aboutsummaryrefslogtreecommitdiff
path: root/docs/user/main.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/user/main.rst')
-rw-r--r--docs/user/main.rst295
1 files changed, 295 insertions, 0 deletions
diff --git a/docs/user/main.rst b/docs/user/main.rst
new file mode 100644
index 0000000000..ca69f7727d
--- /dev/null
+++ b/docs/user/main.rst
@@ -0,0 +1,295 @@
+QEMU User space emulator
+========================
+
+Supported Operating Systems
+---------------------------
+
+The following OS are supported in user space emulation:
+
+- Linux (referred as qemu-linux-user)
+
+- BSD (referred as qemu-bsd-user)
+
+Features
+--------
+
+QEMU user space emulation has the following notable features:
+
+**System call translation:**
+ QEMU includes a generic system call translator. This means that the
+ parameters of the system calls can be converted to fix endianness and
+ 32/64-bit mismatches between hosts and targets. IOCTLs can be
+ converted too.
+
+**POSIX signal handling:**
+ QEMU can redirect to the running program all signals coming from the
+ host (such as ``SIGALRM``), as well as synthesize signals from
+ virtual CPU exceptions (for example ``SIGFPE`` when the program
+ executes a division by zero).
+
+ QEMU relies on the host kernel to emulate most signal system calls,
+ for example to emulate the signal mask. On Linux, QEMU supports both
+ normal and real-time signals.
+
+**Threading:**
+ On Linux, QEMU can emulate the ``clone`` syscall and create a real
+ host thread (with a separate virtual CPU) for each emulated thread.
+ Note that not all targets currently emulate atomic operations
+ correctly. x86 and ARM use a global lock in order to preserve their
+ semantics.
+
+QEMU was conceived so that ultimately it can emulate itself. Although it
+is not very useful, it is an important test to show the power of the
+emulator.
+
+Linux User space emulator
+-------------------------
+
+Quick Start
+~~~~~~~~~~~
+
+In order to launch a Linux process, QEMU needs the process executable
+itself and all the target (x86) dynamic libraries used by it.
+
+- On x86, you can just try to launch any process by using the native
+ libraries::
+
+ qemu-i386 -L / /bin/ls
+
+ ``-L /`` tells that the x86 dynamic linker must be searched with a
+ ``/`` prefix.
+
+- Since QEMU is also a linux process, you can launch QEMU with QEMU
+ (NOTE: you can only do that if you compiled QEMU from the sources)::
+
+ qemu-i386 -L / qemu-i386 -L / /bin/ls
+
+- On non x86 CPUs, you need first to download at least an x86 glibc
+ (``qemu-runtime-i386-XXX-.tar.gz`` on the QEMU web page). Ensure that
+ ``LD_LIBRARY_PATH`` is not set::
+
+ unset LD_LIBRARY_PATH
+
+ Then you can launch the precompiled ``ls`` x86 executable::
+
+ qemu-i386 tests/i386/ls
+
+ You can look at ``scripts/qemu-binfmt-conf.sh`` so that QEMU is
+ automatically launched by the Linux kernel when you try to launch x86
+ executables. It requires the ``binfmt_misc`` module in the Linux
+ kernel.
+
+- The x86 version of QEMU is also included. You can try weird things
+ such as::
+
+ qemu-i386 /usr/local/qemu-i386/bin/qemu-i386 \
+ /usr/local/qemu-i386/bin/ls-i386
+
+Wine launch
+~~~~~~~~~~~
+
+- Ensure that you have a working QEMU with the x86 glibc distribution
+ (see previous section). In order to verify it, you must be able to
+ do::
+
+ qemu-i386 /usr/local/qemu-i386/bin/ls-i386
+
+- Download the binary x86 Wine install (``qemu-XXX-i386-wine.tar.gz``
+ on the QEMU web page).
+
+- Configure Wine on your account. Look at the provided script
+ ``/usr/local/qemu-i386/bin/wine-conf.sh``. Your previous
+ ``${HOME}/.wine`` directory is saved to ``${HOME}/.wine.org``.
+
+- Then you can try the example ``putty.exe``::
+
+ qemu-i386 /usr/local/qemu-i386/wine/bin/wine \
+ /usr/local/qemu-i386/wine/c/Program\ Files/putty.exe
+
+Command line options
+~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ qemu-i386 [-h] [-d] [-L path] [-s size] [-cpu model] [-g port] [-B offset] [-R size] program [arguments...]
+
+``-h``
+ Print the help
+
+``-L path``
+ Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386)
+
+``-s size``
+ Set the x86 stack size in bytes (default=524288)
+
+``-cpu model``
+ Select CPU model (-cpu help for list and additional feature
+ selection)
+
+``-E var=value``
+ Set environment var to value.
+
+``-U var``
+ Remove var from the environment.
+
+``-B offset``
+ Offset guest address by the specified number of bytes. This is useful
+ when the address region required by guest applications is reserved on
+ the host. This option is currently only supported on some hosts.
+
+``-R size``
+ Pre-allocate a guest virtual address space of the given size (in
+ bytes). \"G\", \"M\", and \"k\" suffixes may be used when specifying
+ the size.
+
+Debug options:
+
+``-d item1,...``
+ Activate logging of the specified items (use '-d help' for a list of
+ log items)
+
+``-p pagesize``
+ Act as if the host page size was 'pagesize' bytes
+
+``-g port``
+ Wait gdb connection to port
+
+``-singlestep``
+ Run the emulation in single step mode.
+
+Environment variables:
+
+QEMU_STRACE
+ Print system calls and arguments similar to the 'strace' program
+ (NOTE: the actual 'strace' program will not work because the user
+ space emulator hasn't implemented ptrace). At the moment this is
+ incomplete. All system calls that don't have a specific argument
+ format are printed with information for six arguments. Many
+ flag-style arguments don't have decoders and will show up as numbers.
+
+Other binaries
+~~~~~~~~~~~~~~
+
+user mode (Alpha)
+``qemu-alpha`` TODO.
+
+user mode (ARM)
+``qemu-armeb`` TODO.
+
+user mode (ARM)
+``qemu-arm`` is also capable of running ARM \"Angel\" semihosted ELF
+binaries (as implemented by the arm-elf and arm-eabi Newlib/GDB
+configurations), and arm-uclinux bFLT format binaries.
+
+user mode (ColdFire)
+user mode (M68K)
+``qemu-m68k`` is capable of running semihosted binaries using the BDM
+(m5xxx-ram-hosted.ld) or m68k-sim (sim.ld) syscall interfaces, and
+coldfire uClinux bFLT format binaries.
+
+The binary format is detected automatically.
+
+user mode (Cris)
+``qemu-cris`` TODO.
+
+user mode (i386)
+``qemu-i386`` TODO. ``qemu-x86_64`` TODO.
+
+user mode (Microblaze)
+``qemu-microblaze`` TODO.
+
+user mode (MIPS)
+``qemu-mips`` executes 32-bit big endian MIPS binaries (MIPS O32 ABI).
+
+``qemu-mipsel`` executes 32-bit little endian MIPS binaries (MIPS O32
+ABI).
+
+``qemu-mips64`` executes 64-bit big endian MIPS binaries (MIPS N64 ABI).
+
+``qemu-mips64el`` executes 64-bit little endian MIPS binaries (MIPS N64
+ABI).
+
+``qemu-mipsn32`` executes 32-bit big endian MIPS binaries (MIPS N32
+ABI).
+
+``qemu-mipsn32el`` executes 32-bit little endian MIPS binaries (MIPS N32
+ABI).
+
+user mode (NiosII)
+``qemu-nios2`` TODO.
+
+user mode (PowerPC)
+``qemu-ppc64abi32`` TODO. ``qemu-ppc64`` TODO. ``qemu-ppc`` TODO.
+
+user mode (SH4)
+``qemu-sh4eb`` TODO. ``qemu-sh4`` TODO.
+
+user mode (SPARC)
+``qemu-sparc`` can execute Sparc32 binaries (Sparc32 CPU, 32 bit ABI).
+
+``qemu-sparc32plus`` can execute Sparc32 and SPARC32PLUS binaries
+(Sparc64 CPU, 32 bit ABI).
+
+``qemu-sparc64`` can execute some Sparc64 (Sparc64 CPU, 64 bit ABI) and
+SPARC32PLUS binaries (Sparc64 CPU, 32 bit ABI).
+
+BSD User space emulator
+-----------------------
+
+BSD Status
+~~~~~~~~~~
+
+- target Sparc64 on Sparc64: Some trivial programs work.
+
+Quick Start
+~~~~~~~~~~~
+
+In order to launch a BSD process, QEMU needs the process executable
+itself and all the target dynamic libraries used by it.
+
+- On Sparc64, you can just try to launch any process by using the
+ native libraries::
+
+ qemu-sparc64 /bin/ls
+
+Command line options
+~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ qemu-sparc64 [-h] [-d] [-L path] [-s size] [-bsd type] program [arguments...]
+
+``-h``
+ Print the help
+
+``-L path``
+ Set the library root path (default=/)
+
+``-s size``
+ Set the stack size in bytes (default=524288)
+
+``-ignore-environment``
+ Start with an empty environment. Without this option, the initial
+ environment is a copy of the caller's environment.
+
+``-E var=value``
+ Set environment var to value.
+
+``-U var``
+ Remove var from the environment.
+
+``-bsd type``
+ Set the type of the emulated BSD Operating system. Valid values are
+ FreeBSD, NetBSD and OpenBSD (default).
+
+Debug options:
+
+``-d item1,...``
+ Activate logging of the specified items (use '-d help' for a list of
+ log items)
+
+``-p pagesize``
+ Act as if the host page size was 'pagesize' bytes
+
+``-singlestep``
+ Run the emulation in single step mode.