qemu-arm
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 07/10] tcg: Add a TCG backend for WebAssembly

From: Philippe Mathieu-Daudé
Subject: Re: [PATCH 07/10] tcg: Add a TCG backend for WebAssembly
Date: Wed, 9 Apr 2025 12:58:41 +0200
User-agent: Mozilla Thunderbird 
On 7/4/25 16:45, Kohei Tokunaga wrote:

A TB consists of a wasmTBHeader followed by the data listed below. The
wasmTBHeader contains pointers for each element:

- TCI code
- Wasm code
- Array of function indices imported into the Wasm instance
- Counter tracking the number of TB executions
- Pointer to the Wasm instance information

The Wasm backend (tcg/wasm32.c) and Wasm instances running on the same
thread share information, such as CPUArchState, through a wasmContext
structure. The Wasm backend defines tcg_qemu_tb_exec as a common entry point
for TBs, similar to the TCI backend. tcg_qemu_tb_exec runs TBs on a forked
TCI interpreter by default, while compiles and executes frequently executed
TBs as Wasm.

The code generator (tcg/wasm32) receives TCG IR and generates both Wasm and
TCI instructions. Since Wasm cannot directly jump to specific addresses,
labels are implemented using Wasm control flow instructions. As shown in the
pseudo-code below, a TB wraps instructions in a large loop, where codes are
placed within if blocks separated by labels. Branching is handled by
breaking from the current block and entering the target block.

loop
   if
     ... code after label1
   end
   if
     ... code after label2
   end
   ...
end

Additionally, the Wasm backend differs from other backends in several ways:

- goto_tb and goto_ptr return control to tcg_qemu_tb_exec which runs the
   target TB
- Helper function pointers are stored in an array in TB and imported into
   the Wasm instance on execution
- Wasm TBs lack prologue and epilogue. TBs are executed via tcg_qemu_tb_exec

Browsers cause out of memory error if too many Wasm instances are
created. To prevent this, the Wasm backend tracks active instances using an
array. When instantiating a new instance risks exceeding the limit, the
backend removes older instances to avoid browser errors. These removed
instances are re-instantiated when needed.

Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
---
  include/accel/tcg/getpc.h        |    2 +-
  include/tcg/helper-info.h        |    4 +-
  include/tcg/tcg.h                |    2 +-
  meson.build                      |    2 +
  tcg/meson.build                  |    5 +
  tcg/tcg.c                        |   26 +-
  tcg/wasm32.c                     | 1260 +++++++++
  tcg/wasm32.h                     |   39 +
  tcg/wasm32/tcg-target-con-set.h  |   18 +
  tcg/wasm32/tcg-target-con-str.h  |    8 +
  tcg/wasm32/tcg-target-has.h      |  102 +
  tcg/wasm32/tcg-target-mo.h       |   12 +
  tcg/wasm32/tcg-target-opc.h.inc  |    4 +
  tcg/wasm32/tcg-target-reg-bits.h |   12 +
  tcg/wasm32/tcg-target.c.inc      | 4484 ++++++++++++++++++++++++++++++
  tcg/wasm32/tcg-target.h          |   65 +
  16 files changed, 6035 insertions(+), 10 deletions(-)


Eh TBH this is too much to review as a single patch.

Do you already have an idea how different the wasm64 implementation can
be?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]