Qemu-system mode emulation analysis (1)

1. Perform a simple analysis of the main processin this mode, QEMU in addition to the simulation of CPU execution, but also to manage and simulate peripherals, so system-mode simulation than user-mode simulation more than the needs of our concern, such as machine management, device management, bus simulation, interrupt simulation, MMU simulation, and how they work together and so on. This section mainly analyzes the execution main flow of QEMU system pattern. As shown in the following:

It mainly describes the general framework of the entire emulator execution process, as shown by the diagram, Main_loop is the main loop of the simulator runtime, the Cpu_exec_all () function is used to execute the CPU instruction, main_loop_wait is used to execute the peripheral device simulation code, Of course, these are not completely absolute, such as the CPU in the address space of the IO device Load/store operation, will invoke the IO device read and write handler.

What about the execution flow of the Cpu_exec_all function? Such as:

From the known, in the function Cpu_exec_all, will go to traverse and run each CPU, then go to call qemu_cpu_exec function, finally go to call cpu_exec function, cpu_exec function analysis in the previous user mode has been analyzed, code translation, code execution, Exception generation is done over there, detailed analysis refer to the previous article.

Next, the main_loop_wait function is analyzed, and the function's main function is to respond to the peripheral input and handle the timer event. See, the diagram is the overall process of main_loop_wait execution. This process constantly to listen to the corresponding host device has input and output, if any, then call the corresponding callback function to deal with.

Finally, to scan all the Qemu_timer, if the set time has arrived, then execute the corresponding hook function for processing. Specific about the implementation of Qemu_timer and the use of methods, will be described in the following
.

Analysis here, do you have a question, when the CPU execution engine executes the CPU instruction, how does it respond to the input of the peripheral device? with Alarm signal , QEMU dynamically sets the time for the next alarm signal to occur based on the information in the Qemu_timer list, then interrupts the CPU execution by interrupting the open TB chain at Signal_handler and setting the exit flag. Enables QEMU to handle peripheral input and timer event handlers, enabling simulation and synchronization of peripheral devices. The Qemu_timer is also involved here, and the implementation mechanism will be introduced in detail later.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Qemu-system mode emulation analysis (1)