@@ -101,3 +101,90 @@ depending on the guest architecture.
101101
102102A number of features are are only available when running under
103103emulation including :ref: `Record/Replay<replay> ` and :ref: `TCG Plugins `.
104+
105+ .. _Semihosting :
106+
107+ Semihosting
108+ -----------
109+
110+ Semihosting is a feature defined by the owner of the architecture to
111+ allow programs to interact with a debugging host system. On real
112+ hardware this is usually provided by an In-circuit emulator (ICE)
113+ hooked directly to the board. QEMU's implementation allows for
114+ semihosting calls to be passed to the host system or via the
115+ ``gdbstub ``.
116+
117+ Generally semihosting makes it easier to bring up low level code before a
118+ more fully functional operating system has been enabled. On QEMU it
119+ also allows for embedded micro-controller code which typically doesn't
120+ have a full libc to be run as "bare-metal" code under QEMU's user-mode
121+ emulation. It is also useful for writing test cases and indeed a
122+ number of compiler suites as well as QEMU itself use semihosting calls
123+ to exit test code while reporting the success state.
124+
125+ Semihosting is only available using TCG emulation. This is because the
126+ instructions to trigger a semihosting call are typically reserved
127+ causing most hypervisors to trap and fault on them.
128+
129+ .. warning ::
130+ Semihosting inherently bypasses any isolation there may be between
131+ the guest and the host. As a result a program using semihosting can
132+ happily trash your host system. You should only ever run trusted
133+ code with semihosting enabled.
134+
135+ Redirection
136+ ~~~~~~~~~~~
137+
138+ Semihosting calls can be re-directed to a (potentially remote) gdb
139+ during debugging via the :ref: `gdbstub<GDB usage> `. Output to the
140+ semihosting console is configured as a ``chardev `` so can be
141+ redirected to a file, pipe or socket like any other ``chardev ``
142+ device.
143+
144+ Supported Targets
145+ ~~~~~~~~~~~~~~~~~
146+
147+ Most targets offer similar semihosting implementations with some
148+ minor changes to define the appropriate instruction to encode the
149+ semihosting call and which registers hold the parameters. They tend to
150+ presents a simple POSIX-like API which allows your program to read and
151+ write files, access the console and some other basic interactions.
152+
153+ For full details of the ABI for a particular target, and the set of
154+ calls it provides, you should consult the semihosting specification
155+ for that architecture.
156+
157+ .. note ::
158+ QEMU makes an implementation decision to implement all file
159+ access in ``O_BINARY `` mode. The user-visible effect of this is
160+ regardless of the text/binary mode the program sets QEMU will
161+ always select a binary mode ensuring no line-terminator conversion
162+ is performed on input or output. This is because gdb semihosting
163+ support doesn't make the distinction between the modes and
164+ magically processing line endings can be confusing.
165+
166+ .. list-table :: Guest Architectures supporting Semihosting
167+ :widths: 10 10 80
168+ :header-rows: 1
169+
170+ * - Architecture
171+ - Modes
172+ - Specification
173+ * - Arm
174+ - System and User-mode
175+ - https://github.com/ARM-software/abi-aa/blob/main/semihosting/semihosting.rst
176+ * - m68k
177+ - System
178+ - https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=libgloss/m68k/m68k-semi.txt;hb=HEAD
179+ * - MIPS
180+ - System
181+ - Unified Hosting Interface (MD01069)
182+ * - Nios II
183+ - System
184+ - https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;a=blob;f=libgloss/nios2/nios2-semi.txt;hb=HEAD
185+ * - RISC-V
186+ - System and User-mode
187+ - https://github.com/riscv/riscv-semihosting-spec/blob/main/riscv-semihosting-spec.adoc
188+ * - Xtensa
189+ - System
190+ - Tensilica ISS SIMCALL
0 commit comments