Re: [Qemu-discuss] Singlestepping & Target assembly instructions

[Scott Dattalo]

On 9/15/2015 12:30 PM, Peter Maydell wrote:
> On 15 September 2015 at 19:38, Scott Dattalo <address@hidden> wrote:
> > Question: how can you tell QEmu to create an instruction trace?
> You can't, to a first approximation. QEMU's debug logging is
> aimed more at telling you what QEMU has done than providing
> detailed information on what the guest program is doing.

Thanks Peter. I also supply the '-singlestepping' option and was under 
the impression this would break the TB chains, or more specifically, 
flush the TB cache. Here's how I invoke qemu:

$ qemu-system-arm -M versatilepb -m 128M -nographic -D trace.log -d 
in_asm,cpu,exec -singlestep -kernel myprog.bin


> The optimisation that is tripping you up is that we chain TBs together,
> which means we will run a long chain of TBs and only print the 'exec'
> trace for the first one. (The exec tracing in current git master
> will at least tell you when it's linked two TBs so you can
> decipher from this some info on what TBs have been executed.)
> Adding a -d option to disable the TB chaining is something we're
> discussing, but I don't think anybody's written a patch yet.
> (It would not be a complicated change.)

I think there is a fork produce by Cedric Vincent:

https://github.com/cedric-vincent/qemu/tree/master/tcg/plugins

The idea is to allow the TCI to be instrumented with scripts. The QEmu 
source in github does not contain this code.

Scott