QEMU with RISC-V (RV64G, RV32G) Emulation Support
C C++ Python Shell Haxe Assembly Other
Latest commit d2d8d80 Feb 19, 2017 @sagark sagark committed on GitHub Merge pull request #55 from sorear/sifive_uart_final
Update UART model to match shipped FE310
Permalink
Failed to load latest commit information.
audio trace-events: fix first line comment in trace-events Aug 12, 2016
backends msmouse: Fix segfault caused by free the chr before chardev cleanup. Sep 22, 2016
block Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into s… Sep 23, 2016
bsd-user Fix bsd-user build after d915b7b Aug 24, 2016
contrib Clean up ill-advised or unusual header guards Jul 12, 2016
crypto crypto: Switch to QEMU UUID API Sep 23, 2016
default-configs linux-user code Sep 28, 2016
disas target-riscv/disas: enable disas building in configure Feb 2, 2017
docs docs: Add documentation for COLO-proxy Sep 27, 2016
dtc @ 65cc4d2 dtc: Update dtc / libfdt submodule to version 1.4.0 Jun 3, 2015
fpu target-riscv: Clean up everything such that checkpatch doesn't complain Sep 27, 2016
fsdev 9pfs: drop useless v9fs_string_null() function Sep 16, 2016
gdb-xml target-ppc: gdbstub: Add VSX support Jan 30, 2016
hacking_files target-riscv: Enable RVC tests again Feb 3, 2017
hw Update UART model to match shipped FE310 Feb 19, 2017
include target-riscv/disas: enable disas building in configure Feb 2, 2017
io trace-events: fix first line comment in trace-events Aug 12, 2016
libdecnumber libdecnumber: Clean up includes Feb 16, 2016
linux-headers linux-headers: update Sep 5, 2016
linux-user Remove brk special handling Jan 12, 2017
migration cutils: Export only buffer_is_zero Sep 13, 2016
nbd nbd-server: Use a separate BlockBackend Sep 5, 2016
net net: limit allocation in nc_sendv_compat Sep 27, 2016
pc-bios optionrom: do not rely on compiler's bswap optimization Sep 13, 2016
pixman @ 87eea99 pixman: update internal copy to pixman-0.32.6 Sep 15, 2014
po Added Bulgarian translation Jul 1, 2016
qapi block: Remove BB interface from blockdev-add/del Sep 23, 2016
qga qga: free remaining leaking state Sep 8, 2016
qobject json-streamer: fix double-free on exiting during a parse Jul 12, 2016
qom linux-user-i386: Fix crash on cpuid Sep 19, 2016
replay replay: Use new QAPI cloning Jul 6, 2016
roms Update OpenBIOS images to c5542f2 built from submodule. Sep 12, 2016
scripts Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into… Sep 23, 2016
slirp hw: replace most use of qemu_chr_fe_write with qemu_chr_fe_write_all Sep 13, 2016
stubs Merge remote-tracking branch 'remotes/famz/tags/various-pull-request'… Sep 23, 2016
target-alpha target-alpha: Generate fence op Sep 16, 2016
target-arm arm: add Cortex A7 CPU parameters Sep 22, 2016
target-cris Clean up decorations and whitespace around header guards Jul 12, 2016
target-i386 kvm: fix events.flags (KVM_VCPUEVENT_VALID_SMM) overwritten by 0 Sep 22, 2016
target-lm32 target-*: Clean up cpu.h header guards Jul 12, 2016
target-m68k Remove unused function declarations Sep 15, 2016
target-microblaze target-*: Clean up cpu.h header guards Jul 12, 2016
target-mips target-mips: generate fences Sep 23, 2016
target-moxie target-*: Clean up cpu.h header guards Jul 12, 2016
target-openrisc Clean up header guards that don't match their file name Jul 12, 2016
target-ppc ppc/kvm: Mark 64kB page size support as disabled if not available Sep 23, 2016
target-riscv target-riscv: Enable RVC tests again Feb 3, 2017
target-s390x s390x/kvm: disable cpu model for the 2.7 machine Sep 19, 2016
target-sh4 sh4: fix broken link to documentation Sep 15, 2016
target-sparc sparc: Use g_memdup() instead of g_new0() + memcpy() Sep 13, 2016
target-tilegx Clean up header guards that don't match their file name Jul 12, 2016
target-tricore Clean up decorations and whitespace around header guards Jul 12, 2016
target-unicore32 target-*: Clean up cpu.h header guards Jul 12, 2016
target-xtensa Clean up header guards that don't match their file name Jul 12, 2016
tcg tcg/i386: Extend TARGET_PAGE_MASK to the proper type Sep 20, 2016
tests Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into sta… Sep 26, 2016
trace trace: Avoid implicit bool->integer conversions Sep 5, 2016
ui Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into s… Sep 23, 2016
util uuid: Tighten uuid parse Sep 23, 2016
.dir-locals.el Add .dir-locals.el file to configure emacs coding style Oct 8, 2015
.exrc qemu: add .exrc Sep 7, 2012
.gitignore Replace qmp-commands.hx by docs/qmp-commands.txt Sep 19, 2016
.gitmodules PPC: Add u-boot firmware for e500 Jun 16, 2014
.mailmap Update mailmap Sep 5, 2013
.travis.yml .travis.yml: Disable IRC build status updates from forks Jul 18, 2016
CODING_STYLE CODING_STYLE, checkpatch: update line length rules Aug 10, 2016
COPYING COPYING: update from FSF Oct 12, 2008
COPYING.LIB Update FSF address in GPL/LGPL boilerplate Jan 4, 2009
Changelog Use qemu-project.org domain name Oct 11, 2013
HACKING Disable warn about left shifts of negative values Aug 9, 2016
LICENSE vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/h… Dec 19, 2014
MAINTAINERS target-riscv: sync up codebase with last set of patches submitted ups… Sep 27, 2016
Makefile blockdev: Add dynamic module loading for block drivers Sep 20, 2016
Makefile.objs replication: Introduce new APIs to do replication operation Sep 13, 2016
Makefile.target build-sys: remove qmp-commands-old.h Sep 19, 2016
README Revert e5dfc5e("Move README to markdown") Jul 21, 2016
README.md Update UART model to match shipped FE310 Feb 19, 2017
VERSION Open 2.8 development tree Sep 5, 2016
accel.c accel: make configure_accelerator return void May 18, 2016
aio-posix.c aio-posix: remove useless parameter Jul 18, 2016
aio-win32.c aio-posix: remove useless parameter Jul 18, 2016
arch_init.c riscv: Add full-system emulation support for the RISC-V Instruction S… Sep 27, 2016
async.c aio-posix: remove useless parameter Jul 18, 2016
balloon.c all: Clean up includes Feb 4, 2016
block.c block: Don't queue the same BDS twice in bdrv_reopen_queue_child() Sep 23, 2016
blockdev-nbd.c nbd-server: Allow node name for nbd-server-add Sep 5, 2016
blockdev.c block: Remove BB interface from blockdev-add/del Sep 23, 2016
blockjob.c block jobs: Improve error message for missing job ID Sep 5, 2016
bootdevice.c error: Remove NULL checks on error_propagate() calls Jun 20, 2016
bt-host.c all: Clean up includes Feb 4, 2016
bt-vhci.c all: Clean up includes Feb 4, 2016
configure target-riscv/disas: enable disas building in configure Feb 2, 2017
cpu-exec-common.c cpu-exec: Rename cpu_resume_from_signal() to cpu_loop_exit_noexc() Jun 9, 2016
cpu-exec.c cpu-exec: Check -dfilter for -d cpu Sep 16, 2016
cpus.c riscv: lowercase env->pc Sep 29, 2016
cputlb.c tcg: Merge GETPC and GETRA Sep 16, 2016
device-hotplug.c blockdev: Split monitor reference from BB creation Mar 17, 2016
device_tree.c qemu-common: stop including qemu/bswap.h from qemu-common.h May 19, 2016
disas.c target-riscv: sync up codebase with last set of patches submitted ups… Sep 27, 2016
dma-helpers.c dma-helpers: dma_blk_io() cancel support Jun 28, 2016
dump.c error: Remove NULL checks on error_propagate() calls Jun 20, 2016
exec.c kvm-all: drop kvm_setup_guest_memory Sep 13, 2016
gdbstub.c hw: replace most use of qemu_chr_fe_write with qemu_chr_fe_write_all Sep 13, 2016
hmp-commands-info.hx monitor: remove mhandler.cmd_new Sep 19, 2016
hmp-commands.hx monitor: remove mhandler.cmd_new Sep 19, 2016
hmp.c block: Accept device model name for blockdev-change-medium Sep 23, 2016
hmp.h trace: Allow event name pattern in "info trace-events" Jul 18, 2016
iohandler.c iohandler: Introduce iohandler_get_aio_context Apr 22, 2016
ioport.c hw: remove pio_addr_t May 19, 2016
iothread.c iothread: Stop threads before main() quits Sep 13, 2016
kvm-all.c kvm-all: drop kvm_setup_guest_memory Sep 13, 2016
kvm-stub.c kvm-all: drop kvm_setup_guest_memory Sep 13, 2016
main-loop.c main-loop: check return value before using pointer Jul 12, 2016
memory.c memory: remove memory_region_destructor_rom_device Sep 14, 2016
memory_mapping.c all: Remove unnecessary glib.h includes Jun 7, 2016
module-common.c all: Clean up includes Feb 4, 2016
monitor.c monitor: fix crash for platforms without a CPU 0 Sep 23, 2016
numa.c numa: do not leak NumaOptions Aug 7, 2016
os-posix.c use g_path_get_dirname instead of dirname Jul 17, 2016
os-win32.c all: Clean up includes Feb 4, 2016
page_cache.c coccinelle: Remove unnecessary variables for function return value Jun 20, 2016
qapi-schema.json target-riscv: fix qapi-schema.json documentation issues Oct 7, 2016
qdev-monitor.c qdev-monitor: Add blk_by_qdev_id() Sep 23, 2016
qdict-test-data.txt Introduce QDict test data file Sep 4, 2009
qemu-bridge-helper.c all: Remove unnecessary glib.h includes Jun 7, 2016
qemu-char.c qemu-char: Add qemu_chr_add_handlers_full() for GMaincontext Sep 27, 2016
qemu-doc.texi Allow users to specify the vmdk virtual hardware version. May 12, 2016
qemu-ga.texi docs: Style the command and its options in the synopsis Jan 26, 2016
qemu-img-cmds.hx qemu-img: add skip option to dd Sep 20, 2016
qemu-img.c qemu-img: add skip option to dd Sep 20, 2016
qemu-img.texi qemu-img: add skip option to dd Sep 20, 2016
qemu-io-cmds.c block: switch blk_write_compressed() to byte-based interface Sep 5, 2016
qemu-io.c trace: enable tracing in qemu-io Jun 28, 2016
qemu-nbd.c nbd-server: Use a separate BlockBackend Sep 5, 2016
qemu-nbd.texi trace: enable tracing in qemu-nbd Jun 28, 2016
qemu-option-trace.texi doc: move text describing --trace to specific .texi file Jun 28, 2016
qemu-options-wrapper.h vl.c: In qemu -h output, only print options for the arch we are runni… Dec 19, 2011
qemu-options.h Clean up ill-advised or unusual header guards Jul 12, 2016
qemu-options.hx tap: Allow specifying a bridge Sep 27, 2016
qemu-seccomp.c seccomp: adding getrusage to the whitelist Sep 21, 2016
qemu-tech.texi Remove remainders of HPPA backend Sep 15, 2016
qemu-timer.c timer: set vm_clock disabled default Aug 9, 2016
qemu.nsi nsis: Add QEMU version information to Windows registry Sep 24, 2015
qemu.sasl sasl: Avoid 'Could not find keytab file' in syslog Mar 15, 2014
qmp.c Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into s… Sep 23, 2016
qtest.c tests: add RTAS command in the protocol Sep 23, 2016
replication.c replication: Introduce new APIs to do replication operation Sep 13, 2016
replication.h replication: Introduce new APIs to do replication operation Sep 13, 2016
rules.mak rules.mak: Don't extract libs from .mo-libs in link command Sep 13, 2016
softmmu_template.h tcg: Merge GETPC and GETRA Sep 16, 2016
spice-qemu-char.c qapi: Don't special-case simple union wrappers Mar 18, 2016
tcg-runtime.c all: Clean up includes Feb 4, 2016
tci.c tcg/tci: Add support for fence Sep 16, 2016
thread-pool.c coroutine: move entry argument to qemu_coroutine_create Jul 13, 2016
thunk.c thunk: Rename args and fields in host-target bitmask conversion code Jun 7, 2016
tpm.c qapi: Don't special-case simple union wrappers Mar 18, 2016
trace-events filter-rewriter: rewrite tcp packet to keep secondary connection Sep 27, 2016
translate-all.c tcg: Merge GETPC and GETRA Sep 16, 2016
translate-all.h trace: Add per-vCPU tracing states for events with the 'vcpu' property Jul 18, 2016
translate-common.c include: move CPU-related definitions out of qemu-common.h May 19, 2016
user-exec.c tcg: Merge GETPC and GETRA Sep 16, 2016
version.rc Use qemu-project.org domain name Oct 11, 2013
vl.c filter-rewriter: introduce filter-rewriter initialization Sep 27, 2016
xen-common-stub.c xen: Clean up includes Jan 29, 2016
xen-common.c xen: drop XenXC and associated interface wrappers Feb 10, 2016
xen-hvm-stub.c fix MSI injection on Xen Feb 6, 2016
xen-hvm.c xen: handle inbound migration of VMs without ioreq server pages Aug 12, 2016
xen-mapcache.c os-posix: include sys/mman.h Jun 16, 2016

README.md

riscv-qemu Build Status

About:

The riscv64-softmmu target for full system RV64GC emulation is currently supported. It supports booting Linux from the master branch of riscv-linux and passes the compatibility tests from riscv-tests. A riscv32-softmmu target for full system RV32GC emulation is also supported. It currently passes all tests from riscv-tests. See Method 1 below.

Support for riscv64-linux-user and riscv32-linux-user is also present. These pass the tests from riscv-qemu-tests. See Method 2 below.

RISC-V Port Contributors:

Upstream QEMU Version:

  • 2.7.50, Last rebase: Sept 27, 2016
  • Note: As we proceed with upstreaming, rebasing will happen regularly

Privileged Specification Version:

This version of QEMU adheres to the RISC-V v1.9.1 Privileged Specification as described in Technical Report No. UCB/EECS-2016-161 and commit ad9ebb8557e32241bfca047f2bc628a2bc1c18cb (master) of riscv-tools.

Please note that QEMU tracks released drafts of the RISC-V Privileged Specification, not work-in-progress changes as Spike does.

Contributing:

If you're interested in contributing to riscv-qemu, the github issues with the "help wanted" label are a good place to start. If you're working on a new feature, create an issue about the feature and mention that you're working on it.

Installation

Prerequisites:

$ sudo apt-get install gcc libc6-dev pkg-config bridge-utils uml-utilities zlib1g-dev libglib2.0-dev autoconf automake libtool libsdl1.2-dev

Jump to Method 1 if you want full-system simulation, or Method 2a/b for linux-user mode.

Method 1a (Full-System Simulation using the Spike board):

Step 1: Build QEMU

$ git clone https://github.com/riscv/riscv-qemu
$ cd riscv-qemu
$ git submodule update --init pixman
$ ./configure --target-list=riscv64-softmmu,riscv32-softmmu [--prefix=INSTALL_LOCATION]
$ make
$ [make install] # if you supplied prefix above

Step 2: Obtain Images

You can build vmlinux from the master branch of the riscv-linux repo and create an initramfs for your root filesystem, then supply the resulting vmlinux as a payload for bbl. Alternatively, you can use the prebuilt copy linked below. This single file contains bbl with the Linux kernel as a payload. The included copy of the Linux kernel also has an initramfs with busybox.

a) bblvmlinuxinitramfs_dynamic

Step 3: Run QEMU

To boot Linux (assuming you are in the riscv-qemu directory):

$ ./riscv64-softmmu/qemu-system-riscv64 -kernel bblvmlinuxinitramfs_dynamic -nographic

Notes about arguments:

  • -kernel bblvmlinuxinitramfs_dynamic: This is the path to the binary to run. In this case, it contains the bbl bootloader, vmlinux, and an initramfs containing busybox.

Useful optional arguments:

  • -m 2048M: Set size of memory, in this example, 2048 MB

Current limitations:

  • The current RISC-V board definition provides only an HTIF console device. Support for other HTIF-based devices has been removed from riscv-linux; as a result, QEMU no longer supports them either.

Method 1b (Full-System Simulation compatible with the SiFive U500 SDK ):

(this is very incomplete, and is based mostly on software reverse engineering)

Step 1: Build QEMU

(The same QEMU build supports both boards.)

$ git clone https://github.com/riscv/riscv-qemu
$ cd riscv-qemu
$ git submodule update --init pixman
$ ./configure --target-list=riscv64-softmmu,riscv32-softmmu [--prefix=INSTALL_LOCATION]
$ make
$ [make install] # if you supplied prefix above

Step 2: Compile the boot image

The following packages are used above and beyond what is in a minimal Fedora 24 image:

dnf install @buildsys-build git wget texinfo bison flex bc python perl-Thread-Queue vim-common

Download the SDK; the version given is the most recent which is compatible with QEMU (privilege spec 1.9):

git clone https://github.com/sifive/freedom-u-sdk
cd freedom-u-sdk
git reset --hard b38f7c98
git submodule update --init --recursive

Patch to allow the image to boot on emulated hardware that supports floating point, apply this in the riscv-pk directory:

diff --git a/Makefile.in b/Makefile.in
index f885b30..8babada 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -84,7 +84,7 @@ VPATH := $(addprefix $(src_dir)/, $(sprojs_enabled))
 #  - CXXFLAGS : flags for C++ compiler (eg. -Wall,-g,-O3)

 CC            := @CC@
-CFLAGS        := @CFLAGS@ $(CFLAGS) -DBBL_PAYLOAD=\"$(bbl_payload)\" -mno-float
+CFLAGS        := @CFLAGS@ $(CFLAGS) -DBBL_PAYLOAD=\"$(bbl_payload)\"
 COMPILE       := $(CC) -MMD -MP $(CFLAGS) \
                  $(sprojs_include)
 # Linker

Build:

make -j4

(This step took roughly 20 minutes and created 9.3G of files.)

Step 3: Run QEMU

To boot Linux (assuming you are in the riscv-qemu directory):

$ ./riscv64-softmmu/qemu-system-riscv64 -kernel freedom-u-sdk/work/riscv-pk/bbl -nographic -machine sifive

Notes about arguments:

  • -kernel bblvmlinuxinitramfs_dynamic: This is the path to the binary to run. In this case, it contains the bbl bootloader, vmlinux, and an initramfs containing busybox.

Useful optional arguments:

  • -m 2048M: Set size of memory, in this example, 2048 MB

Method 2a (Fedora 24 Userland with User Mode Simulation, Recommended):

To avoid having to build the RISC-V toolchain and programs yourself, use Stefan O'Rear's RISC-V Fedora Docker Image to obtain a Fedora 25 Userland for RISC-V, packaged with riscv-qemu.

Method 2b (Manual User Mode Simulation):

Step 1: Build QEMU

$ git clone https://github.com/riscv/riscv-qemu
$ cd riscv-qemu
$ git submodule update --init pixman
$ ./configure --target-list=riscv64-linux-user,riscv32-linux-user [--prefix=INSTALL_LOCATION]
$ make
$ [make install] # if you supplied prefix above

Step 2: Setup Compiler, Run a Program

You will need a compiler to build programs for RISC-V, as well as a sysroot that contains the appropriate libraries. Follow the instructions in the README of the riscv-tools repo (make sure you use the linked commit!) to build the riscv64-unknown-linux-gnu-gcc compiler. $RISCV below refers to the installation directory you are instructed to create in the aforementioned README.

Now, build a hello world program with riscv64-unknown-linux-gnu-gcc and run it like so:

$ riscv64-unknown-linux-gnu-gcc hello.c -o hello
$ ./riscv64-linux-user/qemu-riscv64 -L $RISCV/sysroot hello

Running RISC-V Tests on softmmu:

A script (run-rv-tests.py) for running the RV64/RV32 tests from riscv-tests is included in the hacking_files directory. All RV64/RV32 tests (listed in hacking_files/rv64-tests-list and hacking_files/rv32-tests-list) are expected to pass on their respective targets.

Running RISC-V Tests on linux-user:

Please see riscv-qemu-tests.

Using QEMU to Debug RISC-V Code:

QEMU works with RISC-V GDB to enable remote debugging.

To use this, start QEMU with the additional flags -S -s:

$ ./riscv64-softmmu/qemu-system-riscv64 -S -s -kernel PROGRAM -nographic

This will start QEMU, but immediately pause and wait for a gdb connection.

Separately, start riscv64-unknown-elf-gdb:

$ riscv64-unknown-elf-gdb [optional binary]

At the prompt, connect to QEMU:

(gdb) target remote localhost:1234

At this point, you can use regular gdb commands to singlestep, set breakpoints, read/write registers, etc. If you type continue in gdb, you can return to QEMU and interact with the machine as if you were using it without GDB attached.

TODOs:

  • See target-riscv/TODO

Notes

  • Files/directories of interest:
    • target-riscv/
    • hw/riscv/
    • linux-user/riscv