Emulate ARM Cortex-M7 with qemu-system-arm.exe

Question

I'm using Eclipse based CubeIDE and QEMU debugging plugin. I'm working in assembler and can debug simple project (adding two numbers in registers) on STM32 Cortex M7 board (STM32H750DK). Now I'd like to do the same using QEMU and have problems, because I can't find suitable generic Cortex M7 machine. I've tried mps2-an500, but it doesn't work.

I've done similar already under qemu-system-gnuarmeclipse.exe on STM32F407 board and it's supported even visually (board picture), and I can see LED diodes blinking.

I'd be enough just plain emulation (not visual) for cortex M7 board.

Has anyone done something similar or any other advice how to do this properly ?

Thanks.

Answer 1

I think you are supposed to show some code for the attempts you made when asking a question on Stackoverflow. In your case, this could have been a minimal, reproducible example of your attempts to use the mps2-an500 QEMU virtual machine.

This being said, a procedure for building and debugging a program using QEMU and targeting the mps2-an500 virtual machine could be:

1. Download QEMU 7.10 for Windows, and install it into the \opt\qemu-7.1.0 directory - you will have to create it,
2. Download the arm-gnu-toolchain-11.3.rel1-mingw-w64-i686-arm-none-eabi toolchain,and install into the \opt\arm\11 directory - you will have to create it,

In a directory of your choice, create the following files:

build.cmd:

@set CROSS_COMPILE=\opt\arm\11\arm-gnu-toolchain-11.3.rel1-mingw-w64-i686-arm-none-eabi\bin\arm-none-eabi-
@set CC=%CROSS_COMPILE%gcc
@set OBJDUMP=%CROSS_COMPILE%objdump
@set GDB=%CROSS_COMPILE%gdb
@set QEMU_SYSTEM_ARM=\opt\qemu-7.1.0\qemu-system-arm

@%CC%  -g -mthumb -mtune=cortex-m7 -nostdlib -nostartfiles -ffreestanding -Wl,-Ttext,0x00000000 -o mps2-an500.elf startup.s 
@%OBJDUMP% -d mps2-an500.elf > mps2-an500.objdump

@echo QEMU/GDB commands:
@echo %QEMU_SYSTEM_ARM% -m 16M  -nographic -machine mps2-an500 -S -cpu cortex-m7 -gdb tcp::2345,ipv4 -kernel mps2-an500.elf
@echo %GDB%

startup.s:

        .file    "startup.s"
        .arch    armv7-a
        .fpu     vfpv3-d16
        .thumb
        .syntax  unified
        .equ    __StackTop, 0x21000000
        .global  _start
        .align   2
        .long    __StackTop
        .long   _start    
_start:
         mov     r0,#3
         mov     r1,#5
         add     r2, r0, r1
wait:    b       wait
        .size    _start, .-_start
        .end

Execute the build.cmd batch procedure, it will create mps2-an500.elf and mps2-an500.lst, and display the QEMU and GDB commands you will use for debugging the (very) basic example:

build.cmd
QEMU/GDB commands:
\opt\qemu-7.1.0\qemu-system-arm -m 16M  -nographic -machine mps2-an500 -S -cpu cortex-m7 -gdb tcp::2345,ipv4 -kernel mps2-an500.elf
\opt\arm\11\arm-gnu-toolchain-11.3.rel1-mingw-w64-i686-arm-none-eabi\bin\arm-none-eabi-gdb

In one console mode session, execute:

\opt\qemu-7.1.0\qemu-system-arm -m 16M  -nographic -machine mps2-an500 -S -cpu cortex-m7 -gdb tcp::2345,ipv4 -kernel mps2-an500.elf

in another, execute the GDB command:

\opt\arm\11\arm-gnu-toolchain-11.3.rel1-mingw-w64-i686-arm-none-eabi\bin\arm-none-eabi-gdb --command=mps2-an500.gdb

In the GDB session, execute the following commands in sequence:

target remote localhost:2345
file mps2-an500.elf
break _start
break wait
set $sp = 0x21000000
set $pc = _start 
stepi
stepi
stepi
info registers

The transcript for the GDB session should look like:

\opt\arm\11\arm-gnu-toolchain-11.3.rel1-mingw-w64-i686-arm-none-eabi\bin\arm-none-eabi-gdb
GNU gdb (Arm GNU Toolchain 11.3.Rel1) 12.1.90.20220802-git
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "--host=i686-w64-mingw32 --target=arm-none-eabi".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://bugs.linaro.org/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word".
(gdb) target remote localhost:2345
Remote debugging using localhost:2345
warning: No executable has been specified and target does not support
determining executable automatically.  Try using the "file" command.
0x00000014 in ?? ()
(gdb) file mps2-an500.elf
A program is being debugged already.
Are you sure you want to change the file? (y or n) y
Reading symbols from mps2-an500.elf...
(gdb) break _start
Breakpoint 1 at 0x8: file startup.s, line 12.
(gdb) break wait
Breakpoint 2 at 0x14: file startup.s, line 15.
(gdb) set $sp = 0x21000000
(gdb) set $pc = _start
(gdb) stepi
13               mov     r1,#5
(gdb) stepi
14               add     r2, r0, r1
(gdb) stepi

Breakpoint 2, _start () at startup.s:15
15      wait:    b       wait
(gdb) info registers
r0             0x3                 3
r1             0x5                 5
r2             0x8                 8
r3             0x0                 0
r4             0x0                 0
r5             0x0                 0
r6             0x0                 0
r7             0x0                 0
r8             0x0                 0
r9             0x0                 0
r10            0x0                 0
r11            0x0                 0
r12            0x0                 0
sp             0x21000000          0x21000000
lr             0xfffffff9          -7
pc             0x14                0x14 <_start+12>
xpsr           0x41000003          1090519043
fpscr          0x0                 0
(gdb)