Executing a binary under simulation from a command line?

Question

Is there a way to execute a simple Linux binary under Simics simulation from the command line?

Something like

simics -some-flags ./a.out

Answer 1

There is no application mode (or system calls mode) in Simics out-of-the-box now.

Depending on the needs, one could compile payload to ELF-file without standard libraries using _start as entry point and, perhaps, linker script to setup custom layout. That could work as kind of bare-metal mode - Simics has load-binary command to place ELF file into physical memory and returns its starting address - just set %rip = <start-address> and start simulation. Entire script could look like this:

$start = (load-binary $elf_file)
%rip = $start
%rsp = 0x40001000
bp.hap.run-until name = X86_HLT_Instr

assuming application has hlt instruction at the end of its _start. If hlt is undesirable then Simics has so-called magic instruction - please, include simics-6.0.xx\src\include\simics\magic-instruction.h from your Simics installation and then use MAGIC_BREAKPOINT macro in your source. Then in above script instead of run-until use enable-magic-breakpoint - Simics will stop any time it hits magic instruction during simulation.

You can set $elf_file to application path manually in the same script or during Simics's invocation in command line like this:

./simics -e \$elf_file=$HOME/my-new-project/a.out ...

As a workaround, one could use CRT substitution (i.e. provide custom standard library). For example, to support printf and friends, Simics has simple TTY-console model that accepts byte writes to specific (customizable) location in address space such that putchar can be overridden to use this address and rest of the standard functions can stay in tact.

Yet another workaround is printing to memory and at the end dump it to a file like this:

(pselect)->physical_memory.save-file mem.txt 0x40001000 1000 -overwrite

This will dump 1000 bytes at physical address = 0x40001000 to mem.txt file. It's usually the fastest way to run some test in batch mode and later explore its logs.

Finally, one could compile an application as UEFI payload and pair it with smth like https://slimbootloader.github.io/supported-hardware/qsp.html. With some efforts, it may run both on Simics and real hardware (still in bare-metal mode).

Answer 2

It is not clear from the question what the intended use case is.

If the goal is to upload and run a Linux binary on the simulated system, after the Linux system has booted to prompt, the most efficient way would seem to be to use a combination of Simics features:

• Boot the system to prompt
• Make sure the Simics Agent is running on the target system (default in default Linux image)
• Take a checkpoint of the booted state of the system
• Create a new Simics script that:
  • Opens the checkpoint
  • Starts the Simics agent manager in Simics
  • Uploads the binary using the agent
  • Runs it either using serial port input or the agent runcommand

The Simics script would take the name of the program as an argument. Then you would do something like:

$ ./simics targets/qsp-x86/run-prog.simics prog=a.out

The script would be something like:

decl {
    param program:  file("*.params") or nil = NIL
    ! Program to run
}

read-configuration "my-booted-checkpoint.ckpt"

$system = board ## Name of the target system in the checkpoint

script-branch "Upload and run" {
    local $con = $system.serconsole.con

    local $a  = (start-agent-manager)
    local $h = ($a.connect-to-agent)
    $h.wait-for-job 
    $h.upload -executable $program "/home/simics/"
    $h.wait-for-job

    $con.input "./%s\n" % [$program]    
}