> > On Thu, Aug 16, 2012 at 7:49 PM, Steven <wangwangk...@gmail.com> wrote: > > [...] > >> I want to get the guest memory address in the instruction mov > >> 0x4(%ebx) %eax, whic is 0x4(%ebx). > >> Since %ebx is not resolved until the execution time, the code in > >> softmmu_header.h does not generate any hit or miss information. > >> Do you know any place that I could resolve the memory access address? > >> Thanks. > > > > You'll have to generate code. Look at how helpers work. > Hi, Laurent, > do you mean the target-i386/op_helper.c/helper.c or the tcg helper? Thanks.
What do you mean by "resolve the memory access address"? Do you want to get guest virtual address for each guest memory access, right? As Max mentioned before (you can also read [1]), there are fast and slow path in QEMU softmmu, tlb hit and tlb miss respectively. Max provided patch for slow path. As for fast path, take a look on tcg_out_tlb_load (tcg /i386/tcg-target.c). tcg_out_tlb_load will generate native code in the code cache to do tlb lookup, I think you cannot use the trick Max used since tcg_out_tlb_load will not be called when the fast path executed, it "generates" code instead. Therefore, you might have to insert your instrument code in the code cache, perhaps modifying tcg_out_tlb_load to log value of "addrlo" (see comments above tcg_out_tlb_load). HTH, chenwj [1] http://lists.gnu.org/archive/html/qemu-devel/2012-08/msg03060.html -- Wei-Ren Chen (陳韋任) Computer Systems Lab, Institute of Information Science, Academia Sinica, Taiwan (R.O.C.) Tel:886-2-2788-3799 #1667 Homepage: http://people.cs.nctu.edu.tw/~chenwj
