[Qemu-devel] Executed Host Instructions

[Qemu-devel] Executed Host Instructions

[Ayaz Akram]

Hi All,
I want to count number of host instructions (only for guest code)  executed
when qemu emulates an application. I wonder if helper functions are
supported with tcg back end as well, which can be a possible solution for
the mentioned problem ? If not, is there any other solution in someone's
mind ?

Thanks for your time !

Re: [Qemu-devel] Executed Host Instructions

[Lluís Vilanova]

Ayaz Akram writes:

> Hi All,
> I want to count number of host instructions (only for guest code)  executed
> when qemu emulates an application. I wonder if helper functions are
> supported with tcg back end as well, which can be a possible solution for
> the mentioned problem ? If not, is there any other solution in someone's
> mind ?

If you don't care about helpers, you can use QEMU's log functionality (-d
out_asm). If you do care about the helpers, then you can use PIN (assuming
you're in an x86 host).

Cheers,
  Lluis

Re: [Qemu-devel] Executed Host Instructions

[Peter Maydell]

On 28 June 2016 at 11:50, Lluís Vilanova <vilanova@ac.upc.edu> wrote:
> Ayaz Akram writes:
>
>> Hi All,
>> I want to count number of host instructions (only for guest code)  executed
>> when qemu emulates an application. I wonder if helper functions are
>> supported with tcg back end as well, which can be a possible solution for
>> the mentioned problem ? If not, is there any other solution in someone's
>> mind ?
>
> If you don't care about helpers, you can use QEMU's log functionality (-d
> out_asm).

Note that this doesn't directly count instructions -- it only
displays the assembly at translate time, and you'd then have
to calculate the actual executions based on -d exec logging,
and adjust it to deal with exceptions.

It ought to be possible to use the icount machinery to trace
instruction execution counts, but we don't do it today.

thanks
-- PMM

Re: [Qemu-devel] Executed Host Instructions

[Ayaz Akram]

Thanks for your replies.

I am bit confused about -d exec logging. If I am not mistaken it logs the
starting addresses of translation blocks that get executed. How will
translation block chaining effect this? I mean if one tb is chained to many
other tb's, by counting instructions in each tb (by -d out_asm logging) and
-d exec logging, how will the total count of instructions include effect of
tb chaining ?

Thanks !


On Tue, Jun 28, 2016 at 7:17 AM, Peter Maydell <peter.maydell@linaro.org>
wrote:

> On 28 June 2016 at 11:50, Lluís Vilanova <vilanova@ac.upc.edu> wrote:
> > Ayaz Akram writes:
> >
> >> Hi All,
> >> I want to count number of host instructions (only for guest code)
> executed
> >> when qemu emulates an application. I wonder if helper functions are
> >> supported with tcg back end as well, which can be a possible solution
> for
> >> the mentioned problem ? If not, is there any other solution in someone's
> >> mind ?
> >
> > If you don't care about helpers, you can use QEMU's log functionality (-d
> > out_asm).
>
> Note that this doesn't directly count instructions -- it only
> displays the assembly at translate time, and you'd then have
> to calculate the actual executions based on -d exec logging,
> and adjust it to deal with exceptions.
>
> It ought to be possible to use the icount machinery to trace
> instruction execution counts, but we don't do it today.
>
> thanks
> -- PMM
>

Re: [Qemu-devel] Executed Host Instructions

[Peter Maydell]

On 28 June 2016 at 16:24, Ayaz Akram <aaqemu@gmail.com> wrote:
> Thanks for your replies.
>
> I am bit confused about -d exec logging. If I am not mistaken it logs the
> starting addresses of translation blocks that get executed. How will
> translation block chaining effect this? I mean if one tb is chained to many
> other tb's, by counting instructions in each tb (by -d out_asm logging) and
> -d exec logging, how will the total count of instructions include effect of
> tb chaining ?

You probably want -d nochain to turn off the tb chaining.

thanks
-- PMM

Re: [Qemu-devel] Executed Host Instructions

[Ayaz Akram]

Thanks Peter. This should help.

I wonder if this -d nochain option is supported in qemu-2.4.1. I am using
it for x86 user mode emulation but, -d --help is not showing any such
option.

Thanks

On Tue, Jun 28, 2016 at 11:28 AM, Peter Maydell <peter.maydell@linaro.org>
wrote:

> On 28 June 2016 at 16:24, Ayaz Akram <aaqemu@gmail.com> wrote:
> > Thanks for your replies.
> >
> > I am bit confused about -d exec logging. If I am not mistaken it logs the
> > starting addresses of translation blocks that get executed. How will
> > translation block chaining effect this? I mean if one tb is chained to
> many
> > other tb's, by counting instructions in each tb (by -d out_asm logging)
> and
> > -d exec logging, how will the total count of instructions include effect
> of
> > tb chaining ?
>
> You probably want -d nochain to turn off the tb chaining.
>
> thanks
> -- PMM
>

Re: [Qemu-devel] Executed Host Instructions

[Peter Maydell]

On 28 June 2016 at 16:53, Ayaz Akram <aaqemu@gmail.com> wrote:
> Thanks Peter. This should help.
>
> I wonder if this -d nochain option is supported in qemu-2.4.1. I am using it
> for x86 user mode emulation but, -d --help is not showing any such option.

No, you need 2.5.0 or newer. In 2.4.x you have to hack QEMU's
source code to disable the chaining manually.

thanks
-- PMM

Re: [Qemu-devel] Executed Host Instructions

[Ayaz Akram]

Hi all !
I hope you wouldn't mind a quick clarification regarding this question . If
I do not take into account the exceptions and keep on adding number of
translated instructions inside a TB (found through -d out_asm) for each
time TB is seen in the exec trace (found through -d exec and nochaining),
the total number of instructions will overestimate the actual number of
executed host instructions (only for the translated code) ?

Thanks

On Tue, Jun 28, 2016 at 7:17 AM, Peter Maydell <peter.maydell@linaro.org>
wrote:

> On 28 June 2016 at 11:50, Lluís Vilanova <vilanova@ac.upc.edu> wrote:
> > Ayaz Akram writes:
> >
> >> Hi All,
> >> I want to count number of host instructions (only for guest code)
> executed
> >> when qemu emulates an application. I wonder if helper functions are
> >> supported with tcg back end as well, which can be a possible solution
> for
> >> the mentioned problem ? If not, is there any other solution in someone's
> >> mind ?
> >
> > If you don't care about helpers, you can use QEMU's log functionality (-d
> > out_asm).
>
> Note that this doesn't directly count instructions -- it only
> displays the assembly at translate time, and you'd then have
> to calculate the actual executions based on -d exec logging,
> and adjust it to deal with exceptions.
>
> It ought to be possible to use the icount machinery to trace
> instruction execution counts, but we don't do it today.
>
> thanks
> -- PMM
>

Re: [Qemu-devel] Executed Host Instructions

[Peter Maydell]

On 30 June 2016 at 02:13, Ayaz Akram <aaqemu@gmail.com> wrote:
> Hi all !
> I hope you wouldn't mind a quick clarification regarding this question . If
> I do not take into account the exceptions and keep on adding number of
> translated instructions inside a TB (found through -d out_asm) for each time
> TB is seen in the exec trace (found through -d exec and nochaining), the
> total number of instructions will overestimate the actual number of executed
> host instructions (only for the translated code) ?

Yes, it will be (potentially) an overestimate.

thanks
-- PMM