Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 1 | @node Implementation notes |
| 2 | @appendix Implementation notes |
bellard | debc706 | 2006-04-30 21:58:41 +0000 | [diff] [blame] | 3 | |
| 4 | @menu |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 5 | * CPU emulation:: |
Igor Mammedov | 047f703 | 2018-05-11 19:24:43 +0200 | [diff] [blame] | 6 | * Managed start up options:: |
bellard | debc706 | 2006-04-30 21:58:41 +0000 | [diff] [blame] | 7 | @end menu |
bellard | debc706 | 2006-04-30 21:58:41 +0000 | [diff] [blame] | 8 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 9 | @node CPU emulation |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 10 | @section CPU emulation |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 11 | |
bellard | debc706 | 2006-04-30 21:58:41 +0000 | [diff] [blame] | 12 | @menu |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 13 | * x86:: x86 and x86-64 emulation |
| 14 | * ARM:: ARM emulation |
| 15 | * MIPS:: MIPS emulation |
| 16 | * PPC:: PowerPC emulation |
| 17 | * SPARC:: Sparc32 and Sparc64 emulation |
| 18 | * Xtensa:: Xtensa emulation |
bellard | debc706 | 2006-04-30 21:58:41 +0000 | [diff] [blame] | 19 | @end menu |
| 20 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 21 | @node x86 |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 22 | @subsection x86 and x86-64 emulation |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 23 | |
| 24 | QEMU x86 target features: |
| 25 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 26 | @itemize |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 27 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 28 | @item The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation. |
blueswir1 | 998a050 | 2008-10-09 18:52:04 +0000 | [diff] [blame] | 29 | LDT/GDT and IDT are emulated. VM86 mode is also supported to run |
| 30 | DOSEMU. There is some support for MMX/3DNow!, SSE, SSE2, SSE3, SSSE3, |
| 31 | and SSE4 as well as x86-64 SVM. |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 32 | |
| 33 | @item Support of host page sizes bigger than 4KB in user mode emulation. |
| 34 | |
| 35 | @item QEMU can emulate itself on x86. |
| 36 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 37 | @item An extensive Linux x86 CPU test program is included @file{tests/test-i386}. |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 38 | It can be used to test other x86 virtual CPUs. |
| 39 | |
| 40 | @end itemize |
| 41 | |
| 42 | Current QEMU limitations: |
| 43 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 44 | @itemize |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 45 | |
blueswir1 | 998a050 | 2008-10-09 18:52:04 +0000 | [diff] [blame] | 46 | @item Limited x86-64 support. |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 47 | |
| 48 | @item IPC syscalls are missing. |
| 49 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 50 | @item The x86 segment limits and access rights are not tested at every |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 51 | memory access (yet). Hopefully, very few OSes seem to rely on that for |
| 52 | normal use. |
| 53 | |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 54 | @end itemize |
| 55 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 56 | @node ARM |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 57 | @subsection ARM emulation |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 58 | |
| 59 | @itemize |
| 60 | |
| 61 | @item Full ARM 7 user emulation. |
| 62 | |
| 63 | @item NWFPE FPU support included in user Linux emulation. |
| 64 | |
| 65 | @item Can run most ARM Linux binaries. |
| 66 | |
| 67 | @end itemize |
| 68 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 69 | @node MIPS |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 70 | @subsection MIPS emulation |
ths | 24d4de4 | 2007-07-11 10:24:28 +0000 | [diff] [blame] | 71 | |
| 72 | @itemize |
| 73 | |
| 74 | @item The system emulation allows full MIPS32/MIPS64 Release 2 emulation, |
| 75 | including privileged instructions, FPU and MMU, in both little and big |
| 76 | endian modes. |
| 77 | |
| 78 | @item The Linux userland emulation can run many 32 bit MIPS Linux binaries. |
| 79 | |
| 80 | @end itemize |
| 81 | |
| 82 | Current QEMU limitations: |
| 83 | |
| 84 | @itemize |
| 85 | |
| 86 | @item Self-modifying code is not always handled correctly. |
| 87 | |
| 88 | @item 64 bit userland emulation is not implemented. |
| 89 | |
| 90 | @item The system emulation is not complete enough to run real firmware. |
| 91 | |
ths | b1f4523 | 2007-07-12 09:03:30 +0000 | [diff] [blame] | 92 | @item The watchpoint debug facility is not implemented. |
| 93 | |
ths | 24d4de4 | 2007-07-11 10:24:28 +0000 | [diff] [blame] | 94 | @end itemize |
| 95 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 96 | @node PPC |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 97 | @subsection PowerPC emulation |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 98 | |
| 99 | @itemize |
| 100 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 101 | @item Full PowerPC 32 bit emulation, including privileged instructions, |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 102 | FPU and MMU. |
| 103 | |
| 104 | @item Can run most PowerPC Linux binaries. |
| 105 | |
| 106 | @end itemize |
| 107 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 108 | @node SPARC |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 109 | @subsection Sparc32 and Sparc64 emulation |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 110 | |
| 111 | @itemize |
| 112 | |
blueswir1 | f6b647c | 2007-04-05 18:40:23 +0000 | [diff] [blame] | 113 | @item Full SPARC V8 emulation, including privileged |
bellard | 3475187 | 2005-07-02 14:31:34 +0000 | [diff] [blame] | 114 | instructions, FPU and MMU. SPARC V9 emulation includes most privileged |
blueswir1 | a785e42 | 2007-10-20 08:09:05 +0000 | [diff] [blame] | 115 | and VIS instructions, FPU and I/D MMU. Alignment is fully enforced. |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 116 | |
blueswir1 | a785e42 | 2007-10-20 08:09:05 +0000 | [diff] [blame] | 117 | @item Can run most 32-bit SPARC Linux binaries, SPARC32PLUS Linux binaries and |
| 118 | some 64-bit SPARC Linux binaries. |
bellard | 3475187 | 2005-07-02 14:31:34 +0000 | [diff] [blame] | 119 | |
| 120 | @end itemize |
| 121 | |
| 122 | Current QEMU limitations: |
| 123 | |
ths | 5fafdf2 | 2007-09-16 21:08:06 +0000 | [diff] [blame] | 124 | @itemize |
bellard | 3475187 | 2005-07-02 14:31:34 +0000 | [diff] [blame] | 125 | |
bellard | 3475187 | 2005-07-02 14:31:34 +0000 | [diff] [blame] | 126 | @item IPC syscalls are missing. |
| 127 | |
blueswir1 | 1f58732 | 2007-11-25 18:40:20 +0000 | [diff] [blame] | 128 | @item Floating point exception support is buggy. |
bellard | 3475187 | 2005-07-02 14:31:34 +0000 | [diff] [blame] | 129 | |
| 130 | @item Atomic instructions are not correctly implemented. |
| 131 | |
blueswir1 | 998a050 | 2008-10-09 18:52:04 +0000 | [diff] [blame] | 132 | @item There are still some problems with Sparc64 emulators. |
bellard | 1f67313 | 2004-04-04 15:21:17 +0000 | [diff] [blame] | 133 | |
| 134 | @end itemize |
| 135 | |
Paolo Bonzini | 77d47e1 | 2016-10-06 16:49:03 +0200 | [diff] [blame] | 136 | @node Xtensa |
Paolo Bonzini | 78e8779 | 2016-10-06 16:12:11 +0200 | [diff] [blame] | 137 | @subsection Xtensa emulation |
Max Filippov | 3aeaea6 | 2011-10-10 14:48:23 +0400 | [diff] [blame] | 138 | |
| 139 | @itemize |
| 140 | |
| 141 | @item Core Xtensa ISA emulation, including most options: code density, |
| 142 | loop, extended L32R, 16- and 32-bit multiplication, 32-bit division, |
Max Filippov | 044d003 | 2012-11-29 19:53:20 +0400 | [diff] [blame] | 143 | MAC16, miscellaneous operations, boolean, FP coprocessor, coprocessor |
| 144 | context, debug, multiprocessor synchronization, |
Max Filippov | 3aeaea6 | 2011-10-10 14:48:23 +0400 | [diff] [blame] | 145 | conditional store, exceptions, relocatable vectors, unaligned exception, |
| 146 | interrupts (including high priority and timer), hardware alignment, |
| 147 | region protection, region translation, MMU, windowed registers, thread |
| 148 | pointer, processor ID. |
| 149 | |
Max Filippov | 044d003 | 2012-11-29 19:53:20 +0400 | [diff] [blame] | 150 | @item Not implemented options: data/instruction cache (including cache |
| 151 | prefetch and locking), XLMI, processor interface. Also options not |
| 152 | covered by the core ISA (e.g. FLIX, wide branches) are not implemented. |
Max Filippov | 3aeaea6 | 2011-10-10 14:48:23 +0400 | [diff] [blame] | 153 | |
| 154 | @item Can run most Xtensa Linux binaries. |
| 155 | |
| 156 | @item New core configuration that requires no additional instructions |
| 157 | may be created from overlay with minimal amount of hand-written code. |
| 158 | |
| 159 | @end itemize |
| 160 | |
Igor Mammedov | 047f703 | 2018-05-11 19:24:43 +0200 | [diff] [blame] | 161 | @node Managed start up options |
| 162 | @section Managed start up options |
| 163 | |
| 164 | In system mode emulation, it's possible to create a VM in a paused state using |
| 165 | the -S command line option. In this state the machine is completely initialized |
| 166 | according to command line options and ready to execute VM code but VCPU threads |
| 167 | are not executing any code. The VM state in this paused state depends on the way |
| 168 | QEMU was started. It could be in: |
| 169 | @table @asis |
| 170 | @item initial state (after reset/power on state) |
| 171 | @item with direct kernel loading, the initial state could be amended to execute |
| 172 | code loaded by QEMU in the VM's RAM and with incoming migration |
| 173 | @item with incoming migration, initial state will by amended with the migrated |
| 174 | machine state after migration completes. |
| 175 | @end table |
| 176 | |
| 177 | This paused state is typically used by users to query machine state and/or |
| 178 | additionally configure the machine (by hotplugging devices) in runtime before |
| 179 | allowing VM code to run. |
| 180 | |
| 181 | However, at the -S pause point, it's impossible to configure options that affect |
Markus Armbruster | 361ac94 | 2018-07-05 11:14:02 +0200 | [diff] [blame] | 182 | initial VM creation (like: -smp/-m/-numa ...) or cold plug devices. The |
| 183 | experimental --preconfig command line option allows pausing QEMU |
| 184 | before the initial VM creation, in a ``preconfig'' state, where additional |
Igor Mammedov | 047f703 | 2018-05-11 19:24:43 +0200 | [diff] [blame] | 185 | queries and configuration can be performed via QMP before moving on to |
| 186 | the resulting configuration startup. In the preconfig state, QEMU only allows |
| 187 | a limited set of commands over the QMP monitor, where the commands do not |
| 188 | depend on an initialized machine, including but not limited to: |
| 189 | @table @asis |
| 190 | @item qmp_capabilities |
| 191 | @item query-qmp-schema |
| 192 | @item query-commands |
| 193 | @item query-status |
Markus Armbruster | 361ac94 | 2018-07-05 11:14:02 +0200 | [diff] [blame] | 194 | @item x-exit-preconfig |
Igor Mammedov | 047f703 | 2018-05-11 19:24:43 +0200 | [diff] [blame] | 195 | @end table |