From 155357f0e27129f7a4da151aae17189d4715eaf0 Mon Sep 17 00:00:00 2001 From: Ciro Santilli Date: Fri, 24 Aug 2018 18:00:36 +0100 Subject: [PATCH] qemu: document -d -D trace options --- README.adoc | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/README.adoc b/README.adoc index f1d0b03..a2acd64 100644 --- a/README.adoc +++ b/README.adoc @@ -7013,6 +7013,8 @@ The most interesting are events which show instructions that QEMU ran, for which ./trace-boot -a x86_64 .... +Under the hood, this uses QEMU's `-trace` option. + You can then inspect the instructions with: .... @@ -7056,6 +7058,38 @@ Call Trace: in which the boot appears to hang for a considerable time. * patch QEMU source to remove the `disable` from `exec_tb` in the `trace-events` file. See also: https://rwmj.wordpress.com/2016/03/17/tracing-qemu-guest-execution/ +==== QEMU -d tracing + +QEMU also has a second trace mechanism in addition to `-trace`, find out the events with: + +.... +./run -- -d help +.... + +Let's pick the one that dumps executed instructions, `in_asm`: + +.... +./run -E '/poweroff.out' -- -D out/trace.txt -d in_asm +less out/trace.txt +.... + +Sample output excerpt: + +.... +---------------- +IN: +0xfffffff0: ea 5b e0 00 f0 ljmpw $0xf000:$0xe05b + +---------------- +IN: +0x000fe05b: 2e 66 83 3e 88 61 00 cmpl $0, %cs:0x6188 +0x000fe062: 0f 85 7b f0 jne 0xd0e1 +.... + +TODO: after `IN:`, symbol names are meant to show, which is awesome, but I don't get any. I do see them however when running a bare metal example from: https://github.com/cirosantilli/newlib-examples/tree/900a9725947b1f375323c7da54f69e8049158881 + +TODO: what is the point of having two mechanisms, `-trace` and `-d`? `-d` tracing is cool because it does not require a messy recompile, and it can also show symbols. + ==== Trace source lines We can further use Binutils' `addr2line` to get the line that corresponds to each address: