Software emulation systems use a combination of instruction interpretation and instruction translation to run a program originally written for an old machine architecture on a new architecture. This technology can also be used to emulate a program for one architecture on the same architecture for the purposes of profiling that program.
An instruction emulator maintains an emulated state that models the state of the legacy architecture. During emulation, the emulator modifies the emulated state in the same way that the machine state would have been modified had the program executed on the legacy architecture. "Instruction interpretation" refers to the process of modeling the effects of each instruction on that emulated state. "Instruction translation" refers to a more sophisticated process in which one or more blocks of code from the legacy program are translated into functionally equivalent blocks of code executable on the new platform. Since dynamic translation eliminates the overhead of the interpreter, it is usually an order of magnitude faster than instruction interpretation. In addition, the translator may optimize the translated code so that it runs faster than the raw translated code. Some of these optimizations reorder the instructions in the translated code. However, this reordering must not change the behavior of the emulated program. The significance of this fact to exception delivery will be explained subsequently.
Emulation also is used for program profiling. "Instruction interpretation" examines the effects of each instruction in the legacy program--one instruction at a time--and forms a corresponding instruction executable on the new platform. "Instruction translation" refers to a more sophisticated process in which multiple instructions, i.e. blocks of code, are translated into a functionally equivalent new block of code executable on the new platform. The new block of code hopefully executes more efficiently than would result from simple instruction interpretation. For example, the translated code might take advantage of instructions that were not available on the old platform. However, frequently a combination of both instruction interpretation and instruction translation is employed to emulate a given user program successfully.
In addition to emulating the semantics of the old instruction set, the emulator must deliver exceptions to the emulated process in a manner consistent with the old system. "Exceptions" can be briefly defined as unexpected or unusual conditions that arise during execution. An exception generally arises in the hardware and is communicated to the operating system ("OS"). The OS in some cases "delivers" the exception to the user application as further explained below. Exceptions can be classified as either synchronous or asynchronous. Synchronous exceptions arise as a direct result of executing an instruction. Examples are arithmetic conditions like overflow or divide by 0, privilege or "permission" faults, etc. In general, the instruction has done something or attempts to do something illegal or exceeding available resources. Asynchronous exceptions are those caused by something external to the program. Examples are timer interrupts, communications with other programs (messages), etc. These can arise at any time and thus are "asynchronous" to the executing program.
Typically, when an operating system ("OS") generates an exception notice or "signal" to an application, the OS places a "sigcontext" on the application's stack. The sigcontext contains a snapshot of the machine state, plus information about interrupted system calls, if any. The machine state is restored according to the sigcontext when the signal handler returns. The signal handler may also modify the machine state contained in the sigcontext, and any such modifications will be propagated to the real machine state by the OS.
One challenge involved in exception emulation is that the emulator itself may receive exceptions as part of its normal operation. The emulator must determine whether it caused the exception and, if it did, handle it internally rather than deliver it to the emulated application. The emulator cannot allow any exceptions to be blocked, since if one of these exceptions were raised while it was blocked, the emulated application would "hang" when the operating system attempted to deliver the exception.
A related problem arises when the system translates the old code into instructions on the new architecture. In order to improve the performance of the translated code, the translator reorders instructions in the translated code. This introduces the possibility of the translator "speculating" a faulting instruction. In other words, the translator might cause an instruction to be executed that would not have been executed in the original program. If the emulator delivers one of these speculative exceptions to the emulated application, we have changed the exception behavior of the original program. The emulator needs to be able to recover from these exceptions, rather than deliver them to the application program. However, the emulator cannot recover if the signal is blocked, since the kernel will hang when trying to deliver the exception.
The need remains, therefore, for improvements in software emulation to address these exception-handling issues. More specifically, the need remains to accurately emulate the exception behavior that a user program would exhibit if it were it running on the legacy platform for which it was originally constructed.