wanghw364 <wanghw...@163.com> writes:
> Hi all, > > Does qemu-system-riscv64 have any plugin or tools that can support target > program function trace feature? > > It seems there is no such feature under > link:https://gitlab.com/qemu-project/qemu/-/blob/master/docs/devel/tcg-plugins.rst > > > For example, we can use libexeclog.so plugin to trace target program > instruction trace. > > In my case, when I boot linux kernel with qemu, it hangs in the halfway, but > I don't know the hang position in > the code, > > so I want to trace the kernel function calling trace so that I can > find out when and where execution diverges. Not currently but it wouldn't be super hard to write such a thing. However currently we only have debug symbols available for linux-user so that is all the helper qemu_plugin_insn_symbol() will see. You need to teach the linux kernel loader to understand and relocate symbols from an ELF kernel image. Alternatively you could extract then and feed them directly to the plugin. It would then be fairly trivial to stick an execution callback at every function entrance. I suspect KASLR messes things up though. > > Thanks. -- Alex Bennée
