x86_64 host
    104  running i386 and x86_64 system emulation and Linux user mode.
    105  A cross compiled QEMU for i386 host also works with the same basic tests.
    106  A cross compiled QEMU for mipsel host works, too. It is terribly slow
    107  because I run it in a mips malta emulation, so it is an interpreted
    108  emulation in an emulation.
    109  A cross compiled QEMU for arm host works (tested with pc bios).
    110  A cross compiled QEMU for ppc host works at least partially:
    111  i386-linux-user/qemu-i386 can run a simple hello-world program
    112  (tested in a ppc emulation).
    113
    114* Some TCG opcodes are either missing in the code generator and/or
    115  in the interpreter. These opcodes raise a runtime exception, so it is
    116  possible to see where code must be added.
    117
    118* It might be useful to have a runtime option which selects the native TCG
    119  or TCI, so QEMU would have to include two TCGs. Today, selecting TCI
    120  is a configure option, so you need two compilations of QEMU.