On 9/15/2015 12:30 PM, Peter Maydell wrote:
On 15 September 2015 at 19:38, Scott Dattalo <scott.datt...@gmail.com> wrote:
Question: how can you tell QEmu to create an instruction trace?
You can't, to a first approximation. QEMU's debug logging is
aimed more at telling you what QEMU has done than providing
detailed information on what the guest program is doing.
Thanks Peter. I also supply the '-singlestepping' option and was under
the impression this would break the TB chains, or more specifically,
flush the TB cache. Here's how I invoke qemu:
$ qemu-system-arm -M versatilepb -m 128M -nographic -D trace.log -d
in_asm,cpu,exec -singlestep -kernel myprog.bin
The optimisation that is tripping you up is that we chain TBs together,
which means we will run a long chain of TBs and only print the 'exec'
trace for the first one. (The exec tracing in current git master
will at least tell you when it's linked two TBs so you can
decipher from this some info on what TBs have been executed.)
Adding a -d option to disable the TB chaining is something we're
discussing, but I don't think anybody's written a patch yet.
(It would not be a complicated change.)
I think there is a fork produce by Cedric Vincent:
https://github.com/cedric-vincent/qemu/tree/master/tcg/plugins
The idea is to allow the TCI to be instrumented with scripts. The QEmu
source in github does not contain this code.
Scott
