如何使用QEMU的简单跟踪后端? [英] How to use QEMU's simple trace backend?

问题描述

这是对此问题的跟进其他细节，因为没有人回答.我克隆了最新的QEMU回购，并遵循文档，这是取消跟踪事件文件注释后的/tmp/events文件.

This is a follow up to this question with additional details since no one helped answer it. I cloned the latest QEMU repo and followed this tutorial to create a Hello World program for arm-softmmu. I traced the TCG, rather the registers in the Basic Block using Helper Functions but I came across the tracing functionality and I wanted to try it out. Following the documentation, this is my /tmp/events file after uncommenting the trace-events file.

exec_tb
exec_tb_exit

trace-events文件中已删除disable关键字以启用跟踪的部分是:

The part of the trace-events file in which the disable keyword was removed to enable trace is :

# TCG related tracing (mostly disabled by default)
# cpu-exec.c
exec_tb(void *tb, uintptr_t pc) "tb:%p pc=0x%"PRIxPTR
exec_tb_nocache(void *tb, uintptr_t pc) "tb:%p pc=0x%"PRIxPTR
exec_tb_exit(void *last_tb, unsigned int flags) "tb:%p flags=%x"

这是我配置和运行qemu可执行文件的方式:

This is how I configure and run the qemu executable:

./configure --target-list=arm-softmmu --enable-trace-backends=simple

make

./qemu-system-arm -trace events=/tmp/events -M versatilepb -m 256M -nographic -kernel ~/FileName.bin

从arm-softmmu目录中，我以这种方式运行简单的跟踪python脚本:

From the arm-softmmu directory, I run the simple trace python script this way:

./scripts/simpletrace.py trace-events arm-softmmu/trace-*pid* | head

我在这里做错什么了吗?由于我绝对没有收到任何信息.甚至跟踪后的二进制文件也只是短线(当然是乱码).我实际上期望有足够大的痕迹.

Am I doing anything wrong here? Since I receive absolutely no information. Even the binary after tracing is just a short line(of gibberish, of course). I expected a large enough trace actually.

推荐答案

我无法发现您在做什么，但是我可以提供一个仅在一个命令中起作用的最小的自包含工作示例:

I can't spot what you are doing wrong, but I can provide a minimal self contained working example that just works in one command: https://github.com/cirosantilli/linux-kernel-module-cheat/tree/467923860b78bb5d0c787f1433682dfc9c83223a#count-instructions

克隆后，请执行以下操作:

Once you clone do:

./run -n -- -trace exec_tb,file=trace
./qemu/scripts/simpletrace.py qemu/trace-events trace >trace.txt
wc -l trace

，您将看到痕迹.

对于ARM:

./run -a arm -- -trace exec_tb,file=trace

也许这可以让您找出问题所在.

Maybe this will allow you to diff out what is wrong.

QEMU配置行Buildroot所做的确切是:

The exact QEMU config line Buildroot did was:

./configure --target-list="arm-softmmu" --prefix="/home/ciro/bak/git/linux-kernel-module-cheat/buildroot/output.arm~/hos
t/usr" --interp-prefix=/home/ciro/bak/git/linux-kernel-module-cheat/buildroot/output.arm~/host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot --cc="/usr/bin/gcc" --host-cc="/usr
/bin/gcc" --python=/home/ciro/bak/git/linux-kernel-module-cheat/buildroot/output.arm~/host/usr/bin/python2 --extra-cflags="-O2 -I/home/ciro/bak/git/linux-kernel-module-cheat/bu
ildroot/output.arm~/host/usr/include" --extra-ldflags="-L/home/ciro/bak/git/linux-kernel-module-cheat/buildroot/output.arm~/host/lib -L/home/ciro/bak/git/linux-kernel-module-ch
eat/buildroot/output.arm~/host/usr/lib -Wl,-rpath,/home/ciro/bak/git/linux-kernel-module-cheat/buildroot/output.arm~/host/usr/lib" --enable-debug --enable-sdl --extra-cflags='-
DDEBUG_PL061=1' --with-sdlabi=2.0

在QEMU v2.7.0上，完整的QEMU命令为:

on QEMU v2.7.0, and the full QEMU command was:

./buildroot/output.x86_64~/host/usr/bin/qemu-system-x86_64 -m 128M -monitor telnet::45454,server,nowait -netdev user,hostfwd=tcp::45455-:45455,id=net0 -smp 1  -M pc -append 'root=/dev/vda nopat nokaslr norandmaps printk.devkmsg=on printk.time=y console=ttyS0 init=/poweroff.out' -device edu -device lkmc_pci_min -device virtio-net-pci,netdev=net0 -kernel ./buildroot/output.x86_64~/images/bzImage  -nographic -trace exec_tb,file=trace -drive file='./buildroot/output.x86_64~/images/rootfs.ext2.qcow2,if=virtio,format=qcow2'

我还建议您先不要使用-enable-trace-backends ，这会导致更简单的后端，只会将内容吐出到stdout，而这会带来较大的性能损失.另外，尝试将GDB QEMU设置起来，应该很容易找出丢失的内容.

I also recommend that you start without --enable-trace-backends, which leads to the even simpler backend that just spits things to stdout, with a large performance penalty. Also try to GDB QEMU up, it should be easy to figure out what is missing.

更新2.11

• 将跟踪事件移至:accel/tcg/trace-events，如 https://github.com/cirosantilli/qemu/commit/8dbff6d3728ff78c4da74d667bb4833edade06aa
• 您必须使用生成的trace-events-all文件，如下所示: -d in_asm 选项

  -d in_asm option

  自从我找到此选项以来，我一直在使用它来获取指令列表，而不是更复杂的跟踪后端:

  Since I found about this option, I have been using it to get instruction listings rather than the more complicated trace backend: Tracing/profiling instructions

  我希望性能不会那么好，但是如果它对您足够好，例如当我进行裸机/用户模式仿真时，就去做吧.

  I would expect performance to not be as good, but if it is good enough for you, as when I do baremetal / user mode simulation, go for it.

  这篇关于如何使用QEMU的简单跟踪后端?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！