QEMU: Architecture and Internals Lecture for the Embedded Systems Course CSD, University of Crete (April 18, 2016)

Similar documents
Virtual Machines and Dynamic Translation: Implementing ISAs in Software

Virtualization. Pradipta De

Advanced Computer Architecture

The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014)

CSE 237B Fall 2009 Virtualization, Security and RTOS. Rajesh Gupta Computer Science and Engineering University of California, San Diego.

Debugging Linux systems using GDB and QEMU. Khem Raj

Mechanisms and constructs for System Virtualization

System Virtual Machines

CS252 Spring 2017 Graduate Computer Architecture. Lecture 18: Virtual Machines

Lecture 2: The Art of Emulation

CS 252 Graduate Computer Architecture. Lecture 15: Virtual Machines

Raspberry Pi Network Boot

CS 152 Computer Architecture and Engineering. Lecture 22: Virtual Machines

Table of Contents. 2.7 Self-modifying code and translated code invalidation test-i linux-test... 9

System Virtual Machines

Lecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems

MV 4412 Android 4.0 Compilation

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

First QEMU Users Forum

MV V310 Android 4.0 Compilation

CS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II

I/O and virtualization

CS 550 Operating Systems Spring Introduction to Virtual Machines

CS5460: Operating Systems. Lecture: Virtualization. Anton Burtsev March, 2013

LIA. Large Installation Administration. Virtualization

To EL2, and Beyond! connect.linaro.org. Optimizing the Design and Implementation of KVM/ARM

Operating Systems 4/27/2015

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Porting Linux to a New Architecture

Porting Linux to a New Architecture

24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.

Virtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels

KVM/ARM. Linux Symposium Christoffer Dall and Jason Nieh


Darek Mihocka, Emulators.com Stanislav Shwartsman, Intel Corp. June

Lecture 5. KVM for ARM. Christoffer Dall and Jason Nieh. 5 November, Operating Systems Practical. OSP Lecture 5, KVM for ARM 1/42

SPPEXA TEACHLET: GETTING STARTED WITH L4RE CARSTEN WEINHOLD

Emulation. Michael Jantz

ECEN 449: Microprocessor System Design Department of Electrical and Computer Engineering Texas A&M University

CSCI 8530 Advanced Operating Systems. Part 19 Virtualization

ECE 598 Advanced Operating Systems Lecture 4

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

Embedded Systems Programming

Xen on ARM ARMv7 with virtualization extensions

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized

Computer System: An Overview

Nested Virtualization and Server Consolidation

Rethinking Machine Types

C 1. Last time. CSE 490/590 Computer Architecture. Virtual Machines I. Types of Virtual Machine (VM) Outline. User Virtual Machine = ISA + Environment

OS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.

1 Virtualization Recap

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

Virtualization. Adam Belay

What is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks

Chapter 5 C. Virtual machines

CSCE 410/611: Virtualization!

Virtualization Overview NSRC

CSE Memory Hierarchy Design Ch. 5 (Hennessy and Patterson)

Kernel hacking su Android. Better Embedded Andrea Righi

Virtual Memory. Lecture for CPSC 5155 Edward Bosworth, Ph.D. Computer Science Department Columbus State University

For our next chapter, we will discuss the emulation process which is an integral part of virtual machines.

Background. IBM sold expensive mainframes to large organizations. Monitor sits between one or more OSes and HW

Module 1: Virtualization. Types of Interfaces

Processors, Performance, and Profiling

A Survey on Virtualization Technologies

High-Level Language VMs

Virtualization and memory hierarchy

CHAPTER 16 - VIRTUAL MACHINES

Configuring and Building Palacios/Linux

Microkernels and Portability. What is Portability wrt Operating Systems? Reuse of code for different platforms and processor architectures.

Dynamic Translator-Based Virtualization

MV V210 Android 4.0 Compilation

Chapter 8: Memory- Management Strategies. Operating System Concepts 9 th Edition

CSE 120 Principles of Operating Systems

KVM/ARM. Marc Zyngier LPC 12

Address spaces and memory management

Virtual memory - Paging

The process. one problem

Unit 2 : Computer and Operating System Structure

Computer Organization & Assembly Language Programming (CSE 2312)

Intel Graphics Virtualization on KVM. Aug KVM Forum 2011 Rev. 3

ARMv8-A Software Development

Native Simulation of Complex VLIW Instruction Sets Using Static Binary Translation and Hardware-Assisted Virtualization

Virtualization. Virtualization

File Systems. File system interface (logical view) File system implementation (physical view)

CSCE 410/611: Virtualization

ECE331: Hardware Organization and Design

Chapter 8: Main Memory

Multiple Choice Type Questions

Introduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras

Advanced Operating Systems (CS 202) Virtualization

ECE 598 Advanced Operating Systems Lecture 11

Assembly Language. Lecture 2 - x86 Processor Architecture. Ahmed Sallam

Chapter 8: Memory-Management Strategies

Input/Output. Today. Next. Principles of I/O hardware & software I/O software layers Disks. Protection & Security

ECE 331 Hardware Organization and Design. UMass ECE Discussion 11 4/12/2018

Overview of System Virtualization: The most powerful platform for program analysis and system security. Zhiqiang Lin

Fast access ===> use map to find object. HW == SW ===> map is in HW or SW or combo. Extend range ===> longer, hierarchical names


Transcription:

QEMU: Architecture and Internals Lecture for the Embedded Systems Course CSD, University of Crete (April 18, 2016) ManolisMarazakis (maraz@ics.forth.gr) Institute of Computer Science (ICS) Foundation for Research and Technology Hellas (FORTH)

System VMs (The OS implements VMs) VM := ISA + Environment (esp. I/O) VM specifications: State available at process creation ISA Systems calls available (for I/O) ABI: specification of the binary format used to encode programs At process creation, the OS reads the binary program, and creates an environment for it then begins to execute the code handling traps for I/O and emulation sensitive instructions Hypervisor (VMM): implements sharing of real H/W resources by multiple OS VMs 2

Emulation Interpreter fetches and decodes one instruction at a time 3

Static Binary Translation Translate entire binary program -> create new native ISA executable Compiler optimizations on translated code Register allocation, instruction scheduling, remove unreachable code, inline assembly Complications: branch/jump targets PC mapping table 4

Dynamic Binary Translation Translate code sequences at run-time, and cache results Optimization based on dynamic info. (e.g. branch targets) Tradeoff between optimizer run-time and time saved by optimizations in translated code 5

Quick EMUlator(QEMU) Machine emulator + Virtualizer Modes: User-mode emulation: allows a (Linux) process built for one CPU to be executed on another QEMU as a Process VM System-mode emulation: allows emulation of a full system, including processor and assorted peripherals QEMU as a System VM Popular uses: For cross-compilation development environments Virtualization, esp. device emulation, for xenand kvm Android Emulator (part of SDK) 6

Dynamic Binary Translation Dynamic Translation First Interpret perform code discovery as a byproduct Translate Code Incrementally, as it is discovered Place translated blocks into Code Cache Save source to target PC mapping in an Address Lookup Table Emulation process Execute translated block to end Lookup next source PC in table If translated, jump to target PC Else interpret and translate 7

Dynamic Binary Translation (1/2) Works like a JIT compiler, but doesn't include an interpreter All guest code undergoes binary translation Guest code is split into "translation blocks A translation block is similar to a basic block in that the block is always executed as a whole (ie. no jumps in the middle of a block). Translation blocks are translated into a single sequence of host instructions and cached into a translation cache. Cached blocks are indexed using their guest virtual address (ie. PC count), so they can be found easily. Translation cache size can vary (32 MB by default) Once the cache runs out of space, the whole cache is purged 8

Dynamic Binary Translation (2/2) Source Instruction Stream (binary) Micro-operations (C code) Object file (binary) Functional simulation Simulate what a processor does, not how it does it Dynamic binary translation Interpreters execute instructions one at a time Significant slowdown from constant overhead Instead, QEMU converts code as needed: translate basic blocks generate native host code store translated blocks in translation cache Tiny Code Generator (TCG) Micro-operations (Fixed) Register mapping to reduce load/store instr s Translation blocks A TCG "basic block" corresponds to a list of instructions terminated by a branch instruction Block chaining dyngen Target Instruction Stream (binary) 9

Dynamic translation + cache cpu_exec() called in each step of main loop Program executes until an unchained block is encountered Returns to cpuexec() through epilogue 10

Block Chaining (1/5) Normally, the execution of every translation block is surrounded by the execution of special code blocks The prologueinitializes the processor for generated host code execution and jumps to the code block The epiloguerestores normal state and returns to the main loop. Returning to the main loop after each block adds significant overhead, which adds up quickly When a block returns to the main loop and the next block is known and already translatedqemu can patch the original block to jump directly into the next block instead of jumping to the epilogue. 11

Block chaining (2/5) Jump directly between basic blocks: Make space for a jump, follow by a return to the epilogue. Every time a block returns, try to chain it 12

Block Chaining (3/5) When this is done on several consecutive blocks, the blocks will form chainsand loops. This allows QEMU to emulate tight loops without running any extra code in between. In the case of a loop, this also means that the control will not return to QEMU unless an untranslated or otherwise unchainable block is executed. Asynchronous interrupts: QEMU does not check at every basic block if an hardware interrupt is pending. Instead, the user must asynchronously call a specific function to tell that an interrupt is pending. This function resets the chaining of the currently executing basic block return of control to main loop of CPU emulator 13

Block chaining (4/5) [1] [5] [2] [3] [4] 14

Block chaining (5/5) Interrupt by unchaining (from another thread) 15

Register mapping (1/2) Easier if Numberof target registers > numberof source registers. (e.g. translating x86 binary to RISC) May be on a per-block, or per-trace, or per-loop, basis If the numberof target registers is not enough Infrequently used registers (Source) may not be mapped 16

Register mapping (2/2) How to handle the Program Counter? TPC(Target PC) is different from SPC(Source PC) For indirect branches, the registers hold source PCs must provide a way to map SPCs to TPCs! The translation system needs to track SPC at all times 17

Other (major) QEMU components Memory address translation Software-controlled MMU (model) to translate target virtual addresses to host virtual addresses Two-level guest physical page descriptor table Mapping between Guest virtual address and host virtual addresses Address translation cache (tlb_table) that does direct translation from target virtual address to host virtual address Mapping between Guest virtual address and registered I/O functions for that device Cache used for memory mapped I/O accesses (iotlb) Device emulation i440fx hostpci bridge, Cirrus CLGD 5446 PCI VGA card, PS/2mouse&keyboard, PCI IDE interfaces (HDD, CDROM), PCI & ISAnetwork adapters, Serialports, PCI UHCIUSB controller& virtualusb hub, 18

SoftMMU The MMU virtual-to-physical address translation is done at every memory access Address translation cache to speed up the translation. In order to avoid flushing the cache of translated code each time the MMU mappings change, QEMU uses a physically indexed translation cache. Each basic block is indexed with its physical address. When MMU mappings change, only the chaining of the basic blocks is reset (i.e. a basic block can no longer jump directly to another one). 19

QEMU Overview QEMU Devices I/O Ports Main Loop: Inject exceptions Run guest (*) Process exit Process I/O Display RAM (*) : binary translation Disk CPU DMA initrd kernel File I/O Linux (host) Storage Network Peripheral(s) 20

QEMU Storage Stack [ source: Stefan Hajnoczi, - IBM Linux Technology Center, 2011] 21

QEMU I/O Control Flow 22

QEMU user-mode emulation example arm-none-linux-gnueabi-gcc-o hello hello.c file./hello./hello: ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.16, not stripped qemu-arm -L Sourcery_CodeBench_Lite_for_ARM_GNU_Linux/arm-nonelinux-gnueabi/libc./hello 23

QEMU system emulation example (1/2) qemu-system-arm -M versatilepb-smp1 -m 128 -nographic-serial stdio -kernel../u-boot-2014.01/u-boot.bin -no-reboot -append "console=ttyama0 root=/dev/ram panic=5 user_debug=31" 24

Creation of root filesystem image (BusyBox) make ARCH=arm CROSS_COMPILE=arm-xilinx-linux-gnueabidefconfig make ARCH=arm CROSS_COMPILE=arm-xilinx-linux-gnueabimenuconfig (build options -> static) make ARCH=arm CROSS_COMPILE=arm-xilinx-linux-gnueabiinstall Creation of compressed root filesystem image: cd _install find. cpio-o --format=news >../rootfs.img cd.. gzip-c rootfs.img> rootfs.img.gz 25

QEMU system emulation example (2/2) make ARCH=arm CROSS_COMPILE=arm-none-eabi- versatile_defconfig make ARCH=arm CROSS_COMPILE=arm-none-eabi- menuconfig --> set: ARM EABI, enable: ramdiskdefault size=16mb, enable ext4 make ARCH=arm CROSS_COMPILE=arm-none-eabi- uimage file linux-3.13.2/arch/arm/boot/uimage linux-3.13.2/arch/arm/boot/uimage: u-boot legacy uimage, Linux-3.13.2, Linux/ARM, OS Kernel Image (Not compressed), 2072832 bytes, Thu Feb 13 16:36:27 2014, Load Address: 0x00008000, Entry Point: 0x00008000, Header CRC: 0x481719E8, Data CRC: 0x5792BBD1 qemu-system-arm -kernel linux-3.13.2/arch/arm/boot/uimage -initrd bbrootfs.img.gz -m 128 -M versatilepb -no-reboot -append "console=ttyama0 root=/dev/ram panic=5 rootfstype=ext4 rw" -nographic 26

Sources FabriceBellard, QEMU: AFast and Portable Dynamic Translator, USENIX Freenix2005, http://www.usenix.org/event/usenix05/tech/freenix/full_ papers/bellard/bellard.pdf Chad D. Kersey, QEMU internals, http://lugatgt.org/content/qemu_internals/downloads/sli des.pdf M. Tim Jones, System emulation with QEMU, http://www.ibm.com/developerworks/linux/library/lqemu/ 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback