1a0a6754bSAlex BennéeEmulation 2a0a6754bSAlex Bennée========= 3a0a6754bSAlex Bennée 4a0a6754bSAlex BennéeQEMU's Tiny Code Generator (TCG) provides the ability to emulate a 5a0a6754bSAlex Bennéenumber of CPU architectures on any supported host platform. Both 6a0a6754bSAlex Bennée:ref:`System Emulation` and :ref:`User Mode Emulation` are supported 7a0a6754bSAlex Bennéedepending on the guest architecture. 8a0a6754bSAlex Bennée 9a0a6754bSAlex Bennée.. list-table:: Supported Guest Architectures for Emulation 10a0a6754bSAlex Bennée :widths: 30 10 10 50 11a0a6754bSAlex Bennée :header-rows: 1 12a0a6754bSAlex Bennée 13a0a6754bSAlex Bennée * - Architecture (qemu name) 14a0a6754bSAlex Bennée - System 15a0a6754bSAlex Bennée - User 16a0a6754bSAlex Bennée - Notes 17a0a6754bSAlex Bennée * - Alpha 18a0a6754bSAlex Bennée - Yes 19a0a6754bSAlex Bennée - Yes 20a0a6754bSAlex Bennée - Legacy 64 bit RISC ISA developed by DEC 21a0a6754bSAlex Bennée * - Arm (arm, aarch64) 22a0a6754bSAlex Bennée - :ref:`Yes<ARM-System-emulator>` 23a0a6754bSAlex Bennée - Yes 24a0a6754bSAlex Bennée - Wide range of features, see :ref:`Arm Emulation` for details 25a0a6754bSAlex Bennée * - AVR 26a0a6754bSAlex Bennée - :ref:`Yes<AVR-System-emulator>` 27a0a6754bSAlex Bennée - No 28a0a6754bSAlex Bennée - 8 bit micro controller, often used in maker projects 29a0a6754bSAlex Bennée * - Cris 30a0a6754bSAlex Bennée - Yes 31a0a6754bSAlex Bennée - Yes 32a0a6754bSAlex Bennée - Embedded RISC chip developed by AXIS 33a0a6754bSAlex Bennée * - Hexagon 34a0a6754bSAlex Bennée - No 35a0a6754bSAlex Bennée - Yes 36a0a6754bSAlex Bennée - Family of DSPs by Qualcomm 37a0a6754bSAlex Bennée * - PA-RISC (hppa) 38a0a6754bSAlex Bennée - Yes 39a0a6754bSAlex Bennée - Yes 40a0a6754bSAlex Bennée - A legacy RISC system used in HP's old minicomputers 41a0a6754bSAlex Bennée * - x86 (i386, x86_64) 42a0a6754bSAlex Bennée - :ref:`Yes<QEMU-PC-System-emulator>` 43a0a6754bSAlex Bennée - Yes 44a0a6754bSAlex Bennée - The ubiquitous desktop PC CPU architecture, 32 and 64 bit. 45a0a6754bSAlex Bennée * - Loongarch 46a0a6754bSAlex Bennée - Yes 47a0a6754bSAlex Bennée - Yes 48a0a6754bSAlex Bennée - A MIPS-like 64bit RISC architecture developed in China 49a0a6754bSAlex Bennée * - m68k 50a0a6754bSAlex Bennée - :ref:`Yes<ColdFire-System-emulator>` 51a0a6754bSAlex Bennée - Yes 52a0a6754bSAlex Bennée - Motorola 68000 variants and ColdFire 53a0a6754bSAlex Bennée * - Microblaze 54a0a6754bSAlex Bennée - Yes 55a0a6754bSAlex Bennée - Yes 56a0a6754bSAlex Bennée - RISC based soft-core by Xilinx 57a0a6754bSAlex Bennée * - MIPS (mips*) 58a0a6754bSAlex Bennée - :ref:`Yes<MIPS-System-emulator>` 59a0a6754bSAlex Bennée - Yes 60a0a6754bSAlex Bennée - Venerable RISC architecture originally out of Stanford University 61a0a6754bSAlex Bennée * - Nios2 62a0a6754bSAlex Bennée - Yes 63a0a6754bSAlex Bennée - Yes 64a0a6754bSAlex Bennée - 32 bit embedded soft-core by Altera 65a0a6754bSAlex Bennée * - OpenRISC 66a0a6754bSAlex Bennée - :ref:`Yes<OpenRISC-System-emulator>` 67a0a6754bSAlex Bennée - Yes 68a0a6754bSAlex Bennée - Open source RISC architecture developed by the OpenRISC community 69a0a6754bSAlex Bennée * - Power (ppc, ppc64) 70a0a6754bSAlex Bennée - :ref:`Yes<PowerPC-System-emulator>` 71a0a6754bSAlex Bennée - Yes 72a0a6754bSAlex Bennée - A general purpose RISC architecture now managed by IBM 73a0a6754bSAlex Bennée * - RISC-V 74a0a6754bSAlex Bennée - :ref:`Yes<RISC-V-System-emulator>` 75a0a6754bSAlex Bennée - Yes 76a0a6754bSAlex Bennée - An open standard RISC ISA maintained by RISC-V International 77a0a6754bSAlex Bennée * - RX 78a0a6754bSAlex Bennée - :ref:`Yes<RX-System-emulator>` 79a0a6754bSAlex Bennée - No 80a0a6754bSAlex Bennée - A 32 bit micro controller developed by Renesas 81a0a6754bSAlex Bennée * - s390x 82a0a6754bSAlex Bennée - :ref:`Yes<s390x-System-emulator>` 83a0a6754bSAlex Bennée - Yes 84a0a6754bSAlex Bennée - A 64 bit CPU found in IBM's System Z mainframes 85a0a6754bSAlex Bennée * - sh4 86a0a6754bSAlex Bennée - Yes 87a0a6754bSAlex Bennée - Yes 88a0a6754bSAlex Bennée - A 32 bit RISC embedded CPU developed by Hitachi 89a0a6754bSAlex Bennée * - SPARC (sparc, sparc64) 90a0a6754bSAlex Bennée - :ref:`Yes<Sparc32-System-emulator>` 91a0a6754bSAlex Bennée - Yes 92a0a6754bSAlex Bennée - A RISC ISA originally developed by Sun Microsystems 93a0a6754bSAlex Bennée * - Tricore 94a0a6754bSAlex Bennée - Yes 95a0a6754bSAlex Bennée - No 96a0a6754bSAlex Bennée - A 32 bit RISC/uController/DSP developed by Infineon 97a0a6754bSAlex Bennée * - Xtensa 98a0a6754bSAlex Bennée - :ref:`Yes<Xtensa-System-emulator>` 99a0a6754bSAlex Bennée - Yes 100a0a6754bSAlex Bennée - A configurable 32 bit soft core now owned by Cadence 101a0a6754bSAlex Bennée 102a0a6754bSAlex BennéeA number of features are are only available when running under 103a0a6754bSAlex Bennéeemulation including :ref:`Record/Replay<replay>` and :ref:`TCG Plugins`. 104*2da9d213SAlex Bennée 105*2da9d213SAlex Bennée.. _Semihosting: 106*2da9d213SAlex Bennée 107*2da9d213SAlex BennéeSemihosting 108*2da9d213SAlex Bennée----------- 109*2da9d213SAlex Bennée 110*2da9d213SAlex BennéeSemihosting is a feature defined by the owner of the architecture to 111*2da9d213SAlex Bennéeallow programs to interact with a debugging host system. On real 112*2da9d213SAlex Bennéehardware this is usually provided by an In-circuit emulator (ICE) 113*2da9d213SAlex Bennéehooked directly to the board. QEMU's implementation allows for 114*2da9d213SAlex Bennéesemihosting calls to be passed to the host system or via the 115*2da9d213SAlex Bennée``gdbstub``. 116*2da9d213SAlex Bennée 117*2da9d213SAlex BennéeGenerally semihosting makes it easier to bring up low level code before a 118*2da9d213SAlex Bennéemore fully functional operating system has been enabled. On QEMU it 119*2da9d213SAlex Bennéealso allows for embedded micro-controller code which typically doesn't 120*2da9d213SAlex Bennéehave a full libc to be run as "bare-metal" code under QEMU's user-mode 121*2da9d213SAlex Bennéeemulation. It is also useful for writing test cases and indeed a 122*2da9d213SAlex Bennéenumber of compiler suites as well as QEMU itself use semihosting calls 123*2da9d213SAlex Bennéeto exit test code while reporting the success state. 124*2da9d213SAlex Bennée 125*2da9d213SAlex BennéeSemihosting is only available using TCG emulation. This is because the 126*2da9d213SAlex Bennéeinstructions to trigger a semihosting call are typically reserved 127*2da9d213SAlex Bennéecausing most hypervisors to trap and fault on them. 128*2da9d213SAlex Bennée 129*2da9d213SAlex Bennée.. warning:: 130*2da9d213SAlex Bennée Semihosting inherently bypasses any isolation there may be between 131*2da9d213SAlex Bennée the guest and the host. As a result a program using semihosting can 132*2da9d213SAlex Bennée happily trash your host system. You should only ever run trusted 133*2da9d213SAlex Bennée code with semihosting enabled. 134*2da9d213SAlex Bennée 135*2da9d213SAlex BennéeRedirection 136*2da9d213SAlex Bennée~~~~~~~~~~~ 137*2da9d213SAlex Bennée 138*2da9d213SAlex BennéeSemihosting calls can be re-directed to a (potentially remote) gdb 139*2da9d213SAlex Bennéeduring debugging via the :ref:`gdbstub<GDB usage>`. Output to the 140*2da9d213SAlex Bennéesemihosting console is configured as a ``chardev`` so can be 141*2da9d213SAlex Bennéeredirected to a file, pipe or socket like any other ``chardev`` 142*2da9d213SAlex Bennéedevice. 143*2da9d213SAlex Bennée 144*2da9d213SAlex BennéeSupported Targets 145*2da9d213SAlex Bennée~~~~~~~~~~~~~~~~~ 146*2da9d213SAlex Bennée 147*2da9d213SAlex BennéeMost targets offer similar semihosting implementations with some 148*2da9d213SAlex Bennéeminor changes to define the appropriate instruction to encode the 149*2da9d213SAlex Bennéesemihosting call and which registers hold the parameters. They tend to 150*2da9d213SAlex Bennéepresents a simple POSIX-like API which allows your program to read and 151*2da9d213SAlex Bennéewrite files, access the console and some other basic interactions. 152*2da9d213SAlex Bennée 153*2da9d213SAlex BennéeFor full details of the ABI for a particular target, and the set of 154*2da9d213SAlex Bennéecalls it provides, you should consult the semihosting specification 155*2da9d213SAlex Bennéefor that architecture. 156*2da9d213SAlex Bennée 157*2da9d213SAlex Bennée.. note:: 158*2da9d213SAlex Bennée QEMU makes an implementation decision to implement all file 159*2da9d213SAlex Bennée access in ``O_BINARY`` mode. The user-visible effect of this is 160*2da9d213SAlex Bennée regardless of the text/binary mode the program sets QEMU will 161*2da9d213SAlex Bennée always select a binary mode ensuring no line-terminator conversion 162*2da9d213SAlex Bennée is performed on input or output. This is because gdb semihosting 163*2da9d213SAlex Bennée support doesn't make the distinction between the modes and 164*2da9d213SAlex Bennée magically processing line endings can be confusing. 165*2da9d213SAlex Bennée 166*2da9d213SAlex Bennée.. list-table:: Guest Architectures supporting Semihosting 167*2da9d213SAlex Bennée :widths: 10 10 80 168*2da9d213SAlex Bennée :header-rows: 1 169*2da9d213SAlex Bennée 170*2da9d213SAlex Bennée * - Architecture 171*2da9d213SAlex Bennée - Modes 172*2da9d213SAlex Bennée - Specification 173*2da9d213SAlex Bennée * - Arm 174*2da9d213SAlex Bennée - System and User-mode 175*2da9d213SAlex Bennée - https://github.com/ARM-software/abi-aa/blob/main/semihosting/semihosting.rst 176*2da9d213SAlex Bennée * - m68k 177*2da9d213SAlex Bennée - System 178*2da9d213SAlex Bennée - https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=libgloss/m68k/m68k-semi.txt;hb=HEAD 179*2da9d213SAlex Bennée * - MIPS 180*2da9d213SAlex Bennée - System 181*2da9d213SAlex Bennée - Unified Hosting Interface (MD01069) 182*2da9d213SAlex Bennée * - Nios II 183*2da9d213SAlex Bennée - System 184*2da9d213SAlex Bennée - https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;a=blob;f=libgloss/nios2/nios2-semi.txt;hb=HEAD 185*2da9d213SAlex Bennée * - RISC-V 186*2da9d213SAlex Bennée - System and User-mode 187*2da9d213SAlex Bennée - https://github.com/riscv/riscv-semihosting-spec/blob/main/riscv-semihosting-spec.adoc 188*2da9d213SAlex Bennée * - Xtensa 189*2da9d213SAlex Bennée - System 190*2da9d213SAlex Bennée - Tensilica ISS SIMCALL 191