没有合适的资源?快使用搜索试试~ 我知道了~
Qemu Detailed Study
5星 · 超过95%的资源 需积分: 50 88 下载量 139 浏览量
2013-05-02
17:47:28
上传
评论 3
收藏 120KB PDF 举报
温馨提示
试读
19页
Qemu Detailed Study 第七章的文档,对qemu做了详尽的讲价,是个很好的文档
资源推荐
资源详情
资源评论
Chapter-7
Qemu Detailed Study
As discussed in chapter 6 QEMU is a machine emulator and thus can
emulate a given number of processor architectures on machine in which it is
running. For QEMU the emulated architectures is called the Target. And the real
machine on which QEMU is running, emulating the target, is called the Host. The
dynamic translation of virtual machine (target ) code to Host code is done by a
module in QEMU called the Tiny Code Generator or TCG for short. When it
comes to TCG the term ‘target’ gets a different meaning. TCG creates the code to
emulate the target thus the code created by TCG is called its target .Thus when it
comes to TCG target means the generated Host code. Figure 7.1 clarifies this
varied terminology.
Figure 7.1: Use of term ‘Target’
TARGET
HOST
QEMU
GUEST
CODE
HOST CODE
(TCG target)
TCG
Qemu Detailed Study 29
Thus one may call the code (OS + USER TOOLS) being run by the
emulated processor the guest code. QEMU functions by extracting the Guest
code and converting it to Host specific code. The whole translation task thus
consists of two parts: First a block of target code - Translation Block (TB) is
converted into TCG ops - a kind of machine-independent intermediate notation,
and subsequently the TCG ops for the TB is converted to Host code for the host's
architecture by TCG. Optional optimization passes are performed between them.
7.1 Codebase
A clear understanding of the QEMU codebase is required to add new
functionality that will extend the machine emulator to migrate its generated code
to execute in remote nodes. The QEMU codebase has over 1300 files which are
well organized into specific sections. Even though the code is well organized it is
complex enough to leave any new developer perplexed. This section will throw
light on the organization of QEMU codebase.
In this section the shallowest directory depth in the codebase will be represented
by a ‘/’ , and consecutive directory depths will follow the usual Unix file path
notations.
Start of Execution:
The major C files in the / that are important for the study are ; /vl.c,/cpus.c, /exec-
all.c, /exec.c, /cpu-exec.c. The ‘main’ function where the execution starts is
defined in /vl.c. The functions in this file sets up a virtual machine environment
as per the given virtual machine specification such as size of ram, available
30 Qemu Detailed Study
devices, number of CPUs etc. From the main function, after the virtual machine
is set up, execution branches out through files such as /cpus.c, /exec-all.c, /exec.c,
/cpu-exec.c.
Emulated Hardware:
The code that emulates all virtual hardware in the virtual machine can be found in
/hw/. QEMU emulates a considerable number of hardware but detailed
understanding of how the hardware are emulated is not necessary in this study.
Guest (Target) Specific:
The processor architectures currently emulated in QEMU are; Alpha, ARM, Cris,
i386, M68K, PPC, Sparc, Mips, MicroBlaze, S390X and SH4. The code specific
to these architectures necessary to convert TBs to TCG ops are available in
/target-xyz/ where xyz can any of the above given architecture names. Therefore
the code specific to i386 can be found in /target-i386/. This part can be called as
the frontend of TCG.
Host (TCG) Specific:
The host specific code for generating the host code from the TCG ops are placed
in /tcg/ . Inside TCG one can find /xyz/ where xyz can be i386 ,sparc etc which
contain the code that converts TCG ops to architecture specific code. This part
can be called as the backend of TCG.
Qemu Detailed Study 31
Summary:
/vl.c : The main emulator loop, the virtual
machine is setup and CPUs are executed.
/target-xyz/translate.c : The extracted guest code (guest specific
ISA) is converted into architecture
independent TCG ops
/tcg/tcg.c : The main code for TCG.
/tcg/*/tcg-target.c : Code that converts the TCG ops to host
code (host specific ISA).
/cpu-exec.c : Function cpu-exec() in /cpu-exec.c finds the
next translation block (TB), if not found
calls are made to generate the next TB and
finally to execute the generated code.
7.2 TCG - Dynamic translation
As mentioned earlier in this document dynamic translation in QEMU
before version 0.9.1 was carried out by DynGen. TBs were converted to C code
by DynGen and GCC (the GNU C compiler) converted the C code into host
specific code. The issue with the procedure was that DynGen was tightly tied to
剩余18页未读,继续阅读
资源评论
- sbeidao2015-10-30确实很好,不过这个书确实只有第七章
- laiwg12342016-04-06很好,不过qemu只有一章
- 99-1072018-03-28可以的,初步入门可看
IT山IT水
- 粉丝: 79
- 资源: 24
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功