Debugging

QEMU

$ qemu-system-aarch64 -M raspi3 -kernel kernel8.img -display none -S -s

-S: freeze CPU at startup
-s: shorthand for -gdb tcp::1234

aarch64-linux-gnu-gdb 開啟 GDB 後載入 symbol 並連到剛剛開啟的 TCP port

file kernel8.elf
target remote :1234

file – It is read for its symbols, for getting the contents of pure memory, and it is the program executed when you use the `run’ command.
target remote – Use a remote computer via a serial line, using a gdb-specific protocol.

Tools

peda-arm

裝完 peda-arm 的效果如下，會順便把 registers 與 memory 的狀態顯示出來，滿實用的:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
$ aarch64-linux-gnu-gdb
GNU gdb (GDB) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "--host=x86_64-pc-linux-gnu --target=aarch64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word".
[*] Checking cross complie toolchains
[!] Warning: Cross compile toolchain not found! You can install it from https://developer.arm.com/open-source/gnu-toolchain/gnu-rm/downloads
[*] Init PEDA main section.
[*] Registering commands.
[*] Loading system calls.




 ####   #####  ####      #           #   ####   ##   ###
 ##  #  ##     ##  #    ##          ##   ##  #  ##   ##
 ## ##  ####   ##  #   # ##        # ##  ####   ### ###
#####  ##     ##  ##  ##### ####  ##### ##  ## #######
##     ##     ## ##  ##  ##      ##  ## ## ##  ## # ##
##     ####   ####   ##  ##      ##  ## ## ##  ## # ##


                               alpha-1.0


peda-arm > file kernel8.elf
Reading symbols from kernel8.elf...
(No debugging symbols found in kernel8.elf)
peda-arm > target remote :1234
Remote debugging using :1234
[----------------------------------------------------------------------------------------------------------------REGISTERS-----------------------------------------------------------------------------------------------------------------]
X0 : 0x100 --> 0x5441000100000005
X1 : 0x0 --> 0xaa1f03e1580000c0
X2 : 0x0 --> 0xaa1f03e1580000c0
X3 : 0x0 --> 0xaa1f03e1580000c0
X4 : 0x80000 --> 0x17ffffffd503205f
X5 : 0x0 --> 0xaa1f03e1580000c0
X6 : 0x0 --> 0xaa1f03e1580000c0
X7 : 0x0 --> 0xaa1f03e1580000c0
X8 : 0x0 --> 0xaa1f03e1580000c0
X9 : 0x0 --> 0xaa1f03e1580000c0
X10: 0x0 --> 0xaa1f03e1580000c0
X11: 0x0 --> 0xaa1f03e1580000c0
X12: 0x0 --> 0xaa1f03e1580000c0
X13: 0x0 --> 0xaa1f03e1580000c0
X14: 0x0 --> 0xaa1f03e1580000c0
X15: 0x0 --> 0xaa1f03e1580000c0
X16: 0x0 --> 0xaa1f03e1580000c0
X17: 0x0 --> 0xaa1f03e1580000c0
X18: 0x0 --> 0xaa1f03e1580000c0
X19: 0x0 --> 0xaa1f03e1580000c0
X20: 0x0 --> 0xaa1f03e1580000c0
X21: 0x0 --> 0xaa1f03e1580000c0
X22: 0x0 --> 0xaa1f03e1580000c0
X23: 0x0 --> 0xaa1f03e1580000c0
X24: 0x0 --> 0xaa1f03e1580000c0
X25: 0x0 --> 0xaa1f03e1580000c0
X26: 0x0 --> 0xaa1f03e1580000c0
X27: 0x0 --> 0xaa1f03e1580000c0
X28: 0x0 --> 0xaa1f03e1580000c0
X29: 0x0 --> 0xaa1f03e1580000c0
X30: 0x0 --> 0xaa1f03e1580000c0
SP : 0x0 --> 0xaa1f03e1580000c0
PC : 0x80000 --> 0x17ffffffd503205f
CPSR: 0x400003c9 (negative ZERO carry overflow software-step illegal-execution DEBUG ASYNCHRONOUS-ABORT NO-IRQ NO-FIQ [EL2H-MODE])
[-------------------------------------------------------------------------------------------------------------------CODE-------------------------------------------------------------------------------------------------------------------]
   0x7fff4:     .inst   0x00000000 ; undefined
   0x7fff8:     .inst   0x00000000 ; undefined
   0x7fffc:     .inst   0x00000000 ; undefined
=> 0x80000 <_start>:    wfe
   0x80004 <_start+4>:  b       0x80000 <_start>
   0x80008:     .inst   0x00000000 ; undefined
   0x8000c:     .inst   0x00000000 ; undefined
   0x80010:     .inst   0x00000000 ; undefined
[------------------------------------------------------------------------------------------------------------------STACK-------------------------------------------------------------------------------------------------------------------]
[----------------------------------------------------------------------------------------------------Legend: code, data, rodata, value-----------------------------------------------------------------------------------------------------]
Stopped reason: SIGTRAP
0x0000000000080000 in _start ()
peda-arm >

實體機

通常都是在覺得有問題的地方前後 print 一些訊息，在之後如果有實作 exception handler 可以大致知道錯誤發生的位置。或是可以花錢買 JTAG 來進行 debugging，通常不是太嚴重的 bug 用 print 的已經足夠。

延伸閱讀

Day 29: 深藏不露的GDB - Remote Serial Protocol的秘密

Bare Metal Raspberry Pi 3B+: JTAG