10 |
|
|
11 |
<!-- |
<!-- |
12 |
|
|
13 |
$Id: intro.html,v 1.107 2007/03/08 19:04:09 debug Exp $ |
$Id: intro.html,v 1.118 2007/06/15 21:43:09 debug Exp $ |
14 |
|
|
15 |
Copyright (C) 2003-2007 Anders Gavare. All rights reserved. |
Copyright (C) 2003-2007 Anders Gavare. All rights reserved. |
16 |
|
|
52 |
<li><a href="#build">How to compile/build the emulator</a> |
<li><a href="#build">How to compile/build the emulator</a> |
53 |
<li><a href="#run">How to run the emulator</a> |
<li><a href="#run">How to run the emulator</a> |
54 |
<li><a href="#cpus">Which processor architectures does GXemul emulate?</a> |
<li><a href="#cpus">Which processor architectures does GXemul emulate?</a> |
55 |
<li><a href="#hosts">Which host architectures are supported?</a> |
<li><a href="#hosts">Which host architectures/platforms are supported?</a> |
|
<li><a href="#translation">What kind of translation does GXemul use?</a> |
|
56 |
<li><a href="#accuracy">Emulation accuracy</a> |
<li><a href="#accuracy">Emulation accuracy</a> |
57 |
<li><a href="#emulmodes">Which machines does GXemul emulate?</a> |
<li><a href="#emulmodes">Which machines does GXemul emulate?</a> |
58 |
</ul> |
</ul> |
67 |
<a name="overview"></a> |
<a name="overview"></a> |
68 |
<h3>Overview:</h3> |
<h3>Overview:</h3> |
69 |
|
|
70 |
GXemul is an experimental instruction-level machine emulator. Several |
GXemul is an experimental <a href="#accuracy">instruction-level</a> |
71 |
emulation modes are available. In some modes, processors and surrounding |
machine emulator. Several emulation modes are available. In some modes, |
72 |
hardware components are emulated well enough to let unmodified operating |
processors and surrounding hardware components are emulated well enough to |
73 |
systems (e.g. NetBSD) run as if they were running on a real machine. |
let <a href="#emulmodes">unmodified operating systems (e.g. NetBSD) |
74 |
|
run</a> as if they were running on a real machine. |
75 |
|
|
76 |
|
<p>The emulator is written in C, does not depend on third-party libraries, |
77 |
|
and should compile and run on most 64-bit and 32-bit Unix-like systems, |
78 |
|
with few or no modifications. |
79 |
|
|
80 |
<p>Devices and processors are not simulated with 100% accuracy. They are |
<p>Devices and processors are not simulated with 100% accuracy. They are |
81 |
only ``faked'' well enough to allow guest operating systems to run without |
only ``faked'' well enough to allow guest operating systems to run without |
83 |
academic research and experiments, such as when learning how to write |
academic research and experiments, such as when learning how to write |
84 |
operating system code. |
operating system code. |
85 |
|
|
|
<p>The emulator is written in C, does not depend on third-party libraries, |
|
|
and should compile and run on most 64-bit and 32-bit Unix-like systems. |
|
|
|
|
86 |
<p>The emulator contains code which tries to emulate the workings of CPUs |
<p>The emulator contains code which tries to emulate the workings of CPUs |
87 |
and surrounding hardware found in real machines, but it does not contain |
and surrounding hardware found in real machines, but it does not contain |
88 |
any ROM code. You will need some form of program (in binary form) to run |
any ROM code. You will need some form of program (in binary form) to run |
89 |
in the emulator. For many emulation modes, PROM calls are handled by the |
in the emulator. For some emulation modes, PROM calls are handled by the |
90 |
emulator itself, so you do not need to use any ROM image at all. |
emulator itself, so you do not need to use any ROM image at all. |
91 |
|
|
92 |
<p>You can use pre-compiled kernels (for example NetBSD kernels, or |
<p>You can use pre-compiled kernels (for example <a href="http://www.netbsd.org/">NetBSD</a> |
93 |
Linux), or other programs that are in binary format, and in some cases |
kernels, or Linux), or other programs that are in binary format, and in some cases |
94 |
even actual ROM images. A couple of different file formats are supported |
even actual ROM images. A couple of different file formats are supported: |
95 |
(ELF, a.out, ECOFF, SREC, and raw binaries). |
<a href="http://en.wikipedia.org/wiki/Executable_and_Linkable_Format">ELF</a>, |
96 |
|
<a href="http://en.wikipedia.org/wiki/A.out">a.out</a>, |
97 |
|
<a href="http://en.wikipedia.org/wiki/COFF">COFF</a>/<a href="http://en.wikipedia.org/wiki/ECOFF">ECOFF</a>, |
98 |
|
<a href="http://en.wikipedia.org/wiki/SREC_%28file_format%29">SREC</a>, and raw binaries. |
99 |
|
|
100 |
<p>If you do not have a kernel as a separate file, but you have a bootable |
<p>If you do not have a kernel as a separate file, but you have a bootable |
101 |
disk image, then it is sometimes possible to boot directly from that |
disk image, then it is sometimes possible to boot directly from that |
102 |
image. (This works for example with DECstation emulation, Dreamcast |
image. This works for example with DECstation emulation, <a href="dreamcast.html">Dreamcast |
103 |
emulation, or when booting from generic ISO9660 CDROM images if the |
emulation</a>, or when booting from generic <a href="http://en.wikipedia.org/wiki/ISO9660">ISO9660</a> |
104 |
kernel is included in the image as a plain file.) |
CDROM images if the kernel is included in the image as a plain file. |
105 |
|
|
106 |
<p>Thanks to (in no specific order) Joachim Buss, Olivier Houchard, Juli |
<p>Thanks to (in no specific order) Joachim Buss, Olivier Houchard, Juli |
107 |
Mallett, Juan Romero Pardines, Alec Voropay, Göran Weinholt, Alexander |
Mallett, Juan Romero Pardines, Carl van Schaik, Miod Vallat, Alec Voropay, |
108 |
Yurchenko, and everyone else who has provided me with feedback. |
Göran Weinholt, Alexander Yurchenko, and everyone else who has provided me |
109 |
|
with feedback. |
110 |
|
|
111 |
|
|
112 |
|
|
165 |
not have X11 libraries installed, some functionality will be lost. |
not have X11 libraries installed, some functionality will be lost. |
166 |
|
|
167 |
<p>The emulator's performance is highly dependent on both runtime settings |
<p>The emulator's performance is highly dependent on both runtime settings |
168 |
and on compiler settings, so you might want to experiment with different |
and on compiler settings, so you might want to experiment with |
169 |
CC and CFLAGS environment variable values. For example, on an AMD Athlon |
using different CC and CFLAGS environment variable values when running the |
170 |
host, you might want to try setting <tt>CFLAGS</tt> to <tt>-march=athlon</tt> |
<tt>configure</tt> script. |
171 |
before running <tt>configure</tt>. |
|
172 |
|
<p>Note that there is no <tt>make install</tt> functionality; package |
173 |
|
maintainers for individual operating systems solve this for their |
174 |
|
corresponding OSes. |
175 |
|
|
176 |
|
|
177 |
|
|
188 |
<b><tt>-h</tt></b> or <b><tt>-H</tt></b> command line options) will |
<b><tt>-h</tt></b> or <b><tt>-H</tt></b> command line options) will |
189 |
display a help message. |
display a help message. |
190 |
|
|
191 |
<p> |
<p>To get some ideas about what is possible to run in the emulator, please |
|
To get some ideas about what is possible to run in the emulator, please |
|
192 |
read the section about <a href="guestoses.html">installing "guest" |
read the section about <a href="guestoses.html">installing "guest" |
193 |
operating systems</a>. If you are interested in using the emulator to |
operating systems</a>. The most straight forward guest operating to |
194 |
develop code on your own, then you should also read the section about |
install is NetBSD/pmax; the instructions provided <a |
195 |
<a href="experiments.html#hello">Hello World</a>. |
href="guestoses.html#netbsdpmaxinstall">here</a> should let you install |
196 |
|
NetBSD/pmax in a way very similar to how it is done on a real DECstation. |
197 |
|
|
198 |
|
<p>If you are interested in using the emulator to develop code on your |
199 |
|
own, then you should also read the section about <a |
200 |
|
href="experiments.html#hello">Hello World</a>. |
201 |
|
|
202 |
<p> |
<p>To exit the emulator, type CTRL-C to enter the |
|
To exit the emulator, type CTRL-C to enter the |
|
203 |
single-step debugger, and then type <tt><b>quit</b></tt>. |
single-step debugger, and then type <tt><b>quit</b></tt>. |
204 |
|
|
205 |
<p> |
<p>If you are starting an emulation by entering settings directly on the |
206 |
If you are starting an emulation by entering settings directly on the |
command line, and you are not using the <tt><b>-x</b></tt> option, then |
207 |
command line, and you are not using the <tt><b>-x</b></tt> option, then all |
all terminal input and output will go to the main controlling terminal. |
|
terminal input and output will go to the main controlling terminal. |
|
208 |
CTRL-C is used to break into the debugger, so in order to send CTRL-C to |
CTRL-C is used to break into the debugger, so in order to send CTRL-C to |
209 |
the running (emulated) program, you may use CTRL-B. |
the running (emulated) program, you may use CTRL-B. (This should be a |
210 |
(This should be a reasonable compromise to allow the emulator to be usable |
reasonable compromise to allow the emulator to be usable even on systems |
211 |
even on systems without X Windows.) |
without X Windows.) |
212 |
|
|
213 |
<p> |
<p>There is no way to send an actual CTRL-B to the emulated program, when |
214 |
There is no way to send an actual CTRL-B to the emulated program, when |
typing in the main controlling terminal window. The solution is to either |
215 |
typing in the main controlling terminal window. The solution is to either |
use <a href="configfiles.html">configuration files</a>, or use |
|
use <a href="configfiles.html">configuration files</a>, or use |
|
216 |
<tt><b>-x</b></tt>. Both these solutions cause new xterms to be opened for |
<tt><b>-x</b></tt>. Both these solutions cause new xterms to be opened for |
217 |
each emulated serial port that is written to. CTRL-B and CTRL-C both have |
each emulated serial port that is written to. CTRL-B and CTRL-C both have |
218 |
their original meaning in those xterm windows. |
their original meaning in those xterm windows. |
231 |
|
|
232 |
<p>Please read the page about <a href="guestoses.html">guest operating |
<p>Please read the page about <a href="guestoses.html">guest operating |
233 |
systems</a> for more information about the machines and operating systems |
systems</a> for more information about the machines and operating systems |
234 |
that can be considered "working" in the emulator. |
that can be considered "working" in the emulator. (There is some code in |
235 |
|
GXemul for emulation of other architectures, but they are not stable or |
236 |
|
complete enough to be listed among the "working" architectures.) |
237 |
|
|
238 |
|
|
239 |
|
|
242 |
|
|
243 |
<p><br> |
<p><br> |
244 |
<a name="hosts"></a> |
<a name="hosts"></a> |
245 |
<h3>Which host architectures are supported?</h3> |
<h3>Which host architectures/platforms are supported?</h3> |
246 |
|
|
247 |
GXemul should compile and run on any modern host architecture (64-bit or |
GXemul should compile and run on any modern host architecture (64-bit or |
248 |
32-bit word-length). |
32-bit word-length). I generally test it on FreeBSD/amd64 6.x, |
249 |
|
FreeBSD/alpha 4.x, sometimes also on Linux (various platforms), and every |
250 |
<p>Note: The dynamic translation engine does <i>not</i> require backends |
now and then also on NetBSD inside the emulator itself (various platforms). |
251 |
for native code generation to be written for each individual host |
|
252 |
architecture; the "intermediate representation" that the dyntrans system |
<p>Note 1: The <a href="translation.html">dynamic translation</a> engine |
253 |
uses can be executed on any host architecture. |
does <i>not</i> require backends for native code generation to be written |
254 |
|
for each individual host architecture; the intermediate representation |
255 |
|
that the dyntrans system uses can be executed on any host architecture. |
256 |
|
|
257 |
|
<p>Note 2: Although GXemul may build and run on non-Unix-like platforms, |
258 |
|
such as Cygwin, Unix-like systems are the primary platform. Some |
259 |
|
functionality may be lost when running on Cygwin. |
260 |
|
|
261 |
|
|
262 |
|
|
|
<p><br> |
|
|
<a name="translation"></a> |
|
|
<h3>What kind of translation does GXemul use?</h3> |
|
|
|
|
|
<b>Static vs. dynamic:</b> |
|
|
|
|
|
<p>In order to support guest operating systems, which can overwrite old |
|
|
code pages in memory with new code, it is necessary to translate code |
|
|
dynamically. It is not possible to do a "one-pass" (static) translation. |
|
|
Self-modifying code and Just-in-Time compilers running inside |
|
|
the emulator are other things that would not work with a static |
|
|
translator. GXemul is a dynamic translator. However, it does not |
|
|
necessarily translate into native code, like many other emulators. |
|
|
|
|
|
<p><b>"Runnable" Intermediate Representation:</b> |
|
|
|
|
|
<p>Dynamic translators usually translate from the emulated architecture |
|
|
(e.g. MIPS) into a kind of <i>intermediate representation</i> (IR), and then |
|
|
to native code (e.g. AMD64 or x86 code). Since one of my main goals for |
|
|
GXemul is to keep everything as portable as possible, I have tried to make |
|
|
sure that the IR is something which can be executed regardless of whether |
|
|
the final step (translation from IR to native code) has been implemented |
|
|
or not. |
|
|
|
|
|
<p>The IR in GXemul consists of arrays of pointers to functions, and a few |
|
|
arguments which are passed along to those functions. The functions are |
|
|
implemented in either manually hand-coded C, or automatically generated C. |
|
|
In any case, this is all statically linked into the GXemul binary at link |
|
|
time. |
|
|
|
|
|
<p>Here is a simplified diagram of how these arrays work. |
|
|
|
|
|
<p><center><img src="simplified_dyntrans.png"></center> |
|
|
|
|
|
<p>There is one instruction call slot for every possible program counter |
|
|
location. In the MIPS case, instruction words are 32 bits in length, |
|
|
and pages are (usually) 4 KB large, resulting in 1024 instruction call |
|
|
slots. After the last of these instruction calls, there is an additional |
|
|
call to a special "end of page" function (which doesn't count as an executed |
|
|
instruction). This function switches to the first instruction |
|
|
on the next virtual page (which might cause exceptions, etc). |
|
|
|
|
|
<p>The complexity of individual instructions vary. A simple example of |
|
|
what an instruction can look like is the MIPS <tt>addiu</tt> instruction: |
|
|
<pre> |
|
|
X(addiu) |
|
|
{ |
|
|
reg(ic->arg[1]) = (int32_t) |
|
|
((int32_t)reg(ic->arg[0]) + (int32_t)ic->arg[2]); |
|
|
} |
|
|
</pre> |
|
|
|
|
|
<p>It stores the result of a 32-bit addition of the register at arg[0] |
|
|
with the immediate value arg[2] (treating both as signed 32-bit |
|
|
integers) into register arg[1]. If the emulated CPU is a 64-bit CPU, |
|
|
then this will store a correctly sign-extended value into arg[1]. |
|
|
If it is a 32-bit CPU, then only the lowest 32 bits will be stored, |
|
|
and the high part ignored. <tt>X(addiu)</tt> is expanded to |
|
|
<tt>mips_instr_addiu</tt> in the 64-bit case, and <tt>mips32_instr_addiu</tt> |
|
|
in the 32-bit case. Both are compiled into the GXemul executable; no code |
|
|
is created during run-time. |
|
|
|
|
|
<p>Here are examples of what the <tt>addiu</tt> instruction actually |
|
|
looks like when it is compiled, on various host architectures: |
|
|
|
|
|
<p><center><table border="0"> |
|
|
<tr><td><b>GCC 4.0.1 on Alpha:</b></td> |
|
|
<td width="35"></td><td></td> |
|
|
<tr> |
|
|
<td valign="top"> |
|
|
<pre>mips_instr_addiu: |
|
|
ldq t1,8(a1) |
|
|
ldq t2,24(a1) |
|
|
ldq t3,16(a1) |
|
|
ldq t0,0(t1) |
|
|
addl t0,t2,t0 |
|
|
stq t0,0(t3) |
|
|
ret</pre> |
|
|
</td> |
|
|
<td></td> |
|
|
<td valign="top"> |
|
|
<pre>mips32_instr_addiu: |
|
|
ldq t2,8(a1) |
|
|
ldq t0,24(a1) |
|
|
ldq t3,16(a1) |
|
|
ldl t1,0(t2) |
|
|
addq t0,t1,t0 |
|
|
stl t0,0(t3) |
|
|
ret</pre> |
|
|
</td> |
|
|
</tr> |
|
|
|
|
|
<tr><td><b><br>GCC 3.4.4 on AMD64:</b></td> |
|
|
<tr> |
|
|
<td valign="top"> |
|
|
<pre>mips_instr_addiu: |
|
|
mov 0x8(%rsi),%rdx |
|
|
mov 0x18(%rsi),%rax |
|
|
mov 0x10(%rsi),%rcx |
|
|
add (%rdx),%eax |
|
|
cltq |
|
|
mov %rax,(%rcx) |
|
|
retq</pre> |
|
|
</td> |
|
|
<td></td> |
|
|
<td valign="top"> |
|
|
<pre>mips32_instr_addiu: |
|
|
mov 0x8(%rsi),%rcx |
|
|
mov 0x10(%rsi),%rdx |
|
|
mov (%rcx),%eax |
|
|
add 0x18(%rsi),%eax |
|
|
mov %eax,(%rdx) |
|
|
retq</pre> |
|
|
</td> |
|
|
</tr> |
|
|
|
|
|
<tr><td><b><br>GCC 4.0.1 on i386:</b></td> |
|
|
<tr> |
|
|
<td valign="top"> |
|
|
<pre>mips_instr_addiu: |
|
|
mov 0x8(%esp),%eax |
|
|
mov 0x8(%eax),%ecx |
|
|
mov 0x4(%eax),%edx |
|
|
mov 0xc(%eax),%eax |
|
|
add (%edx),%eax |
|
|
mov %eax,(%ecx) |
|
|
cltd |
|
|
mov %edx,0x4(%ecx) |
|
|
ret</pre> |
|
|
</td> |
|
|
<td></td> |
|
|
<td valign="top"> |
|
|
<pre>mips32_instr_addiu: |
|
|
mov 0x8(%esp),%eax |
|
|
mov 0x8(%eax),%ecx |
|
|
mov 0x4(%eax),%edx |
|
|
mov 0xc(%eax),%eax |
|
|
add (%edx),%eax |
|
|
mov %eax,(%ecx) |
|
|
ret</pre> |
|
|
</td> |
|
|
</tr> |
|
|
</table></center> |
|
|
|
|
|
<p>On 64-bit hosts, there is not much difference, but on 32-bit hosts (and |
|
|
to some extent on AMD64), the difference is enough to make it worthwhile. |
|
|
|
|
|
|
|
|
<p><b>Performance:</b> |
|
|
|
|
|
<p>The performance of using this kind of runnable IR is obviously lower |
|
|
than what can be achieved by emulators using native code generation, but |
|
|
can be significantly higher than using a naive fetch-decode-execute |
|
|
interpretation loop. In my opinion, using a runnable IR is an interesting |
|
|
compromise. |
|
|
|
|
|
<p>The overhead per emulated instruction is usually around or below |
|
|
approximately 10 host instructions. This is very much dependent on your |
|
|
host architecture and what compiler and compiler switches you are using. |
|
|
Added to this instruction count is (of course) also the C code used to |
|
|
implement each specific instruction. |
|
|
|
|
|
<p><b>Instruction Combinations:</b> |
|
|
|
|
|
<p>Short, common instruction sequences can sometimes be replaced by a |
|
|
"compound" instruction. An example could be a compare instruction followed |
|
|
by a conditional branch instruction. The advantages of instruction |
|
|
combinations are that |
|
|
<ul> |
|
|
<li>the amortized overhead per instruction is slightly reduced, and |
|
|
<p> |
|
|
<li>the host's compiler can make a good job at optimizing the common |
|
|
instruction sequence. |
|
|
</ul> |
|
|
|
|
|
<p>The special cases where instruction combinations give the most gain |
|
|
are in the cores of string/memory manipulation functions such as |
|
|
<tt>memset()</tt> or <tt>strlen()</tt>. The core loop can then (at least |
|
|
to some extent) be replaced by a native call to the equivalent function. |
|
|
|
|
|
<p>The implementations of compound instructions still keep track of the |
|
|
number of executed instructions, etc. When single-stepping, these |
|
|
translations are invalidated, and replaced by normal instruction calls |
|
|
(one per emulated instruction). |
|
|
|
|
|
<p><b>Native Code Back-ends:</b> |
|
|
|
|
|
<p>In theory, it will be possible to implement native code generation, |
|
|
similar to what is used in high-performance emulators such as QEMU, |
|
|
as long as that generated code abides to the C ABI on the host. |
|
|
|
|
|
<p>However, since I wanted to make sure that GXemul works without such |
|
|
native code back-ends, there are no implemented backends in this release. |
|
|
|
|
|
<p>(There is a place-holder in the source code for native code generation, |
|
|
which can be used for experiments, but it does not contain any working |
|
|
code at the moment.) |
|
|
|
|
263 |
|
|
264 |
|
|
265 |
|
|
332 |
<ul> |
<ul> |
333 |
<li><b>IBM 6050/6070 (PReP, PowerPC Reference Platform)</b> (<a href="guestoses.html#netbsdprepinstall">NetBSD/prep</a>) |
<li><b>IBM 6050/6070 (PReP, PowerPC Reference Platform)</b> (<a href="guestoses.html#netbsdprepinstall">NetBSD/prep</a>) |
334 |
<li><b>MacPPC (generic "G4" Macintosh)</b> (<a href="guestoses.html#netbsdmacppcinstall">NetBSD/macppc</a>) |
<li><b>MacPPC (generic "G4" Macintosh)</b> (<a href="guestoses.html#netbsdmacppcinstall">NetBSD/macppc</a>) |
335 |
|
<li><b>Artesyn PM/PPC</b> (<a href="guestoses.html#netbsdpmppc">NetBSD/pmppc</a>) |
336 |
</ul> |
</ul> |
337 |
<p> |
<p> |
338 |
<li><b><u>SuperH</u></b> |
<li><b><u>SuperH</u></b> |
339 |
<ul> |
<ul> |
340 |
<li><b>Sega Dreamcast</b> (<a href="dreamcast.html#netbsd_generic_md">NetBSD/dreamcast</a>, <a href="dreamcast.html#linux_live_cd">Linux/dreamcast</a>) |
<li><b>Sega Dreamcast</b> (<a href="dreamcast.html#netbsd_generic_md">NetBSD/dreamcast</a>, <a href="dreamcast.html#linux_live_cd">Linux/dreamcast</a>) |
341 |
|
<li><b>Landisk I-O DATA USL-5P</b> (<a href="guestoses.html#openbsdlandiskinstall">OpenBSD/landisk</a>) |
342 |
</ul> |
</ul> |
343 |
</ul> |
</ul> |
344 |
|
|
352 |
<br><small><font color="#0000e0">(<super>*2</super>)</font> = |
<br><small><font color="#0000e0">(<super>*2</super>)</font> = |
353 |
SGI O2 emulation is enough for root-on-nfs, but not for disk boot.</small> |
SGI O2 emulation is enough for root-on-nfs, but not for disk boot.</small> |
354 |
|
|
355 |
|
<p>Note that of all of the machines above, none of them is emulated to |
356 |
|
100%. The most complete emulation mode is probably the DECstation |
357 |
|
5000/200. Things that will most likely <b>not</b> work include running |
358 |
|
raw PROM images for most machines, SGI IRIX, MacOS X or Darwin, Windows |
359 |
|
NT, or Dreamcast games. |
360 |
|
|
361 |
<p>There is code in GXemul for emulation of many other machine types; the |
<p>There is code in GXemul for emulation of several other machine types; the |
362 |
degree to which these work range from almost being able to run a complete |
degree to which these work range from almost being able to run a complete |
363 |
OS, to almost completely unsupported (perhaps just enough support to |
OS, to almost completely unsupported, perhaps just enough support to |
364 |
output a few boot messages via serial console). |
output a few boot messages via serial console. (See the end of |
365 |
|
<a href="guestoses.html#generalnotes">this section</a> on the Guest OSes |
366 |
|
page for some examples, but remember that these do not necessarily work.) |
367 |
|
|
368 |
<p>In addition to emulating real machines, there is also a "test-machine". |
<p>In addition to emulating real machines, there is also a "test-machine". |
369 |
A test-machine consists of one or more CPUs and a few experimental devices |
A test-machine consists of one or more CPUs and a few experimental devices |