From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HMLEO-00060m-Bm for qemu-devel@nongnu.org; Wed, 28 Feb 2007 04:36:16 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HMLEK-0005vB-7P for qemu-devel@nongnu.org; Wed, 28 Feb 2007 04:36:14 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HMLEJ-0005ub-Oe for qemu-devel@nongnu.org; Wed, 28 Feb 2007 04:36:11 -0500 Received: from gmp-ea-fw-1.sun.com ([192.18.1.36]) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HMLEJ-0002x9-5S for qemu-devel@nongnu.org; Wed, 28 Feb 2007 04:36:11 -0500 Received: from d1-emea-09.sun.com (d1-emea-09.sun.com [192.18.2.119]) by gmp-ea-fw-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l1S9a7Uk028681 for ; Wed, 28 Feb 2007 09:36:08 GMT Received: from conversion-daemon.d1-emea-09.sun.com by d1-emea-09.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) id <0JE600B012CR0200@d1-emea-09.sun.com> (original mail from Vitezslav.Batrla@Sun.COM) for qemu-devel@nongnu.org; Wed, 28 Feb 2007 09:36:07 +0000 (GMT) Received: from cml ([129.157.18.72]) by d1-emea-09.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPSA id <0JE60047A2O73I30@d1-emea-09.sun.com> for qemu-devel@nongnu.org; Wed, 28 Feb 2007 09:36:07 +0000 (GMT) From: Vita Batrla Sender: Vitezslav.Batrla@Sun.COM Message-id: <1172655322.9173.35.camel@cml> MIME-version: 1.0 Content-type: text/plain Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] how to debug qemu? Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Wed, 28 Feb 2007 09:36:16 -0000 To: qemu-devel@nongnu.org Hi, I'm running Solaris inside qemu (i386), Most of things work fine, exactly like on real machine, however, running modular debugger (mdb) on e.g. /bin/ls turns the virtual machine to worm brick every time I try it. Same procedure works fine on real hardware. The virtual machine is flooded by INT 0x01, because env->eflags & TF_MASK is set. How do I find out which instruction turned TF flag on? I'd like to find the original instruction, which did set TF flag by instrumenting cpu_exec() right after the executing gen_func(). Can I get it by examination env->current_tb?: (gdb) print env->current_tb[0] $7 =3D {pc =3D 4269802867, cs_base =3D 0, flags =3D 68276, size =3D 8, cf= lags =3D 0, tc_ptr =3D 0x8b4a630 "=EF=BF=BD\020", phys_hash_next =3D 0x0, page_next= =3D {0x81599a0, 0x0}, page_addr =3D {4194304, 4294967295}, tb_next_offset =3D {65535,= 65535}, tb_jmp_offset =3D {324, 244, 65535, 65535}, jmp_next =3D {0x0, 0x0}, jmp_first =3D 0x81599e2} Where is the non-translated assembler code, or how to find the instruction more effectively? Can some one help me please? Best regards, Vita