Re: [Qemu-devel] tracing memory accesses

["Blue Swirl" <blauwirbel@gmail.com>]

On 11/11/08, Màrius Montón <marius.monton@uab.cat> wrote:
> Hello,
>
>  I've been working for a while adding SystemC capabilities to QEMU (in short, SystemC is a C++ extension to describe HW and we are using it to add new peripherals to QEMU) (http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4374971)
>
>  Now it's time to move a whole system to a SystemC described one but the CPU. My plan is to use QEMU CPU emulation and substitute all peripherals by its SystemC description and communicate using any sort of bus in SystemC too.
>
>  So I need to capture all memory accesses from CPU to Memory. I've been looking at code, and I can see that ldq_phys, ldl_phys (in exec.c) are used to load from
>  memory to CPU, but I'm not able to see what functions are used to manage stores from CPU to memory. I can see some equivalent functions called stl_phys_notdirty and stl_phys, but they never used (I'm focused in ARM platforms).
>
>  Do you have any hint about that? Do you think managing these functions is enough to capture all data moving from CPU to RAM?

The loads and stores check the TLB if the address has been translated
(see for example generic version in softmmu_header.h). If not,
cpu_arm_mmu_fault is called to translate the address. After that, the
entry is added to TLB and the access is retried.

On subsequent accesses (also for writes if the permissions allow)
there is only a TLB lookup followed by a raw access.

Capturing all accesses transparently would need stacking of devices or
generic bus/DMA system, but we have neither. Patches welcome :-)

Less transparently this could be handled so that one device registers
that it handles all physical address space, including RAM. No other
devices register anything. If you need to access other devices, the
access functions of other devices can be called directly from the all
memory device, RAM similarly. I don't know if DMA would work.