Fabien Chouteau writes: >> The process is basically: >> >> * Add trace events that can work during TCG code generation (e.g., start TB, >> start instruction fetch, memory access, etc.) >> >> * Let the user select which trace events to instrument, including both >> "regular" >> trace events and TCG trace events (thus you instrument at both execution and >> translation time). >> >> * The user provides her own implementation of the instrumented trace events. >> >> As you can see, this system only gives you the hooks were code can be >> inserted. Whether your hooks implement everything inside QEMU or just write a >> trace file, that is up to you. >>
> Interesting, what kind of analysis do you plan to perform with this? Deep full-system or application behaviour analysis, which in my case happens to be architecture simulation but it could well be data flow tracking, reverse engineering or anything else. All users care is about having the right hooks available and being able to plug in arbitrary code in them. >> [...] >>>> >>>> On the other hand, I have a complementary set of events, so we can >>>> definitely >>>> join the efforts on that side (e.g., I haven't yet went into the trouble of >>>> adding the begin/end TB or branch events). >> >>> I don't know what do you mean by events, but we sure can join efforts on >>> coverage with Qemu. >> >> Well, my target is not code coverage, but generating events that can be used >> for >> architecture simulation. In any case, there will surely be trace events that >> we're both interested in (e.g., TB start and branch). >> > OK I thought you were talking about coverage. I'm not sure if and how we > can implement coverage using your events but for the moment both > features can cohabit. You would just plug in your code in the guest branch instruction and TB begin/end hooks. Lluis -- "And it's much the same thing with knowledge, for whenever you learn something new, the whole world becomes that much richer." -- The Princess of Pure Reason, as told by Norton Juster in The Phantom Tollbooth
