{"id":813273,"url":"http://patchwork.ozlabs.org/api/1.2/patches/813273/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/150529666493.10902.14830445134051381968.stgit@frigg.lan/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.2/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<150529666493.10902.14830445134051381968.stgit@frigg.lan>","list_archive_url":null,"date":"2017-09-13T09:57:45","name":"[v6,01/22] instrument: Add documentation","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"cad7b6c92516aa9241af17d579216fa6a299e030","submitter":{"id":9099,"url":"http://patchwork.ozlabs.org/api/1.2/people/9099/?format=json","name":"Lluís Vilanova","email":"vilanova@ac.upc.edu"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/150529666493.10902.14830445134051381968.stgit@frigg.lan/mbox/","series":[{"id":2857,"url":"http://patchwork.ozlabs.org/api/1.2/series/2857/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=2857","date":"2017-09-13T09:53:43","name":"instrument: Add basic event instrumentation","version":6,"mbox":"http://patchwork.ozlabs.org/series/2857/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/813273/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/813273/checks/","tags":{},"related":[],"headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xscYc1r4Wz9s76\n\tfor <incoming@patchwork.ozlabs.org>;\n\tWed, 13 Sep 2017 19:58:28 +1000 (AEST)","from localhost ([::1]:41288 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1ds4R8-0007Sx-6W\n\tfor incoming@patchwork.ozlabs.org; Wed, 13 Sep 2017 05:58:26 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:33396)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <vilanova@ac.upc.edu>) id 1ds4Qh-0007Qt-MM\n\tfor qemu-devel@nongnu.org; Wed, 13 Sep 2017 05:58:04 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <vilanova@ac.upc.edu>) id 1ds4Qd-0005cD-Ms\n\tfor qemu-devel@nongnu.org; Wed, 13 Sep 2017 05:57:59 -0400","from roura.ac.upc.es ([147.83.33.10]:35864)\n\tby eggs.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <vilanova@ac.upc.edu>) id 1ds4Qd-0005bd-Ac\n\tfor qemu-devel@nongnu.org; Wed, 13 Sep 2017 05:57:55 -0400","from correu-2.ac.upc.es (correu-2.ac.upc.es [147.83.30.92])\n\tby roura.ac.upc.es (8.13.8/8.13.8) with ESMTP id v8D9vpB6007706;\n\tWed, 13 Sep 2017 11:57:51 +0200","from localhost (unknown [132.68.137.204])\n\tby correu-2.ac.upc.es (Postfix) with ESMTPSA id 4886639C;\n\tWed, 13 Sep 2017 11:57:46 +0200 (CEST)"],"From":"=?utf-8?b?TGx1w61z?= Vilanova <vilanova@ac.upc.edu>","To":"qemu-devel@nongnu.org","Date":"Wed, 13 Sep 2017 12:57:45 +0300","Message-Id":"<150529666493.10902.14830445134051381968.stgit@frigg.lan>","X-Mailer":"git-send-email 2.14.1","In-Reply-To":"<150529642278.10902.18234057937634437857.stgit@frigg.lan>","References":"<150529642278.10902.18234057937634437857.stgit@frigg.lan>","User-Agent":"StGit/0.18","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"quoted-printable","X-MIME-Autoconverted":"from 8bit to quoted-printable by roura.ac.upc.es id\n\tv8D9vpB6007706","X-detected-operating-system":"by eggs.gnu.org: GNU/Linux 2.6.x [fuzzy]","X-Received-From":"147.83.33.10","Subject":"[Qemu-devel] [PATCH v6 01/22] instrument: Add documentation","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"\"Emilio G. Cota\" <cota@braap.org>, Markus Armbruster <armbru@redhat.com>,\n\tStefan Hajnoczi <stefanha@redhat.com>, =?utf-8?q?Llu=C3=ADs_Vilanova?=\n\t<vilanova@ac.upc.edu>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"},"content":"Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>\n---\n MAINTAINERS         |    6 ++\n docs/instrument.txt |  173 +++++++++++++++++++++++++++++++++++++++++++++++++++\n 2 files changed, 179 insertions(+)\n create mode 100644 docs/instrument.txt","diff":"diff --git a/MAINTAINERS b/MAINTAINERS\nindex 36eeb42d19..fb0eaee06a 100644\n--- a/MAINTAINERS\n+++ b/MAINTAINERS\n@@ -1486,6 +1486,12 @@ F: scripts/tracetool/\n F: docs/tracing.txt\n T: git git://github.com/stefanha/qemu.git tracing\n \n+Event instrumentation\n+M: Lluís Vilanova <vilanova@ac.upc.edu>\n+M: Stefan Hajnoczi <stefanha@redhat.com>\n+S: Maintained\n+F: docs/instrument.txt\n+\n TPM\n S: Orphan\n F: tpm.c\ndiff --git a/docs/instrument.txt b/docs/instrument.txt\nnew file mode 100644\nindex 0000000000..24a0d21fc7\n--- /dev/null\n+++ b/docs/instrument.txt\n@@ -0,0 +1,173 @@\n+= Event instrumentation =\n+\n+== Introduction ==\n+\n+Event instrumentation allows users to execute their own host-native code on a\n+set of pre-defined events provided by QEMU. QEMU also exposes other\n+functionality to peek/poke at the guest state (e.g., memory or registers), as\n+well as interacting with tracing events. For those familiar with the term, this\n+provides dynamic binary instrumentation, works on all QEMU-supported\n+architectures, as well as works in both 'user' (standalone application) and\n+'system' (full-system emulation) modes.\n+\n+Look at the headers installed by QEMU on the \"qemu-instr\" directory for further\n+information beyond this document.\n+\n+\n+== Loading an instrumentation library ==\n+\n+Instrumentation code can be bundled into a dynamic library, which can be later\n+loaded into QEMU:\n+\n+* Using the command-line \"-instr\" argument.\n+\n+* Using the \"instr-load\" and \"instr-unload\" commands in the HMP and QMP\n+  interfaces.\n+\n+\n+== Example ==\n+\n+1. Configure QEMU with event instrumentation:\n+\n+    # instrument guest_cpu_enter and guest_mem_before\n+    mkdir -p /path/to/qemu-build\n+    cd /path/to/qemu-build\n+    /path/to/qemu-source/configure \\\n+      --enable-instrument \\\n+      --prefix=/path/to/qemu-install\n+\n+2. Build and install QEMU:\n+\n+    make install\n+\n+3. Create the \"Makefile\" to build the instrumentation library:\n+\n+    mkdir -p /tmp/my-instrument\n+    \n+    cat > /tmp/my-instrument/Makefile <<EOF\n+    QEMU_PATH=/tmp/qemu-install/\n+    \n+    CFLAGS += -g\n+    CFLAGS += -O3\n+    CFLAGS += -Werror -Wall\n+    CFLAGS += -I$(QEMU_PATH)/include\n+    \n+    all: libtrace-instrument.la\n+    \n+    libtrace-instrument.la: instrument.lo\n+            libtool --mode=link --tag=CC $(CC) -module -rpath /usr/local/lib -o $@ $^\n+    \n+    %.lo: %.c\n+            libtool --mode=compile --tag=CC $(CC) $(CFLAGS) -c $^\n+    \n+    clean:\n+            $(RM) -f *.o *.so *.lo\n+            $(RM) -Rf .libs\n+    EOF\n+\n+4. Write your instrumentation library:\n+\n+    cat > /tmp/my-instrument/instrument.c <<EOF\n+    #include <stdio.h>\n+    #include <assert.h>\n+    \n+    #include <qemu-instr/control.h>         /* manipulate events */\n+    #include <qemu-instr/trace.h>           /* manipulate tracing */\n+    \n+    /* the address for the memory access is not known at translation time */\n+    void guest_mem_before_trans(QICPU vcpu_trans, QITCGv_cpu vcpu_exec,\n+                                QITCGv vaddr, QIMemInfo info)\n+    {\n+        printf(\"%s: %p %p %p %d %d %d %d\\n\", __func__, vcpu_trans, vcpu_exec, vaddr,\n+               1 << info.size_shift, info.sign_extend, info.endianness, info.store);\n+        if (info.store) {\n+            /* generate at execution time only for memory writes */\n+            qi_event_gen_guest_mem_before_exec(vcpu_exec, vaddr, info);\n+        }\n+    }\n+    \n+    /* called when QEMU executes a memory access */\n+    void guest_mem_before_exec(QICPU vcpu, uint64_t vaddr, QIMemInfo info)\n+    {\n+        if (info.store) {\n+            /* if called by TCG code, we'll only get writes (see above) */\n+            printf(\"%s: %p %lx %d %d %d %d\\n\", __func__, vcpu, vaddr,\n+                   1 << info.size_shift, info.sign_extend, info.endianness, info.store);\n+        }\n+    }\n+    \n+    /* called every time QEMU hotplugs a CPU */\n+    void guest_cpu_enter(QICPU vcpu)\n+    {\n+        printf(\"%s: %p\\n\", __func__, vcpu);\n+    \n+        /* disable instrumentation and tracing after the first call */\n+        static bool found = false;\n+        if (found) {\n+            qi_event_set_guest_cpu_enter(NULL);\n+            QITraceEvent *ev = qi_trace_event_name(\"guest_cpu_enter\");\n+            assert(ev);\n+            qi_trace_event_set_state_dynamic(ev, true);\n+        } else {\n+            found = true;\n+        }\n+    }\n+    \n+    static void fini(void *data)\n+    {\n+        /* diable all tracing events */\n+        QITraceEventIter iter;\n+        qi_trace_event_iter_init(&iter, NULL);\n+        QITraceEvent *ev;\n+        while ((ev = qi_trace_event_iter_next(&iter)) != NULL) {\n+            if (qi_trace_event_get_state_static(ev)) {\n+                qi_trace_event_set_state_dynamic(ev, false);\n+            }\n+        }\n+    \n+        /* instrumentation callbacks are automatically reset by QEMU */\n+    }\n+    \n+    /* mandatory initialization function */\n+    int main(int argc, const char **argv)\n+    {\n+        int i;\n+        printf(\"init!\\n\");\n+        printf(\"    argc :: %d\\n\", argc);\n+        for (i = 0; i < argc; i++) {\n+            printf(\"            -> %s\\n\", argv[i]);\n+        }\n+    \n+        qi_set_fini(fini, NULL);\n+    \n+        /* instrument and trace events */\n+        QITraceEvent *ev;\n+    \n+        qi_event_set_guest_cpu_enter(guest_cpu_enter);\n+        ev = qi_trace_event_name(\"guest_cpu_enter\");\n+        assert(ev);\n+        qi_trace_event_set_state_dynamic(ev, true);\n+    \n+        qi_event_set_guest_mem_before_trans(guest_mem_before_trans);\n+        ev = qi_trace_event_name(\"guest_mem_before_trans\");\n+        assert(ev);\n+        qi_trace_event_set_state_dynamic(ev, true);\n+    \n+        qi_event_set_guest_mem_before_exec(guest_mem_before_exec);\n+        ev = qi_trace_event_name(\"guest_mem_before_exec\");\n+        assert(ev);\n+        qi_trace_event_set_state_dynamic(ev, true);\n+    \n+        return 0;\n+    }\n+    EOF\n+\n+5. Compile the instrumentation library:\n+\n+    make -C /tmp/my-instrument\n+\n+6. Start QEMU with the instrumentation library:\n+\n+    /tmp/qemu-install/bin/qemu-system-x86_64 \\\n+        -instr file=/tmp/my-dinstrument/.libs/libtrace-instrument.so, \\\n+               arg=foo,arg=bar\n","prefixes":["v6","01/22"]}