Added instrumentation of vector TCG operations #38
Conversation
|
This PR is built on top of my port to QEMU 8 (#37). It also depends on this PR in SymCC that adds support for creating large symbolic constants. |
|
I'll wait until we've merged #37 before reviewing this one - the diff should look much nicer after the merge. |
|
@damienmaier could you rebase this branch on the current master? |
damienmaier
force-pushed
the
pr-vec-instrumentation
branch
from
22c49dc
to
88e18a3
Compare
|
Sure ! |
|
Just some infos about how files are organized in this PR : The original sym helper functions are in I put the vector sym helper functions in a new file It seemed better to me to have a separate file for vector helper functions, but if your prefer to have everything in Other that that I modified |
| @@ -393,9 +550,9 @@ void tcg_gen_not_vec(unsigned vece, TCGv_vec r, TCGv_vec a) | |||
| { | |||
| const TCGOpcode *hold_list = tcg_swap_vecop_list(NULL); | |||
|
|
|||
| if (!TCG_TARGET_HAS_not_vec || !do_op2(vece, r, a, INDEX_op_not_vec)) { | |||
| /*if (!TCG_TARGET_HAS_not_vec || !do_op2(vece, r, a, INDEX_op_not_vec)) {*/ | |||
|
Also it would be nice to merge a PR with your testsuite, before we merge this PR (and you could add the tests that are specific to the vec operations to this PR?) |
|
Regarding the commented code, the only motivation was to save implementation time. By making those instructions being systematically replaced by equivalent, already instrumented instructions, I avoided the work of instrumenting them. For my defense, this trick was already used for several instructions in the original SymQEMU :) Here is an example https://github.com/eurecom-s3/symqemu/blob/master/tcg/tcg-op.c#L1059 I left the original code (but commented) to be consistent, because this is how it was done for other non vec instructions, like in example above. |
|
All right, I will make a PR with the tests. I am working on creating a Dockerfile to compile SymQEMU and run the tests |
Ah, OK. There will be a performance impact I imagine ? The target code could be more efficient if it would be implemented with one instruction ?
Fair :)
OK, if my understanding above is correct: could you add a comment, at least on the first such occurrence. I.e., to explain the instruction instrumentation isn't implemented, the alternative works, implementing the instrumentation may give some performance gains (as some likely more effective instructions will be generated)? |
There was a problem hiding this comment.
Looks really good, thank you! I've only added two minor comments related to the discussion that we had in your thesis presentation.
One more minor thing: The README currently says in the "Documentation" section that a large part of the implementation is in tcg-runtime-sym.{c,h} - would you mind adding the vector equivalents there? And do you know whether the test mentioned in the same section still works now that some functions have moved and/or changed signatures?
| * For each element, the concrete result is used to determine if the comparison was true or false, | ||
| * and path constraints are pushed accordingly. |
There was a problem hiding this comment.
Would you mind also mentioning the alternative of computing a symbolic result vector? It's just an intuition, but I think this will make it easier for the solver to come up with good solutions because path constraints have the problem that changing them often requires multiple iterations.
| * For each element, the concrete result is used to determine if the ternary condition was true or false, | ||
| * and path constraints are pushed accordingly. |
There was a problem hiding this comment.
Same here, let's add the exploration of a symbolic result instead of path constraints as a TODO comment.
Yes I think that this has a performance impact.
I added TODO comments to clarify the the situation |
|
Thanks for the updates ! |
|
@sebastianpoeplau I added the todos regarding returning expressions instead of pushing path constrains, and I edited the README.
I realize now that the way QEMU tests are run has changed between QEMU 4 and QEMU 8, because QEMU now uses meson. I didn't think about those SymQEMU unit tests when I did the port to QEMU 8, so currently the file |
damienmaier
force-pushed
the
pr-vec-instrumentation
branch
from
3b961e7
to
01229b9
Compare
…instrumented instructions
This target program resulted on incorrect results before vector instructions were instrumented
aurelf
force-pushed
the
pr-vec-instrumentation
branch
from
5808af3
to
854d82d
Compare
|
Hi, I rebased this on top of the current main. made a few minor changes, the tests pass. |
|
It is ok for me ! |
|
Good for me too! |
Minor typos
* Moved check-sym-runtime.c to unit tests and updated to work with QEMU8 * Build and run check-sym-runtime test with meson.build * Improve Dockerfile * Added documentation about test suites
"helper_sym_store_host_i64" and "helper_sym_store_host_i32" were replaced by helper_sym_store_host, adjusting the unit tests accordingly
|
I had to update also the unit tests, which I just re-enabled. |
This is the code I added for the support of vector TCG instructions in SymQEMU.
I have documented the functions in the source files. There is also some information about the work done in chapter 6 of my bachelor thesis.