FRET-qemu/qemu-tech.texi

@node Implementation notes
@appendix Implementation notes

@menu
* CPU emulation::
* Managed start up options::
@end menu

@node CPU emulation
@section CPU emulation

@menu
* x86::     x86 and x86-64 emulation
* ARM::     ARM emulation
* MIPS::    MIPS emulation
* PPC::     PowerPC emulation
* SPARC::   Sparc32 and Sparc64 emulation
* Xtensa::  Xtensa emulation
@end menu

@node x86
@subsection x86 and x86-64 emulation

QEMU x86 target features:

@itemize

@item The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation.
LDT/GDT and IDT are emulated. VM86 mode is also supported to run
DOSEMU. There is some support for MMX/3DNow!, SSE, SSE2, SSE3, SSSE3,
and SSE4 as well as x86-64 SVM.

@item Support of host page sizes bigger than 4KB in user mode emulation.

@item QEMU can emulate itself on x86.

@item An extensive Linux x86 CPU test program is included @file{tests/test-i386}.
It can be used to test other x86 virtual CPUs.

@end itemize

Current QEMU limitations:

@itemize

@item Limited x86-64 support.

@item IPC syscalls are missing.

@item The x86 segment limits and access rights are not tested at every
memory access (yet). Hopefully, very few OSes seem to rely on that for
normal use.

@end itemize

@node ARM
@subsection ARM emulation

@itemize

@item Full ARM 7 user emulation.

@item NWFPE FPU support included in user Linux emulation.

@item Can run most ARM Linux binaries.

@end itemize

@node MIPS
@subsection MIPS emulation

@itemize

@item The system emulation allows full MIPS32/MIPS64 Release 2 emulation,
including privileged instructions, FPU and MMU, in both little and big
endian modes.

@item The Linux userland emulation can run many 32 bit MIPS Linux binaries.

@end itemize

Current QEMU limitations:

@itemize

@item Self-modifying code is not always handled correctly.

@item 64 bit userland emulation is not implemented.

@item The system emulation is not complete enough to run real firmware.

@item The watchpoint debug facility is not implemented.

@end itemize

@node PPC
@subsection PowerPC emulation

@itemize

@item Full PowerPC 32 bit emulation, including privileged instructions,
FPU and MMU.

@item Can run most PowerPC Linux binaries.

@end itemize

@node SPARC
@subsection Sparc32 and Sparc64 emulation

@itemize

@item Full SPARC V8 emulation, including privileged
instructions, FPU and MMU. SPARC V9 emulation includes most privileged
and VIS instructions, FPU and I/D MMU. Alignment is fully enforced.

@item Can run most 32-bit SPARC Linux binaries, SPARC32PLUS Linux binaries and
some 64-bit SPARC Linux binaries.

@end itemize

Current QEMU limitations:

@itemize

@item IPC syscalls are missing.

@item Floating point exception support is buggy.

@item Atomic instructions are not correctly implemented.

@item There are still some problems with Sparc64 emulators.

@end itemize

@node Xtensa
@subsection Xtensa emulation

@itemize

@item Core Xtensa ISA emulation, including most options: code density,
loop, extended L32R, 16- and 32-bit multiplication, 32-bit division,
MAC16, miscellaneous operations, boolean, FP coprocessor, coprocessor
context, debug, multiprocessor synchronization,
conditional store, exceptions, relocatable vectors, unaligned exception,
interrupts (including high priority and timer), hardware alignment,
region protection, region translation, MMU, windowed registers, thread
pointer, processor ID.

@item Not implemented options: data/instruction cache (including cache
prefetch and locking), XLMI, processor interface. Also options not
covered by the core ISA (e.g. FLIX, wide branches) are not implemented.

@item Can run most Xtensa Linux binaries.

@item New core configuration that requires no additional instructions
may be created from overlay with minimal amount of hand-written code.

@end itemize

@node Managed start up options
@section Managed start up options

In system mode emulation, it's possible to create a VM in a paused state using
the -S command line option. In this state the machine is completely initialized
according to command line options and ready to execute VM code but VCPU threads
are not executing any code. The VM state in this paused state depends on the way
QEMU was started. It could be in:
@table @asis
@item initial state (after reset/power on state)
@item with direct kernel loading, the initial state could be amended to execute
code loaded by QEMU in the VM's RAM and with incoming migration
@item with incoming migration, initial state will by amended with the migrated
machine state after migration completes.
@end table

This paused state is typically used by users to query machine state and/or
additionally configure the machine (by hotplugging devices) in runtime before
allowing VM code to run.

However, at the -S pause point, it's impossible to configure options that affect
initial VM creation (like: -smp/-m/-numa ...) or cold plug devices. The
experimental --preconfig command line option  allows pausing QEMU
before the initial VM creation, in a ``preconfig'' state, where additional
queries and configuration can be performed via QMP before moving on to
the resulting configuration startup. In the preconfig state, QEMU only allows
a limited set of commands over the QMP monitor, where the commands do not
depend on an initialized machine, including but not limited to:
@table @asis
@item qmp_capabilities
@item query-qmp-schema
@item query-commands
@item query-status
@item x-exit-preconfig
@end table