Our paper "Cross-ISA Machine Instrumentation Using Fast and Scalable Dynamic Binary Translation" has been accepted for publication at the upcoming VEE'19 conference to be held in Providence, RI. The paper presents Qelt, a cross-ISA emulator and instrumentation tool based on QEMU.
Qelt implements three contributions:
- Fast cross-ISA floating point (FP) emulation by leveraging the host FP unit for most FP operations.
- A parallel, memory-efficient dynamic binary translation (DBT) engine that scales for multi-core guests that generate translated code in parallel.
- An ISA-agnostic instrumentation layer that converts a cross-ISA DBT engine into a low-overhead cross-ISA instrumentation tool.
In addition, Qelt incorporates other state-of-the-art DBT techniques (e.g. indirect branch handling improvements, and dynamic TLB sizing in full-system mode) that further speed up emulation.
Our results show that Qelt scales to 32 cores when emulating a guest machine used for parallel compilation, which demonstrates scalable code translation. Furthermore, experiments based on SPEC06 show that Qelt (1) outperforms QEMU as a full-system cross-ISA machine emulator by 1.76x/2.18x for integer/FP workloads, (2) outperforms state-of-the-art, cross-ISA, full-system instrumentation tools by 1.5x-3x, and (3) can match the performance of Pin, a state-of-the-art, same-ISA instrumentation tool, when used for complex instrumentation such as cache simulation.
All of the features implemented in Qelt, except the instrumentation layer, have already been merged into upstream QEMU: indirect branch improvements are in QEMU v2.10, parallel translation is in v3.0, and our FP work as well as dynamic TLB sizing will be in v4.0, scheduled for release in April 2019. The code used in our evaluation can be found in this branch.
We sincerely thank Richard Henderson, Alex Bennée and the rest of the QEMU community for their dependable guidance and extensive improvements to our work.