Hi Stuart, Thanks for the patch. It works well for me, except that the log file grows so huge and qemu slows down quite a lot. Did you have problems with this? I was wondering if there was a way to actually begin the PC trace collection after completely booting QEMU and also restrict it to a particular process ID?
Just a clarification, does the log now have all retired PCs? Thanks, -Shashi. On 3/30/07, Stuart Brady <[EMAIL PROTECTED]> wrote:
On Thu, Mar 29, 2007 at 06:28:14PM -0700, Shashidhar Mysore wrote: > Hi Stuart, > > Thanks for the reply, but since I'm a little new to qemu, can you please > elaborate on how to insert the op_dump_pc function to extract the PC values? Well, here's a patch that does it: Index: target-i386/exec.h =================================================================== RCS file: /sources/qemu/qemu/target-i386/exec.h,v retrieving revision 1.31 diff -u -r1.31 exec.h --- target-i386/exec.h 24 Sep 2006 18:40:46 -0000 1.31 +++ target-i386/exec.h 30 Mar 2007 11:02:08 -0000 @@ -146,6 +146,8 @@ extern CCTable cc_table[]; +void helper_dump_pc(target_ulong PC); + void load_seg(int seg_reg, int selector); void helper_ljmp_protected_T0_T1(int next_eip); void helper_lcall_real_T0_T1(int shift, int next_eip); Index: target-i386/helper.c =================================================================== RCS file: /sources/qemu/qemu/target-i386/helper.c,v retrieving revision 1.74 diff -u -r1.74 helper.c --- target-i386/helper.c 1 Feb 2007 22:12:19 -0000 1.74 +++ target-i386/helper.c 30 Mar 2007 11:02:09 -0000 @@ -30,6 +30,16 @@ } while (0) #endif +void helper_dump_pc(target_ulong pc) +{ + if (logfile) +#ifdef TARGET_X86_64 + fprintf(logfile, "PC = %016" PRIx64 "\n", pc); +#else + fprintf(logfile, "PC = %08x\n", pc); +#endif +} + const uint8_t parity_table[256] = { CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0, 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P, Index: target-i386/op.c =================================================================== RCS file: /sources/qemu/qemu/target-i386/op.c,v retrieving revision 1.47 diff -u -r1.47 op.c --- target-i386/op.c 1 Feb 2007 22:11:07 -0000 1.47 +++ target-i386/op.c 30 Mar 2007 11:02:09 -0000 @@ -132,6 +132,11 @@ #endif +void OPPROTO op_dump_pc(void) +{ + helper_dump_pc(PARAM1); +} + /* operations with flags */ /* update flags with T0 and T1 (add/sub case) */ Index: target-i386/translate.c =================================================================== RCS file: /sources/qemu/qemu/target-i386/translate.c,v retrieving revision 1.62 diff -u -r1.62 translate.c --- target-i386/translate.c 16 Jan 2007 19:28:58 -0000 1.62 +++ target-i386/translate.c 30 Mar 2007 11:02:10 -0000 @@ -3155,6 +3155,7 @@ int rex_w, rex_r; s->pc = pc_start; + gen_op_dump_pc(s->pc); prefixes = 0; aflag = s->code32; dflag = s->code32; It's probably not the best way to do this, but it worked well enough for my purposes. (target-z80 -- where there is only one address space! :-) -- Stuart Brady