Hi,
the -icount feature does actually count the number of executed
instructions (with a TB granularity). It is not output directly but used
to simulate the system clock after being scaled by N. In theory this
should allow a deterministic simulation even when interacting with
hardware (e.g., using a simulated HW timer). However, as I understand,
it my be warped by the host execution time in some situations, which
could be non-deterministic.
As far as I know the functionality you are looking for is not directly
available in QEMU, but can be added with a few changes to
arm/translate.c and related files. The num_insns is a counter for the
number of instructions in the TB that is currently being generated.
Regards,
Sebastian
