=0A=0A =0A =0A =0A =0A =0A =0A =0A =0A =0A

= =0A

=0A

Hi,

=0A

I think the correct way to get the = full instruction trace on a MIPS emulated processor is:

=0A

-Disabling the tb cache: I &nbs= p;did this by modifying the tb_find_slow() and tb_find_fast() function= s to ever go to "not_found" label where the code is translated with no cach= e searches.

=0A

<= br>

-Loggin the PC and the instruction: I created a qemu_log() function clon= e and call it just before executing decode_opc() on target-mips/translate.c=

=0A

<= p dir=3D"ltr" style=3D"text-align: left;">Please, can any one tell me if it is correct or if I = am missing something?

=0A

I made some tests using this method but it is very very slo= w. Is there a more efficient way to obtain the full instruction trace for a= MIPS target processor emulated on qemu?

=0A

thanks,

=0A

=0A
=0A=0A=0A

Veja quais s=E3o os assuntos do momento no= Yahoo! + Buscados: Top 10 - C= elebridades - M=FAsica - Esportes --0-1051222551-1270505359=:90232-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NyuzV-0004ja-Pi for qemu-devel@nongnu.org; Mon, 05 Apr 2010 18:41:57 -0400 Received: from [140.186.70.92] (port=60089 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NyuzU-0004jR-CR for qemu-devel@nongnu.org; Mon, 05 Apr 2010 18:41:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NyuzS-0006E7-Px for qemu-devel@nongnu.org; Mon, 05 Apr 2010 18:41:56 -0400 Received: from are.twiddle.net ([75.149.56.221]:57479) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NyuzS-0006E0-Gh for qemu-devel@nongnu.org; Mon, 05 Apr 2010 18:41:54 -0400 Message-ID: <4BBA6730.8000102@twiddle.net> Date: Mon, 05 Apr 2010 15:41:52 -0700 From: Richard Henderson MIME-Version: 1.0 Subject: Re: [Qemu-devel] full dynamic instruction trace for MIPS target References: <639622.90232.qm@web43140.mail.sp1.yahoo.com> In-Reply-To: <639622.90232.qm@web43140.mail.sp1.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?ISO-8859-1?Q?Boris_C=E1mara?= Cc: qemu-devel@nongnu.org On 04/05/2010 03:09 PM, Boris C=E1mara wrote: > I think the correct way to get the full instruction trace on a MIPS > emulated processor is: -singlestep -d exec That gives you the address of each instruction executed. I'm not sure what else you want than this, as you havn't said. r~ From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Nyvf4-0003uz-CY for qemu-devel@nongnu.org; Mon, 05 Apr 2010 19:24:54 -0400 Received: from [140.186.70.92] (port=46096 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Nyvf2-0003ur-6S for qemu-devel@nongnu.org; Mon, 05 Apr 2010 19:24:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1Nyvez-0001jg-BF for qemu-devel@nongnu.org; Mon, 05 Apr 2010 19:24:52 -0400 Received: from web43141.mail.sp1.yahoo.com ([216.252.121.71]:41193) by eggs.gnu.org with smtp (Exim 4.69) (envelope-from ) id 1Nyvey-0001jP-Vh for qemu-devel@nongnu.org; Mon, 05 Apr 2010 19:24:49 -0400 Message-ID: <757931.74752.qm@web43141.mail.sp1.yahoo.com> References: <639622.90232.qm@web43140.mail.sp1.yahoo.com> <4BBA6730.8000102@twiddle.net> Date: Mon, 5 Apr 2010 16:24:47 -0700 (PDT) From: =?iso-8859-1?Q?Boris_C=E1mara?= Subject: Res: [Qemu-devel] full dynamic instruction trace for MIPS target In-Reply-To: <4BBA6730.8000102@twiddle.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-969607361-1270509887=:74752" List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org --0-969607361-1270509887=:74752 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable I need the PC and the executated instruction to extract a complete trace of= the execution in a file.=0A=0AI found since the translation block is cache= d the "-d in_asm" option with not output a complete execution trace. Only w= hen the TB is cached is logged.=0A=0AWhat does -singlestep means?=0A=0Athan= ks,=0A=0A=0A=0A=0A________________________________=0ADe: Richard Henderson = =0APara: Boris C=E1mara =0ACc: qemu= -devel@nongnu.org=0AEnviadas: Segunda-feira, 5 de Abril de 2010 19:41:52=0A= Assunto: Re: [Qemu-devel] full dynamic instruction trace for MIPS target=0A= =0AOn 04/05/2010 03:09 PM, Boris C=E1mara wrote:=0A> I think the correct wa= y to get the full instruction trace on a MIPS=0A> emulated processor is:=0A= =0A-singlestep -d exec=0A=0AThat gives you the address of each instruction = executed.=0AI'm not sure what else you want than this, as you havn't said.= =0A=0A=0Ar~=0A=0A=0A _________________________________________________= ___________________________________=0AVeja quais s=E3o os assuntos do momen= to no Yahoo! +Buscados=0Ahttp://br.maisbuscados.yahoo.com --0-969607361-1270509887=:74752 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable

I need the PC and the executated instruction to extract a complete = trace of the execution in a file.

I found since the translation bloc= k is cached the "-d in_asm" option with not output a complete execution tra= ce. Only when the TB is cached is logged.

What does -singlestep mean= s?

thanks,

= De: Richard Henderson <= rth@twiddle.net>
Para: Boris C=E1mara <vesmar@rocketmail.com>
Cc: qemu-devel@nongnu.org
Enviadas: Segunda-feira, 5 de Abril de 2010 19:41:52
= Assunto: Re: [Qemu-devel] = full dynamic instruction trace for MIPS target

On 04/05/2010 = 03:09 PM, Boris C=E1mara wrote:
> I think the correct way to get the = full instruction trace on a MIPS
> emulated processor is:

-sin= glestep -d exec

That gives you the address of each instruction execu= ted.
I'm not sure what else you want than this, as you havn't said.
<= br>
r~

=0A

=0A=0A=0A
V= eja quais s=E3o os assuntos do momento no Yahoo! + Buscados: = Top 10 - Celebridades - M=FAsica - Esportes --0-969607361-1270509887=:74752-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NyxoX-0006eI-Oa for qemu-devel@nongnu.org; Mon, 05 Apr 2010 21:42:49 -0400 Received: from [140.186.70.92] (port=38498 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NyxoW-0006e5-Iy for qemu-devel@nongnu.org; Mon, 05 Apr 2010 21:42:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NyxoU-00053G-V6 for qemu-devel@nongnu.org; Mon, 05 Apr 2010 21:42:48 -0400 Received: from csl.cornell.edu ([128.84.224.10]:4325 helo=vlsi.csl.cornell.edu) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NyxoU-00051p-Rh for qemu-devel@nongnu.org; Mon, 05 Apr 2010 21:42:46 -0400 Date: Mon, 5 Apr 2010 21:41:52 -0400 (EDT) From: Vince Weaver Subject: Re: [Qemu-devel] full dynamic instruction trace for MIPS target In-Reply-To: <639622.90232.qm@web43140.mail.sp1.yahoo.com> Message-ID: References: <639622.90232.qm@web43140.mail.sp1.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?iso-8859-1?Q?Boris_C=E1mara?= Cc: qemu-devel@nongnu.org > I think the correct way to get the full instruction trace on a MIPS > emulated processor is: the way you describe is slow because you are constantly re-generating the TBs. The best way to do this is to add your instrumentation to the TBs. I have code that does that for a recent version of Qemu here: http://www.csl.cornell.edu/~vince/projects/qemusim/ although it outputs Basic-Block vectors, not a full memory trace like you want. It has been validated to match proper instruction counts using hardware performnce counters though. I also have code creating full instruction/memory traces for Qemu MIPS that can be found here: http://www.csl.cornell.edu/~vince/projects/qemu-trace/ but it's against Qemu from 2007 pre-dating the TCG changeover so of limited use probably. I hvae some code somewhere that updated this to work with TCG but I don't know what happened to it. Vince From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NzI2B-0002R5-M8 for qemu-devel@nongnu.org; Tue, 06 Apr 2010 19:18:15 -0400 Received: from [140.186.70.92] (port=46903 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NzI29-0002Qx-VW for qemu-devel@nongnu.org; Tue, 06 Apr 2010 19:18:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NzI27-0002DU-GN for qemu-devel@nongnu.org; Tue, 06 Apr 2010 19:18:13 -0400 Received: from web43135.mail.sp1.yahoo.com ([216.252.121.65]:43484) by eggs.gnu.org with smtp (Exim 4.69) (envelope-from ) id 1NzI27-0002DC-4P for qemu-devel@nongnu.org; Tue, 06 Apr 2010 19:18:11 -0400 Message-ID: <744151.25169.qm@web43135.mail.sp1.yahoo.com> References: <639622.90232.qm@web43140.mail.sp1.yahoo.com> Date: Tue, 6 Apr 2010 16:18:08 -0700 (PDT) From: =?iso-8859-1?Q?Boris_C=E1mara?= Subject: Res: [Qemu-devel] full dynamic instruction trace for MIPS target In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-1694909956-1270595888=:25169" List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Vince Weaver Cc: qemu-devel@nongnu.org --0-1694909956-1270595888=:25169 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hi Vince, =0AThe aproach you are using on http://www.csl.cornell.edu/~vince= /projects/qemu-trace/ to get the PC dump is similar to mine but as you dont= disable the TB caches It is not a full execution trace. You only dump the = PC when they are compiled and inserted on the TB cache. When qemu needs to= execute the same code again, tb_find_slow() will find it was cached so yo= ur code wont dump the executed PCs again beacuse tb_gen_code() wont be ca= lled this time.=0A=0AOn http://www.csl.cornell.edu/~vince/projects/qemus= im/ I found the same logic because you call the helper function inside of g= en_intermediate_code_internal() which is called by tb_find_slow() too.=0A= =0ASo, as far as i understand if tb_find_slow() find the previously cached= PC on the TB vector, your dump_pc() helper functions will not be called ag= ain for this TB.=0A=0ADid you get correct values for your counters in bbvs[= bb] ?=0A=0AI didnt run your patch yet so I m not sure that I said is 100% = correct. :)=0A=0A=0A=0A=0A=0A________________________________=0ADe: Vince W= eaver =0APara: Boris C=E1mara =0ACc: qemu-devel@nongnu.org=0AEnviadas: Segunda-feira, 5 de Abril de 2010= 22:41:52=0AAssunto: Re: [Qemu-devel] full dynamic instruction trace for MI= PS target=0A=0A=0A> I think the correct way to get the full instruction tra= ce on a MIPS =0A> emulated processor is:=0A=0Athe way you describe is slow = because you are constantly re-generating the =0ATBs. The best way to do th= is is to add your instrumentation to the TBs.=0A=0AI have code that does th= at for a recent version of Qemu here:=0A http://www.csl.cornell.edu/~vince= /projects/qemusim/=0A=0Aalthough it outputs Basic-Block vectors, not a full= memory trace like you =0Awant. It has been validated to match proper inst= ruction counts using =0Ahardware performnce counters though.=0A=0AI also ha= ve code creating full instruction/memory traces for Qemu MIPS =0Athat can b= e found here:=0A http://www.csl.cornell.edu/~vince/projects/qemu-trace/=0A= =0Abut it's against Qemu from 2007 pre-dating the TCG changeover so of =0Al= imited use probably. I hvae some code somewhere that updated this to =0Awo= rk with TCG but I don't know what happened to it.=0A=0AVince=0A=0A=0A = ___________________________________________________________________________= _________=0AVeja quais s=E3o os assuntos do momento no Yahoo! +Buscados=0Ah= ttp://br.maisbuscados.yahoo.com --0-1694909956-1270595888=:25169 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable
Hi Vince,
The aproach you are using on http://www.= csl.cornell.edu/~vince/projects/qemu-trace/ to get the PC dump is simil= ar to mine but as you dont disable the TB caches It is not a full execution= trace. You only dump the PC when they are compiled and inserted on the TB= cache. When qemu needs to execute the same code again, tb_find_slow() will= find it was cached so your code wont dump the executed PCs again beacuse = tb_gen_code() wont be called this time.

On http://www.csl.cornell.edu/~vince/projects/qemusim/ I found the sam= e logic because you call the helper function inside of gen_intermediate_code_internal() which is called by tb_find_slow() too.
So, as far as i understand if tb_find_slow() find the previously= cached PC on the TB vector, your dump_pc() helper functions will not be ca= lled again for this TB.

Did you get correct values for your counters= in bbvs[bb] ?

I didnt run your patch yet so I m not sure that I sa= id is 100% correct. :)

De: Vince Weaver = <vince@csl.cornell.edu>
Para= : Boris C=E1mara <vesmar@rocketmail.com>
Cc: qemu-devel@nongnu.org
Enviadas: Segunda-feira, 5 de Abril d= e 2010 22:41:52
Assunto: Re: = [Qemu-devel] full dynamic instruction trace for MIPS target

<= br>> I think the correct way to get the full instruction trace on a MIPS=
> emulated processor is:

the way you describe is slow becaus= e you are constantly re-generating the
TBs. The best way to do th= is is to add your instrumentation to the TBs.

I have code that does = that for a recent version of Qemu here:
http://www.csl.c= ornell.edu/~vince/projects/qemusim/

although it outputs Basic-Bl= ock vectors, not a full memory trace like you
want. It has been v= alidated to match proper instruction counts using
hardware performnce c= ounters though.

I also have code creating full instruction/memory tr= aces for Qemu MIPS
that can be found here:
http://www.csl.cornell.edu/~vince/projects/qemu-trace/
<= br>but it's against Qemu from 2007 pre-dating the TCG changeover so of
= limited use probably. I hvae some code somewhere that updated this to=
work with TCG but I don't know what happened to it.

Vince

=0A

=0A=0A=0A
Veja quais s= =E3o os assuntos do momento no Yahoo! + Buscados: Top 10 = - Celebridades - M= =FAsica - Esportes --0-1694909956-1270595888=:25169-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NzL6V-00067U-JQ for qemu-devel@nongnu.org; Tue, 06 Apr 2010 22:34:55 -0400 Received: from [140.186.70.92] (port=51796 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NzL6T-00067M-AP for qemu-devel@nongnu.org; Tue, 06 Apr 2010 22:34:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NzL6R-0002aq-Ho for qemu-devel@nongnu.org; Tue, 06 Apr 2010 22:34:53 -0400 Received: from csl.cornell.edu ([128.84.224.10]:4995 helo=vlsi.csl.cornell.edu) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NzL6R-0002aH-DB for qemu-devel@nongnu.org; Tue, 06 Apr 2010 22:34:51 -0400 Date: Tue, 6 Apr 2010 22:33:57 -0400 (EDT) From: Vince Weaver Subject: Re: Res: [Qemu-devel] full dynamic instruction trace for MIPS target In-Reply-To: <744151.25169.qm@web43135.mail.sp1.yahoo.com> Message-ID: References: <639622.90232.qm@web43140.mail.sp1.yahoo.com> <744151.25169.qm@web43135.mail.sp1.yahoo.com> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="1417687520-1676866973-1270607637=:13414" List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?iso-8859-1?Q?Boris_C=E1mara?= Cc: qemu-devel@nongnu.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --1417687520-1676866973-1270607637=:13414 Content-Type: TEXT/PLAIN; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 6 Apr 2010, Boris C=C3=A1mara wrote: >The aproach you are using on=20 >http://www.csl.cornell.edu/~vince/projects/qemu-trace/ to get the PC dump= =20 >is similar to mine but as you dont disable the TB caches It is not a full= =20 >execution trace.=20 I can assure you that it does in fact work. > You only dump the PC when they are compiled and inserted=20 > on the TB cache. no, look closer. My code at instrumentation time inserts a helper-op=20 after each instruction. This is like a virtual instruction that lives in= =20 the TB and calls my counting function. So each time the TB is re-executed= =20 the calls happen again, as they are part of the TB instruction stream. > Did you get correct values for your counters in bbvs[bb] ? yes. And the resuts match valgrind, pin, and hardware performance=20 counters. Vince ________________________________ De: Vince Weaver Para: Boris C=C3=A1mara Cc: qemu-devel@nongnu.org Enviadas: Segunda-feira, 5 de Abril de 2010 22:41:52 Assunto: Re: [Qemu-devel] full dynamic instruction trace for MIPS target > I think the correct way to get the full instruction trace on a MIPS=20 > emulated processor is: the way you describe is slow because you are constantly re-generating the= =20 TBs. The best way to do this is to add your instrumentation to the TBs. I have code that does that for a recent version of Qemu here: http://www.csl.cornell.edu/~vince/projects/qemusim/ although it outputs Basic-Block vectors, not a full memory trace like you= =20 want. It has been validated to match proper instruction counts using=20 hardware performnce counters though. I also have code creating full instruction/memory traces for Qemu MIPS=20 that can be found here: http://www.csl.cornell.edu/~vince/projects/qemu-trace/ but it's against Qemu from 2007 pre-dating the TCG changeover so of=20 limited use probably. I hvae some code somewhere that updated this to=20 work with TCG but I don't know what happened to it. Vince _____________________________________________________________________= _______________ Veja quais s=C3=A3o os assuntos do momento no Yahoo! +Buscados http://br.maisbuscados.yahoo.com --=20 /* Vince Weaver vince@csl.cornell.edu http://csl.cornell.edu/~vince */ main(){char O,o[66]=3D"|\n\\/_ ",*I=3Do+7,l[]=3D"B!FhhBHCWE9C?cJFKET$+h'Iq= *chT" ,i=3D0,_;while(_=3Dl[i++])for(O=3D0;O++<_>>5;)*I=3D*(I++-(_&31));*I=3D0;put= s(o+5);} --1417687520-1676866973-1270607637=:13414-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NzYKk-0006YX-QC for qemu-devel@nongnu.org; Wed, 07 Apr 2010 12:42:30 -0400 Received: from [140.186.70.92] (port=54855 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NzYKf-0006Wb-9s for qemu-devel@nongnu.org; Wed, 07 Apr 2010 12:42:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NzYKZ-0007wj-EL for qemu-devel@nongnu.org; Wed, 07 Apr 2010 12:42:25 -0400 Received: from web43132.mail.sp1.yahoo.com ([216.252.121.62]:23960) by eggs.gnu.org with smtp (Exim 4.69) (envelope-from ) id 1NzYKZ-0007wV-4Q for qemu-devel@nongnu.org; Wed, 07 Apr 2010 12:42:19 -0400 Message-ID: <923436.51543.qm@web43132.mail.sp1.yahoo.com> References: <639622.90232.qm@web43140.mail.sp1.yahoo.com> <744151.25169.qm@web43135.mail.sp1.yahoo.com> Date: Wed, 7 Apr 2010 09:42:17 -0700 (PDT) From: =?iso-8859-1?Q?Boris_C=E1mara?= Subject: Res: Res: [Qemu-devel] full dynamic instruction trace for MIPS target In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Vince Weaver Cc: qemu-devel@nongnu.org >This is like a virtual instruction that lives in =0A>the TB and calls my c= ounting function. So each time the TB is re-executed =0A>the calls happen = again, as they are part of the TB instruction stream.=0A=0AIt sounds good! = Today a will apply the patches and run it to get a better understanding.=0A= =0A> Did you get correct values for your counters in bbvs[bb] ?=0A=0AYes, c= oncidently last week I have read your HIPEAC paper, great job.=0A=0A_______= _________________________=0ADe: Vince Weaver =0APara= : Boris C=E1mara =0ACc: qemu-devel@nongnu.org=0AEnvi= adas: Ter=E7a-feira, 6 de Abril de 2010 23:33:57=0AAssunto: Re: Res: [Qemu-= devel] full dynamic instruction trace for MIPS target=0A=0AOn Tue, 6 Apr 20= 10, Boris C=E1mara wrote:=0A=0A>The aproach you are using on =0A>http://www= .csl.cornell.edu/~vince/projects/qemu-trace/ to get the PC dump =0A>is simi= lar to mine but as you dont disable the TB caches It is not a full =0A>exec= ution trace. =0A=0AI can assure you that it does in fact work.=0A=0A> You o= nly dump the PC when they are compiled and inserted =0A> on the TB cache.= =0A=0Ano, look closer. My code at instrumentation time inserts a helper-op= =0Aafter each instruction. This is like a virtual instruction that lives = in =0Athe TB and calls my counting function. So each time the TB is re-exe= cuted =0Athe calls happen again, as they are part of the TB instruction str= eam.=0A=0A> Did you get correct values for your counters in bbvs[bb] ?=0A= =0Ayes. And the resuts match valgrind, pin, and hardware performance =0Aco= unters.=0A=0AVince=0A=0A=0A=0A________________________________=0ADe: Vince = Weaver =0APara: Boris C=E1mara =0ACc: qemu-devel@nongnu.org=0AEnviadas: Segunda-feira, 5 de Abril de 201= 0 22:41:52=0AAssunto: Re: [Qemu-devel] full dynamic instruction trace for M= IPS target=0A=0A=0A> I think the correct way to get the full instruction tr= ace on a MIPS =0A> emulated processor is:=0A=0Athe way you describe is slow= because you are constantly re-generating the =0ATBs. The best way to do t= his is to add your instrumentation to the TBs.=0A=0AI have code that does t= hat for a recent version of Qemu here:=0A http://www.csl.cornell.edu/~vinc= e/projects/qemusim/=0A=0Aalthough it outputs Basic-Block vectors, not a ful= l memory trace like you =0Awant. It has been validated to match proper ins= truction counts using =0Ahardware performnce counters though.=0A=0AI also h= ave code creating full instruction/memory traces for Qemu MIPS =0Athat can = be found here:=0A http://www.csl.cornell.edu/~vince/projects/qemu-trace/= =0A=0Abut it's against Qemu from 2007 pre-dating the TCG changeover so of = =0Alimited use probably. I hvae some code somewhere that updated this to = =0Awork with TCG but I don't know what happened to it.=0A=0AVince=0A=0A=0A = ______________________________________________________________________= ______________=0AVeja quais s=E3o os assuntos do momento no Yahoo! +Buscado= s=0Ahttp://br.maisbuscados.yahoo.com=0A=0A-- =0A/* Vince Weaver vince@csl= .cornell.edu http://csl.cornell.edu/~vince */=0A=0Amain(){char O,o[66]=3D= "|\n\\/_ ",*I=3Do+7,l[]=3D"B!FhhBHCWE9C?cJFKET$+h'Iq*chT"=0A,i=3D0,_;while= (_=3Dl[i++])for(O=3D0;O++<_>>5;)*I=3D*(I++-(_&31));*I=3D0;puts(o+5);}=0A=0A= =0A __________________________________________________________________= __________________=0AVeja quais s=E3o os assuntos do momento no Yahoo! +Bus= cados=0Ahttp://br.maisbuscados.yahoo.com