While we do have a bunch of debugging we can turn on in cputlb there is an argument for making tlb_fill a generally available trace point. Any fault (via probe or access) will have to be preceded by a tlb_fill for the address in question.
We don't bother logging the return address as that will be a host address associated with translation and therefor can move around with ASLR. In my particular case I'm trying to track down a difference in memory fault exception patterns between record and replay phases. Signed-off-by: Alex Bennée <[email protected]> --- accel/tcg/cputlb.c | 2 ++ accel/tcg/trace-events | 1 + 2 files changed, 3 insertions(+) diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index db3f93fda9..c35df27caf 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -1308,6 +1308,8 @@ static void tlb_fill(CPUState *cpu, vaddr addr, int size, { bool ok; + trace_tlb_fill(addr, size, access_type, mmu_idx); + /* * This is not a probe, so only valid return is success; failure * should result in exception + longjmp to the cpu loop. diff --git a/accel/tcg/trace-events b/accel/tcg/trace-events index 4e9b450520..31dda01c12 100644 --- a/accel/tcg/trace-events +++ b/accel/tcg/trace-events @@ -9,6 +9,7 @@ exec_tb_exit(void *last_tb, unsigned int flags) "tb:%p flags=0x%x" # cputlb.c memory_notdirty_write_access(uint64_t vaddr, uint64_t ram_addr, unsigned size) "0x%" PRIx64 " ram_addr 0x%" PRIx64 " size %u" memory_notdirty_set_dirty(uint64_t vaddr) "0x%" PRIx64 +tlb_fill(uint64_t vaddr, int size, int access_type, int mmu_idx) "0x%" PRIx64 "/%d %d %d" # translate-all.c translate_block(void *tb, uintptr_t pc, const void *tb_code) "tb:%p, pc:0x%"PRIxPTR", tb_code:%p" -- 2.39.2
