From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HX5uD-0004eM-Ch for qemu-devel@nongnu.org; Thu, 29 Mar 2007 21:27:53 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HX5uB-0004be-Vb for qemu-devel@nongnu.org; Thu, 29 Mar 2007 21:27:53 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HX5uB-0004bB-MC for qemu-devel@nongnu.org; Thu, 29 Mar 2007 20:27:51 -0500 Received: from wx-out-0506.google.com ([66.249.82.238]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1HX5rX-0007dZ-DZ for qemu-devel@nongnu.org; Thu, 29 Mar 2007 21:25:07 -0400 Received: by wx-out-0506.google.com with SMTP id i30so541101wxd for ; Thu, 29 Mar 2007 18:25:06 -0700 (PDT) Message-ID: <12835c8f0703291825w6caf4e74n99c7e5f9f691cbf2@mail.gmail.com> Date: Thu, 29 Mar 2007 18:25:06 -0700 From: "Shashidhar Mysore" Subject: Re: [Qemu-devel] Re: PC traces from QEMU In-Reply-To: <87ejn80xi8.fsf@brigitte.dna.fi> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_33049_27535419.1175217906685" References: <12835c8f0703261313j45f7e23cx1773a20845370a4e@mail.gmail.com> <87ejn80xi8.fsf@brigitte.dna.fi> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: ananaza@iki.fi, qemu-devel@nongnu.org ------=_Part_33049_27535419.1175217906685 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi Antti, Thanks for the reply. Honestly, I am new to QEMU, hence I just tried following the steps you had mentioned to extract PCs without actually knowing what each of those mean. As you had said, - I defined DEBUG_EXEC in cpu-exec.c - I disabled USE_DIRECT_JUMP in exec-all.h - I disabled USE_CODE_COPY in target-i386/cpu.h - I hardcoded force_dc->jmp_opt to equal zero in target-i386/translate.c (force_dc->jmp_opt = 0;) However, when I try to make the qemu-0.9.0 that I have, I get the following error - ########################################################## $ make .... /qemu-0.9.0-trial/target-i386/translate.c /qemu-0.9.0-trial/target-i386/translate.c: In function `gen_goto _tb': /qemu-0.9.0-trial/target-i386/translate.c:1766: error: too many arguments to function `gen_op_goto_tb0' /qemu-0.9.0-trial/target-i386/translate.c:1768: error: too many arguments to function `gen_op_goto_tb1' make[1]: *** [translate.o] Error 1 make[1]: Leaving directory `/qemu-0.9.0-trial/i386-linux-user' make: *** [subdir-i386-linux-user] Error 2 ###################################################### Do you know if I'm doing something wrong here? Also, since qemu-0.7 doesn't seem to be available for download from the qemu webpage, I couldn't try the same with qemu-0.7. I appreciate your help on this. Thanks, -Shashi. On 3/29/07, Antti P Miettinen wrote: > > "Shashidhar Mysore" writes: > > I intend to extract program counter streams from QEMU as a program > executes. > > Can you please point me to the hooks that I may have to insert into the > QEMU > > source code in order to extract the PC values? > > I used to do that with qemu 0.7. I did not dig into this deep enough > to find the minimal changes but at least the following was enough: > - define DEBUG_EXEC in cpu-exec.c > - disable USE_DIRECT_JUMP in exec-all.h > - disable USE_CODE_COPY in target-i386/cpu.h > - force dc->jmp_opt to zero in target-i386/translate.c > Would be nice if enabling PC traces were possible with e.g. command > line (maybe requiring config time enable would be good too :-) > > -- > http://www.iki.fi/~ananaza/ > > > > ------=_Part_33049_27535419.1175217906685 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi Antti,

Thanks for the reply. Honestly, I am new to QEMU, hence I just tried following the steps you had mentioned to extract PCs without actually knowing what each of those mean.

As you had said,
- I defined DEBUG_EXEC in cpu-exec.c
- I disabled USE_DIRECT_JUMP in exec-all.h
- I disabled USE_CODE_COPY in target-i386/cpu.h
- I hardcoded force_dc->jmp_opt to equal zero in target-i386/translate.c (force_dc->jmp_opt = 0;)

However, when I try to make the qemu-0.9.0 that I have, I get the following error -

##########################################################
$ make
....
/qemu-0.9.0-trial/target-i386/translate.c
/qemu- 0.9.0-trial/target-i386/translate.c: In function `gen_goto _tb':
/qemu-0.9.0-trial/target-i386/translate.c:1766: error: too many arguments to function `gen_op_goto_tb0'
/qemu-0.9.0-trial/target-i386/translate.c:1768: error: too many arguments to function `gen_op_goto_tb1'
make[1]: *** [translate.o] Error 1
make[1]: Leaving directory `/qemu-0.9.0-trial/i386-linux-user'
make: *** [subdir-i386-linux-user] Error 2

######################################################

Do you know if I'm doing something wrong here? Also, since qemu-0.7 doesn't seem to be available for download from the qemu webpage, I couldn't try the same with qemu-0.7. I appreciate your help on this.

Thanks,
-Shashi.

On 3/29/07, Antti P Miettinen <ananaza@iki.fi> wrote:
"Shashidhar Mysore" <shashimc@gmail.com> writes:
> I intend to extract program counter streams from QEMU as a program executes.
> Can you please point me to the hooks that I may have to insert into the QEMU
> source code in order to extract the PC values?

I used to do that with qemu 0.7. I did not dig into this deep enough
to find the minimal changes but at least the following was enough:
- define DEBUG_EXEC in cpu-exec.c
- disable USE_DIRECT_JUMP in exec-all.h
- disable USE_CODE_COPY in target-i386/cpu.h
- force dc->jmp_opt to zero in target-i386/translate.c
Would be nice if enabling PC traces were possible with e.g. command
line (maybe requiring config time enable would be good too :-)

--
http://www.iki.fi/~ananaza/




------=_Part_33049_27535419.1175217906685--