SimIt-ARM-3.0 给予命令行ARM指令模拟器,短小精悍,是研究ARM处理器的好工具,该模拟器既可以运行用户级别的ELF程序,又可以模拟运行Linux操作系统;提供了简单易用的调试命令,可以逐条跟踪指令的执行。
SimIt-ARM-3.0-gk-20150902.tar.bz2 HowTo
0.what is SimIt-ARM-3.0
SimIt-ARM 3.0 is an instruction-set simulator that runs both system-level and user-level ARM programs,
for more about it please read user's guide file.
1.how to build
tar jxvf SimIt-ARM-3.0-gk-20150902.tar.bz2
cd SimIt-ARM-3.0-gk
./configure
make
make install
After these steps, the ./build/bindirectory contains the following programs:
ema An ARM interpreter.
To test the installation was successful type
./build/bin/ema test/wc configure
modifiy PATH environment variable:
PATH=$PATH:$HOME/SimIt-ARM-3.0-gk/build/bin ; export PATH
2. how to use
2.1 run user-level ARM programs
[root@ORA9 SimIt-ARM-3.0-gk]# cd gcc-asm
[root@ORA9 gcc-asm]# more hello.c
/*
* hello.c
* Tue Sep 8 10:13:40 CST 2015
*/
int main()
{
printf("hello world\n");
__asm("mov r0,#2\n\t" "swi 0x1\n\t"); // syscall: exit(2);
}
[root@ORA9 gcc-asm]# arm-linux-gcc -v
Reading specs from /usr/local/arm/3.4.1/bin/../lib/gcc/arm-linux/3.4.1/specs
Configured with: /opt/crosstool/crosstool-0.28/build/arm-linux/gcc-3.4.1-glibc-2.3.2/gcc-3.4.1/configure --target=arm-linux --host=i686-host_pc-linux-gnu --prefix=/opt/crosstool/arm-linux/gcc-3.4.1-glibc-2.3.2 --with-float=soft --with-headers=/opt/crosstool/arm-linux/gcc-3.4.1-glibc-2.3.2/arm-linux/include --with-local-prefix=/opt/crosstool/arm-linux/gcc-3.4.1-glibc-2.3.2/arm-linux --disable-nls --enable-threads=posix --enable-symvers=gnu --enable-__cxa_atexit --enable-languages=c,c++ --enable-shared --enable-c99 --enable-long-long
Thread model: posix
gcc version 3.4.1
[root@ORA9 gcc-asm]# arm-linux-gcc hello.c -o hello -static
[root@ORA9 gcc-asm]# ls -l hello*
-rwxr-xr-x 1 root root 520775 Sep 8 10:18 hello
-rw-r--r-- 1 root root 160 Sep 8 10:15 hello.c
[root@ORA9 gcc-asm]# file hello
hello: ELF 32-bit LSB executable, ARM, version 1 (ARM), for GNU/Linux 2.4.3, statically linked, not stripped
[root@ORA9 gcc-asm]# ema hello
ema: Simulation starts ...
hello world
ema: Program exited with code 2.
Total user time : 0.000 sec.
Total system time: 0.000 sec.
Simulation speed : inf inst/sec.
Total instructions : 10942
[root@ORA9 gcc-asm]# ema -d hello
SimIt-ARM-3.0, an ARM simulator.
Copyright (C) 2002 - 2007 Wei Qin
reconstructed by snallie@tom.com, Tue Aug 11 14:59:31 CST 2015
built: Sep 8 2015 - 09:58:59
hint: 'h' or '?' for help
SimIt-ARM-3.0 [r]> ?
Debug commands:
h/?/help print this message
u [
[end_addr_HEX] ]
disassemble instructions from start_addr_HEX to end_addr_HEX
d [addr] dump 256 bytes from memory
g [addr] run until addr
s [num] run until pc + num*4
t [num] step num instruction(s)
T [num] step num instruction(s) with registers dump (*)
r [rn] dump value of register rn, (n=0...15)
cpsr dump cpsr value
spsr dump spsr value
c dump instruction counters
cc reset instruction counters
e [addr] fill memory with byte (*)
R rn edit register rn, (n=0...15) (*)
hist/history display command history (*)
! num / !num replay the command with ID of num (*)
q/Q quit
SimIt-ARM-3.0 [00:?]> u
0x000080d0 : 0xe59fc024 ldr ip, [pc, #36];
0x000080d4 : 0xe3a0b000 mov fp, #0;
0x000080d8 : 0xe49d1004 ldr r1, [sp], #4;
0x000080dc : 0xe1a0200d mov r2, sp;
0x000080e0 : 0xe52d2004 str r2, [sp, #-4]!;
0x000080e4 : 0xe52d0004 str r0, [sp, #-4]!;
0x000080e8 : 0xe59f0010 ldr r0, [pc, #16];
0x000080ec : 0xe59f3010 ldr r3, [pc, #16];
0x000080f0 : 0xe52dc004 str ip, [sp, #-4]!;
0x000080f4 : 0xeb00003c bl 0x81ec;
0x000080f8 : 0xeb000145 bl 0x8614;
0x000080fc : 0x00008594 muleq r0, r4, r5;
0x00008100 : 0x000081c4 andeq r8, r0, r4, asr #3;
0x00008104 : 0x00008508 andeq r8, r0, r8, lsl #10;
0x00008108 : 0xe92d4400 stmdb sp!, {sl, lr};
0x0000810c : 0xe59fa01c ldr sl, [pc, #28];
0x00008110 : 0xe08fa00a add sl, pc, sl;
SimIt-ARM-3.0 [01:u]> r
r0 = 0x00000000 r1 = 0x00000001 r2 = 0xbfffc004 r3 = 0x00000000
r4 = 0x00000000 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000
r8 = 0x00000000 r9 = 0x00000000 sl = 0x00000000 fp = 0x00000000
ip = 0x00000000 sp = 0xbfffc000 lr = 0x00000000 pc = 0x000080d0
cpsr = 0x000000d3 nzcv_IFt_SVC
SimIt-ARM-3.0 [02:r]> hist
[ 0 ] ?
[ 1 ] u
[ 2 ] r
[ 3*] hist
SimIt-ARM-3.0 [03:hist]> !1
0x00008114 : 0xe59f3018 ldr r3, [pc, #24];
0x00008118 : 0xe79a3003 ldr r3, [sl, r3];
0x0000811c : 0xe3530000 cmp r3, #0;
0x00008120 : 0x08bd8400 ldmeqia sp!, {sl, pc};
0x00008124 : 0xe1a0e00f mov lr, pc;
0x00008128 : 0xe1a0f003 mov pc, r3;
0x0000812c : 0xe8bd8400 ldmia sp!, {sl, pc};
0x00008130 : 0x00071c44 andeq r1, r7, r4, asr #24;
0x00008134 : 0x00000010 andeq r0, r0, r0, lsl r0;
0x00008138 : 0xe92d4030 stmdb sp!, {r4, r5, lr};
0x0000813c : 0xe59f5040 ldr r5, [pc, #64];
0x00008140 : 0xe5d53000 ldrb r3, [r5, #0];
0x00008144 : 0xe3530000 cmp r3, #0;
0x00008148 : 0x18bd8030 ldmneia sp!, {r4, r5, pc};
0x0000814c : 0xe59f4034 ldr r4, [pc, #52];
0x00008150 : 0xea000004 b 0x8168;
0x00008154 : 0xe5943000 ldr r3, [r4, #0];
SimIt-ARM-3.0 [05:u]> T
0x000080d4 : 0xe3a0b000 mov fp, #0;
r0 = 0x00000000 r1 = 0x00000001 r2 = 0xbfffc004 r3 = 0x00000000
r4 = 0x00000000 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000
r8 = 0x00000000 r9 = 0x00000000 sl = 0x00000000 fp = 0x00000000
ip = 0x00008594 sp = 0xbfffc000 lr = 0x00000000 pc = 0x000080d4
cpsr = 0x000000d3 nzcv_IFt_SVC
SimIt-ARM-3.0 [06:T]> g
hello world
Program exited with code 2.
SimIt-ARM-3.0 [07:g]> q
quit
[root@ORA9 gcc-asm]#
2.2 run system-level program
#cd ~
[root@ORA9 root]# ls SimIt-ARM-3.0-linux_images.tar.bz2 -l
-rw-rw-r-- 1 root root 8699904 Aug 20 08:30 SimIt-ARM-3.0-linux_images.tar.bz2
[root@ORA9 root]# tar jxvf SimIt-ARM-3.0-linux_images.tar.bz2
linux_images/
linux_images/sa1100/
linux_images/sa1100/initrd8M.img
linux_images/sa1100/sa1100.cfg
linux_images/sa1100/vmlinux_sa1100
linux_images/colibri/
linux_images/colibri/colibri.cfg
linux_images/colibri/colibri8M.img
linux_images/colibri/zImage
[root@ORA9 root]# cd linux_images/
[root@ORA9 linux_images]# ls
colibri sa1100
[root@ORA9 linux_images]# cd sa1100/
[root@ORA9 sa1100]# ema -e vmlinux_sa1100 -c sa1100.cfg
Can't open executable: -e
[root@ORA9 sa1100]# ema
**** SimIt-ARM Version 3.0 (C) 2002-2007 Wei Qin ****
usage : ema [-h] [-d] [-v] [-m num] [-s config] [ ]
-h : print this message and quit
-d : debuging mode
-v : verbose mode
-m num : maximum number of instructions to simulate, in million
-s config : path to config file for system-level simulation
file name : the user-level ELF program to simulate
args : arguments to the program
Note: Only one of -s and should be given.
[root@ORA9 sa1100]# ema -s sa1100.cfg
ema: Simulation starts ...
Linux version 2.4.19-rmk7 (wqin@ECE-SC535-01.bu.edu) (gcc version 2.95.3 20010315 (release)) #5 Sat May 26 00:24:04 EDT 2007
CPU: StrongARM-110 revision 0
Machine: ADS Bitsy
On node 0 totalpages: 8192
zone(0): 256 pages.
zone(1): 7936 pages.
zone(2): 0 pages.
Kernel command line: console=ttySA0 mem=32m@0xC0000000 rw ramdisk_size=8192 initrd=0xC0800000,8m root=/dev/ram init=/bin/init
Warning: uninitialized Real Time Clock
Console: colour dummy device 80x30
Calibrating delay loop... 367.82 BogoMIPS
Memory: 32MB = 32MB total
Memory: 22248KB available (1515K code, 337K data, 80K init)
Dentry cache hash table entries: 4096 (order: 3, 32768 bytes)
Inode cache hash table entries: 2048 (order: 2, 16384 bytes)
Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
Page-cache hash table entries: 8192 (order: 3, 32768 bytes)
POSIX conformance testing by UNIFIX
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
Starting kswapd
JFFS2 version 2.1. (C) 2001 Red Hat, Inc., designed by Axis Communications AB.
ttySA0 at MEM 0x80050000 (irq = 17) is a SA1100
ttySA1 at MEM 0x80010000 (irq = 15) is a SA1100
ttySA2 at MEM 0x80030000 (irq = 16) is a SA1100
Console: switching to colour frame buffer device 80x30
pty: 256 Unix98 ptys configured
Uniform Multi-Platform E-IDE driver Revision: 6.31
ide: Assuming 50MHz system bus speed for PIO modes; override with idebus=xx
RAMDISK driver initialized: 16 RAM disks of 8192K size 1024 blocksize
loop: loaded (max 8 devices)
PPP generic driver version 2.4.2
physmap flash device: 4000000 at 8000000
CFI: Found no Physically mapped flash device at location zero
SA1100 flash: probing 32-bit flash bus
CFI: Found no SA1100 flash device at location zero
Linux Kernel Card Services 3.1.22
options: [pm]
SA-1100 PCMCIA (CS release 3.1.22)
sa1111_pcmcia: unable to grab IRQ116 (-22)
Trying to free nonexistent resource <18001800-1800180f>
Unable to initialize kernel PCMCIA service (-1).
usb.c: registered new driver usbdevfs
usb.c: registered new driver hub
usb-ohci.c: USB OHCI at membase 0xf4000400, IRQ 109
usb.c: new USB bus registered, assigned bus number 1
usb-ohci.c: request interrupt 109 failed
usb.c: USB bus 1 deregistered
Trying to vfree() nonexistent vm area (f4000000)
usb.c: registered new driver hid
hid-core.c: v1.8.1 Andreas Gal, Vojtech Pavlik
hid-core.c: USB HID support drivers
mice: PS/2 mouse device common for all mice
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 2048 bind 2048)
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
NetWinder Floating Point Emulator V0.95 (c) 1998-1999 Rebel.com
ds: no socket drivers loaded!
RAMDISK: ext2 filesystem found at block 0
RAMDISK: Loading 8192 blocks [1 disk] into ram disk... done.
Freeing initrd memory: 8192K
VFS: Mounted root (ext2 filesystem).
Freeing init memory: 80K
init started: BusyBox v1.2.2 (2007.06.06-23:43+0000) multi-call binary
init started: BusyBox v1.2.2 (2007.06.06-23:43+0000) multi-call binary
Starting pid 11, console /dev/console: '/etc/rc'
Welcome to
_ _____ __ __ _ _
/ \ / __ \ / \_/ \ | | |_|
/ _ \ | | | | / /\ /\ \ | | _ ____ _ _ _ _
/ /_\ \ | |__| | / / \_/ \ \| | | | _ \| | | |\ \/ /
/ /___\ \ | |__\ \ | | | || |___ | | |_| | |_| |/ \
/_/ \_\| | \_\|_| |_||_____||_|_| |_|\____|\_/\_/
Use poweroff to stop simulation.
Starting pid 18, console /dev/ttySA0: '/bin/bash'
bash-3.2# uname -a
Linux (none) 2.4.19-rmk7 #5 Sat May 26 00:24:04 EDT 2007 armv4l unknown
bash-3.2# ls -l
drwxr-xr-x 2 0 0 1024 Jun 23 2007 bin
drwxr-xr-x 2 0 0 1024 Jun 23 2007 dev
drwxr-xr-x 2 0 0 1024 Jun 24 2007 etc
drwxr-xr-x 2 0 0 1024 Jun 23 2007 home
drwxr-xr-x 2 0 0 1024 Jun 23 2007 lib
lrwxrwxrwx 1 0 0 11 Jun 23 2007 linuxrc -> bin/busybox
drwx------ 2 0 0 12288 May 26 2007 lost+found
drwxr-xr-x 2 0 0 1024 May 26 2007 mnt
dr-xr-xr-x 20 0 0 0 Jan 1 00:00 proc
drwxr-xr-x 2 0 0 1024 Jun 23 2007 sbin
drwxr-xr-x 2 0 0 1024 May 26 2007 tmp
drwxr-xr-x 4 0 0 1024 May 26 2007 usr
drwxr-xr-x 6 0 0 1024 Jan 1 00:00 var
bash-3.2# poweroff
The system is going down NOW !!
The system is going down NOW !!
Sending SIGTERM to all processes.
Sending SIGTERM to all processes.
Terminated
bash-3.2#
bash-3.2#
bash-3.2#
bash-3.2#
Sending SIGKILL to all processes.
Sending SIGKILL to all processes.
Requesting system poweroff.
Requesting system poweroff.
flushing ide devices:
Power down.
Total user time : 105.130 sec.
Total system time: 0.750 sec.
Simulation speed : 2.285e+07 inst/sec.
Total instructions : 2419505157 (2G)
[root@ORA9 sa1100]#
3. Done.
snallie@tom.com
Tue Sep 8 10:31:00 CST 2015
1