wiki:Developer/Simulators/QEMU

Version 12 (modified by ChrisJohns, on 09/26/06 at 16:27:23) (diff)

Add debugging with QEMU.

QEMU

You can run RTEMS in the open source processor emulator QEMU. The QEMU emulator runs on a number of hosts including Linux and Windows. It also supports a number of processors.

QEMU On Windows

Install the RTEMS MinGW Tools for Windows. Download the processor emulator you wish to use and install. For example we will install the i368 emulator to c:\rtems\i386\qemu-0.8.2-windows. Download the boot floppy image ftp://ftp.rtems.org/pub/rtems/qemu/i386-pc/rtems-boot.img to c:\rtems\i386. To run QEMU create the batch file c:\rtems\i386\qemu.bat with:

rem @echo off set QEMU=C:\rtems\i386\qemu-0.8.2-windows %QEMU%\qemu -L %QEMU% -m 128 -boot a -fda c:\rtems\i386\rtems-boot.img -hda fat:%1

The boot floppy will look in the root directory the QEMU C: drive for a file called rtems-grub.cfg. The QEMU C: is a directory on your hard disk passed to QEMU on its command line and can be seen in the qemu.bat file we created as the -hda fat:%1 option. The command line option we pass to qemu.bat is a directory that is the root directory the QEMU C: drive. For example download and build RTEMS for the i386 target as described on the MinGW Tools for Windows page. Then install rtems-grub.cfg into the c:\rtems\src\i386\i386-rtems4.7\c\pc586\testsuites\samples directory. Open the RTEMS (i386) command window by running c:\rtems\i386\rtems-cmd.bat then enter:

RTEMS(i386) C:\rtems\i386>qemu c:\rtems\src\i386\i386-rtems4.7\c\pc586\testsuites\samples

The QEMU windows will open and GRUB will provide you with a menu of the RTEMS sample applications. Select an application and watch it run.

QEMU PC (i386) Emulator

The RTEMS PC BSP runs in the QEMU emulator. The QEMU emulator needs a boot image that will load RTEMS and we use GRUB for this. The simplest may to do this is to create a floppy disk image and tell QEMU to boot from a floppy disk.

Making a Boot Floppy Disk

We run RTEMS in QEMU by first booting from a floppy disk image containing the GRUB boot loader. You can use the image we have made by downloading it from the RTEMS ftp server. The following instructions built the image and were run on a Fedora Core 5 Linux host.

Download the latest release of version 2 the Grub boot loader from ftp://alpha.gnu.org/gnu/grub/. Build the package with the following configure command:

$ ../grub-1.94/configure --prefix=/tmp/g2/build $ make all install

where the prefix can be anything suitable for your machine. If configure fails with a missing LZO library check you have the lzo-devel package installed.

To make the floppy image follow the instructions in the Grub Wiki at http://grub.enbug.org/TestingOnX86. This script is adapted from the instructions:

#! /bin/sh -x grub=/tmp/g2/build workspace=/tmp/g2 mnt=$workspace/mnt/loop file=$workspace/rtems-boot.img export PATH=$grub/bin:$grub/sbin:$PATH mkdir -p $workspace cd $workspace grub-mkimage -o core.img _chain ls pc multiboot gpt fat boot reboot configfile cat help dd if=/dev/zero of=$file bs=512 count=2880 /sbin/mkdosfs $file mkdir -p $mnt mount -o loop -t vfat $file $mnt mkdir -p $mnt/boot/grub cp $grub/lib/grub/i386-pc/boot.img core.img $grub/lib/grub/i386-pc/*.mod $mnt/boot/grub cat "configfile (hd0,0)/rtems-grub.cfg" > $mnt/boot/grub/grub.cfg echo '(fd0)' $file > tmp_device.map grub-setup -d $mnt/boot/grub -r '(fd0)' -m tmp_device.map '(fd0)' rm -f tmp_device.map umount $mnt

The default grub.cfg file will attempt to read a GRUB configuration file called rtems-grub.cfg from the root directory of the harddisk. This lets you create a specific GRUB configuration for you testing without needing to rebuild the floppy image. An example configuration that lets you run the RTEMS Samples is:

# RTEMS Grub configuration for the Samples

set default=0

menuentry "RTEMS - Hello" {

set root=(hd0,0) multiboot (hd0,0)/hello/hello.exe

}

menuentry "RTEMS - Ticker" {

set root=(hd0,0) multiboot (hd0,0)/ticker/ticker.exe

}

menuentry "RTEMS - Minimum" {

set root=(hd0,0) multiboot (hd0,0)/minimum/minimum.exe

}

menuentry "RTEMS - Paranoia" {

set root=(hd0,0) multiboot (hd0,0)/paranoia/paranoia.exe

}

menuentry "RTEMS - File IO" {

set root=(hd0,0) multiboot (hd0,0)/fileio/fileio.exe

}

menuentry "RTEMS - Unlimited" {

set root=(hd0,0) multiboot (hd0,0)/unlimited/unlimited.exe

}

menuentry "RTEMS - Loopback" {

set root=(hd0,0) multiboot (hd0,0)/loopback/loopback.exe

}

menuentry "RTEMS - PPPD" {

set root=(hd0,0) multiboot (hd0,0)/pppd/pppd.exe

}

menuentry "RTEMS - Base Mulitprocessor" {

set root=(hd0,0) multiboot (hd0,0)/base_mp/base_mp.exe

}

menuentry "RTEMS - Base Single Processor" {

set root=(hd0,0) multiboot (hd0,0)/base_sp/base_sp.exe

}

menuentry "RTEMS - C++ Static Constructors" {

set root=(hd0,0) multiboot (hd0,0)/cdtest/cdtest.exe

}

menuentry "RTEMS - C++ IO Streams" {

set root=(hd0,0) multiboot (hd0,0)/iostream/iostream.exe

}

Debugging with QEMU

You can connect a debugger to QEMU and debug your application. If you start QEMU and load your application then switch consoles by pressing Ctl-Alt-2 to the QEMU command console then enter the command gdbserver. After this start gdb for your target with the ELF image for the execute. Once gdb has started enter the remote target command for localhost:1234. On Windows with and the i386 target the commands are:

RTEMS(i386) C:\rtems\src\i386\i386-rtems4.7\c\pc586\testsuites\samples\capture>i 386-rtems-gdb capture.elf 'i386-rtems-gdb' is not recognized as an internal or external command, operable program or batch file.

RTEMS(i386) C:\rtems\src\i386\i386-rtems4.7\c\pc586\testsuites\samples\capture>i386-rtems4.7-gdb capture.elf GNU gdb 6.5 Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "--host=i686-pc-mingw32 --target=i386-rtems4.7"... (gdb) target remote localhost:1234 Remote debugging using localhost:1234 0x00115c11 in _CPU_Thread_Idle_body ()

at c:/rtems/src/rtems-4.6.99.3/cpukit/score/cpu/i386/cpu.c:92

92 asm volatile ("hlt"); (gdb) l _Exception_Handler 108 frstor (eax) /* restore FP context */ 109 ret 110 111 PUBLIC (_Exception_Handler) 112 SYM (_Exception_Handler): 113 pusha /* Push general purpose registers */ 114 pushl esp /* Push exception frame address */ 115 movl _currentExcHandler, eax /* Call function storead in _currentExcHandler */ 116 call * eax 117 addl $4, esp (gdb)

Do not forget to build RTEMS with the --enable-rtems-debug configure option to get debug information built into RTEMS.