QEMU Syborg Workshop September 2009

QEMU/Syborg Workshop

Martin Trojer [email protected]

Agenda (1/2) 1.  Build Syborg ROMs

  Using the PDK 2.0.d / tip kernelhwsvr + syborg   Using RVCT2.2 and raptor

2.  Debugging with QEMU   Stop-mode and Run-mode   ELF4ROM   GDB command line debugging

  Debugging user-side apps   Debugging the kernel / device drivers

  Debugging with Eclipse

2 Copyright © 2009 Symbian Foundation.

Agenda (2/2) 3.  How QEMU peripherals work

  Adding new peripherals to syborg   Adding / modifying Symbian device drivers

4.  Building QEMU itself   Setting up a MinGW environment   Installing / building necessary components   Building QEMU   Debugging QEMU

SVP = Symbian Virtual Platform = QEMU + syborg models / baseport


Copyright © 2009 Symbian Foundation. 4

Building ROMS

Building Syborg ROMS -- Getting the platform Basically following the QEMU/syborg Wiki with some more details; http://developer.symbian.org/wiki/index.php/SYBORG/QEMU 1.  Get the PDK

We will be using 2.0.d (click ‘previous releases’) http://developer.symbian.org/main/tools_and_kits/downloads/view.php?id=1 You will only need the following packages; binaries_armv5.zip, binaries_epoc.zip, binaries_epoc_additional.zip, binaries_bldmefirst.zip

2.  Extract zips into a folder ‘FF’ 3.  Subst a drive-letter

$subst X: FF

4.  Get remaining sources from Hg tip. $X: $mkdir sf\os $cd \sf\os $hg clone https://developer.symbian.org/sfl/FCL/sf/os/kernelhwsrv $hg clone http://developer.symbian.org/oss/FCL/interim/QEMU


Building Syborg ROMS -- Getting the tools 1.  Download the “platform tools” from the PDK page

tools_epoc.zip 2.  Unzip in the same folder as the platform 3.  Get raptor

From the PDT download page http://developer.symbian.org/main/tools_and_kits/downloads/view.php?id=4

4.  Get a cpp.exe to be used by rombuild. There is one in raptor, but it gives a lot of warnings, and doesn’t work with debugging A vanilla cpp.exe from mingw works better

5.  Make sure you have RVCT2.2 installed


Building Syborg ROMS -- Applying Patches 1.  Apply attached patch in #bug301

http://developer.symbian.org/bugs/show_bug.cgi?id=301

3.  Edit the file \epoc32\include\bldvariant.hrh Change the ‘<‘ and ‘>’ in the include statements to “ (depending on that cpp.exe you are using)

4.  Edit the file sf\os\kernelhwsrv\kernel\eka\rombuild\user.iby Comment out the “file=“ lines for btrace.exe and dptest.dll


Building Syborg ROMS Compiling the Source

1.   $ set EPOCROOT=\ 2.   $ set SBS_HOME=<raptor-path> 3.   $ set PATH=%PATH%;\epoc32\gcc\bin 4.   $ X: 5.   $ cd \sf\os\QEMU\baseport\syborg 6.   $ <raptor-path>\bin\sbs –c armv5

Building the ROM images 1.   $ cd \sf\os\kernelhwsvr\kernel\eka\rombuild 2.   $ rom –v syborg –i armv5 –b udeb –noheader 3.   $ rom –v syborg –i armv5 –b urel --noheader


Running ROMs in QEMU 1.  Download and unzip the binary version of QEMU

http://developer.symbian.org/wiki/images/b/bb/Symbian-qemu-0.9.1-12.zip

2.   $ arm-none-symbianelf-qemu-system.exe -kernel X:\sf\os\kernelhwsrv\kernel\eka\rombuild\SYBORGARMV5D.IMG -M X:\sf\os\QEMU\baseport\syborg\syborg.dtb

It’s all worth it, innit?



Debugging with QEMU

Debugging with QEMU -- stop-mode and run-mode


Simulator / QEMU Symbian

Debug Agent TRK / GDB

IDE (Carbide / Eclipse)

Debugger Debug “Stub” GDB

Run-mode

Debug Driver KDebug

Stop-mode

  Stop-mode; When you hit a breakpoint the CPU stops Like using a ICE-box like Lauterbach or the Emulator Supports user and kernel side debugging

 Run-mode; when you hit a breakpoint only that process stops Supports “dynamically loaded code” Only supports user side code

Debugging with QEMU -- ELF4ROM   How a Symbian ROM is built

  Problem; The ROM contains NO symbol or debug info! Not debug-able (without debugger hacks)


rombuild

elf4rom

linker

elf2e32 postlinker

SymApp.cpp

SymApp.o compiler

SymApp.sym

SymApp.exe

App1.exe App2.exe

SymApp.exe

Rom.img Rombuild.log

Rom.elf

Debugging with QEMU -- Running ELF4ROM   Get the ELF4ROM executable

(embedded in \sf\os\QEMU\docs\wiki\ELF4ROM.doc) -- source to be contributed

1.   $ cd \sf\os\kernelhwsvr\kernel\eka\rombuild 2.   $ rom –v syborg –i armv5 –b udeb –noheader 3.   $ elf4rom.exe –I SYBORGARMV5D.IMG –l ROMBUILD.LOG –o

SYBORGARMV5D.ELF –p 0x0

ELF4ROM might warn about the ROMBUILD.log file. Change the header to bypass. Yeah, I will fix and rebuild…


Debugging with QEMU -- GDB command-line   Get the “arm-elf-gcc/gdb” tool chain from yagarto.de

http://yagarto.de/#download

1.   $ arm-none-symbianelf-qemu-system.exe -kernel X:\sf\os\kernelhwsrv\kernel\eka\rombuild\SYBORGARMV5D.ELF -M X:\sf\os\QEMU\baseport\syborg\syborg.dtb –S –s

2.   $ arm-elf-gdb X:\sf\os\kernelhwsrv\kernel\eka\rombuild\SYBORGARMV5D.ELF

3.   (gdb) tar rem localhost:1234 4.   (gdb) b snapapp.cpp:47 5.   (gdb) b svpsnapdriver.cpp:205 6.   (gdb) c 7.   (gdb) i s

Who needs anything more than GDB command line?


Debugging with QEMU -- Installing Eclipse 1.  Download in install the latest Eclipse/CDT (for C/C++

developers) release (at the time of writing this Galileo) http://www.eclipse.org/downloads/

2.  Install the “gdbjtag” plug-in   In eclipse UI click "Help" -> "Install New Software"   "Work with" type "http://download.eclipse.org/tools/cdt/releases/galileo".   "CDT MAin Features" and "CDT Optional Features“ –> "Eclipse C/C++ GDB

Hardware Debugging“   Next and Finish


Debugging with QEMU -- Eclipse project 1.  Create eclipse project Create a new directory under your

eclipse workspace directory and copy your elf file to the directory

2.  "File" -> "New" -> "C++ project" 3.  Expand the "Makefile Project" and select the "Empty Project".

In toolchains box select the MinGW GCC. 4.  Type the directory name where your elf file is located to the

"Project name" field 5.  Right click the project you just created in Project Explorer

view and select "Properties" 6.  “C/C++ Build” -> "Settings“, tick the "GNU Elf Parser". 7.  Select the "GNU Elf Parser" option to make the commands

addr2line and c++filt visible. Change the addr2line to arm-elf-addr2line and c++filt to arm-elf-c++filt.


Debugging with QEMU -- Debug Launch configuration 1.  “Run" -> "Debug Configurations" 2.  New "GDB Hardware Debugging" 3.  In the resulting menu choose "Main" tab. Give a good name

to your configuration. Choose the project you created to "Project" box and give your elf file name in "C/C++ Application" box.

4.  Choose "Debugger" tab. Type in arm-elf-gcc to GDB Command box.

5.  Remote Target; “Generic”, “localhost”, “1234” 6.  Choose "Startup" tab. Untick Reset and Halt. 7.  Run Commands “c”


Debugging with QEMU -- Debug Session 1.  Set one or many breakpoints in Eclipse 2.  Start QEMU

$ arm-none-symbianelf-qemu-system.exe -kernel X:\sf\os\kernelhwsrv\kernel\eka\rombuild\SYBORGARMV5D.ELF -M X:\sf\os\QEMU\baseport\syborg\syborg.dtb –S –s

3.  Launch the debug session in Eclipse


The sheep says; WOW!


How QEMU Peripherals work

How QEMU Peripherals Work


How QEMU Peripherals Work -- dts / dtb files   A Symbian Virtual Platform board configuration is described

using Flattened Device Trees. These are based on the device trees used by OpenFirmware (IEEE 1275-1994) systems.

  The DTS file describes “the board” Memory map, what peripherals, configuration of the peripherals etc

  DTB are a binary version of DTS parse-able by machines

  The DTB file is exposed to the baseport by the “platform” device (so the device drivers can get the configurations etc)


How QEMU Peripherals Work -- peripherals   QEMU peripherals can be written in C or Python

We are using the python models (share\qemu\plugins)

1.  Add the file “syborg_hello.py” to share\qemu\plugins 2.  Edit qemu_arm_plugins.py, add “import syborg_hello.py” 3.  Edit “syborg.dts”

Replace the item serial@3 with hello@0 {

compatible = "syborg,hello";

reg = <c0009000>;

};

4.   $ arm-none-symbianelf-dtc.exe syborg.dts –O dtb –o syborg.dtb


How QEMU Peripherals Work -- device drivers   Since we are replacing an existing peripheral we don’t have to

change the bootstraps memory map in the super page   We need to add / change a device driver to access the new

peripheral (for simplicity, let’s hack the snapshot device driver)

  In svpsnapdriver.cpp, function DSVPSnapChannel::SaveVM add

*(volatile TUint32*)(KHwBaseUart3) = 15;


How QEMU Peripherals Work -- trying it out 1.  Fire up raptor to rebuild the sources 2.  Re-build the ROM 3.  Start the new ROM in QEMU 4.  (eshell) snapapp



Building QEMU

Building QEMU -- About the “Syborg QEMU”   We are using a slightly modified version of QEMU, but in

theory the “offical” version should also work; http://www.nongnu.org/qemu/ The QEMU ToT contains the syborg peripherals.

  The stuff that hasn’t made into QEMU mainline yet is interesting enough for us to keep a copy around Python support, skinning etc

  The SF QEMU Hg repo contains all QEMU sources and the libraries it depends on. Since they are all standard libraries you can either install pre-build versions (handy on *ix) or build them yourself


Building QEMU -- Getting MinGW environment   QEMU builds on *ix and MAC OSX systems

… easy   It also builds on win32 in MinGW (and probably Cygwin)

… harder

1.  Go to http://sourceforge.net/projects/mingw/files/ 2.  Download and run the MinGW Installer

Install a minimal configuration 3.  Download and add

  MSYS Base System (msysCore, coreutils, make)   bison, flex, regex-1

4.  Edit <mingw>/etc/profile, add export CFLAGS="-I/usr/local/include“ export LDFLAGS="-L/usr/local/lib“

5. 


Building QEMU -- build the libraries, Python, QEMU 1.  Start msys.bat 2.  Build the libraries in this order;

expat, zlib, libpng, libsdl, dtc-trunk 3.   $ ./configure -–prefix=

$ make $ make install

4.  There are Python sources available, but also a win32 binary version (let’s use that one!)

5.  Edit qemu-symbian-svp/configure Line 1036: PYTHON_LIBS="-L$with_python/libs -lpython26"

6.   $ ./configure -–target-list=arm-softmmu –-with-python==/x/sf/os/QEMU/symbian-qemu-0.9.1-12/python-win32-2.6.1 $ make


Building QEMU -- running home-built QEMU   The QEMU executable is called arm-softmmu\qemu-system-

arm.exe   When running it make sure that you have;

  From a mingw prompt (so you have all dlls available)   Python26.dll in your path   The plugins/ folder at the some dir at the exe

The python peripherals


Debugging QEMU   Now that you (perhaps) has a debug build of QEMU you can

debug QEMU (while debugging code in the simulator – very meta I know)

  This can be very useful when writing peripherals and device drivers (I used it a lot when creating syborg)

  Download and install MinGW GDB “Source-level debugger”

  Start arm-softmmu-qemu.exe from gdb and debug as normal (probably your peripherals)

  Eclipse/CDT can be used as well (and works great)



Other Stuff

Stuff we didn’t talk about (1/2)   More FDT details   The Host File System   The Platform Device   QEMU skinning (put phone skin around it)   Virtio peripherals

(used by the Ethernet device)   The NAND flash device

  Using python peripherals to wrap binary peripherals   More details on how to write C peripherals


Stuff we didn’t talk about (2/2)   S60 GUI builds in QEMU   NGA in QEMU


QEMU Syborg Workshop September 2009

Documents

Transcript of QEMU Syborg Workshop September 2009