From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NzL6V-00067U-JQ for qemu-devel@nongnu.org; Tue, 06 Apr 2010 22:34:55 -0400 Received: from [140.186.70.92] (port=51796 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NzL6T-00067M-AP for qemu-devel@nongnu.org; Tue, 06 Apr 2010 22:34:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NzL6R-0002aq-Ho for qemu-devel@nongnu.org; Tue, 06 Apr 2010 22:34:53 -0400 Received: from csl.cornell.edu ([128.84.224.10]:4995 helo=vlsi.csl.cornell.edu) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NzL6R-0002aH-DB for qemu-devel@nongnu.org; Tue, 06 Apr 2010 22:34:51 -0400 Date: Tue, 6 Apr 2010 22:33:57 -0400 (EDT) From: Vince Weaver Subject: Re: Res: [Qemu-devel] full dynamic instruction trace for MIPS target In-Reply-To: <744151.25169.qm@web43135.mail.sp1.yahoo.com> Message-ID: References: <639622.90232.qm@web43140.mail.sp1.yahoo.com> <744151.25169.qm@web43135.mail.sp1.yahoo.com> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="1417687520-1676866973-1270607637=:13414" List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?iso-8859-1?Q?Boris_C=E1mara?= Cc: qemu-devel@nongnu.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --1417687520-1676866973-1270607637=:13414 Content-Type: TEXT/PLAIN; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 6 Apr 2010, Boris C=C3=A1mara wrote: >The aproach you are using on=20 >http://www.csl.cornell.edu/~vince/projects/qemu-trace/ to get the PC dump= =20 >is similar to mine but as you dont disable the TB caches It is not a full= =20 >execution trace.=20 I can assure you that it does in fact work. > You only dump the PC when they are compiled and inserted=20 > on the TB cache. no, look closer. My code at instrumentation time inserts a helper-op=20 after each instruction. This is like a virtual instruction that lives in= =20 the TB and calls my counting function. So each time the TB is re-executed= =20 the calls happen again, as they are part of the TB instruction stream. > Did you get correct values for your counters in bbvs[bb] ? yes. And the resuts match valgrind, pin, and hardware performance=20 counters. Vince ________________________________ De: Vince Weaver Para: Boris C=C3=A1mara Cc: qemu-devel@nongnu.org Enviadas: Segunda-feira, 5 de Abril de 2010 22:41:52 Assunto: Re: [Qemu-devel] full dynamic instruction trace for MIPS target > I think the correct way to get the full instruction trace on a MIPS=20 > emulated processor is: the way you describe is slow because you are constantly re-generating the= =20 TBs. The best way to do this is to add your instrumentation to the TBs. I have code that does that for a recent version of Qemu here: http://www.csl.cornell.edu/~vince/projects/qemusim/ although it outputs Basic-Block vectors, not a full memory trace like you= =20 want. It has been validated to match proper instruction counts using=20 hardware performnce counters though. I also have code creating full instruction/memory traces for Qemu MIPS=20 that can be found here: http://www.csl.cornell.edu/~vince/projects/qemu-trace/ but it's against Qemu from 2007 pre-dating the TCG changeover so of=20 limited use probably. I hvae some code somewhere that updated this to=20 work with TCG but I don't know what happened to it. Vince _____________________________________________________________________= _______________ Veja quais s=C3=A3o os assuntos do momento no Yahoo! +Buscados http://br.maisbuscados.yahoo.com --=20 /* Vince Weaver vince@csl.cornell.edu http://csl.cornell.edu/~vince */ main(){char O,o[66]=3D"|\n\\/_ ",*I=3Do+7,l[]=3D"B!FhhBHCWE9C?cJFKET$+h'Iq= *chT" ,i=3D0,_;while(_=3Dl[i++])for(O=3D0;O++<_>>5;)*I=3D*(I++-(_&31));*I=3D0;put= s(o+5);} --1417687520-1676866973-1270607637=:13414--