I'm doing a research project in which i want to run an OS under an emulator for a period of time and get full CPU opcode statistics (how many times every opcode was executed). As far as i understand the Qemu design, it is doing "JIT" translation of terget opcode to host opcodes to improve performance, and so there is no easy way to count target opcodes (e.g a loop is compiled JIT and runs natively).
Is it possible to disable Qemu's JIT capabilities and get target opcode statistics?