Skip to content

This is the qemu-0.13.0 source code implemented indirect branch handling optimization methods to improve branch performance

License

Unknown and 2 other licenses found

Licenses found

Unknown
LICENSE
GPL-2.0
COPYING
LGPL-2.1
COPYING.LIB
Notifications You must be signed in to change notification settings

a110605/optimized_qemu

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

QEMU

In this project, we have implemented two indirect branch handling mechanisms: a shadow stack and an indirect branch target cache(IBTC) in QEMU full-system emulator to improve indirect branch performance.

Indirect Branch Target Cache

Indirect branch target cache works similar to hardware cache, but it stores the address of the related code fragment stored in the code cache.

Each time a cache lookup succeeds, the indirect branch can directly branch to the target address but not the emulation engine.

The following picture shows how IBTC works.

Shadow Stack

A shadow stack is used to accelerate searching branch targets when current instruction is a return instruction.

The address of the translation block corresponding to next instruction of the function call is pushed on the shadow stack while the function call is executed.

When the callee returns, the top of the shadow stack is popped, and the popped address is the translation block of the return address.

The following picture shows how shadow stack works.

Performance Experiments

Quick Start

# git clone https://github.com/a110605/qemu.git
# cd qemu
# ./configure --target-list=i386-linux-user
The qemu executable is located at i386-linux-user/qemu-i386 after make
# make

Resources

The optimization functions are inplemented in [qemu_dir]/optimization.c.

For more details information, please refer the following documents

About

This is the qemu-0.13.0 source code implemented indirect branch handling optimization methods to improve branch performance

Resources

License

Unknown and 2 other licenses found

Licenses found

Unknown
LICENSE
GPL-2.0
COPYING
LGPL-2.1
COPYING.LIB

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published