/[gxemul]/trunk/man/gxemul.1
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /trunk/man/gxemul.1

Parent Directory Parent Directory | Revision Log Revision Log


Revision 44 - (show annotations)
Mon Oct 8 16:22:56 2007 UTC (16 years, 5 months ago) by dpavlin
File size: 17904 byte(s)
++ trunk/HISTORY	(local)
$Id: HISTORY,v 1.1632 2007/09/11 21:46:35 debug Exp $
20070616	Implementing the MIPS32/64 revision 2 "ror" instruction.
20070617	Adding a struct for each physpage which keeps track of which
		ranges within that page (base offset, length) that are
		continuously translatable. When running with native code
		generation enabled (-b), a range is added after each read-
		ahead loop.
		Experimenting with using the physical program counter sample
		data (implemented 20070608) together with the "translatable
		range" information, to figure out which physical address ranges
		would be worth translating to native code (if the number of
		samples falling within a range is above a certain threshold).
20070618	Adding automagic building of .index comment files for
		src/file/, src/promemul/, src src/useremul/ as well.
		Adding a "has been translated" bit to the ranges, so that only
		not-yet-translated ranges will be sampled.
20070619	Moving src/cpu.c and src/memory_rw.c into src/cpus/,
		src/device.c into src/devices/, and src/machine.c into
		src/machines/.
		Creating a skeleton cc/ld native backend module; beginning on
		the function which will detect cc command line, etc.
20070620	Continuing on the native code generation infrastructure.
20070621	Moving src/x11.c and src/console.c into a new src/console/
		subdir (for everything that is console or framebuffer related).
		Moving src/symbol*.c into a new src/symbol/, which should
		contain anything that is symbol handling related.
20070624	Making the program counter sampling threshold a "settings
		variable" (sampling_threshold), i.e. it can now be changed
		during runtime.
		Switching the RELEASE notes format from plain text to HTML.
		If the TMPDIR environment variable is set, it is used instead
		of "/tmp" for temporary files.
		Continuing on the cc/ld backend: simple .c code is generated,
		the compiler and linker are called, etc.
		Adding detection of host architecture to the configure script
		(again), and adding icache invalidation support (only
		implemented for Alpha hosts so far).
20070625	Simplifying the program counter sampling mechanism.
20070626	Removing the cc/ld native code generation stuff, program
		counter sampling, etc; it would not have worked well in the
		general case.
20070627	Removing everything related to native code generation.
20070629	Removing the (practically unusable) support for multiple
		emulations. (The single emulation allowed now still supports
		multiple simultaneous machines, as before.)
		Beginning on PCCTWO and M88K interrupts.
20070723	Adding a dummy skeleton for emulation of M32R processors.
20070901	Fixing a warning found by "gcc version 4.3.0 20070817
		(experimental)" on amd64.
20070905	Removing some more traces of the old "multiple emulations"
		code.
		Also looking in /usr/local/include and /usr/local/lib for
		X11 libs, when running configure.
20070909	Minor updates to the guest OS install instructions, in
		preparation for the NetBSD 4.0 release.
20070918	More testing of NetBSD 4.0 RC1.

1 .\" $Id: gxemul.1,v 1.101 2007/06/30 13:55:02 debug Exp $
2 .\"
3 .\" Copyright (C) 2004-2007 Anders Gavare. All rights reserved.
4 .\"
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions are met:
7 .\"
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
13 .\" 3. The name of the author may not be used to endorse or promote products
14 .\" derived from this software without specific prior written permission.
15 .\"
16 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 .\" SUCH DAMAGE.
27 .\"
28 .\"
29 .\" This is a minimal man page for GXemul. Process this file with
30 .\" groff -man -Tascii gxemul.1 or nroff -man gxemul.1
31 .\"
32 .Dd JULY 2007
33 .Dt GXEMUL 1
34 .Os
35 .Sh NAME
36 .Nm gxemul
37 .Nd an experimental framework for full-system machine emulation
38 .Sh SYNOPSIS
39 .Nm
40 .Op machine, other, and general options
41 .Op file Ar ...
42 .Nm
43 .Op general options
44 .Ar @configfile
45 .Nm
46 .Op userland, other, and general options
47 .Ar file Op Ar args ...
48 .Sh DESCRIPTION
49 .Nm
50 is a framework for full-system computer architecture emulation.
51 Several processor architectures and machine types have been implemented.
52 It is working well enough to allow unmodified "guest" operating
53 systems (e.g. NetBSD) to run inside the emulator, as if they were running
54 on real hardware.
55 .Pp
56 The emulator emulates (networks of) real machines. The machines may
57 consist of ARM, MIPS, PowerPC, and SuperH processors, and various
58 surrounding hardware components such as framebuffers, busses, interrupt
59 controllers, ethernet controllers, disk controllers, and serial port
60 controllers.
61 .Pp
62 The emulator can be invoked in the following ways:
63 .Pp
64 1. When emulating a complete machine, configuration options can be
65 supplied directly on the command line.
66 .Pp
67 2. Options can be read from a configuration file.
68 .Pp
69 3. When emulating a userland environment (syscall-only emulation, not
70 emulating complete machines), then the program name and its argument
71 should be given on the command line. (This mode is not really usable yet.)
72 .Pp
73 The easiest way to use the emulator is to supply settings directly on the
74 command line.
75 .Pp
76 The most important thing you need to supply is the
77 file argument. This is the name of a binary file (an ELF, a.out, COFF/ECOFF,
78 SREC, or a raw binary image) which you wish to run in the emulator. This file
79 might be an operating system kernel, or perhaps a ROM image file.
80 If more than one filename is supplied, all files are loaded into memory,
81 and the entry point (if available) is taken from the last file.
82 .Pp
83 Apart from the name of a binary file, you must also use the
84 .Fl E
85 and/or
86 .Fl e
87 options to select which emulation mode to use. This is necessary because
88 the emulator cannot in general deduce this from the file being executed.
89 For example, a MIPS-based machine from DEC (a DECstation) is very different
90 from a MIPS-based machine from SGI. Use
91 .Nm
92 .Fl H
93 to get a list of available emulation modes.
94 .Pp
95 There are three exceptions to the normal invocation usage mentioned above.
96 .Pp
97 1. For DECstation emulation, if you have a bootable DECstation harddisk or
98 CDROM image, then just supplying the diskimage via the
99 .Fl d
100 option is sufficient. The filename of the kernel can then be
101 skipped, as the emulator runs the bootblocks from the diskimage directly and
102 doesn't need the kernel as a separate file.
103 .Pp
104 2. If you supply an ISO9660 CDROM disk image, then using the
105 .Fl j
106 option to indicate a file on the CDROM filesystem to load is sufficient;
107 no additional kernel filename needs to be supplied on the command line.
108 .Pp
109 3. For Dreamcast emulation, when booting e.g. a NetBSD/dreamcast CDROM
110 image, it is enough to supply the disk image (with the correct ISO
111 partition start offset). Bootblocks will be read directly from the CDROM
112 image, and there is no need to supply the name of an external kernel on
113 the command line.
114 .Pp
115 Gzipped kernels are automatically unzipped, by calling the external gunzip
116 program, both when specifying a gzipped file directly on the command line
117 and when loading such a file using the
118 .Fl j
119 option.
120 .Pp
121 Machine selection options:
122 .Bl -tag -width Ds
123 .It Fl E Ar t
124 Try to emulate machine type
125 .Ar "t".
126 This option is not always needed, if the
127 .Fl e
128 option uniquely selects a machine.
129 (Use
130 .Fl H
131 to get a list of types.)
132 .It Fl e Ar st
133 Try to emulate machine subtype
134 .Ar "st".
135 Use this together with
136 .Fl E .
137 (This option is not always needed, if a machine type has no subtypes.)
138 .El
139 .Pp
140 Other options:
141 .Bl -tag -width Ds
142 .It Fl C Ar x
143 Try to emulate a specific CPU type,
144 .Ar "x".
145 This overrides the default CPU type for the machine being emulated.
146 (Use
147 .Fl H
148 to get a list of available CPU types.)
149 .It Fl d Ar [modifiers:]filename
150 Add
151 .Ar filename
152 as a disk image. By adding one or more modifier characters and then a
153 colon (":") as a prefix to
154 .Ar filename,
155 you can modify the way the disk image is treated. Available modifiers are:
156 .Bl -tag -width Ds
157 .It b
158 Specifies that this is a boot device.
159 .It c
160 CD-ROM.
161 .It d
162 DISK (this is the default).
163 .It f
164 FLOPPY.
165 .It gH;S;
166 Override the default geometry; use H heads and S sectors-per-track.
167 (The number of cylinders is calculated automatically.)
168 .It i
169 IDE. (This is the default for most machine types.)
170 .It oOFS;
171 Set the base offset for an ISO9660 filesystem on a disk image. The default
172 is 0. A suitable offset when booting from Dreamcast ISO9660 filesystem
173 images, which are offset by 11702 sectors, is 23965696.
174 .It r
175 Read-only (don't allow changes to be written to the file).
176 .It s
177 SCSI.
178 .It t
179 Tape.
180 .It V
181 Add an overlay filename to an already defined disk image.
182 (A ID number must also be specified when this flag is used. See the
183 documentation for an example of how to use overlays.)
184 .It 0-7
185 Force a specific ID number.
186 .El
187 .Pp
188 For SCSI devices, the ID number is the SCSI ID. For IDE harddisks, the ID
189 number has the following meaning:
190 .Bl -tag -width Ds
191 .It 0
192 Primary master.
193 .It 1
194 Primary slave.
195 .It 2
196 Secondary master.
197 .It 3
198 Secondary slave.
199 .El
200 .Pp
201 Unless otherwise specified, filenames ending with ".iso" or ".cdr" are
202 assumed to be CDROM images. Most others are assumed to be disks. Depending
203 on which machine is being emulated, the default for disks can be either
204 SCSI or IDE. Some disk images that are very small are assumed to be floppy
205 disks. (If you are not happy with the way a disk image is detected, then
206 you need to use explicit prefixes to force a specific type.)
207 .Pp
208 For floppies, the gH;S; prefix is ignored. Instead, the number of
209 heads and cylinders are assumed to be 2 and 80, respectively, and the
210 number of sectors per track is calculated automatically. (This works for
211 720KB, 1.2MB, 1.44MB, and 2.88MB floppies.)
212 .It Fl I Ar hz
213 Set the main CPU's frequency to
214 .Ar hz
215 Hz. This option does not work for all emulated machine modes. It affects
216 the way count/compare interrupts are faked to simulate emulated time =
217 real world time. If the guest operating system relies on RTC interrupts
218 instead of count/compare interrupts, then this option has no effect.
219 .Pp
220 Setting the frequency to zero disables automatic synchronization of
221 emulated time vs real world time, and the count/compare system runs at a
222 fixed rate.
223 .It Fl i
224 Enable instruction trace, i.e. display disassembly of each instruction as
225 it is being executed.
226 .It Fl J
227 Disable instruction combinations in the dynamic translator.
228 .It Fl j Ar n
229 Set the name of the kernel to
230 .Ar "n".
231 When booting from an ISO9660 filesystem, the emulator will try to boot
232 using this file. (In some emulation modes, eg. DECstation, this name is passed
233 along to the boot program. Useful names are "bsd" for OpenBSD/pmax,
234 "vmunix" for Ultrix, or "vmsprite" for Sprite.)
235 .It Fl M Ar m
236 Emulate
237 .Ar m
238 MBs of physical RAM. This overrides the default amount of RAM for the
239 selected machine type.
240 .It Fl N
241 Display the number of executed instructions per second on average, at
242 regular intervals.
243 .It Fl n Ar nr
244 Set the number of processors in the machine, for SMP experiments.
245 .Pp
246 Note 1: The emulator allocates quite a lot of virtual memory for
247 per-CPU translation tables. On 64-bit hosts, this is normally not a
248 problem. On 32-bit hosts, this can use up all available virtual userspace
249 memory. The solution is to either run the emulator on a 64-bit host,
250 or limit the number of emulated CPUs to a reasonably low number.
251 .Pp
252 Note 2: SMP simulation is not working very well yet; multiple processors
253 are simulated, but synchronization between the processors does not map
254 very well to how real-world SMP systems work.
255 .It Fl O
256 Force a "netboot" (tftp instead of disk), even when a disk image is
257 present (for DECstation, SGI, and ARC emulation).
258 .It Fl o Ar arg
259 Set the boot argument (mostly useful for DEC, ARC, or SGI emulation).
260 Default
261 .Ar arg
262 for DEC is "-a", for ARC/SGI it is "-aN", and for CATS it is "-A".
263 .It Fl p Ar pc
264 Add a breakpoint.
265 .Ar pc
266 can be a symbol, or a numeric value. (Remember to use the "0x" prefix for
267 hexadecimal values.)
268 .It Fl Q
269 Disable the built-in (software-only) PROM emulation. This option is useful
270 for experimenting with running raw ROM images from real machines. The default
271 behaviour of the emulator is to "fake" certain PROM calls used by guest
272 operating systems (e.g. NetBSD), so that no real PROM image is needed.
273 .It Fl R
274 Use a random bootstrap cpu, instead of CPU nr 0. (This option is only
275 meaningful together with the
276 .Fl n
277 option.)
278 .It Fl r
279 Dump register contents for every executed instruction.
280 .It Fl S
281 Initialize emulated RAM to random data, instead of zeroes. This option
282 is useful when trying to trigger bugs in a program that occur because the
283 program assumed that uninitialized memory contains zeros. (Use with
284 care.)
285 .It Fl s Ar flags:filename
286 Gather statistics based on the current emulated program counter value,
287 while the program executes. The statistics is actually just a raw dump of
288 all program counter values in sequence, suitable for post-analysis with
289 separate tools. Output is appended to
290 .Ar filename.
291 .Pp
292 The
293 .Ar flags
294 should include one or more of the following type specifiers:
295 .Bl -tag -width Ds
296 .It v
297 Virtual. This means that the program counter value is used.
298 .It p
299 Physical. This means that the physical address of where the program
300 is actually running is used.
301 .It i
302 Instruction call. This type of statistics gathering is practically only
303 useful during development of the emulator itself. The output is a list of
304 addresses of instruction call functions (ic->f), which after some
305 post-processing can be used as a basis for deciding when to implement
306 instruction combinations.
307 .El
308 .Pp
309 The
310 .Ar flags
311 may also include the following optional modifiers:
312 .Bl -tag -width Ds
313 .It d
314 Disabled at startup.
315 .It o
316 Overwrite the file, instead of appending to it.
317 .El
318 .Pp
319 Statistics gathering can be enabled/disabled at runtime by using the
320 "statistics_enabled = yes" and "statistics_enabled = no" debugger
321 commands.
322 .Pp
323 When gathering instruction statistics using the
324 .Fl s
325 option, instruction combinations are always disabled (i.e. an implicit
326 .Fl J
327 flag is added to the command line).
328 .It Fl T
329 Halt if the emulated program attempts to access non-existing memory.
330 .It Fl t
331 Show a trace tree of all function calls being made.
332 .It Fl U
333 Enable slow_serial_interrupts_hack_for_linux.
334 .It Fl X
335 Use X11. This option enables graphical framebuffers.
336 .It Fl x
337 Open up new xterms for emulated serial ports. The default behaviour is to
338 open up xterms when using configuration files, or if X11 is enabled. When
339 starting up a simple emulation session with settings directly on the
340 command line, and neither
341 .Fl X
342 nor
343 .Fl x
344 is used, then all output is confined to the terminal that
345 .Nm
346 started in.
347 .It Fl Y Ar n
348 Scale down framebuffer windows by
349 .Ar n
350 x
351 .Ar n
352 times. This option is useful when emulating a very large framebuffer, and
353 the actual display is of lower resolution. If
354 .Ar n
355 is negative, then there will be no scaledown, but emulation of certain
356 graphic controllers will be scaled up
357 by
358 .Ar -n
359 times instead. E.g. Using
360 .Ar -2
361 with VGA text mode emulation will result in 80x25 character cells rendered
362 in a 1280x800 window, instead of the normal resolution of 640x400.
363 .It Fl Z Ar n
364 Set the number of graphics cards, for emulating a dual-head or tripple-head
365 environment. (Only for DECstation emulation so far.)
366 .It Fl z Ar disp
367 Add
368 .Ar disp
369 as an X11 display to use for framebuffers.
370 .El
371 .Pp
372 Userland options:
373 .Bl -tag -width Ds
374 .It Fl u Ar emul-mode
375 Userland-only (syscall) emulation. (Use
376 .Fl H
377 to get a list of available emulation modes.) Some (but not all) of the
378 options listed under Other options above can also be used with
379 userland emulation.
380 .Pp
381 Note: Userland (syscall) emulation does not really work yet.
382 .El
383 .Pp
384 General options:
385 .Bl -tag -width Ds
386 .It Fl c Ar cmd
387 Add
388 .Ar cmd
389 as a command to run before starting the simulation. A similar effect can
390 be achieved by using the
391 .Fl V
392 option, and entering the commands manually.
393 .It Fl D
394 Causes the emulator to skip a call to srandom(). This leads to somewhat
395 more deterministic behaviour than running without this option.
396 However, if the emulated machine has clocks or timer interrupt sources,
397 or if user interaction is taking place (e.g. keyboard input at irregular
398 intervals), then this option is meaningless.
399 .It Fl H
400 Display a list of available CPU types, machine types, and userland
401 emulation modes. (Most of these don't work. Please read the documentation
402 included in the
403 .Nm
404 distribution for details on which modes that actually work. Userland
405 emulation is not included in stable release builds, since it doesn't work
406 yet.)
407 .It Fl h
408 Display a list of all available command line options.
409 .It Fl k Ar n
410 Set the size of the dyntrans cache (per emulated CPU) to
411 .Ar n
412 MB. The default size is 48 MB.
413 .It Fl K
414 Force the single-step debugger to be entered at the end of a simulation.
415 .It Fl q
416 Quiet mode; this suppresses startup messages.
417 .It Fl V
418 Start up in the single-step debugger, paused.
419 .It Fl v
420 Increase verbosity (show more debug messages). This option can be used
421 multiple times.
422 .El
423 .Pp
424 Configuration file startup:
425 .Bl -tag -width Ds
426 .It @ Ar configfile
427 Start an emulation based on the contents of
428 .Ar "configfile".
429 .El
430 .Pp
431 For more information, please read the documentation in the doc/
432 subdirectory of the
433 .Nm
434 distribution.
435 .Sh EXAMPLES
436 The following command will start NetBSD/pmax on an emulated DECstation
437 5000/200 (3MAX):
438 .Pp
439 .Dl "gxemul -e 3max -d nbsd_pmax.img"
440 .Pp
441 nbsd_pmax.img should be a raw disk image containing a bootable
442 NetBSD/pmax filesystem.
443 .Pp
444 The following command will start an emulation session based on settings in
445 the configuration file "mysession". The -v option tells gxemul to be
446 verbose.
447 .Pp
448 .Dl "gxemul -v @mysession"
449 .Pp
450 If you have compiled the small Hello World program mentioned in the
451 .Nm
452 documentation, the following command will start up an
453 emulated test machine in "paused" mode:
454 .Pp
455 .Dl "gxemul -E testmips -V hello_mips"
456 .Pp
457 Paused mode means that you enter the interactive single-step debugger
458 directly at startup, instead of launching the Hello World program.
459 .Pp
460 The paused mode is also what should be used when running "unknown" files
461 for the first time in the emulator. E.g. if you have a binary which you
462 think is some kind of MIPS ROM image, then you can try the following:
463 .Pp
464 .Dl "gxemul -vv -E baremips -V 0xbfc00000:image.raw"
465 .Pp
466 You can then use the single-stepping functionality of the built-in
467 debugger to run the code in the ROM image, to see how it behaves. Based on
468 that, you can deduce what machine type it was actually from (the
469 baremips machine is not a real machine), and perhaps try again with
470 another emulation mode.
471 .Pp
472 In general, however, real ROM images require much more emulation detail
473 than GXemul provides, so they can usually not run.
474 .Pp
475 Please read the documentation for more details.
476 .Sh BUGS
477 There are many bugs. Some of the known bugs are mentioned in the TODO
478 file in the
479 .Nm
480 source distribution, some are marked as TODO in the source code itself.
481 .Pp
482 Userland (syscall-only) emulation, i.e. running a userland binary directly
483 without simulating an entire machine, doesn't really work yet.
484 .Pp
485 .Nm
486 is in general not cycle-accurate; it does not simulate individual
487 pipe-line stages or penalties caused by branch-prediction misses or
488 cache misses, so it cannot be used for accurate simulation of any actual
489 real-world processor.
490 .Pp
491 .Nm
492 is in general not timing-accurate. Many emulation modes try to make the
493 guest operating system's clock run at the same speed as the host clock.
494 However, the number of instructions executed per clock tick can
495 obviously vary, depending on the current CPU load on the host.
496 .Sh AUTHOR
497 GXemul is Copyright (C) 2003-2007 Anders Gavare <anders@gavare.se>
498 .Pp
499 See http://gavare.se/gxemul/ for more information. For other Copyright
500 messages, see the corresponding parts of the source code and/or
501 documentation.

  ViewVC Help
Powered by ViewVC 1.1.26