/[gxemul]/trunk/doc/intro.html
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Diff of /trunk/doc/intro.html

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 22 by dpavlin, Mon Oct 8 16:19:37 2007 UTC revision 36 by dpavlin, Mon Oct 8 16:21:34 2007 UTC
# Line 10  Line 10 
10    
11  <!--  <!--
12    
13  $Id: intro.html,v 1.73 2006/02/18 14:02:19 debug Exp $  $Id: intro.html,v 1.107 2007/03/08 19:04:09 debug Exp $
14    
15  Copyright (C) 2003-2006  Anders Gavare.  All rights reserved.  Copyright (C) 2003-2007  Anders Gavare.  All rights reserved.
16    
17  Redistribution and use in source and binary forms, with or without  Redistribution and use in source and binary forms, with or without
18  modification, are permitted provided that the following conditions are met:  modification, are permitted provided that the following conditions are met:
# Line 52  SUCH DAMAGE. Line 52  SUCH DAMAGE.
52    <li><a href="#build">How to compile/build the emulator</a>    <li><a href="#build">How to compile/build the emulator</a>
53    <li><a href="#run">How to run the emulator</a>    <li><a href="#run">How to run the emulator</a>
54    <li><a href="#cpus">Which processor architectures does GXemul emulate?</a>    <li><a href="#cpus">Which processor architectures does GXemul emulate?</a>
55      <li><a href="#hosts">Which host architectures are supported?</a>
56      <li><a href="#translation">What kind of translation does GXemul use?</a>
57    <li><a href="#accuracy">Emulation accuracy</a>    <li><a href="#accuracy">Emulation accuracy</a>
58    <li><a href="#emulmodes">Which machines does GXemul emulate?</a>    <li><a href="#emulmodes">Which machines does GXemul emulate?</a>
59  </ul>  </ul>
# Line 71  emulation modes are available. In some m Line 73  emulation modes are available. In some m
73  hardware components are emulated well enough to let unmodified operating  hardware components are emulated well enough to let unmodified operating
74  systems (e.g. NetBSD) run as if they were running on a real machine.  systems (e.g. NetBSD) run as if they were running on a real machine.
75    
76  <p>The processor architecture best emulated by GXemul is MIPS, but other  <p>Devices and processors are not simulated with 100% accuracy. They are
77  architectures such as ARM and PowerPC are also partially emulated.  only ``faked'' well enough to allow guest operating systems to run without
78    complaining too much. Still, the emulator could be of interest for
79  <p>Devices and CPUs are not simulated with 100% accuracy. They are only  academic research and experiments, such as when learning how to write
 ``faked'' well enough to allow guest operating systems run without  
 complaining too much. Still, the emulator could be of interest for  
 academic research and experiments, such as when learning how to write  
80  operating system code.  operating system code.
81    
82  <p>The emulator is written in C, does not depend on third-party libraries,  <p>The emulator is written in C, does not depend on third-party libraries,
# Line 96  even actual ROM images. A couple of diff Line 95  even actual ROM images. A couple of diff
95    
96  <p>If you do not have a kernel as a separate file, but you have a bootable  <p>If you do not have a kernel as a separate file, but you have a bootable
97  disk image, then it is sometimes possible to boot directly from that  disk image, then it is sometimes possible to boot directly from that
98  image. (This works for example with DECstation emulation, or when booting  image. (This works for example with DECstation emulation, Dreamcast
99  from ISO9660 CDROM images.)  emulation, or when booting from generic ISO9660 CDROM images if the
100    kernel is included in the image as a plain file.)
101    
102    <p>Thanks to (in no specific order) Joachim Buss, Olivier Houchard, Juli
103    Mallett, Juan Romero Pardines, Alec Voropay, Göran Weinholt, Alexander
104    Yurchenko, and everyone else who has provided me with feedback.
105    
106    
107    
# Line 159  not have X11 libraries installed, some f Line 162  not have X11 libraries installed, some f
162  <p>The emulator's performance is highly dependent on both runtime settings  <p>The emulator's performance is highly dependent on both runtime settings
163  and on compiler settings, so you might want to experiment with different  and on compiler settings, so you might want to experiment with different
164  CC and CFLAGS environment variable values. For example, on an AMD Athlon  CC and CFLAGS environment variable values. For example, on an AMD Athlon
165  host, you might want to try setting <tt>CFLAGS</tt> to <tt>-march=athlon  host, you might want to try setting <tt>CFLAGS</tt> to <tt>-march=athlon</tt>
166  -O3</tt> before running <tt>configure</tt>.  before running <tt>configure</tt>.
167    
168    
169    
# Line 213  their original meaning in those xterm wi Line 216  their original meaning in those xterm wi
216  <a name="cpus"></a>  <a name="cpus"></a>
217  <h3>Which processor architectures does GXemul emulate?</h3>  <h3>Which processor architectures does GXemul emulate?</h3>
218    
219  <h4>MIPS:</h4>  The architectures that are emulated well enough to let at least one
220    guest operating system run (per architecture) are ARM, MIPS, PowerPC,
221    and SuperH.
222    
223    <p>Please read the page about <a href="guestoses.html">guest operating
224    systems</a> for more information about the machines and operating systems
225    that can be considered "working" in the emulator.
226    
227    
228    
229    
230    
231    
232    <p><br>
233    <a name="hosts"></a>
234    <h3>Which host architectures are supported?</h3>
235    
236    GXemul should compile and run on any modern host architecture (64-bit or
237    32-bit word-length).
238    
239    <p>Note: The dynamic translation engine does <i>not</i> require backends
240    for native code generation to be written for each individual host
241    architecture; the "intermediate representation" that the dyntrans system
242    uses can be executed on any host architecture.
243    
244    
 Emulation of R4000, which is a 64-bit CPU, was my initial goal.  
 R2000/R3000-like CPUs (32-bit), R1x000, and generic MIPS32/MIPS64-style  
 CPUs are also emulated, and are hopefully almost as stable as the R4000  
 emulation. Several guest operating systems for MIPS can run inside  
 the emulator.  
245    
 <p>(For MIPS emulation, I have written an experimental dynamic binary  
 translation subsystem, for Alpha and i386 hosts. This gives higher total  
 performance than interpreting one instruction at a time and executing it.  
 If you wish to disable bintrans, add <b>-B</b> to the command line.)  
246    
 <h4>ARM:</h4>  
247    
248  ARM emulation is good enough to run NetBSD/cats, OpenBSD/cats, and  <p><br>
249  NetBSD/evbarm, but it is not as tested or fine-tuned as the MIPS emulation  <a name="translation"></a>
250  mode.  <h3>What kind of translation does GXemul use?</h3>
251    
252    <b>Static vs. dynamic:</b>
253    
254    <p>In order to support guest operating systems, which can overwrite old
255    code pages in memory with new code, it is necessary to translate code
256    dynamically. It is not possible to do a "one-pass" (static) translation.
257    Self-modifying code and Just-in-Time compilers running inside
258    the emulator are other things that would not work with a static
259    translator. GXemul is a dynamic translator. However, it does not
260    necessarily translate into native code, like many other emulators.
261    
262    <p><b>"Runnable" Intermediate Representation:</b>
263    
264    <p>Dynamic translators usually translate from the emulated architecture
265    (e.g. MIPS) into a kind of <i>intermediate representation</i> (IR), and then
266    to native code (e.g. AMD64 or x86 code). Since one of my main goals for
267    GXemul is to keep everything as portable as possible, I have tried to make
268    sure that the IR is something which can be executed regardless of whether
269    the final step (translation from IR to native code) has been implemented
270    or not.
271    
272    <p>The IR in GXemul consists of arrays of pointers to functions, and a few
273    arguments which are passed along to those functions. The functions are
274    implemented in either manually hand-coded C, or automatically generated C.
275    In any case, this is all statically linked into the GXemul binary at link
276    time.
277    
278    <p>Here is a simplified diagram of how these arrays work.
279    
280    <p><center><img src="simplified_dyntrans.png"></center>
281    
282    <p>There is one instruction call slot for every possible program counter
283    location. In the MIPS case, instruction words are 32 bits in length,
284    and pages are (usually) 4 KB large, resulting in 1024 instruction call
285    slots. After the last of these instruction calls, there is an additional
286    call to a special "end of page" function (which doesn't count as an executed
287    instruction). This function switches to the first instruction
288    on the next virtual page (which might cause exceptions, etc).
289    
290    <p>The complexity of individual instructions vary. A simple example of
291    what an instruction can look like is the MIPS <tt>addiu</tt> instruction:
292    <pre>
293            X(addiu)
294            {
295                    reg(ic->arg[1]) = (int32_t)
296                        ((int32_t)reg(ic->arg[0]) + (int32_t)ic->arg[2]);
297            }
298    </pre>
299    
300  <h4>PowerPC:</h4>  <p>It stores the result of a 32-bit addition of the register at arg[0]
301    with the immediate value arg[2] (treating both as signed 32-bit
302    integers) into register arg[1]. If the emulated CPU is a 64-bit CPU,
303    then this will store a correctly sign-extended value into arg[1].
304    If it is a 32-bit CPU, then only the lowest 32 bits will be stored,
305    and the high part ignored. <tt>X(addiu)</tt> is expanded to
306    <tt>mips_instr_addiu</tt> in the 64-bit case, and <tt>mips32_instr_addiu</tt>
307    in the 32-bit case. Both are compiled into the GXemul executable; no code
308    is created during run-time.
309    
310    <p>Here are examples of what the <tt>addiu</tt> instruction actually
311    looks like when it is compiled, on various host architectures:
312    
313    <p><center><table border="0">
314        <tr><td><b>GCC 4.0.1 on Alpha:</b></td>
315            <td width="35"></td><td></td>
316        <tr>
317            <td valign="top">
318    <pre>mips_instr_addiu:
319         ldq     t1,8(a1)
320         ldq     t2,24(a1)
321         ldq     t3,16(a1)
322         ldq     t0,0(t1)
323         addl    t0,t2,t0
324         stq     t0,0(t3)
325         ret</pre>
326            </td>
327            <td></td>
328            <td valign="top">
329    <pre>mips32_instr_addiu:
330         ldq     t2,8(a1)
331         ldq     t0,24(a1)
332         ldq     t3,16(a1)
333         ldl     t1,0(t2)
334         addq    t0,t1,t0
335         stl     t0,0(t3)
336         ret</pre>
337            </td>
338        </tr>
339    
340        <tr><td><b><br>GCC 3.4.4 on AMD64:</b></td>
341        <tr>
342            <td valign="top">
343    <pre>mips_instr_addiu:
344         mov    0x8(%rsi),%rdx
345         mov    0x18(%rsi),%rax
346         mov    0x10(%rsi),%rcx
347         add    (%rdx),%eax
348         cltq
349         mov    %rax,(%rcx)
350         retq</pre>
351            </td>
352            <td></td>
353            <td valign="top">
354    <pre>mips32_instr_addiu:
355         mov    0x8(%rsi),%rcx
356         mov    0x10(%rsi),%rdx
357         mov    (%rcx),%eax
358         add    0x18(%rsi),%eax
359         mov    %eax,(%rdx)
360         retq</pre>
361            </td>
362        </tr>
363    
364        <tr><td><b><br>GCC 4.0.1 on i386:</b></td>
365        <tr>
366            <td valign="top">
367    <pre>mips_instr_addiu:
368         mov    0x8(%esp),%eax
369         mov    0x8(%eax),%ecx
370         mov    0x4(%eax),%edx
371         mov    0xc(%eax),%eax
372         add    (%edx),%eax
373         mov    %eax,(%ecx)
374         cltd
375         mov    %edx,0x4(%ecx)
376         ret</pre>
377            </td>
378            <td></td>
379            <td valign="top">
380    <pre>mips32_instr_addiu:
381         mov    0x8(%esp),%eax
382         mov    0x8(%eax),%ecx
383         mov    0x4(%eax),%edx
384         mov    0xc(%eax),%eax
385         add    (%edx),%eax
386         mov    %eax,(%ecx)
387         ret</pre>
388            </td>
389        </tr>
390    </table></center>
391    
392    <p>On 64-bit hosts, there is not much difference, but on 32-bit hosts (and
393    to some extent on AMD64), the difference is enough to make it worthwhile.
394    
395    
396    <p><b>Performance:</b>
397    
398    <p>The performance of using this kind of runnable IR is obviously lower
399    than what can be achieved by emulators using native code generation, but
400    can be significantly higher than using a naive fetch-decode-execute
401    interpretation loop. In my opinion, using a runnable IR is an interesting
402    compromise.
403    
404    <p>The overhead per emulated instruction is usually around or below
405    approximately 10 host instructions. This is very much dependent on your
406    host architecture and what compiler and compiler switches you are using.
407    Added to this instruction count is (of course) also the C code used to
408    implement each specific instruction.
409    
410    <p><b>Instruction Combinations:</b>
411    
412    <p>Short, common instruction sequences can sometimes be replaced by a
413    "compound" instruction. An example could be a compare instruction followed
414    by a conditional branch instruction. The advantages of instruction
415    combinations are that
416    <ul>
417      <li>the amortized overhead per instruction is slightly reduced, and
418      <p>
419      <li>the host's compiler can make a good job at optimizing the common
420            instruction sequence.
421    </ul>
422    
423  PowerPC emulation is still in its beginning stages, but good enough  <p>The special cases where instruction combinations give the most gain
424  to run NetBSD/prep 2.1.  are in the cores of string/memory manipulation functions such as
425    <tt>memset()</tt> or <tt>strlen()</tt>. The core loop can then (at least
426    to some extent) be replaced by a native call to the equivalent function.
427    
428    <p>The implementations of compound instructions still keep track of the
429    number of executed instructions, etc. When single-stepping, these
430    translations are invalidated, and replaced by normal instruction calls
431    (one per emulated instruction).
432    
433    <p><b>Native Code Back-ends:</b>
434    
435    <p>In theory, it will be possible to implement native code generation,
436    similar to what is used in high-performance emulators such as QEMU,
437    as long as that generated code abides to the C ABI on the host.
438    
439    <p>However, since I wanted to make sure that GXemul works without such
440    native code back-ends, there are no implemented backends in this release.
441    
442    <p>(There is a place-holder in the source code for native code generation,
443    which can be used for experiments, but it does not contain any working
444    code at the moment.)
445    
 <p>Non-MIPS emulation modes use dynamic translation, but not recompilation  
 into native code. This makes it possible to run on any host platform.  
446    
447    
448    
# Line 249  into native code. This makes it possible Line 453  into native code. This makes it possible
453  <h3>Emulation accuracy:</h3>  <h3>Emulation accuracy:</h3>
454    
455  GXemul is an instruction-level emulator; things that would happen in  GXemul is an instruction-level emulator; things that would happen in
456  several steps within a real CPU are not taken into account (eg. pipe-line  several steps within a real CPU are not taken into account (e.g. pipe-line
457  stalls or out-of-order execution). Still, instruction-level accuracy seems  stalls or out-of-order execution). Still, instruction-level accuracy seems
458  to be enough to be able to run complete guest operating systems inside the  to be enough to be able to run complete guest operating systems inside the
459  emulator.  emulator.
460    
461  <p>Caches are by default not emulated. In some cases, the existance of  <p>The existance of instruction and data caches is "faked" to let
462  caches is "faked" to let operating systems think that they are there.  operating systems think that they are there, but for all practical
463  (There is some old code for R2000/R3000 caches, but it has probably  purposes, these caches are non-working.
464  suffered from bitrot by now.)  
465    <p>The emulator is in general <i>not</i> timing-accurate, neither at the
466  <p>The emulator is <i>not</i> timing-accurate. It can be run in a  instruction level nor on any higher level. An attempt is made to let
467  "deterministic" mode, <tt><b>-D</b></tt>. The meaning of deterministic is  emulated clocks run at the same speed as the host (i.e. an emulated timer
468  simply that running two emulations with the same settings will result in  running at 100 Hz will interrupt around 100 times per real second), but
469  identical runs. Obviously, this requires that no user interaction is  since the host speed may vary, e.g. because of other running processes,
470  taking place, and that clock speeds are fixed with the <tt><b>-I</b></tt>  there is no guarantee as to how many instructions will be executed in
471  option. (Deterministic in this case does <i>not</i> mean that the  each of these 100 Hz cycles.
472  emulation will be identical to some actual real-world machine.)  
473    <p>If the host is very slow, the emulated clocks might even lag behind
474  <p><font color="#ff0000">(Oops/TODO: User interaction means <i>both</i>  the real-world clock.
 input to the emulated program/OS, and interacting with the emulator  
 itself. Breaking into the debugger and then continuing execution may  
 affect when/how interrupts occur.)</font>  
475    
476    
477    
# Line 286  are emulated well enough to run at least Line 487  are emulated well enough to run at least
487    
488  <p>  <p>
489  <ul>  <ul>
490    <li><b><u>MIPS</u></b>    <li><b><u>ARM</u></b>
491    <ul>    <ul>
492      <li><b>DECstation 5000/200</b>&nbsp;&nbsp;("3max")      <li><b>CATS</b> (<a href="guestoses.html#netbsdcatsinstall">NetBSD/cats</a>,
493      <li><b>Acer Pica-61</b>&nbsp;&nbsp;(an ARC machine)          <a href="guestoses.html#openbsdcatsinstall">OpenBSD/cats</a>)
494      <li><b>NEC MobilePro 770, 780, 800, and 880</b>&nbsp;&nbsp;(HPCmips machines)      <li><b>IQ80321</b> (<a href="guestoses.html#netbsdevbarminstall">NetBSD/evbarm</a>)
495      <li><b>Cobalt</b>      <li><b>NetWinder</b> (<a href="guestoses.html#netbsdnetwinderinstall">NetBSD/netwinder</a>)
     <li><b>Malta</b> (evbmips)  
     <li><b>SGI O2 ("IP32")</b> <font color="#0000e0">(<super>*</super>)</font>  
496    </ul>    </ul>
497    <p>    <p>
498    <li><b><u>ARM</u></b>    <li><b><u>MIPS</u></b>
499    <ul>    <ul>
500      <li><b>CATS</b>      <li><b>DECstation 5000/200</b> (<a href="guestoses.html#netbsdpmaxinstall">NetBSD/pmax</a>,
501      <li><b>IQ80321</b> (evbarm)          <a href="guestoses.html#openbsdpmaxinstall">OpenBSD/pmax</a>,
502            <a href="guestoses.html#ultrixinstall">Ultrix</a>,
503            <a href="guestoses.html#declinux">Linux/DECstation</a>,
504            <a href="guestoses.html#sprite">Sprite</a>)
505        <li><b>Acer Pica-61</b> (<a href="guestoses.html#netbsdarcinstall">NetBSD/arc</a>)
506        <li><b>NEC MobilePro 770, 780, 800, 880</b> (<a href="guestoses.html#netbsdhpcmipsinstall">NetBSD/hpcmips</a>)
507        <li><b>Cobalt</b> (<a href="guestoses.html#netbsdcobaltinstall">NetBSD/cobalt</a>)
508        <li><b>Malta</b> (<a href="guestoses.html#netbsdevbmipsinstall">NetBSD/evbmips</a>, Linux/Malta <font color="#0000e0">(<super>*1</super>)</font>)
509        <li><b>Algorithmics P5064</b> (<a href="guestoses.html#netbsdalgorinstall">NetBSD/algor</a>)
510        <li><b>SGI O2 (aka IP32)</b> <font color="#0000e0">(<super>*2</super>)</font>
511            (<a href="guestoses.html#netbsdsgimips">NetBSD/sgi</a>)
512    </ul>    </ul>
513    <p>    <p>
514    <li><b><u>PowerPC</u></b>    <li><b><u>PowerPC</u></b>
515    <ul>    <ul>
516      <li><b>PReP (PowerPC Reference Platform)</b>      <li><b>IBM 6050/6070 (PReP, PowerPC Reference Platform)</b> (<a href="guestoses.html#netbsdprepinstall">NetBSD/prep</a>)
517        <li><b>MacPPC (generic "G4" Macintosh)</b> (<a href="guestoses.html#netbsdmacppcinstall">NetBSD/macppc</a>)
518      </ul>
519      <p>
520      <li><b><u>SuperH</u></b>
521      <ul>
522        <li><b>Sega Dreamcast</b> (<a href="dreamcast.html#netbsd_generic_md">NetBSD/dreamcast</a>, <a href="dreamcast.html#linux_live_cd">Linux/dreamcast</a>)
523    </ul>    </ul>
524  </ul>  </ul>
525    
526  <p><small><font color="#0000e0">(<super>*</super>)</font> =  <p>
527  Enough for root-on-nfs, but not for disk boot.)</small>  <small><font color="#0000e0">(<super>*1</super>)</font> =
528    Linux/Malta may be run as a guest OS, however I have not yet found any stable
529    URL to pre-compiled Linux/Malta kernels. Thus, Linux/Malta emulation is not
530    tested for every release of the emulator; sometimes it works, sometimes
531    it doesn't.</small>
532    
533    <br><small><font color="#0000e0">(<super>*2</super>)</font> =
534    SGI O2 emulation is enough for root-on-nfs, but not for disk boot.</small>
535    
536    
537  <p>There is code in GXemul for emulation of many other machine types; the  <p>There is code in GXemul for emulation of many other machine types; the
538  degree to which these work range from almost being able to run a complete  degree to which these work range from almost being able to run a complete
# Line 325  such as: Line 548  such as:
548    <li>a console I/O device (putchar() and getchar()...)    <li>a console I/O device (putchar() and getchar()...)
549    <li>an inter-processor communication device, for SMP experiments    <li>an inter-processor communication device, for SMP experiments
550    <li>a very simple linear framebuffer device (for graphics output)    <li>a very simple linear framebuffer device (for graphics output)
551    <li>a simple SCSI disk controller    <li>a simple disk controller
552    <li>a simple ethernet controller    <li>a simple ethernet controller
553      <li>a real-time clock device
554  </ul>  </ul>
555    
556  <p>This mode is useful if you wish to run experimental code, but do not  <p>This mode is useful if you wish to run experimental code, but do not

Legend:
Removed from v.22  
changed lines
  Added in v.36

  ViewVC Help
Powered by ViewVC 1.1.26