Project

General

Profile

Getting Started » History » Version 20

Sergey Smolov, 12/20/2019 12:08 PM

1 1 Sergey Smolov
h1. Getting Started
2
3
{{toc}}
4
5 3 Sergey Smolov
h2. General notes
6
7 18 Sergey Smolov
First of all, "install":https://forge.ispras.ru/projects/qemu4v/wiki/Installation the QEMU4V.
8 8 Sergey Smolov
9 3 Sergey Smolov
It is possible to terminate QEMU by hands only. Neither Ctrl-C nor Ctrl-Z works, use _kill <process-id>_ or _killall qemu-system*_.
10
11 1 Sergey Smolov
h2. Aarch64
12
13 19 Sergey Smolov
It is supposed that "Aarch64 toolchain":http://releases.linaro.org/components/toolchain/binaries is already installed in your system.
14 1 Sergey Smolov
15 3 Sergey Smolov
# Write a simple Aarch64 program (it is called @sample.s@) that does nothing but puts 0x10 value to X0 register and then halts. Here it is:
16 1 Sergey Smolov
<pre>
17
.text
18
	.globl _start
19
	bl _start
20
_start:
21
	movz x1, #0x10, LSL #0
22
	hlt #57005
23
</pre>
24 3 Sergey Smolov
# To compile the Aarch64 assembler program, do the following:
25 20 Sergey Smolov
<pre><code class="shell">
26 1 Sergey Smolov
aarch64-linux-gnu-as sample.s -o sample.o
27
aarch64-linux-gnu-ld sample.o -o sample.elf
28
aarch64-linux-gnu-objcopy -O binary sample.elf sample.bin
29 20 Sergey Smolov
</code></pre>
30 1 Sergey Smolov
# Finally, run _QEMU4V_ emulator with enabled option of microprocessor execution trace logging:
31 20 Sergey Smolov
<pre><code class="shell">
32 1 Sergey Smolov
qemu-system-aarch64 -M virt -cpu cortex-a57 -bios sample.bin -d nochain,in_asm -singlestep -nographic -trace-log -D log-file.txt
33 20 Sergey Smolov
</code></pre>
34 6 Sergey Smolov
# Wait for a while, then stop QEMU4V. The following @log-file.txt@ trace file should be generated:
35 1 Sergey Smolov
<pre>
36
0 clk IT (0) 0000000000000000 94000001 A svc_ns : bl #+0x4 (addr 0x4)
37
1 clk IT (1) 0000000000000004 d2800201 A svc_ns : movz x1, #0x10, LSL #0
38
2 clk IT (2) 0000000000000008 d45bd5a0 A svc_ns : hlt #57005
39
</pre>
40
41
h2. MIPS32
42 5 Sergey Smolov
43 19 Sergey Smolov
It is supposed that "MIPS toolchain":https://www.linux-mips.org/wiki/Toolchains is already installed in your system.
44 3 Sergey Smolov
45
# First of all, let's write a simple MIPS program (it is called @sample.s@) that stores 0x10 value at x12345678 address. Here it is:
46
<pre>
47
.text
48
	.globl _start
49
_start:
50
lui $1, 0x1234
51
ori $1, $1, 0x5678
52
addi $8, $0, 10
53
sw $8, 0($1)
54
</pre>
55 6 Sergey Smolov
# To compile the MIPS32 assembler program, do the following:
56 20 Sergey Smolov
<pre><code class="shell">
57 3 Sergey Smolov
mips-linux-gnu-as sample.s -o sample.o
58
mips-linux-gnu-ld sample.o -Ttext 0xbfc00000 -o sample.elf
59 20 Sergey Smolov
</code></pre>
60 3 Sergey Smolov
# Finally, run _QEMU4V_ emulator:
61 20 Sergey Smolov
<pre><code class="shell">
62 3 Sergey Smolov
qemu-system-mips -M mips -cpu mips32r6-generic -d unimp,nochain,in_asm -nographic -singlestep -D log.txt -bios sample.elf
63 20 Sergey Smolov
</code></pre>
64 6 Sergey Smolov
# Wait for a while, then stop QEMU4V. The following @log-file.txt@ trace file should be generated:
65 3 Sergey Smolov
<pre>
66
...
67
----------------
68
IN: 
69
0xbfc0fffc:  nop
70
71
----------------
72
IN: 
73
0xbfc10000:  lui	at,0x1234
74
75
----------------
76
IN: 
77
0xbfc10004:  ori	at,at,0x5678
78
79
----------------
80
IN: 
81
0xbfc10008:  beqzalc	zero,t0,0xbfc10034
82
83
----------------
84
IN: 
85
0xbfc10034:  cache	0x0,0(s8)
86 1 Sergey Smolov
</pre>
87 3 Sergey Smolov
88 9 Sergey Smolov
h2. PowerPC32
89 15 Sergey Smolov
90 19 Sergey Smolov
It is supposed that "PowerPC toolchain":https://packages.debian.org/sid/gcc-powerpc-linux-gnu is already installed in your system.
91 15 Sergey Smolov
92 10 Maxim Chudnov
# Write a simple PowerPC program (it is called @p1.s@). Here it is:
93
<pre>
94
.section    .text
95
    addi    4,0,5       # bad
96
    la  3,3(0)      # very bad
97
    la  3,0(3)
98
    la  5,2500(3)
99
</pre>
100
# To compile the PowerPC assembler program, do the following:
101 20 Sergey Smolov
<pre><code class="shell">
102 17 Sergey Smolov
powerpc-linux-gnu-as p1.s -me500mc -o p1.o
103 16 Sergey Smolov
powerpc-linux-gnu-ld p1.o -Ttext 0x0 -o p1.elf
104 20 Sergey Smolov
</code></pre>
105
# Finally, run _QEMU4V_ emulator:
106
<pre><code class="shell">
107 14 Maxim Chudnov
qemu-system-ppc -M ppce500 -cpu e500 -d unimp,nochain,in_asm -nographic -singlestep -bios p1.elf
108 20 Sergey Smolov
</code></pre>
109 14 Maxim Chudnov
# Wait for a while, then stop QEMU4V. The following trace should be generated:
110
<pre>
111
IN: 
112
0x00000000:  li      r4,5
113
114
IN: 
115
0x00000004:  li      r3,3
116
117
IN: 
118
0x00000008:  addi    r3,r3,0
119
120
IN: 
121 1 Sergey Smolov
0x0000000c:  addi    r5,r3,2500
122 14 Maxim Chudnov
123
</pre>
124 1 Sergey Smolov
125
h2. RISC-V
126 5 Sergey Smolov
127 19 Sergey Smolov
It is supposed that "RISC-V toolchain":https://github.com/riscv/riscv-gnu-toolchain is already installed in your system.
128 1 Sergey Smolov
129 3 Sergey Smolov
# Write a simple RISC-V program (it is called @sample.s@) that does nothing but puts 0x18 value to @t1@ register and puts 0x21 value to @t2@ register. Here it is:
130 1 Sergey Smolov
<pre>
131
.text
132
.globl _start
133
_start:
134
 addi t1, zero, 0x18
135
 addi t2, zero, 0x21
136
</pre>
137 3 Sergey Smolov
# To compile the RISC-V assembler program, do the following:
138 20 Sergey Smolov
<pre><code class="shell">
139 1 Sergey Smolov
aarch64-linux-gnu-as sample.s -o sample.o
140
aarch64-linux-gnu-ld sample.o -Ttext 0x1000 -o sample.elf
141 20 Sergey Smolov
</code></pre>
142 1 Sergey Smolov
# Finally, run _QEMU4V_ emulator with enabled option of microprocessor execution trace logging (0x1000 value was used by linker because of QEMU-related features):
143 20 Sergey Smolov
<pre><code class="shell">
144 2 Sergey Smolov
qemu-system-riscv64 -M spike_v1.10 -cpu any -d unimp,nochain,in_asm -nographic -singlestep -trace-log -kernel sample.elf
145 20 Sergey Smolov
</code></pre>
146 6 Sergey Smolov
# Wait for a while, then stop QEMU4V. The following trace should be generated:
147 1 Sergey Smolov
<pre>
148
0 clk 0 IT (0) 0000000000001000 01800313 A svc_ns : li t1,24
149
1 clk R t1 0000000000000018
150
1 clk 0 IT (1) 0000000000001004 02100393 A svc_ns : li t2,33
151
2 clk R t2 0000000000000021
152
2 clk 0 IT (2) 0000000000001008 00000000 A svc_ns : unimp
153
3 clk 0 IT (3) 0000000000001010 00000000 A svc_ns : unimp
154 3 Sergey Smolov
</pre>
155 7 Sergey Smolov
156 3 Sergey Smolov
h2. X86 (8086 case)
157 5 Sergey Smolov
158 19 Sergey Smolov
It is supposed that "GCC":https://gcc.gnu.org is already installed in your system.
159 1 Sergey Smolov
160 7 Sergey Smolov
# Write a simple X86 program (it is called @sample.s@) that performs some calculations:
161 1 Sergey Smolov
<pre>
162 7 Sergey Smolov
.code16 # tell the assembler that we're using 16 bit mode
163
	.text
164
	.global _start
165 3 Sergey Smolov
_start:
166 7 Sergey Smolov
	mov $11, %AX
167
	and $204, %BX
168
	mov %AX, %CX
169
	add %CX, %BX
170
	sub %CX, %AX
171
.org 510 # magic bytes that tell BIOS that this is bootable
172
.word 0xaa55 # magic bytes that tell BIOS that this is bootable
173 1 Sergey Smolov
</pre>
174
# To compile the X86 GNU assembler program, do the following:
175 20 Sergey Smolov
<pre><code class="shell">
176 1 Sergey Smolov
x86_64-linux-gnu-as sample.s -o sample.o
177 7 Sergey Smolov
x86_64-linux-gnu-ld sample.o -T 0x7c00 --oformat binary -o sample.elf
178 20 Sergey Smolov
</code></pre>
179 1 Sergey Smolov
# Finally, run _QEMU4V_ emulator:
180 20 Sergey Smolov
<pre><code class="shell">
181 7 Sergey Smolov
qemu-system-i386 -M pc -cpu 486 -d unimp,nochain,in_asm -nographic -singlestep -D log.txt -hda sample.elf
182 20 Sergey Smolov
</code></pre>
183 7 Sergey Smolov
# Wait for a while, then stop QEMU4V. The following @log-file.txt@ trace file should be generated (go to the 0x7c00 address and see the program execution fragment):
184 1 Sergey Smolov
<pre>
185 7 Sergey Smolov
----------------
186
IN: 
187
0x00007c00:  mov    $0xb,%ax
188
189
----------------
190
IN: 
191
0x00007c03:  and    $0xcc,%bx
192
193
----------------
194
IN: 
195
0x00007c07:  mov    %ax,%cx
196
197
----------------
198
IN: 
199
0x00007c09:  add    %cx,%bx
200
201
----------------
202
IN: 
203
0x00007c0b:  sub    %cx,%ax
204
205
----------------
206 1 Sergey Smolov
</pre>