Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 1 | @node Implementation notes |
| 2 | @appendix Implementation notes |
bellard | debc706 | 2006-04-30 21:58:41 +0000 | [diff] [blame] | 3 | |
| 4 | @menu |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 5 | * CPU emulation:: |
| 6 | * Translator Internals:: |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 7 | * QEMU compared to other emulators:: |
Igor Mammedov | 047f703 | 2018-05-11 19:24:43 +0200 | [diff] [blame] | 8 | * Managed start up options:: |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 9 | * Bibliography:: |
bellard | debc706 | 2006-04-30 21:58:41 +0000 | [diff] [blame] | 10 | @end menu |
bellard | debc706 | 2006-04-30 21:58:41 +0000 | [diff] [blame] | 11 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 12 | @node CPU emulation |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 13 | @section CPU emulation |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 14 | |
bellard | debc706 | 2006-04-30 21:58:41 +0000 | [diff] [blame] | 15 | @menu |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 16 | * x86:: x86 and x86-64 emulation |
| 17 | * ARM:: ARM emulation |
| 18 | * MIPS:: MIPS emulation |
| 19 | * PPC:: PowerPC emulation |
| 20 | * SPARC:: Sparc32 and Sparc64 emulation |
| 21 | * Xtensa:: Xtensa emulation |
bellard | debc706 | 2006-04-30 21:58:41 +0000 | [diff] [blame] | 22 | @end menu |
| 23 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 24 | @node x86 |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 25 | @subsection x86 and x86-64 emulation |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 26 | |
| 27 | QEMU x86 target features: |
| 28 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 29 | @itemize |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 30 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 31 | @item The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation. |
blueswir1 | 998a050 | 2008-10-09 18:52:04 +0000 | [diff] [blame] | 32 | LDT/GDT and IDT are emulated. VM86 mode is also supported to run |
| 33 | DOSEMU. There is some support for MMX/3DNow!, SSE, SSE2, SSE3, SSSE3, |
| 34 | and SSE4 as well as x86-64 SVM. |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 35 | |
| 36 | @item Support of host page sizes bigger than 4KB in user mode emulation. |
| 37 | |
| 38 | @item QEMU can emulate itself on x86. |
| 39 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 40 | @item An extensive Linux x86 CPU test program is included @file{tests/test-i386}. |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 41 | It can be used to test other x86 virtual CPUs. |
| 42 | |
| 43 | @end itemize |
| 44 | |
| 45 | Current QEMU limitations: |
| 46 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 47 | @itemize |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 48 | |
blueswir1 | 998a050 | 2008-10-09 18:52:04 +0000 | [diff] [blame] | 49 | @item Limited x86-64 support. |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 50 | |
| 51 | @item IPC syscalls are missing. |
| 52 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 53 | @item The x86 segment limits and access rights are not tested at every |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 54 | memory access (yet). Hopefully, very few OSes seem to rely on that for |
| 55 | normal use. |
| 56 | |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 57 | @end itemize |
| 58 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 59 | @node ARM |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 60 | @subsection ARM emulation |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 61 | |
| 62 | @itemize |
| 63 | |
| 64 | @item Full ARM 7 user emulation. |
| 65 | |
| 66 | @item NWFPE FPU support included in user Linux emulation. |
| 67 | |
| 68 | @item Can run most ARM Linux binaries. |
| 69 | |
| 70 | @end itemize |
| 71 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 72 | @node MIPS |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 73 | @subsection MIPS emulation |
ths | 24d4de4 | 2007-07-11 10:24:28 +0000 | [diff] [blame] | 74 | |
| 75 | @itemize |
| 76 | |
| 77 | @item The system emulation allows full MIPS32/MIPS64 Release 2 emulation, |
| 78 | including privileged instructions, FPU and MMU, in both little and big |
| 79 | endian modes. |
| 80 | |
| 81 | @item The Linux userland emulation can run many 32 bit MIPS Linux binaries. |
| 82 | |
| 83 | @end itemize |
| 84 | |
| 85 | Current QEMU limitations: |
| 86 | |
| 87 | @itemize |
| 88 | |
| 89 | @item Self-modifying code is not always handled correctly. |
| 90 | |
| 91 | @item 64 bit userland emulation is not implemented. |
| 92 | |
| 93 | @item The system emulation is not complete enough to run real firmware. |
| 94 | |
ths | b1f4523 | 2007-07-12 09:03:30 +0000 | [diff] [blame] | 95 | @item The watchpoint debug facility is not implemented. |
| 96 | |
ths | 24d4de4 | 2007-07-11 10:24:28 +0000 | [diff] [blame] | 97 | @end itemize |
| 98 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 99 | @node PPC |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 100 | @subsection PowerPC emulation |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 101 | |
| 102 | @itemize |
| 103 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 104 | @item Full PowerPC 32 bit emulation, including privileged instructions, |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 105 | FPU and MMU. |
| 106 | |
| 107 | @item Can run most PowerPC Linux binaries. |
| 108 | |
| 109 | @end itemize |
| 110 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 111 | @node SPARC |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 112 | @subsection Sparc32 and Sparc64 emulation |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 113 | |
| 114 | @itemize |
| 115 | |
blueswir1 | f6b647c | 2007-04-05 18:40:23 +0000 | [diff] [blame] | 116 | @item Full SPARC V8 emulation, including privileged |
bellard | 3475187 | 2005-07-02 14:31:34 +0000 | [diff] [blame] | 117 | instructions, FPU and MMU. SPARC V9 emulation includes most privileged |
blueswir1 | a785e42 | 2007-10-20 08:09:05 +0000 | [diff] [blame] | 118 | and VIS instructions, FPU and I/D MMU. Alignment is fully enforced. |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 119 | |
blueswir1 | a785e42 | 2007-10-20 08:09:05 +0000 | [diff] [blame] | 120 | @item Can run most 32-bit SPARC Linux binaries, SPARC32PLUS Linux binaries and |
| 121 | some 64-bit SPARC Linux binaries. |
bellard | 3475187 | 2005-07-02 14:31:34 +0000 | [diff] [blame] | 122 | |
| 123 | @end itemize |
| 124 | |
| 125 | Current QEMU limitations: |
| 126 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 127 | @itemize |
bellard | 3475187 | 2005-07-02 14:31:34 +0000 | [diff] [blame] | 128 | |
bellard | 3475187 | 2005-07-02 14:31:34 +0000 | [diff] [blame] | 129 | @item IPC syscalls are missing. |
| 130 | |
blueswir1 | 1f58732 | 2007-11-25 18:40:20 +0000 | [diff] [blame] | 131 | @item Floating point exception support is buggy. |
bellard | 3475187 | 2005-07-02 14:31:34 +0000 | [diff] [blame] | 132 | |
| 133 | @item Atomic instructions are not correctly implemented. |
| 134 | |
blueswir1 | 998a050 | 2008-10-09 18:52:04 +0000 | [diff] [blame] | 135 | @item There are still some problems with Sparc64 emulators. |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 136 | |
| 137 | @end itemize |
| 138 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 139 | @node Xtensa |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 140 | @subsection Xtensa emulation |
Max Filippov | 3aeaea6 | 2011-10-10 14:48:23 +0400 | [diff] [blame] | 141 | |
| 142 | @itemize |
| 143 | |
| 144 | @item Core Xtensa ISA emulation, including most options: code density, |
| 145 | loop, extended L32R, 16- and 32-bit multiplication, 32-bit division, |
Max Filippov | 044d003 | 2012-11-29 19:53:20 +0400 | [diff] [blame] | 146 | MAC16, miscellaneous operations, boolean, FP coprocessor, coprocessor |
| 147 | context, debug, multiprocessor synchronization, |
Max Filippov | 3aeaea6 | 2011-10-10 14:48:23 +0400 | [diff] [blame] | 148 | conditional store, exceptions, relocatable vectors, unaligned exception, |
| 149 | interrupts (including high priority and timer), hardware alignment, |
| 150 | region protection, region translation, MMU, windowed registers, thread |
| 151 | pointer, processor ID. |
| 152 | |
Max Filippov | 044d003 | 2012-11-29 19:53:20 +0400 | [diff] [blame] | 153 | @item Not implemented options: data/instruction cache (including cache |
| 154 | prefetch and locking), XLMI, processor interface. Also options not |
| 155 | covered by the core ISA (e.g. FLIX, wide branches) are not implemented. |
Max Filippov | 3aeaea6 | 2011-10-10 14:48:23 +0400 | [diff] [blame] | 156 | |
| 157 | @item Can run most Xtensa Linux binaries. |
| 158 | |
| 159 | @item New core configuration that requires no additional instructions |
| 160 | may be created from overlay with minimal amount of hand-written code. |
| 161 | |
| 162 | @end itemize |
| 163 | |
Igor Mammedov | 047f703 | 2018-05-11 19:24:43 +0200 | [diff] [blame] | 164 | @node Managed start up options |
| 165 | @section Managed start up options |
| 166 | |
| 167 | In system mode emulation, it's possible to create a VM in a paused state using |
| 168 | the -S command line option. In this state the machine is completely initialized |
| 169 | according to command line options and ready to execute VM code but VCPU threads |
| 170 | are not executing any code. The VM state in this paused state depends on the way |
| 171 | QEMU was started. It could be in: |
| 172 | @table @asis |
| 173 | @item initial state (after reset/power on state) |
| 174 | @item with direct kernel loading, the initial state could be amended to execute |
| 175 | code loaded by QEMU in the VM's RAM and with incoming migration |
| 176 | @item with incoming migration, initial state will by amended with the migrated |
| 177 | machine state after migration completes. |
| 178 | @end table |
| 179 | |
| 180 | This paused state is typically used by users to query machine state and/or |
| 181 | additionally configure the machine (by hotplugging devices) in runtime before |
| 182 | allowing VM code to run. |
| 183 | |
| 184 | However, at the -S pause point, it's impossible to configure options that affect |
Markus Armbruster | 361ac94 | 2018-07-05 11:14:02 +0200 | [diff] [blame] | 185 | initial VM creation (like: -smp/-m/-numa ...) or cold plug devices. The |
| 186 | experimental --preconfig command line option allows pausing QEMU |
| 187 | before the initial VM creation, in a ``preconfig'' state, where additional |
Igor Mammedov | 047f703 | 2018-05-11 19:24:43 +0200 | [diff] [blame] | 188 | queries and configuration can be performed via QMP before moving on to |
| 189 | the resulting configuration startup. In the preconfig state, QEMU only allows |
| 190 | a limited set of commands over the QMP monitor, where the commands do not |
| 191 | depend on an initialized machine, including but not limited to: |
| 192 | @table @asis |
| 193 | @item qmp_capabilities |
| 194 | @item query-qmp-schema |
| 195 | @item query-commands |
| 196 | @item query-status |
Markus Armbruster | 361ac94 | 2018-07-05 11:14:02 +0200 | [diff] [blame] | 197 | @item x-exit-preconfig |
Igor Mammedov | 047f703 | 2018-05-11 19:24:43 +0200 | [diff] [blame] | 198 | @end table |