[Qemu-devel] QEMU Users Forum Error and various QEMU usage for Hardware/Software co-simulation and design.

[Pablo Salinas]

Hello qemu-developers,

                              I know this is probably not the right place for these questions, but I have been having a hard time getting feedback on any of the other forums and mailing lists. Starting with the fact that in the last couple of days I haven't been able to access the QEMU Users Forum. Whenever I click on the http://qemu-forum.ipi.fi/ link, I get the following error page:

General Error

SQL ERROR [ mysql4 ]

Lost connection to MySQL server during query [2013]

An sql error occurred while fetching this page. Please contact an administrator if this problem persists.


So, who should I contact? It says an administrator, but it doesn't provide an e-mail address.


Anyway, going to my developing questions... let me provide with some background first:

(This was already sent in a previous e-mail that got zero responses :-(    )
I am starting my Master's Thesis related to the field of Hardware/Software co-simulation design.

Currently, we have a System-Level-Design-Language called SpecC, similar to SystemC, that can be used for both: Simulating a system and generating the proper embedded software and RTL information (for future synthesis). Simulation is performed in different levels starting from the purely abstract Functional level, going down to the RTL/IIS level.

The embedded software generation is done by using the gnu gcc compiler collection. And the the IIS simulation has done so far by interfacing to the SWARM ISS.

So, I had started looking at QEMU source code looking for the best way to integrate our Simulator and QEMU. The main idea is the following:
Create a SpecC behaviour that wraps the QEMU CPU emulation and the CPU interfaces with the rest of the modeled hardware (in SpecC). Therefore, the "wrapper" should detect the QEMU Core bus and data accesses so that it can transmit them to the other SpecC behaviors. Besides, and this is the part that I am less sure about, it should monitor and/or signal cpu/external interrupts.

Finally, it should advance the simulation clock according to the QEMU Core behavior (cache misses, memory accesses, interrupts, etc).

So, with all the above being said, here are some of my questions that I was hoping some of you could give me some insight:

1) Per my understandind, I have three different options for interfacing with QEMU:
         a) Change the vl.c code (and probably other source files) in qemu.
         b) Use the qemu monitor (Although I believe it doesn't provide the level of details that I would be needing, right?)
         c) Use some sort of qemu PCI or HBA interface (Again, I believe this wouldn't achieve all the functionalities that I require)

Any recommendations regarding the best strategy on integrating both environments?


2) How do I manage to make CodeSourcery map the bare-metal program to the correct memory region?
I get a segmentation fault whenever I run qemu-arm [hello_world]

And here are the details on my CodeSourcer Lite cross-compiler:

$ arm-none-eabi-gcc -v
Using built-in specs.
Target: arm-none-eabi
Configured with: /scratch/maxim/arm-lite/src-4.3-arm-none-eabi-lite/gcc-4.3/configure --build=i686-pc-linux-gnu --host=i686-pc-linux-gnu --target=arm-none-eabi --enable-threads --disable-libmudflap --disable-libssp --disable-libstdcxx-pch --with-gnu-as --with-gnu-ld --enable-languages=c,c++ --disable-shared --with-newlib --with-pkgversion='Sourcery G++ Lite 2009q1-161' --with-bugurl=support.codesourcery.com/GNUToolchain --disable-nls --prefix=/opt/codesourcery --with-headers=yes --with-sysroot=/opt/codesourcery/arm-none-eabi --with-build-sysroot=/scratch/maxim/arm-lite/install-4.3-arm-none-eabi-lite/arm-none-eabi --with-gmp=/scratch/maxim/arm-lite/obj-4.3-arm-none-eabi-lite/host-libs-2009q1-161-arm-none-eabi-i686-pc-linux-gnu/usr --with-mpfr=/scratch/maxim/arm-lite/obj-4.3-arm-none-eabi-lite/host-libs-2009q1-161-arm-none-eabi-i686-pc-linux-gnu/usr --disable-libgomp --enable-poison-system-directories --with-build-time-tools=/scratch/maxim/arm-lite/install-4.3-arm-none-eabi-lite/arm-none-eabi/bin --with-build-time-tools=/scratch/maxim/arm-lite/install-4.3-arm-none-eabi-lite/arm-none-eabi/bin
Thread model: single
gcc version 4.3.3 (Sourcery G++ Lite 2009q1-161)

and qemu:
$ qemu-arm
qemu-arm version 0.11.0, Copyright (c) 2003-2008 Fabrice Bellard

3) By the way, I can only run qemu-arm as root, otherwise, I get the following error message:
mmap: Permission denied


4) What is the difference between qemu-arm and qemu-system-arm?


5) So, QEMU performs Dynamic Code translation in blocks, if I would like to look for memory/data accesses and interrupts signaling and detection which area of the source code should I look at?
tcg_cpu_exec() inside vl.c ?
or cpu-exec.c ?