qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Trace all instrucdtions in loop

From: vanson . dang
Subject: [Qemu-devel] Trace all instrucdtions in loop
Date: Wed, 13 Oct 2010 10:15:37 +0700 
Dear All.

Currently, QEMU doesn't trace all  instructions in loop

for example:

main.c
------------------------------
main()
{
      int a = 1,b = 2,c = 3, i;
      int sum,sub,mul;
      for(i = 0; i < 3; i++) {
            sum = b+c;
            sub = b-c;
            mul = b*c;
      }
      return 0;
}
------------------------------

I compile it to main.bin


I modify QEMU to trace all instructions in loop

exec.c

in function TranslationBlock *tb_gen_code(CPUState *env,
                                    target_ulong pc, target_ulong cs_base,
                                    int flags, int cflags)
Comment this line
------------------------------
//tb_link_phys(tb, phys_pc, phys_page2);
------------------------------



cpu-exec.c

in function static TranslationBlock *tb_find_slow(target_ulong pc,
                                            target_ulong cs_base,
                                            uint64_t flags)

Insert this line
......
 not_found:
   /* if no translated code available, then translate it now */
    tb = tb_gen_code(env, pc, cs_base, flags, 0);
------------------------------
    return tb;
------------------------------
 found:
    /* we add the TB in the virtual pc hash table */
    env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb;
    return tb;
......

and run it following command;

qemu-system-arm -M realview-pbx-a9 -kernel /QEMU/main.bin -d in_asm

And I open file /tmp/qemu.log. Please see below

All instructions traced in loop.

But When I trace with the number of loop is bigger. for example 500 times.
main()
{
      int a = 1,b = 2,c = 3, i;
      int sum,sub,mul;
      for(i = 0; i < 500; i++) {
            sum = b+c;
            sub = b-c;
            mul = b*c;
      }
      return 0;
}
QEMU log incorrectly. some time it log 515 time. sometime it log 512 ...

So why does it log incorrectly?

----------------
IN:
0x00000000:  mov  r0, #0      ; 0x0
0x00000004:  mov  r1, #109    ; 0x6d
0x00000008:  orr  r1, r1, #1792     ; 0x700
0x0000000c:  ldr  r2, [pc, #0]      ; 0x14
0x00000010:  ldr  pc, [pc, #0]      ; 0x18

----------------
IN:
0x70010000:  ldr  sp, [pc, #4]      ; 0x7001000c
0x70010004:  bl   0x700100f0

----------------
IN:
0x700100f0:  push {fp}        ; (str fp, [sp, #-4]!)
0x700100f4:  add  fp, sp, #0  ; 0x0
0x700100f8:  sub  sp, sp, #36 ; 0x24
0x700100fc:  mov  r3, #1      ; 0x1
0x70010100:  str  r3, [fp, #-32]
0x70010104:  mov  r3, #2      ; 0x2
0x70010108:  str  r3, [fp, #-28]
0x7001010c:  mov  r3, #3      ; 0x3
0x70010110:  str  r3, [fp, #-24]
0x70010114:  mov  r3, #0      ; 0x0
0x70010118:  str  r3, [fp, #-20]
0x7001011c:  b    0x7001015c

----------------
IN:
0x7001015c:  ldr  r3, [fp, #-20]
0x70010160:  cmp  r3, #2      ; 0x2
0x70010164:  ble  0x70010120

----------------
IN:
0x70010120:  ldr  r2, [fp, #-28]
0x70010124:  ldr  r3, [fp, #-24]
0x70010128:  add  r3, r2, r3
0x7001012c:  str  r3, [fp, #-16]
0x70010130:  ldr  r2, [fp, #-28]
0x70010134:  ldr  r3, [fp, #-24]
0x70010138:  rsb  r3, r3, r2
0x7001013c:  str  r3, [fp, #-12]
0x70010140:  ldr  r3, [fp, #-28]
0x70010144:  ldr  r2, [fp, #-24]
0x70010148:  mul  r3, r2, r3
0x7001014c:  str  r3, [fp, #-8]
0x70010150:  ldr  r3, [fp, #-20]
0x70010154:  add  r3, r3, #1  ; 0x1
0x70010158:  str  r3, [fp, #-20]
0x7001015c:  ldr  r3, [fp, #-20]
0x70010160:  cmp  r3, #2      ; 0x2
0x70010164:  ble  0x70010120

----------------
IN:
0x70010120:  ldr  r2, [fp, #-28]
0x70010124:  ldr  r3, [fp, #-24]
0x70010128:  add  r3, r2, r3
0x7001012c:  str  r3, [fp, #-16]
0x70010130:  ldr  r2, [fp, #-28]
0x70010134:  ldr  r3, [fp, #-24]
0x70010138:  rsb  r3, r3, r2
0x7001013c:  str  r3, [fp, #-12]
0x70010140:  ldr  r3, [fp, #-28]
0x70010144:  ldr  r2, [fp, #-24]
0x70010148:  mul  r3, r2, r3
0x7001014c:  str  r3, [fp, #-8]
0x70010150:  ldr  r3, [fp, #-20]
0x70010154:  add  r3, r3, #1  ; 0x1
0x70010158:  str  r3, [fp, #-20]
0x7001015c:  ldr  r3, [fp, #-20]
0x70010160:  cmp  r3, #2      ; 0x2
0x70010164:  ble  0x70010120

----------------
IN:
0x70010120:  ldr  r2, [fp, #-28]
0x70010124:  ldr  r3, [fp, #-24]
0x70010128:  add  r3, r2, r3
0x7001012c:  str  r3, [fp, #-16]
0x70010130:  ldr  r2, [fp, #-28]
0x70010134:  ldr  r3, [fp, #-24]
0x70010138:  rsb  r3, r3, r2
0x7001013c:  str  r3, [fp, #-12]
0x70010140:  ldr  r3, [fp, #-28]
0x70010144:  ldr  r2, [fp, #-24]
0x70010148:  mul  r3, r2, r3
0x7001014c:  str  r3, [fp, #-8]
0x70010150:  ldr  r3, [fp, #-20]
0x70010154:  add  r3, r3, #1  ; 0x1
0x70010158:  str  r3, [fp, #-20]
0x7001015c:  ldr  r3, [fp, #-20]
0x70010160:  cmp  r3, #2      ; 0x2
0x70010164:  ble  0x70010120

----------------
IN:
0x70010168:  mov  r3, #0      ; 0x0
0x7001016c:  mov  r0, r3
0x70010170:  add  sp, fp, #0  ; 0x0
0x70010174:  pop  {fp}        ; (ldr fp, [sp], #4)
0x70010178:  bx   lr

----------------
IN:
0x70010008:  b    0x70010008


"The information in this e-mail (including attachments) is confidential and is 
only intended for use by the addressee. If you are not the intended recipient 
or addressee, please notify us immediately. Any unauthorized disclosure, use or 
dissemination either in whole or in part is prohibited. Opinions, conclusions 
and other information contained in this message are personal opinions of the 
sender and do not necessarily represent the views of the Panasonic Group of 
companies."
reply via email to
[Prev in Thread] Current Thread [Next in Thread]