Debugging with qemu?

[ShiftPlusOne]

I've set up Torlu's rpi qemu branch in hopes of using it to debug kernels.
https://github.com/Torlus/qemu-rpi
I'm using mentor toolchain's arm gdb to hook up to localhost:1234 after starting qemu with -S -s

Then I can do something along these lines

Code: Select all

(gdb) ni
0x00010048 in ?? ()
(gdb) info registers
r0             0x10     16
r1             0x0      0
r2             0x20200000       538968064
r3             0x0      0
r4             0x0      0
r5             0x0      0
r6             0x0      0
r7             0x0      0
r8             0x0      0
r9             0x0      0
r10            0x0      0
r11            0x0      0
r12            0x0      0
...

The registers seem to contain all the right information, but there are a few issue I can't get around.
1) I can't view the disassembly of what's going on, I just get "No function contains program counter for selected frame.".
3) The offsets don't look right. Why 0x00010048 instead of 0x00008048? The program counter is also showing the strange offsets.

All of the information I'm finding is mentioning debug symbols, but I'm using fasmarm, so getting those would be a bit of a pain.

Does anybody have any experience with what I'm trying to do? Alternatively, are there other ways to debug kernels which might be better? I've had a look at dwelch's arm jtag info but that seems like even more of a pain to set up.

[JacobL]

Are you using the trick with both kernel and initrd pointing to the same image? This should be used if you want your kernel loaded at 0x8000. Otherwise the kernel will be loaded at 0x10000.

Here is the script I use to start qemu with gdb, perhaps it helps:

Code: Select all

#!/bin/bash

IMG="$1"

[[ -f "$IMG" ]] || exit 1

QEMU=/opt/qemu-rpi/bin/qemu-system-arm

MEM=512
CPU=arm1176
MACH=raspi

SER=stdio

APPEND="rw earlyprintk loglevel=8 panic=120 keep_bootcon rootwait dma.dmachans=0x7f35 bcm2708_fb.fbwidth=1024 bcm2708_fb.fbheight=768 bcm2708.boardrev=0xf bcm2708.serial=0xcad0eedf smsc95xx.macaddr=B8:27:EB:D0:EE:DF sdhci-bcm2708.emmc_clock_freq=100000000 vc_mem.mem_base=0x1c000000 vc_mem.mem_size=0x20000000  dwc_otg.lpm_enable=0 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait"

$QEMU -kernel "$IMG" -initrd "$IMG" -cpu $CPU -m $MEM -M $MACH -no-reboot -s -S -serial $SER -append "$APPEND"

[ShiftPlusOne]

Ah, brilliant! That worked perfectly. I'm still not able to disassemble anything though.

Code: Select all

(gdb) disas
No function contains program counter for selected frame.

Edit:

Code: Select all

x/14i $pc

works, but is a little limited.
http://felix.abecassis.me/2012/08/gdb-d ... -binaries/

[ShiftPlusOne]

I suppose it works well enough. I find that my kernel gets to this instruction "0x80c4: movweq r5, #33680 ; 0x8390" and then pc jumps to 0x0. Is there an issue with the instruction causing a reset or something?

Edit:
Reduced it to a test case and made it a linux program. Turned out I don't know how to use thumb. Looks like qemu is very handy for bare metal development if you don't have a jtag adapter.