如何调试QEMU

我总结了一个非常简单的办法，希望对大家有帮助。由于是给老外回的，所以写成了英文

STEP 1: add a gloab control variable before main in vl.c. we will stop on main() if the control variable is zero

int g_stop_here = 1;

int main(int argc, char **argv, char **envp){

......
while(g_stop_here){
;//loop, wait debug;
}

......

}

STEP 2: compile and run qemu 

qemu-system-x86_64 -machine accel=kvm -smp 8 -drive file=./test.raw,format=raw -drive file=./disk.qcow2 -cdrom ./RHEL6.3-20120613.2-Server-x86_64-DVD1.iso -m 2048 -serial stdio -vnc 10.238.153.111:0 -monitor telnet:10.238.153.111:6666,server,nowait

STEP 3: gdb attach the qemu process

[root@localhost host]# ps -ef | grep qemu

root      18816  17406 99 22:06 pts/1    00:00:05 qemu-system-x86_64 

roooot@localhost host]# gdb -p 18816

STEP 4: set the breakpoint

(gdb) bt

#0  0x000055580c4d3fbd in main (argc=19, argv=0x7ffcae0149a8, envp=0x7ffcae014a48) at vl.c:2944

(gdb) b kvm_put_msr_feature_control

Breakpoint 1 at 0x55580c4b1a89: file /home/mce/workspace/git/qemu/qemu/target-i386/kvm.c, line 1311.

(gdb) b x86_cpu_reset

Breakpoint 2 at 0x55580c47f49f: file /home/mce/workspace/git/qemu/qemu/target-i386/cpu.c, line 2608.

STEP 5: set the gloab control variable to zero and contiue run qemu process

(gdb) set var g_stop_here=0

(gdb) c

STEP 6: QEMU will stop at the breakpoint, and we can debug the process. Also we need see the logic of qemu, some printf could be very helpful.

Breakpoint 2, x86_cpu_reset (s=0x55580e906f30) at /home/mce/workspace/git/qemu/qemu/target-i386/cpu.c:2608

2608        X86CPU *cpu = X86_CPU(s);

(gdb) bt

#0  x86_cpu_reset (s=0x55580e906f30) at /home/mce/workspace/git/qemu/qemu/target-i386/cpu.c:2608

#1  0x000055580c68a571 in cpu_reset (cpu=0x55580e906f30) at qom/cpu.c:231

#2  0x000055580c4800c7 in x86_cpu_realizefn (dev=0x55580e906f30, errp=0x7ffcae014210) at /home/mce/workspace/git/qemu/qemu/target-i386/cpu.c:2914

#3  0x000055580c55c9bd in device_set_realized (obj=0x55580e906f30, value=true, errp=0x7ffcae0143c8) at hw/core/qdev.c:1055

#4  0x000055580c6cd84d in property_set_bool (obj=0x55580e906f30, v=0x55580e921bf0, opaque=0x55580e8f7720, name=0x55580c7ba530 "realized", errp=0x7ffcae0143c8) at qom/object.c:1708

#5  0x000055580c6cbe84 in object_property_set (obj=0x55580e906f30, v=0x55580e921bf0, name=0x55580c7ba530 "realized", errp=0x7ffcae0143c8) at qom/object.c:965

#6  0x000055580c6ce71b in object_property_set_qobject (obj=0x55580e906f30, value=0x55580e8f6bc0, name=0x55580c7ba530 "realized", errp=0x7ffcae0143c8) at qom/qom-qobject.c:24

#7  0x000055580c6cc11a in object_property_set_bool (obj=0x55580e906f30, value=true, name=0x55580c7ba530 "realized", errp=0x7ffcae0143c8) at qom/object.c:1034

#8  0x000055580c431fff in pc_new_cpu (cpu_model=0x55580c7ba5e5 "qemu64", apic_id=0, errp=0x7ffcae014420) at /home/mce/workspace/git/qemu/qemu/hw/i386/pc.c:1069

#9  0x000055580c4322bc in pc_cpus_init (cpu_model=0x55580c7ba5e5 "qemu64") at /home/mce/workspace/git/qemu/qemu/hw/i386/pc.c:1145

#10 0x000055580c434d2d in pc_init1 (machine=0x55580e8a5bc0, host_type=0x55580c7bb237 "i440FX-pcihost", pci_type=0x55580c7bb230 "i440FX")

    at /home/mce/workspace/git/qemu/qemu/hw/i386/pc_piix.c:142

#11 0x000055580c43597b in pc_init_v2_5 (machine=0x55580e8a5bc0) at /home/mce/workspace/git/qemu/qemu/hw/i386/pc_piix.c:474

#12 0x000055580c4d7cbb in main (argc=19, argv=0x7ffcae0149a8, envp=0x7ffcae014a48) at vl.c:4474