Port of (i386) QEMU to C++

It’s been a rather long week, as I’ve been building QEMU in my cygwin/mingw environment.  My build environment is cygwin, but I use -mno-cygwin to use the mingw compiler.

I don’t want to delve too much into building QEMU since I really should include the patches I made to get everything working.  I haven’t included those patches as part of this post, so this post is more just a status update on what I’m up too.

QEMU has dependancies on several other packages, including GNU TLS, which doesnt build cleanly in mingw/cygwin.  I did manage to get it too build however, which enabled me to build QEMU.  QEMU 0.9.1 doesn’t build cleanly, but only for one of the non i386 architectured.  I wrote a patch which I’ll link too in another post.

0.9.1 is also buggy in Windows.  I downloaded QEMU Manager which is a GUI frontend.  The latest version uses either 0.9.0 or 0.9.1 depending on configuration.  0.9.1 crashes almost immediately.  0.9.0 is OK.  The current SVN sources are also bug free, although they required some patches to build in mingw/cygwin.  I might post the patches I wrote, but there is probably not much demand for this.  All I did was disable one particular new feature introduced since 0.9.1.

I thought I’d go about tracking down the bug in 0.9.1 since I wanted to do my QEMU changes to a reasonably recent version (0.9.1 is the current stable version).  I knew 0.9.0 was working, and 0.9.1 was buggy, so somewhere in between the bug was introduced.

I took SVN revisions of the 0.9.0 and 0.9.1 tags, and did a binary search.  I would take the middle revision and build it (making appropriate patches when necessary to compile), then check if it crashed.  I eventually tracked down the revision that introduced the crash.  I then looked over the diff but couldn’t immediately see the bug, so I started to only apply patches to individual files (actually I did it backwards, by reverting files to their original state).  I had the patch isolated to a single file causing the crash.

I then decided I would compare the code causing the crash to the current SVN which has fixed the bug.  I found the relevant lines of code, and also a checkin message talking about fixing memory corruption under windows.  This was surely the problem, so I patched by hand the code and voila, no more crashing.

I’m not sure if its the best idea to not use the current SVN as my base for modifying QEMU.  For now I’ll stick with the most recent stable release..

Also another setback, is that I was unable to get the accelerator Kqemu to work.  When installed, QEMU would crash during booting an image.  I think this may have been a problem with Vista as KQemu is said not to be tested under this host.  The funny thing is, in QEMU Manager, KQemu seems to work (is it really running?). 

I plan to write a memcheck tool in the spirit of valgrind for QEMU running the Linux Kernel.  I prefer hacking in C++ and having access to STL.  I guess this is to everybodys favour.  C++ seems to be loved or hated.  I went about porting QEMU to compile with g++.

Mostly needed, were explicit casts from void *.  Several parts of the code used reserved words from C++ like private, or class.  Painful to port was c99 static initialization that used designators, eg, struct foo f { .member = 1; }.  g++ doesnt implement c99 style initialization.  I removed the designators from some of the code, expanding the intiatilization to include all the initial members of the structs.  I found out later that there is a GNU extention which does the equivlanet, { member : 1 }.  Turns out at least on my version of g++ it doesnt work all the time.  It complains that its initializating too many members in some cases.  Maybe in a more recent version than the cygwin supplied mingw gcc it is fixed.

Most painful was when array indexes were being initialized char foo[] = { [10] = ‘a’; }.  I expanded some of the arrays like the SSE instruction handling, but its very easy to make it buggy with an extra or missing line.  For some parts of the code, i simply turned the static initialization into a runtime affair by making an initialization function with the gcc attribute of constructor.  Then i used some search/replace expressions to convert the static initialization into runtime initialization.

I also had alot of pain with QEMU linking.  Firstly, the use of INLINE for inline functions is pretty bad.  It defines functions as inline inside one source file, then uses them in another source file with the only glue linking them together, being the linker.  ie, not inline at all.  In C++, inline functions need to be defined so all code that uses them, sees the defintion.

The biggest dram with linking was in QEMU createing an object file with operations performed by the JIT.  Another program parses the object files extracting the code, to use in the JIT aspects of QEMU.  Now, I had to compile the object file as extern “C” to avoid C++ name mangling.  Turns out the definitions and prototypes for this, is all over the shop.

Well, to summarize.  I have working a C++ port of QEMU for i386 (but none of the other architectures).  I tested it by installing Fedora Linux, and then building a new kernel image (with frame pointer enabled, so I can get a good stack trace for my memcheck code).  The kernel compile took over 10 hours (ouch).

I’m not sure if anyone besides myself is interested in a C++ version of QEMU.  I have a C++ version of dynamips also if anyone is interested.

4 responses to “Port of (i386) QEMU to C++

  1. Hi:
    I would like to study Qemu,but don’t know where to start.I’ve read some articles from Qemu website , and wonder if there’s any papers about how to trace the source code of Qemu.
    Would you give me any suggestions?
    Thanks a lot.

    • Hi. It’s a good question you ask, but I’m afraid I don’t have a really good solution beyond looking at the source and making out of it what you can. I’ve not had to require too deep an understanding of the source to do what I’ve needed too, such as modifying the software MMU to add some callbacks, or just get a view on how they go about implementing some particular feature which can help me understand the problems in my own emulator.

      Did you have any particular goals in mind, or do you want to get an overall understanding of the QEMU sources?

  2. Hi~~
    Our lab has a plan to simulate ARM with Qemu,and then use socket to communicate OS and ARM.It’s just an idea now , but I would like to know more about this simulator.Now I just know Qemu turns guest Instructions to C block code and execute by Host OS.I think it will be fun to dig deep into source code.
    ^^

  3. Hi, I am also trying to study QEMU.
    Dear silviocesare, JOJO,
    Do you have some guideline for me to get started? Currently I am reading QEMU wiki and going through source. My goal is to add AVR32 processor support in QEMU. I have some good understanding of AVR32 architecture, but don’t know how deep it is to attempt this!
    BR,
    Sreejith

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s