[Qemu-devel] How to trace all the guest OS instructions and the micro-ops

[Qemu-devel] How to trace all the guest OS instructions and the micro-ops

[Yue Chen]

[-- Attachment #1: Type: text/plain, Size: 313 bytes --]

Hi!

I am doing some research based on the QEMU. Does anyone know how to get
(trace) all the instructions of the guest OS, and get all the intermediate
micro-ops ?  (Not in the 0.9.1 version)

Additionally, how to get the whole memory or each process' memory data of
the guest OS?

I really appreciate your help.

[-- Attachment #2: Type: text/html, Size: 394 bytes --]

Re: [Qemu-devel] How to trace all the guest OS instructions and the micro-ops

[Mulyadi Santosa]

Hi....

On Sun, Mar 11, 2012 at 10:12, Yue Chen <ycyc321@gmail.com> wrote:
> I am doing some research based on the QEMU. Does anyone know how to get
> (trace) all the instructions of the guest OS, and get all the intermediate
> micro-ops ?  (Not in the 0.9.1 version)

I believe it's "-d" option you're looking for. Please read qemu manual
for further clarification and info.

> Additionally, how to get the whole memory or each process' memory data of
> the guest OS?

you wanna do that simply from Qemu's monitor? I don't think that's
doable...or at least easily. Qemu sees guest RAM like your physical
RAM. It doesn't differentiate which pages belongs to which process.
You need to hook or go straight inside the guest OS, maybe using gdb
or other tool to get the core dump of those processes.

> I really appreciate your help.

Hope it helps...

-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com

Re: [Qemu-devel] How to trace all the guest OS instructions and the micro-ops

[Chen Yufei]

On Mon, Mar 12, 2012 at 5:43 AM, Mulyadi Santosa
<mulyadi.santosa@gmail.com> wrote:
> Hi....
>
> On Sun, Mar 11, 2012 at 10:12, Yue Chen <ycyc321@gmail.com> wrote:
>> I am doing some research based on the QEMU. Does anyone know how to get
>> (trace) all the instructions of the guest OS, and get all the intermediate
>> micro-ops ?  (Not in the 0.9.1 version)

QEMU has release version 1.0.1. Why are you still using 0.9.1?

>
> I believe it's "-d" option you're looking for. Please read qemu manual
> for further clarification and info.

"-d" can only give a static view of what instruction is translated,
but can't get a dynamic instruction execution trace.

>
>> Additionally, how to get the whole memory or each process' memory data of
>> the guest OS?
>
> you wanna do that simply from Qemu's monitor? I don't think that's
> doable...or at least easily. Qemu sees guest RAM like your physical
> RAM. It doesn't differentiate which pages belongs to which process.
> You need to hook or go straight inside the guest OS, maybe using gdb
> or other tool to get the core dump of those processes.
>
>> I really appreciate your help.
>
> Hope it helps...
>
> --
> regards,
>
> Mulyadi Santosa
> Freelance Linux trainer and consultant
>
> blog: the-hydra.blogspot.com
> training: mulyaditraining.blogspot.com
>



-- 
Best regards,
Chen Yufei

Re: [Qemu-devel] How to trace all the guest OS instructions and the micro-ops

[Yue Chen]

[-- Attachment #1: Type: text/plain, Size: 1818 bytes --]

Thanks a lot. So any approach to get the dynamic or static whole memory
information of the guest OS ? Not the memory of each process.

Sorry for the confusion. I do use version 1.0.1.  I mention not in 0.9.1
because someone has already implemented the dynamic tracing in 0.9.1, but
not in the latest version.




On Mon, Mar 12, 2012 at 2:20 AM, Chen Yufei <cyfdecyf@gmail.com> wrote:

> On Mon, Mar 12, 2012 at 5:43 AM, Mulyadi Santosa
> <mulyadi.santosa@gmail.com> wrote:
> > Hi....
> >
> > On Sun, Mar 11, 2012 at 10:12, Yue Chen <ycyc321@gmail.com> wrote:
> >> I am doing some research based on the QEMU. Does anyone know how to get
> >> (trace) all the instructions of the guest OS, and get all the
> intermediate
> >> micro-ops ?  (Not in the 0.9.1 version)
>
> QEMU has release version 1.0.1. Why are you still using 0.9.1?
>
> >
> > I believe it's "-d" option you're looking for. Please read qemu manual
> > for further clarification and info.
>
> "-d" can only give a static view of what instruction is translated,
> but can't get a dynamic instruction execution trace.
>
> >
> >> Additionally, how to get the whole memory or each process' memory data
> of
> >> the guest OS?
> >
> > you wanna do that simply from Qemu's monitor? I don't think that's
> > doable...or at least easily. Qemu sees guest RAM like your physical
> > RAM. It doesn't differentiate which pages belongs to which process.
> > You need to hook or go straight inside the guest OS, maybe using gdb
> > or other tool to get the core dump of those processes.
> >
> >> I really appreciate your help.
> >
> > Hope it helps...
> >
> > --
> > regards,
> >
> > Mulyadi Santosa
> > Freelance Linux trainer and consultant
> >
> > blog: the-hydra.blogspot.com
> > training: mulyaditraining.blogspot.com
> >
>
>
>
> --
> Best regards,
> Chen Yufei
>

[-- Attachment #2: Type: text/html, Size: 3087 bytes --]

Re: [Qemu-devel] How to trace all the guest OS instructions and the micro-ops

[Lluís Vilanova]

Yue Chen writes:

> Thanks a lot. So any approach to get the dynamic or static whole memory
> information of the guest OS ? Not the memory of each process.

> Sorry for the confusion. I do use version 1.0.1.  I mention not in 0.9.1 because
> someone has already implemented the dynamic tracing in 0.9.1, but not in the
> latest version.

I suppose you're talking about the patches I sent some time ago. Right now I'm
waiting for the upcoming transition to python in the tracetool script, so that
all the automatic code generation is much simpler to handle.

On the patches I sent there are events to trace memory accesses, but there is no
concept of micro-operation.

If what you want is the x86 micro-ops, that does not exist in QEMU. If by
micro-op you mean the TCG primitives, you could easily add tracing events for
those primitives and then trace these instead of the guest architecture
operations. But that is far from resembling the x86 micro-ops (e.g., in system
mode a memory access generates a fair amount of TCG "micro-ops" to emulate the
checks the guest hardware MMU would do for memory access violations).


Lluis

-- 
 "And it's much the same thing with knowledge, for whenever you learn
 something new, the whole world becomes that much richer."
 -- The Princess of Pure Reason, as told by Norton Juster in The Phantom
 Tollbooth