1 |
.\" $Id: gxemul.1,v 1.65 2006/06/22 13:22:40 debug Exp $ |
2 |
.\" |
3 |
.\" Copyright (C) 2004-2006 Anders Gavare. All rights reserved. |
4 |
.\" |
5 |
.\" Redistribution and use in source and binary forms, with or without |
6 |
.\" modification, are permitted provided that the following conditions are met: |
7 |
.\" |
8 |
.\" 1. Redistributions of source code must retain the above copyright |
9 |
.\" notice, this list of conditions and the following disclaimer. |
10 |
.\" 2. Redistributions in binary form must reproduce the above copyright |
11 |
.\" notice, this list of conditions and the following disclaimer in the |
12 |
.\" documentation and/or other materials provided with the distribution. |
13 |
.\" 3. The name of the author may not be used to endorse or promote products |
14 |
.\" derived from this software without specific prior written permission. |
15 |
.\" |
16 |
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
17 |
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
18 |
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
19 |
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
20 |
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
21 |
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
22 |
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
23 |
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
24 |
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
25 |
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
26 |
.\" SUCH DAMAGE. |
27 |
.\" |
28 |
.\" |
29 |
.\" This is a minimal man page for GXemul. Process this file with |
30 |
.\" groff -man -Tascii gxemul.1 or nroff -man gxemul.1 |
31 |
.\" |
32 |
.Dd JUNE 2006 |
33 |
.Dt GXEMUL 1 |
34 |
.Os |
35 |
.Sh NAME |
36 |
.Nm gxemul |
37 |
.Nd an experimental machine emulator |
38 |
.Sh SYNOPSIS |
39 |
.Nm |
40 |
.Op machine, other, and general options |
41 |
.Op file Ar ... |
42 |
.Nm |
43 |
.Op general options |
44 |
.Ar @configfile |
45 |
.\" TODO: Reenable this once userland emulation works: |
46 |
.\" .Nm |
47 |
.\" .Op userland, other, and general options |
48 |
.\" .Ar file Op Ar args ... |
49 |
.Sh DESCRIPTION |
50 |
.Nm |
51 |
is an experimental instruction-level machine emulator. Several |
52 |
emulation modes are available. In some modes, processors and surrounding |
53 |
hardware components are emulated well enough to let unmodified operating |
54 |
systems (e.g. NetBSD) run inside the emulator as if they were running on a |
55 |
real machine. |
56 |
.Pp |
57 |
Processors (ARM, MIPS, PowerPC) are emulated using a kind of dynamic |
58 |
translation system. Performance is somewhere between traditional |
59 |
interpretation and recompilation into native code. However, the dynamic |
60 |
translation system used in GXemul does not (currently) generate native |
61 |
code, and thus does not require platform-specific back-ends. In plain |
62 |
English, this means that the dyntrans system works on any host architecture. |
63 |
.Pp |
64 |
The emulator can be invoked in the following ways: |
65 |
.Pp |
66 |
1. When emulating a complete machine, configuration options can be entered |
67 |
directly on the command line. |
68 |
.Pp |
69 |
2. Options can be read from a configuration file. |
70 |
.\" .Pp |
71 |
.\" 3. When emulating a userland environment (syscall-only emulation, not |
72 |
.\" emulating complete machines), then the program name and its argument |
73 |
.\" should be given on the command line. (This mode doesn't really work yet, |
74 |
.\" and is disabled for stable release builds.) |
75 |
.Pp |
76 |
The easiest way to use the emulator is to supply settings directly on the |
77 |
command line. The most important thing you need to supply is the |
78 |
file argument. This is the name of a binary file (an ELF, a.out, COFF/ECOFF, |
79 |
SREC, or a raw binary image) which you wish to run in the emulator. This file |
80 |
might be an operating system kernel, or perhaps a ROM image file. |
81 |
.Pp |
82 |
If more than one filename is supplied, all files are loaded into memory, |
83 |
and the entry point (if available) is taken from the last file. |
84 |
.Pp |
85 |
Apart from the name of a binary file, it is also necessary to select |
86 |
which specific emulation mode to use. For example, a MIPS-based machine |
87 |
from DEC (a DECstation) is very different from a MIPS-based machine |
88 |
from SGI. Use |
89 |
.Nm |
90 |
.Fl H |
91 |
to get a list of available emulation modes. |
92 |
.Pp |
93 |
There are two exceptions to the normal invocation usage mentioned above. |
94 |
The first is for DECstation emulation: if you have a bootable |
95 |
DECstation harddisk or CDROM image, then just supplying the diskimage via |
96 |
the |
97 |
.Fl d |
98 |
option is sufficient. (The filename of the kernel can then be |
99 |
skipped, as the emulator runs the bootblocks from the diskimage directly and |
100 |
doesn't need the kernel as a separate file.) |
101 |
The second is if you supply an ISO9660 CDROM disk image. You may then use |
102 |
the |
103 |
.Fl j |
104 |
option to indicate which file on the CDROM filesystem that should be |
105 |
loaded into emulated memory. |
106 |
.Pp |
107 |
Machine selection options: |
108 |
.Bl -tag -width Ds |
109 |
.It Fl E Ar t |
110 |
Try to emulate machine type |
111 |
.Ar "t". |
112 |
This option is not always needed, if the |
113 |
.Fl e |
114 |
option uniquely selects a machine. |
115 |
(Use |
116 |
.Fl H |
117 |
to get a list of types.) |
118 |
.It Fl e Ar st |
119 |
Try to emulate machine subtype |
120 |
.Ar "st". |
121 |
Use this together with |
122 |
.Fl E . |
123 |
(This option is not always needed, if a machine type has no subtypes.) |
124 |
.El |
125 |
.Pp |
126 |
Other options: |
127 |
.Bl -tag -width Ds |
128 |
.\" The -A command line option is DEPRECATED and will be removed soon. |
129 |
.\" .It Fl A |
130 |
.\" Disable load/store alignment checks in some cases. This might give a small |
131 |
.\" increase in performance, but the emulator will not run correctly if the |
132 |
.\" emulated code actually tries to do unaligned loads or stores. (This option |
133 |
.\" is only meaningful when emulating MIPS CPUs, when the host architecture is |
134 |
.\" Alpha or i386, and binary translation is enabled.) |
135 |
.\" .It Fl B |
136 |
.\" Disable native translation backends. By default, translation backends are |
137 |
.\" used if the host+target architecture combination is supported. Currently, |
138 |
.\" the only supported host architecture for the old bintrans system (used |
139 |
.\" when emulating MIPS processors) are Alpha and i386. The old bintrans |
140 |
.\" system will hopefully be removed some day. |
141 |
.It Fl C Ar x |
142 |
Try to emulate a specific CPU type, |
143 |
.Ar "x". |
144 |
This overrides the default CPU type for the machine being emulated. |
145 |
(Use |
146 |
.Fl H |
147 |
to get a list of available CPU types.) |
148 |
.It Fl d Ar [modifiers:]filename |
149 |
Add |
150 |
.Ar filename |
151 |
as a disk image. By adding one or more modifier characters and then a |
152 |
colon (":") as a prefix to |
153 |
.Ar filename, |
154 |
you can modify the way the disk image is treated. Available modifiers are: |
155 |
.Bl -tag -width Ds |
156 |
.It b |
157 |
Specifies that this is a boot device. |
158 |
.It c |
159 |
CD-ROM. |
160 |
.It d |
161 |
DISK (this is the default). |
162 |
.It f |
163 |
FLOPPY. |
164 |
.It gH;S; |
165 |
Override the default geometry; use H heads and S sectors-per-track. |
166 |
(The number of cylinders is calculated automatically.) |
167 |
.It i |
168 |
IDE. (This is the default for most machine types.) |
169 |
.It r |
170 |
Read-only (don't allow changes to be written to the file). |
171 |
.It s |
172 |
SCSI. |
173 |
.It t |
174 |
Tape. |
175 |
.It 0-7 |
176 |
Force a specific ID number. |
177 |
.El |
178 |
.Pp |
179 |
For SCSI devices, the ID number is the SCSI ID. For IDE harddisks, the ID |
180 |
number has the following meaning: |
181 |
.Bl -tag -width Ds |
182 |
.It 0 |
183 |
Primary master. |
184 |
.It 1 |
185 |
Primary slave. |
186 |
.It 2 |
187 |
Secondary master. |
188 |
.It 3 |
189 |
Secondary slave. |
190 |
.El |
191 |
.Pp |
192 |
Unless otherwise specified, filenames ending with ".iso" or ".cdr" are |
193 |
assumed to be CDROM images. Most others are assumed to be disks. Depending |
194 |
on which machine is being emulated, the default for disks can be either |
195 |
SCSI or IDE. Some disk images that are very small are assumed to be floppy |
196 |
disks. (If you are not happy with the way a disk image is detected, then |
197 |
you need to use explicit prefixes to force a specific type.) |
198 |
.Pp |
199 |
For floppies, the gH;S; prefix is ignored. Instead, the number of |
200 |
heads and cylinders are assumed to be 2 and 80, respectively, and the |
201 |
number of sectors per track is calculated automatically. (This works for |
202 |
720KB, 1.2MB, 1.44MB, and 2.88MB floppies.) |
203 |
.It Fl G Ar port |
204 |
Pause at startup, and listen to TCP port |
205 |
.Ar port |
206 |
for incoming remote GDB connections. The emulator starts up in paused |
207 |
mode, and it is up to the remote GDB instance to start the session. |
208 |
.It Fl I Ar x |
209 |
Emulate clock interrupts at |
210 |
.Ar x |
211 |
Hz. (This affects emulated clock devices only, not actual runtime speed. |
212 |
This disables automatic clock adjustments, which is otherwise turned on.) |
213 |
(This option is probably only valid for DECstation emulation.) |
214 |
.It Fl i |
215 |
Display each instruction as it is being executed. |
216 |
.It Fl J |
217 |
Disable some speed tricks. This usually means disabling the use of |
218 |
dyntrans "instruction combinations". |
219 |
.It Fl j Ar n |
220 |
Set the name of the kernel to |
221 |
.Ar "n". |
222 |
When booting from an ISO9660 filesystem, the emulator will try to boot |
223 |
using this file. (In some emulation modes, eg. DECstation, this name is passed |
224 |
along to the boot program. Useful names are "bsd" for OpenBSD/pmax, |
225 |
"vmunix" for Ultrix, or "vmsprite" for Sprite.) |
226 |
.It Fl M Ar m |
227 |
Emulate |
228 |
.Ar m |
229 |
MBs of physical RAM. This overrides the default amount of RAM for the |
230 |
selected machine type. |
231 |
.It Fl N |
232 |
Display the number of executed instructions per second on average, at |
233 |
regular intervals. |
234 |
.It Fl n Ar nr |
235 |
Set the number of processors in the machine, for SMP experiments. |
236 |
.Pp |
237 |
Note: The emulator allocates quite a |
238 |
lot of virtual memory for per-CPU translation tables. On 64-bit hosts, |
239 |
this is normally not a problem. On 32-bit hosts, this can use up all |
240 |
available virtual userspace memory. The solution is to either run the |
241 |
emulator on a 64-bit host, or limit the number of emulated CPUs to a |
242 |
reasonable number (say, less than 32). |
243 |
.Pp |
244 |
Note 2: SMP simulation is not working very well yet; multiple processors |
245 |
are simulated, but synchronization between the processors does not map |
246 |
very well to how real-world SMP systems work. |
247 |
.It Fl O |
248 |
Force a "netboot" (tftp instead of disk), even when a disk image is |
249 |
present (for DECstation, SGI, and ARC emulation). |
250 |
.It Fl o Ar arg |
251 |
Set the boot argument (mostly useful for DEC, ARC, or SGI emulation). |
252 |
Default |
253 |
.Ar arg |
254 |
for DEC is "-a", for ARC/SGI it is "-aN", and for CATS it is "-A". |
255 |
.It Fl p Ar pc |
256 |
Add a breakpoint. |
257 |
.Ar pc |
258 |
can be a symbol, or a numeric value. (Remember to use the "0x" prefix for |
259 |
hexadecimal values.) |
260 |
.It Fl Q |
261 |
Disable the built-in PROM emulation. This is useful for |
262 |
experimenting with running raw ROM images from real machines. |
263 |
.It Fl R |
264 |
Use a random bootstrap cpu, instead of CPU nr 0. (For SMP experiments.) |
265 |
.It Fl r |
266 |
Dump register contents for every executed instruction. |
267 |
.It Fl S |
268 |
Initialize emulated RAM to random data, instead of zeroes. This option |
269 |
is useful when trying to trigger bugs in a program that occur because the |
270 |
program assumed that uninitialized memory contains zeros. (Use with |
271 |
care.) |
272 |
.It Fl t |
273 |
Show a trace tree of all function calls being made. |
274 |
.It Fl U |
275 |
Enable slow_serial_interrupts_hack_for_linux. |
276 |
.It Fl X |
277 |
Use X11. This option enables graphical framebuffers. |
278 |
.It Fl x |
279 |
Open up new xterms for emulated serial ports. The default behaviour is to |
280 |
open up xterms when using configuration files, or if X11 is enabled. When |
281 |
starting up a simple emulation session with settings directly on the |
282 |
command line, and neither |
283 |
.Fl X |
284 |
nor |
285 |
.Fl x |
286 |
is used, then all output is confined to the terminal that |
287 |
.Nm |
288 |
started in. |
289 |
.It Fl Y Ar n |
290 |
Scale down framebuffer windows by |
291 |
.Ar n |
292 |
x |
293 |
.Ar n |
294 |
times. This option is useful when emulating a very large framebuffer, and |
295 |
the actual display is of lower resolution. If |
296 |
.Ar n |
297 |
is negative, then there will be no scaledown, but emulation of certain |
298 |
graphic controllers will be scaled up |
299 |
by |
300 |
.Ar -n |
301 |
times instead. E.g. Using |
302 |
.Ar -2 |
303 |
with VGA text mode emulation will result in 80x25 character cells rendered |
304 |
in a 1280x800 window, instead of the normal resolution of 640x400. |
305 |
.It Fl Z Ar n |
306 |
Set the number of graphics cards, for emulating a dual-head or tripple-head |
307 |
environment. (Only for DECstation emulation so far.) |
308 |
.It Fl z Ar disp |
309 |
Add |
310 |
.Ar disp |
311 |
as an X11 display to use for framebuffers. |
312 |
.El |
313 |
.Pp |
314 |
.\" Userland options: |
315 |
.\" .Bl -tag -width Ds |
316 |
.\" .It Fl u Ar emul-mode |
317 |
.\" Userland-only (syscall) emulation. (Use |
318 |
.\" .Fl H |
319 |
.\" to get a list of available emulation modes.) Some (but not all) of the |
320 |
.\" options listed under Other options above can also be used with |
321 |
.\" userland emulation. |
322 |
.\" .El |
323 |
.\" .Pp |
324 |
General options: |
325 |
.Bl -tag -width Ds |
326 |
.It Fl c Ar cmd |
327 |
Add |
328 |
.Ar cmd |
329 |
as a command to run before starting the simulation. A similar effect can |
330 |
be achieved by using the |
331 |
.Fl V |
332 |
option, and entering the commands manually. |
333 |
.It Fl D |
334 |
Guarantee fully deterministic behavior. Normally, the emulator calls |
335 |
srandom() with a seed based on the current time at startup. When the |
336 |
.Fl D |
337 |
option is used, the srandom() call is skipped, which should cause two |
338 |
subsequent invocations of the emulator to be identical, if all other |
339 |
settings are identical and no user input is taking place. (If this option |
340 |
is used, then |
341 |
.Fl I |
342 |
must also be used.) |
343 |
.It Fl H |
344 |
Display a list of available CPU types, machine types, and userland |
345 |
emulation modes. (Most of these don't work. Please read the documentation |
346 |
included in the |
347 |
.Nm |
348 |
distribution for details on which modes that actually work. Userland |
349 |
emulation is not included in stable release builds, since it doesn't work |
350 |
yet.) |
351 |
.It Fl h |
352 |
Display a list of all available command line options. |
353 |
.It Fl K |
354 |
Force the single-step debugger to be entered at the end of a simulation. |
355 |
.It Fl q |
356 |
Quiet mode; this suppresses startup messages. |
357 |
.\".It Fl s |
358 |
.\"For MIPS emulation: Show opcode usage statistics after the simulation. |
359 |
.\"For non-MIPS emulation (i.e. using dyntrans): Save statistics to a file |
360 |
.\"at regular intervals of which physical addresses that were executed. |
361 |
.It Fl V |
362 |
Start up in the single-step debugger, paused. |
363 |
.It Fl v |
364 |
Increase verbosity (show more debug messages). This option can be used |
365 |
multiple times. |
366 |
.El |
367 |
.Pp |
368 |
Configuration file startup: |
369 |
.Bl -tag -width Ds |
370 |
.It @ Ar configfile |
371 |
Start an emulation based on the contents of |
372 |
.Ar "configfile". |
373 |
.El |
374 |
.Pp |
375 |
For more information, please read the documentation in the doc/ |
376 |
subdirectory of the |
377 |
.Nm |
378 |
distribution. |
379 |
.Sh EXAMPLES |
380 |
The following command will start NetBSD/pmax on an emulated DECstation |
381 |
5000/200 (3MAX): |
382 |
.Pp |
383 |
.Dl "gxemul -e 3max -d nbsd_pmax.img" |
384 |
.Pp |
385 |
nbsd_pmax.img should be a raw disk image containing a bootable |
386 |
NetBSD/pmax filesystem. |
387 |
.Pp |
388 |
The following command will start an emulation session based on settings in |
389 |
the configuration file "mysession". The -v option tells gxemul to be |
390 |
verbose. |
391 |
.Pp |
392 |
.Dl "gxemul -v @mysession" |
393 |
.Pp |
394 |
If you have compiled the small Hello World program mentioned in the |
395 |
.Nm |
396 |
documentation, the following command will start up an |
397 |
emulated test machine in "paused" mode: |
398 |
.Pp |
399 |
.Dl "gxemul -E testmips -V hello_mips" |
400 |
.Pp |
401 |
Paused mode means that you enter the interactive single-step debugger |
402 |
directly at startup, instead of launching the Hello World program. |
403 |
.Pp |
404 |
The paused mode is also what should be used when running "unknown" files |
405 |
for the first time in the emulator. E.g. if you have a binary which you |
406 |
think is some kind of MIPS ROM image, then you can try the following: |
407 |
.Pp |
408 |
.Dl "gxemul -vv -E baremips -V 0xbfc00000:image.raw" |
409 |
.Pp |
410 |
You can then use the single-stepping functionality of the built-in |
411 |
debugger to run the code in the ROM image, to see how it behaves. Based on |
412 |
that, you can deduce what machine type it was actually from (the |
413 |
baremips machine is not a real machine), and perhaps try again with |
414 |
another emulation mode. |
415 |
.Pp |
416 |
In general, however, real ROM images require much more emulation detail |
417 |
than GXemul provides, so they can usually not run. |
418 |
.Pp |
419 |
Please read the documentation for more details. |
420 |
.Sh BUGS |
421 |
There are many bugs. Some of the known bugs are mentioned in the TODO |
422 |
file in the |
423 |
.Nm |
424 |
source distribution, some are marked as TODO in the source code itself. |
425 |
.Pp |
426 |
Userland (syscall-only) emulation doesn't really work yet. |
427 |
.Pp |
428 |
The documentation sometimes only reflects the way things worked with |
429 |
the old MIPS emulation mode (prior to 0.4.0), and it is incorrect when |
430 |
applied to current releases. |
431 |
.Pp |
432 |
.Nm |
433 |
is in general not cycle-accurate; it does not simulate individual |
434 |
pipe-line stages or penalties caused by branch-prediction misses or |
435 |
cache misses, so it cannot be used for accurate simulation of any actual |
436 |
real-world processor. |
437 |
.Pp |
438 |
.Nm |
439 |
is not timing-accurate, i.e. clocks inside the emulator are in general |
440 |
not at all synched with clocks in the real world. There are a few |
441 |
exceptions to this rule (the mc146818 device tries to automagically |
442 |
adjust emulated timer ticks to actual emulation speed). |
443 |
.Sh AUTHOR |
444 |
GXemul is Copyright (C) 2003-2006 Anders Gavare <anders@gavare.se> |
445 |
.Pp |
446 |
See http://gavare.se/gxemul/ for more information. For other Copyright |
447 |
messages, see the corresponding parts of the source code and/or |
448 |
documentation. |