[Qemu-discuss] TCG execution in QEMU is stuck

[Arnabjyoti Kalita]

Hi all,

I have been trying to modify the execution flow in QEMU. Briefly, at
certain points in my program, I have tried to reverse the direction of the
branch i.e. if the branch was taken, I have forced the branch to not be
taken or if the branch was not-taken, I have forced the branch to be taken.

I am trying to make this work so that eventually QEMU follows this modified
path and ends up finishing the execution of the application.

I use the TCG as accelerator when I run the application in QEMU. To test my
design such that it follows the new execution path, I am using the QEMU
"loadvm" command to load a previously saved snapshot.

At a certain point in the program, I see that the TCG execution has stopped
entirely. I observed the trace logs which are shown below -

Trace 0: 0x7f9669ee5d80 [0000000000000000/ffffffff810f6caa/0x40cab0]
tb_exit value is 3
Stopped execution of TB chain before 0x7f9669ee5d80 [ffffffff810f6caa]
Trace 0: 0x7f9669ee5d80 [0000000000000000/ffffffff810f6caa/0x40cab0]
tb_exit value is 3
Stopped execution of TB chain before 0x7f9669ee5c00 [ffffffff810f6cc3]

I can see that the function tcg_qemu_tb_exec is returning the value 3. From
what I can understand, this means that the TCG code is waiting for an
interrupt. I am finding it hard to understand in what scenarios will the
TCG be waiting for an interrupt - and how can I make sure that the
execution does not stop. Is there some mechanism to manually override this
- since I am manually modifying the QEMU's execution flow ?

This problem does not arise (at just the exact same point) when I allow
QEMU to follow the original path.

I am using QEMU's version 2.11.50 and running linux -4.4.0-62-generic, the
target and host architecture is x86-64.

Thanks and Regards,
Arnab