X-Git-Url: http://vcs.maemo.org/git/?a=blobdiff_plain;f=qemu-doc.texi;h=211b6687ae8ca8fcbf474eede9a97de40d2be0c8;hb=1b351e52918c8eceb2b3dc7a9c5e0b7b342ccd18;hp=2e324ca9885daaa41a150e4de6ad7745d2d6094b;hpb=6cd9f35b9bb0a59697a981e3f9e4eafd9e68ff97;p=qemu diff --git a/qemu-doc.texi b/qemu-doc.texi index 2e324ca..211b668 100644 --- a/qemu-doc.texi +++ b/qemu-doc.texi @@ -1,407 +1,1283 @@ \input texinfo @c -*- texinfo -*- -@settitle QEMU x86 Emulator Reference Documentation +@iftex +@settitle QEMU CPU Emulator User Documentation @titlepage @sp 7 -@center @titlefont{QEMU x86 Emulator Reference Documentation} +@center @titlefont{QEMU CPU Emulator User Documentation} @sp 3 @end titlepage +@end iftex @chapter Introduction -QEMU is an x86 processor emulator. Its purpose is to run x86 Linux -processes on non-x86 Linux architectures such as PowerPC or ARM. By -using dynamic translation it achieves a reasonnable speed while being -easy to port on new host CPUs. Its main goal is to be able to launch the -@code{Wine} Windows API emulator (@url{http://www.winehq.org}) on -non-x86 CPUs. +@section Features -QEMU features: +QEMU is a FAST! processor emulator using dynamic translation to +achieve good emulation speed. -@itemize +QEMU has two operating modes: -@item User space only x86 emulator. +@itemize @minus -@item Currently ported on i386, PowerPC and S390. +@item +Full system emulation. In this mode, QEMU emulates a full system (for +example a PC), including a processor and various peripherals. It can +be used to launch different Operating Systems without rebooting the +PC or to debug system code. -@item Using dynamic translation to native code for reasonnable speed. +@item +User mode emulation (Linux host only). In this mode, QEMU can launch +Linux processes compiled for one CPU on another CPU. It can be used to +launch the Wine Windows API emulator (@url{http://www.winehq.org}) or +to ease cross-compilation and cross-debugging. -@item The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation. -User space LDT and GDT are emulated. VM86 mode is also supported -(experimental). - -@item Generic Linux system call converter, including most ioctls. +@end itemize -@item clone() emulation using native CPU clone() to use Linux scheduler for threads. +QEMU can run without an host kernel driver and yet gives acceptable +performance. -@item Accurate signal handling by remapping host signals to virtual x86 signals. +For system emulation, the following hardware targets are supported: +@itemize +@item PC (x86 processor) +@item PREP (PowerPC processor) +@item PowerMac (PowerPC processor, in progress) +@item Sun4m (32-bit Sparc processor) +@item Sun4u (64-bit Sparc processor, in progress) +@end itemize -@item QEMU can emulate itself on x86 (experimental). +For user emulation, x86, PowerPC, ARM, and Sparc32/64 CPUs are supported. -@item The virtual x86 CPU is a library (@code{libqemu}) which can be used -in other projects. +@chapter Installation -@item An extensive Linux x86 CPU test program is included @file{tests/test-i386}. -It can be used to test other x86 virtual CPUs. +If you want to compile QEMU yourself, see @ref{compilation}. -@end itemize +@section Linux -Current QEMU Limitations: +If a precompiled package is available for your distribution - you just +have to install it. Otherwise, see @ref{compilation}. -@itemize +@section Windows -@item Not all x86 exceptions are precise (yet). [Very few programs need that]. +Download the experimental binary installer at +@url{http://www.freeoszoo.org/download.php}. -@item No support for self-modifying code (yet). [Very few programs need that, a notable exception is QEMU itself !]. +@section Mac OS X -@item No SSE/MMX support (yet). +Download the experimental binary installer at +@url{http://www.freeoszoo.org/download.php}. -@item No x86-64 support. +@chapter QEMU PC System emulator invocation -@item Some Linux syscalls are missing. +@section Introduction -@item The x86 segment limits and access rights are not tested at every -memory access (and will never be to have good performances). +@c man begin DESCRIPTION -@item On non x86 host CPUs, @code{double}s are used instead of the non standard -10 byte @code{long double}s of x86 for floating point emulation to get -maximum performances. +The QEMU System emulator simulates the +following PC peripherals: +@itemize @minus +@item +i440FX host PCI bridge and PIIX3 PCI to ISA bridge +@item +Cirrus CLGD 5446 PCI VGA card or dummy VGA card with Bochs VESA +extensions (hardware level, including all non standard modes). +@item +PS/2 mouse and keyboard +@item +2 PCI IDE interfaces with hard disk and CD-ROM support +@item +Floppy disk +@item +NE2000 PCI network adapters +@item +Serial ports +@item +Soundblaster 16 card @end itemize -@chapter Invocation +QEMU uses the PC BIOS from the Bochs project and the Plex86/Bochs LGPL +VGA BIOS. + +@c man end @section Quick Start -In order to launch a Linux process, QEMU needs the process executable -itself and all the target (x86) dynamic libraries used by it. +Download and uncompress the linux image (@file{linux.img}) and type: -@itemize +@example +qemu linux.img +@end example -@item On x86, you can just try to launch any process by using the native -libraries: +Linux should boot and give you a prompt. -@example -qemu -L / /bin/ls +@section Invocation + +@example +@c man begin SYNOPSIS +usage: qemu [options] [disk_image] +@c man end @end example -@code{-L /} tells that the x86 dynamic linker must be searched with a -@file{/} prefix. +@c man begin OPTIONS +@var{disk_image} is a raw hard disk image for IDE hard disk 0. -@item Since QEMU is also a linux process, you can launch qemu with qemu: +General options: +@table @option +@item -fda file +@item -fdb file +Use @var{file} as floppy disk 0/1 image (@xref{disk_images}). You can +use the host floppy by using @file{/dev/fd0} as filename. -@example -qemu -L / qemu -L / /bin/ls +@item -hda file +@item -hdb file +@item -hdc file +@item -hdd file +Use @var{file} as hard disk 0, 1, 2 or 3 image (@xref{disk_images}). + +@item -cdrom file +Use @var{file} as CD-ROM image (you cannot use @option{-hdc} and and +@option{-cdrom} at the same time). You can use the host CD-ROM by +using @file{/dev/cdrom} as filename. + +@item -boot [a|c|d] +Boot on floppy (a), hard disk (c) or CD-ROM (d). Hard disk boot is +the default. + +@item -snapshot +Write to temporary files instead of disk image files. In this case, +the raw disk image you use is not written back. You can however force +the write back by pressing @key{C-a s} (@xref{disk_images}). + +@item -m megs +Set virtual RAM size to @var{megs} megabytes. Default is 128 MB. + +@item -nographic + +Normally, QEMU uses SDL to display the VGA output. With this option, +you can totally disable graphical output so that QEMU is a simple +command line application. The emulated serial port is redirected on +the console. Therefore, you can still use QEMU to debug a Linux kernel +with a serial console. + +@item -k language + +Use keyboard layout @var{language} (for example @code{fr} for +French). This option is only needed where it is not easy to get raw PC +keycodes (e.g. on Macs or with some X11 servers). You don't need to +use it on PC/Linux or PC/Windows hosts. + +The available layouts are: +@example +ar de-ch es fo fr-ca hu ja mk no pt-br sv +da en-gb et fr fr-ch is lt nl pl ru th +de en-us fi fr-be hr it lv nl-be pt sl tr @end example -@item On non x86 CPUs, you need first to download at least an x86 glibc -(@file{qemu-XXX-i386-glibc21.tar.gz} on the QEMU web page). Ensure that -@code{LD_LIBRARY_PATH} is not set: +The default is @code{en-us}. + +@item -enable-audio + +The SB16 emulation is disabled by default as it may give problems with +Windows. You can enable it manually with this option. + +@item -localtime +Set the real time clock to local time (the default is to UTC +time). This option is needed to have correct date in MS-DOS or +Windows. + +@item -full-screen +Start in full screen. + +@item -pidfile file +Store the QEMU process PID in @var{file}. It is useful if you launch QEMU +from a script. + +@end table + +Network options: + +@table @option + +@item -n script +Set TUN/TAP network init script [default=/etc/qemu-ifup]. This script +is launched to configure the host network interface (usually tun0) +corresponding to the virtual NE2000 card. + +@item -nics n +Simulate @var{n} network cards (the default is 1). + +@item -macaddr addr + +Set the mac address of the first interface (the format is +aa:bb:cc:dd:ee:ff in hexa). The mac address is incremented for each +new network interface. + +@item -tun-fd fd +Assumes @var{fd} talks to a tap/tun host network interface and use +it. Read @url{http://bellard.org/qemu/tetrinet.html} to have an +example of its use. + +@item -user-net +Use the user mode network stack. This is the default if no tun/tap +network init script is found. + +@item -tftp prefix +When using the user mode network stack, activate a built-in TFTP +server. All filenames beginning with @var{prefix} can be downloaded +from the host to the guest using a TFTP client. The TFTP client on the +guest must be configured in binary mode (use the command @code{bin} of +the Unix TFTP client). The host IP address on the guest is as usual +10.0.2.2. + +@item -smb dir +When using the user mode network stack, activate a built-in SMB +server so that Windows OSes can access to the host files in @file{dir} +transparently. + +In the guest Windows OS, the line: @example -unset LD_LIBRARY_PATH +10.0.2.4 smbserver @end example +must be added in the file @file{C:\WINDOWS\LMHOSTS} (for windows 9x/Me) +or @file{C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS} (Windows NT/2000). -Then you can launch the precompiled @file{ls} x86 executable: +Then @file{dir} can be accessed in @file{\\smbserver\qemu}. + +Note that a SAMBA server must be installed on the host OS in +@file{/usr/sbin/smbd}. QEMU was tested succesfully with smbd version +2.2.7a from the Red Hat 9. + +@item -redir [tcp|udp]:host-port:[guest-host]:guest-port + +When using the user mode network stack, redirect incoming TCP or UDP +connections to the host port @var{host-port} to the guest +@var{guest-host} on guest port @var{guest-port}. If @var{guest-host} +is not specified, its value is 10.0.2.15 (default address given by the +built-in DHCP server). + +For example, to redirect host X11 connection from screen 1 to guest +screen 0, use the following: @example -qemu /usr/local/qemu-i386/bin/ls-i386 +# on the host +qemu -redir tcp:6001::6000 [...] +# this host xterm should open in the guest X11 server +xterm -display :1 @end example -You can look at @file{/usr/local/qemu-i386/bin/qemu-conf.sh} so that -QEMU is automatically launched by the Linux kernel when you try to -launch x86 executables. It requires the @code{binfmt_misc} module in the -Linux kernel. -@item The x86 version of QEMU is also included. You can try weird things such as: +To redirect telnet connections from host port 5555 to telnet port on +the guest, use the following: + @example -qemu /usr/local/qemu-i386/bin/qemu-i386 /usr/local/qemu-i386/bin/ls-i386 +# on the host +qemu -redir tcp:5555::23 [...] +telnet localhost 5555 @end example +Then when you use on the host @code{telnet localhost 5555}, you +connect to the guest telnet server. + +@item -dummy-net +Use the dummy network stack: no packet will be received by the network +cards. + +@end table + +Linux boot specific. When using this options, you can use a given +Linux kernel without installing it in the disk image. It can be useful +for easier testing of various kernels. + +@table @option + +@item -kernel bzImage +Use @var{bzImage} as kernel image. + +@item -append cmdline +Use @var{cmdline} as kernel command line + +@item -initrd file +Use @var{file} as initial ram disk. + +@end table + +Debug/Expert options: +@table @option + +@item -serial dev +Redirect the virtual serial port to host device @var{dev}. Available +devices are: +@table @code +@item vc +Virtual console +@item pty +[Linux only] Pseudo TTY (a new PTY is automatically allocated) +@item null +void device +@item stdio +[Unix only] standard input/output +@end table +The default device is @code{vc} in graphical mode and @code{stdio} in +non graphical mode. + +This option can be used several times to simulate up to 4 serials +ports. + +@item -monitor dev +Redirect the monitor to host device @var{dev} (same devices as the +serial port). +The default device is @code{vc} in graphical mode and @code{stdio} in +non graphical mode. + +@item -s +Wait gdb connection to port 1234 (@xref{gdb_usage}). +@item -p port +Change gdb connection port. +@item -S +Do not start CPU at startup (you must type 'c' in the monitor). +@item -d +Output log in /tmp/qemu.log +@item -hdachs c,h,s,[,t] +Force hard disk 0 physical geometry (1 <= @var{c} <= 16383, 1 <= +@var{h} <= 16, 1 <= @var{s} <= 63) and optionally force the BIOS +translation mode (@var{t}=none, lba or auto). Usually QEMU can guess +all thoses parameters. This option is useful for old MS-DOS disk +images. + +@item -isa +Simulate an ISA-only system (default is PCI system). +@item -std-vga +Simulate a standard VGA card with Bochs VBE extensions (default is +Cirrus Logic GD5446 PCI VGA) +@item -loadvm file +Start right away with a saved state (@code{loadvm} in monitor) +@end table + +@c man end + +@section Keys + +@c man begin OPTIONS + +During the graphical emulation, you can use the following keys: +@table @key +@item Ctrl-Alt-f +Toggle full screen + +@item Ctrl-Alt-n +Switch to virtual console 'n'. Standard console mappings are: +@table @emph +@item 1 +Target system display +@item 2 +Monitor +@item 3 +Serial port +@end table + +@item Ctrl-Alt +Toggle mouse and keyboard grab. +@end table + +In the virtual consoles, you can use @key{Ctrl-Up}, @key{Ctrl-Down}, +@key{Ctrl-PageUp} and @key{Ctrl-PageDown} to move in the back log. + +During emulation, if you are using the @option{-nographic} option, use +@key{Ctrl-a h} to get terminal commands: + +@table @key +@item Ctrl-a h +Print this help +@item Ctrl-a x +Exit emulatior +@item Ctrl-a s +Save disk data back to file (if -snapshot) +@item Ctrl-a b +Send break (magic sysrq in Linux) +@item Ctrl-a c +Switch between console and monitor +@item Ctrl-a Ctrl-a +Send Ctrl-a +@end table +@c man end + +@ignore + +@setfilename qemu +@settitle QEMU System Emulator + +@c man begin SEEALSO +The HTML documentation of QEMU for more precise information and Linux +user mode emulator invocation. +@c man end + +@c man begin AUTHOR +Fabrice Bellard +@c man end + +@end ignore + +@end ignore + +@section QEMU Monitor + +The QEMU monitor is used to give complex commands to the QEMU +emulator. You can use it to: + +@itemize @minus + +@item +Remove or insert removable medias images +(such as CD-ROM or floppies) + +@item +Freeze/unfreeze the Virtual Machine (VM) and save or restore its state +from a disk file. + +@item Inspect the VM state without an external debugger. + @end itemize -@section Wine launch (Currently only tested when emulating x86 on x86) +@subsection Commands + +The following commands are available: + +@table @option + +@item help or ? [cmd] +Show the help for all commands or just for command @var{cmd}. + +@item commit +Commit changes to the disk images (if -snapshot is used) + +@item info subcommand +show various information about the system state + +@table @option +@item info network +show the network state +@item info block +show the block devices +@item info registers +show the cpu registers +@item info history +show the command line history +@end table + +@item q or quit +Quit the emulator. +@item eject [-f] device +Eject a removable media (use -f to force it). + +@item change device filename +Change a removable media. + +@item screendump filename +Save screen into PPM image @var{filename}. + +@item log item1[,...] +Activate logging of the specified items to @file{/tmp/qemu.log}. + +@item savevm filename +Save the whole virtual machine state to @var{filename}. + +@item loadvm filename +Restore the whole virtual machine state from @var{filename}. + +@item stop +Stop emulation. + +@item c or cont +Resume emulation. + +@item gdbserver [port] +Start gdbserver session (default port=1234) + +@item x/fmt addr +Virtual memory dump starting at @var{addr}. + +@item xp /fmt addr +Physical memory dump starting at @var{addr}. + +@var{fmt} is a format which tells the command how to format the +data. Its syntax is: @option{/@{count@}@{format@}@{size@}} + +@table @var +@item count +is the number of items to be dumped. + +@item format +can be x (hexa), d (signed decimal), u (unsigned decimal), o (octal), +c (char) or i (asm instruction). + +@item size +can be b (8 bits), h (16 bits), w (32 bits) or g (64 bits). On x86, +@code{h} or @code{w} can be specified with the @code{i} format to +respectively select 16 or 32 bit code instruction size. + +@end table + +Examples: @itemize +@item +Dump 10 instructions at the current instruction pointer: +@example +(qemu) x/10i $eip +0x90107063: ret +0x90107064: sti +0x90107065: lea 0x0(%esi,1),%esi +0x90107069: lea 0x0(%edi,1),%edi +0x90107070: ret +0x90107071: jmp 0x90107080 +0x90107073: nop +0x90107074: nop +0x90107075: nop +0x90107076: nop +@end example -@item Ensure that you have a working QEMU with the x86 glibc -distribution (see previous section). In order to verify it, you must be -able to do: +@item +Dump 80 16 bit values at the start of the video memory. +@example +(qemu) xp/80hx 0xb8000 +0x000b8000: 0x0b50 0x0b6c 0x0b65 0x0b78 0x0b38 0x0b36 0x0b2f 0x0b42 +0x000b8010: 0x0b6f 0x0b63 0x0b68 0x0b73 0x0b20 0x0b56 0x0b47 0x0b41 +0x000b8020: 0x0b42 0x0b69 0x0b6f 0x0b73 0x0b20 0x0b63 0x0b75 0x0b72 +0x000b8030: 0x0b72 0x0b65 0x0b6e 0x0b74 0x0b2d 0x0b63 0x0b76 0x0b73 +0x000b8040: 0x0b20 0x0b30 0x0b35 0x0b20 0x0b4e 0x0b6f 0x0b76 0x0b20 +0x000b8050: 0x0b32 0x0b30 0x0b30 0x0b33 0x0720 0x0720 0x0720 0x0720 +0x000b8060: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 +0x000b8070: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 +0x000b8080: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 +0x000b8090: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 +@end example +@end itemize + +@item p or print/fmt expr +Print expression value. Only the @var{format} part of @var{fmt} is +used. + +@item sendkey keys + +Send @var{keys} to the emulator. Use @code{-} to press several keys +simultaneously. Example: @example -qemu /usr/local/qemu-i386/bin/ls-i386 +sendkey ctrl-alt-f1 @end example -@item Download the binary x86 Wine install -(@file{qemu-XXX-i386-wine.tar.gz} on the QEMU web page). +This command is useful to send keys that your graphical user interface +intercepts at low level, such as @code{ctrl-alt-f1} in X Window. -@item Configure Wine on your account. Look at the provided script -@file{/usr/local/qemu-i386/bin/wine-conf.sh}. Your previous -@code{$@{HOME@}/.wine} directory is saved to @code{$@{HOME@}/.wine.org}. +@item system_reset -@item Then you can try the example @file{putty.exe}: +Reset the system. + +@end table + +@subsection Integer expressions + +The monitor understands integers expressions for every integer +argument. You can use register names to get the value of specifics +CPU registers by prefixing them with @emph{$}. + +@node disk_images +@section Disk Images + +Since version 0.6.1, QEMU supports many disk image formats, including +growable disk images (their size increase as non empty sectors are +written), compressed and encrypted disk images. + +@subsection Quick start for disk image creation +You can create a disk image with the command: @example -qemu /usr/local/qemu-i386/wine/bin/wine /usr/local/qemu-i386/wine/c/Program\ Files/putty.exe +qemu-img create myimage.img mysize @end example +where @var{myimage.img} is the disk image filename and @var{mysize} is its +size in kilobytes. You can add an @code{M} suffix to give the size in +megabytes and a @code{G} suffix for gigabytes. -@end itemize +@xref{qemu_img_invocation} for more information. -@section Command line options +@subsection Snapshot mode + +If you use the option @option{-snapshot}, all disk images are +considered as read only. When sectors in written, they are written in +a temporary file created in @file{/tmp}. You can however force the +write back to the raw disk images by using the @code{commit} monitor +command (or @key{C-a s} in the serial console). + +@node qemu_img_invocation +@subsection @code{qemu-img} Invocation + +@include qemu-img.texi + +@section Network emulation + +QEMU simulates up to 6 networks cards (NE2000 boards). Each card can +be connected to a specific host network interface. + +@subsection Using tun/tap network interface + +This is the standard way to emulate network. QEMU adds a virtual +network device on your host (called @code{tun0}), and you can then +configure it as if it was a real ethernet card. + +As an example, you can download the @file{linux-test-xxx.tar.gz} +archive and copy the script @file{qemu-ifup} in @file{/etc} and +configure properly @code{sudo} so that the command @code{ifconfig} +contained in @file{qemu-ifup} can be executed as root. You must verify +that your host kernel supports the TUN/TAP network interfaces: the +device @file{/dev/net/tun} must be present. + +See @ref{direct_linux_boot} to have an example of network use with a +Linux distribution. + +@subsection Using the user mode network stack + +By using the option @option{-user-net} or if you have no tun/tap init +script, QEMU uses a completely user mode network stack (you don't need +root priviledge to use the virtual network). The virtual network +configuration is the following: @example -usage: qemu [-h] [-d] [-L path] [-s size] program [arguments...] + +QEMU Virtual Machine <------> Firewall/DHCP server <-----> Internet + (10.0.2.x) | (10.0.2.2) + | + ----> DNS server (10.0.2.3) + | + ----> SMB server (10.0.2.4) @end example -@table @samp -@item -h -Print the help -@item -d -Activate log (logfile=/tmp/qemu.log) -@item -L path -Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386) -@item -s size -Set the x86 stack size in bytes (default=524288) -@end table +The QEMU VM behaves as if it was behind a firewall which blocks all +incoming connections. You can use a DHCP client to automatically +configure the network in the QEMU VM. + +In order to check that the user mode network is working, you can ping +the address 10.0.2.2 and verify that you got an address in the range +10.0.2.x from the QEMU virtual DHCP server. + +Note that @code{ping} is not supported reliably to the internet as it +would require root priviledges. It means you can only ping the local +router (10.0.2.2). + +When using the built-in TFTP server, the router is also the TFTP +server. + +When using the @option{-redir} option, TCP or UDP connections can be +redirected from the host to the guest. It allows for example to +redirect X11, telnet or SSH connections. + +@node direct_linux_boot +@section Direct Linux Boot + +This section explains how to launch a Linux kernel inside QEMU without +having to make a full bootable image. It is very useful for fast Linux +kernel testing. The QEMU network configuration is also explained. + +@enumerate +@item +Download the archive @file{linux-test-xxx.tar.gz} containing a Linux +kernel and a disk image. + +@item Optional: If you want network support (for example to launch X11 examples), you +must copy the script @file{qemu-ifup} in @file{/etc} and configure +properly @code{sudo} so that the command @code{ifconfig} contained in +@file{qemu-ifup} can be executed as root. You must verify that your host +kernel supports the TUN/TAP network interfaces: the device +@file{/dev/net/tun} must be present. + +When network is enabled, there is a virtual network connection between +the host kernel and the emulated kernel. The emulated kernel is seen +from the host kernel at IP address 172.20.0.2 and the host kernel is +seen from the emulated kernel at IP address 172.20.0.1. + +@item Launch @code{qemu.sh}. You should have the following output: + +@example +> ./qemu.sh +Connected to host network interface: tun0 +Linux version 2.4.21 (bellard@voyager.localdomain) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003 +BIOS-provided physical RAM map: + BIOS-e801: 0000000000000000 - 000000000009f000 (usable) + BIOS-e801: 0000000000100000 - 0000000002000000 (usable) +32MB LOWMEM available. +On node 0 totalpages: 8192 +zone(0): 4096 pages. +zone(1): 4096 pages. +zone(2): 0 pages. +Kernel command line: root=/dev/hda sb=0x220,5,1,5 ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe console=ttyS0 +ide_setup: ide2=noprobe +ide_setup: ide3=noprobe +ide_setup: ide4=noprobe +ide_setup: ide5=noprobe +Initializing CPU#0 +Detected 2399.621 MHz processor. +Console: colour EGA 80x25 +Calibrating delay loop... 4744.80 BogoMIPS +Memory: 28872k/32768k available (1210k kernel code, 3508k reserved, 266k data, 64k init, 0k highmem) +Dentry cache hash table entries: 4096 (order: 3, 32768 bytes) +Inode cache hash table entries: 2048 (order: 2, 16384 bytes) +Mount cache hash table entries: 512 (order: 0, 4096 bytes) +Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes) +Page-cache hash table entries: 8192 (order: 3, 32768 bytes) +CPU: Intel Pentium Pro stepping 03 +Checking 'hlt' instruction... OK. +POSIX conformance testing by UNIFIX +Linux NET4.0 for Linux 2.4 +Based upon Swansea University Computer Society NET3.039 +Initializing RT netlink socket +apm: BIOS not found. +Starting kswapd +Journalled Block Device driver loaded +Detected PS/2 Mouse Port. +pty: 256 Unix98 ptys configured +Serial driver version 5.05c (2001-07-08) with no serial options enabled +ttyS00 at 0x03f8 (irq = 4) is a 16450 +ne.c:v1.10 9/23/94 Donald Becker (becker@scyld.com) +Last modified Nov 1, 2000 by Paul Gortmaker +NE*000 ethercard probe at 0x300: 52 54 00 12 34 56 +eth0: NE2000 found at 0x300, using IRQ 9. +RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize +Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4 +ide: Assuming 50MHz system bus speed for PIO modes; override with idebus=xx +hda: QEMU HARDDISK, ATA DISK drive +ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 +hda: attached ide-disk driver. +hda: 20480 sectors (10 MB) w/256KiB Cache, CHS=20/16/63 +Partition check: + hda: +Soundblaster audio driver Copyright (C) by Hannu Savolainen 1993-1996 +NET4: Linux TCP/IP 1.0 for NET4.0 +IP Protocols: ICMP, UDP, TCP, IGMP +IP: routing cache hash table of 512 buckets, 4Kbytes +TCP: Hash tables configured (established 2048 bind 4096) +NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. +EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended +VFS: Mounted root (ext2 filesystem). +Freeing unused kernel memory: 64k freed + +Linux version 2.4.21 (bellard@voyager.localdomain) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003 + +QEMU Linux test distribution (based on Redhat 9) + +Type 'exit' to halt the system + +sh-2.05b# +@end example + +@item +Then you can play with the kernel inside the virtual serial console. You +can launch @code{ls} for example. Type @key{Ctrl-a h} to have an help +about the keys you can type inside the virtual serial console. In +particular, use @key{Ctrl-a x} to exit QEMU and use @key{Ctrl-a b} as +the Magic SysRq key. + +@item +If the network is enabled, launch the script @file{/etc/linuxrc} in the +emulator (don't forget the leading dot): +@example +. /etc/linuxrc +@end example + +Then enable X11 connections on your PC from the emulated Linux: +@example +xhost +172.20.0.2 +@end example -@chapter QEMU Internals +You can now launch @file{xterm} or @file{xlogo} and verify that you have +a real Virtual Linux system ! -@section QEMU compared to other emulators - -Unlike bochs [3], QEMU emulates only a user space x86 CPU. It means that -you cannot launch an operating system with it. The benefit is that it is -simpler and faster due to the fact that some of the low level CPU state -can be ignored (in particular, no virtual memory needs to be emulated). +@end enumerate -Like Valgrind [2], QEMU does user space emulation and dynamic -translation. Valgrind is mainly a memory debugger while QEMU has no -support for it (QEMU could be used to detect out of bound memory accesses -as Valgrind, but it has no support to track uninitialised data as -Valgrind does). Valgrind dynamic translator generates better code than -QEMU (in particular it does register allocation) but it is closely tied -to an x86 host. +NOTES: +@enumerate +@item +A 2.5.74 kernel is also included in the archive. Just +replace the bzImage in qemu.sh to try it. -EM86 [4] is the closest project to QEMU (and QEMU still uses some of its -code, in particular the ELF file loader). EM86 was limited to an alpha -host and used a proprietary and slow interpreter (the interpreter part -of the FX!32 Digital Win32 code translator [5]). +@item +In order to exit cleanly from qemu, you can do a @emph{shutdown} inside +qemu. qemu will automatically exit when the Linux shutdown is done. -TWIN [6] is a Windows API emulator like Wine. It is less accurate than -Wine but includes a protected mode x86 interpreter to launch x86 Windows -executables. Such an approach as greater potential because most of the -Windows API is executed natively but it is far more difficult to develop -because all the data structures and function parameters exchanged -between the API and the x86 code must be converted. +@item +You can boot slightly faster by disabling the probe of non present IDE +interfaces. To do so, add the following options on the kernel command +line: +@example +ide1=noprobe ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe +@end example -@section Portable dynamic translation +@item +The example disk image is a modified version of the one made by Kevin +Lawton for the plex86 Project (@url{www.plex86.org}). -QEMU is a dynamic translator. When it first encounters a piece of code, -it converts it to the host instruction set. Usually dynamic translators -are very complicated and highly CPU dependant. QEMU uses some tricks -which make it relatively easily portable and simple while achieving good -performances. +@end enumerate -The basic idea is to split every x86 instruction into fewer simpler -instructions. Each simple instruction is implemented by a piece of C -code (see @file{op-i386.c}). Then a compile time tool (@file{dyngen}) -takes the corresponding object file (@file{op-i386.o}) to generate a -dynamic code generator which concatenates the simple instructions to -build a function (see @file{op-i386.h:dyngen_code()}). +@node gdb_usage +@section GDB usage -In essence, the process is similar to [1], but more work is done at -compile time. +QEMU has a primitive support to work with gdb, so that you can do +'Ctrl-C' while the virtual machine is running and inspect its state. -A key idea to get optimal performances is that constant parameters can -be passed to the simple operations. For that purpose, dummy ELF -relocations are generated with gcc for each constant parameter. Then, -the tool (@file{dyngen}) can locate the relocations and generate the -appriopriate C code to resolve them when building the dynamic code. +In order to use gdb, launch qemu with the '-s' option. It will wait for a +gdb connection: +@example +> qemu -s -kernel arch/i386/boot/bzImage -hda root-2.4.20.img -append "root=/dev/hda" +Connected to host network interface: tun0 +Waiting gdb connection on port 1234 +@end example -That way, QEMU is no more difficult to port than a dynamic linker. +Then launch gdb on the 'vmlinux' executable: +@example +> gdb vmlinux +@end example -To go even faster, GCC static register variables are used to keep the -state of the virtual CPU. +In gdb, connect to QEMU: +@example +(gdb) target remote localhost:1234 +@end example -@section Register allocation +Then you can use gdb normally. For example, type 'c' to launch the kernel: +@example +(gdb) c +@end example -Since QEMU uses fixed simple instructions, no efficient register -allocation can be done. However, because RISC CPUs have a lot of -register, most of the virtual CPU state can be put in registers without -doing complicated register allocation. +Here are some useful tips in order to use gdb on system code: -@section Condition code optimisations +@enumerate +@item +Use @code{info reg} to display all the CPU registers. +@item +Use @code{x/10i $eip} to display the code at the PC position. +@item +Use @code{set architecture i8086} to dump 16 bit code. Then use +@code{x/10i $cs*16+*eip} to dump the code at the PC position. +@end enumerate -Good CPU condition codes emulation (@code{EFLAGS} register on x86) is a -critical point to get good performances. QEMU uses lazy condition code -evaluation: instead of computing the condition codes after each x86 -instruction, it just stores one operand (called @code{CC_SRC}), the -result (called @code{CC_DST}) and the type of operation (called -@code{CC_OP}). +@section Target OS specific information -@code{CC_OP} is almost never explicitely set in the generated code -because it is known at translation time. +@subsection Linux -In order to increase performances, a backward pass is performed on the -generated simple instructions (see -@code{translate-i386.c:optimize_flags()}). When it can be proved that -the condition codes are not needed by the next instructions, no -condition codes are computed at all. +To have access to SVGA graphic modes under X11, use the @code{vesa} or +the @code{cirrus} X11 driver. For optimal performances, use 16 bit +color depth in the guest and the host OS. -@section CPU state optimisations +When using a 2.6 guest Linux kernel, you should add the option +@code{clock=pit} on the kernel command line because the 2.6 Linux +kernels make very strict real time clock checks by default that QEMU +cannot simulate exactly. -The x86 CPU has many internal states which change the way it evaluates -instructions. In order to achieve a good speed, the translation phase -considers that some state information of the virtual x86 CPU cannot -change in it. For example, if the SS, DS and ES segments have a zero -base, then the translator does not even generate an addition for the -segment base. +When using a 2.6 guest Linux kernel, verify that the 4G/4G patch is +not activated because QEMU is slower with this patch. The QEMU +Accelerator Module is also much slower in this case. Earlier Fedora +Core 3 Linux kernel (< 2.6.9-1.724_FC3) were known to incorporte this +patch by default. Newer kernels don't have it. -[The FPU stack pointer register is not handled that way yet]. +@subsection Windows -@section Translation cache +If you have a slow host, using Windows 95 is better as it gives the +best speed. Windows 2000 is also a good choice. -A 2MByte cache holds the most recently used translations. For -simplicity, it is completely flushed when it is full. A translation unit -contains just a single basic block (a block of x86 instructions -terminated by a jump or by a virtual CPU state change which the -translator cannot deduce statically). +@subsubsection SVGA graphic modes support -[Currently, the translated code is not patched if it jumps to another -translated code]. +QEMU emulates a Cirrus Logic GD5446 Video +card. All Windows versions starting from Windows 95 should recognize +and use this graphic card. For optimal performances, use 16 bit color +depth in the guest and the host OS. -@section Exception support +@subsubsection CPU usage reduction -longjmp() is used when an exception such as division by zero is -encountered. The host SIGSEGV and SIGBUS signal handlers are used to get -invalid memory accesses. +Windows 9x does not correctly use the CPU HLT +instruction. The result is that it takes host CPU cycles even when +idle. You can install the utility from +@url{http://www.user.cityline.ru/~maxamn/amnhltm.zip} to solve this +problem. Note that no such tool is needed for NT, 2000 or XP. -[Currently, the virtual CPU cannot retrieve the exact CPU state in some -exceptions, although it could except for the @code{EFLAGS} register]. +@subsubsection Windows 2000 disk full problems -@section Linux system call translation +Currently (release 0.6.0) QEMU has a bug which gives a @code{disk +full} error during installation of some releases of Windows 2000. The +workaround is to stop QEMU as soon as you notice that your disk image +size is growing too fast (monitor it with @code{ls -ls}). Then +relaunch QEMU to continue the installation. If you still experience +the problem, relaunch QEMU again. -QEMU includes a generic system call translator for Linux. It means that -the parameters of the system calls can be converted to fix the -endianness and 32/64 bit issues. The IOCTLs are converted with a generic -type description system (see @file{ioctls.h} and @file{thunk.c}). +Future QEMU releases are likely to correct this bug. -@section Linux signals +@subsubsection Windows XP security problems -Normal and real-time signals are queued along with their information -(@code{siginfo_t}) as it is done in the Linux kernel. Then an interrupt -request is done to the virtual CPU. When it is interrupted, one queued -signal is handled by generating a stack frame in the virtual CPU as the -Linux kernel does. The @code{sigreturn()} system call is emulated to return -from the virtual signal handler. +Some releases of Windows XP install correctly but give a security +error when booting: +@example +A problem is preventing Windows from accurately checking the +license for this computer. Error code: 0x800703e6. +@end example +The only known workaround is to boot in Safe mode +without networking support. -Some signals (such as SIGALRM) directly come from the host. Other -signals are synthetized from the virtual CPU exceptions such as SIGFPE -when a division by zero is done (see @code{main.c:cpu_loop()}). +Future QEMU releases are likely to correct this bug. -The blocked signal mask is still handled by the host Linux kernel so -that most signal system calls can be redirected directly to the host -Linux kernel. Only the @code{sigaction()} and @code{sigreturn()} system -calls need to be fully emulated (see @file{signal.c}). +@subsection MS-DOS and FreeDOS -@section clone() system call and threads +@subsubsection CPU usage reduction -The Linux clone() system call is usually used to create a thread. QEMU -uses the host clone() system call so that real host threads are created -for each emulated thread. One virtual CPU instance is created for each -thread. +DOS does not correctly use the CPU HLT instruction. The result is that +it takes host CPU cycles even when idle. You can install the utility +from @url{http://www.vmware.com/software/dosidle210.zip} to solve this +problem. -The virtual x86 CPU atomic operations are emulated with a global lock so -that their semantic is preserved. +@chapter QEMU PowerPC System emulator invocation -@section Self-virtualization +Use the executable @file{qemu-system-ppc} to simulate a complete PREP +or PowerMac PowerPC system. -QEMU was conceived so that ultimately it can emulate itself. Althought -it is not very useful, it is an important test to show the power of the -emulator. +QEMU emulates the following PowerMac peripherals: -Achieving self-virtualization is not easy because there may be address -space conflicts. QEMU solves this problem by being an executable ELF -shared object as the ld-linux.so ELF interpreter. That way, it can be -relocated at load time. +@itemize @minus +@item +UniNorth PCI Bridge +@item +PCI VGA compatible card with VESA Bochs Extensions +@item +2 PMAC IDE interfaces with hard disk and CD-ROM support +@item +NE2000 PCI adapters +@item +Non Volatile RAM +@item +VIA-CUDA with ADB keyboard and mouse. +@end itemize -Since self-modifying code is not supported yet, QEMU cannot emulate -itself in case of translation cache flush. This limitation will be -suppressed soon. +QEMU emulates the following PREP peripherals: + +@itemize @minus +@item +PCI Bridge +@item +PCI VGA compatible card with VESA Bochs Extensions +@item +2 IDE interfaces with hard disk and CD-ROM support +@item +Floppy disk +@item +NE2000 network adapters +@item +Serial port +@item +PREP Non Volatile RAM +@item +PC compatible keyboard and mouse. +@end itemize -@section Bibliography +QEMU uses the Open Hack'Ware Open Firmware Compatible BIOS available at +@url{http://site.voila.fr/jmayer/OpenHackWare/index.htm}. -@table @asis +You can read the qemu PC system emulation chapter to have more +informations about QEMU usage. -@item [1] -@url{http://citeseer.nj.nec.com/piumarta98optimizing.html}, Optimizing -direct threaded code by selective inlining (1998) by Ian Piumarta, Fabio -Riccardi. +@c man begin OPTIONS -@item [2] -@url{http://developer.kde.org/~sewardj/}, Valgrind, an open-source -memory debugger for x86-GNU/Linux, by Julian Seward. +The following options are specific to the PowerPC emulation: -@item [3] -@url{http://bochs.sourceforge.net/}, the Bochs IA-32 Emulator Project, -by Kevin Lawton et al. +@table @option -@item [4] -@url{http://www.cs.rose-hulman.edu/~donaldlf/em86/index.html}, the EM86 -x86 emulator on Alpha-Linux. +@item -prep +Simulate a PREP system (default is PowerMAC) -@item [5] -@url{http://www.usenix.org/publications/library/proceedings/usenix-nt97/full_papers/chernoff/chernoff.pdf}, -DIGITAL FX!32: Running 32-Bit x86 Applications on Alpha NT, by Anton -Chernoff and Ray Hookway. +@item -g WxH[xDEPTH] -@item [6] -@url{http://www.willows.com/}, Windows API library emulation from -Willows Software. +Set the initial VGA graphic mode. The default is 800x600x15. @end table -@chapter Regression Tests +@c man end -In the directory @file{tests/}, various interesting x86 testing programs -are available. There are used for regression testing. -@section @file{hello} +More information is available at +@url{http://jocelyn.mayer.free.fr/qemu-ppc/}. -Very simple statically linked x86 program, just to test QEMU during a -port to a new host CPU. +@chapter Sparc32 System emulator invocation -@section @file{test-i386} +Use the executable @file{qemu-system-sparc} to simulate a JavaStation +(sun4m architecture). The emulation is somewhat complete. -This program executes most of the 16 bit and 32 bit x86 instructions and -generates a text output. It can be compared with the output obtained with -a real CPU or another emulator. The target @code{make test} runs this -program and a @code{diff} on the generated output. +QEMU emulates the following sun4m peripherals: -The Linux system call @code{modify_ldt()} is used to create x86 selectors -to test some 16 bit addressing and 32 bit with segmentation cases. +@itemize @minus +@item +IOMMU +@item +TCX Frame buffer +@item +Lance (Am7990) Ethernet +@item +Non Volatile RAM M48T08 +@item +Slave I/O: timers, interrupt controllers, Zilog serial ports, keyboard +and power/reset logic +@item +ESP SCSI controller with hard disk and CD-ROM support +@item +Floppy drive +@end itemize + +The number of peripherals is fixed in the architecture. + +QEMU uses the Proll, a PROM replacement available at +@url{http://people.redhat.com/zaitcev/linux/}. The required +QEMU-specific patches are included with the sources. -@section @file{testsig} +A sample Linux 2.6 series kernel and ram disk image are available on +the QEMU web site. Please note that currently neither Linux 2.4 +series, NetBSD, nor OpenBSD kernels work. -This program tests various signal cases, including SIGFPE, SIGSEGV and -SIGILL. +@c man begin OPTIONS -@section @file{testclone} +The following options are specific to the Sparc emulation: -Tests the @code{clone()} system call (basic test). +@table @option -@section @file{testthread} +@item -g WxH -Tests the glibc threads (more complicated than @code{clone()} because signals -are also used). +Set the initial TCX graphic mode. The default is 1024x768. + +@end table + +@c man end + +@chapter Sparc64 System emulator invocation + +Use the executable @file{qemu-system-sparc64} to simulate a Sun4u machine. +The emulator is not usable for anything yet. + +@chapter QEMU User space emulator invocation + +@section Quick Start + +In order to launch a Linux process, QEMU needs the process executable +itself and all the target (x86) dynamic libraries used by it. + +@itemize + +@item On x86, you can just try to launch any process by using the native +libraries: + +@example +qemu-i386 -L / /bin/ls +@end example + +@code{-L /} tells that the x86 dynamic linker must be searched with a +@file{/} prefix. + +@item Since QEMU is also a linux process, you can launch qemu with qemu (NOTE: you can only do that if you compiled QEMU from the sources): + +@example +qemu-i386 -L / qemu-i386 -L / /bin/ls +@end example + +@item On non x86 CPUs, you need first to download at least an x86 glibc +(@file{qemu-runtime-i386-XXX-.tar.gz} on the QEMU web page). Ensure that +@code{LD_LIBRARY_PATH} is not set: + +@example +unset LD_LIBRARY_PATH +@end example + +Then you can launch the precompiled @file{ls} x86 executable: + +@example +qemu-i386 tests/i386/ls +@end example +You can look at @file{qemu-binfmt-conf.sh} so that +QEMU is automatically launched by the Linux kernel when you try to +launch x86 executables. It requires the @code{binfmt_misc} module in the +Linux kernel. + +@item The x86 version of QEMU is also included. You can try weird things such as: +@example +qemu-i386 /usr/local/qemu-i386/bin/qemu-i386 /usr/local/qemu-i386/bin/ls-i386 +@end example + +@end itemize + +@section Wine launch + +@itemize + +@item Ensure that you have a working QEMU with the x86 glibc +distribution (see previous section). In order to verify it, you must be +able to do: + +@example +qemu-i386 /usr/local/qemu-i386/bin/ls-i386 +@end example + +@item Download the binary x86 Wine install +(@file{qemu-XXX-i386-wine.tar.gz} on the QEMU web page). + +@item Configure Wine on your account. Look at the provided script +@file{/usr/local/qemu-i386/bin/wine-conf.sh}. Your previous +@code{$@{HOME@}/.wine} directory is saved to @code{$@{HOME@}/.wine.org}. + +@item Then you can try the example @file{putty.exe}: + +@example +qemu-i386 /usr/local/qemu-i386/wine/bin/wine /usr/local/qemu-i386/wine/c/Program\ Files/putty.exe +@end example + +@end itemize + +@section Command line options + +@example +usage: qemu-i386 [-h] [-d] [-L path] [-s size] program [arguments...] +@end example + +@table @option +@item -h +Print the help +@item -L path +Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386) +@item -s size +Set the x86 stack size in bytes (default=524288) +@end table + +Debug options: + +@table @option +@item -d +Activate log (logfile=/tmp/qemu.log) +@item -p pagesize +Act as if the host page size was 'pagesize' bytes +@end table + +@node compilation +@chapter Compilation from the sources + +@section Linux/Unix + +@subsection Compilation + +First you must decompress the sources: +@example +cd /tmp +tar zxvf qemu-x.y.z.tar.gz +cd qemu-x.y.z +@end example + +Then you configure QEMU and build it (usually no options are needed): +@example +./configure +make +@end example + +Then type as root user: +@example +make install +@end example +to install QEMU in @file{/usr/local}. + +@subsection Tested tool versions + +In order to compile QEMU succesfully, it is very important that you +have the right tools. The most important one is gcc. I cannot guaranty +that QEMU works if you do not use a tested gcc version. Look at +'configure' and 'Makefile' if you want to make a different gcc +version work. + +@example +host gcc binutils glibc linux distribution +---------------------------------------------------------------------- +x86 3.2 2.13.2 2.1.3 2.4.18 + 2.96 2.11.93.0.2 2.2.5 2.4.18 Red Hat 7.3 + 3.2.2 2.13.90.0.18 2.3.2 2.4.20 Red Hat 9 + +PowerPC 3.3 [4] 2.13.90.0.18 2.3.1 2.4.20briq + 3.2 + +Alpha 3.3 [1] 2.14.90.0.4 2.2.5 2.2.20 [2] Debian 3.0 + +Sparc32 2.95.4 2.12.90.0.1 2.2.5 2.4.18 Debian 3.0 + +ARM 2.95.4 2.12.90.0.1 2.2.5 2.4.9 [3] Debian 3.0 + +[1] On Alpha, QEMU needs the gcc 'visibility' attribute only available + for gcc version >= 3.3. +[2] Linux >= 2.4.20 is necessary for precise exception support + (untested). +[3] 2.4.9-ac10-rmk2-np1-cerf2 + +[4] gcc 2.95.x generates invalid code when using too many register +variables. You must use gcc 3.x on PowerPC. +@end example + +@section Windows + +@itemize +@item Install the current versions of MSYS and MinGW from +@url{http://www.mingw.org/}. You can find detailed installation +instructions in the download section and the FAQ. + +@item Download +the MinGW development library of SDL 1.2.x +(@file{SDL-devel-1.2.x-mingw32.tar.gz}) from +@url{http://www.libsdl.org}. Unpack it in a temporary place, and +unpack the archive @file{i386-mingw32msvc.tar.gz} in the MinGW tool +directory. Edit the @file{sdl-config} script so that it gives the +correct SDL directory when invoked. + +@item Extract the current version of QEMU. + +@item Start the MSYS shell (file @file{msys.bat}). + +@item Change to the QEMU directory. Launch @file{./configure} and +@file{make}. If you have problems using SDL, verify that +@file{sdl-config} can be launched from the MSYS command line. + +@item You can install QEMU in @file{Program Files/Qemu} by typing +@file{make install}. Don't forget to copy @file{SDL.dll} in +@file{Program Files/Qemu}. + +@end itemize + +@section Cross compilation for Windows with Linux + +@itemize +@item +Install the MinGW cross compilation tools available at +@url{http://www.mingw.org/}. + +@item +Install the Win32 version of SDL (@url{http://www.libsdl.org}) by +unpacking @file{i386-mingw32msvc.tar.gz}. Set up the PATH environment +variable so that @file{i386-mingw32msvc-sdl-config} can be launched by +the QEMU configuration script. + +@item +Configure QEMU for Windows cross compilation: +@example +./configure --enable-mingw32 +@end example +If necessary, you can change the cross-prefix according to the prefix +choosen for the MinGW tools with --cross-prefix. You can also use +--prefix to set the Win32 install path. + +@item You can install QEMU in the installation directory by typing +@file{make install}. Don't forget to copy @file{SDL.dll} in the +installation directory. + +@end itemize -@section @file{sha1} +Note: Currently, Wine does not seem able to launch +QEMU for Win32. -It is a simple benchmark. Care must be taken to interpret the results -because it mostly tests the ability of the virtual CPU to optimize the -@code{rol} x86 instruction and the condition code computations. +@section Mac OS X -@section @file{runcom} +The Mac OS X patches are not fully merged in QEMU, so you should look +at the QEMU mailing list archive to have all the necessary +information. -A very simple MSDOS emulator to test the Linux vm86() system call -emulation. The excellent 54 byte @file{pi_10.com} PI number calculator -can be launched with it. @file{pi_10.com} was written by Bertram -Felgenhauer (more information at @url{http://www.boo.net/~jasonp/pipage.html}).