qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: trace_FOO_tcg bit-rotted?

From: Alex Bennée
Subject: Re: trace_FOO_tcg bit-rotted?
Date: Mon, 12 Apr 2021 20:06:57 +0100
User-agent: mu4e 1.5.11; emacs 28.0.50 
Stefan Hajnoczi <stefanha@redhat.com> writes:

> On Fri, Apr 09, 2021 at 05:29:08PM +0100, Alex Bennée wrote:
>> 
>> Laurent Vivier <laurent@vivier.eu> writes:
>> 
>> > Le 06/04/2021 à 18:00, Alex Bennée a écrit :
>> >> Hi,
>> >> 
>> >> It's been awhile since I last played with this but I think we are
>> >> suffering from not having some test cases for tracing code
>> >> generation/execution in the tree. I tried adding a simple trace point to
>> >> see if I could track ERET calls:
>> >> 
>> >> --8<---------------cut here---------------start------------->8---
>> >> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
>> >> index 0b42e53500..0d643f78fe 100644
>> >> --- a/target/arm/translate-a64.c
>> >> +++ b/target/arm/translate-a64.c
>> >> @@ -36,6 +36,7 @@
>> >>  #include "exec/log.h"
>> >>  
>> >>  #include "trace-tcg.h"
>> >> +#include "trace.h"
>> >>  #include "translate-a64.h"
>> >>  #include "qemu/atomic128.h"
>> >>  
>> >> @@ -2302,6 +2303,9 @@ static void disas_uncond_b_reg(DisasContext *s, 
>> >> uint32_t insn)
>> >>          default:
>> >>              goto do_unallocated;
>> >>          }
>> >> +
>> >> +        trace_eret_tcg(s->current_el, dst);
>> >> +
>> >>          if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
>> >>              gen_io_start();
>> >>          }
>> >> diff --git a/target/arm/trace-events b/target/arm/trace-events
>> >> index 41c63d7570..2d4fca16a1 100644
>> >> --- a/target/arm/trace-events
>> >> +++ b/target/arm/trace-events
>> >> @@ -1,5 +1,10 @@
>> >>  # See docs/devel/tracing.txt for syntax documentation.
>> >>  
>> >> +# translate-a64.c
>> >> +# Mode: softmmu
>> >> +# Targets: TCG(aarch64-softmmu)
>> >> +tcg eret(int current_el, TCGv target_el) "trans_eret: from EL%d", 
>> >> "exec_eret: EL%d to EL%"PRId64
>> >
>> > If I read correctly, the name should be eret_tcg()
>> > And I'm not sure TCGv will be accepted as a parameter type, use
>> > uint64_t instead (and %PRIu64)
>> 
>> This was my confusion. I thought the trace-events file was prefixed with
>> tcg like guest_mem_before:
>> 
>>   vcpu tcg guest_mem_before(TCGv vaddr, uint16_t info) "info=%d", 
>> "vaddr=0x%016"PRIx64" info=%d"
>> 
>> and that signalled the tools to generate _trans, _exec and _tcg hooks in
>> the generated files. The trace code (see other patch) also has logic to
>> translate natural TCG types into the natives types as well signalling
>> which values are only visible for the _exec portion.
>> 
>> Maybe I'm over thinking this. Perhaps all the TCG tracing use cases are
>> just as easily supported with TCG plugins now and we should deprecate
>> this unused bit of complexity. I certainly understand the plugin
>> interactions better ;-)
>
> Lluís: are you happy to deprecate tcg trace events in favor of TCG
> plugins?
>
> My question is whether TCG plugins are really equivalent here. Will TCG
> plugin users have to write their own log file output code to extract
> this information from the QEMU process (i.e. reinventing tracing)?

Yes - although there is no reason we couldn't expose the trace output as
a helper. Currently there is:

  /**
   * qemu_plugin_outs() - output string via QEMU's logging system
   * @string: a string
   */
  void qemu_plugin_outs(const char *string);

which allows the user to echo to the log in conjunction with -d plugin
on the command line. Plugins are of course free to do there own thing.

> Is
> the performance at least as good as tracing?

Well like all things that depends ;-)

Generally on the sort of events you tend to trace (like the example
memory access) you usually either want to aggregate or filter your
results. With trace output their is no way to do this and you end up
post processing potentially very large files (smaller if you use the
non-default binary format). I don't know if a similar thing is possible
with uprobes and ebpf - I've only ever used the simple logging output in
anger. The example plugins generally do things like count total
accesses:

  https://gitlab.com/qemu-project/qemu/-/blob/master/tests/plugin/mem.c

(pretty fast in comparison to writing out reams of data)

or aggregate the results:

  https://gitlab.com/qemu-project/qemu/-/blob/master/contrib/plugins/hotpages.c

(probably slower while running QEMU, but faster overall because no post
processing of log files required.)

Of course plugins are a non-default build option because although light
it does have a small performance impact on code generation even when no
instrumentation is occurring. As a result you can't use it without
building a version first.

If we had test code in the build that used the TCG tracing abilities I
wouldn't worry because at least we are defending the feature and we
wouldn't run into problems like the above. At least if plugins get
broken we'll know about it due to the fairly thorough workout on CI, e.g.:

  https://gitlab.com/qemu-project/qemu/-/jobs/1172484753#L3458

-- 
Alex Bennée
reply via email to
[Prev in Thread] Current Thread [Next in Thread]