* [Qemu-devel] Precise guest instruction count. @ 2009-03-09 9:38 Steffen Liebergeld 2009-03-09 21:56 ` Laurent Desnogues 2009-03-10 1:55 ` [Qemu-devel] " Paul Brook 0 siblings, 2 replies; 8+ messages in thread From: Steffen Liebergeld @ 2009-03-09 9:38 UTC (permalink / raw) To: qemu-devel Hi Qemu developers, I am trying to do some measurements in Qemu. I want to get the precise number of guest instructions at certain points in the emulation. The output is triggered by a NOP guest instruction with a special value in two registers (to rule out other NOPs). I have difficulties getting to know the number of guest instructions. I tried to use the -icount switch, but this leads to timeout errors whenever the guest tries to use the network. So I inserted a line into gen_icount_end, which ,regardless of the value use_icount, increments qemu_icount by num_insns. I assume, that the code of gen_icount_end is appended to all TBs and run whenever the TB is run (please correct me if I'm wrong). I have some code in the guest, which does some calculations. I let it do the calculations several times in a row, always discarding the results of the previous run. I trigger the NOP always before the calculation and Qemu gives me the following as values of qemu_icount: First run: 835032 Second run: 837176 Third run: 837179 Fourth and subsequent runs: 837180 I guess that the behaviour is caused by chaining of TBs. The execution flow jumps directly to the next TB without running the code of gen_icount_end at the end of the TB. I do not use Kqemu for this test. So my question is how can I get accurate guest instruction count number? Any help is appreciated. Steffen Liebergeld ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Precise guest instruction count. 2009-03-09 9:38 [Qemu-devel] Precise guest instruction count Steffen Liebergeld @ 2009-03-09 21:56 ` Laurent Desnogues 2009-03-11 10:33 ` [Qemu-devel] " Steffen Liebergeld 2009-03-10 1:55 ` [Qemu-devel] " Paul Brook 1 sibling, 1 reply; 8+ messages in thread From: Laurent Desnogues @ 2009-03-09 21:56 UTC (permalink / raw) To: qemu-devel On Mon, Mar 9, 2009 at 10:38 AM, Steffen Liebergeld <usenet@gmx.eu> wrote: > > I have difficulties getting to know the number of guest instructions. I tried > to use the -icount switch, but this leads to timeout errors whenever the guest > tries to use the network. So I inserted a line into gen_icount_end, which > ,regardless of the value use_icount, increments qemu_icount by num_insns. I > assume, that the code of gen_icount_end is appended to all TBs and run > whenever the TB is run (please correct me if I'm wrong). That's almost correct: icount code is inserted at the beginning not appended. You should not try to play with icount code but create your own set of code that replicates it. Something like this: static inline void gen_icount_start(TCGContext *s, TCGv_ptr cpu_env) { TCGv_i64 count; if (!iprofiler.enable_icount) return; count = tcg_temp_new_i64(s); tcg_gen_ld_i64(s, count, cpu_env, offsetof(CPUState, instr_count)); /* This is a horrid hack to allow fixing up the value later. */ iprofiler_tcg.icount_arg = s->gen_opparam_ptr + 1; // LD NOTE this may not work! cf tcg_gen_addi_i64 implementation tcg_gen_addi_i64(s, count, count, 0xdeadbeef); tcg_gen_st_i64(s, count, cpu_env, offsetof(CPUState, instr_count)); tcg_temp_free_i64(s, count); } static void gen_icount_end(int num_insns) { if (iprofiler.enable_icount) { *iprofiler_tcg.icount_arg = (int64_t)num_insns; } } Note the function names I chose are confusing... > I have some code in the guest, which does some calculations. I let it do the > calculations several times in a row, always discarding the results of the > previous run. I trigger the NOP always before the calculation and Qemu gives > me the following as values of qemu_icount: > First run: 835032 > Second run: 837176 > Third run: 837179 > Fourth and subsequent runs: 837180 > > I guess that the behaviour is caused by chaining of TBs. The execution flow > jumps directly to the next TB without running the code of gen_icount_end at > the end of the TB. gen_icount_end is not at the end of the TB, it only patches code that was inserted at the beginning of the TB by gen_icount_start. The variations you see are probably due to timing variations. Even in user mode you can have slightly different results for code that for instance prints elapsed time. HTH, Laurent ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Qemu-devel] Re: Precise guest instruction count. 2009-03-09 21:56 ` Laurent Desnogues @ 2009-03-11 10:33 ` Steffen Liebergeld 2009-03-11 10:42 ` Laurent Desnogues 0 siblings, 1 reply; 8+ messages in thread From: Steffen Liebergeld @ 2009-03-11 10:33 UTC (permalink / raw) To: qemu-devel Hi, Laurent Desnogues <laurent.desnogues@gmail.com> schrieb: > On Mon, Mar 9, 2009 at 10:38 AM, Steffen Liebergeld <usenet@gmx.eu> wrote: > The variations you see are probably due to timing variations. Even in user > mode you can have slightly different results for code that for instance > prints elapsed time. I temporarily disabled timers in Qemu, so normally time should not influence my measurements. Greetings, Steffen ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Re: Precise guest instruction count. 2009-03-11 10:33 ` [Qemu-devel] " Steffen Liebergeld @ 2009-03-11 10:42 ` Laurent Desnogues 2009-03-11 12:53 ` Steffen Liebergeld 0 siblings, 1 reply; 8+ messages in thread From: Laurent Desnogues @ 2009-03-11 10:42 UTC (permalink / raw) To: qemu-devel On Wed, Mar 11, 2009 at 11:33 AM, Steffen Liebergeld <usenet@gmx.eu> wrote: > I temporarily disabled timers in Qemu, so normally time should not influence my > measurements. As Paul explained, in system mode there are other things that can cause interrupts, which you can't disable (unless you have your own emulated OS). Laurent ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Qemu-devel] Re: Precise guest instruction count. 2009-03-11 10:42 ` Laurent Desnogues @ 2009-03-11 12:53 ` Steffen Liebergeld 2009-03-11 13:13 ` Paul Brook 0 siblings, 1 reply; 8+ messages in thread From: Steffen Liebergeld @ 2009-03-11 12:53 UTC (permalink / raw) To: qemu-devel Hi, Laurent Desnogues <laurent.desnogues@gmail.com> schrieb: > On Wed, Mar 11, 2009 at 11:33 AM, Steffen Liebergeld <usenet@gmx.eu> wrote: >> I temporarily disabled timers in Qemu, so normally time should not >> influence my measurements. > > As Paul explained, in system mode there are other things that > can cause interrupts, which you can't disable (unless you have > your own emulated OS). I am interested in which interrupts might occur, and how they influence the instruction count. I am not using any input, and all output is sent to the serial port via "-serial stdout". I have a small assembler loop like the following pseudo code: NOP mov R1, $1000 loop: subs R1, $1 bne loop NOP On every NOP Qemu prints the instruction count. By turning of all timers in Qemu I hope to disable all timer interrupts for the guest. The results I get are not correct for the first time the code is run, but for all subsequent runs. In the first run, the instruction count has 12 additional instructions, which are not actually executed. What is the cause of those additional instructions? Greetings, Steffen ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Re: Precise guest instruction count. 2009-03-11 12:53 ` Steffen Liebergeld @ 2009-03-11 13:13 ` Paul Brook 0 siblings, 0 replies; 8+ messages in thread From: Paul Brook @ 2009-03-11 13:13 UTC (permalink / raw) To: qemu-devel; +Cc: Steffen Liebergeld > By turning of all timers in Qemu I hope to disable all timer interrupts for > the guest. The results I get are not correct for the first time the code is > run, but for all subsequent runs. In the first run, the instruction count > has 12 additional instructions, which are not actually executed. > > What is the cause of those additional instructions? Probably you're not reading the correct value. Like I said, for performance reasons the counter is only valid at certain points. Try instead implementing your timer as a peripheral. Paul ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Precise guest instruction count. 2009-03-09 9:38 [Qemu-devel] Precise guest instruction count Steffen Liebergeld 2009-03-09 21:56 ` Laurent Desnogues @ 2009-03-10 1:55 ` Paul Brook 2009-03-11 11:45 ` [Qemu-devel] " Steffen Liebergeld 1 sibling, 1 reply; 8+ messages in thread From: Paul Brook @ 2009-03-10 1:55 UTC (permalink / raw) To: qemu-devel; +Cc: Steffen Liebergeld > So my question is how can I get accurate guest instruction count number? -icount maintains an accurate count of the number of instructions executed. However for performance reasons the counter value is not valid at all times. Also note that you can not assume that a whole TB is executed (because of MMU faults, or IO interrupts). Even with -icount, qemu is only deterministic internally. Its behavior can still be influenced by external events. In usermode this could be any syscall. In system mode this could be mouse/keyboard input, modified disk images or network traffic (possibly other things I've missed). If you need counts of specific instructions then you probably need to add explicit counters to the implementation of those instructions. Paul ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Qemu-devel] Re: Precise guest instruction count. 2009-03-10 1:55 ` [Qemu-devel] " Paul Brook @ 2009-03-11 11:45 ` Steffen Liebergeld 0 siblings, 0 replies; 8+ messages in thread From: Steffen Liebergeld @ 2009-03-11 11:45 UTC (permalink / raw) To: qemu-devel Hi, Paul Brook <paul@codesourcery.com> schrieb: >> So my question is how can I get accurate guest instruction count number? > > -icount maintains an accurate count of the number of instructions executed. > However for performance reasons the counter value is not valid at all times. > Also note that you can not assume that a whole TB is executed (because of MMU > faults, or IO interrupts). > Even with -icount, qemu is only deterministic internally. Its behavior can > still be influenced by external events. In usermode this could be any > syscall. In system mode this could be mouse/keyboard input, modified disk > images or network traffic (possibly other things I've missed). I am using system mode exclusively. > If you need counts of specific instructions then you probably need to add > explicit counters to the implementation of those instructions. I disabled all timers in Qemu and run a guest program, which includes an assembly-coded loop. At the start and end of the loop I have a magic instruction, upon which Qemu prints the current output of cpu_get_clock. I run qemu with the flag -icount 0. Still, the delta of those two values does not in any kind resemble the amount of instructions, and worse it is not constant with subsequent runs. Can you give any suggestions on how to get a precise absolut guest instruction count? Greetings, Steffen ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2009-03-11 13:13 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-03-09 9:38 [Qemu-devel] Precise guest instruction count Steffen Liebergeld 2009-03-09 21:56 ` Laurent Desnogues 2009-03-11 10:33 ` [Qemu-devel] " Steffen Liebergeld 2009-03-11 10:42 ` Laurent Desnogues 2009-03-11 12:53 ` Steffen Liebergeld 2009-03-11 13:13 ` Paul Brook 2009-03-10 1:55 ` [Qemu-devel] " Paul Brook 2009-03-11 11:45 ` [Qemu-devel] " Steffen Liebergeld
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).