try ./trace_to_func.py ptl_rip_trace output.txt -o ojectfile ojectfile is the output of objdump -t I think this will give you the functions not the instructions but it shouldn't be hard to modify it to give you the instruction opcodes -Furat
On Tue, Oct 25, 2011 at 1:54 PM, Aziz <[email protected]> wrote: > Thanks for the response. I've been trying hard to get to somewhere for > obtaining the instruction trace, but no luck. > >>> >>> I need to obtain instruction trace for the simulation run. I checked the >>> email archive, but defining TRACE_RIP only gives me hex coded instructions, >>> where I need the instruction, registers, and memory addresses as in "add >>> eax, 0xf4". Is there any way to obtain this? >> >> Its little tricky because the simulator translate the instructions to >> micro-ops and keep a hash of RIP to micro-op buffers. So once instruction is >> decoded into micro-ops, we don't keep track of original instruction. In >> order to create a trace file, you'll need to add a new hash-table that keeps >> track of RIP address to its original instruction. Then you can use that in >> pipeline to dump the trace along with register values and memory addresses. > > I tried to get into the code. I found that qemu works on the instructions in > disas_insn() function (at qemu/target-i386/translate.c) , but marss transfer > the control to ptlsim using gen_helper_switch_to_sim(). I did not understand > though, what gen_jmp_im(pc_start - s->cs_base) does (line 4080 > in qemu/target-i386/translate.c). > Then I though, why use ptlsim, I can just get the instructions from qemu. > When I searched for it on the web, I found this document > http://www.iamroot.org/xe/?module=file&act=procFileDownload&file_srl=37296&sid=1cb6b46c0111f9909279b58df123efa6 > which explains how to trace instructions using qemu. I tried the method they > gave within the "Trace instructions in full system emulation" section, but > somehow I could not make it work. > Then I tried using gdb debugger to singlestep through the instructions (as > explained in http://thread.gmane.org/gmane.comp.emulators.qemu/16604), but > neither gdb nor singlestep option worked for me with marss. Also when I try > "printf" in qemu files (e.g. translate.c function disas_insn), it does not > print anything. > I would appreciate if you can point me to the correct functions to change, > and where-what to print to get the trace file? > I also need to get the trace of the micro-ops in the same format I explained > (micro-op and register). Is there any automatic way to get that? If not, > what to do to acquire that kind of trace file? >>> >>> Also I could not make the trace_to_func.py file which Avadh gave. It says >>> its usage as "trace_to_func.py [options] trace_file outputfile". I >>> use ptl_rip_trace as trace_file and leave the options empty, but it always >>> gives the same Usage message. >> >> Did you specify the 'outputfile' ? > > Yes, I specified a filename for output. Still the following output comes up: > > $ ./trace_to_func.py ptl_rip_trace output.txt > Usage: trace_to_func.py [options] trace_file outputfile > > trace_to_func.py -h for help > > Thanks a lot for your help and for the great effort you put into marss. > Best, > Aziz > _______________________________________________ > http://www.marss86.org > Marss86-Devel mailing list > [email protected] > https://www.cs.binghamton.edu/mailman/listinfo/marss86-devel > > _______________________________________________ http://www.marss86.org Marss86-Devel mailing list [email protected] https://www.cs.binghamton.edu/mailman/listinfo/marss86-devel
