BohdanQQ

Intel Simics

A little gem I discovered while looking for a way to properly debug my amd64 implementation of PCIDs (more widely known as ASIDs)...

Intro

This is just a quick note for anyone who might sumble upon this intriguing tool. Simics is a full platform simulator developed (now) by Intel.

It allows simulation and modeling of just about everything: registers, MMUs, CPUs, SoCs, ... Intel distributes a free version that allowed me to poke around for a bit and what I found made me excited and sad at the same time.

I've been attempting to implement PCID feature for a microkernel OS HelenOS. Early in the process, I had no real way to output data meaningfully for my debugging purposes (especially in the early OS boot process...). It could be that my methods of testing the boot stages of an OS are flawed but all my attempts were failing. I used QEMU and while I tried using GBD to debug the QEMU machine, I could not get memory breakpoints to work... And because the OS is not loaded immediately, I had no real way to trigger a breakpoint... (again, I have no idea why the memory breakpoints did not work...).

GDB would allow me to inspect critical registers and all would be fine. Instead, I had to fall back on a trial-and-error approach which took considerable time.

Promising software with arcane vibes

Then, a few hours after finishing my first iteration, I stumbled upon a random "Intel's Simics Rust bindings" crate post on Reddit. My attention focused on the Intel Simics part because I have never heard of anything "Simics" or "Intel Simulator". Inspired by the feelings and awe that Intel's Pin tool has evoked in me last time I learned about it, I looked it up and oh boy was there a surprise!

Not only was this "THE" thing that would solve my initial problem. As I've come in contact with various SoCs practically through my research on them, and low-level info about hardware in general, I always wondered: HOW are the companies designing the chips? WHAT tools are they using? And are there other tools/things apart from (and most importantly in between) logic gate simulators (educational) and FPGAs? (of course I could have just look them up but the questions never really gave me the itch) This tool seems to fit! To me, it feels a level above a complete electronics simulation and a level below a regular virtual machine. Wonderful regardless of my usecases. What's more, only a handful of sites/posts seem to mention the tool on the internet. There are companies using it but after looking for some basic usecases, I gave up and consulted both Simics manual and the tool itself to learn how to use it.

The arcane mysteries of the software

Simics comes as a "package manager" that installs various "platforms". There is the publicly available Quick Start Platform that (apart from the base product) provides training materials and most importantly Intel CPU models!

The platform comes in various packages (examples: RISC-V, GDB, QSP-x86, Training, ...). The "package manager" also manages and bootstraps user "projects". From what I gathered, projects are based on a platform and user can select a subset of the platform's packages to base the project on those packages.

Simics is controled via a CLI interface (that also has a companion GUI) in which you load "target scripts". Those scripts tell Simics core what to simulate, they basically refer to the model that the simulator will run.

I poked around a new project based on all the available packages. This way, you can "launch demo" and have a "clear linux" booted up.

Upon inspection of the CPU registers (this time via the GUI), I was perplexed: the CPU was shown as "x86-64" but the register names were eax (one would expec rax etc.), ... and they were only 4 bytes wide... The "clear linux" was fully booted and the disassembly Simics provides showed 8-byte canonical addresses. What's more, and could be very sad if confirmed, is that there was no apparent support for PCID in the control registers...

CR4 register with bit 17 (PCID) missing

I poked around the CLI tool to get a grip on how I could boot up my own ISO image since HelenOS is compiled into an iso file with GRUB. These are the commands I ended up with:

run-command-file ./targets/qsp-x86/qsp-modern-core.simics

new-cdrom-image ./image.iso

board.cdrom.cd.insert image0

targets folder contains a set of "trampoline" scripts that just refer to the Simics installation files. All paths in the example are relative to the script's directory (the project root).

Aaaaand - HelenOS did not boot up. It displayed GRUB and started loading stuff from the image according to GRUB's debug output (enabled by setting set debug=all and set pager=1 in GRUB console). The process then page-faults with Loading kernel on the graphical console and the following displayed on the serial console:

!!!! X64 Exception Type - 0E(#PF - Page-Fault)  CPU Apic ID - 00000000 !!!!
ExceptionData - 0000000000000002  I:0 R:0 U:0 W:1 P:0 PK:0 SS:0 SGX:0
RIP  - 00000000A62DA9EB, CS  - 0000000000000038, RFLAGS - 0000000000010206
RAX  - FFFFFFFFFFFFFFFF, RCX - 00000000DEF654C0, RDX - FFFFFFFFFFFFFFFF
RBX  - 00000000A626C5A0, RSP - 00000000DF3219F0, RBP - FFFFFFFFFFFFFC24
RSI  - FFFFFFFFFFFFFFFF, RDI - 00000000DF32CCE1
R8   - 0000000000000000, R9  - 0000000000000000, R10 - 000000000002600F
R11  - 00000000A62527E0, R12 - 0000000000191000, R13 - 00000000A62DAA00
R14  - 00000000DD7882E4, R15 - 00000000A648B380
DS   - 0000000000000030, ES  - 0000000000000030, FS  - 0000000000000030
GS   - 0000000000000030, SS  - 0000000000000030
CR0  - 0000000080010033, CR2 - FFFFFFFFFFFFFFFF, CR3 - 00000000DF001000
CR4  - 0000000000000668, CR8 - 0000000000000000
DR0  - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3  - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 00000000DEFEB000 0000000000000047, LDTR - 0000000000000000
IDTR - 00000000DE7CC018 0000000000000FFF,   TR - 0000000000000000
FXSAVE_STATE - 00000000DF321650
!!!! Can't find image information. !!!!

I experimented with the tool only for a few hours and after this failure I was unable to properly debug it, let alone fix it.

I have a hunch it might do something with either how HelenOS is compiled or with the requirements of the simulated platform. Maybe it needs some other image format? Who knows. I was also unable to boot the kernel through the GRUB commands (mainly because this was my first time interacting with GRUB apart from boot selection).

This post might get expanded if I ever decide to get back to this. Most knowledge about any sort detailed usage of this tool seems to be limited to for-profit/enterprise environments. The tool also has an Eclipse integration that is unfortunately not available for free. According to the internet, the Eclipse version is the part of Simics that allows device/platform model creation. So unless I missed something or Intel releases a "fully-featured" CPU model, there seems to be no way to simulate PCID anywhere - even QEMU requires the host to support both pcid and invpcid because it cannot emulate it.

Last update

18th September 2024