CPU Emulators a Quick Look on Their Types, Principles of Design and Operation

CPU emulators A quick look on their types, principles of design and operation

Grigory Rechistov

Intel–MIPT lab, MDSP project

October 2010

1 Actually, there is no precise deﬁnition.

The deﬁnition

Emulator a program that executes models of certain pieces of hardware.

2 The deﬁnition

Emulator a program that executes models of certain pieces of hardware. Actually, there is no precise deﬁnition.

2 Emulation versus Simulation

Many meanings exist. I just interchange both terms. Emulation was introduced in 1957 by IBM and since then it was reinterpreted many times. In Russian, we usually use simple ¾Моделирование¿.

3 ?

. . . But we can build one step by step!

How a simulator is usually designed

4 . . . But we can build one step by step!

How a simulator is usually designed ?

4 How a simulator is usually designed ?

. . . But we can build one step by step!

4 Question: what can be included in system state?

Functional model

Simulates only the functional features of hardware.

System state statei+1=F (statei ) System state in step i in step i+1

5 Functional model

Simulates only the functional features of hardware.

System state statei+1=F (statei ) System state in step i in step i+1

Question: what can be included in system state?

5 Question: what is in temporal state?

Clock-precise model Sometimes is called ¾Performance¿. Adds a concept of internal temporal state.

System state statei+1=F (statei ) System state in step i in step i+1

Internal state

6 Clock-precise model Sometimes is called ¾Performance¿. Adds a concept of internal temporal state.

System state statei+1=F (statei ) System state in step i in step i+1

Internal state

Question: what is in temporal state? 6 Functional model:

Task: write a table of boolean truth for this adder.

A bit of distraction: a 1 bit summator

7 Task: write a table of boolean truth for this adder.

A bit of distraction: a 1 bit summator

Functional model:

7 A bit of distraction: a 1 bit summator

Functional model:

Task: write a table of boolean truth for this adder.

7 Note: clock synchronization circuitry is not shown.

Real 1 bit half-summator

8 Real 1 bit half-summator

Note: clock synchronization circuitry is not shown.

8 Note: clock synchronization circuitry is not shown. Question: what type of model this scheme is functional or clock-precise?

2 bit full summator with latency

9 Question: what type of model this scheme is functional or clock-precise?

2 bit full summator with latency

Note: clock synchronization circuitry is not shown.

9 2 bit full summator with latency

Note: clock synchronization circuitry is not shown. Question: what type of model this scheme is functional or clock-precise?

9 Please note that we don’t specify the size of numbers being added or any details of adder. We simply modelled functions and timings!

A clock-presise variant of model of full 2 bit adder

10 A clock-presise variant of model of full 2 bit adder

Please note that we don’t specify the size of numbers being added or any details of adder. We simply modelled functions and timings!

10 Execute N steps System state FuncSim in step i Scheduler

Standalone functional model

Attempts to be on its own. But for this it needs an entity with notion of time!

11 Standalone functional model

Attempts to be on its own. But for this it needs an entity with notion of time!

Execute N steps System state FuncSim in step i Scheduler

11 Full platform functional models Simulates only the functional features of hardware.

Execute I steps

System state FuncSim in step i

Scheduler

DeviceX System state in step k FuncModel Execute K steps

1. Hardly can be used to measure speed, performance, power or certain other parameters of HW. 2. Are able to emulate quite complex systems from booting OS to airplane complexes. 3. Comparatively fast emulation (slowdown ×2 − ×100). 12 Full platform functional models Simulates only the functional features of hardware.

Execute I steps

System state FuncSim in step i

Scheduler

DeviceX System state in step k FuncModel Execute K steps

1. Hardly can be used to measure speed, performance, power or certain other parameters of HW. 2. Are able to emulate quite complex systems from booting OS to airplane complexes. 3. Comparatively fast emulation (slowdown ×2 − ×100). 12 It is a task of scheduling similar to one performed in an OS.

I Cooperative multitasking

I Preemptive multitasking Another issue is

I Problem of synchronization of all devices’ point of view on time.

Simulation of time

Problem: there are many devices to simulate and only one time line. . .

13 Another issue is

I Problem of synchronization of all devices’ point of view on time.

Simulation of time

Problem: there are many devices to simulate and only one time line. . . It is a task of scheduling similar to one performed in an OS.

I Cooperative multitasking

I Preemptive multitasking

13 Simulation of time

Problem: there are many devices to simulate and only one time line. . . It is a task of scheduling similar to one performed in an OS.

I Cooperative multitasking

I Preemptive multitasking Another issue is

I Problem of synchronization of all devices’ point of view on time.

13 Types of emulators one more time.

Application mode provide just minimal set of components able to run the particular workloads, e.g. CPU, memory, IO. Full platform simulates the complete set of HW found in a particular computing system: CPU, memory, network, sound, display, disk, keyboard/mouse. . . Hybrid use a junction of software components with ones modeled with hardware models e.g. on FPGA. Distributed are placed on several computers and interact over the network.

14 Application mode

I Usually the ﬁrst one to be implemented for a new architecture.

I Cannot simulate any OS booting (as if there is any OS for the new architecture!)

I But applications need an OS to work! Thus such simulator has to implement some minimal non-architectural ABI.

I Can be used to build some performance simulator and let it measure speed etc [6].

15 Application mode

I Usually the ﬁrst one to be implemented for a new architecture.

I Cannot simulate any OS booting (as if there is any OS for the new architecture!)

I But applications need an OS to work! Thus such simulator has to implement some minimal non-architectural ABI.

I Can be used to build some performance simulator and let it measure speed etc [6].

15 Application mode

I Usually the ﬁrst one to be implemented for a new architecture.

I Cannot simulate any OS booting (as if there is any OS for the new architecture!)

I But applications need an OS to work! Thus such simulator has to implement some minimal non-architectural ABI.

I Can be used to build some performance simulator and let it measure speed etc [6].

15 Application mode

I Usually the ﬁrst one to be implemented for a new architecture.

I Cannot simulate any OS booting (as if there is any OS for the new architecture!)

I But applications need an OS to work! Thus such simulator has to implement some minimal non-architectural ABI.

I Can be used to build some performance simulator and let it measure speed etc [6].

15 Application mode

I Usually the ﬁrst one to be implemented for a new architecture.

I Cannot simulate any OS booting (as if there is any OS for the new architecture!)

I But applications need an OS to work! Thus such simulator has to implement some minimal non-architectural ABI.

I Can be used to build some performance simulator and let it measure speed etc [6].

15 General steps in making an emulator [4]

I Model the CPU and memory.

I Emulate an instruction set, create disassembler.

I Stub out the rest of the architecture.

I Get basic IO working.

I Work on virtualizing the remaining hardware.

16 The simpliest CPU emulation [3]

for(;;) { OpCode = Memory[PC]; PC++; // program counter Counter -= Cycles[OpCode]; switch(OpCode) { case OpCode1: Simulate1(); break; case OpCode2: Simulate2(); break; //... } if(Counter <= 0) { // check for interrupts and other tasks Counter += InterruptPeriod; if (ExitRequired) break; } }

17 Memory emulation The simplest way to access emulated memory is to treat it as a plain array of items:

Data = Memory[Address1]; Memory[Address2] = Data;

Such simple memory access is not always possible for following reasons:

I Paged Memory.

I Mirrored Memory.

I ROM protection.

I Memory-Mapped I/O. Accesses to such memory locations produce special eﬀects and therefore should be tracked.

Data=ReadMemory(Address1); WriteMemory(Address2,Data);

18 Traces

state(0) state(K)

Instr1 Instr2 Generated ... F(1...N) InstrN-1 InstrN

state(N) state(K+N)

A bit low on speed? The common rule: don’t do the work already done.

19 A bit low on speed? The common rule: don’t do the work already done. Traces

state(0) state(K)

Instr1 Instr2 Generated ... F(1...N) InstrN-1 InstrN

state(N) state(K+N)

19 A bit low on speed? Hyper Simulation

state(0) state(0)

Instr1 Instr2 ... InstrN-1 InstrN

state(N) state(N)

20 How to boost the speed

Wide range of techniques is used

I Not so lame interpretation: hashing, lookup tables.

I Binary translation.

I Just-in-time compilation.

I Direct execution using virtualization.

21 In 1957. 2. What type of emulators is the slowest? Performance 3. What type of emulators is the most accurate? it depends on task.

Quiz

1. When was term emulation invented?

22 2. What type of emulators is the slowest? Performance 3. What type of emulators is the most accurate? it depends on task.

Quiz

1. When was term emulation invented? In 1957.

22 Performance 3. What type of emulators is the most accurate? it depends on task.

Quiz

1. When was term emulation invented? In 1957. 2. What type of emulators is the slowest?

22 3. What type of emulators is the most accurate? it depends on task.

Quiz

1. When was term emulation invented? In 1957. 2. What type of emulators is the slowest? Performance

22 it depends on task.

Quiz

1. When was term emulation invented? In 1957. 2. What type of emulators is the slowest? Performance 3. What type of emulators is the most accurate?

22 Quiz

1. When was term emulation invented? In 1957. 2. What type of emulators is the slowest? Performance 3. What type of emulators is the most accurate? it depends on task.

22 Quiz

1. When was term emulation invented? In 1957. 2. What type of emulators is the slowest? Performance 3. What type of emulators is the most accurate? it depends on task.

22 More to read

Крис Касперски. Техника оптимизации программ. Эффективное использование памяти. СПб. БХВ-Петербург, 2003. Wikipedia http://en.wikipedia.org/wiki/Emulator Marat Fayzullin. How To Write a Computer Emulator http://fms.komkon.org/EMUL8/HOWTO.html Tony Gray. How to Write an Emulator http://www.tucs.org.au/how-to-write-an-emulator/ Daniel Boris. How Do I Write an Emulator?, Part 1, R1.00 Carole Dulong et al. The Making of a Compiler for the Intel Itanium Processor. Intel Technology Journal Q3, 2001

23 24 Emulators

VirtualBox running Fedora 13.

25 Emulators

Qemu running ReactOS.

25 Emulators

Virtual RPC running MZX running ZX Spectrum.

25 I Oracle VirtualBox

I Microsoft VirtualPC

I Bochs

I Qemu

I Apple Rosetta

I AMD SimNOW!

I WindRiver Simics

I Parallels

I VMWare Workstation and Server

I ARMware

I . . . thousands of them! For every and each of architecture including PDP-10, ZX Spectrum, NES and Itanium.

Emulators, lots of them! [2]

26 I Microsoft VirtualPC

I Bochs

I Qemu

I Apple Rosetta

I AMD SimNOW!

I WindRiver Simics

I Parallels

I VMWare Workstation and Server

I ARMware

I . . . thousands of them! For every and each of architecture including PDP-10, ZX Spectrum, NES and Itanium.

Emulators, lots of them! [2]

I Oracle VirtualBox

26 I Bochs

I Qemu

I Apple Rosetta

I AMD SimNOW!

I WindRiver Simics

I Parallels

I VMWare Workstation and Server

I ARMware

I . . . thousands of them! For every and each of architecture including PDP-10, ZX Spectrum, NES and Itanium.

Emulators, lots of them! [2]

I Oracle VirtualBox

I Microsoft VirtualPC

26 I Qemu

I Apple Rosetta

I AMD SimNOW!

I WindRiver Simics

I Parallels

I VMWare Workstation and Server

I ARMware

I . . . thousands of them! For every and each of architecture including PDP-10, ZX Spectrum, NES and Itanium.

Emulators, lots of them! [2]

I Oracle VirtualBox

I Microsoft VirtualPC

I Bochs

26 I Apple Rosetta

I AMD SimNOW!

I WindRiver Simics

I Parallels

I VMWare Workstation and Server

I ARMware

I . . . thousands of them! For every and each of architecture including PDP-10, ZX Spectrum, NES and Itanium.

Emulators, lots of them! [2]

I Oracle VirtualBox

I Microsoft VirtualPC

I Bochs

I Qemu

26 I AMD SimNOW!

I WindRiver Simics

I Parallels

I VMWare Workstation and Server

I ARMware

I . . . thousands of them! For every and each of architecture including PDP-10, ZX Spectrum, NES and Itanium.

Emulators, lots of them! [2]

I Oracle VirtualBox

I Microsoft VirtualPC

I Bochs

I Qemu

I Apple Rosetta

26 I WindRiver Simics

I Parallels

I VMWare Workstation and Server

I ARMware

I . . . thousands of them! For every and each of architecture including PDP-10, ZX Spectrum, NES and Itanium.

Emulators, lots of them! [2]

I Oracle VirtualBox

I Microsoft VirtualPC

I Bochs

I Qemu

I Apple Rosetta

I AMD SimNOW!

26 I Parallels

I VMWare Workstation and Server

I ARMware

I . . . thousands of them! For every and each of architecture including PDP-10, ZX Spectrum, NES and Itanium.

Emulators, lots of them! [2]

I Oracle VirtualBox

I Microsoft VirtualPC

I Bochs

I Qemu

I Apple Rosetta

I AMD SimNOW!

I WindRiver Simics

26 I VMWare Workstation and Server

I ARMware

I . . . thousands of them! For every and each of architecture including PDP-10, ZX Spectrum, NES and Itanium.

Emulators, lots of them! [2]

I Oracle VirtualBox

I Microsoft VirtualPC

I Bochs

I Qemu

I Apple Rosetta

I AMD SimNOW!

I WindRiver Simics

I Parallels

26 I ARMware

I . . . thousands of them! For every and each of architecture including PDP-10, ZX Spectrum, NES and Itanium.

Emulators, lots of them! [2]

I Oracle VirtualBox

I Microsoft VirtualPC

I Bochs

I Qemu

I Apple Rosetta

I AMD SimNOW!

I WindRiver Simics

I Parallels

I VMWare Workstation and Server

26 I . . . thousands of them! For every and each of architecture including PDP-10, ZX Spectrum, NES and Itanium.

Emulators, lots of them! [2]

I Oracle VirtualBox

I Microsoft VirtualPC

I Bochs

I Qemu

I Apple Rosetta

I AMD SimNOW!

I WindRiver Simics

I Parallels

I VMWare Workstation and Server

I ARMware

26 Emulators, lots of them! [2]

I Oracle VirtualBox

I Microsoft VirtualPC

I Bochs

I Qemu

I Apple Rosetta

I AMD SimNOW!

I WindRiver Simics

I Parallels

I VMWare Workstation and Server

I ARMware

I . . . thousands of them! For every and each of architecture including PDP-10, ZX Spectrum, NES and Itanium.

26 Simulation of time

Non-executing devices Executing device (cosimulator)

Change state Device1 Give control

Device2 Scheduler CPU

Return control Device3

Simulated time

27 Other pecularities

I Simulation of MP systems.

I Endiannes.

I Speed of emulation.