qemu-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] Singlestepping & Target assembly instructions

From: Scott Dattalo
Subject: Re: [Qemu-discuss] Singlestepping & Target assembly instructions
Date: Tue, 15 Sep 2015 15:01:41 -0700
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 


On 9/15/2015 2:23 PM, Peter Maydell wrote:

On 15 September 2015 at 21:51, Scott Dattalo <address@hidden> wrote:

I think there is a fork produce by Cedric Vincent:

https://github.com/cedric-vincent/qemu/tree/master/tcg/plugins

The idea is to allow the TCI to be instrumented with scripts. The QEmu
source in github does not contain this code.

Yes. The problem is that there's a gap between "good enough
for my purposes" and "good enough to be able to put into
master" which is very wide and hard to bridge. (For tracing,
you need to have all of:
  * doesn't reduce maintainability of the code
  * works on all targets and hosts (ideally)
  * doesn't reduce performance if you're not using it
  * doesn't need to be specially enabled at compile time
for instance.)

I'd like to see better tracing but it needs somebody who
has the time and determination to get working code into
production QEMU.
I know what you mean Peter. If I had the time, I'd like to port the core of gpsim, the simulator I wrote for PIC microcontrollers, into the QEmu framework and include a near-zero overhead tracing mechanism.
I'm not familiar with QEmu, but gpsim implements fast tracing by concisely encoding trace information into a single 32-bit or 64-bit number. This information is written to a circular array. The trace information is decoded only when it's needed (usually after the simulation). But the basic idea is analogous to the TB. In QEmu's case, the trace information could be determined by the TCG at the point the guest code is cached into a TB. It should be straight forward to create a new host-agnostic TCG frontend OP that is conditionally inserted at the beginning of the translation block. The condition should be defined at the invocation of QEmu (as opposed to during the buildinf of QEmu).
This proposal does incur a performance hit if it is not used, and thus may not meet your acceptance. The penalty is when the guest code is translated QEmu has to determine whether or not to insert this special new frontend OP. I don't have a sense if this is significant or not. However, since -singlestepping already incurs overhead, perhaps this feature can hide behind that option. 

Scott
reply via email to
[Prev in Thread] Current Thread [Next in Thread]