From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34302)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <goberwei@yahoo.com.tw>) id 1YzlW0-0006j0-9j
	for qemu-devel@nongnu.org; Tue, 02 Jun 2015 08:41:57 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <goberwei@yahoo.com.tw>) id 1YzlVw-0002j9-92
	for qemu-devel@nongnu.org; Tue, 02 Jun 2015 08:41:56 -0400
Received: from nm42.bullet.mail.ne1.yahoo.com ([98.138.120.49]:35613)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <goberwei@yahoo.com.tw>) id 1YzlVv-0002ij-Vb
	for qemu-devel@nongnu.org; Tue, 02 Jun 2015 08:41:52 -0400
Date: Tue, 2 Jun 2015 12:38:46 +0000 (UTC)
From: =?UTF-8?B?5rWp5YCrIOmtjw==?= <goberwei@yahoo.com.tw>
Message-ID: <2015071118.1186303.1433248726176.JavaMail.yahoo@mail.yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_1186302_1470968634.1433248726173"
Subject: [Qemu-devel] Dumping execution trace of QEMU
Reply-To: =?UTF-8?B?5rWp5YCrIOmtjw==?= <goberwei@yahoo.com.tw>
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>

------=_Part_1186302_1470968634.1433248726173
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Hi all:

Please correct me if I have any misunderstanding for the following descriptions. Thanks in advance.

I've been trying to dump ARM's execution trace, including guest PC, guest instruction binary, guest virtual/guest physical address for load/store instruction. But I encountered some troubles, and I hope you can help me out.
I used a helper function to dump PC & binary for every instruction while the "disas_arm_insn" generating the TCG IR, and indeed, it can print out the information I want.

And for the guest virtual/physical address for load/store instructions, as far as I've understood, EVERY guest load/store instructions would natively be translated into "qemu_ld/st" IR which would be translated into call function to softmmu's helper function.
So for those address translation information I want to get, in my opinion, I just have to print out the virtual address and corresponding physical address inside the softmmu helper function, that's say like in the end of "get_phys_addr_v6()" function in target-arm/helper.c.
And those information should consequently follow the PC & binary I printed out previously.

BUT, things didn't work out as I expected. I couldn't get the address information for guest ld/st indtruction.
I used "-qemu -d in_asm, op, out_asm" command line options to watch the translation procedure, and found that there are "qemu_ld/st" IRs being translated for every guest ld/st instruction, also in host(x86) binary, I saw "callq" that should be jump into softmmu helper function.
But there are no address translation information being printed out. Then I was wondering if it really went inside the softmmu, I tried to move to upper level.
I added 'printf("Hello World")' in the beginning of "glue(glue(__ld, SUFFIX), MMUSUFFIX)(target_ulong addr, int mmu_idx)" function, while it still didn't print it out when encountered qemu_ld/st IR, and I really don't know why. 
Shouldn't every guest ld/st step into that function?

Please tell me where did I go wrong. Thanks again.

Hao-Lun Wei



------=_Part_1186302_1470968634.1433248726173
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:He=
lveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;fo=
nt-size:16px"><div dir=3D"ltr" id=3D"yui_3_16_0_1_1433248416711_6856">Hi al=
l:<br style=3D"" class=3D""><br style=3D"" class=3D"">Please correct me if =
I have any misunderstanding for the following descriptions. Thanks in advan=
ce.<br style=3D"" class=3D""><br style=3D"" class=3D"">I've been trying to =
dump ARM's execution trace, including guest PC, guest instruction binary, g=
uest virtual/guest physical address for load/store instruction. But I encou=
ntered some troubles, and I hope you can help me out.<br style=3D"" class=
=3D"">I used a helper function to dump PC &amp; binary for every instructio=
n while the "<i id=3D"yui_3_16_0_1_1433248416711_8719">disas_arm_insn</i>" =
generating the TCG IR, and indeed, it can print out the information I want.=
<br style=3D"" class=3D""><br style=3D"" class=3D"">And for the guest virtu=
al/physical address for load/store instructions, as far as I've understood,=
 EVERY guest load/store instructions would natively be translated into "<i>=
qemu_ld/st</i>" IR which would be translated into call function to softmmu'=
s helper function.<br style=3D"" class=3D"">So for those address translatio=
n information I want to get, in my opinion, I just have to print out the vi=
rtual address and corresponding physical address inside the softmmu helper =
function, that's say like in the end of "<i>get_phys_addr_v6()</i>" functio=
n in target-arm/helper.c.<br style=3D"" class=3D"">And those information sh=
ould consequently follow the PC &amp; binary I printed out previously.<br s=
tyle=3D"" class=3D""><br style=3D"" class=3D"">BUT, things didn't work out =
as I expected. I couldn't get the address information for guest ld/st indtr=
uction.<br style=3D"" class=3D"">I used "<i id=3D"yui_3_16_0_1_143324841671=
1_8762">-qemu -d in_asm, op, out_asm</i>" command line options to watch the=
 translation procedure, and found that there are "<i>qemu_ld/st</i>" IRs be=
ing translated for every guest ld/st instruction, also in host(x86) binary,=
 I saw "<i>callq</i>" that should be jump into softmmu helper function.<br =
style=3D"" class=3D"">But there are no address translation information bein=
g printed out. Then I was wondering if it really went inside the softmmu, I=
 tried to move to upper level.<br style=3D"" class=3D"">I added '<i id=3D"y=
ui_3_16_0_1_1433248416711_8788">printf("Hello World")</i>' in the beginning=
 of "<i id=3D"yui_3_16_0_1_1433248416711_8787">glue(glue(__ld, SUFFIX), MMU=
SUFFIX)(target_ulong addr, int mmu_idx)</i>" function, while it still didn'=
t print it out when encountered qemu_ld/st IR, and I really don't know why.=
 <br style=3D"" class=3D"">Shouldn't every guest ld/st step into that funct=
ion?<br style=3D"" class=3D""><br style=3D"" class=3D"">Please tell me wher=
e did I go wrong. Thanks again.<br style=3D"" class=3D""><br style=3D"" cla=
ss=3D"">Hao-Lun Wei<br style=3D"" class=3D""><br></div><div style=3D"" clas=
s=3D"" id=3D"yui_3_16_0_1_1433248416711_6856"><br style=3D"" class=3D""></d=
iv></div></body></html>
------=_Part_1186302_1470968634.1433248726173--