From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MHJQ7-00052z-LH for qemu-devel@nongnu.org; Thu, 18 Jun 2009 11:20:55 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MHJQ2-00050K-Sx for qemu-devel@nongnu.org; Thu, 18 Jun 2009 11:20:55 -0400 Received: from [199.232.76.173] (port=55834 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MHJQ1-0004zU-8i for qemu-devel@nongnu.org; Thu, 18 Jun 2009 11:20:49 -0400 Received: from miranda.se.axis.com ([193.13.178.8]:55240) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MHJQ0-0001TI-HC for qemu-devel@nongnu.org; Thu, 18 Jun 2009 11:20:48 -0400 Date: Thu, 18 Jun 2009 17:20:05 +0200 From: "Edgar E. Iglesias" Subject: Re: [Qemu-devel] Memory Traces for System Simulation Message-ID: <20090618152005.GC16663@edde.se.axis.com> References: <20090617215018.GA32029@meg.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20090617215018.GA32029@meg.local> List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Luis Useche Cc: qemu-devel@nongnu.org On Wed, Jun 17, 2009 at 05:50:18PM -0400, Luis Useche wrote: > Hi Guys, Hello Luis, > I have been trying the last two days to find the correct places in the > qemu code to trace the memory accesses in the running system. The qemu > code is somewhat confusing and there are plenty of places that look like > the correct trace point. > > I know that there exist plenty of threads about this matter in the list > but non of them solve my problem. > > Some people suggested to use Argos (http://www.few.vu.nl/argos/) to get > this information. There are two problems with this: (1) There is no clear > documentation on how to do this in Argos (2) The code seems outdated and > does not compile in systems with gcc>=4. > > There is also a patch for qemu 0.8 but it does not apply anymore. > http://www.csl.cornell.edu/~vince/projects/qemu-trace/old/. > > At the moment, I am instrumenting several functions in exec.c as my trace > points: > ldl_phys > ldq_phys > ldup_phys > lduw_phys > stl_phys_notdirty > stq_phys_notdirty > stl_phys > stb_phys > stw_phys > stq_phys Depending on what you want to do and on your cache arch you might need to log both virtual and physical addresses. I don't know what the best place to hook in would be though. > I would really appreciate any suggestion you have in order to solve my > problem. If you have any insights in the solutions I explained above I > would be very thankful. > > Given that many people seems to be having the same problem than I, it > would be nice to have an actual framework that add this functionality to > qemu. I can offer myself to do that as long as I have enough help. > > As a parallel question: Does qemu simulate CPU cache? i.e. There is always Nope. > memory access even when this would not happen in a real system due to CPU > cache? Yes correct. I've got a pretty nasty hack that online emulates controller and tag memories. I find it useful for profiling and for some debugging. The data memories are not emulated so accesses are never absorbed. I don't think it's very useful for scientific purposes.. Anyway, it kind of works for CRIS and MicroBlaze. Feel free to look around on the cris git at your own risk :) git://repo.or.cz/qemu/cris-port.git Cheers