On Fri, 17 Apr 2020 at 09:07, Randy Yates <ya...@digitalsignallabs.com> wrote:
> 2.1 Top-Level Architecture
>
> There is a MachineClass, MachineState, and MachineInstance. What are purposes
> of these logical divisions?
class vs state is QEMU's usual object model (QOM) structs:
there is one instance of a class struct which contains
things like method pointers; each instance of the object
as a FooState struct which has the varies-per-instance
data. The doc comments in include/qom/object.h are probably
a good place to start for a summary of the object model.
'git grep MachineInstance' has no matches, so I don't know
what you have in mind there.
> 2.2 Miscellaneous
>
> Apparently the CPU has properties. What are the specific properties and their
> defaults? How do you change a property's default value?
Mostly undocumented; nominally introspectable. In practice,
just look at what other source code is doing. For some
devices the .h file includes a comment describing this
kind of thing, but often not.
> How do you model and implement startup from power on reset?
Not sure what you have in mind here. It just works: the
CPU starts running from the reset address.
> Bootrom code is modeled by specifying -bios <file> on the
> command line. What format should the code in <file> be?
This depends on what your board model does with the file.
If your board code doesn't do anything with the filename
in the 'bios_name' global, then the command line option
will be ignored entirely. If your board code passes the
filename to a "load this ELF file" function, then the file
has to be an ELF file. If your board code passes it to
a "load this raw data file", then the file has to be a raw
data file. Raw-data is the most common approach.
> Bootrom code performs required initializations, e.g.,
> populating the interrupt vector table at the appropriate
> spot, GIC? other registers? Copying code to DRAM?
Your guest code can do what it likes. What you need
to do is make sure you've loaded an image which provides
the initial reset vector table (usually at address 0
for Arm). QEMU will start executing from the reset vector
in the same way real h/w does, and your guest code
takes it from there.
> Once bootrom code is finished, what happens? Should it simply
> branch to the first-level bootloader (which is supposedly
> loaded into DRAM)? Is the reset vector used somehow?
You seem to be making a distinction between different
levels of boot code (bootrom, first level bootloader)
which QEMU simply does not make. QEMU provides two
possible models for loading Arm guest code:
(1) boot this thing like a linux kernel with the
CPU set up as the linux kernel's boot protocol
specifies
(2) guest code gets control of the emulated machine
exactly as it comes out of reset
So you need to provide some guest code that does the
equivalent of what you're calling "bootrom". If you
want that to pass control to a "first level bootloader"
then you need to write the bootrom guest code to do that.
> I'm using the -pflash command-line option to map a copy of the flash code. Do
> you simply specify the address of an existing memory (DRAM) of where to load
> the file? Is there a way to specify an entry point address (of where to begin
> execution). How does this interact with the -bios option?
See above: you don't get to control where execution starts,
because for Arm CPUs (unless your board uses hivecs)
that's always 0. Your board code wants to load the initial
guest code into the right place, which should be where
the flash device/rom/whatever is, which ought to be address 0.
Board code gets to decide whether it pays any attention to
-bios or -pflash at all. You can ignore one and just implement
the other if you like, or you can support both, which is
what vexpress does.
> There may be custom hardware involved, e.g., GPIOs, I2Cs, etc. How would
> these be defined in the machine?
Your best reference for this is to look at existing
device and board model sources.
> Ditto above comment for the -d option.
>
> How are multiple cores traced in the debug output?
In the 'exec' tracing, "Trace 0:" means trace for core 0,
"Trace 1:" core 1, etc. Some tracing is independent of
cores (like in_asm). Some tracing doesn't specify (like
'cpu') but it's obvious from its position relative to
the 'exec' trace lines.
> The vexpress code had clocks, voltages, etc. defined. Are these necessary for
> a bare-metal, base functioning machine? Exactly which components are
> absolutely required? E.g., is the busdev required?
You want a minimal machine which provides RAM,
the CPU, the interrupt controller, and maybe flash
(though you could just stick the initial boot
code into ram to start with if you don't happen
to know what the flash device is on your board).
vexpress provides a lot of stuff that's specific
to vexpress. Don't look just at vexpress : look
also at other board models. You probably want things
that most or every board model does; you probably don't
want things that only the vexpress code is doing.
> Terminology questions:
>
> Throughout there is mention of highmem/lowmem. What does this mean?
This is vexpress specific -- this board happens to
have memory in two different regions of its address
space; they are for convenience named 'highmem' and
'lowmem'.
> Throughout there are "PL" devices, e.g., PL111. What does "PL" mean?
These are Arm devices commonly used on Arm's own devboards
but very rarely found elsewhere (eg a PL011 is a UART,
a PL111 is a graphics controller). Almost certainly your
system's devices will be completely different and you won't
be able to reuse any of the PLxxx device models.
thanks
-- PMM
