|
|
|
|
|
|
by pm215
2797 days ago
|
|
|
QEMU hasn't got round to pointer-authentication yet
either, so that's pretty good going. I like the "fuzz-test one implementation against another" approach. That's quite similar to how we test QEMU against real hardware (at least for straightforward userspace insns): https://git.linaro.org/people/peter.maydell/risu.git/tree/RE... (Upstream in QEMU we're talking/working on trying to improve our support for instrumentation. But definitely today we don't do anything much in that area.) |
|
|
Thanks very much! I do however note we're not trying for full system emulation for v8; we're primarily interested in userspace emulation since that's our primary usecase, so system instructions aren't necessary for us, which does reduce our workload!
While we're on that topic, we make a few simplifying assumptions for performance reasons (e.g. no self-modifying code). Thinking about it, I feel like I should document these assumptions somewhere; I'll do that when I can.
> That's quite similar to how we test QEMU against real hardware
That's great! I love semi-automated testing.
An emulator vs emulator fuzz test has some advantages: You can test more instructions than you are able to on hardware. For example, you can test arbitrary jump instructions and memory instructions (assuming the emulations have sufficient instrumentation to catch arbitrary memory reads/writes and jumps off into the ether).
We fuzz against unicorn here: https://github.com/MerryMage/dynarmic/blob/master/tests/A64/.... This uses our instruction table (https://github.com/MerryMage/dynarmic/blob/master/src/fronte...) to generate instructions.