Skip to content

yhsung/chimera

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

130,263 Commits
.github/workflows
.github/workflows
 
 
.gitlab-ci.d
.gitlab-ci.d
 
 
.gitlab/issue_templates
.gitlab/issue_templates
 
 
accel
accel
 
 
audio
audio
 
 
authz
authz
 
 
backends
backends
 
 
block
block
 
 
bsd-user
bsd-user
 
 
chardev
chardev
 
 
common-user
common-user
 
 
configs
configs
 
 
contrib
contrib
 
 
crypto
crypto
 
 
disas
disas
 
 
docs
docs
 
 
dump
dump
 
 
ebpf
ebpf
 
 
fpu
fpu
 
 
fsdev
fsdev
 
 
gdbstub
gdbstub
 
 
host/include
host/include
 
 
hw
hw
 
 
include
include
 
 
io
io
 
 
libdecnumber
libdecnumber
 
 
linux-headers
linux-headers
 
 
linux-user
linux-user
 
 
migration
migration
 
 
monitor
monitor
 
 
nbd
nbd
 
 
net
net
 
 
pc-bios
pc-bios
 
 
plugins
plugins
 
 
po
po
 
 
python
python
 
 
pyvenv
pyvenv
 
 
qapi
qapi
 
 
qga
qga
 
 
qobject
qobject
 
 
qom
qom
 
 
replay
replay
 
 
roms
roms
 
 
rust
rust
 
 
scripts
scripts
 
 
scsi
scsi
 
 
semihosting
semihosting
 
 
stats
stats
 
 
storage-daemon
storage-daemon
 
 
stubs
stubs
 
 
subprojects
subprojects
 
 
system
system
 
 
target
target
 
 
tcg
tcg
 
 
tests
tests
 
 
tools
tools
 
 
trace
trace
 
 
ui
ui
 
 
util
util
 
 
.b4-config
.b4-config
 
 
.dir-locals.el
.dir-locals.el
 
 
.editorconfig
.editorconfig
 
 
.exrc
.exrc
 
 
.freertos-diag.sh
.freertos-diag.sh
 
 
.gdbinit
.gdbinit
 
 
.git-blame-ignore-revs
.git-blame-ignore-revs
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.gitmodules
.gitmodules
 
 
.gitpublish
.gitpublish
 
 
.harness-build-riscv.sh
.harness-build-riscv.sh
 
 
.harness-run.sh
.harness-run.sh
 
 
.mailmap
.mailmap
 
 
.patchew.yml
.patchew.yml
 
 
.readthedocs.yml
.readthedocs.yml
 
 
.rebuild-freertos.sh
.rebuild-freertos.sh
 
 
.travis.yml
.travis.yml
 
 
AGENTS.md
AGENTS.md
 
 
CLAUDE.md
CLAUDE.md
 
 
COPYING
COPYING
 
 
COPYING.LIB
COPYING.LIB
 
 
Kconfig
Kconfig
 
 
Kconfig.host
Kconfig.host
 
 
LICENSE
LICENSE
 
 
MAINTAINERS
MAINTAINERS
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
README.rst
README.rst
 
 
VERSION
VERSION
 
 
block.c
block.c
 
 
blockdev-nbd.c
blockdev-nbd.c
 
 
blockdev.c
blockdev.c
 
 
blockjob.c
blockjob.c
 
 
clippy.toml
clippy.toml
 
 
configure
configure
 
 
cpu-common.c
cpu-common.c
 
 
cpu-target.c
cpu-target.c
 
 
event-loop-base.c
event-loop-base.c
 
 
gitdm.config
gitdm.config
 
 

Repository files navigation

Chimera — QEMU Fork for Heterogeneous SoC

This repository is a fork of QEMU that adds a custom machine model and ivshmem device for the Chimera heterogeneous SoC demo, which is now maintained in its own repository:

chimera-2 — the heterogeneous SoC demo (Apache-2.0)

This repository (chimera) is consumed as chimera-2's qemu/ git submodule.

Chimera Fork Additions

All custom code lives in a small surface area on top of upstream QEMU:

File Purpose
hw/arm/chimera_r52_freertos_demo.c Custom chimera-r52-freertos-demo QEMU machine: one Cortex-R52 core, GICv2, pl011 UART, five ivshmem-flat devices (2 HELLO/ACK + 1 stats + 1 boot-log + 1 CAN)
include/hw/arm/chimera_r52_freertos_demo.h Machine state, memory map enum, IRQ numbers
hw/misc/ivshmem-flat.c ivshmem-flat sysbus device — memory-mapped ivshmem without PCI, connects to ivshmem-server via Unix socket
include/hw/misc/ivshmem-flat.h Device state and interface

The ivshmem-flat device is a sysbus alternative to the PCI ivshmem-doorbell; FreeRTOS uses it because bare-metal targets lack a PCI bus. Linux guests use the standard PCI ivshmem-doorbell.

CONFIG_CHIMERA_R52_FREERTOS_DEMO (hw/arm/Kconfig) selects CONFIG_IVSHMEM_FLAT_DEVICE (hw/misc/Kconfig) automatically. Both are default y when targeting arm-softmmu.

ivshmem Device Types

  • Linux guests use ivshmem-doorbell (PCI device, BAR2 = 64 MiB shared memory window)
  • FreeRTOS uses ivshmem-flat (custom sysbus device, memory-mapped at fixed addresses)

FreeRTOS DRAM Configuration

The chimera-r52-freertos-demo machine is configured with the following DRAM layout (hw/arm/chimera_r52_freertos_demo.c):

Property Value Source
mc->default_ram_size 128 * MiB (128 MiB) hw/arm/chimera_r52_freertos_demo.c:320
mc->default_ram_id "arm.chimera.r52.freertos.ram" hw/arm/chimera_r52_freertos_demo.c:319
RAM base address 0x80000000 hw/arm/chimera_r52_freertos_demo.c:29 (CHIMERA_FREERTOS_RAM memmap entry)
RAM region size (memmap) 0x08000000 (128 MiB) hw/arm/chimera_r52_freertos_demo.c:29

The RAM is added to the system memory map via memory_region_add_subregion() using the memmap's base (0x80000000) and machine->ram (sized by default_ram_size).

The custom QEMU machine (hw/arm/chimera_r52_freertos_demo.c) connects FreeRTOS to all five ivshmem servers simultaneously:

Link MMIO base SHMEM base Vectors Direction
ARM ↔ FreeRTOS 0x30000000 0x31000000 4 bidirectional (HELLO/ACK)
MIPS ↔ FreeRTOS 0x3A000000 0x3B000000 4 bidirectional (HELLO/ACK)
Stats FreeRTOS→ARM 0x3F000000 0x40000000 4 FreeRTOS write only (stats snapshot)
Boot-log (all guests → ARM) 0x44000000 0x45000000 1 All 4 guests → ARM collector
IVSHMEM5 CAN FreeRTOS→ARM 0x49000000 0x4A000000 (64 KiB) 4 FreeRTOS write only (decoded CAN frame)

Implementation Notes

Volatile byte helpers

All copies to/from ivshmem use explicit volatile byte loops instead of memcpy/struct assignment:

  • ARM-Linux: ARM printf/memcpy use NEON instructions, which SIGBUS on non-cacheable PCI BAR2 memory.
  • FreeRTOS: GCC -O2 loop-invariant code motion (LICM) hoists non-volatile struct reads out of the poll loop.

Memory barriers

__sync_synchronize() is placed around every flag write and read:

  • RISCV: emits fence iorw,iorw
  • AArch64: emits dmb ish

This ensures message body writes are globally visible before the flag is set, and that the flag read completes before the message body is read.

FreeRTOS Exception Handlers

contrib/heterogeneous-soc/freertos-showcase/startup.S (now in chimera-2) defines the ARM exception vector table. When adding new MMIO peripherals to the QEMU machine model, ensure addresses are always mapped in hw/arm/chimera_r52_freertos_demo.c OR verify the data-abort handler tolerates faults on those regions.

Naming: mipsel, not mips

The QEMU target for MIPS little-endian is mipsel-softmmu, producing qemu-system-mipsel. Build artifacts, binaries, and pkill patterns must use mipsel (not mips).

Licensing

This repository is a QEMU fork licensed under GPL-2.0-or-later. See the top-level LICENSE and COPYING.

For the full heterogeneous SoC demo — including FreeRTOS firmware, Linux guest daemons, and all build/launch/CI scripts — see chimera-2, which is licensed under Apache-2.0.

Design Rationale

Historical design documents and implementation plans for both the QEMU machine model and the heterogeneous SoC demo are preserved in docs/superpowers/.

Building QEMU

See the upstream QEMU build documentation.

To build with the Chimera machine model configured:

./configure --target-list=aarch64-softmmu,arm-softmmu,mipsel-softmmu --enable-debug
ninja qemu-system-aarch64 qemu-system-arm qemu-system-mipsel

About

Heterogeneous SoC demo: ARM, RISCV, and MIPS Linux guests exchange ivshmem messages with bare-metal RISCV FreeRTOS over three independent channels, running on a custom QEMU machine.

www.qemu.org

Topics

arm mips embedded-systems riscv freertos qemu lima ivshmem heterogeneous-soc

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • C 80.5%
  • C++ 11.2%
  • Python 4.2%
  • Shell 1.5%
  • Assembly 0.7%
  • Meson 0.6%
  • Other 1.3%