/[gxemul]/trunk/man/gxemul.1

This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!

Diff of /trunk/man/gxemul.1

Parent Directory | Revision Log | View Patch Patch

-revision 10 by dpavlin,
Mon Oct  8 16:18:27 2007 UTC
+revision 28 by dpavlin,
Mon Oct  8 16:20:26 2007 UTC
 Line 1
- .\" $Id: gxemul.1,v 1.24 2005/06/26 10:05:02 debug Exp $
+ .\" $Id: gxemul.1,v 1.68 2006/07/16 13:32:24 debug Exp $
  .\"
- .\" Copyright (C) 2004-2005  Anders Gavare.  All rights reserved.
+ .\" Copyright (C) 2004-2006  Anders Gavare.  All rights reserved.
  .\"
  .\" Redistribution and use in source and binary forms, with or without
  .\" modification, are permitted provided that the following conditions are met:
 Line 29
  .\" This is a minimal man page for GXemul. Process this file with
  .\"     groff -man -Tascii gxemul.1    or    nroff -man gxemul.1
  .\"
- .Dd JUNE 2005
+ .Dd JULY 2006
  .Dt GXEMUL 1
  .Os
  .Sh NAME
 Line 41
  .Op file Ar ...
  .Nm
  .Op general options
- .Op Ar @configfile ...
+ .Ar @configfile
- .Nm
+ .\" TODO: Reenable this once userland emulation works:
- .Op userland, other, and general options
+ .\" .Nm
- .Ar file Op Ar args ...
+ .\" .Op userland, other, and general options
+ .\" .Ar file Op Ar args ...
  .Sh DESCRIPTION
  .Nm
- is an experimental instruction-level machine emulator. It can be used to
+ is an experimental instruction-level machine emulator. Several
- run binary code for (among others) MIPS-based machines, regardless of host
+ emulation modes are available. In some modes, processors and surrounding
- platform. Several emulation modes are available. For some modes,
+ hardware components are emulated well enough to let unmodified operating
- processors and surrounding hardware components are emulated well enough to
+ systems (e.g. NetBSD) run inside the emulator as if they were running on a
- let unmodified operating systems (e.g. NetBSD) run as if they were running
+ real machine.
- on a real machine.
+ .Pp
- .Pp
+ Processors (ARM, MIPS, PowerPC) are emulated using dynamic translation.
- There are three ways to invoke the emulator. When emulating a
+ However, unlike some other dynamically translating emulators, GXemul does
- complete machine, settings can be entered directly on the command line, or
+ not currently generate native code, only a "runnable intermediate
- they can be read from a configuration file. When emulating a userland
+ representation", and will thus run on any host architecture, without the
- environment (syscall-only emulation, not emulating complete machines),
+ need to implement per-architecture backends.
- then the program name and its argument should be given on the command
+ .Pp
- line.
+ The emulator can be invoked in the following ways:
+ .Pp
+. When emulating a complete machine, configuration options can be entered
+ directly on the command line.
+ .Pp
+. Options can be read from a configuration file.
+ .\" .Pp
+ .\" 3. When emulating a userland environment (syscall-only emulation, not
+ .\" emulating complete machines), then the program name and its argument
+ .\" should be given on the command line. (This mode doesn't really work yet,
+ .\" and is disabled for stable release builds.)
  .Pp
  The easiest way to use the emulator is to supply settings directly on the
  command line. The most important thing you need to supply is the
- file argument. This is the name of a binary file (an ELF, a.out, ECOFF,
+ file argument. This is the name of a binary file (an ELF, a.out, COFF/ECOFF,
  SREC, or a raw binary image) which you wish to run in the emulator. This file
  might be an operating system kernel, or perhaps a ROM image file.
  .Pp
-Line 92 
 the
+Line 103 
 the
  option to indicate which file on the CDROM filesystem that should be
  loaded into emulated memory.
  .Pp
+ Gzipped kernels are automatically unzipped, by calling the external gunzip
+ program, both when specifying a gzipped file directly on the command line
+ and when loading such a file using the
+ .Fl j
+ option.
+ .Pp
  Machine selection options:
  .Bl -tag -width Ds
  .It Fl E Ar t
  Try to emulate machine type
  .Ar "t".
+ This option is not always needed, if the
+ .Fl e
+ option uniquely selects a machine.
  (Use
  .Fl H
  to get a list of types.)
-Line 110 
 Use this together with
+Line 130 
 Use this together with
  .Pp
  Other options:
  .Bl -tag -width Ds
- .It Fl B
- Disable dynamic binary translation. By default, bintrans
- will be turned on if the host+target architecture combination is
- supported.
  .It Fl C Ar x
  Try to emulate a specific CPU type,
  .Ar "x".
-Line 121 
 This overrides the default CPU type for
+Line 137 
 This overrides the default CPU type for
  (Use
  .Fl H
  to get a list of available CPU types.)
- .It Fl d Ar name
+ .It Fl d Ar [modifiers:]filename
  Add
- .Ar name
+ .Ar filename
  as a disk image. By adding one or more modifier characters and then a
  colon (":") as a prefix to
- .Ar "name",
+ .Ar filename,
  you can modify the way the disk image is treated. Available modifiers are:
  .Bl -tag -width Ds
  .It b
-Line 141 
 FLOPPY.
+Line 157 
 FLOPPY.
  Override the default geometry; use H heads and S sectors-per-track.
  (The number of cylinders is calculated automatically.)
  .It i
- IDE.
+ IDE. (This is the default for most machine types.)
  .It r
  Read-only (don't allow changes to be written to the file).
  .It s
- SCSI (this is the default for most machine types).
+ SCSI.
  .It t
  Tape.
  .It 0-7
  Force a specific ID number.
  .El
  .Pp
- Unless otherwise specified, filenames ending with ".iso" are assumed to be
+ For SCSI devices, the ID number is the SCSI ID. For IDE harddisks, the ID
- CDROM images. Most others are assumed to be disks. Depending on which
+ number has the following meaning:
- machine is being emulated, the default for disks can be either SCSI or
+ .Bl -tag -width Ds
- IDE. Some disk images that are very small are assumed to be floppy disks.
+ .It 0
- (If you are not happy with the way a disk image is detected, then you need
+ Primary master.
- to use explicit prefixes to force a specific type.)
+ .It 1
+ Primary slave.
+ .It 2
+ Secondary master.
+ .It 3
+ Secondary slave.
+ .El
+ .Pp
+ Unless otherwise specified, filenames ending with ".iso" or ".cdr" are
+ assumed to be CDROM images. Most others are assumed to be disks. Depending
+ on which machine is being emulated, the default for disks can be either
+ SCSI or IDE. Some disk images that are very small are assumed to be floppy
+ disks. (If you are not happy with the way a disk image is detected, then
+ you need to use explicit prefixes to force a specific type.)
  .Pp
  For floppies, the gH;S; prefix is ignored. Instead, the number of
  heads and cylinders are assumed to be 2 and 80, respectively, and the
  number of sectors per track is calculated automatically. (This works for
 KB, 1.2MB, 1.44MB, and 2.88MB floppies.)
+ .It Fl G Ar port
+ Pause at startup, and listen to TCP port
+ .Ar port
+ for incoming remote GDB connections. The emulator starts up in paused
+ mode, and it is up to the remote GDB instance to start the session.
  .It Fl I Ar x
  Emulate clock interrupts at
  .Ar x
-Line 170 
 Hz. (This affects emulated clock devices
+Line 204 
 Hz. (This affects emulated clock devices
  This disables automatic clock adjustments, which is otherwise turned on.)
  (This option is probably only valid for DECstation emulation.)
  .It Fl i
- Display each instruction as it is being executed.
+ Enable instruction trace, i.e. display disassembly of each instruction as
+ it is being executed.
  .It Fl J
- Disable some speed tricks.
+ Disable instruction combinations in the dynamic translator.
  .It Fl j Ar n
  Set the name of the kernel to
  .Ar "n".
  When booting from an ISO9660 filesystem, the emulator will try to boot
  using this file. (In some emulation modes, eg. DECstation, this name is passed
  along to the boot program. Useful names are "bsd" for OpenBSD/pmax,
- or "vmunix" for Ultrix.)
+ "vmunix" for Ultrix, or "vmsprite" for Sprite.)
  .It Fl M Ar m
  Emulate
  .Ar m
  MBs of physical RAM. This overrides the default amount of RAM for the
  selected machine type.
- .It Fl m Ar nr
- Run at most
- .Ar nr
- instructions (on any cpu).
  .It Fl N
- Display nr of instructions/second average, at regular intervals.
+ Display the number of executed instructions per second on average, at
+ regular intervals.
  .It Fl n Ar nr
- Set nr of CPUs (for SMP experiments).
+ Set the number of processors in the machine, for SMP experiments.
+ .Pp
+ Note 1: The emulator allocates quite a lot of virtual memory for
+ per-CPU translation tables. On 64-bit hosts, this is normally not a
+ problem. On 32-bit hosts, this can use up all available virtual userspace
+ memory. The solution is to either run the emulator on a 64-bit host,
+ or limit the number of emulated CPUs to a reasonably low number.
+ .Pp
+ Note 2: SMP simulation is not working very well yet; multiple processors
+ are simulated, but synchronization between the processors does not map
+ very well to how real-world SMP systems work.
  .It Fl O
  Force a "netboot" (tftp instead of disk), even when a disk image is
  present (for DECstation, SGI, and ARC emulation).
  .It Fl o Ar arg
- Set the boot argument (for DEC, ARC, or SGI emulation).
+ Set the boot argument (mostly useful for DEC, ARC, or SGI emulation).
  Default
  .Ar arg
- for DEC is "-a", for ARC "-aN".
+ for DEC is "-a", for ARC/SGI it is "-aN", and for CATS it is "-A".
  .It Fl p Ar pc
- Add a breakpoint. (Remember to use the "0x" prefix for hex.)
+ Add a breakpoint.
+ .Ar pc
+ can be a symbol, or a numeric value. (Remember to use the "0x" prefix for
+ hexadecimal values.)
  .It Fl Q
- Disable the built-in PROM emulation. This is useful for running raw ROM
+ Disable the built-in (software-only) PROM emulation. This option is useful
- images from real machines.
+ for experimenting with running raw ROM images from real machines. The default
+ behaviour of the emulator is to "fake" certain PROM calls used by guest
+ operating systems (e.g. NetBSD), so that no real PROM image is needed.
  .It Fl R
- Use a random bootstrap cpu, instead of CPU nr 0. (For SMP experiments.)
+ Use a random bootstrap cpu, instead of CPU nr 0. (This option is only
+ meaningful together with the
+ .Fl n
+ option.)
  .It Fl r
  Dump register contents for every executed instruction.
  .It Fl S
- Initialize the emulated RAM to random data, instead of zeroes.
+ Initialize emulated RAM to random data, instead of zeroes. This option
- .It Fl T
+ is useful when trying to trigger bugs in a program that occur because the
- Enter the single-step debugger on unimplemented memory accesses.
+ program assumed that uninitialized memory contains zeros. (Use with
+ care.)
+ .It Fl s Ar flags:filename
+ Gather statistics based on the current emulated program counter value,
+ while the program executes. The statistics is actually just a raw dump of
+ all program counter values in sequence, suitable for post-analysis with
+ separate tools. Output is appended to
+ .Ar filename.
+ .Pp
+ The
+ .Ar flags
+ should include one or more of the following type specifiers:
+ .Bl -tag -width Ds
+ .It v
+ Virtual. This means that the program counter value is used.
+ .It p
+ Physical. This means that the physical address of where the program
+ is actually running is used.
+ .It i
+ Instruction call. This type of statistics gathering is practically only
+ useful during development of the emulator itself. The output is a list of
+ addresses of instruction call functions (ic->f), which after some
+ post-processing can be used as a basis for deciding when to implement
+ instruction combinations.
+ .El
+ .Pp
+ The
+ .Ar flags
+ may also include the following optional modifiers:
+ .Bl -tag -width Ds
+ .It d
+ Disabled at startup.
+ .It o
+ Overwrite the file, instead of appending to it.
+ .El
+ .Pp
+ .\" Statistics gathering can be enabled/disabled at runtime by using the
+ .\" "TODO" debugger command.
+ .\" .Pp
+ When gathering instruction statistics using the
+ .Fl s
+ option, instruction combinations are always disabled (i.e.
+ an implicit
+ .Fl J
+ is added to the command line).
+ .Pp
+ If a value is missing (e.g. the end-of-page slot does not really have a
+ known physical address), it is written out as just a dash ("-").
  .It Fl t
  Show a trace tree of all function calls being made.
  .It Fl U
  Enable slow_serial_interrupts_hack_for_linux.
  .It Fl X
- Use X11.
+ Use X11. This option enables graphical framebuffers.
  .It Fl x
- Open up new xterms for emulated serial ports. (Default is to open up
+ Open up new xterms for emulated serial ports. The default behaviour is to
- xterms when using configuration files, but not when starting an
+ open up xterms when using configuration files, or if X11 is enabled. When
- emulation with settings directly on the command line.)
+ starting up a simple emulation session with settings directly on the
+ command line, and neither
+ .Fl X
+ nor
+ .Fl x
+ is used, then all output is confined to the terminal that
+ .Nm
+ started in.
  .It Fl Y Ar n
  Scale down framebuffer windows by
  .Ar n
  x
  .Ar n
- times.
+ times. This option is useful when emulating a very large framebuffer, and
- .It Fl y Ar x
+ the actual display is of lower resolution. If
- Set max_random_cycles_per_chunk to
+ .Ar n
- .Ar x
+ is negative, then there will be no scaledown, but emulation of certain
- (experimental).
+ graphic controllers will be scaled up
+ by
+ .Ar -n
+ times instead. E.g. Using
+ .Ar -2
+ with VGA text mode emulation will result in 80x25 character cells rendered
+ in a 1280x800 window, instead of the normal resolution of 640x400.
  .It Fl Z Ar n
  Set the number of graphics cards, for emulating a dual-head or tripple-head
  environment. (Only for DECstation emulation so far.)
-Line 243 
 Add
+Line 353 
 Add
  as an X11 display to use for framebuffers.
  .El
  .Pp
- Userland options:
+ .\" Userland options:
- .Bl -tag -width Ds
+ .\" .Bl -tag -width Ds
- .It Fl u Ar emul-mode
+ .\" .It Fl u Ar emul-mode
- Userland-only (syscall) emulation. (Use
+ .\" Userland-only (syscall) emulation. (Use
- .Fl H
+ .\" .Fl H
- to get a list of available emulation modes.) Some (but not all) of the
+ .\" to get a list of available emulation modes.) Some (but not all) of the
- options listed under Other options above can also be used with userland
+ .\" options listed under Other options above can also be used with
- emulation.
+ .\" userland emulation.
- .El
+ .\" .El
- .Pp
+ .\" .Pp
  General options:
  .Bl -tag -width Ds
+ .It Fl c Ar cmd
+ Add
+ .Ar cmd
+ as a command to run before starting the simulation. A similar effect can
+ be achieved by using the
+ .Fl V
+ option, and entering the commands manually.
  .It Fl D
  Guarantee fully deterministic behavior. Normally, the emulator calls
  srandom() with a seed based on the current time at startup. When the
-Line 270 
 Display a list of available CPU types, m
+Line 387 
 Display a list of available CPU types, m
  emulation modes. (Most of these don't work. Please read the documentation
  included in the
  .Nm
- distribution for details on which modes that actually work.)
+ distribution for details on which modes that actually work. Userland
+ emulation is not included in stable release builds, since it doesn't work
+ yet.)
  .It Fl h
  Display a list of all available command line options.
  .It Fl K
  Force the single-step debugger to be entered at the end of a simulation.
  .It Fl q
  Quiet mode; this suppresses startup messages.
- .It Fl s
+ .\".It Fl s
- Show opcode usage statistics after the simulation.
+ .\"For MIPS emulation: Show opcode usage statistics after the simulation.
+ .\"For non-MIPS emulation (i.e. using dyntrans): Save statistics to a file
+ .\"at regular intervals of which physical addresses that were executed.
  .It Fl V
  Start up in the single-step debugger, paused.
  .It Fl v
- Verbose debug messages.
+ Increase verbosity (show more debug messages). This option can be used
+ multiple times.
  .El
  .Pp
  Configuration file startup:
-Line 300 
 distribution.
+Line 422 
 distribution.
  The following command will start NetBSD/pmax on an emulated DECstation
 /200 (3MAX):
  .Pp
- .Dl "gxemul -E dec -e 3max -d nbsd_pmax.img"
+ .Dl "gxemul -e 3max -d nbsd_pmax.img"
  .Pp
  nbsd_pmax.img should be a raw disk image containing a bootable
  NetBSD/pmax filesystem.
-Line 318 
 emulated test machine in "paused" mode:
+Line 440 
 emulated test machine in "paused" mode:
  .Pp
  .Dl "gxemul -E testmips -V hello_mips"
  .Pp
- (Paused mode means that you enter the interactive single-step debugger
+ Paused mode means that you enter the interactive single-step debugger
- directly at startup, instead of launching the Hello World program.)
+ directly at startup, instead of launching the Hello World program.
+ .Pp
+ The paused mode is also what should be used when running "unknown" files
+ for the first time in the emulator. E.g. if you have a binary which you
+ think is some kind of MIPS ROM image, then you can try the following:
+ .Pp
+ .Dl "gxemul -vv -E baremips -V 0xbfc00000:image.raw"
+ .Pp
+ You can then use the single-stepping functionality of the built-in
+ debugger to run the code in the ROM image, to see how it behaves. Based on
+ that, you can deduce what machine type it was actually from (the
+ baremips machine is not a real machine), and perhaps try again with
+ another emulation mode.
+ .Pp
+ In general, however, real ROM images require much more emulation detail
+ than GXemul provides, so they can usually not run.
  .Pp
  Please read the documentation for more details.
  .Sh BUGS
- There are many bugs. Some of the known bugs are listed in the BUGS
+ There are many bugs. Some of the known bugs are mentioned in the TODO
  file in the
  .Nm
- source distribution, some are indirectly mentioned in the TODO file.
+ source distribution, some are marked as TODO in the source code itself.
+ .Pp
+ Userland (syscall-only) emulation doesn't really work yet.
  .Pp
- The binary translation subsystem is really terrible, but it is less
+ The documentation sometimes only reflects the way things worked with
- terrible than running without it.
+ the old MIPS emulation mode (prior to 0.4.0), and it is incorrect when
+ applied to current releases.
  .Pp
  .Nm
- does not simulate individual pipe-line stages or penalties caused by
+ is in general not cycle-accurate; it does not simulate individual
- branch-prediction misses or cache misses, so it cannot be used for
+ pipe-line stages or penalties caused by branch-prediction misses or
- accurate performance measurement.
+ cache misses, so it cannot be used for accurate simulation of any actual
+ real-world processor.
  .Pp
  .Nm
- is not timing-accurate.
+ is not timing-accurate, i.e. clocks inside the emulator are in general
+ not at all synched with clocks in the real world. There are a few
+ exceptions to this rule (the mc146818 device tries to automagically
+ adjust emulated timer ticks to actual emulation speed).
  .Sh AUTHOR
- Anders Gavare <anders@gavare.se>
+ GXemul is Copyright (C) 2003-2006 Anders Gavare <anders@gavare.se>
  .Pp
- See http://gavare.se/gxemul/ for more information.
+ See http://gavare.se/gxemul/ for more information. For other Copyright
+ messages, see the corresponding parts of the source code and/or
+ documentation.

 Legend:



Removed from v.10
 


changed lines


 
Added in v.28
 Legend:



Removed from v.10
 


changed lines


 
Added in v.28
-Removed from v.10
+Added in v.28

	ViewVC Help
Powered by ViewVC 1.1.26