Binary translation explained

In computing, binary translation is a form of binary recompilation where sequences of instructions are translated from a source instruction set to the target instruction set. In some cases such as instruction set simulation, the target instruction set may be the same as the source instruction set, providing testing and debugging features such as instruction trace, conditional breakpoints and hot spot detection.

The two main types are static and dynamic binary translation. Translation can be done in hardware (for example, by circuits in a CPU) or in software (e.g. run-time engines, static recompiler, emulators).

Motivation

Binary translation is motivated by a lack of a binary for a target platform, the lack of source code to compile for the target platform, or otherwise difficulty in compiling the source for the target platform.

Statically-recompiled binaries run potentially faster than their respective emulated binaries, as the emulation overhead is removed. This is similar to the difference in performance between interpreted and compiled programs in general.

Static binary translation

A translator using static binary translation aims to convert all of the code of an executable file into code that runs on the target architecture without having to run the code first, as is done in dynamic binary translation. This is very difficult to do correctly, since not all the code can be discovered by the translator. For example, some parts of the executable may be reachable only through indirect branches, whose value is known only at run-time.

One such static binary translator uses universal superoptimizer peephole technology (developed by Sorav Bansal and Alex Aiken from Stanford University) to perform efficient translation between possibly many source and target pairs, with considerably low development costs and high performance of the target binary. In experiments of PowerPC-to-x86 translations, some binaries even outperformed native versions, but on average they ran at two-thirds of native speed.[1]

Examples for static binary translations

Honeywell provided a program called the Liberator for their Honeywell 200 series of computers; it could translate programs for the IBM 1400 series of computers into programs for the Honeywell 200 series.[2]

In 2014, an ARM architecture version of the 1998 video game StarCraft was generated by static recompilation and additional reverse engineering of the original x86 version.[3] [4] The Pandora handheld community was capable of developing the required tools[5] on their own and achieving such translations successfully several times.[6] [7]

For instance, a successful x86-to-x64 static recompilation was generated for the procedural terrain generator of the video game Cube World in 2014.[8]

Another example is the NES-to-x86 statically recompiled version of the videogame Super Mario Bros. which was generated under usage of LLVM in 2013.[9]

In 2004 Scott Elliott and Phillip R. Hutchinson at Nintendo developed a tool to generate "C" code from Game Boy binary that could then be compiled for a new platform and linked against a hardware library for use in airline entertainment systems.[10]

In 1995 Norman Ramsey at Bell Communications Research and Mary F. Fernandez at Department of Computer Science, Princeton University developed The New Jersey Machine-Code Toolkit that had the basic tools for static assembly translation.[11]

Dynamic binary translation

Dynamic binary translation (DBT) looks at a short sequence of code—typically on the order of a single basic block—then translates it and caches the resulting sequence. Code is only translated as it is discovered and when possible, and branch instructions are made to point to already translated and saved code (memoization).

Dynamic binary translation differs from simple emulation (eliminating the emulator's main read-decode-execute loop—a major performance bottleneck), paying for this by large overhead during translation time. This overhead is hopefully amortized as translated code sequences are executed multiple times.

More advanced dynamic translators employ dynamic recompilation where the translated code is instrumented to find out what portions are executed a large number of times, and these portions are optimized aggressively. This technique is reminiscent of a JIT compiler, and in fact such compilers (e.g. Sun's HotSpot technology) can be viewed as dynamic translators from a virtual instruction set (the bytecode) to a real one.

Examples for dynamic binary translations in software

Examples for dynamic binary translations in hardware

See also

Further reading

Notes and References

  1. Bansal . Sorav . Aiken . Alex . Binary Translation Using Peephole Superoptimizers . Proceedings of the 8th USENIX conference on Operating systems design and implementation . December 2008 . 177–192 .
  2. Book: Honeywell Series 200 Summary Description . February 1966 . . 11 . For example, the instruction repertoire of Series 200 processors is similar enough to those of several other processing systcms, viz., the IBM 1400 series, to allow automated, one-time translation of programs written for these competitive systems to a form suitable for execution on higher-performance Series 200 systems..
  3. Web site: Starcraft für ARM-Handheld kompiliert . March 10, 2014 . Peter . Steinlechner . March 25, 2014 . de . golem.de.
  4. Web site: StarCraft . notaz . March 4, 2014 . March 26, 2014 . repo.openpandora.org.
  5. Web site: ia32rtools/ . notaz . 2014-03-01 . 2015-01-09 . GitHub.
  6. Web site: Starcraft . The "no source, no port" rule is not completely true, you can get something similar (but not the same) as a port through static recompilation. Similar stuff was done several times by M-HT for some DOS games. The game was also converted for Android with somewhat similar approach. . notaz . March 4, 2014 . March 29, 2014 . openpandora.org.
  7. Web site: Warcraft: Orcs & Humans . repo.openpandora.org . M-HT.
  8. Web site: Practical and Portable X86 Recompilation . 2014-04-14 . Mathias . Kærlev . 2014-08-08 . but then the idea of somehow using the original x86 machine code presented itself. However, for our open server, we need to support x86-64 as well, and in that case, we absolutely need emulation or recompilation. […] Static recompilation to assembler seemed like a much better option, but to keep it portable, we would need to write backends for x86, x86-64, and possibly ARM/PowerPC..
  9. Web site: Statically Recompiling NES Games into Native Executables with LLVM and Go . Andrew . Kelley . 2013-07-07 . 2013-08-08 . This article presents original research regarding the possibility of statically disassembling and recompiling Nintendo Entertainment System games into native executables..
  10. System and method for trans-compiling video games . Elliott . Scott . Hutchinson . Phillip . 2010 . 7765539 . US.
  11. Proceeding TCON'95 Proceedings of the USENIX 1995 Technical Conference Proceedings . The New Jersey Machine-Code Toolkit . Ramsey . Norman . Fernandez . Mary F. . 1995 . 24 . USENIX Association Berkeley, CA, USA.
  12. Book: Itanium Rising: Breaking Through Moore's Second Law of Computing Power . Prentice Hall PTR . 2003 . Jim . Carlson . Jerry . Huck . 2015-01-09 . 978-0-13046415-6.
  13. Web site: HP ARIES Dynamic Binary Translator . . 2015-01-09 . https://web.archive.org/web/20150110072830/http://h21007.www2.hp.com/portal/site/dspp/menuitem.863c3e4cbcdc3f3515b49c108973a801/?ciid=0208713ba4f02110713ba4f02110275d6e10RCRD . 2015-01-10 . dead.
  14. Web site: Transmeta Crusoe Explored . Jon . Stokes . . 2015-01-09.
  15. Web site: Transmeta's Crusoe Microprocessor . Rob . Hughes . January 20, 2000 . . https://web.archive.org/web/20070927184520/http://www.geek.com/procspec/features/transmeta/crusoe.htm . September 27, 2007 . dead.
  16. Web site: Transmeta Crusoe Processor Frequently Asked Questions FAQ . . 2007 . https://web.archive.org/web/20070110213448/http://www.transmeta.com/crusoe/faq.html . 2007-01-10 . dead.