[Qemu-devel] Add native debugger

[Qemu-devel] Add native debugger

[Rick Hodgin]

For i386, I'm considering writing a native debugger for QEMU that is not GDB. It would allow a separate/new windowed interface which would show disassembly, registers, stack, local variables, memory windows, etc., allowing the user to single-step through code and trap opcodes like INT 1, INT 3, INT 4, etc.  It would be invoked with something like "qemu -debugger" from the command line, and would have a UI similar to Microsoft's Debugger in Visual Studio when no PDB is available, but would show a similar type of disassembly form.

I was looking at the QEMU code and I can't find an obvious place where it seems to iterate through each CPU instruction, which is where I had in mind to add a hook.

Can someone get me pointed in the right direction?  Where will I look for something like this:

for (;;)
{
  execute_next_instruction();
}

Thanks and best regards,
Rick C. Hodgin

Re: [Qemu-devel] Add native debugger

[Blue Swirl]

On Sun, Nov 27, 2011 at 04:10, Rick Hodgin <foxmuldrster@yahoo.com> wrote:
> For i386, I'm considering writing a native debugger for QEMU that is not GDB. It would allow a separate/new windowed interface which would show disassembly, registers, stack, local variables, memory windows, etc., allowing the user to single-step through code and trap opcodes like INT 1, INT 3, INT 4, etc.  It would be invoked with something like "qemu -debugger" from the command line, and would have a UI similar to Microsoft's Debugger in Visual Studio when no PDB is available, but would show a similar type of disassembly form.

QEMU and the debugger should be kept separate. You should use the GDB
interface to implement the debugger, that way you can also test it
against known good configuration. For example, try to find out how GDB
performs single stepping (set remote debug 1).

> I was looking at the QEMU code and I can't find an obvious place where it seems to iterate through each CPU instruction, which is where I had in mind to add a hook.
>
> Can someone get me pointed in the right direction?  Where will I look for something like this:
>
> for (;;)
> {
>  execute_next_instruction();
> }

QEMU does not work like that at all, it uses TCG, KVM or Xen to
execute the code and none of those use that kind of single instruction
loop either.

Re: [Qemu-devel] Add native debugger

[Rick Hodgin]

Blue,



--- On Sun, 11/27/11, Blue Swirl <blauwirbel@gmail.com> wrote:
> On Sun, Nov 27, 2011 at 04:10, Rick
> Hodgin <foxmuldrster@yahoo.com>
> wrote:
> > For i386, I'm considering writing a native debugger
> for QEMU that is not GDB. It would allow a separate/new
> windowed interface which would show disassembly, registers,
> stack, local variables, memory windows, etc., allowing the
> user to single-step through code and trap opcodes like INT
> 1, INT 3, INT 4, etc.  It would be invoked with something
> like "qemu -debugger" from the command line, and would have
> a UI similar to Microsoft's Debugger in Visual Studio when
> no PDB is available, but would show a similar type of
> disassembly form.
> 
> QEMU and the debugger should be kept separate. You should
> use the GDB interface to implement the debugger, that way
> you can also test it against known good configuration. For
> example, try to find out how GDB performs single stepping
> (set remote debug 1).

I appreciate this advice. I'm looking for a native implementation within QEMU that is always available, always on, always active (when enabled). In this way, whenever INT 3 opcodes are found, the debugger can intercept and leap into existence, and without all of the gdb protocol overhead and parsing.

> > I was looking at the QEMU code and I can't find an
> > obvious place where it seems to iterate through each CPU
> > instruction, which is where I had in mind to add a hook.
> >
> > Can someone get me pointed in the right direction?
> > Where will I look for something like this:
> >
> > for (;;)
> > {
> >  execute_next_instruction();
> > }
> 
> QEMU does not work like that at all, it uses TCG, KVM or
> Xen to execute the code and none of those use that kind
> of single instruction loop either.

There must be some place where it fetches opcodes for what's coming up next to execute.  For my implementation I'm using a single i386 core, and that's all I'm concerned about for now.  I'd like to intercept that part of the loop where cs:e/ip is used to retrieve the next opcode, so that I can check every instruction to see if the native debugger window has received GUI stuff asking for a pause, if there are breakpoints, etc.

I'd like help on how to do this, and not advice on using gdb instead.  There are some particular reasons I want to use my own native debugger in this way.  I just need pointed in the right direction to get started.  That's for assistance toward this end. :-)

Thanks and best regards,
Rick C. Hodgin

Re: [Qemu-devel] Add native debugger

[Andreas Färber]

Am 27.11.2011 15:12, schrieb Rick Hodgin:
> --- On Sun, 11/27/11, Blue Swirl <blauwirbel@gmail.com> wrote:
>> On Sun, Nov 27, 2011 at 04:10, Rick
>> Hodgin <foxmuldrster@yahoo.com>
>> wrote:
>>> For i386, I'm considering writing a native debugger
>> for QEMU that is not GDB. It would allow a separate/new
>> windowed interface which would show disassembly, registers,
>> stack, local variables, memory windows, etc., allowing the
>> user to single-step through code and trap opcodes like INT
>> 1, INT 3, INT 4, etc.  It would be invoked with something
>> like "qemu -debugger" from the command line, and would have
>> a UI similar to Microsoft's Debugger in Visual Studio when
>> no PDB is available, but would show a similar type of
>> disassembly form.
>>
>> QEMU and the debugger should be kept separate. You should
>> use the GDB interface to implement the debugger, that way
>> you can also test it against known good configuration. For
>> example, try to find out how GDB performs single stepping
>> (set remote debug 1).
> 
> I appreciate this advice. I'm looking for a native implementation within QEMU that is always available, always on, always active (when enabled). In this way, whenever INT 3 opcodes are found, the debugger can intercept and leap into existence, and without all of the gdb protocol overhead and parsing.

Still I don't think a new *debugger* is what you want for what you
describe. Take a look at target-i386/translate.c, that's where QEMU
decodes the opcodes. Note that this is code generation time, not
runtime, so that you either need to emit a call to a helper of yours
whenever that int 3 opcode is found and do your processing from that
helper or to realize your processing with just TCG instructions.

For displaying assembly instructions you could also surely reuse
existing tools from within your implementation, possibly i386-dis.c.

HTH,
Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] Add native debugger

[Rick Hodgin]

Andreas,

Thank you.  I guess I'll go back to Bochs.  Things are simpler there. :-)

I do appreciate your help.

Thanks and best regards,
Rick C. Hodgin

--- On Sun, 11/27/11, Andreas Färber <afaerber@suse.de> wrote:

> From: Andreas Färber <afaerber@suse.de>
> Subject: Re: [Qemu-devel] Add native debugger
> To: "Rick Hodgin" <foxmuldrster@yahoo.com>
> Cc: "Blue Swirl" <blauwirbel@gmail.com>, qemu-devel@nongnu.org
> Date: Sunday, November 27, 2011, 9:28 AM
> Am 27.11.2011 15:12, schrieb Rick
> Hodgin:
> > --- On Sun, 11/27/11, Blue Swirl <blauwirbel@gmail.com>
> wrote:
> >> On Sun, Nov 27, 2011 at 04:10, Rick
> >> Hodgin <foxmuldrster@yahoo.com>
> >> wrote:
> >>> For i386, I'm considering writing a native
> debugger
> >> for QEMU that is not GDB. It would allow a
> separate/new
> >> windowed interface which would show disassembly,
> registers,
> >> stack, local variables, memory windows, etc.,
> allowing the
> >> user to single-step through code and trap opcodes
> like INT
> >> 1, INT 3, INT 4, etc.  It would be invoked
> with something
> >> like "qemu -debugger" from the command line, and
> would have
> >> a UI similar to Microsoft's Debugger in Visual
> Studio when
> >> no PDB is available, but would show a similar type
> of
> >> disassembly form.
> >>
> >> QEMU and the debugger should be kept separate. You
> should
> >> use the GDB interface to implement the debugger,
> that way
> >> you can also test it against known good
> configuration. For
> >> example, try to find out how GDB performs single
> stepping
> >> (set remote debug 1).
> > 
> > I appreciate this advice. I'm looking for a native
> implementation within QEMU that is always available, always
> on, always active (when enabled). In this way, whenever INT
> 3 opcodes are found, the debugger can intercept and leap
> into existence, and without all of the gdb protocol overhead
> and parsing.
> 
> Still I don't think a new *debugger* is what you want for
> what you
> describe. Take a look at target-i386/translate.c, that's
> where QEMU
> decodes the opcodes. Note that this is code generation
> time, not
> runtime, so that you either need to emit a call to a helper
> of yours
> whenever that int 3 opcode is found and do your processing
> from that
> helper or to realize your processing with just TCG
> instructions.
> 
> For displaying assembly instructions you could also surely
> reuse
> existing tools from within your implementation, possibly
> i386-dis.c.
> 
> HTH,
> Andreas
> 
> -- 
> SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg,
> Germany
> GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB
> 16746 AG Nürnberg
> 
>

Re: [Qemu-devel] Add native debugger

[felix.matenaar@rwth-aachen]

Hi,

gen_intermediate_code_internal in ./target-i386/translate.c is a good
starting point. This is where Basic Blocks are translated into native
code by TCG. I recently did some patches for program analysis in the
i386 part so dont hesitate to contact me.

regards,
    felix