Re: [Qemu-devel] Performance Monitoring

[Paul Brook]

> I'm doing a research project in which i want to run an OS under an emulator
> for a period of time and get full CPU opcode statistics (how many times
> every opcode was executed). As far as i understand the Qemu design, it is
> doing "JIT" translation of terget opcode to host opcodes to improve
> performance, and so there is no easy way to count target opcodes (e.g a
> loop is compiled JIT and runs natively).
>
> Is it possible to disable Qemu's JIT capabilities and get target opcode
> statistics?

You've a couple of options:

- Disable TB caching (so code is always translated whenever it is run), and do 
the counting during translation.  Performance is going to be fairly sucky.
- Inject the counters into the translated code.  This is maybe a bit more 
work, but should perform much better.

With either alternative you'll still have issues with exceptions. MMU faults 
abort a TB early, so will screw up your statistics. One possibility is to 
terminate a TB on every memory access, like we do for watchpoints.

You probably already know this, but I'd be surprised if the statistics you get 
have much/any correlation with real world performance on modern hardware.

Paul