[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-discuss] Custom board with DTS/DTB

From: James Hanley
Subject: [Qemu-discuss] Custom board with DTS/DTB
Date: Thu, 17 Nov 2016 17:14:24 -0500

I saw the presentation on “Custom Hardware Modeling for FPGAs and Embedded Linux Platforms with QEMU” via http://free-electrons.com/pub/video/2010/elc/elc2010-williams-iglesias-fpga-qemu.ogv and was trying to apply the concepts described against our custom board design, and defining the board using dts.  I haven't been able to really get far and was looking for some guidance if this is the right direction.
The mcu is a cortex-m4 (Atmel)
The target firmware is running an RTOS (not Linux)

QEMU emulator version 2.7.50 (v2.7.0-1890-g83c83f9-dirty)
Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers

It's my understanding that the dtb option passes a file that includes details of the machine that qemu can use to map out peripherals for it without having to compile the machine into qemu - is this a misunderstanding?

When attempting to boot the image with QEMU:
qemu-system-arm                                 \
                -M none                         \
                -m 2                          \
                -cpu cortex-m4                  \
                -dtb ourBoardDesignAsDeviceTree.dtb     \
                -kernel ourFirmwareBoorLoader.bin \
                -no-reboot                      \
                -nographic                      \
                -S                              \
                -singlestep                     \
                -gdb    tcp::4445               \
                -serial tcp::4444,server        \
                -d out_asm,in_asm,op,op_opt,op_ind,int,exec,cpu,mmu,pcall,cpu_reset,unimp,guest_errors,page,nochain,trace:cpu_set_state,trace:cpu_halt,trace:cpu_unhalt,trace:arm_gt_recalc,trace:arm_gt_recalc_disabled,trace:arm_gt_cval_write,trace:arm_gt_tval_write,trace:arm_gt_ctl_write,trace:arm_gt_imask_toggle,trace:arm_gt_cntvoff_write \
                -D qemu-debug.log                 \
                -monitor none

Within the debug file, all I get is:
PROLOGUE: [size=40]
0x7fc686b7b000:  push   %rbp
0x7fc686b7b001:  push   %rbx
0x7fc686b7b002:  push   %r12
0x7fc686b7b004:  push   %r13
0x7fc686b7b006:  push   %r14
0x7fc686b7b008:  push   %r15
0x7fc686b7b00a:  mov    %rdi,%r14
0x7fc686b7b00d:  add    $0xfffffffffffffb78,%rsp
0x7fc686b7b014:  jmpq   *%rsi
0x7fc686b7b016:  add    $0x488,%rsp
0x7fc686b7b01d:  pop    %r15
0x7fc686b7b01f:  pop    %r14
0x7fc686b7b021:  pop    %r13
0x7fc686b7b023:  pop    %r12
0x7fc686b7b025:  pop    %rbx
0x7fc686b7b026:  pop    %rbp
0x7fc686b7b027:  retq  

When I attempt to connect to qemu from gdb the qemu instance segfaults.

Is there additional debug that would help me in getting our firmware to run under qemu? Is this not feasible without code changes to QEMU? How do I map serial flash to a file?

My goal is to intercept interaction from the MCU to our transceiver and simulate communication from and to multiple instances of our firmware.

Thanks in advance for any assistance.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]