README revision cec22f4b94382f5ebee9d2f6b6df672689681e07
9b2bd54c98edb185a3985410367754ab33217362bnicholesTiny Code Generator - Fabrice Bellard.
9b2bd54c98edb185a3985410367754ab33217362bnicholes1) Introduction
9b2bd54c98edb185a3985410367754ab33217362bnicholesTCG (Tiny Code Generator) began as a generic backend for a C
9b2bd54c98edb185a3985410367754ab33217362bnicholescompiler. It was simplified to be used in QEMU. It also has its roots
9b2bd54c98edb185a3985410367754ab33217362bnicholesin the QOP code generator written by Paul Brook.
9b2bd54c98edb185a3985410367754ab33217362bnicholes2) Definitions
9b2bd54c98edb185a3985410367754ab33217362bnicholesThe TCG "target" is the architecture for which we generate the
9b2bd54c98edb185a3985410367754ab33217362bnicholescode. It is of course not the same as the "target" of QEMU which is
9b2bd54c98edb185a3985410367754ab33217362bnicholesthe emulated architecture. As TCG started as a generic C backend used
9b2bd54c98edb185a3985410367754ab33217362bnicholesfor cross compiling, it is assumed that the TCG target is different
9b2bd54c98edb185a3985410367754ab33217362bnicholesfrom the host, although it is never the case for QEMU.
9b2bd54c98edb185a3985410367754ab33217362bnicholesA TCG "function" corresponds to a QEMU Translated Block (TB).
9b2bd54c98edb185a3985410367754ab33217362bnicholesA TCG "temporary" is a variable only live in a basic
9b2bd54c98edb185a3985410367754ab33217362bnicholesblock. Temporaries are allocated explicitly in each function.
9b2bd54c98edb185a3985410367754ab33217362bnicholesA TCG "local temporary" is a variable only live in a function. Local
70953fb44a7140fe206c3a5f011e24209c8c5c6abnicholestemporaries are allocated explicitly in each function.
70953fb44a7140fe206c3a5f011e24209c8c5c6abnicholesA TCG "global" is a variable which is live in all the functions
9b2bd54c98edb185a3985410367754ab33217362bnicholes(equivalent of a C global variable). They are defined before the
9b2bd54c98edb185a3985410367754ab33217362bnicholesfunctions defined. A TCG global can be a memory location (e.g. a QEMU
9b2bd54c98edb185a3985410367754ab33217362bnicholesCPU register), a fixed host register (e.g. the QEMU CPU state pointer)
9b2bd54c98edb185a3985410367754ab33217362bnicholesor a memory location which is stored in a register outside QEMU TBs
9b2bd54c98edb185a3985410367754ab33217362bnicholes(not implemented yet).
9b2bd54c98edb185a3985410367754ab33217362bnicholesA TCG "basic block" corresponds to a list of instructions terminated
9b2bd54c98edb185a3985410367754ab33217362bnicholesby a branch instruction.
9b2bd54c98edb185a3985410367754ab33217362bnicholes3) Intermediate representation
9b2bd54c98edb185a3985410367754ab33217362bnicholes3.1) Introduction
9b2bd54c98edb185a3985410367754ab33217362bnicholesTCG instructions operate on variables which are temporaries, local
9b2bd54c98edb185a3985410367754ab33217362bnicholestemporaries or globals. TCG instructions and variables are strongly
9b2bd54c98edb185a3985410367754ab33217362bnicholestyped. Two types are supported: 32 bit integers and 64 bit
9b2bd54c98edb185a3985410367754ab33217362bnicholesintegers. Pointers are defined as an alias to 32 bit or 64 bit
9b2bd54c98edb185a3985410367754ab33217362bnicholesintegers depending on the TCG target word size.
9b2bd54c98edb185a3985410367754ab33217362bnicholesEach instruction has a fixed number of output variable operands, input
9b2bd54c98edb185a3985410367754ab33217362bnicholesvariable operands and always constant operands.
9b2bd54c98edb185a3985410367754ab33217362bnicholesThe notable exception is the call instruction which has a variable
9b2bd54c98edb185a3985410367754ab33217362bnicholesnumber of outputs and inputs.
9b2bd54c98edb185a3985410367754ab33217362bnicholesIn the textual form, output operands usually come first, followed by
9b2bd54c98edb185a3985410367754ab33217362bnicholesinput operands, followed by constant operands. The output type is
9b2bd54c98edb185a3985410367754ab33217362bnicholesincluded in the instruction name. Constants are prefixed with a '$'.
9b2bd54c98edb185a3985410367754ab33217362bnicholesadd_i32 t0, t1, t2 (t0 <- t1 + t2)
9b2bd54c98edb185a3985410367754ab33217362bnicholes3.2) Assumptions
9b2bd54c98edb185a3985410367754ab33217362bnicholes* Basic blocks
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg- Basic blocks end after branches (e.g. brcond_i32 instruction),
9b2bd54c98edb185a3985410367754ab33217362bnicholes goto_tb and exit_tb instructions.
9b2bd54c98edb185a3985410367754ab33217362bnicholes- Basic blocks start after the end of a previous basic block, or at a
9b2bd54c98edb185a3985410367754ab33217362bnicholes set_label instruction.
9b2bd54c98edb185a3985410367754ab33217362bnicholesAfter the end of a basic block, the content of temporaries is
9b2bd54c98edb185a3985410367754ab33217362bnicholesdestroyed, but local temporaries and globals are preserved.
9b2bd54c98edb185a3985410367754ab33217362bnicholes* Floating point types are not supported yet
9b2bd54c98edb185a3985410367754ab33217362bnicholes* Pointers: depending on the TCG target, pointer size is 32 bit or 64
9b2bd54c98edb185a3985410367754ab33217362bnicholes bit. The type TCG_TYPE_PTR is an alias to TCG_TYPE_I32 or
9b2bd54c98edb185a3985410367754ab33217362bnicholes TCG_TYPE_I64.
9b2bd54c98edb185a3985410367754ab33217362bnicholesUsing the tcg_gen_helper_x_y it is possible to call any function
9b2bd54c98edb185a3985410367754ab33217362bnicholestaking i32, i64 or pointer types. By default, before calling an helper,
9b2bd54c98edb185a3985410367754ab33217362bnicholesall globals are stored at their canonical location and it is assumed
9b2bd54c98edb185a3985410367754ab33217362bnicholesthat the function can modify them. This can be overriden by the
9b2bd54c98edb185a3985410367754ab33217362bnicholesTCG_CALL_CONST function modifier. By default, the helper is allowed to
9b2bd54c98edb185a3985410367754ab33217362bnicholesmodify the CPU state or raise an exception. This can be overriden by
9b2bd54c98edb185a3985410367754ab33217362bnicholesthe TCG_CALL_PURE function modifier, in which case the call to the
9b2bd54c98edb185a3985410367754ab33217362bnicholesfunction is removed if the return value is not used.
9b2bd54c98edb185a3985410367754ab33217362bnicholesOn some TCG targets (e.g. x86), several calling conventions are
9b2bd54c98edb185a3985410367754ab33217362bnicholesUse the instruction 'br' to jump to a label. Use 'jmp' to jump to an
9b2bd54c98edb185a3985410367754ab33217362bnicholesexplicit address. Conditional branches can only jump to labels.
9b2bd54c98edb185a3985410367754ab33217362bnicholes3.3) Code Optimizations
9b2bd54c98edb185a3985410367754ab33217362bnicholesWhen generating instructions, you can count on at least the following
ac7985784d08a3655291f24f711812b4d8b1cbcffuankgoptimizations:
9b2bd54c98edb185a3985410367754ab33217362bnicholes- Single instructions are simplified, e.g.
9b2bd54c98edb185a3985410367754ab33217362bnicholes and_i32 t0, t0, $0xffffffff
9b2bd54c98edb185a3985410367754ab33217362bnicholes is suppressed.
9b2bd54c98edb185a3985410367754ab33217362bnicholes- A liveness analysis is done at the basic block level. The
9b2bd54c98edb185a3985410367754ab33217362bnicholes information is used to suppress moves from a dead variable to
9b2bd54c98edb185a3985410367754ab33217362bnicholes another one. It is also used to remove instructions which compute
9b2bd54c98edb185a3985410367754ab33217362bnicholes dead results. The later is especially useful for condition code
9b2bd54c98edb185a3985410367754ab33217362bnicholes optimization in QEMU.
9b2bd54c98edb185a3985410367754ab33217362bnicholes In the following example:
9b2bd54c98edb185a3985410367754ab33217362bnicholes add_i32 t0, t1, t2
9b2bd54c98edb185a3985410367754ab33217362bnicholes add_i32 t0, t0, $1
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg mov_i32 t0, $1
9b2bd54c98edb185a3985410367754ab33217362bnicholes only the last instruction is kept.
9b2bd54c98edb185a3985410367754ab33217362bnicholes3.4) Instruction Reference
9b2bd54c98edb185a3985410367754ab33217362bnicholes********* Function call
9b2bd54c98edb185a3985410367754ab33217362bnicholes* call <ret> <params> ptr
9b2bd54c98edb185a3985410367754ab33217362bnicholescall function 'ptr' (pointer type)
9b2bd54c98edb185a3985410367754ab33217362bnicholes<ret> optional 32 bit or 64 bit return value
9b2bd54c98edb185a3985410367754ab33217362bnicholes<params> optional 32 bit or 64 bit parameters
9b2bd54c98edb185a3985410367754ab33217362bnicholesAbsolute jump to address t0 (pointer type).
9b2bd54c98edb185a3985410367754ab33217362bnicholes* set_label $label
9b2bd54c98edb185a3985410367754ab33217362bnicholesDefine label 'label' at the current program point.
9b2bd54c98edb185a3985410367754ab33217362bnicholesJump to label.
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg* brcond_i32/i64 cond, t0, t1, label
9b2bd54c98edb185a3985410367754ab33217362bnicholesConditional jump if t0 cond t1 is true. cond can be:
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg TCG_COND_NE
9b2bd54c98edb185a3985410367754ab33217362bnicholes TCG_COND_LT /* signed */
9b2bd54c98edb185a3985410367754ab33217362bnicholes TCG_COND_GE /* signed */
9b2bd54c98edb185a3985410367754ab33217362bnicholes TCG_COND_LE /* signed */
9b2bd54c98edb185a3985410367754ab33217362bnicholes TCG_COND_GT /* signed */
9b2bd54c98edb185a3985410367754ab33217362bnicholes TCG_COND_LTU /* unsigned */
9b2bd54c98edb185a3985410367754ab33217362bnicholes TCG_COND_GEU /* unsigned */
9b2bd54c98edb185a3985410367754ab33217362bnicholes TCG_COND_LEU /* unsigned */
9b2bd54c98edb185a3985410367754ab33217362bnicholes TCG_COND_GTU /* unsigned */
9b2bd54c98edb185a3985410367754ab33217362bnicholes********* Arithmetic
9b2bd54c98edb185a3985410367754ab33217362bnicholest0=-t1 (two's complement)
ac7985784d08a3655291f24f711812b4d8b1cbcffuankgt0=t1/t2 (signed). Undefined behavior if division by zero or overflow.
9b2bd54c98edb185a3985410367754ab33217362bnicholest0=t1/t2 (unsigned). Undefined behavior if division by zero.
9b2bd54c98edb185a3985410367754ab33217362bnicholest0=t1%t2 (signed). Undefined behavior if division by zero or overflow.
9b2bd54c98edb185a3985410367754ab33217362bnicholest0=t1%t2 (unsigned). Undefined behavior if division by zero.
9b2bd54c98edb185a3985410367754ab33217362bnicholes********* Logical
9b2bd54c98edb185a3985410367754ab33217362bnicholest0=~(t1^t2), or equivalently, t0=t1^~t2
9b2bd54c98edb185a3985410367754ab33217362bnicholest0=t1 << t2. Undefined behavior if t2 < 0 or t2 >= 32 (resp 64)
9b2bd54c98edb185a3985410367754ab33217362bnicholest0=t1 >> t2 (unsigned). Undefined behavior if t2 < 0 or t2 >= 32 (resp 64)
ac7985784d08a3655291f24f711812b4d8b1cbcffuankgt0=t1 >> t2 (signed). Undefined behavior if t2 < 0 or t2 >= 32 (resp 64)
9b2bd54c98edb185a3985410367754ab33217362bnicholesRotation of t2 bits to the left. Undefined behavior if t2 < 0 or t2 >= 32 (resp 64)
9b2bd54c98edb185a3985410367754ab33217362bnicholesRotation of t2 bits to the right. Undefined behavior if t2 < 0 or t2 >= 32 (resp 64)
9b2bd54c98edb185a3985410367754ab33217362bnicholes********* Misc
9b2bd54c98edb185a3985410367754ab33217362bnicholesMove t1 to t0 (both operands must have the same type).
9b2bd54c98edb185a3985410367754ab33217362bnicholesext32s_i64 t0, t1
9b2bd54c98edb185a3985410367754ab33217362bnicholesext32u_i64 t0, t1
9b2bd54c98edb185a3985410367754ab33217362bnicholes8, 16 or 32 bit sign/zero extension (both operands must have the same type)
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg16 bit byte swap on a 32/64 bit value. It assumes that the two/six high order
* bswap32_i32/i64 t0, t1
* discard_i32/i64 t0
* setcond_i32/i64 cond, dest, t1, t2
********* Load/Store
* ld_i32/i64 t0, t1, offset
ld8s_i32/i64 t0, t1, offset
ld8u_i32/i64 t0, t1, offset
ld16s_i32/i64 t0, t1, offset
ld16u_i32/i64 t0, t1, offset
* st_i32/i64 t0, t1, offset
st8_i32/i64 t0, t1, offset
st16_i32/i64 t0, t1, offset
They are emitted as needed by inline functions within "tcg-op.h".
Similar to add/sub, except that the 64-bit inputs T1 and T2 are
a constant (e.g. addi for add, movi for mov).
The ld/st instructions must accept signed 32 bit constant offsets. It
The ld/st instructions must accept any destination (ld) or source (st)
often modified, e.g. the integer registers and the condition
e.g. when you need to use a value after a jump. Local temporaries