TCG plugin memory instrumentation updates

- deprecate plugins on 32 bit hosts - deprecate plugins with TCI - extend memory API to save value - add check-tcg tests to exercise new memory API - fix timer deadlock with non-changing timer - add basic block vector plugin to contrib - add cflow plugin to contrib - extend syscall plugin to dump write memory - validate ips plugin arguments meet minimum slice value -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmbsPCUACgkQ+9DbCVqe KkTm1gf9Hs5Zfdng0E+7sr5Dpa5F+cJOXU9QJhoTWJ4XC16CygWByqMXbyeX/kvm HXJEm6OnkADJhikIUCoBko8uK4/96iWSrDL0sEdzASX4SM/tXu684KeL+j9G/Ql8 iqxm6tIjaJqmbSZRMp0l5jD+ZBltRMCzBNdK1suJR2ppQgqfKj3qMLVLtq2hhqPH qPgwKm44hk9BEpHYqXaivzSWN5GKCgvp5ECcFXCBhDcM+8W7Dl3Mv6X0pWOpYcKZ d2a5KUt+Xp7WB2jkOgJYr0zKCOQCiCjGSfm/30qRDOUnwiLRWbfamRI9jUDNUtfy RYR+GaspurGCwSkwICdlvj+vFp/16Q== =5wfo -----END PGP SIGNATURE----- Merge tag 'pull-tcg-plugin-memory-190924-1' of https://gitlab.com/stsquad/qemu into staging TCG plugin memory instrumentation updates - deprecate plugins on 32 bit hosts - deprecate plugins with TCI - extend memory API to save value - add check-tcg tests to exercise new memory API - fix timer deadlock with non-changing timer - add basic block vector plugin to contrib - add cflow plugin to contrib - extend syscall plugin to dump write memory - validate ips plugin arguments meet minimum slice value # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmbsPCUACgkQ+9DbCVqe # KkTm1gf9Hs5Zfdng0E+7sr5Dpa5F+cJOXU9QJhoTWJ4XC16CygWByqMXbyeX/kvm # HXJEm6OnkADJhikIUCoBko8uK4/96iWSrDL0sEdzASX4SM/tXu684KeL+j9G/Ql8 # iqxm6tIjaJqmbSZRMp0l5jD+ZBltRMCzBNdK1suJR2ppQgqfKj3qMLVLtq2hhqPH # qPgwKm44hk9BEpHYqXaivzSWN5GKCgvp5ECcFXCBhDcM+8W7Dl3Mv6X0pWOpYcKZ # d2a5KUt+Xp7WB2jkOgJYr0zKCOQCiCjGSfm/30qRDOUnwiLRWbfamRI9jUDNUtfy # RYR+GaspurGCwSkwICdlvj+vFp/16Q== # =5wfo # -----END PGP SIGNATURE----- # gpg: Signature made Thu 19 Sep 2024 15:58:45 BST # gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44 # gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full] # Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44 * tag 'pull-tcg-plugin-memory-190924-1' of https://gitlab.com/stsquad/qemu: contrib/plugins: avoid hanging program plugins: add option to dump write argument to syscall plugin plugins: add plugin API to read guest memory contrib/plugins: Add a plugin to generate basic block vectors util/timer: avoid deadlock when shutting down tests/tcg: add a system test to check memory instrumentation tests/tcg: ensure s390x-softmmu output redirected tests/tcg: only read/write 64 bit words on 64 bit systems tests/tcg: clean up output of memory system test tests/tcg/multiarch: add test for plugin memory access tests/tcg/plugins/mem: add option to print memory accesses tests/tcg: allow to check output of plugins tests/tcg: add mechanism to run specific tests with plugins plugins: extend API to get latest memory value accessed plugins: save value during memory accesses contrib/plugins: control flow plugin deprecation: don't enable TCG plugins by default with TCI deprecation: don't enable TCG plugins by default on 32 bit hosts Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2025-08-04 00:03:54 -06:00 · 2024-09-19 21:31:35 +01:00 · 2024-09-19 21:31:35 +01:00 · a5dd9ee060
commit a5dd9ee060
parent 01dc65a3bc 8148fb56c7
31 changed files with 1796 additions and 83 deletions
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@ -184,6 +184,25 @@ be an effective use of its limited resources, and thus intends to discontinue
 it. Since all recent x86 hardware from the past >10 years is capable of the
 64-bit x86 extensions, a corresponding 64-bit OS should be used instead.

+TCG Plugin support not enabled by default on 32-bit hosts (since 9.2)
+'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
+
+While it is still possible to enable TCG plugin support for 32-bit
+hosts there are a number of potential pitfalls when instrumenting
+64-bit guests. The plugin APIs typically pass most addresses as
+uint64_t but practices like encoding that address in a host pointer
+for passing as user-data will lose data. As most software analysis
+benefits from having plenty of host memory it seems reasonable to
+encourage users to use 64 bit builds of QEMU for analysis work
+whatever targets they are instrumenting.
+
+TCG Plugin support not enabled by default with TCI (since 9.2)
+''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
+
+While the TCG interpreter can interpret the TCG ops used by plugins it
+is going to be so much slower it wouldn't make sense for any serious
+instrumentation. Due to implementation differences there will also be
+anomalies in things like memory instrumentation.

 System emulator CPUs
 --------------------
--- a/docs/about/emulation.rst
+++ b/docs/about/emulation.rst
@ -268,6 +268,36 @@ Behaviour can be tweaked with the following arguments:
  * - idle=true|false
    - Dump the current execution stats whenever the guest vCPU idles

+Basic Block Vectors
+...................
+
+``contrib/plugins/bbv.c``
+
+The bbv plugin allows you to generate basic block vectors for use with the
+`SimPoint <https://cseweb.ucsd.edu/~calder/simpoint/>`__ analysis tool.
+
+.. list-table:: Basic block vectors arguments
+  :widths: 20 80
+  :header-rows: 1
+
+  * - Option
+    - Description
+  * - interval=N
+    - The interval to generate a basic block vector specified by the number of
+      instructions (Default: N = 100000000)
+  * - outfile=PATH
+    - The path to output files.
+      It will be suffixed with ``.N.bb`` where ``N`` is a vCPU index.
+
+Example::
+
+  $ qemu-aarch64 \
+    -plugin contrib/plugins/libbbv.so,interval=100,outfile=sha1 \
+    tests/tcg/aarch64-linux-user/sha1
+  SHA1=15dd99a1991e0b3826fede3deffc1feba42278e6
+  $ du sha1.0.bb
+  23128   sha1.0.bb
+
 Instruction
 ...........

@ -384,6 +414,19 @@ run::
  160          1      0
  135          1      0

+Behaviour can be tweaked with the following arguments:
+
+.. list-table:: Syscall plugin arguments
+  :widths: 20 80
+  :header-rows: 1
+
+  * - Option
+    - Description
+  * - print=true|false
+    - Print the number of times each syscall is called
+  * - log_writes=true|false
+    - Log the buffer of each write syscall in hexdump format
+
 Test inline operations
 ......................

@ -773,4 +816,3 @@ Other emulation features
 When running system emulation you can also enable deterministic
 execution which allows for repeatable record/replay debugging. See
 :ref:`Record/Replay<replay>` for more details.
-