direct-io.hg

changeset 5034:805d6412f908

bitkeeper revision 1.1481 (428dbb983q1cvjneYqdtcPp89tOcqQ)

Remove docs and tests from qemu-ioemu: they mostly pertain to whole
platform (inc. cpu) emulation anyway. Move Makefile.target into the
target directory -- otherwise the build system sometimes gets confused
in a way that I do not understand.
Signed-off-by: Keir Fraser <keir@xensource.com>
author kaf24@firebug.cl.cam.ac.uk
date Fri May 20 10:27:36 2005 +0000 (2005-05-20)
parents 9463ebcafca0
children 5b1f038d3d65
files .rootkeys tools/ioemu/Makefile tools/ioemu/Makefile.target tools/ioemu/README.distrib tools/ioemu/configure tools/ioemu/qemu-doc.html tools/ioemu/qemu-doc.texi tools/ioemu/qemu-mkcow.1 tools/ioemu/qemu-tech.html tools/ioemu/qemu-tech.texi tools/ioemu/qemu.1 tools/ioemu/target-i386-dm/Makefile tools/ioemu/tests/Makefile tools/ioemu/tests/hello-arm.c tools/ioemu/tests/hello-i386.c tools/ioemu/tests/linux-test.c tools/ioemu/tests/pi_10.com tools/ioemu/tests/qruncom.c tools/ioemu/tests/runcom.c tools/ioemu/tests/sha1.c tools/ioemu/tests/test-i386-code16.S tools/ioemu/tests/test-i386-muldiv.h tools/ioemu/tests/test-i386-shift.h tools/ioemu/tests/test-i386-vm86.S tools/ioemu/tests/test-i386.c tools/ioemu/tests/test-i386.h tools/ioemu/tests/test_path.c tools/ioemu/tests/testthread.c tools/ioemu/texi2pod.pl
line diff
     1.1 --- a/.rootkeys	Fri May 20 01:47:06 2005 +0000
     1.2 +++ b/.rootkeys	Fri May 20 10:27:36 2005 +0000
     1.3 @@ -566,9 +566,7 @@ 428d0d82yOaUzYQuYQxH7VzQytKo-g tools/ioe
     1.4  428d0d82EdPp1TqJBembLgyB1y413w tools/ioemu/COPYING.LIB
     1.5  428d0d82fd6-QydvFfHmeQBGrKnrrA tools/ioemu/Changelog
     1.6  428d0d82xvTj4yzPYiurazyGj1PaEw tools/ioemu/Makefile
     1.7 -428d0d82dUmXkgIy11G-hoKTkhvkfQ tools/ioemu/Makefile.target
     1.8  428d0d82HvgRPoyU3f60_u_t1L28Ag tools/ioemu/README
     1.9 -428d0d820gXmfIVHub7p9VbT7bQcMw tools/ioemu/README.distrib
    1.10  428d0d82aoWewa_6Z5kNUTgkRw0wNg tools/ioemu/TODO
    1.11  428d0d82WYi8vrG7RKKyIJw01DAnGg tools/ioemu/VERSION
    1.12  428d0d82wB05ibBxTCSsAhz3qRO7Gg tools/ioemu/block-cloop.c
    1.13 @@ -680,36 +678,14 @@ 428d0d893gsF8AcCadeYXcKM-aqssA tools/ioe
    1.14  428d0d89GgbrVx4Ov3Zg-SFX_0BRdw tools/ioemu/pc-bios/vgabios-cirrus.bin
    1.15  428d0d89h9nqxPIgDpPMXZIWkdosNw tools/ioemu/pc-bios/vgabios.bin
    1.16  428d0d8908B65zMmhdGVME3jv7gpww tools/ioemu/qemu-binfmt-conf.sh
    1.17 -428d0d89eKfKJmNEURTxLUtIjclvDw tools/ioemu/qemu-doc.html
    1.18 -428d0d89jF9HlGboO7nLco-tqjLJqQ tools/ioemu/qemu-doc.texi
    1.19  428d0d89taY6NPlnIyOAMQd_Ww5qUw tools/ioemu/qemu-img.c
    1.20 -428d0d89uGqd5VkBf5j3HFIkQMxsNA tools/ioemu/qemu-mkcow.1
    1.21 -428d0d8941iGGM85zXzn4wSj6zgbQg tools/ioemu/qemu-tech.html
    1.22 -428d0d89IkHVfdVTilpTpxDvOCOiIw tools/ioemu/qemu-tech.texi
    1.23 -428d0d89ME4klwpFGjbiKXQrj2KF7A tools/ioemu/qemu.1
    1.24  428d0d89FY-g4UPH-ZW7t5ZCqvQVTQ tools/ioemu/readline.c
    1.25  428d0d89dLURbktZFufDKSHan01GFg tools/ioemu/sdl.c
    1.26 +428d0d82dUmXkgIy11G-hoKTkhvkfQ tools/ioemu/target-i386-dm/Makefile
    1.27  428d0d8atdIE_8ACJPPii5_asQNafw tools/ioemu/target-i386-dm/device-model
    1.28  428d0d8ahpRAYl6s_itBxnTcxyMHaQ tools/ioemu/target-i386-dm/helper2.c
    1.29  428d0d8aU3Moaq4zNW5QMV_NxD-4XA tools/ioemu/target-i386-dm/qemu-ifup
    1.30  428d0d8aqidj8n5H2_2qhBV0mIIJzA tools/ioemu/target-i386-dm/qemu-vgaram-bin.gz
    1.31 -428d0d8ahJ-jctJYDXyAMh91-ifrmg tools/ioemu/tests/Makefile
    1.32 -428d0d8ax12h3Jd3Vhw4nh-eG99-iQ tools/ioemu/tests/hello-arm.c
    1.33 -428d0d8acsBcsGQPd0qQllU-4c9fXw tools/ioemu/tests/hello-i386.c
    1.34 -428d0d8aSEf5Q4wB3iaEThUssfFH8w tools/ioemu/tests/linux-test.c
    1.35 -428d0d8a_orWq4Mg5EasDj2l6f4a0w tools/ioemu/tests/pi_10.com
    1.36 -428d0d8aBv9VBjblSU8iAaVojF4qqw tools/ioemu/tests/qruncom.c
    1.37 -428d0d8az-0qSZDA45Mt6y2SdsqF4w tools/ioemu/tests/runcom.c
    1.38 -428d0d8aSf3jnF_aFvwAemDeROZcKQ tools/ioemu/tests/sha1.c
    1.39 -428d0d8aBZGfRZ662SQIuXLdpmih0w tools/ioemu/tests/test-i386-code16.S
    1.40 -428d0d8a8DbLZWzSyVQ_wX1RGr9SVQ tools/ioemu/tests/test-i386-muldiv.h
    1.41 -428d0d8aaMQbnc_vqyQyOcUzyVrXyg tools/ioemu/tests/test-i386-shift.h
    1.42 -428d0d8aKYkFtFSCFHFUivErvx0iqg tools/ioemu/tests/test-i386-vm86.S
    1.43 -428d0d8aHx2CzT77VEsXouep7lZaYQ tools/ioemu/tests/test-i386.c
    1.44 -428d0d8aDSIoqxC4_zr2z8vxMKrmeA tools/ioemu/tests/test-i386.h
    1.45 -428d0d8ajPT5QfGuunOvjNibmURtqQ tools/ioemu/tests/test_path.c
    1.46 -428d0d8bPccWrah4Y_zICBNZ5exhDw tools/ioemu/tests/testthread.c
    1.47 -428d0d8b5F7EB4JnUbdTi_SZvF2wXg tools/ioemu/texi2pod.pl
    1.48  428d0d8bMq0ZpccpHb1iVvSNbJjRxg tools/ioemu/thunk.c
    1.49  428d0d8b2PYfwKLLShlnWcM3VWq9ag tools/ioemu/thunk.h
    1.50  428d0d8bfvbYQwj6MgDr958m4_SfRA tools/ioemu/vgafont.h
     2.1 --- a/tools/ioemu/Makefile	Fri May 20 01:47:06 2005 +0000
     2.2 +++ b/tools/ioemu/Makefile	Fri May 20 10:27:36 2005 +0000
     2.3 @@ -14,7 +14,7 @@ TOOLS=qemu-img
     2.4  ifdef CONFIG_STATIC
     2.5  LDFLAGS+=-static
     2.6  endif
     2.7 -DOCS=qemu-doc.html qemu-tech.html qemu.1
     2.8 +#DOCS=qemu-doc.html qemu-tech.html qemu.1
     2.9  
    2.10  all: $(DOCS) HEADERS
    2.11  	for d in $(TARGET_DIRS); do \
    2.12 @@ -31,7 +31,7 @@ clean:
    2.13  # avoid old build problems by removing potentially incorrect old files
    2.14  	rm -f config.mak config.h op-i386.h opc-i386.h gen-op-i386.h op-arm.h opc-arm.h gen-op-arm.h 
    2.15  	rm -f *.o *.a $(TOOLS) dyngen$(EXESUF) TAGS qemu.pod *~ */*~
    2.16 -	$(MAKE) -C tests clean
    2.17 +	#$(MAKE) -C tests clean
    2.18  	for d in $(TARGET_DIRS); do \
    2.19  	$(MAKE) -C $$d $@ || exit 1 ; \
    2.20          done
    2.21 @@ -58,11 +58,11 @@ endif
    2.22                         pc-bios/ppc_rom.bin \
    2.23                         pc-bios/proll.bin \
    2.24                         pc-bios/linux_boot.bin "$(DESTDIR)/$(datadir)"
    2.25 -	mkdir -p "$(DESTDIR)/$(docdir)"
    2.26 -	install -m 644 qemu-doc.html  qemu-tech.html "$(DESTDIR)/$(docdir)"
    2.27 +	#mkdir -p "$(DESTDIR)/$(docdir)"
    2.28 +	#install -m 644 qemu-doc.html  qemu-tech.html "$(DESTDIR)/$(docdir)"
    2.29  ifndef CONFIG_WIN32
    2.30 -	mkdir -p "$(DESTDIR)/$(mandir)/man1"
    2.31 -	install qemu.1 qemu-mkcow.1 "$(DESTDIR)/$(mandir)/man1"
    2.32 +	#mkdir -p "$(DESTDIR)/$(mandir)/man1"
    2.33 +	#install qemu.1 qemu-mkcow.1 "$(DESTDIR)/$(mandir)/man1"
    2.34  	mkdir -p "$(DESTDIR)/$(datadir)/keymaps"
    2.35  	install -m 644 $(addprefix keymaps/,$(KEYMAPS)) "$(DESTDIR)/$(datadir)/keymaps"
    2.36  endif
     3.1 --- a/tools/ioemu/Makefile.target	Fri May 20 01:47:06 2005 +0000
     3.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.3 @@ -1,392 +0,0 @@
     3.4 -include config.mak
     3.5 -
     3.6 -#assume we directly put qemu code in tools/, same level as bochs dm(ioemu)
     3.7 -XEN_PATH=../../..
     3.8 -TARGET_PATH=$(SRC_PATH)/target-$(TARGET_ARCH)
     3.9 -VPATH=$(SRC_PATH):$(TARGET_PATH):$(SRC_PATH)/hw:$(SRC_PATH)/audio
    3.10 -DEFINES=-I. -I$(TARGET_PATH) -I$(SRC_PATH) -I$(XEN_PATH)/xen/include/public
    3.11 -DEFINES+= -I$(XEN_PATH)/tools/libxc
    3.12 -ifdef CONFIG_USER_ONLY
    3.13 -VPATH+=:$(SRC_PATH)/linux-user
    3.14 -DEFINES+=-I$(SRC_PATH)/linux-user -I$(SRC_PATH)/linux-user/$(TARGET_ARCH)
    3.15 -endif
    3.16 -CFLAGS=-Wall -O2 -g -fno-strict-aliasing
    3.17 -LDFLAGS=-g
    3.18 -LIBS=
    3.19 -HELPER_CFLAGS=$(CFLAGS)
    3.20 -DYNGEN=../dyngen$(EXESUF)
    3.21 -# user emulator name
    3.22 -QEMU_USER=qemu-$(TARGET_ARCH)
    3.23 -# system emulator name
    3.24 -ifdef CONFIG_SOFTMMU
    3.25 -ifeq ($(TARGET_ARCH), i386)
    3.26 -QEMU_SYSTEM=qemu$(EXESUF)
    3.27 -else
    3.28 -QEMU_SYSTEM=qemu-system-$(TARGET_ARCH)$(EXESUF)
    3.29 -endif
    3.30 -else
    3.31 -QEMU_SYSTEM=qemu-fast
    3.32 -endif
    3.33 -
    3.34 -QEMU_SYSTEM=qemu-dm
    3.35 -PROGS=$(QEMU_SYSTEM)
    3.36 -
    3.37 -ifdef CONFIG_USER_ONLY
    3.38 -PROGS=$(QEMU_USER)
    3.39 -else
    3.40 -ifeq ($(TARGET_ARCH), i386)
    3.41 -
    3.42 -ifeq ($(ARCH), i386)
    3.43 -PROGS+=$(QEMU_SYSTEM)
    3.44 -ifndef CONFIG_SOFTMMU
    3.45 -CONFIG_STATIC=y
    3.46 -endif
    3.47 -else
    3.48 -# the system emulator using soft mmu is portable
    3.49 -ifdef CONFIG_SOFTMMU
    3.50 -PROGS+=$(QEMU_SYSTEM)
    3.51 -endif
    3.52 -endif # ARCH != i386
    3.53 -
    3.54 -endif # TARGET_ARCH = i386
    3.55 -
    3.56 -ifeq ($(TARGET_ARCH), ppc)
    3.57 -
    3.58 -ifeq ($(ARCH), ppc)
    3.59 -PROGS+=$(QEMU_SYSTEM)
    3.60 -endif
    3.61 -
    3.62 -ifeq ($(ARCH), i386)
    3.63 -ifdef CONFIG_SOFTMMU
    3.64 -PROGS+=$(QEMU_SYSTEM)
    3.65 -endif
    3.66 -endif # ARCH = i386
    3.67 -
    3.68 -ifeq ($(ARCH), amd64)
    3.69 -ifdef CONFIG_SOFTMMU
    3.70 -PROGS+=$(QEMU_SYSTEM)
    3.71 -endif
    3.72 -endif # ARCH = amd64
    3.73 -
    3.74 -endif # TARGET_ARCH = ppc
    3.75 -
    3.76 -ifeq ($(TARGET_ARCH), sparc)
    3.77 -
    3.78 -ifeq ($(ARCH), ppc)
    3.79 -PROGS+=$(QEMU_SYSTEM)
    3.80 -endif
    3.81 -
    3.82 -ifeq ($(ARCH), i386)
    3.83 -ifdef CONFIG_SOFTMMU
    3.84 -PROGS+=$(QEMU_SYSTEM)
    3.85 -endif
    3.86 -endif # ARCH = i386
    3.87 -
    3.88 -ifeq ($(ARCH), amd64)
    3.89 -ifdef CONFIG_SOFTMMU
    3.90 -PROGS+=$(QEMU_SYSTEM)
    3.91 -endif
    3.92 -endif # ARCH = amd64
    3.93 -
    3.94 -endif # TARGET_ARCH = sparc
    3.95 -endif # !CONFIG_USER_ONLY
    3.96 -
    3.97 -ifdef CONFIG_STATIC
    3.98 -LDFLAGS+=-static
    3.99 -endif
   3.100 -
   3.101 -ifeq ($(ARCH),i386)
   3.102 -CFLAGS+=-fomit-frame-pointer
   3.103 -OP_CFLAGS=$(CFLAGS) -mpreferred-stack-boundary=2
   3.104 -ifeq ($(HAVE_GCC3_OPTIONS),yes)
   3.105 -OP_CFLAGS+= -falign-functions=0 -fno-gcse
   3.106 -else
   3.107 -OP_CFLAGS+= -malign-functions=0
   3.108 -endif
   3.109 -
   3.110 -ifdef TARGET_GPROF
   3.111 -USE_I386_LD=y
   3.112 -endif
   3.113 -ifdef CONFIG_STATIC
   3.114 -USE_I386_LD=y
   3.115 -endif
   3.116 -ifdef USE_I386_LD
   3.117 -LDFLAGS+=-Wl,-T,$(SRC_PATH)/i386.ld
   3.118 -else
   3.119 -# WARNING: this LDFLAGS is _very_ tricky : qemu is an ELF shared object
   3.120 -# that the kernel ELF loader considers as an executable. I think this
   3.121 -# is the simplest way to make it self virtualizable!
   3.122 -LDFLAGS+=-Wl,-shared
   3.123 -endif
   3.124 -endif
   3.125 -
   3.126 -ifeq ($(ARCH),amd64)
   3.127 -OP_CFLAGS=$(CFLAGS) -falign-functions=0
   3.128 -LDFLAGS+=-Wl,-T,$(SRC_PATH)/amd64.ld
   3.129 -endif
   3.130 -
   3.131 -ifeq ($(ARCH),ppc)
   3.132 -CFLAGS+= -D__powerpc__
   3.133 -OP_CFLAGS=$(CFLAGS)
   3.134 -LDFLAGS+=-Wl,-T,$(SRC_PATH)/ppc.ld
   3.135 -endif
   3.136 -
   3.137 -ifeq ($(ARCH),s390)
   3.138 -OP_CFLAGS=$(CFLAGS)
   3.139 -LDFLAGS+=-Wl,-T,$(SRC_PATH)/s390.ld
   3.140 -endif
   3.141 -
   3.142 -ifeq ($(ARCH),sparc)
   3.143 -CFLAGS+=-m32 -ffixed-g1 -ffixed-g2 -ffixed-g3 -ffixed-g6
   3.144 -LDFLAGS+=-m32
   3.145 -OP_CFLAGS=$(CFLAGS) -fno-delayed-branch -ffixed-i0
   3.146 -HELPER_CFLAGS=$(CFLAGS) -ffixed-i0 -mflat
   3.147 -# -static is used to avoid g1/g3 usage by the dynamic linker
   3.148 -LDFLAGS+=-Wl,-T,$(SRC_PATH)/sparc.ld -static
   3.149 -endif
   3.150 -
   3.151 -ifeq ($(ARCH),sparc64)
   3.152 -CFLAGS+=-m64 -ffixed-g1 -ffixed-g2 -ffixed-g3 -ffixed-g6
   3.153 -LDFLAGS+=-m64
   3.154 -OP_CFLAGS=$(CFLAGS) -fno-delayed-branch -ffixed-i0
   3.155 -endif
   3.156 -
   3.157 -ifeq ($(ARCH),alpha)
   3.158 -# -msmall-data is not used because we want two-instruction relocations
   3.159 -# for the constant constructions
   3.160 -OP_CFLAGS=-Wall -O2 -g
   3.161 -# Ensure there's only a single GP
   3.162 -CFLAGS += -msmall-data
   3.163 -LDFLAGS+=-Wl,-T,$(SRC_PATH)/alpha.ld
   3.164 -endif
   3.165 -
   3.166 -ifeq ($(ARCH),ia64)
   3.167 -OP_CFLAGS=$(CFLAGS)
   3.168 -endif
   3.169 -
   3.170 -ifeq ($(ARCH),arm)
   3.171 -OP_CFLAGS=$(CFLAGS) -mno-sched-prolog
   3.172 -LDFLAGS+=-Wl,-T,$(SRC_PATH)/arm.ld
   3.173 -endif
   3.174 -
   3.175 -ifeq ($(ARCH),m68k)
   3.176 -OP_CFLAGS=$(CFLAGS) -fomit-frame-pointer
   3.177 -LDFLAGS+=-Wl,-T,m68k.ld
   3.178 -endif
   3.179 -
   3.180 -ifeq ($(HAVE_GCC3_OPTIONS),yes)
   3.181 -# very important to generate a return at the end of every operation
   3.182 -OP_CFLAGS+=-fno-reorder-blocks -fno-optimize-sibling-calls
   3.183 -endif
   3.184 -
   3.185 -ifeq ($(CONFIG_DARWIN),yes)
   3.186 -OP_CFLAGS+= -mdynamic-no-pic
   3.187 -endif
   3.188 -
   3.189 -#########################################################
   3.190 -
   3.191 -DEFINES+=-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
   3.192 -LIBS+=-lm -L$(XEN_PATH)/dist/install/usr/$(LIBDIR) -lxc -lxutil
   3.193 -ifndef CONFIG_USER_ONLY
   3.194 -LIBS+=-lz
   3.195 -endif
   3.196 -ifdef CONFIG_WIN32
   3.197 -LIBS+=-lwinmm -lws2_32 -liphlpapi
   3.198 -endif
   3.199 -
   3.200 -# profiling code
   3.201 -ifdef TARGET_GPROF
   3.202 -LDFLAGS+=-p
   3.203 -main.o: CFLAGS+=-p
   3.204 -endif
   3.205 -
   3.206 -OBJS= elfload.o main.o syscall.o mmap.o signal.o path.o osdep.o thunk.o 
   3.207 -ifeq ($(TARGET_ARCH), i386)
   3.208 -OBJS+= vm86.o
   3.209 -endif
   3.210 -ifeq ($(TARGET_ARCH), arm)
   3.211 -OBJS+=nwfpe/softfloat.o nwfpe/fpa11.o nwfpe/fpa11_cpdo.o \
   3.212 -nwfpe/fpa11_cpdt.o nwfpe/fpa11_cprt.o nwfpe/fpopcode.o nwfpe/single_cpdo.o \
   3.213 - nwfpe/double_cpdo.o nwfpe/extended_cpdo.o
   3.214 -endif
   3.215 -SRCS:= $(OBJS:.o=.c)
   3.216 -OBJS+= libqemu.a
   3.217 -
   3.218 -# cpu emulator library
   3.219 -LIBOBJS=
   3.220 -
   3.221 -ifeq ($(TARGET_ARCH), i386)
   3.222 -LIBOBJS+= helper2.o
   3.223 -ifeq ($(ARCH), i386)
   3.224 -LIBOBJS+=translate-copy.o
   3.225 -endif
   3.226 -endif
   3.227 -
   3.228 -ifeq ($(TARGET_ARCH), ppc)
   3.229 -LIBOBJS+= op_helper.o helper.o
   3.230 -endif
   3.231 -
   3.232 -ifeq ($(TARGET_ARCH), sparc)
   3.233 -LIBOBJS+= op_helper.o helper.o
   3.234 -endif
   3.235 -
   3.236 -all: $(PROGS)
   3.237 -
   3.238 -$(QEMU_USER): $(OBJS)
   3.239 -	$(CC) $(LDFLAGS) -o $@ $^  $(LIBS)
   3.240 -ifeq ($(ARCH),alpha)
   3.241 -# Mark as 32 bit binary, i. e. it will be mapped into the low 31 bit of
   3.242 -# the address space (31 bit so sign extending doesn't matter)
   3.243 -	echo -ne '\001\000\000\000' | dd of=qemu bs=1 seek=48 count=4 conv=notrunc
   3.244 -endif
   3.245 -
   3.246 -# must use static linking to avoid leaving stuff in virtual address space
   3.247 -VL_OBJS=vl.o exec.o monitor.o osdep.o block.o readline.o pci.o console.o 
   3.248 -#VL_OBJS+=block-cow.o block-qcow.o block-vmdk.o block-cloop.o
   3.249 -VL_OBJS+= block-cloop.o
   3.250 -
   3.251 -SOUND_HW = sb16.o
   3.252 -AUDIODRV = audio.o noaudio.o wavaudio.o
   3.253 -ifdef CONFIG_SDL
   3.254 -AUDIODRV += sdlaudio.o
   3.255 -endif
   3.256 -ifdef CONFIG_OSS
   3.257 -AUDIODRV += ossaudio.o
   3.258 -endif
   3.259 -
   3.260 -pc.o: DEFINES := -DUSE_SB16 $(DEFINES)
   3.261 -
   3.262 -ifdef CONFIG_ADLIB
   3.263 -SOUND_HW += fmopl.o adlib.o
   3.264 -endif
   3.265 -
   3.266 -ifdef CONFIG_FMOD
   3.267 -AUDIODRV += fmodaudio.o
   3.268 -audio.o fmodaudio.o: DEFINES := -I$(CONFIG_FMOD_INC) $(DEFINES)
   3.269 -LIBS += $(CONFIG_FMOD_LIB)
   3.270 -endif
   3.271 -
   3.272 -# Hardware support
   3.273 -VL_OBJS+= ide.o ne2000.o pckbd.o vga.o dma.o
   3.274 -VL_OBJS+= fdc.o mc146818rtc.o serial.o i8259.o i8254.o pc.o
   3.275 -
   3.276 -ifeq ($(TARGET_ARCH), ppc)
   3.277 -VL_OBJS+= ppc.o ide.o ne2000.o pckbd.o vga.o $(SOUND_HW) dma.o $(AUDIODRV)
   3.278 -VL_OBJS+= mc146818rtc.o serial.o i8259.o i8254.o fdc.o m48t59.o
   3.279 -VL_OBJS+= ppc_prep.o ppc_chrp.o cuda.o adb.o openpic.o mixeng.o
   3.280 -endif
   3.281 -ifeq ($(TARGET_ARCH), sparc)
   3.282 -VL_OBJS+= sun4m.o tcx.o lance.o iommu.o sched.o m48t08.o magic-load.o timer.o
   3.283 -endif
   3.284 -ifdef CONFIG_GDBSTUB
   3.285 -VL_OBJS+=gdbstub.o 
   3.286 -endif
   3.287 -ifdef CONFIG_VNC
   3.288 -VL_OBJS+=vnc.o
   3.289 -endif
   3.290 -ifdef CONFIG_SDL
   3.291 -VL_OBJS+=sdl.o
   3.292 -endif
   3.293 -ifdef CONFIG_SLIRP
   3.294 -DEFINES+=-I$(SRC_PATH)/slirp
   3.295 -SLIRP_OBJS=cksum.o if.o ip_icmp.o ip_input.o ip_output.o \
   3.296 -slirp.o mbuf.o misc.o sbuf.o socket.o tcp_input.o tcp_output.o \
   3.297 -tcp_subr.o tcp_timer.o udp.o bootp.o debug.o tftp.o
   3.298 -VL_OBJS+=$(addprefix slirp/, $(SLIRP_OBJS))
   3.299 -endif
   3.300 -
   3.301 -VL_LDFLAGS=
   3.302 -# specific flags are needed for non soft mmu emulator
   3.303 -ifdef CONFIG_STATIC
   3.304 -VL_LDFLAGS+=-static
   3.305 -endif
   3.306 -ifndef CONFIG_SOFTMMU
   3.307 -VL_LDFLAGS+=-Wl,-T,$(SRC_PATH)/i386-vl.ld
   3.308 -endif
   3.309 -ifndef CONFIG_DARWIN
   3.310 -ifndef CONFIG_WIN32
   3.311 -VL_LIBS=-lutil
   3.312 -endif
   3.313 -endif
   3.314 -
   3.315 -$(QEMU_SYSTEM): $(VL_OBJS) libqemu.a
   3.316 -	$(CC) $(VL_LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(VNC_LIBS) $(VL_LIBS)
   3.317 -
   3.318 -vnc.o: vnc.c keyboard_rdesktop.c
   3.319 -	$(CC) $(CFLAGS) $(DEFINES) $(VNC_CFLAGS) -c -o $@ $<
   3.320 -
   3.321 -sdl.o: sdl.c keyboard_rdesktop.c
   3.322 -	$(CC) $(CFLAGS) $(DEFINES) $(SDL_CFLAGS) -c -o $@ $<
   3.323 -
   3.324 -sdlaudio.o: sdlaudio.c
   3.325 -	$(CC) $(CFLAGS) $(DEFINES) $(SDL_CFLAGS) -c -o $@ $<
   3.326 -
   3.327 -depend: $(SRCS)
   3.328 -	$(CC) -MM $(CFLAGS) $(DEFINES) $^ 1>.depend
   3.329 -
   3.330 -# libqemu 
   3.331 -
   3.332 -libqemu.a: $(LIBOBJS)
   3.333 -	rm -f $@
   3.334 -	$(AR) rcs $@ $(LIBOBJS)
   3.335 -
   3.336 -translate.o: translate.c gen-op.h opc.h cpu.h
   3.337 -
   3.338 -translate-all.o: translate-all.c op.h opc.h cpu.h
   3.339 -
   3.340 -op.h: op.o $(DYNGEN)
   3.341 -	$(DYNGEN) -o $@ $<
   3.342 -
   3.343 -opc.h: op.o $(DYNGEN)
   3.344 -	$(DYNGEN) -c -o $@ $<
   3.345 -
   3.346 -gen-op.h: op.o $(DYNGEN)
   3.347 -	$(DYNGEN) -g -o $@ $<
   3.348 -
   3.349 -op.o: op.c
   3.350 -	$(CC) $(OP_CFLAGS) $(DEFINES) -c -o $@ $<
   3.351 -
   3.352 -helper.o: helper.c
   3.353 -	$(CC) $(HELPER_CFLAGS) $(DEFINES) -c -o $@ $<
   3.354 -
   3.355 -ifeq ($(TARGET_ARCH), i386)
   3.356 -op.o: op.c opreg_template.h ops_template.h ops_template_mem.h ops_mem.h
   3.357 -endif
   3.358 -
   3.359 -ifeq ($(TARGET_ARCH), arm)
   3.360 -op.o: op.c op_template.h
   3.361 -endif
   3.362 -
   3.363 -ifeq ($(TARGET_ARCH), sparc)
   3.364 -op.o: op.c op_template.h op_mem.h
   3.365 -endif
   3.366 -
   3.367 -ifeq ($(TARGET_ARCH), ppc)
   3.368 -op.o: op.c op_template.h op_mem.h
   3.369 -op_helper.o: op_helper_mem.h
   3.370 -endif
   3.371 -
   3.372 -mixeng.o: mixeng.c mixeng.h mixeng_template.h
   3.373 -
   3.374 -%.o: %.c
   3.375 -	$(CC) $(CFLAGS) $(DEFINES) -c -o $@ $<
   3.376 -
   3.377 -%.o: %.S
   3.378 -	$(CC) $(DEFINES) -c -o $@ $<
   3.379 -
   3.380 -clean:
   3.381 -	rm -rf *.o  *.a *~ $(PROGS) gen-op.h opc.h op.h nwfpe slirp qemu-vgaram-bin
   3.382 -
   3.383 -install: all 
   3.384 -	if [ ! -d $(DESTDIR)$(bindir) ];then mkdir -p $(DESTDIR)$(bindir);fi
   3.385 -	if [ ! -d $(DESTDIR)$(configdir) ];then mkdir -p $(DESTDIR)$(configdir);fi
   3.386 -ifneq ($(PROGS),)
   3.387 -	install -m 755 -s $(PROGS) "$(DESTDIR)$(bindir)"
   3.388 -endif
   3.389 -	install -m 755 device-model "$(DESTDIR)$(bindir)"
   3.390 -	install -m 755 qemu-ifup "$(DESTDIR)$(configdir)"
   3.391 -	gunzip -c qemu-vgaram-bin.gz >qemu-vgaram-bin 
   3.392 -	install -m 755 qemu-vgaram-bin "$(DESTDIR)$(configdir)"
   3.393 -ifneq ($(wildcard .depend),)
   3.394 -include .depend
   3.395 -endif
     4.1 --- a/tools/ioemu/README.distrib	Fri May 20 01:47:06 2005 +0000
     4.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.3 @@ -1,16 +0,0 @@
     4.4 -Information about the various packages used to build the current qemu
     4.5 -x86 binary distribution:
     4.6 -
     4.7 -* gcc 2.95.2 was used for the build. A glibc 2.1.3 Debian distribution
     4.8 -  was used to get most of the binary packages.
     4.9 -
    4.10 -* wine-20020411 tarball
    4.11 -
    4.12 -  ./configure --prefix=/usr/local/wine-i386
    4.13 -  
    4.14 -  All exe and libs were stripped. Some compile time tools and the
    4.15 -  includes were deleted.
    4.16 -
    4.17 -* ldconfig was launched to build the library links:
    4.18 -
    4.19 -  qemu-i386 /usr/gnemul/qemu-i386/bin/ldconfig-i386 -C /usr/gnemul/qemu-i386/etc/ld.so.cache
     5.1 --- a/tools/ioemu/configure	Fri May 20 01:47:06 2005 +0000
     5.2 +++ b/tools/ioemu/configure	Fri May 20 10:27:36 2005 +0000
     5.3 @@ -504,7 +504,7 @@ if test "$target_user_only" = "no" ; the
     5.4    mkdir -p $target_dir/slirp
     5.5  fi
     5.6  
     5.7 -ln -sf $source_path/Makefile.target $target_dir/Makefile
     5.8 +#ln -sf $source_path/Makefile.target $target_dir/Makefile
     5.9  
    5.10  echo "# Automatically generated by configure - do not modify" > $config_mak
    5.11  echo "/* Automatically generated by configure - do not modify */" > $config_h
     6.1 --- a/tools/ioemu/qemu-doc.html	Fri May 20 01:47:06 2005 +0000
     6.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     6.3 @@ -1,1793 +0,0 @@
     6.4 -<HTML>
     6.5 -<HEAD>
     6.6 -<!-- Created by texi2html 1.56k from qemu-doc.texi on 19 May 2005 -->
     6.7 -
     6.8 -<TITLE>QEMU CPU Emulator User Documentation</TITLE>
     6.9 -</HEAD>
    6.10 -<BODY>
    6.11 -<H1>QEMU CPU Emulator User Documentation</H1>
    6.12 -<P>
    6.13 -<P><HR><P>
    6.14 -<H1>Table of Contents</H1>
    6.15 -<UL>
    6.16 -<LI><A NAME="TOC1" HREF="qemu-doc.html#SEC1">1. Introduction</A>
    6.17 -<UL>
    6.18 -<LI><A NAME="TOC2" HREF="qemu-doc.html#SEC2">1.1 Features</A>
    6.19 -</UL>
    6.20 -<LI><A NAME="TOC3" HREF="qemu-doc.html#SEC3">2. Installation</A>
    6.21 -<UL>
    6.22 -<LI><A NAME="TOC4" HREF="qemu-doc.html#SEC4">2.1 Linux</A>
    6.23 -<LI><A NAME="TOC5" HREF="qemu-doc.html#SEC5">2.2 Windows</A>
    6.24 -<LI><A NAME="TOC6" HREF="qemu-doc.html#SEC6">2.3 Mac OS X</A>
    6.25 -</UL>
    6.26 -<LI><A NAME="TOC7" HREF="qemu-doc.html#SEC7">3. QEMU PC System emulator invocation</A>
    6.27 -<UL>
    6.28 -<LI><A NAME="TOC8" HREF="qemu-doc.html#SEC8">3.1 Introduction</A>
    6.29 -<LI><A NAME="TOC9" HREF="qemu-doc.html#SEC9">3.2 Quick Start</A>
    6.30 -<LI><A NAME="TOC10" HREF="qemu-doc.html#SEC10">3.3 Invocation</A>
    6.31 -<LI><A NAME="TOC11" HREF="qemu-doc.html#SEC11">3.4 Keys</A>
    6.32 -<LI><A NAME="TOC12" HREF="qemu-doc.html#SEC12">3.5 QEMU Monitor</A>
    6.33 -<UL>
    6.34 -<LI><A NAME="TOC13" HREF="qemu-doc.html#SEC13">3.5.1 Commands</A>
    6.35 -<LI><A NAME="TOC14" HREF="qemu-doc.html#SEC14">3.5.2 Integer expressions</A>
    6.36 -</UL>
    6.37 -<LI><A NAME="TOC15" HREF="qemu-doc.html#SEC15">3.6 Disk Images</A>
    6.38 -<UL>
    6.39 -<LI><A NAME="TOC16" HREF="qemu-doc.html#SEC16">3.6.1 Raw disk images</A>
    6.40 -<LI><A NAME="TOC17" HREF="qemu-doc.html#SEC17">3.6.2 Snapshot mode</A>
    6.41 -<LI><A NAME="TOC18" HREF="qemu-doc.html#SEC18">3.6.3 Copy On Write disk images</A>
    6.42 -<LI><A NAME="TOC19" HREF="qemu-doc.html#SEC19">3.6.4 Convert VMware disk images to raw disk images</A>
    6.43 -</UL>
    6.44 -<LI><A NAME="TOC20" HREF="qemu-doc.html#SEC20">3.7 Network emulation</A>
    6.45 -<UL>
    6.46 -<LI><A NAME="TOC21" HREF="qemu-doc.html#SEC21">3.7.1 Using tun/tap network interface</A>
    6.47 -<LI><A NAME="TOC22" HREF="qemu-doc.html#SEC22">3.7.2 Using the user mode network stack</A>
    6.48 -</UL>
    6.49 -<LI><A NAME="TOC23" HREF="qemu-doc.html#SEC23">3.8 Direct Linux Boot</A>
    6.50 -<LI><A NAME="TOC24" HREF="qemu-doc.html#SEC24">3.9 Linux Kernel Compilation</A>
    6.51 -<LI><A NAME="TOC25" HREF="qemu-doc.html#SEC25">3.10 GDB usage</A>
    6.52 -<LI><A NAME="TOC26" HREF="qemu-doc.html#SEC26">3.11 Target OS specific information</A>
    6.53 -<UL>
    6.54 -<LI><A NAME="TOC27" HREF="qemu-doc.html#SEC27">3.11.1 Linux</A>
    6.55 -<LI><A NAME="TOC28" HREF="qemu-doc.html#SEC28">3.11.2 Windows</A>
    6.56 -<UL>
    6.57 -<LI><A NAME="TOC29" HREF="qemu-doc.html#SEC29">3.11.2.1 SVGA graphic modes support</A>
    6.58 -<LI><A NAME="TOC30" HREF="qemu-doc.html#SEC30">3.11.2.2 CPU usage reduction</A>
    6.59 -<LI><A NAME="TOC31" HREF="qemu-doc.html#SEC31">3.11.2.3 Windows 2000 disk full problems</A>
    6.60 -<LI><A NAME="TOC32" HREF="qemu-doc.html#SEC32">3.11.2.4 Windows XP security problems</A>
    6.61 -</UL>
    6.62 -<LI><A NAME="TOC33" HREF="qemu-doc.html#SEC33">3.11.3 MS-DOS and FreeDOS</A>
    6.63 -<UL>
    6.64 -<LI><A NAME="TOC34" HREF="qemu-doc.html#SEC34">3.11.3.1 CPU usage reduction</A>
    6.65 -</UL>
    6.66 -</UL>
    6.67 -</UL>
    6.68 -<LI><A NAME="TOC35" HREF="qemu-doc.html#SEC35">4. QEMU PowerPC System emulator invocation</A>
    6.69 -<LI><A NAME="TOC36" HREF="qemu-doc.html#SEC36">5. QEMU User space emulator invocation</A>
    6.70 -<UL>
    6.71 -<LI><A NAME="TOC37" HREF="qemu-doc.html#SEC37">5.1 Quick Start</A>
    6.72 -<LI><A NAME="TOC38" HREF="qemu-doc.html#SEC38">5.2 Wine launch</A>
    6.73 -<LI><A NAME="TOC39" HREF="qemu-doc.html#SEC39">5.3 Command line options</A>
    6.74 -</UL>
    6.75 -<LI><A NAME="TOC40" HREF="qemu-doc.html#SEC40">6. Compilation from the sources</A>
    6.76 -<UL>
    6.77 -<LI><A NAME="TOC41" HREF="qemu-doc.html#SEC41">6.1 Linux/BSD</A>
    6.78 -<LI><A NAME="TOC42" HREF="qemu-doc.html#SEC42">6.2 Windows</A>
    6.79 -<LI><A NAME="TOC43" HREF="qemu-doc.html#SEC43">6.3 Cross compilation for Windows with Linux</A>
    6.80 -<LI><A NAME="TOC44" HREF="qemu-doc.html#SEC44">6.4 Mac OS X</A>
    6.81 -</UL>
    6.82 -</UL>
    6.83 -<P><HR><P>
    6.84 -
    6.85 -<P>
    6.86 -QEMU CPU Emulator User Documentation
    6.87 -
    6.88 -
    6.89 -
    6.90 -
    6.91 -<H1><A NAME="SEC1" HREF="qemu-doc.html#TOC1">1. Introduction</A></H1>
    6.92 -
    6.93 -
    6.94 -
    6.95 -<H2><A NAME="SEC2" HREF="qemu-doc.html#TOC2">1.1 Features</A></H2>
    6.96 -
    6.97 -<P>
    6.98 -QEMU is a FAST! processor emulator using dynamic translation to
    6.99 -achieve good emulation speed.
   6.100 -
   6.101 -
   6.102 -<P>
   6.103 -QEMU has two operating modes:
   6.104 -
   6.105 -
   6.106 -
   6.107 -<UL>
   6.108 -
   6.109 -<LI>
   6.110 -
   6.111 -Full system emulation. In this mode, QEMU emulates a full system (for
   6.112 -example a PC), including a processor and various peripherials. It can
   6.113 -be used to launch different Operating Systems without rebooting the
   6.114 -PC or to debug system code.
   6.115 -
   6.116 -<LI>
   6.117 -
   6.118 -User mode emulation (Linux host only). In this mode, QEMU can launch
   6.119 -Linux processes compiled for one CPU on another CPU. It can be used to
   6.120 -launch the Wine Windows API emulator (<A HREF="http://www.winehq.org">http://www.winehq.org</A>) or
   6.121 -to ease cross-compilation and cross-debugging.
   6.122 -
   6.123 -</UL>
   6.124 -
   6.125 -<P>
   6.126 -As QEMU requires no host kernel driver to run, it is very safe and
   6.127 -easy to use.
   6.128 -
   6.129 -
   6.130 -<P>
   6.131 -For system emulation, the following hardware targets are supported:
   6.132 -
   6.133 -<UL>
   6.134 -<LI>PC (x86 processor)
   6.135 -
   6.136 -<LI>PREP (PowerPC processor)
   6.137 -
   6.138 -<LI>PowerMac (PowerPC processor, in progress)
   6.139 -
   6.140 -</UL>
   6.141 -
   6.142 -<P>
   6.143 -For user emulation, x86, PowerPC, ARM, and SPARC CPUs are supported.
   6.144 -
   6.145 -
   6.146 -
   6.147 -
   6.148 -<H1><A NAME="SEC3" HREF="qemu-doc.html#TOC3">2. Installation</A></H1>
   6.149 -
   6.150 -<P>
   6.151 -If you want to compile QEMU yourself, see section <A HREF="qemu-doc.html#SEC40">6. Compilation from the sources</A>.
   6.152 -
   6.153 -
   6.154 -
   6.155 -
   6.156 -<H2><A NAME="SEC4" HREF="qemu-doc.html#TOC4">2.1 Linux</A></H2>
   6.157 -
   6.158 -<P>
   6.159 -Download the binary distribution (<TT>`qemu-XXX-i386.tar.gz'</TT>) and
   6.160 -untar it as root in <TT>`/'</TT>:
   6.161 -
   6.162 -
   6.163 -
   6.164 -<PRE>
   6.165 -su
   6.166 -cd /
   6.167 -tar zxvf /tmp/qemu-XXX-i386.tar.gz
   6.168 -</PRE>
   6.169 -
   6.170 -
   6.171 -
   6.172 -<H2><A NAME="SEC5" HREF="qemu-doc.html#TOC5">2.2 Windows</A></H2>
   6.173 -
   6.174 -<P>
   6.175 -Download the experimental binary installer at
   6.176 -<A HREF="http://www.freeoszoo.org/download.php">http://www.freeoszoo.org/download.php</A>.
   6.177 -
   6.178 -
   6.179 -
   6.180 -
   6.181 -<H2><A NAME="SEC6" HREF="qemu-doc.html#TOC6">2.3 Mac OS X</A></H2>
   6.182 -
   6.183 -<P>
   6.184 -Download the experimental binary installer at
   6.185 -<A HREF="http://www.freeoszoo.org/download.php">http://www.freeoszoo.org/download.php</A>.
   6.186 -
   6.187 -
   6.188 -
   6.189 -
   6.190 -<H1><A NAME="SEC7" HREF="qemu-doc.html#TOC7">3. QEMU PC System emulator invocation</A></H1>
   6.191 -
   6.192 -
   6.193 -
   6.194 -<H2><A NAME="SEC8" HREF="qemu-doc.html#TOC8">3.1 Introduction</A></H2>
   6.195 -
   6.196 -<P>
   6.197 -The QEMU System emulator simulates a complete PC.
   6.198 -
   6.199 -
   6.200 -<P>
   6.201 -In order to meet specific user needs, two versions of QEMU are
   6.202 -available:
   6.203 -
   6.204 -
   6.205 -
   6.206 -<OL>
   6.207 -
   6.208 -<LI>
   6.209 -
   6.210 -<CODE>qemu-fast</CODE> uses the host Memory Management Unit (MMU) to
   6.211 -simulate the x86 MMU. It is <EM>fast</EM> but has limitations because
   6.212 -the whole 4 GB address space cannot be used and some memory mapped
   6.213 -peripherials cannot be emulated accurately yet. Therefore, a specific
   6.214 -guest Linux kernel can be used (See section <A HREF="qemu-doc.html#SEC24">3.9 Linux Kernel Compilation</A>) as guest
   6.215 -OS. 
   6.216 -
   6.217 -Moreover there is no separation between the host and target address
   6.218 -spaces, so it offers no security (the target OS can modify the
   6.219 -<CODE>qemu-fast</CODE> code by writing at the right addresses).
   6.220 -
   6.221 -<LI>
   6.222 -
   6.223 -<CODE>qemu</CODE> uses a software MMU. It is about <EM>two times slower</EM>
   6.224 -but gives a more accurate emulation and a complete separation between
   6.225 -the host and target address spaces.
   6.226 -
   6.227 -</OL>
   6.228 -
   6.229 -<P>
   6.230 -QEMU emulates the following PC peripherials:
   6.231 -
   6.232 -
   6.233 -
   6.234 -<UL>
   6.235 -<LI>
   6.236 -
   6.237 -i440FX host PCI bridge and PIIX3 PCI to ISA bridge
   6.238 -<LI>
   6.239 -
   6.240 -Cirrus CLGD 5446 PCI VGA card or dummy VGA card with Bochs VESA
   6.241 -extensions (hardware level, including all non standard modes).
   6.242 -<LI>
   6.243 -
   6.244 -PS/2 mouse and keyboard
   6.245 -<LI>
   6.246 -
   6.247 -2 PCI IDE interfaces with hard disk and CD-ROM support
   6.248 -<LI>
   6.249 -
   6.250 -Floppy disk
   6.251 -<LI>
   6.252 -
   6.253 -NE2000 PCI network adapters
   6.254 -<LI>
   6.255 -
   6.256 -Serial ports
   6.257 -<LI>
   6.258 -
   6.259 -Soundblaster 16 card
   6.260 -</UL>
   6.261 -
   6.262 -<P>
   6.263 -QEMU uses the PC BIOS from the Bochs project and the Plex86/Bochs LGPL
   6.264 -VGA BIOS.
   6.265 -
   6.266 -
   6.267 -
   6.268 -
   6.269 -<H2><A NAME="SEC9" HREF="qemu-doc.html#TOC9">3.2 Quick Start</A></H2>
   6.270 -
   6.271 -<P>
   6.272 -Download and uncompress the linux image (<TT>`linux.img'</TT>) and type:
   6.273 -
   6.274 -
   6.275 -
   6.276 -<PRE>
   6.277 -qemu linux.img
   6.278 -</PRE>
   6.279 -
   6.280 -<P>
   6.281 -Linux should boot and give you a prompt.
   6.282 -
   6.283 -
   6.284 -
   6.285 -
   6.286 -<H2><A NAME="SEC10" HREF="qemu-doc.html#TOC10">3.3 Invocation</A></H2>
   6.287 -
   6.288 -
   6.289 -<PRE>
   6.290 -usage: qemu [options] [disk_image]
   6.291 -</PRE>
   6.292 -
   6.293 -<P>
   6.294 -<VAR>disk_image</VAR> is a raw hard disk image for IDE hard disk 0.
   6.295 -
   6.296 -
   6.297 -<P>
   6.298 -General options:
   6.299 -<DL COMPACT>
   6.300 -
   6.301 -<DT>@option{-fda file}
   6.302 -<DD>
   6.303 -<DT>@option{-fdb file}
   6.304 -<DD>
   6.305 -Use <VAR>file</VAR> as floppy disk 0/1 image (See section <A HREF="qemu-doc.html#SEC15">3.6 Disk Images</A>). You can
   6.306 -use the host floppy by using <TT>`/dev/fd0'</TT> as filename.
   6.307 -
   6.308 -<DT>@option{-hda file}
   6.309 -<DD>
   6.310 -<DT>@option{-hdb file}
   6.311 -<DD>
   6.312 -<DT>@option{-hdc file}
   6.313 -<DD>
   6.314 -<DT>@option{-hdd file}
   6.315 -<DD>
   6.316 -Use <VAR>file</VAR> as hard disk 0, 1, 2 or 3 image (See section <A HREF="qemu-doc.html#SEC15">3.6 Disk Images</A>).
   6.317 -
   6.318 -<DT>@option{-cdrom file}
   6.319 -<DD>
   6.320 -Use <VAR>file</VAR> as CD-ROM image (you cannot use @option{-hdc} and and
   6.321 -@option{-cdrom} at the same time). You can use the host CD-ROM by
   6.322 -using <TT>`/dev/cdrom'</TT> as filename.
   6.323 -
   6.324 -<DT>@option{-boot [a|c|d]}
   6.325 -<DD>
   6.326 -Boot on floppy (a), hard disk (c) or CD-ROM (d). Hard disk boot is
   6.327 -the default.
   6.328 -
   6.329 -<DT>@option{-snapshot}
   6.330 -<DD>
   6.331 -Write to temporary files instead of disk image files. In this case,
   6.332 -the raw disk image you use is not written back. You can however force
   6.333 -the write back by pressing <KBD>C-a s</KBD> (See section <A HREF="qemu-doc.html#SEC15">3.6 Disk Images</A>). 
   6.334 -
   6.335 -<DT>@option{-m megs}
   6.336 -<DD>
   6.337 -Set virtual RAM size to <VAR>megs</VAR> megabytes. Default is 128 MB.
   6.338 -
   6.339 -<DT>@option{-nographic}
   6.340 -<DD>
   6.341 -Normally, QEMU uses SDL to display the VGA output. With this option,
   6.342 -you can totally disable graphical output so that QEMU is a simple
   6.343 -command line application. The emulated serial port is redirected on
   6.344 -the console. Therefore, you can still use QEMU to debug a Linux kernel
   6.345 -with a serial console.
   6.346 -
   6.347 -<DT>@option{-enable-audio}
   6.348 -<DD>
   6.349 -The SB16 emulation is disabled by default as it may give problems with
   6.350 -Windows. You can enable it manually with this option.
   6.351 -
   6.352 -<DT>@option{-localtime}
   6.353 -<DD>
   6.354 -Set the real time clock to local time (the default is to UTC
   6.355 -time). This option is needed to have correct date in MS-DOS or
   6.356 -Windows.
   6.357 -
   6.358 -<DT>@option{-full-screen}
   6.359 -<DD>
   6.360 -Start in full screen.
   6.361 -
   6.362 -</DL>
   6.363 -
   6.364 -<P>
   6.365 -Network options:
   6.366 -
   6.367 -
   6.368 -<DL COMPACT>
   6.369 -
   6.370 -<DT>@option{-n script}
   6.371 -<DD>
   6.372 -Set TUN/TAP network init script [default=/etc/qemu-ifup]. This script
   6.373 -is launched to configure the host network interface (usually tun0)
   6.374 -corresponding to the virtual NE2000 card.
   6.375 -
   6.376 -<DT>@option{-macaddr addr}
   6.377 -<DD>
   6.378 -Set the mac address of the first interface (the format is
   6.379 -aa:bb:cc:dd:ee:ff in hexa). The mac address is incremented for each
   6.380 -new network interface.
   6.381 -
   6.382 -<DT>@option{-tun-fd fd}
   6.383 -<DD>
   6.384 -Assumes <VAR>fd</VAR> talks to a tap/tun host network interface and use
   6.385 -it. Read <A HREF="http://bellard.org/qemu/tetrinet.html">http://bellard.org/qemu/tetrinet.html</A> to have an
   6.386 -example of its use.
   6.387 -
   6.388 -<DT>@option{-user-net}
   6.389 -<DD>
   6.390 -Use the user mode network stack. This is the default if no tun/tap
   6.391 -network init script is found.
   6.392 -
   6.393 -<DT>@option{-tftp prefix}
   6.394 -<DD>
   6.395 -When using the user mode network stack, activate a built-in TFTP
   6.396 -server. All filenames beginning with <VAR>prefix</VAR> can be downloaded
   6.397 -from the host to the guest using a TFTP client. The TFTP client on the
   6.398 -guest must be configured in binary mode (use the command <CODE>bin</CODE> of
   6.399 -the Unix TFTP client). The host IP address on the guest is as usual
   6.400 -10.0.2.2.
   6.401 -
   6.402 -<DT>@option{-smb dir}
   6.403 -<DD>
   6.404 -When using the user mode network stack, activate a built-in SMB
   6.405 -server so that Windows OSes can access to the host files in <TT>`dir'</TT>
   6.406 -transparently.
   6.407 -
   6.408 -In the guest Windows OS, the line:
   6.409 -
   6.410 -<PRE>
   6.411 -10.0.2.4 smbserver
   6.412 -</PRE>
   6.413 -
   6.414 -must be added in the file <TT>`C:\WINDOWS\LMHOSTS'</TT> (for windows 9x/Me)
   6.415 -or <TT>`C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS'</TT> (Windows NT/2000).
   6.416 -
   6.417 -Then <TT>`dir'</TT> can be accessed in <TT>`\\smbserver\qemu'</TT>.
   6.418 -
   6.419 -Note that a SAMBA server must be installed on the host OS in
   6.420 -<TT>`/usr/sbin/smbd'</TT>. QEMU was tested succesfully with smbd version
   6.421 -2.2.7a from the Red Hat 9.
   6.422 -
   6.423 -<DT>@option{-redir [tcp|udp]:host-port:[guest-host]:guest-port}
   6.424 -<DD>
   6.425 -When using the user mode network stack, redirect incoming TCP or UDP
   6.426 -connections to the host port <VAR>host-port</VAR> to the guest
   6.427 -<VAR>guest-host</VAR> on guest port <VAR>guest-port</VAR>. If <VAR>guest-host</VAR>
   6.428 -is not specified, its value is 10.0.2.15 (default address given by the
   6.429 -built-in DHCP server).
   6.430 -
   6.431 -For example, to redirect host X11 connection from screen 1 to guest
   6.432 -screen 0, use the following:
   6.433 -
   6.434 -
   6.435 -<PRE>
   6.436 -# on the host
   6.437 -qemu -redir tcp:6001::6000 [...]
   6.438 -# this host xterm should open in the guest X11 server
   6.439 -xterm -display :1
   6.440 -</PRE>
   6.441 -
   6.442 -To redirect telnet connections from host port 5555 to telnet port on
   6.443 -the guest, use the following:
   6.444 -
   6.445 -
   6.446 -<PRE>
   6.447 -# on the host
   6.448 -qemu -redir tcp:5555::23 [...]
   6.449 -telnet localhost 5555
   6.450 -</PRE>
   6.451 -
   6.452 -Then when you use on the host <CODE>telnet localhost 5555</CODE>, you
   6.453 -connect to the guest telnet server.
   6.454 -
   6.455 -<DT>@option{-dummy-net}
   6.456 -<DD>
   6.457 -Use the dummy network stack: no packet will be received by the network
   6.458 -cards.
   6.459 -
   6.460 -</DL>
   6.461 -
   6.462 -<P>
   6.463 -Linux boot specific. When using this options, you can use a given
   6.464 -Linux kernel without installing it in the disk image. It can be useful
   6.465 -for easier testing of various kernels.
   6.466 -
   6.467 -
   6.468 -<DL COMPACT>
   6.469 -
   6.470 -<DT>@option{-kernel bzImage}
   6.471 -<DD>
   6.472 -Use <VAR>bzImage</VAR> as kernel image.
   6.473 -
   6.474 -<DT>@option{-append cmdline}
   6.475 -<DD>
   6.476 -Use <VAR>cmdline</VAR> as kernel command line
   6.477 -
   6.478 -<DT>@option{-initrd file}
   6.479 -<DD>
   6.480 -Use <VAR>file</VAR> as initial ram disk.
   6.481 -
   6.482 -</DL>
   6.483 -
   6.484 -<P>
   6.485 -Debug/Expert options:
   6.486 -<DL COMPACT>
   6.487 -
   6.488 -<DT>@option{-serial dev}
   6.489 -<DD>
   6.490 -Redirect the virtual serial port to host device <VAR>dev</VAR>. Available
   6.491 -devices are:
   6.492 -<DL COMPACT>
   6.493 -
   6.494 -<DT><CODE>vc</CODE>
   6.495 -<DD>
   6.496 -Virtual console
   6.497 -<DT><CODE>pty</CODE>
   6.498 -<DD>
   6.499 -[Linux only] Pseudo TTY (a new PTY is automatically allocated)
   6.500 -<DT><CODE>null</CODE>
   6.501 -<DD>
   6.502 -void device
   6.503 -<DT><CODE>stdio</CODE>
   6.504 -<DD>
   6.505 -[Unix only] standard input/output
   6.506 -</DL>
   6.507 -The default device is <CODE>vc</CODE> in graphical mode and <CODE>stdio</CODE> in
   6.508 -non graphical mode.
   6.509 -
   6.510 -This option can be used several times to simulate up to 4 serials
   6.511 -ports.
   6.512 -
   6.513 -<DT>@option{-monitor dev}
   6.514 -<DD>
   6.515 -Redirect the monitor to host device <VAR>dev</VAR> (same devices as the
   6.516 -serial port).
   6.517 -The default device is <CODE>vc</CODE> in graphical mode and <CODE>stdio</CODE> in
   6.518 -non graphical mode.
   6.519 -
   6.520 -<DT>@option{-s}
   6.521 -<DD>
   6.522 -Wait gdb connection to port 1234 (See section <A HREF="qemu-doc.html#SEC25">3.10 GDB usage</A>). 
   6.523 -<DT>@option{-p port}
   6.524 -<DD>
   6.525 -Change gdb connection port.
   6.526 -<DT>@option{-S}
   6.527 -<DD>
   6.528 -Do not start CPU at startup (you must type 'c' in the monitor).
   6.529 -<DT>@option{-d}
   6.530 -<DD>
   6.531 -Output log in /tmp/qemu.log
   6.532 -<DT>@option{-isa}
   6.533 -<DD>
   6.534 -Simulate an ISA-only system (default is PCI system).
   6.535 -<DT>@option{-std-vga}
   6.536 -<DD>
   6.537 -Simulate a standard VGA card with Bochs VBE extensions (default is
   6.538 -Cirrus Logic GD5446 PCI VGA)
   6.539 -<DT>@option{-loadvm file}
   6.540 -<DD>
   6.541 -Start right away with a saved state (<CODE>loadvm</CODE> in monitor)
   6.542 -</DL>
   6.543 -
   6.544 -
   6.545 -
   6.546 -<H2><A NAME="SEC11" HREF="qemu-doc.html#TOC11">3.4 Keys</A></H2>
   6.547 -
   6.548 -<P>
   6.549 -During the graphical emulation, you can use the following keys:
   6.550 -<DL COMPACT>
   6.551 -
   6.552 -<DT><KBD>Ctrl-Alt-f</KBD>
   6.553 -<DD>
   6.554 -Toggle full screen
   6.555 -
   6.556 -<DT><KBD>Ctrl-Alt-n</KBD>
   6.557 -<DD>
   6.558 -Switch to virtual console 'n'. Standard console mappings are:
   6.559 -<DL COMPACT>
   6.560 -
   6.561 -<DT><EM>1</EM>
   6.562 -<DD>
   6.563 -Target system display
   6.564 -<DT><EM>2</EM>
   6.565 -<DD>
   6.566 -Monitor
   6.567 -<DT><EM>3</EM>
   6.568 -<DD>
   6.569 -Serial port
   6.570 -</DL>
   6.571 -
   6.572 -<DT><KBD>Ctrl-Alt</KBD>
   6.573 -<DD>
   6.574 -Toggle mouse and keyboard grab.
   6.575 -</DL>
   6.576 -
   6.577 -<P>
   6.578 -In the virtual consoles, you can use <KBD>Ctrl-Up</KBD>, <KBD>Ctrl-Down</KBD>,
   6.579 -<KBD>Ctrl-PageUp</KBD> and <KBD>Ctrl-PageDown</KBD> to move in the back log.
   6.580 -
   6.581 -
   6.582 -<P>
   6.583 -During emulation, if you are using the @option{-nographic} option, use
   6.584 -<KBD>Ctrl-a h</KBD> to get terminal commands:
   6.585 -
   6.586 -
   6.587 -<DL COMPACT>
   6.588 -
   6.589 -<DT><KBD>Ctrl-a h</KBD>
   6.590 -<DD>
   6.591 -Print this help
   6.592 -<DT><KBD>Ctrl-a x</KBD>
   6.593 -<DD>
   6.594 -Exit emulatior
   6.595 -<DT><KBD>Ctrl-a s</KBD>
   6.596 -<DD>
   6.597 -Save disk data back to file (if -snapshot)
   6.598 -<DT><KBD>Ctrl-a b</KBD>
   6.599 -<DD>
   6.600 -Send break (magic sysrq in Linux)
   6.601 -<DT><KBD>Ctrl-a c</KBD>
   6.602 -<DD>
   6.603 -Switch between console and monitor
   6.604 -<DT><KBD>Ctrl-a Ctrl-a</KBD>
   6.605 -<DD>
   6.606 -Send Ctrl-a
   6.607 -</DL>
   6.608 -
   6.609 -
   6.610 -
   6.611 -<H2><A NAME="SEC12" HREF="qemu-doc.html#TOC12">3.5 QEMU Monitor</A></H2>
   6.612 -
   6.613 -<P>
   6.614 -The QEMU monitor is used to give complex commands to the QEMU
   6.615 -emulator. You can use it to:
   6.616 -
   6.617 -
   6.618 -
   6.619 -<UL>
   6.620 -
   6.621 -<LI>
   6.622 -
   6.623 -Remove or insert removable medias images
   6.624 -(such as CD-ROM or floppies)
   6.625 -
   6.626 -<LI>
   6.627 -
   6.628 -Freeze/unfreeze the Virtual Machine (VM) and save or restore its state
   6.629 -from a disk file.
   6.630 -
   6.631 -<LI>Inspect the VM state without an external debugger.
   6.632 -
   6.633 -</UL>
   6.634 -
   6.635 -
   6.636 -
   6.637 -<H3><A NAME="SEC13" HREF="qemu-doc.html#TOC13">3.5.1 Commands</A></H3>
   6.638 -
   6.639 -<P>
   6.640 -The following commands are available:
   6.641 -
   6.642 -
   6.643 -<DL COMPACT>
   6.644 -
   6.645 -<DT>@option{help or ? [cmd]}
   6.646 -<DD>
   6.647 -Show the help for all commands or just for command <VAR>cmd</VAR>.
   6.648 -
   6.649 -<DT>@option{commit}
   6.650 -<DD>
   6.651 -Commit changes to the disk images (if -snapshot is used)
   6.652 -
   6.653 -<DT>@option{info subcommand}
   6.654 -<DD>
   6.655 -show various information about the system state
   6.656 -
   6.657 -<DL COMPACT>
   6.658 -
   6.659 -<DT>@option{info network}
   6.660 -<DD>
   6.661 -show the network state
   6.662 -<DT>@option{info block}
   6.663 -<DD>
   6.664 -show the block devices
   6.665 -<DT>@option{info registers}
   6.666 -<DD>
   6.667 -show the cpu registers
   6.668 -<DT>@option{info history}
   6.669 -<DD>
   6.670 -show the command line history
   6.671 -</DL>
   6.672 -
   6.673 -<DT>@option{q or quit}
   6.674 -<DD>
   6.675 -Quit the emulator.
   6.676 -
   6.677 -<DT>@option{eject [-f] device}
   6.678 -<DD>
   6.679 -Eject a removable media (use -f to force it).
   6.680 -
   6.681 -<DT>@option{change device filename}
   6.682 -<DD>
   6.683 -Change a removable media.
   6.684 -
   6.685 -<DT>@option{screendump filename}
   6.686 -<DD>
   6.687 -Save screen into PPM image <VAR>filename</VAR>.
   6.688 -
   6.689 -<DT>@option{log item1[,...]}
   6.690 -<DD>
   6.691 -Activate logging of the specified items to <TT>`/tmp/qemu.log'</TT>.
   6.692 -
   6.693 -<DT>@option{savevm filename}
   6.694 -<DD>
   6.695 -Save the whole virtual machine state to <VAR>filename</VAR>.
   6.696 -
   6.697 -<DT>@option{loadvm filename}
   6.698 -<DD>
   6.699 -Restore the whole virtual machine state from <VAR>filename</VAR>.
   6.700 -
   6.701 -<DT>@option{stop}
   6.702 -<DD>
   6.703 -Stop emulation.
   6.704 -
   6.705 -<DT>@option{c or cont}
   6.706 -<DD>
   6.707 -Resume emulation.
   6.708 -
   6.709 -<DT>@option{gdbserver [port]}
   6.710 -<DD>
   6.711 -Start gdbserver session (default port=1234)
   6.712 -
   6.713 -<DT>@option{x/fmt addr}
   6.714 -<DD>
   6.715 -Virtual memory dump starting at <VAR>addr</VAR>.
   6.716 -
   6.717 -<DT>@option{xp /fmt addr}
   6.718 -<DD>
   6.719 -Physical memory dump starting at <VAR>addr</VAR>.
   6.720 -
   6.721 -<VAR>fmt</VAR> is a format which tells the command how to format the
   6.722 -data. Its syntax is: @option{/{count}{format}{size}}
   6.723 -
   6.724 -<DL COMPACT>
   6.725 -
   6.726 -<DT><VAR>count</VAR>
   6.727 -<DD>
   6.728 -is the number of items to be dumped.
   6.729 -
   6.730 -<DT><VAR>format</VAR>
   6.731 -<DD>
   6.732 -can be x (hexa), d (signed decimal), u (unsigned decimal), o (octal),
   6.733 -c (char) or i (asm instruction).
   6.734 -
   6.735 -<DT><VAR>size</VAR>
   6.736 -<DD>
   6.737 -can be b (8 bits), h (16 bits), w (32 bits) or g (64 bits). On x86,
   6.738 -<CODE>h</CODE> or <CODE>w</CODE> can be specified with the <CODE>i</CODE> format to
   6.739 -respectively select 16 or 32 bit code instruction size.
   6.740 -
   6.741 -</DL>
   6.742 -
   6.743 -Examples: 
   6.744 -
   6.745 -<UL>
   6.746 -<LI>
   6.747 -
   6.748 -Dump 10 instructions at the current instruction pointer:
   6.749 -
   6.750 -<PRE>
   6.751 -(qemu) x/10i $eip
   6.752 -0x90107063:  ret
   6.753 -0x90107064:  sti
   6.754 -0x90107065:  lea    0x0(%esi,1),%esi
   6.755 -0x90107069:  lea    0x0(%edi,1),%edi
   6.756 -0x90107070:  ret
   6.757 -0x90107071:  jmp    0x90107080
   6.758 -0x90107073:  nop
   6.759 -0x90107074:  nop
   6.760 -0x90107075:  nop
   6.761 -0x90107076:  nop
   6.762 -</PRE>
   6.763 -
   6.764 -<LI>
   6.765 -
   6.766 -Dump 80 16 bit values at the start of the video memory.
   6.767 -
   6.768 -<PRE>
   6.769 -(qemu) xp/80hx 0xb8000
   6.770 -0x000b8000: 0x0b50 0x0b6c 0x0b65 0x0b78 0x0b38 0x0b36 0x0b2f 0x0b42
   6.771 -0x000b8010: 0x0b6f 0x0b63 0x0b68 0x0b73 0x0b20 0x0b56 0x0b47 0x0b41
   6.772 -0x000b8020: 0x0b42 0x0b69 0x0b6f 0x0b73 0x0b20 0x0b63 0x0b75 0x0b72
   6.773 -0x000b8030: 0x0b72 0x0b65 0x0b6e 0x0b74 0x0b2d 0x0b63 0x0b76 0x0b73
   6.774 -0x000b8040: 0x0b20 0x0b30 0x0b35 0x0b20 0x0b4e 0x0b6f 0x0b76 0x0b20
   6.775 -0x000b8050: 0x0b32 0x0b30 0x0b30 0x0b33 0x0720 0x0720 0x0720 0x0720
   6.776 -0x000b8060: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
   6.777 -0x000b8070: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
   6.778 -0x000b8080: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
   6.779 -0x000b8090: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
   6.780 -</PRE>
   6.781 -
   6.782 -</UL>
   6.783 -
   6.784 -<DT>@option{p or print/fmt expr}
   6.785 -<DD>
   6.786 -Print expression value. Only the <VAR>format</VAR> part of <VAR>fmt</VAR> is
   6.787 -used.
   6.788 -
   6.789 -<DT>@option{sendkey keys}
   6.790 -<DD>
   6.791 -Send <VAR>keys</VAR> to the emulator. Use <CODE>-</CODE> to press several keys
   6.792 -simultaneously. Example:
   6.793 -
   6.794 -<PRE>
   6.795 -sendkey ctrl-alt-f1
   6.796 -</PRE>
   6.797 -
   6.798 -This command is useful to send keys that your graphical user interface
   6.799 -intercepts at low level, such as <CODE>ctrl-alt-f1</CODE> in X Window.
   6.800 -
   6.801 -<DT>@option{system_reset}
   6.802 -<DD>
   6.803 -Reset the system.
   6.804 -
   6.805 -</DL>
   6.806 -
   6.807 -
   6.808 -
   6.809 -<H3><A NAME="SEC14" HREF="qemu-doc.html#TOC14">3.5.2 Integer expressions</A></H3>
   6.810 -
   6.811 -<P>
   6.812 -The monitor understands integers expressions for every integer
   6.813 -argument. You can use register names to get the value of specifics
   6.814 -CPU registers by prefixing them with <EM>$</EM>.
   6.815 -
   6.816 -
   6.817 -
   6.818 -
   6.819 -<H2><A NAME="SEC15" HREF="qemu-doc.html#TOC15">3.6 Disk Images</A></H2>
   6.820 -
   6.821 -
   6.822 -
   6.823 -<H3><A NAME="SEC16" HREF="qemu-doc.html#TOC16">3.6.1 Raw disk images</A></H3>
   6.824 -
   6.825 -<P>
   6.826 -The disk images can simply be raw images of the hard disk. You can
   6.827 -create them with the command:
   6.828 -
   6.829 -<PRE>
   6.830 -dd of=myimage bs=1024 seek=mysize count=0
   6.831 -</PRE>
   6.832 -
   6.833 -<P>
   6.834 -where <VAR>myimage</VAR> is the image filename and <VAR>mysize</VAR> is its size
   6.835 -in kilobytes.
   6.836 -
   6.837 -
   6.838 -
   6.839 -
   6.840 -<H3><A NAME="SEC17" HREF="qemu-doc.html#TOC17">3.6.2 Snapshot mode</A></H3>
   6.841 -
   6.842 -<P>
   6.843 -If you use the option @option{-snapshot}, all disk images are
   6.844 -considered as read only. When sectors in written, they are written in
   6.845 -a temporary file created in <TT>`/tmp'</TT>. You can however force the
   6.846 -write back to the raw disk images by pressing <KBD>C-a s</KBD>.
   6.847 -
   6.848 -
   6.849 -<P>
   6.850 -NOTE: The snapshot mode only works with raw disk images.
   6.851 -
   6.852 -
   6.853 -
   6.854 -
   6.855 -<H3><A NAME="SEC18" HREF="qemu-doc.html#TOC18">3.6.3 Copy On Write disk images</A></H3>
   6.856 -
   6.857 -<P>
   6.858 -QEMU also supports user mode Linux
   6.859 -(<A HREF="http://user-mode-linux.sourceforge.net/">http://user-mode-linux.sourceforge.net/</A>) Copy On Write (COW)
   6.860 -disk images. The COW disk images are much smaller than normal images
   6.861 -as they store only modified sectors. They also permit the use of the
   6.862 -same disk image template for many users.
   6.863 -
   6.864 -
   6.865 -<P>
   6.866 -To create a COW disk images, use the command:
   6.867 -
   6.868 -
   6.869 -
   6.870 -<PRE>
   6.871 -qemu-mkcow -f myrawimage.bin mycowimage.cow
   6.872 -</PRE>
   6.873 -
   6.874 -<P>
   6.875 -<TT>`myrawimage.bin'</TT> is a raw image you want to use as original disk
   6.876 -image. It will never be written to.
   6.877 -
   6.878 -
   6.879 -<P>
   6.880 -<TT>`mycowimage.cow'</TT> is the COW disk image which is created by
   6.881 -<CODE>qemu-mkcow</CODE>. You can use it directly with the @option{-hdx}
   6.882 -options. You must not modify the original raw disk image if you use
   6.883 -COW images, as COW images only store the modified sectors from the raw
   6.884 -disk image. QEMU stores the original raw disk image name and its
   6.885 -modified time in the COW disk image so that chances of mistakes are
   6.886 -reduced.
   6.887 -
   6.888 -
   6.889 -<P>
   6.890 -If the raw disk image is not read-only, by pressing <KBD>C-a s</KBD> you
   6.891 -can flush the COW disk image back into the raw disk image, as in
   6.892 -snapshot mode.
   6.893 -
   6.894 -
   6.895 -<P>
   6.896 -COW disk images can also be created without a corresponding raw disk
   6.897 -image. It is useful to have a big initial virtual disk image without
   6.898 -using much disk space. Use:
   6.899 -
   6.900 -
   6.901 -
   6.902 -<PRE>
   6.903 -qemu-mkcow mycowimage.cow 1024
   6.904 -</PRE>
   6.905 -
   6.906 -<P>
   6.907 -to create a 1 gigabyte empty COW disk image.
   6.908 -
   6.909 -
   6.910 -<P>
   6.911 -NOTES: 
   6.912 -
   6.913 -<OL>
   6.914 -<LI>
   6.915 -
   6.916 -COW disk images must be created on file systems supporting
   6.917 -<EM>holes</EM> such as ext2 or ext3.
   6.918 -<LI>
   6.919 -
   6.920 -Since holes are used, the displayed size of the COW disk image is not
   6.921 -the real one. To know it, use the <CODE>ls -ls</CODE> command.
   6.922 -</OL>
   6.923 -
   6.924 -
   6.925 -
   6.926 -<H3><A NAME="SEC19" HREF="qemu-doc.html#TOC19">3.6.4 Convert VMware disk images to raw disk images</A></H3>
   6.927 -
   6.928 -<P>
   6.929 -You can use the tool <TT>`vmdk2raw'</TT> to convert VMware disk images to
   6.930 -raw disk images directly usable by QEMU. The syntax is:
   6.931 -
   6.932 -<PRE>
   6.933 -vmdk2raw vmware_image output_image
   6.934 -</PRE>
   6.935 -
   6.936 -
   6.937 -
   6.938 -<H2><A NAME="SEC20" HREF="qemu-doc.html#TOC20">3.7 Network emulation</A></H2>
   6.939 -
   6.940 -<P>
   6.941 -QEMU simulates up to 6 networks cards (NE2000 boards). Each card can
   6.942 -be connected to a specific host network interface.
   6.943 -
   6.944 -
   6.945 -
   6.946 -
   6.947 -<H3><A NAME="SEC21" HREF="qemu-doc.html#TOC21">3.7.1 Using tun/tap network interface</A></H3>
   6.948 -
   6.949 -<P>
   6.950 -This is the standard way to emulate network. QEMU adds a virtual
   6.951 -network device on your host (called <CODE>tun0</CODE>), and you can then
   6.952 -configure it as if it was a real ethernet card.
   6.953 -
   6.954 -
   6.955 -<P>
   6.956 -As an example, you can download the <TT>`linux-test-xxx.tar.gz'</TT>
   6.957 -archive and copy the script <TT>`qemu-ifup'</TT> in <TT>`/etc'</TT> and
   6.958 -configure properly <CODE>sudo</CODE> so that the command <CODE>ifconfig</CODE>
   6.959 -contained in <TT>`qemu-ifup'</TT> can be executed as root. You must verify
   6.960 -that your host kernel supports the TUN/TAP network interfaces: the
   6.961 -device <TT>`/dev/net/tun'</TT> must be present.
   6.962 -
   6.963 -
   6.964 -<P>
   6.965 -See section <A HREF="qemu-doc.html#SEC23">3.8 Direct Linux Boot</A> to have an example of network use with a
   6.966 -Linux distribution.
   6.967 -
   6.968 -
   6.969 -
   6.970 -
   6.971 -<H3><A NAME="SEC22" HREF="qemu-doc.html#TOC22">3.7.2 Using the user mode network stack</A></H3>
   6.972 -
   6.973 -<P>
   6.974 -By using the option @option{-user-net} or if you have no tun/tap init
   6.975 -script, QEMU uses a completely user mode network stack (you don't need
   6.976 -root priviledge to use the virtual network). The virtual network
   6.977 -configuration is the following:
   6.978 -
   6.979 -
   6.980 -
   6.981 -<PRE>
   6.982 -
   6.983 -QEMU Virtual Machine    &#60;------&#62;  Firewall/DHCP server &#60;-----&#62; Internet
   6.984 -     (10.0.2.x)            |          (10.0.2.2)
   6.985 -                           |
   6.986 -                           ----&#62;  DNS server (10.0.2.3)
   6.987 -                           |     
   6.988 -                           ----&#62;  SMB server (10.0.2.4)
   6.989 -</PRE>
   6.990 -
   6.991 -<P>
   6.992 -The QEMU VM behaves as if it was behind a firewall which blocks all
   6.993 -incoming connections. You can use a DHCP client to automatically
   6.994 -configure the network in the QEMU VM.
   6.995 -
   6.996 -
   6.997 -<P>
   6.998 -In order to check that the user mode network is working, you can ping
   6.999 -the address 10.0.2.2 and verify that you got an address in the range
  6.1000 -10.0.2.x from the QEMU virtual DHCP server.
  6.1001 -
  6.1002 -
  6.1003 -<P>
  6.1004 -Note that <CODE>ping</CODE> is not supported reliably to the internet as it
  6.1005 -would require root priviledges. It means you can only ping the local
  6.1006 -router (10.0.2.2).
  6.1007 -
  6.1008 -
  6.1009 -<P>
  6.1010 -When using the built-in TFTP server, the router is also the TFTP
  6.1011 -server.
  6.1012 -
  6.1013 -
  6.1014 -<P>
  6.1015 -When using the @option{-redir} option, TCP or UDP connections can be
  6.1016 -redirected from the host to the guest. It allows for example to
  6.1017 -redirect X11, telnet or SSH connections.
  6.1018 -
  6.1019 -
  6.1020 -
  6.1021 -
  6.1022 -<H2><A NAME="SEC23" HREF="qemu-doc.html#TOC23">3.8 Direct Linux Boot</A></H2>
  6.1023 -
  6.1024 -<P>
  6.1025 -This section explains how to launch a Linux kernel inside QEMU without
  6.1026 -having to make a full bootable image. It is very useful for fast Linux
  6.1027 -kernel testing. The QEMU network configuration is also explained.
  6.1028 -
  6.1029 -
  6.1030 -
  6.1031 -<OL>
  6.1032 -<LI>
  6.1033 -
  6.1034 -Download the archive <TT>`linux-test-xxx.tar.gz'</TT> containing a Linux
  6.1035 -kernel and a disk image. 
  6.1036 -
  6.1037 -<LI>Optional: If you want network support (for example to launch X11 examples), you
  6.1038 -
  6.1039 -must copy the script <TT>`qemu-ifup'</TT> in <TT>`/etc'</TT> and configure
  6.1040 -properly <CODE>sudo</CODE> so that the command <CODE>ifconfig</CODE> contained in
  6.1041 -<TT>`qemu-ifup'</TT> can be executed as root. You must verify that your host
  6.1042 -kernel supports the TUN/TAP network interfaces: the device
  6.1043 -<TT>`/dev/net/tun'</TT> must be present.
  6.1044 -
  6.1045 -When network is enabled, there is a virtual network connection between
  6.1046 -the host kernel and the emulated kernel. The emulated kernel is seen
  6.1047 -from the host kernel at IP address 172.20.0.2 and the host kernel is
  6.1048 -seen from the emulated kernel at IP address 172.20.0.1.
  6.1049 -
  6.1050 -<LI>Launch <CODE>qemu.sh</CODE>. You should have the following output:
  6.1051 -
  6.1052 -
  6.1053 -<PRE>
  6.1054 -&#62; ./qemu.sh 
  6.1055 -Connected to host network interface: tun0
  6.1056 -Linux version 2.4.21 (bellard@voyager.localdomain) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003
  6.1057 -BIOS-provided physical RAM map:
  6.1058 - BIOS-e801: 0000000000000000 - 000000000009f000 (usable)
  6.1059 - BIOS-e801: 0000000000100000 - 0000000002000000 (usable)
  6.1060 -32MB LOWMEM available.
  6.1061 -On node 0 totalpages: 8192
  6.1062 -zone(0): 4096 pages.
  6.1063 -zone(1): 4096 pages.
  6.1064 -zone(2): 0 pages.
  6.1065 -Kernel command line: root=/dev/hda sb=0x220,5,1,5 ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe console=ttyS0
  6.1066 -ide_setup: ide2=noprobe
  6.1067 -ide_setup: ide3=noprobe
  6.1068 -ide_setup: ide4=noprobe
  6.1069 -ide_setup: ide5=noprobe
  6.1070 -Initializing CPU#0
  6.1071 -Detected 2399.621 MHz processor.
  6.1072 -Console: colour EGA 80x25
  6.1073 -Calibrating delay loop... 4744.80 BogoMIPS
  6.1074 -Memory: 28872k/32768k available (1210k kernel code, 3508k reserved, 266k data, 64k init, 0k highmem)
  6.1075 -Dentry cache hash table entries: 4096 (order: 3, 32768 bytes)
  6.1076 -Inode cache hash table entries: 2048 (order: 2, 16384 bytes)
  6.1077 -Mount cache hash table entries: 512 (order: 0, 4096 bytes)
  6.1078 -Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
  6.1079 -Page-cache hash table entries: 8192 (order: 3, 32768 bytes)
  6.1080 -CPU: Intel Pentium Pro stepping 03
  6.1081 -Checking 'hlt' instruction... OK.
  6.1082 -POSIX conformance testing by UNIFIX
  6.1083 -Linux NET4.0 for Linux 2.4
  6.1084 -Based upon Swansea University Computer Society NET3.039
  6.1085 -Initializing RT netlink socket
  6.1086 -apm: BIOS not found.
  6.1087 -Starting kswapd
  6.1088 -Journalled Block Device driver loaded
  6.1089 -Detected PS/2 Mouse Port.
  6.1090 -pty: 256 Unix98 ptys configured
  6.1091 -Serial driver version 5.05c (2001-07-08) with no serial options enabled
  6.1092 -ttyS00 at 0x03f8 (irq = 4) is a 16450
  6.1093 -ne.c:v1.10 9/23/94 Donald Becker (becker@scyld.com)
  6.1094 -Last modified Nov 1, 2000 by Paul Gortmaker
  6.1095 -NE*000 ethercard probe at 0x300: 52 54 00 12 34 56
  6.1096 -eth0: NE2000 found at 0x300, using IRQ 9.
  6.1097 -RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
  6.1098 -Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4
  6.1099 -ide: Assuming 50MHz system bus speed for PIO modes; override with idebus=xx
  6.1100 -hda: QEMU HARDDISK, ATA DISK drive
  6.1101 -ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
  6.1102 -hda: attached ide-disk driver.
  6.1103 -hda: 20480 sectors (10 MB) w/256KiB Cache, CHS=20/16/63
  6.1104 -Partition check:
  6.1105 - hda:
  6.1106 -Soundblaster audio driver Copyright (C) by Hannu Savolainen 1993-1996
  6.1107 -NET4: Linux TCP/IP 1.0 for NET4.0
  6.1108 -IP Protocols: ICMP, UDP, TCP, IGMP
  6.1109 -IP: routing cache hash table of 512 buckets, 4Kbytes
  6.1110 -TCP: Hash tables configured (established 2048 bind 4096)
  6.1111 -NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
  6.1112 -EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
  6.1113 -VFS: Mounted root (ext2 filesystem).
  6.1114 -Freeing unused kernel memory: 64k freed
  6.1115 - 
  6.1116 -Linux version 2.4.21 (bellard@voyager.localdomain) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003
  6.1117 - 
  6.1118 -QEMU Linux test distribution (based on Redhat 9)
  6.1119 - 
  6.1120 -Type 'exit' to halt the system
  6.1121 - 
  6.1122 -sh-2.05b# 
  6.1123 -</PRE>
  6.1124 -
  6.1125 -<LI>
  6.1126 -
  6.1127 -Then you can play with the kernel inside the virtual serial console. You
  6.1128 -can launch <CODE>ls</CODE> for example. Type <KBD>Ctrl-a h</KBD> to have an help
  6.1129 -about the keys you can type inside the virtual serial console. In
  6.1130 -particular, use <KBD>Ctrl-a x</KBD> to exit QEMU and use <KBD>Ctrl-a b</KBD> as
  6.1131 -the Magic SysRq key.
  6.1132 -
  6.1133 -<LI>
  6.1134 -
  6.1135 -If the network is enabled, launch the script <TT>`/etc/linuxrc'</TT> in the
  6.1136 -emulator (don't forget the leading dot):
  6.1137 -
  6.1138 -<PRE>
  6.1139 -. /etc/linuxrc
  6.1140 -</PRE>
  6.1141 -
  6.1142 -Then enable X11 connections on your PC from the emulated Linux: 
  6.1143 -
  6.1144 -<PRE>
  6.1145 -xhost +172.20.0.2
  6.1146 -</PRE>
  6.1147 -
  6.1148 -You can now launch <TT>`xterm'</TT> or <TT>`xlogo'</TT> and verify that you have
  6.1149 -a real Virtual Linux system !
  6.1150 -
  6.1151 -</OL>
  6.1152 -
  6.1153 -<P>
  6.1154 -NOTES:
  6.1155 -
  6.1156 -<OL>
  6.1157 -<LI>
  6.1158 -
  6.1159 -A 2.5.74 kernel is also included in the archive. Just
  6.1160 -replace the bzImage in qemu.sh to try it.
  6.1161 -
  6.1162 -<LI>
  6.1163 -
  6.1164 -qemu-fast creates a temporary file in <VAR>$QEMU_TMPDIR</VAR> (<TT>`/tmp'</TT> is the
  6.1165 -default) containing all the simulated PC memory. If possible, try to use
  6.1166 -a temporary directory using the tmpfs filesystem to avoid too many
  6.1167 -unnecessary disk accesses.
  6.1168 -
  6.1169 -<LI>
  6.1170 -
  6.1171 -In order to exit cleanly from qemu, you can do a <EM>shutdown</EM> inside
  6.1172 -qemu. qemu will automatically exit when the Linux shutdown is done.
  6.1173 -
  6.1174 -<LI>
  6.1175 -
  6.1176 -You can boot slightly faster by disabling the probe of non present IDE
  6.1177 -interfaces. To do so, add the following options on the kernel command
  6.1178 -line:
  6.1179 -
  6.1180 -<PRE>
  6.1181 -ide1=noprobe ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe
  6.1182 -</PRE>
  6.1183 -
  6.1184 -<LI>
  6.1185 -
  6.1186 -The example disk image is a modified version of the one made by Kevin
  6.1187 -Lawton for the plex86 Project (<A HREF="www.plex86.org">www.plex86.org</A>).
  6.1188 -
  6.1189 -</OL>
  6.1190 -
  6.1191 -
  6.1192 -
  6.1193 -<H2><A NAME="SEC24" HREF="qemu-doc.html#TOC24">3.9 Linux Kernel Compilation</A></H2>
  6.1194 -
  6.1195 -<P>
  6.1196 -You can use any linux kernel with QEMU. However, if you want to use
  6.1197 -<CODE>qemu-fast</CODE> to get maximum performances, you must use a modified
  6.1198 -guest kernel. If you are using a 2.6 guest kernel, you can use
  6.1199 -directly the patch <TT>`linux-2.6-qemu-fast.patch'</TT> made by Rusty
  6.1200 -Russel available in the QEMU source archive. Otherwise, you can make the
  6.1201 -following changes <EM>by hand</EM> to the Linux kernel:
  6.1202 -
  6.1203 -
  6.1204 -
  6.1205 -<OL>
  6.1206 -<LI>
  6.1207 -
  6.1208 -The kernel must be mapped at 0x90000000 (the default is
  6.1209 -0xc0000000). You must modify only two lines in the kernel source:
  6.1210 -
  6.1211 -In <TT>`include/asm/page.h'</TT>, replace
  6.1212 -
  6.1213 -<PRE>
  6.1214 -#define __PAGE_OFFSET           (0xc0000000)
  6.1215 -</PRE>
  6.1216 -
  6.1217 -by
  6.1218 -
  6.1219 -<PRE>
  6.1220 -#define __PAGE_OFFSET           (0x90000000)
  6.1221 -</PRE>
  6.1222 -
  6.1223 -And in <TT>`arch/i386/vmlinux.lds'</TT>, replace
  6.1224 -
  6.1225 -<PRE>
  6.1226 -  . = 0xc0000000 + 0x100000;
  6.1227 -</PRE>
  6.1228 -
  6.1229 -by 
  6.1230 -
  6.1231 -<PRE>
  6.1232 -  . = 0x90000000 + 0x100000;
  6.1233 -</PRE>
  6.1234 -
  6.1235 -<LI>
  6.1236 -
  6.1237 -If you want to enable SMP (Symmetric Multi-Processing) support, you
  6.1238 -must make the following change in <TT>`include/asm/fixmap.h'</TT>. Replace
  6.1239 -
  6.1240 -<PRE>
  6.1241 -#define FIXADDR_TOP	(0xffffX000UL)
  6.1242 -</PRE>
  6.1243 -
  6.1244 -by 
  6.1245 -
  6.1246 -<PRE>
  6.1247 -#define FIXADDR_TOP	(0xa7ffX000UL)
  6.1248 -</PRE>
  6.1249 -
  6.1250 -(X is 'e' or 'f' depending on the kernel version). Although you can
  6.1251 -use an SMP kernel with QEMU, it only supports one CPU.
  6.1252 -
  6.1253 -<LI>
  6.1254 -
  6.1255 -If you are not using a 2.6 kernel as host kernel but if you use a target
  6.1256 -2.6 kernel, you must also ensure that the 'HZ' define is set to 100
  6.1257 -(1000 is the default) as QEMU cannot currently emulate timers at
  6.1258 -frequencies greater than 100 Hz on host Linux systems &#60; 2.6. In
  6.1259 -<TT>`include/asm/param.h'</TT>, replace:
  6.1260 -
  6.1261 -
  6.1262 -<PRE>
  6.1263 -# define HZ		1000		/* Internal kernel timer frequency */
  6.1264 -</PRE>
  6.1265 -
  6.1266 -by
  6.1267 -
  6.1268 -<PRE>
  6.1269 -# define HZ		100		/* Internal kernel timer frequency */
  6.1270 -</PRE>
  6.1271 -
  6.1272 -</OL>
  6.1273 -
  6.1274 -<P>
  6.1275 -The file config-2.x.x gives the configuration of the example kernels.
  6.1276 -
  6.1277 -
  6.1278 -<P>
  6.1279 -Just type
  6.1280 -
  6.1281 -<PRE>
  6.1282 -make bzImage
  6.1283 -</PRE>
  6.1284 -
  6.1285 -<P>
  6.1286 -As you would do to make a real kernel. Then you can use with QEMU
  6.1287 -exactly the same kernel as you would boot on your PC (in
  6.1288 -<TT>`arch/i386/boot/bzImage'</TT>).
  6.1289 -
  6.1290 -
  6.1291 -
  6.1292 -
  6.1293 -<H2><A NAME="SEC25" HREF="qemu-doc.html#TOC25">3.10 GDB usage</A></H2>
  6.1294 -
  6.1295 -<P>
  6.1296 -QEMU has a primitive support to work with gdb, so that you can do
  6.1297 -'Ctrl-C' while the virtual machine is running and inspect its state.
  6.1298 -
  6.1299 -
  6.1300 -<P>
  6.1301 -In order to use gdb, launch qemu with the '-s' option. It will wait for a
  6.1302 -gdb connection:
  6.1303 -
  6.1304 -<PRE>
  6.1305 -&#62; qemu -s -kernel arch/i386/boot/bzImage -hda root-2.4.20.img -append "root=/dev/hda"
  6.1306 -Connected to host network interface: tun0
  6.1307 -Waiting gdb connection on port 1234
  6.1308 -</PRE>
  6.1309 -
  6.1310 -<P>
  6.1311 -Then launch gdb on the 'vmlinux' executable:
  6.1312 -
  6.1313 -<PRE>
  6.1314 -&#62; gdb vmlinux
  6.1315 -</PRE>
  6.1316 -
  6.1317 -<P>
  6.1318 -In gdb, connect to QEMU:
  6.1319 -
  6.1320 -<PRE>
  6.1321 -(gdb) target remote localhost:1234
  6.1322 -</PRE>
  6.1323 -
  6.1324 -<P>
  6.1325 -Then you can use gdb normally. For example, type 'c' to launch the kernel:
  6.1326 -
  6.1327 -<PRE>
  6.1328 -(gdb) c
  6.1329 -</PRE>
  6.1330 -
  6.1331 -<P>
  6.1332 -Here are some useful tips in order to use gdb on system code:
  6.1333 -
  6.1334 -
  6.1335 -
  6.1336 -<OL>
  6.1337 -<LI>
  6.1338 -
  6.1339 -Use <CODE>info reg</CODE> to display all the CPU registers.
  6.1340 -<LI>
  6.1341 -
  6.1342 -Use <CODE>x/10i $eip</CODE> to display the code at the PC position.
  6.1343 -<LI>
  6.1344 -
  6.1345 -Use <CODE>set architecture i8086</CODE> to dump 16 bit code. Then use
  6.1346 -<CODE>x/10i $cs*16+*eip</CODE> to dump the code at the PC position.
  6.1347 -</OL>
  6.1348 -
  6.1349 -
  6.1350 -
  6.1351 -<H2><A NAME="SEC26" HREF="qemu-doc.html#TOC26">3.11 Target OS specific information</A></H2>
  6.1352 -
  6.1353 -
  6.1354 -
  6.1355 -<H3><A NAME="SEC27" HREF="qemu-doc.html#TOC27">3.11.1 Linux</A></H3>
  6.1356 -
  6.1357 -<P>
  6.1358 -To have access to SVGA graphic modes under X11, use the <CODE>vesa</CODE> or
  6.1359 -the <CODE>cirrus</CODE> X11 driver. For optimal performances, use 16 bit
  6.1360 -color depth in the guest and the host OS.
  6.1361 -
  6.1362 -
  6.1363 -<P>
  6.1364 -When using a 2.6 guest Linux kernel, you should add the option
  6.1365 -<CODE>clock=pit</CODE> on the kernel command line because the 2.6 Linux
  6.1366 -kernels make very strict real time clock checks by default that QEMU
  6.1367 -cannot simulate exactly.
  6.1368 -
  6.1369 -
  6.1370 -
  6.1371 -
  6.1372 -<H3><A NAME="SEC28" HREF="qemu-doc.html#TOC28">3.11.2 Windows</A></H3>
  6.1373 -
  6.1374 -<P>
  6.1375 -If you have a slow host, using Windows 95 is better as it gives the
  6.1376 -best speed. Windows 2000 is also a good choice.
  6.1377 -
  6.1378 -
  6.1379 -
  6.1380 -
  6.1381 -<H4><A NAME="SEC29" HREF="qemu-doc.html#TOC29">3.11.2.1 SVGA graphic modes support</A></H4>
  6.1382 -
  6.1383 -<P>
  6.1384 -QEMU emulates a Cirrus Logic GD5446 Video
  6.1385 -card. All Windows versions starting from Windows 95 should recognize
  6.1386 -and use this graphic card. For optimal performances, use 16 bit color
  6.1387 -depth in the guest and the host OS.
  6.1388 -
  6.1389 -
  6.1390 -
  6.1391 -
  6.1392 -<H4><A NAME="SEC30" HREF="qemu-doc.html#TOC30">3.11.2.2 CPU usage reduction</A></H4>
  6.1393 -
  6.1394 -<P>
  6.1395 -Windows 9x does not correctly use the CPU HLT
  6.1396 -instruction. The result is that it takes host CPU cycles even when
  6.1397 -idle. You can install the utility from
  6.1398 -<A HREF="http://www.user.cityline.ru/~maxamn/amnhltm.zip">http://www.user.cityline.ru/~maxamn/amnhltm.zip</A> to solve this
  6.1399 -problem. Note that no such tool is needed for NT, 2000 or XP.
  6.1400 -
  6.1401 -
  6.1402 -
  6.1403 -
  6.1404 -<H4><A NAME="SEC31" HREF="qemu-doc.html#TOC31">3.11.2.3 Windows 2000 disk full problems</A></H4>
  6.1405 -
  6.1406 -<P>
  6.1407 -Currently (release 0.6.0) QEMU has a bug which gives a <CODE>disk
  6.1408 -full</CODE> error during installation of some releases of Windows 2000. The
  6.1409 -workaround is to stop QEMU as soon as you notice that your disk image
  6.1410 -size is growing too fast (monitor it with <CODE>ls -ls</CODE>). Then
  6.1411 -relaunch QEMU to continue the installation. If you still experience
  6.1412 -the problem, relaunch QEMU again.
  6.1413 -
  6.1414 -
  6.1415 -<P>
  6.1416 -Future QEMU releases are likely to correct this bug.
  6.1417 -
  6.1418 -
  6.1419 -
  6.1420 -
  6.1421 -<H4><A NAME="SEC32" HREF="qemu-doc.html#TOC32">3.11.2.4 Windows XP security problems</A></H4>
  6.1422 -
  6.1423 -<P>
  6.1424 -Some releases of Windows XP install correctly but give a security
  6.1425 -error when booting:
  6.1426 -
  6.1427 -<PRE>
  6.1428 -A problem is preventing Windows from accurately checking the
  6.1429 -license for this computer. Error code: 0x800703e6.
  6.1430 -</PRE>
  6.1431 -
  6.1432 -<P>
  6.1433 -The only known workaround is to boot in Safe mode
  6.1434 -without networking support. 
  6.1435 -
  6.1436 -
  6.1437 -<P>
  6.1438 -Future QEMU releases are likely to correct this bug.
  6.1439 -
  6.1440 -
  6.1441 -
  6.1442 -
  6.1443 -<H3><A NAME="SEC33" HREF="qemu-doc.html#TOC33">3.11.3 MS-DOS and FreeDOS</A></H3>
  6.1444 -
  6.1445 -
  6.1446 -
  6.1447 -<H4><A NAME="SEC34" HREF="qemu-doc.html#TOC34">3.11.3.1 CPU usage reduction</A></H4>
  6.1448 -
  6.1449 -<P>
  6.1450 -DOS does not correctly use the CPU HLT instruction. The result is that
  6.1451 -it takes host CPU cycles even when idle. You can install the utility
  6.1452 -from <A HREF="http://www.vmware.com/software/dosidle210.zip">http://www.vmware.com/software/dosidle210.zip</A> to solve this
  6.1453 -problem.
  6.1454 -
  6.1455 -
  6.1456 -
  6.1457 -
  6.1458 -<H1><A NAME="SEC35" HREF="qemu-doc.html#TOC35">4. QEMU PowerPC System emulator invocation</A></H1>
  6.1459 -
  6.1460 -<P>
  6.1461 -Use the executable <TT>`qemu-system-ppc'</TT> to simulate a complete PREP
  6.1462 -or PowerMac PowerPC system.
  6.1463 -
  6.1464 -
  6.1465 -<P>
  6.1466 -QEMU emulates the following PowerMac peripherials:
  6.1467 -
  6.1468 -
  6.1469 -
  6.1470 -<UL>
  6.1471 -<LI>
  6.1472 -
  6.1473 -UniNorth PCI Bridge 
  6.1474 -<LI>
  6.1475 -
  6.1476 -PCI VGA compatible card with VESA Bochs Extensions
  6.1477 -<LI>
  6.1478 -
  6.1479 -2 PMAC IDE interfaces with hard disk and CD-ROM support
  6.1480 -<LI>
  6.1481 -
  6.1482 -NE2000 PCI adapters
  6.1483 -<LI>
  6.1484 -
  6.1485 -Non Volatile RAM
  6.1486 -<LI>
  6.1487 -
  6.1488 -VIA-CUDA with ADB keyboard and mouse.
  6.1489 -</UL>
  6.1490 -
  6.1491 -<P>
  6.1492 -QEMU emulates the following PREP peripherials:
  6.1493 -
  6.1494 -
  6.1495 -
  6.1496 -<UL>
  6.1497 -<LI>
  6.1498 -
  6.1499 -PCI Bridge
  6.1500 -<LI>
  6.1501 -
  6.1502 -PCI VGA compatible card with VESA Bochs Extensions
  6.1503 -<LI>
  6.1504 -
  6.1505 -2 IDE interfaces with hard disk and CD-ROM support
  6.1506 -<LI>
  6.1507 -
  6.1508 -Floppy disk
  6.1509 -<LI>
  6.1510 -
  6.1511 -NE2000 network adapters
  6.1512 -<LI>
  6.1513 -
  6.1514 -Serial port
  6.1515 -<LI>
  6.1516 -
  6.1517 -PREP Non Volatile RAM
  6.1518 -<LI>
  6.1519 -
  6.1520 -PC compatible keyboard and mouse.
  6.1521 -</UL>
  6.1522 -
  6.1523 -<P>
  6.1524 -QEMU uses the Open Hack'Ware Open Firmware Compatible BIOS available at
  6.1525 -<A HREF="http://site.voila.fr/jmayer/OpenHackWare/index.htm">http://site.voila.fr/jmayer/OpenHackWare/index.htm</A>.
  6.1526 -
  6.1527 -
  6.1528 -<P>
  6.1529 -You can read the qemu PC system emulation chapter to have more
  6.1530 -informations about QEMU usage.
  6.1531 -
  6.1532 -
  6.1533 -<P>
  6.1534 -The following options are specific to the PowerPC emulation:
  6.1535 -
  6.1536 -
  6.1537 -<DL COMPACT>
  6.1538 -
  6.1539 -<DT>@option{-prep}
  6.1540 -<DD>
  6.1541 -Simulate a PREP system (default is PowerMAC)
  6.1542 -
  6.1543 -<DT>@option{-g WxH[xDEPTH]}
  6.1544 -<DD>
  6.1545 -Set the initial VGA graphic mode. The default is 800x600x15.
  6.1546 -
  6.1547 -</DL>
  6.1548 -
  6.1549 -<P>
  6.1550 -More information is available at
  6.1551 -<A HREF="http://jocelyn.mayer.free.fr/qemu-ppc/">http://jocelyn.mayer.free.fr/qemu-ppc/</A>.
  6.1552 -
  6.1553 -
  6.1554 -
  6.1555 -
  6.1556 -<H1><A NAME="SEC36" HREF="qemu-doc.html#TOC36">5. QEMU User space emulator invocation</A></H1>
  6.1557 -
  6.1558 -
  6.1559 -
  6.1560 -<H2><A NAME="SEC37" HREF="qemu-doc.html#TOC37">5.1 Quick Start</A></H2>
  6.1561 -
  6.1562 -<P>
  6.1563 -In order to launch a Linux process, QEMU needs the process executable
  6.1564 -itself and all the target (x86) dynamic libraries used by it. 
  6.1565 -
  6.1566 -
  6.1567 -
  6.1568 -<UL>
  6.1569 -
  6.1570 -<LI>On x86, you can just try to launch any process by using the native
  6.1571 -
  6.1572 -libraries:
  6.1573 -
  6.1574 -
  6.1575 -<PRE>
  6.1576 -qemu-i386 -L / /bin/ls
  6.1577 -</PRE>
  6.1578 -
  6.1579 -<CODE>-L /</CODE> tells that the x86 dynamic linker must be searched with a
  6.1580 -<TT>`/'</TT> prefix.
  6.1581 -
  6.1582 -<LI>Since QEMU is also a linux process, you can launch qemu with qemu (NOTE: you can only do that if you compiled QEMU from the sources):
  6.1583 -
  6.1584 -
  6.1585 -<PRE>
  6.1586 -qemu-i386 -L / qemu-i386 -L / /bin/ls
  6.1587 -</PRE>
  6.1588 -
  6.1589 -<LI>On non x86 CPUs, you need first to download at least an x86 glibc
  6.1590 -
  6.1591 -(<TT>`qemu-runtime-i386-XXX-.tar.gz'</TT> on the QEMU web page). Ensure that
  6.1592 -<CODE>LD_LIBRARY_PATH</CODE> is not set:
  6.1593 -
  6.1594 -
  6.1595 -<PRE>
  6.1596 -unset LD_LIBRARY_PATH 
  6.1597 -</PRE>
  6.1598 -
  6.1599 -Then you can launch the precompiled <TT>`ls'</TT> x86 executable:
  6.1600 -
  6.1601 -
  6.1602 -<PRE>
  6.1603 -qemu-i386 tests/i386/ls
  6.1604 -</PRE>
  6.1605 -
  6.1606 -You can look at <TT>`qemu-binfmt-conf.sh'</TT> so that
  6.1607 -QEMU is automatically launched by the Linux kernel when you try to
  6.1608 -launch x86 executables. It requires the <CODE>binfmt_misc</CODE> module in the
  6.1609 -Linux kernel.
  6.1610 -
  6.1611 -<LI>The x86 version of QEMU is also included. You can try weird things such as:
  6.1612 -
  6.1613 -
  6.1614 -<PRE>
  6.1615 -qemu-i386 /usr/local/qemu-i386/bin/qemu-i386 /usr/local/qemu-i386/bin/ls-i386
  6.1616 -</PRE>
  6.1617 -
  6.1618 -</UL>
  6.1619 -
  6.1620 -
  6.1621 -
  6.1622 -<H2><A NAME="SEC38" HREF="qemu-doc.html#TOC38">5.2 Wine launch</A></H2>
  6.1623 -
  6.1624 -
  6.1625 -<UL>
  6.1626 -
  6.1627 -<LI>Ensure that you have a working QEMU with the x86 glibc
  6.1628 -
  6.1629 -distribution (see previous section). In order to verify it, you must be
  6.1630 -able to do:
  6.1631 -
  6.1632 -
  6.1633 -<PRE>
  6.1634 -qemu-i386 /usr/local/qemu-i386/bin/ls-i386
  6.1635 -</PRE>
  6.1636 -
  6.1637 -<LI>Download the binary x86 Wine install
  6.1638 -
  6.1639 -(<TT>`qemu-XXX-i386-wine.tar.gz'</TT> on the QEMU web page). 
  6.1640 -
  6.1641 -<LI>Configure Wine on your account. Look at the provided script
  6.1642 -
  6.1643 -<TT>`/usr/local/qemu-i386/bin/wine-conf.sh'</TT>. Your previous
  6.1644 -<CODE>${HOME}/.wine</CODE> directory is saved to <CODE>${HOME}/.wine.org</CODE>.
  6.1645 -
  6.1646 -<LI>Then you can try the example <TT>`putty.exe'</TT>:
  6.1647 -
  6.1648 -
  6.1649 -<PRE>
  6.1650 -qemu-i386 /usr/local/qemu-i386/wine/bin/wine /usr/local/qemu-i386/wine/c/Program\ Files/putty.exe
  6.1651 -</PRE>
  6.1652 -
  6.1653 -</UL>
  6.1654 -
  6.1655 -
  6.1656 -
  6.1657 -<H2><A NAME="SEC39" HREF="qemu-doc.html#TOC39">5.3 Command line options</A></H2>
  6.1658 -
  6.1659 -
  6.1660 -<PRE>
  6.1661 -usage: qemu-i386 [-h] [-d] [-L path] [-s size] program [arguments...]
  6.1662 -</PRE>
  6.1663 -
  6.1664 -<DL COMPACT>
  6.1665 -
  6.1666 -<DT>@option{-h}
  6.1667 -<DD>
  6.1668 -Print the help
  6.1669 -<DT>@option{-L path}
  6.1670 -<DD>
  6.1671 -Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386)
  6.1672 -<DT>@option{-s size}
  6.1673 -<DD>
  6.1674 -Set the x86 stack size in bytes (default=524288)
  6.1675 -</DL>
  6.1676 -
  6.1677 -<P>
  6.1678 -Debug options:
  6.1679 -
  6.1680 -
  6.1681 -<DL COMPACT>
  6.1682 -
  6.1683 -<DT>@option{-d}
  6.1684 -<DD>
  6.1685 -Activate log (logfile=/tmp/qemu.log)
  6.1686 -<DT>@option{-p pagesize}
  6.1687 -<DD>
  6.1688 -Act as if the host page size was 'pagesize' bytes
  6.1689 -</DL>
  6.1690 -
  6.1691 -
  6.1692 -
  6.1693 -<H1><A NAME="SEC40" HREF="qemu-doc.html#TOC40">6. Compilation from the sources</A></H1>
  6.1694 -
  6.1695 -
  6.1696 -
  6.1697 -<H2><A NAME="SEC41" HREF="qemu-doc.html#TOC41">6.1 Linux/BSD</A></H2>
  6.1698 -
  6.1699 -<P>
  6.1700 -Read the <TT>`README'</TT> which gives the related information.
  6.1701 -
  6.1702 -
  6.1703 -
  6.1704 -
  6.1705 -<H2><A NAME="SEC42" HREF="qemu-doc.html#TOC42">6.2 Windows</A></H2>
  6.1706 -
  6.1707 -
  6.1708 -<UL>
  6.1709 -<LI>Install the current versions of MSYS and MinGW from
  6.1710 -
  6.1711 -<A HREF="http://www.mingw.org/">http://www.mingw.org/</A>. You can find detailed installation
  6.1712 -instructions in the download section and the FAQ.
  6.1713 -
  6.1714 -<LI>Download
  6.1715 -
  6.1716 -the MinGW development library of SDL 1.2.x
  6.1717 -(<TT>`SDL-devel-1.2.x-mingw32.tar.gz'</TT>) from
  6.1718 -<A HREF="http://www.libsdl.org">http://www.libsdl.org</A>. Unpack it in a temporary place, and
  6.1719 -unpack the archive <TT>`i386-mingw32msvc.tar.gz'</TT> in the MinGW tool
  6.1720 -directory. Edit the <TT>`sdl-config'</TT> script so that it gives the
  6.1721 -correct SDL directory when invoked.
  6.1722 -
  6.1723 -<LI>Extract the current version of QEMU.
  6.1724 -
  6.1725 - 
  6.1726 -<LI>Start the MSYS shell (file <TT>`msys.bat'</TT>).
  6.1727 -
  6.1728 -<LI>Change to the QEMU directory. Launch <TT>`./configure'</TT> and
  6.1729 -
  6.1730 -<TT>`make'</TT>.  If you have problems using SDL, verify that
  6.1731 -<TT>`sdl-config'</TT> can be launched from the MSYS command line.
  6.1732 -
  6.1733 -<LI>You can install QEMU in <TT>`Program Files/Qemu'</TT> by typing
  6.1734 -
  6.1735 -<TT>`make install'</TT>. Don't forget to copy <TT>`SDL.dll'</TT> in
  6.1736 -<TT>`Program Files/Qemu'</TT>.
  6.1737 -
  6.1738 -</UL>
  6.1739 -
  6.1740 -
  6.1741 -
  6.1742 -<H2><A NAME="SEC43" HREF="qemu-doc.html#TOC43">6.3 Cross compilation for Windows with Linux</A></H2>
  6.1743 -
  6.1744 -
  6.1745 -<UL>
  6.1746 -<LI>
  6.1747 -
  6.1748 -Install the MinGW cross compilation tools available at
  6.1749 -<A HREF="http://www.mingw.org/">http://www.mingw.org/</A>.
  6.1750 -
  6.1751 -<LI>
  6.1752 -
  6.1753 -Install the Win32 version of SDL (<A HREF="http://www.libsdl.org">http://www.libsdl.org</A>) by
  6.1754 -unpacking <TT>`i386-mingw32msvc.tar.gz'</TT>. Set up the PATH environment
  6.1755 -variable so that <TT>`i386-mingw32msvc-sdl-config'</TT> can be launched by
  6.1756 -the QEMU configuration script.
  6.1757 -
  6.1758 -<LI>
  6.1759 -
  6.1760 -Configure QEMU for Windows cross compilation:
  6.1761 -
  6.1762 -<PRE>
  6.1763 -./configure --enable-mingw32
  6.1764 -</PRE>
  6.1765 -
  6.1766 -If necessary, you can change the cross-prefix according to the prefix
  6.1767 -choosen for the MinGW tools with --cross-prefix. You can also use
  6.1768 ---prefix to set the Win32 install path.
  6.1769 -
  6.1770 -<LI>You can install QEMU in the installation directory by typing
  6.1771 -
  6.1772 -<TT>`make install'</TT>. Don't forget to copy <TT>`SDL.dll'</TT> in the
  6.1773 -installation directory. 
  6.1774 -
  6.1775 -</UL>
  6.1776 -
  6.1777 -<P>
  6.1778 -Note: Currently, Wine does not seem able to launch
  6.1779 -QEMU for Win32.
  6.1780 -
  6.1781 -
  6.1782 -
  6.1783 -
  6.1784 -<H2><A NAME="SEC44" HREF="qemu-doc.html#TOC44">6.4 Mac OS X</A></H2>
  6.1785 -
  6.1786 -<P>
  6.1787 -The Mac OS X patches are not fully merged in QEMU, so you should look
  6.1788 -at the QEMU mailing list archive to have all the necessary
  6.1789 -information.
  6.1790 -
  6.1791 -
  6.1792 -<P><HR><P>
  6.1793 -This document was generated on 19 May 2005 using
  6.1794 -<A HREF="http://wwwinfo.cern.ch/dis/texi2html/">texi2html</A>&nbsp;1.56k.
  6.1795 -</BODY>
  6.1796 -</HTML>
     7.1 --- a/tools/ioemu/qemu-doc.texi	Fri May 20 01:47:06 2005 +0000
     7.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     7.3 @@ -1,1296 +0,0 @@
     7.4 -\input texinfo @c -*- texinfo -*-
     7.5 -
     7.6 -@iftex
     7.7 -@settitle QEMU CPU Emulator User Documentation
     7.8 -@titlepage
     7.9 -@sp 7
    7.10 -@center @titlefont{QEMU CPU Emulator User Documentation}
    7.11 -@sp 3
    7.12 -@end titlepage
    7.13 -@end iftex
    7.14 -
    7.15 -@chapter Introduction
    7.16 -
    7.17 -@section Features
    7.18 -
    7.19 -QEMU is a FAST! processor emulator using dynamic translation to
    7.20 -achieve good emulation speed.
    7.21 -
    7.22 -QEMU has two operating modes:
    7.23 -
    7.24 -@itemize @minus
    7.25 -
    7.26 -@item 
    7.27 -Full system emulation. In this mode, QEMU emulates a full system (for
    7.28 -example a PC), including a processor and various peripherials. It can
    7.29 -be used to launch different Operating Systems without rebooting the
    7.30 -PC or to debug system code.
    7.31 -
    7.32 -@item 
    7.33 -User mode emulation (Linux host only). In this mode, QEMU can launch
    7.34 -Linux processes compiled for one CPU on another CPU. It can be used to
    7.35 -launch the Wine Windows API emulator (@url{http://www.winehq.org}) or
    7.36 -to ease cross-compilation and cross-debugging.
    7.37 -
    7.38 -@end itemize
    7.39 -
    7.40 -As QEMU requires no host kernel driver to run, it is very safe and
    7.41 -easy to use.
    7.42 -
    7.43 -For system emulation, the following hardware targets are supported:
    7.44 -@itemize
    7.45 -@item PC (x86 processor)
    7.46 -@item PREP (PowerPC processor)
    7.47 -@item PowerMac (PowerPC processor, in progress)
    7.48 -@end itemize
    7.49 -
    7.50 -For user emulation, x86, PowerPC, ARM, and SPARC CPUs are supported.
    7.51 -
    7.52 -@chapter Installation
    7.53 -
    7.54 -If you want to compile QEMU yourself, see @ref{compilation}.
    7.55 -
    7.56 -@section Linux
    7.57 -
    7.58 -Download the binary distribution (@file{qemu-XXX-i386.tar.gz}) and
    7.59 -untar it as root in @file{/}:
    7.60 -
    7.61 -@example
    7.62 -su
    7.63 -cd /
    7.64 -tar zxvf /tmp/qemu-XXX-i386.tar.gz
    7.65 -@end example
    7.66 -
    7.67 -@section Windows
    7.68 -
    7.69 -Download the experimental binary installer at
    7.70 -@url{http://www.freeoszoo.org/download.php}.
    7.71 -
    7.72 -@section Mac OS X
    7.73 -
    7.74 -Download the experimental binary installer at
    7.75 -@url{http://www.freeoszoo.org/download.php}.
    7.76 -
    7.77 -@chapter QEMU PC System emulator invocation
    7.78 -
    7.79 -@section Introduction
    7.80 -
    7.81 -@c man begin DESCRIPTION
    7.82 -
    7.83 -The QEMU System emulator simulates a complete PC.
    7.84 -
    7.85 -In order to meet specific user needs, two versions of QEMU are
    7.86 -available:
    7.87 -
    7.88 -@enumerate
    7.89 -
    7.90 -@item 
    7.91 -@code{qemu-fast} uses the host Memory Management Unit (MMU) to
    7.92 -simulate the x86 MMU. It is @emph{fast} but has limitations because
    7.93 -the whole 4 GB address space cannot be used and some memory mapped
    7.94 -peripherials cannot be emulated accurately yet. Therefore, a specific
    7.95 -guest Linux kernel can be used (@xref{linux_compile}) as guest
    7.96 -OS. 
    7.97 -
    7.98 -Moreover there is no separation between the host and target address
    7.99 -spaces, so it offers no security (the target OS can modify the
   7.100 -@code{qemu-fast} code by writing at the right addresses).
   7.101 -
   7.102 -@item 
   7.103 -@code{qemu} uses a software MMU. It is about @emph{two times slower}
   7.104 -but gives a more accurate emulation and a complete separation between
   7.105 -the host and target address spaces.
   7.106 -
   7.107 -@end enumerate
   7.108 -
   7.109 -QEMU emulates the following PC peripherials:
   7.110 -
   7.111 -@itemize @minus
   7.112 -@item 
   7.113 -i440FX host PCI bridge and PIIX3 PCI to ISA bridge
   7.114 -@item
   7.115 -Cirrus CLGD 5446 PCI VGA card or dummy VGA card with Bochs VESA
   7.116 -extensions (hardware level, including all non standard modes).
   7.117 -@item
   7.118 -PS/2 mouse and keyboard
   7.119 -@item 
   7.120 -2 PCI IDE interfaces with hard disk and CD-ROM support
   7.121 -@item
   7.122 -Floppy disk
   7.123 -@item 
   7.124 -NE2000 PCI network adapters
   7.125 -@item
   7.126 -Serial ports
   7.127 -@item
   7.128 -Soundblaster 16 card
   7.129 -@end itemize
   7.130 -
   7.131 -QEMU uses the PC BIOS from the Bochs project and the Plex86/Bochs LGPL
   7.132 -VGA BIOS.
   7.133 -
   7.134 -@c man end
   7.135 -
   7.136 -@section Quick Start
   7.137 -
   7.138 -Download and uncompress the linux image (@file{linux.img}) and type:
   7.139 -
   7.140 -@example
   7.141 -qemu linux.img
   7.142 -@end example
   7.143 -
   7.144 -Linux should boot and give you a prompt.
   7.145 -
   7.146 -@section Invocation
   7.147 -
   7.148 -@example
   7.149 -@c man begin SYNOPSIS
   7.150 -usage: qemu [options] [disk_image]
   7.151 -@c man end
   7.152 -@end example
   7.153 -
   7.154 -@c man begin OPTIONS
   7.155 -@var{disk_image} is a raw hard disk image for IDE hard disk 0.
   7.156 -
   7.157 -General options:
   7.158 -@table @option
   7.159 -@item -fda file
   7.160 -@item -fdb file
   7.161 -Use @var{file} as floppy disk 0/1 image (@xref{disk_images}). You can
   7.162 -use the host floppy by using @file{/dev/fd0} as filename.
   7.163 -
   7.164 -@item -hda file
   7.165 -@item -hdb file
   7.166 -@item -hdc file
   7.167 -@item -hdd file
   7.168 -Use @var{file} as hard disk 0, 1, 2 or 3 image (@xref{disk_images}).
   7.169 -
   7.170 -@item -cdrom file
   7.171 -Use @var{file} as CD-ROM image (you cannot use @option{-hdc} and and
   7.172 -@option{-cdrom} at the same time). You can use the host CD-ROM by
   7.173 -using @file{/dev/cdrom} as filename.
   7.174 -
   7.175 -@item -boot [a|c|d]
   7.176 -Boot on floppy (a), hard disk (c) or CD-ROM (d). Hard disk boot is
   7.177 -the default.
   7.178 -
   7.179 -@item -snapshot
   7.180 -Write to temporary files instead of disk image files. In this case,
   7.181 -the raw disk image you use is not written back. You can however force
   7.182 -the write back by pressing @key{C-a s} (@xref{disk_images}). 
   7.183 -
   7.184 -@item -m megs
   7.185 -Set virtual RAM size to @var{megs} megabytes. Default is 128 MB.
   7.186 -
   7.187 -@item -nographic
   7.188 -
   7.189 -Normally, QEMU uses SDL to display the VGA output. With this option,
   7.190 -you can totally disable graphical output so that QEMU is a simple
   7.191 -command line application. The emulated serial port is redirected on
   7.192 -the console. Therefore, you can still use QEMU to debug a Linux kernel
   7.193 -with a serial console.
   7.194 -
   7.195 -@item -enable-audio
   7.196 -
   7.197 -The SB16 emulation is disabled by default as it may give problems with
   7.198 -Windows. You can enable it manually with this option.
   7.199 -
   7.200 -@item -localtime
   7.201 -Set the real time clock to local time (the default is to UTC
   7.202 -time). This option is needed to have correct date in MS-DOS or
   7.203 -Windows.
   7.204 -
   7.205 -@item -full-screen
   7.206 -Start in full screen.
   7.207 -
   7.208 -@end table
   7.209 -
   7.210 -Network options:
   7.211 -
   7.212 -@table @option
   7.213 -
   7.214 -@item -n script      
   7.215 -Set TUN/TAP network init script [default=/etc/qemu-ifup]. This script
   7.216 -is launched to configure the host network interface (usually tun0)
   7.217 -corresponding to the virtual NE2000 card.
   7.218 -
   7.219 -@item -macaddr addr   
   7.220 -
   7.221 -Set the mac address of the first interface (the format is
   7.222 -aa:bb:cc:dd:ee:ff in hexa). The mac address is incremented for each
   7.223 -new network interface.
   7.224 -
   7.225 -@item -tun-fd fd
   7.226 -Assumes @var{fd} talks to a tap/tun host network interface and use
   7.227 -it. Read @url{http://bellard.org/qemu/tetrinet.html} to have an
   7.228 -example of its use.
   7.229 -
   7.230 -@item -user-net 
   7.231 -Use the user mode network stack. This is the default if no tun/tap
   7.232 -network init script is found.
   7.233 -
   7.234 -@item -tftp prefix
   7.235 -When using the user mode network stack, activate a built-in TFTP
   7.236 -server. All filenames beginning with @var{prefix} can be downloaded
   7.237 -from the host to the guest using a TFTP client. The TFTP client on the
   7.238 -guest must be configured in binary mode (use the command @code{bin} of
   7.239 -the Unix TFTP client). The host IP address on the guest is as usual
   7.240 -10.0.2.2.
   7.241 -
   7.242 -@item -smb dir
   7.243 -When using the user mode network stack, activate a built-in SMB
   7.244 -server so that Windows OSes can access to the host files in @file{dir}
   7.245 -transparently.
   7.246 -
   7.247 -In the guest Windows OS, the line:
   7.248 -@example
   7.249 -10.0.2.4 smbserver
   7.250 -@end example
   7.251 -must be added in the file @file{C:\WINDOWS\LMHOSTS} (for windows 9x/Me)
   7.252 -or @file{C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS} (Windows NT/2000).
   7.253 -
   7.254 -Then @file{dir} can be accessed in @file{\\smbserver\qemu}.
   7.255 -
   7.256 -Note that a SAMBA server must be installed on the host OS in
   7.257 -@file{/usr/sbin/smbd}. QEMU was tested succesfully with smbd version
   7.258 -2.2.7a from the Red Hat 9.
   7.259 -
   7.260 -@item -redir [tcp|udp]:host-port:[guest-host]:guest-port
   7.261 -
   7.262 -When using the user mode network stack, redirect incoming TCP or UDP
   7.263 -connections to the host port @var{host-port} to the guest
   7.264 -@var{guest-host} on guest port @var{guest-port}. If @var{guest-host}
   7.265 -is not specified, its value is 10.0.2.15 (default address given by the
   7.266 -built-in DHCP server).
   7.267 -
   7.268 -For example, to redirect host X11 connection from screen 1 to guest
   7.269 -screen 0, use the following:
   7.270 -
   7.271 -@example
   7.272 -# on the host
   7.273 -qemu -redir tcp:6001::6000 [...]
   7.274 -# this host xterm should open in the guest X11 server
   7.275 -xterm -display :1
   7.276 -@end example
   7.277 -
   7.278 -To redirect telnet connections from host port 5555 to telnet port on
   7.279 -the guest, use the following:
   7.280 -
   7.281 -@example
   7.282 -# on the host
   7.283 -qemu -redir tcp:5555::23 [...]
   7.284 -telnet localhost 5555
   7.285 -@end example
   7.286 -
   7.287 -Then when you use on the host @code{telnet localhost 5555}, you
   7.288 -connect to the guest telnet server.
   7.289 -
   7.290 -@item -dummy-net 
   7.291 -Use the dummy network stack: no packet will be received by the network
   7.292 -cards.
   7.293 -
   7.294 -@end table
   7.295 -
   7.296 -Linux boot specific. When using this options, you can use a given
   7.297 -Linux kernel without installing it in the disk image. It can be useful
   7.298 -for easier testing of various kernels.
   7.299 -
   7.300 -@table @option
   7.301 -
   7.302 -@item -kernel bzImage 
   7.303 -Use @var{bzImage} as kernel image.
   7.304 -
   7.305 -@item -append cmdline 
   7.306 -Use @var{cmdline} as kernel command line
   7.307 -
   7.308 -@item -initrd file
   7.309 -Use @var{file} as initial ram disk.
   7.310 -
   7.311 -@end table
   7.312 -
   7.313 -Debug/Expert options:
   7.314 -@table @option
   7.315 -
   7.316 -@item -serial dev
   7.317 -Redirect the virtual serial port to host device @var{dev}. Available
   7.318 -devices are:
   7.319 -@table @code
   7.320 -@item vc
   7.321 -Virtual console
   7.322 -@item pty
   7.323 -[Linux only] Pseudo TTY (a new PTY is automatically allocated)
   7.324 -@item null
   7.325 -void device
   7.326 -@item stdio
   7.327 -[Unix only] standard input/output
   7.328 -@end table
   7.329 -The default device is @code{vc} in graphical mode and @code{stdio} in
   7.330 -non graphical mode.
   7.331 -
   7.332 -This option can be used several times to simulate up to 4 serials
   7.333 -ports.
   7.334 -
   7.335 -@item -monitor dev
   7.336 -Redirect the monitor to host device @var{dev} (same devices as the
   7.337 -serial port).
   7.338 -The default device is @code{vc} in graphical mode and @code{stdio} in
   7.339 -non graphical mode.
   7.340 -
   7.341 -@item -s
   7.342 -Wait gdb connection to port 1234 (@xref{gdb_usage}). 
   7.343 -@item -p port
   7.344 -Change gdb connection port.
   7.345 -@item -S
   7.346 -Do not start CPU at startup (you must type 'c' in the monitor).
   7.347 -@item -d             
   7.348 -Output log in /tmp/qemu.log
   7.349 -@item -isa
   7.350 -Simulate an ISA-only system (default is PCI system).
   7.351 -@item -std-vga
   7.352 -Simulate a standard VGA card with Bochs VBE extensions (default is
   7.353 -Cirrus Logic GD5446 PCI VGA)
   7.354 -@item -loadvm file
   7.355 -Start right away with a saved state (@code{loadvm} in monitor)
   7.356 -@end table
   7.357 -
   7.358 -@c man end
   7.359 -
   7.360 -@section Keys
   7.361 -
   7.362 -@c man begin OPTIONS
   7.363 -
   7.364 -During the graphical emulation, you can use the following keys:
   7.365 -@table @key
   7.366 -@item Ctrl-Alt-f
   7.367 -Toggle full screen
   7.368 -
   7.369 -@item Ctrl-Alt-n
   7.370 -Switch to virtual console 'n'. Standard console mappings are:
   7.371 -@table @emph
   7.372 -@item 1
   7.373 -Target system display
   7.374 -@item 2
   7.375 -Monitor
   7.376 -@item 3
   7.377 -Serial port
   7.378 -@end table
   7.379 -
   7.380 -@item Ctrl-Alt
   7.381 -Toggle mouse and keyboard grab.
   7.382 -@end table
   7.383 -
   7.384 -In the virtual consoles, you can use @key{Ctrl-Up}, @key{Ctrl-Down},
   7.385 -@key{Ctrl-PageUp} and @key{Ctrl-PageDown} to move in the back log.
   7.386 -
   7.387 -During emulation, if you are using the @option{-nographic} option, use
   7.388 -@key{Ctrl-a h} to get terminal commands:
   7.389 -
   7.390 -@table @key
   7.391 -@item Ctrl-a h
   7.392 -Print this help
   7.393 -@item Ctrl-a x    
   7.394 -Exit emulatior
   7.395 -@item Ctrl-a s    
   7.396 -Save disk data back to file (if -snapshot)
   7.397 -@item Ctrl-a b
   7.398 -Send break (magic sysrq in Linux)
   7.399 -@item Ctrl-a c
   7.400 -Switch between console and monitor
   7.401 -@item Ctrl-a Ctrl-a
   7.402 -Send Ctrl-a
   7.403 -@end table
   7.404 -@c man end
   7.405 -
   7.406 -@ignore
   7.407 -
   7.408 -@setfilename qemu 
   7.409 -@settitle QEMU System Emulator
   7.410 -
   7.411 -@c man begin SEEALSO
   7.412 -The HTML documentation of QEMU for more precise information and Linux
   7.413 -user mode emulator invocation.
   7.414 -@c man end
   7.415 -
   7.416 -@c man begin AUTHOR
   7.417 -Fabrice Bellard
   7.418 -@c man end
   7.419 -
   7.420 -@end ignore
   7.421 -
   7.422 -@end ignore
   7.423 -
   7.424 -
   7.425 -@section QEMU Monitor
   7.426 -
   7.427 -The QEMU monitor is used to give complex commands to the QEMU
   7.428 -emulator. You can use it to:
   7.429 -
   7.430 -@itemize @minus
   7.431 -
   7.432 -@item
   7.433 -Remove or insert removable medias images
   7.434 -(such as CD-ROM or floppies)
   7.435 -
   7.436 -@item 
   7.437 -Freeze/unfreeze the Virtual Machine (VM) and save or restore its state
   7.438 -from a disk file.
   7.439 -
   7.440 -@item Inspect the VM state without an external debugger.
   7.441 -
   7.442 -@end itemize
   7.443 -
   7.444 -@subsection Commands
   7.445 -
   7.446 -The following commands are available:
   7.447 -
   7.448 -@table @option
   7.449 -
   7.450 -@item help or ? [cmd]
   7.451 -Show the help for all commands or just for command @var{cmd}.
   7.452 -
   7.453 -@item commit  
   7.454 -Commit changes to the disk images (if -snapshot is used)
   7.455 -
   7.456 -@item info subcommand 
   7.457 -show various information about the system state
   7.458 -
   7.459 -@table @option
   7.460 -@item info network
   7.461 -show the network state
   7.462 -@item info block
   7.463 -show the block devices
   7.464 -@item info registers
   7.465 -show the cpu registers
   7.466 -@item info history
   7.467 -show the command line history
   7.468 -@end table
   7.469 -
   7.470 -@item q or quit
   7.471 -Quit the emulator.
   7.472 -
   7.473 -@item eject [-f] device
   7.474 -Eject a removable media (use -f to force it).
   7.475 -
   7.476 -@item change device filename
   7.477 -Change a removable media.
   7.478 -
   7.479 -@item screendump filename
   7.480 -Save screen into PPM image @var{filename}.
   7.481 -
   7.482 -@item log item1[,...]
   7.483 -Activate logging of the specified items to @file{/tmp/qemu.log}.
   7.484 -
   7.485 -@item savevm filename
   7.486 -Save the whole virtual machine state to @var{filename}.
   7.487 -
   7.488 -@item loadvm filename
   7.489 -Restore the whole virtual machine state from @var{filename}.
   7.490 -
   7.491 -@item stop
   7.492 -Stop emulation.
   7.493 -
   7.494 -@item c or cont
   7.495 -Resume emulation.
   7.496 -
   7.497 -@item gdbserver [port]
   7.498 -Start gdbserver session (default port=1234)
   7.499 -
   7.500 -@item x/fmt addr
   7.501 -Virtual memory dump starting at @var{addr}.
   7.502 -
   7.503 -@item xp /fmt addr
   7.504 -Physical memory dump starting at @var{addr}.
   7.505 -
   7.506 -@var{fmt} is a format which tells the command how to format the
   7.507 -data. Its syntax is: @option{/@{count@}@{format@}@{size@}}
   7.508 -
   7.509 -@table @var
   7.510 -@item count 
   7.511 -is the number of items to be dumped.
   7.512 -
   7.513 -@item format
   7.514 -can be x (hexa), d (signed decimal), u (unsigned decimal), o (octal),
   7.515 -c (char) or i (asm instruction).
   7.516 -
   7.517 -@item size
   7.518 -can be b (8 bits), h (16 bits), w (32 bits) or g (64 bits). On x86,
   7.519 -@code{h} or @code{w} can be specified with the @code{i} format to
   7.520 -respectively select 16 or 32 bit code instruction size.
   7.521 -
   7.522 -@end table
   7.523 -
   7.524 -Examples: 
   7.525 -@itemize
   7.526 -@item
   7.527 -Dump 10 instructions at the current instruction pointer:
   7.528 -@example 
   7.529 -(qemu) x/10i $eip
   7.530 -0x90107063:  ret
   7.531 -0x90107064:  sti
   7.532 -0x90107065:  lea    0x0(%esi,1),%esi
   7.533 -0x90107069:  lea    0x0(%edi,1),%edi
   7.534 -0x90107070:  ret
   7.535 -0x90107071:  jmp    0x90107080
   7.536 -0x90107073:  nop
   7.537 -0x90107074:  nop
   7.538 -0x90107075:  nop
   7.539 -0x90107076:  nop
   7.540 -@end example
   7.541 -
   7.542 -@item
   7.543 -Dump 80 16 bit values at the start of the video memory.
   7.544 -@example 
   7.545 -(qemu) xp/80hx 0xb8000
   7.546 -0x000b8000: 0x0b50 0x0b6c 0x0b65 0x0b78 0x0b38 0x0b36 0x0b2f 0x0b42
   7.547 -0x000b8010: 0x0b6f 0x0b63 0x0b68 0x0b73 0x0b20 0x0b56 0x0b47 0x0b41
   7.548 -0x000b8020: 0x0b42 0x0b69 0x0b6f 0x0b73 0x0b20 0x0b63 0x0b75 0x0b72
   7.549 -0x000b8030: 0x0b72 0x0b65 0x0b6e 0x0b74 0x0b2d 0x0b63 0x0b76 0x0b73
   7.550 -0x000b8040: 0x0b20 0x0b30 0x0b35 0x0b20 0x0b4e 0x0b6f 0x0b76 0x0b20
   7.551 -0x000b8050: 0x0b32 0x0b30 0x0b30 0x0b33 0x0720 0x0720 0x0720 0x0720
   7.552 -0x000b8060: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
   7.553 -0x000b8070: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
   7.554 -0x000b8080: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
   7.555 -0x000b8090: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
   7.556 -@end example
   7.557 -@end itemize
   7.558 -
   7.559 -@item p or print/fmt expr
   7.560 -
   7.561 -Print expression value. Only the @var{format} part of @var{fmt} is
   7.562 -used.
   7.563 -
   7.564 -@item sendkey keys
   7.565 -
   7.566 -Send @var{keys} to the emulator. Use @code{-} to press several keys
   7.567 -simultaneously. Example:
   7.568 -@example
   7.569 -sendkey ctrl-alt-f1
   7.570 -@end example
   7.571 -
   7.572 -This command is useful to send keys that your graphical user interface
   7.573 -intercepts at low level, such as @code{ctrl-alt-f1} in X Window.
   7.574 -
   7.575 -@item system_reset
   7.576 -
   7.577 -Reset the system.
   7.578 -
   7.579 -@end table
   7.580 -
   7.581 -@subsection Integer expressions
   7.582 -
   7.583 -The monitor understands integers expressions for every integer
   7.584 -argument. You can use register names to get the value of specifics
   7.585 -CPU registers by prefixing them with @emph{$}.
   7.586 -
   7.587 -@node disk_images
   7.588 -@section Disk Images
   7.589 -
   7.590 -@subsection Raw disk images
   7.591 -
   7.592 -The disk images can simply be raw images of the hard disk. You can
   7.593 -create them with the command:
   7.594 -@example
   7.595 -dd of=myimage bs=1024 seek=mysize count=0
   7.596 -@end example
   7.597 -where @var{myimage} is the image filename and @var{mysize} is its size
   7.598 -in kilobytes.
   7.599 -
   7.600 -@subsection Snapshot mode
   7.601 -
   7.602 -If you use the option @option{-snapshot}, all disk images are
   7.603 -considered as read only. When sectors in written, they are written in
   7.604 -a temporary file created in @file{/tmp}. You can however force the
   7.605 -write back to the raw disk images by pressing @key{C-a s}.
   7.606 -
   7.607 -NOTE: The snapshot mode only works with raw disk images.
   7.608 -
   7.609 -@subsection Copy On Write disk images
   7.610 -
   7.611 -QEMU also supports user mode Linux
   7.612 -(@url{http://user-mode-linux.sourceforge.net/}) Copy On Write (COW)
   7.613 -disk images. The COW disk images are much smaller than normal images
   7.614 -as they store only modified sectors. They also permit the use of the
   7.615 -same disk image template for many users.
   7.616 -
   7.617 -To create a COW disk images, use the command:
   7.618 -
   7.619 -@example
   7.620 -qemu-mkcow -f myrawimage.bin mycowimage.cow
   7.621 -@end example
   7.622 -
   7.623 -@file{myrawimage.bin} is a raw image you want to use as original disk
   7.624 -image. It will never be written to.
   7.625 -
   7.626 -@file{mycowimage.cow} is the COW disk image which is created by
   7.627 -@code{qemu-mkcow}. You can use it directly with the @option{-hdx}
   7.628 -options. You must not modify the original raw disk image if you use
   7.629 -COW images, as COW images only store the modified sectors from the raw
   7.630 -disk image. QEMU stores the original raw disk image name and its
   7.631 -modified time in the COW disk image so that chances of mistakes are
   7.632 -reduced.
   7.633 -
   7.634 -If the raw disk image is not read-only, by pressing @key{C-a s} you
   7.635 -can flush the COW disk image back into the raw disk image, as in
   7.636 -snapshot mode.
   7.637 -
   7.638 -COW disk images can also be created without a corresponding raw disk
   7.639 -image. It is useful to have a big initial virtual disk image without
   7.640 -using much disk space. Use:
   7.641 -
   7.642 -@example
   7.643 -qemu-mkcow mycowimage.cow 1024
   7.644 -@end example
   7.645 -
   7.646 -to create a 1 gigabyte empty COW disk image.
   7.647 -
   7.648 -NOTES: 
   7.649 -@enumerate
   7.650 -@item
   7.651 -COW disk images must be created on file systems supporting
   7.652 -@emph{holes} such as ext2 or ext3.
   7.653 -@item 
   7.654 -Since holes are used, the displayed size of the COW disk image is not
   7.655 -the real one. To know it, use the @code{ls -ls} command.
   7.656 -@end enumerate
   7.657 -
   7.658 -@subsection Convert VMware disk images to raw disk images
   7.659 -
   7.660 -You can use the tool @file{vmdk2raw} to convert VMware disk images to
   7.661 -raw disk images directly usable by QEMU. The syntax is:
   7.662 -@example
   7.663 -vmdk2raw vmware_image output_image
   7.664 -@end example
   7.665 -
   7.666 -@section Network emulation
   7.667 -
   7.668 -QEMU simulates up to 6 networks cards (NE2000 boards). Each card can
   7.669 -be connected to a specific host network interface.
   7.670 -
   7.671 -@subsection Using tun/tap network interface
   7.672 -
   7.673 -This is the standard way to emulate network. QEMU adds a virtual
   7.674 -network device on your host (called @code{tun0}), and you can then
   7.675 -configure it as if it was a real ethernet card.
   7.676 -
   7.677 -As an example, you can download the @file{linux-test-xxx.tar.gz}
   7.678 -archive and copy the script @file{qemu-ifup} in @file{/etc} and
   7.679 -configure properly @code{sudo} so that the command @code{ifconfig}
   7.680 -contained in @file{qemu-ifup} can be executed as root. You must verify
   7.681 -that your host kernel supports the TUN/TAP network interfaces: the
   7.682 -device @file{/dev/net/tun} must be present.
   7.683 -
   7.684 -See @ref{direct_linux_boot} to have an example of network use with a
   7.685 -Linux distribution.
   7.686 -
   7.687 -@subsection Using the user mode network stack
   7.688 -
   7.689 -By using the option @option{-user-net} or if you have no tun/tap init
   7.690 -script, QEMU uses a completely user mode network stack (you don't need
   7.691 -root priviledge to use the virtual network). The virtual network
   7.692 -configuration is the following:
   7.693 -
   7.694 -@example
   7.695 -
   7.696 -QEMU Virtual Machine    <------>  Firewall/DHCP server <-----> Internet
   7.697 -     (10.0.2.x)            |          (10.0.2.2)
   7.698 -                           |
   7.699 -                           ---->  DNS server (10.0.2.3)
   7.700 -                           |     
   7.701 -                           ---->  SMB server (10.0.2.4)
   7.702 -@end example
   7.703 -
   7.704 -The QEMU VM behaves as if it was behind a firewall which blocks all
   7.705 -incoming connections. You can use a DHCP client to automatically
   7.706 -configure the network in the QEMU VM.
   7.707 -
   7.708 -In order to check that the user mode network is working, you can ping
   7.709 -the address 10.0.2.2 and verify that you got an address in the range
   7.710 -10.0.2.x from the QEMU virtual DHCP server.
   7.711 -
   7.712 -Note that @code{ping} is not supported reliably to the internet as it
   7.713 -would require root priviledges. It means you can only ping the local
   7.714 -router (10.0.2.2).
   7.715 -
   7.716 -When using the built-in TFTP server, the router is also the TFTP
   7.717 -server.
   7.718 -
   7.719 -When using the @option{-redir} option, TCP or UDP connections can be
   7.720 -redirected from the host to the guest. It allows for example to
   7.721 -redirect X11, telnet or SSH connections.
   7.722 -
   7.723 -@node direct_linux_boot
   7.724 -@section Direct Linux Boot
   7.725 -
   7.726 -This section explains how to launch a Linux kernel inside QEMU without
   7.727 -having to make a full bootable image. It is very useful for fast Linux
   7.728 -kernel testing. The QEMU network configuration is also explained.
   7.729 -
   7.730 -@enumerate
   7.731 -@item
   7.732 -Download the archive @file{linux-test-xxx.tar.gz} containing a Linux
   7.733 -kernel and a disk image. 
   7.734 -
   7.735 -@item Optional: If you want network support (for example to launch X11 examples), you
   7.736 -must copy the script @file{qemu-ifup} in @file{/etc} and configure
   7.737 -properly @code{sudo} so that the command @code{ifconfig} contained in
   7.738 -@file{qemu-ifup} can be executed as root. You must verify that your host
   7.739 -kernel supports the TUN/TAP network interfaces: the device
   7.740 -@file{/dev/net/tun} must be present.
   7.741 -
   7.742 -When network is enabled, there is a virtual network connection between
   7.743 -the host kernel and the emulated kernel. The emulated kernel is seen
   7.744 -from the host kernel at IP address 172.20.0.2 and the host kernel is
   7.745 -seen from the emulated kernel at IP address 172.20.0.1.
   7.746 -
   7.747 -@item Launch @code{qemu.sh}. You should have the following output:
   7.748 -
   7.749 -@example
   7.750 -> ./qemu.sh 
   7.751 -Connected to host network interface: tun0
   7.752 -Linux version 2.4.21 (bellard@voyager.localdomain) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003
   7.753 -BIOS-provided physical RAM map:
   7.754 - BIOS-e801: 0000000000000000 - 000000000009f000 (usable)
   7.755 - BIOS-e801: 0000000000100000 - 0000000002000000 (usable)
   7.756 -32MB LOWMEM available.
   7.757 -On node 0 totalpages: 8192
   7.758 -zone(0): 4096 pages.
   7.759 -zone(1): 4096 pages.
   7.760 -zone(2): 0 pages.
   7.761 -Kernel command line: root=/dev/hda sb=0x220,5,1,5 ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe console=ttyS0
   7.762 -ide_setup: ide2=noprobe
   7.763 -ide_setup: ide3=noprobe
   7.764 -ide_setup: ide4=noprobe
   7.765 -ide_setup: ide5=noprobe
   7.766 -Initializing CPU#0
   7.767 -Detected 2399.621 MHz processor.
   7.768 -Console: colour EGA 80x25
   7.769 -Calibrating delay loop... 4744.80 BogoMIPS
   7.770 -Memory: 28872k/32768k available (1210k kernel code, 3508k reserved, 266k data, 64k init, 0k highmem)
   7.771 -Dentry cache hash table entries: 4096 (order: 3, 32768 bytes)
   7.772 -Inode cache hash table entries: 2048 (order: 2, 16384 bytes)
   7.773 -Mount cache hash table entries: 512 (order: 0, 4096 bytes)
   7.774 -Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
   7.775 -Page-cache hash table entries: 8192 (order: 3, 32768 bytes)
   7.776 -CPU: Intel Pentium Pro stepping 03
   7.777 -Checking 'hlt' instruction... OK.
   7.778 -POSIX conformance testing by UNIFIX
   7.779 -Linux NET4.0 for Linux 2.4
   7.780 -Based upon Swansea University Computer Society NET3.039
   7.781 -Initializing RT netlink socket
   7.782 -apm: BIOS not found.
   7.783 -Starting kswapd
   7.784 -Journalled Block Device driver loaded
   7.785 -Detected PS/2 Mouse Port.
   7.786 -pty: 256 Unix98 ptys configured
   7.787 -Serial driver version 5.05c (2001-07-08) with no serial options enabled
   7.788 -ttyS00 at 0x03f8 (irq = 4) is a 16450
   7.789 -ne.c:v1.10 9/23/94 Donald Becker (becker@scyld.com)
   7.790 -Last modified Nov 1, 2000 by Paul Gortmaker
   7.791 -NE*000 ethercard probe at 0x300: 52 54 00 12 34 56
   7.792 -eth0: NE2000 found at 0x300, using IRQ 9.
   7.793 -RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
   7.794 -Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4
   7.795 -ide: Assuming 50MHz system bus speed for PIO modes; override with idebus=xx
   7.796 -hda: QEMU HARDDISK, ATA DISK drive
   7.797 -ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
   7.798 -hda: attached ide-disk driver.
   7.799 -hda: 20480 sectors (10 MB) w/256KiB Cache, CHS=20/16/63
   7.800 -Partition check:
   7.801 - hda:
   7.802 -Soundblaster audio driver Copyright (C) by Hannu Savolainen 1993-1996
   7.803 -NET4: Linux TCP/IP 1.0 for NET4.0
   7.804 -IP Protocols: ICMP, UDP, TCP, IGMP
   7.805 -IP: routing cache hash table of 512 buckets, 4Kbytes
   7.806 -TCP: Hash tables configured (established 2048 bind 4096)
   7.807 -NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
   7.808 -EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
   7.809 -VFS: Mounted root (ext2 filesystem).
   7.810 -Freeing unused kernel memory: 64k freed
   7.811 - 
   7.812 -Linux version 2.4.21 (bellard@voyager.localdomain) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003
   7.813 - 
   7.814 -QEMU Linux test distribution (based on Redhat 9)
   7.815 - 
   7.816 -Type 'exit' to halt the system
   7.817 - 
   7.818 -sh-2.05b# 
   7.819 -@end example
   7.820 -
   7.821 -@item
   7.822 -Then you can play with the kernel inside the virtual serial console. You
   7.823 -can launch @code{ls} for example. Type @key{Ctrl-a h} to have an help
   7.824 -about the keys you can type inside the virtual serial console. In
   7.825 -particular, use @key{Ctrl-a x} to exit QEMU and use @key{Ctrl-a b} as
   7.826 -the Magic SysRq key.
   7.827 -
   7.828 -@item 
   7.829 -If the network is enabled, launch the script @file{/etc/linuxrc} in the
   7.830 -emulator (don't forget the leading dot):
   7.831 -@example
   7.832 -. /etc/linuxrc
   7.833 -@end example
   7.834 -
   7.835 -Then enable X11 connections on your PC from the emulated Linux: 
   7.836 -@example
   7.837 -xhost +172.20.0.2
   7.838 -@end example
   7.839 -
   7.840 -You can now launch @file{xterm} or @file{xlogo} and verify that you have
   7.841 -a real Virtual Linux system !
   7.842 -
   7.843 -@end enumerate
   7.844 -
   7.845 -NOTES:
   7.846 -@enumerate
   7.847 -@item 
   7.848 -A 2.5.74 kernel is also included in the archive. Just
   7.849 -replace the bzImage in qemu.sh to try it.
   7.850 -
   7.851 -@item 
   7.852 -qemu-fast creates a temporary file in @var{$QEMU_TMPDIR} (@file{/tmp} is the
   7.853 -default) containing all the simulated PC memory. If possible, try to use
   7.854 -a temporary directory using the tmpfs filesystem to avoid too many
   7.855 -unnecessary disk accesses.
   7.856 -
   7.857 -@item 
   7.858 -In order to exit cleanly from qemu, you can do a @emph{shutdown} inside
   7.859 -qemu. qemu will automatically exit when the Linux shutdown is done.
   7.860 -
   7.861 -@item 
   7.862 -You can boot slightly faster by disabling the probe of non present IDE
   7.863 -interfaces. To do so, add the following options on the kernel command
   7.864 -line:
   7.865 -@example
   7.866 -ide1=noprobe ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe
   7.867 -@end example
   7.868 -
   7.869 -@item 
   7.870 -The example disk image is a modified version of the one made by Kevin
   7.871 -Lawton for the plex86 Project (@url{www.plex86.org}).
   7.872 -
   7.873 -@end enumerate
   7.874 -
   7.875 -@node linux_compile
   7.876 -@section Linux Kernel Compilation
   7.877 -
   7.878 -You can use any linux kernel with QEMU. However, if you want to use
   7.879 -@code{qemu-fast} to get maximum performances, you must use a modified
   7.880 -guest kernel. If you are using a 2.6 guest kernel, you can use
   7.881 -directly the patch @file{linux-2.6-qemu-fast.patch} made by Rusty
   7.882 -Russel available in the QEMU source archive. Otherwise, you can make the
   7.883 -following changes @emph{by hand} to the Linux kernel:
   7.884 -
   7.885 -@enumerate
   7.886 -@item
   7.887 -The kernel must be mapped at 0x90000000 (the default is
   7.888 -0xc0000000). You must modify only two lines in the kernel source:
   7.889 -
   7.890 -In @file{include/asm/page.h}, replace
   7.891 -@example
   7.892 -#define __PAGE_OFFSET           (0xc0000000)
   7.893 -@end example
   7.894 -by
   7.895 -@example
   7.896 -#define __PAGE_OFFSET           (0x90000000)
   7.897 -@end example
   7.898 -
   7.899 -And in @file{arch/i386/vmlinux.lds}, replace
   7.900 -@example
   7.901 -  . = 0xc0000000 + 0x100000;
   7.902 -@end example
   7.903 -by 
   7.904 -@example
   7.905 -  . = 0x90000000 + 0x100000;
   7.906 -@end example
   7.907 -
   7.908 -@item
   7.909 -If you want to enable SMP (Symmetric Multi-Processing) support, you
   7.910 -must make the following change in @file{include/asm/fixmap.h}. Replace
   7.911 -@example
   7.912 -#define FIXADDR_TOP	(0xffffX000UL)
   7.913 -@end example
   7.914 -by 
   7.915 -@example
   7.916 -#define FIXADDR_TOP	(0xa7ffX000UL)
   7.917 -@end example
   7.918 -(X is 'e' or 'f' depending on the kernel version). Although you can
   7.919 -use an SMP kernel with QEMU, it only supports one CPU.
   7.920 -
   7.921 -@item
   7.922 -If you are not using a 2.6 kernel as host kernel but if you use a target
   7.923 -2.6 kernel, you must also ensure that the 'HZ' define is set to 100
   7.924 -(1000 is the default) as QEMU cannot currently emulate timers at
   7.925 -frequencies greater than 100 Hz on host Linux systems < 2.6. In
   7.926 -@file{include/asm/param.h}, replace:
   7.927 -
   7.928 -@example
   7.929 -# define HZ		1000		/* Internal kernel timer frequency */
   7.930 -@end example
   7.931 -by
   7.932 -@example
   7.933 -# define HZ		100		/* Internal kernel timer frequency */
   7.934 -@end example
   7.935 -
   7.936 -@end enumerate
   7.937 -
   7.938 -The file config-2.x.x gives the configuration of the example kernels.
   7.939 -
   7.940 -Just type
   7.941 -@example
   7.942 -make bzImage
   7.943 -@end example
   7.944 -
   7.945 -As you would do to make a real kernel. Then you can use with QEMU
   7.946 -exactly the same kernel as you would boot on your PC (in
   7.947 -@file{arch/i386/boot/bzImage}).
   7.948 -
   7.949 -@node gdb_usage
   7.950 -@section GDB usage
   7.951 -
   7.952 -QEMU has a primitive support to work with gdb, so that you can do
   7.953 -'Ctrl-C' while the virtual machine is running and inspect its state.
   7.954 -
   7.955 -In order to use gdb, launch qemu with the '-s' option. It will wait for a
   7.956 -gdb connection:
   7.957 -@example
   7.958 -> qemu -s -kernel arch/i386/boot/bzImage -hda root-2.4.20.img -append "root=/dev/hda"
   7.959 -Connected to host network interface: tun0
   7.960 -Waiting gdb connection on port 1234
   7.961 -@end example
   7.962 -
   7.963 -Then launch gdb on the 'vmlinux' executable:
   7.964 -@example
   7.965 -> gdb vmlinux
   7.966 -@end example
   7.967 -
   7.968 -In gdb, connect to QEMU:
   7.969 -@example
   7.970 -(gdb) target remote localhost:1234
   7.971 -@end example
   7.972 -
   7.973 -Then you can use gdb normally. For example, type 'c' to launch the kernel:
   7.974 -@example
   7.975 -(gdb) c
   7.976 -@end example
   7.977 -
   7.978 -Here are some useful tips in order to use gdb on system code:
   7.979 -
   7.980 -@enumerate
   7.981 -@item
   7.982 -Use @code{info reg} to display all the CPU registers.
   7.983 -@item
   7.984 -Use @code{x/10i $eip} to display the code at the PC position.
   7.985 -@item
   7.986 -Use @code{set architecture i8086} to dump 16 bit code. Then use
   7.987 -@code{x/10i $cs*16+*eip} to dump the code at the PC position.
   7.988 -@end enumerate
   7.989 -
   7.990 -@section Target OS specific information
   7.991 -
   7.992 -@subsection Linux
   7.993 -
   7.994 -To have access to SVGA graphic modes under X11, use the @code{vesa} or
   7.995 -the @code{cirrus} X11 driver. For optimal performances, use 16 bit
   7.996 -color depth in the guest and the host OS.
   7.997 -
   7.998 -When using a 2.6 guest Linux kernel, you should add the option
   7.999 -@code{clock=pit} on the kernel command line because the 2.6 Linux
  7.1000 -kernels make very strict real time clock checks by default that QEMU
  7.1001 -cannot simulate exactly.
  7.1002 -
  7.1003 -@subsection Windows
  7.1004 -
  7.1005 -If you have a slow host, using Windows 95 is better as it gives the
  7.1006 -best speed. Windows 2000 is also a good choice.
  7.1007 -
  7.1008 -@subsubsection SVGA graphic modes support
  7.1009 -
  7.1010 -QEMU emulates a Cirrus Logic GD5446 Video
  7.1011 -card. All Windows versions starting from Windows 95 should recognize
  7.1012 -and use this graphic card. For optimal performances, use 16 bit color
  7.1013 -depth in the guest and the host OS.
  7.1014 -
  7.1015 -@subsubsection CPU usage reduction
  7.1016 -
  7.1017 -Windows 9x does not correctly use the CPU HLT
  7.1018 -instruction. The result is that it takes host CPU cycles even when
  7.1019 -idle. You can install the utility from
  7.1020 -@url{http://www.user.cityline.ru/~maxamn/amnhltm.zip} to solve this
  7.1021 -problem. Note that no such tool is needed for NT, 2000 or XP.
  7.1022 -
  7.1023 -@subsubsection Windows 2000 disk full problems
  7.1024 -
  7.1025 -Currently (release 0.6.0) QEMU has a bug which gives a @code{disk
  7.1026 -full} error during installation of some releases of Windows 2000. The
  7.1027 -workaround is to stop QEMU as soon as you notice that your disk image
  7.1028 -size is growing too fast (monitor it with @code{ls -ls}). Then
  7.1029 -relaunch QEMU to continue the installation. If you still experience
  7.1030 -the problem, relaunch QEMU again.
  7.1031 -
  7.1032 -Future QEMU releases are likely to correct this bug.
  7.1033 -
  7.1034 -@subsubsection Windows XP security problems
  7.1035 -
  7.1036 -Some releases of Windows XP install correctly but give a security
  7.1037 -error when booting:
  7.1038 -@example
  7.1039 -A problem is preventing Windows from accurately checking the
  7.1040 -license for this computer. Error code: 0x800703e6.
  7.1041 -@end example
  7.1042 -The only known workaround is to boot in Safe mode
  7.1043 -without networking support. 
  7.1044 -
  7.1045 -Future QEMU releases are likely to correct this bug.
  7.1046 -
  7.1047 -@subsection MS-DOS and FreeDOS
  7.1048 -
  7.1049 -@subsubsection CPU usage reduction
  7.1050 -
  7.1051 -DOS does not correctly use the CPU HLT instruction. The result is that
  7.1052 -it takes host CPU cycles even when idle. You can install the utility
  7.1053 -from @url{http://www.vmware.com/software/dosidle210.zip} to solve this
  7.1054 -problem.
  7.1055 -
  7.1056 -@chapter QEMU PowerPC System emulator invocation
  7.1057 -
  7.1058 -Use the executable @file{qemu-system-ppc} to simulate a complete PREP
  7.1059 -or PowerMac PowerPC system.
  7.1060 -
  7.1061 -QEMU emulates the following PowerMac peripherials:
  7.1062 -
  7.1063 -@itemize @minus
  7.1064 -@item 
  7.1065 -UniNorth PCI Bridge 
  7.1066 -@item
  7.1067 -PCI VGA compatible card with VESA Bochs Extensions
  7.1068 -@item 
  7.1069 -2 PMAC IDE interfaces with hard disk and CD-ROM support
  7.1070 -@item 
  7.1071 -NE2000 PCI adapters
  7.1072 -@item
  7.1073 -Non Volatile RAM
  7.1074 -@item
  7.1075 -VIA-CUDA with ADB keyboard and mouse.
  7.1076 -@end itemize
  7.1077 -
  7.1078 -QEMU emulates the following PREP peripherials:
  7.1079 -
  7.1080 -@itemize @minus
  7.1081 -@item 
  7.1082 -PCI Bridge
  7.1083 -@item
  7.1084 -PCI VGA compatible card with VESA Bochs Extensions
  7.1085 -@item 
  7.1086 -2 IDE interfaces with hard disk and CD-ROM support
  7.1087 -@item
  7.1088 -Floppy disk
  7.1089 -@item 
  7.1090 -NE2000 network adapters
  7.1091 -@item
  7.1092 -Serial port
  7.1093 -@item
  7.1094 -PREP Non Volatile RAM
  7.1095 -@item
  7.1096 -PC compatible keyboard and mouse.
  7.1097 -@end itemize
  7.1098 -
  7.1099 -QEMU uses the Open Hack'Ware Open Firmware Compatible BIOS available at
  7.1100 -@url{http://site.voila.fr/jmayer/OpenHackWare/index.htm}.
  7.1101 -
  7.1102 -You can read the qemu PC system emulation chapter to have more
  7.1103 -informations about QEMU usage.
  7.1104 -
  7.1105 -@c man begin OPTIONS
  7.1106 -
  7.1107 -The following options are specific to the PowerPC emulation:
  7.1108 -
  7.1109 -@table @option
  7.1110 -
  7.1111 -@item -prep
  7.1112 -Simulate a PREP system (default is PowerMAC)
  7.1113 -
  7.1114 -@item -g WxH[xDEPTH]  
  7.1115 -
  7.1116 -Set the initial VGA graphic mode. The default is 800x600x15.
  7.1117 -
  7.1118 -@end table
  7.1119 -
  7.1120 -@c man end 
  7.1121 -
  7.1122 -
  7.1123 -More information is available at
  7.1124 -@url{http://jocelyn.mayer.free.fr/qemu-ppc/}.
  7.1125 -
  7.1126 -@chapter QEMU User space emulator invocation
  7.1127 -
  7.1128 -@section Quick Start
  7.1129 -
  7.1130 -In order to launch a Linux process, QEMU needs the process executable
  7.1131 -itself and all the target (x86) dynamic libraries used by it. 
  7.1132 -
  7.1133 -@itemize
  7.1134 -
  7.1135 -@item On x86, you can just try to launch any process by using the native
  7.1136 -libraries:
  7.1137 -
  7.1138 -@example 
  7.1139 -qemu-i386 -L / /bin/ls
  7.1140 -@end example
  7.1141 -
  7.1142 -@code{-L /} tells that the x86 dynamic linker must be searched with a
  7.1143 -@file{/} prefix.
  7.1144 -
  7.1145 -@item Since QEMU is also a linux process, you can launch qemu with qemu (NOTE: you can only do that if you compiled QEMU from the sources):
  7.1146 -
  7.1147 -@example 
  7.1148 -qemu-i386 -L / qemu-i386 -L / /bin/ls
  7.1149 -@end example
  7.1150 -
  7.1151 -@item On non x86 CPUs, you need first to download at least an x86 glibc
  7.1152 -(@file{qemu-runtime-i386-XXX-.tar.gz} on the QEMU web page). Ensure that
  7.1153 -@code{LD_LIBRARY_PATH} is not set:
  7.1154 -
  7.1155 -@example
  7.1156 -unset LD_LIBRARY_PATH 
  7.1157 -@end example
  7.1158 -
  7.1159 -Then you can launch the precompiled @file{ls} x86 executable:
  7.1160 -
  7.1161 -@example
  7.1162 -qemu-i386 tests/i386/ls
  7.1163 -@end example
  7.1164 -You can look at @file{qemu-binfmt-conf.sh} so that
  7.1165 -QEMU is automatically launched by the Linux kernel when you try to
  7.1166 -launch x86 executables. It requires the @code{binfmt_misc} module in the
  7.1167 -Linux kernel.
  7.1168 -
  7.1169 -@item The x86 version of QEMU is also included. You can try weird things such as:
  7.1170 -@example
  7.1171 -qemu-i386 /usr/local/qemu-i386/bin/qemu-i386 /usr/local/qemu-i386/bin/ls-i386
  7.1172 -@end example
  7.1173 -
  7.1174 -@end itemize
  7.1175 -
  7.1176 -@section Wine launch
  7.1177 -
  7.1178 -@itemize
  7.1179 -
  7.1180 -@item Ensure that you have a working QEMU with the x86 glibc
  7.1181 -distribution (see previous section). In order to verify it, you must be
  7.1182 -able to do:
  7.1183 -
  7.1184 -@example
  7.1185 -qemu-i386 /usr/local/qemu-i386/bin/ls-i386
  7.1186 -@end example
  7.1187 -
  7.1188 -@item Download the binary x86 Wine install
  7.1189 -(@file{qemu-XXX-i386-wine.tar.gz} on the QEMU web page). 
  7.1190 -
  7.1191 -@item Configure Wine on your account. Look at the provided script
  7.1192 -@file{/usr/local/qemu-i386/bin/wine-conf.sh}. Your previous
  7.1193 -@code{$@{HOME@}/.wine} directory is saved to @code{$@{HOME@}/.wine.org}.
  7.1194 -
  7.1195 -@item Then you can try the example @file{putty.exe}:
  7.1196 -
  7.1197 -@example
  7.1198 -qemu-i386 /usr/local/qemu-i386/wine/bin/wine /usr/local/qemu-i386/wine/c/Program\ Files/putty.exe
  7.1199 -@end example
  7.1200 -
  7.1201 -@end itemize
  7.1202 -
  7.1203 -@section Command line options
  7.1204 -
  7.1205 -@example
  7.1206 -usage: qemu-i386 [-h] [-d] [-L path] [-s size] program [arguments...]
  7.1207 -@end example
  7.1208 -
  7.1209 -@table @option
  7.1210 -@item -h
  7.1211 -Print the help
  7.1212 -@item -L path   
  7.1213 -Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386)
  7.1214 -@item -s size
  7.1215 -Set the x86 stack size in bytes (default=524288)
  7.1216 -@end table
  7.1217 -
  7.1218 -Debug options:
  7.1219 -
  7.1220 -@table @option
  7.1221 -@item -d
  7.1222 -Activate log (logfile=/tmp/qemu.log)
  7.1223 -@item -p pagesize
  7.1224 -Act as if the host page size was 'pagesize' bytes
  7.1225 -@end table
  7.1226 -
  7.1227 -@node compilation
  7.1228 -@chapter Compilation from the sources
  7.1229 -
  7.1230 -@section Linux/BSD
  7.1231 -
  7.1232 -Read the @file{README} which gives the related information.
  7.1233 -
  7.1234 -@section Windows
  7.1235 -
  7.1236 -@itemize
  7.1237 -@item Install the current versions of MSYS and MinGW from
  7.1238 -@url{http://www.mingw.org/}. You can find detailed installation
  7.1239 -instructions in the download section and the FAQ.
  7.1240 -
  7.1241 -@item Download 
  7.1242 -the MinGW development library of SDL 1.2.x
  7.1243 -(@file{SDL-devel-1.2.x-mingw32.tar.gz}) from
  7.1244 -@url{http://www.libsdl.org}. Unpack it in a temporary place, and
  7.1245 -unpack the archive @file{i386-mingw32msvc.tar.gz} in the MinGW tool
  7.1246 -directory. Edit the @file{sdl-config} script so that it gives the
  7.1247 -correct SDL directory when invoked.
  7.1248 -
  7.1249 -@item Extract the current version of QEMU.
  7.1250 - 
  7.1251 -@item Start the MSYS shell (file @file{msys.bat}).
  7.1252 -
  7.1253 -@item Change to the QEMU directory. Launch @file{./configure} and 
  7.1254 -@file{make}.  If you have problems using SDL, verify that
  7.1255 -@file{sdl-config} can be launched from the MSYS command line.
  7.1256 -
  7.1257 -@item You can install QEMU in @file{Program Files/Qemu} by typing 
  7.1258 -@file{make install}. Don't forget to copy @file{SDL.dll} in
  7.1259 -@file{Program Files/Qemu}.
  7.1260 -
  7.1261 -@end itemize
  7.1262 -
  7.1263 -@section Cross compilation for Windows with Linux
  7.1264 -
  7.1265 -@itemize
  7.1266 -@item
  7.1267 -Install the MinGW cross compilation tools available at
  7.1268 -@url{http://www.mingw.org/}.
  7.1269 -
  7.1270 -@item 
  7.1271 -Install the Win32 version of SDL (@url{http://www.libsdl.org}) by
  7.1272 -unpacking @file{i386-mingw32msvc.tar.gz}. Set up the PATH environment
  7.1273 -variable so that @file{i386-mingw32msvc-sdl-config} can be launched by
  7.1274 -the QEMU configuration script.
  7.1275 -
  7.1276 -@item 
  7.1277 -Configure QEMU for Windows cross compilation:
  7.1278 -@example
  7.1279 -./configure --enable-mingw32
  7.1280 -@end example
  7.1281 -If necessary, you can change the cross-prefix according to the prefix
  7.1282 -choosen for the MinGW tools with --cross-prefix. You can also use
  7.1283 ---prefix to set the Win32 install path.
  7.1284 -
  7.1285 -@item You can install QEMU in the installation directory by typing 
  7.1286 -@file{make install}. Don't forget to copy @file{SDL.dll} in the
  7.1287 -installation directory. 
  7.1288 -
  7.1289 -@end itemize
  7.1290 -
  7.1291 -Note: Currently, Wine does not seem able to launch
  7.1292 -QEMU for Win32.
  7.1293 -
  7.1294 -@section Mac OS X
  7.1295 -
  7.1296 -The Mac OS X patches are not fully merged in QEMU, so you should look
  7.1297 -at the QEMU mailing list archive to have all the necessary
  7.1298 -information.
  7.1299 -
     8.1 --- a/tools/ioemu/qemu-mkcow.1	Fri May 20 01:47:06 2005 +0000
     8.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     8.3 @@ -1,105 +0,0 @@
     8.4 -.\" $Header: /cvsroot/qemu/qemu/qemu-mkcow.1,v 1.1 2004/03/26 22:42:54 bellard Exp $
     8.5 -.\"
     8.6 -.\"	transcript compatibility for postscript use.
     8.7 -.\"
     8.8 -.\"	synopsis:  .P! <file.ps>
     8.9 -.\"
    8.10 -.de P!
    8.11 -.fl
    8.12 -\!!1 setgray
    8.13 -.fl
    8.14 -\\&.\"
    8.15 -.fl
    8.16 -\!!0 setgray
    8.17 -.fl			\" force out current output buffer
    8.18 -\!!save /psv exch def currentpoint translate 0 0 moveto
    8.19 -\!!/showpage{}def
    8.20 -.fl			\" prolog
    8.21 -.sy sed -e 's/^/!/' \\$1\" bring in postscript file
    8.22 -\!!psv restore
    8.23 -.
    8.24 -.de pF
    8.25 -.ie     \\*(f1 .ds f1 \\n(.f
    8.26 -.el .ie \\*(f2 .ds f2 \\n(.f
    8.27 -.el .ie \\*(f3 .ds f3 \\n(.f
    8.28 -.el .ie \\*(f4 .ds f4 \\n(.f
    8.29 -.el .tm ? font overflow
    8.30 -.ft \\$1
    8.31 -..
    8.32 -.de fP
    8.33 -.ie     !\\*(f4 \{\
    8.34 -.	ft \\*(f4
    8.35 -.	ds f4\"
    8.36 -'	br \}
    8.37 -.el .ie !\\*(f3 \{\
    8.38 -.	ft \\*(f3
    8.39 -.	ds f3\"
    8.40 -'	br \}
    8.41 -.el .ie !\\*(f2 \{\
    8.42 -.	ft \\*(f2
    8.43 -.	ds f2\"
    8.44 -'	br \}
    8.45 -.el .ie !\\*(f1 \{\
    8.46 -.	ft \\*(f1
    8.47 -.	ds f1\"
    8.48 -'	br \}
    8.49 -.el .tm ? font underflow
    8.50 -..
    8.51 -.ds f1\"
    8.52 -.ds f2\"
    8.53 -.ds f3\"
    8.54 -.ds f4\"
    8.55 -'\" t 
    8.56 -.ta 8n 16n 24n 32n 40n 48n 56n 64n 72n  
    8.57 -.TH "QEMU" "8" 
    8.58 -.SH "NAME" 
    8.59 -qemu-mkcow \(em create a copy-on-write file for qemu 
    8.60 -.SH "SYNOPSIS" 
    8.61 -.PP 
    8.62 -\fBqemu-mkcow\fR [\fB-h\fP]  [\fB-f \fImaster_disk_image\fR\fP]  [\fIcow_image\fR]  [\fB\fIcow_size\fR\fP]  
    8.63 -.SH "DESCRIPTION" 
    8.64 -.PP 
    8.65 -The \fBqemu-mkcow\fR command creates a 
    8.66 -persistent copy-on-write file for \fBqemu\fR. 
    8.67 - 
    8.68 -.PP 
    8.69 -\fBqemu\fR can be used in a "copy-on-write" mode, 
    8.70 -where changes made by \fBqemu\fR do not actually 
    8.71 -change the disk image file.  One way is to invoke 
    8.72 -\fBqemu\fR with -snapshot: these changes 
    8.73 -are stored in a temporary file, which is discarded when  
    8.74 -\fBqemu\fR exits. 
    8.75 - 
    8.76 -.PP 
    8.77 -\fBqemu-mkcow\fR creates an explicit copy-on-write 
    8.78 -file where changes are to be stored: this way, changes made 
    8.79 -inside \fBqemu\fR will still be there next time you 
    8.80 -run it, although the master disk image isn't ever changed. 
    8.81 - 
    8.82 -.PP 
    8.83 -The usual method is to create the master image, then create a 
    8.84 -copy-on-write file using \fBqemu-mkcow\fR with 
    8.85 -\fB-f\fP.  The filename of the master image is stored 
    8.86 -inside the generated copy-on-write file: it must not be modified 
    8.87 -after this is run! 
    8.88 - 
    8.89 -.PP 
    8.90 -If no master file is specified, the effect is that of a 
    8.91 -blank master of size \fIcow_size\fR. 
    8.92 - 
    8.93 -.SH "SEE ALSO" 
    8.94 -.PP 
    8.95 -qemu(1), qemu-fast(1). 
    8.96 -.SH "AUTHOR" 
    8.97 -.PP 
    8.98 -This manual page was written by Paul Russell prussell@debian.org for 
    8.99 -the \fBDebian\fP system (but may be used by others).  Permission is 
   8.100 -granted to copy, distribute and/or modify this document under 
   8.101 -the terms of the GNU General Public License, Version 2 any  
   8.102 -later version published by the Free Software Foundation. 
   8.103 - 
   8.104 -.PP 
   8.105 -On Debian systems, the complete text of the GNU General Public 
   8.106 -License can be found in /usr/share/common-licenses/GPL. 
   8.107 - 
   8.108 -.\" created by instant / docbook-to-man, Fri 12 Mar 2004, 05:58 
     9.1 --- a/tools/ioemu/qemu-tech.html	Fri May 20 01:47:06 2005 +0000
     9.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     9.3 @@ -1,1303 +0,0 @@
     9.4 -<HTML>
     9.5 -<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
     9.6 -<!-- Created on January, 25  2005 by texi2html 1.64 -->
     9.7 -<!-- 
     9.8 -Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
     9.9 -            Karl Berry  <karl@freefriends.org>
    9.10 -            Olaf Bachmann <obachman@mathematik.uni-kl.de>
    9.11 -            and many others.
    9.12 -Maintained by: Olaf Bachmann <obachman@mathematik.uni-kl.de>
    9.13 -Send bugs and suggestions to <texi2html@mathematik.uni-kl.de>
    9.14 - 
    9.15 --->
    9.16 -<HEAD>
    9.17 -<TITLE>Untitled Document: </TITLE>
    9.18 -
    9.19 -<META NAME="description" CONTENT="Untitled Document: ">
    9.20 -<META NAME="keywords" CONTENT="Untitled Document: ">
    9.21 -<META NAME="resource-type" CONTENT="document">
    9.22 -<META NAME="distribution" CONTENT="global">
    9.23 -<META NAME="Generator" CONTENT="texi2html 1.64">
    9.24 -
    9.25 -</HEAD>
    9.26 -
    9.27 -<BODY LANG="" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#800080" ALINK="#FF0000">
    9.28 -
    9.29 -<A NAME="SEC1"></A>
    9.30 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
    9.31 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> &lt; </A>]</TD>
    9.32 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC2"> &gt; </A>]</TD>
    9.33 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
    9.34 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
    9.35 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
    9.36 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
    9.37 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
    9.38 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
    9.39 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
    9.40 -</TR></TABLE>
    9.41 -<P>
    9.42 -
    9.43 -<H1> 1. Introduction </H1>
    9.44 -<!--docid::SEC1::-->
    9.45 -<P>
    9.46 -
    9.47 -<HR SIZE="6">
    9.48 -<A NAME="SEC2"></A>
    9.49 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
    9.50 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> &lt; </A>]</TD>
    9.51 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC3"> &gt; </A>]</TD>
    9.52 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
    9.53 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
    9.54 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
    9.55 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
    9.56 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
    9.57 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
    9.58 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
    9.59 -</TR></TABLE>
    9.60 -<H2> 1.1 Features </H2>
    9.61 -<!--docid::SEC2::-->
    9.62 -<P>
    9.63 -
    9.64 -QEMU is a FAST! processor emulator using a portable dynamic
    9.65 -translator.
    9.66 -</P><P>
    9.67 -
    9.68 -QEMU has two operating modes:
    9.69 -</P><P>
    9.70 -
    9.71 -<UL>
    9.72 -
    9.73 -<LI>
    9.74 -Full system emulation. In this mode, QEMU emulates a full system
    9.75 -(usually a PC), including a processor and various peripherials. It can
    9.76 -be used to launch an different Operating System without rebooting the
    9.77 -PC or to debug system code.
    9.78 -<P>
    9.79 -
    9.80 -<LI>
    9.81 -User mode emulation (Linux host only). In this mode, QEMU can launch
    9.82 -Linux processes compiled for one CPU on another CPU. It can be used to
    9.83 -launch the Wine Windows API emulator (<A HREF="http://www.winehq.org">http://www.winehq.org</A>) or
    9.84 -to ease cross-compilation and cross-debugging.
    9.85 -<P>
    9.86 -
    9.87 -</UL>
    9.88 -<P>
    9.89 -
    9.90 -As QEMU requires no host kernel driver to run, it is very safe and
    9.91 -easy to use.
    9.92 -</P><P>
    9.93 -
    9.94 -QEMU generic features:
    9.95 -</P><P>
    9.96 -
    9.97 -<UL>
    9.98 -
    9.99 -<LI>User space only or full system emulation.
   9.100 -<P>
   9.101 -
   9.102 -<LI>Using dynamic translation to native code for reasonnable speed.
   9.103 -<P>
   9.104 -
   9.105 -<LI>Working on x86 and PowerPC hosts. Being tested on ARM, Sparc32, Alpha and S390.
   9.106 -<P>
   9.107 -
   9.108 -<LI>Self-modifying code support.
   9.109 -<P>
   9.110 -
   9.111 -<LI>Precise exceptions support.
   9.112 -<P>
   9.113 -
   9.114 -<LI>The virtual CPU is a library (<CODE>libqemu</CODE>) which can be used
   9.115 -in other projects (look at <TT>`qemu/tests/qruncom.c'</TT> to have an
   9.116 -example of user mode <CODE>libqemu</CODE> usage).
   9.117 -<P>
   9.118 -
   9.119 -</UL>
   9.120 -<P>
   9.121 -
   9.122 -QEMU user mode emulation features:
   9.123 -<UL>
   9.124 -<LI>Generic Linux system call converter, including most ioctls.
   9.125 -<P>
   9.126 -
   9.127 -<LI>clone() emulation using native CPU clone() to use Linux scheduler for threads.
   9.128 -<P>
   9.129 -
   9.130 -<LI>Accurate signal handling by remapping host signals to target signals.
   9.131 -</UL>
   9.132 -</UL>
   9.133 -
   9.134 -QEMU full system emulation features:
   9.135 -<UL>
   9.136 -<LI>QEMU can either use a full software MMU for maximum portability or use the host system call mmap() to simulate the target MMU.
   9.137 -</UL>
   9.138 -
   9.139 -<HR SIZE="6">
   9.140 -<A NAME="SEC3"></A>
   9.141 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.142 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC2"> &lt; </A>]</TD>
   9.143 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC4"> &gt; </A>]</TD>
   9.144 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.145 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.146 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.147 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.148 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.149 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.150 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.151 -</TR></TABLE>
   9.152 -<H2> 1.2 x86 emulation </H2>
   9.153 -<!--docid::SEC3::-->
   9.154 -<P>
   9.155 -
   9.156 -QEMU x86 target features:
   9.157 -</P><P>
   9.158 -
   9.159 -<UL>
   9.160 -
   9.161 -<LI>The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation.
   9.162 -LDT/GDT and IDT are emulated. VM86 mode is also supported to run DOSEMU.
   9.163 -<P>
   9.164 -
   9.165 -<LI>Support of host page sizes bigger than 4KB in user mode emulation.
   9.166 -<P>
   9.167 -
   9.168 -<LI>QEMU can emulate itself on x86.
   9.169 -<P>
   9.170 -
   9.171 -<LI>An extensive Linux x86 CPU test program is included <TT>`tests/test-i386'</TT>.
   9.172 -It can be used to test other x86 virtual CPUs.
   9.173 -<P>
   9.174 -
   9.175 -</UL>
   9.176 -<P>
   9.177 -
   9.178 -Current QEMU limitations:
   9.179 -</P><P>
   9.180 -
   9.181 -<UL>
   9.182 -
   9.183 -<LI>No SSE/MMX support (yet).
   9.184 -<P>
   9.185 -
   9.186 -<LI>No x86-64 support.
   9.187 -<P>
   9.188 -
   9.189 -<LI>IPC syscalls are missing.
   9.190 -<P>
   9.191 -
   9.192 -<LI>The x86 segment limits and access rights are not tested at every
   9.193 -memory access (yet). Hopefully, very few OSes seem to rely on that for
   9.194 -normal use.
   9.195 -<P>
   9.196 -
   9.197 -<LI>On non x86 host CPUs, <CODE>double</CODE>s are used instead of the non standard
   9.198 -10 byte <CODE>long double</CODE>s of x86 for floating point emulation to get
   9.199 -maximum performances.
   9.200 -<P>
   9.201 -
   9.202 -</UL>
   9.203 -<P>
   9.204 -
   9.205 -<HR SIZE="6">
   9.206 -<A NAME="SEC4"></A>
   9.207 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.208 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC3"> &lt; </A>]</TD>
   9.209 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC5"> &gt; </A>]</TD>
   9.210 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.211 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.212 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.213 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.214 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.215 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.216 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.217 -</TR></TABLE>
   9.218 -<H2> 1.3 ARM emulation </H2>
   9.219 -<!--docid::SEC4::-->
   9.220 -<P>
   9.221 -
   9.222 -<UL>
   9.223 -
   9.224 -<LI>Full ARM 7 user emulation.
   9.225 -<P>
   9.226 -
   9.227 -<LI>NWFPE FPU support included in user Linux emulation.
   9.228 -<P>
   9.229 -
   9.230 -<LI>Can run most ARM Linux binaries.
   9.231 -<P>
   9.232 -
   9.233 -</UL>
   9.234 -<P>
   9.235 -
   9.236 -<HR SIZE="6">
   9.237 -<A NAME="SEC5"></A>
   9.238 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.239 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC4"> &lt; </A>]</TD>
   9.240 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC6"> &gt; </A>]</TD>
   9.241 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.242 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.243 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.244 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.245 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.246 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.247 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.248 -</TR></TABLE>
   9.249 -<H2> 1.4 PowerPC emulation </H2>
   9.250 -<!--docid::SEC5::-->
   9.251 -<P>
   9.252 -
   9.253 -<UL>
   9.254 -
   9.255 -<LI>Full PowerPC 32 bit emulation, including priviledged instructions,
   9.256 -FPU and MMU.
   9.257 -<P>
   9.258 -
   9.259 -<LI>Can run most PowerPC Linux binaries.
   9.260 -<P>
   9.261 -
   9.262 -</UL>
   9.263 -<P>
   9.264 -
   9.265 -<HR SIZE="6">
   9.266 -<A NAME="SEC6"></A>
   9.267 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.268 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC5"> &lt; </A>]</TD>
   9.269 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC7"> &gt; </A>]</TD>
   9.270 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.271 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.272 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.273 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.274 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.275 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.276 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.277 -</TR></TABLE>
   9.278 -<H2> 1.5 SPARC emulation </H2>
   9.279 -<!--docid::SEC6::-->
   9.280 -<P>
   9.281 -
   9.282 -<UL>
   9.283 -
   9.284 -<LI>SPARC V8 user support, except FPU instructions.
   9.285 -<P>
   9.286 -
   9.287 -<LI>Can run some SPARC Linux binaries.
   9.288 -<P>
   9.289 -
   9.290 -</UL>
   9.291 -<P>
   9.292 -
   9.293 -<HR SIZE="6">
   9.294 -<A NAME="SEC7"></A>
   9.295 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.296 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC6"> &lt; </A>]</TD>
   9.297 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC8"> &gt; </A>]</TD>
   9.298 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.299 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.300 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.301 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.302 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.303 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.304 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.305 -</TR></TABLE>
   9.306 -<H1> 2. QEMU Internals </H1>
   9.307 -<!--docid::SEC7::-->
   9.308 -<P>
   9.309 -
   9.310 -<HR SIZE="6">
   9.311 -<A NAME="SEC8"></A>
   9.312 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.313 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC7"> &lt; </A>]</TD>
   9.314 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC9"> &gt; </A>]</TD>
   9.315 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.316 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.317 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.318 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.319 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.320 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.321 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.322 -</TR></TABLE>
   9.323 -<H2> 2.1 QEMU compared to other emulators </H2>
   9.324 -<!--docid::SEC8::-->
   9.325 -<P>
   9.326 -
   9.327 -Like bochs <A HREF="qemu-tech.html#BIB3">[3]</A>, QEMU emulates an x86 CPU. But QEMU is much faster than
   9.328 -bochs as it uses dynamic compilation. Bochs is closely tied to x86 PC
   9.329 -emulation while QEMU can emulate several processors.
   9.330 -</P><P>
   9.331 -
   9.332 -Like Valgrind <A HREF="qemu-tech.html#BIB2">[2]</A>, QEMU does user space emulation and dynamic
   9.333 -translation. Valgrind is mainly a memory debugger while QEMU has no
   9.334 -support for it (QEMU could be used to detect out of bound memory
   9.335 -accesses as Valgrind, but it has no support to track uninitialised data
   9.336 -as Valgrind does). The Valgrind dynamic translator generates better code
   9.337 -than QEMU (in particular it does register allocation) but it is closely
   9.338 -tied to an x86 host and target and has no support for precise exceptions
   9.339 -and system emulation.
   9.340 -</P><P>
   9.341 -
   9.342 -EM86 <A HREF="qemu-tech.html#BIB4">[4]</A> is the closest project to user space QEMU (and QEMU still uses
   9.343 -some of its code, in particular the ELF file loader). EM86 was limited
   9.344 -to an alpha host and used a proprietary and slow interpreter (the
   9.345 -interpreter part of the FX!32 Digital Win32 code translator <A HREF="qemu-tech.html#BIB5">[5]</A>).
   9.346 -</P><P>
   9.347 -
   9.348 -TWIN <A HREF="qemu-tech.html#BIB6">[6]</A> is a Windows API emulator like Wine. It is less accurate than
   9.349 -Wine but includes a protected mode x86 interpreter to launch x86 Windows
   9.350 -executables. Such an approach has greater potential because most of the
   9.351 -Windows API is executed natively but it is far more difficult to develop
   9.352 -because all the data structures and function parameters exchanged
   9.353 -between the API and the x86 code must be converted.
   9.354 -</P><P>
   9.355 -
   9.356 -User mode Linux <A HREF="qemu-tech.html#BIB7">[7]</A> was the only solution before QEMU to launch a
   9.357 -Linux kernel as a process while not needing any host kernel
   9.358 -patches. However, user mode Linux requires heavy kernel patches while
   9.359 -QEMU accepts unpatched Linux kernels. The price to pay is that QEMU is
   9.360 -slower.
   9.361 -</P><P>
   9.362 -
   9.363 -The new Plex86 <A HREF="qemu-tech.html#BIB8">[8]</A> PC virtualizer is done in the same spirit as the
   9.364 -qemu-fast system emulator. It requires a patched Linux kernel to work
   9.365 -(you cannot launch the same kernel on your PC), but the patches are
   9.366 -really small. As it is a PC virtualizer (no emulation is done except
   9.367 -for some priveledged instructions), it has the potential of being
   9.368 -faster than QEMU. The downside is that a complicated (and potentially
   9.369 -unsafe) host kernel patch is needed.
   9.370 -</P><P>
   9.371 -
   9.372 -The commercial PC Virtualizers (VMWare <A HREF="qemu-tech.html#BIB9">[9]</A>, VirtualPC <A HREF="qemu-tech.html#BIB10">[10]</A>, TwoOStwo
   9.373 -<A HREF="qemu-tech.html#BIB11">[11]</A>) are faster than QEMU, but they all need specific, proprietary
   9.374 -and potentially unsafe host drivers. Moreover, they are unable to
   9.375 -provide cycle exact simulation as an emulator can.
   9.376 -</P><P>
   9.377 -
   9.378 -<HR SIZE="6">
   9.379 -<A NAME="SEC9"></A>
   9.380 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.381 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC8"> &lt; </A>]</TD>
   9.382 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC10"> &gt; </A>]</TD>
   9.383 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.384 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.385 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.386 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.387 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.388 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.389 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.390 -</TR></TABLE>
   9.391 -<H2> 2.2 Portable dynamic translation </H2>
   9.392 -<!--docid::SEC9::-->
   9.393 -<P>
   9.394 -
   9.395 -QEMU is a dynamic translator. When it first encounters a piece of code,
   9.396 -it converts it to the host instruction set. Usually dynamic translators
   9.397 -are very complicated and highly CPU dependent. QEMU uses some tricks
   9.398 -which make it relatively easily portable and simple while achieving good
   9.399 -performances.
   9.400 -</P><P>
   9.401 -
   9.402 -The basic idea is to split every x86 instruction into fewer simpler
   9.403 -instructions. Each simple instruction is implemented by a piece of C
   9.404 -code (see <TT>`target-i386/op.c'</TT>). Then a compile time tool
   9.405 -(<TT>`dyngen'</TT>) takes the corresponding object file (<TT>`op.o'</TT>)
   9.406 -to generate a dynamic code generator which concatenates the simple
   9.407 -instructions to build a function (see <TT>`op.h:dyngen_code()'</TT>).
   9.408 -</P><P>
   9.409 -
   9.410 -In essence, the process is similar to <A HREF="qemu-tech.html#BIB1">[1]</A>, but more work is done at
   9.411 -compile time. 
   9.412 -</P><P>
   9.413 -
   9.414 -A key idea to get optimal performances is that constant parameters can
   9.415 -be passed to the simple operations. For that purpose, dummy ELF
   9.416 -relocations are generated with gcc for each constant parameter. Then,
   9.417 -the tool (<TT>`dyngen'</TT>) can locate the relocations and generate the
   9.418 -appriopriate C code to resolve them when building the dynamic code.
   9.419 -</P><P>
   9.420 -
   9.421 -That way, QEMU is no more difficult to port than a dynamic linker.
   9.422 -</P><P>
   9.423 -
   9.424 -To go even faster, GCC static register variables are used to keep the
   9.425 -state of the virtual CPU.
   9.426 -</P><P>
   9.427 -
   9.428 -<HR SIZE="6">
   9.429 -<A NAME="SEC10"></A>
   9.430 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.431 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC9"> &lt; </A>]</TD>
   9.432 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC11"> &gt; </A>]</TD>
   9.433 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.434 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.435 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.436 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.437 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.438 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.439 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.440 -</TR></TABLE>
   9.441 -<H2> 2.3 Register allocation </H2>
   9.442 -<!--docid::SEC10::-->
   9.443 -<P>
   9.444 -
   9.445 -Since QEMU uses fixed simple instructions, no efficient register
   9.446 -allocation can be done. However, because RISC CPUs have a lot of
   9.447 -register, most of the virtual CPU state can be put in registers without
   9.448 -doing complicated register allocation.
   9.449 -</P><P>
   9.450 -
   9.451 -<HR SIZE="6">
   9.452 -<A NAME="SEC11"></A>
   9.453 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.454 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC10"> &lt; </A>]</TD>
   9.455 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC12"> &gt; </A>]</TD>
   9.456 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.457 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.458 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.459 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.460 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.461 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.462 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.463 -</TR></TABLE>
   9.464 -<H2> 2.4 Condition code optimisations </H2>
   9.465 -<!--docid::SEC11::-->
   9.466 -<P>
   9.467 -
   9.468 -Good CPU condition codes emulation (<CODE>EFLAGS</CODE> register on x86) is a
   9.469 -critical point to get good performances. QEMU uses lazy condition code
   9.470 -evaluation: instead of computing the condition codes after each x86
   9.471 -instruction, it just stores one operand (called <CODE>CC_SRC</CODE>), the
   9.472 -result (called <CODE>CC_DST</CODE>) and the type of operation (called
   9.473 -<CODE>CC_OP</CODE>).
   9.474 -</P><P>
   9.475 -
   9.476 -<CODE>CC_OP</CODE> is almost never explicitely set in the generated code
   9.477 -because it is known at translation time.
   9.478 -</P><P>
   9.479 -
   9.480 -In order to increase performances, a backward pass is performed on the
   9.481 -generated simple instructions (see
   9.482 -<CODE>target-i386/translate.c:optimize_flags()</CODE>). When it can be proved that
   9.483 -the condition codes are not needed by the next instructions, no
   9.484 -condition codes are computed at all.
   9.485 -</P><P>
   9.486 -
   9.487 -<HR SIZE="6">
   9.488 -<A NAME="SEC12"></A>
   9.489 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.490 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC11"> &lt; </A>]</TD>
   9.491 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC13"> &gt; </A>]</TD>
   9.492 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.493 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.494 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.495 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.496 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.497 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.498 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.499 -</TR></TABLE>
   9.500 -<H2> 2.5 CPU state optimisations </H2>
   9.501 -<!--docid::SEC12::-->
   9.502 -<P>
   9.503 -
   9.504 -The x86 CPU has many internal states which change the way it evaluates
   9.505 -instructions. In order to achieve a good speed, the translation phase
   9.506 -considers that some state information of the virtual x86 CPU cannot
   9.507 -change in it. For example, if the SS, DS and ES segments have a zero
   9.508 -base, then the translator does not even generate an addition for the
   9.509 -segment base.
   9.510 -</P><P>
   9.511 -
   9.512 -[The FPU stack pointer register is not handled that way yet].
   9.513 -</P><P>
   9.514 -
   9.515 -<HR SIZE="6">
   9.516 -<A NAME="SEC13"></A>
   9.517 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.518 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC12"> &lt; </A>]</TD>
   9.519 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC14"> &gt; </A>]</TD>
   9.520 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.521 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.522 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.523 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.524 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.525 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.526 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.527 -</TR></TABLE>
   9.528 -<H2> 2.6 Translation cache </H2>
   9.529 -<!--docid::SEC13::-->
   9.530 -<P>
   9.531 -
   9.532 -A 16 MByte cache holds the most recently used translations. For
   9.533 -simplicity, it is completely flushed when it is full. A translation unit
   9.534 -contains just a single basic block (a block of x86 instructions
   9.535 -terminated by a jump or by a virtual CPU state change which the
   9.536 -translator cannot deduce statically).
   9.537 -</P><P>
   9.538 -
   9.539 -<HR SIZE="6">
   9.540 -<A NAME="SEC14"></A>
   9.541 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.542 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC13"> &lt; </A>]</TD>
   9.543 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC15"> &gt; </A>]</TD>
   9.544 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.545 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.546 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.547 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.548 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.549 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.550 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.551 -</TR></TABLE>
   9.552 -<H2> 2.7 Direct block chaining </H2>
   9.553 -<!--docid::SEC14::-->
   9.554 -<P>
   9.555 -
   9.556 -After each translated basic block is executed, QEMU uses the simulated
   9.557 -Program Counter (PC) and other cpu state informations (such as the CS
   9.558 -segment base value) to find the next basic block.
   9.559 -</P><P>
   9.560 -
   9.561 -In order to accelerate the most common cases where the new simulated PC
   9.562 -is known, QEMU can patch a basic block so that it jumps directly to the
   9.563 -next one.
   9.564 -</P><P>
   9.565 -
   9.566 -The most portable code uses an indirect jump. An indirect jump makes
   9.567 -it easier to make the jump target modification atomic. On some host
   9.568 -architectures (such as x86 or PowerPC), the <CODE>JUMP</CODE> opcode is
   9.569 -directly patched so that the block chaining has no overhead.
   9.570 -</P><P>
   9.571 -
   9.572 -<HR SIZE="6">
   9.573 -<A NAME="SEC15"></A>
   9.574 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.575 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC14"> &lt; </A>]</TD>
   9.576 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC16"> &gt; </A>]</TD>
   9.577 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.578 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.579 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.580 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.581 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.582 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.583 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.584 -</TR></TABLE>
   9.585 -<H2> 2.8 Self-modifying code and translated code invalidation </H2>
   9.586 -<!--docid::SEC15::-->
   9.587 -<P>
   9.588 -
   9.589 -Self-modifying code is a special challenge in x86 emulation because no
   9.590 -instruction cache invalidation is signaled by the application when code
   9.591 -is modified.
   9.592 -</P><P>
   9.593 -
   9.594 -When translated code is generated for a basic block, the corresponding
   9.595 -host page is write protected if it is not already read-only (with the
   9.596 -system call <CODE>mprotect()</CODE>). Then, if a write access is done to the
   9.597 -page, Linux raises a SEGV signal. QEMU then invalidates all the
   9.598 -translated code in the page and enables write accesses to the page.
   9.599 -</P><P>
   9.600 -
   9.601 -Correct translated code invalidation is done efficiently by maintaining
   9.602 -a linked list of every translated block contained in a given page. Other
   9.603 -linked lists are also maintained to undo direct block chaining. 
   9.604 -</P><P>
   9.605 -
   9.606 -Although the overhead of doing <CODE>mprotect()</CODE> calls is important,
   9.607 -most MSDOS programs can be emulated at reasonnable speed with QEMU and
   9.608 -DOSEMU.
   9.609 -</P><P>
   9.610 -
   9.611 -Note that QEMU also invalidates pages of translated code when it detects
   9.612 -that memory mappings are modified with <CODE>mmap()</CODE> or <CODE>munmap()</CODE>.
   9.613 -</P><P>
   9.614 -
   9.615 -When using a software MMU, the code invalidation is more efficient: if
   9.616 -a given code page is invalidated too often because of write accesses,
   9.617 -then a bitmap representing all the code inside the page is
   9.618 -built. Every store into that page checks the bitmap to see if the code
   9.619 -really needs to be invalidated. It avoids invalidating the code when
   9.620 -only data is modified in the page.
   9.621 -</P><P>
   9.622 -
   9.623 -<HR SIZE="6">
   9.624 -<A NAME="SEC16"></A>
   9.625 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.626 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC15"> &lt; </A>]</TD>
   9.627 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC17"> &gt; </A>]</TD>
   9.628 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.629 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.630 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.631 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.632 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.633 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.634 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.635 -</TR></TABLE>
   9.636 -<H2> 2.9 Exception support </H2>
   9.637 -<!--docid::SEC16::-->
   9.638 -<P>
   9.639 -
   9.640 -longjmp() is used when an exception such as division by zero is
   9.641 -encountered. 
   9.642 -</P><P>
   9.643 -
   9.644 -The host SIGSEGV and SIGBUS signal handlers are used to get invalid
   9.645 -memory accesses. The exact CPU state can be retrieved because all the
   9.646 -x86 registers are stored in fixed host registers. The simulated program
   9.647 -counter is found by retranslating the corresponding basic block and by
   9.648 -looking where the host program counter was at the exception point.
   9.649 -</P><P>
   9.650 -
   9.651 -The virtual CPU cannot retrieve the exact <CODE>EFLAGS</CODE> register because
   9.652 -in some cases it is not computed because of condition code
   9.653 -optimisations. It is not a big concern because the emulated code can
   9.654 -still be restarted in any cases.
   9.655 -</P><P>
   9.656 -
   9.657 -<HR SIZE="6">
   9.658 -<A NAME="SEC17"></A>
   9.659 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.660 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC16"> &lt; </A>]</TD>
   9.661 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC18"> &gt; </A>]</TD>
   9.662 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.663 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.664 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.665 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.666 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.667 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.668 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.669 -</TR></TABLE>
   9.670 -<H2> 2.10 MMU emulation </H2>
   9.671 -<!--docid::SEC17::-->
   9.672 -<P>
   9.673 -
   9.674 -For system emulation, QEMU uses the mmap() system call to emulate the
   9.675 -target CPU MMU. It works as long the emulated OS does not use an area
   9.676 -reserved by the host OS (such as the area above 0xc0000000 on x86
   9.677 -Linux).
   9.678 -</P><P>
   9.679 -
   9.680 -In order to be able to launch any OS, QEMU also supports a soft
   9.681 -MMU. In that mode, the MMU virtual to physical address translation is
   9.682 -done at every memory access. QEMU uses an address translation cache to
   9.683 -speed up the translation.
   9.684 -</P><P>
   9.685 -
   9.686 -In order to avoid flushing the translated code each time the MMU
   9.687 -mappings change, QEMU uses a physically indexed translation cache. It
   9.688 -means that each basic block is indexed with its physical address. 
   9.689 -</P><P>
   9.690 -
   9.691 -When MMU mappings change, only the chaining of the basic blocks is
   9.692 -reset (i.e. a basic block can no longer jump directly to another one).
   9.693 -</P><P>
   9.694 -
   9.695 -<HR SIZE="6">
   9.696 -<A NAME="SEC18"></A>
   9.697 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.698 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC17"> &lt; </A>]</TD>
   9.699 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC19"> &gt; </A>]</TD>
   9.700 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.701 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.702 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.703 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.704 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.705 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.706 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.707 -</TR></TABLE>
   9.708 -<H2> 2.11 Hardware interrupts </H2>
   9.709 -<!--docid::SEC18::-->
   9.710 -<P>
   9.711 -
   9.712 -In order to be faster, QEMU does not check at every basic block if an
   9.713 -hardware interrupt is pending. Instead, the user must asynchrously
   9.714 -call a specific function to tell that an interrupt is pending. This
   9.715 -function resets the chaining of the currently executing basic
   9.716 -block. It ensures that the execution will return soon in the main loop
   9.717 -of the CPU emulator. Then the main loop can test if the interrupt is
   9.718 -pending and handle it.
   9.719 -</P><P>
   9.720 -
   9.721 -<HR SIZE="6">
   9.722 -<A NAME="SEC19"></A>
   9.723 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.724 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC18"> &lt; </A>]</TD>
   9.725 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC20"> &gt; </A>]</TD>
   9.726 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.727 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.728 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.729 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.730 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.731 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.732 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.733 -</TR></TABLE>
   9.734 -<H2> 2.12 User emulation specific details </H2>
   9.735 -<!--docid::SEC19::-->
   9.736 -<P>
   9.737 -
   9.738 -<HR SIZE="6">
   9.739 -<A NAME="SEC20"></A>
   9.740 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.741 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC19"> &lt; </A>]</TD>
   9.742 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC21"> &gt; </A>]</TD>
   9.743 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.744 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.745 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.746 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.747 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.748 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.749 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.750 -</TR></TABLE>
   9.751 -<H3> 2.12.1 Linux system call translation </H3>
   9.752 -<!--docid::SEC20::-->
   9.753 -<P>
   9.754 -
   9.755 -QEMU includes a generic system call translator for Linux. It means that
   9.756 -the parameters of the system calls can be converted to fix the
   9.757 -endianness and 32/64 bit issues. The IOCTLs are converted with a generic
   9.758 -type description system (see <TT>`ioctls.h'</TT> and <TT>`thunk.c'</TT>).
   9.759 -</P><P>
   9.760 -
   9.761 -QEMU supports host CPUs which have pages bigger than 4KB. It records all
   9.762 -the mappings the process does and try to emulated the <CODE>mmap()</CODE>
   9.763 -system calls in cases where the host <CODE>mmap()</CODE> call would fail
   9.764 -because of bad page alignment.
   9.765 -</P><P>
   9.766 -
   9.767 -<HR SIZE="6">
   9.768 -<A NAME="SEC21"></A>
   9.769 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.770 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC20"> &lt; </A>]</TD>
   9.771 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC22"> &gt; </A>]</TD>
   9.772 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.773 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.774 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.775 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.776 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.777 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.778 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.779 -</TR></TABLE>
   9.780 -<H3> 2.12.2 Linux signals </H3>
   9.781 -<!--docid::SEC21::-->
   9.782 -<P>
   9.783 -
   9.784 -Normal and real-time signals are queued along with their information
   9.785 -(<CODE>siginfo_t</CODE>) as it is done in the Linux kernel. Then an interrupt
   9.786 -request is done to the virtual CPU. When it is interrupted, one queued
   9.787 -signal is handled by generating a stack frame in the virtual CPU as the
   9.788 -Linux kernel does. The <CODE>sigreturn()</CODE> system call is emulated to return
   9.789 -from the virtual signal handler.
   9.790 -</P><P>
   9.791 -
   9.792 -Some signals (such as SIGALRM) directly come from the host. Other
   9.793 -signals are synthetized from the virtual CPU exceptions such as SIGFPE
   9.794 -when a division by zero is done (see <CODE>main.c:cpu_loop()</CODE>).
   9.795 -</P><P>
   9.796 -
   9.797 -The blocked signal mask is still handled by the host Linux kernel so
   9.798 -that most signal system calls can be redirected directly to the host
   9.799 -Linux kernel. Only the <CODE>sigaction()</CODE> and <CODE>sigreturn()</CODE> system
   9.800 -calls need to be fully emulated (see <TT>`signal.c'</TT>).
   9.801 -</P><P>
   9.802 -
   9.803 -<HR SIZE="6">
   9.804 -<A NAME="SEC22"></A>
   9.805 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.806 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC21"> &lt; </A>]</TD>
   9.807 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC23"> &gt; </A>]</TD>
   9.808 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.809 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.810 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.811 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.812 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.813 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.814 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.815 -</TR></TABLE>
   9.816 -<H3> 2.12.3 clone() system call and threads </H3>
   9.817 -<!--docid::SEC22::-->
   9.818 -<P>
   9.819 -
   9.820 -The Linux clone() system call is usually used to create a thread. QEMU
   9.821 -uses the host clone() system call so that real host threads are created
   9.822 -for each emulated thread. One virtual CPU instance is created for each
   9.823 -thread.
   9.824 -</P><P>
   9.825 -
   9.826 -The virtual x86 CPU atomic operations are emulated with a global lock so
   9.827 -that their semantic is preserved.
   9.828 -</P><P>
   9.829 -
   9.830 -Note that currently there are still some locking issues in QEMU. In
   9.831 -particular, the translated cache flush is not protected yet against
   9.832 -reentrancy.
   9.833 -</P><P>
   9.834 -
   9.835 -<HR SIZE="6">
   9.836 -<A NAME="SEC23"></A>
   9.837 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.838 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC22"> &lt; </A>]</TD>
   9.839 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC24"> &gt; </A>]</TD>
   9.840 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.841 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.842 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.843 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.844 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.845 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.846 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.847 -</TR></TABLE>
   9.848 -<H3> 2.12.4 Self-virtualization </H3>
   9.849 -<!--docid::SEC23::-->
   9.850 -<P>
   9.851 -
   9.852 -QEMU was conceived so that ultimately it can emulate itself. Although
   9.853 -it is not very useful, it is an important test to show the power of the
   9.854 -emulator.
   9.855 -</P><P>
   9.856 -
   9.857 -Achieving self-virtualization is not easy because there may be address
   9.858 -space conflicts. QEMU solves this problem by being an executable ELF
   9.859 -shared object as the ld-linux.so ELF interpreter. That way, it can be
   9.860 -relocated at load time.
   9.861 -</P><P>
   9.862 -
   9.863 -<HR SIZE="6">
   9.864 -<A NAME="SEC24"></A>
   9.865 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.866 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC23"> &lt; </A>]</TD>
   9.867 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC25"> &gt; </A>]</TD>
   9.868 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.869 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.870 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.871 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.872 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.873 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.874 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.875 -</TR></TABLE>
   9.876 -<H2> 2.13 Bibliography </H2>
   9.877 -<!--docid::SEC24::-->
   9.878 -<P>
   9.879 -
   9.880 -<DL COMPACT>
   9.881 -
   9.882 -<DT><A NAME="BIB1">[1]</A>
   9.883 -<DD><A HREF="http://citeseer.nj.nec.com/piumarta98optimizing.html">http://citeseer.nj.nec.com/piumarta98optimizing.html</A>, Optimizing
   9.884 -direct threaded code by selective inlining (1998) by Ian Piumarta, Fabio
   9.885 -Riccardi.
   9.886 -<P>
   9.887 -
   9.888 -<DT><A NAME="BIB2">[2]</A>
   9.889 -<DD><A HREF="http://developer.kde.org/~sewardj/">http://developer.kde.org/~sewardj/</A>, Valgrind, an open-source
   9.890 -memory debugger for x86-GNU/Linux, by Julian Seward.
   9.891 -<P>
   9.892 -
   9.893 -<DT><A NAME="BIB3">[3]</A>
   9.894 -<DD><A HREF="http://bochs.sourceforge.net/">http://bochs.sourceforge.net/</A>, the Bochs IA-32 Emulator Project,
   9.895 -by Kevin Lawton et al.
   9.896 -<P>
   9.897 -
   9.898 -<DT><A NAME="BIB4">[4]</A>
   9.899 -<DD><A HREF="http://www.cs.rose-hulman.edu/~donaldlf/em86/index.html">http://www.cs.rose-hulman.edu/~donaldlf/em86/index.html</A>, the EM86
   9.900 -x86 emulator on Alpha-Linux.
   9.901 -<P>
   9.902 -
   9.903 -<DT><A NAME="BIB5">[5]</A>
   9.904 -<DD><A HREF="http://www.usenix.org/publications/library/proceedings/usenix-nt97/full_papers/chernoff/chernoff.pdf">http://www.usenix.org/publications/library/proceedings/usenix-nt97/full_papers/chernoff/chernoff.pdf</A>,
   9.905 -DIGITAL FX!32: Running 32-Bit x86 Applications on Alpha NT, by Anton
   9.906 -Chernoff and Ray Hookway.
   9.907 -<P>
   9.908 -
   9.909 -<DT><A NAME="BIB6">[6]</A>
   9.910 -<DD><A HREF="http://www.willows.com/">http://www.willows.com/</A>, Windows API library emulation from
   9.911 -Willows Software.
   9.912 -<P>
   9.913 -
   9.914 -<DT><A NAME="BIB7">[7]</A>
   9.915 -<DD><A HREF="http://user-mode-linux.sourceforge.net/">http://user-mode-linux.sourceforge.net/</A>, 
   9.916 -The User-mode Linux Kernel.
   9.917 -<P>
   9.918 -
   9.919 -<DT><A NAME="BIB8">[8]</A>
   9.920 -<DD><A HREF="http://www.plex86.org/">http://www.plex86.org/</A>, 
   9.921 -The new Plex86 project.
   9.922 -<P>
   9.923 -
   9.924 -<DT><A NAME="BIB9">[9]</A>
   9.925 -<DD><A HREF="http://www.vmware.com/">http://www.vmware.com/</A>, 
   9.926 -The VMWare PC virtualizer.
   9.927 -<P>
   9.928 -
   9.929 -<DT><A NAME="BIB10">[10]</A>
   9.930 -<DD><A HREF="http://www.microsoft.com/windowsxp/virtualpc/">http://www.microsoft.com/windowsxp/virtualpc/</A>, 
   9.931 -The VirtualPC PC virtualizer.
   9.932 -<P>
   9.933 -
   9.934 -<DT><A NAME="BIB11">[11]</A>
   9.935 -<DD><A HREF="http://www.twoostwo.org/">http://www.twoostwo.org/</A>, 
   9.936 -The TwoOStwo PC virtualizer.
   9.937 -<P>
   9.938 -
   9.939 -</DL>
   9.940 -<P>
   9.941 -
   9.942 -<HR SIZE="6">
   9.943 -<A NAME="SEC25"></A>
   9.944 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.945 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC24"> &lt; </A>]</TD>
   9.946 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC26"> &gt; </A>]</TD>
   9.947 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.948 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.949 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.950 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.951 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.952 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.953 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.954 -</TR></TABLE>
   9.955 -<H1> 3. Regression Tests </H1>
   9.956 -<!--docid::SEC25::-->
   9.957 -<P>
   9.958 -
   9.959 -In the directory <TT>`tests/'</TT>, various interesting testing programs
   9.960 -are available. There are used for regression testing.
   9.961 -</P><P>
   9.962 -
   9.963 -<HR SIZE="6">
   9.964 -<A NAME="SEC26"></A>
   9.965 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
   9.966 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC25"> &lt; </A>]</TD>
   9.967 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC27"> &gt; </A>]</TD>
   9.968 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
   9.969 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
   9.970 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
   9.971 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
   9.972 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
   9.973 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
   9.974 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
   9.975 -</TR></TABLE>
   9.976 -<H2> 3.1 <TT>`test-i386'</TT> </H2>
   9.977 -<!--docid::SEC26::-->
   9.978 -<P>
   9.979 -
   9.980 -This program executes most of the 16 bit and 32 bit x86 instructions and
   9.981 -generates a text output. It can be compared with the output obtained with
   9.982 -a real CPU or another emulator. The target <CODE>make test</CODE> runs this
   9.983 -program and a <CODE>diff</CODE> on the generated output.
   9.984 -</P><P>
   9.985 -
   9.986 -The Linux system call <CODE>modify_ldt()</CODE> is used to create x86 selectors
   9.987 -to test some 16 bit addressing and 32 bit with segmentation cases.
   9.988 -</P><P>
   9.989 -
   9.990 -The Linux system call <CODE>vm86()</CODE> is used to test vm86 emulation.
   9.991 -</P><P>
   9.992 -
   9.993 -Various exceptions are raised to test most of the x86 user space
   9.994 -exception reporting.
   9.995 -</P><P>
   9.996 -
   9.997 -<HR SIZE="6">
   9.998 -<A NAME="SEC27"></A>
   9.999 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
  9.1000 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC26"> &lt; </A>]</TD>
  9.1001 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC28"> &gt; </A>]</TD>
  9.1002 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
  9.1003 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
  9.1004 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
  9.1005 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
  9.1006 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
  9.1007 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
  9.1008 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
  9.1009 -</TR></TABLE>
  9.1010 -<H2> 3.2 <TT>`linux-test'</TT> </H2>
  9.1011 -<!--docid::SEC27::-->
  9.1012 -<P>
  9.1013 -
  9.1014 -This program tests various Linux system calls. It is used to verify
  9.1015 -that the system call parameters are correctly converted between target
  9.1016 -and host CPUs.
  9.1017 -</P><P>
  9.1018 -
  9.1019 -<HR SIZE="6">
  9.1020 -<A NAME="SEC28"></A>
  9.1021 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
  9.1022 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC27"> &lt; </A>]</TD>
  9.1023 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt; ]</TD>
  9.1024 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[ &lt;&lt; ]</TD>
  9.1025 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1"> Up </A>]</TD>
  9.1026 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[ &gt;&gt; ]</TD>
  9.1027 -<TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT"> &nbsp; <TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
  9.1028 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
  9.1029 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
  9.1030 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
  9.1031 -</TR></TABLE>
  9.1032 -<H2> 3.3 <TT>`qruncom.c'</TT> </H2>
  9.1033 -<!--docid::SEC28::-->
  9.1034 -<P>
  9.1035 -
  9.1036 -Example of usage of <CODE>libqemu</CODE> to emulate a user mode i386 CPU.
  9.1037 -<HR SIZE="6">
  9.1038 -<A NAME="SEC_Contents"></A>
  9.1039 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
  9.1040 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
  9.1041 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
  9.1042 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
  9.1043 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
  9.1044 -</TR></TABLE>
  9.1045 -<H1>Table of Contents</H1>
  9.1046 -<UL>
  9.1047 -<A NAME="TOC1" HREF="qemu-tech.html#SEC1">1. Introduction</A>
  9.1048 -<BR>
  9.1049 -<UL>
  9.1050 -<A NAME="TOC2" HREF="qemu-tech.html#SEC2">1.1 Features</A>
  9.1051 -<BR>
  9.1052 -<A NAME="TOC3" HREF="qemu-tech.html#SEC3">1.2 x86 emulation</A>
  9.1053 -<BR>
  9.1054 -<A NAME="TOC4" HREF="qemu-tech.html#SEC4">1.3 ARM emulation</A>
  9.1055 -<BR>
  9.1056 -<A NAME="TOC5" HREF="qemu-tech.html#SEC5">1.4 PowerPC emulation</A>
  9.1057 -<BR>
  9.1058 -<A NAME="TOC6" HREF="qemu-tech.html#SEC6">1.5 SPARC emulation</A>
  9.1059 -<BR>
  9.1060 -</UL>
  9.1061 -<A NAME="TOC7" HREF="qemu-tech.html#SEC7">2. QEMU Internals</A>
  9.1062 -<BR>
  9.1063 -<UL>
  9.1064 -<A NAME="TOC8" HREF="qemu-tech.html#SEC8">2.1 QEMU compared to other emulators</A>
  9.1065 -<BR>
  9.1066 -<A NAME="TOC9" HREF="qemu-tech.html#SEC9">2.2 Portable dynamic translation</A>
  9.1067 -<BR>
  9.1068 -<A NAME="TOC10" HREF="qemu-tech.html#SEC10">2.3 Register allocation</A>
  9.1069 -<BR>
  9.1070 -<A NAME="TOC11" HREF="qemu-tech.html#SEC11">2.4 Condition code optimisations</A>
  9.1071 -<BR>
  9.1072 -<A NAME="TOC12" HREF="qemu-tech.html#SEC12">2.5 CPU state optimisations</A>
  9.1073 -<BR>
  9.1074 -<A NAME="TOC13" HREF="qemu-tech.html#SEC13">2.6 Translation cache</A>
  9.1075 -<BR>
  9.1076 -<A NAME="TOC14" HREF="qemu-tech.html#SEC14">2.7 Direct block chaining</A>
  9.1077 -<BR>
  9.1078 -<A NAME="TOC15" HREF="qemu-tech.html#SEC15">2.8 Self-modifying code and translated code invalidation</A>
  9.1079 -<BR>
  9.1080 -<A NAME="TOC16" HREF="qemu-tech.html#SEC16">2.9 Exception support</A>
  9.1081 -<BR>
  9.1082 -<A NAME="TOC17" HREF="qemu-tech.html#SEC17">2.10 MMU emulation</A>
  9.1083 -<BR>
  9.1084 -<A NAME="TOC18" HREF="qemu-tech.html#SEC18">2.11 Hardware interrupts</A>
  9.1085 -<BR>
  9.1086 -<A NAME="TOC19" HREF="qemu-tech.html#SEC19">2.12 User emulation specific details</A>
  9.1087 -<BR>
  9.1088 -<UL>
  9.1089 -<A NAME="TOC20" HREF="qemu-tech.html#SEC20">2.12.1 Linux system call translation</A>
  9.1090 -<BR>
  9.1091 -<A NAME="TOC21" HREF="qemu-tech.html#SEC21">2.12.2 Linux signals</A>
  9.1092 -<BR>
  9.1093 -<A NAME="TOC22" HREF="qemu-tech.html#SEC22">2.12.3 clone() system call and threads</A>
  9.1094 -<BR>
  9.1095 -<A NAME="TOC23" HREF="qemu-tech.html#SEC23">2.12.4 Self-virtualization</A>
  9.1096 -<BR>
  9.1097 -</UL>
  9.1098 -<A NAME="TOC24" HREF="qemu-tech.html#SEC24">2.13 Bibliography</A>
  9.1099 -<BR>
  9.1100 -</UL>
  9.1101 -<A NAME="TOC25" HREF="qemu-tech.html#SEC25">3. Regression Tests</A>
  9.1102 -<BR>
  9.1103 -<UL>
  9.1104 -<A NAME="TOC26" HREF="qemu-tech.html#SEC26">3.1 <TT>`test-i386'</TT></A>
  9.1105 -<BR>
  9.1106 -<A NAME="TOC27" HREF="qemu-tech.html#SEC27">3.2 <TT>`linux-test'</TT></A>
  9.1107 -<BR>
  9.1108 -<A NAME="TOC28" HREF="qemu-tech.html#SEC28">3.3 <TT>`qruncom.c'</TT></A>
  9.1109 -<BR>
  9.1110 -</UL>
  9.1111 -</UL>
  9.1112 -<HR SIZE=1>
  9.1113 -<A NAME="SEC_OVERVIEW"></A>
  9.1114 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
  9.1115 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
  9.1116 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
  9.1117 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
  9.1118 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
  9.1119 -</TR></TABLE>
  9.1120 -<H1>Short Table of Contents</H1>
  9.1121 -<BLOCKQUOTE>
  9.1122 -<A NAME="TOC1" HREF="qemu-tech.html#SEC1">1. Introduction</A>
  9.1123 -<BR>
  9.1124 -<A NAME="TOC7" HREF="qemu-tech.html#SEC7">2. QEMU Internals</A>
  9.1125 -<BR>
  9.1126 -<A NAME="TOC25" HREF="qemu-tech.html#SEC25">3. Regression Tests</A>
  9.1127 -<BR>
  9.1128 -
  9.1129 -</BLOCKQUOTE>
  9.1130 -<HR SIZE=1>
  9.1131 -<A NAME="SEC_About"></A>
  9.1132 -<TABLE CELLPADDING=1 CELLSPACING=1 BORDER=0>
  9.1133 -<TR><TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC1">Top</A>]</TD>
  9.1134 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_Contents">Contents</A>]</TD>
  9.1135 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[Index]</TD>
  9.1136 -<TD VALIGN="MIDDLE" ALIGN="LEFT">[<A HREF="qemu-tech.html#SEC_About"> ? </A>]</TD>
  9.1137 -</TR></TABLE>
  9.1138 -<H1>About this document</H1>
  9.1139 -This document was generated on <I>January, 25  2005</I>
  9.1140 -using <A HREF="http://www.mathematik.uni-kl.de/~obachman/Texi2html
  9.1141 -"><I>texi2html</I></A>
  9.1142 -<P></P>  
  9.1143 -The buttons in the navigation panels have the following meaning:
  9.1144 -<P></P>
  9.1145 -<table border = "1">
  9.1146 -<TR>
  9.1147 -<TH> Button </TH>
  9.1148 -<TH> Name </TH>
  9.1149 -<TH> Go to </TH>
  9.1150 -<TH> From 1.2.3 go to</TH>
  9.1151 -</TR>
  9.1152 -<TR>
  9.1153 -<TD ALIGN="CENTER">
  9.1154 - [ &lt; ] </TD>
  9.1155 -<TD ALIGN="CENTER">
  9.1156 -Back
  9.1157 -</TD>
  9.1158 -<TD>
  9.1159 -previous section in reading order
  9.1160 -</TD>
  9.1161 -<TD>
  9.1162 -1.2.2
  9.1163 -</TD>
  9.1164 -</TR>
  9.1165 -<TR>
  9.1166 -<TD ALIGN="CENTER">
  9.1167 - [ &gt; ] </TD>
  9.1168 -<TD ALIGN="CENTER">
  9.1169 -Forward
  9.1170 -</TD>
  9.1171 -<TD>
  9.1172 -next section in reading order
  9.1173 -</TD>
  9.1174 -<TD>
  9.1175 -1.2.4
  9.1176 -</TD>
  9.1177 -</TR>
  9.1178 -<TR>
  9.1179 -<TD ALIGN="CENTER">
  9.1180 - [ &lt;&lt; ] </TD>
  9.1181 -<TD ALIGN="CENTER">
  9.1182 -FastBack
  9.1183 -</TD>
  9.1184 -<TD>
  9.1185 -previous or up-and-previous section 
  9.1186 -</TD>
  9.1187 -<TD>
  9.1188 -1.1
  9.1189 -</TD>
  9.1190 -</TR>
  9.1191 -<TR>
  9.1192 -<TD ALIGN="CENTER">
  9.1193 - [ Up ] </TD>
  9.1194 -<TD ALIGN="CENTER">
  9.1195 -Up
  9.1196 -</TD>
  9.1197 -<TD>
  9.1198 -up section
  9.1199 -</TD>
  9.1200 -<TD>
  9.1201 -1.2
  9.1202 -</TD>
  9.1203 -</TR>
  9.1204 -<TR>
  9.1205 -<TD ALIGN="CENTER">
  9.1206 - [ &gt;&gt; ] </TD>
  9.1207 -<TD ALIGN="CENTER">
  9.1208 -FastForward
  9.1209 -</TD>
  9.1210 -<TD>
  9.1211 -next or up-and-next section
  9.1212 -</TD>
  9.1213 -<TD>
  9.1214 -1.3
  9.1215 -</TD>
  9.1216 -</TR>
  9.1217 -<TR>
  9.1218 -<TD ALIGN="CENTER">
  9.1219 - [Top] </TD>
  9.1220 -<TD ALIGN="CENTER">
  9.1221 -Top
  9.1222 -</TD>
  9.1223 -<TD>
  9.1224 -cover (top) of document
  9.1225 -</TD>
  9.1226 -<TD>
  9.1227 - &nbsp; 
  9.1228 -</TD>
  9.1229 -</TR>
  9.1230 -<TR>
  9.1231 -<TD ALIGN="CENTER">
  9.1232 - [Contents] </TD>
  9.1233 -<TD ALIGN="CENTER">
  9.1234 -Contents
  9.1235 -</TD>
  9.1236 -<TD>
  9.1237 -table of contents
  9.1238 -</TD>
  9.1239 -<TD>
  9.1240 - &nbsp; 
  9.1241 -</TD>
  9.1242 -</TR>
  9.1243 -<TR>
  9.1244 -<TD ALIGN="CENTER">
  9.1245 - [Index] </TD>
  9.1246 -<TD ALIGN="CENTER">
  9.1247 -Index
  9.1248 -</TD>
  9.1249 -<TD>
  9.1250 -concept index
  9.1251 -</TD>
  9.1252 -<TD>
  9.1253 - &nbsp; 
  9.1254 -</TD>
  9.1255 -</TR>
  9.1256 -<TR>
  9.1257 -<TD ALIGN="CENTER">
  9.1258 - [ ? ] </TD>
  9.1259 -<TD ALIGN="CENTER">
  9.1260 -About
  9.1261 -</TD>
  9.1262 -<TD>
  9.1263 -this page
  9.1264 -</TD>
  9.1265 -<TD>
  9.1266 - &nbsp; 
  9.1267 -</TD>
  9.1268 -</TR>
  9.1269 -</TABLE>
  9.1270 -<P></P>
  9.1271 -where the <STRONG> Example </STRONG> assumes that the current position 
  9.1272 -is at <STRONG> Subsubsection One-Two-Three </STRONG> of a document of 
  9.1273 -the following structure:
  9.1274 -<UL>
  9.1275 -<LI> 1. Section One  </LI>
  9.1276 -<UL>
  9.1277 -<LI>1.1 Subsection One-One</LI>
  9.1278 -<UL>
  9.1279 -<LI> ... </LI>
  9.1280 -</UL>
  9.1281 -<LI>1.2 Subsection One-Two</LI>
  9.1282 -<UL>
  9.1283 -<LI>1.2.1 Subsubsection One-Two-One
  9.1284 -</LI><LI>1.2.2 Subsubsection One-Two-Two
  9.1285 -</LI><LI>1.2.3 Subsubsection One-Two-Three &nbsp; &nbsp; <STRONG>
  9.1286 -&lt;== Current Position </STRONG>
  9.1287 -</LI><LI>1.2.4 Subsubsection One-Two-Four
  9.1288 -</LI></UL>
  9.1289 -<LI>1.3 Subsection One-Three</LI>
  9.1290 -<UL>
  9.1291 -<LI> ... </LI>
  9.1292 -</UL>
  9.1293 -<LI>1.4 Subsection One-Four</LI>
  9.1294 -</UL>
  9.1295 -</UL>
  9.1296 -
  9.1297 -<HR SIZE=1>
  9.1298 -<BR>  
  9.1299 -<FONT SIZE="-1">
  9.1300 -This document was generated
  9.1301 -on <I>January, 25  2005</I>
  9.1302 -using <A HREF="http://www.mathematik.uni-kl.de/~obachman/Texi2html
  9.1303 -"><I>texi2html</I></A>
  9.1304 -
  9.1305 -</BODY>
  9.1306 -</HTML>
    10.1 --- a/tools/ioemu/qemu-tech.texi	Fri May 20 01:47:06 2005 +0000
    10.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    10.3 @@ -1,494 +0,0 @@
    10.4 -\input texinfo @c -*- texinfo -*-
    10.5 -
    10.6 -@iftex
    10.7 -@settitle QEMU Internals
    10.8 -@titlepage
    10.9 -@sp 7
   10.10 -@center @titlefont{QEMU Internals}
   10.11 -@sp 3
   10.12 -@end titlepage
   10.13 -@end iftex
   10.14 -
   10.15 -@chapter Introduction
   10.16 -
   10.17 -@section Features
   10.18 -
   10.19 -QEMU is a FAST! processor emulator using a portable dynamic
   10.20 -translator.
   10.21 -
   10.22 -QEMU has two operating modes:
   10.23 -
   10.24 -@itemize @minus
   10.25 -
   10.26 -@item 
   10.27 -Full system emulation. In this mode, QEMU emulates a full system
   10.28 -(usually a PC), including a processor and various peripherials. It can
   10.29 -be used to launch an different Operating System without rebooting the
   10.30 -PC or to debug system code.
   10.31 -
   10.32 -@item 
   10.33 -User mode emulation (Linux host only). In this mode, QEMU can launch
   10.34 -Linux processes compiled for one CPU on another CPU. It can be used to
   10.35 -launch the Wine Windows API emulator (@url{http://www.winehq.org}) or
   10.36 -to ease cross-compilation and cross-debugging.
   10.37 -
   10.38 -@end itemize
   10.39 -
   10.40 -As QEMU requires no host kernel driver to run, it is very safe and
   10.41 -easy to use.
   10.42 -
   10.43 -QEMU generic features:
   10.44 -
   10.45 -@itemize 
   10.46 -
   10.47 -@item User space only or full system emulation.
   10.48 -
   10.49 -@item Using dynamic translation to native code for reasonnable speed.
   10.50 -
   10.51 -@item Working on x86 and PowerPC hosts. Being tested on ARM, Sparc32, Alpha and S390.
   10.52 -
   10.53 -@item Self-modifying code support.
   10.54 -
   10.55 -@item Precise exceptions support.
   10.56 -
   10.57 -@item The virtual CPU is a library (@code{libqemu}) which can be used 
   10.58 -in other projects (look at @file{qemu/tests/qruncom.c} to have an
   10.59 -example of user mode @code{libqemu} usage).
   10.60 -
   10.61 -@end itemize
   10.62 -
   10.63 -QEMU user mode emulation features:
   10.64 -@itemize 
   10.65 -@item Generic Linux system call converter, including most ioctls.
   10.66 -
   10.67 -@item clone() emulation using native CPU clone() to use Linux scheduler for threads.
   10.68 -
   10.69 -@item Accurate signal handling by remapping host signals to target signals. 
   10.70 -@end itemize
   10.71 -@end itemize
   10.72 -
   10.73 -QEMU full system emulation features:
   10.74 -@itemize 
   10.75 -@item QEMU can either use a full software MMU for maximum portability or use the host system call mmap() to simulate the target MMU.
   10.76 -@end itemize
   10.77 -
   10.78 -@section x86 emulation
   10.79 -
   10.80 -QEMU x86 target features:
   10.81 -
   10.82 -@itemize 
   10.83 -
   10.84 -@item The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation. 
   10.85 -LDT/GDT and IDT are emulated. VM86 mode is also supported to run DOSEMU.
   10.86 -
   10.87 -@item Support of host page sizes bigger than 4KB in user mode emulation.
   10.88 -
   10.89 -@item QEMU can emulate itself on x86.
   10.90 -
   10.91 -@item An extensive Linux x86 CPU test program is included @file{tests/test-i386}. 
   10.92 -It can be used to test other x86 virtual CPUs.
   10.93 -
   10.94 -@end itemize
   10.95 -
   10.96 -Current QEMU limitations:
   10.97 -
   10.98 -@itemize 
   10.99 -
  10.100 -@item No SSE/MMX support (yet).
  10.101 -
  10.102 -@item No x86-64 support.
  10.103 -
  10.104 -@item IPC syscalls are missing.
  10.105 -
  10.106 -@item The x86 segment limits and access rights are not tested at every 
  10.107 -memory access (yet). Hopefully, very few OSes seem to rely on that for
  10.108 -normal use.
  10.109 -
  10.110 -@item On non x86 host CPUs, @code{double}s are used instead of the non standard 
  10.111 -10 byte @code{long double}s of x86 for floating point emulation to get
  10.112 -maximum performances.
  10.113 -
  10.114 -@end itemize
  10.115 -
  10.116 -@section ARM emulation
  10.117 -
  10.118 -@itemize
  10.119 -
  10.120 -@item Full ARM 7 user emulation.
  10.121 -
  10.122 -@item NWFPE FPU support included in user Linux emulation.
  10.123 -
  10.124 -@item Can run most ARM Linux binaries.
  10.125 -
  10.126 -@end itemize
  10.127 -
  10.128 -@section PowerPC emulation
  10.129 -
  10.130 -@itemize
  10.131 -
  10.132 -@item Full PowerPC 32 bit emulation, including priviledged instructions, 
  10.133 -FPU and MMU.
  10.134 -
  10.135 -@item Can run most PowerPC Linux binaries.
  10.136 -
  10.137 -@end itemize
  10.138 -
  10.139 -@section SPARC emulation
  10.140 -
  10.141 -@itemize
  10.142 -
  10.143 -@item SPARC V8 user support, except FPU instructions.
  10.144 -
  10.145 -@item Can run some SPARC Linux binaries.
  10.146 -
  10.147 -@end itemize
  10.148 -
  10.149 -@chapter QEMU Internals
  10.150 -
  10.151 -@section QEMU compared to other emulators
  10.152 -
  10.153 -Like bochs [3], QEMU emulates an x86 CPU. But QEMU is much faster than
  10.154 -bochs as it uses dynamic compilation. Bochs is closely tied to x86 PC
  10.155 -emulation while QEMU can emulate several processors.
  10.156 -
  10.157 -Like Valgrind [2], QEMU does user space emulation and dynamic
  10.158 -translation. Valgrind is mainly a memory debugger while QEMU has no
  10.159 -support for it (QEMU could be used to detect out of bound memory
  10.160 -accesses as Valgrind, but it has no support to track uninitialised data
  10.161 -as Valgrind does). The Valgrind dynamic translator generates better code
  10.162 -than QEMU (in particular it does register allocation) but it is closely
  10.163 -tied to an x86 host and target and has no support for precise exceptions
  10.164 -and system emulation.
  10.165 -
  10.166 -EM86 [4] is the closest project to user space QEMU (and QEMU still uses
  10.167 -some of its code, in particular the ELF file loader). EM86 was limited
  10.168 -to an alpha host and used a proprietary and slow interpreter (the
  10.169 -interpreter part of the FX!32 Digital Win32 code translator [5]).
  10.170 -
  10.171 -TWIN [6] is a Windows API emulator like Wine. It is less accurate than
  10.172 -Wine but includes a protected mode x86 interpreter to launch x86 Windows
  10.173 -executables. Such an approach has greater potential because most of the
  10.174 -Windows API is executed natively but it is far more difficult to develop
  10.175 -because all the data structures and function parameters exchanged
  10.176 -between the API and the x86 code must be converted.
  10.177 -
  10.178 -User mode Linux [7] was the only solution before QEMU to launch a
  10.179 -Linux kernel as a process while not needing any host kernel
  10.180 -patches. However, user mode Linux requires heavy kernel patches while
  10.181 -QEMU accepts unpatched Linux kernels. The price to pay is that QEMU is
  10.182 -slower.
  10.183 -
  10.184 -The new Plex86 [8] PC virtualizer is done in the same spirit as the
  10.185 -qemu-fast system emulator. It requires a patched Linux kernel to work
  10.186 -(you cannot launch the same kernel on your PC), but the patches are
  10.187 -really small. As it is a PC virtualizer (no emulation is done except
  10.188 -for some priveledged instructions), it has the potential of being
  10.189 -faster than QEMU. The downside is that a complicated (and potentially
  10.190 -unsafe) host kernel patch is needed.
  10.191 -
  10.192 -The commercial PC Virtualizers (VMWare [9], VirtualPC [10], TwoOStwo
  10.193 -[11]) are faster than QEMU, but they all need specific, proprietary
  10.194 -and potentially unsafe host drivers. Moreover, they are unable to
  10.195 -provide cycle exact simulation as an emulator can.
  10.196 -
  10.197 -@section Portable dynamic translation
  10.198 -
  10.199 -QEMU is a dynamic translator. When it first encounters a piece of code,
  10.200 -it converts it to the host instruction set. Usually dynamic translators
  10.201 -are very complicated and highly CPU dependent. QEMU uses some tricks
  10.202 -which make it relatively easily portable and simple while achieving good
  10.203 -performances.
  10.204 -
  10.205 -The basic idea is to split every x86 instruction into fewer simpler
  10.206 -instructions. Each simple instruction is implemented by a piece of C
  10.207 -code (see @file{target-i386/op.c}). Then a compile time tool
  10.208 -(@file{dyngen}) takes the corresponding object file (@file{op.o})
  10.209 -to generate a dynamic code generator which concatenates the simple
  10.210 -instructions to build a function (see @file{op.h:dyngen_code()}).
  10.211 -
  10.212 -In essence, the process is similar to [1], but more work is done at
  10.213 -compile time. 
  10.214 -
  10.215 -A key idea to get optimal performances is that constant parameters can
  10.216 -be passed to the simple operations. For that purpose, dummy ELF
  10.217 -relocations are generated with gcc for each constant parameter. Then,
  10.218 -the tool (@file{dyngen}) can locate the relocations and generate the
  10.219 -appriopriate C code to resolve them when building the dynamic code.
  10.220 -
  10.221 -That way, QEMU is no more difficult to port than a dynamic linker.
  10.222 -
  10.223 -To go even faster, GCC static register variables are used to keep the
  10.224 -state of the virtual CPU.
  10.225 -
  10.226 -@section Register allocation
  10.227 -
  10.228 -Since QEMU uses fixed simple instructions, no efficient register
  10.229 -allocation can be done. However, because RISC CPUs have a lot of
  10.230 -register, most of the virtual CPU state can be put in registers without
  10.231 -doing complicated register allocation.
  10.232 -
  10.233 -@section Condition code optimisations
  10.234 -
  10.235 -Good CPU condition codes emulation (@code{EFLAGS} register on x86) is a
  10.236 -critical point to get good performances. QEMU uses lazy condition code
  10.237 -evaluation: instead of computing the condition codes after each x86
  10.238 -instruction, it just stores one operand (called @code{CC_SRC}), the
  10.239 -result (called @code{CC_DST}) and the type of operation (called
  10.240 -@code{CC_OP}).
  10.241 -
  10.242 -@code{CC_OP} is almost never explicitely set in the generated code
  10.243 -because it is known at translation time.
  10.244 -
  10.245 -In order to increase performances, a backward pass is performed on the
  10.246 -generated simple instructions (see
  10.247 -@code{target-i386/translate.c:optimize_flags()}). When it can be proved that
  10.248 -the condition codes are not needed by the next instructions, no
  10.249 -condition codes are computed at all.
  10.250 -
  10.251 -@section CPU state optimisations
  10.252 -
  10.253 -The x86 CPU has many internal states which change the way it evaluates
  10.254 -instructions. In order to achieve a good speed, the translation phase
  10.255 -considers that some state information of the virtual x86 CPU cannot
  10.256 -change in it. For example, if the SS, DS and ES segments have a zero
  10.257 -base, then the translator does not even generate an addition for the
  10.258 -segment base.
  10.259 -
  10.260 -[The FPU stack pointer register is not handled that way yet].
  10.261 -
  10.262 -@section Translation cache
  10.263 -
  10.264 -A 16 MByte cache holds the most recently used translations. For
  10.265 -simplicity, it is completely flushed when it is full. A translation unit
  10.266 -contains just a single basic block (a block of x86 instructions
  10.267 -terminated by a jump or by a virtual CPU state change which the
  10.268 -translator cannot deduce statically).
  10.269 -
  10.270 -@section Direct block chaining
  10.271 -
  10.272 -After each translated basic block is executed, QEMU uses the simulated
  10.273 -Program Counter (PC) and other cpu state informations (such as the CS
  10.274 -segment base value) to find the next basic block.
  10.275 -
  10.276 -In order to accelerate the most common cases where the new simulated PC
  10.277 -is known, QEMU can patch a basic block so that it jumps directly to the
  10.278 -next one.
  10.279 -
  10.280 -The most portable code uses an indirect jump. An indirect jump makes
  10.281 -it easier to make the jump target modification atomic. On some host
  10.282 -architectures (such as x86 or PowerPC), the @code{JUMP} opcode is
  10.283 -directly patched so that the block chaining has no overhead.
  10.284 -
  10.285 -@section Self-modifying code and translated code invalidation
  10.286 -
  10.287 -Self-modifying code is a special challenge in x86 emulation because no
  10.288 -instruction cache invalidation is signaled by the application when code
  10.289 -is modified.
  10.290 -
  10.291 -When translated code is generated for a basic block, the corresponding
  10.292 -host page is write protected if it is not already read-only (with the
  10.293 -system call @code{mprotect()}). Then, if a write access is done to the
  10.294 -page, Linux raises a SEGV signal. QEMU then invalidates all the
  10.295 -translated code in the page and enables write accesses to the page.
  10.296 -
  10.297 -Correct translated code invalidation is done efficiently by maintaining
  10.298 -a linked list of every translated block contained in a given page. Other
  10.299 -linked lists are also maintained to undo direct block chaining. 
  10.300 -
  10.301 -Although the overhead of doing @code{mprotect()} calls is important,
  10.302 -most MSDOS programs can be emulated at reasonnable speed with QEMU and
  10.303 -DOSEMU.
  10.304 -
  10.305 -Note that QEMU also invalidates pages of translated code when it detects
  10.306 -that memory mappings are modified with @code{mmap()} or @code{munmap()}.
  10.307 -
  10.308 -When using a software MMU, the code invalidation is more efficient: if
  10.309 -a given code page is invalidated too often because of write accesses,
  10.310 -then a bitmap representing all the code inside the page is
  10.311 -built. Every store into that page checks the bitmap to see if the code
  10.312 -really needs to be invalidated. It avoids invalidating the code when
  10.313 -only data is modified in the page.
  10.314 -
  10.315 -@section Exception support
  10.316 -
  10.317 -longjmp() is used when an exception such as division by zero is
  10.318 -encountered. 
  10.319 -
  10.320 -The host SIGSEGV and SIGBUS signal handlers are used to get invalid
  10.321 -memory accesses. The exact CPU state can be retrieved because all the
  10.322 -x86 registers are stored in fixed host registers. The simulated program
  10.323 -counter is found by retranslating the corresponding basic block and by
  10.324 -looking where the host program counter was at the exception point.
  10.325 -
  10.326 -The virtual CPU cannot retrieve the exact @code{EFLAGS} register because
  10.327 -in some cases it is not computed because of condition code
  10.328 -optimisations. It is not a big concern because the emulated code can
  10.329 -still be restarted in any cases.
  10.330 -
  10.331 -@section MMU emulation
  10.332 -
  10.333 -For system emulation, QEMU uses the mmap() system call to emulate the
  10.334 -target CPU MMU. It works as long the emulated OS does not use an area
  10.335 -reserved by the host OS (such as the area above 0xc0000000 on x86
  10.336 -Linux).
  10.337 -
  10.338 -In order to be able to launch any OS, QEMU also supports a soft
  10.339 -MMU. In that mode, the MMU virtual to physical address translation is
  10.340 -done at every memory access. QEMU uses an address translation cache to
  10.341 -speed up the translation.
  10.342 -
  10.343 -In order to avoid flushing the translated code each time the MMU
  10.344 -mappings change, QEMU uses a physically indexed translation cache. It
  10.345 -means that each basic block is indexed with its physical address. 
  10.346 -
  10.347 -When MMU mappings change, only the chaining of the basic blocks is
  10.348 -reset (i.e. a basic block can no longer jump directly to another one).
  10.349 -
  10.350 -@section Hardware interrupts
  10.351 -
  10.352 -In order to be faster, QEMU does not check at every basic block if an
  10.353 -hardware interrupt is pending. Instead, the user must asynchrously
  10.354 -call a specific function to tell that an interrupt is pending. This
  10.355 -function resets the chaining of the currently executing basic
  10.356 -block. It ensures that the execution will return soon in the main loop
  10.357 -of the CPU emulator. Then the main loop can test if the interrupt is
  10.358 -pending and handle it.
  10.359 -
  10.360 -@section User emulation specific details
  10.361 -
  10.362 -@subsection Linux system call translation
  10.363 -
  10.364 -QEMU includes a generic system call translator for Linux. It means that
  10.365 -the parameters of the system calls can be converted to fix the
  10.366 -endianness and 32/64 bit issues. The IOCTLs are converted with a generic
  10.367 -type description system (see @file{ioctls.h} and @file{thunk.c}).
  10.368 -
  10.369 -QEMU supports host CPUs which have pages bigger than 4KB. It records all
  10.370 -the mappings the process does and try to emulated the @code{mmap()}
  10.371 -system calls in cases where the host @code{mmap()} call would fail
  10.372 -because of bad page alignment.
  10.373 -
  10.374 -@subsection Linux signals
  10.375 -
  10.376 -Normal and real-time signals are queued along with their information
  10.377 -(@code{siginfo_t}) as it is done in the Linux kernel. Then an interrupt
  10.378 -request is done to the virtual CPU. When it is interrupted, one queued
  10.379 -signal is handled by generating a stack frame in the virtual CPU as the
  10.380 -Linux kernel does. The @code{sigreturn()} system call is emulated to return
  10.381 -from the virtual signal handler.
  10.382 -
  10.383 -Some signals (such as SIGALRM) directly come from the host. Other
  10.384 -signals are synthetized from the virtual CPU exceptions such as SIGFPE
  10.385 -when a division by zero is done (see @code{main.c:cpu_loop()}).
  10.386 -
  10.387 -The blocked signal mask is still handled by the host Linux kernel so
  10.388 -that most signal system calls can be redirected directly to the host
  10.389 -Linux kernel. Only the @code{sigaction()} and @code{sigreturn()} system
  10.390 -calls need to be fully emulated (see @file{signal.c}).
  10.391 -
  10.392 -@subsection clone() system call and threads
  10.393 -
  10.394 -The Linux clone() system call is usually used to create a thread. QEMU
  10.395 -uses the host clone() system call so that real host threads are created
  10.396 -for each emulated thread. One virtual CPU instance is created for each
  10.397 -thread.
  10.398 -
  10.399 -The virtual x86 CPU atomic operations are emulated with a global lock so
  10.400 -that their semantic is preserved.
  10.401 -
  10.402 -Note that currently there are still some locking issues in QEMU. In
  10.403 -particular, the translated cache flush is not protected yet against
  10.404 -reentrancy.
  10.405 -
  10.406 -@subsection Self-virtualization
  10.407 -
  10.408 -QEMU was conceived so that ultimately it can emulate itself. Although
  10.409 -it is not very useful, it is an important test to show the power of the
  10.410 -emulator.
  10.411 -
  10.412 -Achieving self-virtualization is not easy because there may be address
  10.413 -space conflicts. QEMU solves this problem by being an executable ELF
  10.414 -shared object as the ld-linux.so ELF interpreter. That way, it can be
  10.415 -relocated at load time.
  10.416 -
  10.417 -@section Bibliography
  10.418 -
  10.419 -@table @asis
  10.420 -
  10.421 -@item [1] 
  10.422 -@url{http://citeseer.nj.nec.com/piumarta98optimizing.html}, Optimizing
  10.423 -direct threaded code by selective inlining (1998) by Ian Piumarta, Fabio
  10.424 -Riccardi.
  10.425 -
  10.426 -@item [2]
  10.427 -@url{http://developer.kde.org/~sewardj/}, Valgrind, an open-source
  10.428 -memory debugger for x86-GNU/Linux, by Julian Seward.
  10.429 -
  10.430 -@item [3]
  10.431 -@url{http://bochs.sourceforge.net/}, the Bochs IA-32 Emulator Project,
  10.432 -by Kevin Lawton et al.
  10.433 -
  10.434 -@item [4]
  10.435 -@url{http://www.cs.rose-hulman.edu/~donaldlf/em86/index.html}, the EM86
  10.436 -x86 emulator on Alpha-Linux.
  10.437 -
  10.438 -@item [5]
  10.439 -@url{http://www.usenix.org/publications/library/proceedings/usenix-nt97/full_papers/chernoff/chernoff.pdf},
  10.440 -DIGITAL FX!32: Running 32-Bit x86 Applications on Alpha NT, by Anton
  10.441 -Chernoff and Ray Hookway.
  10.442 -
  10.443 -@item [6]
  10.444 -@url{http://www.willows.com/}, Windows API library emulation from
  10.445 -Willows Software.
  10.446 -
  10.447 -@item [7]
  10.448 -@url{http://user-mode-linux.sourceforge.net/}, 
  10.449 -The User-mode Linux Kernel.
  10.450 -
  10.451 -@item [8]
  10.452 -@url{http://www.plex86.org/}, 
  10.453 -The new Plex86 project.
  10.454 -
  10.455 -@item [9]
  10.456 -@url{http://www.vmware.com/}, 
  10.457 -The VMWare PC virtualizer.
  10.458 -
  10.459 -@item [10]
  10.460 -@url{http://www.microsoft.com/windowsxp/virtualpc/}, 
  10.461 -The VirtualPC PC virtualizer.
  10.462 -
  10.463 -@item [11]
  10.464 -@url{http://www.twoostwo.org/}, 
  10.465 -The TwoOStwo PC virtualizer.
  10.466 -
  10.467 -@end table
  10.468 -
  10.469 -@chapter Regression Tests
  10.470 -
  10.471 -In the directory @file{tests/}, various interesting testing programs
  10.472 -are available. There are used for regression testing.
  10.473 -
  10.474 -@section @file{test-i386}
  10.475 -
  10.476 -This program executes most of the 16 bit and 32 bit x86 instructions and
  10.477 -generates a text output. It can be compared with the output obtained with
  10.478 -a real CPU or another emulator. The target @code{make test} runs this
  10.479 -program and a @code{diff} on the generated output.
  10.480 -
  10.481 -The Linux system call @code{modify_ldt()} is used to create x86 selectors
  10.482 -to test some 16 bit addressing and 32 bit with segmentation cases.
  10.483 -
  10.484 -The Linux system call @code{vm86()} is used to test vm86 emulation.
  10.485 -
  10.486 -Various exceptions are raised to test most of the x86 user space
  10.487 -exception reporting.
  10.488 -
  10.489 -@section @file{linux-test}
  10.490 -
  10.491 -This program tests various Linux system calls. It is used to verify
  10.492 -that the system call parameters are correctly converted between target
  10.493 -and host CPUs.
  10.494 -
  10.495 -@section @file{qruncom.c}
  10.496 -
  10.497 -Example of usage of @code{libqemu} to emulate a user mode i386 CPU.
    11.1 --- a/tools/ioemu/qemu.1	Fri May 20 01:47:06 2005 +0000
    11.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    11.3 @@ -1,457 +0,0 @@
    11.4 -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14
    11.5 -.\"
    11.6 -.\" Standard preamble:
    11.7 -.\" ========================================================================
    11.8 -.de Sh \" Subsection heading
    11.9 -.br
   11.10 -.if t .Sp
   11.11 -.ne 5
   11.12 -.PP
   11.13 -\fB\\$1\fR
   11.14 -.PP
   11.15 -..
   11.16 -.de Sp \" Vertical space (when we can't use .PP)
   11.17 -.if t .sp .5v
   11.18 -.if n .sp
   11.19 -..
   11.20 -.de Vb \" Begin verbatim text
   11.21 -.ft CW
   11.22 -.nf
   11.23 -.ne \\$1
   11.24 -..
   11.25 -.de Ve \" End verbatim text
   11.26 -.ft R
   11.27 -.fi
   11.28 -..
   11.29 -.\" Set up some character translations and predefined strings.  \*(-- will
   11.30 -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
   11.31 -.\" double quote, and \*(R" will give a right double quote.  | will give a
   11.32 -.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used to
   11.33 -.\" do unbreakable dashes and therefore won't be available.  \*(C` and \*(C'
   11.34 -.\" expand to `' in nroff, nothing in troff, for use with C<>.
   11.35 -.tr \(*W-|\(bv\*(Tr
   11.36 -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
   11.37 -.ie n \{\
   11.38 -.    ds -- \(*W-
   11.39 -.    ds PI pi
   11.40 -.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
   11.41 -.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
   11.42 -.    ds L" ""
   11.43 -.    ds R" ""
   11.44 -.    ds C` ""
   11.45 -.    ds C' ""
   11.46 -'br\}
   11.47 -.el\{\
   11.48 -.    ds -- \|\(em\|
   11.49 -.    ds PI \(*p
   11.50 -.    ds L" ``
   11.51 -.    ds R" ''
   11.52 -'br\}
   11.53 -.\"
   11.54 -.\" If the F register is turned on, we'll generate index entries on stderr for
   11.55 -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
   11.56 -.\" entries marked with X<> in POD.  Of course, you'll have to process the
   11.57 -.\" output yourself in some meaningful fashion.
   11.58 -.if \nF \{\
   11.59 -.    de IX
   11.60 -.    tm Index:\\$1\t\\n%\t"\\$2"
   11.61 -..
   11.62 -.    nr % 0
   11.63 -.    rr F
   11.64 -.\}
   11.65 -.\"
   11.66 -.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
   11.67 -.\" way too many mistakes in technical documents.
   11.68 -.hy 0
   11.69 -.if n .na
   11.70 -.\"
   11.71 -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
   11.72 -.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
   11.73 -.    \" fudge factors for nroff and troff
   11.74 -.if n \{\
   11.75 -.    ds #H 0
   11.76 -.    ds #V .8m
   11.77 -.    ds #F .3m
   11.78 -.    ds #[ \f1
   11.79 -.    ds #] \fP
   11.80 -.\}
   11.81 -.if t \{\
   11.82 -.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
   11.83 -.    ds #V .6m
   11.84 -.    ds #F 0
   11.85 -.    ds #[ \&
   11.86 -.    ds #] \&
   11.87 -.\}
   11.88 -.    \" simple accents for nroff and troff
   11.89 -.if n \{\
   11.90 -.    ds ' \&
   11.91 -.    ds ` \&
   11.92 -.    ds ^ \&
   11.93 -.    ds , \&
   11.94 -.    ds ~ ~
   11.95 -.    ds /
   11.96 -.\}
   11.97 -.if t \{\
   11.98 -.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
   11.99 -.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
  11.100 -.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
  11.101 -.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
  11.102 -.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
  11.103 -.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
  11.104 -.\}
  11.105 -.    \" troff and (daisy-wheel) nroff accents
  11.106 -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
  11.107 -.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
  11.108 -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
  11.109 -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
  11.110 -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
  11.111 -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
  11.112 -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
  11.113 -.ds ae a\h'-(\w'a'u*4/10)'e
  11.114 -.ds Ae A\h'-(\w'A'u*4/10)'E
  11.115 -.    \" corrections for vroff
  11.116 -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
  11.117 -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
  11.118 -.    \" for low resolution devices (crt and lpr)
  11.119 -.if \n(.H>23 .if \n(.V>19 \
  11.120 -\{\
  11.121 -.    ds : e
  11.122 -.    ds 8 ss
  11.123 -.    ds o a
  11.124 -.    ds d- d\h'-1'\(ga
  11.125 -.    ds D- D\h'-1'\(hy
  11.126 -.    ds th \o'bp'
  11.127 -.    ds Th \o'LP'
  11.128 -.    ds ae ae
  11.129 -.    ds Ae AE
  11.130 -.\}
  11.131 -.rm #[ #] #H #V #F C
  11.132 -.\" ========================================================================
  11.133 -.\"
  11.134 -.IX Title "QEMU 1"
  11.135 -.TH QEMU 1 "2005-05-19" " " " "
  11.136 -.SH "NAME"
  11.137 -qemu  \- QEMU System Emulator
  11.138 -.SH "SYNOPSIS"
  11.139 -.IX Header "SYNOPSIS"
  11.140 -usage: qemu [options] [disk_image]
  11.141 -.SH "DESCRIPTION"
  11.142 -.IX Header "DESCRIPTION"
  11.143 -The \s-1QEMU\s0 System emulator simulates a complete \s-1PC\s0.
  11.144 -.PP
  11.145 -In order to meet specific user needs, two versions of \s-1QEMU\s0 are
  11.146 -available:
  11.147 -.IP "1." 4
  11.148 -\&\f(CW\*(C`qemu\-fast\*(C'\fR uses the host Memory Management Unit (\s-1MMU\s0) to
  11.149 -simulate the x86 \s-1MMU\s0. It is \fIfast\fR but has limitations because
  11.150 -the whole 4 \s-1GB\s0 address space cannot be used and some memory mapped
  11.151 -peripherials cannot be emulated accurately yet. Therefore, a specific
  11.152 -guest Linux kernel can be used  
  11.153 -.Sp
  11.154 -Moreover there is no separation between the host and target address
  11.155 -spaces, so it offers no security (the target \s-1OS\s0 can modify the
  11.156 -\&\f(CW\*(C`qemu\-fast\*(C'\fR code by writing at the right addresses).
  11.157 -.IP "2." 4
  11.158 -\&\f(CW\*(C`qemu\*(C'\fR uses a software \s-1MMU\s0. It is about \fItwo times slower\fR
  11.159 -but gives a more accurate emulation and a complete separation between
  11.160 -the host and target address spaces.
  11.161 -.PP
  11.162 -\&\s-1QEMU\s0 emulates the following \s-1PC\s0 peripherials:
  11.163 -.IP "\-" 4
  11.164 -i440FX host \s-1PCI\s0 bridge and \s-1PIIX3\s0 \s-1PCI\s0 to \s-1ISA\s0 bridge
  11.165 -.IP "\-" 4
  11.166 -Cirrus \s-1CLGD\s0 5446 \s-1PCI\s0 \s-1VGA\s0 card or dummy \s-1VGA\s0 card with Bochs \s-1VESA\s0
  11.167 -extensions (hardware level, including all non standard modes).
  11.168 -.IP "\-" 4
  11.169 -\&\s-1PS/2\s0 mouse and keyboard
  11.170 -.IP "\-" 4
  11.171 -2 \s-1PCI\s0 \s-1IDE\s0 interfaces with hard disk and CD-ROM support
  11.172 -.IP "\-" 4
  11.173 -Floppy disk
  11.174 -.IP "\-" 4
  11.175 -\&\s-1NE2000\s0 \s-1PCI\s0 network adapters
  11.176 -.IP "\-" 4
  11.177 -Serial ports
  11.178 -.IP "\-" 4
  11.179 -Soundblaster 16 card
  11.180 -.PP
  11.181 -\&\s-1QEMU\s0 uses the \s-1PC\s0 \s-1BIOS\s0 from the Bochs project and the Plex86/Bochs \s-1LGPL\s0
  11.182 -\&\s-1VGA\s0 \s-1BIOS\s0.
  11.183 -.SH "OPTIONS"
  11.184 -.IX Header "OPTIONS"
  11.185 -\&\fIdisk_image\fR is a raw hard disk image for \s-1IDE\s0 hard disk 0.
  11.186 -.PP
  11.187 -General options:
  11.188 -.IP "\fB\-fda file\fR" 4
  11.189 -.IX Item "-fda file"
  11.190 -.PD 0
  11.191 -.IP "\fB\-fdb file\fR" 4
  11.192 -.IX Item "-fdb file"
  11.193 -.PD
  11.194 -Use \fIfile\fR as floppy disk 0/1 image  You can
  11.195 -use the host floppy by using \fI/dev/fd0\fR as filename.
  11.196 -.IP "\fB\-hda file\fR" 4
  11.197 -.IX Item "-hda file"
  11.198 -.PD 0
  11.199 -.IP "\fB\-hdb file\fR" 4
  11.200 -.IX Item "-hdb file"
  11.201 -.IP "\fB\-hdc file\fR" 4
  11.202 -.IX Item "-hdc file"
  11.203 -.IP "\fB\-hdd file\fR" 4
  11.204 -.IX Item "-hdd file"
  11.205 -.PD
  11.206 -Use \fIfile\fR as hard disk 0, 1, 2 or 3 image 
  11.207 -.IP "\fB\-cdrom file\fR" 4
  11.208 -.IX Item "-cdrom file"
  11.209 -Use \fIfile\fR as CD-ROM image (you cannot use \fB\-hdc\fR and and
  11.210 -\&\fB\-cdrom\fR at the same time). You can use the host CD-ROM by
  11.211 -using \fI/dev/cdrom\fR as filename.
  11.212 -.IP "\fB\-boot [a|c|d]\fR" 4
  11.213 -.IX Item "-boot [a|c|d]"
  11.214 -Boot on floppy (a), hard disk (c) or CD-ROM (d). Hard disk boot is
  11.215 -the default.
  11.216 -.IP "\fB\-snapshot\fR" 4
  11.217 -.IX Item "-snapshot"
  11.218 -Write to temporary files instead of disk image files. In this case,
  11.219 -the raw disk image you use is not written back. You can however force
  11.220 -the write back by pressing \fBC\-a s\fR  
  11.221 -.IP "\fB\-m megs\fR" 4
  11.222 -.IX Item "-m megs"
  11.223 -Set virtual \s-1RAM\s0 size to \fImegs\fR megabytes. Default is 128 \s-1MB\s0.
  11.224 -.IP "\fB\-nographic\fR" 4
  11.225 -.IX Item "-nographic"
  11.226 -Normally, \s-1QEMU\s0 uses \s-1SDL\s0 to display the \s-1VGA\s0 output. With this option,
  11.227 -you can totally disable graphical output so that \s-1QEMU\s0 is a simple
  11.228 -command line application. The emulated serial port is redirected on
  11.229 -the console. Therefore, you can still use \s-1QEMU\s0 to debug a Linux kernel
  11.230 -with a serial console.
  11.231 -.IP "\fB\-enable\-audio\fR" 4
  11.232 -.IX Item "-enable-audio"
  11.233 -The \s-1SB16\s0 emulation is disabled by default as it may give problems with
  11.234 -Windows. You can enable it manually with this option.
  11.235 -.IP "\fB\-localtime\fR" 4
  11.236 -.IX Item "-localtime"
  11.237 -Set the real time clock to local time (the default is to \s-1UTC\s0
  11.238 -time). This option is needed to have correct date in MS-DOS or
  11.239 -Windows.
  11.240 -.IP "\fB\-full\-screen\fR" 4
  11.241 -.IX Item "-full-screen"
  11.242 -Start in full screen.
  11.243 -.PP
  11.244 -Network options:
  11.245 -.IP "\fB\-n script\fR" 4
  11.246 -.IX Item "-n script"
  11.247 -Set \s-1TUN/TAP\s0 network init script [default=/etc/qemu\-ifup]. This script
  11.248 -is launched to configure the host network interface (usually tun0)
  11.249 -corresponding to the virtual \s-1NE2000\s0 card.
  11.250 -.IP "\fB\-macaddr addr\fR" 4
  11.251 -.IX Item "-macaddr addr"
  11.252 -Set the mac address of the first interface (the format is
  11.253 -aa:bb:cc:dd:ee:ff in hexa). The mac address is incremented for each
  11.254 -new network interface.
  11.255 -.IP "\fB\-tun\-fd fd\fR" 4
  11.256 -.IX Item "-tun-fd fd"
  11.257 -Assumes \fIfd\fR talks to a tap/tun host network interface and use
  11.258 -it. Read <\fBhttp://bellard.org/qemu/tetrinet.html\fR> to have an
  11.259 -example of its use.
  11.260 -.IP "\fB\-user\-net\fR" 4
  11.261 -.IX Item "-user-net"
  11.262 -Use the user mode network stack. This is the default if no tun/tap
  11.263 -network init script is found.
  11.264 -.IP "\fB\-tftp prefix\fR" 4
  11.265 -.IX Item "-tftp prefix"
  11.266 -When using the user mode network stack, activate a built-in \s-1TFTP\s0
  11.267 -server. All filenames beginning with \fIprefix\fR can be downloaded
  11.268 -from the host to the guest using a \s-1TFTP\s0 client. The \s-1TFTP\s0 client on the
  11.269 -guest must be configured in binary mode (use the command \f(CW\*(C`bin\*(C'\fR of
  11.270 -the Unix \s-1TFTP\s0 client). The host \s-1IP\s0 address on the guest is as usual
  11.271 -10.0.2.2.
  11.272 -.IP "\fB\-smb dir\fR" 4
  11.273 -.IX Item "-smb dir"
  11.274 -When using the user mode network stack, activate a built-in \s-1SMB\s0
  11.275 -server so that Windows OSes can access to the host files in \fIdir\fR
  11.276 -transparently.
  11.277 -.Sp
  11.278 -In the guest Windows \s-1OS\s0, the line:
  11.279 -.Sp
  11.280 -.Vb 1
  11.281 -\&        10.0.2.4 smbserver
  11.282 -.Ve
  11.283 -.Sp
  11.284 -must be added in the file \fIC:\eWINDOWS\eLMHOSTS\fR (for windows 9x/Me)
  11.285 -or \fIC:\eWINNT\eSYSTEM32\eDRIVERS\eETC\eLMHOSTS\fR (Windows \s-1NT/2000\s0).
  11.286 -.Sp
  11.287 -Then \fIdir\fR can be accessed in \fI\e\esmbserver\eqemu\fR.
  11.288 -.Sp
  11.289 -Note that a \s-1SAMBA\s0 server must be installed on the host \s-1OS\s0 in
  11.290 -\&\fI/usr/sbin/smbd\fR. \s-1QEMU\s0 was tested succesfully with smbd version
  11.291 -2.2.7a from the Red Hat 9.
  11.292 -.IP "\fB\-redir [tcp|udp]:host\-port:[guest\-host]:guest\-port\fR" 4
  11.293 -.IX Item "-redir [tcp|udp]:host-port:[guest-host]:guest-port"
  11.294 -When using the user mode network stack, redirect incoming \s-1TCP\s0 or \s-1UDP\s0
  11.295 -connections to the host port \fIhost-port\fR to the guest
  11.296 -\&\fIguest-host\fR on guest port \fIguest-port\fR. If \fIguest-host\fR
  11.297 -is not specified, its value is 10.0.2.15 (default address given by the
  11.298 -built-in \s-1DHCP\s0 server).
  11.299 -.Sp
  11.300 -For example, to redirect host X11 connection from screen 1 to guest
  11.301 -screen 0, use the following:
  11.302 -.Sp
  11.303 -.Vb 4
  11.304 -\&        # on the host
  11.305 -\&        qemu -redir tcp:6001::6000 [...]
  11.306 -\&        # this host xterm should open in the guest X11 server
  11.307 -\&        xterm -display :1
  11.308 -.Ve
  11.309 -.Sp
  11.310 -To redirect telnet connections from host port 5555 to telnet port on
  11.311 -the guest, use the following:
  11.312 -.Sp
  11.313 -.Vb 3
  11.314 -\&        # on the host
  11.315 -\&        qemu -redir tcp:5555::23 [...]
  11.316 -\&        telnet localhost 5555
  11.317 -.Ve
  11.318 -.Sp
  11.319 -Then when you use on the host \f(CW\*(C`telnet localhost 5555\*(C'\fR, you
  11.320 -connect to the guest telnet server.
  11.321 -.IP "\fB\-dummy\-net\fR" 4
  11.322 -.IX Item "-dummy-net"
  11.323 -Use the dummy network stack: no packet will be received by the network
  11.324 -cards.
  11.325 -.PP
  11.326 -Linux boot specific. When using this options, you can use a given
  11.327 -Linux kernel without installing it in the disk image. It can be useful
  11.328 -for easier testing of various kernels.
  11.329 -.IP "\fB\-kernel bzImage\fR" 4
  11.330 -.IX Item "-kernel bzImage"
  11.331 -Use \fIbzImage\fR as kernel image.
  11.332 -.IP "\fB\-append cmdline\fR" 4
  11.333 -.IX Item "-append cmdline"
  11.334 -Use \fIcmdline\fR as kernel command line
  11.335 -.IP "\fB\-initrd file\fR" 4
  11.336 -.IX Item "-initrd file"
  11.337 -Use \fIfile\fR as initial ram disk.
  11.338 -.PP
  11.339 -Debug/Expert options:
  11.340 -.IP "\fB\-serial dev\fR" 4
  11.341 -.IX Item "-serial dev"
  11.342 -Redirect the virtual serial port to host device \fIdev\fR. Available
  11.343 -devices are:
  11.344 -.RS 4
  11.345 -.ie n .IP """vc""" 4
  11.346 -.el .IP "\f(CWvc\fR" 4
  11.347 -.IX Item "vc"
  11.348 -Virtual console
  11.349 -.ie n .IP """pty""" 4
  11.350 -.el .IP "\f(CWpty\fR" 4
  11.351 -.IX Item "pty"
  11.352 -[Linux only] Pseudo \s-1TTY\s0 (a new \s-1PTY\s0 is automatically allocated)
  11.353 -.ie n .IP """null""" 4
  11.354 -.el .IP "\f(CWnull\fR" 4
  11.355 -.IX Item "null"
  11.356 -void device
  11.357 -.ie n .IP """stdio""" 4
  11.358 -.el .IP "\f(CWstdio\fR" 4
  11.359 -.IX Item "stdio"
  11.360 -[Unix only] standard input/output
  11.361 -.RE
  11.362 -.RS 4
  11.363 -.Sp
  11.364 -The default device is \f(CW\*(C`vc\*(C'\fR in graphical mode and \f(CW\*(C`stdio\*(C'\fR in
  11.365 -non graphical mode.
  11.366 -.Sp
  11.367 -This option can be used several times to simulate up to 4 serials
  11.368 -ports.
  11.369 -.RE
  11.370 -.IP "\fB\-monitor dev\fR" 4
  11.371 -.IX Item "-monitor dev"
  11.372 -Redirect the monitor to host device \fIdev\fR (same devices as the
  11.373 -serial port).
  11.374 -The default device is \f(CW\*(C`vc\*(C'\fR in graphical mode and \f(CW\*(C`stdio\*(C'\fR in
  11.375 -non graphical mode.
  11.376 -.IP "\fB\-s\fR" 4
  11.377 -.IX Item "-s"
  11.378 -Wait gdb connection to port 1234  
  11.379 -.IP "\fB\-p port\fR" 4
  11.380 -.IX Item "-p port"
  11.381 -Change gdb connection port.
  11.382 -.IP "\fB\-S\fR" 4
  11.383 -.IX Item "-S"
  11.384 -Do not start \s-1CPU\s0 at startup (you must type 'c' in the monitor).
  11.385 -.IP "\fB\-d\fR" 4
  11.386 -.IX Item "-d"
  11.387 -Output log in /tmp/qemu.log
  11.388 -.IP "\fB\-isa\fR" 4
  11.389 -.IX Item "-isa"
  11.390 -Simulate an ISA-only system (default is \s-1PCI\s0 system).
  11.391 -.IP "\fB\-std\-vga\fR" 4
  11.392 -.IX Item "-std-vga"
  11.393 -Simulate a standard \s-1VGA\s0 card with Bochs \s-1VBE\s0 extensions (default is
  11.394 -Cirrus Logic \s-1GD5446\s0 \s-1PCI\s0 \s-1VGA\s0)
  11.395 -.IP "\fB\-loadvm file\fR" 4
  11.396 -.IX Item "-loadvm file"
  11.397 -Start right away with a saved state (\f(CW\*(C`loadvm\*(C'\fR in monitor)
  11.398 -.PP
  11.399 -During the graphical emulation, you can use the following keys:
  11.400 -.IP "\fBCtrl-Alt-f\fR" 4
  11.401 -.IX Item "Ctrl-Alt-f"
  11.402 -Toggle full screen
  11.403 -.IP "\fBCtrl-Alt-n\fR" 4
  11.404 -.IX Item "Ctrl-Alt-n"
  11.405 -Switch to virtual console 'n'. Standard console mappings are:
  11.406 -.RS 4
  11.407 -.IP "\fI1\fR" 4
  11.408 -.IX Item "1"
  11.409 -Target system display
  11.410 -.IP "\fI2\fR" 4
  11.411 -.IX Item "2"
  11.412 -Monitor
  11.413 -.IP "\fI3\fR" 4
  11.414 -.IX Item "3"
  11.415 -Serial port
  11.416 -.RE
  11.417 -.RS 4
  11.418 -.RE
  11.419 -.IP "\fBCtrl-Alt\fR" 4
  11.420 -.IX Item "Ctrl-Alt"
  11.421 -Toggle mouse and keyboard grab.
  11.422 -.PP
  11.423 -In the virtual consoles, you can use \fBCtrl-Up\fR, \fBCtrl-Down\fR,
  11.424 -\&\fBCtrl-PageUp\fR and \fBCtrl-PageDown\fR to move in the back log.
  11.425 -.PP
  11.426 -During emulation, if you are using the \fB\-nographic\fR option, use
  11.427 -\&\fBCtrl-a h\fR to get terminal commands:
  11.428 -.IP "\fBCtrl-a h\fR" 4
  11.429 -.IX Item "Ctrl-a h"
  11.430 -Print this help
  11.431 -.IP "\fBCtrl-a x\fR" 4
  11.432 -.IX Item "Ctrl-a x"
  11.433 -Exit emulatior
  11.434 -.IP "\fBCtrl-a s\fR" 4
  11.435 -.IX Item "Ctrl-a s"
  11.436 -Save disk data back to file (if \-snapshot)
  11.437 -.IP "\fBCtrl-a b\fR" 4
  11.438 -.IX Item "Ctrl-a b"
  11.439 -Send break (magic sysrq in Linux)
  11.440 -.IP "\fBCtrl-a c\fR" 4
  11.441 -.IX Item "Ctrl-a c"
  11.442 -Switch between console and monitor
  11.443 -.IP "\fBCtrl-a Ctrl-a\fR" 4
  11.444 -.IX Item "Ctrl-a Ctrl-a"
  11.445 -Send Ctrl-a
  11.446 -.PP
  11.447 -The following options are specific to the PowerPC emulation:
  11.448 -.IP "\fB\-prep\fR" 4
  11.449 -.IX Item "-prep"
  11.450 -Simulate a \s-1PREP\s0 system (default is PowerMAC)
  11.451 -.IP "\fB\-g WxH[xDEPTH]\fR" 4
  11.452 -.IX Item "-g WxH[xDEPTH]"
  11.453 -Set the initial \s-1VGA\s0 graphic mode. The default is 800x600x15.
  11.454 -.SH "SEE ALSO"
  11.455 -.IX Header "SEE ALSO"
  11.456 -The \s-1HTML\s0 documentation of \s-1QEMU\s0 for more precise information and Linux
  11.457 -user mode emulator invocation.
  11.458 -.SH "AUTHOR"
  11.459 -.IX Header "AUTHOR"
  11.460 -Fabrice Bellard
    12.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    12.2 +++ b/tools/ioemu/target-i386-dm/Makefile	Fri May 20 10:27:36 2005 +0000
    12.3 @@ -0,0 +1,392 @@
    12.4 +include config.mak
    12.5 +
    12.6 +#assume we directly put qemu code in tools/, same level as bochs dm(ioemu)
    12.7 +XEN_PATH=../../..
    12.8 +TARGET_PATH=$(SRC_PATH)/target-$(TARGET_ARCH)
    12.9 +VPATH=$(SRC_PATH):$(TARGET_PATH):$(SRC_PATH)/hw:$(SRC_PATH)/audio
   12.10 +DEFINES=-I. -I$(TARGET_PATH) -I$(SRC_PATH) -I$(XEN_PATH)/xen/include/public
   12.11 +DEFINES+= -I$(XEN_PATH)/tools/libxc
   12.12 +ifdef CONFIG_USER_ONLY
   12.13 +VPATH+=:$(SRC_PATH)/linux-user
   12.14 +DEFINES+=-I$(SRC_PATH)/linux-user -I$(SRC_PATH)/linux-user/$(TARGET_ARCH)
   12.15 +endif
   12.16 +CFLAGS=-Wall -O2 -g -fno-strict-aliasing
   12.17 +LDFLAGS=-g
   12.18 +LIBS=
   12.19 +HELPER_CFLAGS=$(CFLAGS)
   12.20 +DYNGEN=../dyngen$(EXESUF)
   12.21 +# user emulator name
   12.22 +QEMU_USER=qemu-$(TARGET_ARCH)
   12.23 +# system emulator name
   12.24 +ifdef CONFIG_SOFTMMU
   12.25 +ifeq ($(TARGET_ARCH), i386)
   12.26 +QEMU_SYSTEM=qemu$(EXESUF)
   12.27 +else
   12.28 +QEMU_SYSTEM=qemu-system-$(TARGET_ARCH)$(EXESUF)
   12.29 +endif
   12.30 +else
   12.31 +QEMU_SYSTEM=qemu-fast
   12.32 +endif
   12.33 +
   12.34 +QEMU_SYSTEM=qemu-dm
   12.35 +PROGS=$(QEMU_SYSTEM)
   12.36 +
   12.37 +ifdef CONFIG_USER_ONLY
   12.38 +PROGS=$(QEMU_USER)
   12.39 +else
   12.40 +ifeq ($(TARGET_ARCH), i386)
   12.41 +
   12.42 +ifeq ($(ARCH), i386)
   12.43 +PROGS+=$(QEMU_SYSTEM)
   12.44 +ifndef CONFIG_SOFTMMU
   12.45 +CONFIG_STATIC=y
   12.46 +endif
   12.47 +else
   12.48 +# the system emulator using soft mmu is portable
   12.49 +ifdef CONFIG_SOFTMMU
   12.50 +PROGS+=$(QEMU_SYSTEM)
   12.51 +endif
   12.52 +endif # ARCH != i386
   12.53 +
   12.54 +endif # TARGET_ARCH = i386
   12.55 +
   12.56 +ifeq ($(TARGET_ARCH), ppc)
   12.57 +
   12.58 +ifeq ($(ARCH), ppc)
   12.59 +PROGS+=$(QEMU_SYSTEM)
   12.60 +endif
   12.61 +
   12.62 +ifeq ($(ARCH), i386)
   12.63 +ifdef CONFIG_SOFTMMU
   12.64 +PROGS+=$(QEMU_SYSTEM)
   12.65 +endif
   12.66 +endif # ARCH = i386
   12.67 +
   12.68 +ifeq ($(ARCH), amd64)
   12.69 +ifdef CONFIG_SOFTMMU
   12.70 +PROGS+=$(QEMU_SYSTEM)
   12.71 +endif
   12.72 +endif # ARCH = amd64
   12.73 +
   12.74 +endif # TARGET_ARCH = ppc
   12.75 +
   12.76 +ifeq ($(TARGET_ARCH), sparc)
   12.77 +
   12.78 +ifeq ($(ARCH), ppc)
   12.79 +PROGS+=$(QEMU_SYSTEM)
   12.80 +endif
   12.81 +
   12.82 +ifeq ($(ARCH), i386)
   12.83 +ifdef CONFIG_SOFTMMU
   12.84 +PROGS+=$(QEMU_SYSTEM)
   12.85 +endif
   12.86 +endif # ARCH = i386
   12.87 +
   12.88 +ifeq ($(ARCH), amd64)
   12.89 +ifdef CONFIG_SOFTMMU
   12.90 +PROGS+=$(QEMU_SYSTEM)
   12.91 +endif
   12.92 +endif # ARCH = amd64
   12.93 +
   12.94 +endif # TARGET_ARCH = sparc
   12.95 +endif # !CONFIG_USER_ONLY
   12.96 +
   12.97 +ifdef CONFIG_STATIC
   12.98 +LDFLAGS+=-static
   12.99 +endif
  12.100 +
  12.101 +ifeq ($(ARCH),i386)
  12.102 +CFLAGS+=-fomit-frame-pointer
  12.103 +OP_CFLAGS=$(CFLAGS) -mpreferred-stack-boundary=2
  12.104 +ifeq ($(HAVE_GCC3_OPTIONS),yes)
  12.105 +OP_CFLAGS+= -falign-functions=0 -fno-gcse
  12.106 +else
  12.107 +OP_CFLAGS+= -malign-functions=0
  12.108 +endif
  12.109 +
  12.110 +ifdef TARGET_GPROF
  12.111 +USE_I386_LD=y
  12.112 +endif
  12.113 +ifdef CONFIG_STATIC
  12.114 +USE_I386_LD=y
  12.115 +endif
  12.116 +ifdef USE_I386_LD
  12.117 +LDFLAGS+=-Wl,-T,$(SRC_PATH)/i386.ld
  12.118 +else
  12.119 +# WARNING: this LDFLAGS is _very_ tricky : qemu is an ELF shared object
  12.120 +# that the kernel ELF loader considers as an executable. I think this
  12.121 +# is the simplest way to make it self virtualizable!
  12.122 +LDFLAGS+=-Wl,-shared
  12.123 +endif
  12.124 +endif
  12.125 +
  12.126 +ifeq ($(ARCH),amd64)
  12.127 +OP_CFLAGS=$(CFLAGS) -falign-functions=0
  12.128 +LDFLAGS+=-Wl,-T,$(SRC_PATH)/amd64.ld
  12.129 +endif
  12.130 +
  12.131 +ifeq ($(ARCH),ppc)
  12.132 +CFLAGS+= -D__powerpc__
  12.133 +OP_CFLAGS=$(CFLAGS)
  12.134 +LDFLAGS+=-Wl,-T,$(SRC_PATH)/ppc.ld
  12.135 +endif
  12.136 +
  12.137 +ifeq ($(ARCH),s390)
  12.138 +OP_CFLAGS=$(CFLAGS)
  12.139 +LDFLAGS+=-Wl,-T,$(SRC_PATH)/s390.ld
  12.140 +endif
  12.141 +
  12.142 +ifeq ($(ARCH),sparc)
  12.143 +CFLAGS+=-m32 -ffixed-g1 -ffixed-g2 -ffixed-g3 -ffixed-g6
  12.144 +LDFLAGS+=-m32
  12.145 +OP_CFLAGS=$(CFLAGS) -fno-delayed-branch -ffixed-i0
  12.146 +HELPER_CFLAGS=$(CFLAGS) -ffixed-i0 -mflat
  12.147 +# -static is used to avoid g1/g3 usage by the dynamic linker
  12.148 +LDFLAGS+=-Wl,-T,$(SRC_PATH)/sparc.ld -static
  12.149 +endif
  12.150 +
  12.151 +ifeq ($(ARCH),sparc64)
  12.152 +CFLAGS+=-m64 -ffixed-g1 -ffixed-g2 -ffixed-g3 -ffixed-g6
  12.153 +LDFLAGS+=-m64
  12.154 +OP_CFLAGS=$(CFLAGS) -fno-delayed-branch -ffixed-i0
  12.155 +endif
  12.156 +
  12.157 +ifeq ($(ARCH),alpha)
  12.158 +# -msmall-data is not used because we want two-instruction relocations
  12.159 +# for the constant constructions
  12.160 +OP_CFLAGS=-Wall -O2 -g
  12.161 +# Ensure there's only a single GP
  12.162 +CFLAGS += -msmall-data
  12.163 +LDFLAGS+=-Wl,-T,$(SRC_PATH)/alpha.ld
  12.164 +endif
  12.165 +
  12.166 +ifeq ($(ARCH),ia64)
  12.167 +OP_CFLAGS=$(CFLAGS)
  12.168 +endif
  12.169 +
  12.170 +ifeq ($(ARCH),arm)
  12.171 +OP_CFLAGS=$(CFLAGS) -mno-sched-prolog
  12.172 +LDFLAGS+=-Wl,-T,$(SRC_PATH)/arm.ld
  12.173 +endif
  12.174 +
  12.175 +ifeq ($(ARCH),m68k)
  12.176 +OP_CFLAGS=$(CFLAGS) -fomit-frame-pointer
  12.177 +LDFLAGS+=-Wl,-T,m68k.ld
  12.178 +endif
  12.179 +
  12.180 +ifeq ($(HAVE_GCC3_OPTIONS),yes)
  12.181 +# very important to generate a return at the end of every operation
  12.182 +OP_CFLAGS+=-fno-reorder-blocks -fno-optimize-sibling-calls
  12.183 +endif
  12.184 +
  12.185 +ifeq ($(CONFIG_DARWIN),yes)
  12.186 +OP_CFLAGS+= -mdynamic-no-pic
  12.187 +endif
  12.188 +
  12.189 +#########################################################
  12.190 +
  12.191 +DEFINES+=-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
  12.192 +LIBS+=-lm -L$(XEN_PATH)/dist/install/usr/$(LIBDIR) -lxc -lxutil
  12.193 +ifndef CONFIG_USER_ONLY
  12.194 +LIBS+=-lz
  12.195 +endif
  12.196 +ifdef CONFIG_WIN32
  12.197 +LIBS+=-lwinmm -lws2_32 -liphlpapi
  12.198 +endif
  12.199 +
  12.200 +# profiling code
  12.201 +ifdef TARGET_GPROF
  12.202 +LDFLAGS+=-p
  12.203 +main.o: CFLAGS+=-p
  12.204 +endif
  12.205 +
  12.206 +OBJS= elfload.o main.o syscall.o mmap.o signal.o path.o osdep.o thunk.o 
  12.207 +ifeq ($(TARGET_ARCH), i386)
  12.208 +OBJS+= vm86.o
  12.209 +endif
  12.210 +ifeq ($(TARGET_ARCH), arm)
  12.211 +OBJS+=nwfpe/softfloat.o nwfpe/fpa11.o nwfpe/fpa11_cpdo.o \
  12.212 +nwfpe/fpa11_cpdt.o nwfpe/fpa11_cprt.o nwfpe/fpopcode.o nwfpe/single_cpdo.o \
  12.213 + nwfpe/double_cpdo.o nwfpe/extended_cpdo.o
  12.214 +endif
  12.215 +SRCS:= $(OBJS:.o=.c)
  12.216 +OBJS+= libqemu.a
  12.217 +
  12.218 +# cpu emulator library
  12.219 +LIBOBJS=
  12.220 +
  12.221 +ifeq ($(TARGET_ARCH), i386)
  12.222 +LIBOBJS+= helper2.o
  12.223 +ifeq ($(ARCH), i386)
  12.224 +LIBOBJS+=translate-copy.o
  12.225 +endif
  12.226 +endif
  12.227 +
  12.228 +ifeq ($(TARGET_ARCH), ppc)
  12.229 +LIBOBJS+= op_helper.o helper.o
  12.230 +endif
  12.231 +
  12.232 +ifeq ($(TARGET_ARCH), sparc)
  12.233 +LIBOBJS+= op_helper.o helper.o
  12.234 +endif
  12.235 +
  12.236 +all: $(PROGS)
  12.237 +
  12.238 +$(QEMU_USER): $(OBJS)
  12.239 +	$(CC) $(LDFLAGS) -o $@ $^  $(LIBS)
  12.240 +ifeq ($(ARCH),alpha)
  12.241 +# Mark as 32 bit binary, i. e. it will be mapped into the low 31 bit of
  12.242 +# the address space (31 bit so sign extending doesn't matter)
  12.243 +	echo -ne '\001\000\000\000' | dd of=qemu bs=1 seek=48 count=4 conv=notrunc
  12.244 +endif
  12.245 +
  12.246 +# must use static linking to avoid leaving stuff in virtual address space
  12.247 +VL_OBJS=vl.o exec.o monitor.o osdep.o block.o readline.o pci.o console.o 
  12.248 +#VL_OBJS+=block-cow.o block-qcow.o block-vmdk.o block-cloop.o
  12.249 +VL_OBJS+= block-cloop.o
  12.250 +
  12.251 +SOUND_HW = sb16.o
  12.252 +AUDIODRV = audio.o noaudio.o wavaudio.o
  12.253 +ifdef CONFIG_SDL
  12.254 +AUDIODRV += sdlaudio.o
  12.255 +endif
  12.256 +ifdef CONFIG_OSS
  12.257 +AUDIODRV += ossaudio.o
  12.258 +endif
  12.259 +
  12.260 +pc.o: DEFINES := -DUSE_SB16 $(DEFINES)
  12.261 +
  12.262 +ifdef CONFIG_ADLIB
  12.263 +SOUND_HW += fmopl.o adlib.o
  12.264 +endif
  12.265 +
  12.266 +ifdef CONFIG_FMOD
  12.267 +AUDIODRV += fmodaudio.o
  12.268 +audio.o fmodaudio.o: DEFINES := -I$(CONFIG_FMOD_INC) $(DEFINES)
  12.269 +LIBS += $(CONFIG_FMOD_LIB)
  12.270 +endif
  12.271 +
  12.272 +# Hardware support
  12.273 +VL_OBJS+= ide.o ne2000.o pckbd.o vga.o dma.o
  12.274 +VL_OBJS+= fdc.o mc146818rtc.o serial.o i8259.o i8254.o pc.o
  12.275 +
  12.276 +ifeq ($(TARGET_ARCH), ppc)
  12.277 +VL_OBJS+= ppc.o ide.o ne2000.o pckbd.o vga.o $(SOUND_HW) dma.o $(AUDIODRV)
  12.278 +VL_OBJS+= mc146818rtc.o serial.o i8259.o i8254.o fdc.o m48t59.o
  12.279 +VL_OBJS+= ppc_prep.o ppc_chrp.o cuda.o adb.o openpic.o mixeng.o
  12.280 +endif
  12.281 +ifeq ($(TARGET_ARCH), sparc)
  12.282 +VL_OBJS+= sun4m.o tcx.o lance.o iommu.o sched.o m48t08.o magic-load.o timer.o
  12.283 +endif
  12.284 +ifdef CONFIG_GDBSTUB
  12.285 +VL_OBJS+=gdbstub.o 
  12.286 +endif
  12.287 +ifdef CONFIG_VNC
  12.288 +VL_OBJS+=vnc.o
  12.289 +endif
  12.290 +ifdef CONFIG_SDL
  12.291 +VL_OBJS+=sdl.o
  12.292 +endif
  12.293 +ifdef CONFIG_SLIRP
  12.294 +DEFINES+=-I$(SRC_PATH)/slirp
  12.295 +SLIRP_OBJS=cksum.o if.o ip_icmp.o ip_input.o ip_output.o \
  12.296 +slirp.o mbuf.o misc.o sbuf.o socket.o tcp_input.o tcp_output.o \
  12.297 +tcp_subr.o tcp_timer.o udp.o bootp.o debug.o tftp.o
  12.298 +VL_OBJS+=$(addprefix slirp/, $(SLIRP_OBJS))
  12.299 +endif
  12.300 +
  12.301 +VL_LDFLAGS=
  12.302 +# specific flags are needed for non soft mmu emulator
  12.303 +ifdef CONFIG_STATIC
  12.304 +VL_LDFLAGS+=-static
  12.305 +endif
  12.306 +ifndef CONFIG_SOFTMMU
  12.307 +VL_LDFLAGS+=-Wl,-T,$(SRC_PATH)/i386-vl.ld
  12.308 +endif
  12.309 +ifndef CONFIG_DARWIN
  12.310 +ifndef CONFIG_WIN32
  12.311 +VL_LIBS=-lutil
  12.312 +endif
  12.313 +endif
  12.314 +
  12.315 +$(QEMU_SYSTEM): $(VL_OBJS) libqemu.a
  12.316 +	$(CC) $(VL_LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(VNC_LIBS) $(VL_LIBS)
  12.317 +
  12.318 +vnc.o: vnc.c keyboard_rdesktop.c
  12.319 +	$(CC) $(CFLAGS) $(DEFINES) $(VNC_CFLAGS) -c -o $@ $<
  12.320 +
  12.321 +sdl.o: sdl.c keyboard_rdesktop.c
  12.322 +	$(CC) $(CFLAGS) $(DEFINES) $(SDL_CFLAGS) -c -o $@ $<
  12.323 +
  12.324 +sdlaudio.o: sdlaudio.c
  12.325 +	$(CC) $(CFLAGS) $(DEFINES) $(SDL_CFLAGS) -c -o $@ $<
  12.326 +
  12.327 +depend: $(SRCS)
  12.328 +	$(CC) -MM $(CFLAGS) $(DEFINES) $^ 1>.depend
  12.329 +
  12.330 +# libqemu 
  12.331 +
  12.332 +libqemu.a: $(LIBOBJS)
  12.333 +	rm -f $@
  12.334 +	$(AR) rcs $@ $(LIBOBJS)
  12.335 +
  12.336 +translate.o: translate.c gen-op.h opc.h cpu.h
  12.337 +
  12.338 +translate-all.o: translate-all.c op.h opc.h cpu.h
  12.339 +
  12.340 +op.h: op.o $(DYNGEN)
  12.341 +	$(DYNGEN) -o $@ $<
  12.342 +
  12.343 +opc.h: op.o $(DYNGEN)
  12.344 +	$(DYNGEN) -c -o $@ $<
  12.345 +
  12.346 +gen-op.h: op.o $(DYNGEN)
  12.347 +	$(DYNGEN) -g -o $@ $<
  12.348 +
  12.349 +op.o: op.c
  12.350 +	$(CC) $(OP_CFLAGS) $(DEFINES) -c -o $@ $<
  12.351 +
  12.352 +helper.o: helper.c
  12.353 +	$(CC) $(HELPER_CFLAGS) $(DEFINES) -c -o $@ $<
  12.354 +
  12.355 +ifeq ($(TARGET_ARCH), i386)
  12.356 +op.o: op.c opreg_template.h ops_template.h ops_template_mem.h ops_mem.h
  12.357 +endif
  12.358 +
  12.359 +ifeq ($(TARGET_ARCH), arm)
  12.360 +op.o: op.c op_template.h
  12.361 +endif
  12.362 +
  12.363 +ifeq ($(TARGET_ARCH), sparc)
  12.364 +op.o: op.c op_template.h op_mem.h
  12.365 +endif
  12.366 +
  12.367 +ifeq ($(TARGET_ARCH), ppc)
  12.368 +op.o: op.c op_template.h op_mem.h
  12.369 +op_helper.o: op_helper_mem.h
  12.370 +endif
  12.371 +
  12.372 +mixeng.o: mixeng.c mixeng.h mixeng_template.h
  12.373 +
  12.374 +%.o: %.c
  12.375 +	$(CC) $(CFLAGS) $(DEFINES) -c -o $@ $<
  12.376 +
  12.377 +%.o: %.S
  12.378 +	$(CC) $(DEFINES) -c -o $@ $<
  12.379 +
  12.380 +clean:
  12.381 +	rm -rf *.o  *.a *~ $(PROGS) gen-op.h opc.h op.h nwfpe slirp qemu-vgaram-bin
  12.382 +
  12.383 +install: all 
  12.384 +	if [ ! -d $(DESTDIR)$(bindir) ];then mkdir -p $(DESTDIR)$(bindir);fi
  12.385 +	if [ ! -d $(DESTDIR)$(configdir) ];then mkdir -p $(DESTDIR)$(configdir);fi
  12.386 +ifneq ($(PROGS),)
  12.387 +	install -m 755 -s $(PROGS) "$(DESTDIR)$(bindir)"
  12.388 +endif
  12.389 +	install -m 755 device-model "$(DESTDIR)$(bindir)"
  12.390 +	install -m 755 qemu-ifup "$(DESTDIR)$(configdir)"
  12.391 +	gunzip -c qemu-vgaram-bin.gz >qemu-vgaram-bin 
  12.392 +	install -m 755 qemu-vgaram-bin "$(DESTDIR)$(configdir)"
  12.393 +ifneq ($(wildcard .depend),)
  12.394 +include .depend
  12.395 +endif
    13.1 --- a/tools/ioemu/tests/Makefile	Fri May 20 01:47:06 2005 +0000
    13.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    13.3 @@ -1,84 +0,0 @@
    13.4 --include ../config-host.mak
    13.5 -
    13.6 -CFLAGS=-Wall -O2 -g
    13.7 -LDFLAGS=
    13.8 -
    13.9 -ifeq ($(ARCH),i386)
   13.10 -TESTS=linux-test testthread sha1-i386 test-i386 runcom
   13.11 -endif
   13.12 -TESTS+=sha1# test_path
   13.13 -#TESTS+=test_path
   13.14 -
   13.15 -QEMU=../i386-user/qemu-i386
   13.16 -
   13.17 -all: $(TESTS)
   13.18 -
   13.19 -hello-i386: hello-i386.c
   13.20 -	$(CC) -nostdlib $(CFLAGS) -static $(LDFLAGS) -o $@ $<
   13.21 -	strip $@
   13.22 -
   13.23 -testthread: testthread.c
   13.24 -	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -lpthread
   13.25 -
   13.26 -test_path: test_path.c
   13.27 -	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
   13.28 -	./$@ || { rm $@; exit 1; }
   13.29 -
   13.30 -# i386 emulation test (test various opcodes) */
   13.31 -test-i386: test-i386.c test-i386-code16.S test-i386-vm86.S \
   13.32 -           test-i386.h test-i386-shift.h test-i386-muldiv.h
   13.33 -	$(CC) $(CFLAGS) $(LDFLAGS) -static -o $@ test-i386.c \
   13.34 -              test-i386-code16.S test-i386-vm86.S -lm
   13.35 -
   13.36 -ifeq ($(ARCH),i386)
   13.37 -test: test-i386
   13.38 -	./test-i386 > test-i386.ref
   13.39 -else
   13.40 -test:
   13.41 -endif
   13.42 -	$(QEMU) test-i386 > test-i386.out
   13.43 -	@if diff -u test-i386.ref test-i386.out ; then echo "Auto Test OK"; fi
   13.44 -ifeq ($(ARCH),i386)
   13.45 -	$(QEMU) -no-code-copy test-i386 > test-i386.out
   13.46 -	@if diff -u test-i386.ref test-i386.out ; then echo "Auto Test OK (no code copy)"; fi
   13.47 -endif
   13.48 -
   13.49 -# generic Linux and CPU test
   13.50 -linux-test: linux-test.c
   13.51 -	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -lm
   13.52 -
   13.53 -# speed test
   13.54 -sha1-i386: sha1.c
   13.55 -	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
   13.56 -
   13.57 -sha1: sha1.c
   13.58 -	$(HOST_CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
   13.59 -
   13.60 -speed: sha1 sha1-i386
   13.61 -	time ./sha1
   13.62 -	time $(QEMU) ./sha1-i386
   13.63 -
   13.64 -# vm86 test
   13.65 -runcom: runcom.c
   13.66 -	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
   13.67 -
   13.68 -# NOTE: -fomit-frame-pointer is currently needed : this is a bug in libqemu
   13.69 -qruncom: qruncom.c ../i386-user/libqemu.a
   13.70 -	$(CC) $(CFLAGS) -fomit-frame-pointer $(LDFLAGS) -I../target-i386 -I.. -I../i386-user \
   13.71 -              -o $@ $< -L../i386-user -lqemu -lm
   13.72 -
   13.73 -# arm test
   13.74 -hello-arm: hello-arm.o
   13.75 -	arm-linux-ld -o $@ $<
   13.76 -
   13.77 -hello-arm.o: hello-arm.c
   13.78 -	arm-linux-gcc -Wall -g -O2 -c -o $@ $<
   13.79 -
   13.80 -# XXX: find a way to compile easily a test for each arch
   13.81 -test2:
   13.82 -	@for arch in i386 arm sparc ppc; do \
   13.83 -           ../$${arch}-user/qemu-$${arch} $${arch}/ls -l linux-test.c ; \
   13.84 -        done
   13.85 -
   13.86 -clean:
   13.87 -	rm -f *~ *.o test-i386.out test-i386.ref qruncom $(TESTS)
    14.1 --- a/tools/ioemu/tests/hello-arm.c	Fri May 20 01:47:06 2005 +0000
    14.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    14.3 @@ -1,113 +0,0 @@
    14.4 -#define __NR_SYSCALL_BASE	0x900000
    14.5 -#define __NR_exit1			(__NR_SYSCALL_BASE+  1)
    14.6 -#define __NR_write			(__NR_SYSCALL_BASE+  4)
    14.7 -
    14.8 -#define __sys2(x) #x
    14.9 -#define __sys1(x) __sys2(x)
   14.10 -
   14.11 -#ifndef __syscall
   14.12 -#define __syscall(name) "swi\t" __sys1(__NR_##name) "\n\t"
   14.13 -#endif
   14.14 -
   14.15 -#define __syscall_return(type, res)					\
   14.16 -do {									\
   14.17 -	return (type) (res);						\
   14.18 -} while (0)
   14.19 -
   14.20 -#define _syscall0(type,name)						\
   14.21 -type name(void) {							\
   14.22 -  long __res;								\
   14.23 -  __asm__ __volatile__ (						\
   14.24 -  __syscall(name)							\
   14.25 -  "mov %0,r0"								\
   14.26 -  :"=r" (__res) : : "r0","lr");						\
   14.27 -  __syscall_return(type,__res);						\
   14.28 -}
   14.29 -
   14.30 -#define _syscall1(type,name,type1,arg1)					\
   14.31 -type name(type1 arg1) {							\
   14.32 -  long __res;								\
   14.33 -  __asm__ __volatile__ (						\
   14.34 -  "mov\tr0,%1\n\t"							\
   14.35 -  __syscall(name)							\
   14.36 -  "mov %0,r0"								\
   14.37 -        : "=r" (__res)							\
   14.38 -        : "r" ((long)(arg1))						\
   14.39 -	: "r0","lr");							\
   14.40 -  __syscall_return(type,__res);						\
   14.41 -}
   14.42 -
   14.43 -#define _syscall2(type,name,type1,arg1,type2,arg2)			\
   14.44 -type name(type1 arg1,type2 arg2) {					\
   14.45 -  long __res;								\
   14.46 -  __asm__ __volatile__ (						\
   14.47 -  "mov\tr0,%1\n\t"							\
   14.48 -  "mov\tr1,%2\n\t"							\
   14.49 -  __syscall(name)							\
   14.50 -  "mov\t%0,r0"								\
   14.51 -        : "=r" (__res)							\
   14.52 -        : "r" ((long)(arg1)),"r" ((long)(arg2))				\
   14.53 -	: "r0","r1","lr");						\
   14.54 -  __syscall_return(type,__res);						\
   14.55 -}
   14.56 -
   14.57 -
   14.58 -#define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3)		\
   14.59 -type name(type1 arg1,type2 arg2,type3 arg3) {				\
   14.60 -  long __res;								\
   14.61 -  __asm__ __volatile__ (						\
   14.62 -  "mov\tr0,%1\n\t"							\
   14.63 -  "mov\tr1,%2\n\t"							\
   14.64 -  "mov\tr2,%3\n\t"							\
   14.65 -  __syscall(name)							\
   14.66 -  "mov\t%0,r0"								\
   14.67 -        : "=r" (__res)							\
   14.68 -        : "r" ((long)(arg1)),"r" ((long)(arg2)),"r" ((long)(arg3))	\
   14.69 -        : "r0","r1","r2","lr");						\
   14.70 -  __syscall_return(type,__res);						\
   14.71 -}
   14.72 -
   14.73 -
   14.74 -#define _syscall4(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4)		\
   14.75 -type name(type1 arg1, type2 arg2, type3 arg3, type4 arg4) {				\
   14.76 -  long __res;										\
   14.77 -  __asm__ __volatile__ (								\
   14.78 -  "mov\tr0,%1\n\t"									\
   14.79 -  "mov\tr1,%2\n\t"									\
   14.80 -  "mov\tr2,%3\n\t"									\
   14.81 -  "mov\tr3,%4\n\t"									\
   14.82 -  __syscall(name)									\
   14.83 -  "mov\t%0,r0"										\
   14.84 -  	: "=r" (__res)									\
   14.85 -  	: "r" ((long)(arg1)),"r" ((long)(arg2)),"r" ((long)(arg3)),"r" ((long)(arg4))	\
   14.86 -  	: "r0","r1","r2","r3","lr");							\
   14.87 -  __syscall_return(type,__res);								\
   14.88 -}
   14.89 -  
   14.90 -
   14.91 -#define _syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,type5,arg5)	\
   14.92 -type name(type1 arg1, type2 arg2, type3 arg3, type4 arg4, type5 arg5) {			\
   14.93 -  long __res;										\
   14.94 -  __asm__ __volatile__ (								\
   14.95 -  "mov\tr0,%1\n\t"									\
   14.96 -  "mov\tr1,%2\n\t"									\
   14.97 -  "mov\tr2,%3\n\t"									\
   14.98 -  "mov\tr3,%4\n\t"									\
   14.99 -  "mov\tr4,%5\n\t"									\
  14.100 -  __syscall(name)									\
  14.101 -  "mov\t%0,r0"										\
  14.102 -  	: "=r" (__res)									\
  14.103 -  	: "r" ((long)(arg1)),"r" ((long)(arg2)),"r" ((long)(arg3)),"r" ((long)(arg4)),	\
  14.104 -	  "r" ((long)(arg5))								\
  14.105 -	: "r0","r1","r2","r3","r4","lr");						\
  14.106 -  __syscall_return(type,__res);								\
  14.107 -}
  14.108 -
  14.109 -_syscall1(int,exit1,int,status);
  14.110 -_syscall3(int,write,int,fd,const char *,buf, int, len);
  14.111 -
  14.112 -void _start(void)
  14.113 -{
  14.114 -    write(1, "Hello World\n", 12);
  14.115 -    exit1(0);
  14.116 -}
    15.1 --- a/tools/ioemu/tests/hello-i386.c	Fri May 20 01:47:06 2005 +0000
    15.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    15.3 @@ -1,26 +0,0 @@
    15.4 -#include <asm/unistd.h>
    15.5 -
    15.6 -extern inline volatile void exit(int status)
    15.7 -{
    15.8 -  int __res;
    15.9 -  __asm__ volatile ("movl %%ecx,%%ebx\n"\
   15.10 -		    "int $0x80" \
   15.11 -		    :  "=a" (__res) : "0" (__NR_exit),"c" ((long)(status)));
   15.12 -}
   15.13 -
   15.14 -extern inline int write(int fd, const char * buf, int len)
   15.15 -{
   15.16 -  int status;
   15.17 -  __asm__ volatile ("pushl %%ebx\n"\
   15.18 -		    "movl %%esi,%%ebx\n"\
   15.19 -		    "int $0x80\n" \
   15.20 -		    "popl %%ebx\n"\
   15.21 -		    : "=a" (status) \
   15.22 -		    : "0" (__NR_write),"S" ((long)(fd)),"c" ((long)(buf)),"d" ((long)(len)));
   15.23 -}
   15.24 -
   15.25 -void _start(void)
   15.26 -{
   15.27 -    write(1, "Hello World\n", 12);
   15.28 -    exit(0);
   15.29 -}
    16.1 --- a/tools/ioemu/tests/linux-test.c	Fri May 20 01:47:06 2005 +0000
    16.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    16.3 @@ -1,536 +0,0 @@
    16.4 -/*
    16.5 - *  linux and CPU test
    16.6 - * 
    16.7 - *  Copyright (c) 2003 Fabrice Bellard
    16.8 - *
    16.9 - *  This program is free software; you can redistribute it and/or modify
   16.10 - *  it under the terms of the GNU General Public License as published by
   16.11 - *  the Free Software Foundation; either version 2 of the License, or
   16.12 - *  (at your option) any later version.
   16.13 - *
   16.14 - *  This program is distributed in the hope that it will be useful,
   16.15 - *  but WITHOUT ANY WARRANTY; without even the implied warranty of
   16.16 - *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   16.17 - *  GNU General Public License for more details.
   16.18 - *
   16.19 - *  You should have received a copy of the GNU General Public License
   16.20 - *  along with this program; if not, write to the Free Software
   16.21 - *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
   16.22 - */
   16.23 -#include <stdarg.h>
   16.24 -#include <stdlib.h>
   16.25 -#include <stdio.h>
   16.26 -#include <unistd.h>
   16.27 -#include <fcntl.h>
   16.28 -#include <inttypes.h>
   16.29 -#include <string.h>
   16.30 -#include <sys/types.h>
   16.31 -#include <sys/stat.h>
   16.32 -#include <sys/wait.h>
   16.33 -#include <errno.h>
   16.34 -#include <utime.h>
   16.35 -#include <time.h>
   16.36 -#include <sys/time.h>
   16.37 -#include <sys/uio.h>
   16.38 -#include <sys/socket.h>
   16.39 -#include <netinet/in.h>
   16.40 -#include <arpa/inet.h>
   16.41 -#include <sched.h>
   16.42 -#include <dirent.h>
   16.43 -#include <setjmp.h>
   16.44 -#include <sys/shm.h>
   16.45 -
   16.46 -#define TESTPATH "/tmp/linux-test.tmp"
   16.47 -#define TESTPORT 7654
   16.48 -#define STACK_SIZE 16384
   16.49 -
   16.50 -void error1(const char *filename, int line, const char *fmt, ...)
   16.51 -{
   16.52 -    va_list ap;
   16.53 -    va_start(ap, fmt);
   16.54 -    fprintf(stderr, "%s:%d: ", filename, line);
   16.55 -    vfprintf(stderr, fmt, ap);
   16.56 -    fprintf(stderr, "\n");
   16.57 -    va_end(ap);
   16.58 -    exit(1);
   16.59 -}
   16.60 -
   16.61 -int __chk_error(const char *filename, int line, int ret)
   16.62 -{
   16.63 -    if (ret < 0) {
   16.64 -        error1(filename, line, "%m (ret=%d, errno=%d)", 
   16.65 -               ret, errno);
   16.66 -    }
   16.67 -    return ret;
   16.68 -}
   16.69 -
   16.70 -#define error(fmt, args...) error1(__FILE__, __LINE__, fmt, ##args)
   16.71 -
   16.72 -#define chk_error(ret) __chk_error(__FILE__, __LINE__, (ret))
   16.73 -
   16.74 -/*******************************************************/
   16.75 -
   16.76 -#define FILE_BUF_SIZE 300
   16.77 -
   16.78 -void test_file(void)
   16.79 -{
   16.80 -    int fd, i, len, ret;
   16.81 -    uint8_t buf[FILE_BUF_SIZE];
   16.82 -    uint8_t buf2[FILE_BUF_SIZE];
   16.83 -    uint8_t buf3[FILE_BUF_SIZE];
   16.84 -    char cur_dir[1024];
   16.85 -    struct stat st;
   16.86 -    struct utimbuf tbuf;
   16.87 -    struct iovec vecs[2];
   16.88 -    DIR *dir;
   16.89 -    struct dirent *de;
   16.90 -
   16.91 -    /* clean up, just in case */
   16.92 -    unlink(TESTPATH "/file1");
   16.93 -    unlink(TESTPATH "/file2");
   16.94 -    unlink(TESTPATH "/file3");
   16.95 -    rmdir(TESTPATH);
   16.96 -
   16.97 -    if (getcwd(cur_dir, sizeof(cur_dir)) == NULL)
   16.98 -        error("getcwd");
   16.99 -    
  16.100 -    chk_error(mkdir(TESTPATH, 0755));
  16.101 -    
  16.102 -    chk_error(chdir(TESTPATH));
  16.103 -    
  16.104 -    /* open/read/write/close/readv/writev/lseek */
  16.105 -
  16.106 -    fd = chk_error(open("file1", O_WRONLY | O_TRUNC | O_CREAT, 0644));
  16.107 -    for(i=0;i < FILE_BUF_SIZE; i++)
  16.108 -        buf[i] = i;
  16.109 -    len = chk_error(write(fd, buf, FILE_BUF_SIZE / 2));
  16.110 -    if (len != (FILE_BUF_SIZE / 2))
  16.111 -        error("write");
  16.112 -    vecs[0].iov_base = buf + (FILE_BUF_SIZE / 2);
  16.113 -    vecs[0].iov_len = 16;
  16.114 -    vecs[1].iov_base = buf + (FILE_BUF_SIZE / 2) + 16;
  16.115 -    vecs[1].iov_len = (FILE_BUF_SIZE / 2) - 16;
  16.116 -    len = chk_error(writev(fd, vecs, 2));
  16.117 -    if (len != (FILE_BUF_SIZE / 2))
  16.118 -     error("writev");
  16.119 -    chk_error(close(fd));
  16.120 -
  16.121 -    chk_error(rename("file1", "file2"));
  16.122 -
  16.123 -    fd = chk_error(open("file2", O_RDONLY));
  16.124 -
  16.125 -    len = chk_error(read(fd, buf2, FILE_BUF_SIZE));
  16.126 -    if (len != FILE_BUF_SIZE)
  16.127 -        error("read");
  16.128 -    if (memcmp(buf, buf2, FILE_BUF_SIZE) != 0)
  16.129 -        error("memcmp");
  16.130 -    
  16.131 -#define FOFFSET 16
  16.132 -    ret = chk_error(lseek(fd, FOFFSET, SEEK_SET));
  16.133 -    if (ret != 16)
  16.134 -        error("lseek");
  16.135 -    vecs[0].iov_base = buf3;
  16.136 -    vecs[0].iov_len = 32;
  16.137 -    vecs[1].iov_base = buf3 + 32;
  16.138 -    vecs[1].iov_len = FILE_BUF_SIZE - FOFFSET - 32;
  16.139 -    len = chk_error(readv(fd, vecs, 2));
  16.140 -    if (len != FILE_BUF_SIZE - FOFFSET)
  16.141 -        error("readv");
  16.142 -    if (memcmp(buf + FOFFSET, buf3, FILE_BUF_SIZE - FOFFSET) != 0)
  16.143 -        error("memcmp");
  16.144 -    
  16.145 -    chk_error(close(fd));
  16.146 -
  16.147 -    /* access */
  16.148 -    chk_error(access("file2", R_OK));
  16.149 -
  16.150 -    /* stat/chmod/utime/truncate */
  16.151 -
  16.152 -    chk_error(chmod("file2", 0600));
  16.153 -    tbuf.actime = 1001;
  16.154 -    tbuf.modtime = 1000;
  16.155 -    chk_error(truncate("file2", 100));
  16.156 -    chk_error(utime("file2", &tbuf));
  16.157 -    chk_error(stat("file2", &st));
  16.158 -    if (st.st_size != 100)
  16.159 -        error("stat size");
  16.160 -    if (!S_ISREG(st.st_mode))
  16.161 -        error("stat mode");
  16.162 -    if ((st.st_mode & 0777) != 0600)
  16.163 -        error("stat mode2");
  16.164 -    if (st.st_atime != 1001 ||
  16.165 -        st.st_mtime != 1000)
  16.166 -        error("stat time");
  16.167 -
  16.168 -    chk_error(stat(TESTPATH, &st));
  16.169 -    if (!S_ISDIR(st.st_mode))
  16.170 -        error("stat mode");
  16.171 -
  16.172 -    /* fstat */
  16.173 -    fd = chk_error(open("file2", O_RDWR));
  16.174 -    chk_error(ftruncate(fd, 50));
  16.175 -    chk_error(fstat(fd, &st));
  16.176 -    chk_error(close(fd));
  16.177 -    
  16.178 -    if (st.st_size != 50)
  16.179 -        error("stat size");
  16.180 -    if (!S_ISREG(st.st_mode))
  16.181 -        error("stat mode");
  16.182 -    
  16.183 -    /* symlink/lstat */
  16.184 -    chk_error(symlink("file2", "file3"));
  16.185 -    chk_error(lstat("file3", &st));
  16.186 -    if (!S_ISLNK(st.st_mode))
  16.187 -        error("stat mode");
  16.188 -    
  16.189 -    /* getdents */
  16.190 -    dir = opendir(TESTPATH);
  16.191 -    if (!dir)
  16.192 -        error("opendir");
  16.193 -    len = 0;
  16.194 -    for(;;) {
  16.195 -        de = readdir(dir);
  16.196 -        if (!de)
  16.197 -            break;
  16.198 -        if (strcmp(de->d_name, ".") != 0 &&
  16.199 -            strcmp(de->d_name, "..") != 0 &&
  16.200 -            strcmp(de->d_name, "file2") != 0 &&
  16.201 -            strcmp(de->d_name, "file3") != 0)
  16.202 -            error("readdir");
  16.203 -        len++;
  16.204 -    }
  16.205 -    closedir(dir);
  16.206 -    if (len != 4)
  16.207 -        error("readdir");
  16.208 -
  16.209 -    chk_error(unlink("file3"));
  16.210 -    chk_error(unlink("file2"));
  16.211 -    chk_error(chdir(cur_dir));
  16.212 -    chk_error(rmdir(TESTPATH));
  16.213 -}
  16.214 -
  16.215 -void test_fork(void)
  16.216 -{
  16.217 -    int pid, status;
  16.218 -
  16.219 -    pid = chk_error(fork());
  16.220 -    if (pid == 0) {
  16.221 -        /* child */
  16.222 -        exit(2);
  16.223 -    }
  16.224 -    chk_error(waitpid(pid, &status, 0));
  16.225 -    if (!WIFEXITED(status) || WEXITSTATUS(status) != 2)
  16.226 -        error("waitpid status=0x%x", status);
  16.227 -}
  16.228 -
  16.229 -void test_time(void)
  16.230 -{
  16.231 -    struct timeval tv, tv2;
  16.232 -    struct timespec ts, rem;
  16.233 -    struct rusage rusg1, rusg2;
  16.234 -    int ti, i;
  16.235 -
  16.236 -    chk_error(gettimeofday(&tv, NULL));
  16.237 -    rem.tv_sec = 1;
  16.238 -    ts.tv_sec = 0;
  16.239 -    ts.tv_nsec = 20 * 1000000;
  16.240 -    chk_error(nanosleep(&ts, &rem));
  16.241 -    if (rem.tv_sec != 1)
  16.242 -        error("nanosleep");
  16.243 -    chk_error(gettimeofday(&tv2, NULL));
  16.244 -    ti = tv2.tv_sec - tv.tv_sec;
  16.245 -    if (ti >= 2)
  16.246 -        error("gettimeofday");
  16.247 -    
  16.248 -    chk_error(getrusage(RUSAGE_SELF, &rusg1));
  16.249 -    for(i = 0;i < 10000; i++);
  16.250 -    chk_error(getrusage(RUSAGE_SELF, &rusg2));
  16.251 -    if ((rusg2.ru_utime.tv_sec - rusg1.ru_utime.tv_sec) < 0 ||
  16.252 -        (rusg2.ru_stime.tv_sec - rusg1.ru_stime.tv_sec) < 0)
  16.253 -        error("getrusage");
  16.254 -}
  16.255 -
  16.256 -void pstrcpy(char *buf, int buf_size, const char *str)
  16.257 -{
  16.258 -    int c;
  16.259 -    char *q = buf;
  16.260 -
  16.261 -    if (buf_size <= 0)
  16.262 -        return;
  16.263 -
  16.264 -    for(;;) {
  16.265 -        c = *str++;
  16.266 -        if (c == 0 || q >= buf + buf_size - 1)
  16.267 -            break;
  16.268 -        *q++ = c;
  16.269 -    }
  16.270 -    *q = '\0';
  16.271 -}
  16.272 -
  16.273 -/* strcat and truncate. */
  16.274 -char *pstrcat(char *buf, int buf_size, const char *s)
  16.275 -{
  16.276 -    int len;
  16.277 -    len = strlen(buf);
  16.278 -    if (len < buf_size) 
  16.279 -        pstrcpy(buf + len, buf_size - len, s);
  16.280 -    return buf;
  16.281 -}
  16.282 -
  16.283 -int server_socket(void)
  16.284 -{
  16.285 -    int val, fd;
  16.286 -    struct sockaddr_in sockaddr;
  16.287 -
  16.288 -    /* server socket */
  16.289 -    fd = chk_error(socket(PF_INET, SOCK_STREAM, 0));
  16.290 -
  16.291 -    val = 1;
  16.292 -    chk_error(setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)));
  16.293 -
  16.294 -    sockaddr.sin_family = AF_INET;
  16.295 -    sockaddr.sin_port = htons(TESTPORT);
  16.296 -    sockaddr.sin_addr.s_addr = 0;
  16.297 -    chk_error(bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr)));
  16.298 -    chk_error(listen(fd, 0));
  16.299 -    return fd;
  16.300 -
  16.301 -}
  16.302 -
  16.303 -int client_socket(void)
  16.304 -{
  16.305 -    int fd;
  16.306 -    struct sockaddr_in sockaddr;
  16.307 -
  16.308 -    /* server socket */
  16.309 -    fd = chk_error(socket(PF_INET, SOCK_STREAM, 0));
  16.310 -    sockaddr.sin_family = AF_INET;
  16.311 -    sockaddr.sin_port = htons(TESTPORT);
  16.312 -    inet_aton("127.0.0.1", &sockaddr.sin_addr);
  16.313 -    chk_error(connect(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr)));
  16.314 -    return fd;
  16.315 -}
  16.316 -
  16.317 -const char socket_msg[] = "hello socket\n";
  16.318 -
  16.319 -void test_socket(void)
  16.320 -{
  16.321 -    int server_fd, client_fd, fd, pid, ret, val;
  16.322 -    struct sockaddr_in sockaddr;
  16.323 -    socklen_t len;
  16.324 -    char buf[512];
  16.325 -
  16.326 -    server_fd = server_socket();
  16.327 -
  16.328 -    /* test a few socket options */
  16.329 -    len = sizeof(val);
  16.330 -    chk_error(getsockopt(server_fd, SOL_SOCKET, SO_TYPE, &val, &len));
  16.331 -    if (val != SOCK_STREAM)
  16.332 -        error("getsockopt");
  16.333 -    
  16.334 -    pid = chk_error(fork());
  16.335 -    if (pid == 0) {
  16.336 -        client_fd = client_socket();
  16.337 -        send(client_fd, socket_msg, sizeof(socket_msg), 0);
  16.338 -        close(client_fd);
  16.339 -        exit(0);
  16.340 -    }
  16.341 -    len = sizeof(sockaddr);
  16.342 -    fd = chk_error(accept(server_fd, (struct sockaddr *)&sockaddr, &len));
  16.343 -
  16.344 -    ret = chk_error(recv(fd, buf, sizeof(buf), 0));
  16.345 -    if (ret != sizeof(socket_msg))
  16.346 -        error("recv");
  16.347 -    if (memcmp(buf, socket_msg, sizeof(socket_msg)) != 0)
  16.348 -        error("socket_msg");
  16.349 -    chk_error(close(fd));
  16.350 -    chk_error(close(server_fd));
  16.351 -}
  16.352 -
  16.353 -#define WCOUNT_MAX 512
  16.354 -
  16.355 -void test_pipe(void)
  16.356 -{
  16.357 -    fd_set rfds, wfds;
  16.358 -    int fds[2], fd_max, ret;
  16.359 -    uint8_t ch;
  16.360 -    int wcount, rcount;
  16.361 -
  16.362 -    chk_error(pipe(fds));
  16.363 -    chk_error(fcntl(fds[0], F_SETFL, O_NONBLOCK));
  16.364 -    chk_error(fcntl(fds[1], F_SETFL, O_NONBLOCK));
  16.365 -    wcount = 0;
  16.366 -    rcount = 0;
  16.367 -    for(;;) {
  16.368 -        FD_ZERO(&rfds);
  16.369 -        fd_max = fds[0];
  16.370 -        FD_SET(fds[0], &rfds);
  16.371 -
  16.372 -        FD_ZERO(&wfds);
  16.373 -        FD_SET(fds[1], &wfds);
  16.374 -        if (fds[1] > fd_max)
  16.375 -            fd_max = fds[1];
  16.376 -
  16.377 -        ret = chk_error(select(fd_max + 1, &rfds, &wfds, NULL, NULL));
  16.378 -        if (ret > 0) {
  16.379 -            if (FD_ISSET(fds[0], &rfds)) {
  16.380 -                chk_error(read(fds[0], &ch, 1));
  16.381 -                rcount++;
  16.382 -                if (rcount >= WCOUNT_MAX)
  16.383 -                    break;
  16.384 -            }
  16.385 -            if (FD_ISSET(fds[1], &wfds)) {
  16.386 -                ch = 'a';
  16.387 -                chk_error(write(fds[0], &ch, 1));
  16.388 -                wcount++;
  16.389 -            }
  16.390 -        }
  16.391 -    }
  16.392 -    chk_error(close(fds[0]));
  16.393 -    chk_error(close(fds[1]));
  16.394 -}
  16.395 -
  16.396 -int thread1_res;
  16.397 -int thread2_res;
  16.398 -
  16.399 -int thread1_func(void *arg)
  16.400 -{
  16.401 -    int i;
  16.402 -    for(i=0;i<5;i++) {
  16.403 -        thread1_res++;
  16.404 -        usleep(10 * 1000);
  16.405 -    }
  16.406 -    return 0;
  16.407 -}
  16.408 -
  16.409 -int thread2_func(void *arg)
  16.410 -{
  16.411 -    int i;
  16.412 -    for(i=0;i<6;i++) {
  16.413 -        thread2_res++;
  16.414 -        usleep(10 * 1000);
  16.415 -    }
  16.416 -    return 0;
  16.417 -}
  16.418 -
  16.419 -void test_clone(void)
  16.420 -{
  16.421 -    uint8_t *stack1, *stack2;
  16.422 -    int pid1, pid2, status1, status2;
  16.423 -
  16.424 -    stack1 = malloc(STACK_SIZE);
  16.425 -    pid1 = chk_error(clone(thread1_func, stack1 + STACK_SIZE, 
  16.426 -                           CLONE_VM | CLONE_FS | CLONE_FILES | SIGCHLD, "hello1"));
  16.427 -
  16.428 -    stack2 = malloc(STACK_SIZE);
  16.429 -    pid2 = chk_error(clone(thread2_func, stack2 + STACK_SIZE, 
  16.430 -                           CLONE_VM | CLONE_FS | CLONE_FILES | SIGCHLD, "hello2"));
  16.431 -
  16.432 -    while (waitpid(pid1, &status1, 0) != pid1);
  16.433 -    while (waitpid(pid2, &status2, 0) != pid2);
  16.434 -    if (thread1_res != 5 ||
  16.435 -        thread2_res != 6)
  16.436 -        error("clone");
  16.437 -}
  16.438 -
  16.439 -/***********************************/
  16.440 -
  16.441 -volatile int alarm_count;
  16.442 -jmp_buf jmp_env;
  16.443 -
  16.444 -void sig_alarm(int sig)
  16.445 -{
  16.446 -    if (sig != SIGALRM)
  16.447 -        error("signal");
  16.448 -    alarm_count++;
  16.449 -}
  16.450 -
  16.451 -void sig_segv(int sig, siginfo_t *info, void *puc)
  16.452 -{
  16.453 -    if (sig != SIGSEGV)
  16.454 -        error("signal");
  16.455 -    longjmp(jmp_env, 1);
  16.456 -}
  16.457 -
  16.458 -void test_signal(void)
  16.459 -{
  16.460 -    struct sigaction act;
  16.461 -    struct itimerval it, oit;
  16.462 -
  16.463 -    /* timer test */
  16.464 -
  16.465 -    alarm_count = 0;
  16.466 -
  16.467 -    act.sa_handler = sig_alarm;
  16.468 -    sigemptyset(&act.sa_mask);
  16.469 -    act.sa_flags = 0;
  16.470 -    chk_error(sigaction(SIGALRM, &act, NULL));
  16.471 -    
  16.472 -    it.it_interval.tv_sec = 0;
  16.473 -    it.it_interval.tv_usec = 10 * 1000;
  16.474 -    it.it_value.tv_sec = 0;
  16.475 -    it.it_value.tv_usec = 10 * 1000;
  16.476 -    chk_error(setitimer(ITIMER_REAL, &it, NULL));
  16.477 -    chk_error(getitimer(ITIMER_REAL, &oit));
  16.478 -    if (oit.it_value.tv_sec != it.it_value.tv_sec ||
  16.479 -        oit.it_value.tv_usec != it.it_value.tv_usec)
  16.480 -        error("itimer");
  16.481 -    
  16.482 -    while (alarm_count < 5) {
  16.483 -        usleep(10 * 1000);
  16.484 -    }
  16.485 -
  16.486 -    it.it_interval.tv_sec = 0;
  16.487 -    it.it_interval.tv_usec = 0;
  16.488 -    it.it_value.tv_sec = 0;
  16.489 -    it.it_value.tv_usec = 0;
  16.490 -    memset(&oit, 0xff, sizeof(oit));
  16.491 -    chk_error(setitimer(ITIMER_REAL, &it, &oit));
  16.492 -    if (oit.it_value.tv_sec != 0 ||
  16.493 -        oit.it_value.tv_usec != 10 * 1000)
  16.494 -        error("setitimer");
  16.495 -
  16.496 -    /* SIGSEGV test */
  16.497 -    act.sa_sigaction = sig_segv;
  16.498 -    sigemptyset(&act.sa_mask);
  16.499 -    act.sa_flags = SA_SIGINFO;
  16.500 -    chk_error(sigaction(SIGSEGV, &act, NULL));
  16.501 -    if (setjmp(jmp_env) == 0) {
  16.502 -        *(uint8_t *)0 = 0;
  16.503 -    }
  16.504 -    
  16.505 -    act.sa_handler = SIG_DFL;
  16.506 -    sigemptyset(&act.sa_mask);
  16.507 -    act.sa_flags = 0;
  16.508 -    chk_error(sigaction(SIGSEGV, &act, NULL));
  16.509 -}
  16.510 -
  16.511 -#define SHM_SIZE 32768
  16.512 -
  16.513 -void test_shm(void)
  16.514 -{
  16.515 -    void *ptr;
  16.516 -    int shmid;
  16.517 -
  16.518 -    shmid = chk_error(shmget(IPC_PRIVATE, SHM_SIZE, IPC_CREAT | 0777));
  16.519 -    ptr = shmat(shmid, NULL, 0);
  16.520 -    if (!ptr)
  16.521 -        error("shmat");
  16.522 -
  16.523 -    memset(ptr, 0, SHM_SIZE);
  16.524 -
  16.525 -    chk_error(shmctl(shmid, IPC_RMID, 0));
  16.526 -    chk_error(shmdt(ptr));
  16.527 -}
  16.528 -
  16.529 -int main(int argc, char **argv)
  16.530 -{
  16.531 -    test_file();
  16.532 -    test_fork();
  16.533 -    test_time();
  16.534 -    test_socket();
  16.535 -    //    test_clone();
  16.536 -    test_signal();
  16.537 -    test_shm();
  16.538 -    return 0;
  16.539 -}
    17.1 Binary file tools/ioemu/tests/pi_10.com has changed
    18.1 --- a/tools/ioemu/tests/qruncom.c	Fri May 20 01:47:06 2005 +0000
    18.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    18.3 @@ -1,308 +0,0 @@
    18.4 -/*
    18.5 - * Example of use of user mode libqemu: launch a basic .com DOS
    18.6 - * executable
    18.7 - */
    18.8 -#include <stdlib.h>
    18.9 -#include <stdio.h>
   18.10 -#include <string.h>
   18.11 -#include <inttypes.h>
   18.12 -#include <unistd.h>
   18.13 -#include <fcntl.h>
   18.14 -#include <sys/mman.h>
   18.15 -#include <signal.h>
   18.16 -
   18.17 -#include "cpu.h"
   18.18 -
   18.19 -//#define SIGTEST
   18.20 -
   18.21 -CPUState *cpu_single_env = NULL;
   18.22 -
   18.23 -void cpu_outb(CPUState *env, int addr, int val)
   18.24 -{
   18.25 -    fprintf(stderr, "outb: port=0x%04x, data=%02x\n", addr, val);
   18.26 -}
   18.27 -
   18.28 -void cpu_outw(CPUState *env, int addr, int val)
   18.29 -{
   18.30 -    fprintf(stderr, "outw: port=0x%04x, data=%04x\n", addr, val);
   18.31 -}
   18.32 -
   18.33 -void cpu_outl(CPUState *env, int addr, int val)
   18.34 -{
   18.35 -    fprintf(stderr, "outl: port=0x%04x, data=%08x\n", addr, val);
   18.36 -}
   18.37 -
   18.38 -int cpu_inb(CPUState *env, int addr)
   18.39 -{
   18.40 -    fprintf(stderr, "inb: port=0x%04x\n", addr);
   18.41 -    return 0;
   18.42 -}
   18.43 -
   18.44 -int cpu_inw(CPUState *env, int addr)
   18.45 -{
   18.46 -    fprintf(stderr, "inw: port=0x%04x\n", addr);
   18.47 -    return 0;
   18.48 -}
   18.49 -
   18.50 -int cpu_inl(CPUState *env, int addr)
   18.51 -{
   18.52 -    fprintf(stderr, "inl: port=0x%04x\n", addr);
   18.53 -    return 0;
   18.54 -}
   18.55 -
   18.56 -int cpu_get_pic_interrupt(CPUState *env)
   18.57 -{
   18.58 -    return -1;
   18.59 -}
   18.60 -
   18.61 -uint64_t cpu_get_tsc(CPUState *env)
   18.62 -{
   18.63 -    return 0;
   18.64 -}
   18.65 -
   18.66 -static void set_gate(void *ptr, unsigned int type, unsigned int dpl, 
   18.67 -                     unsigned long addr, unsigned int sel)
   18.68 -{
   18.69 -    unsigned int e1, e2;
   18.70 -    e1 = (addr & 0xffff) | (sel << 16);
   18.71 -    e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
   18.72 -    stl((uint8_t *)ptr, e1);
   18.73 -    stl((uint8_t *)ptr + 4, e2);
   18.74 -}
   18.75 -
   18.76 -uint64_t idt_table[256];
   18.77 -
   18.78 -/* only dpl matters as we do only user space emulation */
   18.79 -static void set_idt(int n, unsigned int dpl)
   18.80 -{
   18.81 -    set_gate(idt_table + n, 0, dpl, 0, 0);
   18.82 -}
   18.83 -
   18.84 -void qemu_free(void *ptr)
   18.85 -{
   18.86 -    free(ptr);
   18.87 -}
   18.88 -
   18.89 -void *qemu_malloc(size_t size)
   18.90 -{
   18.91 -    return malloc(size);
   18.92 -}
   18.93 -
   18.94 -void qemu_printf(const char *fmt, ...)
   18.95 -{
   18.96 -    va_list ap;
   18.97 -    va_start(ap, fmt);
   18.98 -    vprintf(fmt, ap);
   18.99 -    va_end(ap);
  18.100 -}
  18.101 -
  18.102 -/* XXX: this is a bug in helper2.c */
  18.103 -int errno;
  18.104 -
  18.105 -/**********************************************/
  18.106 -
  18.107 -#define COM_BASE_ADDR    0x10100
  18.108 -
  18.109 -void usage(void)
  18.110 -{
  18.111 -    printf("qruncom version 0.1 (c) 2003 Fabrice Bellard\n"
  18.112 -           "usage: qruncom file.com\n"
  18.113 -           "user mode libqemu demo: run simple .com DOS executables\n");
  18.114 -    exit(1);
  18.115 -}
  18.116 -
  18.117 -static inline uint8_t *seg_to_linear(unsigned int seg, unsigned int reg)
  18.118 -{
  18.119 -    return (uint8_t *)((seg << 4) + (reg & 0xffff));
  18.120 -}
  18.121 -
  18.122 -static inline void pushw(CPUState *env, int val)
  18.123 -{
  18.124 -    env->regs[R_ESP] = (env->regs[R_ESP] & ~0xffff) | ((env->regs[R_ESP] - 2) & 0xffff);
  18.125 -    *(uint16_t *)seg_to_linear(env->segs[R_SS].selector, env->regs[R_ESP]) = val;
  18.126 -}
  18.127 -
  18.128 -static void host_segv_handler(int host_signum, siginfo_t *info, 
  18.129 -                              void *puc)
  18.130 -{
  18.131 -    if (cpu_signal_handler(host_signum, info, puc)) {
  18.132 -        return;
  18.133 -    }
  18.134 -    abort();
  18.135 -}
  18.136 -
  18.137 -int main(int argc, char **argv)
  18.138 -{
  18.139 -    uint8_t *vm86_mem;
  18.140 -    const char *filename;
  18.141 -    int fd, ret, seg;
  18.142 -    CPUState *env;
  18.143 -
  18.144 -    if (argc != 2)
  18.145 -        usage();
  18.146 -    filename = argv[1];
  18.147 -    
  18.148 -    vm86_mem = mmap((void *)0x00000000, 0x110000, 
  18.149 -                    PROT_WRITE | PROT_READ | PROT_EXEC, 
  18.150 -                    MAP_FIXED | MAP_ANON | MAP_PRIVATE, -1, 0);
  18.151 -    if (vm86_mem == MAP_FAILED) {
  18.152 -        perror("mmap");
  18.153 -        exit(1);
  18.154 -    }
  18.155 -
  18.156 -    /* load the MSDOS .com executable */
  18.157 -    fd = open(filename, O_RDONLY);
  18.158 -    if (fd < 0) {
  18.159 -        perror(filename);
  18.160 -        exit(1);
  18.161 -    }
  18.162 -    ret = read(fd, vm86_mem + COM_BASE_ADDR, 65536 - 256);
  18.163 -    if (ret < 0) {
  18.164 -        perror("read");
  18.165 -        exit(1);
  18.166 -    }
  18.167 -    close(fd);
  18.168 -
  18.169 -    /* install exception handler for CPU emulator */
  18.170 -    {
  18.171 -        struct sigaction act;
  18.172 -        
  18.173 -        sigfillset(&act.sa_mask);
  18.174 -        act.sa_flags = SA_SIGINFO;
  18.175 -        //        act.sa_flags |= SA_ONSTACK;
  18.176 -
  18.177 -        act.sa_sigaction = host_segv_handler;
  18.178 -        sigaction(SIGSEGV, &act, NULL);
  18.179 -        sigaction(SIGBUS, &act, NULL);
  18.180 -#if defined (TARGET_I386) && defined(USE_CODE_COPY)
  18.181 -        sigaction(SIGFPE, &act, NULL);
  18.182 -#endif
  18.183 -    }
  18.184 -
  18.185 -    //    cpu_set_log(CPU_LOG_TB_IN_ASM | CPU_LOG_TB_OUT_ASM | CPU_LOG_EXEC);
  18.186 -
  18.187 -    env = cpu_init();
  18.188 -
  18.189 -    /* disable code copy to simplify debugging */
  18.190 -    code_copy_enabled = 0;
  18.191 -
  18.192 -    /* set user mode state (XXX: should be done automatically by
  18.193 -       cpu_init ?) */
  18.194 -    env->user_mode_only = 1;
  18.195 -
  18.196 -    cpu_x86_set_cpl(env, 3);
  18.197 -
  18.198 -    env->cr[0] = CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK;
  18.199 -    /* NOTE: hflags duplicates some of the virtual CPU state */
  18.200 -    env->hflags |= HF_PE_MASK | VM_MASK;
  18.201 -
  18.202 -    /* flags setup : we activate the IRQs by default as in user
  18.203 -       mode. We also activate the VM86 flag to run DOS code */
  18.204 -    env->eflags |= IF_MASK | VM_MASK;
  18.205 -    
  18.206 -    /* init basic registers */
  18.207 -    env->eip = 0x100;
  18.208 -    env->regs[R_ESP] = 0xfffe;
  18.209 -    seg = (COM_BASE_ADDR - 0x100) >> 4;
  18.210 -
  18.211 -    cpu_x86_load_seg_cache(env, R_CS, seg, 
  18.212 -                           (uint8_t *)(seg << 4), 0xffff, 0);
  18.213 -    cpu_x86_load_seg_cache(env, R_SS, seg, 
  18.214 -                           (uint8_t *)(seg << 4), 0xffff, 0);
  18.215 -    cpu_x86_load_seg_cache(env, R_DS, seg, 
  18.216 -                           (uint8_t *)(seg << 4), 0xffff, 0);
  18.217 -    cpu_x86_load_seg_cache(env, R_ES, seg, 
  18.218 -                           (uint8_t *)(seg << 4), 0xffff, 0);
  18.219 -    cpu_x86_load_seg_cache(env, R_FS, seg, 
  18.220 -                           (uint8_t *)(seg << 4), 0xffff, 0);
  18.221 -    cpu_x86_load_seg_cache(env, R_GS, seg, 
  18.222 -                           (uint8_t *)(seg << 4), 0xffff, 0);
  18.223 -
  18.224 -    /* exception support */
  18.225 -    env->idt.base = (void *)idt_table;
  18.226 -    env->idt.limit = sizeof(idt_table) - 1;
  18.227 -    set_idt(0, 0);
  18.228 -    set_idt(1, 0);
  18.229 -    set_idt(2, 0);
  18.230 -    set_idt(3, 3);
  18.231 -    set_idt(4, 3);
  18.232 -    set_idt(5, 3);
  18.233 -    set_idt(6, 0);
  18.234 -    set_idt(7, 0);
  18.235 -    set_idt(8, 0);
  18.236 -    set_idt(9, 0);
  18.237 -    set_idt(10, 0);
  18.238 -    set_idt(11, 0);
  18.239 -    set_idt(12, 0);
  18.240 -    set_idt(13, 0);
  18.241 -    set_idt(14, 0);
  18.242 -    set_idt(15, 0);
  18.243 -    set_idt(16, 0);
  18.244 -    set_idt(17, 0);
  18.245 -    set_idt(18, 0);
  18.246 -    set_idt(19, 0);
  18.247 -        
  18.248 -    /* put return code */
  18.249 -    *seg_to_linear(env->segs[R_CS].selector, 0) = 0xb4; /* mov ah, $0 */
  18.250 -    *seg_to_linear(env->segs[R_CS].selector, 1) = 0x00;
  18.251 -    *seg_to_linear(env->segs[R_CS].selector, 2) = 0xcd; /* int $0x21 */
  18.252 -    *seg_to_linear(env->segs[R_CS].selector, 3) = 0x21;
  18.253 -    pushw(env, 0x0000);
  18.254 -
  18.255 -    /* the value of these registers seem to be assumed by pi_10.com */
  18.256 -    env->regs[R_ESI] = 0x100;
  18.257 -    env->regs[R_ECX] = 0xff;
  18.258 -    env->regs[R_EBP] = 0x0900;
  18.259 -    env->regs[R_EDI] = 0xfffe;
  18.260 -
  18.261 -    /* inform the emulator of the mmaped memory */
  18.262 -    page_set_flags(0x00000000, 0x110000, 
  18.263 -                   PAGE_WRITE | PAGE_READ | PAGE_EXEC | PAGE_VALID);
  18.264 -
  18.265 -    for(;;) {
  18.266 -        ret = cpu_x86_exec(env);
  18.267 -        switch(ret) {
  18.268 -        case EXCP0D_GPF:
  18.269 -            {
  18.270 -                int int_num, ah;
  18.271 -                int_num = *(env->segs[R_CS].base + env->eip + 1);
  18.272 -                if (int_num != 0x21)
  18.273 -                    goto unknown_int;
  18.274 -                ah = (env->regs[R_EAX] >> 8) & 0xff;
  18.275 -                switch(ah) {
  18.276 -                case 0x00: /* exit */
  18.277 -                    exit(0);
  18.278 -                case 0x02: /* write char */
  18.279 -                    {
  18.280 -                        uint8_t c = env->regs[R_EDX];
  18.281 -                        write(1, &c, 1);
  18.282 -                    }
  18.283 -                    break;
  18.284 -                case 0x09: /* write string */
  18.285 -                    {
  18.286 -                        uint8_t c;
  18.287 -                        for(;;) {
  18.288 -                            c = *seg_to_linear(env->segs[R_DS].selector, env->regs[R_EAX]);
  18.289 -                            if (c == '$')
  18.290 -                                break;
  18.291 -                            write(1, &c, 1);
  18.292 -                        }
  18.293 -                        env->regs[R_EAX] = (env->regs[R_EAX] & ~0xff) | '$';
  18.294 -                    }
  18.295 -                    break;
  18.296 -                default:
  18.297 -                unknown_int:
  18.298 -                    fprintf(stderr, "unsupported int 0x%02x\n", int_num);
  18.299 -                    cpu_dump_state(env, stderr, 0);
  18.300 -                    //                    exit(1);
  18.301 -                }
  18.302 -                env->eip += 2;
  18.303 -            }
  18.304 -            break;
  18.305 -        default:
  18.306 -            fprintf(stderr, "unhandled cpu_exec return code (0x%x)\n", ret);
  18.307 -            cpu_dump_state(env, stderr, 0);
  18.308 -            exit(1);
  18.309 -        }
  18.310 -    }
  18.311 -}
    19.1 --- a/tools/ioemu/tests/runcom.c	Fri May 20 01:47:06 2005 +0000
    19.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    19.3 @@ -1,195 +0,0 @@
    19.4 -/*
    19.5 - * Simple example of use of vm86: launch a basic .com DOS executable
    19.6 - */
    19.7 -#include <stdlib.h>
    19.8 -#include <stdio.h>
    19.9 -#include <string.h>
   19.10 -#include <inttypes.h>
   19.11 -#include <unistd.h>
   19.12 -#include <fcntl.h>
   19.13 -#include <sys/mman.h>
   19.14 -#include <signal.h>
   19.15 -
   19.16 -#include <linux/unistd.h>
   19.17 -#include <asm/vm86.h>
   19.18 -
   19.19 -//#define SIGTEST
   19.20 -
   19.21 -#undef __syscall_return
   19.22 -#define __syscall_return(type, res) \
   19.23 -do { \
   19.24 -	return (type) (res); \
   19.25 -} while (0)
   19.26 -
   19.27 -_syscall2(int, vm86, int, func, struct vm86plus_struct *, v86)
   19.28 -
   19.29 -#define COM_BASE_ADDR    0x10100
   19.30 -
   19.31 -void usage(void)
   19.32 -{
   19.33 -    printf("runcom version 0.1 (c) 2003 Fabrice Bellard\n"
   19.34 -           "usage: runcom file.com\n"
   19.35 -           "VM86 Run simple .com DOS executables (linux vm86 test mode)\n");
   19.36 -    exit(1);
   19.37 -}
   19.38 -
   19.39 -static inline void set_bit(uint8_t *a, unsigned int bit)
   19.40 -{
   19.41 -    a[bit / 8] |= (1 << (bit % 8));
   19.42 -}
   19.43 -
   19.44 -static inline uint8_t *seg_to_linear(unsigned int seg, unsigned int reg)
   19.45 -{
   19.46 -    return (uint8_t *)((seg << 4) + (reg & 0xffff));
   19.47 -}
   19.48 -
   19.49 -static inline void pushw(struct vm86_regs *r, int val)
   19.50 -{
   19.51 -    r->esp = (r->esp & ~0xffff) | ((r->esp - 2) & 0xffff);
   19.52 -    *(uint16_t *)seg_to_linear(r->ss, r->esp) = val;
   19.53 -}
   19.54 -
   19.55 -void dump_regs(struct vm86_regs *r)
   19.56 -{
   19.57 -    fprintf(stderr, 
   19.58 -            "EAX=%08lx EBX=%08lx ECX=%08lx EDX=%08lx\n"
   19.59 -            "ESI=%08lx EDI=%08lx EBP=%08lx ESP=%08lx\n"
   19.60 -            "EIP=%08lx EFL=%08lx\n"
   19.61 -            "CS=%04x DS=%04x ES=%04x SS=%04x FS=%04x GS=%04x\n",
   19.62 -            r->eax, r->ebx, r->ecx, r->edx, r->esi, r->edi, r->ebp, r->esp,
   19.63 -            r->eip, r->eflags,
   19.64 -            r->cs, r->ds, r->es, r->ss, r->fs, r->gs);
   19.65 -}
   19.66 -
   19.67 -#ifdef SIGTEST
   19.68 -void alarm_handler(int sig)
   19.69 -{
   19.70 -    fprintf(stderr, "alarm signal=%d\n", sig);
   19.71 -    alarm(1);
   19.72 -}
   19.73 -#endif
   19.74 -
   19.75 -int main(int argc, char **argv)
   19.76 -{
   19.77 -    uint8_t *vm86_mem;
   19.78 -    const char *filename;
   19.79 -    int fd, ret, seg;
   19.80 -    struct vm86plus_struct ctx;
   19.81 -    struct vm86_regs *r;
   19.82 -
   19.83 -    if (argc != 2)
   19.84 -        usage();
   19.85 -    filename = argv[1];
   19.86 -    
   19.87 -    vm86_mem = mmap((void *)0x00000000, 0x110000, 
   19.88 -                    PROT_WRITE | PROT_READ | PROT_EXEC, 
   19.89 -                    MAP_FIXED | MAP_ANON | MAP_PRIVATE, -1, 0);
   19.90 -    if (vm86_mem == MAP_FAILED) {
   19.91 -        perror("mmap");
   19.92 -        exit(1);
   19.93 -    }
   19.94 -#ifdef SIGTEST
   19.95 -    {
   19.96 -        struct sigaction act;
   19.97 -
   19.98 -        act.sa_handler = alarm_handler;
   19.99 -        sigemptyset(&act.sa_mask);
  19.100 -        act.sa_flags = 0;
  19.101 -        sigaction(SIGALRM, &act, NULL);
  19.102 -        alarm(1);
  19.103 -    }
  19.104 -#endif
  19.105 -
  19.106 -    /* load the MSDOS .com executable */
  19.107 -    fd = open(filename, O_RDONLY);
  19.108 -    if (fd < 0) {
  19.109 -        perror(filename);
  19.110 -        exit(1);
  19.111 -    }
  19.112 -    ret = read(fd, vm86_mem + COM_BASE_ADDR, 65536 - 256);
  19.113 -    if (ret < 0) {
  19.114 -        perror("read");
  19.115 -        exit(1);
  19.116 -    }
  19.117 -    close(fd);
  19.118 -
  19.119 -    memset(&ctx, 0, sizeof(ctx));
  19.120 -    /* init basic registers */
  19.121 -    r = &ctx.regs;
  19.122 -    r->eip = 0x100;
  19.123 -    r->esp = 0xfffe;
  19.124 -    seg = (COM_BASE_ADDR - 0x100) >> 4;
  19.125 -    r->cs = seg;
  19.126 -    r->ss = seg;
  19.127 -    r->ds = seg;
  19.128 -    r->es = seg;
  19.129 -    r->fs = seg;
  19.130 -    r->gs = seg;
  19.131 -    r->eflags = VIF_MASK;
  19.132 -
  19.133 -    /* put return code */
  19.134 -    set_bit((uint8_t *)&ctx.int_revectored, 0x21);
  19.135 -    *seg_to_linear(r->cs, 0) = 0xb4; /* mov ah, $0 */
  19.136 -    *seg_to_linear(r->cs, 1) = 0x00;
  19.137 -    *seg_to_linear(r->cs, 2) = 0xcd; /* int $0x21 */
  19.138 -    *seg_to_linear(r->cs, 3) = 0x21;
  19.139 -    pushw(&ctx.regs, 0x0000);
  19.140 -
  19.141 -    /* the value of these registers seem to be assumed by pi_10.com */
  19.142 -    r->esi = 0x100;
  19.143 -    r->ecx = 0xff;
  19.144 -    r->ebp = 0x0900;
  19.145 -    r->edi = 0xfffe;
  19.146 -
  19.147 -    for(;;) {
  19.148 -        ret = vm86(VM86_ENTER, &ctx);
  19.149 -        switch(VM86_TYPE(ret)) {
  19.150 -        case VM86_INTx:
  19.151 -            {
  19.152 -                int int_num, ah;
  19.153 -                
  19.154 -                int_num = VM86_ARG(ret);
  19.155 -                if (int_num != 0x21)
  19.156 -                    goto unknown_int;
  19.157 -                ah = (r->eax >> 8) & 0xff;
  19.158 -                switch(ah) {
  19.159 -                case 0x00: /* exit */
  19.160 -                    exit(0);
  19.161 -                case 0x02: /* write char */
  19.162 -                    {
  19.163 -                        uint8_t c = r->edx;
  19.164 -                        write(1, &c, 1);
  19.165 -                    }
  19.166 -                    break;
  19.167 -                case 0x09: /* write string */
  19.168 -                    {
  19.169 -                        uint8_t c;
  19.170 -                        for(;;) {
  19.171 -                            c = *seg_to_linear(r->ds, r->edx);
  19.172 -                            if (c == '$')
  19.173 -                                break;
  19.174 -                            write(1, &c, 1);
  19.175 -                        }
  19.176 -                        r->eax = (r->eax & ~0xff) | '$';
  19.177 -                    }
  19.178 -                    break;
  19.179 -                default:
  19.180 -                unknown_int:
  19.181 -                    fprintf(stderr, "unsupported int 0x%02x\n", int_num);
  19.182 -                    dump_regs(&ctx.regs);
  19.183 -                    //                    exit(1);
  19.184 -                }
  19.185 -            }
  19.186 -            break;
  19.187 -        case VM86_SIGNAL:
  19.188 -            /* a signal came, we just ignore that */
  19.189 -            break;
  19.190 -        case VM86_STI:
  19.191 -            break;
  19.192 -        default:
  19.193 -            fprintf(stderr, "unhandled vm86 return code (0x%x)\n", ret);
  19.194 -            dump_regs(&ctx.regs);
  19.195 -            exit(1);
  19.196 -        }
  19.197 -    }
  19.198 -}
    20.1 --- a/tools/ioemu/tests/sha1.c	Fri May 20 01:47:06 2005 +0000
    20.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    20.3 @@ -1,242 +0,0 @@
    20.4 -
    20.5 -/* from valgrind tests */
    20.6 -
    20.7 -/* ================ sha1.c ================ */
    20.8 -/*
    20.9 -SHA-1 in C
   20.10 -By Steve Reid <steve@edmweb.com>
   20.11 -100% Public Domain
   20.12 -
   20.13 -Test Vectors (from FIPS PUB 180-1)
   20.14 -"abc"
   20.15 -  A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
   20.16 -"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
   20.17 -  84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
   20.18 -A million repetitions of "a"
   20.19 -  34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
   20.20 -*/
   20.21 -
   20.22 -/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
   20.23 -/* #define SHA1HANDSOFF * Copies data before messing with it. */
   20.24 -
   20.25 -#define SHA1HANDSOFF
   20.26 -
   20.27 -#include <stdio.h>
   20.28 -#include <string.h>
   20.29 -#include <sys/types.h>	/* for u_int*_t */
   20.30 -
   20.31 -/* ================ sha1.h ================ */
   20.32 -/*
   20.33 -SHA-1 in C
   20.34 -By Steve Reid <steve@edmweb.com>
   20.35 -100% Public Domain
   20.36 -*/
   20.37 -
   20.38 -typedef struct {
   20.39 -    u_int32_t state[5];
   20.40 -    u_int32_t count[2];
   20.41 -    unsigned char buffer[64];
   20.42 -} SHA1_CTX;
   20.43 -
   20.44 -void SHA1Transform(u_int32_t state[5], const unsigned char buffer[64]);
   20.45 -void SHA1Init(SHA1_CTX* context);
   20.46 -void SHA1Update(SHA1_CTX* context, const unsigned char* data, u_int32_t len);
   20.47 -void SHA1Final(unsigned char digest[20], SHA1_CTX* context);
   20.48 -/* ================ end of sha1.h ================ */
   20.49 -#include <endian.h>
   20.50 -
   20.51 -#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
   20.52 -
   20.53 -/* blk0() and blk() perform the initial expand. */
   20.54 -/* I got the idea of expanding during the round function from SSLeay */
   20.55 -#if BYTE_ORDER == LITTLE_ENDIAN
   20.56 -#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
   20.57 -    |(rol(block->l[i],8)&0x00FF00FF))
   20.58 -#elif BYTE_ORDER == BIG_ENDIAN
   20.59 -#define blk0(i) block->l[i]
   20.60 -#else
   20.61 -#error "Endianness not defined!"
   20.62 -#endif
   20.63 -#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
   20.64 -    ^block->l[(i+2)&15]^block->l[i&15],1))
   20.65 -
   20.66 -/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
   20.67 -#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
   20.68 -#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
   20.69 -#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
   20.70 -#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
   20.71 -#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
   20.72 -
   20.73 -
   20.74 -/* Hash a single 512-bit block. This is the core of the algorithm. */
   20.75 -
   20.76 -void SHA1Transform(u_int32_t state[5], const unsigned char buffer[64])
   20.77 -{
   20.78 -u_int32_t a, b, c, d, e;
   20.79 -typedef union {
   20.80 -    unsigned char c[64];
   20.81 -    u_int32_t l[16];
   20.82 -} CHAR64LONG16;
   20.83 -#ifdef SHA1HANDSOFF
   20.84 -CHAR64LONG16 block[1];  /* use array to appear as a pointer */
   20.85 -    memcpy(block, buffer, 64);
   20.86 -#else
   20.87 -    /* The following had better never be used because it causes the
   20.88 -     * pointer-to-const buffer to be cast into a pointer to non-const.
   20.89 -     * And the result is written through.  I threw a "const" in, hoping
   20.90 -     * this will cause a diagnostic.
   20.91 -     */
   20.92 -CHAR64LONG16* block = (const CHAR64LONG16*)buffer;
   20.93 -#endif
   20.94 -    /* Copy context->state[] to working vars */
   20.95 -    a = state[0];
   20.96 -    b = state[1];
   20.97 -    c = state[2];
   20.98 -    d = state[3];
   20.99 -    e = state[4];
  20.100 -    /* 4 rounds of 20 operations each. Loop unrolled. */
  20.101 -    R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
  20.102 -    R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
  20.103 -    R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
  20.104 -    R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
  20.105 -    R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
  20.106 -    R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
  20.107 -    R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
  20.108 -    R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
  20.109 -    R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
  20.110 -    R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
  20.111 -    R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
  20.112 -    R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
  20.113 -    R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
  20.114 -    R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
  20.115 -    R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
  20.116 -    R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
  20.117 -    R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
  20.118 -    R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
  20.119 -    R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
  20.120 -    R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
  20.121 -    /* Add the working vars back into context.state[] */
  20.122 -    state[0] += a;
  20.123 -    state[1] += b;
  20.124 -    state[2] += c;
  20.125 -    state[3] += d;
  20.126 -    state[4] += e;
  20.127 -    /* Wipe variables */
  20.128 -    a = b = c = d = e = 0;
  20.129 -#ifdef SHA1HANDSOFF
  20.130 -    memset(block, '\0', sizeof(block));
  20.131 -#endif
  20.132 -}
  20.133 -
  20.134 -
  20.135 -/* SHA1Init - Initialize new context */
  20.136 -
  20.137 -void SHA1Init(SHA1_CTX* context)
  20.138 -{
  20.139 -    /* SHA1 initialization constants */
  20.140 -    context->state[0] = 0x67452301;
  20.141 -    context->state[1] = 0xEFCDAB89;
  20.142 -    context->state[2] = 0x98BADCFE;
  20.143 -    context->state[3] = 0x10325476;
  20.144 -    context->state[4] = 0xC3D2E1F0;
  20.145 -    context->count[0] = context->count[1] = 0;
  20.146 -}
  20.147 -
  20.148 -
  20.149 -/* Run your data through this. */
  20.150 -
  20.151 -void SHA1Update(SHA1_CTX* context, const unsigned char* data, u_int32_t len)
  20.152 -{
  20.153 -u_int32_t i;
  20.154 -u_int32_t j;
  20.155 -
  20.156 -    j = context->count[0];
  20.157 -    if ((context->count[0] += len << 3) < j)
  20.158 -	context->count[1]++;
  20.159 -    context->count[1] += (len>>29);
  20.160 -    j = (j >> 3) & 63;
  20.161 -    if ((j + len) > 63) {
  20.162 -        memcpy(&context->buffer[j], data, (i = 64-j));
  20.163 -        SHA1Transform(context->state, context->buffer);
  20.164 -        for ( ; i + 63 < len; i += 64) {
  20.165 -            SHA1Transform(context->state, &data[i]);
  20.166 -        }
  20.167 -        j = 0;
  20.168 -    }
  20.169 -    else i = 0;
  20.170 -    memcpy(&context->buffer[j], &data[i], len - i);
  20.171 -}
  20.172 -
  20.173 -
  20.174 -/* Add padding and return the message digest. */
  20.175 -
  20.176 -void SHA1Final(unsigned char digest[20], SHA1_CTX* context)
  20.177 -{
  20.178 -unsigned i;
  20.179 -unsigned char finalcount[8];
  20.180 -unsigned char c;
  20.181 -
  20.182 -#if 0	/* untested "improvement" by DHR */
  20.183 -    /* Convert context->count to a sequence of bytes
  20.184 -     * in finalcount.  Second element first, but
  20.185 -     * big-endian order within element.
  20.186 -     * But we do it all backwards.
  20.187 -     */
  20.188 -    unsigned char *fcp = &finalcount[8];
  20.189 -
  20.190 -    for (i = 0; i < 2; i++)
  20.191 -    {
  20.192 -	u_int32_t t = context->count[i];
  20.193 -	int j;
  20.194 -
  20.195 -	for (j = 0; j < 4; t >>= 8, j++)
  20.196 -	    *--fcp = (unsigned char) t
  20.197 -    }
  20.198 -#else
  20.199 -    for (i = 0; i < 8; i++) {
  20.200 -        finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
  20.201 -         >> ((3-(i & 3)) * 8) ) & 255);  /* Endian independent */
  20.202 -    }
  20.203 -#endif
  20.204 -    c = 0200;
  20.205 -    SHA1Update(context, &c, 1);
  20.206 -    while ((context->count[0] & 504) != 448) {
  20.207 -	c = 0000;
  20.208 -        SHA1Update(context, &c, 1);
  20.209 -    }
  20.210 -    SHA1Update(context, finalcount, 8);  /* Should cause a SHA1Transform() */
  20.211 -    for (i = 0; i < 20; i++) {
  20.212 -        digest[i] = (unsigned char)
  20.213 -         ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
  20.214 -    }
  20.215 -    /* Wipe variables */
  20.216 -    memset(context, '\0', sizeof(*context));
  20.217 -    memset(&finalcount, '\0', sizeof(finalcount));
  20.218 -}
  20.219 -/* ================ end of sha1.c ================ */
  20.220 -
  20.221 -#define BUFSIZE 4096
  20.222 -
  20.223 -int
  20.224 -main(int argc, char **argv)
  20.225 -{
  20.226 -    SHA1_CTX ctx;
  20.227 -    unsigned char hash[20], buf[BUFSIZE];
  20.228 -    int i;
  20.229 -
  20.230 -    for(i=0;i<BUFSIZE;i++)
  20.231 -        buf[i] = i;
  20.232 -
  20.233 -    SHA1Init(&ctx);
  20.234 -    for(i=0;i<1000;i++)
  20.235 -        SHA1Update(&ctx, buf, BUFSIZE);
  20.236 -    SHA1Final(hash, &ctx);
  20.237 -
  20.238 -    printf("SHA1=");
  20.239 -    for(i=0;i<20;i++)
  20.240 -        printf("%02x", hash[i]);
  20.241 -    printf("\n");
  20.242 -    return 0;
  20.243 -}
  20.244 -
  20.245 -
    21.1 --- a/tools/ioemu/tests/test-i386-code16.S	Fri May 20 01:47:06 2005 +0000
    21.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    21.3 @@ -1,97 +0,0 @@
    21.4 -        .code16
    21.5 -        .globl code16_start
    21.6 -        .globl code16_end
    21.7 -
    21.8 -CS_SEG = 0xf
    21.9 -
   21.10 -code16_start:
   21.11 -
   21.12 -        .globl code16_func1
   21.13 -        
   21.14 -        /* basic test */
   21.15 -code16_func1 = . - code16_start
   21.16 -        mov $1, %eax
   21.17 -        data32 lret
   21.18 -
   21.19 -/* test push/pop in 16 bit mode */
   21.20 -        .globl code16_func2
   21.21 -code16_func2 = . - code16_start
   21.22 -        xor %eax, %eax
   21.23 -        mov $0x12345678, %ebx
   21.24 -        movl %esp, %ecx
   21.25 -        push %bx
   21.26 -        subl %esp, %ecx
   21.27 -        pop %ax
   21.28 -        data32 lret
   21.29 -
   21.30 -/* test various jmp opcodes */        
   21.31 -        .globl code16_func3
   21.32 -code16_func3 = . - code16_start
   21.33 -        jmp 1f
   21.34 -        nop
   21.35 -1:
   21.36 -        mov $4, %eax
   21.37 -        mov $0x12345678, %ebx
   21.38 -        xor %bx, %bx
   21.39 -        jz 2f
   21.40 -        add $2, %ax
   21.41 -2:
   21.42 -        
   21.43 -        call myfunc
   21.44 -        
   21.45 -        lcall $CS_SEG, $(myfunc2 - code16_start)
   21.46 -
   21.47 -        ljmp $CS_SEG, $(myjmp1 - code16_start)
   21.48 -myjmp1_next:
   21.49 -
   21.50 -        cs lcall myfunc2_addr - code16_start
   21.51 -
   21.52 -        cs ljmp myjmp2_addr - code16_start
   21.53 -myjmp2_next:
   21.54 -
   21.55 -        data32 lret
   21.56 -        
   21.57 -myfunc2_addr:
   21.58 -        .short myfunc2 - code16_start
   21.59 -        .short CS_SEG
   21.60 -
   21.61 -myjmp2_addr:
   21.62 -        .short myjmp2 - code16_start
   21.63 -        .short CS_SEG
   21.64 -
   21.65 -myjmp1:
   21.66 -        add $8, %ax
   21.67 -        jmp myjmp1_next
   21.68 -
   21.69 -myjmp2:
   21.70 -        add $16, %ax
   21.71 -        jmp myjmp2_next
   21.72 -
   21.73 -myfunc:
   21.74 -        add $1, %ax
   21.75 -        ret
   21.76 -
   21.77 -myfunc2:
   21.78 -        add $4, %ax
   21.79 -        lret
   21.80 -
   21.81 -
   21.82 -code16_end:
   21.83 -
   21.84 -
   21.85 -/* other 32 bits tests */
   21.86 -        .code32
   21.87 -
   21.88 -        .globl func_lret32
   21.89 -func_lret32:
   21.90 -        movl $0x87654321, %eax
   21.91 -        lret
   21.92 -
   21.93 -        .globl func_iret32
   21.94 -func_iret32:
   21.95 -        movl $0xabcd4321, %eax
   21.96 -        iret
   21.97 -
   21.98 -                
   21.99 -
  21.100 -        
  21.101 \ No newline at end of file
    22.1 --- a/tools/ioemu/tests/test-i386-muldiv.h	Fri May 20 01:47:06 2005 +0000
    22.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    22.3 @@ -1,56 +0,0 @@
    22.4 -
    22.5 -void glue(glue(test_, OP), b)(int op0, int op1) 
    22.6 -{
    22.7 -    int res, s1, s0, flags;
    22.8 -    s0 = op0;
    22.9 -    s1 = op1;
   22.10 -    res = s0;
   22.11 -    flags = 0;
   22.12 -    asm ("push %4\n\t"
   22.13 -         "popf\n\t"
   22.14 -         stringify(OP)"b %b2\n\t" 
   22.15 -         "pushf\n\t"
   22.16 -         "popl %1\n\t"
   22.17 -         : "=a" (res), "=g" (flags)
   22.18 -         : "q" (s1), "0" (res), "1" (flags));
   22.19 -    printf("%-10s A=%08x B=%08x R=%08x CC=%04x\n",
   22.20 -           stringify(OP) "b", s0, s1, res, flags & CC_MASK);
   22.21 -}
   22.22 -
   22.23 -void glue(glue(test_, OP), w)(int op0h, int op0, int op1) 
   22.24 -{
   22.25 -    int res, s1, flags, resh;
   22.26 -    s1 = op1;
   22.27 -    resh = op0h;
   22.28 -    res = op0;
   22.29 -    flags = 0;
   22.30 -    asm ("push %5\n\t"
   22.31 -         "popf\n\t"
   22.32 -         stringify(OP) "w %w3\n\t" 
   22.33 -         "pushf\n\t"
   22.34 -         "popl %1\n\t"
   22.35 -         : "=a" (res), "=g" (flags), "=d" (resh)
   22.36 -         : "q" (s1), "0" (res), "1" (flags), "2" (resh));
   22.37 -    printf("%-10s AH=%08x AL=%08x B=%08x RH=%08x RL=%08x CC=%04x\n",
   22.38 -           stringify(OP) "w", op0h, op0, s1, resh, res, flags & CC_MASK);
   22.39 -}
   22.40 -
   22.41 -void glue(glue(test_, OP), l)(int op0h, int op0, int op1) 
   22.42 -{
   22.43 -    int res, s1, flags, resh;
   22.44 -    s1 = op1;
   22.45 -    resh = op0h;
   22.46 -    res = op0;
   22.47 -    flags = 0;
   22.48 -    asm ("push %5\n\t"
   22.49 -         "popf\n\t"
   22.50 -         stringify(OP) "l %3\n\t" 
   22.51 -         "pushf\n\t"
   22.52 -         "popl %1\n\t"
   22.53 -         : "=a" (res), "=g" (flags), "=d" (resh)
   22.54 -         : "q" (s1), "0" (res), "1" (flags), "2" (resh));
   22.55 -    printf("%-10s AH=%08x AL=%08x B=%08x RH=%08x RL=%08x CC=%04x\n",
   22.56 -           stringify(OP) "l", op0h, op0, s1, resh, res, flags & CC_MASK);
   22.57 -}
   22.58 -
   22.59 -#undef OP
    23.1 --- a/tools/ioemu/tests/test-i386-shift.h	Fri May 20 01:47:06 2005 +0000
    23.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    23.3 @@ -1,143 +0,0 @@
    23.4 -
    23.5 -#define exec_op glue(exec_, OP)
    23.6 -#define exec_opl glue(glue(exec_, OP), l)
    23.7 -#define exec_opw glue(glue(exec_, OP), w)
    23.8 -#define exec_opb glue(glue(exec_, OP), b)
    23.9 -
   23.10 -#ifndef OP_SHIFTD
   23.11 -
   23.12 -#ifdef OP_NOBYTE
   23.13 -#define EXECSHIFT(size, res, s1, s2, flags) \
   23.14 -    asm ("push %4\n\t"\
   23.15 -         "popf\n\t"\
   23.16 -         stringify(OP) size " %" size "2, %" size "0\n\t" \
   23.17 -         "pushf\n\t"\
   23.18 -         "popl %1\n\t"\
   23.19 -         : "=g" (res), "=g" (flags)\
   23.20 -         : "r" (s1), "0" (res), "1" (flags));
   23.21 -#else
   23.22 -#define EXECSHIFT(size, res, s1, s2, flags) \
   23.23 -    asm ("push %4\n\t"\
   23.24 -         "popf\n\t"\
   23.25 -         stringify(OP) size " %%cl, %" size "0\n\t" \
   23.26 -         "pushf\n\t"\
   23.27 -         "popl %1\n\t"\
   23.28 -         : "=q" (res), "=g" (flags)\
   23.29 -         : "c" (s1), "0" (res), "1" (flags));
   23.30 -#endif
   23.31 -
   23.32 -void exec_opl(int s2, int s0, int s1, int iflags)
   23.33 -{
   23.34 -    int res, flags;
   23.35 -    res = s0;
   23.36 -    flags = iflags;
   23.37 -    EXECSHIFT("", res, s1, s2, flags);
   23.38 -    /* overflow is undefined if count != 1 */
   23.39 -    if (s1 != 1)
   23.40 -      flags &= ~CC_O;
   23.41 -    printf("%-10s A=%08x B=%08x R=%08x CCIN=%04x CC=%04x\n",
   23.42 -           stringify(OP) "l", s0, s1, res, iflags, flags & CC_MASK);
   23.43 -}
   23.44 -
   23.45 -void exec_opw(int s2, int s0, int s1, int iflags)
   23.46 -{
   23.47 -    int res, flags;
   23.48 -    res = s0;
   23.49 -    flags = iflags;
   23.50 -    EXECSHIFT("w", res, s1, s2, flags);
   23.51 -    /* overflow is undefined if count != 1 */
   23.52 -    if (s1 != 1)
   23.53 -      flags &= ~CC_O;
   23.54 -    printf("%-10s A=%08x B=%08x R=%08x CCIN=%04x CC=%04x\n",
   23.55 -           stringify(OP) "w", s0, s1, res, iflags, flags & CC_MASK);
   23.56 -}
   23.57 -
   23.58 -#else
   23.59 -#define EXECSHIFT(size, res, s1, s2, flags) \
   23.60 -    asm ("push %4\n\t"\
   23.61 -         "popf\n\t"\
   23.62 -         stringify(OP) size " %%cl, %" size "5, %" size "0\n\t" \
   23.63 -         "pushf\n\t"\
   23.64 -         "popl %1\n\t"\
   23.65 -         : "=g" (res), "=g" (flags)\
   23.66 -         : "c" (s1), "0" (res), "1" (flags), "r" (s2));
   23.67 -
   23.68 -void exec_opl(int s2, int s0, int s1, int iflags)
   23.69 -{
   23.70 -    int res, flags;
   23.71 -    res = s0;
   23.72 -    flags = iflags;
   23.73 -    EXECSHIFT("", res, s1, s2, flags);
   23.74 -    /* overflow is undefined if count != 1 */
   23.75 -    if (s1 != 1)
   23.76 -      flags &= ~CC_O;
   23.77 -    printf("%-10s A=%08x B=%08x C=%08x R=%08x CCIN=%04x CC=%04x\n",
   23.78 -           stringify(OP) "l", s0, s2, s1, res, iflags, flags & CC_MASK);
   23.79 -}
   23.80 -
   23.81 -void exec_opw(int s2, int s0, int s1, int iflags)
   23.82 -{
   23.83 -    int res, flags;
   23.84 -    res = s0;
   23.85 -    flags = iflags;
   23.86 -    EXECSHIFT("w", res, s1, s2, flags);
   23.87 -    /* overflow is undefined if count != 1 */
   23.88 -    if (s1 != 1)
   23.89 -      flags &= ~CC_O;
   23.90 -    printf("%-10s A=%08x B=%08x C=%08x R=%08x CCIN=%04x CC=%04x\n",
   23.91 -           stringify(OP) "w", s0, s2, s1, res, iflags, flags & CC_MASK);
   23.92 -}
   23.93 -
   23.94 -#endif
   23.95 -
   23.96 -#ifndef OP_NOBYTE
   23.97 -void exec_opb(int s0, int s1, int iflags)
   23.98 -{
   23.99 -    int res, flags;
  23.100 -    res = s0;
  23.101 -    flags = iflags;
  23.102 -    EXECSHIFT("b", res, s1, 0, flags);
  23.103 -    /* overflow is undefined if count != 1 */
  23.104 -    if (s1 != 1)
  23.105 -      flags &= ~CC_O;
  23.106 -    printf("%-10s A=%08x B=%08x R=%08x CCIN=%04x CC=%04x\n",
  23.107 -           stringify(OP) "b", s0, s1, res, iflags, flags & CC_MASK);
  23.108 -}
  23.109 -#endif
  23.110 -
  23.111 -void exec_op(int s2, int s0, int s1)
  23.112 -{
  23.113 -    exec_opl(s2, s0, s1, 0);
  23.114 -#ifdef OP_SHIFTD
  23.115 -    if (s1 <= 15)
  23.116 -        exec_opw(s2, s0, s1, 0);
  23.117 -#else
  23.118 -    exec_opw(s2, s0, s1, 0);
  23.119 -#endif
  23.120 -#ifndef OP_NOBYTE
  23.121 -    exec_opb(s0, s1, 0);
  23.122 -#endif
  23.123 -#ifdef OP_CC
  23.124 -    exec_opl(s2, s0, s1, CC_C);
  23.125 -    exec_opw(s2, s0, s1, CC_C);
  23.126 -    exec_opb(s0, s1, CC_C);
  23.127 -#endif
  23.128 -}
  23.129 -
  23.130 -void glue(test_, OP)(void)
  23.131 -{
  23.132 -    int i;
  23.133 -    for(i = 0; i < 32; i++)
  23.134 -        exec_op(0x21ad3d34, 0x12345678, i);
  23.135 -    for(i = 0; i < 32; i++)
  23.136 -        exec_op(0x813f3421, 0x82345678, i);
  23.137 -}
  23.138 -
  23.139 -void *glue(_test_, OP) __init_call = glue(test_, OP);
  23.140 -
  23.141 -#undef OP
  23.142 -#undef OP_CC
  23.143 -#undef OP_SHIFTD
  23.144 -#undef OP_NOBYTE
  23.145 -#undef EXECSHIFT
  23.146 -
    24.1 --- a/tools/ioemu/tests/test-i386-vm86.S	Fri May 20 01:47:06 2005 +0000
    24.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    24.3 @@ -1,104 +0,0 @@
    24.4 -        .code16
    24.5 -        .globl vm86_code_start
    24.6 -        .globl vm86_code_end
    24.7 -
    24.8 -#define GET_OFFSET(x) ((x) - vm86_code_start + 0x100)
    24.9 -
   24.10 -vm86_code_start:
   24.11 -        movw $GET_OFFSET(hello_world), %dx
   24.12 -        movb $0x09, %ah
   24.13 -        int $0x21
   24.14 -
   24.15 -        /* prepare int 0x90 vector */
   24.16 -        xorw %ax, %ax
   24.17 -        movw %ax, %es
   24.18 -        es movw $GET_OFFSET(int90_test), 0x90 * 4
   24.19 -        es movw %cs, 0x90 * 4 + 2
   24.20 -        
   24.21 -        /* launch int 0x90 */
   24.22 -
   24.23 -        int $0x90
   24.24 -
   24.25 -        /* test IF support */
   24.26 -        movw $GET_OFFSET(IF_msg), %dx
   24.27 -        movb $0x09, %ah
   24.28 -        int $0x21
   24.29 -
   24.30 -        pushf 
   24.31 -        popw %dx
   24.32 -        movb $0xff, %ah
   24.33 -        int $0x21
   24.34 -
   24.35 -        cli
   24.36 -        pushf 
   24.37 -        popw %dx
   24.38 -        movb $0xff, %ah
   24.39 -        int $0x21
   24.40 -
   24.41 -        sti        
   24.42 -        pushfl 
   24.43 -        popl %edx
   24.44 -        movb $0xff, %ah
   24.45 -        int $0x21
   24.46 -        
   24.47 -#if 0
   24.48 -        movw $GET_OFFSET(IF_msg1), %dx
   24.49 -        movb $0x09, %ah
   24.50 -        int $0x21
   24.51 -
   24.52 -        pushf
   24.53 -        movw %sp, %bx
   24.54 -        andw $~0x200, (%bx)
   24.55 -        popf
   24.56 -#else
   24.57 -        cli
   24.58 -#endif
   24.59 -
   24.60 -        pushf 
   24.61 -        popw %dx
   24.62 -        movb $0xff, %ah
   24.63 -        int $0x21
   24.64 -        
   24.65 -        pushfl
   24.66 -        movw %sp, %bx
   24.67 -        orw $0x200, (%bx)
   24.68 -        popfl
   24.69 -
   24.70 -        pushfl
   24.71 -        popl %edx
   24.72 -        movb $0xff, %ah
   24.73 -        int $0x21
   24.74 -
   24.75 -        movb $0x00, %ah
   24.76 -        int $0x21
   24.77 -
   24.78 -int90_test:
   24.79 -        pushf 
   24.80 -        pop %dx
   24.81 -        movb $0xff, %ah
   24.82 -        int $0x21
   24.83 -
   24.84 -        movw %sp, %bx
   24.85 -        movw 4(%bx), %dx
   24.86 -        movb $0xff, %ah
   24.87 -        int $0x21
   24.88 -        
   24.89 -        movw $GET_OFFSET(int90_msg), %dx
   24.90 -        movb $0x09, %ah
   24.91 -        int $0x21
   24.92 -        iret
   24.93 -                    
   24.94 -int90_msg:
   24.95 -        .string "INT90 started\n$"
   24.96 - 
   24.97 -hello_world:
   24.98 -        .string "Hello VM86 world\n$"
   24.99 -
  24.100 -IF_msg:
  24.101 -        .string "VM86 IF test\n$"
  24.102 -
  24.103 -IF_msg1:
  24.104 -        .string "If you see a diff here, your Linux kernel is buggy, please update to 2.4.20 kernel\n$"
  24.105 -
  24.106 -vm86_code_end:
  24.107 -        
  24.108 \ No newline at end of file
    25.1 --- a/tools/ioemu/tests/test-i386.c	Fri May 20 01:47:06 2005 +0000
    25.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    25.3 @@ -1,1706 +0,0 @@
    25.4 -/*
    25.5 - *  x86 CPU test
    25.6 - * 
    25.7 - *  Copyright (c) 2003 Fabrice Bellard
    25.8 - *
    25.9 - *  This program is free software; you can redistribute it and/or modify
   25.10 - *  it under the terms of the GNU General Public License as published by
   25.11 - *  the Free Software Foundation; either version 2 of the License, or
   25.12 - *  (at your option) any later version.
   25.13 - *
   25.14 - *  This program is distributed in the hope that it will be useful,
   25.15 - *  but WITHOUT ANY WARRANTY; without even the implied warranty of
   25.16 - *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   25.17 - *  GNU General Public License for more details.
   25.18 - *
   25.19 - *  You should have received a copy of the GNU General Public License
   25.20 - *  along with this program; if not, write to the Free Software
   25.21 - *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
   25.22 - */
   25.23 -#define _GNU_SOURCE
   25.24 -#include <stdlib.h>
   25.25 -#include <stdio.h>
   25.26 -#include <string.h>
   25.27 -#include <inttypes.h>
   25.28 -#include <math.h>
   25.29 -#include <signal.h>
   25.30 -#include <setjmp.h>
   25.31 -#include <errno.h>
   25.32 -#include <sys/ucontext.h>
   25.33 -#include <sys/mman.h>
   25.34 -#include <asm/vm86.h>
   25.35 -
   25.36 -#define TEST_CMOV  0
   25.37 -#define TEST_FCOMI 0
   25.38 -//#define LINUX_VM86_IOPL_FIX
   25.39 -//#define TEST_P4_FLAGS
   25.40 -
   25.41 -#define xglue(x, y) x ## y
   25.42 -#define glue(x, y) xglue(x, y)
   25.43 -#define stringify(s)	tostring(s)
   25.44 -#define tostring(s)	#s
   25.45 -
   25.46 -#define CC_C   	0x0001
   25.47 -#define CC_P 	0x0004
   25.48 -#define CC_A	0x0010
   25.49 -#define CC_Z	0x0040
   25.50 -#define CC_S    0x0080
   25.51 -#define CC_O    0x0800
   25.52 -
   25.53 -#define __init_call	__attribute__ ((unused,__section__ (".initcall.init")))
   25.54 -
   25.55 -static void *call_start __init_call = NULL;
   25.56 -
   25.57 -#define CC_MASK (CC_C | CC_P | CC_Z | CC_S | CC_O | CC_A)
   25.58 -
   25.59 -#define OP add
   25.60 -#include "test-i386.h"
   25.61 -
   25.62 -#define OP sub
   25.63 -#include "test-i386.h"
   25.64 -
   25.65 -#define OP xor
   25.66 -#include "test-i386.h"
   25.67 -
   25.68 -#define OP and
   25.69 -#include "test-i386.h"
   25.70 -
   25.71 -#define OP or
   25.72 -#include "test-i386.h"
   25.73 -
   25.74 -#define OP cmp
   25.75 -#include "test-i386.h"
   25.76 -
   25.77 -#define OP adc
   25.78 -#define OP_CC
   25.79 -#include "test-i386.h"
   25.80 -
   25.81 -#define OP sbb
   25.82 -#define OP_CC
   25.83 -#include "test-i386.h"
   25.84 -
   25.85 -#define OP inc
   25.86 -#define OP_CC
   25.87 -#define OP1
   25.88 -#include "test-i386.h"
   25.89 -
   25.90 -#define OP dec
   25.91 -#define OP_CC
   25.92 -#define OP1
   25.93 -#include "test-i386.h"
   25.94 -
   25.95 -#define OP neg
   25.96 -#define OP_CC
   25.97 -#define OP1
   25.98 -#include "test-i386.h"
   25.99 -
  25.100 -#define OP not
  25.101 -#define OP_CC
  25.102 -#define OP1
  25.103 -#include "test-i386.h"
  25.104 -
  25.105 -#undef CC_MASK
  25.106 -#define CC_MASK (CC_C | CC_P | CC_Z | CC_S | CC_O)
  25.107 -
  25.108 -#define OP shl
  25.109 -#include "test-i386-shift.h"
  25.110 -
  25.111 -#define OP shr
  25.112 -#include "test-i386-shift.h"
  25.113 -
  25.114 -#define OP sar
  25.115 -#include "test-i386-shift.h"
  25.116 -
  25.117 -#define OP rol
  25.118 -#include "test-i386-shift.h"
  25.119 -
  25.120 -#define OP ror
  25.121 -#include "test-i386-shift.h"
  25.122 -
  25.123 -#define OP rcr
  25.124 -#define OP_CC
  25.125 -#include "test-i386-shift.h"
  25.126 -
  25.127 -#define OP rcl
  25.128 -#define OP_CC
  25.129 -#include "test-i386-shift.h"
  25.130 -
  25.131 -#define OP shld
  25.132 -#define OP_SHIFTD
  25.133 -#define OP_NOBYTE
  25.134 -#include "test-i386-shift.h"
  25.135 -
  25.136 -#define OP shrd
  25.137 -#define OP_SHIFTD
  25.138 -#define OP_NOBYTE
  25.139 -#include "test-i386-shift.h"
  25.140 -
  25.141 -/* XXX: should be more precise ? */
  25.142 -#undef CC_MASK
  25.143 -#define CC_MASK (CC_C)
  25.144 -
  25.145 -#define OP bt
  25.146 -#define OP_NOBYTE
  25.147 -#include "test-i386-shift.h"
  25.148 -
  25.149 -#define OP bts
  25.150 -#define OP_NOBYTE
  25.151 -#include "test-i386-shift.h"
  25.152 -
  25.153 -#define OP btr
  25.154 -#define OP_NOBYTE
  25.155 -#include "test-i386-shift.h"
  25.156 -
  25.157 -#define OP btc
  25.158 -#define OP_NOBYTE
  25.159 -#include "test-i386-shift.h"
  25.160 -
  25.161 -/* lea test (modrm support) */
  25.162 -#define TEST_LEA(STR)\
  25.163 -{\
  25.164 -    asm("leal " STR ", %0"\
  25.165 -        : "=r" (res)\
  25.166 -        : "a" (eax), "b" (ebx), "c" (ecx), "d" (edx), "S" (esi), "D" (edi));\
  25.167 -    printf("lea %s = %08x\n", STR, res);\
  25.168 -}
  25.169 -
  25.170 -#define TEST_LEA16(STR)\
  25.171 -{\
  25.172 -    asm(".code16 ; .byte 0x67 ; leal " STR ", %0 ; .code32"\
  25.173 -        : "=wq" (res)\
  25.174 -        : "a" (eax), "b" (ebx), "c" (ecx), "d" (edx), "S" (esi), "D" (edi));\
  25.175 -    printf("lea %s = %08x\n", STR, res);\
  25.176 -}
  25.177 -
  25.178 -
  25.179 -void test_lea(void)
  25.180 -{
  25.181 -    int eax, ebx, ecx, edx, esi, edi, res;
  25.182 -    eax = 0x0001;
  25.183 -    ebx = 0x0002;
  25.184 -    ecx = 0x0004;
  25.185 -    edx = 0x0008;
  25.186 -    esi = 0x0010;
  25.187 -    edi = 0x0020;
  25.188 -
  25.189 -    TEST_LEA("0x4000");
  25.190 -
  25.191 -    TEST_LEA("(%%eax)");
  25.192 -    TEST_LEA("(%%ebx)");
  25.193 -    TEST_LEA("(%%ecx)");
  25.194 -    TEST_LEA("(%%edx)");
  25.195 -    TEST_LEA("(%%esi)");
  25.196 -    TEST_LEA("(%%edi)");
  25.197 -
  25.198 -    TEST_LEA("0x40(%%eax)");
  25.199 -    TEST_LEA("0x40(%%ebx)");
  25.200 -    TEST_LEA("0x40(%%ecx)");
  25.201 -    TEST_LEA("0x40(%%edx)");
  25.202 -    TEST_LEA("0x40(%%esi)");
  25.203 -    TEST_LEA("0x40(%%edi)");
  25.204 -
  25.205 -    TEST_LEA("0x4000(%%eax)");
  25.206 -    TEST_LEA("0x4000(%%ebx)");
  25.207 -    TEST_LEA("0x4000(%%ecx)");
  25.208 -    TEST_LEA("0x4000(%%edx)");
  25.209 -    TEST_LEA("0x4000(%%esi)");
  25.210 -    TEST_LEA("0x4000(%%edi)");
  25.211 -
  25.212 -    TEST_LEA("(%%eax, %%ecx)");
  25.213 -    TEST_LEA("(%%ebx, %%edx)");
  25.214 -    TEST_LEA("(%%ecx, %%ecx)");
  25.215 -    TEST_LEA("(%%edx, %%ecx)");
  25.216 -    TEST_LEA("(%%esi, %%ecx)");
  25.217 -    TEST_LEA("(%%edi, %%ecx)");
  25.218 -
  25.219 -    TEST_LEA("0x40(%%eax, %%ecx)");
  25.220 -    TEST_LEA("0x4000(%%ebx, %%edx)");
  25.221 -
  25.222 -    TEST_LEA("(%%ecx, %%ecx, 2)");
  25.223 -    TEST_LEA("(%%edx, %%ecx, 4)");
  25.224 -    TEST_LEA("(%%esi, %%ecx, 8)");
  25.225 -
  25.226 -    TEST_LEA("(,%%eax, 2)");
  25.227 -    TEST_LEA("(,%%ebx, 4)");
  25.228 -    TEST_LEA("(,%%ecx, 8)");
  25.229 -
  25.230 -    TEST_LEA("0x40(,%%eax, 2)");
  25.231 -    TEST_LEA("0x40(,%%ebx, 4)");
  25.232 -    TEST_LEA("0x40(,%%ecx, 8)");
  25.233 -
  25.234 -
  25.235 -    TEST_LEA("-10(%%ecx, %%ecx, 2)");
  25.236 -    TEST_LEA("-10(%%edx, %%ecx, 4)");
  25.237 -    TEST_LEA("-10(%%esi, %%ecx, 8)");
  25.238 -
  25.239 -    TEST_LEA("0x4000(%%ecx, %%ecx, 2)");
  25.240 -    TEST_LEA("0x4000(%%edx, %%ecx, 4)");
  25.241 -    TEST_LEA("0x4000(%%esi, %%ecx, 8)");
  25.242 -
  25.243 -    /* limited 16 bit addressing test */
  25.244 -    TEST_LEA16("0x4000");
  25.245 -    TEST_LEA16("(%%bx)");
  25.246 -    TEST_LEA16("(%%si)");
  25.247 -    TEST_LEA16("(%%di)");
  25.248 -    TEST_LEA16("0x40(%%bx)");
  25.249 -    TEST_LEA16("0x40(%%si)");
  25.250 -    TEST_LEA16("0x40(%%di)");
  25.251 -    TEST_LEA16("0x4000(%%bx)");
  25.252 -    TEST_LEA16("0x4000(%%si)");
  25.253 -    TEST_LEA16("(%%bx,%%si)");
  25.254 -    TEST_LEA16("(%%bx,%%di)");
  25.255 -    TEST_LEA16("0x40(%%bx,%%si)");
  25.256 -    TEST_LEA16("0x40(%%bx,%%di)");
  25.257 -    TEST_LEA16("0x4000(%%bx,%%si)");
  25.258 -    TEST_LEA16("0x4000(%%bx,%%di)");
  25.259 -}
  25.260 -
  25.261 -#define TEST_JCC(JCC, v1, v2)\
  25.262 -{\
  25.263 -    int res;\
  25.264 -    asm("movl $1, %0\n\t"\
  25.265 -        "cmpl %2, %1\n\t"\
  25.266 -        "j" JCC " 1f\n\t"\
  25.267 -        "movl $0, %0\n\t"\
  25.268 -        "1:\n\t"\
  25.269 -        : "=r" (res)\
  25.270 -        : "r" (v1), "r" (v2));\
  25.271 -    printf("%-10s %d\n", "j" JCC, res);\
  25.272 -\
  25.273 -    asm("movl $0, %0\n\t"\
  25.274 -        "cmpl %2, %1\n\t"\
  25.275 -        "set" JCC " %b0\n\t"\
  25.276 -        : "=r" (res)\
  25.277 -        : "r" (v1), "r" (v2));\
  25.278 -    printf("%-10s %d\n", "set" JCC, res);\
  25.279 - if (TEST_CMOV) {\
  25.280 -    asm("movl $0x12345678, %0\n\t"\
  25.281 -        "cmpl %2, %1\n\t"\
  25.282 -        "cmov" JCC "l %3, %0\n\t"\
  25.283 -        : "=r" (res)\
  25.284 -        : "r" (v1), "r" (v2), "m" (1));\
  25.285 -        printf("%-10s R=0x%08x\n", "cmov" JCC "l", res);\
  25.286 -    asm("movl $0x12345678, %0\n\t"\
  25.287 -        "cmpl %2, %1\n\t"\
  25.288 -        "cmov" JCC "w %w3, %w0\n\t"\
  25.289 -        : "=r" (res)\
  25.290 -        : "r" (v1), "r" (v2), "r" (1));\
  25.291 -        printf("%-10s R=0x%08x\n", "cmov" JCC "w", res);\
  25.292 - } \
  25.293 -}
  25.294 -
  25.295 -/* various jump tests */
  25.296 -void test_jcc(void)
  25.297 -{
  25.298 -    TEST_JCC("ne", 1, 1);
  25.299 -    TEST_JCC("ne", 1, 0);
  25.300 -
  25.301 -    TEST_JCC("e", 1, 1);
  25.302 -    TEST_JCC("e", 1, 0);
  25.303 -
  25.304 -    TEST_JCC("l", 1, 1);
  25.305 -    TEST_JCC("l", 1, 0);
  25.306 -    TEST_JCC("l", 1, -1);
  25.307 -
  25.308 -    TEST_JCC("le", 1, 1);
  25.309 -    TEST_JCC("le", 1, 0);
  25.310 -    TEST_JCC("le", 1, -1);
  25.311 -
  25.312 -    TEST_JCC("ge", 1, 1);
  25.313 -    TEST_JCC("ge", 1, 0);
  25.314 -    TEST_JCC("ge", -1, 1);
  25.315 -
  25.316 -    TEST_JCC("g", 1, 1);
  25.317 -    TEST_JCC("g", 1, 0);
  25.318 -    TEST_JCC("g", 1, -1);
  25.319 -
  25.320 -    TEST_JCC("b", 1, 1);
  25.321 -    TEST_JCC("b", 1, 0);
  25.322 -    TEST_JCC("b", 1, -1);
  25.323 -
  25.324 -    TEST_JCC("be", 1, 1);
  25.325 -    TEST_JCC("be", 1, 0);
  25.326 -    TEST_JCC("be", 1, -1);
  25.327 -
  25.328 -    TEST_JCC("ae", 1, 1);
  25.329 -    TEST_JCC("ae", 1, 0);
  25.330 -    TEST_JCC("ae", 1, -1);
  25.331 -
  25.332 -    TEST_JCC("a", 1, 1);
  25.333 -    TEST_JCC("a", 1, 0);
  25.334 -    TEST_JCC("a", 1, -1);
  25.335 -
  25.336 -
  25.337 -    TEST_JCC("p", 1, 1);
  25.338 -    TEST_JCC("p", 1, 0);
  25.339 -
  25.340 -    TEST_JCC("np", 1, 1);
  25.341 -    TEST_JCC("np", 1, 0);
  25.342 -
  25.343 -    TEST_JCC("o", 0x7fffffff, 0);
  25.344 -    TEST_JCC("o", 0x7fffffff, -1);
  25.345 -
  25.346 -    TEST_JCC("no", 0x7fffffff, 0);
  25.347 -    TEST_JCC("no", 0x7fffffff, -1);
  25.348 -
  25.349 -    TEST_JCC("s", 0, 1);
  25.350 -    TEST_JCC("s", 0, -1);
  25.351 -    TEST_JCC("s", 0, 0);
  25.352 -
  25.353 -    TEST_JCC("ns", 0, 1);
  25.354 -    TEST_JCC("ns", 0, -1);
  25.355 -    TEST_JCC("ns", 0, 0);
  25.356 -}
  25.357 -
  25.358 -#undef CC_MASK
  25.359 -#ifdef TEST_P4_FLAGS
  25.360 -#define CC_MASK (CC_C | CC_P | CC_Z | CC_S | CC_O | CC_A)
  25.361 -#else
  25.362 -#define CC_MASK (CC_O | CC_C)
  25.363 -#endif
  25.364 -
  25.365 -#define OP mul
  25.366 -#include "test-i386-muldiv.h"
  25.367 -
  25.368 -#define OP imul
  25.369 -#include "test-i386-muldiv.h"
  25.370 -
  25.371 -void test_imulw2(int op0, int op1) 
  25.372 -{
  25.373 -    int res, s1, s0, flags;
  25.374 -    s0 = op0;
  25.375 -    s1 = op1;
  25.376 -    res = s0;
  25.377 -    flags = 0;
  25.378 -    asm ("push %4\n\t"
  25.379 -         "popf\n\t"
  25.380 -         "imulw %w2, %w0\n\t" 
  25.381 -         "pushf\n\t"
  25.382 -         "popl %1\n\t"
  25.383 -         : "=q" (res), "=g" (flags)
  25.384 -         : "q" (s1), "0" (res), "1" (flags));
  25.385 -    printf("%-10s A=%08x B=%08x R=%08x CC=%04x\n",
  25.386 -           "imulw", s0, s1, res, flags & CC_MASK);
  25.387 -}
  25.388 -
  25.389 -void test_imull2(int op0, int op1) 
  25.390 -{
  25.391 -    int res, s1, s0, flags;
  25.392 -    s0 = op0;
  25.393 -    s1 = op1;
  25.394 -    res = s0;
  25.395 -    flags = 0;
  25.396 -    asm ("push %4\n\t"
  25.397 -         "popf\n\t"
  25.398 -         "imull %2, %0\n\t" 
  25.399 -         "pushf\n\t"
  25.400 -         "popl %1\n\t"
  25.401 -         : "=q" (res), "=g" (flags)
  25.402 -         : "q" (s1), "0" (res), "1" (flags));
  25.403 -    printf("%-10s A=%08x B=%08x R=%08x CC=%04x\n",
  25.404 -           "imull", s0, s1, res, flags & CC_MASK);
  25.405 -}
  25.406 -
  25.407 -#define TEST_IMUL_IM(size, size1, op0, op1)\
  25.408 -{\
  25.409 -    int res, flags;\
  25.410 -    flags = 0;\
  25.411 -    res = 0;\
  25.412 -    asm ("push %3\n\t"\
  25.413 -         "popf\n\t"\
  25.414 -         "imul" size " $" #op0 ", %" size1 "2, %" size1 "0\n\t" \
  25.415 -         "pushf\n\t"\
  25.416 -         "popl %1\n\t"\
  25.417 -         : "=r" (res), "=g" (flags)\
  25.418 -         : "r" (op1), "1" (flags), "0" (res));\
  25.419 -    printf("%-10s A=%08x B=%08x R=%08x CC=%04x\n",\
  25.420 -           "imul" size, op0, op1, res, flags & CC_MASK);\
  25.421 -}
  25.422 -
  25.423 -
  25.424 -#undef CC_MASK
  25.425 -#define CC_MASK (0)
  25.426 -
  25.427 -#define OP div
  25.428 -#include "test-i386-muldiv.h"
  25.429 -
  25.430 -#define OP idiv
  25.431 -#include "test-i386-muldiv.h"
  25.432 -
  25.433 -void test_mul(void)
  25.434 -{
  25.435 -    test_imulb(0x1234561d, 4);
  25.436 -    test_imulb(3, -4);
  25.437 -    test_imulb(0x80, 0x80);
  25.438 -    test_imulb(0x10, 0x10);
  25.439 -
  25.440 -    test_imulw(0, 0x1234001d, 45);
  25.441 -    test_imulw(0, 23, -45);
  25.442 -    test_imulw(0, 0x8000, 0x8000);
  25.443 -    test_imulw(0, 0x100, 0x100);
  25.444 -
  25.445 -    test_imull(0, 0x1234001d, 45);
  25.446 -    test_imull(0, 23, -45);
  25.447 -    test_imull(0, 0x80000000, 0x80000000);
  25.448 -    test_imull(0, 0x10000, 0x10000);
  25.449 -
  25.450 -    test_mulb(0x1234561d, 4);
  25.451 -    test_mulb(3, -4);
  25.452 -    test_mulb(0x80, 0x80);
  25.453 -    test_mulb(0x10, 0x10);
  25.454 -
  25.455 -    test_mulw(0, 0x1234001d, 45);
  25.456 -    test_mulw(0, 23, -45);
  25.457 -    test_mulw(0, 0x8000, 0x8000);
  25.458 -    test_mulw(0, 0x100, 0x100);
  25.459 -
  25.460 -    test_mull(0, 0x1234001d, 45);
  25.461 -    test_mull(0, 23, -45);
  25.462 -    test_mull(0, 0x80000000, 0x80000000);
  25.463 -    test_mull(0, 0x10000, 0x10000);
  25.464 -
  25.465 -    test_imulw2(0x1234001d, 45);
  25.466 -    test_imulw2(23, -45);
  25.467 -    test_imulw2(0x8000, 0x8000);
  25.468 -    test_imulw2(0x100, 0x100);
  25.469 -
  25.470 -    test_imull2(0x1234001d, 45);
  25.471 -    test_imull2(23, -45);
  25.472 -    test_imull2(0x80000000, 0x80000000);
  25.473 -    test_imull2(0x10000, 0x10000);
  25.474 -
  25.475 -    TEST_IMUL_IM("w", "w", 45, 0x1234);
  25.476 -    TEST_IMUL_IM("w", "w", -45, 23);
  25.477 -    TEST_IMUL_IM("w", "w", 0x8000, 0x80000000);
  25.478 -    TEST_IMUL_IM("w", "w", 0x7fff, 0x1000);
  25.479 -
  25.480 -    TEST_IMUL_IM("l", "", 45, 0x1234);
  25.481 -    TEST_IMUL_IM("l", "", -45, 23);
  25.482 -    TEST_IMUL_IM("l", "", 0x8000, 0x80000000);
  25.483 -    TEST_IMUL_IM("l", "", 0x7fff, 0x1000);
  25.484 -
  25.485 -    test_idivb(0x12341678, 0x127e);
  25.486 -    test_idivb(0x43210123, -5);
  25.487 -    test_idivb(0x12340004, -1);
  25.488 -
  25.489 -    test_idivw(0, 0x12345678, 12347);
  25.490 -    test_idivw(0, -23223, -45);
  25.491 -    test_idivw(0, 0x12348000, -1);
  25.492 -    test_idivw(0x12343, 0x12345678, 0x81238567);
  25.493 -
  25.494 -    test_idivl(0, 0x12345678, 12347);
  25.495 -    test_idivl(0, -233223, -45);
  25.496 -    test_idivl(0, 0x80000000, -1);
  25.497 -    test_idivl(0x12343, 0x12345678, 0x81234567);
  25.498 -
  25.499 -    test_divb(0x12341678, 0x127e);
  25.500 -    test_divb(0x43210123, -5);
  25.501 -    test_divb(0x12340004, -1);
  25.502 -
  25.503 -    test_divw(0, 0x12345678, 12347);
  25.504 -    test_divw(0, -23223, -45);
  25.505 -    test_divw(0, 0x12348000, -1);
  25.506 -    test_divw(0x12343, 0x12345678, 0x81238567);
  25.507 -
  25.508 -    test_divl(0, 0x12345678, 12347);
  25.509 -    test_divl(0, -233223, -45);
  25.510 -    test_divl(0, 0x80000000, -1);
  25.511 -    test_divl(0x12343, 0x12345678, 0x81234567);
  25.512 -}
  25.513 -
  25.514 -#define TEST_BSX(op, size, op0)\
  25.515 -{\
  25.516 -    int res, val, resz;\
  25.517 -    val = op0;\
  25.518 -    asm("xorl %1, %1\n"\
  25.519 -        "movl $0x12345678, %0\n"\
  25.520 -        #op " %" size "2, %" size "0 ; setz %b1" \
  25.521 -        : "=r" (res), "=q" (resz)\
  25.522 -        : "g" (val));\
  25.523 -    printf("%-10s A=%08x R=%08x %d\n", #op, val, res, resz);\
  25.524 -}
  25.525 -
  25.526 -void test_bsx(void)
  25.527 -{
  25.528 -    TEST_BSX(bsrw, "w", 0);
  25.529 -    TEST_BSX(bsrw, "w", 0x12340128);
  25.530 -    TEST_BSX(bsrl, "", 0);
  25.531 -    TEST_BSX(bsrl, "", 0x00340128);
  25.532 -    TEST_BSX(bsfw, "w", 0);
  25.533 -    TEST_BSX(bsfw, "w", 0x12340128);
  25.534 -    TEST_BSX(bsfl, "", 0);
  25.535 -    TEST_BSX(bsfl, "", 0x00340128);
  25.536 -}
  25.537 -
  25.538 -/**********************************************/
  25.539 -
  25.540 -void test_fops(double a, double b)
  25.541 -{
  25.542 -    printf("a=%f b=%f a+b=%f\n", a, b, a + b);
  25.543 -    printf("a=%f b=%f a-b=%f\n", a, b, a - b);
  25.544 -    printf("a=%f b=%f a*b=%f\n", a, b, a * b);
  25.545 -    printf("a=%f b=%f a/b=%f\n", a, b, a / b);
  25.546 -    printf("a=%f b=%f fmod(a, b)=%f\n", a, b, fmod(a, b));
  25.547 -    printf("a=%f sqrt(a)=%f\n", a, sqrt(a));
  25.548 -    printf("a=%f sin(a)=%f\n", a, sin(a));
  25.549 -    printf("a=%f cos(a)=%f\n", a, cos(a));
  25.550 -    printf("a=%f tan(a)=%f\n", a, tan(a));
  25.551 -    printf("a=%f log(a)=%f\n", a, log(a));
  25.552 -    printf("a=%f exp(a)=%f\n", a, exp(a));
  25.553 -    printf("a=%f b=%f atan2(a, b)=%f\n", a, b, atan2(a, b));
  25.554 -    /* just to test some op combining */
  25.555 -    printf("a=%f asin(sin(a))=%f\n", a, asin(sin(a)));
  25.556 -    printf("a=%f acos(cos(a))=%f\n", a, acos(cos(a)));
  25.557 -    printf("a=%f atan(tan(a))=%f\n", a, atan(tan(a)));
  25.558 -
  25.559 -}
  25.560 -
  25.561 -void test_fcmp(double a, double b)
  25.562 -{
  25.563 -    printf("(%f<%f)=%d\n",
  25.564 -           a, b, a < b);
  25.565 -    printf("(%f<=%f)=%d\n",
  25.566 -           a, b, a <= b);
  25.567 -    printf("(%f==%f)=%d\n",
  25.568 -           a, b, a == b);
  25.569 -    printf("(%f>%f)=%d\n",
  25.570 -           a, b, a > b);
  25.571 -    printf("(%f<=%f)=%d\n",
  25.572 -           a, b, a >= b);
  25.573 -    if (TEST_FCOMI) {
  25.574 -        unsigned int eflags;
  25.575 -        /* test f(u)comi instruction */
  25.576 -        asm("fcomi %2, %1\n"
  25.577 -            "pushf\n"
  25.578 -            "pop %0\n"
  25.579 -            : "=r" (eflags)
  25.580 -            : "t" (a), "u" (b));
  25.581 -        printf("fcomi(%f %f)=%08x\n", a, b, eflags & (CC_Z | CC_P | CC_C));
  25.582 -    }
  25.583 -}
  25.584 -
  25.585 -void test_fcvt(double a)
  25.586 -{
  25.587 -    float fa;
  25.588 -    long double la;
  25.589 -    int16_t fpuc;
  25.590 -    int i;
  25.591 -    int64_t lla;
  25.592 -    int ia;
  25.593 -    int16_t wa;
  25.594 -    double ra;
  25.595 -
  25.596 -    fa = a;
  25.597 -    la = a;
  25.598 -    printf("(float)%f = %f\n", a, fa);
  25.599 -    printf("(long double)%f = %Lf\n", a, la);
  25.600 -    printf("a=%016Lx\n", *(long long *)&a);
  25.601 -    printf("la=%016Lx %04x\n", *(long long *)&la, 
  25.602 -           *(unsigned short *)((char *)(&la) + 8));
  25.603 -
  25.604 -    /* test all roundings */
  25.605 -    asm volatile ("fstcw %0" : "=m" (fpuc));
  25.606 -    for(i=0;i<4;i++) {
  25.607 -        asm volatile ("fldcw %0" : : "m" ((fpuc & ~0x0c00) | (i << 10)));
  25.608 -        asm volatile ("fist %0" : "=m" (wa) : "t" (a));
  25.609 -        asm volatile ("fistl %0" : "=m" (ia) : "t" (a));
  25.610 -        asm volatile ("fistpll %0" : "=m" (lla) : "t" (a) : "st");
  25.611 -        asm volatile ("frndint ; fstl %0" : "=m" (ra) : "t" (a));
  25.612 -        asm volatile ("fldcw %0" : : "m" (fpuc));
  25.613 -        printf("(short)a = %d\n", wa);
  25.614 -        printf("(int)a = %d\n", ia);
  25.615 -        printf("(int64_t)a = %Ld\n", lla);
  25.616 -        printf("rint(a) = %f\n", ra);
  25.617 -    }
  25.618 -}
  25.619 -
  25.620 -#define TEST(N) \
  25.621 -    asm("fld" #N : "=t" (a)); \
  25.622 -    printf("fld" #N "= %f\n", a);
  25.623 -
  25.624 -void test_fconst(void)
  25.625 -{
  25.626 -    double a;
  25.627 -    TEST(1);
  25.628 -    TEST(l2t);
  25.629 -    TEST(l2e);
  25.630 -    TEST(pi);
  25.631 -    TEST(lg2);
  25.632 -    TEST(ln2);
  25.633 -    TEST(z);
  25.634 -}
  25.635 -
  25.636 -void test_fbcd(double a)
  25.637 -{
  25.638 -    unsigned short bcd[5];
  25.639 -    double b;
  25.640 -
  25.641 -    asm("fbstp %0" : "=m" (bcd[0]) : "t" (a) : "st");
  25.642 -    asm("fbld %1" : "=t" (b) : "m" (bcd[0]));
  25.643 -    printf("a=%f bcd=%04x%04x%04x%04x%04x b=%f\n", 
  25.644 -           a, bcd[4], bcd[3], bcd[2], bcd[1], bcd[0], b);
  25.645 -}
  25.646 -
  25.647 -#define TEST_ENV(env, save, restore)\
  25.648 -{\
  25.649 -    memset((env), 0xaa, sizeof(*(env)));\
  25.650 -    for(i=0;i<5;i++)\
  25.651 -        asm volatile ("fldl %0" : : "m" (dtab[i]));\
  25.652 -    asm(save " %0\n" : : "m" (*(env)));\
  25.653 -    asm(restore " %0\n": : "m" (*(env)));\
  25.654 -    for(i=0;i<5;i++)\
  25.655 -        asm volatile ("fstpl %0" : "=m" (rtab[i]));\
  25.656 -    for(i=0;i<5;i++)\
  25.657 -        printf("res[%d]=%f\n", i, rtab[i]);\
  25.658 -    printf("fpuc=%04x fpus=%04x fptag=%04x\n",\
  25.659 -           (env)->fpuc,\
  25.660 -           (env)->fpus & 0xff00,\
  25.661 -           (env)->fptag);\
  25.662 -}
  25.663 -
  25.664 -void test_fenv(void)
  25.665 -{
  25.666 -    struct __attribute__((packed)) {
  25.667 -        uint16_t fpuc;
  25.668 -        uint16_t dummy1;
  25.669 -        uint16_t fpus;
  25.670 -        uint16_t dummy2;
  25.671 -        uint16_t fptag;
  25.672 -        uint16_t dummy3;
  25.673 -        uint32_t ignored[4];
  25.674 -        long double fpregs[8];
  25.675 -    } float_env32;
  25.676 -    struct __attribute__((packed)) {
  25.677 -        uint16_t fpuc;
  25.678 -        uint16_t fpus;
  25.679 -        uint16_t fptag;
  25.680 -        uint16_t ignored[4];
  25.681 -        long double fpregs[8];
  25.682 -    } float_env16;
  25.683 -    double dtab[8];
  25.684 -    double rtab[8];
  25.685 -    int i;
  25.686 -
  25.687 -    for(i=0;i<8;i++)
  25.688 -        dtab[i] = i + 1;
  25.689 -
  25.690 -    TEST_ENV(&float_env16, "data16 fnstenv", "data16 fldenv");
  25.691 -    TEST_ENV(&float_env16, "data16 fnsave", "data16 frstor");
  25.692 -    TEST_ENV(&float_env32, "fnstenv", "fldenv");
  25.693 -    TEST_ENV(&float_env32, "fnsave", "frstor");
  25.694 -
  25.695 -    /* test for ffree */
  25.696 -    for(i=0;i<5;i++)
  25.697 -        asm volatile ("fldl %0" : : "m" (dtab[i]));
  25.698 -    asm volatile("ffree %st(2)");
  25.699 -    asm volatile ("fnstenv %0\n" : : "m" (float_env32));
  25.700 -    asm volatile ("fninit");
  25.701 -    printf("fptag=%04x\n", float_env32.fptag);
  25.702 -}
  25.703 -
  25.704 -
  25.705 -#define TEST_FCMOV(a, b, eflags, CC)\
  25.706 -{\
  25.707 -    double res;\
  25.708 -    asm("push %3\n"\
  25.709 -        "popf\n"\
  25.710 -        "fcmov" CC " %2, %0\n"\
  25.711 -        : "=t" (res)\
  25.712 -        : "0" (a), "u" (b), "g" (eflags));\
  25.713 -    printf("fcmov%s eflags=0x%04x-> %f\n", \
  25.714 -           CC, eflags, res);\
  25.715 -}
  25.716 -
  25.717 -void test_fcmov(void)
  25.718 -{
  25.719 -    double a, b;
  25.720 -    int eflags, i;
  25.721 -
  25.722 -    a = 1.0;
  25.723 -    b = 2.0;
  25.724 -    for(i = 0; i < 4; i++) {
  25.725 -        eflags = 0;
  25.726 -        if (i & 1)
  25.727 -            eflags |= CC_C;
  25.728 -        if (i & 2)
  25.729 -            eflags |= CC_Z;
  25.730 -        TEST_FCMOV(a, b, eflags, "b");
  25.731 -        TEST_FCMOV(a, b, eflags, "e");
  25.732 -        TEST_FCMOV(a, b, eflags, "be");
  25.733 -        TEST_FCMOV(a, b, eflags, "nb");
  25.734 -        TEST_FCMOV(a, b, eflags, "ne");
  25.735 -        TEST_FCMOV(a, b, eflags, "nbe");
  25.736 -    }
  25.737 -    TEST_FCMOV(a, b, 0, "u");
  25.738 -    TEST_FCMOV(a, b, CC_P, "u");
  25.739 -    TEST_FCMOV(a, b, 0, "nu");
  25.740 -    TEST_FCMOV(a, b, CC_P, "nu");
  25.741 -}
  25.742 -
  25.743 -void test_floats(void)
  25.744 -{
  25.745 -    test_fops(2, 3);
  25.746 -    test_fops(1.4, -5);
  25.747 -    test_fcmp(2, -1);
  25.748 -    test_fcmp(2, 2);
  25.749 -    test_fcmp(2, 3);
  25.750 -    test_fcvt(0.5);
  25.751 -    test_fcvt(-0.5);
  25.752 -    test_fcvt(1.0/7.0);
  25.753 -    test_fcvt(-1.0/9.0);
  25.754 -    test_fcvt(32768);
  25.755 -    test_fcvt(-1e20);
  25.756 -    test_fconst();
  25.757 -    test_fbcd(1234567890123456);
  25.758 -    test_fbcd(-123451234567890);
  25.759 -    test_fenv();
  25.760 -    if (TEST_CMOV) {
  25.761 -        test_fcmov();
  25.762 -    }
  25.763 -}
  25.764 -
  25.765 -/**********************************************/
  25.766 -
  25.767 -#define TEST_BCD(op, op0, cc_in, cc_mask)\
  25.768 -{\
  25.769 -    int res, flags;\
  25.770 -    res = op0;\
  25.771 -    flags = cc_in;\
  25.772 -    asm ("push %3\n\t"\
  25.773 -         "popf\n\t"\
  25.774 -         #op "\n\t"\
  25.775 -         "pushf\n\t"\
  25.776 -         "popl %1\n\t"\
  25.777 -        : "=a" (res), "=g" (flags)\
  25.778 -        : "0" (res), "1" (flags));\
  25.779 -    printf("%-10s A=%08x R=%08x CCIN=%04x CC=%04x\n",\
  25.780 -           #op, op0, res, cc_in, flags & cc_mask);\
  25.781 -}
  25.782 -
  25.783 -void test_bcd(void)
  25.784 -{
  25.785 -    TEST_BCD(daa, 0x12340503, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.786 -    TEST_BCD(daa, 0x12340506, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.787 -    TEST_BCD(daa, 0x12340507, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.788 -    TEST_BCD(daa, 0x12340559, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.789 -    TEST_BCD(daa, 0x12340560, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.790 -    TEST_BCD(daa, 0x1234059f, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.791 -    TEST_BCD(daa, 0x123405a0, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.792 -    TEST_BCD(daa, 0x12340503, 0, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.793 -    TEST_BCD(daa, 0x12340506, 0, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.794 -    TEST_BCD(daa, 0x12340503, CC_C, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.795 -    TEST_BCD(daa, 0x12340506, CC_C, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.796 -    TEST_BCD(daa, 0x12340503, CC_C | CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.797 -    TEST_BCD(daa, 0x12340506, CC_C | CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.798 -
  25.799 -    TEST_BCD(das, 0x12340503, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.800 -    TEST_BCD(das, 0x12340506, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.801 -    TEST_BCD(das, 0x12340507, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.802 -    TEST_BCD(das, 0x12340559, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.803 -    TEST_BCD(das, 0x12340560, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.804 -    TEST_BCD(das, 0x1234059f, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.805 -    TEST_BCD(das, 0x123405a0, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.806 -    TEST_BCD(das, 0x12340503, 0, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.807 -    TEST_BCD(das, 0x12340506, 0, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.808 -    TEST_BCD(das, 0x12340503, CC_C, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.809 -    TEST_BCD(das, 0x12340506, CC_C, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.810 -    TEST_BCD(das, 0x12340503, CC_C | CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.811 -    TEST_BCD(das, 0x12340506, CC_C | CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_A));
  25.812 -
  25.813 -    TEST_BCD(aaa, 0x12340205, CC_A, (CC_C | CC_A));
  25.814 -    TEST_BCD(aaa, 0x12340306, CC_A, (CC_C | CC_A));
  25.815 -    TEST_BCD(aaa, 0x1234040a, CC_A, (CC_C | CC_A));
  25.816 -    TEST_BCD(aaa, 0x123405fa, CC_A, (CC_C | CC_A));
  25.817 -    TEST_BCD(aaa, 0x12340205, 0, (CC_C | CC_A));
  25.818 -    TEST_BCD(aaa, 0x12340306, 0, (CC_C | CC_A));
  25.819 -    TEST_BCD(aaa, 0x1234040a, 0, (CC_C | CC_A));
  25.820 -    TEST_BCD(aaa, 0x123405fa, 0, (CC_C | CC_A));
  25.821 -    
  25.822 -    TEST_BCD(aas, 0x12340205, CC_A, (CC_C | CC_A));
  25.823 -    TEST_BCD(aas, 0x12340306, CC_A, (CC_C | CC_A));
  25.824 -    TEST_BCD(aas, 0x1234040a, CC_A, (CC_C | CC_A));
  25.825 -    TEST_BCD(aas, 0x123405fa, CC_A, (CC_C | CC_A));
  25.826 -    TEST_BCD(aas, 0x12340205, 0, (CC_C | CC_A));
  25.827 -    TEST_BCD(aas, 0x12340306, 0, (CC_C | CC_A));
  25.828 -    TEST_BCD(aas, 0x1234040a, 0, (CC_C | CC_A));
  25.829 -    TEST_BCD(aas, 0x123405fa, 0, (CC_C | CC_A));
  25.830 -
  25.831 -    TEST_BCD(aam, 0x12340547, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_O | CC_A));
  25.832 -    TEST_BCD(aad, 0x12340407, CC_A, (CC_C | CC_P | CC_Z | CC_S | CC_O | CC_A));
  25.833 -}
  25.834 -
  25.835 -#define TEST_XCHG(op, size, opconst)\
  25.836 -{\
  25.837 -    int op0, op1;\
  25.838 -    op0 = 0x12345678;\
  25.839 -    op1 = 0xfbca7654;\
  25.840 -    asm(#op " %" size "0, %" size "1" \
  25.841 -        : "=q" (op0), opconst (op1) \
  25.842 -        : "0" (op0), "1" (op1));\
  25.843 -    printf("%-10s A=%08x B=%08x\n",\
  25.844 -           #op, op0, op1);\
  25.845 -}
  25.846 -
  25.847 -#define TEST_CMPXCHG(op, size, opconst, eax)\
  25.848 -{\
  25.849 -    int op0, op1;\
  25.850 -    op0 = 0x12345678;\
  25.851 -    op1 = 0xfbca7654;\
  25.852 -    asm(#op " %" size "0, %" size "1" \
  25.853 -        : "=q" (op0), opconst (op1) \
  25.854 -        : "0" (op0), "1" (op1), "a" (eax));\
  25.855 -    printf("%-10s EAX=%08x A=%08x C=%08x\n",\
  25.856 -           #op, eax, op0, op1);\
  25.857 -}
  25.858 -
  25.859 -void test_xchg(void)
  25.860 -{
  25.861 -    TEST_XCHG(xchgl, "", "=q");
  25.862 -    TEST_XCHG(xchgw, "w", "=q");
  25.863 -    TEST_XCHG(xchgb, "b", "=q");
  25.864 -
  25.865 -    TEST_XCHG(xchgl, "", "=m");
  25.866 -    TEST_XCHG(xchgw, "w", "=m");
  25.867 -    TEST_XCHG(xchgb, "b", "=m");
  25.868 -
  25.869 -    TEST_XCHG(xaddl, "", "=q");
  25.870 -    TEST_XCHG(xaddw, "w", "=q");
  25.871 -    TEST_XCHG(xaddb, "b", "=q");
  25.872 -
  25.873 -    {
  25.874 -        int res;
  25.875 -        res = 0x12345678;
  25.876 -        asm("xaddl %1, %0" : "=r" (res) : "0" (res));
  25.877 -        printf("xaddl same res=%08x\n", res);
  25.878 -    }
  25.879 -
  25.880 -    TEST_XCHG(xaddl, "", "=m");
  25.881 -    TEST_XCHG(xaddw, "w", "=m");
  25.882 -    TEST_XCHG(xaddb, "b", "=m");
  25.883 -
  25.884 -    TEST_CMPXCHG(cmpxchgl, "", "=q", 0xfbca7654);
  25.885 -    TEST_CMPXCHG(cmpxchgw, "w", "=q", 0xfbca7654);
  25.886 -    TEST_CMPXCHG(cmpxchgb, "b", "=q", 0xfbca7654);
  25.887 -
  25.888 -    TEST_CMPXCHG(cmpxchgl, "", "=q", 0xfffefdfc);
  25.889 -    TEST_CMPXCHG(cmpxchgw, "w", "=q", 0xfffefdfc);
  25.890 -    TEST_CMPXCHG(cmpxchgb, "b", "=q", 0xfffefdfc);
  25.891 -
  25.892 -    TEST_CMPXCHG(cmpxchgl, "", "=m", 0xfbca7654);
  25.893 -    TEST_CMPXCHG(cmpxchgw, "w", "=m", 0xfbca7654);
  25.894 -    TEST_CMPXCHG(cmpxchgb, "b", "=m", 0xfbca7654);
  25.895 -
  25.896 -    TEST_CMPXCHG(cmpxchgl, "", "=m", 0xfffefdfc);
  25.897 -    TEST_CMPXCHG(cmpxchgw, "w", "=m", 0xfffefdfc);
  25.898 -    TEST_CMPXCHG(cmpxchgb, "b", "=m", 0xfffefdfc);
  25.899 -
  25.900 -    {
  25.901 -        uint64_t op0, op1, op2;
  25.902 -        int i, eflags;
  25.903 -
  25.904 -        for(i = 0; i < 2; i++) {
  25.905 -            op0 = 0x123456789abcd;
  25.906 -            if (i == 0)
  25.907 -                op1 = 0xfbca765423456;
  25.908 -            else
  25.909 -                op1 = op0;
  25.910 -            op2 = 0x6532432432434;
  25.911 -            asm("cmpxchg8b %1\n" 
  25.912 -                "pushf\n"
  25.913 -                "popl %2\n"
  25.914 -                : "=A" (op0), "=m" (op1), "=g" (eflags)
  25.915 -                : "0" (op0), "m" (op1), "b" ((int)op2), "c" ((int)(op2 >> 32)));
  25.916 -            printf("cmpxchg8b: op0=%016llx op1=%016llx CC=%02x\n", 
  25.917 -                    op0, op1, eflags & CC_Z);
  25.918 -        }
  25.919 -    }
  25.920 -}
  25.921 -
  25.922 -/**********************************************/
  25.923 -/* segmentation tests */
  25.924 -
  25.925 -#include <asm/ldt.h>
  25.926 -#include <linux/unistd.h>
  25.927 -#include <linux/version.h>
  25.928 -
  25.929 -_syscall3(int, modify_ldt, int, func, void *, ptr, unsigned long, bytecount)
  25.930 -
  25.931 -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 66)
  25.932 -#define modify_ldt_ldt_s user_desc
  25.933 -#endif
  25.934 -
  25.935 -uint8_t seg_data1[4096];
  25.936 -uint8_t seg_data2[4096];
  25.937 -
  25.938 -#define MK_SEL(n) (((n) << 3) | 7)
  25.939 -
  25.940 -#define TEST_LR(op, size, seg, mask)\
  25.941 -{\
  25.942 -    int res, res2;\
  25.943 -    res = 0x12345678;\
  25.944 -    asm (op " %" size "2, %" size "0\n" \
  25.945 -         "movl $0, %1\n"\
  25.946 -         "jnz 1f\n"\
  25.947 -         "movl $1, %1\n"\
  25.948 -         "1:\n"\
  25.949 -         : "=r" (res), "=r" (res2) : "m" (seg), "0" (res));\
  25.950 -    printf(op ": Z=%d %08x\n", res2, res & ~(mask));\
  25.951 -}
  25.952 -
  25.953 -/* NOTE: we use Linux modify_ldt syscall */
  25.954 -void test_segs(void)
  25.955 -{
  25.956 -    struct modify_ldt_ldt_s ldt;
  25.957 -    long long ldt_table[3];
  25.958 -    int res, res2;
  25.959 -    char tmp;
  25.960 -    struct {
  25.961 -        uint32_t offset;
  25.962 -        uint16_t seg;
  25.963 -    } __attribute__((packed)) segoff;
  25.964 -
  25.965 -    ldt.entry_number = 1;
  25.966 -    ldt.base_addr = (unsigned long)&seg_data1;
  25.967 -    ldt.limit = (sizeof(seg_data1) + 0xfff) >> 12;
  25.968 -    ldt.seg_32bit = 1;
  25.969 -    ldt.contents = MODIFY_LDT_CONTENTS_DATA;
  25.970 -    ldt.read_exec_only = 0;
  25.971 -    ldt.limit_in_pages = 1;
  25.972 -    ldt.seg_not_present = 0;
  25.973 -    ldt.useable = 1;
  25.974 -    modify_ldt(1, &ldt, sizeof(ldt)); /* write ldt entry */
  25.975 -
  25.976 -    ldt.entry_number = 2;
  25.977 -    ldt.base_addr = (unsigned long)&seg_data2;
  25.978 -    ldt.limit = (sizeof(seg_data2) + 0xfff) >> 12;
  25.979 -    ldt.seg_32bit = 1;
  25.980 -    ldt.contents = MODIFY_LDT_CONTENTS_DATA;
  25.981 -    ldt.read_exec_only = 0;
  25.982 -    ldt.limit_in_pages = 1;
  25.983 -    ldt.seg_not_present = 0;
  25.984 -    ldt.useable = 1;
  25.985 -    modify_ldt(1, &ldt, sizeof(ldt)); /* write ldt entry */
  25.986 -
  25.987 -    modify_ldt(0, &ldt_table, sizeof(ldt_table)); /* read ldt entries */
  25.988 -#if 0
  25.989 -    {
  25.990 -        int i;
  25.991 -        for(i=0;i<3;i++)
  25.992 -            printf("%d: %016Lx\n", i, ldt_table[i]);
  25.993 -    }
  25.994 -#endif
  25.995 -    /* do some tests with fs or gs */
  25.996 -    asm volatile ("movl %0, %%fs" : : "r" (MK_SEL(1)));
  25.997 -
  25.998 -    seg_data1[1] = 0xaa;
  25.999 -    seg_data2[1] = 0x55;
 25.1000 -
 25.1001 -    asm volatile ("fs movzbl 0x1, %0" : "=r" (res));
 25.1002 -    printf("FS[1] = %02x\n", res);
 25.1003 -
 25.1004 -    asm volatile ("pushl %%gs\n"
 25.1005 -                  "movl %1, %%gs\n"
 25.1006 -                  "gs movzbl 0x1, %0\n"
 25.1007 -                  "popl %%gs\n"
 25.1008 -                  : "=r" (res)
 25.1009 -                  : "r" (MK_SEL(2)));
 25.1010 -    printf("GS[1] = %02x\n", res);
 25.1011 -
 25.1012 -    /* tests with ds/ss (implicit segment case) */
 25.1013 -    tmp = 0xa5;
 25.1014 -    asm volatile ("pushl %%ebp\n\t"
 25.1015 -                  "pushl %%ds\n\t"
 25.1016 -                  "movl %2, %%ds\n\t"
 25.1017 -                  "movl %3, %%ebp\n\t"
 25.1018 -                  "movzbl 0x1, %0\n\t"
 25.1019 -                  "movzbl (%%ebp), %1\n\t"
 25.1020 -                  "popl %%ds\n\t"
 25.1021 -                  "popl %%ebp\n\t"
 25.1022 -                  : "=r" (res), "=r" (res2)
 25.1023 -                  : "r" (MK_SEL(1)), "r" (&tmp));
 25.1024 -    printf("DS[1] = %02x\n", res);
 25.1025 -    printf("SS[tmp] = %02x\n", res2);
 25.1026 -
 25.1027 -    segoff.seg = MK_SEL(2);
 25.1028 -    segoff.offset = 0xabcdef12;
 25.1029 -    asm volatile("lfs %2, %0\n\t" 
 25.1030 -                 "movl %%fs, %1\n\t"
 25.1031 -                 : "=r" (res), "=g" (res2) 
 25.1032 -                 : "m" (segoff));
 25.1033 -    printf("FS:reg = %04x:%08x\n", res2, res);
 25.1034 -
 25.1035 -    TEST_LR("larw", "w", MK_SEL(2), 0x0100);
 25.1036 -    TEST_LR("larl", "", MK_SEL(2), 0x0100);
 25.1037 -    TEST_LR("lslw", "w", MK_SEL(2), 0);
 25.1038 -    TEST_LR("lsll", "", MK_SEL(2), 0);
 25.1039 -
 25.1040 -    TEST_LR("larw", "w", 0xfff8, 0);
 25.1041 -    TEST_LR("larl", "", 0xfff8, 0);
 25.1042 -    TEST_LR("lslw", "w", 0xfff8, 0);
 25.1043 -    TEST_LR("lsll", "", 0xfff8, 0);
 25.1044 -}
 25.1045 -
 25.1046 -/* 16 bit code test */
 25.1047 -extern char code16_start, code16_end;
 25.1048 -extern char code16_func1;
 25.1049 -extern char code16_func2;
 25.1050 -extern char code16_func3;
 25.1051 -
 25.1052 -void test_code16(void)
 25.1053 -{
 25.1054 -    struct modify_ldt_ldt_s ldt;
 25.1055 -    int res, res2;
 25.1056 -
 25.1057 -    /* build a code segment */
 25.1058 -    ldt.entry_number = 1;
 25.1059 -    ldt.base_addr = (unsigned long)&code16_start;
 25.1060 -    ldt.limit = &code16_end - &code16_start;
 25.1061 -    ldt.seg_32bit = 0;
 25.1062 -    ldt.contents = MODIFY_LDT_CONTENTS_CODE;
 25.1063 -    ldt.read_exec_only = 0;
 25.1064 -    ldt.limit_in_pages = 0;
 25.1065 -    ldt.seg_not_present = 0;
 25.1066 -    ldt.useable = 1;
 25.1067 -    modify_ldt(1, &ldt, sizeof(ldt)); /* write ldt entry */
 25.1068 -
 25.1069 -    /* call the first function */
 25.1070 -    asm volatile ("lcall %1, %2" 
 25.1071 -                  : "=a" (res)
 25.1072 -                  : "i" (MK_SEL(1)), "i" (&code16_func1): "memory", "cc");
 25.1073 -    printf("func1() = 0x%08x\n", res);
 25.1074 -    asm volatile ("lcall %2, %3" 
 25.1075 -                  : "=a" (res), "=c" (res2)
 25.1076 -                  : "i" (MK_SEL(1)), "i" (&code16_func2): "memory", "cc");
 25.1077 -    printf("func2() = 0x%08x spdec=%d\n", res, res2);
 25.1078 -    asm volatile ("lcall %1, %2" 
 25.1079 -                  : "=a" (res)
 25.1080 -                  : "i" (MK_SEL(1)), "i" (&code16_func3): "memory", "cc");
 25.1081 -    printf("func3() = 0x%08x\n", res);
 25.1082 -}
 25.1083 -
 25.1084 -extern char func_lret32;
 25.1085 -extern char func_iret32;
 25.1086 -
 25.1087 -void test_misc(void)
 25.1088 -{
 25.1089 -    char table[256];
 25.1090 -    int res, i;
 25.1091 -
 25.1092 -    for(i=0;i<256;i++) table[i] = 256 - i;
 25.1093 -    res = 0x12345678;
 25.1094 -    asm ("xlat" : "=a" (res) : "b" (table), "0" (res));
 25.1095 -    printf("xlat: EAX=%08x\n", res);
 25.1096 -
 25.1097 -    asm volatile ("pushl %%cs ; call %1" 
 25.1098 -                  : "=a" (res)
 25.1099 -                  : "m" (func_lret32): "memory", "cc");
 25.1100 -    printf("func_lret32=%x\n", res);
 25.1101 -
 25.1102 -    asm volatile ("pushfl ; pushl %%cs ; call %1" 
 25.1103 -                  : "=a" (res)
 25.1104 -                  : "m" (func_iret32): "memory", "cc");
 25.1105 -    printf("func_iret32=%x\n", res);
 25.1106 -
 25.1107 -    /* specific popl test */
 25.1108 -    asm volatile ("pushl $12345432 ; pushl $0x9abcdef ; popl (%%esp) ; popl %0"
 25.1109 -                  : "=g" (res));
 25.1110 -    printf("popl esp=%x\n", res);
 25.1111 -
 25.1112 -    /* specific popw test */
 25.1113 -    asm volatile ("pushl $12345432 ; pushl $0x9abcdef ; popw (%%esp) ; addl $2, %%esp ; popl %0"
 25.1114 -                  : "=g" (res));
 25.1115 -    printf("popw esp=%x\n", res);
 25.1116 -}
 25.1117 -
 25.1118 -uint8_t str_buffer[4096];
 25.1119 -
 25.1120 -#define TEST_STRING1(OP, size, DF, REP)\
 25.1121 -{\
 25.1122 -    int esi, edi, eax, ecx, eflags;\
 25.1123 -\
 25.1124 -    esi = (long)(str_buffer + sizeof(str_buffer) / 2);\
 25.1125 -    edi = (long)(str_buffer + sizeof(str_buffer) / 2) + 16;\
 25.1126 -    eax = 0x12345678;\
 25.1127 -    ecx = 17;\
 25.1128 -\
 25.1129 -    asm volatile ("pushl $0\n\t"\
 25.1130 -                  "popf\n\t"\
 25.1131 -                  DF "\n\t"\
 25.1132 -                  REP #OP size "\n\t"\
 25.1133 -                  "cld\n\t"\
 25.1134 -                  "pushf\n\t"\
 25.1135 -                  "popl %4\n\t"\
 25.1136 -                  : "=S" (esi), "=D" (edi), "=a" (eax), "=c" (ecx), "=g" (eflags)\
 25.1137 -                  : "0" (esi), "1" (edi), "2" (eax), "3" (ecx));\
 25.1138 -    printf("%-10s ESI=%08x EDI=%08x EAX=%08x ECX=%08x EFL=%04x\n",\
 25.1139 -           REP #OP size, esi, edi, eax, ecx,\
 25.1140 -           eflags & (CC_C | CC_P | CC_Z | CC_S | CC_O | CC_A));\
 25.1141 -}
 25.1142 -
 25.1143 -#define TEST_STRING(OP, REP)\
 25.1144 -    TEST_STRING1(OP, "b", "", REP);\
 25.1145 -    TEST_STRING1(OP, "w", "", REP);\
 25.1146 -    TEST_STRING1(OP, "l", "", REP);\
 25.1147 -    TEST_STRING1(OP, "b", "std", REP);\
 25.1148 -    TEST_STRING1(OP, "w", "std", REP);\
 25.1149 -    TEST_STRING1(OP, "l", "std", REP)
 25.1150 -
 25.1151 -void test_string(void)
 25.1152 -{
 25.1153 -    int i;
 25.1154 -    for(i = 0;i < sizeof(str_buffer); i++)
 25.1155 -        str_buffer[i] = i + 0x56;
 25.1156 -   TEST_STRING(stos, "");
 25.1157 -   TEST_STRING(stos, "rep ");
 25.1158 -   TEST_STRING(lods, ""); /* to verify stos */
 25.1159 -   TEST_STRING(lods, "rep "); 
 25.1160 -   TEST_STRING(movs, "");
 25.1161 -   TEST_STRING(movs, "rep ");
 25.1162 -   TEST_STRING(lods, ""); /* to verify stos */
 25.1163 -
 25.1164 -   /* XXX: better tests */
 25.1165 -   TEST_STRING(scas, "");
 25.1166 -   TEST_STRING(scas, "repz ");
 25.1167 -   TEST_STRING(scas, "repnz ");
 25.1168 -   TEST_STRING(cmps, "");
 25.1169 -   TEST_STRING(cmps, "repz ");
 25.1170 -   TEST_STRING(cmps, "repnz ");
 25.1171 -}
 25.1172 -
 25.1173 -/* VM86 test */
 25.1174 -
 25.1175 -static inline void set_bit(uint8_t *a, unsigned int bit)
 25.1176 -{
 25.1177 -    a[bit / 8] |= (1 << (bit % 8));
 25.1178 -}
 25.1179 -
 25.1180 -static inline uint8_t *seg_to_linear(unsigned int seg, unsigned int reg)
 25.1181 -{
 25.1182 -    return (uint8_t *)((seg << 4) + (reg & 0xffff));
 25.1183 -}
 25.1184 -
 25.1185 -static inline void pushw(struct vm86_regs *r, int val)
 25.1186 -{
 25.1187 -    r->esp = (r->esp & ~0xffff) | ((r->esp - 2) & 0xffff);
 25.1188 -    *(uint16_t *)seg_to_linear(r->ss, r->esp) = val;
 25.1189 -}
 25.1190 -
 25.1191 -#undef __syscall_return
 25.1192 -#define __syscall_return(type, res) \
 25.1193 -do { \
 25.1194 -	return (type) (res); \
 25.1195 -} while (0)
 25.1196 -
 25.1197 -_syscall2(int, vm86, int, func, struct vm86plus_struct *, v86)
 25.1198 -
 25.1199 -extern char vm86_code_start;
 25.1200 -extern char vm86_code_end;
 25.1201 -
 25.1202 -#define VM86_CODE_CS 0x100
 25.1203 -#define VM86_CODE_IP 0x100
 25.1204 -
 25.1205 -void test_vm86(void)
 25.1206 -{
 25.1207 -    struct vm86plus_struct ctx;
 25.1208 -    struct vm86_regs *r;
 25.1209 -    uint8_t *vm86_mem;
 25.1210 -    int seg, ret;
 25.1211 -