qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re:Re: QEMU function trace

From: wanghw364
Subject: Re:Re: QEMU function trace
Date: Wed, 14 Dec 2022 17:04:42 +0800 (CST)
Thanks. I have several questions as below, please help, thanks.

1.What do you mean by "only have debug symbols available for linux-user so"? What does the linux-user so refer to?
 qemu_plugin_insn_symbol() can only see symbols from linux-user so?

2.The purpose of teaching the linux kernel loader to understand and relocate symbols from an ELF kernel image,
or extract then and feed them directly to the plugin, is to solve the issue that qemu_plugin_insn_symbol() can't see kernel symbol?

3.How to make the kernel loader understand and relocate symbols in QEMU? How to feed the symbol table directly to the plugin?
As I can see, cache plugin has used qemu_plugin_insn_symbol() and there is function name info in the output result,
but it seems there is no symbol table feeding in the command, shown in https://gitlab.com/qemu-project/qemu/-/blob/master/docs/devel/tcg-plugins.rst .
$ qemu-x86_64 -plugin ./contrib/plugins/libcache.so -d plugin -D cache.log ./tests/tcg/x86_64-linux-user/float_convs

So I was wondering how the symbol table was fed into the plugin? What is the usage of para ./tests/tcg/x86_64-linux-user/float_convs?

4.If we make kernel symbol visible to qemu_plugin_insn_symbol(), the only thing we need to do is to make the core model identify which instruction
is the start of one function and record the function trace by looking up symbol table once the function-level start instruction was executed?

Actually I have the kernel symbol table file named 'System.map' under the kernel directory, I was wondering how to feed it to the plugin.



Thanks.








At 2022-12-13 23:44:29, "Alex Bennée" <alex.bennee@linaro.org> wrote:
>
>wanghw364 <wanghw364@163.com> writes:
>
>> Hi all,
>>
>> Does qemu-system-riscv64 have any plugin or tools that can support target program function trace feature?
>>
>> It seems there is no such feature under
>> link:https://gitlab.com/qemu-project/qemu/-/blob/master/docs/devel/tcg-plugins.rst 
>>
>> For example, we can use libexeclog.so plugin to trace target program instruction trace.
>>
>> In my case, when I boot linux kernel with qemu, it hangs in the halfway, but I don't know the hang position in
>> the code, 
>>
>> so I want to trace the kernel function calling trace so that I can
>> find out when and where execution diverges.
>
>Not currently but it wouldn't be super hard to write such a thing.
>However currently we only have debug symbols available for linux-user so
>that is all the helper qemu_plugin_insn_symbol() will see.
>
>You need to teach the linux kernel loader to understand and relocate
>symbols from an ELF kernel image. Alternatively you could extract then
>and feed them directly to the plugin. It would then be fairly trivial to
>stick an execution callback at every function entrance.
>
>I suspect KASLR messes things up though.
>
>>
>> Thanks. 
>
>
>-- 
>Alex Bennée
reply via email to
[Prev in Thread] Current Thread [Next in Thread]