Fast binary translation is a key component for many modern software
techniques. This paper reflects on the implementation of fastBT, a
generator for low-overhead, table-based dynamic (just-in-time) binary
translators. We discuss the most challenging sources of overhead,
propose optimizations to further reduce these penalties, and present a
detailed performance analysis with different approaches to translate
indirect control transfers. To allow comparison with other systems the
paper includes an empirical evaluation of fastBT relative to three
other binary translation systems (DynamoRIO, HDTrans, and PIN).

The fastBT generator is architecture-neutral but this paper's analysis
and performance data focus on IA-32 Linux. fastBT performs well in
practice: we report an overhead of 0\% to 10\% for the majority of
benchmarks. fastBT uses a trace cache and trampolines to obtain
efficiency in translation and execution of the translated program. The
keys to fastBT's good performance are a configurable inlining
mechanism optimizations for the different forms of indirect jumps.

To ease development of a binary translator, the translation actions of
fastBT are specified in high-level abstractions that are compiled into
fastBT's translation tables. This table generator allows a compact
description of the transformations that the binary translator effects
in the translated code.

Links:

Bibtex:

@article{fastBT,
 author = {Mathias Payer and Thomas Gross},
 title = {Requirements for Fast Binary Translation},
 booktitle = {2nd Workshop on Architectural and Microarchitectural
  Support for Binary Translation},
 year = {2009}
}