Project

General

Profile

Getting Started » History » Revision 8

Revision 7 (Sergey Smolov, 07/12/2018 05:54 PM) → Revision 8/22 (Sergey Smolov, 10/19/2018 03:43 PM)

h1. Getting Started 

 {{toc}} 

 h2. General notes 

 First of all, install the QEMU4V with the help of the "instruction":https://forge.ispras.ru/projects/qemu4v/wiki/Installation 

 It is possible to terminate QEMU by hands only. Neither Ctrl-C nor Ctrl-Z works, use _kill <process-id>_ or _killall qemu-system*_. 

 h2. Aarch64 

 It is supposed that the following tools are already installed in your system: 
 - Toolchain for Aarch64 assembler programs compilation, linking, etc. (can be downloaded from "Linaro website":http://releases.linaro.org/components/toolchain/binaries or just below, installation instruction is "here":http://forge.ispras.ru/projects/microtesk-armv8/wiki/Toolchain). 

 # Write a simple Aarch64 program (it is called @sample.s@) that does nothing but puts 0x10 value to X0 register and then halts. Here it is: 
 <pre> 
 .text 
	 .globl _start 
	 bl _start 
 _start: 
	 movz x1, #0x10, LSL #0 
	 hlt #57005 
 </pre> 
 # To compile the Aarch64 assembler program, do the following: 
 <pre> 
 aarch64-linux-gnu-as sample.s -o sample.o 
 aarch64-linux-gnu-ld sample.o -o sample.elf 
 aarch64-linux-gnu-objcopy -O binary sample.elf sample.bin 
 </pre> 
 # Finally, run _QEMU4V_ emulator with enabled option of microprocessor execution trace logging: 
 <pre> 
 qemu-system-aarch64 -M virt -cpu cortex-a57 -bios sample.bin -d nochain,in_asm -singlestep -nographic -trace-log -D log-file.txt 
 </pre> 
 # Wait for a while, then stop QEMU4V. The following @log-file.txt@ trace file should be generated: 
 <pre> 
 0 clk IT (0) 0000000000000000 94000001 A svc_ns : bl #+0x4 (addr 0x4) 
 1 clk IT (1) 0000000000000004 d2800201 A svc_ns : movz x1, #0x10, LSL #0 
 2 clk IT (2) 0000000000000008 d45bd5a0 A svc_ns : hlt #57005 
 </pre> 

 h2. MIPS32 

 It is supposed that the following tools are already installed in your system: 
 - Toolchain for MIPS assembler programs compilation, linking, etc. (a list of toolchains is available "here":https://www.linux-mips.org/wiki/Toolchains). 

 # First of all, let's write a simple MIPS program (it is called @sample.s@) that stores 0x10 value at x12345678 address. Here it is: 
 <pre> 
 .text 
	 .globl _start 
 _start: 
 lui $1, 0x1234 
 ori $1, $1, 0x5678 
 addi $8, $0, 10 
 sw $8, 0($1) 
 </pre> 
 # To compile the MIPS32 assembler program, do the following: 
 <pre> 
 mips-linux-gnu-as sample.s -o sample.o 
 mips-linux-gnu-ld sample.o -Ttext 0xbfc00000 -o sample.elf 
 </pre> 
 # Finally, run _QEMU4V_ emulator: 
 <pre> 
 qemu-system-mips -M mips -cpu mips32r6-generic -d unimp,nochain,in_asm -nographic -singlestep -D log.txt -bios sample.elf 
 </pre> 
 # Wait for a while, then stop QEMU4V. The following @log-file.txt@ trace file should be generated: 
 <pre> 
 ... 
 ---------------- 
 IN:  
 0xbfc0fffc:    nop 

 ---------------- 
 IN:  
 0xbfc10000:    lui 	 at,0x1234 

 ---------------- 
 IN:  
 0xbfc10004:    ori 	 at,at,0x5678 

 ---------------- 
 IN:  
 0xbfc10008:    beqzalc 	 zero,t0,0xbfc10034 

 ---------------- 
 IN:  
 0xbfc10034:    cache 	 0x0,0(s8) 
 </pre> 

 h2. RISC-V 

 It is supposed that the following tools are already installed in your system: 
 - Toolchain for RISC-V assembler programs compilation, linking, etc. (the source code and the installation guide are available "here":https://github.com/riscv/riscv-gnu-toolchain). 

 # Write a simple RISC-V program (it is called @sample.s@) that does nothing but puts 0x18 value to @t1@ register and puts 0x21 value to @t2@ register. Here it is: 
 <pre> 
 .text 
 .globl _start 
 _start: 
  addi t1, zero, 0x18 
  addi t2, zero, 0x21 
 </pre> 
 # To compile the RISC-V assembler program, do the following: 
 <pre> 
 aarch64-linux-gnu-as sample.s -o sample.o 
 aarch64-linux-gnu-ld sample.o -Ttext 0x1000 -o sample.elf 
 </pre> 
 # Finally, run _QEMU4V_ emulator with enabled option of microprocessor execution trace logging (0x1000 value was used by linker because of QEMU-related features): 
 <pre> 
 qemu-system-riscv64 -M spike_v1.10 -cpu any -d unimp,nochain,in_asm -nographic -singlestep -trace-log -kernel sample.elf 
 </pre> 
 # Wait for a while, then stop QEMU4V. The following trace should be generated: 
 <pre> 
 0 clk 0 IT (0) 0000000000001000 01800313 A svc_ns : li t1,24 
 1 clk R t1 0000000000000018 
 1 clk 0 IT (1) 0000000000001004 02100393 A svc_ns : li t2,33 
 2 clk R t2 0000000000000021 
 2 clk 0 IT (2) 0000000000001008 00000000 A svc_ns : unimp 
 3 clk 0 IT (3) 0000000000001010 00000000 A svc_ns : unimp 
 </pre> 

 h2. X86 (8086 case) 

 It is supposed that the following tools are already installed in your system: 
 - Toolchain for X86 assembler programs compilation, linking, etc. (we use "GCC":https://gcc.gnu.org). 

 # Write a simple X86 program (it is called @sample.s@) that performs some calculations: 
 <pre> 
 .code16 # tell the assembler that we're using 16 bit mode 
	 .text 
	 .global _start 
 _start: 
	 mov $11, %AX 
	 and $204, %BX 
	 mov %AX, %CX 
	 add %CX, %BX 
	 sub %CX, %AX 
 .org 510 # magic bytes that tell BIOS that this is bootable 
 .word 0xaa55 # magic bytes that tell BIOS that this is bootable 
 </pre> 
 # To compile the X86 GNU assembler program, do the following: 
 <pre> 
 x86_64-linux-gnu-as sample.s -o sample.o 
 x86_64-linux-gnu-ld sample.o -T 0x7c00 --oformat binary -o sample.elf 
 </pre> 
 # Finally, run _QEMU4V_ emulator: 
 <pre> 
 qemu-system-i386 -M pc -cpu 486 -d unimp,nochain,in_asm -nographic -singlestep -D log.txt -hda sample.elf 
 </pre> 
 # Wait for a while, then stop QEMU4V. The following @log-file.txt@ trace file should be generated (go to the 0x7c00 address and see the program execution fragment): 
 <pre> 
 ---------------- 
 IN:  
 0x00007c00:    mov      $0xb,%ax 

 ---------------- 
 IN:  
 0x00007c03:    and      $0xcc,%bx 

 ---------------- 
 IN:  
 0x00007c07:    mov      %ax,%cx 

 ---------------- 
 IN:  
 0x00007c09:    add      %cx,%bx 

 ---------------- 
 IN:  
 0x00007c0b:    sub      %cx,%ax 

 ---------------- 
 </pre>