模拟x86处理器-我应该如何开始？ [英] Emulating an x86 processor -- how should I start?

问题描述

最近，我了解到Fabrice Bellard通过模拟i586在JavaScript中创建了QEMU的实现（或多或少，您明白了）。这引起了我的兴趣，因为我一直对微处理器内部的复杂性着迷，因此希望实现与实现x86仿真器相同的任务。但是，显然，它可能不会那么复杂。

Recently I learned that Fabrice Bellard created an implementation of QEMU (more or less, you get the idea) in JavaScript by emulating an i586. This caught my interest as I have always been fascinated by the complexity that fits inside a microprocessor -- hence wish to achieve the same task of implementing an x86 emulator. However, it probably won't be nearly as sophisticated, obviously; that's not the main point.

我确实有操作系统和低级编程的经验，此外还有一些非常简单的CHIP8仿真器编程。我知道简单的模拟器如何工作。我打算开发x86处理器时如何利用该领域的现有知识-还是太不同了？

I do have experience with operating system and low-level programming, in addition some really simple CHIP8 emulator programing. I do know how simple emulators work. How can I take advantage of my current knowledge within this area when I go about developing an x86 processor -- or is it too different?

我也将不胜感激那些已经完成了我渴望完成的工作的人员的意见。我有什么书应该放在桌子上吗？ （请注意，我喜欢书籍。我非常感谢您提出建议。）论文？我应该知道的网站？ ...等等。

Also I would be grateful of any input by those of you who have already accomplished what I am eagerly attempting to do. Are there any books I should keep at my desk? (Note that I love books. I would highly appreciate recommendations.) Papers? Web sites I should know of? ... and so forth.

预先感谢。

推荐答案

首先，您的真正目标是什么？您是否对精确的，具有教育意义的类型模拟器感兴趣，还是正在尝试使用vmware，qemu / kvm类型速度的东西，在后一种情况下，需要在主机处理器本身上执行一定比例的指令（而不是模拟）。即使不希望在主机上执行，但是如果您对性能感兴趣（可能会牺牲准确性，可调试性或故障检查），请查看恶意代码源，其中有很多处理器模拟器是为提高速度而编写的。

first off, what is your real goal? Are you interested in an accurate, educational type simulator or are you trying for a vmware, qemu/kvm type speed thing, in the latter case taking advantage of executing a percentage of the instructions on the host processor itself (not simulating). Even if not wanting to execute on the host, but if you are interested in performance (with a possible sacrifice of accuracy or debugability or fault checking) look at the mame sources, there is a long list of processor simulators that are written for speed.

我上面提到的那本书更多是出于教育目的，尤其是我的以及可能会感兴趣的任何其他人。对于这种类型的模型，我建议一些要点。抽象化您的内存读取，写入和提取操作（具有read_mem_8（）函数和write_mem_8（）等功能，就像硬件一样对地址进行解码等）。同样，将寄存器的读/写操作抽象为函数。模拟器以执行单个指令功能为中心，该功能在固定数量的指令循环或无限循环中或在您选择的中间位置被调用。这样，您可以从前台或管理指令解码的功能之外的其他模式管理中断模式。指令解码器与反汇编程序没有什么不同，从某种意义上讲，它比较简单，对于可变长度的指令集（例如x86），您不必想办法通过执行以下操作来搜索字节以寻找指令的开头，您假定二进制文件是真实的并且代码可以执行，尽管您自然需要一个未定义的某种指令处理程序。

The one I mentioned above was written more for educational purposes, mine in particular and anyone else that may find it interesting. For that type of model I recommend a few key points. Abstract your memory read, write, and fetch operations (have a read_mem_8() function and write_mem_8(), etc which like hardware does address decoding, etc). Likewise abstract the register read/write operations into functions. The simulator centers around an execute a single instruction function, which is called in a loop for a fixed number of instructions or an infinite loop, or somewhere in the middle, your choice. That way you can manage interrupt mode from foreground or other modes outside the function that manages the instruction decoding. The instruction decoder is not unlike a disassembler, it is simpler in the sense that for variable length instruction sets (like the x86) you do not have to figure a way to search through the bytes looking for the start of an instruction, by executing, you assume that the binary is real and the code executes, naturally though you need to have an undefined instruction handler of some sort.

x86并不是我的首选。众多原因。这又是您的目标？ x86将具有32/64位模式，具有内存保护方案，多种执行模式等。我会（并且有很多次）从头几次的更简单的指令集开始，即msp430，pic （较旧的pic而不是dspic或pic32），6502等。在mame世界中，您可以使用许多6502 rom。 （请注意，某些6502模拟器存在错误）。 msp430和pic几乎没有说明，一旦发生问题，这是一个下午项目。如果您仍然觉得确实需要执行x86，则手臂可能是x86的垫脚石。各种执行模式，您可以根据需要模拟已知的mmu和fpu并启动linux，windows等。

x86 would not be my first choice for a long list of reasons. Here again what are your goals? The x86 is going to have 32/64 bit modes, going to have memory protection schemes, a number of execution modes, etc. I would (and have many times) start with a simpler instruction set for the first few times, msp430, pic (older pic not dspic nor pic32), 6502, etc. There are a number of 6502 roms in the mame world that you can play with. (note that some of the 6502 simulators out there have bugs). The msp430 and pic have few instructions and are an afternoon project once you get the swing of things. An arm might be a stepping stone to x86 if you still feel you really need to do an x86. Various execution modes, you can simulate the known mmu and fpu as desired and boot linux, windows, etc.

重新阅读您的问题我的答案可能过于简单了，听起来就像你有一些经验。 x86与其他任何处理器都没有什么不同，您需要编译一些简单的二进制文件，例如进行计数和循环，然后攻击二进制文件，对其进行解码和执行，增加测试程序的复杂性，在模拟器上添加更多受支持的指令。有时会很无聊，现在是时候进行长距离打字会话了，遍历并实施所有指令（不必测试每个指令）。然后返回并尝试执行更复杂的二进制文件（以尝试测试所有新指令）。我倾向于使用自检测试，例如压缩一些数据，然后使用开源软件包（针对嵌入式编译）进行解压缩，然后比较输入和输出。 AES，DES等加密例程也很好，例如md5，sha，它们不是自我检查的，但是您可以在主机平台上预先计算答案，并在测试中对答案进行硬编码。开源jpeg，png等mp3解码器。有固定点jpeg和mp3解码器，或者您可以使用软性fpu。不同的编译器会产生不同的指令混合，有些编译器根本不使用某些指令或指令序列，因此我强烈建议您采用这些测试程序，并使用几种不同的优化设置以及尽可能多的编译器来重新编译和运行它们处理器。不同的高级语言也应产生不同的指令组合。您可能会发现使用单个语言和单个编译器的单个程序员只会覆盖有限的范围，该个体具有特定的编程习惯和样式，这会限制输出的多样性，对于汇编器来说，这同样适用于个人。它们生成的指令混合有限。

re-reading your question I may have oversimplified my answer, sounds like you have some experience. x86 is no different than any other processor in that you need to compile some simple binaries that count and loop for example, and attack that binary, decode and execute, increase the complexity of your test programs, adding more instructions supported to your simulator, at some point that gets boring and it is time for the long haul typing session, going through and implementing all of the instructions (without necessarily testing each one). Then go back and try to execute more complicated binaries (to try to test all of the new instructions). I tend to use self-checking tests like compressing some data and then decompressing using an open source package (compiled for embedded) and comparing the input and output. Encryption routines are good as well, aes, des, etc. md5, sha, which are not self checking but you can pre-compute the answer on the host platform and hardcode the answer in the test. open source jpeg, png, etc. mp3 decoder. there are fixed point jpeg and mp3 decoders or you can go with a soft fpu. Different compilers produce different instruction mixes, some compilers dont use certain instructions or instruction sequences at all so I highly recommend taking these test programs and re-compiling and running them both with several different optimization settings and with as many compilers as you can get for that processor. Different high level languages should also produce different instruction mixes. You may find that a single individual programmer using a single language and a single compiler is only going to give you limited coverage, the individual has specific programming habits and styles that limit the variety in the output, same goes for assembler an individual is going to have a limited instruction mix they generate.

这篇关于模拟x86处理器-我应该如何开始？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！