Explaining the Quake III Virtual Machine

Page created by Lois Ingram

Arts & Entertainment

English

Like
Share
Embed
Fullscreen
Slides
Download HTML
Download PDF
Abuse

←

→

Page content transcription

If your browser does not render page correctly, please read the page content below

Explaining the Quake III Virtual Machine

              Ludwig Nussel

           SUSE Linux Products GmbH
               openSUSE Team
            ludwig.nussel@suse.de

              FOSDEM 2013

Outline

Introduction
    About Quake III Arena
    About ioquake3
    Architecture
    Ways to Extend a Program and how Q3 does it

Virtual Machine
    Architecture
    Calling Conventions & Memory Layout
    VM Calls and Syscalls
    VM Interpreter

Summary

 2 / 20

About Quake III Arena

                           multiplayer first-person shooter
                           developed by id Software
                           released in December 1999 for
                            Linux, Windows and Mac
                           platform independent Mods
                           source released under GPLv2 in
                            August 2005

3 / 20

About ioquake3

                    based on id’s source release
                    compatible to original game
                    bug and security fixes
                    enhanced portability
                     64bit, BSD, Solaris ...
                    tons of new features
                     IPv6, OpenAL surround sound, VoIP,
                     stereo rendering, png image loader ...

4 / 20

Quake III Architecture Overview

         Keyboard, Mouse
                           Engine                     Server

                           Event Processing   game

              Network
                             Networking

                                              cgame
              Sound             Botlib

                              Rendering        ui
              Graphics

                                                      Client
                                Sound

5 / 20

Quake III Architecture: the Game Modules

                                 CGame
                                      run on client side
   Game                              predict player states
       run on server side            tell sound and gfx renderers
       maintain game state            what to show
       compute bots
       move objects
                                 UI
                                      run on client side
                                      show menus

    6 / 20

Typical Ways to Extend a Program

   Native                               Interpreted
       write plugins in C                   use some scripting language
       compile as shared library            slow
       fast                                 can be sandboxed
       no sandbox                           can be memory limited
       no memory limit                      main program can catch
       can crash the whole program           exceptions

    7 / 20

The Quake III Way for Extensions

 Allow both, with same code!

Bytecode                                 Native
   compiled by special compiler (lcc)      compiled by system C
   byte code interpreted by a virtual       compiler as shared library
    machine                                 must restrict to
   strict sandbox                           embedded libc subset
   strict memory limit                     must not call malloc()
   main program can catch exceptions       must not use external
    and unload VM                            libs

    8 / 20

The Virtual Machine Architecture
Overview

   32bit addressing, little endian
   32bit floats
   about 60 instructions
   separate memory addressing for code and data
   no dynamic memory allocations
   no GP registers, load/store on ’opstack’

 9 / 20

opStack vs Program Stack

   Program stack
         local variables
         function parameters
         saved program counter
   opStack
         arguments for instructions, results
          OP CONST 3
          OP CONST 4
          OP ADD

         function return values

10 / 20

Calling Convention

   similar to x86
   parameters and program counter pushed to stack
   callee responsible for new stack frame
   negative address means syscall
   return value on opstack

11 / 20

VM Memory Layout

vm->dataBase                 vm->programStack
                                                   vm memory allocated as one block
                Data                Stack          64k stack at end of image
0
                                                   code and opstack separate
    p = vm->dataBase + (oﬀset & vm->dataMask)
                                                   memory size rounded to power of two
                                                       simple access violation checks via mask
                                                   cannot address memory outside that
                                                    block
                                                       can’t pass pointers

      12 / 20

Calling into the VM

   code is one big block               i n t p t r t vmMain ( i n t command ,
                                            i n t arg0 , i n t arg1 ,
   no symbols                                               . . . , i n t arg11 ) {
                                            s w i t c h ( command ) {
   can only pass int parameters                c a s e GAME INIT :
   start of code has to be                         G InitGame ( arg0 , arg1 , arg2 ) ;
                                                    return 0;
    dispatcher function                         c a s e GAME SHUTDOWN:
        first parameter is a command               G ShutdownGame ( a r g 0 ) ;
        called vmMain() for dlopen()               return 0;
                                        ...

    13 / 20

Calling into the Engine

   requests into engine             VM side, C implemenation
        print something              t y p e d e f enum { CG PRINT , . . . } ;
        open a file                  v o i d t r a p P r i n t ( c o n s t c h a r ∗ fmt ) {
        play a sound                     s y s c a l l ( CG PRINT , fmt ) ;
                                      }
   expensive operations
        sinus, cosinus, vector      host side
         operations                   intptr t
        memset, memcpy               CL CgameSystemCalls ( i n t p t r t ∗ a r g s ) {
                                        switch ( args [ 0 ] ) {
   pass pointers but not                 c a s e CG PRINT :
    return!                               C o m P r i n t f ( ”%s ” , ( c h a r ∗ )VMA( 1 ) ) ;
                                          return 0;
                                      ...

    14 / 20

How the Interpreter Works
Example

while (1) {

   r0 = opStack [ opStackOfs ] ;
   r1 = opStack [ ( u i n t 8 t ) ( opStackOfs − 1 ) ] ;

nextInstruction2 :
  o p c o d e = c o d e I m a g e [ p r o g r a m C o u n t e r++ ] ;

   s w i t c h ( opcode ) {

      c a s e OP LOAD4 :
               r0 = opStack [ opStackOfs ] =
                    ∗ ( i n t ∗ ) &image [ r 0 & dataMask & ˜3 ] ;
               got o n e x t I n s t r u c t i o n 2 ;

 15 / 20

More Speed With Native Code

   Byte code interpreter too slow for complex mods
   Translate byte code to native instructions on load
   CPU/OS specific compilers needed
         currently: x86, x86 64, ppc{,64}, sparc{,64}
         hard to maintain
   Multiple passes to calculate offsets
   Needs extra memory as native code is bigger
   Need to be careful when optimizing jump targets

16 / 20

VM JIT Compiler
Example

c a s e OP DIVU :
    // mov eax , dword p t r −4[ e d i + e b x ∗ 4 ]
    E m i t S t r i n g ( ” 8B 44 9F FC” ) ;
    // x o r edx , e d x
    E m i t S t r i n g ( ” 33 D2” ) ;
    // d i v dword p t r [ e d i + e b x ∗ 4 ]
    E m i t S t r i n g ( ”F7 34 9F” ) ;
    // mov dword p t r −4[ e d i + e b x ∗ 4 ] , e a x
    E m i t S t r i n g ( ” 89 44 9F FC” ) ;
    // s u b b l , 1
   EmitCommand ( LAST COMMAND SUB BL 1 ) ;

17 / 20

Future Work

   replace x87 ops with SSE2 in vm x86.c
   write compiler for ARM
   create gcc backend to replace lcc
   use LLVM

18 / 20

Summary

   Quake 3 allows mods as shared library or bytecode
   Bytecode is platform independent
   Game architecture requires strict separation between engine and
    mod
   CPU/OS specific compilers are a maintenance burden
   VM is simple enough to study and play with it

19 / 20

Links

   http://ioquake3.org/
   http://www.idsoftware.com/
   http://fabiensanglard.net/quake3/
   http://www.icculus.org/~phaethon/q3mc/q3vm_specs.html

20 / 20

You can also read