#5 QEMU - Processor/Board emulator

QEMU [20] is an open source project for processor/board emulation. It allows developpers to debug/test cross-compiled software without the target platform. A complete step-by-step tutorial to run Redboot and eCos application using QEMU is available here. In this section, QEMU is used under a Linux host machine to emulate the Stellaris EKK-LM3S811 eCos HAL. While the emulation works on my machine, it is often unstable.

I. Compiling QEMU for ARM processor emulation

Download the latest QEMU released version ( 0.13.0 at the time ) or fetch the latest source code from GIT repository and compile QEMU for the targeted architecture (ARM in this case):
$ git clone git://git.qemu.org/qemu.git
$ cd qemu
$ ./configure --target-list=arm-linux-user,armeb-linux-user,arm-softmmu
$ make
The relevant result is the program qemu/arm-softmmu/qemu-system-arm and will be used to emulate the EKK-LM3S811 board.

II. Stellaris EKK-LM3S811 board emulation

QEMU has support for the Stellaris EKK-LM3S811 board, however, many HW features are not supported. For instance, it is not possible to use the eCos ADC driver without few modifications of the existing code. Using the LM3S timers in 16 bits mode is also not allowed. Accessing an un-supported HW feature triggers an HW error message on the QEMU console provoking the end of the emulation. To get better coverage of the target, QEMU source code can be patched and re-compiled according to your need.

Compile the eCos EKK-LM3S811 HAL. For stable emulation, the HAL is compiled with the global flag -O0:
$ ecosconfig new ek-lm3s811 minimal
$ ecosconfig import $ECOS/hal/cortexm/lm3s/ek_lm3s811/current/misc/redboot_ROM.ecm
$ ecosconfig tree
$ make
Compile the application and link it with the ROM library ( ek-lm3s811/install/lib/ ). The eCos test applications for the Stellaris LM3S can be used. In this example, the resulting .bin and .elf files are located in $HOME/workspace/ecos/ek_lm3s81/bin/out/

Start the emulator for the lm3s811evb target , the qemu console shall appear:
$ ./qemu-system-arm -M lm3s811evb -kernel $HOME/workspace/ecos/ek_lm3s81/bin/out/ecos.bin -net none -nographic -serial file:/tmp/systemd-console -S -s
QEMU 0.13.0 monitor - type 'help' for more information
(qemu)


Start eclipse IDE and connect GDB ( port 1234 ). It is not required to load the application, QEMU has placed the binary file in the target flash.



The board UART is redirected in the file /tmp/systemd-console, while debugging the ADC test case, the following output is observed:

$ cat /tmp/systemd-console

ADC: Init
ADC: IRQ vect 15, pri 96
ADC: Timer interval 500000
ADC: Init
ADC: Init
ADC: Init
This test reads samples from all enabled ADC channels.
Each second the number of already acquired samples
will be printed. After 10 seconds all ADC channels
will be stopped and each ADC buffer will be read until
it is empty. If the number of acquired samples is much
smaller than the number of expected samples, then you
should lower the sample rate.

ADC: Opening channel 0
ADC: Update sequencer for channel 0
ADC: MUX0 Register: 0x0
ADC: CTL0 Register: 0x6
etc...