Reputation: 131
How can you trace execution of an embedded system emulted in QEMU?
I've built OpenWrt for x86 and I'm using QEMU to run it virtually.I'm trying to debug this system in real time. I need to see things like network traffic flowing etc.
I can attach gdb remotely and execute (mostly) step by step with break points. I really want trace points though. I don't want to pause execution and loose network flow. When I tried setting trace points using tstart, I see the message "Target does not support this command". I did a bit of reading of the gdb documentation and from what I can tell the gdb stub that runs to intercept normal execution in QEMU does not support trace points.
From here I started looking at other tools and ran across PANDA (https://github.com/panda-re/panda). As I understand PANDA will capture a complete system trace in a log and allow for replay. I think this tool is supposed to do what I need, but I cannot seem to replay the results. I see the logs, I just can't replay them.
Now, I'm a bit stuck on what other tools/options I might have to actually trace a running embedded system. Are there any good tools you can recommend? Or perhaps another method I've missed?
Upvotes: 0
Views: 1413
Answers (2)
Reputation: 328
If you want to see the system calls and signals use strace. Strace can also be used with running process and it can put the output in a log file if required.
Upvotes: 1
Reputation: 131
In OpenWrt it is possible to build with ftrace. Ftrace has much of the functionality I required but not all.
To build with ftrace, the option for ftrace must be selected in the build menu. Additionally there are a variety of tracer options that must also be enabled.
The trace-cmd (ftrace) is located in menuconfig/Development
Tracing support is under menuconfig/Global build settings/Compile the kernel with tracing support and includes: Trace system calls, Trace process context switches and events, and Function tracer (Function graph tracer, Enable/disable function tracing dynamically, and Function profiler)
I'm also planning to build a custom GDB stub to do this a little bit better as I also want to see the data passed to the functions not just the function calls.
Upvotes: 0
Related Questions
- How can I debug QEMU with one terminal?
- Debugging early kernel startup code in QEMU
- How to debug the Linux kernel with GDB and QEMU?
- Qemu arm Linux kernel boot debug, no source code
- How to use QEMUn and GDB to debug Kernel
- Low level qemu based debugging
- Qemu: trace MMU operation
- Debugging bootloader with gdb in qemu
- How to Debug Linux Kernel using GDB in qemu environment
- Debug qemu with gdb