You are on page 1of 33

QEMU/Syborg Workshop

Martin Trojer
Agenda (1/2)
1.  Build Syborg ROMs
  Using the PDK 2.0.d / tip kernelhwsvr + syborg
  Using RVCT2.2 and raptor

2.  Debugging with QEMU

  Stop-mode and Run-mode
  GDB command line debugging
  Debugging user-side apps
  Debugging the kernel / device drivers
  Debugging with Eclipse

Copyright © 2009 Symbian Foundation. 2

Agenda (2/2)
3.  How QEMU peripherals work
  Adding new peripherals to syborg
  Adding / modifying Symbian device drivers

4.  Building QEMU itself

  Setting up a MinGW environment
  Installing / building necessary components
  Building QEMU
  Debugging QEMU

SVP = Symbian Virtual Platform = QEMU + syborg models / baseport

Copyright © 2009 Symbian Foundation. 3

Building ROMS

Copyright © 2009 Symbian Foundation. 4

Building Syborg ROMS
-- Getting the platform
Basically following the QEMU/syborg Wiki with some more details;
1.  Get the PDK
We will be using 2.0.d (click ‘previous releases’)
You will only need the following packages;,,,
2.  Extract zips into a folder ‘FF’
3.  Subst a drive-letter
$subst X: FF
4.  Get remaining sources from Hg tip.
$mkdir sf\os
$cd \sf\os
$hg clone
$hg clone

Copyright © 2009 Symbian Foundation. 5

Building Syborg ROMS
-- Getting the tools
1.  Download the “platform tools” from the PDK page
2.  Unzip in the same folder as the platform
3.  Get raptor
From the PDT download page
4.  Get a cpp.exe to be used by rombuild.
There is one in raptor, but it gives a lot of warnings, and doesn’t work
with debugging
A vanilla cpp.exe from mingw works better
5.  Make sure you have RVCT2.2 installed

Copyright © 2009 Symbian Foundation. 6

Building Syborg ROMS
-- Applying Patches
1.  Apply attached patch in #bug301

3.  Edit the file \epoc32\include\bldvariant.hrh

Change the ‘<‘ and ‘>’ in the include statements to “
(depending on that cpp.exe you are using)

4.  Edit the file sf\os\kernelhwsrv\kernel\eka\rombuild\user.iby

Comment out the “file=“ lines for btrace.exe and dptest.dll

Copyright © 2009 Symbian Foundation. 7

Building Syborg ROMS
Compiling the Source

1.  $ set EPOCROOT=\

2.  $ set SBS_HOME=<raptor-path>
3.  $ set PATH=%PATH%;\epoc32\gcc\bin
4.  $ X:
5.  $ cd \sf\os\QEMU\baseport\syborg
6.  $ <raptor-path>\bin\sbs –c armv5

Building the ROM images

1.  $ cd \sf\os\kernelhwsvr\kernel\eka\rombuild
2.  $ rom –v syborg –i armv5 –b udeb –noheader
3.  $ rom –v syborg –i armv5 –b urel --noheader

Copyright © 2009 Symbian Foundation. 8

Running ROMs in QEMU
1.  Download and unzip the binary version of QEMU

2.  $ arm-none-symbianelf-qemu-system.exe -kernel X:\sf

-M X:\sf\os\QEMU\baseport\syborg\syborg.dtb

It’s all worth it, innit? 

Copyright © 2009 Symbian Foundation. 9

Debugging with QEMU

Copyright © 2009 Symbian Foundation. 10

Debugging with QEMU
-- stop-mode and run-mode
Simulator / QEMU

IDE (Carbide / Eclipse) Symbian

Debug Agent
Debug Driver KDebug

Debug “Stub”


  Stop-mode; When you hit a breakpoint the CPU stops

Like using a ICE-box like Lauterbach or the Emulator
Supports user and kernel side debugging
 Run-mode; when you hit a breakpoint only that process stops
Supports “dynamically loaded code”
Only supports user side code
Copyright © 2009 Symbian Foundation. 11
Debugging with QEMU
  How a Symbian ROM is built
SymApp.cpp App1.exe
linker Rom.img Rombuild.log

elf2e32 postlinker

  Problem; The ROM contains NO symbol or debug info!

Not debug-able (without debugger hacks)

Copyright © 2009 Symbian Foundation. 12

Debugging with QEMU
-- Running ELF4ROM
  Get the ELF4ROM executable
(embedded in \sf\os\QEMU\docs\wiki\ELF4ROM.doc)
-- source to be contributed

1.  $ cd \sf\os\kernelhwsvr\kernel\eka\rombuild
2.  $ rom –v syborg –i armv5 –b udeb –noheader
3.  $ elf4rom.exe –I SYBORGARMV5D.IMG –l ROMBUILD.LOG –o

ELF4ROM might warn about the ROMBUILD.log file. Change the header
to bypass. Yeah, I will fix and rebuild…

Copyright © 2009 Symbian Foundation. 13

Debugging with QEMU
-- GDB command-line
  Get the “arm-elf-gcc/gdb” tool chain from

1.  $ arm-none-symbianelf-qemu-system.exe -kernel X:\sf\os

\kernelhwsrv\kernel\eka\rombuild\SYBORGARMV5D.ELF -M X:\sf\os
\QEMU\baseport\syborg\syborg.dtb –S –s
2.  $ arm-elf-gdb X:\sf\os\kernelhwsrv\kernel\eka\rombuild\SYBORGARMV5D.ELF

3.  (gdb) tar rem localhost:1234

4.  (gdb) b snapapp.cpp:47
5.  (gdb) b svpsnapdriver.cpp:205
6.  (gdb) c
7.  (gdb) i s

Who needs anything more than GDB command line? 

Copyright © 2009 Symbian Foundation. 14

Debugging with QEMU
-- Installing Eclipse
1.  Download in install the latest Eclipse/CDT (for C/C++
developers) release
(at the time of writing this Galileo)

2.  Install the “gdbjtag” plug-in

  In eclipse UI click "Help" -> "Install New Software"
  "Work with" type "".
  "CDT MAin Features" and "CDT Optional Features“ –> "Eclipse C/C++ GDB
Hardware Debugging“
  Next and Finish

Copyright © 2009 Symbian Foundation. 15

Debugging with QEMU
-- Eclipse project
1.  Create eclipse project Create a new directory under your
eclipse workspace directory and copy your elf file to the
2.  "File" -> "New" -> "C++ project"
3.  Expand the "Makefile Project" and select the "Empty Project".
In toolchains box select the MinGW GCC.
4.  Type the directory name where your elf file is located to the
"Project name" field
5.  Right click the project you just created in Project Explorer
view and select "Properties"
6.  “C/C++ Build” -> "Settings“, tick the "GNU Elf Parser".
7.  Select the "GNU Elf Parser" option to make the commands
addr2line and c++filt visible. Change the addr2line to arm-
elf-addr2line and c++filt to arm-elf-c++filt.

Copyright © 2009 Symbian Foundation. 16

Debugging with QEMU
-- Debug Launch configuration
1.  “Run" -> "Debug Configurations"
2.  New "GDB Hardware Debugging"
3.  In the resulting menu choose "Main" tab. Give a good name
to your configuration. Choose the project you created to
"Project" box and give your elf file name in "C/C++
Application" box.
4.  Choose "Debugger" tab. Type in arm-elf-gcc to GDB
Command box.
5.  Remote Target; “Generic”, “localhost”, “1234”
6.  Choose "Startup" tab. Untick Reset and Halt.
7.  Run Commands “c”

Copyright © 2009 Symbian Foundation. 17

Debugging with QEMU
-- Debug Session
1.  Set one or many breakpoints in Eclipse
2.  Start QEMU
$ arm-none-symbianelf-qemu-system.exe -kernel X:\sf
-M X:\sf\os\QEMU\baseport\syborg\syborg.dtb –S –s
3.  Launch the debug session in Eclipse

The sheep says; WOW!

Copyright © 2009 Symbian Foundation. 18

How QEMU Peripherals work

Copyright © 2009 Symbian Foundation. 19

How QEMU Peripherals Work

Copyright © 2009 Symbian Foundation. 20

How QEMU Peripherals Work
-- dts / dtb files
  A Symbian Virtual Platform board configuration is described
using Flattened Device Trees. These are based on the device
trees used by OpenFirmware (IEEE 1275-1994) systems.

  The DTS file describes “the board”

Memory map, what peripherals, configuration of the
peripherals etc
  DTB are a binary version of DTS parse-able by machines

  The DTB file is exposed to the baseport by the “platform”

device (so the device drivers can get the configurations etc)

Copyright © 2009 Symbian Foundation. 21

How QEMU Peripherals Work
-- peripherals
  QEMU peripherals can be written in C or Python
We are using the python models (share\qemu\plugins)

1.  Add the file “” to share\qemu\plugins

2.  Edit, add “import”
3.  Edit “syborg.dts”
Replace the item serial@3 with
hello@0 {
compatible = "syborg,hello";
reg = <c0009000>;
4.  $ arm-none-symbianelf-dtc.exe syborg.dts –O dtb –o

Copyright © 2009 Symbian Foundation. 22

How QEMU Peripherals Work
-- device drivers
  Since we are replacing an existing peripheral we don’t have to
change the bootstraps memory map in the super page
  We need to add / change a device driver to access the new
peripheral (for simplicity, let’s hack the snapshot device driver)

  In svpsnapdriver.cpp, function DSVPSnapChannel::SaveVM


*(volatile TUint32*)(KHwBaseUart3) = 15;

Copyright © 2009 Symbian Foundation. 23

How QEMU Peripherals Work
-- trying it out
1.  Fire up raptor to rebuild the sources
2.  Re-build the ROM
3.  Start the new ROM in QEMU
4.  (eshell) snapapp

Copyright © 2009 Symbian Foundation. 24

Building QEMU

Copyright © 2009 Symbian Foundation. 25

Building QEMU
-- About the “Syborg QEMU”
  We are using a slightly modified version of QEMU, but in
theory the “offical” version should also work;
The QEMU ToT contains the syborg peripherals.

  The stuff that hasn’t made into QEMU mainline yet is

interesting enough for us to keep a copy around
Python support, skinning etc

  The SF QEMU Hg repo contains all QEMU sources and the

libraries it depends on. Since they are all standard libraries
you can either install pre-build versions (handy on *ix) or
build them yourself

Copyright © 2009 Symbian Foundation. 26

Building QEMU
-- Getting MinGW environment
  QEMU builds on *ix and MAC OSX systems
… easy
  It also builds on win32 in MinGW (and probably Cygwin)
… harder

1.  Go to
2.  Download and run the MinGW Installer
Install a minimal configuration
3.  Download and add
  MSYS Base System (msysCore, coreutils, make)
  bison, flex, regex-1
4.  Edit <mingw>/etc/profile, add
export CFLAGS="-I/usr/local/include“
export LDFLAGS="-L/usr/local/lib“

Copyright © 2009 Symbian Foundation. 27

Building QEMU
-- build the libraries, Python, QEMU
1.  Start msys.bat
2.  Build the libraries in this order;
expat, zlib, libpng, libsdl, dtc-trunk
3.  $ ./configure -–prefix=
$ make
$ make install
4.  There are Python sources available, but also a win32 binary
version (let’s use that one!)
5.  Edit qemu-symbian-svp/configure
Line 1036: PYTHON_LIBS="-L$with_python/libs -lpython26"
6.  $ ./configure -–target-list=arm-softmmu –-with-
$ make

Copyright © 2009 Symbian Foundation. 28

Building QEMU
-- running home-built QEMU
  The QEMU executable is called arm-softmmu\qemu-system-
  When running it make sure that you have;
  From a mingw prompt (so you have all dlls available)
  Python26.dll in your path
  The plugins/ folder at the some dir at the exe
The python peripherals

Copyright © 2009 Symbian Foundation. 29

Debugging QEMU
  Now that you (perhaps) has a debug build of QEMU you can
debug QEMU
(while debugging code in the simulator – very meta I know)
  This can be very useful when writing peripherals and device
(I used it a lot when creating syborg)

  Download and install MinGW GDB “Source-level debugger”

  Start arm-softmmu-qemu.exe from gdb and debug as normal

(probably your peripherals)
  Eclipse/CDT can be used as well (and works great)

Copyright © 2009 Symbian Foundation. 30

Other Stuff

Copyright © 2009 Symbian Foundation. 31

Stuff we didn’t talk about (1/2)
  More FDT details
  The Host File System
  The Platform Device
  QEMU skinning (put phone skin around it)
  Virtio peripherals
(used by the Ethernet device)
  The NAND flash device

  Using python peripherals to wrap binary peripherals

  More details on how to write C peripherals

Copyright © 2009 Symbian Foundation. 32

Stuff we didn’t talk about (2/2)
  S60 GUI builds in QEMU
  NGA in QEMU

Copyright © 2009 Symbian Foundation. 33