[Qemu-devel] Instruction trace for ARM target

[Klaus Goffart]

Hi,

I would like to generate an instruction trace for an ARM target. I
applied the patch from Stuart Brady posted in this thread
http://thread.gmane.org/gmane.comp.emulators.qemu/16604
to the corresponding "arm-target/*" files. It seems to work fine and
generates a trace of pc values. 

But, I'm not sure if these are all pc values. I do not completely
understand the way the helper_dump_pc() method is called, but it seems
that it is triggered in the disas_insn() respectively the
disas_arm_insn() method. But isn't each instruction just disassembled
once and then cached for the next execution? Then the corresponding pc
values would be missing.

To get the instructions being executed I call the ldl_code() method with
the actual pc value in the helper_dump_pc() method. It seems to work,
but it would be great if anybody could just point out if this is
correct.

My next step is to mark those instructions that are not executed due to
their condition codes and the memory accessed by executed instructions.
But I have no idea where this information is available. Can anybody give
me a clue?

I appreciate any help!

Thanks,

Klaus