It seems to me that the correct term is "Static Binary Translation" (SBT) for what you call "ahead of time binary translation".
And the correct term for "JIT-based emulation" is "Dynamic Binary Translation" (DBT).
At least these are the terms you should use if you want to find some literature on this subject.
We're not talking about JIT or AOT compiler because it's not really a compilation (compilation is translating to a lower level language).
I think a lot of people talk about JIT rather than DBT because the JIT term is better known, and there is confusion when Apple says they do "Dynamic translation for JITs".
Which means that: they do DBT to handle applications that use JIT.
You are correct, static binary translation is what Rosetta does first. That, however, is what I called niche technology in another post, most of the research so far had focused on dynamic binary translation.
Furthermore, SBT, even for user mode binaries, can rarely reach the performance levels that we see with Rosetta2. There are many issues in determining what is code, where are the branch destinations in case of indirect branches, etc. What we have here is certainly a feat of engineering on its own.
> There are many issues in determining what is code, where are the branch destinations in case of indirect branches, etc.
Yes, handling indrect branch seems a bit complex and I'm not a specialist in the field.
But I'm pretty sure that the cases of indirect branch are rare enough so that an additional indirection is relatively inexpensive.
Adding a simple address mapping table should meet most of the cases.
An interesting question would also be whether Apple has added features to the hardware to improve the translation?
We know, for example, that Apple introduced a special register [1] to temporarily switch from the ARM consistency model to the TSO consistency model (Total Store Order) from x86.
