From: Thomas Huth <1364501@bugs.launchpad.net>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [Bug 1364501] Re: Gdb hangs when trying to single-step after an invalid instruction
Date: Tue, 23 Oct 2018 05:52:48 -0000 [thread overview]
Message-ID: <154027396909.16730.498900415423058596.launchpad@chaenomeles.canonical.com> (raw)
In-Reply-To: 20140902163848.4037.99496.malonedeb@soybean.canonical.com
** Changed in: qemu
Status: Expired => Triaged
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1364501
Title:
Gdb hangs when trying to single-step after an invalid instruction
Status in QEMU:
Triaged
Bug description:
When using Gdb to remote-debug a program and manually setting its PC
to point to an address containing an invalid instruction and then
doing a single step, Qemu will never return control to the remote Gdb.
For instance, let's say address 0x114 contains an invalid instruction.
On the remote Gdb, we'd do:
(gdb) set $pc = 0x114
(gdb) stepi
After doing that we won't get the (gdb) prompt unless we do a Ctrl-C.
If we do so we'll be left at 0x114 instead of going towards the
exception handler as we should. This happens with stepi, step and
next. If instead of single-stepping we used continue, the program will
proceed into the exception handler as it should.
The reason this is happening is that when Qemu realizes it's about to
translate an instruction it doesn't recognize it'll generate a call to
helper_exception_with_syndrome(), which will register the exception
and then call cpu_loop_exit(). At the same time, because we're doing a
single-step, Qemu will also generate a call to
helper_exception_internal() passing it an EXCP_DEBUG, which lets the
system know it'll give control back to the remote debugger, and it
also ends with a call to cpu_loop_exit(). However, because the
syndrome exception calls cpu_loop_exit() first, the call to the
internal exception won't be reached and Qemu will be stuck in a loop
without returning control to the remote debugger.
What makes this a bit tricky to fix is that we must call
cpu_loop_exit() at the end of helper_exception_with_syndrome(),
otherwise the target exception will go undetected and its handler
won't be excecuted.
Tested on latest head by emulating a Stellaris lm3s6965 board and
running RTEMS 4.11:
$ qemu-system-arm -nographic -s -S -M lm3s6965evb -kernel my_rtems_app
Commit hash in qemu.git: 30eaca3acdf17d7bcbd1213eb149c02037edfb0b
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1364501/+subscriptions
next prev parent reply other threads:[~2018-10-23 6:05 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-02 16:38 [Qemu-devel] [Bug 1364501] [NEW] Gdb hangs when trying to single-step after an invalid instruction martin
2014-09-02 18:49 ` Peter Maydell
2014-09-02 19:38 ` [Qemu-devel] [Bug 1364501] " Martin
2014-09-03 14:43 ` Martin
2014-09-04 15:22 ` Martin
2017-11-23 18:35 ` Peter Maydell
2018-08-20 10:32 ` Thomas Huth
2018-08-20 19:05 ` martin
2018-10-20 4:18 ` Launchpad Bug Tracker
2018-10-22 15:11 ` martin
2018-10-23 5:52 ` Thomas Huth [this message]
2018-12-05 11:06 ` Alex Bennée
2021-05-03 16:40 ` Thomas Huth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=154027396909.16730.498900415423058596.launchpad@chaenomeles.canonical.com \
--to=1364501@bugs.launchpad.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.