Study on Android Emulator

STUDY ON ANDROID EMULATORSamael Wang

PURPOSE

To understand important details of emulator.

To get familiar with recent upstream changes and possibly ongoing plans.

To evaluate upstream contribution process (for potential back porting).

For fun, of course.

BUILD & RUN

GET THE EMULATOR SOURCE$ mkdir emu-master-dev && cd emu-master-dev$ repo init -u https://android.googlesource.com/platform/manifest -b emu-master-dev$ repo sync

emu-master-dev (~12GB) master (~36GB)externalframeworksprebuiltssdktools

abiartbionicbootablebuildctsdalvikdevelopersdevelopment

devicedocsexternalframeworkshardwarelibcorelibnativehelperMakefilendk

packagespdkprebuiltssdksystemtoolchaintools

BUILD THE EMULATOR

classic - Use QEMU 0.10.5 since ~2009 - Android Cupcake ~ Lollipop - Goldfish virtual platform - @external/qemu

qemu2 - Use QEMU 2.2.0 since ~2015 - Android M ~ - Ranchu virtual platform - @external/qemu-android

The classic and qemu2 emulator

$ cd external/qemu$ ./android-rebuild.sh --build-qemu-android

Build both

the output is under objs directory

BUILD EMULATOR WITH QT Android Emulator is moving to Qt.

In development. Unstable.

Providing Tool Window.

Default option remains SDL2.

$ cd external/qemu$ ./android/scripts/download-sources.sh$ ./android/scripts/build-qt.sh$ ./android/scripts/build-libxml2.sh$ ./android-rebuild.sh --ui=qt

APPARENTLY

android emulator should have a floating toolbox ?

Xamarin Android Player (VirtualBox) Visual Studio Emulator for Android (Hyper V)

EMULATOR BINARIES

- emulator: front-end used to find proper emulation engine and setup environment variables (mainly LD_LIBRARY_PATH).

- green nodes: classic emulation engines. - blue nodes: qemu2 emulation engines. - orange nodes: GLES / EGL emulation libraries.

3 WAYS TO LAUNCH EMULATOR

Setup an Android Virtual Device, or

Setup corresponding environment variables (in build-root), or

Skip front-end and pass all arguments manually to emulation engine.

ANDROID VIRTUAL DEVICE$ cat emulator-x86-l.avd/config.ini avd.ini.encoding=UTF-8abi.type=x86disk.dataPartition.size=200Mhw.accelerometer=yeshw.audioInput=yeshw.battery=yeshw.camera.back=nonehw.camera.front=nonehw.cpu.arch=x86hw.dPad=nohw.device.hash2=MD5:37a2ff6e511626ba3ceddec8264474behw.device.manufacturer=Googlehw.device.name=Nexus Shw.gps=yes

SETUP ENVIRONMENT VARIABLES$ export ANDROID_BUILD_TOP=$PWD$ export ANDROID_PRODUCT_OUT=$PWD/out/target/product/generic_x86$ ./out/host/darwin-x86/bin/emulator -gpu on

- Load kernel from ${ANDROID_BUILD_TOP}/prebuilts/qemu-kernel/

- Load skin from ${ANDROID_BUILD_TOP}/development/tools/emulator/skins/

- Load the images from ${ANDROID_PRODUCT_OUT}system.img (or system-qemu.img)userdata.imgramdisk.imgcache.img (optional)sdcard.img (optional)

PASS EVERYTHING MANUALLY

/Volumes/Development/b2g/emulator-x86-kk/out/host/darwin-x86/bin/emulator-x86 -kernel /Volumes/Development/b2g/emulator-x86-kk/prebuilts/qemu-kernel/x86/kernel-qemu -sysdir /Volumes/Development/b2g/emulator-x86-kk/out/target/product/generic_x86/ -data /Volumes/Development/b2g/emulator-x86-kk/out/target/product/generic_x86/userdata.img -sdcard /Volumes/Development/b2g/emulator-x86-kk/out/target/product/generic_x86/sdcard.img -memory 512 -partition-size 512 -skindir /Volumes/Development/b2g/emulator-x86-kk/development/tools/emulator/skins -skin HVGA -verbose -gpu on -camera-back webcam0

WRITABLE SYSTEM IMAGE

system.img and userdata.img are read-only initial images.

usedata-qemu.img is generated automatically on first launch.

Temporarily writable system image is generated on each launch under /tmp.

To make system image writable by default, move system.img to system-qemu.img.

See emulator -help-disk-images for more information

$ ls -lh /tmp/android-freesamael/-rw------- 1 freesamael wheel 750M Sep 15 17:46 emulator-w1MQmT

EMULATOR INITIALIZATION

MAIN FUNCTIONS (1/2)

android/ main-emulator.c:main

android/ main.c:main vl-android.c:main

MAIN FUNCTIONS (2/2)

Emulator Front-end

Emulation Engine

android/main-emulator.c:main - setups environment variables - finds correct emulation engine(32/64, arm/x86/)

android/main.c:main - setups UI skin window (SDL2/Qt) - generates final hardware config hardware-qemu.ini

vl-android.c:main (qemu_main) - init machine / virtual hardware - init emulator adb / console - start main loop

MAIN LOOP

The core of QEMU is event driven - by using an event loop.

Waits for file descriptors (files, sockets, pipes,) to become readable or writable.

Polls charpipe (android-specific).

Runs expired timers.

Runs bottom-halves (BHs) scheduled by above handlers.

SKIN & UI HANDLING

SKIN (1/2)

emulator-window (SDL2/Qt)

window (abstraction)

events texture / bitmap

SkinSurface

SkinSurface

rendered texture / bitmap

skin_window_redraw

SKIN (2/2)parts { device { display { width 320 height 480 x 0 y 0 } }

basic_controls { background { image basic.png width 159 height 55 }

buttons { volume-down { image button.png x 1 y 9 } } } }

struct SkinSurface { int refcount; int w; int h; SDL_Surface* surface; SDL_Texture* texture;};

struct SkinSurface { int refcount; int id; QImage *bitmap; int w, h, original_w, original_h; EmulatorQtWindow *window;};

Layout Snippet

SDL2 SkinSurface

Qt SkinSurface

SKIN UI REFRESH

Emulator skin refreshes at 60Hz by registered a timer to the main loop.

gui_update() / nographic_update()

Processes input events or passes them to the emulated system (multiple events might be passed at the same time).

Refresh the emulated framebuffer, if OpenGL emulation is not in use.

THE GOLDFISH VIRTUAL PLATFORM

GOLDFISH DEVICE REGISTRATIONint goldfish_device_add(struct goldfish_device *dev, CPUReadMemoryFunc **mem_read, CPUWriteMemoryFunc **mem_write, void *opaque);

- Platform devices - MMIO


struct goldfish_device { struct goldfish_device *next; struct goldfish_device *prev; uint32_t reported_state; void *cookie; const char *name; uint32_t id; uint32_t base; // filled in by goldfish_device_add if 0 uint32_t size; uint32_t irq; // filled in by goldfish_device_add if 0 uint32_t irq_count;};

int goldfish_device_add(struct goldfish_device *dev, CPUReadMemoryFunc **mem_read, CPUWriteMemoryFunc **mem_write, void *opaque);



typedef uint32_t CPUReadMemoryFunc(void *opaque, hwaddr addr);static CPUReadMemoryFunc *goldfish_bus_readfn[] = { goldfish_bus_read, // byte goldfish_bus_read, // word goldfish_bus_read // dword};




typedef void CPUWriteMemoryFunc(void *opaque, hwaddr addr, uint32_t value);static CPUWriteMemoryFunc *goldfish_bus_writefn[] = { goldfish_bus_write, // byte goldfish_bus_write, // word goldfish_bus_write // dword};



Goldfish Platform Bus

DESIGN

Discoverability: which memory address and interrupt a device uses?

Platform bus: a special platform device to enumerate other devices.

Goldfish platform bus design

MMIO address region 0xff001000 to 0xff801000.

0xff001000 - 0xff001fff are reserved by goldfish_device_bus as a set of 32bit I/O registers for bus operations.

The bus itself uses IRQ 1 on ARM, IRQ 4 on x86.

I/O REGISTERSDevice properties: Name: goldfish_device_bus Id: -1 IrqCount: 1

32-bit I/O registers (offset, name, abstract)

0x00 BUS_OP R: Iterate to next device in enumeration. W: Start device enumeration.

0x04 GET_NAME W: Copy device name to kernel memory. 0x08 NAME_LEN R: Read length of current device's name. 0x0c ID R: Read id of current device. 0x10 IO_BASE R: Read I/O base address of current device. 0x14 IO_SIZE R: Read I/O base size of current device. 0x18 IRQ_BASE R: Read base IRQ of current device. 0x1c IRQ_COUNT R: Read IRQ count of current device.

KERNEL DRIVER IMPL

KERNEL DRIVER IMPL

0000-001f : dma10020-0021 : pic10040-0043 : timer00050-0053 : timer10060-0060 : keyboard0064-0064 : keyboard0070-0071 : rtc_cmos 0070-0071 : rtc00080-008f : dma page reg00a0-00a1 : pic200c0-00df : dma200f0-00ff : fpu03c0-03df : vga+0cf8-0cff : PCI conf11000-10ff : goldfish_pdev_busc000-c0ff : 0000:00:02.0 c000-c01f : ne2k-pci

/proc/ioports

KERNEL DRIVER IMPL00000000-0000ffff : reserved00010000-0009efff : System RAM0009f000-0009ffff : reserved000a0000-000bffff : Video RAM area000c0000-000c8bff : Video ROM000c9000-000c91ff : Adapter ROM000e8000-000fffff : reserved 000f0000-000fffff : System ROM00100000-1ffeffff : System RAM 00200000-0067f9ec : Kernel code 0067f9ed-008906ff : Kernel data 008dd000-00a3dfff : Kernel bss1fff0000-1fffffff : ACPI Tablesff001000-ff001fff : goldfish_device_busff004000-ff004fff : goldfish_audio.0ff005000-ff005fff : goldfish_mmc.0ff010000-ff010fff : goldfish-battery.0ff011000-ff011fff : goldfish_nand.0ff012000-ff013fff : qemu_pipeff014000-ff014fff : goldfish_tty.0ff015000-ff015fff : goldfish_tty.1ff016000-ff016fff : goldfish_fb.0ff017000-ff017fff : goldfish_events.0fffc0000-ffffffff : reserved

/proc/iomem

EMULATOR IMPL (X86)


Goldfish Kernel Goldfish Platform Bus

Goldfish Audio

Goldfish M

MC

Goldfish Battery

Goldfish N

AND

Goldfish TTY

Goldfish FB

QEM

U Pipe

Goldfish Events



Goldfish Audio

Goldfish M

MC

Goldfish Battery

Goldfish N

AND

Goldfish TTY

Goldfish FB

QEM

U Pipe

Goldfish Events

QEM

U Pipe



QEMU Pipe / Goldfish Pipe

DESIGN

Fast communication channel between guest and emulator.

/dev/qemu_pipe or /dev/goldfish_pipe (since kernel 3.10).

Kernel driver: drivers/misc/qemupipe/qemu_pipe.c

No extra drivers necessary for QEMU Pipe Services.

4 pipe services implemented.

QEMU Pipe Services


Goldfish Audio

Goldfish M

MC

Goldfish Battery

Goldfish N

AND

Goldfish TTY

Goldfish FB

QEM

U Pipe

Goldfish Events

Goldfish Kernel

QEMU Pipe Services


Goldfish Audio

Goldfish M

MC

Goldfish Battery

Goldfish N

AND

Goldfish TTY

Goldfish FB

QEM

U Pipe

Goldfish Events

QEMUD

TCP

Unix

OpenGLES

Goldfish Kernel

SERVICE REGISTRATION

typedef struct { void* (*init)( void* hwpipe, void* pipeOpaque, const char* args ); void (*close)( void* pipe ); int (*sendBuffers)( void* pipe, const GoldfishPipeBuffer* buffers, int numBuffers ); int (*recvBuffers)( void* pipe, GoldfishPipeBuffer* buffers, int numBuffers ); unsigned (*poll)( void* pipe ); void (*wakeOn)( void* opaque, int flags ); void (*save)( void* pipe, QEMUFile* file ); void* (*load)( void* hwpipe, void* pipeOpaque, const char* args, QEMUFile* file);} GoldfishPipeFuncs;

voidgoldfish_pipe_add_type(const char* pipeName, void* pipeOpaque, const GoldfishPipeFuncs* pipeFuncs );

WORKFLOW (1/3)

Kernel side: Sends the command PIPE_CMD_OPEN with a channel id.

Emulator side: Generates a pipe connection with the given channel id. Generates a pipe connector, which has the interface as a pipe service, on the pipe channel.

fd = open("/dev/qemu_pipe", O_RDWR);const char* pipeName = "";ret = write(fd, pipeName, strlen(pipeName)+1);if (ret < 0) { // error}... ready to go

WORKFLOW (2/3)

+------+ +----------------+| fd || pipe connector |+------+ +----------------+

WORKFLOW (3/3)

+------+ +----------------+| fd || pipe service |+------+ +----------------+

WORKFLOW (3/3)

+------+ +----------------+| fd || pipe service |+------+ +----------------+

/* Do the evil switch now */pipe->opaque = peer;pipe->service = svc;pipe->funcs = &svc->funcs;pipe->args = ASTRDUP(pipeArgs);AFREE(pcon);

R/W WAITING

When a service not able to consume more writes, or provide anything to read temporarily: PIPE_ERROR_AGAIN.

Kernel driver sends PIPE_CMD_WAKE_ON_READ/WRITE to wait.

When service is available, emulator triggers an IRQ.

Kernel reads PIPE_REG_CHANNEL register to find the channel id, and PIPE_REG_WAKES to find out what the event is (read / write / close).

QEMUD over QEMU Pipe


Goldfish Audio

Goldfish M

MC

Goldfish Battery

Goldfish N

AND

Goldfish TTY

Goldfish FB

QEM

U Pipe

Goldfish Events

QEMUD

TCP

Unix

OpenGLES

Goldfish Kernel

LEGACY IMPLEMENTATION

The legacy communication channel between guest and emulator.

Multiplexing daemon qemud runs in the guest OS.

Guest client apps operate on socket /dev/socket/qemud.

emulator qemud /dev/socket/qemud client1 | +--> client2

emulator: Kernel parameters: qemu.gles=1 qemu=1 console=ttyS0 android.qemud=ttyS1 androidboot.hardware=goldfish clocksource=pit android.checkjni=1 ndns=2

Ever noticed the boot parameters?

ADAPTATION TO QEMU PIPE

QEMUD Services


Goldfish Audio

Goldfish M

MC

Goldfish Battery

Goldfish N

AND

Goldfish TTY

Goldfish FB

QEM

U Pipe

Goldfish Events

QEMUD

TCP

Unix

OpenGLES

Goldfish Kernel

QEMUD Services


Goldfish Audio

Goldfish M

MC

Goldfish Battery

Goldfish N

AND

Goldfish TTY

Goldfish FB

QEM

U Pipe

Goldfish Events

QEMUD

TCP

Unix

OpenGLES

Goldfish Kernel

hw-control

boot-properties

gsm

gps

camera

sensors

fingerprintlisten

adb

adb-debug

SERVICE REGISTRATION

/* A function that will be called each time a new client in the emulated * system tries to connect to a given qemud service. This should typically * call qemud_client_new() to register a new client. */typedef QemudClient* (*QemudServiceConnect)( void* opaque, QemudService* service, int channel, const char* client_param );

QemudService*qemud_service_register( const char* service_name, int max_clients, void* serv_opaque, QemudServiceConnect serv_connect, QemudServiceSave serv_save, QemudServiceLoad serv_load );

ACCEPTING A CLIENT

/* A function that will be called when the client sends a message to the * service through qemud. */typedef void (*QemudClientRecv) ( void* opaque, uint8_t* msg, int msglen, QemudClient* client );

extern QemudClient* qemud_client_new( QemudService* service, int channel_id, const char* client_param, void* clie_opaque, QemudClientRecv clie_recv, QemudClientClose clie_close, QemudClientSave clie_save, QemudClientLoad clie_load );

CALLBACKS MAPPING

QEMU Pipe Callback QEMUD Callback Purpose

GoldfishPipeFuncs.init QemudServiceConnect accepting incoming client

GoldfishPipeFuncs.sendBuffers QemudClientRecv client is sendings messages

GoldfishPipeFuncs.recvBuffers - client is reading messages

GoldfishPipeFuncs.close QemudClientClose client closed connection

QEMUD services send messages to clients proactively through qemud_client_send() or qemud_service_broadcast().

WRITING TO SERVICE

READING FROM SERVICE

charpipe

charpipeQEMUD

NOT DONE YEThw-control

boot-properties

gsm

gps

camera

sensors

fingerprintlisten

adb

adb-debug

charpipe

charpipeQEMUD

NOT DONE YEThw-control

boot-properties

gsm

gps

camera

sensors

fingerprintlisten

adb

adb-debug

(wrapper)

(wrapper)

CharDriverState

CHAR DRIVER STATE

CharDriver is an object to operate on a specific type of char devices.

TCPCharDriver with tcp_chr_ functions for TCP net console.

CharDriverState forms an unified interface between a char driver and a user operating on the char driver (often shorted as cs in code).

CharDriver plays the backend of CharDriverState.

Char devices are usually polled in the main loop (qemu_iohandler_poll).

EXAMPLE

+--------+ +---------------+ +-----+| User 1 |---+ +---| TcpCharDriver |-----| tcp |+--------+ | | +---------------+ +-----+ | | +--------+ | +-----------------+ | +---------------+ +-----+| User 2 |---+---| CharDriverState |---+---| FDCharDriver |-----| fd |+--------+ | +-----------------+ | +---------------+ +-----+ | | +--------+ | | +---------------+ +-----+| User 3 |---+ +---| PtyCharDriver |-----| pty |+--------+ +---------------+ +-----+

INIT

use the function defined in the backend_table

https://github.com/android/platform_external_qemu/blob/bc42c43ffe6a38a7dd809b5f1f9c229c918b0382/qemu-char.c#L2553-L2594

WRITING

- success is not guaranteed - returns the number of bytes really written - similar to non-blocking BSD socket

READING

- not directly, but by callbacks - controlled by main loop

CHAR BUFFER

CharDriverState doesnt tell how many bytes it can accept, nor notify when its ready again.

CharBuffer: a wrapper on top of CS with internal buffer to keep writing on each polling until buffer empties.

Simplify the implementation of a CharDriverState user.

+-------+ +-------------+ +--------------+| QEMUD |------>| GSM Service |--CharBuffer-->| Radio Device |+-------+ +-------------+ +--------------+

CHAR PIPE CharBuffer creates a write buffer on a CharDriverState; CharPipe works as if 2 CharBuffers are connected to each other.

Bidirectional communication channel between 2 CS users.

Plays the backend of CS on both side. Writing on one endpoint triggers the read handler on the other endpoint directly.

CharBuffer / CharPipe rely on main loop polling (charpipe_poll).

+-------+ +-------------+ +-------------+| QEMUD |------>| GSM Service || ModemDriver |+-------+ +-------------+ +-------------+

FROM RILD TO MODEM

QEM

U Pipe

gsmQEMUD

TCP

Unix

OpenGLESModemDriver

AModem

rild

Goldfish Kernel

/dev/qemu_pipe

qemu_pipe driver

charpipe

[rild side]see commit 385a739

[modem side]1.init gsm service

1.init charpipe2.set qemud wrapper

2.init modem driver1.set modem read handler

3.accept connection1.set qemud read handler

https://github.com/mozilla-b2g/android-hardware-ril/commit/385a73934b05fd28915e0ae17020dbfe3b20afd4https://github.com/android/platform_external_qemu/blob/bc42c43ffe6a38a7dd809b5f1f9c229c918b0382/vl-android.c#L3340https://github.com/android/platform_external_qemu/blob/bc42c43ffe6a38a7dd809b5f1f9c229c918b0382/android/hw-qemud.c#L2462https://github.com/android/platform_external_qemu/blob/bc42c43ffe6a38a7dd809b5f1f9c229c918b0382/android/hw-qemud.c#L2466https://github.com/android/platform_external_qemu/blob/bc42c43ffe6a38a7dd809b5f1f9c229c918b0382/android/qemu-setup.c#L358https://github.com/android/platform_external_qemu/blob/bc42c43ffe6a38a7dd809b5f1f9c229c918b0382/telephony/modem_driver.c#L165https://github.com/android/platform_external_qemu/blob/bc42c43ffe6a38a7dd809b5f1f9c229c918b0382/android/hw-qemud.c#L2445-L2449

Android Debug Bridge

ADB ON PHONES

ADB Server(tcp:5037)

ADB Client

Host USB

Phone USB ADBD

Phone USB ADBD

Phone USB ADBD

Phone 1

Phone 2

Phone 3

ADB ON EMULATORS

ADB Server(tcp:5037)

ADB Client

QEMUD ADBD

QEMUD ADBD

QEMUD ADBD

Emulator 1

ADB Service

ADB Service

ADB Service

Emulator 2

Emulator 3

CASE STUDY

https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709https://bugzilla.mozilla.org/show_bug.cgi?id=1153709

OPENGL EMULATION

Gralloc

GRAPHICS

Framebuffer

GPU Driver

Vendor GL ImplGraphic BufferHWComposer

OpenGL ES & EGL

FB Driver ION

Gecko Compositor

OPENGL LIBS/system/lib/egl/libEGL_adreno.so/system/lib/libEGL.so

/system/lib/libGLESv1_CM.so

/system/lib/libGLESv2.so

/system/lib/libGLESv3.so

/system/lib/egl/libGLESv1_CM_adreno.so

/system/lib/egl/libGLESv2_adreno.so

/system/lib/egl/libGLES_android.so/system/lib/libEGL.so

/system/lib/libGLESv1_CM.so

With vendor GL support

With software GL

Gralloc (gralloc.goldfish.so)

WITH OPENGL EMULATION

Framebuffer Graphic Buffer

QEMU Pipe

libEGL / libGLESv1_CM / libGLESv2

libEGL_emulationlibGLESv1_CM_emulation

libGLESv1_enc

libGLESv2_emulation

libGLESv2_enc

libOpenglRender

libEGL_translator libGLES_CM_translator libGLES_v2_translator

EmuGL Framebuffer

GLX AGL WGL

Gralloc (gralloc.default.so)

WITHOUT OPENGL EMULATION

Framebuffer Graphic Buffer

/dev/graphics/framebuffer

libEGL / libGLESv1_CM

libGLES_android

QFramebuffer

QEMU2 STATUS

QEMU2 EMULATOR STATUS

Device Trees to replace Platform Bus.

VirtIO to replace Goldfish NAND / MMC.

QEMUD is completely abandoned / services porting is in progress.

x86 support is still in development.

No skin support yet.

Goldfish Virtual Hardware


Goldfish Audio

Goldfish M

MC

Goldfish Battery

Goldfish N

AND

Goldfish TTY

Goldfish FB

QEM

U Pipe

Goldfish Events

hw-control

boot-properties

gsm

gps

camera

sensors

fingerprintlisten

QEMUD

TCP

Unix

OpenGLES

Goldfish Kernel(PIC, RTC, Timer not shown)

adb

adb-debug

Mobile

Study on Android Emulator