[Qemu-devel] debugging qemu arm

[Qemu-devel] debugging qemu arm

[Attila Csosz]

[-- Attachment #1: Type: text/plain, Size: 159 bytes --]

Hi,

I'm trying to debug qemu when it executes a simple arm executable. Where is
in the qemu code when executing a single arm asm instruction?

Thanks
 Attila

[-- Attachment #2: Type: text/html, Size: 304 bytes --]

Re: [Qemu-devel] debugging qemu arm

[Peter Maydell]

On 31 January 2015 at 12:25, Attila Csosz <csosz77@gmail.com> wrote:
> I'm trying to debug qemu when it executes a simple arm executable. Where is
> in the qemu code when executing a single arm asm instruction?

QEMU works in two phases:
 (1) we translate ARM code into x86 instructions
 (2) we run the instructions created in phase 1

So when we're executing an ARM instruction we're in phase 2;
this code was generated at runtime and isn't part of QEMU's
source code at all.

-- PMM

Re: [Qemu-devel] debugging qemu arm

[Attila Csosz]

[-- Attachment #1: Type: text/plain, Size: 692 bytes --]

Where is the arm-to-x86 call in QEMU code? Which tool/library call
generates this code?

Attila


On Sat, Jan 31, 2015 at 5:43 PM, Peter Maydell <peter.maydell@linaro.org>
wrote:

> On 31 January 2015 at 12:25, Attila Csosz <csosz77@gmail.com> wrote:
> > I'm trying to debug qemu when it executes a simple arm executable. Where
> is
> > in the qemu code when executing a single arm asm instruction?
>
> QEMU works in two phases:
>  (1) we translate ARM code into x86 instructions
>  (2) we run the instructions created in phase 1
>
> So when we're executing an ARM instruction we're in phase 2;
> this code was generated at runtime and isn't part of QEMU's
> source code at all.
>
> -- PMM
>

[-- Attachment #2: Type: text/html, Size: 1191 bytes --]

Re: [Qemu-devel] debugging qemu arm

[Peter Maydell]

On 31 January 2015 at 16:50, Attila Csosz <csosz77@gmail.com> wrote:
> Where is the arm-to-x86 call in QEMU code? Which tool/library call generates
> this code?

We generate the code in target-arm/translate.c (actually we generate
a TCG intermediate representation which is subsequently turned into
x86 instructions by the TCG backend in tcg/i386/). The main runtime
loop is in exec.c: when we call tcg_qemu_tb_exec() this is actually
a jump to generated code:
# define tcg_qemu_tb_exec(env, tb_ptr) \
    ((uintptr_t (*)(void *, void *))tcg_ctx.code_gen_prologue)(env, tb_ptr)

-- PMM

Re: [Qemu-devel] debugging qemu arm

[Attila Csosz]

[-- Attachment #1: Type: text/plain, Size: 743 bytes --]

Where is the arm-to-tcg translation?

Attila


On Sat, Jan 31, 2015 at 5:59 PM, Peter Maydell <peter.maydell@linaro.org>
wrote:

> On 31 January 2015 at 16:50, Attila Csosz <csosz77@gmail.com> wrote:
> > Where is the arm-to-x86 call in QEMU code? Which tool/library call
> generates
> > this code?
>
> We generate the code in target-arm/translate.c (actually we generate
> a TCG intermediate representation which is subsequently turned into
> x86 instructions by the TCG backend in tcg/i386/). The main runtime
> loop is in exec.c: when we call tcg_qemu_tb_exec() this is actually
> a jump to generated code:
> # define tcg_qemu_tb_exec(env, tb_ptr) \
>     ((uintptr_t (*)(void *, void *))tcg_ctx.code_gen_prologue)(env, tb_ptr)
>
> -- PMM
>

[-- Attachment #2: Type: text/html, Size: 1221 bytes --]