Re: Question about tracking istructions with TCG plugin

[Alex Bennée]

anton.trapanese@studenti.unina.it writes:

> Hi,
> I'm running Qemu 7.0.0 in system mode, in particular I'm emulating a
> MPC8548 Power PC board, which is running an hypervisor, which is
> running two virtual boards on top.
>
> Right now I'm interested in tracking the crashes of one of these
> virtual boards, so I inserted inside of it a bug on purpose, knowing
> that when the execution arrives at that point that specific VB is
> going to crash. When this happens, I know that the hypervisor between
> the MPC board and the VBs call a certain function, so I'm tracking
> that specific istruction with the already existing plugin "execlog"
> with the "afilter=myaddress" option.

It's possible there is a bug in execlog that gets thrown off by
exceptions which change control flow or the address filtering.

The vcpu_insn_exec() callback dumps the previous instruction when the
next instruction executes. This is so it can track the memory
loads/stores. If the exception changes the next instruction address to a
non-instrumented address it will never dump the instruction.

>
> All of this works, but there's something strange: The function i'm
> tracking shows up only when I interrupt the Qemu emulation. So just to
> be clear:
>
> When I execute the system WITH the bug, after that specific VB crashes
> (I know when that happens because it stops printing on the serial
> port) and AFTER i manually interrupt the Qemu emulation of the full
> system, the fuction tracked shows up.
>
> When I execute the system WITHOUT the bug, whenever I interrupt the
> Qemu emulation that fuction does not appear, beacuse of course it
> wasn't called since nothing crashed.
>
> So as you can see, it works as intended but I do have a small problem:
> I wanted to track the execution of that instruction WHILE the system
> is still running. Honestly I don't really understand why that fuction
> gets logged only after I stop the entire system... Theoretically, when
> that specific VB crashes, the hypervisor calls that function to handle
> the VB's crash, so why does it shows up inside the log only after I
> stop the system altogether? As i mentioned earlier, I'm using the
> execlog.c plugin that is already included in Qemu without changing
> anything (i'm just filtering for a specific address using the
> 'afilter' option) and if I execute that plugin without the filtering,
> it prints a lot of output WHILE the emulation is running. It's not
> like it start to print after I stop emulating.
>
> So I wanted to hear some opinions about this. Do you think the mistake
> I'm doing lies behind Qemu itself, the plugin, or the system I'm
> emulating?
>
> Thank you for your time, regards,
> Antonio


-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro