# QEMU

- What is QEMU?

> QEMU is a generic and open source machine emulator and virtualizer.

- qemu

https://www.qemu.org/

## debug buildの参考になりそう

- brewでのビルド設定
    - `$brew cat qemu`

- 検索したら出てきたweb page
    - https://www.cnblogs.com/root-wang/p/8005212.html

## mac osでのビルド時に必要になりそうなパッケージ
```
  "libtool" => :build
  "pkg-config" => :build
  "glib"
  "gnutls"
  "jpeg"
  "libpng"
  "libssh2"
  "libusb"
  "ncurses"
  "pixman"
  "vde"
```

## linuxでのdebug build

- https://www.cnblogs.com/root-wang/p/8005212.html が参考になりそう
 
```
    ./configure --target-list=i386-softmmu,x86_64-softmmu,arm-softmmu,arm-linux-user --enable-kvm --enable-debug --prefix=$HOME/build/qemu
```

## debug時のおすすめ

    (gdb) b disas_arm_insn
    Breakpoint 2 at 0x555555691c55: file /home/syster_clown/src/qemu-4.0.0/target/arm/translate.c, line 9180.
    (gdb) r
    Starting program: /home/syster_clown/build/qemu/bin/qemu-arm ../localhost/sample-32
    [Thread debugging using libthread_db enabled]
    Using host libthread_db library "/lib64/libthread_db.so.1".
    [New Thread 0x7ffff7acf700 (LWP 1981)]
    Thread 1 "qemu-arm" hit Breakpoint 2, disas_arm_insn (s=0x7fffffffd3e0, insn=3852271616)
        at /home/syster_clown/src/qemu-4.0.0/target/arm/translate.c:9180
    9180        if (arm_dc_feature(s, ARM_FEATURE_M)) {
    (gdb) bt
    #0  disas_arm_insn (s=0x7fffffffd3e0, insn=3852271616) at /home/syster_clown/src/qemu-4.0.0/target/arm/translate.c:9180
    #1  0x000055555569cc7b in arm_tr_translate_insn (dcbase=0x7fffffffd3e0, cpu=0x555557a94f30)
        at /home/syster_clown/src/qemu-4.0.0/target/arm/translate.c:13483
    #2  0x00005555556200eb in translator_loop (ops=0x5555559d8ba0 <arm_translator_ops>, db=0x7fffffffd3e0, cpu=0x555557a94f30, 
        tb=0x555555a77040 <static_code_gen_buffer+2272>) at /home/syster_clown/src/qemu-4.0.0/accel/tcg/translator.c:107
    #3  0x000055555569d3e4 in gen_intermediate_code (cpu=0x555557a94f30, tb=0x555555a77040 <static_code_gen_buffer+2272>)
        at /home/syster_clown/src/qemu-4.0.0/target/arm/translate.c:13772
    #4  0x000055555561e699 in tb_gen_code (cpu=0x555557a94f30, pc=415056, cs_base=0, flags=128, cflags=-16777216)
        at /home/syster_clown/src/qemu-4.0.0/accel/tcg/translate-all.c:1723
    #5  0x000055555561bbbe in tb_find (cpu=0x555557a94f30, last_tb=0x0, tb_exit=0, cf_mask=0)
        at /home/syster_clown/src/qemu-4.0.0/accel/tcg/cpu-exec.c:407
    #6  0x000055555561c328 in cpu_exec (cpu=0x555557a94f30) at /home/syster_clown/src/qemu-4.0.0/accel/tcg/cpu-exec.c:728
    #7  0x000055555565bcf6 in cpu_loop (env=0x555557a9d1f0) at /home/syster_clown/src/qemu-4.0.0/linux-user/arm/cpu_loop.c:218
    #8  0x000055555562a725 in main (argc=2, argv=0x7fffffffdea8, envp=0x7fffffffdec0)
        at /home/syster_clown/src/qemu-4.0.0/linux-user/main.c:819

## qemu よみ

- armの命令のエミュレータを読むには qemu-arm をトレースしていく
- 内部で中間表現を生成している
- 中間形式はTCG(Tiny Code Generator )と呼ばれる