SlideShare une entreprise Scribd logo

QEMU - Binary Translation

Télécharger en tant que PPTX, PDF
Jiann-Fuh Liaw
Jiann-Fuh Liaw

This document provides an overview of QEMU, including its use of dynamic translation and Tiny Code Generator (TCG) to emulate target CPUs on the host system. It discusses how QEMU translates target instructions into a RISC-like intermediate representation (TCG ops), optimizes and converts them to host instructions. The document also mentions Linaro's work with QEMU and a QEMU monitor tool for debugging ARM systems emulated by QEMU.

Logiciels
1  sur  42
QEMU Binary Translations 2014/09/25@NCKU Embedded Course Jeff Liaw rampant1018@gmail.com
Outline Introduction of QEMU Overview Translation Block Tiny Code Generator Porting to New Architecture Linaro QEMU Monitor A debug tool for AArch64/QEMU YODO Lab -2-
Introduction of QEMU
What is QEMU? Quick EMUlator QEMU is a FAST! processor emulator Time for booting linux kernel(buildroot)  QEMU needs 2 sec  Foundation Model needs 12 sec Simulation V.S Emulation Simulation – For analysis and study Emulation – For usage as substitute YODO Lab -4-
Usage of QEMU Modes: System-mode emulation – emulation of a full system User-mode emulation – launch processes compiled for another CPU(same OS)  Ex. execute arm/linux program on x86/linux Popular uses: For cross-compilation development environments Virtualization, device emulation, for kvm Android Emulator(part of SDK) YODO Lab -5-
QEMU Generic Features Support Self-modifying code Precise exception FPU  software emulation  host FPU instructions Dynamic translation to native code => speed YODO Lab -6-
QEMU Full System Emulation Features Full software MMU => portability Optionally use an in-kernel accelerator(kvm) Various hardware devices can be emulated SMP even on host with a single CPU YODO Lab -7-
QEMU Emulation Example Host(Win7/x86) emulate Guest(Linux/arm) x86 ISA is different from ARM’s ISA emulate YODO Lab -8-
Dynamic Translation Target CPU instruction → Host CPU instruction(runtime) 32MB YODO Lab -9-
Translation & Execution initialize the process or and jump to the host code Main Loop:  IRQ handle  translation  run guest restore normal state and return to the main loop Overhead! YODO Lab -10-
Translation & Execution We need emulation! Host Emulation  Main Loop:  IRQ handle  translation  run guest YODO Lab -11-
Basic Block(Translated Block, TB) Block exit point: encounter branch(modify PC) reach page boundary 000081ac<abort>: 81ac: add $sp, $sp #-24 81b0: str $fp, [$sp+#20] … 81c2: beq $lr 81c6: mov $sp, $fp … 81d0: ret $lr Branch occur Block 1 Block 2 YODO Lab -12-
Block Chaining Jump directly between basic blocks YODO Lab -13-
Chaining Steps tb_add_jump() in “cpu-exec.c” YODO Lab -14-
CPU Execution Flow Exceptions: asynchronous interrupts(unchain) process I/O no more TB Look up TBC by target PC Translate one basic block Chain it to existed block Cached Execute translated code Exception handling N Y tb_gen_code() tb_add_jump() cpu_tb_exec() YODO Lab -15-
Example arm-none-eabi-gcc -c -mcpu=arm926ej-s -g foo.c foo.o -O0 YODO Lab -16-
Example  r4 = dummy  r5 = i dummy++ when i < 5 dummy-- when i >= 5 i count from 0 to 9 Translation Cache TB 1 TB 1 cpu-exec TB 2 TB 2 TB 3 TB 3 TB 4 TB 4 TB 5 TB 5 YODO Lab -17-
CPU dependency(bad idea) generate host code Target CPU Host CPU Bomb!!!!!! YODO Lab -18-
CPU independency(good idea) -19- generate host code Target CPU Host CPU All problems in CS can be solved by another level of indirection YODO Lab -19-
Tiny Code Generator(TCG) Since QEMU 0.10 Relax dependency Steps: 1. Target instruction → RISC-like TCG ops 2. Optimizations 3. TCG ops → host instructions Frontend Backend YODO Lab -20-
TCG micro-ops Simple instruction Ex. add → TCG micro-ops ARM micro-ops Convert P.S tmp5 and tmp6 are temporary variables YODO Lab -21-
TCG micro-ops Complicated instruction Ex. qadd → TCG micro-ops(helper) ARM micro-ops Convert P.S tmp5, tmp6 and tmp7 are temporary variables YODO Lab -22-
TCG micro-ops TCG micro-ops Basic functions Temporary variables Divide one instruction to multiple small operations Helper function handle complicated instructions YODO Lab -23-
TCG Frontend API tcg_gen_<op>[i]_<reg_size> <op> - operation [i] - immediate or register <reg_size> - size of register YODO Lab -24-
TCG Frontend API Temporary variable allocate & delete Call helper function YODO Lab -25-
TCG internal Two column: op code(opc) op parameter(opparam) OPC OPPARAM op_add_i32 ret arg1 arg2 OPC OPPARAM YODO Lab -26-
ARM Convert micro-ops OPC OPPARAM op_movi_i32 op_mov_i32 op_add_i32 op_mov_i32 t0 arg2 t1 cpu_R[arg1] t1 t1 t0 cpu_R[arg1] t1 YODO Lab -27-
TCG Backend Frontend Backend OPC OPPARAM op_movi_i32 op_mov_i32 op_add_i32 op_mov_i32 t0 arg2 t1 cpu_R[arg1] t1 t1 t0 cpu_R[arg1] t1 YODO Lab -28-
TCG Backend micro-ops → host code QEMU on x86-64 micro-ops Host machine Convert YODO Lab -29-
TCG Backend x86-64 backend example OPC OPPARAM op_movi_i32 op_mov_i32 op_add_i32 op_mov_i32 t0 arg2 t1 cpu_R[arg1] t1 t1 t0 cpu_R[arg1] t1 YODO Lab -30-
TCG Porting Porting source tree qemu/target-*/ cpu.h translate.c op_helper.c helper.c qemu/tcg/*/ tcg-target. c tcg-target. h Frontend Backend regs and cpu status declaration target instruction → micro-op complicated instruction which can’t be modeled with micro-op exception handling(ex. divide 0) YODO Lab -31-
Linaro
Overview Build the future of Open Source Software on ARM Does the core engineering YODO Lab -33-
Members Core Members Club Members Group Members YODO Lab -34-
Android L Developer Preview Android emulator based on QEMU Differences to mainline QEMU User Interface  keypad/buttons  accelerated graphics Emulated Devices  Fast IPC(qemu_pipe)  GSM, GPS, sensors Ref: http://www.linaro.org/blog/core-dump/running-64bit-android-l-qemu/ YODO Lab -35-
QEMU-Monitor
Overview QEMU provide gdb stub debug in running image display general purpose registers(pc, spsr) single step execution But can not display system register hard to debug kernel image YODO Lab -37-
QEMU gdbserver & qemu-monitor  QEMU gdbserver send gdb packet when VM_STATE change  Custom packet through IPC socket GDB_VM_STATE _CHANGE Send GDB Packet Send Custom Packet Receive Custom Packet Print Related Information IPC Socket QEMU qemu-monitor Custom Packet YODO Lab -38-
QEMU System Registers Mapping Some registers are not implemented Hard-coded target-arm/helper.c Hash Key QEMU Variables mapping to ARM registers YODO Lab -39-
Screenshot YODO Lab -40-
YODO Lab 41
QEMU & KVM QEMU run independently QEMU + KVM qemu(userspace tool) kvm(hypervisor) YODO Lab -42-

Recommandé

from Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu Worksfrom Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu Works
Zhen Wei
 
Qemu JIT Code Generator and System Emulation
Qemu JIT Code Generator and System EmulationQemu JIT Code Generator and System Emulation
Qemu JIT Code Generator and System Emulation
National Cheng Kung University
 
Qemu Introduction
Qemu IntroductionQemu Introduction
Qemu Introduction
Chiawei Wang
 
Qemu
QemuQemu
Qemu
Koganti Ravikumar
 
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMUSFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
Linaro
 
Linux Initialization Process (1)
Linux Initialization Process (1)Linux Initialization Process (1)
Linux Initialization Process (1)
shimosawa
 
HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)
Linaro
 
U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader
Emertxe Information Technologies Pvt Ltd
 

Recommandé

from Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu Worksfrom Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu Works
Zhen Wei
 
Qemu JIT Code Generator and System Emulation
Qemu JIT Code Generator and System EmulationQemu JIT Code Generator and System Emulation
Qemu JIT Code Generator and System Emulation
National Cheng Kung University
 
Qemu Introduction
Qemu IntroductionQemu Introduction
Qemu Introduction
Chiawei Wang
 
Qemu
QemuQemu
Qemu
Koganti Ravikumar
 
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMUSFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
Linaro
 
Linux Initialization Process (1)
Linux Initialization Process (1)Linux Initialization Process (1)
Linux Initialization Process (1)
shimosawa
 
HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)
Linaro
 
U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader
Emertxe Information Technologies Pvt Ltd
 
ACPI Debugging from Linux Kernel
ACPI Debugging from Linux KernelACPI Debugging from Linux Kernel
ACPI Debugging from Linux Kernel
SUSE Labs Taipei
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking Mechanisms
Kernel TLV
 
Dave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMUDave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMU
Danny Abukalam
 
Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Virtualization Support in ARMv8+
Virtualization Support in ARMv8+
Aananth C N
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machine
Alexei Starovoitov
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)
Brendan Gregg
 
Linux Initialization Process (2)
Linux Initialization Process (2)Linux Initialization Process (2)
Linux Initialization Process (2)
shimosawa
 
eBPF Trace from Kernel to Userspace
eBPF Trace from Kernel to UserspaceeBPF Trace from Kernel to Userspace
eBPF Trace from Kernel to Userspace
SUSE Labs Taipei
 
Linux Preempt-RT Internals
Linux Preempt-RT InternalsLinux Preempt-RT Internals
Linux Preempt-RT Internals
哲豪 康哲豪
 
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Anne Nicolas
 
The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageThe Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast Storage
Kernel TLV
 
Virtual Machine Constructions for Dummies
Virtual Machine Constructions for DummiesVirtual Machine Constructions for Dummies
Virtual Machine Constructions for Dummies
National Cheng Kung University
 
Linux Internals - Kernel/Core
Linux Internals - Kernel/CoreLinux Internals - Kernel/Core
Linux Internals - Kernel/Core
Shay Cohen
 
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
Linaro
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototyping
Yan Vugenfirer
 
Kvm and libvirt
Kvm and libvirtKvm and libvirt
Kvm and libvirt
plarsen67
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequence
Houcheng Lin
 
Linux Ethernet device driver
Linux Ethernet device driverLinux Ethernet device driver
Linux Ethernet device driver
艾鍗科技
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratch
linuxlab_conf
 
COSCUP 2020 RISC-V 32 bit linux highmem porting
COSCUP 2020 RISC-V 32 bit linux highmem portingCOSCUP 2020 RISC-V 32 bit linux highmem porting
COSCUP 2020 RISC-V 32 bit linux highmem porting
Eric Lin
 
QEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded DevelopmentQEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded Development
GlobalLogic Ukraine
 
Translation Cache Policies for Dynamic Binary Translation
Translation Cache Policies for Dynamic Binary TranslationTranslation Cache Policies for Dynamic Binary Translation
Translation Cache Policies for Dynamic Binary Translation
Saber Ferjani
 

Contenu connexe

Tendances

Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Anne Nicolas
 
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
Linaro
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequence
Houcheng Lin
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratch
linuxlab_conf
 

Tendances (20)

ACPI Debugging from Linux Kernel
ACPI Debugging from Linux KernelACPI Debugging from Linux Kernel
ACPI Debugging from Linux Kernel
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking Mechanisms
 
Dave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMUDave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMU
 
Virtualization Support in ARMv8+
Virtualization Support in ARMv8+Virtualization Support in ARMv8+
Virtualization Support in ARMv8+
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machine
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)
 
Linux Initialization Process (2)
Linux Initialization Process (2)Linux Initialization Process (2)
Linux Initialization Process (2)
 
eBPF Trace from Kernel to Userspace
eBPF Trace from Kernel to UserspaceeBPF Trace from Kernel to Userspace
eBPF Trace from Kernel to Userspace
 
Linux Preempt-RT Internals
Linux Preempt-RT InternalsLinux Preempt-RT Internals
Linux Preempt-RT Internals
 
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
 
The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageThe Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast Storage
 
Virtual Machine Constructions for Dummies
Virtual Machine Constructions for DummiesVirtual Machine Constructions for Dummies
Virtual Machine Constructions for Dummies
 
Linux Internals - Kernel/Core
Linux Internals - Kernel/CoreLinux Internals - Kernel/Core
Linux Internals - Kernel/Core
 
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototyping
 
Kvm and libvirt
Kvm and libvirtKvm and libvirt
Kvm and libvirt
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequence
 
Linux Ethernet device driver
Linux Ethernet device driverLinux Ethernet device driver
Linux Ethernet device driver
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratch
 
COSCUP 2020 RISC-V 32 bit linux highmem porting
COSCUP 2020 RISC-V 32 bit linux highmem portingCOSCUP 2020 RISC-V 32 bit linux highmem porting
COSCUP 2020 RISC-V 32 bit linux highmem porting
 

En vedette

QEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded DevelopmentQEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded Development
GlobalLogic Ukraine
 
Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)
Wan Leung Wong
 
Memory Simulation in QEMU
Memory Simulation in QEMUMemory Simulation in QEMU
Memory Simulation in QEMU
Z Chen
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
Tim Mackey
 
Simultaneously Leveraging Linux and Android in a GENIVI compliant IVI System
Simultaneously Leveraging Linux and Android in a GENIVI compliant IVI System Simultaneously Leveraging Linux and Android in a GENIVI compliant IVI System
Simultaneously Leveraging Linux and Android in a GENIVI compliant IVI System
mentoresd
 

En vedette (20)

QEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded DevelopmentQEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded Development
 
Translation Cache Policies for Dynamic Binary Translation
Translation Cache Policies for Dynamic Binary TranslationTranslation Cache Policies for Dynamic Binary Translation
Translation Cache Policies for Dynamic Binary Translation
 
Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)
 
Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVM
 
Qemu
QemuQemu
Qemu
 
Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015
 
Memory Simulation in QEMU
Memory Simulation in QEMUMemory Simulation in QEMU
Memory Simulation in QEMU
 
Virtualization, The future of computing (archived)
Virtualization, The future of computing (archived)Virtualization, The future of computing (archived)
Virtualization, The future of computing (archived)
 
(망고210& Gingerbread) u-boot 컴파일 및 다운로드
(망고210& Gingerbread) u-boot 컴파일 및 다운로드(망고210& Gingerbread) u-boot 컴파일 및 다운로드
(망고210& Gingerbread) u-boot 컴파일 및 다운로드
 
Linux KVM のコードを追いかけてみよう
Linux KVM のコードを追いかけてみようLinux KVM のコードを追いかけてみよう
Linux KVM のコードを追いかけてみよう
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Embedded Virtualization for Mobile Devices
Embedded Virtualization for Mobile DevicesEmbedded Virtualization for Mobile Devices
Embedded Virtualization for Mobile Devices
 
Developing Automotive Linux
Developing Automotive LinuxDeveloping Automotive Linux
Developing Automotive Linux
 
Vision and Multimedia Reading Group: DeCAF: a Deep Convolutional Activation F...
Vision and Multimedia Reading Group: DeCAF: a Deep Convolutional Activation F...Vision and Multimedia Reading Group: DeCAF: a Deep Convolutional Activation F...
Vision and Multimedia Reading Group: DeCAF: a Deep Convolutional Activation F...
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
 
LXC
LXCLXC
LXC
 
Hypervisor and Nova
Hypervisor and NovaHypervisor and Nova
Hypervisor and Nova
 
Study on Android Emulator
Study on Android EmulatorStudy on Android Emulator
Study on Android Emulator
 
Simultaneously Leveraging Linux and Android in a GENIVI compliant IVI System
Simultaneously Leveraging Linux and Android in a GENIVI compliant IVI System Simultaneously Leveraging Linux and Android in a GENIVI compliant IVI System
Simultaneously Leveraging Linux and Android in a GENIVI compliant IVI System
 

Similaire à QEMU - Binary Translation

20081114 Friday Food iLabt Bart Joris
20081114 Friday Food iLabt Bart Joris20081114 Friday Food iLabt Bart Joris
20081114 Friday Food iLabt Bart Joris
imec.archive
 
emips_overview_apr08
emips_overview_apr08emips_overview_apr08
emips_overview_apr08
Neil Pittman
 
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Akihiro Hayashi
 
May2010 hex-core-opt
May2010 hex-core-optMay2010 hex-core-opt
May2010 hex-core-opt
Jeff Larkin
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of Software
Brendan Gregg
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Jian-Hong Pan
 
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
PROIDEA
 

Similaire à QEMU - Binary Translation (20)

20081114 Friday Food iLabt Bart Joris
20081114 Friday Food iLabt Bart Joris20081114 Friday Food iLabt Bart Joris
20081114 Friday Food iLabt Bart Joris
 
Embedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingEmbedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debugging
 
Challenges in GPU compilers
Challenges in GPU compilersChallenges in GPU compilers
Challenges in GPU compilers
 
LCA13: Who Disturbs My Slumber
LCA13: Who Disturbs My SlumberLCA13: Who Disturbs My Slumber
LCA13: Who Disturbs My Slumber
 
Lec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIW
Lec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIWLec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIW
Lec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIW
 
An Essential Relationship between Real-time and Resource Partitioning
An Essential Relationship between Real-time and Resource PartitioningAn Essential Relationship between Real-time and Resource Partitioning
An Essential Relationship between Real-time and Resource Partitioning
 
emips_overview_apr08
emips_overview_apr08emips_overview_apr08
emips_overview_apr08
 
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
Exploring Compiler Optimization Opportunities for the OpenMP 4.x Accelerator...
 
May2010 hex-core-opt
May2010 hex-core-optMay2010 hex-core-opt
May2010 hex-core-opt
 
Nvidia tegra K1 Presentation
Nvidia tegra K1 PresentationNvidia tegra K1 Presentation
Nvidia tegra K1 Presentation
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of Software
 
Introduction to FreeRTOS
Introduction to FreeRTOSIntroduction to FreeRTOS
Introduction to FreeRTOS
 
IRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the PreemptibleIRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the Preemptible
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021
 
unit 1ARM INTRODUCTION.pptx
unit 1ARM INTRODUCTION.pptxunit 1ARM INTRODUCTION.pptx
unit 1ARM INTRODUCTION.pptx
 
3.5 create, monitor and kill processes v2
3.5 create, monitor and kill processes v23.5 create, monitor and kill processes v2
3.5 create, monitor and kill processes v2
 
MOVED: The challenge of SVE in QEMU - SFO17-103
MOVED: The challenge of SVE in QEMU - SFO17-103MOVED: The challenge of SVE in QEMU - SFO17-103
MOVED: The challenge of SVE in QEMU - SFO17-103
 
OSMC 2014: Server Hardware Monitoring done right | Werner Fischer
OSMC 2014: Server Hardware Monitoring done right | Werner FischerOSMC 2014: Server Hardware Monitoring done right | Werner Fischer
OSMC 2014: Server Hardware Monitoring done right | Werner Fischer
 
Kernel Debugging & Profiling
Kernel Debugging & ProfilingKernel Debugging & Profiling
Kernel Debugging & Profiling
 
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
 

Dernier

The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
 

Dernier (20)

The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 

QEMU - Binary Translation

  • 1. QEMU Binary Translations 2014/09/25@NCKU Embedded Course Jeff Liaw rampant1018@gmail.com
  • 2. Outline Introduction of QEMU Overview Translation Block Tiny Code Generator Porting to New Architecture Linaro QEMU Monitor A debug tool for AArch64/QEMU YODO Lab -2-
  • 4. What is QEMU? Quick EMUlator QEMU is a FAST! processor emulator Time for booting linux kernel(buildroot)  QEMU needs 2 sec  Foundation Model needs 12 sec Simulation V.S Emulation Simulation – For analysis and study Emulation – For usage as substitute YODO Lab -4-
  • 5. Usage of QEMU Modes: System-mode emulation – emulation of a full system User-mode emulation – launch processes compiled for another CPU(same OS)  Ex. execute arm/linux program on x86/linux Popular uses: For cross-compilation development environments Virtualization, device emulation, for kvm Android Emulator(part of SDK) YODO Lab -5-
  • 6. QEMU Generic Features Support Self-modifying code Precise exception FPU  software emulation  host FPU instructions Dynamic translation to native code => speed YODO Lab -6-
  • 7. QEMU Full System Emulation Features Full software MMU => portability Optionally use an in-kernel accelerator(kvm) Various hardware devices can be emulated SMP even on host with a single CPU YODO Lab -7-
  • 8. QEMU Emulation Example Host(Win7/x86) emulate Guest(Linux/arm) x86 ISA is different from ARM’s ISA emulate YODO Lab -8-
  • 9. Dynamic Translation Target CPU instruction → Host CPU instruction(runtime) 32MB YODO Lab -9-
  • 10. Translation & Execution initialize the process or and jump to the host code Main Loop:  IRQ handle  translation  run guest restore normal state and return to the main loop Overhead! YODO Lab -10-
  • 11. Translation & Execution We need emulation! Host Emulation  Main Loop:  IRQ handle  translation  run guest YODO Lab -11-
  • 12. Basic Block(Translated Block, TB) Block exit point: encounter branch(modify PC) reach page boundary 000081ac<abort>: 81ac: add $sp, $sp #-24 81b0: str $fp, [$sp+#20] … 81c2: beq $lr 81c6: mov $sp, $fp … 81d0: ret $lr Branch occur Block 1 Block 2 YODO Lab -12-
  • 13. Block Chaining Jump directly between basic blocks YODO Lab -13-
  • 14. Chaining Steps tb_add_jump() in “cpu-exec.c” YODO Lab -14-
  • 15. CPU Execution Flow Exceptions: asynchronous interrupts(unchain) process I/O no more TB Look up TBC by target PC Translate one basic block Chain it to existed block Cached Execute translated code Exception handling N Y tb_gen_code() tb_add_jump() cpu_tb_exec() YODO Lab -15-
  • 16. Example arm-none-eabi-gcc -c -mcpu=arm926ej-s -g foo.c foo.o -O0 YODO Lab -16-
  • 17. Example  r4 = dummy  r5 = i dummy++ when i < 5 dummy-- when i >= 5 i count from 0 to 9 Translation Cache TB 1 TB 1 cpu-exec TB 2 TB 2 TB 3 TB 3 TB 4 TB 4 TB 5 TB 5 YODO Lab -17-
  • 18. CPU dependency(bad idea) generate host code Target CPU Host CPU Bomb!!!!!! YODO Lab -18-
  • 19. CPU independency(good idea) -19- generate host code Target CPU Host CPU All problems in CS can be solved by another level of indirection YODO Lab -19-
  • 20. Tiny Code Generator(TCG) Since QEMU 0.10 Relax dependency Steps: 1. Target instruction → RISC-like TCG ops 2. Optimizations 3. TCG ops → host instructions Frontend Backend YODO Lab -20-
  • 21. TCG micro-ops Simple instruction Ex. add → TCG micro-ops ARM micro-ops Convert P.S tmp5 and tmp6 are temporary variables YODO Lab -21-
  • 22. TCG micro-ops Complicated instruction Ex. qadd → TCG micro-ops(helper) ARM micro-ops Convert P.S tmp5, tmp6 and tmp7 are temporary variables YODO Lab -22-
  • 23. TCG micro-ops TCG micro-ops Basic functions Temporary variables Divide one instruction to multiple small operations Helper function handle complicated instructions YODO Lab -23-
  • 24. TCG Frontend API tcg_gen_<op>[i]_<reg_size> <op> - operation [i] - immediate or register <reg_size> - size of register YODO Lab -24-
  • 25. TCG Frontend API Temporary variable allocate & delete Call helper function YODO Lab -25-
  • 26. TCG internal Two column: op code(opc) op parameter(opparam) OPC OPPARAM op_add_i32 ret arg1 arg2 OPC OPPARAM YODO Lab -26-
  • 27. ARM Convert micro-ops OPC OPPARAM op_movi_i32 op_mov_i32 op_add_i32 op_mov_i32 t0 arg2 t1 cpu_R[arg1] t1 t1 t0 cpu_R[arg1] t1 YODO Lab -27-
  • 28. TCG Backend Frontend Backend OPC OPPARAM op_movi_i32 op_mov_i32 op_add_i32 op_mov_i32 t0 arg2 t1 cpu_R[arg1] t1 t1 t0 cpu_R[arg1] t1 YODO Lab -28-
  • 29. TCG Backend micro-ops → host code QEMU on x86-64 micro-ops Host machine Convert YODO Lab -29-
  • 30. TCG Backend x86-64 backend example OPC OPPARAM op_movi_i32 op_mov_i32 op_add_i32 op_mov_i32 t0 arg2 t1 cpu_R[arg1] t1 t1 t0 cpu_R[arg1] t1 YODO Lab -30-
  • 31. TCG Porting Porting source tree qemu/target-*/ cpu.h translate.c op_helper.c helper.c qemu/tcg/*/ tcg-target. c tcg-target. h Frontend Backend regs and cpu status declaration target instruction → micro-op complicated instruction which can’t be modeled with micro-op exception handling(ex. divide 0) YODO Lab -31-
  • 33. Overview Build the future of Open Source Software on ARM Does the core engineering YODO Lab -33-
  • 34. Members Core Members Club Members Group Members YODO Lab -34-
  • 35. Android L Developer Preview Android emulator based on QEMU Differences to mainline QEMU User Interface  keypad/buttons  accelerated graphics Emulated Devices  Fast IPC(qemu_pipe)  GSM, GPS, sensors Ref: http://www.linaro.org/blog/core-dump/running-64bit-android-l-qemu/ YODO Lab -35-
  • 37. Overview QEMU provide gdb stub debug in running image display general purpose registers(pc, spsr) single step execution But can not display system register hard to debug kernel image YODO Lab -37-
  • 38. QEMU gdbserver & qemu-monitor  QEMU gdbserver send gdb packet when VM_STATE change  Custom packet through IPC socket GDB_VM_STATE _CHANGE Send GDB Packet Send Custom Packet Receive Custom Packet Print Related Information IPC Socket QEMU qemu-monitor Custom Packet YODO Lab -38-
  • 39. QEMU System Registers Mapping Some registers are not implemented Hard-coded target-arm/helper.c Hash Key QEMU Variables mapping to ARM registers YODO Lab -39-
  • 42. QEMU & KVM QEMU run independently QEMU + KVM qemu(userspace tool) kvm(hypervisor) YODO Lab -42-