I have another question vaguely related to my previous one. To recall,
I'm running QEMU in single-process mode on an ARM program, passing -d
exec,in_asm and trying to reconstruct the program's execution trace.
Unfortunately, I don't have as much information here, and the program
under test is now a real program and not a toy test. I'm also working
off of a QEMU version that I've hacked the logging code a little bit to
output thread IDs and and get a more atomic log, because this program is
multithreaded; I'm not entirely sure that I have all of this right, as I
still see occasional interleaving of lines and other weird artifacts.
So I'm afraid I'm asking a bit for some psychic debugging; feel free to
wing some shots in the dark if anything comes to mind. I also think I
should have an alternative (really... better) way of doing my overall
goal of getting a full trace, so if you don't have ideas that's not the
end of the world.
With those caveats out of the way:
The trace shows the disassembly for block that ends with a direct branch:
[tid=22733] IN:
[tid=22733] 0x00024178: e3a03000 mov r3, #0 ; 0x0
....
[tid=22733] 0x000241a8: eb0000ae bl 0x24468
However, I never see a line that says
Trace ... [24178]
I also have the inverse problem. I have multiple instances of
[tid=22733] Trace 0x555555a500c0 [00024468]
but I never see a disassembly for the block 0x24468.
So... any wild guesses if there's some QEMU optimization or whatever
that is mucking with this?
Evan Driscoll
