This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /trunk/man/gxemul.1

Parent Directory Parent Directory | Revision Log Revision Log

Revision 12 - (show annotations)
Mon Oct 8 16:18:38 2007 UTC (12 years, 3 months ago) by dpavlin
File size: 12045 byte(s)
++ trunk/HISTORY	(local)
$Id: HISTORY,v 1.905 2005/08/16 09:16:24 debug Exp $
20050628	Continuing the work on the ARM translation engine. end_of_page
		works. Experimenting with load/store translation caches
		(virtual -> physical -> host).
20050629	More ARM stuff (memory access translation cache, mostly). This
		might break a lot of stuff elsewhere, probably some MIPS-
		related translation things.
20050630	Many load/stores are now automatically generated and included
		into cpu_arm_instr.c; 1024 functions in total (!).
		Fixes based on feedback from Alec Voropay: only print 8 hex
		digits instead of 16 in some cases when emulating 32-bit
		machines; similar 8 vs 16 digit fix for breakpoint addresses;
		4Kc has 16 TLB entries, not 48; the MIPS config select1
		register is now printed with "reg ,0".
		Also changing many other occurances of 16 vs 8 digit output.
		Adding cache associativity fields to mips_cpu_types.h; updating
		some other cache fields; making the output of
		mips_cpu_dumpinfo() look nicer.
		Generalizing the bintrans stuff for device accesses to also
		work with the new translation system. (This might also break
		some MIPS things.)
		Adding multi-load/store instructions to the ARM disassembler
		and the translator, and some optimizations of various kinds.
20050701	Adding a simple dev_disk (it can read/write sectors from
		disk images).
20050712	Adding dev_ether (a simple ethernet send/receive device).
		Debugger command "ninstrs" for toggling show_nr_of_instructions
		during runtime.
		Removing the framebuffer logo.
20050713	Continuing on dev_ether.
		Adding a dummy cpu_alpha (again).
20050714	More work on cpu_alpha.
20050715	More work on cpu_alpha. Many instructions work, enough to run
		a simple framebuffer fill test (similar to the ARM test).
20050716	More Alpha stuff.
20050717	Minor updates (Alpha stuff).
20050718	Minor updates (Alpha stuff).
20050719	Generalizing some Alpha instructions.
20050720	More Alpha-related updates.
20050721	Continuing on cpu_alpha. Importing rpb.h from NetBSD/alpha.
20050722	Alpha-related updates: userland stuff (Hello World using
		write() compiled statically for FreeBSD/Alpha runs fine), and
		more instructions are now implemented.
20050723	Fixing ldq_u and stq_u.
		Adding more instructions (conditional moves, masks, extracts,
20050724	More FreeBSD/Alpha userland stuff, and adding some more
		instructions (inserts).
20050725	Continuing on the Alpha stuff. (Adding dummy ldt/stt.)
		Adding a -A command line option to turn off alignment checks
		in some cases (for translated code).
		Trying to remove the old bintrans code which updated the pc
		and nr_of_executed_instructions for every instruction.
20050726	Making another attempt att removing the pc/nr of instructions
		code. This time it worked, huge performance increase for
		artificial test code, but performance loss for real-world
		code :-( so I'm scrapping that code for now.
		Tiny performance increase on Alpha (by using ret instead of
		jmp, to play nice with the Alpha's branch prediction) for the
		old MIPS bintrans backend.
20050727	Various minor fixes and cleanups.
20050728	Switching from a 2-level virtual to host/physical translation
		system for ARM emulation, to a 1-level translation.
		Trying to switch from 2-level to 1-level for the MIPS bintrans
		system as well (Alpha only, so far), but there is at least one
		problem: caches and/or how they work with device mappings.
20050730	Doing the 2-level to 1-level conversion for the i386 backend.
		The cache/device bug is still there for R2K/3K :(
		Various other minor updates (Malta etc).
		The mc146818 clock now updates the UIP bit in a way which works
		better with Linux for at least sgimips and Malta emulation.
		Beginning the work on refactoring the dyntrans system.
20050731	Continuing the dyntrans refactoring.
		Fixing a small but serious host alignment bug in memory_rw.
		Adding support for big-endian load/stores to the i386 bintrans
		Another minor i386 bintrans backend update: stores from the
		zero register are now one (or two) loads shorter.
		The slt and sltu instructions were incorrectly implemented for
		the i386 backend; only using them for 32-bit mode for now.
20050801	Continuing the dyntrans refactoring.
		Cleanup of the ns16550 serial controller (removing unnecessary
		Bugfix (memory corruption bug) in dev_gt, and a patch/hack from
		Alec Voropay for Linux/Malta.
20050802	More cleanup/refactoring of the dyntrans subsystem: adding
		phys_page pointers to the lookup tables, for quick jumps
		between translated pages.
		Better fix for the ns16550 device (but still no real FIFO
		Converting cpu_ppc to the new dyntrans system. This means that
		I will have to start from scratch with implementing each
		instruction, and figure out how to implement dual 64/32-bit
		modes etc.
		Removing the URISC CPU family, because it was useless.
20050803	When selecting a machine type, the main type can now be omitted
		if the subtype name is unique. (I.e. -E can be omitted.)
		Fixing a dyntrans/device update bug. (Writes to offset 0 of
		a device could sometimes go unnoticed.)
		Adding an experimental "instruction combination" hack for
		ARM for memset-like byte fill loops.
20050804	Minor progress on cpu_alpha and related things.
		Finally fixing the MIPS dmult/dmultu bugs.
		Fixing some minor TODOs.
20050805	Generalizing the 8259 PIC. It now also works with Cobalt
		and evbmips emulation, in addition to the x86 hack.
		Finally converting the ns16550 device to use devinit.
		Continuing the work on the dyntrans system. Thinking about
		how to add breakpoints.
20050806	More dyntrans updates. Breakpoints seem to work now.
20050807	Minor updates: cpu_alpha and related things; removing
		dev_malta (as it isn't used any more).
		Dyntrans: working on general "show trace tree" support.
		The trace tree stuff now works with both the old MIPS code and
		with newer dyntrans modes. :)
		Continuing on Alpha-related stuff (trying to get *BSD to boot
		a bit further, adding more instructions, etc).
20050808	Adding a dummy IA64 cpu family, and continuing the refactoring
		of the dyntrans system.
		Removing the regression test stuff, because it was more or
		less useless.
		Adding loadlinked/storeconditional type instructions to the
		Alpha emulation. (Needed for Linux/alpha. Not very well tested
20050809	The function call trace tree now prints a per-function nr of
		arguments. (Semi-meaningless, since that data isn't read yet
		from the ELFs; some hardcoded symbols such as memcpy() and
		strlen() work fine, though.)
		More dyntrans refactoring; taking out more of the things that
		are common to all cpu families.
20050810	Working on adding support for "dual mode" for PPC dyntrans
		(i.e. both 64-bit and 32-bit modes).
		(Re)adding some simple PPC instructions.
20050811	Adding a dummy M68K cpu family. The dyntrans system isn't ready
		for variable-length ISAs yet, so it's completely bogus so far.
		Re-adding more PPC instructions.
		Adding a hack to src/file.c which allows OpenBSD/mac68k a.out
		kernels to be loaded.
		Beginning to add PPC loads/stores. So far they only work in
		32-bit mode.
20050812	The configure file option "add_remote" now accepts symbolic
		host names, in addition to numeric IPv4 addresses.
		Re-adding more PPC instructions.
20050814	Continuing to port back more PPC instructions.
		Found and fixed the cache/device write-update bug for 32-bit
		MIPS bintrans. :-)
		Triggered a really weird and annoying bug in Compaq's C
		compiler; ccc sometimes outputs code which loads from an
		address _before_ checking whether the pointer was NULL or not.
		(I'm not sure how to handle this problem.)
20050815	Removing all of the old x86 instruction execution code; adding
		a new (dummy) dyntrans module for x86.
		Taking the first steps to extend the dyntrans system to support
		variable-length instructions.
		Slowly preparing for the next release.
20050816	Adding a dummy SPARC cpu module.
		Minor updates (documentation etc) for the release.

==============  RELEASE 0.3.5  ==============

1 .\" $Id: gxemul.1,v 1.29 2005/08/10 15:51:09 debug Exp $
2 .\"
3 .\" Copyright (C) 2004-2005 Anders Gavare. All rights reserved.
4 .\"
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions are met:
7 .\"
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
13 .\" 3. The name of the author may not be used to endorse or promote products
14 .\" derived from this software without specific prior written permission.
15 .\"
27 .\"
28 .\"
29 .\" This is a minimal man page for GXemul. Process this file with
30 .\" groff -man -Tascii gxemul.1 or nroff -man gxemul.1
31 .\"
32 .Dd AUGUST 2005
33 .Dt GXEMUL 1
34 .Os
35 .Sh NAME
36 .Nm gxemul
37 .Nd an experimental machine emulator
39 .Nm
40 .Op machine, other, and general options
41 .Op file Ar ...
42 .Nm
43 .Op general options
44 .Op Ar @configfile ...
45 .Nm
46 .Op userland, other, and general options
47 .Ar file Op Ar args ...
49 .Nm
50 is an experimental instruction-level machine emulator. It can be used to
51 run binary code for MIPS-based machines, regardless of host
52 platform. Several emulation modes are available. For some modes,
53 processors and surrounding hardware components are emulated well enough to
54 let unmodified operating systems (e.g. NetBSD) run as if they were running
55 on a real machine.
56 .Pp
57 (Non-MIPS emulation modes are also under development, but so far none of
58 those modes has reached the completeness required to run unmodified
59 operating systems.)
60 .Pp
61 There are three ways to invoke the emulator. When emulating a
62 complete machine, settings can be entered directly on the command line, or
63 they can be read from a configuration file. When emulating a userland
64 environment (syscall-only emulation, not emulating complete machines),
65 then the program name and its argument should be given on the command
66 line.
67 .Pp
68 The easiest way to use the emulator is to supply settings directly on the
69 command line. The most important thing you need to supply is the
70 file argument. This is the name of a binary file (an ELF, a.out, ECOFF,
71 SREC, or a raw binary image) which you wish to run in the emulator. This file
72 might be an operating system kernel, or perhaps a ROM image file.
73 .Pp
74 If more than one filename is supplied, all files are loaded into memory,
75 and the entry point (if available) is taken from the last file.
76 .Pp
77 Apart from the name of a binary file, it is also necessary to select
78 which specific emulation mode to use. For example, a MIPS-based machine
79 from DEC (a DECstation) is very different from a MIPS-based machine
80 from SGI. Use
81 .Nm
82 .Fl H
83 to get a list of available emulation modes.
84 .Pp
85 There are two exceptions to the normal invocation usage mentioned above.
86 The first is for DECstation emulation: if you have a bootable
87 DECstation harddisk or CDROM image, then just supplying the diskimage via
88 the
89 .Fl d
90 option is sufficient. (The filename of the kernel can then be
91 skipped, as the emulator runs the bootblocks from the diskimage directly and
92 doesn't need the kernel as a separate file.)
93 The second is if you supply an ISO9660 CDROM disk image. You may then use
94 the
95 .Fl j
96 option to indicate which file on the CDROM filesystem that should be
97 loaded into emulated memory.
98 .Pp
99 Machine selection options:
100 .Bl -tag -width Ds
101 .It Fl E Ar t
102 Try to emulate machine type
103 .Ar "t".
104 This option is not always needed, if the
105 .Fl e
106 option uniquely selects a machine.
107 (Use
108 .Fl H
109 to get a list of types.)
110 .It Fl e Ar st
111 Try to emulate machine subtype
112 .Ar "st".
113 Use this together with
114 .Fl E .
115 (This option is not always needed, if a machine type has no subtypes.)
116 .El
117 .Pp
118 Other options:
119 .Bl -tag -width Ds
120 .It Fl A
121 Disable load/store alignment checks in some cases. This might give a small
122 increase in performance, but the emulator will not run correctly if the
123 emulated code actually tries to do unaligned loads or stores.
124 .It Fl B
125 Disable dynamic binary translation. By default, bintrans
126 will be turned on if the host+target architecture combination is
127 supported.
128 .It Fl C Ar x
129 Try to emulate a specific CPU type,
130 .Ar "x".
131 This overrides the default CPU type for the machine being emulated.
132 (Use
133 .Fl H
134 to get a list of available CPU types.)
135 .It Fl d Ar name
136 Add
137 .Ar name
138 as a disk image. By adding one or more modifier characters and then a
139 colon (":") as a prefix to
140 .Ar "name",
141 you can modify the way the disk image is treated. Available modifiers are:
142 .Bl -tag -width Ds
143 .It b
144 Specifies that this is a boot device.
145 .It c
146 CD-ROM.
147 .It d
148 DISK (this is the default).
149 .It f
151 .It gH;S;
152 Override the default geometry; use H heads and S sectors-per-track.
153 (The number of cylinders is calculated automatically.)
154 .It i
155 IDE.
156 .It r
157 Read-only (don't allow changes to be written to the file).
158 .It s
159 SCSI (this is the default for most machine types).
160 .It t
161 Tape.
162 .It 0-7
163 Force a specific ID number.
164 .El
165 .Pp
166 Unless otherwise specified, filenames ending with ".iso" are assumed to be
167 CDROM images. Most others are assumed to be disks. Depending on which
168 machine is being emulated, the default for disks can be either SCSI or
169 IDE. Some disk images that are very small are assumed to be floppy disks.
170 (If you are not happy with the way a disk image is detected, then you need
171 to use explicit prefixes to force a specific type.)
172 .Pp
173 For floppies, the gH;S; prefix is ignored. Instead, the number of
174 heads and cylinders are assumed to be 2 and 80, respectively, and the
175 number of sectors per track is calculated automatically. (This works for
176 720KB, 1.2MB, 1.44MB, and 2.88MB floppies.)
177 .It Fl I Ar x
178 Emulate clock interrupts at
179 .Ar x
180 Hz. (This affects emulated clock devices only, not actual runtime speed.
181 This disables automatic clock adjustments, which is otherwise turned on.)
182 (This option is probably only valid for DECstation emulation.)
183 .It Fl i
184 Display each instruction as it is being executed.
185 .It Fl J
186 Disable some speed tricks.
187 .It Fl j Ar n
188 Set the name of the kernel to
189 .Ar "n".
190 When booting from an ISO9660 filesystem, the emulator will try to boot
191 using this file. (In some emulation modes, eg. DECstation, this name is passed
192 along to the boot program. Useful names are "bsd" for OpenBSD/pmax,
193 or "vmunix" for Ultrix.)
194 .It Fl M Ar m
195 Emulate
196 .Ar m
197 MBs of physical RAM. This overrides the default amount of RAM for the
198 selected machine type.
199 .It Fl m Ar nr
200 Run at most
201 .Ar nr
202 instructions (on any cpu).
203 .It Fl N
204 Display nr of instructions/second average, at regular intervals.
205 .It Fl n Ar nr
206 Set nr of CPUs (for SMP experiments).
207 .It Fl O
208 Force a "netboot" (tftp instead of disk), even when a disk image is
209 present (for DECstation, SGI, and ARC emulation).
210 .It Fl o Ar arg
211 Set the boot argument (for DEC, ARC, or SGI emulation).
212 Default
213 .Ar arg
214 for DEC is "-a", for ARC "-aN".
215 .It Fl p Ar pc
216 Add a breakpoint. (Remember to use the "0x" prefix for hex.)
217 .It Fl Q
218 Disable the built-in PROM emulation. This is useful for running raw ROM
219 images from real machines.
220 .It Fl R
221 Use a random bootstrap cpu, instead of CPU nr 0. (For SMP experiments.)
222 .It Fl r
223 Dump register contents for every executed instruction.
224 .It Fl S
225 Initialize the emulated RAM to random data, instead of zeroes.
226 .It Fl T
227 Enter the single-step debugger on unimplemented memory accesses.
228 .It Fl t
229 Show a trace tree of all function calls being made.
230 .It Fl U
231 Enable slow_serial_interrupts_hack_for_linux.
232 .It Fl X
233 Use X11.
234 .It Fl x
235 Open up new xterms for emulated serial ports. (Default is to open up
236 xterms when using configuration files, but not when starting an
237 emulation with settings directly on the command line.)
238 .It Fl Y Ar n
239 Scale down framebuffer windows by
240 .Ar n
241 x
242 .Ar n
243 times.
244 .It Fl y Ar x
245 Set max_random_cycles_per_chunk to
246 .Ar x
247 (experimental).
248 .It Fl Z Ar n
249 Set the number of graphics cards, for emulating a dual-head or tripple-head
250 environment. (Only for DECstation emulation so far.)
251 .It Fl z Ar disp
252 Add
253 .Ar disp
254 as an X11 display to use for framebuffers.
255 .El
256 .Pp
257 Userland options:
258 .Bl -tag -width Ds
259 .It Fl u Ar emul-mode
260 Userland-only (syscall) emulation. (Use
261 .Fl H
262 to get a list of available emulation modes.) Some (but not all) of the
263 options listed under Other options above can also be used with userland
264 emulation.
265 .El
266 .Pp
267 General options:
268 .Bl -tag -width Ds
269 .It Fl D
270 Guarantee fully deterministic behavior. Normally, the emulator calls
271 srandom() with a seed based on the current time at startup. When the
272 .Fl D
273 option is used, the srandom() call is skipped, which should cause two
274 subsequent invocations of the emulator to be identical, if all other
275 settings are identical and no user input is taking place. (If this option
276 is used, then
277 .Fl I
278 must also be used.)
279 .It Fl H
280 Display a list of available CPU types, machine types, and userland
281 emulation modes. (Most of these don't work. Please read the documentation
282 included in the
283 .Nm
284 distribution for details on which modes that actually work.)
285 .It Fl h
286 Display a list of all available command line options.
287 .It Fl K
288 Force the single-step debugger to be entered at the end of a simulation.
289 .It Fl q
290 Quiet mode; this suppresses startup messages.
291 .It Fl s
292 Show opcode usage statistics after the simulation.
293 .It Fl V
294 Start up in the single-step debugger, paused.
295 .It Fl v
296 Verbose debug messages.
297 .El
298 .Pp
299 Configuration file startup:
300 .Bl -tag -width Ds
301 .It @ Ar configfile
302 Start an emulation based on the contents of
303 .Ar "configfile".
304 .El
305 .Pp
306 For more information, please read the documentation in the doc/
307 subdirectory of the
308 .Nm
309 distribution.
311 The following command will start NetBSD/pmax on an emulated DECstation
312 5000/200 (3MAX):
313 .Pp
314 .Dl "gxemul -e 3max -d nbsd_pmax.img"
315 .Pp
316 nbsd_pmax.img should be a raw disk image containing a bootable
317 NetBSD/pmax filesystem.
318 .Pp
319 The following command will start an emulation session based on settings in
320 the configuration file "mysession". The -v option tells gxemul to be
321 verbose.
322 .Pp
323 .Dl "gxemul -v @mysession"
324 .Pp
325 If you have compiled the small Hello World program mentioned in the
326 .Nm
327 documentation, the following command will start up an
328 emulated test machine in "paused" mode:
329 .Pp
330 .Dl "gxemul -E testmips -V hello_mips"
331 .Pp
332 (Paused mode means that you enter the interactive single-step debugger
333 directly at startup, instead of launching the Hello World program.)
334 .Pp
335 Please read the documentation for more details.
336 .Sh BUGS
337 There are many bugs. Some of the known bugs are listed in the BUGS
338 file in the
339 .Nm
340 source distribution, some are indirectly mentioned in the TODO file,
341 and some are mentioned in the source code itself.
342 .Pp
343 The binary translation subsystem is really terrible, but it is less
344 terrible than running without it.
345 .Pp
346 Userland (syscall-only) emulation doesn't really work yet.
347 .Pp
348 .Nm
349 does not simulate individual pipe-line stages or penalties caused by
350 branch-prediction misses or cache misses, so it cannot be used for
351 accurate performance measurement.
352 .Pp
353 .Nm
354 is not timing-accurate.
355 .Sh AUTHOR
356 Anders Gavare <anders@gavare.se>
357 .Pp
358 See http://gavare.se/gxemul/ for more information.

  ViewVC Help
Powered by ViewVC 1.1.26