Post on 12-Nov-2014
description
transcript
QEMU/Syborg Workshop
Martin Trojer martin.trojer@nokia.com
Agenda (1/2) 1. Build Syborg ROMs
Using the PDK 2.0.d / tip kernelhwsvr + syborg Using RVCT2.2 and raptor
2. Debugging with QEMU Stop-mode and Run-mode ELF4ROM GDB command line debugging
Debugging user-side apps Debugging the kernel / device drivers
Debugging with Eclipse
2 Copyright © 2009 Symbian Foundation.
Agenda (2/2) 3. How QEMU peripherals work
Adding new peripherals to syborg Adding / modifying Symbian device drivers
4. Building QEMU itself Setting up a MinGW environment Installing / building necessary components Building QEMU Debugging QEMU
SVP = Symbian Virtual Platform = QEMU + syborg models / baseport
3 Copyright © 2009 Symbian Foundation.
Copyright © 2009 Symbian Foundation. 4
Building ROMS
Building Syborg ROMS -- Getting the platform Basically following the QEMU/syborg Wiki with some more details; http://developer.symbian.org/wiki/index.php/SYBORG/QEMU 1. Get the PDK
We will be using 2.0.d (click ‘previous releases’) http://developer.symbian.org/main/tools_and_kits/downloads/view.php?id=1 You will only need the following packages; binaries_armv5.zip, binaries_epoc.zip, binaries_epoc_additional.zip, binaries_bldmefirst.zip
2. Extract zips into a folder ‘FF’ 3. Subst a drive-letter
$subst X: FF
4. Get remaining sources from Hg tip. $X: $mkdir sf\os $cd \sf\os $hg clone https://developer.symbian.org/sfl/FCL/sf/os/kernelhwsrv $hg clone http://developer.symbian.org/oss/FCL/interim/QEMU
5 Copyright © 2009 Symbian Foundation.
Building Syborg ROMS -- Getting the tools 1. Download the “platform tools” from the PDK page
tools_epoc.zip 2. Unzip in the same folder as the platform 3. Get raptor
From the PDT download page http://developer.symbian.org/main/tools_and_kits/downloads/view.php?id=4
4. Get a cpp.exe to be used by rombuild. There is one in raptor, but it gives a lot of warnings, and doesn’t work with debugging A vanilla cpp.exe from mingw works better
5. Make sure you have RVCT2.2 installed
6 Copyright © 2009 Symbian Foundation.
Building Syborg ROMS -- Applying Patches 1. Apply attached patch in #bug301
http://developer.symbian.org/bugs/show_bug.cgi?id=301
3. Edit the file \epoc32\include\bldvariant.hrh Change the ‘<‘ and ‘>’ in the include statements to “ (depending on that cpp.exe you are using)
4. Edit the file sf\os\kernelhwsrv\kernel\eka\rombuild\user.iby Comment out the “file=“ lines for btrace.exe and dptest.dll
7 Copyright © 2009 Symbian Foundation.
Building Syborg ROMS Compiling the Source
1. $ set EPOCROOT=\ 2. $ set SBS_HOME=<raptor-path> 3. $ set PATH=%PATH%;\epoc32\gcc\bin 4. $ X: 5. $ cd \sf\os\QEMU\baseport\syborg 6. $ <raptor-path>\bin\sbs –c armv5
Building the ROM images 1. $ cd \sf\os\kernelhwsvr\kernel\eka\rombuild 2. $ rom –v syborg –i armv5 –b udeb –noheader 3. $ rom –v syborg –i armv5 –b urel --noheader
8 Copyright © 2009 Symbian Foundation.
Running ROMs in QEMU 1. Download and unzip the binary version of QEMU
http://developer.symbian.org/wiki/images/b/bb/Symbian-qemu-0.9.1-12.zip
2. $ arm-none-symbianelf-qemu-system.exe -kernel X:\sf\os\kernelhwsrv\kernel\eka\rombuild\SYBORGARMV5D.IMG -M X:\sf\os\QEMU\baseport\syborg\syborg.dtb
It’s all worth it, innit?
9 Copyright © 2009 Symbian Foundation.
Copyright © 2009 Symbian Foundation. 10
Debugging with QEMU
Debugging with QEMU -- stop-mode and run-mode
Copyright © 2009 Symbian Foundation. 11
Simulator / QEMU Symbian
Debug Agent TRK / GDB
IDE (Carbide / Eclipse)
Debugger Debug “Stub” GDB
Run-mode
Debug Driver KDebug
Stop-mode
Stop-mode; When you hit a breakpoint the CPU stops Like using a ICE-box like Lauterbach or the Emulator Supports user and kernel side debugging
Run-mode; when you hit a breakpoint only that process stops Supports “dynamically loaded code” Only supports user side code
Debugging with QEMU -- ELF4ROM How a Symbian ROM is built
Problem; The ROM contains NO symbol or debug info! Not debug-able (without debugger hacks)
Copyright © 2009 Symbian Foundation. 12
rombuild
elf4rom
linker
elf2e32 postlinker
SymApp.cpp
SymApp.o compiler
SymApp.sym
SymApp.exe
App1.exe App2.exe
SymApp.exe
Rom.img Rombuild.log
Rom.elf
Debugging with QEMU -- Running ELF4ROM Get the ELF4ROM executable
(embedded in \sf\os\QEMU\docs\wiki\ELF4ROM.doc) -- source to be contributed
1. $ cd \sf\os\kernelhwsvr\kernel\eka\rombuild 2. $ rom –v syborg –i armv5 –b udeb –noheader 3. $ elf4rom.exe –I SYBORGARMV5D.IMG –l ROMBUILD.LOG –o
SYBORGARMV5D.ELF –p 0x0
ELF4ROM might warn about the ROMBUILD.log file. Change the header to bypass. Yeah, I will fix and rebuild…
Copyright © 2009 Symbian Foundation. 13
Debugging with QEMU -- GDB command-line Get the “arm-elf-gcc/gdb” tool chain from yagarto.de
http://yagarto.de/#download
1. $ arm-none-symbianelf-qemu-system.exe -kernel X:\sf\os\kernelhwsrv\kernel\eka\rombuild\SYBORGARMV5D.ELF -M X:\sf\os\QEMU\baseport\syborg\syborg.dtb –S –s
2. $ arm-elf-gdb X:\sf\os\kernelhwsrv\kernel\eka\rombuild\SYBORGARMV5D.ELF
3. (gdb) tar rem localhost:1234 4. (gdb) b snapapp.cpp:47 5. (gdb) b svpsnapdriver.cpp:205 6. (gdb) c 7. (gdb) i s
Who needs anything more than GDB command line?
Copyright © 2009 Symbian Foundation. 14
Debugging with QEMU -- Installing Eclipse 1. Download in install the latest Eclipse/CDT (for C/C++
developers) release (at the time of writing this Galileo) http://www.eclipse.org/downloads/
2. Install the “gdbjtag” plug-in In eclipse UI click "Help" -> "Install New Software" "Work with" type "http://download.eclipse.org/tools/cdt/releases/galileo". "CDT MAin Features" and "CDT Optional Features“ –> "Eclipse C/C++ GDB
Hardware Debugging“ Next and Finish
Copyright © 2009 Symbian Foundation. 15
Debugging with QEMU -- Eclipse project 1. Create eclipse project Create a new directory under your
eclipse workspace directory and copy your elf file to the directory
2. "File" -> "New" -> "C++ project" 3. Expand the "Makefile Project" and select the "Empty Project".
In toolchains box select the MinGW GCC. 4. Type the directory name where your elf file is located to the
"Project name" field 5. Right click the project you just created in Project Explorer
view and select "Properties" 6. “C/C++ Build” -> "Settings“, tick the "GNU Elf Parser". 7. Select the "GNU Elf Parser" option to make the commands
addr2line and c++filt visible. Change the addr2line to arm-elf-addr2line and c++filt to arm-elf-c++filt.
Copyright © 2009 Symbian Foundation. 16
Debugging with QEMU -- Debug Launch configuration 1. “Run" -> "Debug Configurations" 2. New "GDB Hardware Debugging" 3. In the resulting menu choose "Main" tab. Give a good name
to your configuration. Choose the project you created to "Project" box and give your elf file name in "C/C++ Application" box.
4. Choose "Debugger" tab. Type in arm-elf-gcc to GDB Command box.
5. Remote Target; “Generic”, “localhost”, “1234” 6. Choose "Startup" tab. Untick Reset and Halt. 7. Run Commands “c”
Copyright © 2009 Symbian Foundation. 17
Debugging with QEMU -- Debug Session 1. Set one or many breakpoints in Eclipse 2. Start QEMU
$ arm-none-symbianelf-qemu-system.exe -kernel X:\sf\os\kernelhwsrv\kernel\eka\rombuild\SYBORGARMV5D.ELF -M X:\sf\os\QEMU\baseport\syborg\syborg.dtb –S –s
3. Launch the debug session in Eclipse
Copyright © 2009 Symbian Foundation. 18
The sheep says; WOW!
Copyright © 2009 Symbian Foundation. 19
How QEMU Peripherals work
How QEMU Peripherals Work
Copyright © 2009 Symbian Foundation. 20
How QEMU Peripherals Work -- dts / dtb files A Symbian Virtual Platform board configuration is described
using Flattened Device Trees. These are based on the device trees used by OpenFirmware (IEEE 1275-1994) systems.
The DTS file describes “the board” Memory map, what peripherals, configuration of the peripherals etc
DTB are a binary version of DTS parse-able by machines
The DTB file is exposed to the baseport by the “platform” device (so the device drivers can get the configurations etc)
Copyright © 2009 Symbian Foundation. 21
How QEMU Peripherals Work -- peripherals QEMU peripherals can be written in C or Python
We are using the python models (share\qemu\plugins)
1. Add the file “syborg_hello.py” to share\qemu\plugins 2. Edit qemu_arm_plugins.py, add “import syborg_hello.py” 3. Edit “syborg.dts”
Replace the item serial@3 with hello@0 {
compatible = "syborg,hello";
reg = <c0009000>;
};
4. $ arm-none-symbianelf-dtc.exe syborg.dts –O dtb –o syborg.dtb
Copyright © 2009 Symbian Foundation. 22
How QEMU Peripherals Work -- device drivers Since we are replacing an existing peripheral we don’t have to
change the bootstraps memory map in the super page We need to add / change a device driver to access the new
peripheral (for simplicity, let’s hack the snapshot device driver)
In svpsnapdriver.cpp, function DSVPSnapChannel::SaveVM add
*(volatile TUint32*)(KHwBaseUart3) = 15;
Copyright © 2009 Symbian Foundation. 23
How QEMU Peripherals Work -- trying it out 1. Fire up raptor to rebuild the sources 2. Re-build the ROM 3. Start the new ROM in QEMU 4. (eshell) snapapp
Copyright © 2009 Symbian Foundation. 24
Copyright © 2009 Symbian Foundation. 25
Building QEMU
Building QEMU -- About the “Syborg QEMU” We are using a slightly modified version of QEMU, but in
theory the “offical” version should also work; http://www.nongnu.org/qemu/ The QEMU ToT contains the syborg peripherals.
The stuff that hasn’t made into QEMU mainline yet is interesting enough for us to keep a copy around Python support, skinning etc
The SF QEMU Hg repo contains all QEMU sources and the libraries it depends on. Since they are all standard libraries you can either install pre-build versions (handy on *ix) or build them yourself
Copyright © 2009 Symbian Foundation. 26
Building QEMU -- Getting MinGW environment QEMU builds on *ix and MAC OSX systems
… easy It also builds on win32 in MinGW (and probably Cygwin)
… harder
1. Go to http://sourceforge.net/projects/mingw/files/ 2. Download and run the MinGW Installer
Install a minimal configuration 3. Download and add
MSYS Base System (msysCore, coreutils, make) bison, flex, regex-1
4. Edit <mingw>/etc/profile, add export CFLAGS="-I/usr/local/include“ export LDFLAGS="-L/usr/local/lib“
5.
Copyright © 2009 Symbian Foundation. 27
Building QEMU -- build the libraries, Python, QEMU 1. Start msys.bat 2. Build the libraries in this order;
expat, zlib, libpng, libsdl, dtc-trunk 3. $ ./configure -–prefix=
$ make $ make install
4. There are Python sources available, but also a win32 binary version (let’s use that one!)
5. Edit qemu-symbian-svp/configure Line 1036: PYTHON_LIBS="-L$with_python/libs -lpython26"
6. $ ./configure -–target-list=arm-softmmu –-with-python==/x/sf/os/QEMU/symbian-qemu-0.9.1-12/python-win32-2.6.1 $ make
Copyright © 2009 Symbian Foundation. 28
Building QEMU -- running home-built QEMU The QEMU executable is called arm-softmmu\qemu-system-
arm.exe When running it make sure that you have;
From a mingw prompt (so you have all dlls available) Python26.dll in your path The plugins/ folder at the some dir at the exe
The python peripherals
Copyright © 2009 Symbian Foundation. 29
Debugging QEMU Now that you (perhaps) has a debug build of QEMU you can
debug QEMU (while debugging code in the simulator – very meta I know)
This can be very useful when writing peripherals and device drivers (I used it a lot when creating syborg)
Download and install MinGW GDB “Source-level debugger”
Start arm-softmmu-qemu.exe from gdb and debug as normal (probably your peripherals)
Eclipse/CDT can be used as well (and works great)
Copyright © 2009 Symbian Foundation. 30
Copyright © 2009 Symbian Foundation. 31
Other Stuff
Stuff we didn’t talk about (1/2) More FDT details The Host File System The Platform Device QEMU skinning (put phone skin around it) Virtio peripherals
(used by the Ethernet device) The NAND flash device
Using python peripherals to wrap binary peripherals More details on how to write C peripherals
Copyright © 2009 Symbian Foundation. 32
Stuff we didn’t talk about (2/2) S60 GUI builds in QEMU NGA in QEMU
Copyright © 2009 Symbian Foundation. 33