How to model a CPU using qemu?

About

Asked 3/7, 2013 at 13:54 Answered 12/6, 2020 at 16:44

I need to add some hardware to a multicoe x86-64 processor and test it using simulation, so I was thinking of using QEMU. But I want to know the general idea of modeling a CPU in qemu. Any good document on this will be great. If it is too difficult to do, I might think about using just the PIN tool for simplistic simulation.

Also, is it possible to model unconventional hardware with QEMU, like some shared registers between different cores of a processor? And does the current implemented models properly simulate things like cache accesses? Does the qemu simulator measure the elapsed time precisely for simulation?

Issie answered 3/7, 2013 at 13:54 Comment(2)

This post has a good answer, #14126024 – Issie 3/7, 2013 at 13:55

https://mcmap.net/q/402178/-how-to-create-a-qemu-arm-machine-with-custom-peripherals-and-memory-maps – Hydrograph 21/5, 2017 at 11:54

There are a number of questions here. When you say "add some hardware" what do you mean? A co-processor or some additional peripheral?

QEMU is a general purpose translator and has front-ends that translate a variety of architectures into it's common TCG op format which can then generate code for a variety of host architecture. It is designed to be fast and semantically accurate (i.e. instructions should behave as they do on real hardware). However it is not designed to simulate micro-architectures so things like cache modelling are outside of it's scope. While -icount mode provides for deterministic time during translation it is in no way related to the time a real processor would take to execute an instruction.

If you want to model and experiment with small kernels of functionality then perhaps PIN is a better tool for the job.

Infernal answered 12/6, 2020 at 16:44 Comment(3)

Sorry, I'm intrigued. If I may go down a rabbit hole, how does QEMU deal with instructions that influence the cache? I know that PowerPC had instructions to drop hints to the cache about what would be good to load up next. I presume that one option for QEMU is to simply ignore such opcodes, and whatever is running on the emulation is none the wiser. Thanks very much! – Capitulary 12/6, 2020 at 18:59

As we don't model the cache they are often nops. Often the instructions have other effects such as flushing cached address translations in which case we will flush the softmmu cache (don't confuse it with the guest mmu - it's a QEMU internal concept). – Infernal 18/6, 2020 at 14:29

Ah, that's great, thanks very much :-) Am I right in thinking you're part of the QEMU project? Thank you for your efforts there too :-) – Capitulary 18/6, 2020 at 19:11

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags