[Qemu-devel] [UPDATE] static instrumentation

[Lluís]

In case anyone is interested, I've pushed an updated version for the static
instrumentation:
        https://projects.gso.ac.upc.edu/projects/qemu-instrument/
        git clone https://code.gso.ac.upc.edu/git/qemu-instrument/


Changes:
 * Instruction-based backdoors produce an immediate exit to the 'cpu_exec' loop
   (so that instrumentation state change can take effect immediately).
   I couldn't find documentation on how 'cpu_exec' works WRT 'exit_tb', but
   this document helped me understand it (section 2.2.3):
      http://gsoc.cat-v.org/people/nwf/paper-strategy-plus.pdf
 * Real per-cpu instrumentation state.
 * Per-state TB cache; now switching states can reuse already-translated TBs,
   improving performance: tb_phys_cache is no longer flushed; instead, only
   tb_jmp_cache is flushed (for the state switching CPU).

This provides a first fully-working version of the lower-level infrastructure.


What's next:
 * Start defining the necessary static instrumentation points.
 * Invoke defined points on each target architecture.

This is the time-consuming part, so if anyone is interested on implementing the
invocation of points on any target, contributions are appreciated.


Lluis

-- 
 "And it's much the same thing with knowledge, for whenever you learn
 something new, the whole world becomes that much richer."
 -- The Princess of Pure Reason, as told by Norton Juster in The Phantom
 Tollbooth