From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=49568 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OdXyz-0002qS-Uz for qemu-devel@nongnu.org; Mon, 26 Jul 2010 20:25:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OdXyy-0008Oy-Cr for qemu-devel@nongnu.org; Mon, 26 Jul 2010 20:25:21 -0400 Received: from mail-iw0-f173.google.com ([209.85.214.173]:56652) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OdXyx-0008OR-Tw for qemu-devel@nongnu.org; Mon, 26 Jul 2010 20:25:20 -0400 Received: by iwn6 with SMTP id 6so3333804iwn.4 for ; Mon, 26 Jul 2010 17:25:16 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <86ocdua6jq.wl%lluis@ginnungagap.pc.ac.upc.edu> <4C4D6A1C.1020004@cs.umass.edu> From: Jun Koi Date: Tue, 27 Jul 2010 09:24:55 +0900 Message-ID: Subject: Re: [Qemu-devel] memory trace with qemu Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: malc Cc: Stefan Hajnoczi , =?ISO-8859-1?Q?Llu=EDs?= , qemu-devel@nongnu.org, Yufei Chen , Eduardo Cruz , Mulyadi Santosa On Mon, Jul 26, 2010 at 8:16 PM, malc wrote: > On Mon, 26 Jul 2010, Eliot Moss wrote: > >> On 7/26/2010 6:20 AM, Llu?s wrote: >> > Eduardo Cruz writes: >> > >> > > Thanks for your awnsers. Stean, after I find the right place to capt= ure >> > > the >> > > reads and writes I'll definitely try your trace tool. >> > >> > > Until now, this is what i found: >> > >> > > I am using the x86-64 target, and I know that, for instance, lots of= reads >> > > pass here: >> > >> > > target-i386/translate.c =9A gen_op_ld_T1_A0() >> > >> > Ok, I've seen at least 3 people working on this lately. >> > >> > Some time ago I wrote a message proposing two sets of modifications fo= r >> > qemu, in >> > order to allow the analysis of guest code (like feeding traces to an >> > architecture simulator). >> > >> > What I proposed is based on two different functionalities: >> > >> > 1) backdoor: a mechanism for the guest to communicate with qemu, such = that >> > =9A =9A tracing can be started, stopped, etc. >> > >> > =9A =9A My current approach is to decode an instruction that is deemed= invalid >> > by the >> > =9A =9A target ISA according to the manual. >> > >> > =9A =9A This is only implemented for x86 right now, but it is trivial = to >> > implement on >> > =9A =9A other architectures as long as there are unused opcodes. >> > >> > 2) instrumentation: a set of generic macros that signal events that mi= ght be >> > of >> > =9A =9A interest. >> >> Etc. >> >> In the context of another simulator, we developed a different >> technique, which would be quite general and might be of interest >> for QEMU. =9AWe communicate with the simulator via a "fake" *device*, >> mapped into user-mode memory using an mmap call. =9AIf someone >> devised and coded such a device, then it could be used from any >> guest. > > I'v done something similar a while ago: > http://repo.or.cz/w/qemu/malc.git/shortlog/refs/heads/wctpci in this repo tree, which part is your new code? i looked at the git log, and tried to search your name, but none looks rela= ted. thanks, Jun