Guys, I need a Qemu-internals expert to help me out here:
I'm trying to monitor execution of certain (user-land) TBs in a i386-softmmu system. For this, the cpu-main loop has been patched: Before jumping into a TB's generated code, I first check its guest-virtual start address whether it matches any of my monitored EIPs. Obviously, this only works for monitoring function starts (or other locations where a new TB is guaranteed to start) and with TB-chaining turned off. So far, this has been working great (for years even). Now I tried to improve the performance of my monitoring system by doing the following: Each TB is associated with an additional 2 bits (in the "cflags"): "seen-before" and "monitored". Whenever I check a TB, I also set its seen- before flag and update the monitored bit (if the TB contains a monitored start EIP). Since a TB might be shared between two guest processes (the system is monitoring a Windows XP guest), I also save the a guest-process unique ID with the TB (using some bits from its CR3). With this, I can skip checking a TB if its seen-before bit is set, but the monitored is clear. If the TB's guest-process-ID is different from the currently executing process-ID I just reset the seen-before bit (which forces the EIP analysis). I have tried this on various programs, running inside my guest and it seems to be fast and working (almost ;-)). However, sometimes (*very* rarely), the above approach misses a monitored TB (skips analysis). Could someone comment on my approach, maybe including some of the following thoughts: 1) is it possible that a TB grows ... i.e., it merges with a second TB where the second is monitored but the first one isn't? 2) are there any situations how a TB can be created without going through tb_alloc (which internally resets the cflags and thus my bits)? Note that my code is based on Qemu 0.9.1 (if you wonder why I refer to certain old-style Qemu-internals). Any help would be greatly appreciated!! If you need some more information or don't fully understand the problem, please don't hesitate to ask. Thanks!! Clemens