This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Annotation of /trunk/doc/intro.html

Parent Directory Parent Directory | Revision Log Revision Log

Revision 24 - (hide annotations)
Mon Oct 8 16:19:56 2007 UTC (13 years, 3 months ago) by dpavlin
File MIME type: text/html
File size: 19364 byte(s)
++ trunk/HISTORY	(local)
$Id: HISTORY,v 1.1256 2006/06/23 20:43:44 debug Exp $
20060219	Various minor updates. Removing the old MIPS16 skeleton code,
		because it will need to be rewritten for dyntrans anyway.
20060220-22	Removing the non-working dyntrans backend support.
		Continuing on the 64-bit dyntrans virtual memory generalization.
20060223	More work on the 64-bit vm generalization.
20060225	Beginning on MIPS dyntrans load/store instructions.
		Minor PPC updates (64-bit load/store, etc).
		Fixes for the variable-instruction-length framework, some
		minor AVR updates (a simple Hello World program works!).
		Beginning on a skeleton for automatically generating documen-
		tation (for devices etc.).
20060226	PPC updates (adding some more 64-bit instructions, etc).
		AVR updates (more instructions).
		FINALLY found and fixed the zs bug, making NetBSD/macppc
		accept the serial console.
20060301	Adding more AVR instructions.
20060304	Continuing on AVR-related stuff. Beginning on a framework for
		cycle-accurate device emulation. Adding an experimental "PAL
		TV" device (just a dummy so far).
20060305	Adding more AVR instructions.
		Adding a dummy epcom serial controller (for TS7200 emulation).
20060310	Removing the emul() command from configuration files, so only
		net() and machine() are supported.
		Minor progress on the MIPS dyntrans rewrite.
20060311	Continuing on the MIPS dyntrans rewrite (adding more
		instructions, etc).
20060315	Adding more instructions (sllv, srav, srlv, bgtz[l], blez[l],
		beql, bnel, slti[u], various loads and stores).
20060316	Removing the ALWAYS_SIGNEXTEND_32 option, since it was rarely
		Adding more MIPS dyntrans instructions, and fixing bugs.
20060318	Implementing fast loads/stores for MIPS dyntrans (big/little
		endian, 32-bit and 64-bit modes).
20060320	Making MIPS dyntrans the default configure option; use
		"--enable-oldmips" to use the old bintrans system.
		Adding MIPS dyntrans dmult[u]; minor updates.
20060322	Continuing... adding some more instructions.
		Adding a simple skeleton for demangling C++ "_ZN" symbols.
20060323	Moving src/debugger.c into a new directory (src/debugger/).
20060324	Fixing the hack used to load PPC ELFs (useful for relocated
		Linux/ppc kernels), and adding a dummy G3 machine mode.
20060325-26	Beginning to experiment with GDB remote serial protocol
		connections; adding a -G command line option for selecting
		which TCP port to listen to.
20060330	Beginning a major cleanup to replace things like "0x%016llx"
		with more correct "0x%016"PRIx64, etc.
		Continuing on the GDB remote serial protocol support.
20060331	More cleanup, and some minor GDB remote progress.
20060402	Adding a hack to the configure script, to allow compilation
		on systems that lack PRIx64 etc.
20060406	Removing the temporary FreeBSD/arm hack in dev_ns16550.c and
		replacing it with a better fix from Olivier Houchard.
20060407	A remote debugger (gdb or ddd) can now start and stop the
		emulator using the GDB remote serial protocol, and registers
		and memory can be read. MIPS only for now.
20060408	More GDB progress: single-stepping also works, and also adding
		support for ARM, PowerPC, and Alpha targets.
		Continuing on the delay-slot-across-page-boundary issue.
20060412	Minor update: beginning to add support for the SPARC target
		to the remote GDB functionality.
20060414	Various MIPS updates: adding more instructions for dyntrans
		(eret, add), and making some exceptions work. Fixing a bug
		in dmult[u].
		Implementing the first SPARC instructions (sethi, or).
20060415	Adding "magic trap" instructions so that PROM calls can be
		software emulated in MIPS dyntrans.
		Adding more MIPS dyntrans instructions (ddiv, dadd) and
		fixing another bug in dmult.
20060416	More MIPS dyntrans progress: adding [d]addi, movn, movz, dsllv,
		rfi, an ugly hack for supporting R2000/R3000 style faked caches,
		preliminary interrupt support, and various other updates and
20060417	Adding more SPARC instructions (add, sub, sll[x], sra[x],
		srl[x]), and useful SPARC header definitions.
		Adding the first (trivial) x86/AMD64 dyntrans instructions (nop,
		cli/sti, stc/clc, std/cld, simple mov, inc ax). Various other
		x86 updates related to variable instruction length stuff.
		Adding unaligned loads/stores to the MIPS dyntrans mode (but
		still using the pre-dyntrans (slow) imlementation).
20060419	Fixing a MIPS dyntrans exception-in-delay-slot bug.
		Removing the old "show opcode statistics" functionality, since
		it wasn't really useful and isn't implemented for dyntrans.
		Single-stepping (or running with instruction trace) now looks
		ok with dyntrans with delay-slot architectures.
20060420	Minor hacks (removing the -B command line option when compiled
		for non-bintrans, and some other very minor updates).
		Adding (slow) MIPS dyntrans load-linked/store-conditional.
20060422	Applying fixes for bugs discovered by Nils Weller's nwcc
		(static DEC memmap => now per machine, and adding an extern
		keyword in cpu_arm_instr.c).
		Finally found one of the MIPS dyntrans bugs that I've been
		looking for (copy/paste spelling error BIG vs LITTLE endian in
		cpu_mips_instr_loadstore.c for 16-bit fast stores).
		FINALLY found the major MIPS dyntrans bug: slti vs sltiu
		signed/unsigned code in cpu_mips_instr.c. :-)
		Adding more MIPS dyntrans instructions (lwc1, swc1, bgezal[l],
		ctc1, tlt[u], tge[u], tne, beginning on rdhwr).
		NetBSD/hpcmips can now reach userland when using dyntrans :-)
		Adding some more x86 dyntrans instructions.
		Finally removed the old Alpha-specific virtual memory code,
		and replaced it with the generic 64-bit version.
		Beginning to add disassembly support for SPECIAL3 MIPS opcodes.
20060423	Continuing on the delay-slot-across-page-boundary issue;
		adding an end_of_page2 ic slot (like I had planned before, but
		had removed for some reason).
		Adding a quick-and-dirty fallback to legacy coprocessor 1
		code (i.e. skipping dyntrans implementation for now).
		NetBSD/hpcmips and NetBSD/pmax (when running on an emulated
		R4400) can now be installed and run. :-)  (Many bugs left
		to fix, though.)
		Adding more MIPS dyntrans instructions: madd[u], msub[u].
		Cleaning up the SPECIAL2 vs R5900/TX79/C790 "MMI" opcode
		maps somewhat (disassembly and dyntrans instruction decoding).
20060424	Adding an isa_revision field to mips_cpu_types.h, and making
		sure that SPECIAL3 opcodes cause Reserved Instruction
		exceptions on MIPS32/64 revisions lower than 2.
		Adding the SPARC 'ba', 'call', 'jmpl/retl', 'and', and 'xor'
20060425	Removing the -m command line option ("run at most x 
		instructions") and -T ("single_step_on_bad_addr"), because
		they never worked correctly with dyntrans anyway.
		Freshening up the man page.
20060428	Adding more MIPS dyntrans instructions: bltzal[l], idle.
		Enabling MIPS dyntrans compare interrupts.
20060429	FINALLY found the weird dyntrans bug, causing NetBSD etc. to
		behave strangely: some floating point code (conditional
		coprocessor branches) could not be reused from the old
		non-dyntrans code. The "quick-and-dirty fallback" only appeared
		to work. Fixing by implementing bc1* for MIPS dyntrans.
		More MIPS instructions: [d]sub, sdc1, ldc1, dmtc1, dmfc1, cfc0.
		Freshening up MIPS floating point disassembly appearance.
20060430	Continuing on C790/R5900/TX79 disassembly; implementing 128-bit
		"por" and "pextlw".
20060504	Disabling -u (userland emulation) unless compiled as unstable
		development version.
		Beginning on freshening up the testmachine include files,
		to make it easier to reuse those files (placing them in
		src/include/testmachine/), and beginning on a set of "demos"
		or "tutorials" for the testmachine functionality.
		Minor updates to the MIPS GDB remote protocol stub.
		Refreshing doc/experiments.html and gdb_remote.html.
		Enabling Alpha emulation in the stable release configuration,
		even though no guest OSes for Alpha can run yet.
20060505	Adding a generic 'settings' object, which will contain
		references to settable variables (which will later be possible
		to access using the debugger).
20060506	Updating dev_disk and corresponding demo/documentation (and
		switching from SCSI to IDE disk types, so it actually works
		with current test machines :-).
20060510	Adding a -D_LARGEFILE_SOURCE hack for 64-bit Linux hosts,
		so that fseeko() doesn't give a warning.
		Updating the section about how dyntrans works (the "runnable
		IR") in doc/intro.html.
		Instruction updates (some x64=1 checks, some more R5900
		dyntrans stuff: better mul/mult separation from MIPS32/64,
		adding ei and di).
		Updating MIPS cpuregs.h to a newer one (from NetBSD).
		Adding more MIPS dyntrans instructions: deret, ehb.
20060514	Adding disassembly and beginning implementation of SPARC wr
		and wrpr instructions.
20060515	Adding a SUN SPARC machine mode, with dummy SS20 and Ultra1
		machines. Adding the 32-bit "rd psr" instruction.
20060517	Disassembly support for the general SPARC rd instruction.
		Partial implementation of the cmp (subcc) instruction.
		Some other minor updates (making sure that R5900 processors
		start up with the EIE bit enabled, otherwise Linux/playstation2
		receives no interrupts).
20060519	Minor MIPS updates/cleanups.
20060521	Moving the MeshCube machine into evbmips; this seems to work
		reasonably well with a snapshot of a NetBSD MeshCube kernel.
		Cleanup/fix of MIPS config0 register initialization.
20060529	Minor MIPS fixes, including a sign-extension fix to the
		unaligned load/store code, which makes NetBSD/pmax on R3000
		work better with dyntrans. (Ultrix and Linux/DECstation still
		don't work, though.)
20060530	Minor updates to the Alpha machine mode: adding an AlphaBook
		mode, an LCA bus (forwarding accesses to an ISA bus), etc.
20060531	Applying a bugfix for the MIPS dyntrans sc[d] instruction from
		Ondrej Palkovsky. (Many thanks.)
20060601	Minifix to allow ARM immediate msr instruction to not give
		an error for some valid values.
		More Alpha updates.
20060602	Some minor Alpha updates.
20060603	Adding the Alpha cmpbge instruction. NetBSD/alpha prints its
		first boot messages :-) on an emulated Alphabook 1.
20060612	Minor updates; adding a dev_ether.h include file for the
		testmachine ether device. Continuing the hunt for the dyntrans
		bug which makes Linux and Ultrix on DECstation behave
		strangely... FINALLY found it! It seems to be related to
		invalidation of the translation cache, on tlbw{r,i}. There
		also seems to be some remaining interrupt-related problems.
20060614	Correcting the implementation of ldc1/sdc1 for MIPS dyntrans
		(so that it uses 16 32-bit registers if the FR bit in the
		status register is not set).
		Removing the old MIPS interpretation mode.
		Removing the MFHILO_DELAY and instruction delay stuff, because
		they wouldn't work with dyntrans anyway.
20060617	Some documentation updates (adding "NetBSD-archive" to some
		URLs, and new Debian/DECstation installation screenshots).
		Removing the "tracenull" and "enable-caches" configure options.
		Improving MIPS dyntrans performance somewhat (only invalidate
		translations if necessary, on writes to the entryhi register,
		instead of doing it for all cop0 writes).
20060618	More cleanup after the removal of the old MIPS emulation.
		Trying to fix the MIPS dyntrans performance bugs/bottlenecks;
		only semi-successful so far (for R3000).
20060620	Minor update to allow clean compilation again on Tru64/Alpha.
20060622	MIPS cleanup and fixes (removing the pc_last stuff, which
		doesn't make sense with dyntrans anyway, and fixing a cross-
		page-delay-slot-with-exception case in end_of_page).
		Removing the old max_random_cycles_per_chunk stuff, and the
		concept of cycles vs instructions for MIPS emulation.
		FINALLY found and fixed the bug which caused NetBSD/pmax
		clocks to behave strangely (it was a load to the zero register,
		which was treated as a NOP; now it is treated as a load to a
		dummy scratch register).
20060623	Increasing the dyntrans chunk size back to
		Preparing for a quick release, even though there are known
		bugs, and performance for non-R3000 MIPS emulation is very
		poor. :-/
		Reverting to half the dyntrans chunk size again, because
		NetBSD/cats seemed less stable with full size chunks. :(
		NetBSD/sgimips 3.0 can now run :-)  (With release 0.3.8, only
		NetBSD/sgimips 2.1 worked, not 3.0.)

==============  RELEASE 0.4.0  ==============

1 dpavlin 12 <html><head><title>Gavare's eXperimental Emulator:&nbsp;&nbsp;&nbsp;Introduction</title>
2     <meta name="robots" content="noarchive,nofollow,noindex"></head>
3 dpavlin 4 <body bgcolor="#f8f8f8" text="#000000" link="#4040f0" vlink="#404040" alink="#ff0000">
4     <table border=0 width=100% bgcolor="#d0d0d0"><tr>
5     <td width=100% align=center valign=center><table border=0 width=100%><tr>
6     <td align="left" valign=center bgcolor="#d0efff"><font color="#6060e0" size="6">
7 dpavlin 22 <b>Gavare's eXperimental Emulator:</b></font><br>
8 dpavlin 4 <font color="#000000" size="6"><b>Introduction</b>
9     </font></td></tr></table></td></tr></table><p>
10 dpavlin 2
11     <!--
13 dpavlin 24 $Id: intro.html,v 1.87 2006/06/23 10:00:41 debug Exp $
14 dpavlin 2
15 dpavlin 22 Copyright (C) 2003-2006 Anders Gavare. All rights reserved.
16 dpavlin 2
17     Redistribution and use in source and binary forms, with or without
18     modification, are permitted provided that the following conditions are met:
20     1. Redistributions of source code must retain the above copyright
21     notice, this list of conditions and the following disclaimer.
22     2. Redistributions in binary form must reproduce the above copyright
23     notice, this list of conditions and the following disclaimer in the
24     documentation and/or other materials provided with the distribution.
25     3. The name of the author may not be used to endorse or promote products
26     derived from this software without specific prior written permission.
40     -->
42     <a href="./">Back to the index</a>
44     <p><br>
45     <h2>Introduction</h2>
47     <p>
48 dpavlin 22 <table border="0" width="99%"><tr><td valign="top" align="left">
49 dpavlin 2 <ul>
50     <li><a href="#overview">Overview</a>
51 dpavlin 4 <li><a href="#free">Is GXemul Free software?</a>
52 dpavlin 2 <li><a href="#build">How to compile/build the emulator</a>
53 dpavlin 6 <li><a href="#run">How to run the emulator</a>
54 dpavlin 22 <li><a href="#cpus">Which processor architectures does GXemul emulate?</a>
55 dpavlin 24 <li><a href="#hosts">Which host architectures are supported?</a>
56     <li><a href="#translation">What kind of translation does GXemul use?</a>
57 dpavlin 2 <li><a href="#accuracy">Emulation accuracy</a>
58     <li><a href="#emulmodes">Which machines does GXemul emulate?</a>
59     </ul>
60 dpavlin 22 </td><td valign="center" align="center">
61     <a href="20050317-example.png"><img src="20050317-example_small.png"></a>
62     <p>NetBSD/pmax 1.6.2 with X11<br>running in GXemul</td></tr></table>
63 dpavlin 2
67     <p><br>
68     <a name="overview"></a>
69     <h3>Overview:</h3>
71 dpavlin 14 GXemul is an experimental instruction-level machine emulator. Several
72     emulation modes are available. In some modes, processors and surrounding
73     hardware components are emulated well enough to let unmodified operating
74     systems (e.g. NetBSD) run as if they were running on a real machine.
75 dpavlin 2
76 dpavlin 24 <p>Devices and processors (ARM, MIPS, PowerPC) are not simulated with 100%
77     accuracy. They are only ``faked'' well enough to allow guest operating
78     systems run without complaining too much. Still, the emulator could be of
79     interest for academic research and experiments, such as when learning how
80     to write operating system code.
81 dpavlin 12
82 dpavlin 22 <p>The emulator is written in C, does not depend on third-party libraries,
83     and should compile and run on most 64-bit and 32-bit Unix-like systems.
84 dpavlin 2
85 dpavlin 10 <p>The emulator contains code which tries to emulate the workings of CPUs
86     and surrounding hardware found in real machines, but it does not contain
87     any ROM code. You will need some form of program (in binary form) to run
88     in the emulator. For many emulation modes, PROM calls are handled by the
89 dpavlin 2 emulator itself, so you do not need to use any ROM image at all.
91 dpavlin 10 <p>You can use pre-compiled kernels (for example NetBSD kernels, or
92     Linux), or other programs that are in binary format, and in some cases
93     even actual ROM images. A couple of different file formats are supported
94     (ELF, a.out, ECOFF, SREC, and raw binaries).
95 dpavlin 2
96 dpavlin 10 <p>If you do not have a kernel as a separate file, but you have a bootable
97 dpavlin 6 disk image, then it is sometimes possible to boot directly from that
98     image. (This works for example with DECstation emulation, or when booting
99     from ISO9660 CDROM images.)
100 dpavlin 2
104 dpavlin 6
106 dpavlin 10
108 dpavlin 2 <p><br>
109     <a name="free"></a>
110 dpavlin 4 <h3>Is GXemul Free software?</h3>
111 dpavlin 2
112 dpavlin 6 Yes. I have released GXemul under a Free license. The code in GXemul is
113     Copyrighted software, it is <i>not</i> public domain. (If this is
114     confusing to you, you might want to read up on the definitions of the
115     four freedoms associated with Free software, <a
116     href="http://www.gnu.org/philosophy/free-sw.html">http://www.gnu.org/philosophy/free-sw.html</a>.)
117 dpavlin 2
118 dpavlin 12 <p>The code I have written is released under a 3-clause BSD-style license
119     (or "revised BSD-style" if one wants to use <a
120     href="http://www.gnu.org/philosophy/bsd.html">GNU jargon</a>). Apart from
121     the code I have written, some files are copied from other sources such as
122     NetBSD, for example header files containing symbolic names of bitfields in
123     device registers. They are also covered by similar licenses, but with some
124     additional clauses. The main point, however, is that the licenses require
125     that the original Copyright and license terms are included when you make a
126     copy or modification.
127 dpavlin 2
128 dpavlin 12 <p>If you plan to redistribute GXemul <i>without</i> supplying the source
129     code, then you need to comply with each individual source file some other
130     way, for example by writing additional documentation containing copyright
131     notes. I have not done this, since I do not plan on making distributions
132     without source code. You need to check all individual files for details.
133     The "easiest way out" if you plan to redistribute code from GXemul is, of
134     course, to let it remain open source and simply supply the source code.
135 dpavlin 2
136 dpavlin 22 <p>In case you want to reuse parts of GXemul, but you need to do that
137     under a different license (e.g. the GPL), then contact me and I might
138     re-license/dual-license files on a case-by-case basis.
139 dpavlin 2
143 dpavlin 12
144 dpavlin 2 <p><br>
145     <a name="build"></a>
146     <h3>How to compile/build the emulator:</h3>
148     Uncompress the .tar.gz distribution file, and run
149     <pre>
150     $ <b>./configure</b>
151     $ <b>make</b>
152     </pre>
154 dpavlin 22 <p>This should work on most Unix-like systems. GXemul does not require any
155     specific libraries to build, however, if you build on a system which does
156     not have X11 libraries installed, some functionality will be lost.
157 dpavlin 2
158 dpavlin 12 <p>The emulator's performance is highly dependent on both runtime settings
159 dpavlin 2 and on compiler settings, so you might want to experiment with different
160 dpavlin 20 CC and CFLAGS environment variable values. For example, on an AMD Athlon
161 dpavlin 24 host, you might want to try setting <tt>CFLAGS</tt> to <tt>-march=athlon</tt>
162     before running <tt>configure</tt>.
163 dpavlin 2
165 dpavlin 6
170     <p><br>
171     <a name="run"></a>
172     <h3>How to run the emulator:</h3>
174     Once you have built GXemul, running it should be rather straight-forward.
175     Running <tt><b>gxemul</b></tt> without arguments (or with the
176     <b><tt>-h</tt></b> or <b><tt>-H</tt></b> command line options) will
177     display a help message.
179 dpavlin 2 <p>
180 dpavlin 6 To get some ideas about what is possible to run in the emulator, please
181     read the section about <a href="guestoses.html">installing "guest"
182     operating systems</a>. If you are interested in using the emulator to
183     develop code on your own, then you should also read the section about
184     <a href="experiments.html#hello">Hello World</a>.
186     <p>
187 dpavlin 2 To exit the emulator, type CTRL-C to enter the
188 dpavlin 6 single-step debugger, and then type <tt><b>quit</b></tt>.
189 dpavlin 2
190 dpavlin 4 <p>
191     If you are starting an emulation by entering settings directly on the
192 dpavlin 6 command line, and you are not using the <tt><b>-x</b></tt> option, then all
193 dpavlin 4 terminal input and output will go to the main controlling terminal.
194     CTRL-C is used to break into the debugger, so in order to send CTRL-C to
195     the running (emulated) program, you may use CTRL-B.
196 dpavlin 6 (This should be a reasonable compromise to allow the emulator to be usable
197     even on systems without X Windows.)
198 dpavlin 2
199 dpavlin 4 <p>
200 dpavlin 6 There is no way to send an actual CTRL-B to the emulated program, when
201     typing in the main controlling terminal window. The solution is to either
202     use <a href="configfiles.html">configuration files</a>, or use
203     <tt><b>-x</b></tt>. Both these solutions cause new xterms to be opened for
204     each emulated serial port that is written to. CTRL-B and CTRL-C both have
205     their original meaning in those xterm windows.
206 dpavlin 2
210 dpavlin 4
211 dpavlin 2 <p><br>
212     <a name="cpus"></a>
213 dpavlin 22 <h3>Which processor architectures does GXemul emulate?</h3>
214 dpavlin 2
215 dpavlin 24 The architectures that are emulated well enough to let at least one
216     guest operating system run (per architecture) are ARM, MIPS, and
217     PowerPC.
218 dpavlin 2
222 dpavlin 14
223 dpavlin 24 <p><br>
224     <a name="hosts"></a>
225     <h3>Which host architectures are supported?</h3>
226 dpavlin 2
227 dpavlin 24 As of release 0.4.0 of GXemul, the old binary translation subsystem, which
228     was used for emulation of MIPS processors on Alpha and i386 hosts, has
229     been removed. The current dynamic translation subsystem should work on any
230     host.
231 dpavlin 2
232 dpavlin 6
233 dpavlin 2
236 dpavlin 24 <p><br>
237     <a name="translation"></a>
238     <h3>What kind of translation does GXemul use?</h3>
239 dpavlin 2
240 dpavlin 24 <b>Static vs. dynamic:</b>
242     <p>In order to support guest operating systems, which can overwrite old
243     code pages in memory with new code, it is necessary to translate code
244     dynamically. It is not possible to do a "one-pass" (static) translation.
245     Self-modifying code and Just-in-Time compilers running inside
246     the emulator are other things that would not work with a static
247     translator. GXemul is a dynamic translator. However, it does not
248     necessarily translate into native code, like many other emulators.
250     <p><b>"Runnable" Intermediate Representation:</b>
252     <p>Dynamic translators usually translate from the emulated architecture
253     (e.g. MIPS) into a kind of <i>intermediate representation</i> (IR), and then
254     to native code (e.g. AMD64 or x86 code). Since one of my main goals for
255     GXemul is to keep everything as portable as possible, I have tried to make
256     sure that the IR is something which can be executed regardless of whether
257     the final step (translation from IR to native code) has been implemented
258     or not.
260     <p>The IR in GXemul consists of arrays of pointers to functions, and a few
261     arguments which are passed along to those functions. The functions are
262     implemented in either manually hand-coded C, or automatically generated C.
263     In any case, this is all statically linked into the GXemul binary at link
264     time.
266     <p>Here is a simplified diagram of how these arrays work.
268     <p><center><img src="simplified_dyntrans.png"></center>
270     <p>There is one instruction call slot for every possible program counter
271     location. In the MIPS case, instruction words are 32 bits in length,
272     and pages are (usually) 4 KB large, resulting in 1024 instruction call
273     slots. After the last of these instruction calls, there is an additional
274     call to a special "end of page" function (which doesn't count as an executed
275     instruction). This function switches to the first instruction
276     on the next virtual page (which might cause exceptions, etc).
278     <p>The complexity of individual instructions vary. A simple example of
279     what an instruction can look like is the MIPS <tt>addiu</tt> instruction:
280     <pre>
281     X(addiu)
282     {
283     reg(ic->arg[1]) = (int32_t)
284     ((int32_t)reg(ic->arg[0]) + (int32_t)ic->arg[2]);
285     }
286     </pre>
288     <p>It stores the result of a 32-bit addition of the register at arg[0]
289     with the immediate value arg[2] (treating both as signed 32-bit
290     integers) into register arg[1]. If the emulated CPU is a 64-bit CPU,
291     then this will store a correctly sign-extended value into arg[1].
292     If it is a 32-bit CPU, then only the lowest 32 bits will be stored,
293     and the high part ignored. <tt>X(addiu)</tt> is expanded to
294     <tt>mips_instr_addiu</tt> in the 64-bit case, and <tt>mips32_instr_addiu</tt>
295     in the 32-bit case. Both are compiled into the GXemul executable; no code
296     is created during run-time.
298     <p>Here are examples of what the <tt>addiu</tt> instruction actually
299     looks like when it is compiled, on various host architectures:
301     <p><center><table border="0">
302     <tr><td><b>GCC 4.0.1 on Alpha:</b></td>
303     <td width="35"></td><td></td>
304     <tr>
305     <td valign="top">
306     <pre>mips_instr_addiu:
307     ldq t1,8(a1)
308     ldq t2,24(a1)
309     ldq t3,16(a1)
310     ldq t0,0(t1)
311     addl t0,t2,t0
312     stq t0,0(t3)
313     ret</pre>
314     </td>
315     <td></td>
316     <td valign="top">
317     <pre>mips32_instr_addiu:
318     ldq t2,8(a1)
319     ldq t0,24(a1)
320     ldq t3,16(a1)
321     ldl t1,0(t2)
322     addq t0,t1,t0
323     stl t0,0(t3)
324     ret</pre>
325     </td>
326     </tr>
328     <tr><td><b><br>GCC 3.4.4 on AMD64:</b></td>
329     <tr>
330     <td valign="top">
331     <pre>mips_instr_addiu:
332     mov 0x8(%rsi),%rdx
333     mov 0x18(%rsi),%rax
334     mov 0x10(%rsi),%rcx
335     add (%rdx),%eax
336     cltq
337     mov %rax,(%rcx)
338     retq</pre>
339     </td>
340     <td></td>
341     <td valign="top">
342     <pre>mips32_instr_addiu:
343     mov 0x8(%rsi),%rcx
344     mov 0x10(%rsi),%rdx
345     mov (%rcx),%eax
346     add 0x18(%rsi),%eax
347     mov %eax,(%rdx)
348     retq</pre>
349     </td>
350     </tr>
352     <tr><td><b><br>GCC 4.0.1 on i386:</b></td>
353     <tr>
354     <td valign="top">
355     <pre>mips_instr_addiu:
356     mov 0x8(%esp),%eax
357     mov 0x8(%eax),%ecx
358     mov 0x4(%eax),%edx
359     mov 0xc(%eax),%eax
360     add (%edx),%eax
361     mov %eax,(%ecx)
362     cltd
363     mov %edx,0x4(%ecx)
364     ret</pre>
365     </td>
366     <td></td>
367     <td valign="top">
368     <pre>mips32_instr_addiu:
369     mov 0x8(%esp),%eax
370     mov 0x8(%eax),%ecx
371     mov 0x4(%eax),%edx
372     mov 0xc(%eax),%eax
373     add (%edx),%eax
374     mov %eax,(%ecx)
375     ret</pre>
376     </td>
377     </tr>
378     </table></center>
380     <p>On 64-bit hosts, there is not much difference, but on 32-bit hosts (and
381     to some extent on AMD64), the difference is enough to make it worthwhile.
384     <p><b>Performance:</b>
386     <p>The performance of using this kind of runnable IR is obviously lower
387     than what can be achieved by emulators using native code generation, but
388     can be significantly higher than using a naive fetch-decode-execute
389     interpretation loop. In my opinion, using a runnable IR is an interesting
390     compromise.
392     <p>The overhead per emulated instruction is usually around or below
393     approximately 10 host instructions. This is very much dependent on your
394     host architecture and what compiler and compiler switches you are using.
395     Added to this instruction count is (of course) also the C code used to
396     implement each specific instruction.
398     <p><b>Instruction Combinations:</b>
400     <p>Short, common instruction sequences can sometimes be replaced by a
401     "compound" instruction. An example could be a compare instruction followed
402     by a conditional branch instruction. The advantages of instruction
403     combinations are that
404     <ul>
405     <li>the amortized overhead per instruction is slightly reduced, and
406     <p>
407     <li>the host's compiler can make a good job at optimizing the common
408     instruction sequence.
409     </ul>
411     <p>The special cases where instruction combinations give the most gain
412     are in the cores of string/memory manipulation functions such as
413     <tt>memset()</tt> or <tt>strlen()</tt>. The core loop can then (at least
414     to some extent) be replaced by a native call to the equivalent function.
416     <p>The implementations of compound instructions still keep track of the
417     number of executed instructions, etc. When single-stepping, these
418     translations are invalidated, and replaced by normal instruction calls
419     (one per emulated instruction).
421     <p><b>Native Code Back-ends: (not in this release)</b>
423     <p>In theory, it will be possible to implement native code generation
424     (similar to what is used in high-performance emulators such as QEMU),
425     as long as that generated code abides to the C ABI on the host, but
426     for now I wanted to make sure that GXemul works without such native
427     code back-ends. For this reason, as of release 0.4.0, GXemul is
428     completely free of native code back-ends.
435 dpavlin 2 <p><br>
436     <a name="accuracy"></a>
437     <h3>Emulation accuracy:</h3>
439 dpavlin 6 GXemul is an instruction-level emulator; things that would happen in
440 dpavlin 24 several steps within a real CPU are not taken into account (e.g. pipe-line
441 dpavlin 6 stalls or out-of-order execution). Still, instruction-level accuracy seems
442     to be enough to be able to run complete guest operating systems inside the
443 dpavlin 2 emulator.
445 dpavlin 24 <p>The existance of instruction and data caches is "faked" to let
446     operating systems think that they are there, but for all practical
447     purposes, these caches are non-working.
448 dpavlin 2
449 dpavlin 12 <p>The emulator is <i>not</i> timing-accurate. It can be run in a
450     "deterministic" mode, <tt><b>-D</b></tt>. The meaning of deterministic is
451     simply that running two emulations with the same settings will result in
452     identical runs. Obviously, this requires that no user interaction is
453     taking place, and that clock speeds are fixed with the <tt><b>-I</b></tt>
454     option. (Deterministic in this case does <i>not</i> mean that the
455     emulation will be identical to some actual real-world machine.)
456 dpavlin 2
457 dpavlin 24 <p>(Note that user interaction means <i>both</i> input to the emulated
458     program/OS, and interaction with the emulator's debugger. Breaking into the
459     debugger and then continuing execution may affect when/how interrupts
460     occur.)
461 dpavlin 2
463 dpavlin 6
465 dpavlin 20
467 dpavlin 2 <p><br>
468     <a name="emulmodes"></a>
469     <h3>Which machines does GXemul emulate?</h3>
471 dpavlin 4 A few different machine types are emulated. The following machine types
472     are emulated well enough to run at least one "guest OS":
473 dpavlin 2
474     <p>
475     <ul>
476 dpavlin 24 <li><b><u>ARM</u></b>
477 dpavlin 14 <ul>
478 dpavlin 24 <li><b>CATS</b> (NetBSD/cats, OpenBSD/cats)
479     <li><b>IQ80321</b> (NetBSD/evbarm)
480 dpavlin 14 </ul>
481     <p>
482 dpavlin 24 <li><b><u>MIPS</u></b>
483 dpavlin 14 <ul>
484 dpavlin 24 <li><b>DECstation 5000/200</b> (NetBSD/pmax, OpenBSD/pmax, Ultrix,
485     Linux/DECstation, Sprite)
486     <li><b>Acer Pica-61</b> (NetBSD/arc)
487     <li><b>NEC MobilePro 770, 780, 800, and 880</b> (NetBSD/hpcmips)
488     <li><b>Cobalt</b> (NetBSD/cobalt)
489     <li><b>Malta</b> (NetBSD/evbmips)
490     <li><b>SGI O2 (aka IP32)</b> <font color="#0000e0">(<super>*</super>)</font>
491     (NetBSD/sgi)
492 dpavlin 14 </ul>
493 dpavlin 20 <p>
494     <li><b><u>PowerPC</u></b>
495     <ul>
496 dpavlin 24 <li><b>IBM 6050/6070 (PReP, PowerPC Reference Platform)</b> (NetBSD/prep)
497 dpavlin 20 </ul>
498 dpavlin 2 </ul>
500 dpavlin 22 <p><small><font color="#0000e0">(<super>*</super>)</font> =
501     Enough for root-on-nfs, but not for disk boot.)</small>
503 dpavlin 10 <p>There is code in GXemul for emulation of many other machine types; the
504     degree to which these work range from almost being able to run a complete
505     OS, to almost completely unsupported (perhaps just enough support to
506     output a few boot messages via serial console).
507 dpavlin 2
508 dpavlin 10 <p>In addition to emulating real machines, there is also a "test-machine".
509     A test-machine consists of one or more CPUs and a few experimental devices
510     such as:
511 dpavlin 2
512     <p>
513     <ul>
514     <li>a console I/O device (putchar() and getchar()...)
515     <li>an inter-processor communication device, for SMP experiments
516     <li>a very simple linear framebuffer device (for graphics output)
517 dpavlin 12 <li>a simple SCSI disk controller
518     <li>a simple ethernet controller
519 dpavlin 2 </ul>
521 dpavlin 10 <p>This mode is useful if you wish to run experimental code, but do not
522 dpavlin 2 wish to target any specific real-world machine type, for example for
523     educational purposes.
525 dpavlin 10 <p>You can read more about these experimental devices <a
526     href="experiments.html#expdevices">here</a>.
527 dpavlin 2
533     </body>
534     </html>

  ViewVC Help
Powered by ViewVC 1.1.26