In
computing, binary translation is a form of
binary recompilation where sequences of
instructions are translated from a ''source''
instruction set to the ''target'' instruction set. In some cases such as
instruction set simulation, the target instruction set may be the same as the source instruction set, providing testing and debugging features such as instruction trace, conditional breakpoints and
hot spot detection.
The two main types are static and dynamic binary translation. Translation can be done in hardware (for example, by circuits in a
CPU) or in software (e.g. run-time engines, static recompiler, emulators).
Motivation
Binary translation is motivated by a lack of a binary for a target platform, the lack of source code to compile for the target platform, or otherwise difficulty in compiling the source for the target platform.
Statically-recompiled binaries run potentially faster than their respective emulated binaries, as the emulation overhead is removed. This is similar to the difference in performance between interpreted and compiled programs in general.
Static binary translation
A translator using static binary translation aims to convert all of the code of an
executable file into code that runs on the target architecture without having to run the code first, as is done in dynamic binary translation. This is very difficult to do correctly, since not all the code can be discovered by the translator. For example, some parts of the executable may be reachable only through
indirect branches, whose value is known only at run-time.
One such static binary translator uses universal
superoptimizer peephole technology (developed by
Sorav Bansal, and Alex Aiken from
Stanford University) to perform efficient translation between possibly many source and target pairs, with considerably low development costs and high performance of the target binary. In experiments of PowerPC-to-x86 translations, some binaries even outperformed native versions, but on average they ran at two-thirds of native speed.
Examples for static binary translations
Honeywell provided a program called the
Liberator for their
Honeywell 200 series of computers; it could translate programs for the
IBM 1400 series of computers into programs for the Honeywell 200 series.
In 2014, an
ARM architecture version of the 1998
video game ''
StarCraft'' was generated by static recompilation and additional
reverse engineering of the original
x86 version.
The
Pandora handheld community was capable of developing the required tools on their own and achieving such translations successfully several times.
For instance, a successful x86-to-
x64 static recompilation was generated for the
procedural terrain generator of the video game ''
Cube World'' in 2014.
Another example is the
NES-to-
x86 statically recompiled version of the videogame ''
Super Mario Bros.'' which was generated under usage of
LLVM in 2013.
In 2004 Scott Elliott and Phillip R. Hutchinson at
Nintendo developed a tool to generate "C" code from
Game Boy binary that could then be compiled for a new platform and linked against a hardware library for use in airline entertainment systems.
In 1995 Norman Ramsey at
Bell Communications Research and Mary F. Fernandez at Department of Computer Science,
Princeton University developed ''The New Jersey Machine-Code Toolkit'' that had the basic tools for static assembly translation.
Dynamic binary translation
Dynamic binary translation (DBT) looks at a short sequence of code—typically on the order of a single
basic block—then translates it and caches the resulting sequence. Code is only translated as it is discovered and when possible, and branch instructions are made to point to already translated and saved code (
memoization).
Dynamic binary translation differs from simple emulation (eliminating the emulator's main read-decode-execute loop—a major performance bottleneck), paying for this by large overhead during translation time. This overhead is hopefully amortized as translated code sequences are executed multiple times.
More advanced dynamic translators employ
dynamic recompilation where the translated code is instrumented to find out what portions are executed a large number of times, and these portions are
optimized aggressively. This technique is reminiscent of a
JIT compiler, and in fact such compilers (e.g.
Sun's
HotSpot technology) can be viewed as dynamic translators from a virtual instruction set (the
bytecode) to a real one.
Examples for dynamic binary translations in software
*
Apple Computer implemented a dynamic translating
emulator for
M68K code in their
PowerPC line of
Macintoshes,
which achieved a very high level of reliability, performance and compatibility (see
Mac 68K emulator). This allowed Apple to bring the machines to market with only a partially native
operating system, and end users could adopt the new, faster architecture without risking their investment in software. Partly because the emulator was so successful, many parts of the operating system remained emulated. A full transition to a PowerPC native
operating system (OS) was not made until the release of
Mac OS X (10.0) in 2001. (The Mac OS X "
Classic" runtime environment continued to offer this emulation capability on PowerPC Macs until
Mac OS X 10.5.)
*
Mac OS X 10.4.4 for Intel-based Macs introduced the
Rosetta dynamic translation layer to ease Apple's transition from PPC-based hardware to x86. Developed for Apple by
Transitive Corporation, the Rosetta software is an implementation of Transitive's
QuickTransit solution.
* QuickTransit during its product lifespan also provided
SPARC→
x86, x86→
PowerPC and
MIPS→
Itanium 2 translation support.
*
DEC achieved similar success with its translation tools to help users migrate from the
CISC VAX architecture to the
Alpha RISC architecture.
*
HP ARIES (Automatic Re-translation and Integrated Environment Simulation) is a software dynamic binary translation system that combines fast code interpretation with two phase dynamic translation to transparently and accurately execute
HP 9000 HP-UX applications on
HP-UX 11i for
HPE Integrity Servers. The ARIES fast interpreter emulates a complete set of non-privileged
PA-RISC instructions with no user intervention. During interpretation, it monitors the application's execution pattern and translates only the frequently executed code into native
Itanium code at runtime. ARIES implements two phase dynamic translation, a technique in which translated code in first phase collects runtime profile information which is used during second phase translation to further optimize the translated code. ARIES stores the dynamically translated code in memory buffer called code cache. Further references to translated basic blocks execute directly in the code cache and do not require additional interpretation or translation. The targets of translated code blocks are back-patched to ensure execution takes place in code cache most of the time. At the end of the emulation, ARIES discards all the translated code without modifying the original application. The ARIES emulation engine also implements Environment Emulation which emulates an
HP 9000 HP-UX application's system calls, signal delivery, exception management, threads management, emulation of
HP GDB for debugging, and core file creation for the application.
* DEC created the
FX!32 binary translator for converting
x86 applications to Alpha applications.
*
Sun Microsystems'
Wabi software included dynamic translation from x86 to SPARC instructions.
* In January 2000,
Transmeta Corporation announced a novel processor design named
Crusoe. From the
FAQ on their web site,
*
Intel Corporation developed and implemented an
IA-32 Execution Layer - a dynamic binary translator designed to support IA-32 applications on
Itanium-based systems, which was included in
Microsoft Windows Server for
Itanium architecture, as well as in several flavors of
Linux, including
Red Hat and
Suse. It allowed IA-32 applications to run faster than they would using the native IA-32 mode on Itanium processors.
*
Dolphin (an emulator for the
GameCube/
Wii) performs JIT recompilation of PowerPC code to x86 and AArch64.
Examples for dynamic binary translations in hardware
* x86 Intel CPUs since the
Pentium Pro translate complex
CISC x86 instructions to more
RISC-like internal
micro-operations.
*
Nvidia Tegra K1 Denver translates
ARM instructions over a slow hardware decoder to its native microcode instructions and uses a software binary translator for hot code.
See also
*
Binary optimization
*
Binary recompilation
*
Dynamic recompilation
*
Just-in-time compilation
*
Instruction set simulator
*
Emulator
*
Virtual machine
*
Comparison of platform virtualization software
*
Shadow memory
References
Further reading
*
*
*
*
*
*
*
{{Refend
Category:Emulation software
Category:Interpreters (computing)
Category:Virtualization software