emulation
play

Emulation Michael Jantz Acknowledgements Slides adapted from - PowerPoint PPT Presentation

Jan 26, 2023 •288 likes •857 views

Emulation Michael Jantz Acknowledgements Slides adapted from Chapter 2 in Virtual Machines: Versatile Platforms for Systems and Processes by James E. Smith and Ravi Nair Credit to Prasad A. Kulkarni some slides were borrowed from his

  1. Emulation Michael Jantz

  2. Acknowledgements • Slides adapted from Chapter 2 in Virtual Machines: Versatile Platforms for Systems and Processes by James E. Smith and Ravi Nair • Credit to Prasad A. Kulkarni – some slides were borrowed from his course on Virtual Machines at the University of Kansas 2

  3. Outline • Emulation • Interpretation • Basic, indirect threaded, and direct threaded • Binary translation • Code discovery, code location • Other issues • Control transfer optimizations • Instruction set issues 3

  4. Emulation vs. Simulation • Emulation: process of implementing the interface / functionality of a (sub)system on a different system • Applies specifically to an instruction set • Different emulation techniques • Interpretation (instruction-at-a-time) • Binary translation (block-at-a-time) • Simulation • Method for modeling a system’s operation • Goal is to study process – not to imitate function 4

  5. Definitions • Guest Guest • Environment supported by underlying platform supported • Host by • Underlying platform used Host to provide an environment for the guest 5

  6. Definitions • Source ISA or binary Source • Original instruction set or binary • The ISA to be emulated emulated • Target ISA or binary by • ISA of the host processor Target • Underlying ISA • Source / target refer to ISAs • Guest / host refer to platforms 6

  7. Instruction Set Emulation • Binaries in source instruction set can be executed on machine implementing target instruction set • Required for many VM implementations • Example: IA-32 EL 7

  8. Interpretation vs. Translation • Interpretation • Simple, easy to implement • Low performance • Binary translation • Complex implementation • Higher initial cost, better performance • Techniques in between these extremes • Predecoding • Selective compilation 8

  9. Interpreter State Program Counter • Must maintain Condition Codes Code state of machine Reg 0 Reg 1 implementing the . . . source ISA Data Reg n-1 • Registers • Memory • Code • Data Stack • Stack Interpreter Code 9

  10. Decode-And-Dispatch Interpreter • Decode-and-dispatch loop • One instruction at a time • Decode the current instruction • Dispatch to corresponding interpreter routine while (!halt && !interrupt) { inst = code[PC]; opcode = extract (inst,31,6); switch(opcode) { case LoadWordAndZero: LoadWordAndZero (inst); case ALU: ALU (inst); case Branch: Branch (inst); . . .} } 10

  11. Decode-And-Dispatch Interpreter LoadWordAndZero(inst){ RT = extract (inst,25,5); RA = extract (inst,20,5); displacement = extract (inst,15,16); if (RA == 0) source = 0; else source = regs[RA]; address = source + displacement; regs[RT] = (data[address]<< 32)>> 32; PC = PC + 4; } 11

  12. Decode-And-Dispatch Interpreter ALU(inst){ RT = extract (inst,25,5); RA = extract (inst,20,5); RB = extract (inst, 15,5); source1 = regs[RA]; source2 = regs[RB]; extended_opcode = extract (inst,10,10); switch(extended_opcode) { case Add: Add (inst); case AddCarrying: AddCarrying (inst); case AddExtended: AddExtended (inst); . . .} PC = PC + 4; } 12

  13. Decode-And-Dispatch Efficiency • Decode-and-dispatch loop • Several branch instructions • Indirect branch on switch statement • Interpreting an add instruction • Requires approximately 20 target instructions • Several expensive loads/stores to memory • Hand-coded assembly can improve performance • Example: HotSpot JVM 13

  14. Indirect Threaded Interpretation • High number of branches in decode-and- dispatch loop reduces performance • At least 5 branches per instruction • Threaded interpretation • Append dispatch code with each interpretation routine • Removes 3 branches • Threads interpretation routines together 14

  15. Indirect Threaded Interpretation LoadWordAndZero: RT = extract (inst,25,5); RA = extract (inst,20,5); displacement = extract (inst,15,16); if (RA == 0) source = 0; else source = regs(RA); address = source + displacement; regs(RT) = (data(address)<< 32) >> 32; PC = PC +4; If (halt || interrupt) goto exit; inst = code[PC]; opcode = extract (inst,31,6) extended_opcode = extract (inst,10,10); routine = dispatch[opcode,extended_opcode]; goto *routine; 15

  16. Indirect Threaded Interpretation Add: RT = extract (inst,25,5); RA = extract (inst,20,5); RB = extract (inst,15,5); source1 = regs(RA); source2 = regs[RB]; sum = source1 + source2 ; regs[RT] = sum; PC = PC + 4; If (halt || interrupt) goto exit; inst = code[PC]; opcode = extract (inst,31,6); extended_opcode = extract (inst,10,10); routine = dispatch[opcode,extended_opcode]; goto *routine; 16

  17. Indirect Threaded Interpretation • Dispatch occurs indirectly through a table • Interpretation routines can be modified and relocated independently • Advantages • Interpretation routines still portable • Improves efficiency over decode-and-dispatch • Disadvantages • Increases interpreter code size 17

  18. Indirect Threaded Interpretation interpreter interpreter source code routines source code routines "data" accesses dispatch loop Decode-dispatch Threaded 18

  19. Predecoding • Parse each instruction into a pre-defined data structure to facilitate interpretation • Separate opcodes, operands, etc. • Reduces shifts / masks for decoding • More useful when source ISA is CISC lwz r1, 8(r2) add r3, r3,r1 stw r3, 0(r4) 19

  20. Predecoding struct instruction { unsigned long op; unsigned char dest, src1, src2; } code [CODE_SIZE]; LoadWordandZero: RT = code[TPC].dest; RA = code[TPC].src1; displacement = code[TPC].src2; if (RA == 0) source = 0; else source = regs[RA]; address = source + displacement; regs[RT] = (data[address]<< 32) >> 32; SPC = SPC + 4; TPC = TPC + 1; If (halt || interrupt) goto exit; opcode = code[TPC].op routine = dispatch[opcode]; goto *routine; 20

  21. Direct Threaded Interpretation • Replace table lookup with direct access to address of interpreter routine • Requires predecoding • Reduces portability 21

  22. Direct Threaded Interpretation LoadWordandZero: RT = code[TPC].dest; RA = code[TPC].src1; displacement = code[TPC].src2; if (RA == 0) source = 0; else source = regs[RA]; address = source + displacement; regs[RT] = (data[address]<< 32) >> 32; SPC = SPC + 4; TPC = TPC + 1; If (halt || interrupt) goto exit; routine = code[TPC].op; goto *routine; 22

  23. Direct Threaded Interpretation intermediate interpreter code routines source code pre- decoder 23

  24. Binary Translation • Convert source binary to target binary before execution • Logical conclusion of predecoding • Removes parsing and jumps altogether • Allows optimizations on native code • Achieves better performance than interpretation • Generated code no longer portable 24

  25. Binary Translation binary translated target code source code binary translator 25

  26. Binary Translation x86 Source Binary addl %edx,4(%eax) movl 4(%eax),%edx add %eax,4 Translate to PowerPC Target r1 points to x86 register context block r2 points to x86 memory image r3 contains x86 ISA PC value 26

  27. Binary Translation lwz r4,0(r1) ;load %eax from register block addi r5,r4,4 ;add 4 to %eax lwzx r5,r2,r5 ;load operand from memory lwz r4,12(r1) ;load %edx from register block add r5,r4,r5 ;perform add stw r5,12(r1) ;put result into %edx addi r3,r3,3 ;update PC (3 bytes) lwz r4,0(r1) ;load %eax from register block addi r5,r4,4 ;add 4 to %eax lwz r4,12(r1) ;load %edx from register block stwx r4,r2,r5 ;store %edx value into memory addi r3,r3,3 ;update PC (3 bytes) lwz r4,0(r1) ;load %eax from register block addi r4,r4,4 ;add immediate stw r4,0(r1) ;place result back into %eax addi r3,r3,3 ;update PC (3 bytes) 27

  28. Register Mapping • Map source registers to target registers • Reduces memory loads / stores • If target registers < source registers • Map some to memory • Map on per-block basis 28

  29. Register Mapping r1 points to x86 register context block r2 points to x86 memory image r3 contains x86 ISA PC value r4 holds x86 register %eax r7 holds x86 register %edx etc. addi r16,r4,4 ;add 4 to %eax lwzx r17,r2,r16 ;load operand from memory add r7,r17,r7 ;perform add of %edx addi r16,r4,4 ;add 4 to %eax stwx r7,r2,r16 ;store %edx value into memory addi r4,r4,4 ;increment %eax addi r3,r3,9 ;update PC (9 bytes) 29

  30. Code Discovery Problem • May be difficult to statically predecode or translate the entire source program • Code Discovery Problem: how to find the beginning of all source instructions? • Consider the x86 code: mov %ch,0 ?? 31 c0 8b b5 00 00 03 08 8b bd 00 00 03 00 movl %esi, 0x08030000(%ebp) ?? 30

  31. Code Discovery Problem • Contributors to the code discovery problem • Variable length CISC instructions • Indirect jumps • Data interspersed with code • Padding instructions to align branch targets source ISA instructions inst. 1 inst. 2 data in instruction jump inst. 3 stream reg. data inst. 5 inst. 6 uncond. brnch pad pad for instruction alignment inst. 8 jump indirect to??? 31

Recommend

MAPS UMTS for IuCS, IuH Interfaces Emulator (IuCS Emulation over IP and ATM; and IuH Emulation

MAPS UMTS for IuCS, IuH Interfaces Emulator (IuCS Emulation over IP and ATM; and IuH Emulation

MAPS UMTS for IuCS, IuH Interfaces Emulator (IuCS Emulation over IP and ATM; and IuH Emulation over IP) 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com Website:

621 views • 44 slides
Emulation in ns Presented by Alefiya Hussain What is Emulation Ability to introduce the

Emulation in ns Presented by Alefiya Hussain What is Emulation Ability to introduce the

Emulation in ns Presented by Alefiya Hussain What is Emulation Ability to introduce the simulator into a live network Application: Allows testing real-world implementations Allows testing simulated protocols Requirements

374 views • 13 slides
Emulation Outline Emulation Interpretation basic, threaded, directed threaded

Emulation Outline Emulation Interpretation basic, threaded, directed threaded

Emulation Outline Emulation Interpretation basic, threaded, directed threaded other issues Binary translation code discovery, code location other issues Control Transfer Optimizations 1 EECS 768 Virtual Machines

660 views • 63 slides
1 2 For todays lecture, well start by defining what we mean by emulation. Specifically, in

1 2 For todays lecture, well start by defining what we mean by emulation. Specifically, in

For our next chapter, we will discuss the emulation process which is an integral part of virtual machines. 1 2 For todays lecture, well start by defining what we mean by emulation. Specifically, in this section, well focus on how

995 views • 82 slides
EMULATION OF THE SLOW CONTROL FOR THE PANDA CLUSTER - JET GENERATOR PRESENTED BY Bogusaw

EMULATION OF THE SLOW CONTROL FOR THE PANDA CLUSTER - JET GENERATOR PRESENTED BY Bogusaw

EMULATION OF THE SLOW CONTROL FOR THE PANDA CLUSTER - JET GENERATOR PRESENTED BY Bogusaw Zwigliski National Centre for Nuclear Research Warsaw - Poland W hy emulation seems to be a necessary step in the project - Safety

192 views • 7 slides
Game boy emulation Nicolas Montanaro nicolas.moe Emulation Overview hardware or software

Game boy emulation Nicolas Montanaro nicolas.moe Emulation Overview hardware or software

Game boy emulation Nicolas Montanaro nicolas.moe Emulation Overview hardware or software that enables one computer system (called the host) to behave like another computer system (called the guest) game boy Architecture Split up

562 views • 26 slides
Linux emulation Ron Minnich Fifth IWP9 With thanks to Jim McKie Ron Minnich Linux emulation A

Linux emulation Ron Minnich Fifth IWP9 With thanks to Jim McKie Ron Minnich Linux emulation A

A quick overview of the Top 10 landscape Our part in the landscape The kernel part was the easy part How we can run CNK binaries Lets go look at code Lets go look at machcnk Conclusions Linux emulation Ron Minnich Fifth IWP9 With

377 views • 18 slides
5G Core Network Emulation N1, N2, N3, N4, N6, N8, N9, N10, N11, N12, N13, N14, N22 818 West

5G Core Network Emulation N1, N2, N3, N4, N6, N8, N9, N10, N11, N12, N13, N14, N22 818 West

5G Core Network Emulation N1, N2, N3, N4, N6, N8, N9, N10, N11, N12, N13, N14, N22 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com 1 1 Website: http://www.gl.com 5G

550 views • 41 slides
&quot;ENLIGHTENING&quot; KVM &quot;ENLIGHTENING&quot; KVM HYPER-V EMULATION HYPER-V EMULATION

&quot;ENLIGHTENING&quot; KVM &quot;ENLIGHTENING&quot; KVM HYPER-V EMULATION HYPER-V EMULATION

&quot;ENLIGHTENING&quot; KVM &quot;ENLIGHTENING&quot; KVM HYPER-V EMULATION HYPER-V EMULATION VITALY KUZNETSOV VITALY KUZNETSOV &lt;vkuznets@redhat.com&gt; FOSDEM 2019 Windows VM Linux VM Linux VM DOES GUEST OS MAKE DOES GUEST OS MAKE A

647 views • 39 slides
Chip-8 Emulation on a SoCKit FPGA Team: Ashley Kling, Levi Oliver, Gabrielle Taylor, David

Chip-8 Emulation on a SoCKit FPGA Team: Ashley Kling, Levi Oliver, Gabrielle Taylor, David

Chip-8 Emulation on a SoCKit FPGA Team: Ashley Kling, Levi Oliver, Gabrielle Taylor, David Watkins Supervisor: Prof. Stephen Edwards 1 Chip-8 Emulation Overview Not your garden variety interpreted programming language Opcodes and

244 views • 21 slides
Cross-ISA Machine Emulation for Multicores Emilio G. Cota Columbia University Paolo Bonzini

Cross-ISA Machine Emulation for Multicores Emilio G. Cota Columbia University Paolo Bonzini

Cross-ISA Machine Emulation for Multicores Emilio G. Cota Columbia University Paolo Bonzini Red Hat, Inc. Alex Benne Linaro, Ltd. Luca P. Carloni Columbia University CGO 2017 Austin, TX 1 Demand for Scalable Cross-ISA Emulation

533 views • 38 slides
Shuntaint: Emulation-based Security Testing for Formal Verification Bruno Luiz

Shuntaint: Emulation-based Security Testing for Formal Verification Bruno Luiz

Shuntaint: Emulation-based Security Testing for Formal Verification Bruno Luiz ramosblc@gmail.com Black Hat Europe 2009 Overview Give a brief overview of the emulation- based security testing Introduction to VEX Formalism

376 views • 26 slides
MAPS DIAMETER EMULATOR S6, S13, S13, Cx/Dx, Gx, Rx, Gy, SLg, Sh and SLh Interfaces Emulation

MAPS DIAMETER EMULATOR S6, S13, S13, Cx/Dx, Gx, Rx, Gy, SLg, Sh and SLh Interfaces Emulation

MAPS DIAMETER EMULATOR S6, S13, S13, Cx/Dx, Gx, Rx, Gy, SLg, Sh and SLh Interfaces Emulation 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com Website:

622 views • 29 slides
ACM Evaluation Using SDR Channel Emulation 2014/2015 SCS

ACM Evaluation Using SDR Channel Emulation 2014/2015 SCS

ACM Evaluation Using SDR Channel Emulation 2014/2015 SCS Program Basic Techniques Project Team: Juan Pablo Cuadro , Adrien Gay Supervisor: Laurent

476 views • 23 slides
Vehicular network emulation Scientific issues Contribution Team Airplug A. Buisset, B.

Vehicular network emulation Scientific issues Contribution Team Airplug A. Buisset, B.

1 Vehicular network emulation B. Ducourthial Context ITS Vehicular network emulation Scientific issues Contribution Team Airplug A. Buisset, B. Ducourthial, F. El Ali, S. Khalfallah Protocols design Software suit Bertrand.Ducourthial

750 views • 34 slides
Design for screening, emulation and calibration

Design for screening, emulation and calibration

Design for screening, emulation and calibration http://personalpages.manchester.ac.uk/staff/alexis.boukouvalas/ Joint work with Dan Cornford, Milan Stehl k, J.P. Gosling and H. Maruri-Aguilar beamer-aston-logo Design for screening,

401 views • 39 slides
vIOMMU/ARM: full emulation and virtio-iommu approaches Eric Auger KVM Forum 2017 Overview

vIOMMU/ARM: full emulation and virtio-iommu approaches Eric Auger KVM Forum 2017 Overview

vIOMMU/ARM: full emulation and virtio-iommu approaches Eric Auger KVM Forum 2017 Overview Goals &amp; T erminology ARM IOMMU Emulation QEMU Device VHOST Integration VFIO Integration Challenges VIRTIO-IOMMU

393 views • 25 slides
MAPS GSM A Interface Emulator GSM A Interface Emulation Over IP and TDM 818 West Diamond

MAPS GSM A Interface Emulator GSM A Interface Emulation Over IP and TDM 818 West Diamond

MAPS GSM A Interface Emulator GSM A Interface Emulation Over IP and TDM 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com Website: http://www.gl.com 1 GSM A

583 views • 34 slides
TOS Arno Puder 1 Emulation TOS runs on regular PCs To try a new version of TOS:

TOS Arno Puder 1 Emulation TOS runs on regular PCs To try a new version of TOS:

TOS Arno Puder 1 Emulation TOS runs on regular PCs To try a new version of TOS: Compile a new kernel Write the kernel to a floppy Reboot the PC A couple of problems: Time consuming! We dont all have spare PCs

427 views • 32 slides
Evaluation of TCP BBR v2 Congestion Control Using Network Emulation Intermediate talk for the

Evaluation of TCP BBR v2 Congestion Control Using Network Emulation Intermediate talk for the

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluation of TCP BBR v2 Congestion Control Using Network Emulation Intermediate talk for the Masters Thesis by Juliane Aulbach advised by

591 views • 18 slides
Multivariate Emulation: Is it Worth the Trouble? Tom Fricker and Jeremy Oakley University of

Multivariate Emulation: Is it Worth the Trouble? Tom Fricker and Jeremy Oakley University of

Multivariate Emulation: Is it Worth the Trouble? Tom Fricker and Jeremy Oakley University of Sheffield Statistics and Machine Learning Interface Meeting 24th July 2009 Emulators for computer models We want to emulate a p -input, k -output

568 views • 22 slides
FRAMEWORK FOR BOTNET EMULATION AND ANALYSIS A Thesis Presented to The Academic Faculty by

FRAMEWORK FOR BOTNET EMULATION AND ANALYSIS A Thesis Presented to The Academic Faculty by

FRAMEWORK FOR BOTNET EMULATION AND ANALYSIS A Thesis Presented to The Academic Faculty by Christopher Patrick Lee In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the School of Electrical and Computer

1.09k views • 106 slides
MAPS GSM Abis Interface Emulator Scripted GSM Abis Interface Emulation Over IP and TDM 818

MAPS GSM Abis Interface Emulator Scripted GSM Abis Interface Emulation Over IP and TDM 818

MAPS GSM Abis Interface Emulator Scripted GSM Abis Interface Emulation Over IP and TDM 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com Website: http://www.gl.com 1

758 views • 28 slides
Protocol Analysis and Emulation over T3/E3 818 West Diamond Avenue - Third Floor, Gaithersburg,

Protocol Analysis and Emulation over T3/E3 818 West Diamond Avenue - Third Floor, Gaithersburg,

Protocol Analysis and Emulation over T3/E3 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com 1 1 Website: http://www.gl.com Optional Applications for T3 E3 BERT

1.24k views • 104 slides

More recommend