[Qemu-devel] Single stepping MIPS in GDB

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] Single stepping MIPS in GDB
@ 2006-03-27 17:53 Dirk Behme
  2006-03-29  8:08 ` [Qemu-devel] " Dirk Behme
  0 siblings, 1 reply; 3+ messages in thread
From: Dirk Behme @ 2006-03-27 17:53 UTC (permalink / raw)
  To: qemu-devel

Hi,

now, after ARM, I try to debug some low level system init 
code on MIPS as well. For this, I use 
qemu-snapshot-2006-03-21_23 because this already includes 
little endian MIPS (--target-list=mipsel-softmmu). I can 
load my program to MIPS default start address 0x80010000, 
use mipsel-linux-gdb to attach to it and load symbols. Start 
address is set correctly. But seems that I have trouble 
single stepping (si). I would assume that with first si 
system should jump to 0x80010400 (please find some debug 
output below). Instead, PC is set to 0x0.

If I start program with 'continue' in gdb, seems that 
program starts to run correctly. After stop at random 
location with ctrl-c in gdb, the following single steps seem 
to fail as well (please see below as well).

Any hints what I'm making wrong here?

Many thanks

Dirk

*1* Debug output for single step at startup. PC is set to 
0x0 instead to next command at 0x80010400

_start ()
     at uboot/u-boot-1.1.4/cpu/mips/start.S:43
43              RVECENT(reset,0)        /* U-boot entry point */
(gdb) p/x $pc
$1 = 0x80010000
(gdb) x/2i $pc
0x80010000 <_start>:    b       0x80010400 <reset>
0x80010004 <_start+4>:  nop
(gdb) si
0x00000000 in ?? ()
(gdb) p/x $pc
$2 = 0x0
(gdb)

/tmp> cat qemu.log
pc=0x80010000 HI=0x00000000 LO=0x00000000 ds 0002 00000000 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
GPR08: t0 00000000 t1 00000000 t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
CP0 Status  0x10400004 Cause   0x00000400 EPC    0x00000000
     Config0 0x80008090 Config1 0x1e190c8a LLAddr 0x00000000
cpu_mips_handle_mmu_fault pc 80010000 ad 80010000 rw 2 
is_user 0 smmu 1
cpu_mips_handle_mmu_fault address=80010000 ret 0 physical 
00010000 prot 3
------------------------------------------------
pc=0x80010000 HI=0x00000000 LO=0x00000000 ds 0002 00000000 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
GPR08: t0 00000000 t1 00000000 t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
CP0 Status  0x10400004 Cause   0x00000400 EPC    0x00000000
     Config0 0x80008090 Config1 0x1e190c8a LLAddr 0x00000000
IN:
0x80010000:  b  0x80010400
0x80010004:  nop

OP:
0x0000: goto_tb0
0x0001: save_pc 0x80010400
0x0002: set_T0 0x829ce00
0x0003: exit_tb
0x0004: reset_T0
0x0005: exit_tb
0x0006: end

---------------- 2 00000002
OUT: [size=24]
0x08a9ce00:  jmp    0xa4ab0b4
0x08a9ce05:  movl   $0x80010400,0x80(%ebp)
0x08a9ce0f:  mov    $0x829ce00,%ebx
0x08a9ce14:  ret
0x08a9ce15:  xor    %ebx,%ebx
0x08a9ce17:  ret

Trace 0x08a9ce00 [80010000]
pc=0x80010400 HI=0x00000000 LO=0x00000000 ds 0002 00000000 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
GPR08: t0 00000000 t1 00000000 t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
CP0 Status  0x10400004 Cause   0x00000400 EPC    0x00000000
     Config0 0x80008090 Config1 0x1e190c8a LLAddr 0x00000000
------------------------------------------------
pc=0x80010400 HI=0x00000000 LO=0x00000000 ds 0002 00000000 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
GPR08: t0 00000000 t1 00000000 t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
CP0 Status  0x10400004 Cause   0x00000400 EPC    0x00000000
     Config0 0x80008090 Config1 0x1e190c8a LLAddr 0x00000000
IN:

OP:
0x0000: save_pc 0x80010400
0x0001: debug
0x0002: end

---------------- 2 00000002
OUT: [size=21]
0x08a9ce20:  movl   $0x80010400,0x80(%ebp)
0x08a9ce2a:  push   $0x10002
0x08a9ce2f:  call   0x80866c0
0x08a9ce34:  pop    %eax

Trace 0x08a9ce20 [80010400]
search pc 1
------------------------------------------------
pc=0x80010400 HI=0x00000000 LO=0x00000000 ds 0002 00000000 0
GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
GPR08: t0 00000000 t1 00000000 t2 00000000 t3 00000000
GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
CP0 Status  0x10400004 Cause   0x00000400 EPC    0x00000000
     Config0 0x80008090 Config1 0x1e190c8a LLAddr 0x00000000
IN:

OP:
0x0000: save_pc 0x80010400
0x0001: debug
0x0002: end

---------------- 2 00000002
/tmp >

Debug output from debug enabled in gdbserver:

command='m80010000,4'
reply='ff000010'
command='m80010004,4'
reply='00000000'
command='m80010000,4'
reply='ff000010'
command='m80010004,4'
reply='00000000'
command='m80010000,4'
reply='ff000010'
command='Z0,80010400,4'
reply='OK'
command='vCont?'
reply=''
command='Hc0'
reply=''
command='c'
Foo #B ret: 0
reply='S05'
command='g'
reply='0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040100000000000000000000000000004000000000000'
command='z0,80010400,4'
reply='OK'
command='m0,4'
reply='00000000'
command='mfffffffc,4'
reply='E14'
command='m0,4'
reply='00000000'
command='mfffffffc,4'
reply='E14'
command='m0,4'
reply='00000000'
command='mfffffffc,4'
reply='E14'
command='m0,4'
reply='00000000'
command='mfffffffc,4'
reply='E14'
command='m0,4'
reply='00000000'
command='m4,4'
reply='00000000'

*2* Start program with 'continue', stop somewhere with 
ctrl-c, then single step:

(gdb) p/x $pc
$3 = 0x800108cc
(gdb) si
143     2:      sw      zero, 0(a0)
(gdb) si
143     2:      sw      zero, 0(a0)
(gdb) si
143     2:      sw      zero, 0(a0)
(gdb) p/x $pc
$4 = 0x800108cc
(gdb) x/3i $pc
0x800108cc <mips_cache_reset+28>:       sw      zero,0(a0)
0x800108d0 <mips_cache_reset+32>:       sw      zero,4(a0)
0x800108d4 <mips_cache_reset+36>:       sw      zero,8(a0)
(gdb)

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Qemu-devel] Re: Single stepping MIPS in GDB
  2006-03-27 17:53 [Qemu-devel] Single stepping MIPS in GDB Dirk Behme
@ 2006-03-29  8:08 ` Dirk Behme
  2006-03-29 13:40   ` Dirk Behme
  0 siblings, 1 reply; 3+ messages in thread
From: Dirk Behme @ 2006-03-29  8:08 UTC (permalink / raw)
  To: qemu-devel

Hi,

if nobody has an idea regarding this, any hint where to 
search or how to debug this the best way?

What confuses me is that qemu.log correctly shows 
pc=0x80010400 but qemu monitor register info and GDB show pc=0.

Thanks

Dirk

Dirk Behme wrote:
> Hi,
> 
> now, after ARM, I try to debug some low level system init code on MIPS 
> as well. For this, I use qemu-snapshot-2006-03-21_23 because this 
> already includes little endian MIPS (--target-list=mipsel-softmmu). I 
> can load my program to MIPS default start address 0x80010000, use 
> mipsel-linux-gdb to attach to it and load symbols. Start address is set 
> correctly. But seems that I have trouble single stepping (si). I would 
> assume that with first si system should jump to 0x80010400 (please find 
> some debug output below). Instead, PC is set to 0x0.
> 
> If I start program with 'continue' in gdb, seems that program starts to 
> run correctly. After stop at random location with ctrl-c in gdb, the 
> following single steps seem to fail as well (please see below as well).
> 
> Any hints what I'm making wrong here?
> 
> Many thanks
> 
> Dirk
> 
> *1* Debug output for single step at startup. PC is set to 0x0 instead to 
> next command at 0x80010400
> 
> _start ()
>     at uboot/u-boot-1.1.4/cpu/mips/start.S:43
> 43              RVECENT(reset,0)        /* U-boot entry point */
> (gdb) p/x $pc
> $1 = 0x80010000
> (gdb) x/2i $pc
> 0x80010000 <_start>:    b       0x80010400 <reset>
> 0x80010004 <_start+4>:  nop
> (gdb) si
> 0x00000000 in ?? ()
> (gdb) p/x $pc
> $2 = 0x0
> (gdb)
> 
> /tmp> cat qemu.log
> pc=0x80010000 HI=0x00000000 LO=0x00000000 ds 0002 00000000 0
> GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
> GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
> GPR08: t0 00000000 t1 00000000 t2 00000000 t3 00000000
> GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
> GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
> GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
> CP0 Status  0x10400004 Cause   0x00000400 EPC    0x00000000
>     Config0 0x80008090 Config1 0x1e190c8a LLAddr 0x00000000
> cpu_mips_handle_mmu_fault pc 80010000 ad 80010000 rw 2 is_user 0 smmu 1
> cpu_mips_handle_mmu_fault address=80010000 ret 0 physical 00010000 prot 3
> ------------------------------------------------
> pc=0x80010000 HI=0x00000000 LO=0x00000000 ds 0002 00000000 0
> GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
> GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
> GPR08: t0 00000000 t1 00000000 t2 00000000 t3 00000000
> GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
> GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
> GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
> CP0 Status  0x10400004 Cause   0x00000400 EPC    0x00000000
>     Config0 0x80008090 Config1 0x1e190c8a LLAddr 0x00000000
> IN:
> 0x80010000:  b  0x80010400
> 0x80010004:  nop
> 
> OP:
> 0x0000: goto_tb0
> 0x0001: save_pc 0x80010400
> 0x0002: set_T0 0x829ce00
> 0x0003: exit_tb
> 0x0004: reset_T0
> 0x0005: exit_tb
> 0x0006: end
> 
> ---------------- 2 00000002
> OUT: [size=24]
> 0x08a9ce00:  jmp    0xa4ab0b4
> 0x08a9ce05:  movl   $0x80010400,0x80(%ebp)
> 0x08a9ce0f:  mov    $0x829ce00,%ebx
> 0x08a9ce14:  ret
> 0x08a9ce15:  xor    %ebx,%ebx
> 0x08a9ce17:  ret
> 
> Trace 0x08a9ce00 [80010000]
> pc=0x80010400 HI=0x00000000 LO=0x00000000 ds 0002 00000000 0
> GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
> GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
> GPR08: t0 00000000 t1 00000000 t2 00000000 t3 00000000
> GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
> GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
> GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
> CP0 Status  0x10400004 Cause   0x00000400 EPC    0x00000000
>     Config0 0x80008090 Config1 0x1e190c8a LLAddr 0x00000000
> ------------------------------------------------
> pc=0x80010400 HI=0x00000000 LO=0x00000000 ds 0002 00000000 0
> GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
> GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
> GPR08: t0 00000000 t1 00000000 t2 00000000 t3 00000000
> GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
> GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
> GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
> CP0 Status  0x10400004 Cause   0x00000400 EPC    0x00000000
>     Config0 0x80008090 Config1 0x1e190c8a LLAddr 0x00000000
> IN:
> 
> OP:
> 0x0000: save_pc 0x80010400
> 0x0001: debug
> 0x0002: end
> 
> ---------------- 2 00000002
> OUT: [size=21]
> 0x08a9ce20:  movl   $0x80010400,0x80(%ebp)
> 0x08a9ce2a:  push   $0x10002
> 0x08a9ce2f:  call   0x80866c0
> 0x08a9ce34:  pop    %eax
> 
> Trace 0x08a9ce20 [80010400]
> search pc 1
> ------------------------------------------------
> pc=0x80010400 HI=0x00000000 LO=0x00000000 ds 0002 00000000 0
> GPR00: r0 00000000 at 00000000 v0 00000000 v1 00000000
> GPR04: a0 00000000 a1 00000000 a2 00000000 a3 00000000
> GPR08: t0 00000000 t1 00000000 t2 00000000 t3 00000000
> GPR12: t4 00000000 t5 00000000 t6 00000000 t7 00000000
> GPR16: s0 00000000 s1 00000000 s2 00000000 s3 00000000
> GPR20: s4 00000000 s5 00000000 s6 00000000 s7 00000000
> GPR24: t8 00000000 t9 00000000 k0 00000000 k1 00000000
> GPR28: gp 00000000 sp 00000000 s8 00000000 ra 00000000
> CP0 Status  0x10400004 Cause   0x00000400 EPC    0x00000000
>     Config0 0x80008090 Config1 0x1e190c8a LLAddr 0x00000000
> IN:
> 
> OP:
> 0x0000: save_pc 0x80010400
> 0x0001: debug
> 0x0002: end
> 
> ---------------- 2 00000002
> /tmp >
> 
> Debug output from debug enabled in gdbserver:
> 
> command='m80010000,4'
> reply='ff000010'
> command='m80010004,4'
> reply='00000000'
> command='m80010000,4'
> reply='ff000010'
> command='m80010004,4'
> reply='00000000'
> command='m80010000,4'
> reply='ff000010'
> command='Z0,80010400,4'
> reply='OK'
> command='vCont?'
> reply=''
> command='Hc0'
> reply=''
> command='c'
> Foo #B ret: 0
> reply='S05'
> command='g'
> reply='0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040100000000000000000000000000004000000000000' 
> 
> command='z0,80010400,4'
> reply='OK'
> command='m0,4'
> reply='00000000'
> command='mfffffffc,4'
> reply='E14'
> command='m0,4'
> reply='00000000'
> command='mfffffffc,4'
> reply='E14'
> command='m0,4'
> reply='00000000'
> command='mfffffffc,4'
> reply='E14'
> command='m0,4'
> reply='00000000'
> command='mfffffffc,4'
> reply='E14'
> command='m0,4'
> reply='00000000'
> command='m4,4'
> reply='00000000'
> 
> *2* Start program with 'continue', stop somewhere with ctrl-c, then 
> single step:
> 
> (gdb) p/x $pc
> $3 = 0x800108cc
> (gdb) si
> 143     2:      sw      zero, 0(a0)
> (gdb) si
> 143     2:      sw      zero, 0(a0)
> (gdb) si
> 143     2:      sw      zero, 0(a0)
> (gdb) p/x $pc
> $4 = 0x800108cc
> (gdb) x/3i $pc
> 0x800108cc <mips_cache_reset+28>:       sw      zero,0(a0)
> 0x800108d0 <mips_cache_reset+32>:       sw      zero,4(a0)
> 0x800108d4 <mips_cache_reset+36>:       sw      zero,8(a0)
> (gdb)
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Qemu-devel] Re: Single stepping MIPS in GDB
  2006-03-29  8:08 ` [Qemu-devel] " Dirk Behme
@ 2006-03-29 13:40   ` Dirk Behme
  0 siblings, 0 replies; 3+ messages in thread
From: Dirk Behme @ 2006-03-29 13:40 UTC (permalink / raw)
  To: qemu-devel

Hi,

answering to myself again ;)

Now, I found where the PC is wrongly set to 0x0:

In translate-all.c, end of function cpu_restore_state() (lines
with '+' are debug output added):

#elif defined(TARGET_MIPS)
+    printf("PC before: 0x%08x, j: %d, OPC_BUF_SIZE: %d\n", 
env->PC, j, OPC_BUF_SIZE);
+    for(c = 0; c < OPC_BUF_SIZE; c++)
+      printf("OPC %03d: 0x%08x\n", c, gen_opc_pc[c]);
     env->PC = gen_opc_pc[j];
+    printf("PC after: 0x%08x\n", env->PC);
     env->hflags &= ~MIPS_HFLAG_BMASK;
     env->hflags |= gen_opc_hflags[j];
#endif

results in the following output (0x80010400 is the correct one):

PC before: 0x80010400, j: -8185, OPC_BUF_SIZE: 512
OPC 000: 0x00000000
OPC 001: 0x00000000
...
OPC 510: 0x00000000
OPC 511: 0x00000000
PC after: 0x00000000

If I temporarily delete the line "env->PC = gen_opc_pc[j];"
single stepping seems to work.

Seems that gen_opc_pc is all 0, and j looks strange. But I 
don't know whats wrong here? ;(

Best regards

Dirk


Dirk Behme wrote:

>> I try to debug some low level system init code on MIPS 
>> as well. For this, I use qemu-snapshot-2006-03-21_23 because this 
>> already includes little endian MIPS (--target-list=mipsel-softmmu). I 
>> can load my program to MIPS default start address 0x80010000, use 
>> mipsel-linux-gdb to attach to it and load symbols. Start address is 
>> set correctly. But seems that I have trouble single stepping (si). I 
>> would assume that with first si system should jump to 0x80010400 
>> (please find some debug output below). Instead, PC is set to 0x0.

>> *1* Debug output for single step at startup. PC is set to 0x0 instead 
>> to next command at 0x80010400
>>
>> _start ()
>>     at uboot/u-boot-1.1.4/cpu/mips/start.S:43
>> 43              RVECENT(reset,0)        /* U-boot entry point */
>> (gdb) p/x $pc
>> $1 = 0x80010000
>> (gdb) x/2i $pc
>> 0x80010000 <_start>:    b       0x80010400 <reset>
>> 0x80010004 <_start+4>:  nop
>> (gdb) si
>> 0x00000000 in ?? ()
>> (gdb) p/x $pc
>> $2 = 0x0
>> (gdb)

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2006-03-29 13:40 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-27 17:53 [Qemu-devel] Single stepping MIPS in GDB Dirk Behme
2006-03-29  8:08 ` [Qemu-devel] " Dirk Behme
2006-03-29 13:40   ` Dirk Behme

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).