Presented by
Date
Event
Introducing UMEQUser Mode Emulation QuestRémi Duraffort
Linaro Connect HKG15
Who am I?
● Rémi Duraffort (aka ivoire)● STMicroelectronics assignee
○ working on LAVA● Open source dev
○ VLC media player (core dev)○ dvblast, PRoot, v8, …
● … not the umeq developer
CEC team @ST
● Compilation Expertise Center○ Team of compiler writers
● Writing○ compilers○ engineering tools
● CI@ST○ building CI systems for ST
What do we need?
● Compiling/testing ARM software○ ./configure○ make -j16○ make test
● Requirements:1. Reliable2. Parallelizable3. Fast
Parallelizable
● AArch64 boards are expensive● x86-64 servers are not● User mode emulation
○ Run foreign binaries seamlessly on the host○ Can be multi-threaded○ No virtual-kernel overhead○ Use available hardware (OpenGL, …)
● User mode on big servers○ Massively-parallel validations/tests
What’s wrong with QEMU?
● Two modes:○ system mode: It rocks○ user mode: “It’s complicated”
● User mode○ using signal or threads: crashes/hangs/works○ “QEMU threading support is known to be broken”
■ http://wiki.qemu.org/Testing/LTP
“QEMU”.flip()
QEMUFAST! processor emulator using dynamic translation to achieve good emulation speed.
“qemu user documentation”
UMEQFirst make it work,Then make it fast.
“umeq philosophy”
UMEQ
● Assumptions○ Guests: AArch64 (on going: armv7)○ Host: x86-64○ Process isolation (in guest rootfs)
■ delegated to PRoot (http://proot.me)● Release status:
○ βeta○ sources: TBA
What’s working?
● Most programs○ msgmerge, cmake, gcc, ...
● Threads, signals, graphics● Debugging (under PRoot)
○ gdb, strace● Not yet working
○ fpu status registers (not fully correct)
Architecture (classical)
Disassembler JIT
AArch64bin IR x86-64
bin
instrinstr...
returninstr......
return
Why does it work?
● Simple principles○ all functions should be reentrant○ data on stack (IR, JITed code) & thread private○ no lock in signal handlers
■ one reason why qemu hangs● Transparent regarding
○ signals (as much as possible)○ syscalls
PTrace emulation
● Debugging○ with gdb aarch64○ under umeq○ thanks to PRoot PTrace emulation
■ UMEQ and PRoot cooperation
Play with UMEQ ...● PTrace bug (kernel)
○ http://bugzilla.kernel.org/show_bug.cgi?id=91791● jemalloc (firefox, thunderbird, …)
○ http://bugzilla.mozilla.org/show_bug.cgi?id=1124580● binutils (libpython/blender)
○ https://sourceware.org/ml/binutils/2015-01/msg00144.html
○ was already found (and fixed) by someone else
… it’s reliable
● Complex programs○ vlc, firefox, thunderbird, wesnoth, okular○ Not working under QEMU
● gcc test suite○ better results than QEMU○ threading tests fragile under QEMU
● Debugging○ strace, gdb, ...
Why not inside QEMU?
● Easier to experiment in UMEQ○ smaller code base○ written from scratch (second iteration)
● Difficult to do the same in QEMU○ requires good knowledge of QEMU○ a lot of time
● But this is feasible ! (will be huge)