AArch64 semihosting?

AArch64 semihosting?

[Liviu Ionescu]

I'm trying to set-up an environment for running unit-tests on AArch64, and I'm constantly getting crashes:

```
ilg@wksi ~ % /Users/ilg/Library/xPacks/@xpack-dev-tools/qemu-arm/6.2.0-1.1/.content/bin/qemu-system-aarch64  "--machine" "virt" "--cpu" "cortex-a57" "--kernel" "/Users/ilg/My Files/WKS Projects/micro-os-plus.github/work/aarch64-boot-libgloss/Debug/aarch64-boot-libgloss.elf" "--nographic" "-d" "unimp,guest_errors" "--semihosting-config" "enable=on,target=native" "--semihosting-config" "arg=sample-test,arg=one,arg=two" -s

zsh: segmentation fault   "--machine" "virt" "--cpu" "cortex-a57" "--kernel"  "--nographic" "-d"      
ilg@wksi ~ % 
```

The application was built with newlib libgloss and all it does is a series of printfs to display Hello World and the argv array.

I also tried with a custom semihosting implementation that I use for other projects, and the result is the same, QEMU crashes.

However, if I start QEMU with -s (in GDB server mode) and load the application via the GDB client, the application no longer crashes, it passes the command lines arguments properly, it runs through the printfs, it returns, it reaches the semihosting SYS_EXIT_EXTENDED call and emulation terminates normally.

Things are not entirely ok, since the messages expected to be printed by QEMU are not shown; instead, they appear in the GDB trace window, so they are reflected back to GDB.


Are there any known issues with semihosting on AArch64? I'm using a similar configuration for running Cortex-M unit-tests on mps2-an500/mps2-an385 and on those machines semihosting works as expected.

Some time ago I reworked the semihosting implementation in OpenOCD, and there I used a common semihosting implementation for all Arm and RISC-V devices; everything worked fine, so a common approach is realistic.

My testing environment depends on running semihosted application in QEMU, so I have to find a solution to make it work.

Any thoughts on this?


Liviu

Re: AArch64 semihosting?

[Peter Maydell]

On Thu, 26 May 2022 at 09:14, Liviu Ionescu <ilg@livius.net> wrote:
>
> I'm trying to set-up an environment for running unit-tests on AArch64, and I'm constantly getting crashes:
>
> ```
> ilg@wksi ~ % /Users/ilg/Library/xPacks/@xpack-dev-tools/qemu-arm/6.2.0-1.1/.content/bin/qemu-system-aarch64  "--machine" "virt" "--cpu" "cortex-a57" "--kernel" "/Users/ilg/My Files/WKS Projects/micro-os-plus.github/work/aarch64-boot-libgloss/Debug/aarch64-boot-libgloss.elf" "--nographic" "-d" "unimp,guest_errors" "--semihosting-config" "enable=on,target=native" "--semihosting-config" "arg=sample-test,arg=one,arg=two" -s
>
> zsh: segmentation fault   "--machine" "virt" "--cpu" "cortex-a57" "--kernel"  "--nographic" "-d"
> ilg@wksi ~ %
> ```
>
> The application was built with newlib libgloss and all it does is a series of printfs to display Hello World and the argv array.

I'm not aware of any problems with aarch64 semihosting.
If QEMU crashes that's definitely a bug -- can you provide us with
a reproduce case (eg the binary you used here)?

> Some time ago I reworked the semihosting implementation in OpenOCD, and
> there I used a common semihosting implementation for all Arm and RISC-V
> devices; everything worked fine, so a common approach is realistic.

Yes; QEMU also shares code for those two architectures' semihosting
implementation.

thanks
-- PMM

Re: AArch64 semihosting?

[Liviu Ionescu]

[-- Attachment #1: Type: text/plain, Size: 363 bytes --]



> On 26 May 2022, at 11:20, Peter Maydell <peter.maydell@linaro.org> wrote:
> 
> ... can you provide us with
> a reproduce case (eg the binary you used here)?

Sure. I'll try to attach it to this message, it is only 64K. 

The command I used to run the test is in the previous message.

Please confirm that you get the same behaviour on your machine.


Liviu



[-- Attachment #2: aarch64-boot-libgloss.elf.zip --]
[-- Type: application/zip, Size: 63691 bytes --]

Re: AArch64 semihosting?

[Liviu Ionescu]

> On 26 May 2022, at 11:20, Peter Maydell <peter.maydell@linaro.org> wrote:
> 
> QEMU also shares code for those two architectures' semihosting
> implementation.

Then it seems to be a difference between Arm 64-bit and Arm 32-bit (which is fine).

After fixing the AArch64 tests I'll get to RISC-V, which should run the same tests.


Liviu

Re: AArch64 semihosting?

[Peter Maydell]

On Thu, 26 May 2022 at 09:32, Liviu Ionescu <ilg@livius.net> wrote:
> > On 26 May 2022, at 11:20, Peter Maydell <peter.maydell@linaro.org> wrote:
> >
> > ... can you provide us with
> > a reproduce case (eg the binary you used here)?
>
> Sure. I'll try to attach it to this message, it is only 64K.
>
> The command I used to run the test is in the previous message.
>
> Please confirm that you get the same behaviour on your machine.

Yes, I can reproduce this. What seems to be happening is that
QEMU decides to do semihosting via gdb, but then crashes because
gdbserver_state.c_cpu is NULL (which in turn is probably because
there is no GDB connected). This is strange given the 'target=native'
in the command line. I'll investigate further...

Did you intend to pass '-s' (allow gdbstub connection) but not
'-S' (wait on startup for gdb to connect and say "continue"),
by the way?

-- PMM

Re: AArch64 semihosting?

[Peter Maydell]

On Thu, 26 May 2022 at 11:01, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> On Thu, 26 May 2022 at 09:32, Liviu Ionescu <ilg@livius.net> wrote:
> > > On 26 May 2022, at 11:20, Peter Maydell <peter.maydell@linaro.org> wrote:
> > >
> > > ... can you provide us with
> > > a reproduce case (eg the binary you used here)?
> >
> > Sure. I'll try to attach it to this message, it is only 64K.
> >
> > The command I used to run the test is in the previous message.
> >
> > Please confirm that you get the same behaviour on your machine.
>
> Yes, I can reproduce this. What seems to be happening is that
> QEMU decides to do semihosting via gdb, but then crashes because
> gdbserver_state.c_cpu is NULL (which in turn is probably because
> there is no GDB connected). This is strange given the 'target=native'
> in the command line. I'll investigate further...

The failure to honour the 'target=native' option is the result of a
commandline parsing weirdness/bug. It happens because your command
line specifies two separate '--semihosting-config x=y,x=y...' option
groups, and the code was not written to take account of that
possibility. So in qemu_semihosting_config_options() it looks for
"did the user specify target=something" with the default being 'auto'.
This function gets run twice, once per --semihosting-config option
you have. So the first time around we set semihosting.enabled
to true and semihosting.target to SEMIHOSTING_TARGET_NATIVE.
But then the second time around we say "oh, the user didn't
specify either enabled or target, so default them to true and
SEMIHOSTING_TARGET_AUTO", overwriting the value that got set up
by the first call.

We should fix this (as well as the bug it reveals in the use
of 'target=auto|gdb' when the gdbstub is initialized but no gdb
is connected), but in the meantime you can work around it
by always providing just one --semihosting-config option, like this:
 --semihosting-config enable=on,target=native,arg=sample-test,arg=one,arg=two

I don't think any of this ought to be target-specific, so perhaps
the command line you use for 32-bit arm is slightly different
and avoided the bug by good fortune ?

thanks
-- PMM

Re: AArch64 semihosting?

[Liviu Ionescu]

> On 26 May 2022, at 13:01, Peter Maydell <peter.maydell@linaro.org> wrote:
> 
> Yes, I can reproduce this.

Ok, it seems you diagnosed it pretty quickly, great!

> Did you intend to pass '-s' (allow gdbstub connection) but not
> '-S' (wait on startup for gdb to connect and say "continue"),
> by the way?

Oops! I forgot about this. I'll switch to -S.

> The failure to honour the 'target=native' option ... you can work around it

> by always providing just one --semihosting-config option, like this:
> --semihosting-config enable=on,target=native,arg=sample-test,arg=one,arg=two

Right, thank you for the suggestion.

> I don't think any of this ought to be target-specific, so perhaps
> the command line you use for 32-bit arm is slightly different
> and avoided the bug by good fortune ?

If I think again, this might explain some previous weird behaviours that I experimented a while ago.

For production tests I do not use the gdb server configuration, and semihosting was functional even with two options.

So yes, it was good fortune.

If you fix the bug, could you notify me when ready, to make a new xPack release?


Thank you,

Liviu

Re: AArch64 semihosting?

[Peter Maydell]

On Thu, 26 May 2022 at 12:03, Liviu Ionescu <ilg@livius.net> wrote:
>
>
>
> > On 26 May 2022, at 13:01, Peter Maydell <peter.maydell@linaro.org> wrote:
> >
> > Yes, I can reproduce this.
>
> Ok, it seems you diagnosed it pretty quickly, great!
>
> > Did you intend to pass '-s' (allow gdbstub connection) but not
> > '-S' (wait on startup for gdb to connect and say "continue"),
> > by the way?
>
> Oops! I forgot about this. I'll switch to -S.

You want both '-s' and '-S', usually (or '-S' and a '-gdb' option;
'-s' is shorthand for '-gdb tcp::1234'). '-S' is just "don't run
on startup" -- you can then start the guest using either the monitor
or the gdb stub.

> If you fix the bug, could you notify me when ready, to make a new xPack release?

Sure.

-- PMM

Re: AArch64 semihosting?

[Liviu Ionescu]

> On 26 May 2022, at 14:08, Peter Maydell <peter.maydell@linaro.org> wrote:
> 

I confirm that, started via "-kernel aarch64-boot-libgloss.elf", with a single "--semihosting-config", the app ran properly, displayed the printf() output and no longer crashed.

```
ilg@wksi ~ % /Users/ilg/Library/xPacks/@xpack-dev-tools/qemu-arm/6.2.0-1.1/.content/bin/qemu-system-aarch64  "--machine" "virt" "--cpu" "cortex-a57" "--kernel" "/Users/ilg/My Files/WKS Projects/micro-os-plus.github/work/aarch64-boot-libgloss/Debug/aarch64-boot-libgloss.elf" "--nographic" "-d" "unimp,guest_errors" "--semihosting-config" "enable=on,target=native,arg=sample-test,arg=one,arg=two"

Hello World 3!
arg 0 = sample-test!
arg 1 = one!
arg 2 = two!
...
```

> ... You want both '-s' and '-S'

Same with '-s -S' and the elf loaded via GDB in Eclipse.


Thank you,

Liviu