Project

General

Profile

Actions

Getting Started » History » Revision 16

« Previous | Revision 16/22 (diff) | Next »
Sergey Smolov, 11/13/2018 04:34 PM


Getting Started

General notes

First of all, install the QEMU4V (follow the instruction).

It is possible to terminate QEMU by hands only. Neither Ctrl-C nor Ctrl-Z works, use kill <process-id> or killall qemu-system*.

Aarch64

It is supposed that the following tools are already installed in your system:
- Toolchain for Aarch64 assembler programs compilation, linking, etc. (can be downloaded from Linaro website or just below, installation instruction is here).

  1. Write a simple Aarch64 program (it is called sample.s) that does nothing but puts 0x10 value to X0 register and then halts. Here it is:
    .text
        .globl _start
        bl _start
    _start:
        movz x1, #0x10, LSL #0
        hlt #57005
    
  2. To compile the Aarch64 assembler program, do the following:
    aarch64-linux-gnu-as sample.s -o sample.o
    aarch64-linux-gnu-ld sample.o -o sample.elf
    aarch64-linux-gnu-objcopy -O binary sample.elf sample.bin
    
  3. Finally, run QEMU4V emulator with enabled option of microprocessor execution trace logging:
    qemu-system-aarch64 -M virt -cpu cortex-a57 -bios sample.bin -d nochain,in_asm -singlestep -nographic -trace-log -D log-file.txt
    
  4. Wait for a while, then stop QEMU4V. The following log-file.txt trace file should be generated:
    0 clk IT (0) 0000000000000000 94000001 A svc_ns : bl #+0x4 (addr 0x4)
    1 clk IT (1) 0000000000000004 d2800201 A svc_ns : movz x1, #0x10, LSL #0
    2 clk IT (2) 0000000000000008 d45bd5a0 A svc_ns : hlt #57005
    

MIPS32

It is supposed that the following tools are already installed in your system:
- Toolchain for MIPS assembler programs compilation, linking, etc. (a list of toolchains is available here).

  1. First of all, let's write a simple MIPS program (it is called sample.s) that stores 0x10 value at x12345678 address. Here it is:
    .text
        .globl _start
    _start:
    lui $1, 0x1234
    ori $1, $1, 0x5678
    addi $8, $0, 10
    sw $8, 0($1)
    
  2. To compile the MIPS32 assembler program, do the following:
    mips-linux-gnu-as sample.s -o sample.o
    mips-linux-gnu-ld sample.o -Ttext 0xbfc00000 -o sample.elf
    
  3. Finally, run QEMU4V emulator:
    qemu-system-mips -M mips -cpu mips32r6-generic -d unimp,nochain,in_asm -nographic -singlestep -D log.txt -bios sample.elf
    
  4. Wait for a while, then stop QEMU4V. The following log-file.txt trace file should be generated:
    ...
    ----------------
    IN: 
    0xbfc0fffc:  nop
    
    ----------------
    IN: 
    0xbfc10000:  lui    at,0x1234
    
    ----------------
    IN: 
    0xbfc10004:  ori    at,at,0x5678
    
    ----------------
    IN: 
    0xbfc10008:  beqzalc    zero,t0,0xbfc10034
    
    ----------------
    IN: 
    0xbfc10034:  cache    0x0,0(s8)
    

PowerPC32

It is supposed that the following tools are already installed in your system:
- Toolchain for PowerPC32 assembler programs compilation, linking, etc. (we use GNU C compiler).

  1. Write a simple PowerPC program (it is called p1.s). Here it is:
    .section    .text
        addi    4,0,5       # bad
        la  3,3(0)      # very bad
        la  3,0(3)
        la  5,2500(3)
    
  2. To compile the PowerPC assembler program, do the following:
    powerpc-linux-gnu-as p1.s -o p1.o
    powerpc-linux-gnu-ld p1.o -Ttext 0x0 -o p1.elf
    
  3. Finally, run QEMU4V emulator :
    qemu-system-ppc -M ppce500 -cpu e500 -d unimp,nochain,in_asm -nographic -singlestep -bios p1.elf
    
  4. Wait for a while, then stop QEMU4V. The following trace should be generated:
    IN: 
    0x00000000:  li      r4,5
    
    IN: 
    0x00000004:  li      r3,3
    
    IN: 
    0x00000008:  addi    r3,r3,0
    
    IN: 
    0x0000000c:  addi    r5,r3,2500
    
    

RISC-V

It is supposed that the following tools are already installed in your system:
- Toolchain for RISC-V assembler programs compilation, linking, etc. (the source code and the installation guide are available here).

  1. Write a simple RISC-V program (it is called sample.s) that does nothing but puts 0x18 value to t1 register and puts 0x21 value to t2 register. Here it is:
    .text
    .globl _start
    _start:
     addi t1, zero, 0x18
     addi t2, zero, 0x21
    
  2. To compile the RISC-V assembler program, do the following:
    aarch64-linux-gnu-as sample.s -o sample.o
    aarch64-linux-gnu-ld sample.o -Ttext 0x1000 -o sample.elf
    
  3. Finally, run QEMU4V emulator with enabled option of microprocessor execution trace logging (0x1000 value was used by linker because of QEMU-related features):
    qemu-system-riscv64 -M spike_v1.10 -cpu any -d unimp,nochain,in_asm -nographic -singlestep -trace-log -kernel sample.elf
    
  4. Wait for a while, then stop QEMU4V. The following trace should be generated:
    0 clk 0 IT (0) 0000000000001000 01800313 A svc_ns : li t1,24
    1 clk R t1 0000000000000018
    1 clk 0 IT (1) 0000000000001004 02100393 A svc_ns : li t2,33
    2 clk R t2 0000000000000021
    2 clk 0 IT (2) 0000000000001008 00000000 A svc_ns : unimp
    3 clk 0 IT (3) 0000000000001010 00000000 A svc_ns : unimp
    

X86 (8086 case)

It is supposed that the following tools are already installed in your system:
- Toolchain for X86 assembler programs compilation, linking, etc. (we use GCC).

  1. Write a simple X86 program (it is called sample.s) that performs some calculations:
    .code16 # tell the assembler that we're using 16 bit mode
        .text
        .global _start
    _start:
        mov $11, %AX
        and $204, %BX
        mov %AX, %CX
        add %CX, %BX
        sub %CX, %AX
    .org 510 # magic bytes that tell BIOS that this is bootable
    .word 0xaa55 # magic bytes that tell BIOS that this is bootable
    
  2. To compile the X86 GNU assembler program, do the following:
    x86_64-linux-gnu-as sample.s -o sample.o
    x86_64-linux-gnu-ld sample.o -T 0x7c00 --oformat binary -o sample.elf
    
  3. Finally, run QEMU4V emulator:
    qemu-system-i386 -M pc -cpu 486 -d unimp,nochain,in_asm -nographic -singlestep -D log.txt -hda sample.elf
    
  4. Wait for a while, then stop QEMU4V. The following log-file.txt trace file should be generated (go to the 0x7c00 address and see the program execution fragment):
    ----------------
    IN: 
    0x00007c00:  mov    $0xb,%ax
    
    ----------------
    IN: 
    0x00007c03:  and    $0xcc,%bx
    
    ----------------
    IN: 
    0x00007c07:  mov    %ax,%cx
    
    ----------------
    IN: 
    0x00007c09:  add    %cx,%bx
    
    ----------------
    IN: 
    0x00007c0b:  sub    %cx,%ax
    
    ----------------
    

Updated by Sergey Smolov over 5 years ago · 16 revisions