From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34453) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZKmow-00036C-6F for qemu-devel@nongnu.org; Thu, 30 Jul 2015 08:20:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZKmou-0001MD-DP for qemu-devel@nongnu.org; Thu, 30 Jul 2015 08:20:22 -0400 Received: from mail-io0-x22f.google.com ([2607:f8b0:4001:c06::22f]:35271) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZKmou-0001M6-6v for qemu-devel@nongnu.org; Thu, 30 Jul 2015 08:20:20 -0400 Received: by iodd187 with SMTP id d187so51503115iod.2 for ; Thu, 30 Jul 2015 05:20:19 -0700 (PDT) MIME-Version: 1.0 From: Naman patel Date: Thu, 30 Jul 2015 17:50:00 +0530 Message-ID: Content-Type: multipart/alternative; boundary=001a113f8ef209be9f051c16ba74 Subject: [Qemu-devel] Call Trace for QEMU functions List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org --001a113f8ef209be9f051c16ba74 Content-Type: text/plain; charset=UTF-8 Hi, I have compiled QEMU (2.0) for x86_64 on Fedora 22 with tracing enabled and the tracing option I chose was dtrace. I have this script called callTrace.stp in which I try and get the Call Trace of the function *helper_invlpg *and later *tlb_flush.* But I am not able to get the function name of the caller function and the call trace depth is only limited to 2. *probe process("/usr/bin/qemu-system-x86_64").function("helper_invlpg") {* * printf("gen_helper_invlpg called \n");* * print_usyms(ubacktrace())* *}* I run it using following command: *sudo stap -d /usr/local/bin/qemu-system-x86_64 --ldd --vp 08 *callTrace*.stp* Following is the ouput: *gen_helper_invlpg called * * 0x7faae9d7c040 : helper_invlpg+0x0/0x30 [/usr/bin/qemu-system-x86_64]* * 0x7faac5cfcd8c : 0x7faac5cfcd8c* *gen_helper_invlpg called * * 0x7faae9d7c040 : helper_invlpg+0x0/0x30 [/usr/bin/qemu-system-x86_64]* * 0x7faac5cfcd8c : 0x7faac5cfcd8c* *gen_helper_invlpg called * * 0x7faae9d7c040 : helper_invlpg+0x0/0x30 [/usr/bin/qemu-system-x86_64]* * 0x7faac5cfcd8c : 0x7faac5cfcd8c* and so on... It does not show the function name but the address from where it was called. Does it mean that its not possible to get backtrace for this function??? Similarly if I probe for *tlb_flush *then I get the following output: TLB FULSH called 0x7faae9cf19f0 : tlb_flush+0x0/0xb0 [/usr/bin/qemu-system-x86_64] 0x7faac6ab5722 : 0x7faac6ab5722 TLB FULSH called 0x7faae9cf19f0 : tlb_flush+0x0/0xb0 [/usr/bin/qemu-system-x86_64] 0x7faac6b689be : 0x7faac6b689be TLB FULSH called 0x7faae9cf19f0 : tlb_flush+0x0/0xb0 [/usr/bin/qemu-system-x86_64] 0x7faac6a74998 : 0x7faac6a74998 TLB FULSH called 0x7faae9cf19f0 : tlb_flush+0x0/0xb0 [/usr/bin/qemu-system-x86_64] 0x7faac6b689be : 0x7faac6b689be Here also I am not able to get full Call Trace. If I do this similar kind of probe using stap -d /bin/ls --ldd -e 'probe process("ls").function("xmalloc") {print_usyms(ubacktrace())}' -c "ls /" then I do get proper call trace, Check the following output. *0x4112f0 : xmalloc+0x0/0x20 [/usr/bin/ls]* * 0x4114c4 : xmemdup+0x14/0x30 [/usr/bin/ls]* * 0x40eb4a : clone_quoting_options+0x2a/0x40 [/usr/bin/ls]* * 0x4033e2 : main+0xa52/0x2160 [/usr/bin/ls]* * 0x7fc6be4fc790 : __libc_start_main+0xf0/0x1d0 [/usr/lib64/libc-2.21.so ]* * 0x404b19 : _start+0x29/0x30 [/usr/bin/ls]* * 0x4112f0 : xmalloc+0x0/0x20 [/usr/bin/ls]* * 0x4114c4 : xmemdup+0x14/0x30 [/usr/bin/ls]* * 0x40eb4a : clone_quoting_options+0x2a/0x40 [/usr/bin/ls]* * 0x403441 : main+0xab1/0x2160 [/usr/bin/ls]* * 0x7fc6be4fc790 : __libc_start_main+0xf0/0x1d0 [/usr/lib64/libc-2.21.so ]* * 0x404b19 : _start+0x29/0x30 [/usr/bin/ls]* * 0x4112f0 : xmalloc+0x0/0x20 [/usr/bin/ls]* * 0x40378f : main+0xdff/0x2160 [/usr/bin/ls]* * 0x7fc6be4fc790 : __libc_start_main+0xf0/0x1d0 [/usr/lib64/libc-2.21.so ]* Do you have any clue why this could happen? Or any alternative approach to get the call trace? This is my first email on the group so please pardon me if I have not followed some customs. Regards, Naman --001a113f8ef209be9f051c16ba74 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi,

=C2=A0 =C2=A0 =C2=A0I have compiled QEMU (2.0) for x86_64 o= n Fedora 22 with tracing enabled and the tracing option I chose was dtrace.= =C2=A0I have this script calle= d callTrace.stp in which I try and get the Call Trace of the function=C2=A0= helper_invlpg=C2=A0and later=C2=A0tlb_flush.<= i style=3D"font-family:arial,sans-serif;font-size:12.8000001907349px">=C2= =A0=C2=A0But I am not able to get the function name of the caller functi= on and the call trace depth is only limited to 2.

probe process("/usr/bin/qe= mu-system-x86_64").function("helper_invlpg") {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 printf(&q= uot;gen_helper_invlpg called \n");
=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 p= rint_usyms(ubacktrace())
}


I run it using following command:= =C2=A0sudo stap -d /usr/local/bin/qemu-system-x86_64 --ldd --vp 08=C2=A0= callTrace.stp

Following= is the ouput:
g= en_helper_invlpg called=C2=A0
=C2=A00x7faae9d7c040 : helper_invlpg+0x0/0x30 [/usr/bin= /qemu-system-x86_64]
=C2=A00x7faac5cfcd8c : 0x7faac5cfcd8c
gen_helper_invlpg called=C2=A0
=C2=A00x7faae9d= 7c040 : helper_invlpg+0x0/0x30 [/usr/bin/qemu-system-x86_64]
=C2=A00x7faac5cfcd8c : 0= x7faac5cfcd8c
gen_helper_invlpg called=C2=A0
=C2=A00x7faae9d7c040 : helper_invlpg+0x0/0x30 [/us= r/bin/qemu-system-x86_64]
=C2=A00x7faac5cfcd8c : 0x7faac5cfcd8c

and so on...

It does not show= the function name but the address from where it was called. Does it mean t= hat its not possible to get backtrace for this function???

Similarly if I probe for=C2=A0tlb_flush=C2=A0then I get the= following output:
TLB FULSH called=C2=A0
=C2=A00x= 7faae9cf19f0 : tlb_flush+0x0/0xb0 [/usr/bin/qemu-system-x86_64]
= =C2=A00x7faac6ab5722 : 0x7faac6ab5722
TLB FULSH called=C2=A0
=C2=A00x7faae9cf19f0 : tlb_flush+0x0/0xb0 [/usr/bin/qemu-system-x86_6= 4]
=C2=A00x7faac6b689be : 0x7faac6b689be
TLB FULSH call= ed=C2=A0
=C2=A00x7faae9cf19f0 : tlb_flush+0x0/0xb0 [/usr/bin/qemu= -system-x86_64]
=C2=A00x7faac6a74998 : 0x7faac6a74998
T= LB FULSH called=C2=A0
=C2=A00x7faae9cf19f0 : tlb_flush+0x0/0xb0 [= /usr/bin/qemu-system-x86_64]
=C2=A00x7faac6b689be : 0x7faac6b689b= e

Here also I am not able to get full Call T= race.

If I do this similar kind of probe using= =C2=A0stap -d /bin/ls --ldd -e 'pr= obe process("ls").function("xmalloc") {print_usyms(ubac= ktrace())}' -c "ls /"
= then I do get proper call trace, Check the following output.
0x4112f0 : xmalloc+0x0/0x20 [/usr/bin/ls]
=C2=A00x4114= c4 : xmemdup+0x14/0x30 [/usr/bin/ls]
=C2=A00x40eb4a : clon= e_quoting_options+0x2a/0x40 [/usr/bin/ls]
=C2=A00x4033e2 := main+0xa52/0x2160 [/usr/bin/ls]
=C2=A00x7fc6be4fc790 : __= libc_start_main+0xf0/0x1d0 [/usr/lib64/libc-2.21.so]
=C2=A00x404b19 : _start+0= x29/0x30 [/usr/bin/ls]
=C2=A00x4112f0 : xmalloc+0x0/0x20 [= /usr/bin/ls]
=C2=A00x4114c4 : xmemdup+0x14/0x30 [/usr/bin/= ls]
=C2=A00x40eb4a : clone_quoting_options+0x2a/0x40 [/usr= /bin/ls]
=C2=A00x403441 : main+0xab1/0x2160 [/usr/bin/ls]<= /i>
=C2=A00x7fc6be4fc790 : __libc_start_main+0xf0/0x1d0 [/usr/= lib64/libc-2.21.so]<= /i>
=C2=A00x404b19 : _start+0x29/0x30 [/usr/bin/ls]
<= div>=C2=A00x4112f0 : xmalloc+0x0/0x20 [/usr/bin/ls]
=C2= =A00x40378f : main+0xdff/0x2160 [/usr/bin/ls]
=C2=A00x7fc6= be4fc790 : __libc_start_main+0xf0/0x1d0 [/usr/lib64/libc-2.21.so]

Do you have any clue why this could happen? Or any alternative approa= ch to get the call trace?

This is my first email o= n the group so please pardon me if I have not followed some customs.
<= div>
Regards,
Naman
--001a113f8ef209be9f051c16ba74--