Re: [Qemu-discuss] Singlestepping & Target assembly instructions

[Peter Maydell]

On 15 September 2015 at 19:38, Scott Dattalo <address@hidden> wrote:
> The answer provided doesn't work (at least with the latest QEmu in git).
> Specifically, it appears that once a TB has been cached there is no way to
> trace instruction execution. Similar to Manu, I invoke QEmu with '-D
> trace.log -d in_asm,cpu,exec -singlestep'. In my case, there are loops that
> execute dozens of times and the 'trace.log' only traces one pass through the
> loop.
>
> There is one painfully slow workaround: attach gdb to QEmu (e.g. by passing
> -s -S along with the other QEmu invocation options) and to single step the
> simulated program.
>
> For example, I have a loop that executes 100 iterations. Here's the trace
> log line count for an instruction in that loop with and withou gdb:
>
> No gdb:
> grep 0x000101d4: trace.log | wc
>       1       6      45
>
> Single stepping with gdb:
> grep 0x000101d4: trace.log | wc
>     100     600    4500
>
> Question: how can you tell QEmu to create an instruction trace?

You can't, to a first approximation. QEMU's debug logging is
aimed more at telling you what QEMU has done than providing
detailed information on what the guest program is doing.

The optimisation that is tripping you up is that we chain TBs together,
which means we will run a long chain of TBs and only print the 'exec'
trace for the first one. (The exec tracing in current git master
will at least tell you when it's linked two TBs so you can
decipher from this some info on what TBs have been executed.)
Adding a -d option to disable the TB chaining is something we're
discussing, but I don't think anybody's written a patch yet.
(It would not be a complicated change.)

thanks
-- PMM