[Qemu-devel] RFC: Instruction Counting Debug Facilities

[Qemu-devel] RFC: Instruction Counting Debug Facilities

[Christopher Covington]

Hi,

Please find in this series two small patches adding debugging
facilities related to instruction counting. My ultimate goal is to
provide accurate instruction counts to target software through
the Performance Monitors Unit (PMU) and enable the collection of
Basic Block Vectors (BBVs). These patches are intended to
facilitate future work towards that. Please let me know if you
think there are better ways to accomplish these goals.

My only reason for hiding the instruction count exit notifier
behind -icount shift=n is that I figure the kind of person who is
interested in such a metric is the kind of person who would
want to run with -icount shift=n set. Perhaps there's a statistics
or verbose option that would be more appropriate to key off of.
Additionally printing MIPS would be even neater, but I leave that
for later.

Thanks,
Christopher Covington

-- 
Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, 
a Linux Foundation Collaborative Project

[Qemu-devel] [RFC 1/2] icount: Print instruction count on exit

[Christopher Covington]

When -icount shift=n is in use, print the instruction count when
finished. In conjunction with the `time` command, this can be used to
calculate how many instructions per second QEMU TCG can translate and
execute. The output can also be used to double-check future facilities
such as exposing the instruction count to guest/target software
through interfaces such as an emulated Performance Monitors Unit.

Signed-off-by: Christopher Covington <cov@codeaurora.org>
---
 cpus.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/cpus.c b/cpus.c
index a822ce3..b0bc8ec 100644
--- a/cpus.c
+++ b/cpus.c
@@ -511,6 +511,13 @@ void cpu_ticks_init(void)
     vmstate_register(NULL, 0, &vmstate_timers, &timers_state);
 }
 
+static Notifier icount_exit_notifier;
+
+static void print_instruction_count(Notifier *notifier, void *data)
+{
+    printf("Executed %"PRId64" target instructions.\n", cpu_get_icount_raw());
+}
+
 void configure_icount(QemuOpts *opts, Error **errp)
 {
     const char *option;
@@ -541,6 +548,8 @@ void configure_icount(QemuOpts *opts, Error **errp)
         if (errno != 0 || *rem_str != '\0' || !strlen(option)) {
             error_setg(errp, "icount: Invalid shift value");
         }
+        icount_exit_notifier.notify = &print_instruction_count;
+        qemu_add_exit_notifier(&icount_exit_notifier);
         use_icount = 1;
         return;
     } else if (icount_align_option) {
-- 
Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project

[Qemu-devel] [RFC 2/2] qemu-log: Add in_icount option

[Christopher Covington]

This allows one to see the size of blocks that get translated (in
target instructions) without the verbosity that in_asm would bring.
This is a step towards generating Basic Block Vectors (BBVs)* which
are histograms of blocks within a given interval. BBVs are useful in
determining whether one interval is similar to another. Note that this
does not yet provide useful information for circular chains of blocks
nor partially executed blocks. When such cases are handled reliably,
this output can also be used to double-check future facilities such as
exposing the instruction count to guest/target software through
interfaces such as an emulated Performance Monitors Unit.

* "Basic Block" used loosely; single-entry not guaranteed.

Signed-off-by: Christopher Covington <cov@codeaurora.org>
---
 include/qemu/log.h         | 1 +
 qemu-log.c                 | 2 ++
 target-arm/translate-a64.c | 4 ++++
 3 files changed, 7 insertions(+)

diff --git a/include/qemu/log.h b/include/qemu/log.h
index 0b0eef5..6c000ae 100644
--- a/include/qemu/log.h
+++ b/include/qemu/log.h
@@ -41,6 +41,7 @@ static inline bool qemu_log_enabled(void)
 #define LOG_UNIMP          (1 << 10)
 #define LOG_GUEST_ERROR    (1 << 11)
 #define CPU_LOG_MMU        (1 << 12)
+#define CPU_LOG_TB_IN_ICOUNT (1 << 13)
 
 /* Returns true if a bit is set in the current loglevel mask
  */
diff --git a/qemu-log.c b/qemu-log.c
index b3ebd3c..4a6cbc2 100644
--- a/qemu-log.c
+++ b/qemu-log.c
@@ -154,6 +154,8 @@ const QEMULogItem qemu_log_items[] = {
       "show generated host assembly code for each compiled TB" },
     { CPU_LOG_TB_IN_ASM, "in_asm",
       "show target assembly code for each compiled TB" },
+    { CPU_LOG_TB_IN_ICOUNT, "in_icount",
+      "show target instruction count for each compiled TB" },
     { CPU_LOG_TB_OP, "op",
       "show micro ops for each compiled TB" },
     { CPU_LOG_TB_OP_OPT, "op_opt",
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 0b0f4ae..4877c30 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -11132,6 +11132,10 @@ done_generating:
     gen_tb_end(tb, num_insns);
 
 #ifdef DEBUG_DISAS
+    if (qemu_loglevel_mask(CPU_LOG_TB_IN_ICOUNT) &&
+        qemu_log_in_addr_range(pc_start)) {
+        qemu_log("0x" TARGET_FMT_lx " [size=%d]\n", pc_start, num_insns);
+    }
     if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM) &&
         qemu_log_in_addr_range(pc_start)) {
         qemu_log("----------------\n");
-- 
Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project