[Qemu-devel] profiling software execution using qemu

[Qemu-devel] profiling software execution using qemu

[Bahadir Balban]

I would like to trace instruction execution using QEMU. Is this
possible?

Ideally I would like to dump all executed instruction locations to a
file, then match this information to function names based on the debug
symbols in my ELF file, then finally analyze the parts that execute the
most. Is this possible with qemu? Anyone who did this kind of work?

Thanks,

-- 
Bahadir Balban

Re: [Qemu-devel] profiling software execution using qemu

[Lluís]

Bahadir Balban writes:

> I would like to trace instruction execution using QEMU. Is this
> possible?

> Ideally I would like to dump all executed instruction locations to a
> file, then match this information to function names based on the debug
> symbols in my ELF file, then finally analyze the parts that execute the
> most. Is this possible with qemu? Anyone who did this kind of work?

If you want it for x86, you might use this (I still haven't inserted
points for other architectures):

   git clone https://code.gso.ac.upc.edu/git/qemu-instrument
   https://projects.gso.ac.upc.edu/projects/qemu-instrument

This is just a set of static instrumentation points, what to do with
them is up to you. If you just want tracing the addresses you could
simply define a INSTR_GEN_FETCH that calls a helper you must define
that, in turn, writes your information into disk by any means you see
fit.

Note that this is just a proof of concept, so in the worst case it can
give you some hints on where to look for the information that you want.

Lluis

-- 
 "And it's much the same thing with knowledge, for whenever you learn
 something new, the whole world becomes that much richer."
 -- The Princess of Pure Reason, as told by Norton Juster in The Phantom
 Tollbooth