docs/user/main.rst - qemu - Git at Google

 QEMU User space emulator
 ========================

 Supported Operating Systems
 ---------------------------

 The following OS are supported in user space emulation:

 -  Linux (referred as qemu-linux-user)

 -  BSD (referred as qemu-bsd-user)

 Features
 --------

 QEMU user space emulation has the following notable features:

 **System call translation:**
    QEMU includes a generic system call translator. This means that the
    parameters of the system calls can be converted to fix endianness and
    32/64-bit mismatches between hosts and targets. IOCTLs can be
    converted too.

 **POSIX signal handling:**
    QEMU can redirect to the running program all signals coming from the
    host (such as ``SIGALRM``), as well as synthesize signals from
    virtual CPU exceptions (for example ``SIGFPE`` when the program
    executes a division by zero).

    QEMU relies on the host kernel to emulate most signal system calls,
    for example to emulate the signal mask. On Linux, QEMU supports both
    normal and real-time signals.

 **Threading:**
    On Linux, QEMU can emulate the ``clone`` syscall and create a real
    host thread (with a separate virtual CPU) for each emulated thread.
    Note that not all targets currently emulate atomic operations
    correctly. x86 and Arm use a global lock in order to preserve their
    semantics.

 QEMU was conceived so that ultimately it can emulate itself. Although it
 is not very useful, it is an important test to show the power of the
 emulator.

 Linux User space emulator
 -------------------------

 Command line options
 ~~~~~~~~~~~~~~~~~~~~

 ::

    qemu-i386 [-h] [-d] [-L path] [-s size] [-cpu model] [-g port] [-B offset] [-R size] program [arguments...]

 ``-h``
    Print the help

 ``-L path``
    Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386)

 ``-s size``
    Set the x86 stack size in bytes (default=524288)

 ``-cpu model``
    Select CPU model (-cpu help for list and additional feature
    selection)

 ``-E var=value``
    Set environment var to value.

 ``-U var``
    Remove var from the environment.

 ``-B offset``
    Offset guest address by the specified number of bytes. This is useful
    when the address region required by guest applications is reserved on
    the host. This option is currently only supported on some hosts.

 ``-R size``
    Pre-allocate a guest virtual address space of the given size (in
    bytes). \"G\", \"M\", and \"k\" suffixes may be used when specifying
    the size.

 Debug options:

 ``-d item1,...``
    Activate logging of the specified items (use '-d help' for a list of
    log items)

 ``-g port``
    Wait gdb connection to port

 ``-one-insn-per-tb``
    Run the emulation with one guest instruction per translation block.
    This slows down emulation a lot, but can be useful in some situations,
    such as when trying to analyse the logs produced by the ``-d`` option.

 Environment variables:

 QEMU_STRACE
    Print system calls and arguments similar to the 'strace' program
    (NOTE: the actual 'strace' program will not work because the user
    space emulator hasn't implemented ptrace). At the moment this is
    incomplete. All system calls that don't have a specific argument
    format are printed with information for six arguments. Many
    flag-style arguments don't have decoders and will show up as numbers.

 Other binaries
 ~~~~~~~~~~~~~~

 -  user mode (Alpha)

    * ``qemu-alpha`` TODO.

 -  user mode (Arm)

    * ``qemu-armeb`` TODO.

    * ``qemu-arm`` is also capable of running Arm \"Angel\" semihosted ELF
      binaries (as implemented by the arm-elf and arm-eabi Newlib/GDB
      configurations), and arm-uclinux bFLT format binaries.

 -  user mode (ColdFire)

 -  user mode (M68K)

    * ``qemu-m68k`` is capable of running semihosted binaries using the BDM
      (m5xxx-ram-hosted.ld) or m68k-sim (sim.ld) syscall interfaces, and
      coldfire uClinux bFLT format binaries.

    The binary format is detected automatically.

 -  user mode (Cris)

    * ``qemu-cris`` TODO.

 -  user mode (i386)

    * ``qemu-i386`` TODO.
    * ``qemu-x86_64`` TODO.

 -  user mode (Microblaze)

    * ``qemu-microblaze`` TODO.

 -  user mode (MIPS)

    * ``qemu-mips`` executes 32-bit big endian MIPS binaries (MIPS O32 ABI).

    * ``qemu-mipsel`` executes 32-bit little endian MIPS binaries (MIPS O32 ABI).

    * ``qemu-mips64`` executes 64-bit big endian MIPS binaries (MIPS N64 ABI).

    * ``qemu-mips64el`` executes 64-bit little endian MIPS binaries (MIPS N64
      ABI).

    * ``qemu-mipsn32`` executes 32-bit big endian MIPS binaries (MIPS N32 ABI).

    * ``qemu-mipsn32el`` executes 32-bit little endian MIPS binaries (MIPS N32
      ABI).

 -  user mode (NiosII)

    * ``qemu-nios2`` TODO.

 -  user mode (PowerPC)

    * ``qemu-ppc64`` TODO.
    * ``qemu-ppc`` TODO.

 -  user mode (SH4)

    * ``qemu-sh4eb`` TODO.
    * ``qemu-sh4`` TODO.

 -  user mode (SPARC)

    * ``qemu-sparc`` can execute Sparc32 binaries (Sparc32 CPU, 32 bit ABI).

    * ``qemu-sparc32plus`` can execute Sparc32 and SPARC32PLUS binaries
      (Sparc64 CPU, 32 bit ABI).

    * ``qemu-sparc64`` can execute some Sparc64 (Sparc64 CPU, 64 bit ABI) and
      SPARC32PLUS binaries (Sparc64 CPU, 32 bit ABI).

 BSD User space emulator
 -----------------------

 BSD Status
 ~~~~~~~~~~

 -  target Sparc64 on Sparc64: Some trivial programs work.

 Quick Start
 ~~~~~~~~~~~

 In order to launch a BSD process, QEMU needs the process executable
 itself and all the target dynamic libraries used by it.

 -  On Sparc64, you can just try to launch any process by using the
    native libraries::

       qemu-sparc64 /bin/ls

 Command line options
 ~~~~~~~~~~~~~~~~~~~~

 ::

    qemu-sparc64 [-h] [-d] [-L path] [-s size] [-bsd type] program [arguments...]

 ``-h``
    Print the help

 ``-L path``
    Set the library root path (default=/)

 ``-s size``
    Set the stack size in bytes (default=524288)

 ``-ignore-environment``
    Start with an empty environment. Without this option, the initial
    environment is a copy of the caller's environment.

 ``-E var=value``
    Set environment var to value.

 ``-U var``
    Remove var from the environment.

 ``-bsd type``
    Set the type of the emulated BSD Operating system. Valid values are
    FreeBSD, NetBSD and OpenBSD (default).

 Debug options:

 ``-d item1,...``
    Activate logging of the specified items (use '-d help' for a list of
    log items)

 ``-p pagesize``
    Act as if the host page size was 'pagesize' bytes

 ``-one-insn-per-tb``
    Run the emulation with one guest instruction per translation block.
    This slows down emulation a lot, but can be useful in some situations,
    such as when trying to analyse the logs produced by the ``-d`` option.
	QEMU User space emulator
	========================

	Supported Operating Systems
	---------------------------

	The following OS are supported in user space emulation:

	- Linux (referred as qemu-linux-user)

	- BSD (referred as qemu-bsd-user)

	Features
	--------

	QEMU user space emulation has the following notable features:

	System call translation:
	QEMU includes a generic system call translator. This means that the
	parameters of the system calls can be converted to fix endianness and
	32/64-bit mismatches between hosts and targets. IOCTLs can be
	converted too.

	POSIX signal handling:
	QEMU can redirect to the running program all signals coming from the
	host (such as ``SIGALRM``), as well as synthesize signals from
	virtual CPU exceptions (for example ``SIGFPE`` when the program
	executes a division by zero).

	QEMU relies on the host kernel to emulate most signal system calls,
	for example to emulate the signal mask. On Linux, QEMU supports both
	normal and real-time signals.

	Threading:
	On Linux, QEMU can emulate the ``clone`` syscall and create a real
	host thread (with a separate virtual CPU) for each emulated thread.
	Note that not all targets currently emulate atomic operations
	correctly. x86 and Arm use a global lock in order to preserve their
	semantics.

	QEMU was conceived so that ultimately it can emulate itself. Although it
	is not very useful, it is an important test to show the power of the
	emulator.

	Linux User space emulator
	-------------------------

	Command line options
	~~~~~~~~~~~~~~~~~~~~

	::

	qemu-i386 [-h] [-d] [-L path] [-s size] [-cpu model] [-g port] [-B offset] [-R size] program [arguments...]

	``-h``
	Print the help

	``-L path``
	Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386)

	``-s size``
	Set the x86 stack size in bytes (default=524288)

	``-cpu model``
	Select CPU model (-cpu help for list and additional feature
	selection)

	``-E var=value``
	Set environment var to value.

	``-U var``
	Remove var from the environment.

	``-B offset``
	Offset guest address by the specified number of bytes. This is useful
	when the address region required by guest applications is reserved on
	the host. This option is currently only supported on some hosts.

	``-R size``
	Pre-allocate a guest virtual address space of the given size (in
	bytes). \"G\", \"M\", and \"k\" suffixes may be used when specifying
	the size.

	Debug options:

	``-d item1,...``
	Activate logging of the specified items (use '-d help' for a list of
	log items)

	``-g port``
	Wait gdb connection to port

	``-one-insn-per-tb``
	Run the emulation with one guest instruction per translation block.
	This slows down emulation a lot, but can be useful in some situations,
	such as when trying to analyse the logs produced by the ``-d`` option.

	Environment variables:

	QEMU_STRACE
	Print system calls and arguments similar to the 'strace' program
	(NOTE: the actual 'strace' program will not work because the user
	space emulator hasn't implemented ptrace). At the moment this is
	incomplete. All system calls that don't have a specific argument
	format are printed with information for six arguments. Many
	flag-style arguments don't have decoders and will show up as numbers.

	Other binaries
	~~~~~~~~~~~~~~

	- user mode (Alpha)

	* ``qemu-alpha`` TODO.

	- user mode (Arm)

	* ``qemu-armeb`` TODO.

	* ``qemu-arm`` is also capable of running Arm \"Angel\" semihosted ELF
	binaries (as implemented by the arm-elf and arm-eabi Newlib/GDB
	configurations), and arm-uclinux bFLT format binaries.

	- user mode (ColdFire)

	- user mode (M68K)

	* ``qemu-m68k`` is capable of running semihosted binaries using the BDM
	(m5xxx-ram-hosted.ld) or m68k-sim (sim.ld) syscall interfaces, and
	coldfire uClinux bFLT format binaries.

	The binary format is detected automatically.

	- user mode (Cris)

	* ``qemu-cris`` TODO.

	- user mode (i386)

	* ``qemu-i386`` TODO.
	* ``qemu-x86_64`` TODO.

	- user mode (Microblaze)

	* ``qemu-microblaze`` TODO.

	- user mode (MIPS)

	* ``qemu-mips`` executes 32-bit big endian MIPS binaries (MIPS O32 ABI).

	* ``qemu-mipsel`` executes 32-bit little endian MIPS binaries (MIPS O32 ABI).

	* ``qemu-mips64`` executes 64-bit big endian MIPS binaries (MIPS N64 ABI).

	* ``qemu-mips64el`` executes 64-bit little endian MIPS binaries (MIPS N64
	ABI).

	* ``qemu-mipsn32`` executes 32-bit big endian MIPS binaries (MIPS N32 ABI).

	* ``qemu-mipsn32el`` executes 32-bit little endian MIPS binaries (MIPS N32
	ABI).

	- user mode (NiosII)

	* ``qemu-nios2`` TODO.

	- user mode (PowerPC)

	* ``qemu-ppc64`` TODO.
	* ``qemu-ppc`` TODO.

	- user mode (SH4)

	* ``qemu-sh4eb`` TODO.
	* ``qemu-sh4`` TODO.

	- user mode (SPARC)

	* ``qemu-sparc`` can execute Sparc32 binaries (Sparc32 CPU, 32 bit ABI).

	* ``qemu-sparc32plus`` can execute Sparc32 and SPARC32PLUS binaries
	(Sparc64 CPU, 32 bit ABI).

	* ``qemu-sparc64`` can execute some Sparc64 (Sparc64 CPU, 64 bit ABI) and
	SPARC32PLUS binaries (Sparc64 CPU, 32 bit ABI).

	BSD User space emulator
	-----------------------

	BSD Status
	~~~~~~~~~~

	- target Sparc64 on Sparc64: Some trivial programs work.

	Quick Start
	~~~~~~~~~~~

	In order to launch a BSD process, QEMU needs the process executable
	itself and all the target dynamic libraries used by it.

	- On Sparc64, you can just try to launch any process by using the
	native libraries::

	qemu-sparc64 /bin/ls

	Command line options
	~~~~~~~~~~~~~~~~~~~~

	::

	qemu-sparc64 [-h] [-d] [-L path] [-s size] [-bsd type] program [arguments...]

	``-h``
	Print the help

	``-L path``
	Set the library root path (default=/)

	``-s size``
	Set the stack size in bytes (default=524288)

	``-ignore-environment``
	Start with an empty environment. Without this option, the initial
	environment is a copy of the caller's environment.

	``-E var=value``
	Set environment var to value.

	``-U var``
	Remove var from the environment.

	``-bsd type``
	Set the type of the emulated BSD Operating system. Valid values are
	FreeBSD, NetBSD and OpenBSD (default).

	Debug options:

	``-d item1,...``
	Activate logging of the specified items (use '-d help' for a list of
	log items)

	``-p pagesize``
	Act as if the host page size was 'pagesize' bytes

	``-one-insn-per-tb``
	Run the emulation with one guest instruction per translation block.
	This slows down emulation a lot, but can be useful in some situations,
	such as when trying to analyse the logs produced by the ``-d`` option.