qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Get only TCG code without execution

From: Rajat Goyal
Subject: Re: [Qemu-devel] Get only TCG code without execution
Date: Mon, 16 Jan 2012 12:23:15 +0000
Thanks for your text, Stefan.

The situation is like this. The most basic multi-threaded program (using pthreads) which just prints something like "I am Thread 1" and "I am Thread 2" does not work over the QEMU user emulator. There are no output messages saying "I am thread 1" etc. when the program binary is run over qemu-arm or qemu-i386. For qemu-i386, the reason is alright - there is no implementation for the futex syscall. But for qemu-arm, the syscall trace shows " *** longjmp causes uninitialized stack frame ***: qemu-arm terminated". And hence, the entire TCG code for the binary is not obtained in the QEMU log since QEMU does not complete execution of the binary.

What is the way out of this? The reason I need TCG code is because my project work is to write a semantics for TCG micro-operations and then compare my semantics with a semantics for ARM instructions being written by someone else. To test my semantics, I need the corresponding TCG code for several different multi-threaded ARM binaries.

Many thanks in anticipation,
Rajat.

On Mon, Jan 16, 2012 at 8:41 AM, Stefan Hajnoczi <address@hidden> wrote:
On Sun, Jan 15, 2012 at 11:09:18PM +0000, Rajat Goyal wrote:
> I am doing a project to build a daemonic ARM emulator using QEMU. One of
> the requirements is to get the complete TCG code for any multi-threaded ARM
> program that I run on QEMU. I do not need QEMU to execute the program and
> show me the output. Just the entire TCG code. The latest version of
> qemu-arm seems to break while running pthread parallel ARM binaries, ie,
> qemu-arm terminates without completing execution and hence, the entire TCG
> code cannot be captured in the log. Is there a way by which I can get the
> complete TCG code for pthread parallel binaries in exchange for not making
> QEMU execute the binary?

QEMU is a dynamic binary translator.  You don't know the next block
without executing the current block.  It's not possible to translate a
whole program without executing it - remember it can load shared
libraries, use self-modifying code, or just employ indirect jumps which
you cannot analyze statically.

In the general case it's not possible.  Can you explain why you're
trying to do this?

Stefan



--
Rajat Goyal
5th year undergraduate student
Integrated Master of Technology
Mathematics and Computing
Department of Mathematics
IIT Delhi
reply via email to
[Prev in Thread] Current Thread [Next in Thread]