Cooperative Computing & Communication Laboratory
First QEMU Users’ Forum Alpexpo Grenoble, March 18th 2011
Frédéric Pétrot & Wolfgang Mueller What is QEMU?
. Open source library for hardware emulation and virtualization
. FtCPUddiFast CPU and device emu ltblator base d on dynamic binary translation
. Execution of SW binaries of a guest instruction set on host PC Development of drivers and application SW on host PC Debugging of guest binaries Development of SW tool chain for guest SW
. Different operation modes full system emulation user mode emulation KQEMU/KVM
QEMU Users’ Forum, Grenoble 2011 2 QEMU History
. Open source project initiated by Fabrice Bellard
. First release v0.1.0 (2003)
. Current version v0.14.0
. Deve lopmen t commun ity (~ 3000 ent ri es i n maili ng li st)
project Wiki http:// www.qemu.org/
GIT quellcode repository http://git.qemu .org/
QEMU Users’ Forum, Grenoble 2011 3 QEMU Emulation Modes
. Full System Emulation Guest System Applications Execution of RT(OS) & Divers • Application software programs • Complete drivers and communication stack CPU, Memory & I/Os • Operating system Host Process Memory Management Unit (MMU) Full System Emulation CPU & devices
. User Mode Emulation Guest Process Application Execution of a single application program (unprivileged instructions) CPU (User Mode) System calls are redirected to Host Process host operating system User Mode Emulation
QEMU Users’ Forum, Grenoble 2011 4 Operating Systems
. Host Operating Systems Linux BSD Mac OS X Windows+Cygwin Windows (llimited /older version)
. Guest Operating Systems Approx. 300 supported operating systems see httppq://www.claunia.com/qemu/
QEMU Users’ Forum, Grenoble 2011 5 Guest CPUs
. Supported Guest Platforms x86 i386 ARM PowerPC Sparc32/Sparc64 MIPS ColdFire (m68k) Alpha ETRAX CRIS Microblaze SH4 S390x
. Information “-cpu ?”: list of supported instruction sets “-help”: list of supported devices “-M ?”: list of supported boards
QEMU Users’ Forum, Grenoble 2011 6 Device Emulations
. Devices for x86 Emulation:
Graphics card (Cirrus CLGD 5446 PCI VGA-card, Standard-VGA) Network card (RealTek + PCI Adapp)ter) Sound cards Parallel port Serial interface PCI ATA interfaces PCI and ISA systems USB-Controller CD-ROM/DVD drive by ISO image Floppy disk Loudspeaker PS/2 mouse and key boar d
QEMU Users’ Forum, Grenoble 2011 7 Binary Translation
Instruction Mapping Micro Operations
Guest Instructions Host Instructions
Register and Memory Mapping
QEMU Users’ Forum, Grenoble 2011 8 Dynamic Binary Translation
No
Known Fetch Decode Branch? Execute Yes PC? No Yes
010101 101010 Microcode Code 101000 Translation Instructions Generator 010110 Cache
[Adapted from: M. Gligor et al. - Using binary translation in event driven simulation for fast and flexible MPSoC simulation, CODES+ISSS’09, Grenoble, France]
QEMU Users’ Forum, Grenoble 2011 9 Dynamic Binary Translation
No
Known Fetch Decode Branch? Execute Yes PC? No Yes
010101 101010 Micro code Code 101000 Translation Instructions Generator 010110 Cache
guest_instr_x
[Adapted from: M. Gligor et al. - Using binary translation in event driven simulation for fast and flexible MPSoC simulation, CODES+ISSS’09, Grenoble, France]
QEMU Users’ Forum, Grenoble 2011 10 Dynamic Binary Translation
No
Known Fetch Decode Branch? Execute Yes PC? No Yes
010101 101010 Micro code Code 101000 Translation Instructions Generator 010110 Cache
guest_instr_x micro_op1_x
micro_op2_X
[Adapted from: M. Gligor et al. - Using binary translation in event driven simulation for fast and flexible MPSoC simulation, CODES+ISSS’09, Grenoble, France]
QEMU Users’ Forum, Grenoble 2011 11 Dynamic Binary Translation
No
Known Fetch Decode Branch? Execute Yes PC? No Yes Tran 010101 101010 Micro code Code 101000 Translation Instructions Generator s
010110 Cache B lated
guest_instr_x micro_op1_x host_instr1_X l htit2Xhost_instr2_X ock (TP host_instr3_X micro_op2_X host_instr4_X host_instr5 _X ) [Adapted from: M. Gligor et al. - Using binary translation in event driven simulation for fast and flexible MPSoC simulation, CODES+ISSS’09, Grenoble, France]
QEMU Users’ Forum, Grenoble 2011 12 Translation Cache Direct Block Chaining
while { … FindNextTB(PC) … } Hash Table Translation Cache … 0xd3ef … 0xeffc … 0xd3ef 0xffcb …
0ffb0xffcb
0xeffc
Translated qemu_set_irq () Blocks
QEMU Users’ Forum, Grenoble 2011 13 Copyrights and Licensing
. QEMU registered trademark of Fabrice Bellard
. QEMU in general: GNU Public License (GPL)
. libqemu.a: GNU Lesser Public License (LGPL)
. Parts of source code some devices : BSD License KQEMU k ernel mod ul e GPL2 License
QEMU Users’ Forum, Grenoble 2011 14 Research Outlook (1/2)
Motivation Transaction- level models RTOS-aware refinement flow Conclusion Research outlook
QEMU Users’ Forum, Grenoble 2011 15