On 3 November 2013 10:31, Xin Tong <trent.t...@gmail.com> wrote: > I would like to trace all the executed instruction PC in QEMU ARM. Because > ARM has conditional execution, we do not know whether an instruction will > execute or not at translation time.
This is a rather odd way to look at conditional execution. It's better to think of it as "the instruction executes but may execute as a NOP". (In particular, it's architecturally valid for an instruction which fails its condition check to take an UNDEF exception, though QEMU chooses not to do this.) > Therefore the PC tracing code can not be > generated before the instruction is disassembled. (i.e. before > disas_thumb_insn/disas_arm_insn ). Then, is it correct to generate the PC > tracing code after the disas_XXX_insn functions are called ? I can keep the > old value of the PC before the PC in the disassemble context is updated by > the disas_XXX_insn. The more usual way to trace this kind of thing if you care about ccpass/ccfail status would be to always trace the PC of the instruction about to be executed, and then also trace ccpass/ccfail indications when the instruction is conditional. -- PMM
