[Qemu-devel] Call Trace for QEMU functions

[Naman patel <naman321@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 3144 bytes --]

Hi,

     I have compiled QEMU (2.0) for x86_64 on Fedora 22 with tracing
enabled and the tracing option I chose was dtrace. I have this script
called callTrace.stp in which I try and get the Call Trace of the function
*helper_invlpg *and later *tlb_flush.*  But I am not able to get the
function name of the caller function and the call trace depth is only
limited to 2.

*probe process("/usr/bin/qemu-system-x86_64").function("helper_invlpg") {*
*                printf("gen_helper_invlpg called \n");*
*                        print_usyms(ubacktrace())*
*}*


I run it using following command: *sudo stap -d
/usr/local/bin/qemu-system-x86_64 --ldd --vp 08 *callTrace*.stp*

Following is the ouput:
*gen_helper_invlpg called *
* 0x7faae9d7c040 : helper_invlpg+0x0/0x30 [/usr/bin/qemu-system-x86_64]*
* 0x7faac5cfcd8c : 0x7faac5cfcd8c*
*gen_helper_invlpg called *
* 0x7faae9d7c040 : helper_invlpg+0x0/0x30 [/usr/bin/qemu-system-x86_64]*
* 0x7faac5cfcd8c : 0x7faac5cfcd8c*
*gen_helper_invlpg called *
* 0x7faae9d7c040 : helper_invlpg+0x0/0x30 [/usr/bin/qemu-system-x86_64]*
* 0x7faac5cfcd8c : 0x7faac5cfcd8c*

and so on...

It does not show the function name but the address from where it was
called. Does it mean that its not possible to get backtrace for this
function???

Similarly if I probe for *tlb_flush *then I get the following output:
TLB FULSH called
 0x7faae9cf19f0 : tlb_flush+0x0/0xb0 [/usr/bin/qemu-system-x86_64]
 0x7faac6ab5722 : 0x7faac6ab5722
TLB FULSH called
 0x7faae9cf19f0 : tlb_flush+0x0/0xb0 [/usr/bin/qemu-system-x86_64]
 0x7faac6b689be : 0x7faac6b689be
TLB FULSH called
 0x7faae9cf19f0 : tlb_flush+0x0/0xb0 [/usr/bin/qemu-system-x86_64]
 0x7faac6a74998 : 0x7faac6a74998
TLB FULSH called
 0x7faae9cf19f0 : tlb_flush+0x0/0xb0 [/usr/bin/qemu-system-x86_64]
 0x7faac6b689be : 0x7faac6b689be

Here also I am not able to get full Call Trace.

If I do this similar kind of probe using stap -d /bin/ls --ldd -e 'probe
process("ls").function("xmalloc") {print_usyms(ubacktrace())}' -c "ls /"
then I do get proper call trace, Check the following output.
*0x4112f0 : xmalloc+0x0/0x20 [/usr/bin/ls]*
* 0x4114c4 : xmemdup+0x14/0x30 [/usr/bin/ls]*
* 0x40eb4a : clone_quoting_options+0x2a/0x40 [/usr/bin/ls]*
* 0x4033e2 : main+0xa52/0x2160 [/usr/bin/ls]*
* 0x7fc6be4fc790 : __libc_start_main+0xf0/0x1d0 [/usr/lib64/libc-2.21.so
<http://libc-2.21.so/>]*
* 0x404b19 : _start+0x29/0x30 [/usr/bin/ls]*
* 0x4112f0 : xmalloc+0x0/0x20 [/usr/bin/ls]*
* 0x4114c4 : xmemdup+0x14/0x30 [/usr/bin/ls]*
* 0x40eb4a : clone_quoting_options+0x2a/0x40 [/usr/bin/ls]*
* 0x403441 : main+0xab1/0x2160 [/usr/bin/ls]*
* 0x7fc6be4fc790 : __libc_start_main+0xf0/0x1d0 [/usr/lib64/libc-2.21.so
<http://libc-2.21.so/>]*
* 0x404b19 : _start+0x29/0x30 [/usr/bin/ls]*
* 0x4112f0 : xmalloc+0x0/0x20 [/usr/bin/ls]*
* 0x40378f : main+0xdff/0x2160 [/usr/bin/ls]*
* 0x7fc6be4fc790 : __libc_start_main+0xf0/0x1d0 [/usr/lib64/libc-2.21.so
<http://libc-2.21.so/>]*

Do you have any clue why this could happen? Or any alternative approach to
get the call trace?

This is my first email on the group so please pardon me if I have not
followed some customs.

Regards,
Naman

[-- Attachment #2: Type: text/html, Size: 7107 bytes --]