Re: [Qemu-devel] Tracing guest virtual addresses

[Lluís Vilanova]

Alex Bennée writes:

> Lluís Vilanova <address@hidden> writes:

>> Alex Bennée writes:
>> 
>>> Peter Maydell <address@hidden> writes:
>> 
>>>> On 20 June 2017 at 12:02, Lluís Vilanova <address@hidden> wrote:
>>>>> Jayanto Minocha writes:
>>>>>> But that is only used to instrument the cpu_ld/cpu_st macros, which is 
>>>>>> only
>>>>>> called in the case of a tlb miss.
>>>>> 
>>>>>> I've been going over the archives, and it looks like I need to instrument
>>>>>> tcg_out_tlb_load. Am I on the right path ?
>>>>> 
>>>>> That event should trace all guest memory accesses performed by the CPU. 
>>>>> If you
>>>>> found any case where this does not hold, it is likely a bug and I'd 
>>>>> appreciate
>>>>> it if you can point me to the smallest possible failing example.
>>>> 
>>>> Does it catch memory accesses that are performed via helper functions,
>>>> or only ones done by inline TCG code?
>> 
>>> AFAICT it inserts a helper call on the TCG ld/st ops. I wonder why not
>>> just ensure we always take the slow path and put the helpers in the
>>> access functions there? You could even apply an address mask if you only
>>> want to look at certain address ranges.
>> 
>> It also catches accesses performed by helpers.

> Don't helper accesses also pass through the SoftMMU? Or are we talking
> about user-space access as well here?

There's two places where memory access tracing is triggered:

* tcg_gen_qemu_ld/st_...
* ld/st templates (both softmmu and user)

AFAIK, helpers use the ld/st templates to access guest memory.

You can check for calls to trace_guest_mem_before_exec and
trace_guest_mem_before_tcg.


Thanks,
  Lluis