Page 1 of 1
How do x86 emulators work?
Posted: Fri Aug 06, 2010 8:57 am
by calpol2004
When reading through the forums i keep seeing references to x86 "emulators", i originally thought they were referring to v8086 mode. But I've recently realized you guys are referring to something a lot more interesting.
How do these work? do they emulate the interrupts just using the in and out instructions without any processor mode swaps? or are they doing something more simple, maybe the library just encapsulates the swapping back to real mode to run the interrupt?
The way i understand it from peoples posts is you give the x86 emulation library a string containing a x86 instruction you want to emulate, e.g.
Code: Select all
emulate("int 0x10"); //probably not this simple :p this stuff never is...
The emulation library then runs a routine from magical universal graphics card driver that uses in and out instructions to produce the desired functionality without any processor mode switches.
This seems a bit too magical to me. These libraries must be incredibly cryptic and be updated often for new hardware support, otherwise people would just write their own routines to interface graphics cards directly without a cpu mode switch.
Do i have the right idea here?
Re: How do x86 emulators work?
Posted: Fri Aug 06, 2010 9:43 am
by Ready4Dis
Just like it sounds. Bochs takes opcodes and is a 'pretend' cpu. It has an interpreter that decodes the opcodes from a location in memory, and performs what it's told, just like a real cpu. Well, extend this thinking into your kernel.
Bios runs, you enter pmode, then long mode. If you KEEP all your information below 1mb in tact, you can then run it through an emulator. The emulator will decode all opcodes and store all information in virtual registers, etc. Wehenver something like an in/out is called, it will perform an ACTUAL in/out instruction, so it is getting actual values. Since the code in the bios/video rom bios is able to actually input/outport to the registers it requires, it could care less that it's not being executed on the physical CPU in real mode, but by an emulator that is giving it access. You don't just do EmulateInt(0x10), although you could do it similarly, just have a trap so you can terminate the application, so you would set your registers, write a stub program that simply calls an interrupt and then terminates (something like int 0x20 did back in the dos days). Then you would point the emulators IP to your stub, and start it running. It would then call your interrupt (0x10 for video stuff), which would cause a lookup in the IVT, which would jump to the video rom bios code to do whatever you told it to. It would then iret to your stub, which can then exit, or do whatever else it needs to do. As long as you set ax in your emulated CPU to the correct values, it will be correctly passed to the interrupt, which would do the in/out's to get what it needs done (change modes), and return a value into ax, which you can look at in your kernel by checking the emulator's ax value. The cool thing is, you don't even have to leave it at the 0mb->1mb mark, you can have it mapped anywhere in memory, and the emulator's memory lookups would just start wherever you have it in memory. You can run multiple emulators at the same time, they can be preempted easily, and you can even put the emulator in your video driver so there is no extra work for your kernel, especially once you write a 'real' driver for your video card, there is no leftover hacks in the kernel.
Re: How do x86 emulators work?
Posted: Fri Aug 06, 2010 10:15 am
by bewing
I'm not sure if Ready4Dis made the idea of an emulator perfectly clear, so let me try describing it from another direction.
You can write programs that simulate real things, but entirely as computer models. Perhaps contemplate weather/climate prediction on a computer. Or failure mode analysis of airplane wings. There are a million choices.
A CPU emulator is a very complete computer simulation of an entire PC. Ready4Dis mentioned Bochs, as an example. An emulator can model multiple CPUs (including all the registers, opcodes, operating modes), hardware devices, memory, external events, etc. This is what Bochs does. And QEMU, and Rebochs, and others. They read bytes from simulated computer memory, simulate decoding them into instructions, simulate running the instructions on the registers, simulate transferring data between the CPUs and the hardware.
When you have got an x86 computer running in 64bit (Long) mode, there are still some times when you may want to access 16bit (Real) mode. There are many problems with doing this in reality. It turns out that one of the smartest things you can do is create a slightly lobotomized x86 emulator, and build it into your kernel. When you want to do Real mode stuff, you set up the simulated CPU registers and mode in a proper configuration, then run the emulator (with a proper exit condition, and some protections). The emulator pretends that it is running 16bit Realmode code -- but it is entirely done as a computer simulation (a few things are real -- memory accesses, and IN/OUT opcodes, as Ready4Dis said). The Rebochs longmode emulator adds 120K to your kernel. There are others that add close to 200K.
As for your specific example, no, you do not pass ASM instructions into the emulator directly. You load the compiled code into memory and simulate executing it from memory.
Re: How do x86 emulators work?
Posted: Fri Aug 06, 2010 12:21 pm
by calpol2004
Wow, so the emulator is a virtual CPU with it's own registers/mode that runs on top of the real CPU. So it can be used for more than just running real mode interrupts in long mode. Im more interested in the x86emu project than anything, where just the cpu is virtual but it interacts with the real hardware unlike bochs and qemu.
I was asking because i was wondering what a x86emu virtual cpu would do when running a VBE swap display mode interrupt. Would the x86emu cpu do so by jumping the real cpu into real mode or whether it would actually use in and out instructions. But it seems to be the former. I guess the advantage is the code is written by someone who actually knows what they're doing, the code is very well tested and it's encapsulated into the library. So you can just "chop" off the emulator when you've written native drivers (as unlikely as that would be :p).
I don't like the idea bloating the kernel with a emulator (even if it is labotomized to take away everything not required to run real mode interrupts) or to trap exceptions on the interrupt instruction and then jump in real mode to run the interrupt. But I don't like the idea of making the kernel annoying by forcing reboots when the display mode is swapped either! but at the same i don't want the kernel riddled with dirty hacks :/.
Thanks for the explanations guys.
Re: How do x86 emulators work?
Posted: Fri Aug 06, 2010 2:04 pm
by bewing
calpol2004 wrote:
I was asking because i was wondering what a x86emu virtual cpu would do when running a VBE swap display mode interrupt. Would the x86emu cpu do so by jumping the real cpu into real mode or whether it would actually use in and out instructions. But it seems to be the former.
Actually, all of those longmode x86 emulators work similarly, AFAIK -- and it's the second way. The actual "host" cpu remains in longmode forever, and the virtual cpu emulates along in pretend realmode until the virtual cpu wants to do an IN or OUT, and then the emulator does real (equivalent) INs and OUTs to hardware for the virtual CPU.
So the way it works for VBE is that your INT10 call does a pretend realmode jump into the ROM code at 0xc000 -- and then the VBE code may actually turn on pretend pmode, and jump to ROM code up at 0xd0000000, and do dword memory copies, and interact with the video board's hardware registers to flip modes. And then transition back to rmode, and do an IRET. At which point the emulator exits.
But the point is that only the video board manufacturer knows what needs to be done, so they wrote some unknown code to do these things, and the emulator needs to be able to successfully interpret it -- whatever it is.
Re: How do x86 emulators work?
Posted: Fri Aug 06, 2010 2:55 pm
by Owen
Erm, no VGA BIOS will jump into protected mode for handling a mode setting request; no operating system is prepared to deal with that. x86emu only does real mode, and it works fine with pretty much every graphics card available.
Re: How do x86 emulators work?
Posted: Fri Aug 06, 2010 3:09 pm
by Love4Boobies
Owen wrote:Erm, no VGA BIOS will jump into protected mode for handling a mode setting request; no operating system is prepared to deal with that. x86emu only does real mode, and it works fine with pretty much every graphics card available.
That's probably true. After all, protected mode OSes handle VBE stuff via vm8086 which doesn't have a protected mode.
Re: How do x86 emulators work?
Posted: Fri Aug 06, 2010 3:45 pm
by Ready4Dis
calpol2004 wrote:I don't like the idea bloating the kernel with a emulator (even if it is labotomized to take away everything not required to run real mode interrupts) or to trap exceptions on the interrupt instruction and then jump in real mode to run the interrupt. But I don't like the idea of making the kernel annoying by forcing reboots when the display mode is swapped either! but at the same i don't want the kernel riddled with dirty hacks :/.
Thanks for the explanations guys.
You don't have to bloat your kernel with an emulator, there is no reason the video driver couldn't contain said emulator. This leaves the kernel to not have any hacks to support real mode, no dropping back, no worrying about rebooting, etc. As long as your video driver asks for the resources required (like a copy of <1mb, it doesn't gave to be the original, just a copy), and access to in/out, it can do all the emulation it needs without bloating or adding anything to your kernel.
And yes, since most video cards were made to support vm86, there is no need to support pmode in the emulation, as video rom bios' tend not to rely on it. You could always have a pmode protection scheme, if they try to jump to pmode, catch it, and cause an exception and report that the real mode program tried to set pmode. Typically though, like has been mentioned, video cards don't ever try to leave real mode, as this would break a lot of backwards compatibility (like, 32-bit versions of windows wouldn't be able to properly set modes... and i don't know to many manufacturers that would like to break that).
Re: How do x86 emulators work?
Posted: Fri Aug 06, 2010 4:49 pm
by calpol2004
Ah! I was getting all confused because i thought that protected mode/long mode = no interrupts full stop. I always thought that the BIOS routines were on a chip on the motherboard that was memory mapped into ram and that the routines somehow disappeared when you jumped into PMODE. But in actuality they're not memory mapped, they're copied.
The only reason is the 16bit cannot be run in long/prot mode is that it uses a different addressing model and the IVT is replaced by the IDT where alot of the old interrupt numbers are now reserved for exceptions. The code is still there, just not runnable without converting the instructions that reference memory from segment:offset to selector:offset (and some other stuff i'd imagine), which is what the emulation library does.
So all the x86emu has to do is look at the IVT (or a copy of it) and emulate the 16bit code it points to. Simple.
Re: How do x86 emulators work?
Posted: Sat Aug 07, 2010 8:29 am
by Ready4Dis
Yup, that's pretty much it. All the code still exists in memory until you overwrite it, hence me saying to preserve and give the emulator a COPY (so it can't get trashed) of it. Then it can emulate the 16-bit opcodes, and look into the IVT (starts at offset 0x00, so where you mapped it to would be the start of the IVT). The bios and rom bios's (aka, video rom bios) don't just disappear once you jump to pmode, they are still mapped in memory and useable (for example, you can look at the bios data area, and extended bios data area's to grab information about some devices, etc). I think you understand it now, any more questions, just ask.
Re: How do x86 emulators work?
Posted: Tue Aug 10, 2010 4:22 am
by jal
bewing wrote:This is what Bochs does. And QEMU, and Rebochs, and others.
BeBochs! :)
(a few things are real -- memory accesses, and IN/OUT opcodes).
Well, depending on where the in/outs come from/go to, you may have to emulate them as well (as all of the full PC emulators do).
JAL