xref: /openbmc/qemu/system/qtest.c (revision 25e84c02e7aafbcb7a677569e9a4198e97cc38b8)
1 /*
2  * Test Server
3  *
4  * Copyright IBM, Corp. 2011
5  *
6  * Authors:
7  *  Anthony Liguori   <aliguori@us.ibm.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2 or later.
10  * See the COPYING file in the top-level directory.
11  *
12  */
13 
14 #include "qemu/osdep.h"
15 #include "qapi/error.h"
16 #include "system/qtest.h"
17 #include "system/runstate.h"
18 #include "chardev/char-fe.h"
19 #include "system/ioport.h"
20 #include "system/memory.h"
21 #include "exec/tswap.h"
22 #include "hw/qdev-core.h"
23 #include "hw/irq.h"
24 #include "hw/core/cpu.h"
25 #include "qemu/accel.h"
26 #include "system/cpu-timers.h"
27 #include "qemu/config-file.h"
28 #include "qemu/option.h"
29 #include "qemu/error-report.h"
30 #include "qemu/module.h"
31 #include "qemu/cutils.h"
32 #include "qemu/target-info.h"
33 #include "qom/object_interfaces.h"
34 
35 #define MAX_IRQ 256
36 
37 #define TYPE_QTEST "qtest"
38 
39 OBJECT_DECLARE_SIMPLE_TYPE(QTest, QTEST)
40 
41 struct QTest {
42     Object parent;
43 
44     bool has_machine_link;
45     char *chr_name;
46     Chardev *chr;
47     CharBackend qtest_chr;
48     char *log;
49 };
50 
51 bool qtest_allowed;
52 
53 static DeviceState *irq_intercept_dev;
54 static FILE *qtest_log_fp;
55 static QTest *qtest;
56 static GString *inbuf;
57 static int irq_levels[MAX_IRQ];
58 static GTimer *timer;
59 static bool qtest_opened;
60 static void (*qtest_server_send)(void*, const char*);
61 static void *qtest_server_send_opaque;
62 
63 #define FMT_timeval "%.06f"
64 
65 /**
66  * DOC: QTest Protocol
67  *
68  * Line based protocol, request/response based.  Server can send async messages
69  * so clients should always handle many async messages before the response
70  * comes in.
71  *
72  * Valid requests
73  * ^^^^^^^^^^^^^^
74  *
75  * Clock management:
76  * """""""""""""""""
77  *
78  * The qtest client is completely in charge of the QEMU_CLOCK_VIRTUAL.  qtest commands
79  * let you adjust the value of the clock (monotonically).  All the commands
80  * return the current value of the clock in nanoseconds.
81  *
82  * If the commands FAIL then time wasn't advanced which is likely
83  * because the machine was in a paused state or no timer events exist
84  * in the future. This will cause qtest to abort and the test will
85  * need to check its assumptions.
86  *
87  * .. code-block:: none
88  *
89  *  > clock_step
90  *  < OK VALUE
91  *
92  * Advance the clock to the next deadline.  Useful when waiting for
93  * asynchronous events.
94  *
95  * .. code-block:: none
96  *
97  *  > clock_step NS
98  *  < OK VALUE
99  *
100  * Advance the clock by NS nanoseconds.
101  *
102  * .. code-block:: none
103  *
104  *  > clock_set NS
105  *  < OK VALUE
106  *
107  * Advance the clock to NS nanoseconds (do nothing if it's already past).
108  *
109  * PIO and memory access:
110  * """"""""""""""""""""""
111  *
112  * .. code-block:: none
113  *
114  *  > outb ADDR VALUE
115  *  < OK
116  *
117  * .. code-block:: none
118  *
119  *  > outw ADDR VALUE
120  *  < OK
121  *
122  * .. code-block:: none
123  *
124  *  > outl ADDR VALUE
125  *  < OK
126  *
127  * .. code-block:: none
128  *
129  *  > inb ADDR
130  *  < OK VALUE
131  *
132  * .. code-block:: none
133  *
134  *  > inw ADDR
135  *  < OK VALUE
136  *
137  * .. code-block:: none
138  *
139  *  > inl ADDR
140  *  < OK VALUE
141  *
142  * .. code-block:: none
143  *
144  *  > writeb ADDR VALUE
145  *  < OK
146  *
147  * .. code-block:: none
148  *
149  *  > writew ADDR VALUE
150  *  < OK
151  *
152  * .. code-block:: none
153  *
154  *  > writel ADDR VALUE
155  *  < OK
156  *
157  * .. code-block:: none
158  *
159  *  > writeq ADDR VALUE
160  *  < OK
161  *
162  * .. code-block:: none
163  *
164  *  > readb ADDR
165  *  < OK VALUE
166  *
167  * .. code-block:: none
168  *
169  *  > readw ADDR
170  *  < OK VALUE
171  *
172  * .. code-block:: none
173  *
174  *  > readl ADDR
175  *  < OK VALUE
176  *
177  * .. code-block:: none
178  *
179  *  > readq ADDR
180  *  < OK VALUE
181  *
182  * .. code-block:: none
183  *
184  *  > read ADDR SIZE
185  *  < OK DATA
186  *
187  * .. code-block:: none
188  *
189  *  > write ADDR SIZE DATA
190  *  < OK
191  *
192  * .. code-block:: none
193  *
194  *  > b64read ADDR SIZE
195  *  < OK B64_DATA
196  *
197  * .. code-block:: none
198  *
199  *  > b64write ADDR SIZE B64_DATA
200  *  < OK
201  *
202  * .. code-block:: none
203  *
204  *  > memset ADDR SIZE VALUE
205  *  < OK
206  *
207  * ADDR, SIZE, VALUE are all integers parsed with strtoul() with a base of 0.
208  * For 'memset' a zero size is permitted and does nothing.
209  *
210  * DATA is an arbitrarily long hex number prefixed with '0x'.  If it's smaller
211  * than the expected size, the value will be zero filled at the end of the data
212  * sequence.
213  *
214  * B64_DATA is an arbitrarily long base64 encoded string.
215  * If the sizes do not match, the data will be truncated.
216  *
217  * IRQ management:
218  * """""""""""""""
219  *
220  * .. code-block:: none
221  *
222  *  > irq_intercept_in QOM-PATH
223  *  < OK
224  *
225  * .. code-block:: none
226  *
227  *  > irq_intercept_out QOM-PATH
228  *  < OK
229  *
230  * Attach to the gpio-in (resp. gpio-out) pins exported by the device at
231  * QOM-PATH.  When the pin is triggered, one of the following async messages
232  * will be printed to the qtest stream::
233  *
234  *  IRQ raise NUM
235  *  IRQ lower NUM
236  *
237  * where NUM is an IRQ number.  For the PC, interrupts can be intercepted
238  * simply with "irq_intercept_in ioapic" (note that IRQ0 comes out with
239  * NUM=0 even though it is remapped to GSI 2).
240  *
241  * Setting interrupt level:
242  * """"""""""""""""""""""""
243  *
244  * .. code-block:: none
245  *
246  *  > set_irq_in QOM-PATH NAME NUM LEVEL
247  *  < OK
248  *
249  * where NAME is the name of the irq/gpio list, NUM is an IRQ number and
250  * LEVEL is an signed integer IRQ level.
251  *
252  * Forcibly set the given interrupt pin to the given level.
253  *
254  */
255 
256 static int hex2nib(char ch)
257 {
258     if (ch >= '0' && ch <= '9') {
259         return ch - '0';
260     } else if (ch >= 'a' && ch <= 'f') {
261         return 10 + (ch - 'a');
262     } else if (ch >= 'A' && ch <= 'F') {
263         return 10 + (ch - 'A');
264     } else {
265         return -1;
266     }
267 }
268 
269 static void qtest_log_timestamp(void)
270 {
271     if (!qtest_log_fp || !qtest_opened) {
272         return;
273     }
274 
275     fprintf(qtest_log_fp, "[S +" FMT_timeval "] ", g_timer_elapsed(timer, NULL));
276 }
277 
278 static void G_GNUC_PRINTF(1, 2) qtest_log_send(const char *fmt, ...)
279 {
280     va_list ap;
281 
282     if (!qtest_log_fp || !qtest_opened) {
283         return;
284     }
285 
286     qtest_log_timestamp();
287 
288     va_start(ap, fmt);
289     vfprintf(qtest_log_fp, fmt, ap);
290     va_end(ap);
291 }
292 
293 static void qtest_server_char_be_send(void *opaque, const char *str)
294 {
295     size_t len = strlen(str);
296     CharBackend* chr = (CharBackend *)opaque;
297     qemu_chr_fe_write_all(chr, (uint8_t *)str, len);
298     if (qtest_log_fp && qtest_opened) {
299         fprintf(qtest_log_fp, "%s", str);
300     }
301 }
302 
303 static void qtest_send(CharBackend *chr, const char *str)
304 {
305     qtest_log_timestamp();
306     qtest_server_send(qtest_server_send_opaque, str);
307 }
308 
309 void qtest_sendf(CharBackend *chr, const char *fmt, ...)
310 {
311     va_list ap;
312     gchar *buffer;
313 
314     va_start(ap, fmt);
315     buffer = g_strdup_vprintf(fmt, ap);
316     qtest_send(chr, buffer);
317     g_free(buffer);
318     va_end(ap);
319 }
320 
321 static void qtest_irq_handler(void *opaque, int n, int level)
322 {
323     qemu_irq old_irq = *(qemu_irq *)opaque;
324     qemu_set_irq(old_irq, level);
325 
326     if (irq_levels[n] != level) {
327         CharBackend *chr = &qtest->qtest_chr;
328         irq_levels[n] = level;
329         qtest_sendf(chr, "IRQ %s %d\n",
330                     level ? "raise" : "lower", n);
331     }
332 }
333 
334 static bool (*process_command_cb)(CharBackend *chr, gchar **words);
335 
336 void qtest_set_command_cb(bool (*pc_cb)(CharBackend *chr, gchar **words))
337 {
338     assert(!process_command_cb);  /* Switch to a list if we need more than one */
339 
340     process_command_cb = pc_cb;
341 }
342 
343 static void qtest_install_gpio_out_intercept(DeviceState *dev, const char *name, int n)
344 {
345     qemu_irq *disconnected = g_new0(qemu_irq, 1);
346     qemu_irq icpt = qemu_allocate_irq(qtest_irq_handler,
347                                       disconnected, n);
348 
349     *disconnected = qdev_intercept_gpio_out(dev, icpt, name, n);
350 }
351 
352 static void qtest_process_command(CharBackend *chr, gchar **words)
353 {
354     const gchar *command;
355 
356     g_assert(words);
357 
358     command = words[0];
359 
360     if (qtest_log_fp) {
361         int i;
362 
363         fprintf(qtest_log_fp, "[R +" FMT_timeval "]", g_timer_elapsed(timer, NULL));
364         for (i = 0; words[i]; i++) {
365             fprintf(qtest_log_fp, " %s", words[i]);
366         }
367         fprintf(qtest_log_fp, "\n");
368     }
369 
370     g_assert(command);
371     if (strcmp(words[0], "irq_intercept_out") == 0
372         || strcmp(words[0], "irq_intercept_in") == 0) {
373         DeviceState *dev;
374         NamedGPIOList *ngl;
375         bool is_named;
376         bool is_outbound;
377         bool interception_succeeded = false;
378 
379         g_assert(words[1]);
380         is_named = words[2] != NULL;
381         is_outbound = words[0][14] == 'o';
382         dev = DEVICE(object_resolve_path(words[1], NULL));
383         if (!dev) {
384             qtest_send(chr, "FAIL Unknown device\n");
385             return;
386         }
387 
388         if (is_named && !is_outbound) {
389             qtest_send(chr, "FAIL Interception of named in-GPIOs not yet supported\n");
390             return;
391         }
392 
393         if (irq_intercept_dev) {
394             if (irq_intercept_dev != dev) {
395                 qtest_send(chr, "FAIL IRQ intercept already enabled\n");
396             } else {
397                 qtest_send(chr, "OK\n");
398             }
399             return;
400         }
401 
402         QLIST_FOREACH(ngl, &dev->gpios, node) {
403             /* We don't support inbound interception of named GPIOs yet */
404             if (is_outbound) {
405                 /* NULL is valid and matchable, for "unnamed GPIO" */
406                 if (g_strcmp0(ngl->name, words[2]) == 0) {
407                     int i;
408                     for (i = 0; i < ngl->num_out; ++i) {
409                         qtest_install_gpio_out_intercept(dev, ngl->name, i);
410                     }
411                     interception_succeeded = true;
412                 }
413             } else {
414                 qemu_irq_intercept_in(ngl->in, qtest_irq_handler,
415                                       ngl->num_in);
416                 interception_succeeded = true;
417             }
418         }
419 
420         if (interception_succeeded) {
421             irq_intercept_dev = dev;
422             qtest_send(chr, "OK\n");
423         } else {
424             qtest_send(chr, "FAIL No intercepts installed\n");
425         }
426     } else if (strcmp(words[0], "set_irq_in") == 0) {
427         DeviceState *dev;
428         qemu_irq irq;
429         char *name;
430         int ret;
431         int num;
432         int level;
433 
434         g_assert(words[1] && words[2] && words[3] && words[4]);
435 
436         dev = DEVICE(object_resolve_path(words[1], NULL));
437         if (!dev) {
438             qtest_send(chr, "FAIL Unknown device\n");
439             return;
440         }
441 
442         if (strcmp(words[2], "unnamed-gpio-in") == 0) {
443             name = NULL;
444         } else {
445             name = words[2];
446         }
447 
448         ret = qemu_strtoi(words[3], NULL, 0, &num);
449         g_assert(!ret);
450         ret = qemu_strtoi(words[4], NULL, 0, &level);
451         g_assert(!ret);
452 
453         irq = qdev_get_gpio_in_named(dev, name, num);
454 
455         qemu_set_irq(irq, level);
456         qtest_send(chr, "OK\n");
457     } else if (strcmp(words[0], "outb") == 0 ||
458                strcmp(words[0], "outw") == 0 ||
459                strcmp(words[0], "outl") == 0) {
460         unsigned long addr;
461         unsigned long value;
462         int ret;
463 
464         g_assert(words[1] && words[2]);
465         ret = qemu_strtoul(words[1], NULL, 0, &addr);
466         g_assert(ret == 0);
467         ret = qemu_strtoul(words[2], NULL, 0, &value);
468         g_assert(ret == 0);
469         g_assert(addr <= 0xffff);
470 
471         if (words[0][3] == 'b') {
472             cpu_outb(addr, value);
473         } else if (words[0][3] == 'w') {
474             cpu_outw(addr, value);
475         } else if (words[0][3] == 'l') {
476             cpu_outl(addr, value);
477         }
478         qtest_send(chr, "OK\n");
479     } else if (strcmp(words[0], "inb") == 0 ||
480         strcmp(words[0], "inw") == 0 ||
481         strcmp(words[0], "inl") == 0) {
482         unsigned long addr;
483         uint32_t value = -1U;
484         int ret;
485 
486         g_assert(words[1]);
487         ret = qemu_strtoul(words[1], NULL, 0, &addr);
488         g_assert(ret == 0);
489         g_assert(addr <= 0xffff);
490 
491         if (words[0][2] == 'b') {
492             value = cpu_inb(addr);
493         } else if (words[0][2] == 'w') {
494             value = cpu_inw(addr);
495         } else if (words[0][2] == 'l') {
496             value = cpu_inl(addr);
497         }
498         qtest_sendf(chr, "OK 0x%04x\n", value);
499     } else if (strcmp(words[0], "writeb") == 0 ||
500                strcmp(words[0], "writew") == 0 ||
501                strcmp(words[0], "writel") == 0 ||
502                strcmp(words[0], "writeq") == 0) {
503         uint64_t addr;
504         uint64_t value;
505         int ret;
506 
507         g_assert(words[1] && words[2]);
508         ret = qemu_strtou64(words[1], NULL, 0, &addr);
509         g_assert(ret == 0);
510         ret = qemu_strtou64(words[2], NULL, 0, &value);
511         g_assert(ret == 0);
512 
513         if (words[0][5] == 'b') {
514             uint8_t data = value;
515             address_space_write(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED,
516                                 &data, 1);
517         } else if (words[0][5] == 'w') {
518             uint16_t data = value;
519             tswap16s(&data);
520             address_space_write(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED,
521                                 &data, 2);
522         } else if (words[0][5] == 'l') {
523             uint32_t data = value;
524             tswap32s(&data);
525             address_space_write(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED,
526                                 &data, 4);
527         } else if (words[0][5] == 'q') {
528             uint64_t data = value;
529             tswap64s(&data);
530             address_space_write(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED,
531                                 &data, 8);
532         }
533         qtest_send(chr, "OK\n");
534     } else if (strcmp(words[0], "readb") == 0 ||
535                strcmp(words[0], "readw") == 0 ||
536                strcmp(words[0], "readl") == 0 ||
537                strcmp(words[0], "readq") == 0) {
538         uint64_t addr;
539         uint64_t value = UINT64_C(-1);
540         int ret;
541 
542         g_assert(words[1]);
543         ret = qemu_strtou64(words[1], NULL, 0, &addr);
544         g_assert(ret == 0);
545 
546         if (words[0][4] == 'b') {
547             uint8_t data;
548             address_space_read(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED,
549                                &data, 1);
550             value = data;
551         } else if (words[0][4] == 'w') {
552             uint16_t data;
553             address_space_read(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED,
554                                &data, 2);
555             value = tswap16(data);
556         } else if (words[0][4] == 'l') {
557             uint32_t data;
558             address_space_read(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED,
559                                &data, 4);
560             value = tswap32(data);
561         } else if (words[0][4] == 'q') {
562             address_space_read(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED,
563                                &value, 8);
564             tswap64s(&value);
565         }
566         qtest_sendf(chr, "OK 0x%016" PRIx64 "\n", value);
567     } else if (strcmp(words[0], "read") == 0) {
568         g_autoptr(GString) enc = NULL;
569         uint64_t addr, len;
570         uint8_t *data;
571         int ret;
572 
573         g_assert(words[1] && words[2]);
574         ret = qemu_strtou64(words[1], NULL, 0, &addr);
575         g_assert(ret == 0);
576         ret = qemu_strtou64(words[2], NULL, 0, &len);
577         g_assert(ret == 0);
578         /* We'd send garbage to libqtest if len is 0 */
579         g_assert(len);
580 
581         data = g_malloc(len);
582         address_space_read(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED, data,
583                            len);
584 
585         enc = qemu_hexdump_line(NULL, data, len, 0, 0);
586 
587         qtest_sendf(chr, "OK 0x%s\n", enc->str);
588 
589         g_free(data);
590     } else if (strcmp(words[0], "b64read") == 0) {
591         uint64_t addr, len;
592         uint8_t *data;
593         gchar *b64_data;
594         int ret;
595 
596         g_assert(words[1] && words[2]);
597         ret = qemu_strtou64(words[1], NULL, 0, &addr);
598         g_assert(ret == 0);
599         ret = qemu_strtou64(words[2], NULL, 0, &len);
600         g_assert(ret == 0);
601 
602         data = g_malloc(len);
603         address_space_read(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED, data,
604                            len);
605         b64_data = g_base64_encode(data, len);
606         qtest_sendf(chr, "OK %s\n", b64_data);
607 
608         g_free(data);
609         g_free(b64_data);
610     } else if (strcmp(words[0], "write") == 0) {
611         uint64_t addr, len, i;
612         uint8_t *data;
613         size_t data_len;
614         int ret;
615 
616         g_assert(words[1] && words[2] && words[3]);
617         ret = qemu_strtou64(words[1], NULL, 0, &addr);
618         g_assert(ret == 0);
619         ret = qemu_strtou64(words[2], NULL, 0, &len);
620         g_assert(ret == 0);
621 
622         data_len = strlen(words[3]);
623         if (data_len < 3) {
624             qtest_send(chr, "ERR invalid argument size\n");
625             return;
626         }
627 
628         data = g_malloc(len);
629         for (i = 0; i < len; i++) {
630             if ((i * 2 + 4) <= data_len) {
631                 data[i] = hex2nib(words[3][i * 2 + 2]) << 4;
632                 data[i] |= hex2nib(words[3][i * 2 + 3]);
633             } else {
634                 data[i] = 0;
635             }
636         }
637         address_space_write(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED, data,
638                             len);
639         g_free(data);
640 
641         qtest_send(chr, "OK\n");
642     } else if (strcmp(words[0], "memset") == 0) {
643         uint64_t addr, len;
644         uint8_t *data;
645         unsigned long pattern;
646         int ret;
647 
648         g_assert(words[1] && words[2] && words[3]);
649         ret = qemu_strtou64(words[1], NULL, 0, &addr);
650         g_assert(ret == 0);
651         ret = qemu_strtou64(words[2], NULL, 0, &len);
652         g_assert(ret == 0);
653         ret = qemu_strtoul(words[3], NULL, 0, &pattern);
654         g_assert(ret == 0);
655 
656         if (len) {
657             data = g_malloc(len);
658             memset(data, pattern, len);
659             address_space_write(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED,
660                                 data, len);
661             g_free(data);
662         }
663 
664         qtest_send(chr, "OK\n");
665     }  else if (strcmp(words[0], "b64write") == 0) {
666         uint64_t addr, len;
667         uint8_t *data;
668         size_t data_len;
669         gsize out_len;
670         int ret;
671 
672         g_assert(words[1] && words[2] && words[3]);
673         ret = qemu_strtou64(words[1], NULL, 0, &addr);
674         g_assert(ret == 0);
675         ret = qemu_strtou64(words[2], NULL, 0, &len);
676         g_assert(ret == 0);
677 
678         data_len = strlen(words[3]);
679         if (data_len < 3) {
680             qtest_send(chr, "ERR invalid argument size\n");
681             return;
682         }
683 
684         data = g_base64_decode_inplace(words[3], &out_len);
685         if (out_len != len) {
686             qtest_log_send("b64write: data length mismatch (told %"PRIu64", "
687                            "found %zu)\n",
688                            len, out_len);
689             out_len = MIN(out_len, len);
690         }
691 
692         address_space_write(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED, data,
693                             len);
694 
695         qtest_send(chr, "OK\n");
696     } else if (strcmp(words[0], "endianness") == 0) {
697         if (target_big_endian()) {
698             qtest_sendf(chr, "OK big\n");
699         } else {
700             qtest_sendf(chr, "OK little\n");
701         }
702     } else if (qtest_enabled() && strcmp(words[0], "clock_step") == 0) {
703         int64_t old_ns = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
704         int64_t ns, new_ns;
705 
706         if (words[1]) {
707             int ret = qemu_strtoi64(words[1], NULL, 0, &ns);
708             g_assert(ret == 0);
709         } else {
710             ns = qemu_clock_deadline_ns_all(QEMU_CLOCK_VIRTUAL,
711                                             QEMU_TIMER_ATTR_ALL);
712             if (ns < 0) {
713                 qtest_send(chr, "FAIL "
714                            "cannot advance clock to the next deadline "
715                            "because there is no pending deadline\n");
716                 return;
717             }
718         }
719         new_ns = qemu_clock_advance_virtual_time(old_ns + ns);
720         if (new_ns > old_ns) {
721             qtest_sendf(chr, "OK %"PRIi64"\n", new_ns);
722         } else {
723             qtest_sendf(chr, "FAIL could not advance time\n");
724         }
725     } else if (strcmp(words[0], "module_load") == 0) {
726         Error *local_err = NULL;
727         int rv;
728         g_assert(words[1] && words[2]);
729 
730         rv = module_load(words[1], words[2], &local_err);
731         if (rv > 0) {
732             qtest_sendf(chr, "OK\n");
733         } else {
734             if (rv < 0) {
735                 error_report_err(local_err);
736             }
737             qtest_sendf(chr, "FAIL\n");
738         }
739     } else if (qtest_enabled() && strcmp(words[0], "clock_set") == 0) {
740         int64_t ns, new_ns;
741         int ret;
742 
743         g_assert(words[1]);
744         ret = qemu_strtoi64(words[1], NULL, 0, &ns);
745         g_assert(ret == 0);
746         new_ns = qemu_clock_advance_virtual_time(ns);
747         qtest_sendf(chr, "%s %"PRIi64"\n",
748                     new_ns == ns ? "OK" : "FAIL", new_ns);
749     } else if (process_command_cb && process_command_cb(chr, words)) {
750         /* Command got consumed by the callback handler */
751     } else {
752         qtest_sendf(chr, "FAIL Unknown command '%s'\n", words[0]);
753     }
754 }
755 
756 /*
757  * Process as much of @inbuf as we can in newline terminated chunks.
758  * Remove the processed commands from @inbuf as we go.
759  */
760 static void qtest_process_inbuf(CharBackend *chr, GString *inbuf)
761 {
762     char *end;
763 
764     while ((end = strchr(inbuf->str, '\n')) != NULL) {
765         size_t len = end - inbuf->str;
766         g_autofree char *cmd = g_strndup(inbuf->str, len);
767         g_auto(GStrv) words = g_strsplit(cmd, " ", 0);
768 
769         g_string_erase(inbuf, 0, len + 1);
770         qtest_process_command(chr, words);
771     }
772 }
773 
774 static void qtest_read(void *opaque, const uint8_t *buf, int size)
775 {
776     CharBackend *chr = opaque;
777 
778     g_string_append_len(inbuf, (const gchar *)buf, size);
779     qtest_process_inbuf(chr, inbuf);
780 }
781 
782 static int qtest_can_read(void *opaque)
783 {
784     return 1024;
785 }
786 
787 static void qtest_event(void *opaque, QEMUChrEvent event)
788 {
789     int i;
790 
791     switch (event) {
792     case CHR_EVENT_OPENED:
793         /*
794          * We used to call qemu_system_reset() here, hoping we could
795          * use the same process for multiple tests that way.  Never
796          * used.  Injects an extra reset even when it's not used, and
797          * that can mess up tests, e.g. -boot once.
798          */
799         for (i = 0; i < ARRAY_SIZE(irq_levels); i++) {
800             irq_levels[i] = 0;
801         }
802 
803         g_clear_pointer(&timer, g_timer_destroy);
804         timer = g_timer_new();
805         qtest_opened = true;
806         if (qtest_log_fp) {
807             fprintf(qtest_log_fp, "[I " FMT_timeval "] OPENED\n", g_timer_elapsed(timer, NULL));
808         }
809         break;
810     case CHR_EVENT_CLOSED:
811         qtest_opened = false;
812         if (qtest_log_fp) {
813             fprintf(qtest_log_fp, "[I +" FMT_timeval "] CLOSED\n", g_timer_elapsed(timer, NULL));
814         }
815         g_clear_pointer(&timer, g_timer_destroy);
816         break;
817     default:
818         break;
819     }
820 }
821 
822 void qtest_server_init(const char *qtest_chrdev, const char *qtest_log, Error **errp)
823 {
824     ERRP_GUARD();
825     Chardev *chr;
826     Object *qobj;
827 
828     chr = qemu_chr_new("qtest", qtest_chrdev, NULL);
829     if (chr == NULL) {
830         error_setg(errp, "Failed to initialize device for qtest: \"%s\"",
831                    qtest_chrdev);
832         return;
833     }
834 
835     qobj = object_new(TYPE_QTEST);
836     object_property_set_str(qobj, "chardev", chr->label, &error_abort);
837     if (qtest_log) {
838         object_property_set_str(qobj, "log", qtest_log, &error_abort);
839     }
840     object_property_add_child(qdev_get_machine(), "qtest", qobj);
841     user_creatable_complete(USER_CREATABLE(qobj), errp);
842     if (*errp) {
843         object_unparent(qobj);
844     }
845     object_unref(OBJECT(chr));
846     object_unref(qobj);
847 }
848 
849 static bool qtest_server_start(QTest *q, Error **errp)
850 {
851     Chardev *chr = q->chr;
852     const char *qtest_log = q->log;
853 
854     if (qtest_log) {
855         if (strcmp(qtest_log, "none") != 0) {
856             qtest_log_fp = fopen(qtest_log, "w+");
857         }
858     } else {
859         qtest_log_fp = stderr;
860     }
861 
862     if (!qemu_chr_fe_init(&q->qtest_chr, chr, errp)) {
863         return false;
864     }
865     qemu_chr_fe_set_handlers(&q->qtest_chr, qtest_can_read, qtest_read,
866                              qtest_event, NULL, &q->qtest_chr, NULL, true);
867     qemu_chr_fe_set_echo(&q->qtest_chr, true);
868 
869     inbuf = g_string_new("");
870 
871     if (!qtest_server_send) {
872         qtest_server_set_send_handler(qtest_server_char_be_send, &q->qtest_chr);
873     }
874     qtest = q;
875     return true;
876 }
877 
878 void qtest_server_set_send_handler(void (*send)(void*, const char*),
879                                    void *opaque)
880 {
881     qtest_server_send = send;
882     qtest_server_send_opaque = opaque;
883 }
884 
885 bool qtest_driver(void)
886 {
887     return qtest && qtest->qtest_chr.chr != NULL;
888 }
889 
890 void qtest_server_inproc_recv(void *dummy, const char *buf)
891 {
892     static GString *gstr;
893     if (!gstr) {
894         gstr = g_string_new(NULL);
895     }
896     g_string_append(gstr, buf);
897     if (gstr->str[gstr->len - 1] == '\n') {
898         qtest_process_inbuf(NULL, gstr);
899         g_string_truncate(gstr, 0);
900     }
901 }
902 
903 static void qtest_complete(UserCreatable *uc, Error **errp)
904 {
905     QTest *q = QTEST(uc);
906     if (qtest) {
907         error_setg(errp, "Only one instance of qtest can be created");
908         return;
909     }
910     if (!q->chr_name) {
911         error_setg(errp, "No backend specified");
912         return;
913     }
914 
915     if (OBJECT(uc)->parent != qdev_get_machine()) {
916         q->has_machine_link = true;
917         object_property_add_const_link(qdev_get_machine(), "qtest", OBJECT(uc));
918     } else {
919         /* -qtest was used.  */
920     }
921 
922     qtest_server_start(q, errp);
923 }
924 
925 static void qtest_unparent(Object *obj)
926 {
927     QTest *q = QTEST(obj);
928 
929     if (qtest == q) {
930         qemu_chr_fe_disconnect(&q->qtest_chr);
931         assert(!qtest_opened);
932         qemu_chr_fe_deinit(&q->qtest_chr, false);
933         if (qtest_log_fp) {
934             fclose(qtest_log_fp);
935             qtest_log_fp = NULL;
936         }
937         qtest = NULL;
938     }
939 
940     if (q->has_machine_link) {
941         object_property_del(qdev_get_machine(), "qtest");
942         q->has_machine_link = false;
943     }
944 }
945 
946 static void qtest_set_log(Object *obj, const char *value, Error **errp)
947 {
948     QTest *q = QTEST(obj);
949 
950     if (qtest == q) {
951         error_setg(errp, "Property 'log' can not be set now");
952     } else {
953         g_free(q->log);
954         q->log = g_strdup(value);
955     }
956 }
957 
958 static char *qtest_get_log(Object *obj, Error **errp)
959 {
960     QTest *q = QTEST(obj);
961 
962     return g_strdup(q->log);
963 }
964 
965 static void qtest_set_chardev(Object *obj, const char *value, Error **errp)
966 {
967     QTest *q = QTEST(obj);
968     Chardev *chr;
969 
970     if (qtest == q) {
971         error_setg(errp, "Property 'chardev' can not be set now");
972         return;
973     }
974 
975     chr = qemu_chr_find(value);
976     if (!chr) {
977         error_setg(errp, "Cannot find character device '%s'", value);
978         return;
979     }
980 
981     g_free(q->chr_name);
982     q->chr_name = g_strdup(value);
983 
984     if (q->chr) {
985         object_unref(q->chr);
986     }
987     q->chr = chr;
988     object_ref(chr);
989 }
990 
991 static char *qtest_get_chardev(Object *obj, Error **errp)
992 {
993     QTest *q = QTEST(obj);
994 
995     return g_strdup(q->chr_name);
996 }
997 
998 static void qtest_class_init(ObjectClass *oc, const void *data)
999 {
1000     UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
1001 
1002     oc->unparent = qtest_unparent;
1003     ucc->complete = qtest_complete;
1004 
1005     object_class_property_add_str(oc, "chardev",
1006                                   qtest_get_chardev, qtest_set_chardev);
1007     object_class_property_add_str(oc, "log",
1008                                   qtest_get_log, qtest_set_log);
1009 }
1010 
1011 static const TypeInfo qtest_info = {
1012     .name = TYPE_QTEST,
1013     .parent = TYPE_OBJECT,
1014     .class_init = qtest_class_init,
1015     .instance_size = sizeof(QTest),
1016     .interfaces = (const InterfaceInfo[]) {
1017         { TYPE_USER_CREATABLE },
1018         { }
1019     }
1020 };
1021 
1022 static void register_types(void)
1023 {
1024     type_register_static(&qtest_info);
1025 }
1026 
1027 type_init(register_types);
1028