c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncTiny Code Generator - Fabrice Bellard.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

5b281ba489ca18f0380d7efc7a5108b606cce449vboxsync1) Introduction

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncTCG (Tiny Code Generator) began as a generic backend for a C

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsynccompiler. It was simplified to be used in QEMU. It also has its roots

cae3b8810c39392e70dfb12b951431018a80fcbavboxsyncin the QOP code generator written by Paul Brook.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync2) Definitions

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncThe TCG "target" is the architecture for which we generate the

a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsynccode. It is of course not the same as the "target" of QEMU which is

a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsyncthe emulated architecture. As TCG started as a generic C backend used

a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsyncfor cross compiling, it is assumed that the TCG target is different

a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsyncfrom the host, although it is never the case for QEMU.

a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync

a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsyncA TCG "function" corresponds to a QEMU Translated Block (TB).

a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync

a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsyncA TCG "temporary" is a variable only live in a basic

a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsyncblock. Temporaries are allocated explicitly in each function.

a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync

a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsyncA TCG "local temporary" is a variable only live in a function. Local

a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsynctemporaries are allocated explicitly in each function.

a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncA TCG "global" is a variable which is live in all the functions

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync(equivalent of a C global variable). They are defined before the

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncfunctions defined. A TCG global can be a memory location (e.g. a QEMU

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncCPU register), a fixed host register (e.g. the QEMU CPU state pointer)

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncor a memory location which is stored in a register outside QEMU TBs

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync(not implemented yet).

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncA TCG "basic block" corresponds to a list of instructions terminated

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncby a branch instruction.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync3) Intermediate representation

611992ec6994e6050e4970a973d2f549f823a3eavboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync3.1) Introduction

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncTCG instructions operate on variables which are temporaries, local

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsynctemporaries or globals. TCG instructions and variables are strongly

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsynctyped. Two types are supported: 32 bit integers and 64 bit

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncintegers. Pointers are defined as an alias to 32 bit or 64 bit

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncintegers depending on the TCG target word size.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncEach instruction has a fixed number of output variable operands, input

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncvariable operands and always constant operands.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncThe notable exception is the call instruction which has a variable

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncnumber of outputs and inputs.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncIn the textual form, output operands usually come first, followed by

cae3b8810c39392e70dfb12b951431018a80fcbavboxsyncinput operands, followed by constant operands. The output type is

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncincluded in the instruction name. Constants are prefixed with a '$'.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncadd_i32 t0, t1, t2 (t0 <- t1 + t2)

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync3.2) Assumptions

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync* Basic blocks

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync- Basic blocks end after branches (e.g. brcond_i32 instruction),

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync goto_tb and exit_tb instructions.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync- Basic blocks start after the end of a previous basic block, or at a

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync set_label instruction.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncAfter the end of a basic block, the content of temporaries is

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncdestroyed, but local temporaries and globals are preserved.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync* Floating point types are not supported yet

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync* Pointers: depending on the TCG target, pointer size is 32 bit or 64

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync bit. The type TCG_TYPE_PTR is an alias to TCG_TYPE_I32 or

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync TCG_TYPE_I64.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync* Helpers:

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncUsing the tcg_gen_helper_x_y it is possible to call any function

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsynctaking i32, i64 or pointer types. By default, before calling an helper,

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncall globals are stored at their canonical location and it is assumed

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncthat the function can modify them. This can be overriden by the

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncTCG_CALL_CONST function modifier. By default, the helper is allowed to

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncmodify the CPU state or raise an exception. This can be overriden by

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncthe TCG_CALL_PURE function modifier, in which case the call to the

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncfunction is removed if the return value is not used.

cae3b8810c39392e70dfb12b951431018a80fcbavboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncOn some TCG targets (e.g. x86), several calling conventions are

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncsupported.

611992ec6994e6050e4970a973d2f549f823a3eavboxsync

611992ec6994e6050e4970a973d2f549f823a3eavboxsync* Branches:

611992ec6994e6050e4970a973d2f549f823a3eavboxsync

611992ec6994e6050e4970a973d2f549f823a3eavboxsyncUse the instruction 'br' to jump to a label. Use 'jmp' to jump to an

611992ec6994e6050e4970a973d2f549f823a3eavboxsyncexplicit address. Conditional branches can only jump to labels.

611992ec6994e6050e4970a973d2f549f823a3eavboxsync

611992ec6994e6050e4970a973d2f549f823a3eavboxsync3.3) Code Optimizations

611992ec6994e6050e4970a973d2f549f823a3eavboxsync

611992ec6994e6050e4970a973d2f549f823a3eavboxsyncWhen generating instructions, you can count on at least the following

611992ec6994e6050e4970a973d2f549f823a3eavboxsyncoptimizations:

611992ec6994e6050e4970a973d2f549f823a3eavboxsync

611992ec6994e6050e4970a973d2f549f823a3eavboxsync- Single instructions are simplified, e.g.

611992ec6994e6050e4970a973d2f549f823a3eavboxsync

611992ec6994e6050e4970a973d2f549f823a3eavboxsync and_i32 t0, t0, $0xffffffff

611992ec6994e6050e4970a973d2f549f823a3eavboxsync

611992ec6994e6050e4970a973d2f549f823a3eavboxsync is suppressed.

cae3b8810c39392e70dfb12b951431018a80fcbavboxsync

611992ec6994e6050e4970a973d2f549f823a3eavboxsync- A liveness analysis is done at the basic block level. The

611992ec6994e6050e4970a973d2f549f823a3eavboxsync information is used to suppress moves from a dead variable to

611992ec6994e6050e4970a973d2f549f823a3eavboxsync another one. It is also used to remove instructions which compute

611992ec6994e6050e4970a973d2f549f823a3eavboxsync dead results. The later is especially useful for condition code

611992ec6994e6050e4970a973d2f549f823a3eavboxsync optimization in QEMU.

611992ec6994e6050e4970a973d2f549f823a3eavboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync In the following example:

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync add_i32 t0, t1, t2

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync add_i32 t0, t0, $1

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync mov_i32 t0, $1

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync only the last instruction is kept.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

cae3b8810c39392e70dfb12b951431018a80fcbavboxsync3.4) Instruction Reference

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync********* Function call

cae3b8810c39392e70dfb12b951431018a80fcbavboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync* call <ret> <params> ptr

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsynccall function 'ptr' (pointer type)

cae3b8810c39392e70dfb12b951431018a80fcbavboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync<ret> optional 32 bit or 64 bit return value

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync<params> optional 32 bit or 64 bit parameters

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync********* Jumps/Labels

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync* jmp t0

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncAbsolute jump to address t0 (pointer type).

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync* set_label $label

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncDefine label 'label' at the current program point.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync* br $label

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncJump to label.

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync* brcond_i32/i64 cond, t0, t1, label

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsyncConditional jump if t0 cond t1 is true. cond can be:

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync TCG_COND_EQ

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync TCG_COND_NE

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync TCG_COND_LT /* signed */

cae3b8810c39392e70dfb12b951431018a80fcbavboxsync TCG_COND_GE /* signed */

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync TCG_COND_LE /* signed */

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync TCG_COND_GT /* signed */

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync TCG_COND_LTU /* unsigned */

611992ec6994e6050e4970a973d2f549f823a3eavboxsync TCG_COND_GEU /* unsigned */

611992ec6994e6050e4970a973d2f549f823a3eavboxsync TCG_COND_LEU /* unsigned */

611992ec6994e6050e4970a973d2f549f823a3eavboxsync TCG_COND_GTU /* unsigned */

cae3b8810c39392e70dfb12b951431018a80fcbavboxsync

611992ec6994e6050e4970a973d2f549f823a3eavboxsync********* Arithmetic

611992ec6994e6050e4970a973d2f549f823a3eavboxsync

611992ec6994e6050e4970a973d2f549f823a3eavboxsync* add_i32/i64 t0, t1, t2

611992ec6994e6050e4970a973d2f549f823a3eavboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsynct0=t1+t2

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync* sub_i32/i64 t0, t1, t2

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsynct0=t1-t2

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync

c7945191b700920f0ab9b951ce92cc69cb48ffb4vboxsync* neg_i32/i64 t0, t1

t0=-t1 (two's complement)

* mul_i32/i64 t0, t1, t2

t0=t1*t2

* div_i32/i64 t0, t1, t2

t0=t1/t2 (signed). Undefined behavior if division by zero or overflow.

* divu_i32/i64 t0, t1, t2

t0=t1/t2 (unsigned). Undefined behavior if division by zero.

* rem_i32/i64 t0, t1, t2

t0=t1%t2 (signed). Undefined behavior if division by zero or overflow.

* remu_i32/i64 t0, t1, t2

t0=t1%t2 (unsigned). Undefined behavior if division by zero.

********* Logical

* and_i32/i64 t0, t1, t2

t0=t1&t2

* or_i32/i64 t0, t1, t2

t0=t1|t2

* xor_i32/i64 t0, t1, t2

t0=t1^t2

* not_i32/i64 t0, t1

t0=~t1

* andc_i32/i64 t0, t1, t2

t0=t1&~t2

* eqv_i32/i64 t0, t1, t2

t0=~(t1^t2), or equivalently, t0=t1^~t2

* nand_i32/i64 t0, t1, t2

t0=~(t1&t2)

* nor_i32/i64 t0, t1, t2

t0=~(t1|t2)

* orc_i32/i64 t0, t1, t2

t0=t1|~t2

********* Shifts/Rotates

* shl_i32/i64 t0, t1, t2

t0=t1 << t2. Undefined behavior if t2 < 0 or t2 >= 32 (resp 64)

* shr_i32/i64 t0, t1, t2

t0=t1 >> t2 (unsigned). Undefined behavior if t2 < 0 or t2 >= 32 (resp 64)

* sar_i32/i64 t0, t1, t2

t0=t1 >> t2 (signed). Undefined behavior if t2 < 0 or t2 >= 32 (resp 64)

* rotl_i32/i64 t0, t1, t2

Rotation of t2 bits to the left. Undefined behavior if t2 < 0 or t2 >= 32 (resp 64)

* rotr_i32/i64 t0, t1, t2

Rotation of t2 bits to the right. Undefined behavior if t2 < 0 or t2 >= 32 (resp 64)

********* Misc

* mov_i32/i64 t0, t1

t0 = t1

Move t1 to t0 (both operands must have the same type).

* ext8s_i32/i64 t0, t1

ext8u_i32/i64 t0, t1

ext16s_i32/i64 t0, t1

ext16u_i32/i64 t0, t1

ext32s_i64 t0, t1

ext32u_i64 t0, t1

8, 16 or 32 bit sign/zero extension (both operands must have the same type)

* bswap16_i32/i64 t0, t1

16 bit byte swap on a 32/64 bit value. It assumes that the two/six high order

bytes are set to zero.

* bswap32_i32/i64 t0, t1

32 bit byte swap on a 32/64 bit value. With a 64 bit value, it assumes that

the four high order bytes are set to zero.

* bswap64_i64 t0, t1

64 bit byte swap

* discard_i32/i64 t0

Indicate that the value of t0 won't be used later. It is useful to

force dead code elimination.

********* Conditional moves

* setcond_i32/i64 cond, dest, t1, t2

dest = (t1 cond t2)

Set DEST to 1 if (T1 cond T2) is true, otherwise set to 0.

********* Type conversions

* ext_i32_i64 t0, t1

Convert t1 (32 bit) to t0 (64 bit) and does sign extension

* extu_i32_i64 t0, t1

Convert t1 (32 bit) to t0 (64 bit) and does zero extension

* trunc_i64_i32 t0, t1

Truncate t1 (64 bit) to t0 (32 bit)

* concat_i32_i64 t0, t1, t2

Construct t0 (64-bit) taking the low half from t1 (32 bit) and the high half

from t2 (32 bit).

* concat32_i64 t0, t1, t2

Construct t0 (64-bit) taking the low half from t1 (64 bit) and the high half

from t2 (64 bit).

********* Load/Store

* ld_i32/i64 t0, t1, offset

ld8s_i32/i64 t0, t1, offset

ld8u_i32/i64 t0, t1, offset

ld16s_i32/i64 t0, t1, offset

ld16u_i32/i64 t0, t1, offset

ld32s_i64 t0, t1, offset

ld32u_i64 t0, t1, offset

t0 = read(t1 + offset)

Load 8, 16, 32 or 64 bits with or without sign extension from host memory.

offset must be a constant.

* st_i32/i64 t0, t1, offset

st8_i32/i64 t0, t1, offset

st16_i32/i64 t0, t1, offset

st32_i64 t0, t1, offset

write(t0, t1 + offset)

Write 8, 16, 32 or 64 bits to host memory.

********* 64-bit target on 32-bit host support

The following opcodes are internal to TCG. Thus they are to be implemented by

32-bit host code generators, but are not to be emitted by guest translators.

They are emitted as needed by inline functions within "tcg-op.h".

* brcond2_i32 cond, t0_low, t0_high, t1_low, t1_high, label

Similar to brcond, except that the 64-bit values T0 and T1

are formed from two 32-bit arguments.

* add2_i32 t0_low, t0_high, t1_low, t1_high, t2_low, t2_high

* sub2_i32 t0_low, t0_high, t1_low, t1_high, t2_low, t2_high

Similar to add/sub, except that the 64-bit inputs T1 and T2 are

formed from two 32-bit arguments, and the 64-bit output T0

is returned in two 32-bit outputs.

* mulu2_i32 t0_low, t0_high, t1, t2

Similar to mul, except two 32-bit (unsigned) inputs T1 and T2 yielding

the full 64-bit product T0. The later is returned in two 32-bit outputs.

* setcond2_i32 cond, dest, t1_low, t1_high, t2_low, t2_high

Similar to setcond, except that the 64-bit values T1 and T2 are

formed from two 32-bit arguments. The result is a 32-bit value.

********* QEMU specific operations

* tb_exit t0

Exit the current TB and return the value t0 (word type).

* goto_tb index

Exit the current TB and jump to the TB index 'index' (constant) if the

current TB was linked to this TB. Otherwise execute the next

instructions.

* qemu_ld8u t0, t1, flags

qemu_ld8s t0, t1, flags

qemu_ld16u t0, t1, flags

qemu_ld16s t0, t1, flags

qemu_ld32 t0, t1, flags

qemu_ld32u t0, t1, flags

qemu_ld32s t0, t1, flags

qemu_ld64 t0, t1, flags

Load data at the QEMU CPU address t1 into t0. t1 has the QEMU CPU address

type. 'flags' contains the QEMU memory index (selects user or kernel access)

for example.

Note that "qemu_ld32" implies a 32-bit result, while "qemu_ld32u" and

"qemu_ld32s" imply a 64-bit result appropriately extended from 32 bits.

* qemu_st8 t0, t1, flags

qemu_st16 t0, t1, flags

qemu_st32 t0, t1, flags

qemu_st64 t0, t1, flags

Store the data t0 at the QEMU CPU Address t1. t1 has the QEMU CPU

address type. 'flags' contains the QEMU memory index (selects user or

kernel access) for example.

Note 1: Some shortcuts are defined when the last operand is known to be

a constant (e.g. addi for add, movi for mov).

Note 2: When using TCG, the opcodes must never be generated directly

as some of them may not be available as "real" opcodes. Always use the

function tcg_gen_xxx(args).

4) Backend

tcg-target.h contains the target specific definitions. tcg-target.c

contains the target specific code.

4.1) Assumptions

The target word size (TCG_TARGET_REG_BITS) is expected to be 32 bit or

64 bit. It is expected that the pointer has the same size as the word.

On a 32 bit target, all 64 bit operations are converted to 32 bits. A

few specific operations must be implemented to allow it (see add2_i32,

sub2_i32, brcond2_i32).

Floating point operations are not supported in this version. A

previous incarnation of the code generator had full support of them,

but it is better to concentrate on integer operations first.

On a 64 bit target, no assumption is made in TCG about the storage of

the 32 bit values in 64 bit registers.

4.2) Constraints

GCC like constraints are used to define the constraints of every

instruction. Memory constraints are not supported in this

version. Aliases are specified in the input operands as for GCC.

The same register may be used for both an input and an output, even when

they are not explicitly aliased. If an op expands to multiple target

instructions then care must be taken to avoid clobbering input values.

GCC style "early clobber" outputs are not currently supported.

A target can define specific register or constant constraints. If an

operation uses a constant input constraint which does not allow all

constants, it must also accept registers in order to have a fallback.

The movi_i32 and movi_i64 operations must accept any constants.

The mov_i32 and mov_i64 operations must accept any registers of the

same type.

The ld/st instructions must accept signed 32 bit constant offsets. It

can be implemented by reserving a specific register to compute the

address if the offset is too big.

The ld/st instructions must accept any destination (ld) or source (st)

register.

4.3) Function call assumptions

- The only supported types for parameters and return value are: 32 and

64 bit integers and pointer.

- The stack grows downwards.

- The first N parameters are passed in registers.

- The next parameters are passed on the stack by storing them as words.

- Some registers are clobbered during the call.

- The function can return 0 or 1 value in registers. On a 32 bit

target, functions must be able to return 2 values in registers for

64 bit return type.

5) Recommended coding rules for best performance

- Use globals to represent the parts of the QEMU CPU state which are

often modified, e.g. the integer registers and the condition

codes. TCG will be able to use host registers to store them.

- Avoid globals stored in fixed registers. They must be used only to

store the pointer to the CPU state and possibly to store a pointer

to a register window.

- Use temporaries. Use local temporaries only when really needed,

e.g. when you need to use a value after a jump. Local temporaries

introduce a performance hit in the current TCG implementation: their

content is saved to memory at end of each basic block.

- Free temporaries and local temporaries when they are no longer used

(tcg_temp_free). Since tcg_const_x() also creates a temporary, you

should free it after it is used. Freeing temporaries does not yield

a better generated code, but it reduces the memory usage of TCG and

the speed of the translation.

- Don't hesitate to use helpers for complicated or seldom used target

intructions. There is little performance advantage in using TCG to

implement target instructions taking more than about twenty TCG

instructions.

- Use the 'discard' instruction if you know that TCG won't be able to

prove that a given global is "dead" at a given program point. The

x86 target uses it to improve the condition codes optimisation.