Arnabjyoti Kalita <akal...@cs.stonybrook.edu> writes:
> Hello all, > > I have a requirement to record all the load and store addresses that a > guest makes. I have determined that the load and store address > information can be determined from the below functions - > > static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr, ...); > > and > > static inline void QEMU_ALWAYS_INLINE cpu_store_helper(CPUArchState > *env, target_ulong addr, ...); > > I have instrumented these functions and am recording the values of > "addr" in both cases. Am I instrumenting the correct functions? Yes and no.. the helpers are on the slow path and only get called when a memory access isn't resolved in the fast path in the JIT code. Besides you really don't want to be messing with the guts of the TCG to do this. We have a feature known as TCG plugins which allows for this sort of thing. Have a look at tests/plugins/mem.c for a basic memory plugin that observes all memory accesses. There are more elaborate plugins in contrib/plugins. https://qemu.readthedocs.io/en/latest/devel/tcg-plugins.html > For context, I am using QEMU version 5.0.1. The guest uses x86_64 > architecture and is running Linux kernel 4.4.0. TCG plugins have been available from v4.2 but needed to be enabled specifically in the build. As of 6.1 plugins are enabled by default for all TCG builds although I would recommend running from master if you want to be sure to have all the latest facilities and fixes. > > Thank you very much. > > Best Regards, > Arnabjyoti Kalita -- Alex Bennée
