- TCG = Tiny Code Generator; QEMU's framework for emulating CPU architectures via translating instructions[1]
- TCI = Tiny Code Interpreter? The source code says: "(TCG with bytecode interpreter, experimental and slow)"[2]
- TCTI = Tiny Code Threaded-Dispatch Interpreter? The source code says: "TCTI (TCG with threaded-dispatch bytecode interpreter, experimental and slow; but faster than TCI)"[3]
So, apparently, it's some kind of optimized interpreter. Exactly what it means by "threaded-dispatch" is unclear, there's some surprisingly tricky looking things going on[4]. Does threaded refer to OS threading, or does it maybe mean that it's doing something a bit more like a cached interpreter? I wonder if it's even more clever than that.
Threaded interpreters are a kind of interpreter that runs code by having an array of jump addresses in a row representing the ops to interpret so that you can amortize out the decode step.
Ah, I either didn't know about the term threaded code or forgot about it. Thanks for the pointers. (Replying to you but also the sibling comment since both were posted around the same time.)
At first I was thinking of cached interpreters as often seen in video game console emulators, but actually, this reminds me more of the "virtual machines" used in executable packers/obfuscators like VMProtect and Themida.
It's a backend for qemu's cpu JIT that doesn't actually JIT code for the host CPU, but code that's simply more performant to interpret than the target CPU arch as a set of JOP/ROP gadgets. It's so it works as perfomantly as possible without in case without the ability to set pages executable like on iOS.
