Difference between revisions of "QEMU"

From MILEDROPEDIA
Jump to: navigation, search
(Added working with qemu description)
 
m
Line 69: Line 69:
  
 
And now we can connect with gdb or any its frontend to localhost:1234 and start debuging process:
 
And now we can connect with gdb or any its frontend to localhost:1234 and start debuging process:
 +
<pre>
 +
(gdb) target remote localhost:1234
 +
</pre>

Revision as of 04:07, 17 February 2011

Install

Download sources from (link will be later) Build them : ./configure --target-list=arm;make;make install

Use case

You can use loading your custom bootrom from file by using parameters: -bios and -L dir. They let choose bios (bootrom) name and path Because we need ARM, we need use name "bootrom.bin" as bios name, and it must be valid 32K file

Also, if something goes wrong, for example:

qemu: fatal: Trying to execute code outside RAM or ROM at 0x00014748
 
R00=0001b860 R01=4020fcb0 R02=0000002c R03=00014748
R04=00014000 R05=00000000 R06=0000030f R07=4001b82f
R08=00000000 R09=00000000 R10=4001b840 R11=4001b860
R12=00000000 R13=4020fcac R14=40014724 R15=00014748
PSR=400001d3 -Z-- A svc32

you can enable tracing in qemu by enabling option "-d cpu,exec,in_asm" - it create trace log in /tmp/qemu.log, for example:

----------------
IN: 
0x40014708:  ea000000      b    0x40014710
 
R00=00c51878 R01=00000001 R02=00000000 R03=00000000
R04=00014000 R05=00000000 R06=0000030f R07=00000000
R08=00000000 R09=00000000 R10=00000000 R11=00000000
R12=00000000 R13=4020fcac R14=40014904 R15=40014710
PSR=600001d3 -ZC- A svc32
----------------
IN: 
0x40014710:  e28f0028      add  r0, pc, #40     ; 0x28
0x40014714:  e8900c00      ldm  r0, {sl, fp}
0x40014718:  e08aa000      add  sl, sl, r0
0x4001471c:  e08bb000      add  fp, fp, r0
0x40014720:  e24a7001      sub  r7, sl, #1      ; 0x1
0x40014724:  e15a000b      cmp  sl, fp
0x40014728:  0a000164      beq  0x40014cc0
 
R00=40014740 R01=00000001 R02=00000000 R03=00000000
R04=00014000 R05=00000000 R06=0000030f R07=4001b82f
R08=00000000 R09=00000000 R10=4001b830 R11=4001b860
R12=00000000 R13=4020fcac R14=40014904 R15=4001472c
PSR=800001d3 N--- A svc32
----------------

Such log can help you find the place of error (or in qemu or in running image)

so, for example you can run qemu:

qemu-system-arm -M n900 -m 256 -L . -bios bootrom.bin -mtdblock mbmloader-1.raw -d in_asm,cpu,exec -nographic


Debugging

Also it is possible use qemu for debugging purposes: you need only two options for that: -s and -S

  • -s option run qemu in gdbserver mode at localhost port 1234
  • -S stop execution when debugging start

for example:

qemu-system-arm -M n900 -m 256 -L . -bios bootrom.bin -mtdblock mbmloader-1.raw -d in_asm,cpu,exec -s -S -nographic

And now we can connect with gdb or any its frontend to localhost:1234 and start debuging process:

(gdb) target remote localhost:1234