On 9/15/2015 2:23 PM, Peter Maydell wrote:
On 15 September 2015 at 21:51, Scott Dattalo <scott.datt...@gmail.com> wrote:
I think there is a fork produce by Cedric Vincent:
https://github.com/cedric-vincent/qemu/tree/master/tcg/plugins
The idea is to allow the TCI to be instrumented with scripts. The QEmu
source in github does not contain this code.
Yes. The problem is that there's a gap between "good enough
for my purposes" and "good enough to be able to put into
master" which is very wide and hard to bridge. (For tracing,
you need to have all of:
* doesn't reduce maintainability of the code
* works on all targets and hosts (ideally)
* doesn't reduce performance if you're not using it
* doesn't need to be specially enabled at compile time
for instance.)
I'd like to see better tracing but it needs somebody who
has the time and determination to get working code into
production QEMU.
I know what you mean Peter. If I had the time, I'd like to port the core
of gpsim, the simulator I wrote for PIC microcontrollers, into the QEmu
framework and include a near-zero overhead tracing mechanism.
I'm not familiar with QEmu, but gpsim implements fast tracing by
concisely encoding trace information into a single 32-bit or 64-bit
number. This information is written to a circular array. The trace
information is decoded only when it's needed (usually after the
simulation). But the basic idea is analogous to the TB. In QEmu's case,
the trace information could be determined by the TCG at the point the
guest code is cached into a TB. It should be straight forward to create
a new host-agnostic TCG frontend OP that is conditionally inserted at
the beginning of the translation block. The condition should be defined
at the invocation of QEmu (as opposed to during the buildinf of QEmu).
This proposal does incur a performance hit if it is not used, and thus
may not meet your acceptance. The penalty is when the guest code is
translated QEmu has to determine whether or not to insert this special
new frontend OP. I don't have a sense if this is significant or not.
However, since -singlestepping already incurs overhead, perhaps this
feature can hide behind that option.
Scott
