https://wiki.qemu.org/api.php?action=feedcontributions&user=Cleber&feedformat=atomQEMU - User contributions [en]2024-03-29T12:33:19ZUser contributionsMediaWiki 1.39.1https://wiki.qemu.org/index.php?title=ChangeLog/4.0&diff=8265ChangeLog/4.02019-03-07T17:19:17Z<p>Cleber: /* Miscellaneous */</p>
<hr />
<div><br />
== System emulation ==<br />
=== Incompatible changes ===<br />
<br />
* The "handle" option to -fsdev and -virtfs has been removed. The "local" or "proxy" options should be used instead.<br />
* The "-virtioconsole" option has been removed. Use "-device virtconsole" instead.<br />
* The "-no-frame" option has been removed. It was only usable with SDL1.2, and support for this library has been suspended now.<br />
* The "-enable-hax" option has been removed. Use "-accel hax" instead.<br />
* The legacy "ivshmem" device has been removed. Use "ivshmem-doorbell" or "ivshmem-plain" instead.<br />
* The x86 machine types "pc-0.10" and "pc-0.11" have been removed. Use a newer machine type instead.<br />
* The "irq" property of the "spapr-vscsi", "spapr-vlan" and "spapr-vty" devices has been removed with no replacement.<br />
<br />
=== New deprecated options and features ===<br />
<br />
* <code>cpu-add</code> QMP/HMP command<br />
* machine-types <code>pc-0.12</code>, <code>pc-0.13</code>, <code>pc-0.14</code> and <code>pc-0.15</code><br />
* <code>qemu-nbd --partition=N</code> option<br />
<br />
Consult the [https://qemu.weilnetz.de/doc/qemu-doc.html#Deprecated-features "Deprecated Features"] appendix for the full list of historically deprecated features/options.<br />
<br />
=== Alpha ===<br />
<br />
=== Arm ===<br />
<br />
* Implement the ARMv8.0-SB extension<br />
* Implement the ARMv8.0-PredInv extension<br />
* Implement the ARMv8.1-HPD extension<br />
* Implement the ARMv8.1-LOR extension (as the trivial "no limited ordering regions provided" minimum)<br />
* Implement the ARMv8.2-FHM extension<br />
* Implement the ARMv8.2-AA32HPD extension<br />
* Implement the ARMv8.3-PAuth extension<br />
* Implement the ARMv8.3-JSConv extension<br />
* Implement the ARMv8.4-CondM extension<br />
* Implement the ARMv8.5-CondM extension<br />
* Implement the ARMv8.5-FRINT extension<br />
* Implement the Armv8.5-BTI extension for system emulation mode<br />
* New machines "musca-a" and "musca-b1" -- these model the Arm "Musca" development boards<br />
* New machine "mps2-an521" -- this is a model of the AN521 FPGA image for the MPS2 devboard<br />
* Support TBI (top-byte-ignore) properly for linux-user mode<br />
* The micro:bit board now boots simple MicroPython programs since device emulation for the timer, GPIO, NVMC and RNG has been added<br />
* The cubieboard model now implements the 'A' SRAM<br />
* AArch64 processors can now boot from a kernel placed over 4GB into RAM<br />
* The stellaris boards ("lm3s6965evb", "lm3s811evb") now implement the watchdog timer device<br />
* The BLK_MAX register in the TZ MPC device now reports the correct value<br />
* The u-boot "noload" image type is now supported for the Arm virt board<br />
* The Arm virt board now permits more than 255GB of RAM<br />
* stm32f2xx_usart: Do not update data register when device is disabled<br />
* virt board ACPI tables: COHACC override flag now correctly set in IORT SMMUv3 node<br />
* AArch32 exception return is fixed to permit a switch from Mon->Hyp mode<br />
* ftgmac100: implement the new MDIO interface on Aspeed SoC<br />
* Emulation of the ARM PMU has been improved<br />
* Fix various places where we failed to UNDEF invalid A64 instructions<br />
* Don't UNDEF a valid FCMLA on 32-bit inputs<br />
* Make FPSCR/FPCR trapped-exception bits RAZ/WI<br />
* Fixed a bug in handling clearing of FPSCR/FPSR exception status bits<br />
* armv7m_nvic: Allow byte accesses to SHPR1 register<br />
* linux-user: support HWCAP_CPUID which exposes ID registers to user code<br />
* Fixed a bug where the v8M MPU was always using the background region if it was enabled, rather than only if there was no hit on a more specific region<br />
<br />
=== HPPA ===<br />
<br />
* Fix condition code generation for "add,<" & "add,<=".<br />
* Fix the output for "dcor".<br />
* Fix pci config address access.<br />
* Map CPU HPA regions into PCI address space.<br />
<br />
=== M68k ===<br />
<br />
* The "mcf5208evb" machine now supports loading of firmware binaries with the "-bios" option.<br />
<br />
=== Microblaze ===<br />
<br />
=== MIPS ===<br />
* Added support for I7200 CPU (nanoMIPS32 ISA + DSP ASE; system mode only).<br />
* Added support for I6500 CPU (MIPS64R6 ISA + MSA ASE + multicore features).<br />
* Added support for QMP-based querying of the available CPU types.<br />
* Added support for SAARI and SAAR configuration registers.<br />
* Added support for MTTCG (multi-threaded TCG).<br />
* Improved support for ITU (Interthread Communication Unit).<br />
* Improved support for Fulong 2E machine.<br />
* Improved end user documentation.<br />
* Fixed build for MIPS n32 hosts.<br />
<br />
=== Nios2 ===<br />
<br />
=== OpenRISC ===<br />
<br />
=== PowerPC ===<br />
* sam460ex can now have 2GB memory<br />
* pseries default CPU type is now POWER9<br />
* pseries now supports the XIVE interrupt controller of POWER9 (emulated version only)<br />
* pseries can now select its interrupt controller through a new ic-mode machine option<br />
* pseries can now control the exposure of the host model and system-id through the new host-model and host-serial machine options<br />
* pseries now supports "-vga cirrus"<br />
* pseries now supports hot plug and unplug of PCI Host Bridges (PHBs)<br />
* powernv now supports POWER9 hash and radix MMU modes<br />
* powernv now allows kernel images up to 256MiB<br />
* gdbstub can now access SPRs<br />
* mac99 machine now defaults to sungem NIC instead of ne2k_pci<br />
<br />
=== RISC-V ===<br />
* The virt board now supports PCI and USB.<br />
* The FS field of mstatus now supports three states (dirty, clean, and off).<br />
* The TSR, TW, and TVM fields of mstatus are now implemented.<br />
* The misa CSR is now writable.<br />
<br />
=== s390 ===<br />
==== CPU models ====<br />
* The 'zpci' feature bit is now indicated by default in the 'qemu' cpu model.<br />
* The z14 cpu model now includes the multiple epoch and PTFF enhancement features per default.<br />
* A cpu model for the z14 GA 2 has been added.<br />
==== Devices ====<br />
* vfio-ap now no longer inhibits usage of memory ballooners.<br />
* zPCI devices now provide some instruction counters to the guest (for a Linux guest, check /sys/kernel/debug/pci/<function>/statistics).<br />
* zPCI devices are now explicitly marked as unmigratable. No change in functionality, migration support for zPCI devices had never been implemented.<br />
* vfio-ap now supports hot(un)plug of the vfio-ap device.<br />
==== TCG ====<br />
* Support for the floating-point extension facility has been added.<br />
<br />
=== SH ===<br />
<br />
=== SPARC ===<br />
<br />
=== TileGX ===<br />
<br />
=== Tricore ===<br />
<br />
=== x86 ===<br />
* The HAX accelerator is now supported for POSIX hosts other than Darwin, including Linux and NetBSD.<br />
<br />
=== Xtensa ===<br />
* xtfpga boards provide SMP support expected by linux (interrupt distributor, IPI and runstall)<br />
* New test_mmuhifi_c3 core configuration capable of running SMP linux<br />
* Flexible length instructions extension (FLIX) is now supported<br />
<br />
=== Device emulation and assignment ===<br />
<br />
==== ACPI ====<br />
<br />
==== Audio ====<br />
<br />
<br />
==== Block devices ====<br />
* IDE/via: Implement PCI IDE mode<br />
* virtio-blk: DISCARD and WRITE_ZEROES support<br />
<br />
==== Graphics ====<br />
<br />
==== Input devices ====<br />
<br />
==== I2C ====<br />
<br />
* smbus_eeprom: Will now transfer its state<br />
* pm_smbus: I2C block transfers will now work properly<br />
* pm_smbus: state transfer will now work properly<br />
<br />
==== IPMI ====<br />
<br />
==== Network devices ====<br />
<br />
* pvrdma: Add support for RDMA MAD<br />
* pvrdma: Removed the dev-caps-max-sge parameter<br />
<br />
==== NVDIMM ====<br />
<br />
==== PCI/PCIe ====<br />
<br />
==== SCSI ====<br />
<br />
==== SMBIOS ====<br />
<br />
==== TPM ====<br />
<br />
* ACPI HID for TPM TIS for TPM 2.0 has been corrected to MSFT0101; this should allow all Operating Systems to use the TPM 2.0 through the TIS interface<br />
* QEMU support for TPM PPI (Physical Presence Interface) allows OS to use PPI functionality if the firmware supports it<br />
<br />
==== USB ====<br />
<br />
==== VFIO ====<br />
<br />
==== virtio ====<br />
<br />
==== Xen ====<br />
<br />
==== fw_cfg ====<br />
<br />
==== 9pfs ====<br />
<br />
=== Audio ===<br />
<br />
=== Character devices ===<br />
<br />
* The "wait" option for the socket backend is now forbidden for client sockets. It previously had no functional effect except for server sockets.<br />
* The "reconnect" option for the socket backend is now forbidden for server sockets. It previously had no functional effect except for client sockets.<br />
<br />
=== Crypto subsystem ===<br />
<br />
* The block storage encryption backends are now capable of using multiple threads for encryption/decryption<br />
<br />
=== GUI ===<br />
<br />
* Add <code>-display spice-app</code>: configure & launch a Spice client. With upcoming virt-viewer 8.0, this will present a UI similar to QEMU GTK (with monitor & console etc), but running in a separate process.<br />
* Support for building against SDL1.2 has been deleted. SDL2 should be used instead.<br />
* The VNC server will no longer [https://bugs.launchpad.net/qemu/+bug/1795100 accidentally delete] its UNIX listener socket when clients disconnect<br />
<br />
=== Host support ===<br />
<br />
=== Memory backends ===<br />
<br />
=== Monitor ===<br />
* QMP can now execute a few commands "out of band". This is useful for postcopy recovery. For details, see docs/interop/qmp-spec.txt.<br />
* <code>query-qmp-schema</code> reflects QEMU's build configuration more closely. For instance, stuff related to replication is properly absent when QEMU was built with <code>--disable-replication</code>, and stuff specific to other targets is properly absent.<br />
* QMP events SHUTDOWN and RESET now carry a reason<br />
* New QMP command <code>query-current-machine</code><br />
* QMP/HMP command <code>system_wakeup</code> now fails when the guest isn't suspended, or doesn't even support suspend.<br />
* QMP/HMP command <code>cpu-add</code> is now deprecated<br />
* New QMP commands <code>block-dirty-bitmap-enable</code>, <code>block-dirty-bitmap-disable</code>, and <code>block-dirty-bitmap-merge</code>, plus enhancements to <code>transaction</code>, <code>nbd-server-add</code>, <code>query-block</code>, and <code>block-dirty-bitmap-add</code>, allow a management application to perform incremental backups with an NBD client as a consumer learning which portions of the disk were changed while the bitmap was enabled. The experimental commands <code>x-block-dirty-bitmap-enable</code>, <code>x-block-dirty-bitmap-disable</code>, <code>x-block-dirty-bitmap-merge</code> and <code>x-nbd-server-add-bitmap</code> were removed in favor of the stable commands.<br />
<br />
=== Migration ===<br />
* free page hinting through virtio-balloon to avoid migrating unused pages<br />
* ignore-shared feature for skipping shared memory blocks for migration-on-same-host hacks<br />
<br />
=== Network ===<br />
* new QMP/HMP command <code>announce_self</code> to trigger generation of broadcast RARP frames to update network switches.<br />
<br />
=== Block devices and tools ===<br />
* Improved tracing and error diagnostics for NBD code<br />
* Fix infinite loop in DMG image format<br />
* A new <code>qemu-nbd --bitmap</code> option allows the exposure of a persistent dirty bitmap for a qcow2 image not in use by a guest, in a simpler manner than the older procedure of using QMP commands to a temporary qemu process attached to the file.<br />
* A new <code>qemu-nbd --list</code> option enables the ability to probe a remote NBD server for information about what it is exporting.<br />
* The <code>qemu-nbd --partition=N</code> option has been deprecated; it does not support GPT partitions, and has always been broken for MBR logical partition 6 and beyond. Its functionality of exporting a subset of the guest-visible data can still be accomplished with <code>--image-opts driver=raw,offset=X,size=Y</code>.<br />
* <code>qemu-img info</code> now displays information about persistent bitmaps stored in qcow2 files.<br />
<br />
=== Tracing ===<br />
* The new qemu-trace-stap script makes it convenient to collect traces without writing SystemTap scripts. See "man qemu-trace-stap" for details.<br />
<br />
=== Miscellaneous ===<br />
<br />
* QEMU's builtin gdbstub now supports the gdb multiprocess extension. Boards which have more than one cluster of CPUs (like the 'xlnx-zcu102' board when run with '-smp 6') will report them as being two processes (each of which has one thread per CPU in the cluster). You will need at least GDB 7.2. Attach to QEMU with a GDB command sequence like:<br />
::<code>target extended :1234</code><br />
::<code>add-inferior</code><br />
::<code>inferior 2</code><br />
::<code>attach 2</code><br />
:and then the "info threads" command should show 2 processes.<br />
* QEMU will default to KVM when compiled with --disable-tcg or when launched from an executable whose name ends with "kvm".<br />
* Common Python code now lives under "python", instead of under "scripts". That directory now contains a proper "qemu" Python module. qmp Python libraries, previously under "scripts/qmp" have also moved to the same location.<br />
<br />
== User-mode emulation ==<br />
<br />
* The docker.py script now checks the path and persistence status of binfmt_misc entries when installing and updating user-mode docker containers<br />
<br />
== TCG ==<br />
<br />
* SoftFloat acceleration - where it is safe to do so, the softfloat helpers will use host floating-point instructions yielding [https://imgur.com/a/4yV8p significant performance increases]<br />
* Dynamic sizing of software TLBs, yielding [https://imgur.com/YRF90f7 noticable performance increases]<br />
* Host support for 64-bit RISC-V.<br />
<br />
== Guest agent ==<br />
<br />
<br />
== Build Information ==<br />
<br />
=== CI === <br />
<br />
* FreeBSD builds are now done via https://cirrus-ci.com/github/qemu/qemu<br />
* Additional CI builds are now run if you host your repo on gitlab<br />
<br />
=== GIT submodules ===<br />
<br />
=== Build Dependencies ===<br />
* QEMU now requires at least GCC version 4.8 or Clang version 3.4 (equivalent to Clang from Xcode 5.1 on macOS) to be built<br />
* Running the QEMU testsuite now requires the Perl Test::Harness module. Most Linux and BSD distributions however install it by default together with Perl.<br />
* For OSX hosts, our minimum supported version is now OSX 10.10. We have fixed the bug which meant that some guests would crash when running with the Cocoa UI on OSX 10.14 Mojave.<br />
* We now have some documentation in rST format which we process with Sphinx. The host system must now have the 'build-sphinx' program available (version 1.3 or better) in order for any of the documentation to be built.<br />
<br />
== Known issues ==<br />
* see [[Planning/4.0]]</div>Cleberhttps://wiki.qemu.org/index.php?title=Testing&diff=7959Testing2018-11-09T20:04:06Z<p>Cleber: </p>
<hr />
<div>== Tests included in the QEMU source ==<br />
<br />
QEMU includes a test suite comprising:<br />
<br />
* [[Testing/UnitTests|unit tests]] for library code<br />
* [[Features/QTest|QTest]]-based tests, which inject predefined stimuli into the device emulation code.<br />
* [[Testing/QemuIoTests|qemu-iotests]], a regression test suite for the block layer code.<br />
<br />
=== <tt>make check</tt> ===<br />
<br />
The unit tests and QTest-based can be run with "<tt>make check</tt>". Use "<tt>make check-help</tt>" to see a list of other available test targets and parameters (for example, you can use "<tt>make check SPEED=slow V=1</tt>" for a verbose, more thorough test run). These unit tests are used in [[#Continuous Integration|our continuous integration]] systems, based on [[Testing/Travis|Travis]] and [[Testing/Patchew|Patchew]].<br />
<br />
=== qemu-iotests ===<br />
<br />
<blockquote>''Main article: [[Testing/QemuIoTests]]''</blockquote><br />
<br />
qemu-iotests is run from the toplevel build directory with <tt>make check-block</tt>. A full version of the testsuite, taking around half an hour to run, is run with <tt>sh ../tests/check-block.sh</tt>.<br />
<br />
=== <tt>make docker</tt> ===<br />
<br />
The build system supports a number of Docker build targets which allow the source tree to be built and tested on a number of different Linux distributions regardless of your host. See [[Testing/DockerBuild]] for more information.<br />
<br />
=== device-crash-test script ===<br />
<br />
The <tt>scripts/device-crash-test</tt> script can be used to run QEMU with multiple<br />
<tt>-machine</tt> and <tt>-device</tt> combinations, to look for obvious crashes machine or<br />
device code.<br />
<br />
=== <tt>make check-acceptance</tt> ===<br />
<br />
This make target runs the tests under <tt>tests/acceptance</tt>, which are higher level functional tests.<br />
<br />
These tests are written using the Avocado Testing Framework (which will be installed automatically) in conjunction with a the <tt>avocado_qemu.Test</tt><br />
class, implemented at <tt>tests/acceptance/avocado_qemu</tt>.<br />
<br />
== System emulation ==<br />
<br />
We have [[Testing/System Images|a collection of links to disk images]] which can be used to test system emulation.<br />
<br />
== User mode emulation ==<br />
<br />
Here are some links to executables that can be used to test Linux user mode emulation:<br />
<br />
* [https://kos.to/linux-user-busyboxes-0.1.tar.xz linux-user-busyboxes-0.1.tar.xz] - Collection of static busybox binaries for almost all Linux target architectures that QEMU simulates. For quick smoke testing of Linux user mode emulation.<br />
<br />
It is also possible to [[Testing/LTP|run the Linux Test Project's syscall test suite under the Linux user mode emulation]].<br />
<br />
== Dynamic code analysis ==<br />
<br />
This includes any test to detect memory leaks, reads of uninitialised memory,<br />
buffer overflows or other forms of illegal memory access, that needs QEMU to be run, not merely compiled.<br />
<br />
=== Valgrind ===<br />
<br />
Typically these kind of tests are done using [[Documentation/Debugging with Valgrind|Valgrind]] on a Linux host.<br />
Any of the disk images and executables listed above can be used in such tests.<br />
<br />
# Simple i386 boot test (BIOS only) with Valgrind.<br />
valgrind --leak-check=full --track-origins=yes --verbose qemu-system-i386<br />
<br />
=== clang UBSan ===<br />
<br />
The [[https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html clang undefined behavior sanitizer]] can be used to warn about accidental uses of C undefined behavior when QEMU is run. To use it you first need to configure and build QEMU with a clang compiler with the right options:<br />
<br />
mkdir build/clang<br />
(cd build/clang && ../../configure --cc=clang --cxx=clang++ \<br />
'--extra-cflags=-fsanitize=undefined -fno-sanitize=shift-base -Wno-address-of-packed-member -Werror')<br />
make -C build/clang -j8<br />
<br />
(The -fno-sanitize=shift-base is a workaround for [[https://bugs.llvm.org/show_bug.cgi?id=25552 LLVM bug 25552]] where it did not correctly suppress some shift-related warnings when -fwrapv was in use. If you're using a clang where that bug is fixed, likely 3.9 or better, you can drop it.)<br />
<br />
Then when you run the resulting QEMU binaries messages will be printed when UB is invoked:<br />
<br />
hw/core/loader.c:67:15: runtime error: null pointer passed as argument 1, which is declared to never be null<br />
<br />
See the clang documentation for more information including how to produce stack backtraces on errors.<br />
<br />
== Static code analysis ==<br />
<br />
There are a number of tools which analyse C code and try to detect typical<br />
errors. None of these tools is perfect, so using different tools with QEMU<br />
will detect more bugs. Be prepared to also get lots of false warnings!<br />
<br />
=== ccc-analyzer (clang) ===<br />
<br />
This is an example used on Debian. It needs package clang.<br />
<br />
# Start from the root directory with QEMU code.<br />
mkdir -f bin/debug/ccc-analyzer<br />
cd bin/debug/ccc-analyzer<br />
../../../configure --enable-debug --enable-trace-backend=stderr \<br />
--cc=/usr/share/clang/scan-build/ccc-analyzer --disable-docs<br />
make<br />
<br />
At least on my Linux host (1 GiB RAM, 2 GiB swap), make hangs when<br />
ccc-analyzer analyzes target-mips/translate.c: function decode_opc<br />
is too complex for the analyzer and takes all memory. Killing the<br />
clang process helps in this situation. It's needed 6 times because<br />
there are 4 MIPS system emulations and 2 Linux MIPS user emulations.<br />
<br />
I guess this is because target-mips/translate.c contains switches with<br />
cases covering a very large range; assuming ccc-analyzer expands these<br />
case ranges somehow, it probably blows up memory completely.<br />
<br />
=== smatch ===<br />
<br />
Here is a typical example using smatch (from git://repo.or.cz/smatch.git):<br />
<br />
# Start from the root directory with QEMU code.<br />
mkdir -f bin/debug/smatch<br />
cd bin/debug/smatch<br />
CHECK="smatch" ../../../configure --enable-debug --cc=cgcc --host-cc=cgcc<br />
make<br />
<br />
This example expects that smatch and cgcc are installed in your PATH<br />
(if not, you must add absolute paths to the example).<br />
<br />
=== Coverity ===<br />
<br />
Periodic scans of QEMU are done on the public Coverity Scan service (scan.coverity.com). You can request access on their website, and the administrator will grant it if you are an active participant in QEMU development.<br />
<br />
Coverity is confused slightly by multiple definitions of functions with the same name. For this reason, Coverity scans are done as follows:<br />
<br />
mkdir cov-int<br />
./configure --audio-drv-list=oss,alsa,sdl,pa --disable-werror<br />
make libqemustub.a<br />
cov-build --dir cov-int make<br />
tar cvf - cov-int | xz > cov-int.tar.xz<br />
<br />
Notice that libqemustub.a is ignored by Coverity. This is because some stubs call <tt>abort()</tt> and this causes dead-code false positives. The file cov-int.tar.xz can then be uploaded to [https://scan.coverity.com/projects/378/builds/new Coverity Scan's "Submit build" page]. Customarily, the "project version" is set to the output of <tt>git describe HEAD</tt> and the "description/tag" is set to "commit XYZ" where XYZ is the '''full''' SHA1 hash of the commit.<br />
<br />
== Avocado and Avocado-VT ==<br />
<br />
Avocado is a generic testing framework (used in the <tt>make check-acceptance</tt> tests).<br />
<br />
Avocado-VT is the culmination of the old "virt-test" project (and previously known as KVM autotest) with a compatibility layer with to make it run under Avocado. Avocado-VT adds extensive support for Virtualization testing, including first level support for testing QEMU.<br />
<br />
To get started with Avocado-VT please visit:<br />
* http://avocado-vt.readthedocs.io<br />
* https://github.com/avocado-framework/avocado-vt<br />
<br />
To learn more about Avocado please visit:<br />
* http://avocado-framework.readthedocs.io<br />
* https://github.com/avocado-framework/avocado<br />
<br />
<br />
After installing it, you can use Avocado-VT tests with your own build of QEMU:<br />
<br />
avocado run boot --vt-qemu-bin /path/to/qemu-system-x86_64<br />
<br />
== Continuous Integration ==<br />
<br />
There is no central point of Continuous Integration for the QEMU project. Instead various individuals and companies have set-up various automated systems that attempt to build and test QEMU to various degrees.<br />
<br />
{{CIStatus}}<br />
<br />
== Testing related meetings ==<br />
<br />
There's a regular meeting about QEMU testing automation, Avocado's role in that,<br />
CI efforts and related topics.<br />
<br />
The meetings will take place every Tuesday from 6:00 AM to 7:00 AM,<br />
(GMT-05:00) Eastern Time - New York.<br />
<br />
The meeting ID is 2282383352, and it can be used in any of the following<br />
ways to join the meeting:<br />
<br />
* Using your browser: https://bluejeans.com/2282383352<br />
* Using one of the apps: https://www.bluejeans.com/downloads<br />
* Dialing to one of these numbers: https://www.bluejeans.com/numbers<br />
<br />
We have been using a public Trello board to keep track of the ongoing tasks:<br />
<br />
* https://trello.com/b/6Qi1pxVn/avocado-qemu<br />
<br />
Meeting agenda, notes and meeting minutes are tracked at:<br />
<br />
* https://public.etherpad-mozilla.org/p/AvocadoQEMU<br />
<br />
== See Also ==<br />
<br />
* [https://github.com/ehabkost/gdb-qemu gdb-qemu], a set of scripts that look for compatibility bugs by poking at QEMU internal data structures using GDB<br />
<br />
The following sub-pages exist:<br />
<br />
{{Special:PrefixIndex/Testing/}}</div>Cleberhttps://wiki.qemu.org/index.php?title=Testing&diff=7957Testing2018-11-09T19:31:19Z<p>Cleber: /* Avocado and Avocado-VT */</p>
<hr />
<div>== Tests included in the QEMU source ==<br />
<br />
QEMU includes a test suite comprising:<br />
<br />
* [[Testing/UnitTests|unit tests]] for library code<br />
* [[Features/QTest|QTest]]-based tests, which inject predefined stimuli into the device emulation code.<br />
* [[Testing/QemuIoTests|qemu-iotests]], a regression test suite for the block layer code.<br />
<br />
=== <tt>make check</tt> ===<br />
<br />
The unit tests and QTest-based can be run with "<tt>make check</tt>". Use "<tt>make check-help</tt>" to see a list of other available test targets and parameters (for example, you can use "<tt>make check SPEED=slow V=1</tt>" for a verbose, more thorough test run). These unit tests are used in [[#Continuous Integration|our continuous integration]] systems, based on [[Testing/Travis|Travis]] and [[Testing/Patchew|Patchew]].<br />
<br />
=== qemu-iotests ===<br />
<br />
<blockquote>''Main article: [[Testing/QemuIoTests]]''</blockquote><br />
<br />
qemu-iotests is run from the toplevel build directory with <tt>make check-block</tt>. A full version of the testsuite, taking around half an hour to run, is run with <tt>sh ../tests/check-block.sh</tt>.<br />
<br />
=== <tt>make docker</tt> ===<br />
<br />
The build system supports a number of Docker build targets which allow the source tree to be built and tested on a number of different Linux distributions regardless of your host. See [[Testing/DockerBuild]] for more information.<br />
<br />
=== device-crash-test script ===<br />
<br />
The <tt>scripts/device-crash-test</tt> script can be used to run QEMU with multiple<br />
<tt>-machine</tt> and <tt>-device</tt> combinations, to look for obvious crashes machine or<br />
device code.<br />
<br />
=== <tt>make check-acceptance</tt> ===<br />
<br />
This make target runs the tests under <tt>tests/acceptance</tt>, which are higher level functional tests.<br />
<br />
These tests are written using the Avocado Testing Framework (which will be installed automatically) in conjunction with a the <tt>avocado_qemu.Test</tt><br />
class, implemented at <tt>tests/acceptance/avocado_qemu</tt>.<br />
<br />
== System emulation ==<br />
<br />
We have [[Testing/System Images|a collection of links to disk images]] which can be used to test system emulation.<br />
<br />
== User mode emulation ==<br />
<br />
Here are some links to executables that can be used to test Linux user mode emulation:<br />
<br />
* [https://kos.to/linux-user-busyboxes-0.1.tar.xz linux-user-busyboxes-0.1.tar.xz] - Collection of static busybox binaries for almost all Linux target architectures that QEMU simulates. For quick smoke testing of Linux user mode emulation.<br />
<br />
It is also possible to [[Testing/LTP|run the Linux Test Project's syscall test suite under the Linux user mode emulation]].<br />
<br />
== Dynamic code analysis ==<br />
<br />
This includes any test to detect memory leaks, reads of uninitialised memory,<br />
buffer overflows or other forms of illegal memory access, that needs QEMU to be run, not merely compiled.<br />
<br />
=== Valgrind ===<br />
<br />
Typically these kind of tests are done using [[Documentation/Debugging with Valgrind|Valgrind]] on a Linux host.<br />
Any of the disk images and executables listed above can be used in such tests.<br />
<br />
# Simple i386 boot test (BIOS only) with Valgrind.<br />
valgrind --leak-check=full --track-origins=yes --verbose qemu-system-i386<br />
<br />
=== clang UBSan ===<br />
<br />
The [[https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html clang undefined behavior sanitizer]] can be used to warn about accidental uses of C undefined behavior when QEMU is run. To use it you first need to configure and build QEMU with a clang compiler with the right options:<br />
<br />
mkdir build/clang<br />
(cd build/clang && ../../configure --cc=clang --cxx=clang++ \<br />
'--extra-cflags=-fsanitize=undefined -fno-sanitize=shift-base -Wno-address-of-packed-member -Werror')<br />
make -C build/clang -j8<br />
<br />
(The -fno-sanitize=shift-base is a workaround for [[https://bugs.llvm.org/show_bug.cgi?id=25552 LLVM bug 25552]] where it did not correctly suppress some shift-related warnings when -fwrapv was in use. If you're using a clang where that bug is fixed, likely 3.9 or better, you can drop it.)<br />
<br />
Then when you run the resulting QEMU binaries messages will be printed when UB is invoked:<br />
<br />
hw/core/loader.c:67:15: runtime error: null pointer passed as argument 1, which is declared to never be null<br />
<br />
See the clang documentation for more information including how to produce stack backtraces on errors.<br />
<br />
== Static code analysis ==<br />
<br />
There are a number of tools which analyse C code and try to detect typical<br />
errors. None of these tools is perfect, so using different tools with QEMU<br />
will detect more bugs. Be prepared to also get lots of false warnings!<br />
<br />
=== ccc-analyzer (clang) ===<br />
<br />
This is an example used on Debian. It needs package clang.<br />
<br />
# Start from the root directory with QEMU code.<br />
mkdir -f bin/debug/ccc-analyzer<br />
cd bin/debug/ccc-analyzer<br />
../../../configure --enable-debug --enable-trace-backend=stderr \<br />
--cc=/usr/share/clang/scan-build/ccc-analyzer --disable-docs<br />
make<br />
<br />
At least on my Linux host (1 GiB RAM, 2 GiB swap), make hangs when<br />
ccc-analyzer analyzes target-mips/translate.c: function decode_opc<br />
is too complex for the analyzer and takes all memory. Killing the<br />
clang process helps in this situation. It's needed 6 times because<br />
there are 4 MIPS system emulations and 2 Linux MIPS user emulations.<br />
<br />
I guess this is because target-mips/translate.c contains switches with<br />
cases covering a very large range; assuming ccc-analyzer expands these<br />
case ranges somehow, it probably blows up memory completely.<br />
<br />
=== smatch ===<br />
<br />
Here is a typical example using smatch (from git://repo.or.cz/smatch.git):<br />
<br />
# Start from the root directory with QEMU code.<br />
mkdir -f bin/debug/smatch<br />
cd bin/debug/smatch<br />
CHECK="smatch" ../../../configure --enable-debug --cc=cgcc --host-cc=cgcc<br />
make<br />
<br />
This example expects that smatch and cgcc are installed in your PATH<br />
(if not, you must add absolute paths to the example).<br />
<br />
=== Coverity ===<br />
<br />
Periodic scans of QEMU are done on the public Coverity Scan service (scan.coverity.com). You can request access on their website, and the administrator will grant it if you are an active participant in QEMU development.<br />
<br />
Coverity is confused slightly by multiple definitions of functions with the same name. For this reason, Coverity scans are done as follows:<br />
<br />
mkdir cov-int<br />
./configure --audio-drv-list=oss,alsa,sdl,pa --disable-werror<br />
make libqemustub.a<br />
cov-build --dir cov-int make<br />
tar cvf - cov-int | xz > cov-int.tar.xz<br />
<br />
Notice that libqemustub.a is ignored by Coverity. This is because some stubs call <tt>abort()</tt> and this causes dead-code false positives. The file cov-int.tar.xz can then be uploaded to [https://scan.coverity.com/projects/378/builds/new Coverity Scan's "Submit build" page]. Customarily, the "project version" is set to the output of <tt>git describe HEAD</tt> and the "description/tag" is set to "commit XYZ" where XYZ is the '''full''' SHA1 hash of the commit.<br />
<br />
== Avocado and Avocado-VT ==<br />
<br />
Avocado is a generic testing framework (used in the <tt>make check-acceptance</tt> tests).<br />
<br />
Avocado-VT is the culmination of the old "virt-test" project (and previously known as KVM autotest) with a compatibility layer with to make it run under Avocado. Avocado-VT adds extensive support for Virtualization testing, including first level support for testing QEMU.<br />
<br />
To get started with Avocado-VT please visit:<br />
* http://avocado-vt.readthedocs.io<br />
* https://github.com/avocado-framework/avocado-vt<br />
<br />
To learn more about Avocado please visit:<br />
* http://avocado-framework.readthedocs.io<br />
* https://github.com/avocado-framework/avocado<br />
<br />
<br />
After installing it, you can use Avocado-VT tests with your own build of QEMU:<br />
<br />
avocado run boot --vt-qemu-bin /path/to/qemu-system-x86_64<br />
<br />
== Continuous Integration ==<br />
<br />
There is no central point of Continuous Integration for the QEMU project. Instead various individuals and companies have set-up various automated systems that attempt to build and test QEMU to various degrees.<br />
<br />
{{CIStatus}}<br />
<br />
== See Also ==<br />
<br />
* [https://github.com/ehabkost/gdb-qemu gdb-qemu], a set of scripts that look for compatibility bugs by poking at QEMU internal data structures using GDB<br />
<br />
The following sub-pages exist:<br />
<br />
{{Special:PrefixIndex/Testing/}}</div>Cleberhttps://wiki.qemu.org/index.php?title=Testing&diff=7956Testing2018-11-09T19:28:19Z<p>Cleber: </p>
<hr />
<div>== Tests included in the QEMU source ==<br />
<br />
QEMU includes a test suite comprising:<br />
<br />
* [[Testing/UnitTests|unit tests]] for library code<br />
* [[Features/QTest|QTest]]-based tests, which inject predefined stimuli into the device emulation code.<br />
* [[Testing/QemuIoTests|qemu-iotests]], a regression test suite for the block layer code.<br />
<br />
=== <tt>make check</tt> ===<br />
<br />
The unit tests and QTest-based can be run with "<tt>make check</tt>". Use "<tt>make check-help</tt>" to see a list of other available test targets and parameters (for example, you can use "<tt>make check SPEED=slow V=1</tt>" for a verbose, more thorough test run). These unit tests are used in [[#Continuous Integration|our continuous integration]] systems, based on [[Testing/Travis|Travis]] and [[Testing/Patchew|Patchew]].<br />
<br />
=== qemu-iotests ===<br />
<br />
<blockquote>''Main article: [[Testing/QemuIoTests]]''</blockquote><br />
<br />
qemu-iotests is run from the toplevel build directory with <tt>make check-block</tt>. A full version of the testsuite, taking around half an hour to run, is run with <tt>sh ../tests/check-block.sh</tt>.<br />
<br />
=== <tt>make docker</tt> ===<br />
<br />
The build system supports a number of Docker build targets which allow the source tree to be built and tested on a number of different Linux distributions regardless of your host. See [[Testing/DockerBuild]] for more information.<br />
<br />
=== device-crash-test script ===<br />
<br />
The <tt>scripts/device-crash-test</tt> script can be used to run QEMU with multiple<br />
<tt>-machine</tt> and <tt>-device</tt> combinations, to look for obvious crashes machine or<br />
device code.<br />
<br />
=== <tt>make check-acceptance</tt> ===<br />
<br />
This make target runs the tests under <tt>tests/acceptance</tt>, which are higher level functional tests.<br />
<br />
These tests are written using the Avocado Testing Framework (which will be installed automatically) in conjunction with a the <tt>avocado_qemu.Test</tt><br />
class, implemented at <tt>tests/acceptance/avocado_qemu</tt>.<br />
<br />
== System emulation ==<br />
<br />
We have [[Testing/System Images|a collection of links to disk images]] which can be used to test system emulation.<br />
<br />
== User mode emulation ==<br />
<br />
Here are some links to executables that can be used to test Linux user mode emulation:<br />
<br />
* [https://kos.to/linux-user-busyboxes-0.1.tar.xz linux-user-busyboxes-0.1.tar.xz] - Collection of static busybox binaries for almost all Linux target architectures that QEMU simulates. For quick smoke testing of Linux user mode emulation.<br />
<br />
It is also possible to [[Testing/LTP|run the Linux Test Project's syscall test suite under the Linux user mode emulation]].<br />
<br />
== Dynamic code analysis ==<br />
<br />
This includes any test to detect memory leaks, reads of uninitialised memory,<br />
buffer overflows or other forms of illegal memory access, that needs QEMU to be run, not merely compiled.<br />
<br />
=== Valgrind ===<br />
<br />
Typically these kind of tests are done using [[Documentation/Debugging with Valgrind|Valgrind]] on a Linux host.<br />
Any of the disk images and executables listed above can be used in such tests.<br />
<br />
# Simple i386 boot test (BIOS only) with Valgrind.<br />
valgrind --leak-check=full --track-origins=yes --verbose qemu-system-i386<br />
<br />
=== clang UBSan ===<br />
<br />
The [[https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html clang undefined behavior sanitizer]] can be used to warn about accidental uses of C undefined behavior when QEMU is run. To use it you first need to configure and build QEMU with a clang compiler with the right options:<br />
<br />
mkdir build/clang<br />
(cd build/clang && ../../configure --cc=clang --cxx=clang++ \<br />
'--extra-cflags=-fsanitize=undefined -fno-sanitize=shift-base -Wno-address-of-packed-member -Werror')<br />
make -C build/clang -j8<br />
<br />
(The -fno-sanitize=shift-base is a workaround for [[https://bugs.llvm.org/show_bug.cgi?id=25552 LLVM bug 25552]] where it did not correctly suppress some shift-related warnings when -fwrapv was in use. If you're using a clang where that bug is fixed, likely 3.9 or better, you can drop it.)<br />
<br />
Then when you run the resulting QEMU binaries messages will be printed when UB is invoked:<br />
<br />
hw/core/loader.c:67:15: runtime error: null pointer passed as argument 1, which is declared to never be null<br />
<br />
See the clang documentation for more information including how to produce stack backtraces on errors.<br />
<br />
== Static code analysis ==<br />
<br />
There are a number of tools which analyse C code and try to detect typical<br />
errors. None of these tools is perfect, so using different tools with QEMU<br />
will detect more bugs. Be prepared to also get lots of false warnings!<br />
<br />
=== ccc-analyzer (clang) ===<br />
<br />
This is an example used on Debian. It needs package clang.<br />
<br />
# Start from the root directory with QEMU code.<br />
mkdir -f bin/debug/ccc-analyzer<br />
cd bin/debug/ccc-analyzer<br />
../../../configure --enable-debug --enable-trace-backend=stderr \<br />
--cc=/usr/share/clang/scan-build/ccc-analyzer --disable-docs<br />
make<br />
<br />
At least on my Linux host (1 GiB RAM, 2 GiB swap), make hangs when<br />
ccc-analyzer analyzes target-mips/translate.c: function decode_opc<br />
is too complex for the analyzer and takes all memory. Killing the<br />
clang process helps in this situation. It's needed 6 times because<br />
there are 4 MIPS system emulations and 2 Linux MIPS user emulations.<br />
<br />
I guess this is because target-mips/translate.c contains switches with<br />
cases covering a very large range; assuming ccc-analyzer expands these<br />
case ranges somehow, it probably blows up memory completely.<br />
<br />
=== smatch ===<br />
<br />
Here is a typical example using smatch (from git://repo.or.cz/smatch.git):<br />
<br />
# Start from the root directory with QEMU code.<br />
mkdir -f bin/debug/smatch<br />
cd bin/debug/smatch<br />
CHECK="smatch" ../../../configure --enable-debug --cc=cgcc --host-cc=cgcc<br />
make<br />
<br />
This example expects that smatch and cgcc are installed in your PATH<br />
(if not, you must add absolute paths to the example).<br />
<br />
=== Coverity ===<br />
<br />
Periodic scans of QEMU are done on the public Coverity Scan service (scan.coverity.com). You can request access on their website, and the administrator will grant it if you are an active participant in QEMU development.<br />
<br />
Coverity is confused slightly by multiple definitions of functions with the same name. For this reason, Coverity scans are done as follows:<br />
<br />
mkdir cov-int<br />
./configure --audio-drv-list=oss,alsa,sdl,pa --disable-werror<br />
make libqemustub.a<br />
cov-build --dir cov-int make<br />
tar cvf - cov-int | xz > cov-int.tar.xz<br />
<br />
Notice that libqemustub.a is ignored by Coverity. This is because some stubs call <tt>abort()</tt> and this causes dead-code false positives. The file cov-int.tar.xz can then be uploaded to [https://scan.coverity.com/projects/378/builds/new Coverity Scan's "Submit build" page]. Customarily, the "project version" is set to the output of <tt>git describe HEAD</tt> and the "description/tag" is set to "commit XYZ" where XYZ is the '''full''' SHA1 hash of the commit.<br />
<br />
== Avocado and Avocado-VT ==<br />
<br />
Avocado is a generic testing framework, while Avocado-VT adds support for Virtualization testing, including first level support for testing QEMU.<br />
<br />
To get started with Avocado-VT please visit:<br />
* http://avocado-vt.readthedocs.io<br />
* https://github.com/avocado-framework/avocado-vt<br />
<br />
To learn more about Avocado please visit:<br />
* http://avocado-framework.readthedocs.io<br />
* https://github.com/avocado-framework/avocado<br />
<br />
<br />
After installing it, you can use Avocado-VT tests with your own build of QEMU:<br />
<br />
avocado run boot --vt-qemu-bin /path/to/qemu-system-x86_64<br />
<br />
== Continuous Integration ==<br />
<br />
There is no central point of Continuous Integration for the QEMU project. Instead various individuals and companies have set-up various automated systems that attempt to build and test QEMU to various degrees.<br />
<br />
{{CIStatus}}<br />
<br />
== See Also ==<br />
<br />
* [https://github.com/ehabkost/gdb-qemu gdb-qemu], a set of scripts that look for compatibility bugs by poking at QEMU internal data structures using GDB<br />
<br />
The following sub-pages exist:<br />
<br />
{{Special:PrefixIndex/Testing/}}</div>Cleberhttps://wiki.qemu.org/index.php?title=Testing&diff=5627Testing2016-06-28T11:48:06Z<p>Cleber: </p>
<hr />
<div>== QEMU disk images ==<br />
<br />
Here is a collection of disk images which can be used to test system emulation.<br />
<br />
{| class="wikitable" border="1"<br />
! File<br />
! Comment<br />
|-<br />
| [http://wiki.qemu.org/download/linux-0.2.img.bz2 linux-0.2.img.bz2] (8 MB)<br />
| Small Linux disk image containing a 2.6.20 Linux kernel, X11 and various utilities to test QEMU<br />
|-<br />
| [http://odin.fdos.org/odin2005/odin1440.img odin1440.img]<br />
| FreeDOS floppy disk image from [http://odin.fdos.org/ ODIN] (Steve Nickolas)<br />
|-<br />
| [http://nopid.free.fr/small.ffs.bz2 small.ffs.bz2]<br />
| Small NetBSD Image (thanx to Nicolas Ollinger)<br />
|-<br />
| [http://wiki.qemu.org/download/minix204.tar.bz2 minix204.tar.bz2]<br />
| Minix 2.0.4 (thanx to TĂșlio Almeida Pexoto)<br />
|-<br />
| [http://wiki.qemu.org/download/efi-bios.tar.bz2 efi-bios.tar.bz2]<br />
| EFI BIOS for QEMU (thanx to Tristan Gingold)<br />
|-<br />
| [http://wiki.qemu.org/download/sparc-test-0.2.tar.gz sparc-test-0.2.tar.gz]<br />
| SPARC Linux 2.6 test kernel and initrd disk image<br />
|-<br />
| [http://wiki.qemu.org/download/arm-test-0.2.tar.gz arm-test-0.2.tar.gz]<br />
| ARM Linux 2.6 test kernel and initrd disk image (thanx to Paul Brook)<br />
|-<br />
| [http://wiki.qemu.org/download/mips-test-0.2.tar.gz mips-test-0.2.tar.gz]<br />
| MIPS Linux 2.6 test kernel and initrd disk image (thanx to Thiemo Seufer)<br />
|-<br />
| [http://wiki.qemu.org/download/mipsel-test-0.2.tar.gz mipsel-test-0.2.tar.gz]<br />
| MIPS little endian Linux 2.6 test kernel and initrd disk image (thanx to Thiemo Seufer)<br />
|-<br />
| [http://wiki.qemu.org/download/coldfire-test-0.1.tar.bz2 coldfire-test-0.1.tar.bz2]<br />
| Coldfire Linux 2.6 test kernel and initrd disk image (thanx to Paul Brook)<br />
|-<br />
| [http://wiki.qemu.org/download/sh-test-0.2.tar.bz2 sh-test-0.2.tar.bz2]<br />
| SH4 Linux 2.6 test kernel and initrd disk image (thanx to Shin-ichiro KAWASAKI)<br />
|-<br />
| [http://wiki.qemu.org/download/cris-axisdev88-img-linux2_6_33.tgz cris-axisdev88-img-linux2_6_33.tgz]<br />
| CRIS AXIS Devboard88 Linux 2.6 test image with selftesting testsuite (Edgar E. Iglesias)<br />
|-<br />
| [http://wiki.qemu.org/download/mb-s3adsp1800-linux-2_6_34.tgz mb-s3adsp1800-linux-2_6_34.tgz]<br />
| Microblaze S3ADSP1800 Linux 2.6 test image with selftesting testsuite (Edgar E. Iglesias)<br />
|-<br />
| [http://wiki.qemu.org/download/ppc-virtexml507-linux-2_6_34.tgz ppc-virtexml507-linux-2_6_34.tgz]<br />
| PPC-440 Virtex-ML507 Linux 2.6 test image (Edgar E. Iglesias)<br />
|-<br />
| [http://wiki.qemu.org/download/xtensa-dc232b_kernel_rootfs.tgz xtensa-dc232b_kernel_rootfs.tgz]<br />
| Xtensa Linux 2.6.29 test image (Max Filippov)<br />
|}<br />
<br />
== QEMU Linux user mode emulation tests ==<br />
<br />
These executables can be used to test Linux user mode emulation.<br />
<br />
{| class="wikitable" border="1"<br />
! File<br />
! Comment<br />
|-<br />
| [http://wiki.qemu.org/download/linux-user-test-0.3.tar.gz linux-user-test-0.3.tar.gz]<br />
| Distribution of shared libraries and various shell executables for almost all Linux target architectures that QEMU simulates. It is used to make regression tests on the Linux user mode emulation.<br />
|-<br />
| [https://kos.to/linux-user-busyboxes-0.1.tar.xz linux-user-busyboxes-0.1.tar.xz]<br />
| Collection of static busybox binaries for almost all Linux target architectures that QEMU simulates. For quick smoke testing of Linux user mode emulation.<br />
|}<br />
<br />
It is also possible to [[Testing/LTP|run the Linux Test Project's syscall test suite under the Linux user mode emulation]].<br />
<br />
== Dynamic code analysis ==<br />
<br />
This includes any test to detect memory leaks, reads of uninitialised memory,<br />
buffer overflows or other forms of illegal memory access.<br />
<br />
Typically these kind of tests are done using [[Debugging with Valgrind|Valgrind]] on a Linux host.<br />
Any of the disk images and executables listed above can be used in such tests.<br />
<br />
# Simple i386 boot test (BIOS only) with Valgrind.<br />
valgrind --leak-check=full --track-origins=yes --verbose qemu-system-i386<br />
<br />
== Static code analysis ==<br />
<br />
There are a number of tools which analyse C code and try to detect typical<br />
errors. None of these tools is perfect, so using different tools with QEMU<br />
will detect more bugs. Be prepared to also get lots of false warnings!<br />
<br />
=== ccc-analyzer (clang) ===<br />
<br />
This is an example used on Debian. It needs package clang.<br />
<br />
# Start from the root directory with QEMU code.<br />
mkdir -f bin/debug/ccc-analyzer<br />
cd bin/debug/ccc-analyzer<br />
../../../configure --enable-debug --enable-trace-backend=stderr \<br />
--cc=/usr/share/clang/scan-build/ccc-analyzer --disable-docs<br />
make<br />
<br />
At least on my Linux host (1 GiB RAM, 2 GiB swap), make hangs when<br />
ccc-analyzer analyzes target-mips/translate.c: function decode_opc<br />
is too complex for the analyzer and takes all memory. Killing the<br />
clang process helps in this situation. It's needed 6 times because<br />
there are 4 MIPS system emulations and 2 Linux MIPS user emulations.<br />
<br />
I guess this is because target-mips/translate.c contains switches with<br />
cases covering a very large range; assuming ccc-analyzer expands these<br />
case ranges somehow, it probably blows up memory completely.<br />
<br />
=== smatch ===<br />
<br />
Here is a typical example using smatch (from git://repo.or.cz/smatch.git):<br />
<br />
# Start from the root directory with QEMU code.<br />
mkdir -f bin/debug/smatch<br />
cd bin/debug/smatch<br />
CHECK="smatch" ../../../configure --enable-debug --cc=cgcc --host-cc=cgcc<br />
make<br />
<br />
This example expects that smatch and cgcc are installed in your PATH<br />
(if not, you must add absolute paths to the example).<br />
<br />
=== Coverity ===<br />
<br />
Periodic scans of QEMU are done on the public Coverity Scan service (scan.coverity.com). You can request access on their website, and the administrator will grant it if you are an active participant in QEMU development.<br />
<br />
Coverity is confused slightly by multiple definitions of functions with the same name. For this reason, Coverity scans are done as follows:<br />
<br />
mkdir cov-int<br />
./configure<br />
make libqemustub.a<br />
cov-build --dir cov-int make<br />
tar cvf - cov-int | xz > cov-int.tar.xz<br />
<br />
Notice that libqemustub.a is ignored by Coverity. This is because some stubs call <tt>abort()</tt> and this causes dead-code false positives. The file cov-int.tar.xz can then be uploaded to [https://scan.coverity.com/projects/378/builds/new Coverity Scan's "Submit build" page]. Customarily, the "project version" is set to the output of <tt>git describe HEAD</tt> and the "description/tag" is set to "commit XYZ" where XYZ is the '''full''' SHA1 hash of the commit.<br />
<br />
=== Avocado and Avocado-VT ===<br />
<br />
Avocado is a generic testing framework, while Avocado-VT adds support for Virtualization testing, including first level support for testing QEMU.<br />
<br />
To get started with Avocado-VT (and Avocado) please visit:<br />
<br />
http://avocado-vt.readthedocs.io<br />
<br />
After installing it, you can use Avocado-VT tests with your own build of QEMU:<br />
<br />
avocado run boot --vt-qemu-bin /path/to/qemu-system-x86_64<br />
<br />
[[Category:Testing]]</div>Cleber