Re: [Qemu-devel] Need help generating instruction traces from the emulator.

[Peter Maydell]

On Mon, 10 Jun 2019 at 15:24, Nisarg Ujjainkar
 wrote:
>
> Hello,
>
> I am using qemu based aosp (emu-master-dev branch of the aosp) to generate
> the instruction traces for android os running on the ARM architecture.
>
> I am able to generate the CPU instruction using the qemu invocation
>  flags. For the
> purpose of my study, I need all the memory requests from all the IPs and so
> far I only have the memory requests from the CPU.

This isn't supported by QEMU's logging infrastructure.
You might be able to find places to add suitable logging,
but you'd be looking at modifying the source code of the
relevant devices to do that.

thanks
-- PMM

[Qemu-devel] Need help generating instruction traces from the emulator.

[Nisarg Ujjainkar]

Hello,

I am using qemu based aosp (emu-master-dev branch of the aosp) to generate
the instruction traces for android os running on the ARM architecture.

I am able to generate the CPU instruction using the qemu invocation
 flags. For the
purpose of my study, I need all the memory requests from all the IPs and so
far I only have the memory requests from the CPU.

Can tell me about how to generate the traces from all other IPs (GPU, GSM
chip etc.). Since memory requests from other IPs account for more than 30%
of all the memory requests from the SoC (Source unconfirmed). Getting
memory requests from these IPs is very crucial for my research.

Thanks and regards
Nisarg Ujjainkar

-- 
Nisarg Ujjainkar
Junior Undergraduate Student
Department of Computer Science and Engineering
IIT Gandhinagar
+91 926488 \ 9425665211
ᐧ

[Qemu-devel] Need help to launch VM using QEMU command

[Koushik Dutta]

Hi ALL QEMU members,

I installed qemu utility in my host machine. I want to start Virtual
machine using qemu command.
But i facing problem like "object_new_with_type". Below i past my VM launch
script as well as error.

My host machine: Intel-X86
Script for launching VM :

T=/home/koushik/vpp/cloud_ubuntu_img
sudo qemu-system-i386  -enable-kvm -m 1024 -smp sockets=1,cpus=4,cores=2
-cpu host \
-vga none -nographic \
-kernel $T/vmlinuz-4.4.0-96-generic --append "console=ttyAMA0
root=/dev/vda rw"  \
-drive file=$T/custom32.img,if=virtio,aio=threads \
-chardev socket,id=char1,path=/tmp/sock1.sock \
-netdev type=vhost-user,id=mynet1,chardev=char1,vhostforce\
-device virtio-net-pci,mac=00:00:00:00:00:01,netdev=mynet1 \
-object
memory-backend-file,id=mem,size=1024M,mem-path=/dev/hugepages,share=on \
-numa node,memdev=mem -mem-prealloc \
#-debugcon file:debug.log -global isa-debugcon.iobase=0x402



Bug :
(process:1285): GLib-WARNING **: gmem.c:483: custom memory allocation
vtable not supported
**
ERROR:qom/object.c:437:object_new_with_type: assertion failed: (type !=
NULL)

Please suggest me what did i wrong in this script.

Thanks & Regards,
Koushik

Re: [Qemu-devel] need help about trace reconstruction

[Stefan Hajnoczi]

On Mon, Apr 17, 2017 at 09:27:27AM +, oussema ben khedher via Qemu-devel 
wrote:
>  i m comparing the trace of execution of reconstruction of trace instruction 
> of a code running in real board and the trace of  the same code running in 
> qemu ..
> and i found that there is some function not called in the reconstruction of 
> qemu trace ..
> i guess that qemu do some optimization or there is another raison for that

It's very hard to answer without details on how you traced execution and
seeing the actual trace data.

QEMU is a functional simulator.  The effects of running the guest code
should be identical although the timing may not be.  The guest code may
also be affected by environment or hardware differences, causing it to
take different code paths.

Stefan


signature.asc
Description: PGP signature

[Qemu-devel] need help about trace reconstruction

[oussema ben khedher via Qemu-devel]

hi
 i m comparing the trace of execution of reconstruction of trace instruction of 
a code running in real board and the trace of  the same code running in qemu ..
and i found that there is some function not called in the reconstruction of 
qemu trace ..
i guess that qemu do some optimization or there is another raison for that

[Qemu-devel] need help

[oussema ben khedher]

hi i m using the log in_asm to get the assembly code of TB so when i searched 
inside qemu i find that the function "log_target_disas its the responsible to 
display assembly instruction but the problem that i did not find how really it 
works because i need to get all the branch address 
thank you 

Re: [Qemu-devel] need help

[Peter Maydell]

On 1 March 2017 at 09:50, oussema ben khedher  wrote:
> I am trying to understand the block chaining of QEMU. And I have
> a question about the branch direction of each executed TBs.
> Suppose the TB#1 has been executed now, and find the next_tb (TB#2).
> Then we know the direction is TB#1--->TB#2 and store the chain
> in code cache for speedup the execution next time. So, next time
> qemu find the next TB (which is TB#1), then TB#1--->TB#2 will be
> executed in code cache.
> But I think that there are two branch direction of a TB.(branch
> taken/not taken) My question is how qemu ensure the direction is
> TB#1--->TB#2 next time?

Every TB has two outbound links (though one may be unused for
an unconditional branch). When we chain a TB together we only
chain the link that we took. So if we do a "branch taken" exit
from TB1 and find that it goes to TB2, then we link TB1's
branch-taken code path directly to TB2. But that doesn't affect
the branch-not-taken codepath. Later if we do a branch-not-taken
exit from TB1 we may be able to chain it to a different TB.

(In fact the outbound links are just numbered 0 and 1, and
there's no requirement to use them for taken and not-taken
in any particular order.)

thanks
-- PMM

[Qemu-devel] need help

[oussema ben khedher]

I am trying to understand the block chaining of QEMU. And I have a question 
about the branch direction of each executed TBs. Suppose the TB#1 has been 
executed now, and find the next_tb (TB#2). Then we know the direction is 
TB#1--->TB#2 and store the chain in code cache for speedup the execution next 
time. So, next time qemu find the next TB (which is TB#1), then TB#1--->TB#2 
will be executed in code cache.
But I think that there are two branch direction of a TB.(branch taken/not 
taken) My question is how qemu ensure the direction is TB#1--->TB#2 next time?
Thanks all.

[Qemu-devel] need help about adress of translation block

[oussema ben khedher]

hi 
hi 
i need help because im really blocked in my educational project 
my problem is i how can i find the adress of the  instruction of the end of 
translation block in qemu (usually it's branch instruction) or the adress of 
the translation block
 your advice will be very helpful for me  .thanks

[Qemu-devel] need help

[oussema ben khedher]

hello 

im an engineer student and im working in my educational project implementation 
of hardware tinstructions trace in qemu 

i don't know where i can implement it in qemu 

thanks 

[Qemu-devel] need help

[oussema ben khedher]

hi 

im an embedded systems engineer and i need help for my educational project 
implementation of inqstruction trace on qemu 

 can you help me by documentation or advices ? 

[Qemu-devel] Need help - new PCIe device file

[Basavaraj Kaladagi]

Hi All,

As part of my research work, I have developed a new PCIe device that can be
used in experiments on PCIe connected hardware accelerators.

Currently I have kept the device file in hw/misc.The device interacts with
a host program,
and I have written a sample program which will give an example as to how to
interact with the device.

I was not sure where to keep this sample code file, in case I want to
submit a patch to QEMU.

I have seen that ivshmem has some example code in contrib directory
(ivshmem-client/ivshmem-server), please let me know if it is the correct
place to keep sample code.

Thank you,
Basu

[Qemu-devel] Need Help

[Tushar Bhardwaj]

Respected Sir,

I worked a lot bu not getting idea of how to setup experimental lab using
kvm qemu to implement the pre-copy live migration technique.

You are requested to mail me few steps for the same.

-- 

"Purity and Simplicity Reflects the Inner Beauty of soul"




*Thank you With Regards:Tushar Sharma,*


*IIT Kharagpur*

[Qemu-devel] Need help: IO Functionality for Hardware

[Philip Loh]

I am attempting to develop some code for a new board and am stuck trying to
implement a working IO system. How can I stream input to my qemu-system-X
executable and, for example, get something to be output from it, say, print
to screen, without using fprintf? Thanks!

Also, what does cpu_physical_memory_read and the write version do, and how
are they ever called?

-- 
Philip Z Loh,
Intern at Aeste Works (M),
Candidate for Bachelor of Science in Engineering: Computing.

Re: [Qemu-devel] Need help: Save word (sw) and load word (lw) not working

[Philip Loh]

Resolved: I accidentally compiled an executable that had a different memory
map than the board's memory map.

Thanks though!

On 27 June 2011 16:17, Stefan Hajnoczi  wrote:

> On Mon, Jun 27, 2011 at 8:37 AM, Philip Loh  wrote:
> > I'm new to QEMU development and am attempting to write code for a new
> board
> > and system. I modeled the code after the code in the target-microblaze
> > folder, but removed the dependency on the petalogix board and instead
> made
> > it require the code from my board. At this point, it can boot and execute
> a
> > binary file with no issues until it attempts to do a save word / load
> word.
> > The dump for the binary is as follows:
> >0:20200040 addir1, r0, 64
> >4:20400030 addir2, r0, 48
> >8:20600020 addir3, r0, 32
> >c:d8411000 swr2, r1, r2
> >   10:d8611800 swr3, r1, r3
> >   14:c8811000 lwr4, r1, r2
> >   18:c8a11000 lwr5, r1, r3
> >
> > One would expect the sw and lw components (highlighted in yellow) to save
> r2
> > to *(r1+r2) and then load it back to r4, and save r3 to *(r1+r3) and then
> > load it back to r5. However, r4 and r5 are both 0 at the end. I don't
> know
> > how to verify what is at *(r1+r2) or *(r1+r3) because when I attempt to
> "x
> > address" in a remote desktop viewer, all I see are zeroes beyond x 18.
> Would
> > anyone know what went wrong? Much thanks!
>
> If you are able to post a link to a git repo that might help.  Seeing
> how you set up the board and added RAM would be important.
>
> Stefan
>



-- 
Philip Z Loh,
Intern at Aeste Works (M),
Candidate for Bachelor of Science in Engineering: Computing.

Re: [Qemu-devel] Need help: Save word (sw) and load word (lw) not working

[Stefan Hajnoczi]

On Mon, Jun 27, 2011 at 8:37 AM, Philip Loh  wrote:
> I'm new to QEMU development and am attempting to write code for a new board
> and system. I modeled the code after the code in the target-microblaze
> folder, but removed the dependency on the petalogix board and instead made
> it require the code from my board. At this point, it can boot and execute a
> binary file with no issues until it attempts to do a save word / load word.
> The dump for the binary is as follows:
>    0:    20200040     addi    r1, r0, 64
>    4:    20400030     addi    r2, r0, 48
>    8:    20600020     addi    r3, r0, 32
>    c:    d8411000     sw    r2, r1, r2
>   10:    d8611800     sw    r3, r1, r3
>   14:    c8811000     lw    r4, r1, r2
>   18:    c8a11000     lw    r5, r1, r3
>
> One would expect the sw and lw components (highlighted in yellow) to save r2
> to *(r1+r2) and then load it back to r4, and save r3 to *(r1+r3) and then
> load it back to r5. However, r4 and r5 are both 0 at the end. I don't know
> how to verify what is at *(r1+r2) or *(r1+r3) because when I attempt to "x
> address" in a remote desktop viewer, all I see are zeroes beyond x 18. Would
> anyone know what went wrong? Much thanks!

If you are able to post a link to a git repo that might help.  Seeing
how you set up the board and added RAM would be important.

Stefan

[Qemu-devel] Need help: Save word (sw) and load word (lw) not working

[Philip Loh]

Hello,

I'm new to QEMU development and am attempting to write code for a new board
and system. I modeled the code after the code in the target-microblaze
folder, but removed the dependency on the petalogix board and instead made
it require the code from my board. At this point, it can boot and execute a
binary file with no issues until it attempts to do a save word / load word.
The dump for the binary is as follows:
   0:20200040 addir1, r0, 64
   4:20400030 addir2, r0, 48
   8:20600020 addir3, r0, 32
   c:d8411000 swr2, r1, r2
  10:d8611800 swr3, r1, r3
  14:c8811000 lwr4, r1, r2
  18:c8a11000 lwr5, r1, r3

One would expect the sw and lw components (highlighted in yellow) to save r2
to *(r1+r2) and then load it back to r4, and save r3 to *(r1+r3) and then
load it back to r5. However, r4 and r5 are both 0 at the end. I don't know
how to verify what is at *(r1+r2) or *(r1+r3) because when I attempt to "x *
address*" in a remote desktop viewer, all I see are zeroes beyond x 18.
Would anyone know what went wrong? Much thanks!

-- 
Philip Z Loh,
Intern at Aeste Works (M),
Candidate for Bachelor of Science in Engineering: Computing.

Re: [Qemu-devel] Need help to run application on QEMU

[Laurent Desnogues]

On Wed, Feb 3, 2010 at 11:10 AM, Taimoor Mirza  wrote:
> Hi all,
>
> I have been trying to use VGA card and LCD for integrator 926. I've built my
> kernel PLUS with graphics support. I used following command to run my PLUS
> application on qemu:
>
> qemu-system-arm -M integratorcp -cpu arm926 -kernel ./graphics_demo.out
>
> I am getting following error:
>
>
> qemu: fatal: integratorcm_read: Unimplemented offset 0x54
>
> R00=1000 R01= R02= R03=1000
> R04=0014 R05=0400 R06=0038e054 R07=
> R08= R09=003b06ec R10= R11=
> R12=00390814 R13=003b06cc R14=00086148 R15=00085eec
> PSR=801f N--- A sys32
> s00=(   0) s01=(   0) d00=(   0)
> s02=(   0) s03=(   0) d01=(   0)
> s04=(   0) s05=(   0) d02=(   0)
> s06=(   0) s07=(   0) d03=(   0)
> s08=(   0) s09=(   0) d04=(   0)
> s10=(   0) s11=(   0) d05=(   0)
> s12=(   0) s13=(   0) d06=(   0)
> s14=(   0) s15=(   0) d07=(   0)
> s16=(   0) s17=(   0) d08=(   0)
> s18=(   0) s19=(   0) d09=(   0)
> s20=(   0) s21=(   0) d10=(   0)
> s22=(   0) s23=(   0) d11=(   0)
> s24=(   0) s25=(   0) d12=(   0)
> s26=(   0) s27=(   0) d13=(   0)
> s28=(   0) s29=(   0) d14=(   0)
> s30=(   0) s31=(   0) d15=(   0)
> FPSCR: 
>
> This application has requested the Runtime to terminate it in an unusual
> way.
> Please contact the application's support team for more information.
>
> Can anyone help me?

Your software looks faulty the core module register at offset 0x54
is write only, cf.
http://infocenter.arm.com/help/topic/com.arm.doc.dui0138e/DUI0138E_CMxx6_UserGuide.pdf
Table 4-3 page 4-14.


Laurent

[Qemu-devel] Need help to run application on QEMU

[Taimoor Mirza]

Hi all,

I have been trying to use VGA card and LCD for integrator 926. I've built my 
kernel PLUS with graphics support. I used following command to run my PLUS 
application on qemu:

qemu-system-arm -M integratorcp -cpu arm926 -kernel ./graphics_demo.out

I am getting following error:


qemu: fatal: integratorcm_read: Unimplemented offset 0x54

R00=1000 R01= R02= R03=1000
R04=0014 R05=0400 R06=0038e054 R07=
R08= R09=003b06ec R10= R11=
R12=00390814 R13=003b06cc R14=00086148 R15=00085eec
PSR=801f N--- A sys32
s00=(   0) s01=(   0) d00=(   0)
s02=(   0) s03=(   0) d01=(   0)
s04=(   0) s05=(   0) d02=(   0)
s06=(   0) s07=(   0) d03=(   0)
s08=(   0) s09=(   0) d04=(   0)
s10=(   0) s11=(   0) d05=(   0)
s12=(   0) s13=(   0) d06=(   0)
s14=(   0) s15=(   0) d07=(   0)
s16=(   0) s17=(   0) d08=(   0)
s18=(   0) s19=(   0) d09=(   0)
s20=(   0) s21=(   0) d10=(   0)
s22=(   0) s23=(   0) d11=(   0)
s24=(   0) s25=(   0) d12=(   0)
s26=(   0) s27=(   0) d13=(   0)
s28=(   0) s29=(   0) d14=(   0)
s30=(   0) s31=(   0) d15=(   0)
FPSCR: 

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

Can anyone help me?



  
_
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969

Re: [Qemu-devel] need help getting a USB audio device to work

[David S. Ahern]

On 01/03/2010 11:19 AM, David S. Ahern wrote:
> 
> After weeks of fruitless effort I could use some help getting a USB
> audio device to work. I have instrumented the hell out of the guest
> driver and uhci code, qemu's linux and uhci code, and the host side usb
> code. Near as I can tell data from the device makes its way into qemu
> (async_complete shows a urb length equal to the data the host OS
> receives from the device), but the data does not appear to make its way
> to the guest OS. I have tried a variety of guests -- Fedora 12, RHEL5.3,
> and RHEL3U8, and none work.
> 
> How do I determine in fact the data pulled into qemu from
> ioctl(USBDEVFS_REAPURBNDELAY) is getting pushed to the guest?
> 
> Thanks,

Upon further review the problem appears to be that the TD's are still
active when received in the VM. In the bare metal case the usb-uhci code
shows (my instrumentation in a RHEL3U8 guest):

process_iso @ 36912: urb f74bd03c, mode 0, frame 1191, npkt 5, nerr 0,
status 0357
  TD @ c8281480, link 8281180, status 20007ff, info c610369: MaxLen=63
DT0 EP=2 Dev=3 PID=( IN  )
Len=7ff e0
Link points to TD @ 08281180, Breadth first
TD NOT active (20007ff)
process_iso: 0 len 0 020007ff status 0
  TD @ c82814c0, link 8281200, status 20007ff, info c610369: MaxLen=63
DT0 EP=2 Dev=3 PID=( IN  )
Len=7ff e0
Link points to TD @ 08281200, Breadth first
TD NOT active (20007ff)
process_iso: 1 len 0 020007ff status 0
  TD @ c8281500, link 8281180, status 259, info c610369: MaxLen=63
DT0 EP=2 Dev=3 PID=( IN  )
Len=59 e0
Link points to TD @ 08281180, Breadth first
TD NOT active (259)
process_iso: 2 len 90 0259 status 0
  TD @ c8281540, link 82811c0, status 257, info c610369: MaxLen=63
DT0 EP=2 Dev=3 PID=( IN  )
Len=57 e0
Link points to TD @ 082811c0, Breadth first
TD NOT active (257)
process_iso: 3 len 88 0257 status 0
  TD @ c82815c0, link 8281180, status 357, info c610369: MaxLen=63
DT0 EP=2 Dev=3 PID=( IN  )
Len=57 e0 IOC
Link points to TD @ 08281180, Breadth first
TD NOT active (357)
process_iso: 4 len 88 0357 status 0
process_iso: exit 5 (0), transfer length 500 actual len 266


The same case in a VM shows:

process_iso: td still active
  TD @ c1980580, link 1980200, status 380, info c610269: MaxLen=63
DT0 EP=2 Dev=2 PID=( IN  )
Len=00 e0 IOC Active
Link points to TD @ 01980200, Breadth first
process_urb: type 0
process_iso @ 8376: urb dee5c0f0, mode 0, frame 1033, npkt 5, nerr 0,
status 030007ff
  TD @ c19805c0, link 1980180, status 280, info c610269: MaxLen=63
DT0 EP=2 Dev=2 PID=( IN  )
Len=00 e0 Active
Link points to TD @ 01980180, Breadth first
TD still active (200)- grrr. paranoia!


Does this ring a bell with anyone?

David

[Qemu-devel] need help getting a USB audio device to work

[David S. Ahern]

After weeks of fruitless effort I could use some help getting a USB
audio device to work. I have instrumented the hell out of the guest
driver and uhci code, qemu's linux and uhci code, and the host side usb
code. Near as I can tell data from the device makes its way into qemu
(async_complete shows a urb length equal to the data the host OS
receives from the device), but the data does not appear to make its way
to the guest OS. I have tried a variety of guests -- Fedora 12, RHEL5.3,
and RHEL3U8, and none work.

How do I determine in fact the data pulled into qemu from
ioctl(USBDEVFS_REAPURBNDELAY) is getting pushed to the guest?

Thanks,
-- 
David Ahern