On Thu, Aug 16, 2012 at 12:54 PM, Peter Maydell <[email protected]> wrote: > On 16 August 2012 17:36, Steven <[email protected]> wrote: >> I would like to get a trace of guest memory access. So I can not use >> "info registers". >> What I want to do is that when tcg fetches a load instruction at >> disas_insns(), the guest memory address should be calculated. > > You cannot calculate the guest memory address at the point where > TCG is translating the load instruction. This is because that > address depends on the values of guest registers at runtime. > At translation time these values are not known. Also they may > be different for different runs through the same generated code.
Thanks. Then what I thought is wrong. > > QEMU is a just-in-time translator (JIT). For a JIT it is > important to remember the difference between: > * translation time. Here we know what the guest code (instructions) > are, but we do not know what the guest CPU registers will be > * run time. This may be some time later, and we may execute > the same code several times. We don't have any access to > information about the guest code we are running unless > we specifically recorded it at translation time. Take this in_asm as example, mov 0x4(%ebx) %eax. I saw the translated host code for this single load instruction (using -d in_asm,out_asm) are OUT: [size=107] 0x4025d890: mov 0x28(%r14),%rbp 0x4025d894: add $0xc,%rbp 0x4025d898: mov %ebp,%ebp ... 0x4025d8e8: mov %rbp,0x8(%r14) 0x4025d8ec: xor %eax,%eax 0x4025d8ee: mov $0x7fc1a598d176,%r10 0x4025d8f8: jmpq *%r10 So the run time function should be tcg_out_qemu_ld, right? Could you provide some suggestion where I should add the record information to help translate the guest memory address? Thanks. > > When you are reading (or trying to change) QEMU source code > you need to know whether the QEMU code will be running at > translation or run time. The answer affects what information > you have access to, and what you can do to the guest. > > -- PMM
