/[gxemul]/trunk/doc/intro.html
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /trunk/doc/intro.html

Parent Directory Parent Directory | Revision Log Revision Log

Revision 24 - (show annotations)
Mon Oct 8 16:19:56 2007 UTC (16 years, 6 months ago) by dpavlin
File MIME type: text/html
File size: 19364 byte(s) 
++ trunk/HISTORY	(local)
$Id: HISTORY,v 1.1256 2006/06/23 20:43:44 debug Exp $
20060219	Various minor updates. Removing the old MIPS16 skeleton code,
		because it will need to be rewritten for dyntrans anyway.
20060220-22	Removing the non-working dyntrans backend support.
		Continuing on the 64-bit dyntrans virtual memory generalization.
20060223	More work on the 64-bit vm generalization.
20060225	Beginning on MIPS dyntrans load/store instructions.
		Minor PPC updates (64-bit load/store, etc).
		Fixes for the variable-instruction-length framework, some
		minor AVR updates (a simple Hello World program works!).
		Beginning on a skeleton for automatically generating documen-
		tation (for devices etc.).
20060226	PPC updates (adding some more 64-bit instructions, etc).
		AVR updates (more instructions).
		FINALLY found and fixed the zs bug, making NetBSD/macppc
		accept the serial console.
20060301	Adding more AVR instructions.
20060304	Continuing on AVR-related stuff. Beginning on a framework for
		cycle-accurate device emulation. Adding an experimental "PAL
		TV" device (just a dummy so far).
20060305	Adding more AVR instructions.
		Adding a dummy epcom serial controller (for TS7200 emulation).
20060310	Removing the emul() command from configuration files, so only
		net() and machine() are supported.
		Minor progress on the MIPS dyntrans rewrite.
20060311	Continuing on the MIPS dyntrans rewrite (adding more
		instructions, etc).
20060315	Adding more instructions (sllv, srav, srlv, bgtz[l], blez[l],
		beql, bnel, slti[u], various loads and stores).
20060316	Removing the ALWAYS_SIGNEXTEND_32 option, since it was rarely
		used.
		Adding more MIPS dyntrans instructions, and fixing bugs.
20060318	Implementing fast loads/stores for MIPS dyntrans (big/little
		endian, 32-bit and 64-bit modes).
20060320	Making MIPS dyntrans the default configure option; use
		"--enable-oldmips" to use the old bintrans system.
		Adding MIPS dyntrans dmult[u]; minor updates.
20060322	Continuing... adding some more instructions.
		Adding a simple skeleton for demangling C++ "_ZN" symbols.
20060323	Moving src/debugger.c into a new directory (src/debugger/).
20060324	Fixing the hack used to load PPC ELFs (useful for relocated
		Linux/ppc kernels), and adding a dummy G3 machine mode.
20060325-26	Beginning to experiment with GDB remote serial protocol
		connections; adding a -G command line option for selecting
		which TCP port to listen to.
20060330	Beginning a major cleanup to replace things like "0x%016llx"
		with more correct "0x%016"PRIx64, etc.
		Continuing on the GDB remote serial protocol support.
20060331	More cleanup, and some minor GDB remote progress.
20060402	Adding a hack to the configure script, to allow compilation
		on systems that lack PRIx64 etc.
20060406	Removing the temporary FreeBSD/arm hack in dev_ns16550.c and
		replacing it with a better fix from Olivier Houchard.
20060407	A remote debugger (gdb or ddd) can now start and stop the
		emulator using the GDB remote serial protocol, and registers
		and memory can be read. MIPS only for now.
20060408	More GDB progress: single-stepping also works, and also adding
		support for ARM, PowerPC, and Alpha targets.
		Continuing on the delay-slot-across-page-boundary issue.
20060412	Minor update: beginning to add support for the SPARC target
		to the remote GDB functionality.
20060414	Various MIPS updates: adding more instructions for dyntrans
		(eret, add), and making some exceptions work. Fixing a bug
		in dmult[u].
		Implementing the first SPARC instructions (sethi, or).
20060415	Adding "magic trap" instructions so that PROM calls can be
		software emulated in MIPS dyntrans.
		Adding more MIPS dyntrans instructions (ddiv, dadd) and
		fixing another bug in dmult.
20060416	More MIPS dyntrans progress: adding [d]addi, movn, movz, dsllv,
		rfi, an ugly hack for supporting R2000/R3000 style faked caches,
		preliminary interrupt support, and various other updates and
		bugfixes.
20060417	Adding more SPARC instructions (add, sub, sll[x], sra[x],
		srl[x]), and useful SPARC header definitions.
		Adding the first (trivial) x86/AMD64 dyntrans instructions (nop,
		cli/sti, stc/clc, std/cld, simple mov, inc ax). Various other
		x86 updates related to variable instruction length stuff.
		Adding unaligned loads/stores to the MIPS dyntrans mode (but
		still using the pre-dyntrans (slow) imlementation).
20060419	Fixing a MIPS dyntrans exception-in-delay-slot bug.
		Removing the old "show opcode statistics" functionality, since
		it wasn't really useful and isn't implemented for dyntrans.
		Single-stepping (or running with instruction trace) now looks
		ok with dyntrans with delay-slot architectures.
20060420	Minor hacks (removing the -B command line option when compiled
		for non-bintrans, and some other very minor updates).
		Adding (slow) MIPS dyntrans load-linked/store-conditional.
20060422	Applying fixes for bugs discovered by Nils Weller's nwcc
		(static DEC memmap => now per machine, and adding an extern
		keyword in cpu_arm_instr.c).
		Finally found one of the MIPS dyntrans bugs that I've been
		looking for (copy/paste spelling error BIG vs LITTLE endian in
		cpu_mips_instr_loadstore.c for 16-bit fast stores).
		FINALLY found the major MIPS dyntrans bug: slti vs sltiu
		signed/unsigned code in cpu_mips_instr.c. :-)
		Adding more MIPS dyntrans instructions (lwc1, swc1, bgezal[l],
		ctc1, tlt[u], tge[u], tne, beginning on rdhwr).
		NetBSD/hpcmips can now reach userland when using dyntrans :-)
		Adding some more x86 dyntrans instructions.
		Finally removed the old Alpha-specific virtual memory code,
		and replaced it with the generic 64-bit version.
		Beginning to add disassembly support for SPECIAL3 MIPS opcodes.
20060423	Continuing on the delay-slot-across-page-boundary issue;
		adding an end_of_page2 ic slot (like I had planned before, but
		had removed for some reason).
		Adding a quick-and-dirty fallback to legacy coprocessor 1
		code (i.e. skipping dyntrans implementation for now).
		NetBSD/hpcmips and NetBSD/pmax (when running on an emulated
		R4400) can now be installed and run. :-)  (Many bugs left
		to fix, though.)
		Adding more MIPS dyntrans instructions: madd[u], msub[u].
		Cleaning up the SPECIAL2 vs R5900/TX79/C790 "MMI" opcode
		maps somewhat (disassembly and dyntrans instruction decoding).
20060424	Adding an isa_revision field to mips_cpu_types.h, and making
		sure that SPECIAL3 opcodes cause Reserved Instruction
		exceptions on MIPS32/64 revisions lower than 2.
		Adding the SPARC 'ba', 'call', 'jmpl/retl', 'and', and 'xor'
		instructions.
20060425	Removing the -m command line option ("run at most x 
		instructions") and -T ("single_step_on_bad_addr"), because
		they never worked correctly with dyntrans anyway.
		Freshening up the man page.
20060428	Adding more MIPS dyntrans instructions: bltzal[l], idle.
		Enabling MIPS dyntrans compare interrupts.
20060429	FINALLY found the weird dyntrans bug, causing NetBSD etc. to
		behave strangely: some floating point code (conditional
		coprocessor branches) could not be reused from the old
		non-dyntrans code. The "quick-and-dirty fallback" only appeared
		to work. Fixing by implementing bc1* for MIPS dyntrans.
		More MIPS instructions: [d]sub, sdc1, ldc1, dmtc1, dmfc1, cfc0.
		Freshening up MIPS floating point disassembly appearance.
20060430	Continuing on C790/R5900/TX79 disassembly; implementing 128-bit
		"por" and "pextlw".
20060504	Disabling -u (userland emulation) unless compiled as unstable
		development version.
		Beginning on freshening up the testmachine include files,
		to make it easier to reuse those files (placing them in
		src/include/testmachine/), and beginning on a set of "demos"
		or "tutorials" for the testmachine functionality.
		Minor updates to the MIPS GDB remote protocol stub.
		Refreshing doc/experiments.html and gdb_remote.html.
		Enabling Alpha emulation in the stable release configuration,
		even though no guest OSes for Alpha can run yet.
20060505	Adding a generic 'settings' object, which will contain
		references to settable variables (which will later be possible
		to access using the debugger).
20060506	Updating dev_disk and corresponding demo/documentation (and
		switching from SCSI to IDE disk types, so it actually works
		with current test machines :-).
20060510	Adding a -D_LARGEFILE_SOURCE hack for 64-bit Linux hosts,
		so that fseeko() doesn't give a warning.
		Updating the section about how dyntrans works (the "runnable
		IR") in doc/intro.html.
		Instruction updates (some x64=1 checks, some more R5900
		dyntrans stuff: better mul/mult separation from MIPS32/64,
		adding ei and di).
		Updating MIPS cpuregs.h to a newer one (from NetBSD).
		Adding more MIPS dyntrans instructions: deret, ehb.
20060514	Adding disassembly and beginning implementation of SPARC wr
		and wrpr instructions.
20060515	Adding a SUN SPARC machine mode, with dummy SS20 and Ultra1
		machines. Adding the 32-bit "rd psr" instruction.
20060517	Disassembly support for the general SPARC rd instruction.
		Partial implementation of the cmp (subcc) instruction.
		Some other minor updates (making sure that R5900 processors
		start up with the EIE bit enabled, otherwise Linux/playstation2
		receives no interrupts).
20060519	Minor MIPS updates/cleanups.
20060521	Moving the MeshCube machine into evbmips; this seems to work
		reasonably well with a snapshot of a NetBSD MeshCube kernel.
		Cleanup/fix of MIPS config0 register initialization.
20060529	Minor MIPS fixes, including a sign-extension fix to the
		unaligned load/store code, which makes NetBSD/pmax on R3000
		work better with dyntrans. (Ultrix and Linux/DECstation still
		don't work, though.)
20060530	Minor updates to the Alpha machine mode: adding an AlphaBook
		mode, an LCA bus (forwarding accesses to an ISA bus), etc.
20060531	Applying a bugfix for the MIPS dyntrans sc[d] instruction from
		Ondrej Palkovsky. (Many thanks.)
20060601	Minifix to allow ARM immediate msr instruction to not give
		an error for some valid values.
		More Alpha updates.
20060602	Some minor Alpha updates.
20060603	Adding the Alpha cmpbge instruction. NetBSD/alpha prints its
		first boot messages :-) on an emulated Alphabook 1.
20060612	Minor updates; adding a dev_ether.h include file for the
		testmachine ether device. Continuing the hunt for the dyntrans
		bug which makes Linux and Ultrix on DECstation behave
		strangely... FINALLY found it! It seems to be related to
		invalidation of the translation cache, on tlbw{r,i}. There
		also seems to be some remaining interrupt-related problems.
20060614	Correcting the implementation of ldc1/sdc1 for MIPS dyntrans
		(so that it uses 16 32-bit registers if the FR bit in the
		status register is not set).
20060616	REMOVING BINTRANS COMPLETELY!
		Removing the old MIPS interpretation mode.
		Removing the MFHILO_DELAY and instruction delay stuff, because
		they wouldn't work with dyntrans anyway.
20060617	Some documentation updates (adding "NetBSD-archive" to some
		URLs, and new Debian/DECstation installation screenshots).
		Removing the "tracenull" and "enable-caches" configure options.
		Improving MIPS dyntrans performance somewhat (only invalidate
		translations if necessary, on writes to the entryhi register,
		instead of doing it for all cop0 writes).
20060618	More cleanup after the removal of the old MIPS emulation.
		Trying to fix the MIPS dyntrans performance bugs/bottlenecks;
		only semi-successful so far (for R3000).
20060620	Minor update to allow clean compilation again on Tru64/Alpha.
20060622	MIPS cleanup and fixes (removing the pc_last stuff, which
		doesn't make sense with dyntrans anyway, and fixing a cross-
		page-delay-slot-with-exception case in end_of_page).
		Removing the old max_random_cycles_per_chunk stuff, and the
		concept of cycles vs instructions for MIPS emulation.
		FINALLY found and fixed the bug which caused NetBSD/pmax
		clocks to behave strangely (it was a load to the zero register,
		which was treated as a NOP; now it is treated as a load to a
		dummy scratch register).
20060623	Increasing the dyntrans chunk size back to
		N_SAFE_DYNTRANS_LIMIT, instead of N_SAFE_DYNTRANS_LIMIT/2.
		Preparing for a quick release, even though there are known
		bugs, and performance for non-R3000 MIPS emulation is very
		poor. :-/
		Reverting to half the dyntrans chunk size again, because
		NetBSD/cats seemed less stable with full size chunks. :(
		NetBSD/sgimips 3.0 can now run :-)  (With release 0.3.8, only
		NetBSD/sgimips 2.1 worked, not 3.0.)

==============  RELEASE 0.4.0  ==============
1 <html><head><title>Gavare's eXperimental Emulator:&nbsp;&nbsp;&nbsp;Introduction</title>
2 <meta name="robots" content="noarchive,nofollow,noindex"></head>
3 <body bgcolor="#f8f8f8" text="#000000" link="#4040f0" vlink="#404040" alink="#ff0000">
4 <table border=0 width=100% bgcolor="#d0d0d0"><tr>
5 <td width=100% align=center valign=center><table border=0 width=100%><tr>
6 <td align="left" valign=center bgcolor="#d0efff"><font color="#6060e0" size="6">
7 <b>Gavare's eXperimental Emulator:</b></font><br>
8 <font color="#000000" size="6"><b>Introduction</b>
9 </font></td></tr></table></td></tr></table><p>
10
11 <!--
12
13 $Id: intro.html,v 1.87 2006/06/23 10:00:41 debug Exp $
14
15 Copyright (C) 2003-2006 Anders Gavare. All rights reserved.
16
17 Redistribution and use in source and binary forms, with or without
18 modification, are permitted provided that the following conditions are met:
19
20 1. Redistributions of source code must retain the above copyright
21 notice, this list of conditions and the following disclaimer.
22 2. Redistributions in binary form must reproduce the above copyright
23 notice, this list of conditions and the following disclaimer in the
24 documentation and/or other materials provided with the distribution.
25 3. The name of the author may not be used to endorse or promote products
26 derived from this software without specific prior written permission.
27
28 THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
29 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
32 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 SUCH DAMAGE.
39
40 -->
41
42 <a href="./">Back to the index</a>
43
44 <p><br>
45 <h2>Introduction</h2>
46
47 <p>
48 <table border="0" width="99%"><tr><td valign="top" align="left">
49 <ul>
50 <li><a href="#overview">Overview</a>
51 <li><a href="#free">Is GXemul Free software?</a>
52 <li><a href="#build">How to compile/build the emulator</a>
53 <li><a href="#run">How to run the emulator</a>
54 <li><a href="#cpus">Which processor architectures does GXemul emulate?</a>
55 <li><a href="#hosts">Which host architectures are supported?</a>
56 <li><a href="#translation">What kind of translation does GXemul use?</a>
57 <li><a href="#accuracy">Emulation accuracy</a>
58 <li><a href="#emulmodes">Which machines does GXemul emulate?</a>
59 </ul>
60 </td><td valign="center" align="center">
61 <a href="20050317-example.png"><img src="20050317-example_small.png"></a>
62 <p>NetBSD/pmax 1.6.2 with X11<br>running in GXemul</td></tr></table>
63
64
65
66
67 <p><br>
68 <a name="overview"></a>
69 <h3>Overview:</h3>
70
71 GXemul is an experimental instruction-level machine emulator. Several
72 emulation modes are available. In some modes, processors and surrounding
73 hardware components are emulated well enough to let unmodified operating
74 systems (e.g. NetBSD) run as if they were running on a real machine.
75
76 <p>Devices and processors (ARM, MIPS, PowerPC) are not simulated with 100%
77 accuracy. They are only ``faked'' well enough to allow guest operating
78 systems run without complaining too much. Still, the emulator could be of
79 interest for academic research and experiments, such as when learning how
80 to write operating system code.
81
82 <p>The emulator is written in C, does not depend on third-party libraries,
83 and should compile and run on most 64-bit and 32-bit Unix-like systems.
84
85 <p>The emulator contains code which tries to emulate the workings of CPUs
86 and surrounding hardware found in real machines, but it does not contain
87 any ROM code. You will need some form of program (in binary form) to run
88 in the emulator. For many emulation modes, PROM calls are handled by the
89 emulator itself, so you do not need to use any ROM image at all.
90
91 <p>You can use pre-compiled kernels (for example NetBSD kernels, or
92 Linux), or other programs that are in binary format, and in some cases
93 even actual ROM images. A couple of different file formats are supported
94 (ELF, a.out, ECOFF, SREC, and raw binaries).
95
96 <p>If you do not have a kernel as a separate file, but you have a bootable
97 disk image, then it is sometimes possible to boot directly from that
98 image. (This works for example with DECstation emulation, or when booting
99 from ISO9660 CDROM images.)
100
101
102
103
104
105
106
107
108 <p><br>
109 <a name="free"></a>
110 <h3>Is GXemul Free software?</h3>
111
112 Yes. I have released GXemul under a Free license. The code in GXemul is
113 Copyrighted software, it is <i>not</i> public domain. (If this is
114 confusing to you, you might want to read up on the definitions of the
115 four freedoms associated with Free software, <a
116 href="http://www.gnu.org/philosophy/free-sw.html">http://www.gnu.org/philosophy/free-sw.html</a>.)
117
118 <p>The code I have written is released under a 3-clause BSD-style license
119 (or "revised BSD-style" if one wants to use <a
120 href="http://www.gnu.org/philosophy/bsd.html">GNU jargon</a>). Apart from
121 the code I have written, some files are copied from other sources such as
122 NetBSD, for example header files containing symbolic names of bitfields in
123 device registers. They are also covered by similar licenses, but with some
124 additional clauses. The main point, however, is that the licenses require
125 that the original Copyright and license terms are included when you make a
126 copy or modification.
127
128 <p>If you plan to redistribute GXemul <i>without</i> supplying the source
129 code, then you need to comply with each individual source file some other
130 way, for example by writing additional documentation containing copyright
131 notes. I have not done this, since I do not plan on making distributions
132 without source code. You need to check all individual files for details.
133 The "easiest way out" if you plan to redistribute code from GXemul is, of
134 course, to let it remain open source and simply supply the source code.
135
136 <p>In case you want to reuse parts of GXemul, but you need to do that
137 under a different license (e.g. the GPL), then contact me and I might
138 re-license/dual-license files on a case-by-case basis.
139
140
141
142
143
144 <p><br>
145 <a name="build"></a>
146 <h3>How to compile/build the emulator:</h3>
147
148 Uncompress the .tar.gz distribution file, and run
149 <pre>
150 $ <b>./configure</b>
151 $ <b>make</b>
152 </pre>
153
154 <p>This should work on most Unix-like systems. GXemul does not require any
155 specific libraries to build, however, if you build on a system which does
156 not have X11 libraries installed, some functionality will be lost.
157
158 <p>The emulator's performance is highly dependent on both runtime settings
159 and on compiler settings, so you might want to experiment with different
160 CC and CFLAGS environment variable values. For example, on an AMD Athlon
161 host, you might want to try setting <tt>CFLAGS</tt> to <tt>-march=athlon</tt>
162 before running <tt>configure</tt>.
163
164
165
166
167
168
169
170 <p><br>
171 <a name="run"></a>
172 <h3>How to run the emulator:</h3>
173
174 Once you have built GXemul, running it should be rather straight-forward.
175 Running <tt><b>gxemul</b></tt> without arguments (or with the
176 <b><tt>-h</tt></b> or <b><tt>-H</tt></b> command line options) will
177 display a help message.
178
179 <p>
180 To get some ideas about what is possible to run in the emulator, please
181 read the section about <a href="guestoses.html">installing "guest"
182 operating systems</a>. If you are interested in using the emulator to
183 develop code on your own, then you should also read the section about
184 <a href="experiments.html#hello">Hello World</a>.
185
186 <p>
187 To exit the emulator, type CTRL-C to enter the
188 single-step debugger, and then type <tt><b>quit</b></tt>.
189
190 <p>
191 If you are starting an emulation by entering settings directly on the
192 command line, and you are not using the <tt><b>-x</b></tt> option, then all
193 terminal input and output will go to the main controlling terminal.
194 CTRL-C is used to break into the debugger, so in order to send CTRL-C to
195 the running (emulated) program, you may use CTRL-B.
196 (This should be a reasonable compromise to allow the emulator to be usable
197 even on systems without X Windows.)
198
199 <p>
200 There is no way to send an actual CTRL-B to the emulated program, when
201 typing in the main controlling terminal window. The solution is to either
202 use <a href="configfiles.html">configuration files</a>, or use
203 <tt><b>-x</b></tt>. Both these solutions cause new xterms to be opened for
204 each emulated serial port that is written to. CTRL-B and CTRL-C both have
205 their original meaning in those xterm windows.
206
207
208
209
210
211 <p><br>
212 <a name="cpus"></a>
213 <h3>Which processor architectures does GXemul emulate?</h3>
214
215 The architectures that are emulated well enough to let at least one
216 guest operating system run (per architecture) are ARM, MIPS, and
217 PowerPC.
218
219
220
221
222
223 <p><br>
224 <a name="hosts"></a>
225 <h3>Which host architectures are supported?</h3>
226
227 As of release 0.4.0 of GXemul, the old binary translation subsystem, which
228 was used for emulation of MIPS processors on Alpha and i386 hosts, has
229 been removed. The current dynamic translation subsystem should work on any
230 host.
231
232
233
234
235
236 <p><br>
237 <a name="translation"></a>
238 <h3>What kind of translation does GXemul use?</h3>
239
240 <b>Static vs. dynamic:</b>
241
242 <p>In order to support guest operating systems, which can overwrite old
243 code pages in memory with new code, it is necessary to translate code
244 dynamically. It is not possible to do a "one-pass" (static) translation.
245 Self-modifying code and Just-in-Time compilers running inside
246 the emulator are other things that would not work with a static
247 translator. GXemul is a dynamic translator. However, it does not
248 necessarily translate into native code, like many other emulators.
249
250 <p><b>"Runnable" Intermediate Representation:</b>
251
252 <p>Dynamic translators usually translate from the emulated architecture
253 (e.g. MIPS) into a kind of <i>intermediate representation</i> (IR), and then
254 to native code (e.g. AMD64 or x86 code). Since one of my main goals for
255 GXemul is to keep everything as portable as possible, I have tried to make
256 sure that the IR is something which can be executed regardless of whether
257 the final step (translation from IR to native code) has been implemented
258 or not.
259
260 <p>The IR in GXemul consists of arrays of pointers to functions, and a few
261 arguments which are passed along to those functions. The functions are
262 implemented in either manually hand-coded C, or automatically generated C.
263 In any case, this is all statically linked into the GXemul binary at link
264 time.
265
266 <p>Here is a simplified diagram of how these arrays work.
267
268 <p><center><img src="simplified_dyntrans.png"></center>
269
270 <p>There is one instruction call slot for every possible program counter
271 location. In the MIPS case, instruction words are 32 bits in length,
272 and pages are (usually) 4 KB large, resulting in 1024 instruction call
273 slots. After the last of these instruction calls, there is an additional
274 call to a special "end of page" function (which doesn't count as an executed
275 instruction). This function switches to the first instruction
276 on the next virtual page (which might cause exceptions, etc).
277
278 <p>The complexity of individual instructions vary. A simple example of
279 what an instruction can look like is the MIPS <tt>addiu</tt> instruction:
280 <pre>
281 X(addiu)
282 {
283 reg(ic->arg[1]) = (int32_t)
284 ((int32_t)reg(ic->arg[0]) + (int32_t)ic->arg[2]);
285 }
286 </pre>
287
288 <p>It stores the result of a 32-bit addition of the register at arg[0]
289 with the immediate value arg[2] (treating both as signed 32-bit
290 integers) into register arg[1]. If the emulated CPU is a 64-bit CPU,
291 then this will store a correctly sign-extended value into arg[1].
292 If it is a 32-bit CPU, then only the lowest 32 bits will be stored,
293 and the high part ignored. <tt>X(addiu)</tt> is expanded to
294 <tt>mips_instr_addiu</tt> in the 64-bit case, and <tt>mips32_instr_addiu</tt>
295 in the 32-bit case. Both are compiled into the GXemul executable; no code
296 is created during run-time.
297
298 <p>Here are examples of what the <tt>addiu</tt> instruction actually
299 looks like when it is compiled, on various host architectures:
300
301 <p><center><table border="0">
302 <tr><td><b>GCC 4.0.1 on Alpha:</b></td>
303 <td width="35"></td><td></td>
304 <tr>
305 <td valign="top">
306 <pre>mips_instr_addiu:
307 ldq t1,8(a1)
308 ldq t2,24(a1)
309 ldq t3,16(a1)
310 ldq t0,0(t1)
311 addl t0,t2,t0
312 stq t0,0(t3)
313 ret</pre>
314 </td>
315 <td></td>
316 <td valign="top">
317 <pre>mips32_instr_addiu:
318 ldq t2,8(a1)
319 ldq t0,24(a1)
320 ldq t3,16(a1)
321 ldl t1,0(t2)
322 addq t0,t1,t0
323 stl t0,0(t3)
324 ret</pre>
325 </td>
326 </tr>
327
328 <tr><td><b><br>GCC 3.4.4 on AMD64:</b></td>
329 <tr>
330 <td valign="top">
331 <pre>mips_instr_addiu:
332 mov 0x8(%rsi),%rdx
333 mov 0x18(%rsi),%rax
334 mov 0x10(%rsi),%rcx
335 add (%rdx),%eax
336 cltq
337 mov %rax,(%rcx)
338 retq</pre>
339 </td>
340 <td></td>
341 <td valign="top">
342 <pre>mips32_instr_addiu:
343 mov 0x8(%rsi),%rcx
344 mov 0x10(%rsi),%rdx
345 mov (%rcx),%eax
346 add 0x18(%rsi),%eax
347 mov %eax,(%rdx)
348 retq</pre>
349 </td>
350 </tr>
351
352 <tr><td><b><br>GCC 4.0.1 on i386:</b></td>
353 <tr>
354 <td valign="top">
355 <pre>mips_instr_addiu:
356 mov 0x8(%esp),%eax
357 mov 0x8(%eax),%ecx
358 mov 0x4(%eax),%edx
359 mov 0xc(%eax),%eax
360 add (%edx),%eax
361 mov %eax,(%ecx)
362 cltd
363 mov %edx,0x4(%ecx)
364 ret</pre>
365 </td>
366 <td></td>
367 <td valign="top">
368 <pre>mips32_instr_addiu:
369 mov 0x8(%esp),%eax
370 mov 0x8(%eax),%ecx
371 mov 0x4(%eax),%edx
372 mov 0xc(%eax),%eax
373 add (%edx),%eax
374 mov %eax,(%ecx)
375 ret</pre>
376 </td>
377 </tr>
378 </table></center>
379
380 <p>On 64-bit hosts, there is not much difference, but on 32-bit hosts (and
381 to some extent on AMD64), the difference is enough to make it worthwhile.
382
383
384 <p><b>Performance:</b>
385
386 <p>The performance of using this kind of runnable IR is obviously lower
387 than what can be achieved by emulators using native code generation, but
388 can be significantly higher than using a naive fetch-decode-execute
389 interpretation loop. In my opinion, using a runnable IR is an interesting
390 compromise.
391
392 <p>The overhead per emulated instruction is usually around or below
393 approximately 10 host instructions. This is very much dependent on your
394 host architecture and what compiler and compiler switches you are using.
395 Added to this instruction count is (of course) also the C code used to
396 implement each specific instruction.
397
398 <p><b>Instruction Combinations:</b>
399
400 <p>Short, common instruction sequences can sometimes be replaced by a
401 "compound" instruction. An example could be a compare instruction followed
402 by a conditional branch instruction. The advantages of instruction
403 combinations are that
404 <ul>
405 <li>the amortized overhead per instruction is slightly reduced, and
406 <p>
407 <li>the host's compiler can make a good job at optimizing the common
408 instruction sequence.
409 </ul>
410
411 <p>The special cases where instruction combinations give the most gain
412 are in the cores of string/memory manipulation functions such as
413 <tt>memset()</tt> or <tt>strlen()</tt>. The core loop can then (at least
414 to some extent) be replaced by a native call to the equivalent function.
415
416 <p>The implementations of compound instructions still keep track of the
417 number of executed instructions, etc. When single-stepping, these
418 translations are invalidated, and replaced by normal instruction calls
419 (one per emulated instruction).
420
421 <p><b>Native Code Back-ends: (not in this release)</b>
422
423 <p>In theory, it will be possible to implement native code generation
424 (similar to what is used in high-performance emulators such as QEMU),
425 as long as that generated code abides to the C ABI on the host, but
426 for now I wanted to make sure that GXemul works without such native
427 code back-ends. For this reason, as of release 0.4.0, GXemul is
428 completely free of native code back-ends.
429
430
431
432
433
434
435 <p><br>
436 <a name="accuracy"></a>
437 <h3>Emulation accuracy:</h3>
438
439 GXemul is an instruction-level emulator; things that would happen in
440 several steps within a real CPU are not taken into account (e.g. pipe-line
441 stalls or out-of-order execution). Still, instruction-level accuracy seems
442 to be enough to be able to run complete guest operating systems inside the
443 emulator.
444
445 <p>The existance of instruction and data caches is "faked" to let
446 operating systems think that they are there, but for all practical
447 purposes, these caches are non-working.
448
449 <p>The emulator is <i>not</i> timing-accurate. It can be run in a
450 "deterministic" mode, <tt><b>-D</b></tt>. The meaning of deterministic is
451 simply that running two emulations with the same settings will result in
452 identical runs. Obviously, this requires that no user interaction is
453 taking place, and that clock speeds are fixed with the <tt><b>-I</b></tt>
454 option. (Deterministic in this case does <i>not</i> mean that the
455 emulation will be identical to some actual real-world machine.)
456
457 <p>(Note that user interaction means <i>both</i> input to the emulated
458 program/OS, and interaction with the emulator's debugger. Breaking into the
459 debugger and then continuing execution may affect when/how interrupts
460 occur.)
461
462
463
464
465
466
467 <p><br>
468 <a name="emulmodes"></a>
469 <h3>Which machines does GXemul emulate?</h3>
470
471 A few different machine types are emulated. The following machine types
472 are emulated well enough to run at least one "guest OS":
473
474 <p>
475 <ul>
476 <li><b><u>ARM</u></b>
477 <ul>
478 <li><b>CATS</b> (NetBSD/cats, OpenBSD/cats)
479 <li><b>IQ80321</b> (NetBSD/evbarm)
480 </ul>
481 <p>
482 <li><b><u>MIPS</u></b>
483 <ul>
484 <li><b>DECstation 5000/200</b> (NetBSD/pmax, OpenBSD/pmax, Ultrix,
485 Linux/DECstation, Sprite)
486 <li><b>Acer Pica-61</b> (NetBSD/arc)
487 <li><b>NEC MobilePro 770, 780, 800, and 880</b> (NetBSD/hpcmips)
488 <li><b>Cobalt</b> (NetBSD/cobalt)
489 <li><b>Malta</b> (NetBSD/evbmips)
490 <li><b>SGI O2 (aka IP32)</b> <font color="#0000e0">(<super>*</super>)</font>
491 (NetBSD/sgi)
492 </ul>
493 <p>
494 <li><b><u>PowerPC</u></b>
495 <ul>
496 <li><b>IBM 6050/6070 (PReP, PowerPC Reference Platform)</b> (NetBSD/prep)
497 </ul>
498 </ul>
499
500 <p><small><font color="#0000e0">(<super>*</super>)</font> =
501 Enough for root-on-nfs, but not for disk boot.)</small>
502
503 <p>There is code in GXemul for emulation of many other machine types; the
504 degree to which these work range from almost being able to run a complete
505 OS, to almost completely unsupported (perhaps just enough support to
506 output a few boot messages via serial console).
507
508 <p>In addition to emulating real machines, there is also a "test-machine".
509 A test-machine consists of one or more CPUs and a few experimental devices
510 such as:
511
512 <p>
513 <ul>
514 <li>a console I/O device (putchar() and getchar()...)
515 <li>an inter-processor communication device, for SMP experiments
516 <li>a very simple linear framebuffer device (for graphics output)
517 <li>a simple SCSI disk controller
518 <li>a simple ethernet controller
519 </ul>
520
521 <p>This mode is useful if you wish to run experimental code, but do not
522 wish to target any specific real-world machine type, for example for
523 educational purposes.
524
525 <p>You can read more about these experimental devices <a
526 href="experiments.html#expdevices">here</a>.
527
528
529
530
531
532
533 </body>
534 </html>
  ViewVC Help
Powered by ViewVC 1.1.26