Perhaps you're looking for something like this? https://wiki.qemu.org/Internships/ProjectIdeas/CacheModelling
QEMU also supports a GDB stub, which might help with your last question. https://wiki.qemu.org/Features/gdbstub On Mon, Mar 30, 2020 at 7:31 AM Marc Hacin <[email protected]> wrote: > AFAIK, valgrind is not cross-architecture (their dev team is thinking > about that but it seems complicated). > > Perhaps is it possible to build some similar analysis fonctionnality on > top of the new TCG plugins of QEMU ? Is it planned ? > > At first I need some sort of taintgrind plugin. I guess that the process > of translation to host code will produce all the side-effects of > registers spilling existing in the guest code. Am I right ? > > I have just tested a bit the plugins from the head/master branch. > Is there an API to find symbols->value in the guest code/data ? Shall I > pass a second time the ELF image to argv's plugin and then "help myself" > ? what about relocations if user mode code ? > > > Sorry, I am not sure if plugin development falls into "users" or "devel" > activities. > > -- > Thierry Bernier > >
