Testing

From QEMU
Revision as of 09:11, 17 February 2016 by Riku Voipio (talk | contribs)

QEMU disk images

Here is a collection of disk images which can be used to test system emulation.

File Comment
linux-0.2.img.bz2 (8 MB) Small Linux disk image containing a 2.6.20 Linux kernel, X11 and various utilities to test QEMU
odin1440.img FreeDOS floppy disk image from ODIN (Steve Nickolas)
small.ffs.bz2 Small NetBSD Image (thanx to Nicolas Ollinger)
minix204.tar.bz2 Minix 2.0.4 (thanx to Túlio Almeida Pexoto)
efi-bios.tar.bz2 EFI BIOS for QEMU (thanx to Tristan Gingold)
sparc-test-0.2.tar.gz SPARC Linux 2.6 test kernel and initrd disk image
arm-test-0.2.tar.gz ARM Linux 2.6 test kernel and initrd disk image (thanx to Paul Brook)
mips-test-0.2.tar.gz MIPS Linux 2.6 test kernel and initrd disk image (thanx to Thiemo Seufer)
mipsel-test-0.2.tar.gz MIPS little endian Linux 2.6 test kernel and initrd disk image (thanx to Thiemo Seufer)
coldfire-test-0.1.tar.bz2 Coldfire Linux 2.6 test kernel and initrd disk image (thanx to Paul Brook)
sh-test-0.2.tar.bz2 SH4 Linux 2.6 test kernel and initrd disk image (thanx to Shin-ichiro KAWASAKI)
cris-axisdev88-img-linux2_6_33.tgz CRIS AXIS Devboard88 Linux 2.6 test image with selftesting testsuite (Edgar E. Iglesias)
mb-s3adsp1800-linux-2_6_34.tgz Microblaze S3ADSP1800 Linux 2.6 test image with selftesting testsuite (Edgar E. Iglesias)
ppc-virtexml507-linux-2_6_34.tgz PPC-440 Virtex-ML507 Linux 2.6 test image (Edgar E. Iglesias)
xtensa-dc232b_kernel_rootfs.tgz Xtensa Linux 2.6.29 test image (Max Filippov)

QEMU Linux user mode emulation tests

These executables can be used to test Linux user mode emulation.

File Comment
linux-user-test-0.3.tar.gz Distribution of shared libraries and various shell executables for almost all Linux target architectures that QEMU simulates. It is used to make regression tests on the Linux user mode emulation.
linux-user-busyboxes-0.1.tar.xz Collection of static busybox binaries for almost all Linux target architectures that QEMU simulates. For quick smoke testing of Linux user mode emulation.

It is also possible to run the Linux Test Project's syscall test suite under the Linux user mode emulation.

Dynamic code analysis

This includes any test to detect memory leaks, reads of uninitialised memory, buffer overflows or other forms of illegal memory access.

Typically these kind of tests are done using Valgrind on a Linux host. Any of the disk images and executables listed above can be used in such tests.

# Simple i386 boot test (BIOS only) with Valgrind.
valgrind --leak-check=full --track-origins=yes --verbose qemu-system-i386

Static code analysis

There are a number of tools which analyse C code and try to detect typical errors. None of these tools is perfect, so using different tools with QEMU will detect more bugs. Be prepared to also get lots of false warnings!

ccc-analyzer (clang)

This is an example used on Debian. It needs package clang.

# Start from the root directory with QEMU code.
mkdir -f bin/debug/ccc-analyzer
cd bin/debug/ccc-analyzer
../../../configure --enable-debug --enable-trace-backend=stderr \
     --cc=/usr/share/clang/scan-build/ccc-analyzer --disable-docs
make

At least on my Linux host (1 GiB RAM, 2 GiB swap), make hangs when ccc-analyzer analyzes target-mips/translate.c: function decode_opc is too complex for the analyzer and takes all memory. Killing the clang process helps in this situation. It's needed 6 times because there are 4 MIPS system emulations and 2 Linux MIPS user emulations.

I guess this is because target-mips/translate.c contains switches with cases covering a very large range; assuming ccc-analyzer expands these case ranges somehow, it probably blows up memory completely.

smatch

Here is a typical example using smatch (from git://repo.or.cz/smatch.git):

# Start from the root directory with QEMU code.
mkdir -f bin/debug/smatch
cd bin/debug/smatch
CHECK="smatch" ../../../configure --enable-debug --cc=cgcc --host-cc=cgcc
make

This example expects that smatch and cgcc are installed in your PATH (if not, you must add absolute paths to the example).

Coverity

Periodic scans of QEMU are done on the public Coverity Scan service (scan.coverity.com). You can request access on their website, and the administrator will grant it if you are an active participant in QEMU development.

Coverity is confused slightly by multiple definitions of functions with the same name. For this reason, Coverity scans are done as follows:

mkdir cov-int
./configure
make libqemustub.a
cov-build --dir cov-int make
tar cvf - cov-int | xz > cov-int.tar.xz

Notice that libqemustub.a is ignored by Coverity. This is because some stubs call abort() and this causes dead-code false positives. The file cov-int.tar.xz can then be uploaded to Coverity Scan's "Submit build" page. Customarily, the "project version" is set to the output of git describe HEAD and the "description/tag" is set to "commit XYZ" where XYZ is the full SHA1 hash of the commit.