Richard Henderson <richard.hender...@linaro.org> writes:
> From: "Vanderson M. do Rosario" <vanderson...@gmail.com>
>
> These commands allow the exploration of TBs generated by the TCG.
> Understand which one hotter, with more guest/host instructions,
> and examine the guest code.
>
> The goal of this command is to allow the dynamic exploration of
> TCG behavior and code quality. Therefore, for now, a corresponding
> QMP command is not worthwhile.
>
> Example of output:
>
> ------------------------------
>
> TB id:0 | phys:0xa21f562e virt:0x0000000000000000 flags:0x00028010 0 inv/1
> | exec:6171503732/0 guest inst cov:94.77%
> | trans:1 ints: g:8 op:28 op_opt:24 spills:0
> | h/g (host bytes / guest insts): 37.000000
>
> 0xa21f562e: 00002797 auipc a5,8192 # 0xa21f762e
> 0xa21f5632: a2278793 addi a5,a5,-1502
> 0xa21f5636: 639c ld a5,0(a5)
> 0xa21f5638: 00178713 addi a4,a5,1
> 0xa21f563c: 00002797 auipc a5,8192 # 0xa21f763c
> 0xa21f5640: a1478793 addi a5,a5,-1516
> 0xa21f5644: e398 sd a4,0(a5)
> 0xa21f5646: b7e5 j -24 # 0xa21f562e
>
> Signed-off-by: Vanderson M. do Rosario <vanderson...@gmail.com>
> Signed-off-by: Alex Bennée <alex.ben...@linaro.org>
> Signed-off-by: Fei Wu <fei2...@intel.com>
> [rth: Split out of a larger patch]
> Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
> ---
> accel/tcg/tb-context.h | 2 +
> accel/tcg/monitor.c | 91 ++++++++++++++++++++++++++++++++++++++++++
> accel/tcg/tb-stats.c | 2 +
> hmp-commands-info.hx | 14 +++++++
> 4 files changed, 109 insertions(+)
>
> diff --git a/accel/tcg/tb-context.h b/accel/tcg/tb-context.h
> index 4b1abe392b..29d87200b6 100644
> --- a/accel/tcg/tb-context.h
> +++ b/accel/tcg/tb-context.h
> @@ -35,6 +35,8 @@ struct TBContext {
> /* statistics */
> unsigned tb_flush_count;
> unsigned tb_phys_invalidate_count;
> +
> + GPtrArray *last_search;
> };
>
> extern TBContext tb_ctx;
> diff --git a/accel/tcg/monitor.c b/accel/tcg/monitor.c
> index 370fea883c..1be3218715 100644
> --- a/accel/tcg/monitor.c
> +++ b/accel/tcg/monitor.c
> @@ -15,12 +15,14 @@
> #include "qapi/qmp/qdict.h"
> #include "monitor/monitor.h"
> #include "monitor/hmp.h"
> +#include "monitor/hmp-target.h"
> #include "sysemu/cpus.h"
> #include "sysemu/cpu-timers.h"
> #include "sysemu/tcg.h"
> #include "tcg/tcg.h"
> #include "tcg/tb-stats.h"
> #include "exec/tb-flush.h"
> +#include "disas/disas.h"
> #include "internal-common.h"
> #include "tb-context.h"
>
> @@ -303,10 +305,99 @@ static void hmp_tbstats(Monitor *mon, const QDict
> *qdict)
> RUN_ON_CPU_HOST_INT(flags));
> }
>
> +static void hmp_info_tblist(Monitor *mon, const QDict *qdict)
> +{
> + int max;
> + const char *sortedby_str;
> + GCompareFunc sort;
> + GPtrArray *array;
> +
> + if (!tcg_enabled()) {
> + monitor_printf(mon, "Only available with accel=tcg\n");
> + return;
> + }
> + if (!tb_stats_enabled) {
> + monitor_printf(mon, "TB statistics not being recorded\n");
> + return;
> + }
> +
> + max = qdict_get_try_int(qdict, "number", 10);
> + sortedby_str = qdict_get_try_str(qdict, "sortedby");
> +
> + if (sortedby_str == NULL || g_str_equal(sortedby_str, "hotness")) {
> + sort = tb_stats_sort_by_coverage;
> + } else if (g_str_equal(sortedby_str, "hg")) {
> + sort = tb_stats_sort_by_hg;
> + } else if (g_str_equal(sortedby_str, "spills")) {
> + sort = tb_stats_sort_by_spills;
> + } else {
> + monitor_printf(mon, "Sort options are: hotness, hg, spills\n");
> + return;
> + }
> +
> + g_ptr_array_unref(tb_ctx.last_search);
> + tb_ctx.last_search = NULL;
> +
> + array = tb_stats_collect(max, sort);
> + max = array->len;
> + if (max == 0) {
> + monitor_printf(mon, "No TB statistics collected\n");
> + g_ptr_array_free(array, true);
> + return;
> + }
> +
> + for (int i = 0; i < max; ++i) {
> + TBStatistics *s = g_ptr_array_index(array, i);
> + g_autoptr(GString) buf = tb_stats_dump(s, i);
> + monitor_puts(mon, buf->str);
> + }
> +
> + /* Remember for the next "info tb" */
> + tb_ctx.last_search = array;
> +}
> +
> +static void hmp_info_tb(Monitor *mon, const QDict *qdict)
> +{
> + GPtrArray *array;
> + int id;
> +
> + if (!tcg_enabled()) {
> + monitor_printf(mon, "Only available with accel=tcg\n");
> + return;
> + }
> +
> + array = g_ptr_array_ref(tb_ctx.last_search);
> + if (!array) {
> + monitor_printf(mon, "No TB statistics collected\n");
> + return;
> + }
> +
> + id = qdict_get_int(qdict, "id");
> + if (id < array->len) {
> + TBStatistics *s = g_ptr_array_index(array, id);
> + g_autoptr(GString) buf = tb_stats_dump(s, id);
> + monitor_puts(mon, buf->str);
> +
> + for (int i = s->tbs->len - 1; i >= 0; --i) {
> + TranslationBlock *tb = g_ptr_array_index(s->tbs, i);
> + if (!(tb->cflags & CF_INVALID)) {
> + monitor_disas(mon, mon_get_cpu(mon), s->phys_pc,
> + tb->icount, MON_DISAS_GRA);
> + }
I'm confused by the state I've got to:
(qemu) info tb 0
TB id:0 | phys:0x1f59d5918 virt=0 flags:0x00000051 invalid:0/1
| exec:57340981/0 coverage:20.73%
| trans:1 inst: g:1 op:19 op_opt:18 spills:0
| h/g (host bytes / guest insts): 136.000000
0x1f59d5918: 35000354 cbnz w20, #0x1f59d5980
(qemu) xp/5i 0x1f59d5918
0x1f59d5918: 00000000 .byte 0x00, 0x00, 0x00, 0x00
0x1f59d591c: 00000000 .byte 0x00, 0x00, 0x00, 0x00
0x1f59d5920: 00000000 .byte 0x00, 0x00, 0x00, 0x00
0x1f59d5924: 00000000 .byte 0x00, 0x00, 0x00, 0x00
0x1f59d5928: 00000000 .byte 0x00, 0x00, 0x00, 0x00
It seems this is the kernels busy loop (so I assume resident in memory)
but trying to dump the instructions directly it fails. I assume the
physical memory address in each case is the same right?
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
