4. Pretty-print the binary trace file:
- ./scripts/simpletrace.py trace-events trace-*
+ ./scripts/simpletrace.py trace-events-all trace-* # Override * with QEMU <pid>
== Trace events ==
-There is a set of static trace events declared in the "trace-events" source
-file. Each trace event declaration names the event, its arguments, and the
-format string which can be used for pretty-printing:
+Each directory in the source tree can declare a set of static trace events
+in a "trace-events" file. Each trace event declaration names the event, its
+arguments, and the format string which can be used for pretty-printing:
qemu_vmalloc(size_t size, void *ptr) "size %zu ptr %p"
qemu_vfree(void *ptr) "ptr %p"
-The "trace-events" file is processed by the "tracetool" script during build to
-generate code for the trace events. Trace events are invoked directly from
-source code like this:
+All "trace-events" files must be listed in the "trace-event-y" make variable
+in the top level Makefile.objs. During build the individual files are combined
+to create a "trace-events-all" file, which is processed by the "tracetool"
+script during build to generate code for the trace events. The
+"trace-events-all" file is also installed into "/usr/share/qemu".
+
+Trace events are invoked directly from source code like this:
#include "trace.h" /* needed for trace event prototype */
SystemTap. Support for trace backends can be added by extending the "tracetool"
script.
-The trace backend is chosen at configure time and only one trace backend can
-be built into the binary:
+The trace backends are chosen at configure time:
- ./configure --trace-backends=simple
+ ./configure --enable-trace-backends=simple
For a list of supported trace backends, try ./configure --help or see below.
+If multiple backends are enabled, the trace is sent to them all.
The following subsections describe the supported trace backends.
Note that regardless of the selected trace backend, events with the "disable"
property will be generated with the "nop" backend.
-=== Stderr ===
+=== Log ===
-The "stderr" backend sends trace events directly to standard error. This
+The "log" backend sends trace events directly to standard error. This
effectively turns trace events into debug printfs.
This is the simplest backend and can be used together with existing code that
trace backends but it is portable. This is the recommended trace backend
unless you have specific needs for more advanced backends.
-The "simple" backend currently does not capture string arguments, it simply
-records the char* pointer value instead of the string that is pointed to.
-
=== Ftrace ===
The "ftrace" backend writes trace data to ftrace marker. This effectively
==== Analyzing trace files ====
The "simple" backend produces binary trace files that can be formatted with the
-simpletrace.py script. The script takes the "trace-events" file and the binary
-trace:
+simpletrace.py script. The script takes the "trace-events-all" file and the
+binary trace:
- ./scripts/simpletrace.py trace-events trace-12345
+ ./scripts/simpletrace.py trace-events-all trace-12345
-You must ensure that the same "trace-events" file was used to build QEMU,
+You must ensure that the same "trace-events-all" file was used to build QEMU,
otherwise trace event declarations may have changed and output will not be
consistent.
performed manually after a build in order to change the binary name in the .stp
probes:
- scripts/tracetool --dtrace --stap \
- --binary path/to/qemu-binary \
- --target-type system \
- --target-name x86_64 \
- <trace-events >qemu.stp
+ scripts/tracetool.py --backends=dtrace --format=stap \
+ --binary path/to/qemu-binary \
+ --target-type system \
+ --target-name x86_64 \
+ <trace-events-all >qemu.stp
== Trace event properties ==
-Each event in the "trace-events" file can be prefixed with a space-separated
+Each event in the "trace-events-all" file can be prefixed with a space-separated
list of zero or more of the following event properties.
=== "disable" ===
In this case you should declare such event with the "disable" property. This
will effectively disable the event at compile time (by using the "nop" backend),
thus having no performance impact at all on regular builds (i.e., unless you
-edit the "trace-events" file).
+edit the "trace-events-all" file).
In addition, there might be cases where relatively complex computations must be
performed to generate values that are only used as arguments for a trace
You can check both if the event has been disabled and is dynamically enabled at
the same time using the 'trace_event_get_state' routine (see header
"trace/control.h" for more information).
+
+=== "tcg" ===
+
+Guest code generated by TCG can be traced by defining an event with the "tcg"
+event property. Internally, this property generates two events:
+"<eventname>_trans" to trace the event at translation time, and
+"<eventname>_exec" to trace the event at execution time.
+
+Instead of using these two events, you should instead use the function
+"trace_<eventname>_tcg" during translation (TCG code generation). This function
+will automatically call "trace_<eventname>_trans", and will generate the
+necessary TCG code to call "trace_<eventname>_exec" during guest code execution.
+
+Events with the "tcg" property can be declared in the "trace-events" file with a
+mix of native and TCG types, and "trace_<eventname>_tcg" will gracefully forward
+them to the "<eventname>_trans" and "<eventname>_exec" events. Since TCG values
+are not known at translation time, these are ignored by the "<eventname>_trans"
+event. Because of this, the entry in the "trace-events" file needs two printing
+formats (separated by a comma):
+
+ tcg foo(uint8_t a1, TCGv_i32 a2) "a1=%d", "a1=%d a2=%d"
+
+For example:
+
+ #include "trace-tcg.h"
+
+ void some_disassembly_func (...)
+ {
+ uint8_t a1 = ...;
+ TCGv_i32 a2 = ...;
+ trace_foo_tcg(a1, a2);
+ }
+
+This will immediately call:
+
+ void trace_foo_trans(uint8_t a1);
+
+and will generate the TCG code to call:
+
+ void trace_foo(uint8_t a1, uint32_t a2);
+
+=== "vcpu" ===
+
+Identifies events that trace vCPU-specific information. It implicitly adds a
+"CPUState*" argument, and extends the tracing print format to show the vCPU
+information. If used together with the "tcg" property, it adds a second
+"TCGv_env" argument that must point to the per-target global TCG register that
+points to the vCPU when guest code is executed (usually the "cpu_env" variable).
+
+The following example events:
+
+ foo(uint32_t a) "a=%x"
+ vcpu bar(uint32_t a) "a=%x"
+ tcg vcpu baz(uint32_t a) "a=%x", "a=%x"
+
+Can be used as:
+
+ #include "trace-tcg.h"
+
+ CPUArchState *env;
+ TCGv_ptr cpu_env;
+
+ void some_disassembly_func(...)
+ {
+ /* trace emitted at this point */
+ trace_foo(0xd1);
+ /* trace emitted at this point */
+ trace_bar(ENV_GET_CPU(env), 0xd2);
+ /* trace emitted at this point (env) and when guest code is executed (cpu_env) */
+ trace_baz_tcg(ENV_GET_CPU(env), cpu_env, 0xd3);
+ }
+
+If the translating vCPU has address 0xc1 and code is later executed by vCPU
+0xc2, this would be an example output:
+
+ // at guest code translation
+ foo a=0xd1
+ bar cpu=0xc1 a=0xd2
+ baz_trans cpu=0xc1 a=0xd3
+ // at guest code execution
+ baz_exec cpu=0xc2 a=0xd3
projects / qemu.git / blobdiff