| @node Implementation notes |
| @appendix Implementation notes |
| |
| @menu |
| * CPU emulation:: |
| * Translator Internals:: |
| * QEMU compared to other emulators:: |
| * Managed start up options:: |
| * Bibliography:: |
| @end menu |
| |
| @node CPU emulation |
| @section CPU emulation |
| |
| @menu |
| * x86:: x86 and x86-64 emulation |
| * ARM:: ARM emulation |
| * MIPS:: MIPS emulation |
| * PPC:: PowerPC emulation |
| * SPARC:: Sparc32 and Sparc64 emulation |
| * Xtensa:: Xtensa emulation |
| @end menu |
| |
| @node x86 |
| @subsection x86 and x86-64 emulation |
| |
| QEMU x86 target features: |
| |
| @itemize |
| |
| @item The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation. |
| LDT/GDT and IDT are emulated. VM86 mode is also supported to run |
| DOSEMU. There is some support for MMX/3DNow!, SSE, SSE2, SSE3, SSSE3, |
| and SSE4 as well as x86-64 SVM. |
| |
| @item Support of host page sizes bigger than 4KB in user mode emulation. |
| |
| @item QEMU can emulate itself on x86. |
| |
| @item An extensive Linux x86 CPU test program is included @file{tests/test-i386}. |
| It can be used to test other x86 virtual CPUs. |
| |
| @end itemize |
| |
| Current QEMU limitations: |
| |
| @itemize |
| |
| @item Limited x86-64 support. |
| |
| @item IPC syscalls are missing. |
| |
| @item The x86 segment limits and access rights are not tested at every |
| memory access (yet). Hopefully, very few OSes seem to rely on that for |
| normal use. |
| |
| @end itemize |
| |
| @node ARM |
| @subsection ARM emulation |
| |
| @itemize |
| |
| @item Full ARM 7 user emulation. |
| |
| @item NWFPE FPU support included in user Linux emulation. |
| |
| @item Can run most ARM Linux binaries. |
| |
| @end itemize |
| |
| @node MIPS |
| @subsection MIPS emulation |
| |
| @itemize |
| |
| @item The system emulation allows full MIPS32/MIPS64 Release 2 emulation, |
| including privileged instructions, FPU and MMU, in both little and big |
| endian modes. |
| |
| @item The Linux userland emulation can run many 32 bit MIPS Linux binaries. |
| |
| @end itemize |
| |
| Current QEMU limitations: |
| |
| @itemize |
| |
| @item Self-modifying code is not always handled correctly. |
| |
| @item 64 bit userland emulation is not implemented. |
| |
| @item The system emulation is not complete enough to run real firmware. |
| |
| @item The watchpoint debug facility is not implemented. |
| |
| @end itemize |
| |
| @node PPC |
| @subsection PowerPC emulation |
| |
| @itemize |
| |
| @item Full PowerPC 32 bit emulation, including privileged instructions, |
| FPU and MMU. |
| |
| @item Can run most PowerPC Linux binaries. |
| |
| @end itemize |
| |
| @node SPARC |
| @subsection Sparc32 and Sparc64 emulation |
| |
| @itemize |
| |
| @item Full SPARC V8 emulation, including privileged |
| instructions, FPU and MMU. SPARC V9 emulation includes most privileged |
| and VIS instructions, FPU and I/D MMU. Alignment is fully enforced. |
| |
| @item Can run most 32-bit SPARC Linux binaries, SPARC32PLUS Linux binaries and |
| some 64-bit SPARC Linux binaries. |
| |
| @end itemize |
| |
| Current QEMU limitations: |
| |
| @itemize |
| |
| @item IPC syscalls are missing. |
| |
| @item Floating point exception support is buggy. |
| |
| @item Atomic instructions are not correctly implemented. |
| |
| @item There are still some problems with Sparc64 emulators. |
| |
| @end itemize |
| |
| @node Xtensa |
| @subsection Xtensa emulation |
| |
| @itemize |
| |
| @item Core Xtensa ISA emulation, including most options: code density, |
| loop, extended L32R, 16- and 32-bit multiplication, 32-bit division, |
| MAC16, miscellaneous operations, boolean, FP coprocessor, coprocessor |
| context, debug, multiprocessor synchronization, |
| conditional store, exceptions, relocatable vectors, unaligned exception, |
| interrupts (including high priority and timer), hardware alignment, |
| region protection, region translation, MMU, windowed registers, thread |
| pointer, processor ID. |
| |
| @item Not implemented options: data/instruction cache (including cache |
| prefetch and locking), XLMI, processor interface. Also options not |
| covered by the core ISA (e.g. FLIX, wide branches) are not implemented. |
| |
| @item Can run most Xtensa Linux binaries. |
| |
| @item New core configuration that requires no additional instructions |
| may be created from overlay with minimal amount of hand-written code. |
| |
| @end itemize |
| |
| @node Managed start up options |
| @section Managed start up options |
| |
| In system mode emulation, it's possible to create a VM in a paused state using |
| the -S command line option. In this state the machine is completely initialized |
| according to command line options and ready to execute VM code but VCPU threads |
| are not executing any code. The VM state in this paused state depends on the way |
| QEMU was started. It could be in: |
| @table @asis |
| @item initial state (after reset/power on state) |
| @item with direct kernel loading, the initial state could be amended to execute |
| code loaded by QEMU in the VM's RAM and with incoming migration |
| @item with incoming migration, initial state will by amended with the migrated |
| machine state after migration completes. |
| @end table |
| |
| This paused state is typically used by users to query machine state and/or |
| additionally configure the machine (by hotplugging devices) in runtime before |
| allowing VM code to run. |
| |
| However, at the -S pause point, it's impossible to configure options that affect |
| initial VM creation (like: -smp/-m/-numa ...) or cold plug devices. The |
| experimental --preconfig command line option allows pausing QEMU |
| before the initial VM creation, in a ``preconfig'' state, where additional |
| queries and configuration can be performed via QMP before moving on to |
| the resulting configuration startup. In the preconfig state, QEMU only allows |
| a limited set of commands over the QMP monitor, where the commands do not |
| depend on an initialized machine, including but not limited to: |
| @table @asis |
| @item qmp_capabilities |
| @item query-qmp-schema |
| @item query-commands |
| @item query-status |
| @item x-exit-preconfig |
| @end table |