update

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@283 c046a42c-6fe2-441c-8c8c-71466251a162
2003-06-25 16:21:49 +00:00 · 2003-06-25 16:21:49 +00:00 · 1eb20527c8
commit 1eb20527c8
parent e3e86d56c4
4 changed files with 268 additions and 40 deletions
--- a/9
+++ b/9
@ -4,6 +4,7 @@ version 0.4:
 - fixed signal handling for correct dosemu DPMI emulation
 - fast x86 MMU emulation with mmap()
 - fixed popl (%esp) case
 - Linux kernel can be executed by QEMU with the 'vl' command.
 version 0.3:
@ -17,10 +18,10 @@ version 0.3:
 version 0.2:
- - PowerPC disassembly and ELF symbols output (Rusty Russel)
+ - PowerPC disassembly and ELF symbols output (Rusty Russell)
- - flock support (Rusty Russel)
+ - flock support (Rusty Russell)
- - ugetrlimit support (Rusty Russel)
+ - ugetrlimit support (Rusty Russell)
- - fstat64 fix (Rusty Russel)
+ - fstat64 fix (Rusty Russell)
 - initial Alpha port (Falk Hueffner)
 - initial IA64 port (Matt Wilson)
 - initial Sparc and Sparc64 port (David S. Miller)
--- a/2
+++ b/2
@ -1,4 +1,5 @@
 - finish segment ops (call far, ret far, load_seg suppressed)
 - fix arm fpu rounding (at least for float->integer conversions)
 - fix CCOP optimisation
 - optimize FPU operations (evaluate x87 stack pointer statically) 
@ -7,7 +8,6 @@
  state, find a solution for tb_flush()).
 - add gcc 2.96 test configure (some gcc3 flags are needed)
 - add IPC syscalls
 - submit a patch to fix DOSEMU coopthreads
 lower priority:
 --------------
--- a/2
+++ b/2
@ -1 +1 @@
-0.3
+0.4
--- a/qemu-doc.texi
+++ b/qemu-doc.texi
@ -11,35 +11,62 @@
@section Features
-QEMU is a FAST! processor emulator. Its purpose is to run Linux executables
+QEMU is a FAST! processor emulator. By using dynamic translation it
-compiled for one architecture on another. For example, x86 Linux
+achieves a reasonnable speed while being easy to port on new host
-processes can be ran on PowerPC Linux architectures. By using dynamic
+CPUs.
-translation it achieves a reasonnable speed while being easy to port on
+
-new host CPUs. Its main goal is to be able to launch the @code{Wine}
+QEMU has two operating modes:
-Windows API emulator (@url{http://www.winehq.org}) or @code{DOSEMU}
+@itemize
-(@url{http://www.dosemu.org}) on non-x86 CPUs.
+@item User mode emulation. In this mode, QEMU can launch Linux processes
 compiled for one CPU on another CPU. Linux system calls are converted
 because of endianness and 32/64 bit mismatches. The Wine Windows API
 emulator (@url{http://www.winehq.org}) and the DOSEMU DOS emulator
 (@url{www.dosemu.org}) are the main targets for QEMU.
@item Full system emulation. In this mode, QEMU emulates a full
 system, including a processor and various peripherials. Currently, it
 is only used to launch an x86 Linux kernel on an x86 Linux system. It
 enables easier testing and debugging of system code. It can also be
 used to provide virtual hosting of several virtual PCs on a single
 server.
@end itemize
 As QEMU requires no host kernel patches to run, it is very safe and
 easy to use.
 QEMU generic features:
@itemize 
-@item User space only emulation.
+@item User space only or full system emulation.
@item Working on x86 and PowerPC hosts. Being tested on ARM, Sparc32, Alpha and S390.
@item Using dynamic translation to native code for reasonnable speed.
@item Working on x86 and PowerPC hosts. Being tested on ARM, Sparc32, Alpha and S390.
@item Self-modifying code support.
@item Precise exception support.
@item The virtual CPU is a library (@code{libqemu}) which can be used 
 in other projects.
@end itemize
 QEMU user mode emulation features:
@itemize 
@item Generic Linux system call converter, including most ioctls.
@item clone() emulation using native CPU clone() to use Linux scheduler for threads.
@item Accurate signal handling by remapping host signals to target signals. 
@end itemize
@end itemize
-@item Self-modifying code support.
+QEMU full system emulation features:
-
+@itemize 
-@item The virtual CPU is a library (@code{libqemu}) which can be used 
+@item Using mmap() system calls to simulate the MMU
 in other projects.
@end itemize
@section x86 emulation
@ -49,11 +76,9 @@ QEMU x86 target features:
@itemize 
@item The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation. 
-User space LDT and GDT are emulated. VM86 mode is also supported to run DOSEMU.
+LDT/GDT and IDT are emulated. VM86 mode is also supported to run DOSEMU.
-@item Precise user space x86 exceptions.
+@item Support of host page sizes bigger than 4KB in user mode emulation.
@item Support of host page sizes bigger than 4KB.
@item QEMU can emulate itself on x86.
@ -73,12 +98,21 @@ Current QEMU limitations:
@item IPC syscalls are missing.
@item The x86 segment limits and access rights are not tested at every 
-memory access (and will never be to have good performances).
+memory access.
@item On non x86 host CPUs, @code{double}s are used instead of the non standard 
 10 byte @code{long double}s of x86 for floating point emulation to get
 maximum performances.
@item Full system emulation only works if no data are mapped above the virtual address 
 0xc0000000 (yet).
@item Some priviledged instructions or behaviors are missing. Only the ones 
 needed for proper Linux kernel operation are emulated.
@item No memory separation between the kernel and the user processes is done. 
 It will be implemented very soon.
@end itemize
@section ARM emulation
@ -94,7 +128,7 @@ generic dynamic code generation architecture of QEMU.
@end itemize
-@chapter Invocation
+@chapter QEMU User space emulation invocation
@section Quick Start
@ -198,27 +232,188 @@ Activate log (logfile=/tmp/qemu.log)
 Act as if the host page size was 'pagesize' bytes
@end table
@chapter QEMU System emulator invocation
@section Quick Start
 This section explains how to launch a Linux kernel inside QEMU.
@enumerate
@item
 Download the archive @file{vl-test-xxx.tar.gz} containing a Linux kernel
 and an initrd (initial Ram Disk). The archive also contains a
 precompiled version of @file{vl}, the QEMU System emulator.
@item Optional: If you want network support (for example to launch X11 examples), you
 must copy the script @file{vl-ifup} in @file{/etc} and configure
 properly @code{sudo} so that the command @code{ifconfig} contained in
@file{vl-ifup} can be executed as root. You must verify that your host
 kernel supports the TUN/TAP network interfaces: the device
@file{/dev/net/tun} must be present.
 When network is enabled, there is a virtual network connection between
 the host kernel and the emulated kernel. The emulated kernel is seen
 from the host kernel at IP address 172.20.0.2 and the host kernel is
 seen from the emulated kernel at IP address 172.20.0.1.
@item Launch @code{vl.sh}. You should have the following output:
@example
 > ./vl.sh 
 connected to host network interface: tun0
 Uncompressing Linux... Ok, booting the kernel.
 Linux version 2.4.20 (bellard@voyager) (gcc version 2.95.2 20000220 (Debian GNU/Linux)) #42 Wed Jun 25 14:16:12 CEST 2003
 BIOS-provided physical RAM map:
 BIOS-88: 0000000000000000 - 000000000009f000 (usable)
 BIOS-88: 0000000000100000 - 0000000002000000 (usable)
 32MB LOWMEM available.
 On node 0 totalpages: 8192
 zone(0): 4096 pages.
 zone(1): 4096 pages.
 zone(2): 0 pages.
 Kernel command line: root=/dev/ram ramdisk_size=6144
 Initializing CPU#0
 Detected 501.785 MHz processor.
 Calibrating delay loop... 973.20 BogoMIPS
 Memory: 24776k/32768k available (725k kernel code, 7604k reserved, 151k data, 48k init, 0k highmem)
 Dentry cache hash table entries: 4096 (order: 3, 32768 bytes)
 Inode cache hash table entries: 2048 (order: 2, 16384 bytes)
 Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
 Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
 Page-cache hash table entries: 8192 (order: 3, 32768 bytes)
 CPU: Intel Pentium Pro stepping 03
 Checking 'hlt' instruction... OK.
 POSIX conformance testing by UNIFIX
 Linux NET4.0 for Linux 2.4
 Based upon Swansea University Computer Society NET3.039
 Initializing RT netlink socket
 apm: BIOS not found.
 Starting kswapd
 pty: 256 Unix98 ptys configured
 Serial driver version 5.05c (2001-07-08) with no serial options enabled
 ttyS00 at 0x03f8 (irq = 4) is a 16450
 ne.c:v1.10 9/23/94 Donald Becker (becker@scyld.com)
 Last modified Nov 1, 2000 by Paul Gortmaker
 NE*000 ethercard probe at 0x300: 52 54 00 12 34 56
 eth0: NE2000 found at 0x300, using IRQ 9.
 RAMDISK driver initialized: 16 RAM disks of 6144K size 1024 blocksize
 NET4: Linux TCP/IP 1.0 for NET4.0
 IP Protocols: ICMP, UDP, TCP, IGMP
 IP: routing cache hash table of 512 buckets, 4Kbytes
 TCP: Hash tables configured (established 2048 bind 2048)
 NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
 RAMDISK: ext2 filesystem found at block 0
 RAMDISK: Loading 6144 blocks [1 disk] into ram disk... done.
 Freeing initrd memory: 6144k freed
 VFS: Mounted root (ext2 filesystem).
 Freeing unused kernel memory: 48k freed
 sh: can't access tty; job control turned off
 #
@end example
@item
 Then you can play with the kernel inside the virtual serial console. You
 can launch @code{ls} for example. Type @key{Ctrl-a h} to have an help
 about the keys you can type inside the virtual serial console. In
 particular @key{Ctrl-a b} is the Magic SysRq key.
@item 
 If the network is enabled, launch the script @file{/etc/linuxrc} in the
 emulator (don't forget the leading dot):
@example
 . /etc/linuxrc
@end example
 Then enable X11 connections on your PC from the emulated Linux: 
@example
 xhost +172.20.0.2
@end example
 You can now launch @file{xterm} or @file{xlogo} and verify that you have
 a real Virtual Linux system !
@end enumerate
 NOTE: the example initrd is a modified version of the one made by Kevin
 Lawton for the plex86 Project (@url{www.plex86.org}).
@section Kernel Compilation
 You can use any Linux kernel within QEMU provided it is mapped at
 address 0x90000000 (the default is 0xc0000000). You must modify only two
 lines in the kernel source:
 In asm/page.h, replace
@example
 #define __PAGE_OFFSET           (0xc0000000)
@end example
 by
@example
 #define __PAGE_OFFSET           (0x90000000)
@end example
 And in arch/i386/vmlinux.lds, replace
@example
  . = 0xc0000000 + 0x100000;
@end example
 by 
@example
  . = 0x90000000 + 0x100000;
@end example
 The file config-2.4.20 gives the configuration of the example kernel.
 Just type
@example
 make bzImage
@end example
 As you would do to make a real kernel. Then you can use with QEMU
 exactly the same kernel as you would boot on your PC (in
@file{arch/i386/boot/bzImage}).
@section PC Emulation
 QEMU emulates the following PC peripherials:
@itemize
@item
 PIC (interrupt controler)
@item
 PIT (timers)
@item 
 CMOS memory
@item
 Serial port (port=0x3f8, irq=4)
@item 
 NE2000 network adapter (port=0x300, irq=9)
@item
 Dumb VGA (to print the @code{uncompressing Linux kernel} message)
@end itemize
@chapter QEMU Internals
@section QEMU compared to other emulators
-Unlike bochs [3], QEMU emulates only a user space x86 CPU. It means that
+Like bochs [3], QEMU emulates an x86 CPU. But QEMU is much faster than
-you cannot launch an operating system with it. The benefit is that it is
+bochs as it uses dynamic compilation and because it uses the host MMU to
-simpler and faster due to the fact that some of the low level CPU state
+simulate the x86 MMU. The downside is that currently the emulation is
-can be ignored (in particular, no virtual memory needs to be emulated).
+not as accurate as bochs (for example, you cannot currently run Windows
 inside QEMU).
 Like Valgrind [2], QEMU does user space emulation and dynamic
 translation. Valgrind is mainly a memory debugger while QEMU has no
-support for it (QEMU could be used to detect out of bound memory accesses
+support for it (QEMU could be used to detect out of bound memory
-as Valgrind, but it has no support to track uninitialised data as
+accesses as Valgrind, but it has no support to track uninitialised data
-Valgrind does). Valgrind dynamic translator generates better code than
+as Valgrind does). Valgrind dynamic translator generates better code
-QEMU (in particular it does register allocation) but it is closely tied
+than QEMU (in particular it does register allocation) but it is closely
-to an x86 host and target.
+tied to an x86 host and target and has no support for precise exception
 and system emulation.
-EM86 [4] is the closest project to QEMU (and QEMU still uses some of its
+EM86 [4] is the closest project to user space QEMU (and QEMU still uses
-code, in particular the ELF file loader). EM86 was limited to an alpha
+some of its code, in particular the ELF file loader). EM86 was limited
-host and used a proprietary and slow interpreter (the interpreter part
+to an alpha host and used a proprietary and slow interpreter (the
-of the FX!32 Digital Win32 code translator [5]).
+interpreter part of the FX!32 Digital Win32 code translator [5]).
 TWIN [6] is a Windows API emulator like Wine. It is less accurate than
 Wine but includes a protected mode x86 interpreter to launch x86 Windows
@ -227,6 +422,20 @@ Windows API is executed natively but it is far more difficult to develop
 because all the data structures and function parameters exchanged
 between the API and the x86 code must be converted.
 User mode Linux [7] was the only solution before QEMU to launch a Linux
 kernel as a process while not needing any host kernel patches. However,
 user mode Linux requires heavy kernel patches while QEMU accepts
 unpatched Linux kernels. It would be interesting to compare the
 performance of the two approaches.
 The new Plex86 [8] PC virtualizer is done in the same spirit as the QEMU
 system emulator. It requires a patched Linux kernel to work (you cannot
 launch the same kernel on your PC), but the patches are really small. As
 it is a PC virtualizer (no emulation is done except for some priveledged
 instructions), it has the potential of being faster than QEMU. The
 downside is that a complicated (and potentially unsafe) kernel patch is
 needed.
@section Portable dynamic translation
 QEMU is a dynamic translator. When it first encounters a piece of code,
@ -409,6 +618,16 @@ space conflicts. QEMU solves this problem by being an executable ELF
 shared object as the ld-linux.so ELF interpreter. That way, it can be
 relocated at load time.
@section MMU emulation
 For system emulation, QEMU uses the mmap() system call to emulate the
 target CPU MMU. It works as long the emulated OS does not use an area
 reserved by the host OS (such as the area above 0xc0000000 on x86
 Linux).
 It is planned to add a slower but more precise MMU emulation
 with a software MMU.
@section Bibliography
@table @asis
@ -439,6 +658,14 @@ Chernoff and Ray Hookway.
@url{http://www.willows.com/}, Windows API library emulation from
 Willows Software.
@item [7]
@url{http://user-mode-linux.sourceforge.net/}, 
 The User-mode Linux Kernel.
@item [8]
@url{http://www.plex86.org/}, 
 The new Plex86 project.
@end table
@chapter Regression Tests