Hi, I am trying to generate instruction traces for an ARM64 VM (on an x86_64 host). There is a thread on this very topic in the archives ( https://lists.nongnu.org/archive/html/qemu-devel/2008-04/msg00038.html), but the embdedded link is not functional at this point. Also, given that the thread is ~8 years old, some of the internals might have changed.
I did go over the documentation on tracing, and it appears that I can instrument the execution of the translation blocks generated via TCG (cpu_exec.c:exec_tb*). And if I stare at target/arm/translate-a64.c, it looks like I might be able to dump out the constituent instructions of every tracing block, the first time it is encountered. With those two pieces, it should theoretically be possible to get the exact sequences of instructions executed. I'd really appreciate if anyone can advise me on the relative merits/demerits of this approach; and suggest better alternatives. Regards, -Jayanto
