From: "Magnus Damm" <magnus.damm@gmail.com>
To: Blue Swirl <blauwirbel@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] sh4: more patches
Date: Wed, 4 Jul 2007 13:44:03 +0900 [thread overview]
Message-ID: <aec7e5c30707032144p25138e66t2d75c96a8384c7c9@mail.gmail.com> (raw)
In-Reply-To: <f43fc5580706250828j7a5b1812p55d22a3394404a83@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2048 bytes --]
On 6/26/07, Blue Swirl <blauwirbel@gmail.com> wrote:
> On 6/22/07, Magnus Damm <magnus.damm@gmail.com> wrote:
> > The method used to locate emulation bugs may be of value for other
> > fellow qemu hackers. I've written a small gdb script that single steps
> > in an endless loop dumping registers between each instruction. Then
> > I've used this script on both real target hardware (using gdbserver)
> > and using the gdbstub provided by qemu. Finally the traces have been
> > compared. I have more patches for this if anyone is interested...
>
> I'm interested in the scripts, those could be helpful to get Sparc64
> bugs exterminated.
Ok, to begin with I've attached two patches needed for this to work on
sh4. They are in quite hairy shape and not ready for upstream merge. I
don't plan on submitting them upstream any time in the future - they
are just useful for debugging. Anyway, I suspect you need to implement
something similar for sparc64 as well.
Together with the patches I've attached two gdb scripts.
This is how I generate a trace on the target system:
1. Boot up a recent Linux kernel on your target hardware.
2. Bring up your network interfaces.
3. Disable vma randomization and maybe vdso as well using:
# echo 0 > /proc/sys/vm/vdso_enabled
# echo 0 > /proc/sys/kernel/randomize_va_space
4. Start your test program on the target using gdbserver and "env -i":
# env -i ./gdbserver localhost:1234 test-static-sh4
5. Start cross-gdb on your host and pass the target script:
$ ./gdb -x gdb-script-target > trace-target
6. Wait until gdb exits, ignore error message
Then I do the same thing on the host using qemu-sh4:
1. Make sure vma randomization is disabled on the host:
# echo 0 > /proc/sys/kernel/randomize_va_space
2. Start your test program using qemu-sh4 and "env -i"
$ env -i /path/to/qemu-sh4 -g 1234 test-static-sh4
3. Start cross-gdb on your host and pass the host script:
$ ./gdb -x gdb-script > trace
4. Wait until gdb exits, ignore error message
Then just diff the two traces! Have fun!
/ magnus
[-- Attachment #2: qemu-cvs_20070703-sh4-behave-as-gdbserver.patch --]
[-- Type: application/octet-stream, Size: 1111 bytes --]
sh4: behave as gdbserver
This patch modifies the sh4 user space emulator to behave like gdbserver.
Gdbserver steps over delay slots and does not output banked registers.
Signed-off-by: Magnus Damm <damm@igel.co.jp>
--- 0001/gdbstub.c
+++ work/gdbstub.c 2007-07-03 17:54:05.000000000 +0900
@@ -685,8 +685,10 @@ static int cpu_gdb_read_registers(CPUSta
SAVE(env->fregs[i + ((env->fpscr & FPSCR_FR) ? 16 : 0)]);
SAVE (env->ssr);
SAVE (env->spc);
+#ifndef CONFIG_USER_ONLY /* behave like gdbserver */
for (i = 0; i < 8; i++) SAVE(env->gregs[i]);
for (i = 0; i < 8; i++) SAVE(env->gregs[i + 16]);
+#endif
return ((uint8_t *)ptr - mem_buf);
}
--- 0001/target-sh4/translate.c
+++ work/target-sh4/translate.c 2007-07-03 17:58:04.000000000 +0900
@@ -1215,7 +1215,8 @@ gen_intermediate_code_internal(CPUState
ctx.pc += 2;
if ((ctx.pc & (TARGET_PAGE_SIZE - 1)) == 0)
break;
- if (env->singlestep_enabled)
+ if (env->singlestep_enabled && /* gdbserver steps over delay slots */
+ !(ctx.flags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)))
break;
#ifdef SH4_SINGLE_STEP
break;
[-- Attachment #3: qemu-cvs_20070607-sh4-stack-placement-elf-auxv.patch --]
[-- Type: application/octet-stream, Size: 4697 bytes --]
sh4: position stack as real hardware and update auxv entries
This patch makes the sh4 user space emulator for linux behave like
the linux environment on my target device. The main part of the patch
reorders and updates the auxv entries to match the target kernel. A small
but important change is the hardcoded stack placement. The value used is
identical to the sh4 target placement and it happens to work well on i386
hosts. The host and target kernels probably need tuning for this to work
properly - disable vma randomization in /proc/sys/kernel/randomize_va_space
The sh4 target may need disabled vdso as well in /proc/sys/vm/vdso_enabled
Signed-off-by: Magnus Damm <damm@igel.co.jp>
--- 0001/elf.h
+++ work/elf.h 2007-06-07 12:00:43.000000000 +0900
@@ -204,6 +204,7 @@ typedef int64_t Elf64_Sxword;
#define AT_PLATFORM 15 /* string identifying CPU for optimizations */
#define AT_HWCAP 16 /* arch dependent hints at CPU capabilities */
#define AT_CLKTCK 17 /* frequency at which times() increments */
+#define AT_SECURE 23 /* secure mode boolean */
typedef struct dynamic{
Elf32_Sword d_tag;
--- 0008/linux-user/elfload.c
+++ work/linux-user/elfload.c 2007-06-07 15:25:34.000000000 +0900
@@ -331,6 +331,9 @@ static inline void init_thread(struct ta
#define USE_ELF_CORE_DUMP
#define ELF_EXEC_PAGESIZE 4096
+#define ELF_HWCAP 0x21
+#define ELF_CLKTCK 0x64
+
#endif
#ifdef TARGET_M68K
@@ -391,6 +394,10 @@ static inline void init_thread(struct ta
#define ELF_HWCAP 0
#endif
+#ifndef ELF_CLKTCK
+#define ELF_CLKTCK 0
+#endif
+
#include "elf.h"
struct exec
@@ -446,7 +453,7 @@ struct exec
#define INTERPRETER_AOUT 1
#define INTERPRETER_ELF 2
-#define DLINFO_ITEMS 12
+#define DLINFO_ITEMS 13
static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
{
@@ -577,7 +584,11 @@ unsigned long setup_arg_pages(target_ulo
size = x86_stack_size;
if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE)
size = MAX_ARG_PAGES*TARGET_PAGE_SIZE;
+#ifdef TARGET_SH4 /* sh4: use same base address as real kernel */
+ error = target_mmap(0x7c000000 - size,
+#else
error = target_mmap(0,
+#endif
size + qemu_host_page_size,
PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS,
@@ -700,23 +711,7 @@ static unsigned long create_elf_tables(t
sp -= n; tputl(sp, val); \
sp -= n; tputl(sp, id); \
} while(0)
- NEW_AUX_ENT (AT_NULL, 0);
- /* There must be exactly DLINFO_ITEMS entries here. */
- NEW_AUX_ENT(AT_PHDR, (target_ulong)(load_addr + exec->e_phoff));
- NEW_AUX_ENT(AT_PHENT, (target_ulong)(sizeof (struct elf_phdr)));
- NEW_AUX_ENT(AT_PHNUM, (target_ulong)(exec->e_phnum));
- NEW_AUX_ENT(AT_PAGESZ, (target_ulong)(TARGET_PAGE_SIZE));
- NEW_AUX_ENT(AT_BASE, (target_ulong)(interp_load_addr));
- NEW_AUX_ENT(AT_FLAGS, (target_ulong)0);
- NEW_AUX_ENT(AT_ENTRY, load_bias + exec->e_entry);
- NEW_AUX_ENT(AT_UID, (target_ulong) getuid());
- NEW_AUX_ENT(AT_EUID, (target_ulong) geteuid());
- NEW_AUX_ENT(AT_GID, (target_ulong) getgid());
- NEW_AUX_ENT(AT_EGID, (target_ulong) getegid());
- NEW_AUX_ENT(AT_HWCAP, (target_ulong) ELF_HWCAP);
- if (k_platform)
- NEW_AUX_ENT(AT_PLATFORM, u_platform);
#ifdef ARCH_DLINFO
/*
* ARCH_DLINFO must come last so platform specific code can enforce
@@ -724,6 +719,26 @@ static unsigned long create_elf_tables(t
*/
ARCH_DLINFO;
#endif
+
+ /* There must be exactly DLINFO_ITEMS entries here. */
+
+ if (k_platform)
+ NEW_AUX_ENT(AT_PLATFORM, u_platform);
+ NEW_AUX_ENT(AT_SECURE, (target_ulong) 0);
+ NEW_AUX_ENT(AT_EGID, (target_ulong) 0 /* getegid() */);
+ NEW_AUX_ENT(AT_GID, (target_ulong) 0 /* getgid() */);
+ NEW_AUX_ENT(AT_EUID, (target_ulong) 0 /* geteuid() */);
+ NEW_AUX_ENT(AT_UID, (target_ulong) 0/* getuid() */);
+ NEW_AUX_ENT(AT_ENTRY, load_bias + exec->e_entry);
+ NEW_AUX_ENT(AT_FLAGS, (target_ulong)0);
+ NEW_AUX_ENT(AT_BASE, (target_ulong)(interp_load_addr));
+ NEW_AUX_ENT(AT_PHNUM, (target_ulong)(exec->e_phnum));
+ NEW_AUX_ENT(AT_PHENT, (target_ulong)(sizeof (struct elf_phdr)));
+ NEW_AUX_ENT(AT_PHDR, (target_ulong)(load_addr + exec->e_phoff));
+ NEW_AUX_ENT(AT_CLKTCK, (target_ulong) ELF_CLKTCK);
+ NEW_AUX_ENT(AT_PAGESZ, (target_ulong)(TARGET_PAGE_SIZE));
+ NEW_AUX_ENT(AT_HWCAP, (target_ulong) ELF_HWCAP);
+
#undef NEW_AUX_ENT
sp = loader_build_argptr(envc, argc, sp, p, !ibcs);
[-- Attachment #4: gdb-script --]
[-- Type: application/octet-stream, Size: 181 bytes --]
set architecture sh4
target remote localhost:1234
x/4096bx ($r15 & ~0xfff)
while (1>0)
echo all-registers:\n
info all-registers
echo current instruction:
x/i $pc
stepi
end
quit
[-- Attachment #5: gdb-script-target --]
[-- Type: application/octet-stream, Size: 307 bytes --]
set architecture sh4
target remote 192.168.99.5:1234
#this register setting requires gdb-6.4 with ST patches - vanilla gdb-6.6 does not work
set $mach=0
set $macl=0
set $gbr=0
x/4096bx ($r15 & ~0xfff)
while (1>0)
echo all-registers:\n
info all-registers
echo current instruction:
x/i $pc
stepi
end
quit
next prev parent reply other threads:[~2007-07-04 4:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-22 7:44 [Qemu-devel] sh4: more patches Magnus Damm
2007-06-22 11:48 ` Thiemo Seufer
2007-06-25 6:42 ` Magnus Damm
2007-06-25 12:01 ` Thiemo Seufer
2007-07-04 4:19 ` Magnus Damm
2007-07-25 1:02 ` Paul Mundt
2007-06-25 15:28 ` Blue Swirl
2007-07-04 4:44 ` Magnus Damm [this message]
2007-07-04 18:01 ` Blue Swirl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aec7e5c30707032144p25138e66t2d75c96a8384c7c9@mail.gmail.com \
--to=magnus.damm@gmail.com \
--cc=blauwirbel@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).