/[gxemul]/trunk/man/gxemul.1

This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!

Diff of /trunk/man/gxemul.1

Parent Directory | Revision Log | View Patch Patch

-revision 16 by dpavlin,
Mon Oct  8 16:19:01 2007 UTC
+revision 32 by dpavlin,
Mon Oct  8 16:20:58 2007 UTC
 Line 1
- .\" $Id: gxemul.1,v 1.34 2005/10/11 03:53:58 debug Exp $
+ .\" $Id: gxemul.1,v 1.76 2006/11/04 06:40:20 debug Exp $
  .\"
- .\" Copyright (C) 2004-2005  Anders Gavare.  All rights reserved.
+ .\" Copyright (C) 2004-2006  Anders Gavare.  All rights reserved.
  .\"
  .\" Redistribution and use in source and binary forms, with or without
  .\" modification, are permitted provided that the following conditions are met:
 Line 29
  .\" This is a minimal man page for GXemul. Process this file with
  .\"     groff -man -Tascii gxemul.1    or    nroff -man gxemul.1
  .\"
- .Dd OCTOBER 2005
+ .Dd NOVEMBER 2006
  .Dt GXEMUL 1
  .Os
  .Sh NAME
 Line 42
  .Nm
  .Op general options
  .Ar @configfile
- .Nm
+ .\" TODO: Reenable this once userland emulation works:
- .Op userland, other, and general options
+ .\" .Nm
- .Ar file Op Ar args ...
+ .\" .Op userland, other, and general options
+ .\" .Ar file Op Ar args ...
  .Sh DESCRIPTION
  .Nm
  is an experimental instruction-level machine emulator. Several
  emulation modes are available. In some modes, processors and surrounding
  hardware components are emulated well enough to let unmodified operating
- systems (e.g. NetBSD) run as if they were running on a real machine.
+ systems (e.g. NetBSD) run inside the emulator as if they were running on a
+ real machine.
  .Pp
- The processor architecture best emulated by GXemul is MIPS, but other
+ Processors (ARM, MIPS, PowerPC, SuperH) are emulated using dynamic translation.
- architectures are also partially emulated.
+ However, unlike some other dynamically translating emulators, GXemul does
+ not currently generate native code, only a "runnable intermediate
+ representation", and will thus run on any host architecture, without the
+ need to implement per-architecture backends.
  .Pp
- There are three ways to invoke the emulator:
+ The emulator can be invoked in the following ways:
  .Pp
 . When emulating a complete machine, configuration options can be entered
  directly on the command line.
  .Pp
 . Options can be read from a configuration file.
- .Pp
+ .\" .Pp
-. When emulating a userland environment (syscall-only emulation, not
+ .\" 3. When emulating a userland environment (syscall-only emulation, not
- emulating complete machines), then the program name and its argument
+ .\" emulating complete machines), then the program name and its argument
- should be given on the command line. (This mode doesn't really work yet.)
+ .\" should be given on the command line. (This mode doesn't really work yet,
+ .\" and is disabled for stable release builds.)
  .Pp
  The easiest way to use the emulator is to supply settings directly on the
  command line. The most important thing you need to supply is the
-Line 97 
 the
+Line 103 
 the
  option to indicate which file on the CDROM filesystem that should be
  loaded into emulated memory.
  .Pp
+ Gzipped kernels are automatically unzipped, by calling the external gunzip
+ program, both when specifying a gzipped file directly on the command line
+ and when loading such a file using the
+ .Fl j
+ option.
+ .Pp
  Machine selection options:
  .Bl -tag -width Ds
  .It Fl E Ar t
-Line 118 
 Use this together with
+Line 130 
 Use this together with
  .Pp
  Other options:
  .Bl -tag -width Ds
- .It Fl A
- Disable load/store alignment checks in some cases. This might give a small
- increase in performance, but the emulator will not run correctly if the
- emulated code actually tries to do unaligned loads or stores. (This option
- is only meaningful when emulating MIPS CPUs, when the host architecture is
- Alpha or i386, and binary translation is enabled.)
- .It Fl B
- Disable dynamic binary translation. By default, bintrans
- will be turned on if the host+target architecture combination is
- supported. Currently, the only supported target architecture for bintrans
- is MIPS, and the supported host architectures are Alpha and i386.
  .It Fl C Ar x
  Try to emulate a specific CPU type,
  .Ar "x".
-Line 136 
 This overrides the default CPU type for
+Line 137 
 This overrides the default CPU type for
  (Use
  .Fl H
  to get a list of available CPU types.)
- .It Fl d Ar name
+ .It Fl d Ar [modifiers:]filename
  Add
- .Ar name
+ .Ar filename
  as a disk image. By adding one or more modifier characters and then a
  colon (":") as a prefix to
- .Ar "name",
+ .Ar filename,
  you can modify the way the disk image is treated. Available modifiers are:
  .Bl -tag -width Ds
  .It b
-Line 156 
 FLOPPY.
+Line 157 
 FLOPPY.
  Override the default geometry; use H heads and S sectors-per-track.
  (The number of cylinders is calculated automatically.)
  .It i
- IDE.
+ IDE. (This is the default for most machine types.)
  .It r
  Read-only (don't allow changes to be written to the file).
  .It s
- SCSI (this is the default for most machine types).
+ SCSI.
  .It t
  Tape.
  .It 0-7
  Force a specific ID number.
  .El
  .Pp
+ For SCSI devices, the ID number is the SCSI ID. For IDE harddisks, the ID
+ number has the following meaning:
+ .Bl -tag -width Ds
+ .It 0
+ Primary master.
+ .It 1
+ Primary slave.
+ .It 2
+ Secondary master.
+ .It 3
+ Secondary slave.
+ .El
+ .Pp
  Unless otherwise specified, filenames ending with ".iso" or ".cdr" are
  assumed to be CDROM images. Most others are assumed to be disks. Depending
  on which machine is being emulated, the default for disks can be either
-Line 178 
 For floppies, the gH;S; prefix is ignore
+Line 192 
 For floppies, the gH;S; prefix is ignore
  heads and cylinders are assumed to be 2 and 80, respectively, and the
  number of sectors per track is calculated automatically. (This works for
 KB, 1.2MB, 1.44MB, and 2.88MB floppies.)
- .It Fl I Ar x
+ .It Fl G Ar port
- Emulate clock interrupts at
+ Pause at startup, and listen to TCP port
- .Ar x
+ .Ar port
- Hz. (This affects emulated clock devices only, not actual runtime speed.
+ for incoming remote GDB connections. The emulator starts up in paused
- This disables automatic clock adjustments, which is otherwise turned on.)
+ mode, and it is up to the remote GDB instance to start the session.
- (This option is probably only valid for DECstation emulation.)
+ .It Fl I Ar hz
+ Set the main CPUs frequency to
+ .Ar hz
+ Hz. This option does not work for all emulated machine modes. It affects
+ the way count/compare interrupts are faked to simulate emulated time =
+ real world time. If the guest operating system relies on RTC interrupts
+ instead of count/compare interrupts, then this option has no effect.
+ .Pp
+ Setting the frequency to zero disables automatic synchronization of
+ emulated time vs real world time, and the count/compare system runs at a
+ fixed rate.
  .It Fl i
- Display each instruction as it is being executed.
+ Enable instruction trace, i.e. display disassembly of each instruction as
+ it is being executed.
  .It Fl J
- Disable some speed tricks.
+ Disable instruction combinations in the dynamic translator.
  .It Fl j Ar n
  Set the name of the kernel to
  .Ar "n".
  When booting from an ISO9660 filesystem, the emulator will try to boot
  using this file. (In some emulation modes, eg. DECstation, this name is passed
  along to the boot program. Useful names are "bsd" for OpenBSD/pmax,
- or "vmunix" for Ultrix.)
+ "vmunix" for Ultrix, or "vmsprite" for Sprite.)
  .It Fl M Ar m
  Emulate
  .Ar m
  MBs of physical RAM. This overrides the default amount of RAM for the
  selected machine type.
- .It Fl m Ar nr
- Run at most
- .Ar nr
- instructions (on any cpu).
  .It Fl N
- Display nr of instructions/second average, at regular intervals.
+ Display the number of executed instructions per second on average, at
+ regular intervals.
  .It Fl n Ar nr
- Set nr of CPUs (for SMP experiments).
+ Set the number of processors in the machine, for SMP experiments.
+ .Pp
+ Note 1: The emulator allocates quite a lot of virtual memory for
+ per-CPU translation tables. On 64-bit hosts, this is normally not a
+ problem. On 32-bit hosts, this can use up all available virtual userspace
+ memory. The solution is to either run the emulator on a 64-bit host,
+ or limit the number of emulated CPUs to a reasonably low number.
+ .Pp
+ Note 2: SMP simulation is not working very well yet; multiple processors
+ are simulated, but synchronization between the processors does not map
+ very well to how real-world SMP systems work.
  .It Fl O
  Force a "netboot" (tftp instead of disk), even when a disk image is
  present (for DECstation, SGI, and ARC emulation).
-Line 217 
 Default
+Line 249 
 Default
  .Ar arg
  for DEC is "-a", for ARC/SGI it is "-aN", and for CATS it is "-A".
  .It Fl p Ar pc
- Add a breakpoint. (Remember to use the "0x" prefix for hex.)
+ Add a breakpoint.
+ .Ar pc
+ can be a symbol, or a numeric value. (Remember to use the "0x" prefix for
+ hexadecimal values.)
  .It Fl Q
- Disable the built-in PROM emulation. This is useful for running raw ROM
+ Disable the built-in (software-only) PROM emulation. This option is useful
- images from real machines.
+ for experimenting with running raw ROM images from real machines. The default
+ behaviour of the emulator is to "fake" certain PROM calls used by guest
+ operating systems (e.g. NetBSD), so that no real PROM image is needed.
  .It Fl R
- Use a random bootstrap cpu, instead of CPU nr 0. (For SMP experiments.)
+ Use a random bootstrap cpu, instead of CPU nr 0. (This option is only
+ meaningful together with the
+ .Fl n
+ option.)
  .It Fl r
  Dump register contents for every executed instruction.
  .It Fl S
- Initialize the emulated RAM to random data, instead of zeroes.
+ Initialize emulated RAM to random data, instead of zeroes. This option
- .It Fl T
+ is useful when trying to trigger bugs in a program that occur because the
- Enter the single-step debugger on unimplemented memory accesses.
+ program assumed that uninitialized memory contains zeros. (Use with
+ care.)
+ .It Fl s Ar flags:filename
+ Gather statistics based on the current emulated program counter value,
+ while the program executes. The statistics is actually just a raw dump of
+ all program counter values in sequence, suitable for post-analysis with
+ separate tools. Output is appended to
+ .Ar filename.
+ .Pp
+ The
+ .Ar flags
+ should include one or more of the following type specifiers:
+ .Bl -tag -width Ds
+ .It v
+ Virtual. This means that the program counter value is used.
+ .It p
+ Physical. This means that the physical address of where the program
+ is actually running is used.
+ .It i
+ Instruction call. This type of statistics gathering is practically only
+ useful during development of the emulator itself. The output is a list of
+ addresses of instruction call functions (ic->f), which after some
+ post-processing can be used as a basis for deciding when to implement
+ instruction combinations.
+ .El
+ .Pp
+ The
+ .Ar flags
+ may also include the following optional modifiers:
+ .Bl -tag -width Ds
+ .It d
+ Disabled at startup.
+ .It o
+ Overwrite the file, instead of appending to it.
+ .El
+ .Pp
+ .\" Statistics gathering can be enabled/disabled at runtime by using the
+ .\" "TODO" debugger command.
+ .\" .Pp
+ When gathering instruction statistics using the
+ .Fl s
+ option, instruction combinations are always disabled (i.e.
+ an implicit
+ .Fl J
+ is added to the command line).
+ .Pp
+ If a value is missing (e.g. the end-of-page slot does not really have a
+ known physical address), it is written out as just a dash ("-").
  .It Fl t
  Show a trace tree of all function calls being made.
  .It Fl U
  Enable slow_serial_interrupts_hack_for_linux.
  .It Fl X
- Use X11.
+ Use X11. This option enables graphical framebuffers.
  .It Fl x
- Open up new xterms for emulated serial ports. (Default is to open up
+ Open up new xterms for emulated serial ports. The default behaviour is to
- xterms when using configuration files, but not when starting an
+ open up xterms when using configuration files, or if X11 is enabled. When
- emulation with settings directly on the command line.)
+ starting up a simple emulation session with settings directly on the
+ command line, and neither
+ .Fl X
+ nor
+ .Fl x
+ is used, then all output is confined to the terminal that
+ .Nm
+ started in.
  .It Fl Y Ar n
  Scale down framebuffer windows by
  .Ar n
  x
  .Ar n
- times.
+ times. This option is useful when emulating a very large framebuffer, and
- .It Fl y Ar x
+ the actual display is of lower resolution. If
- Set max_random_cycles_per_chunk to
+ .Ar n
- .Ar x
+ is negative, then there will be no scaledown, but emulation of certain
- (experimental).
+ graphic controllers will be scaled up
+ by
+ .Ar -n
+ times instead. E.g. Using
+ .Ar -2
+ with VGA text mode emulation will result in 80x25 character cells rendered
+ in a 1280x800 window, instead of the normal resolution of 640x400.
  .It Fl Z Ar n
  Set the number of graphics cards, for emulating a dual-head or tripple-head
  environment. (Only for DECstation emulation so far.)
-Line 258 
 Add
+Line 358 
 Add
  as an X11 display to use for framebuffers.
  .El
  .Pp
- Userland options:
+ .\" Userland options:
- .Bl -tag -width Ds
+ .\" .Bl -tag -width Ds
- .It Fl u Ar emul-mode
+ .\" .It Fl u Ar emul-mode
- Userland-only (syscall) emulation. (Use
+ .\" Userland-only (syscall) emulation. (Use
- .Fl H
+ .\" .Fl H
- to get a list of available emulation modes.) Some (but not all) of the
+ .\" to get a list of available emulation modes.) Some (but not all) of the
- options listed under Other options above can also be used with userland
+ .\" options listed under Other options above can also be used with
- emulation.
+ .\" userland emulation.
- .El
+ .\" .El
- .Pp
+ .\" .Pp
  General options:
  .Bl -tag -width Ds
+ .It Fl c Ar cmd
+ Add
+ .Ar cmd
+ as a command to run before starting the simulation. A similar effect can
+ be achieved by using the
+ .Fl V
+ option, and entering the commands manually.
  .It Fl D
- Guarantee fully deterministic behavior. Normally, the emulator calls
+ Causes the emulator to skip a call to srandom(). This leads to somewhat
- srandom() with a seed based on the current time at startup. When the
+ more deterministic behaviour than running without this option.
- .Fl D
+ However, if the emulated machine has clocks or timer interrupt sources,
- option is used, the srandom() call is skipped, which should cause two
+ or if user interaction is taking place (e.g. keyboard input at irregular
- subsequent invocations of the emulator to be identical, if all other
+ intervals), then this option is meaningless.
- settings are identical and no user input is taking place. (If this option
- is used, then
- .Fl I
- must also be used.)
  .It Fl H
  Display a list of available CPU types, machine types, and userland
  emulation modes. (Most of these don't work. Please read the documentation
  included in the
  .Nm
- distribution for details on which modes that actually work.)
+ distribution for details on which modes that actually work. Userland
+ emulation is not included in stable release builds, since it doesn't work
+ yet.)
  .It Fl h
  Display a list of all available command line options.
  .It Fl K
  Force the single-step debugger to be entered at the end of a simulation.
  .It Fl q
  Quiet mode; this suppresses startup messages.
- .It Fl s
+ .\".It Fl s
- Show opcode usage statistics after the simulation.
+ .\"For MIPS emulation: Show opcode usage statistics after the simulation.
+ .\"For non-MIPS emulation (i.e. using dyntrans): Save statistics to a file
+ .\"at regular intervals of which physical addresses that were executed.
  .It Fl V
  Start up in the single-step debugger, paused.
  .It Fl v
- Verbose debug messages.
+ Increase verbosity (show more debug messages). This option can be used
+ multiple times.
  .El
  .Pp
  Configuration file startup:
-Line 333 
 emulated test machine in "paused" mode:
+Line 441 
 emulated test machine in "paused" mode:
  .Pp
  .Dl "gxemul -E testmips -V hello_mips"
  .Pp
- (Paused mode means that you enter the interactive single-step debugger
+ Paused mode means that you enter the interactive single-step debugger
- directly at startup, instead of launching the Hello World program.)
+ directly at startup, instead of launching the Hello World program.
+ .Pp
+ The paused mode is also what should be used when running "unknown" files
+ for the first time in the emulator. E.g. if you have a binary which you
+ think is some kind of MIPS ROM image, then you can try the following:
+ .Pp
+ .Dl "gxemul -vv -E baremips -V 0xbfc00000:image.raw"
+ .Pp
+ You can then use the single-stepping functionality of the built-in
+ debugger to run the code in the ROM image, to see how it behaves. Based on
+ that, you can deduce what machine type it was actually from (the
+ baremips machine is not a real machine), and perhaps try again with
+ another emulation mode.
+ .Pp
+ In general, however, real ROM images require much more emulation detail
+ than GXemul provides, so they can usually not run.
  .Pp
  Please read the documentation for more details.
  .Sh BUGS
- There are many bugs. Some of the known bugs are listed in the BUGS
+ There are many bugs. Some of the known bugs are mentioned in the TODO
  file in the
  .Nm
- source distribution, some are indirectly mentioned in the TODO file,
+ source distribution, some are marked as TODO in the source code itself.
- and some are mentioned in the source code itself.
- .Pp
- The binary translation subsystem is really terrible, but it is less
- terrible than running without it.
  .Pp
- Userland (syscall-only) emulation doesn't really work yet.
+ Userland (syscall-only) emulation, i.e. running a userland binary directly
+ without simulating an entire machine, doesn't really work yet.
  .Pp
- Emulation of MIPS CPUs is done differently from other emulation modes; the
+ The documentation sometimes only reflects the way things worked with
- documentation sometimes only reflect the way things work with MIPS
+ the old MIPS emulation mode (prior to 0.4.0), and it is incorrect when
- emulation, and it is incorrect when applied to e.g. ARM emulation.
+ applied to current releases.
  .Pp
  .Nm
- does not simulate individual pipe-line stages or penalties caused by
+ is in general not cycle-accurate; it does not simulate individual
- branch-prediction misses or cache misses, so it cannot be used for
+ pipe-line stages or penalties caused by branch-prediction misses or
- accurate simulation of any actual real-world processor.
+ cache misses, so it cannot be used for accurate simulation of any actual
+ real-world processor.
  .Pp
  .Nm
- is not timing-accurate.
+ is in general not timing-accurate. Some emulation modes
+ (DECstation, CATS, NetWinder, MobilePro (hpcmips), Malta (evbmips),
+ Cobalt, Algor, and Dreamcast) try to make the guest
+ operating system's clock run at the same speed as the host clock.
+ However, the number of instructions executed per clock tick can
+ obviously vary, depending on the current CPU load on the host.
  .Sh AUTHOR
- Anders Gavare <anders@gavare.se>
+ GXemul is Copyright (C) 2003-2006 Anders Gavare <anders@gavare.se>
  .Pp
- See http://gavare.se/gxemul/ for more information.
+ See http://gavare.se/gxemul/ for more information. For other Copyright
+ messages, see the corresponding parts of the source code and/or
+ documentation.

 Legend:



Removed from v.16
 


changed lines


 
Added in v.32
 Legend:



Removed from v.16
 


changed lines


 
Added in v.32
-Removed from v.16
+Added in v.32

	ViewVC Help
Powered by ViewVC 1.1.26