QEMU is an x86 processor emulator. Its purpose is to run x86 Linux
processes on non-x86 Linux architectures such as PowerPC or ARM. By
using dynamic translation it achieves a reasonnable speed while being
-easy to port on new host CPUs. An obviously interesting x86 only process
-is 'wine' (Windows emulation).
+easy to port on new host CPUs. Its main goal is to be able to launch the
+@code{Wine} Windows API emulator (@url{http://www.winehq.org}) on
+non-x86 CPUs.
QEMU features:
@item User space only x86 emulator.
-@item Currently ported on i386 and PowerPC.
+@item Currently ported on i386, PowerPC and S390.
-@item Using dynamic translation for reasonnable speed.
+@item Using dynamic translation to native code for reasonnable speed.
@item The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation.
-User space LDT and GDT are emulated.
+User space LDT and GDT are emulated. VM86 mode is also supported
+(experimental).
@item Generic Linux system call converter, including most ioctls.
@item No support for self modifying code (yet). [Very few programs need that, a notable exception is QEMU itself !].
-@item No VM86 mode (yet), althought the virtual
-CPU has support for most of it. [VM86 support is useful to launch old 16
-bit DOS programs with dosemu or wine].
-
@item No SSE/MMX support (yet).
@item No x86-64 support.
@chapter Invocation
+@section Quick Start
+
In order to launch a Linux process, QEMU needs the process executable
-itself and all the target (x86) dynamic libraries used by it. Currently,
-QEMU is not distributed with the necessary packages so that you can test
-it easily on non x86 CPUs.
+itself and all the target (x86) dynamic libraries used by it.
-However, the statically x86 binary 'tests/hello' can be used to do a
-first test:
+@itemize
+
+@item On x86, you can just try to launch any process by using the native
+libraries:
@example
-qemu tests/hello
+qemu -L / /bin/ls
@end example
-@code{Hello world} should be printed on the terminal.
+@code{-L /} tells that the x86 dynamic linker must be searched with a
+@file{/} prefix.
-If you are testing it on a x86 CPU, then you can test it on any process:
-@example
-qemu /bin/ls -l
+@item On non x86 CPUs, you need first to download at least an x86 glibc
+(@file{qemu-i386-glibc21.tar.gz} on the QEMU web page). Ensure that
+@code{LD_LIBRARY_PATH} is not set:
+
+@example
+unset LD_LIBRARY_PATH
+@end example
+
+Then you can launch the precompiled @file{ls} x86 executable:
+
+@example
+qemu /usr/local/qemu-i386/bin/ls-i386
+@end example
+You can look at @file{/usr/local/qemu-i386/bin/qemu-conf.sh} so that
+QEMU is automatically launched by the Linux kernel when you try to
+launch x86 executables. It requires the @code{binfmt_misc} module in the
+Linux kernel.
+
+@end itemize
+
+@section Wine launch (Currently only tested when emulating x86 on x86)
+
+@itemize
+
+@item Ensure that you have a working QEMU with the x86 glibc
+distribution (see previous section). In order to verify it, you must be
+able to do:
+
+@example
+qemu /usr/local/qemu-i386/bin/ls-i386
@end example
+@item Download the binary x86 Wine install
+(@file{qemu-i386-wine.tar.gz} on the QEMU web page).
+
+@item Configure Wine on your account. Look at the provided script
+@file{/usr/local/qemu-i386/bin/wine-conf.sh}. Your previous
+@code{$@{HOME@}/.wine} directory is saved to @code{$@{HOME@}/.wine.org}.
+
+@item Then you can try the example @file{putty.exe}:
+
+@example
+qemu /usr/local/qemu-i386/wine/bin/wine /usr/local/qemu-i386/wine/c/Program\ Files/putty.exe
+@end example
+
+@end itemize
+
+@section Command line options
+
+@example
+usage: qemu [-h] [-d] [-L path] [-s size] program [arguments...]
+@end example
+
+@table @samp
+@item -h
+Print the help
+@item -d
+Activate log (logfile=/tmp/qemu.log)
+@item -L path
+Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386)
+@item -s size
+Set the x86 stack size in bytes (default=524288)
+@end table
+
@chapter QEMU Internals
@section QEMU compared to other emulators
host and used a proprietary and slow interpreter (the interpreter part
of the FX!32 Digital Win32 code translator [5]).
+TWIN [6] is a Windows API emulator like Wine. It is less accurate than
+Wine but includes a protected mode x86 interpreter to launch x86 Windows
+executables. Such an approach as greater potential because most of the
+Windows API is executed natively but it is far more difficult to develop
+because all the data structures and function parameters exchanged
+between the API and the x86 code must be converted.
+
@section Portable dynamic translation
QEMU is a dynamic translator. When it first encounters a piece of code,
Good CPU condition codes emulation (@code{EFLAGS} register on x86) is a
critical point to get good performances. QEMU uses lazy condition code
evaluation: instead of computing the condition codes after each x86
-instruction, it store justs one operand (called @code{CC_CRC}), the
+instruction, it just stores one operand (called @code{CC_SRC}), the
result (called @code{CC_DST}) and the type of operation (called
@code{CC_OP}).
the condition codes are not needed by the next instructions, no
condition codes are computed at all.
-@section Translation CPU state optimisations
+@section CPU state optimisations
The x86 CPU has many internal states which change the way it evaluates
instructions. In order to achieve a good speed, the translation phase
DIGITAL FX!32: Running 32-Bit x86 Applications on Alpha NT, by Anton
Chernoff and Ray Hookway.
+@item [6]
+@url{http://www.willows.com/}, Windows API library emulation from
+Willows Software.
+
@end table
@chapter Regression Tests
because it mostly tests the ability of the virtual CPU to optimize the
@code{rol} x86 instruction and the condition code computations.
+@section @file{runcom}
+
+A very simple MSDOS emulator to test the Linux vm86() system call
+emulation. The excellent 54 byte @file{pi_10.com} PI number calculator
+can be launched with it. @file{pi_10.com} was written by Bertram
+Felgenhauer (more information at @url{http://www.boo.net/~jasonp/pipage.html}).
projects / qemu / blobdiff