importing QTRACE changes to QEMU-TRACE

Makefile

@@ -190,10 +190,12 @@ libqemuutil.a: $(util-obj-y) qapi-types.o qapi-visit.o
 ######################################################################
 
 qemu-img.o: qemu-img-cmds.h
+qemu-adebug.o: qemu-adebug.h
 
 qemu-img$(EXESUF): qemu-img.o $(block-obj-y) libqemuutil.a libqemustub.a
 qemu-nbd$(EXESUF): qemu-nbd.o $(block-obj-y) libqemuutil.a libqemustub.a
 qemu-io$(EXESUF): qemu-io.o $(block-obj-y) libqemuutil.a libqemustub.a
+qemu-adebug$(EXESUF): qemu-adebug.o
 
 qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o
 

Makefile.target

@@ -111,6 +111,7 @@ endif #CONFIG_BSD_USER
 ifdef CONFIG_SOFTMMU
 obj-y += arch_init.o cpus.o monitor.o gdbstub.o balloon.o ioport.o
 obj-y += qtest.o
+obj-y += qtrace.o
 obj-y += hw/
 obj-$(CONFIG_FDT) += device_tree.o
 obj-$(CONFIG_KVM) += kvm-all.o
@@ -151,6 +152,8 @@ ifndef CONFIG_HAIKU
 LIBS+=-lm
 endif
 
+LIBS+=-ldl
+
 ifdef QEMU_PROGW
 # The linker builds a windows executable. Make also a console executable.
 $(QEMU_PROGW): $(all-obj-y) ../libqemuutil.a ../libqemustub.a

configure

@@ -3602,7 +3602,7 @@ qemu_localedir="$datadir/locale"
 
 tools=""
 if test "$want_tools" = "yes" ; then
-  tools="qemu-img\$(EXESUF) qemu-io\$(EXESUF) $tools"
+  tools="qemu-img\$(EXESUF) qemu-io\$(EXESUF) qemu-adebug\$(EXESUF) $tools"
   if [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" ] ; then
     tools="qemu-nbd\$(EXESUF) $tools"
   fi

cpu-exec.c

@@ -22,6 +22,11 @@
 #include "tcg.h"
 #include "qemu/atomic.h"
 #include "sysemu/qtest.h"
+#include "qtrace.h"
+
+extern void * client_reset_stats;
+extern void  * client_print_stats;
+
 
 bool qemu_cpu_has_work(CPUState *cpu)
 {
@@ -49,6 +54,31 @@ void cpu_resume_from_signal(CPUArchState *env, void *puc)
 }
 #endif
 
+
+/* asynchronous debug channel */
+static inline void qtrace_cpu_handle_cmds(CPUArchState *cpu)
+{
+    if (channel->flushcc) tb_flush(cpu);
+    if (channel->client_reset_all) qtrace_invoke_client_from_list(NULL,
+                                                                  ResetStatsNameString,
+                                                                  resetstats_list);
+    if (channel->client_print_all) qtrace_invoke_client_from_list(NULL,
+                                                                  PrintStatsNameString,
+                                                                  printstats_list);
+    if (channel->client_userd) qtrace_invoke_client_from_list(channel->mname,
+                                                              channel->fname,
+                                                              userdefine_list);
+    if (channel->client_reset) qtrace_invoke_client_from_list(channel->mname,
+                                                              ResetStatsNameString,
+                                                              resetstats_list);
+    if (channel->client_print) qtrace_invoke_client_from_list(channel->mname,
+                                                              PrintStatsNameString,
+                                                              printstats_list);
+    /* done. reset the channel */
+    memset(channel, 0, sizeof(DebugChannel));
+}
+
+
 /* Execute a TB, and fix up the CPU state afterwards if necessary */
 static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu, uint8_t *tb_ptr)
 {
@@ -74,6 +104,7 @@ static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu, uint8_t *tb_ptr)
          */
         cpu->tcg_exit_req = 0;
     }
+
     return next_tb;
 }
 
@@ -199,6 +230,7 @@ static void cpu_handle_debug_exception(CPUArchState *env)
 
 volatile sig_atomic_t exit_request;
 
+
 int cpu_exec(CPUArchState *env)
 {
     CPUState *cpu = ENV_GET_CPU(env);
@@ -595,8 +627,13 @@ int cpu_exec(CPUArchState *env)
 #endif
                 }
 #endif /* DEBUG_DISAS */
+
+                /* handle QTRACE commands */
+                qtrace_cpu_handle_cmds(env);
+
                 spin_lock(&tcg_ctx.tb_ctx.tb_lock);
                 tb = tb_find_fast(env);
+
                 /* Note: we do it here to avoid a gcc bug on Mac OS X when
                    doing it in tb_find_slow */
                 if (tcg_ctx.tb_ctx.tb_invalidated_flag) {
@@ -614,8 +651,10 @@ int cpu_exec(CPUArchState *env)
                    spans two pages, we cannot safely do a direct
                    jump. */
                 if (next_tb != 0 && tb->page_addr[1] == -1) {
+#if 0 
                     tb_add_jump((TranslationBlock *)(next_tb & ~TB_EXIT_MASK),
                                 next_tb & TB_EXIT_MASK, tb);
+#endif
                 }
                 spin_unlock(&tcg_ctx.tb_ctx.tb_lock);
 
@@ -627,6 +666,10 @@ int cpu_exec(CPUArchState *env)
                 barrier();
                 if (likely(!cpu->exit_request)) {
                     tc_ptr = tb->tc_ptr;
+
+    //                if (tc_ptr == 0x7fe71ba91580)
+                 //   printf("tc_ptr is 0x%lx\n", tc_ptr);
+
                     /* execute the generated code */
                     next_tb = cpu_tb_exec(cpu, tc_ptr);
                     switch (next_tb & TB_EXIT_MASK) {

include/exec/cpu-all.h

@@ -324,6 +324,7 @@ extern unsigned long reserved_va;
 #define TARGET_PAGE_MASK ~(TARGET_PAGE_SIZE - 1)
 #define TARGET_PAGE_ALIGN(addr) (((addr) + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK)
 
+
 /* ??? These should be the larger of uintptr_t and target_ulong.  */
 extern uintptr_t qemu_real_host_page_size;
 extern uintptr_t qemu_host_page_size;

include/exec/cpu-defs.h

@@ -142,6 +142,14 @@ typedef struct CPUWatchpoint {
     QTAILQ_ENTRY(CPUWatchpoint) entry;
 } CPUWatchpoint;
 
+typedef struct CPUFetchStoreShadow {
+    target_ulong vaddr;
+    target_ulong paddr;
+    target_ulong bsize;
+    target_ulong prevalue;
+    target_ulong pstvalue;
+} CPUFetchStoreShadow;
+
 #define CPU_TEMP_BUF_NLONGS 128
 #define CPU_COMMON                                                      \
     /* soft mmu support */                                              \
@@ -167,9 +175,9 @@ typedef struct CPUWatchpoint {
                                                                         \
     /* from this point: preserved by CPU reset */                       \
     /* ice debug support */                                             \
-    QTAILQ_HEAD(breakpoints_head, CPUBreakpoint) breakpoints;            \
+    QTAILQ_HEAD(breakpoints_head, CPUBreakpoint) breakpoints;           \
                                                                         \
-    QTAILQ_HEAD(watchpoints_head, CPUWatchpoint) watchpoints;            \
+    QTAILQ_HEAD(watchpoints_head, CPUWatchpoint) watchpoints;           \
     CPUWatchpoint *watchpoint_hit;                                      \
                                                                         \
     /* Core interrupt code */                                           \
@@ -178,5 +186,8 @@ typedef struct CPUWatchpoint {
                                                                         \
     /* user data */                                                     \
     void *opaque;                                                       \
+                                                                        \
+    /* current instruction flag */                                      \
+    unsigned qtrace_instflags;                                          \
 
 #endif

include/exec/exec-all.h

@@ -59,14 +59,14 @@ typedef struct TranslationBlock TranslationBlock;
  * and up to 4 + N parameters on 64-bit archs
  * (N = number of input arguments + output arguments).  */
 #define MAX_OPC_PARAM (4 + (MAX_OPC_PARAM_PER_ARG * MAX_OPC_PARAM_ARGS))
-#define OPC_BUF_SIZE 640
+#define OPC_BUF_SIZE  640 
 #define OPC_MAX_SIZE (OPC_BUF_SIZE - MAX_OP_PER_INSTR)
 
 /* Maximum size a TCG op can expand to.  This is complicated because a
    single op may require several host instructions and register reloads.
    For now take a wild guess at 192 bytes, which should allow at least
    a couple of fixup instructions per argument.  */
-#define TCG_MAX_OP_SIZE 192
+#define TCG_MAX_OP_SIZE  192
 
 #define OPPARAM_BUF_SIZE (OPC_BUF_SIZE * MAX_OPC_PARAM)
 
@@ -121,7 +121,7 @@ static inline void tlb_flush(CPUArchState *env, int flush_global)
 /* XXX: use a per code average code fragment size and modulate it
    according to the host CPU */
 #if defined(CONFIG_SOFTMMU)
-#define CODE_GEN_AVG_BLOCK_SIZE 128
+#define CODE_GEN_AVG_BLOCK_SIZE  512 
 #else
 #define CODE_GEN_AVG_BLOCK_SIZE 64
 #endif
@@ -143,14 +143,18 @@ struct TranslationBlock {
 #define CF_COUNT_MASK  0x7fff
 #define CF_LAST_IO     0x8000 /* Last insn may be an IO access.  */
 
-    uint8_t *tc_ptr;    /* pointer to the translated code */
+    uint8_t *tc_ptr;        /* pointer to the translated code */
+    uint8_t *tc_end_ptr;    /* pointer to the end of translated code */
     /* next matching tb for physical address. */
     struct TranslationBlock *phys_hash_next;
     /* first and second physical page containing code. The lower bit
        of the pointer tells the index in page_next[] */
     struct TranslationBlock *page_next[2];
     tb_page_addr_t page_addr[2];
 
+    /* qtrace */
+    uintptr_t qtrace_next_offset[4];
+
     /* the following data are used to directly call another TB from
        the code of this one. */
     uint16_t tb_next_offset[2]; /* offset of original jump target */

include/qtrace-common.h

@@ -0,0 +1,106 @@
+/*
+ *  QTRACE asynchronous debug tool 
+ *
+ *  Copyright (c) 2003-2005 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef QTRACE_COMMON_H
+#define QTRACE_COMMON_H
+
+#include <stdint.h> 
+#include <stdlib.h>
+
+/// ------------------------------------------------ ///
+/// miscellaneous 
+/// ------------------------------------------------ ///
+#define QTRACE_EXIT             exit
+#define QTRACE_ERROR            printf
+#define QTRACE_WAIT_COMMAND_HANDLED(X)  while(!X);
+#define QTRACE_LOCAL_FUN        static
+#define QTRACE_MAX_IARGS        256 
+#define QTRACE_MAX_CALLBACK_NUM 256
+
+#define ResetStatsNameString  "ResetStats"
+#define PrintStatsNameString  "PrintStats"
+#define SHARED_MEM_KEY        154519
+
+/// ------------------------------------------------ ///
+/// instrumentation module metadata 
+/// ------------------------------------------------ ///
+typedef struct rc { 
+    struct rc *next;      /* singly linkedlist */
+    void *rtn;            /* pointer to the function */
+    const char *fname;    /* name of the function */
+    const char* mname;    /* name of the module the function belongs to */
+} GenericRtnContainer;
+
+/// ------------------------------------------------ ///
+/// instrumentation context. 
+/// ------------------------------------------------ ///
+/// InstrumentContext - this structure represents a single instrumentation
+/// context defined in the user defined plugins.
+/// an instrumentation context holds various information regarding what
+/// kind of instrumentations are needed, when and where to call the 
+/// instrumentation function.
+///
+/// e.g. if (QTRACE_TEST_FETCH(type))
+///      {
+///         Module_INS_InsertCall(5,
+///                               QTRACE_IPOINT_BEFORE,
+///                               QTRACE_IFUN, CacheSim,
+///                               QTRACE_MEMTRACE_VMA, 
+///                               QTRACE_MEMTRACE_MSIZE);
+///      }
+/// creates an instrumentation context with QTRACE_MEMTRACE_VMA and 
+/// QTRACE_MEMTRACE_MSIZE and call function CacheSim before the 
+/// instruction executes.
+typedef struct InstrumentContext  {
+    uintptr_t ifun;     /* instrumentation function */
+    unsigned  ipoint;   /* insertion point */ 
+    unsigned  ciarg;    /* current iarg */
+    unsigned  iargs[QTRACE_MAX_IARGS]; /* instrumentation args */
+    unsigned  memfext;  /* this context has memory instrumentation */
+    unsigned  pcfext;   /* this context has program counter instrumentation */
+    unsigned  btarget;  /* this context has branch instrumentation */
+	struct InstrumentContext *next;
+} InstrumentContext;
+
+
+/// ------------------------------------------------ ///
+/// qtrace asynchronous debug channel. 
+/// ------------------------------------------------ ///
+typedef struct {
+    int client_userd;     /* user defined function request */
+    int client_reset;     /* reset stats function request */ 
+    int client_print;     /* print stats function request */
+    int client_reset_all;
+    int client_print_all;
+    int flushcc;
+    char fname[128];
+    char mname[128];
+} DebugChannel;
+
+/// ------------------------------------------------ ///
+/// qtrace global variables. 
+/// ------------------------------------------------ ///
+extern DebugChannel *channel;
+extern GenericRtnContainer* resetstats_list;
+extern GenericRtnContainer* printstats_list;
+extern GenericRtnContainer* userdefine_list;
+extern GenericRtnContainer* instruction_list;
+extern GenericRtnContainer* ibasicblock_list;
+
+#endif // QTRACE_COMMON_H