Skip to main content
SpringerLink
Log in

Automated Testing of a TCG Frontend for Qemu

  • Published:
Programming and Computer Software Aims and scope Submit manuscript

Abstract

Implementing new target architecture in Qemu involves creating a frontend of the TCG dynamic binary translator to this architecture. Testing is necessary to verify the correctness of that translator component. Currently, existing TCG frontend testing systems use an approach based on comparison with an oracle. This oracle has the same processor architecture and can be a real processor, high-fidelity emulator, or another binary translator. Unfortunately, these oracles are not always available. This paper is devoted to testing a target architecture implementation in Qemu when the necessary oracle is not available. The proposed approach is based on the fact that the binutils package and C compiler are usually available even for rarely used processor architectures. A program written in a high-level programming language is expected to run in the same manner on different processor architectures if it is possible to avoid its undefined or implementation-defined behavior. This allows two different executables to be compared on a developer’s machine and a virtual machine being tested. The units to be compared are entities of the high-level programming language used to write tests; in our case, tests are written in C. The approach is implemented in CPU Testing Tool (c2t) and is part of the Qemu Development Toolkit (QDT); its source code is available at https://github.com/ispras/qdt. c2t is implemented in Python and supports Qemu testing in both full-system and user-level emulation modes. This tool is suitable for testing TCG frontends generated by automated TCG frontend generation systems or implemented manually.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.

Similar content being viewed by others

REFERENCES

  1. Efimov, V.Yu., Bezzubikov, A.A., Bogomolov, D.A., Goremykin, O.V., and Padaryan, V.A., Automation of device and machine development for QEMU, Tr. Inst. Sist. Program. Ross. Akad. Nauk (Proc. Inst. Syst. Program. Russ. Acad. Sci.), 2017, vol. 29, no. 6, pp. 77–104. https://doi.org/10.15514/ISPRAS-2017-29(6)-4

  2. Bezzubikov, A., Belov, N., and Batuzov, K., Automatic dynamic binary translator generation from instruction set description, Proc. Inst. Syst. Program. Russ. Acad. Sci. Open Conf., 2017, pp. 27–33. https://doi.org/10.1109/ISPRAS.2017.00012

  3. Howden, W.E., Theoretical and empirical studies of program testing, Proc. 3rd Int. Conf. Software Engineering, 1978, pp. 305–311.

  4. Martignoni, L., Paleari, R., Roglia, G.F., and Bruschi, D., Testing CPU emulators, Proc. 18th Int. Symp. Software Testing and Analysis, 2009, pp. 261–272.

  5. Martignoni, L., Paleari, R., Roglia, G.F., and Bruschi, D., Testing system virtual machines, Proc. 19th Int. Symp. Software Testing and Analysis, 2010, pp. 171–182.

  6. Yan, Q. and McCamant, S., Fast PokeEMU: Scaling generated instruction tests using aggregation and state chaining, Proc. 14th ACM SIGPLAN/SIGOPS Int. Conf. Virtual Execution Environments, 2018.

  7. Linaro Git Hosting, Risu: Random instruction sequence tester for userspace. https://git.linaro.org/people/pmaydell/risu.git/about.

  8. Kamkin, A.S., Sergeeva, T.I., Smolov, S.A., Tatarnikov, A.D., and Chupilko, M.M., Extensible environment for test program generation for microprocessors, Program. Comput. Software, 2014, vol. 40, no. 1, pp. 1–9.

    Article  Google Scholar 

  9. Kim, S., Faerevaag, M., Jung, M., Jung, S., Oh, D.Y., Lee, J.H., and Cha, S.K., Testing intermediate representations for binary analysis, Proc. 32nd IEEE/ACM Int. Conf. Automated Software Engineering, 2017, pp. 353–364.

  10. Martignoni, L., McCamant, S., Poosankam, P., Song, D., and Maniatis, P., Path-exploration lifting: Hi-fi tests for lo-fi emulators, Proc. Int. Conf. Architectural Support for Programming Languages and Operating Systems, 2012, pp. 337–348.

  11. Shi, H., Alwabel, A., and Mirkovic, J., Cardinal pill testing of system virtual machines, Proc. 23rd USENIX Security Symp., 2014, pp. 271–285.

  12. GitHub, pyrsp. https://github.com/stef/pyrsp.

  13. GitHub, pyelftools. https://github.com/eliben/pyelftools.

  14. GitHub, Qemu MSP430. https://github.com/draperlaboratory/qemu-msp.

  15. ARM and Thumb-2 instruction set quick reference card. http://infocenter.arm.com/help/topic/com.arm.doc. qrc0001m/QRC0001_UAL.pdf.

  16. MIPS instruction reference. https://s3-eu-west-1.amazonaws.com/downloads-mips/documents/MD00565-2B-MIPS32-Q RC-01.01.pdf.

  17. MSP430x2xx family user’s guide. http://www.ti.com/lit/ug/slau144j/slau144j.pdf.

Download references

Funding

This work was supported by the Russian Foundation for Basic Research, project no. 16-29-09632.

Author information

Authors and Affiliations

  1. Ivannikov Institute for System Programming, Russian Academy of Sciences, ul. Solzhenitsyna 25, 109004, Moscow, Russia

    D. S. Koltunov, V. Yu. Efimov & V. A. Padaryan

  2. Moscow State University, 119991, Moscow, Russia

    V. A. Padaryan

Authors
  1. D. S. Koltunov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. V. Yu. Efimov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. V. A. Padaryan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to D. S. Koltunov, V. Yu. Efimov or V. A. Padaryan.

Additional information

Translated by Yu. Kornienko

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Koltunov, D.S., Efimov, V.Y. & Padaryan, V.A. Automated Testing of a TCG Frontend for Qemu. Program Comput Soft 46, 737–746 (2020). https://doi.org/10.1134/S0361768820080058

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1134/S0361768820080058

Search

Navigation