QEMU is an x86 processor emulator. Its purpose is to run x86 Linux
processes on non-x86 Linux architectures such as PowerPC or ARM. By
using dynamic translation it achieves a reasonnable speed while being
-easy to port on new host CPUs. An obviously interesting x86 only process
-is 'wine' (Windows emulation).
+easy to port on new host CPUs. Its main goal is to be able to launch the
+@code{Wine} Windows API emulator (@url{http://www.winehq.org}) on
+non-x86 CPUs.
QEMU features:
@item User space only x86 emulator.
-@item Currently ported on i386 and PowerPC.
+@item Currently ported on i386, PowerPC and S390.
-@item Using dynamic translation for reasonnable speed.
+@item Using dynamic translation to native code for reasonnable speed.
@item The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation.
-User space LDT and GDT are emulated.
+User space LDT and GDT are emulated. VM86 mode is also supported
+(experimental).
@item Generic Linux system call converter, including most ioctls.
@item Accurate signal handling by remapping host signals to virtual x86 signals.
+@item QEMU can emulate itself on x86 (experimental).
+
@item The virtual x86 CPU is a library (@code{libqemu}) which can be used
in other projects.
@item Not all x86 exceptions are precise (yet). [Very few programs need that].
-@item Not self virtualizable (yet). [You cannot launch qemu with qemu on the same CPU].
-
-@item No support for self modifying code (yet). [Very few programs need that, a notable exception is QEMU itself !].
-
-@item No VM86 mode (yet), althought the virtual
-CPU has support for most of it. [VM86 support is useful to launch old 16
-bit DOS programs with dosemu or wine].
+@item No support for self-modifying code (yet). [Very few programs need that, a notable exception is QEMU itself !].
@item No SSE/MMX support (yet).
@code{-L /} tells that the x86 dynamic linker must be searched with a
@file{/} prefix.
+@item Since QEMU is also a linux process, you can launch qemu with qemu:
+
+@example
+qemu -L / qemu -L / /bin/ls
+@end example
@item On non x86 CPUs, you need first to download at least an x86 glibc
-(@file{qemu-i386-glibc21.tar.gz} on the QEMU web page). Then you can
-launch the precompiled @file{ls} x86 executable:
+(@file{qemu-XXX-i386-glibc21.tar.gz} on the QEMU web page). Ensure that
+@code{LD_LIBRARY_PATH} is not set:
+
+@example
+unset LD_LIBRARY_PATH
+@end example
+
+Then you can launch the precompiled @file{ls} x86 executable:
+
+@example
+qemu /usr/local/qemu-i386/bin/ls-i386
+@end example
+You can look at @file{/usr/local/qemu-i386/bin/qemu-conf.sh} so that
+QEMU is automatically launched by the Linux kernel when you try to
+launch x86 executables. It requires the @code{binfmt_misc} module in the
+Linux kernel.
+
+@item The x86 version of QEMU is also included. You can try weird things such as:
+@example
+qemu /usr/local/qemu-i386/bin/qemu-i386 /usr/local/qemu-i386/bin/ls-i386
+@end example
+
+@end itemize
+
+@section Wine launch (Currently only tested when emulating x86 on x86)
+
+@itemize
+
+@item Ensure that you have a working QEMU with the x86 glibc
+distribution (see previous section). In order to verify it, you must be
+able to do:
+
+@example
+qemu /usr/local/qemu-i386/bin/ls-i386
+@end example
+
+@item Download the binary x86 Wine install
+(@file{qemu-XXX-i386-wine.tar.gz} on the QEMU web page).
+
+@item Configure Wine on your account. Look at the provided script
+@file{/usr/local/qemu-i386/bin/wine-conf.sh}. Your previous
+@code{$@{HOME@}/.wine} directory is saved to @code{$@{HOME@}/.wine.org}.
+
+@item Then you can try the example @file{putty.exe}:
+
@example
-qemu /usr/local/qemu-i386/bin/ls
+qemu /usr/local/qemu-i386/wine/bin/wine /usr/local/qemu-i386/wine/c/Program\ Files/putty.exe
@end example
-You can look at @file{/usr/local/qemu-i386/bin/qemu-conf.sh} so that QEMU is automatically
-launched by the Linux kernel when you try to launch x86 executables. It
-requires the @code{binfmt_misc} module in the Linux kernel.
@end itemize
host and used a proprietary and slow interpreter (the interpreter part
of the FX!32 Digital Win32 code translator [5]).
+TWIN [6] is a Windows API emulator like Wine. It is less accurate than
+Wine but includes a protected mode x86 interpreter to launch x86 Windows
+executables. Such an approach as greater potential because most of the
+Windows API is executed natively but it is far more difficult to develop
+because all the data structures and function parameters exchanged
+between the API and the x86 code must be converted.
+
@section Portable dynamic translation
QEMU is a dynamic translator. When it first encounters a piece of code,
Good CPU condition codes emulation (@code{EFLAGS} register on x86) is a
critical point to get good performances. QEMU uses lazy condition code
evaluation: instead of computing the condition codes after each x86
-instruction, it store justs one operand (called @code{CC_CRC}), the
+instruction, it just stores one operand (called @code{CC_SRC}), the
result (called @code{CC_DST}) and the type of operation (called
@code{CC_OP}).
the condition codes are not needed by the next instructions, no
condition codes are computed at all.
-@section Translation CPU state optimisations
+@section CPU state optimisations
The x86 CPU has many internal states which change the way it evaluates
instructions. In order to achieve a good speed, the translation phase
The virtual x86 CPU atomic operations are emulated with a global lock so
that their semantic is preserved.
+@section Self-virtualization
+
+QEMU was conceived so that ultimately it can emulate itself. Althought
+it is not very useful, it is an important test to show the power of the
+emulator.
+
+Achieving self-virtualization is not easy because there may be address
+space conflicts. QEMU solves this problem by being an ELF shared object
+as the ld-linux.so ELF interpreter. That way, it can be relocated at
+load time.
+
+Since self-modifying code is not supported yet, QEMU cannot self
+virtualize itself in case of translation cache flush. This limitation
+will be suppressed soon.
+
@section Bibliography
@table @asis
DIGITAL FX!32: Running 32-Bit x86 Applications on Alpha NT, by Anton
Chernoff and Ray Hookway.
+@item [6]
+@url{http://www.willows.com/}, Windows API library emulation from
+Willows Software.
+
@end table
@chapter Regression Tests
because it mostly tests the ability of the virtual CPU to optimize the
@code{rol} x86 instruction and the condition code computations.
+@section @file{runcom}
+
+A very simple MSDOS emulator to test the Linux vm86() system call
+emulation. The excellent 54 byte @file{pi_10.com} PI number calculator
+can be launched with it. @file{pi_10.com} was written by Bertram
+Felgenhauer (more information at @url{http://www.boo.net/~jasonp/pipage.html}).
projects / qemu.git / blobdiff