From: "Alex Bennée" <alex.bennee@linaro.org>
To: Marcus Engene <mengpg2@engene.se>
Cc: qemu-devel@nongnu.org
Subject: Re: Qemu Userspace Emulator with library + method
Date: Tue, 14 Dec 2021 19:59:34 +0000 [thread overview]
Message-ID: <87pmpzgdi2.fsf@linaro.org> (raw)
In-Reply-To: <2e540a20-9733-4ba4-520c-31cf6d9eac93@engene.se>
Marcus Engene <mengpg2@engene.se> writes:
> Hi,
>
> I'd like to do instruction traces with library+function name included.
>
> From what I understand in_asm only shows instructions when they are being JIT:ed.
> If I call a function twice I only see the instructions once so it makes sense.
>
> As a workaround, I tried to do a plugin. I looked at the examples in contrib/plugins and it seems to work nicely. I see all instructions in
> userspace:
>
> 0000004000802100 48 89 e7 movq %rsp, %rdi
> 0000004000802103 e8 08 0e 00 00 callq 0x4000802f10
> 0000004000802f10 f3 0f 1e fa endbr64
> 0000004000802f14 55 pushq %rbp
> 0000004000802f15 48 89 e5 movq %rsp, %rbp
> 0000004000802f18 41 57 pushq %r15
This looks like you could expand/tweak the existing execlog to get what
you want rather than writing a whole new plugin.
> However, for it to be super useful, I'd also like to see what library or source file each instruction lives, and what function we're in.
>
> Example output from perf + intel_pt
>
> a.out 602812 [006] 206712.277263361: 7f8d50217084 brk+0x4 (/usr/lib/x86_64-linux-gnu/ld-2.31.so) mov $0xc, %eax
> a.out 602812 [006] 206712.277263361: 7f8d50217089 brk+0x9 (/usr/lib/x86_64-linux-gnu/ld-2.31.so) syscall
> a.out 602812 [006] 206712.277264027: 7f8d5021708b brk+0xb (/usr/lib/x86_64-linux-gnu/ld-2.31.so) cmp $0xfffffffffffff000, %rax
> a.out 602812 [006] 206712.277264027: 7f8d50217091 brk+0x11 (/usr/lib/x86_64-linux-gnu/ld-2.31.so) jnbe 0x7f8d502170a8
> a.out 602812 [006] 206712.277264027: 7f8d50217093 brk+0x13 (/usr/lib/x86_64-linux-gnu/ld-2.31.so) movq %rax, 0x1106e
> (%rip)
>
> Is this doable? Do you have any advice on where to start?
Totally.
>
> I tried to get the "symbol" in the plugin, but I only get null values.
You mean using qemu_plugin_insn_symbol()?
IIRC that only works on the main binary and of course needs a
non-stripped binary. Basically we would need to expand the elf loader to
consider libraries as well. However that will require some sort of hook
to spot them getting mapped in by the guests ld.so. Maybe we could add
some heuristics to the mmap syscalls to spot that?
>
> Kind regards,
> Marcus
--
Alex Bennée
prev parent reply other threads:[~2021-12-14 20:05 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-13 9:49 Qemu Userspace Emulator with library + method Marcus Engene
2021-12-14 19:59 ` Alex Bennée [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pmpzgdi2.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=mengpg2@engene.se \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).