Android Emulator Development, Anbox, & Waydroid

Advanced Debugging: Tracing ARM Native Code in AOSP x86_64 Emulator with GDB & QEMU Monitors

By Antigravity Research Published May 29, 2026 ⏱️ 4 Min Read
Google AdSense Native Placement - Horizontal Top-Post banner

Introduction

Debugging native ARM code running within an AOSP x86_64 emulator presents a unique challenge. While the emulator itself runs on an x86_64 host, it utilizes QEMU’s Tiny Code Generator (TCG) to translate ARM guest instructions to host x86_64 instructions on the fly. This sophisticated emulation layer means traditional x86_64 debugging tools won’t directly understand the ARM execution context. This article provides an expert-level guide on leveraging GNU Debugger (GDB) for guest-side ARM code inspection and QEMU monitor commands for host-side translation insights, allowing for comprehensive debugging of ARM native binaries in this complex environment.

Prerequisites for Setup

Before diving into the debugging process, ensure you have the following:

  • A complete AOSP source tree.
  • A successful build of the AOSP emulator targeting an ARM architecture (e.g., aosp_arm64-eng or aosp_arm-eng) for the guest system image.
  • A successful build of the x86_64 host emulator binary itself.
  • A multi-architecture GDB installation (e.g., gdb-multiarch on Linux or a custom build with ARM support).
  • Basic familiarity with AOSP build system, GDB, and QEMU concepts.

Building the AOSP Environment

First, ensure your AOSP environment is correctly set up. You need a build target that produces an ARM system image for the emulator’s guest OS.

source build/envsetup.sh
lunch aosp_arm64-eng # Or aosp_arm-eng for 32-bit ARM
make -j$(nproc) # Build the entire AOSP system image

Next, ensure your host emulator binary is built:

# This usually happens implicitly when building AOSP, but can be targeted specifically
make emulator

Launching the Emulator for GDB Debugging

To enable GDB debugging, we need to instruct QEMU (which powers the AOSP emulator) to expose a GDB server and halt execution until a debugger connects. We’ll also enable the QEMU monitor for host-side inspection.

emulator -avd avd_name_for_arm64   # Replace with your actual AVD name for ARM64/ARM
  -qemu -gdb tcp::1234 -S -monitor telnet::4567,server,nowait -vnc :1
  • -avd avd_name_for_arm64: Specifies the AVD that uses your ARM-based system image.
  • -qemu: Passes subsequent arguments directly to QEMU.
  • -gdb tcp::1234: Tells QEMU to open a GDB server on TCP port 1234.
  • -S: Instructs QEMU to freeze the CPU at startup, waiting for a GDB client to connect.
  • -monitor telnet::4567,server,nowait: Opens a QEMU monitor on port 4567, accessible via telnet. nowait means QEMU won’t wait for a connection to start.
  • -vnc :1: Optional, but useful for graphical interaction if the emulator doesn’t display directly.

After launching, the emulator will show a black screen and wait. You can connect to the QEMU monitor:

telnet localhost 4567

In the monitor, you’ll see a `(qemu)` prompt. This is your gateway to understanding QEMU’s internal state.

Connecting GDB to the ARM Guest

Now, open a new terminal and launch your multi-architecture GDB instance.

gdb-multiarch

Inside GDB, connect to the QEMU GDB server:

(gdb) target remote :1234
Remote debugging using :1234
0x0000000000000000 in ?? ()

At this point, GDB is connected, but it doesn’t know about the ARM architecture or the guest’s memory layout. QEMU will typically report 0x0 as the current PC because it’s halted before any meaningful execution. We need to tell GDB about the ARM architecture and load symbols.

(gdb) set architecture aarch64 # Or arm for 32-bit ARM
The target architecture is assumed to be aarch64
(gdb) add-symbol-file /path/to/your/arm_binary_or_library_symbols.so 0xADDR

Finding the base address (0xADDR) for a dynamically loaded library can be tricky. You might need to let the system boot up a bit, then use cat /proc/self/maps from an adb shell, or set a breakpoint early and inspect loaded modules. For core system libraries, symbols are often available in out/target/product/<device>/symbols/system/lib64/.

(gdb) b SomeFunctionInYourArmBinary
(gdb) c

The `c` command will tell QEMU to continue execution. The emulator should now boot, and GDB will eventually hit your breakpoint.

Utilizing QEMU Monitor for Deeper Insight

While GDB shows you the guest ARM state, the QEMU monitor offers a window into the host’s emulation and translation process. This is invaluable when the ARM code’s behavior doesn’t make sense from the guest perspective, or when you suspect issues with QEMU’s translation.

Key QEMU Monitor Commands:

  • info registers: Displays the current state of QEMU’s internal (guest) registers. This often mirrors what GDB shows, but can be useful for quick checks without switching contexts.
  • xp /i $pc: This is critical. It stands for

    Android Mobile Specs & Compare Directory

    Are you researching mobile hardware properties, processor SoCs, GPU chipsets, or RAM configurations? Access our complete specs catalog to compare up to 5 devices side-by-side!

    Compare Devices Specs →
Google AdSense Inline Placement - Content Footer banner
Tags: #Android Emulator #AOSP #ARM Debugging #GDB #QEMU

Related Technical Guides

VirGL Driver Deep Dive: Tracing Renderer Operations from Android GLES to Host GPU

May 30, 2026

Benchmarking Battle: Comparing ARM Translation Layer Performance on x86_64 Android Emulators

May 30, 2026

Mastering Android GPU Passthrough: A Comprehensive Guide for Anbox & Waydroid

May 30, 2026