Re: [Qemu-devel] OUT_ASM on two different systems
Following are two links for trace files (out_asm log) for the same program using same qemu binaries on two different systems: Trace 1: https://drive.google.com/open?id=0B48wPA1x1eizdGRyQ0VsSnJVNzhDRnlMNGZ6STYwbjBzZFpJ Trace 2: https://drive.google.com/open?id=0B48wPA1x1eizM3JIM0I1Z0hiNkpBREttMGxYOUI2NE1GRHEw On Mon, Jul 18, 2016 at 2:51 PM, Ayaz Akram <aaq...@gmail.com> wrote: > Attached are two trace files (out_asm log) for the same program using same > qemu binaries on two different systems . > > > > > > On Sun, Jul 17, 2016 at 3:25 AM, Paolo Bonzini <pbonz...@redhat.com> > wrote: > >> >> >> On 17/07/2016 04:06, Ayaz Akram wrote: >> > Hi all ! >> > >> > I ran a program with qemu in user mode emulation and generated trace for >> > generated host instructions using (-d OUT_ASM) on two different linux >> > systems.I expected that the addresses in two trace files can be >> different. >> > But the total number of lines in two files is different as well. I mean >> the >> > generated host instructions in two files are different (I have not yet >> > looked into details of those differenes). Qemu and program's binary are >> > exactly same on both systems. I wonder if someone can help me in >> explaining >> > this ? >> > >> > Thanks for your time ! >> > >> >> It's difficult to answer your question without also seeing an example of >> those differences. >> >> Paolo >> > >
[Qemu-devel] OUT_ASM on two different systems
Hi all ! I ran a program with qemu in user mode emulation and generated trace for generated host instructions using (-d OUT_ASM) on two different linux systems.I expected that the addresses in two trace files can be different. But the total number of lines in two files is different as well. I mean the generated host instructions in two files are different (I have not yet looked into details of those differenes). Qemu and program's binary are exactly same on both systems. I wonder if someone can help me in explaining this ? Thanks for your time !
Re: [Qemu-devel] Executed Host Instructions
Hi all ! I hope you wouldn't mind a quick clarification regarding this question . If I do not take into account the exceptions and keep on adding number of translated instructions inside a TB (found through -d out_asm) for each time TB is seen in the exec trace (found through -d exec and nochaining), the total number of instructions will overestimate the actual number of executed host instructions (only for the translated code) ? Thanks On Tue, Jun 28, 2016 at 7:17 AM, Peter Maydell <peter.mayd...@linaro.org> wrote: > On 28 June 2016 at 11:50, Lluís Vilanova <vilan...@ac.upc.edu> wrote: > > Ayaz Akram writes: > > > >> Hi All, > >> I want to count number of host instructions (only for guest code) > executed > >> when qemu emulates an application. I wonder if helper functions are > >> supported with tcg back end as well, which can be a possible solution > for > >> the mentioned problem ? If not, is there any other solution in someone's > >> mind ? > > > > If you don't care about helpers, you can use QEMU's log functionality (-d > > out_asm). > > Note that this doesn't directly count instructions -- it only > displays the assembly at translate time, and you'd then have > to calculate the actual executions based on -d exec logging, > and adjust it to deal with exceptions. > > It ought to be possible to use the icount machinery to trace > instruction execution counts, but we don't do it today. > > thanks > -- PMM >
Re: [Qemu-devel] Executed Host Instructions
Thanks Peter. This should help. I wonder if this -d nochain option is supported in qemu-2.4.1. I am using it for x86 user mode emulation but, -d --help is not showing any such option. Thanks On Tue, Jun 28, 2016 at 11:28 AM, Peter Maydell <peter.mayd...@linaro.org> wrote: > On 28 June 2016 at 16:24, Ayaz Akram <aaq...@gmail.com> wrote: > > Thanks for your replies. > > > > I am bit confused about -d exec logging. If I am not mistaken it logs the > > starting addresses of translation blocks that get executed. How will > > translation block chaining effect this? I mean if one tb is chained to > many > > other tb's, by counting instructions in each tb (by -d out_asm logging) > and > > -d exec logging, how will the total count of instructions include effect > of > > tb chaining ? > > You probably want -d nochain to turn off the tb chaining. > > thanks > -- PMM >
Re: [Qemu-devel] Executed Host Instructions
Thanks for your replies. I am bit confused about -d exec logging. If I am not mistaken it logs the starting addresses of translation blocks that get executed. How will translation block chaining effect this? I mean if one tb is chained to many other tb's, by counting instructions in each tb (by -d out_asm logging) and -d exec logging, how will the total count of instructions include effect of tb chaining ? Thanks ! On Tue, Jun 28, 2016 at 7:17 AM, Peter Maydell <peter.mayd...@linaro.org> wrote: > On 28 June 2016 at 11:50, Lluís Vilanova <vilan...@ac.upc.edu> wrote: > > Ayaz Akram writes: > > > >> Hi All, > >> I want to count number of host instructions (only for guest code) > executed > >> when qemu emulates an application. I wonder if helper functions are > >> supported with tcg back end as well, which can be a possible solution > for > >> the mentioned problem ? If not, is there any other solution in someone's > >> mind ? > > > > If you don't care about helpers, you can use QEMU's log functionality (-d > > out_asm). > > Note that this doesn't directly count instructions -- it only > displays the assembly at translate time, and you'd then have > to calculate the actual executions based on -d exec logging, > and adjust it to deal with exceptions. > > It ought to be possible to use the icount machinery to trace > instruction execution counts, but we don't do it today. > > thanks > -- PMM >
[Qemu-devel] Executed Host Instructions
Hi All, I want to count number of host instructions (only for guest code) executed when qemu emulates an application. I wonder if helper functions are supported with tcg back end as well, which can be a possible solution for the mentioned problem ? If not, is there any other solution in someone's mind ? Thanks for your time !
[Qemu-devel] Executed instruction count on host for translated code
Hello, all ! I want to find out the number of executed translated instructions on the host system, for certain user mode programs. For that purpose, I am using hardware performance counters. I start them right before calling function tcg_qemu_tb_exec ( ), and stop them when function is returned. That way counters can give me performance stats. only for running tcg_qemu_tb_exec(). Now this function, actually starts execution from pre-generated code i.e. prologue and ends with epilogue. I know that this overhead will be small with TB chaining. But, I was wondering if this strategy will still be able to give representative stats. for executed host code. Or are there other good ways which can tell number of executed host instructions not just number of translated instructions. Thanks for your time.
Re: [Qemu-devel] QEMU to generate host binary
Thanks for your answers. The thing that i still do not get is once we have host assembly code (output assembly log generated for compiled TBs ), should we still worry about problems like self modifying code and other dynamic conditions? Moreover, assuming static linking, will not this code be enough to generate .text section of an executable that could be run directly on host (if somehow other sections of that host executable can be generated, which is itself difficult) ? On Mon, Jun 29, 2015 at 1:04 PM, Peter Crosthwaite peter.crosthwa...@xilinx.com wrote: On Mon, Jun 29, 2015 at 8:13 AM, Stefan Hajnoczi stefa...@gmail.com wrote: On Sun, Jun 28, 2015 at 07:29:39PM -0400, Ayaz Akram wrote: Let's say qemu is running in System Emulation Mode, when it runs guest's System emulation makes the problem even harder, as a system mode binary (usually an OS or some sort) will have difficult porting from one CPU-types system arch to another. This is more realistic (but still very difficult and not generally solvable) in user-mode emulation. binary, it can log the translated code for host. Is it possible to merge that translated code and other sections of guest's binary to make a binary which can be run directly on host. No, because of self-modifying code, run-time code loading, etc. Ruling these two out for the moment ... It is not possible to statically translate an executable (in the general case). There are architectures where it is possible due to restrictions (e.g. no code loading, all jump destinations are known in advance, etc) but Debug info with function information might give you a crude approximation of jump targets coming from fn pointers. That + the statically determinable jump targets might give you something for apps that don't do anything wierd. I'm wondering if the jump problem can be crudely solved by a fully single-step translation. The result binary would be huge an inefficient. But could you keep two translations around? One that uses the statically determinable best guess of the jump dest table I describe above, and a second defensive translation of the entire app in single-step? There are more complications however. Another one I can think of is instructions that change runtime state and affect (re)translation (e.g. the arm setend instruction which switches CPU endianness). Regards, Peter the popular x86, ARM, etc architectures allow too much freedom to be amenable to static translation. Stefan
Re: [Qemu-devel] QEMU to generate host binary
Let's say qemu is running in System Emulation Mode, when it runs guest's binary, it can log the translated code for host. Is it possible to merge that translated code and other sections of guest's binary to make a binary which can be run directly on host. Thanks On Fri, Jun 26, 2015 at 11:34 PM, Peter Crosthwaite peter.crosthwa...@xilinx.com wrote: On Fri, Jun 26, 2015 at 12:33 PM, Ayaz Akram aaq...@gmail.com wrote: Hello ! Is anyone aware of an effort to produce an executable binary for host using qemu. I mean is it possible that qemu generate a binary for whatever application it is emulating, which can later be run directly on host? I'm not sure what this binary would mean just yet. Are you extracting just the guest + its runtime state to a binary that picks up where the guest left off? Or are you including the machine emulator (i.e. QEMU itself) in this new binary to avoid having to load the guest it while picking up where left off? Regards, Peter Thanks
[Qemu-devel] QEMU to generate host binary
Hello ! Is anyone aware of an effort to produce an executable binary for host using qemu. I mean is it possible that qemu generate a binary for whatever application it is emulating, which can later be run directly on host? Thanks
[Qemu-devel] QEMU's performance
Hi, I have added support for MIPS64 based octeon linux in QEMU, and now I want to compare performance of this emulated system with real system( cavium networks octeon board). I have run benchmarks like lmbench. I need to know what will be the most appropriate benchmarks to compare performance or any relevant ideas? Is there some related published work which puts some light on performance that can be achieved with QEMU or any ideas to optimize performance? Thanks
[Qemu-devel] Clock Emulation
Can anyone help me out in finding how does QEMU provide emulated clock to guest operating system.. For instance, how does it increment x86's time stamp counter register??
[Qemu-devel] Bridge iface not replying to ping requests
For the background I am trying to make networking work on Octeon Linux guest(run on QEMU) and using e1000 ethernet iface for this purpose. At the moment if I ping bridge iface (running command on guest), bridge iface receives ICMP echo request message but does not reply(I have observed using tcpdump)...But, when I ping bridge iface through x86 guest( using same IP for eth0 as in case of octeon linux), bridge replies to ICMP echo requests. This suggests that there is not any problem with host or bridge networking system. Does anyone have any idea which subsystems should I try to look, to locate this problem ??
[Qemu-devel] DMA and e1000 networking driver
Can e1000 driver in linux be used without DMA involvement? Actually I am trying to use e1000 network driver on octeon linux( to be run on QEMU), and I have not emulated any DMA controller, so I was wondering if I can be able to run networking without DMA's involvement?
[Qemu-devel] E1000 emulation in qemu and pci configuration space
Does e1000's emulation in QEMU require that the guest set its base address register(pci configuration space register) or qemu has default value for its base address register?
[Qemu-devel] E1000 emulation in QEMU (address range)
Hi !! Can anyone tell me, what IO and mem address range is used by e1000 emulation in QEMU ??
[Qemu-devel] PCI Emulation in QEMU
Can any one tell me, what's the address range used by PCI emulation in QEMU and whether this emulation supports 64 bit addresses? Moreover, is PCIE emulation in QEMU used by any architecture?
[Qemu-devel] PCI Address range
what's the address range used by pci in QEMU?
[Qemu-devel] Bus in Malta Mips
Does malta mips use both pci and isa bus for its emulation? In hw/mips_malta.c file I have seen most devices connected to pci bus but there are some ISA devices like i8259. Can someone with deeper understanding explain what is happening in this particular file?
[Qemu-devel] UART EMULATION IN QEMU
After reviewing uart's emulation related code in serial.c I am not able to understand how interrupt is raised in case fifo mode is enabled. according to UART specifiation, in fifo mode THRE interrupt is raised when fifo is either empty or below threshold.. What I can see, in xmit_serial function, serial_update_irq is called every time THR is empty.. Should there not be some code to check and raise interrupt only if fifo is below some threshold ??
[Qemu-devel] Interrupt handling
According to my understanding of interrupt handling mechanism in QEMU, when some external interrupt comes, related device emulation code (e.g. kbd_update_irq in pckbd.c --- qemu_set_irq ) runs in vcpu thread and io-thread when finds that some interrupt has occured sends signal to vcpu thread to interrupt guest code execution What I am not able to understand is if emulate device related interrupt is raised in vcpu thread and particular architecture's interrupt related registers are set here, why guest cannot process that interrupt at this time? There looks to be some inconsistency in my understanding Can someone help me understand this?
[Qemu-devel] Query regarding Iotrhead
While debugging using gdb, I found that the interrupt related flow is not handled in io thread i.e. on using info thread, I found: Thread 2(iothread) is at __lll_lock_wait() while Thread 1 is at qemu_set_irq(in irq.c).. Initially I thought that this interrupt related code(kbd_update_irq---qemu_Set_irq..) should be handled through iothread(event loop).. Can u help me regarding this
[Qemu-devel] Hardware Interrupt handling
According to my understanding of interrupt handling mechanism in QEMU, when some external interrupt comes, related device emulation code (e.g. kbd_update_irq in pckbd.c --- qemu_set_irq ) runs in vcpu thread and io-thread when finds that some interrupt has occured sends signal to vcpu thread to interrupt guest code execution What I am not able to understand is if emulate device related interrupt is raised in vcpu thread and particular architecture's interrupt related registers are set here, why guest cannot process that interrupt at this time? There looks to be some inconsistency in my understanding Can someone help me understand this?
[Qemu-devel] printf in qemu
I observed that if i place printf in qemu at certain places like in hw./serial.c file, I can see the printing when my guest OS is running on qemu, while there are some other places like in pckbd.c (emulation of keyboard), where if printf is used, I am not able to see any printing while guest OS is running, but when I press ctrl+A and x i can see that printing.. Any idea why this different behavior ??
[Qemu-devel] Device Emulation in QEMU
Hi, I am at beginner's level in the field of QEMU... I wanted to know how device emulation works in QEMU? Any helping material or link would be highly appreciated...
[Qemu-devel] Networking in QEMU
I have to emulate netwotking drivers for a particular mips board in qemu. I have gone through MALTA mips machine and its emulation in qemu, but I have not been able to find any good documentation to find out what should be starting point? Any help in this regard would be highly appreciated...
