[Qemu-devel] Problems with MIPS full system emulation and breakpoints

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Problems with MIPS full system emulation and breakpoints

From:	Jason Wessel
Subject:	[Qemu-devel] Problems with MIPS full system emulation and breakpoints
Date:	Fri, 20 Apr 2007 13:03:07 -0500
User-agent:	Thunderbird 1.5.0.10 (X11/20070302)

It seems there is an issue with the translation block flushing whenwriting to the code regions in the MIPS full system emulation. Using a2.6 kernel which is basically running in single user mode, I use anextremely simple program:


main () {
   int i;
   for (i = 0; i < 10; i++) {
       printf("doing %i\n",i);
   }
}

/ # gdb simple_program
(gdb) break main
Breakpoint 1 at 0x400670: file simple_program.c, line 3.
(gdb) run
Starting program: /simple_program

Breakpoint 1, main () at simple_program.c:3
3               for (i = 0; i < 10; i++) {
(gdb) n
4               printf("doing %i\n",i);
(gdb) n
doing 0
3               for (i = 0; i < 10; i++) {
(gdb) n
doing 1

Program received signal SIGTRAP, Trace/breakpoint trap.
main () at simple_program.c:3
3               for (i = 0; i < 10; i++) {

At this point the program is trashed on the second time through the loopbecause the translated block with the breakpoint op code was executedinstead of being flushed and translated with the correct originalinstruction. All the single stepping and jumping over the functioncalls is done by writing a breakpoint op code in and later restoring theoriginal instruction. In the kernel access_process_vm() was used viaptrace to correctly read and write the breakpoints, and I have verifiedthese writes are occurring.

To illustrate the problem further, I attached a patch that makes thisproblem go away. Of course this is not the right fix, because it onlydeals with the breakpoint opcode and does not isolate the translatedblock that had the instruction that changed. In theory you should beable to modify any part of the instruction code from another processwith ptrace.Are there any suggestions as to how to fix this the right way? The realhardware of course does not exhibit this issue.


Thanks,
Jason.

Index: qemu/target-mips/helper.c
===================================================================
--- qemu.orig/target-mips/helper.c
+++ qemu/target-mips/helper.c
@@ -360,6 +360,7 @@ void do_interrupt (CPUState *env)
         goto set_EPC;
     case EXCP_BREAK:
         cause = 9;
+        tb_flush(env);
         goto set_EPC;
     case EXCP_RI:
         cause = 10;

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Problems with MIPS full system emulation and breakpoints, Jason Wessel <=
- Re: [Qemu-devel] Problems with MIPS full system emulation and breakpoints, Daniel Jacobowitz, 2007/04/20

Prev by Date: qemu + gcc4 (Was: [Qemu-devel] [RFC/experimental patch] qemu (x86_64 on x86_64 -no-kqemu) compiles with gcc4 and works)
Next by Date: Re: [Qemu-devel] Problems with MIPS full system emulation and breakpoints
Previous by thread: qemu + gcc4 (Was: [Qemu-devel] [RFC/experimental patch] qemu (x86_64 on x86_64 -no-kqemu) compiles with gcc4 and works)
Next by thread: Re: [Qemu-devel] Problems with MIPS full system emulation and breakpoints
Index(es):
- Date
- Thread