[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Qemu plugin vs. valgrind

From: Alex Bennée
Subject: Re: Qemu plugin vs. valgrind
Date: Tue, 31 Mar 2020 12:41:38 +0100
User-agent: mu4e 1.3.10; emacs 28.0.50

Benjamin <address@hidden> writes:

> Perhaps you're looking for something like this?
> https://wiki.qemu.org/Internships/ProjectIdeas/CacheModelling
> QEMU also supports a GDB stub, which might help with your last question.
> https://wiki.qemu.org/Features/gdbstub
> On Mon, Mar 30, 2020 at 7:31 AM Marc Hacin <address@hidden> wrote:
>> AFAIK, valgrind is not cross-architecture (their dev team is thinking
>> about that but it seems complicated).
>> Perhaps is it possible to build some similar analysis fonctionnality on
>> top of the new TCG plugins of QEMU ?

It is certainly a use-case that was envisioned for TCG plugins.

>> Is it planned ?

Not unless you are volunteering to do it ;-)

Now the initial version of plugins is merged upstream there are a number
of people experimenting with it's features and I hope they will submit
plugins to the upstream project. The above mentioned GSoC project should
also present a non-trivial plugin to exercise the core code.

It is likely the plugin API will expand but we will want to give careful
consideration to each expansion.

>> At first I need some sort of taintgrind plugin. I guess that the process
>> of translation to host code will produce all the side-effects of
>> registers spilling existing in the guest code. Am I right ?

I'm not sure what you mean by the side effects of register spills.
However for memory analysis you can instrument every read/write address

>> I have just tested a bit the plugins from the head/master branch.
>> Is there an API to find symbols->value in the guest code/data ? Shall I
>> pass a second time the ELF image to argv's plugin and then "help myself"
>> ?

Not at the moment although QEMU itself does have rudimentary support for
reading the symbol table from ELF files and I don't see why that can't
be exposed to plugins like we do for qemu_plugin_insn_disas.

>> what about relocations if user mode code ?

QEMU doesn't really track relocations - it's a function of the
translated linker. That said I believe the symbol addresses are
calculated as relative to each ELF segment.

>> Sorry, I am not sure if plugin development falls into "users" or "devel"
>> activities.

I would recommend -devel for future follow up posts.

>> --
>> Thierry Bernier

Alex Bennée

reply via email to

[Prev in Thread] Current Thread [Next in Thread]