Cooperative Computing & Communication Laboratory First QEMU Users’ Forum Alpexpo Grenoble, March 18th 2011 Frédéric Pétrot & Wolfgang Mueller What is QEMU? . Open source library for hardware emulation and virtualization . FtCPUddiFast CPU and device emu ltblator base d on dynamic binary translation . Execution of SW binaries of a guest instruction set on host PC Development of drivers and application SW on host PC Debugging of guest binaries Development of SW tool chain for guest SW . Different operation modes full system emulation user mode emulation KQEMU/KVM QEMU Users’ Forum, Grenoble 2011 2 QEMU History . Open source project initiated by Fabrice Bellard . First release v0.1.0 (2003) . Current version v0.14.0 . Deve lopmen t commun ity (~ 3000 ent ri es i n maili ng li st) project Wiki http: //www.qemu.org/ GIT quellcode repository http://git.qemu .org/ QEMU Users’ Forum, Grenoble 2011 3 QEMU Emulation Modes . Full System Emulation Guest System Applications Execution of RT(OS) & Divers • Application software programs • Complete drivers and communication stack CPU, Memory & I/Os • Operating system Host Process Memory Management Unit (MMU) Full System Emulation CPU & devices . User Mode Emulation Guest Process Application Execution of a single application program (unprivileged instructions) CPU (User Mode) System calls are redirected to Host Process host operating system User Mode Emulation QEMU Users’ Forum, Grenoble 2011 4 Operating Systems . Host Operating Systems Linux BSD Mac OS X Windows+Cygwin Windows (llimited /older version) . Guest Operating Systems Approx. 300 supported operating systems see httppq://www.claunia.com/qemu/ QEMU Users’ Forum, Grenoble 2011 5 Guest CPUs . Supported Guest Platforms x86 i386 ARM PowerPC Sparc32/Sparc64 MIPS ColdFire (m68k) Alpha ETRAX CRIS Microblaze SH4 S390x . Information “-cpu ?”: list of supported instruction sets “-help”: list of supported devices “-M ?”: list of supported boards QEMU Users’ Forum, Grenoble 2011 6 Device Emulations . Devices for x86 Emulation: Graphics card (Cirrus CLGD 5446 PCI VGA-card, Standard-VGA) Network card (RealTek + PCI Adapp)ter) Sound cards Parallel port Serial interface PCI ATA interfaces PCI and ISA systems USB-Controller CD-ROM/DVD drive by ISO image Floppy disk Loudspeaker PS/2 mouse an d key boar d QEMU Users’ Forum, Grenoble 2011 7 Binary Translation Instruction Mapping Micro Operations Guest Instructions Host Instructions Register and Memory Mapping QEMU Users’ Forum, Grenoble 2011 8 Dynamic Binary Translation No Known Fetch Decode Branch? Execute Yes PC? No Yes 010101 101010 Microcode Code 101000 Translation Instructions Generator 010110 Cache [Adapted from: M. Gligor et al. - Using binary translation in event driven simulation for fast and flexible MPSoC simulation, CODES+ISSS’09, Grenoble, France] QEMU Users’ Forum, Grenoble 2011 9 Dynamic Binary Translation No Known Fetch Decode Branch? Execute Yes PC? No Yes 010101 101010 Micro code Code 101000 Translation Instructions Generator 010110 Cache guest_instr_x [Adapted from: M. Gligor et al. - Using binary translation in event driven simulation for fast and flexible MPSoC simulation, CODES+ISSS’09, Grenoble, France] QEMU Users’ Forum, Grenoble 2011 10 Dynamic Binary Translation No Known Fetch Decode Branch? Execute Yes PC? No Yes 010101 101010 Micro code Code 101000 Translation Instructions Generator 010110 Cache guest_instr_x micro_op1_x micro_op2_X [Adapted from: M. Gligor et al. - Using binary translation in event driven simulation for fast and flexible MPSoC simulation, CODES+ISSS’09, Grenoble, France] QEMU Users’ Forum, Grenoble 2011 11 Dynamic Binary Translation No Known Fetch Decode Branch? Execute Yes PC? No Yes Tran 010101 101010 Micro code Code 101000 Translation Instructions Generator s 010110 Cache lated B guest_instr_x micro_op1_x host_instr1_X l htit2Xhost_instr2_X ock (TP host_instr3_X micro_op2_X host_instr4_X host_instr5 _X ) [Adapted from: M. Gligor et al. - Using binary translation in event driven simulation for fast and flexible MPSoC simulation, CODES+ISSS’09, Grenoble, France] QEMU Users’ Forum, Grenoble 2011 12 Translation Cache Direct Block Chaining while { … FindNextTB(PC) … } Hash Table Translation Cache … 0xd3ef … 0xeffc … 0xd3ef 0xffcb … 0ffb0xffcb 0xeffc Translated qemu_set_irq () Blocks QEMU Users’ Forum, Grenoble 2011 13 Copyrights and Licensing . QEMU registered trademark of Fabrice Bellard . QEMU in general: GNU Public License (GPL) . libqemu.a: GNU Lesser Public License (LGPL) . Parts of source code some devices : BSD License KQEMU k ernel mod ul e GPL2 License QEMU Users’ Forum, Grenoble 2011 14 Research Outlook (1/2) Motivation Transaction- level models RTOS-aware refinement flow Conclusion Research outlook QEMU Users’ Forum, Grenoble 2011 15.