2016-10-06 16:12:11 +02:00
|
|
|
@node Implementation notes
|
|
|
|
@appendix Implementation notes
|
2006-04-30 23:58:41 +02:00
|
|
|
|
|
|
|
@menu
|
2016-10-06 16:49:03 +02:00
|
|
|
* CPU emulation::
|
|
|
|
* Translator Internals::
|
|
|
|
* QEMU compared to other emulators::
|
2018-05-11 19:24:43 +02:00
|
|
|
* Managed start up options::
|
2016-10-06 16:49:03 +02:00
|
|
|
* Bibliography::
|
2006-04-30 23:58:41 +02:00
|
|
|
@end menu
|
|
|
|
|
2016-10-06 16:49:03 +02:00
|
|
|
@node CPU emulation
|
2016-10-06 16:12:11 +02:00
|
|
|
@section CPU emulation
|
2004-04-04 17:21:17 +02:00
|
|
|
|
2006-04-30 23:58:41 +02:00
|
|
|
@menu
|
2016-10-06 16:49:03 +02:00
|
|
|
* x86:: x86 and x86-64 emulation
|
|
|
|
* ARM:: ARM emulation
|
|
|
|
* MIPS:: MIPS emulation
|
|
|
|
* PPC:: PowerPC emulation
|
|
|
|
* SPARC:: Sparc32 and Sparc64 emulation
|
|
|
|
* Xtensa:: Xtensa emulation
|
2006-04-30 23:58:41 +02:00
|
|
|
@end menu
|
|
|
|
|
2016-10-06 16:49:03 +02:00
|
|
|
@node x86
|
2016-10-06 16:12:11 +02:00
|
|
|
@subsection x86 and x86-64 emulation
|
2004-04-04 17:21:17 +02:00
|
|
|
|
|
|
|
QEMU x86 target features:
|
|
|
|
|
2007-09-16 23:08:06 +02:00
|
|
|
@itemize
|
2004-04-04 17:21:17 +02:00
|
|
|
|
2007-09-16 23:08:06 +02:00
|
|
|
@item The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation.
|
2008-10-09 20:52:04 +02:00
|
|
|
LDT/GDT and IDT are emulated. VM86 mode is also supported to run
|
|
|
|
DOSEMU. There is some support for MMX/3DNow!, SSE, SSE2, SSE3, SSSE3,
|
|
|
|
and SSE4 as well as x86-64 SVM.
|
2004-04-04 17:21:17 +02:00
|
|
|
|
|
|
|
@item Support of host page sizes bigger than 4KB in user mode emulation.
|
|
|
|
|
|
|
|
@item QEMU can emulate itself on x86.
|
|
|
|
|
2007-09-16 23:08:06 +02:00
|
|
|
@item An extensive Linux x86 CPU test program is included @file{tests/test-i386}.
|
2004-04-04 17:21:17 +02:00
|
|
|
It can be used to test other x86 virtual CPUs.
|
|
|
|
|
|
|
|
@end itemize
|
|
|
|
|
|
|
|
Current QEMU limitations:
|
|
|
|
|
2007-09-16 23:08:06 +02:00
|
|
|
@itemize
|
2004-04-04 17:21:17 +02:00
|
|
|
|
2008-10-09 20:52:04 +02:00
|
|
|
@item Limited x86-64 support.
|
2004-04-04 17:21:17 +02:00
|
|
|
|
|
|
|
@item IPC syscalls are missing.
|
|
|
|
|
2007-09-16 23:08:06 +02:00
|
|
|
@item The x86 segment limits and access rights are not tested at every
|
2004-04-04 17:21:17 +02:00
|
|
|
memory access (yet). Hopefully, very few OSes seem to rely on that for
|
|
|
|
normal use.
|
|
|
|
|
|
|
|
@end itemize
|
|
|
|
|
2016-10-06 16:49:03 +02:00
|
|
|
@node ARM
|
2016-10-06 16:12:11 +02:00
|
|
|
@subsection ARM emulation
|
2004-04-04 17:21:17 +02:00
|
|
|
|
|
|
|
@itemize
|
|
|
|
|
|
|
|
@item Full ARM 7 user emulation.
|
|
|
|
|
|
|
|
@item NWFPE FPU support included in user Linux emulation.
|
|
|
|
|
|
|
|
@item Can run most ARM Linux binaries.
|
|
|
|
|
|
|
|
@end itemize
|
|
|
|
|
2016-10-06 16:49:03 +02:00
|
|
|
@node MIPS
|
2016-10-06 16:12:11 +02:00
|
|
|
@subsection MIPS emulation
|
2007-07-11 12:24:28 +02:00
|
|
|
|
|
|
|
@itemize
|
|
|
|
|
|
|
|
@item The system emulation allows full MIPS32/MIPS64 Release 2 emulation,
|
|
|
|
including privileged instructions, FPU and MMU, in both little and big
|
|
|
|
endian modes.
|
|
|
|
|
|
|
|
@item The Linux userland emulation can run many 32 bit MIPS Linux binaries.
|
|
|
|
|
|
|
|
@end itemize
|
|
|
|
|
|
|
|
Current QEMU limitations:
|
|
|
|
|
|
|
|
@itemize
|
|
|
|
|
|
|
|
@item Self-modifying code is not always handled correctly.
|
|
|
|
|
|
|
|
@item 64 bit userland emulation is not implemented.
|
|
|
|
|
|
|
|
@item The system emulation is not complete enough to run real firmware.
|
|
|
|
|
2007-07-12 11:03:30 +02:00
|
|
|
@item The watchpoint debug facility is not implemented.
|
|
|
|
|
2007-07-11 12:24:28 +02:00
|
|
|
@end itemize
|
|
|
|
|
2016-10-06 16:49:03 +02:00
|
|
|
@node PPC
|
2016-10-06 16:12:11 +02:00
|
|
|
@subsection PowerPC emulation
|
2004-04-04 17:21:17 +02:00
|
|
|
|
|
|
|
@itemize
|
|
|
|
|
2007-09-16 23:08:06 +02:00
|
|
|
@item Full PowerPC 32 bit emulation, including privileged instructions,
|
2004-04-04 17:21:17 +02:00
|
|
|
FPU and MMU.
|
|
|
|
|
|
|
|
@item Can run most PowerPC Linux binaries.
|
|
|
|
|
|
|
|
@end itemize
|
|
|
|
|
2016-10-06 16:49:03 +02:00
|
|
|
@node SPARC
|
2016-10-06 16:12:11 +02:00
|
|
|
@subsection Sparc32 and Sparc64 emulation
|
2004-04-04 17:21:17 +02:00
|
|
|
|
|
|
|
@itemize
|
|
|
|
|
2007-04-05 20:40:23 +02:00
|
|
|
@item Full SPARC V8 emulation, including privileged
|
2005-07-02 16:31:34 +02:00
|
|
|
instructions, FPU and MMU. SPARC V9 emulation includes most privileged
|
2007-10-20 10:09:05 +02:00
|
|
|
and VIS instructions, FPU and I/D MMU. Alignment is fully enforced.
|
2004-04-04 17:21:17 +02:00
|
|
|
|
2007-10-20 10:09:05 +02:00
|
|
|
@item Can run most 32-bit SPARC Linux binaries, SPARC32PLUS Linux binaries and
|
|
|
|
some 64-bit SPARC Linux binaries.
|
2005-07-02 16:31:34 +02:00
|
|
|
|
|
|
|
@end itemize
|
|
|
|
|
|
|
|
Current QEMU limitations:
|
|
|
|
|
2007-09-16 23:08:06 +02:00
|
|
|
@itemize
|
2005-07-02 16:31:34 +02:00
|
|
|
|
|
|
|
@item IPC syscalls are missing.
|
|
|
|
|
2007-11-25 19:40:20 +01:00
|
|
|
@item Floating point exception support is buggy.
|
2005-07-02 16:31:34 +02:00
|
|
|
|
|
|
|
@item Atomic instructions are not correctly implemented.
|
|
|
|
|
2008-10-09 20:52:04 +02:00
|
|
|
@item There are still some problems with Sparc64 emulators.
|
|
|
|
|
|
|
|
@end itemize
|
|
|
|
|
2016-10-06 16:49:03 +02:00
|
|
|
@node Xtensa
|
2016-10-06 16:12:11 +02:00
|
|
|
@subsection Xtensa emulation
|
2011-10-10 12:48:23 +02:00
|
|
|
|
|
|
|
@itemize
|
|
|
|
|
|
|
|
@item Core Xtensa ISA emulation, including most options: code density,
|
|
|
|
loop, extended L32R, 16- and 32-bit multiplication, 32-bit division,
|
2012-11-29 16:53:20 +01:00
|
|
|
MAC16, miscellaneous operations, boolean, FP coprocessor, coprocessor
|
|
|
|
context, debug, multiprocessor synchronization,
|
2011-10-10 12:48:23 +02:00
|
|
|
conditional store, exceptions, relocatable vectors, unaligned exception,
|
|
|
|
interrupts (including high priority and timer), hardware alignment,
|
|
|
|
region protection, region translation, MMU, windowed registers, thread
|
|
|
|
pointer, processor ID.
|
|
|
|
|
2012-11-29 16:53:20 +01:00
|
|
|
@item Not implemented options: data/instruction cache (including cache
|
|
|
|
prefetch and locking), XLMI, processor interface. Also options not
|
|
|
|
covered by the core ISA (e.g. FLIX, wide branches) are not implemented.
|
2011-10-10 12:48:23 +02:00
|
|
|
|
|
|
|
@item Can run most Xtensa Linux binaries.
|
|
|
|
|
|
|
|
@item New core configuration that requires no additional instructions
|
|
|
|
may be created from overlay with minimal amount of hand-written code.
|
|
|
|
|
|
|
|
@end itemize
|
|
|
|
|
2018-05-11 19:24:43 +02:00
|
|
|
@node Managed start up options
|
|
|
|
@section Managed start up options
|
|
|
|
|
|
|
|
In system mode emulation, it's possible to create a VM in a paused state using
|
|
|
|
the -S command line option. In this state the machine is completely initialized
|
|
|
|
according to command line options and ready to execute VM code but VCPU threads
|
|
|
|
are not executing any code. The VM state in this paused state depends on the way
|
|
|
|
QEMU was started. It could be in:
|
|
|
|
@table @asis
|
|
|
|
@item initial state (after reset/power on state)
|
|
|
|
@item with direct kernel loading, the initial state could be amended to execute
|
|
|
|
code loaded by QEMU in the VM's RAM and with incoming migration
|
|
|
|
@item with incoming migration, initial state will by amended with the migrated
|
|
|
|
machine state after migration completes.
|
|
|
|
@end table
|
|
|
|
|
|
|
|
This paused state is typically used by users to query machine state and/or
|
|
|
|
additionally configure the machine (by hotplugging devices) in runtime before
|
|
|
|
allowing VM code to run.
|
|
|
|
|
|
|
|
However, at the -S pause point, it's impossible to configure options that affect
|
2018-07-05 11:14:02 +02:00
|
|
|
initial VM creation (like: -smp/-m/-numa ...) or cold plug devices. The
|
|
|
|
experimental --preconfig command line option allows pausing QEMU
|
|
|
|
before the initial VM creation, in a ``preconfig'' state, where additional
|
2018-05-11 19:24:43 +02:00
|
|
|
queries and configuration can be performed via QMP before moving on to
|
|
|
|
the resulting configuration startup. In the preconfig state, QEMU only allows
|
|
|
|
a limited set of commands over the QMP monitor, where the commands do not
|
|
|
|
depend on an initialized machine, including but not limited to:
|
|
|
|
@table @asis
|
|
|
|
@item qmp_capabilities
|
|
|
|
@item query-qmp-schema
|
|
|
|
@item query-commands
|
|
|
|
@item query-status
|
2018-07-05 11:14:02 +02:00
|
|
|
@item x-exit-preconfig
|
2018-05-11 19:24:43 +02:00
|
|
|
@end table
|