is an experimental instruction-level machine emulator. Several emulation modes are available. In some modes, processors and surrounding hardware components are emulated well enough to let unmodified operating systems (e.g. NetBSD) run inside the emulator as if they were running on a real machine.

The processor architecture best emulated by GXemul is MIPS, but other architectures (ARM and PowerPC) are also partially emulated.

MIPS processors are emulated either using a simple type of binary translator (on Alpha and i386 hosts), or using traditional slow interpretation (all other hosts, including amd64 machines running in 64-bit mode).

Non-MIPS processors are emulated using a newer dynamic translation system (called dyntrans in the rest of this man page); dyntrans does not require any host-specific code, so it should work on any platform. Performance is somewhere between binary translation and traditional interpretation.

There are three ways to invoke the emulator:

1. When emulating a complete machine, configuration options can be entered directly on the command line.

2. Options can be read from a configuration file.

3. When emulating a userland environment (syscall-only emulation, not emulating complete machines), then the program name and its argument should be given on the command line. (This mode doesn't really work yet.)

The easiest way to use the emulator is to supply settings directly on the command line. The most important thing you need to supply is the file argument. This is the name of a binary file (an ELF, a.out, COFF/ECOFF, SREC, or a raw binary image) which you wish to run in the emulator. This file might be an operating system kernel, or perhaps a ROM image file.

If more than one filename is supplied, all files are loaded into memory, and the entry point (if available) is taken from the last file.

Apart from the name of a binary file, it is also necessary to select which specific emulation mode to use. For example, a MIPS-based machine from DEC (a DECstation) is very different from a MIPS-based machine from SGI. Use -H to get a list of available emulation modes.

There are two exceptions to the normal invocation usage mentioned above. The first is for DECstation emulation: if you have a bootable DECstation harddisk or CDROM image, then just supplying the diskimage via the -d option is sufficient. (The filename of the kernel can then be skipped, as the emulator runs the bootblocks from the diskimage directly and doesn't need the kernel as a separate file.) The second is if you supply an ISO9660 CDROM disk image. You may then use the -j option to indicate which file on the CDROM filesystem that should be loaded into emulated memory.

Machine selection options:

-E t

Try to emulate machine type t . This option is not always needed, if the -e option uniquely selects a machine. (Use -H to get a list of types.)

-e st

Try to emulate machine subtype st . Use this together with -E . (This option is not always needed, if a machine type has no subtypes.)

Other options:

-A

Disable load/store alignment checks in some cases. This might give a small increase in performance, but the emulator will not run correctly if the emulated code actually tries to do unaligned loads or stores. (This option is only meaningful when emulating MIPS CPUs, when the host architecture is Alpha or i386, and binary translation is enabled.)

-B

Disable dynamic binary translation. By default, bintrans will be turned on if the host+target architecture combination is supported. Currently, the only supported target architecture for bintrans is MIPS, and the supported host architectures are Alpha and i386.

-C x

Try to emulate a specific CPU type, x . This overrides the default CPU type for the machine being emulated. (Use -H to get a list of available CPU types.)

-d name

Add name as a disk image. By adding one or more modifier characters and then a colon (":") as a prefix to name , you can modify the way the disk image is treated. Available modifiers are:

b

Specifies that this is a boot device.

c

CD-ROM.

d

DISK (this is the default).

f

FLOPPY.

gH;S;

Override the default geometry; use H heads and S sectors-per-track. (The number of cylinders is calculated automatically.)

i

IDE.

r

Read-only (don't allow changes to be written to the file).

s

SCSI (this is the default for most machine types).

t

Tape.

0-7

Force a specific ID number.

Unless otherwise specified, filenames ending with ".iso" or ".cdr" are assumed to be CDROM images. Most others are assumed to be disks. Depending on which machine is being emulated, the default for disks can be either SCSI or IDE. Some disk images that are very small are assumed to be floppy disks. (If you are not happy with the way a disk image is detected, then you need to use explicit prefixes to force a specific type.) For floppies, the gH;S; prefix is ignored. Instead, the number of heads and cylinders are assumed to be 2 and 80, respectively, and the number of sectors per track is calculated automatically. (This works for 720KB, 1.2MB, 1.44MB, and 2.88MB floppies.)

-I x

Emulate clock interrupts at x Hz. (This affects emulated clock devices only, not actual runtime speed. This disables automatic clock adjustments, which is otherwise turned on.) (This option is probably only valid for DECstation emulation.)

-i

Display each instruction as it is being executed.

-J

Disable some speed tricks. For MIPS emulation, these are mostly timing-related. For non-MIPS emulation (i.e. those modes using dyntrans), this flag disables the use of "instruction combinations".

-j n

Set the name of the kernel to n . When booting from an ISO9660 filesystem, the emulator will try to boot using this file. (In some emulation modes, eg. DECstation, this name is passed along to the boot program. Useful names are "bsd" for OpenBSD/pmax, or "vmunix" for Ultrix.)

-M m

Emulate m MBs of physical RAM. This overrides the default amount of RAM for the selected machine type.

-m nr

Run at most nr instructions (on any cpu).

-N

Display nr of instructions/second average, at regular intervals.

-n nr

Set nr of CPUs (for SMP experiments).

-O

Force a "netboot" (tftp instead of disk), even when a disk image is present (for DECstation, SGI, and ARC emulation).

-o arg

Set the boot argument (mostly useful for DEC, ARC, or SGI emulation). Default arg for DEC is "-a", for ARC/SGI it is "-aN", and for CATS it is "-A".

-p pc

Add a breakpoint. (Remember to use the "0x" prefix for hex.)

-Q

Disable the built-in PROM emulation. This is useful for running raw ROM images from real machines.

-R

Use a random bootstrap cpu, instead of CPU nr 0. (For SMP experiments.)

-r

Dump register contents for every executed instruction.

-S

Initialize the emulated RAM to random data, instead of zeroes.

-T

Enter the single-step debugger on unimplemented memory accesses.

-t

Show a trace tree of all function calls being made.

-U

Enable slow_serial_interrupts_hack_for_linux.

-X

Use X11.

-x

Open up new xterms for emulated serial ports. (Default is to open up xterms when using configuration files, but not when starting an emulation with settings directly on the command line.)

-Y n

Scale down framebuffer windows by n x n times. This option is useful when emulating a very large framebuffer, and the actual display is of lower resolution. If n is negative, then there will be no scaledown, but emulation of certain graphic controllers will be scaled up by -n times instead. E.g. Using -2 with VGA text mode emulation will result in 80x25 character cells rendered in a 1280x800 window, instead of the normal resolution of 640x400.

-y x

Set max_random_cycles_per_chunk to x (experimental).

-Z n

Set the number of graphics cards, for emulating a dual-head or tripple-head environment. (Only for DECstation emulation so far.)

-z disp

Add disp as an X11 display to use for framebuffers.

Userland options:

-u emul-mode

Userland-only (syscall) emulation. (Use -H to get a list of available emulation modes.) Some (but not all) of the options listed under Other options above can also be used with userland emulation.

General options:

-D

Guarantee fully deterministic behavior. Normally, the emulator calls srandom() with a seed based on the current time at startup. When the -D option is used, the srandom() call is skipped, which should cause two subsequent invocations of the emulator to be identical, if all other settings are identical and no user input is taking place. (If this option is used, then -I must also be used.)

-H

Display a list of available CPU types, machine types, and userland emulation modes. (Most of these don't work. Please read the documentation included in the distribution for details on which modes that actually work.)

-h

Display a list of all available command line options.

-K

Force the single-step debugger to be entered at the end of a simulation.

-q

Quiet mode; this suppresses startup messages.

-s

For MIPS emulation: Show opcode usage statistics after the simulation. For non-MIPS emulation (i.e. using dyntrans): Save statistics to a file at regular intervals of which physical addresses that were executed.

-V

Start up in the single-step debugger, paused.

-v

Verbose debug messages.

Configuration file startup:

@ configfile

Start an emulation based on the contents of configfile .

For more information, please read the documentation in the doc/ subdirectory of the distribution.

The following command will start NetBSD/pmax on an emulated DECstation 5000/200 (3MAX):

nbsd_pmax.img should be a raw disk image containing a bootable NetBSD/pmax filesystem.

The following command will start an emulation session based on settings in the configuration file "mysession". The -v option tells gxemul to be verbose.

If you have compiled the small Hello World program mentioned in the documentation, the following command will start up an emulated test machine in "paused" mode:

(Paused mode means that you enter the interactive single-step debugger directly at startup, instead of launching the Hello World program.)

Please read the documentation for more details.

There are many bugs. Some of the known bugs are listed in the BUGS file in the source distribution, some are indirectly mentioned in the TODO file, and some are mentioned in the source code itself.

The binary translation subsystem is really terrible, but it is less terrible than running without it.

Userland (syscall-only) emulation doesn't really work yet.

Emulation of MIPS CPUs is done differently from other emulation modes; the documentation sometimes only reflects the way things work with MIPS emulation, and it is incorrect when applied to e.g. ARM emulation.

does not simulate individual pipe-line stages or penalties caused by branch-prediction misses or cache misses, so it cannot be used for accurate simulation of any actual real-world processor.

is not timing-accurate.

Anders Gavare <anders@gavare.se>

See http://gavare.se/gxemul/ for more information.