From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:38694) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T25ma-0001Jx-OH for qemu-devel@nongnu.org; Thu, 16 Aug 2012 15:31:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1T25mZ-0001ih-L2 for qemu-devel@nongnu.org; Thu, 16 Aug 2012 15:31:04 -0400 Received: from mail-gh0-f173.google.com ([209.85.160.173]:37316) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T25mZ-0001ia-GH for qemu-devel@nongnu.org; Thu, 16 Aug 2012 15:31:03 -0400 Received: by ghrr17 with SMTP id r17so3298971ghr.4 for ; Thu, 16 Aug 2012 12:31:03 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <20120816080243.GA33123@cs.nctu.edu.tw> Date: Thu, 16 Aug 2012 15:31:02 -0400 Message-ID: From: Steven Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: [Qemu-devel] qemu log function to print out the registers of the guest List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell Cc: qemu-devel@nongnu.org, =?UTF-8?B?6Zmz6Z+L5Lu7IChXZWktUmVuIENoZW4p?= On Thu, Aug 16, 2012 at 12:54 PM, Peter Maydell wrote: > On 16 August 2012 17:36, Steven wrote: >> I would like to get a trace of guest memory access. So I can not use >> "info registers". >> What I want to do is that when tcg fetches a load instruction at >> disas_insns(), the guest memory address should be calculated. > > You cannot calculate the guest memory address at the point where > TCG is translating the load instruction. This is because that > address depends on the values of guest registers at runtime. > At translation time these values are not known. Also they may > be different for different runs through the same generated code. > > QEMU is a just-in-time translator (JIT). For a JIT it is > important to remember the difference between: > * translation time. Here we know what the guest code (instructions) > are, but we do not know what the guest CPU registers will be > * run time. This may be some time later, and we may execute > the same code several times. We don't have any access to > information about the guest code we are running unless > we specifically recorded it at translation time. To verify what is translation time and what is the run time, I log the register information before disassembling each guest code. I copied some results from the log file, which is generated at run time of a guest machine. EAX=00000000 EBX=00006ffc IN: 0x00000000000f2087: mov $0xf5588,%eax EAX=000f5588 EBX=00006ffc IN: 0x00000000000f208B: move 0x4(%ebx) %eax The first instruction load eax with the value 0xf5588, so the eax at the second instruction is EAX=000f5588. So can I consider the memory address of 0x4(%ebx) as (00006ffc + 4)? I think this should be the run time information I need. Please correct me if there is anything wrong. Thanks. > > When you are reading (or trying to change) QEMU source code > you need to know whether the QEMU code will be running at > translation or run time. The answer affects what information > you have access to, and what you can do to the guest. > > -- PMM