From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LzGIp-0007oF-86 for qemu-devel@nongnu.org; Wed, 29 Apr 2009 16:22:47 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LzGIk-0007lK-LB for qemu-devel@nongnu.org; Wed, 29 Apr 2009 16:22:46 -0400 Received: from [199.232.76.173] (port=44523 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LzGIk-0007lG-Gs for qemu-devel@nongnu.org; Wed, 29 Apr 2009 16:22:42 -0400 Received: from mail-ew0-f165.google.com ([209.85.219.165]:58318) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LzGIk-00005L-4W for qemu-devel@nongnu.org; Wed, 29 Apr 2009 16:22:42 -0400 Received: by ewy9 with SMTP id 9so1326124ewy.34 for ; Wed, 29 Apr 2009 13:22:40 -0700 (PDT) Message-ID: <49F8B706.9090904@gmail.com> Date: Wed, 29 Apr 2009 22:22:30 +0200 From: Raphael Voisin MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] Breakpoints just calling a function List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org I need to create a new type of breakpoint (like the existing "struct CPUBreakpoint") that doesn't stop the VM each time it's reached, but just call a function. For the first test, I tried to modify the function "translate.c:gen_intermediate_code_internal(...)" function where cpu breakpoint Program Counters (pc) are compared to equivalent arch register (EIP under i386). The current code is: =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D if (unlikely(!TAILQ_EMPTY(&env->breakpoints))) { TAILQ_FOREACH(bp, &env->breakpoints, entry) { if (bp->pc =3D=3D pc_ptr) { gen_debug(dc, pc_ptr - dc->cs_base); break; } } } =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D If I understand, the "gen_debug(...)" function generate a kind of exception that stop the VM. That is what is use for gdb stubs. I tried to modify the code to simply print a message (equivalent to call a function later) instead of call "gen_debug(...)" like this: =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D if (unlikely(!TAILQ_EMPTY(&env->breakpoints))) { TAILQ_FOREACH(bp, &env->breakpoints, entry) { if (bp->pc =3D=3D pc_ptr) { printf("Simulate function calling\n"); //gen_debug(dc, pc_ptr - dc->cs_base); //break; // tried commenting or uncommenting } } } =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D The fact is the message is correctly printed the first time the breakpoint is reached, but it's not printed anymore after that, although my guest system really hit the program counter several times. I don't really know how Translation Blocks are managed and how TCG works for that part. It's maybe a question of TB invalidation or something like= =2E I think that current breakpoint mechanism has been much harder to implement than the new types of breakpoint i wish (i called them "Controlpoints" on IRC), so I think i'm maybe missing something simple. Thanks in advance for any help, explication, suggestion or advice. Rapha=EBl