One Hat Cyber Team
Your IP :
216.73.216.115
Server IP :
194.44.31.54
Server :
Linux zen.imath.kiev.ua 4.18.0-553.77.1.el8_10.x86_64 #1 SMP Fri Oct 3 14:30:23 UTC 2025 x86_64
Server Software :
Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k
PHP Version :
5.6.40
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
share
/
doc
/
qemu-kvm
/
devel
/
View File Name :
tracing.html
<!DOCTYPE html> <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Tracing — QEMU qemu-kvm-6.2.0-53.module+el8.10.0+2055+8eb7870b.4 documentation</title> <link rel="shortcut icon" href="../_static/qemu_32x32.png"/> <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" /> <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> <link rel="index" title="Index" href="../genindex.html" /> <link rel="search" title="Search" href="../search.html" /> <link rel="next" title="Multi-threaded TCG" href="multi-thread-tcg.html" /> <link rel="prev" title="TCG Instruction Counting" href="tcg-icount.html" /> <script src="../_static/js/modernizr.min.js"></script> </head> <body class="wy-body-for-nav"> <div class="wy-grid-for-nav"> <nav data-toggle="wy-nav-shift" class="wy-nav-side"> <div class="wy-side-scroll"> <div class="wy-side-nav-search"> <a href="../index.html" class="icon icon-home"> QEMU <img src="../_static/qemu_128x128.png" class="logo" alt="Logo"/> </a> <div class="version"> 6.2.0 </div> <div role="search"> <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> <input type="text" name="q" placeholder="Search docs" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> </div> </div> <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> <p class="caption"><span class="caption-text">Contents:</span></p> <ul class="current"> <li class="toctree-l1"><a class="reference internal" href="../about/index.html">About QEMU</a></li> <li class="toctree-l1"><a class="reference internal" href="../system/index.html">System Emulation</a></li> <li class="toctree-l1"><a class="reference internal" href="../user/index.html">User Mode Emulation</a></li> <li class="toctree-l1"><a class="reference internal" href="../tools/index.html">Tools</a></li> <li class="toctree-l1"><a class="reference internal" href="../interop/index.html">System Emulation Management and Interoperability</a></li> <li class="toctree-l1"><a class="reference internal" href="../specs/index.html">System Emulation Guest Hardware Specifications</a></li> <li class="toctree-l1 current"><a class="reference internal" href="index.html">Developer Information</a><ul class="current"> <li class="toctree-l2"><a class="reference internal" href="code-of-conduct.html">Code of Conduct</a></li> <li class="toctree-l2"><a class="reference internal" href="conflict-resolution.html">Conflict Resolution Policy</a></li> <li class="toctree-l2"><a class="reference internal" href="build-system.html">The QEMU build system architecture</a></li> <li class="toctree-l2"><a class="reference internal" href="style.html">QEMU Coding Style</a></li> <li class="toctree-l2"><a class="reference internal" href="kconfig.html">QEMU and Kconfig</a></li> <li class="toctree-l2"><a class="reference internal" href="testing.html">Testing in QEMU</a></li> <li class="toctree-l2"><a class="reference internal" href="fuzzing.html">Fuzzing</a></li> <li class="toctree-l2"><a class="reference internal" href="control-flow-integrity.html">Control-Flow Integrity (CFI)</a></li> <li class="toctree-l2"><a class="reference internal" href="loads-stores.html">Load and Store APIs</a></li> <li class="toctree-l2"><a class="reference internal" href="memory.html">The memory API</a></li> <li class="toctree-l2"><a class="reference internal" href="migration.html">Migration</a></li> <li class="toctree-l2"><a class="reference internal" href="atomics.html">Atomic operations in QEMU</a></li> <li class="toctree-l2"><a class="reference internal" href="stable-process.html">QEMU and the stable process</a></li> <li class="toctree-l2"><a class="reference internal" href="ci.html">CI</a></li> <li class="toctree-l2"><a class="reference internal" href="qtest.html">QTest Device Emulation Testing Framework</a></li> <li class="toctree-l2"><a class="reference internal" href="decodetree.html">Decodetree Specification</a></li> <li class="toctree-l2"><a class="reference internal" href="secure-coding-practices.html">Secure Coding Practices</a></li> <li class="toctree-l2"><a class="reference internal" href="tcg.html">Translator Internals</a></li> <li class="toctree-l2"><a class="reference internal" href="tcg-icount.html">TCG Instruction Counting</a></li> <li class="toctree-l2 current"><a class="current reference internal" href="#">Tracing</a><ul> <li class="toctree-l3"><a class="reference internal" href="#introduction">Introduction</a></li> <li class="toctree-l3"><a class="reference internal" href="#quickstart">Quickstart</a></li> <li class="toctree-l3"><a class="reference internal" href="#trace-events">Trace events</a><ul> <li class="toctree-l4"><a class="reference internal" href="#sub-directory-setup">Sub-directory setup</a></li> <li class="toctree-l4"><a class="reference internal" href="#using-trace-events">Using trace events</a></li> <li class="toctree-l4"><a class="reference internal" href="#declaring-trace-events">Declaring trace events</a></li> <li class="toctree-l4"><a class="reference internal" href="#hints-for-adding-new-trace-events">Hints for adding new trace events</a></li> </ul> </li> <li class="toctree-l3"><a class="reference internal" href="#generic-interface-and-monitor-commands">Generic interface and monitor commands</a></li> <li class="toctree-l3"><a class="reference internal" href="#trace-backends">Trace backends</a><ul> <li class="toctree-l4"><a class="reference internal" href="#nop">Nop</a></li> <li class="toctree-l4"><a class="reference internal" href="#log">Log</a></li> <li class="toctree-l4"><a class="reference internal" href="#simpletrace">Simpletrace</a></li> <li class="toctree-l4"><a class="reference internal" href="#ftrace">Ftrace</a></li> <li class="toctree-l4"><a class="reference internal" href="#syslog">Syslog</a></li> <li class="toctree-l4"><a class="reference internal" href="#lttng-userspace-tracer">LTTng Userspace Tracer</a></li> <li class="toctree-l4"><a class="reference internal" href="#systemtap">SystemTap</a></li> </ul> </li> <li class="toctree-l3"><a class="reference internal" href="#trace-event-properties">Trace event properties</a><ul> <li class="toctree-l4"><a class="reference internal" href="#disable">“disable”</a></li> <li class="toctree-l4"><a class="reference internal" href="#tcg">“tcg”</a></li> <li class="toctree-l4"><a class="reference internal" href="#vcpu">“vcpu”</a></li> </ul> </li> </ul> </li> <li class="toctree-l2"><a class="reference internal" href="multi-thread-tcg.html">Multi-threaded TCG</a></li> <li class="toctree-l2"><a class="reference internal" href="tcg-plugins.html">QEMU TCG Plugins</a></li> <li class="toctree-l2"><a class="reference internal" href="bitops.html">Bitwise operations</a></li> <li class="toctree-l2"><a class="reference internal" href="ui.html">QEMU UI subsystem</a></li> <li class="toctree-l2"><a class="reference internal" href="reset.html">Reset in QEMU: the Resettable interface</a></li> <li class="toctree-l2"><a class="reference internal" href="s390-dasd-ipl.html">Booting from real channel-attached devices on s390x</a></li> <li class="toctree-l2"><a class="reference internal" href="clocks.html">Modelling a clock tree in QEMU</a></li> <li class="toctree-l2"><a class="reference internal" href="qom.html">The QEMU Object Model (QOM)</a></li> <li class="toctree-l2"><a class="reference internal" href="modules.html">QEMU modules</a></li> <li class="toctree-l2"><a class="reference internal" href="block-coroutine-wrapper.html">block-coroutine-wrapper</a></li> <li class="toctree-l2"><a class="reference internal" href="multi-process.html">Multi-process QEMU</a></li> <li class="toctree-l2"><a class="reference internal" href="ebpf_rss.html">eBPF RSS virtio-net support</a></li> <li class="toctree-l2"><a class="reference internal" href="vfio-migration.html">VFIO device Migration</a></li> <li class="toctree-l2"><a class="reference internal" href="qapi-code-gen.html">How to use the QAPI code generator</a></li> <li class="toctree-l2"><a class="reference internal" href="writing-monitor-commands.html">How to write monitor commands</a></li> <li class="toctree-l2"><a class="reference internal" href="trivial-patches.html">Trivial Patches</a></li> <li class="toctree-l2"><a class="reference internal" href="submitting-a-patch.html">Submitting a Patch</a></li> <li class="toctree-l2"><a class="reference internal" href="submitting-a-pull-request.html">Submitting a Pull Request</a></li> </ul> </li> </ul> </div> </div> </nav> <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> <nav class="wy-nav-top" aria-label="top navigation"> <i data-toggle="wy-nav-top" class="fa fa-bars"></i> <a href="../index.html">QEMU</a> </nav> <div class="wy-nav-content"> <div class="rst-content"> <div role="navigation" aria-label="breadcrumbs navigation"> <ul class="wy-breadcrumbs"> <li><a href="../index.html">Docs</a> »</li> <li><a href="index.html">Developer Information</a> »</li> <li>Tracing</li> <li class="wy-breadcrumbs-aside"> <a href="https://gitlab.com/qemu-project/qemu/blob/master/docs/devel/tracing.rst" class="fa fa-gitlab"> Edit on GitLab</a> </li> </ul> <hr/> </div> <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article"> <div itemprop="articleBody"> <div class="section" id="tracing"> <h1>Tracing<a class="headerlink" href="#tracing" title="Permalink to this headline">¶</a></h1> <div class="section" id="introduction"> <h2>Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2> <p>This document describes the tracing infrastructure in QEMU and how to use it for debugging, profiling, and observing execution.</p> </div> <div class="section" id="quickstart"> <h2>Quickstart<a class="headerlink" href="#quickstart" title="Permalink to this headline">¶</a></h2> <p>Enable tracing of <code class="docutils literal notranslate"><span class="pre">memory_region_ops_read</span></code> and <code class="docutils literal notranslate"><span class="pre">memory_region_ops_write</span></code> events:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ qemu --trace "memory_region_ops_*" ... ... 719585@1608130130.441188:memory_region_ops_read cpu 0 mr 0x562fdfbb3820 addr 0x3cc value 0x67 size 1 719585@1608130130.441190:memory_region_ops_write cpu 0 mr 0x562fdfbd2f00 addr 0x3d4 value 0x70e size 2 </pre></div> </div> <p>This output comes from the “log” trace backend that is enabled by default when <code class="docutils literal notranslate"><span class="pre">./configure</span> <span class="pre">--enable-trace-backends=BACKENDS</span></code> was not explicitly specified.</p> <p>Multiple patterns can be specified by repeating the <code class="docutils literal notranslate"><span class="pre">--trace</span></code> option:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ qemu --trace "kvm_*" --trace "virtio_*" ... </pre></div> </div> <p>When patterns are used frequently it is more convenient to store them in a file to avoid long command-line options:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ echo "memory_region_ops_*" >/tmp/events $ echo "kvm_*" >>/tmp/events $ qemu --trace events=/tmp/events ... </pre></div> </div> </div> <div class="section" id="trace-events"> <h2>Trace events<a class="headerlink" href="#trace-events" title="Permalink to this headline">¶</a></h2> <div class="section" id="sub-directory-setup"> <h3>Sub-directory setup<a class="headerlink" href="#sub-directory-setup" title="Permalink to this headline">¶</a></h3> <p>Each directory in the source tree can declare a set of trace events in a local “trace-events” file. All directories which contain “trace-events” files must be listed in the “trace_events_subdirs” variable in the top level meson.build file. During build, the “trace-events” file in each listed subdirectory will be processed by the “tracetool” script to generate code for the trace events.</p> <p>The individual “trace-events” files are merged into a “trace-events-all” file, which is also installed into “/usr/share/qemu” with the name “trace-events”. This merged file is to be used by the “simpletrace.py” script to later analyse traces in the simpletrace data format.</p> <p>The following files are automatically generated in <builddir>/trace/ during the build:</p> <blockquote> <div><ul class="simple"> <li>trace-<subdir>.c - the trace event state declarations</li> <li>trace-<subdir>.h - the trace event enums and probe functions</li> <li>trace-dtrace-<subdir>.h - DTrace event probe specification</li> <li>trace-dtrace-<subdir>.dtrace - DTrace event probe helper declaration</li> <li>trace-dtrace-<subdir>.o - binary DTrace provider (generated by dtrace)</li> <li>trace-ust-<subdir>.h - UST event probe helper declarations</li> </ul> </div></blockquote> <p>Here <subdir> is the sub-directory path with ‘/’ replaced by ‘_’. For example, “accel/kvm” becomes “accel_kvm” and the final filename for “trace-<subdir>.c” becomes “trace-accel_kvm.c”.</p> <p>Source files in the source tree do not directly include generated files in “<builddir>/trace/”. Instead they #include the local “trace.h” file, without any sub-directory path prefix. eg io/channel-buffer.c would do:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1">#include "trace.h"</span> </pre></div> </div> <p>The “io/trace.h” file must be created manually with an #include of the corresponding “trace/trace-<subdir>.h” file that will be generated in the builddir:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ echo '#include "trace/trace-io.h"' >io/trace.h </pre></div> </div> <p>While it is possible to include a trace.h file from outside a source file’s own sub-directory, this is discouraged in general. It is strongly preferred that all events be declared directly in the sub-directory that uses them. The only exception is where there are some shared trace events defined in the top level directory trace-events file. The top level directory generates trace files with a filename prefix of “trace/trace-root” instead of just “trace”. This is to avoid ambiguity between a trace.h in the current directory, vs the top level directory.</p> </div> <div class="section" id="using-trace-events"> <h3>Using trace events<a class="headerlink" href="#using-trace-events" title="Permalink to this headline">¶</a></h3> <p>Trace events are invoked directly from source code like this:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1">#include "trace.h" /* needed for trace event prototype */</span> <span class="n">void</span> <span class="o">*</span><span class="n">qemu_vmalloc</span><span class="p">(</span><span class="n">size_t</span> <span class="n">size</span><span class="p">)</span> <span class="p">{</span> <span class="n">void</span> <span class="o">*</span><span class="n">ptr</span><span class="p">;</span> <span class="n">size_t</span> <span class="n">align</span> <span class="o">=</span> <span class="n">QEMU_VMALLOC_ALIGN</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="n">size</span> <span class="o"><</span> <span class="n">align</span><span class="p">)</span> <span class="p">{</span> <span class="n">align</span> <span class="o">=</span> <span class="n">getpagesize</span><span class="p">();</span> <span class="p">}</span> <span class="n">ptr</span> <span class="o">=</span> <span class="n">qemu_memalign</span><span class="p">(</span><span class="n">align</span><span class="p">,</span> <span class="n">size</span><span class="p">);</span> <span class="n">trace_qemu_vmalloc</span><span class="p">(</span><span class="n">size</span><span class="p">,</span> <span class="n">ptr</span><span class="p">);</span> <span class="k">return</span> <span class="n">ptr</span><span class="p">;</span> <span class="p">}</span> </pre></div> </div> </div> <div class="section" id="declaring-trace-events"> <h3>Declaring trace events<a class="headerlink" href="#declaring-trace-events" title="Permalink to this headline">¶</a></h3> <p>The “tracetool” script produces the trace.h header file which is included by every source file that uses trace events. Since many source files include trace.h, it uses a minimum of types and other header files included to keep the namespace clean and compile times and dependencies down.</p> <p>Trace events should use types as follows:</p> <blockquote> <div><ul class="simple"> <li>Use stdint.h types for fixed-size types. Most offsets and guest memory addresses are best represented with uint32_t or uint64_t. Use fixed-size types over primitive types whose size may change depending on the host (32-bit versus 64-bit) so trace events don’t truncate values or break the build.</li> <li>Use void * for pointers to structs or for arrays. The trace.h header cannot include all user-defined struct declarations and it is therefore necessary to use void * for pointers to structs.</li> <li>For everything else, use primitive scalar types (char, int, long) with the appropriate signedness.</li> <li>Avoid floating point types (float and double) because SystemTap does not support them. In most cases it is possible to round to an integer type instead. This may require scaling the value first by multiplying it by 1000 or the like when digits after the decimal point need to be preserved.</li> </ul> </div></blockquote> <p>Format strings should reflect the types defined in the trace event. Take special care to use PRId64 and PRIu64 for int64_t and uint64_t types, respectively. This ensures portability between 32- and 64-bit platforms. Format strings must not end with a newline character. It is the responsibility of backends to adapt line ending for proper logging.</p> <p>Each event declaration will start with the event name, then its arguments, finally a format string for pretty-printing. For example:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">qemu_vmalloc</span><span class="p">(</span><span class="n">size_t</span> <span class="n">size</span><span class="p">,</span> <span class="n">void</span> <span class="o">*</span><span class="n">ptr</span><span class="p">)</span> <span class="s2">"size %zu ptr %p"</span> <span class="n">qemu_vfree</span><span class="p">(</span><span class="n">void</span> <span class="o">*</span><span class="n">ptr</span><span class="p">)</span> <span class="s2">"ptr %p"</span> </pre></div> </div> </div> <div class="section" id="hints-for-adding-new-trace-events"> <h3>Hints for adding new trace events<a class="headerlink" href="#hints-for-adding-new-trace-events" title="Permalink to this headline">¶</a></h3> <ol class="arabic simple"> <li>Trace state changes in the code. Interesting points in the code usually involve a state change like starting, stopping, allocating, freeing. State changes are good trace events because they can be used to understand the execution of the system.</li> <li>Trace guest operations. Guest I/O accesses like reading device registers are good trace events because they can be used to understand guest interactions.</li> <li>Use correlator fields so the context of an individual line of trace output can be understood. For example, trace the pointer returned by malloc and used as an argument to free. This way mallocs and frees can be matched up. Trace events with no context are not very useful.</li> <li>Name trace events after their function. If there are multiple trace events in one function, append a unique distinguisher at the end of the name.</li> </ol> </div> </div> <div class="section" id="generic-interface-and-monitor-commands"> <h2>Generic interface and monitor commands<a class="headerlink" href="#generic-interface-and-monitor-commands" title="Permalink to this headline">¶</a></h2> <p>You can programmatically query and control the state of trace events through a backend-agnostic interface provided by the header “trace/control.h”.</p> <p>Note that some of the backends do not provide an implementation for some parts of this interface, in which case QEMU will just print a warning (please refer to header “trace/control.h” to see which routines are backend-dependent).</p> <p>The state of events can also be queried and modified through monitor commands:</p> <ul class="simple"> <li><code class="docutils literal notranslate"><span class="pre">info</span> <span class="pre">trace-events</span></code> View available trace events and their state. State 1 means enabled, state 0 means disabled.</li> <li><code class="docutils literal notranslate"><span class="pre">trace-event</span> <span class="pre">NAME</span> <span class="pre">on|off</span></code> Enable/disable a given trace event or a group of events (using wildcards).</li> </ul> <p>The “–trace events=<file>” command line argument can be used to enable the events listed in <file> from the very beginning of the program. This file must contain one event name per line.</p> <p>If a line in the “–trace events=<file>” file begins with a ‘-‘, the trace event will be disabled instead of enabled. This is useful when a wildcard was used to enable an entire family of events but one noisy event needs to be disabled.</p> <p>Wildcard matching is supported in both the monitor command “trace-event” and the events list file. That means you can enable/disable the events having a common prefix in a batch. For example, virtio-blk trace events could be enabled using the following monitor command:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">trace</span><span class="o">-</span><span class="n">event</span> <span class="n">virtio_blk_</span><span class="o">*</span> <span class="n">on</span> </pre></div> </div> </div> <div class="section" id="trace-backends"> <h2>Trace backends<a class="headerlink" href="#trace-backends" title="Permalink to this headline">¶</a></h2> <p>The “tracetool” script automates tedious trace event code generation and also keeps the trace event declarations independent of the trace backend. The trace events are not tightly coupled to a specific trace backend, such as LTTng or SystemTap. Support for trace backends can be added by extending the “tracetool” script.</p> <p>The trace backends are chosen at configure time:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">./</span><span class="n">configure</span> <span class="o">--</span><span class="n">enable</span><span class="o">-</span><span class="n">trace</span><span class="o">-</span><span class="n">backends</span><span class="o">=</span><span class="n">simple</span><span class="p">,</span><span class="n">dtrace</span> </pre></div> </div> <p>For a list of supported trace backends, try ./configure –help or see below. If multiple backends are enabled, the trace is sent to them all.</p> <p>If no backends are explicitly selected, configure will default to the “log” backend.</p> <p>The following subsections describe the supported trace backends.</p> <div class="section" id="nop"> <h3>Nop<a class="headerlink" href="#nop" title="Permalink to this headline">¶</a></h3> <p>The “nop” backend generates empty trace event functions so that the compiler can optimize out trace events completely. This imposes no performance penalty.</p> <p>Note that regardless of the selected trace backend, events with the “disable” property will be generated with the “nop” backend.</p> </div> <div class="section" id="log"> <h3>Log<a class="headerlink" href="#log" title="Permalink to this headline">¶</a></h3> <p>The “log” backend sends trace events directly to standard error. This effectively turns trace events into debug printfs.</p> <p>This is the simplest backend and can be used together with existing code that uses DPRINTF().</p> <p>The -msg timestamp=on|off command-line option controls whether or not to print the tid/timestamp prefix for each trace event.</p> </div> <div class="section" id="simpletrace"> <h3>Simpletrace<a class="headerlink" href="#simpletrace" title="Permalink to this headline">¶</a></h3> <p>The “simple” backend writes binary trace logs to a file from a thread, making it lower overhead than the “log” backend. A Python API is available for writing offline trace file analysis scripts. It may not be as powerful as platform-specific or third-party trace backends but it is portable and has no special library dependencies.</p> <div class="section" id="monitor-commands"> <h4>Monitor commands<a class="headerlink" href="#monitor-commands" title="Permalink to this headline">¶</a></h4> <ul class="simple"> <li><code class="docutils literal notranslate"><span class="pre">trace-file</span> <span class="pre">on|off|flush|set</span> <span class="pre"><path></span></code> Enable/disable/flush the trace file or set the trace file name.</li> </ul> </div> <div class="section" id="analyzing-trace-files"> <h4>Analyzing trace files<a class="headerlink" href="#analyzing-trace-files" title="Permalink to this headline">¶</a></h4> <p>The “simple” backend produces binary trace files that can be formatted with the simpletrace.py script. The script takes the “trace-events-all” file and the binary trace:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">./</span><span class="n">scripts</span><span class="o">/</span><span class="n">simpletrace</span><span class="o">.</span><span class="n">py</span> <span class="n">trace</span><span class="o">-</span><span class="n">events</span><span class="o">-</span><span class="nb">all</span> <span class="n">trace</span><span class="o">-</span><span class="mi">12345</span> </pre></div> </div> <p>You must ensure that the same “trace-events-all” file was used to build QEMU, otherwise trace event declarations may have changed and output will not be consistent.</p> </div> </div> <div class="section" id="ftrace"> <h3>Ftrace<a class="headerlink" href="#ftrace" title="Permalink to this headline">¶</a></h3> <p>The “ftrace” backend writes trace data to ftrace marker. This effectively sends trace events to ftrace ring buffer, and you can compare qemu trace data and kernel(especially kvm.ko when using KVM) trace data.</p> <p>if you use KVM, enable kvm events in ftrace:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1"># echo 1 > /sys/kernel/debug/tracing/events/kvm/enable</span> </pre></div> </div> <p>After running qemu by root user, you can get the trace:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1"># cat /sys/kernel/debug/tracing/trace</span> </pre></div> </div> <p>Restriction: “ftrace” backend is restricted to Linux only.</p> </div> <div class="section" id="syslog"> <h3>Syslog<a class="headerlink" href="#syslog" title="Permalink to this headline">¶</a></h3> <p>The “syslog” backend sends trace events using the POSIX syslog API. The log is opened specifying the LOG_DAEMON facility and LOG_PID option (so events are tagged with the pid of the particular QEMU process that generated them). All events are logged at LOG_INFO level.</p> <dl class="docutils"> <dt>NOTE: syslog may squash duplicate consecutive trace events and apply rate</dt> <dd>limiting.</dd> </dl> <p>Restriction: “syslog” backend is restricted to POSIX compliant OS.</p> </div> <div class="section" id="lttng-userspace-tracer"> <h3>LTTng Userspace Tracer<a class="headerlink" href="#lttng-userspace-tracer" title="Permalink to this headline">¶</a></h3> <p>The “ust” backend uses the LTTng Userspace Tracer library. There are no monitor commands built into QEMU, instead UST utilities should be used to list, enable/disable, and dump traces.</p> <p>Package lttng-tools is required for userspace tracing. You must ensure that the current user belongs to the “tracing” group, or manually launch the lttng-sessiond daemon for the current user prior to running any instance of QEMU.</p> <p>While running an instrumented QEMU, LTTng should be able to list all available events:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">lttng</span> <span class="nb">list</span> <span class="o">-</span><span class="n">u</span> </pre></div> </div> <p>Create tracing session:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">lttng</span> <span class="n">create</span> <span class="n">mysession</span> </pre></div> </div> <p>Enable events:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">lttng</span> <span class="n">enable</span><span class="o">-</span><span class="n">event</span> <span class="n">qemu</span><span class="p">:</span><span class="n">g_malloc</span> <span class="o">-</span><span class="n">u</span> </pre></div> </div> <p>Where the events can either be a comma-separated list of events, or “-a” to enable all tracepoint events. Start and stop tracing as needed:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">lttng</span> <span class="n">start</span> <span class="n">lttng</span> <span class="n">stop</span> </pre></div> </div> <p>View the trace:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">lttng</span> <span class="n">view</span> </pre></div> </div> <p>Destroy tracing session:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">lttng</span> <span class="n">destroy</span> </pre></div> </div> <p>Babeltrace can be used at any later time to view the trace:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span>babeltrace $HOME/lttng-traces/mysession-<date>-<time> </pre></div> </div> </div> <div class="section" id="systemtap"> <h3>SystemTap<a class="headerlink" href="#systemtap" title="Permalink to this headline">¶</a></h3> <p>The “dtrace” backend uses DTrace sdt probes but has only been tested with SystemTap. When SystemTap support is detected a .stp file with wrapper probes is generated to make use in scripts more convenient. This step can also be performed manually after a build in order to change the binary name in the .stp probes:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">scripts</span><span class="o">/</span><span class="n">tracetool</span><span class="o">.</span><span class="n">py</span> <span class="o">--</span><span class="n">backends</span><span class="o">=</span><span class="n">dtrace</span> <span class="o">--</span><span class="nb">format</span><span class="o">=</span><span class="n">stap</span> \ <span class="o">--</span><span class="n">binary</span> <span class="n">path</span><span class="o">/</span><span class="n">to</span><span class="o">/</span><span class="n">qemu</span><span class="o">-</span><span class="n">binary</span> \ <span class="o">--</span><span class="n">target</span><span class="o">-</span><span class="nb">type</span> <span class="n">system</span> \ <span class="o">--</span><span class="n">target</span><span class="o">-</span><span class="n">name</span> <span class="n">x86_64</span> \ <span class="o">--</span><span class="n">group</span><span class="o">=</span><span class="nb">all</span> \ <span class="n">trace</span><span class="o">-</span><span class="n">events</span><span class="o">-</span><span class="nb">all</span> \ <span class="n">qemu</span><span class="o">.</span><span class="n">stp</span> </pre></div> </div> <p>To facilitate simple usage of systemtap where there merely needs to be printf logging of certain probes, a helper script “qemu-trace-stap” is provided. Consult its manual page for guidance on its usage.</p> </div> </div> <div class="section" id="trace-event-properties"> <h2>Trace event properties<a class="headerlink" href="#trace-event-properties" title="Permalink to this headline">¶</a></h2> <p>Each event in the “trace-events-all” file can be prefixed with a space-separated list of zero or more of the following event properties.</p> <div class="section" id="disable"> <h3>“disable”<a class="headerlink" href="#disable" title="Permalink to this headline">¶</a></h3> <p>If a specific trace event is going to be invoked a huge number of times, this might have a noticeable performance impact even when the event is programmatically disabled.</p> <p>In this case you should declare such event with the “disable” property. This will effectively disable the event at compile time (by using the “nop” backend), thus having no performance impact at all on regular builds (i.e., unless you edit the “trace-events-all” file).</p> <p>In addition, there might be cases where relatively complex computations must be performed to generate values that are only used as arguments for a trace function. In these cases you can use ‘trace_event_get_state_backends()’ to guard such computations, so they are skipped if the event has been either compile-time disabled or run-time disabled. If the event is compile-time disabled, this check will have no performance impact.</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1">#include "trace.h" /* needed for trace event prototype */</span> <span class="n">void</span> <span class="o">*</span><span class="n">qemu_vmalloc</span><span class="p">(</span><span class="n">size_t</span> <span class="n">size</span><span class="p">)</span> <span class="p">{</span> <span class="n">void</span> <span class="o">*</span><span class="n">ptr</span><span class="p">;</span> <span class="n">size_t</span> <span class="n">align</span> <span class="o">=</span> <span class="n">QEMU_VMALLOC_ALIGN</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="n">size</span> <span class="o"><</span> <span class="n">align</span><span class="p">)</span> <span class="p">{</span> <span class="n">align</span> <span class="o">=</span> <span class="n">getpagesize</span><span class="p">();</span> <span class="p">}</span> <span class="n">ptr</span> <span class="o">=</span> <span class="n">qemu_memalign</span><span class="p">(</span><span class="n">align</span><span class="p">,</span> <span class="n">size</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">trace_event_get_state_backends</span><span class="p">(</span><span class="n">TRACE_QEMU_VMALLOC</span><span class="p">))</span> <span class="p">{</span> <span class="n">void</span> <span class="o">*</span><span class="nb">complex</span><span class="p">;</span> <span class="o">/*</span> <span class="n">some</span> <span class="nb">complex</span> <span class="n">computations</span> <span class="n">to</span> <span class="n">produce</span> <span class="n">the</span> <span class="s1">'complex'</span> <span class="n">value</span> <span class="o">*/</span> <span class="n">trace_qemu_vmalloc</span><span class="p">(</span><span class="n">size</span><span class="p">,</span> <span class="n">ptr</span><span class="p">,</span> <span class="nb">complex</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="n">ptr</span><span class="p">;</span> <span class="p">}</span> </pre></div> </div> </div> <div class="section" id="tcg"> <h3>“tcg”<a class="headerlink" href="#tcg" title="Permalink to this headline">¶</a></h3> <p>Guest code generated by TCG can be traced by defining an event with the “tcg” event property. Internally, this property generates two events: “<eventname>_trans” to trace the event at translation time, and “<eventname>_exec” to trace the event at execution time.</p> <p>Instead of using these two events, you should instead use the function “trace_<eventname>_tcg” during translation (TCG code generation). This function will automatically call “trace_<eventname>_trans”, and will generate the necessary TCG code to call “trace_<eventname>_exec” during guest code execution.</p> <p>Events with the “tcg” property can be declared in the “trace-events” file with a mix of native and TCG types, and “trace_<eventname>_tcg” will gracefully forward them to the “<eventname>_trans” and “<eventname>_exec” events. Since TCG values are not known at translation time, these are ignored by the “<eventname>_trans” event. Because of this, the entry in the “trace-events” file needs two printing formats (separated by a comma):</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">tcg</span> <span class="n">foo</span><span class="p">(</span><span class="n">uint8_t</span> <span class="n">a1</span><span class="p">,</span> <span class="n">TCGv_i32</span> <span class="n">a2</span><span class="p">)</span> <span class="s2">"a1=</span><span class="si">%d</span><span class="s2">"</span><span class="p">,</span> <span class="s2">"a1=</span><span class="si">%d</span><span class="s2"> a2=</span><span class="si">%d</span><span class="s2">"</span> </pre></div> </div> <p>For example:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1">#include "trace-tcg.h"</span> <span class="n">void</span> <span class="n">some_disassembly_func</span> <span class="p">(</span><span class="o">...</span><span class="p">)</span> <span class="p">{</span> <span class="n">uint8_t</span> <span class="n">a1</span> <span class="o">=</span> <span class="o">...</span><span class="p">;</span> <span class="n">TCGv_i32</span> <span class="n">a2</span> <span class="o">=</span> <span class="o">...</span><span class="p">;</span> <span class="n">trace_foo_tcg</span><span class="p">(</span><span class="n">a1</span><span class="p">,</span> <span class="n">a2</span><span class="p">);</span> <span class="p">}</span> </pre></div> </div> <p>This will immediately call:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">void</span> <span class="n">trace_foo_trans</span><span class="p">(</span><span class="n">uint8_t</span> <span class="n">a1</span><span class="p">);</span> </pre></div> </div> <p>and will generate the TCG code to call:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">void</span> <span class="n">trace_foo</span><span class="p">(</span><span class="n">uint8_t</span> <span class="n">a1</span><span class="p">,</span> <span class="n">uint32_t</span> <span class="n">a2</span><span class="p">);</span> </pre></div> </div> </div> <div class="section" id="vcpu"> <h3>“vcpu”<a class="headerlink" href="#vcpu" title="Permalink to this headline">¶</a></h3> <p>Identifies events that trace vCPU-specific information. It implicitly adds a “CPUState*” argument, and extends the tracing print format to show the vCPU information. If used together with the “tcg” property, it adds a second “TCGv_env” argument that must point to the per-target global TCG register that points to the vCPU when guest code is executed (usually the “cpu_env” variable).</p> <p>The “tcg” and “vcpu” properties are currently only honored in the root ./trace-events file.</p> <p>The following example events:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">foo</span><span class="p">(</span><span class="n">uint32_t</span> <span class="n">a</span><span class="p">)</span> <span class="s2">"a=</span><span class="si">%x</span><span class="s2">"</span> <span class="n">vcpu</span> <span class="n">bar</span><span class="p">(</span><span class="n">uint32_t</span> <span class="n">a</span><span class="p">)</span> <span class="s2">"a=</span><span class="si">%x</span><span class="s2">"</span> <span class="n">tcg</span> <span class="n">vcpu</span> <span class="n">baz</span><span class="p">(</span><span class="n">uint32_t</span> <span class="n">a</span><span class="p">)</span> <span class="s2">"a=</span><span class="si">%x</span><span class="s2">"</span><span class="p">,</span> <span class="s2">"a=</span><span class="si">%x</span><span class="s2">"</span> </pre></div> </div> <p>Can be used as:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1">#include "trace-tcg.h"</span> <span class="n">CPUArchState</span> <span class="o">*</span><span class="n">env</span><span class="p">;</span> <span class="n">TCGv_ptr</span> <span class="n">cpu_env</span><span class="p">;</span> <span class="n">void</span> <span class="n">some_disassembly_func</span><span class="p">(</span><span class="o">...</span><span class="p">)</span> <span class="p">{</span> <span class="o">/*</span> <span class="n">trace</span> <span class="n">emitted</span> <span class="n">at</span> <span class="n">this</span> <span class="n">point</span> <span class="o">*/</span> <span class="n">trace_foo</span><span class="p">(</span><span class="mh">0xd1</span><span class="p">);</span> <span class="o">/*</span> <span class="n">trace</span> <span class="n">emitted</span> <span class="n">at</span> <span class="n">this</span> <span class="n">point</span> <span class="o">*/</span> <span class="n">trace_bar</span><span class="p">(</span><span class="n">env_cpu</span><span class="p">(</span><span class="n">env</span><span class="p">),</span> <span class="mh">0xd2</span><span class="p">);</span> <span class="o">/*</span> <span class="n">trace</span> <span class="n">emitted</span> <span class="n">at</span> <span class="n">this</span> <span class="n">point</span> <span class="p">(</span><span class="n">env</span><span class="p">)</span> <span class="ow">and</span> <span class="n">when</span> <span class="n">guest</span> <span class="n">code</span> <span class="ow">is</span> <span class="n">executed</span> <span class="p">(</span><span class="n">cpu_env</span><span class="p">)</span> <span class="o">*/</span> <span class="n">trace_baz_tcg</span><span class="p">(</span><span class="n">env_cpu</span><span class="p">(</span><span class="n">env</span><span class="p">),</span> <span class="n">cpu_env</span><span class="p">,</span> <span class="mh">0xd3</span><span class="p">);</span> <span class="p">}</span> </pre></div> </div> <p>If the translating vCPU has address 0xc1 and code is later executed by vCPU 0xc2, this would be an example output:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">//</span> <span class="n">at</span> <span class="n">guest</span> <span class="n">code</span> <span class="n">translation</span> <span class="n">foo</span> <span class="n">a</span><span class="o">=</span><span class="mh">0xd1</span> <span class="n">bar</span> <span class="n">cpu</span><span class="o">=</span><span class="mh">0xc1</span> <span class="n">a</span><span class="o">=</span><span class="mh">0xd2</span> <span class="n">baz_trans</span> <span class="n">cpu</span><span class="o">=</span><span class="mh">0xc1</span> <span class="n">a</span><span class="o">=</span><span class="mh">0xd3</span> <span class="o">//</span> <span class="n">at</span> <span class="n">guest</span> <span class="n">code</span> <span class="n">execution</span> <span class="n">baz_exec</span> <span class="n">cpu</span><span class="o">=</span><span class="mh">0xc2</span> <span class="n">a</span><span class="o">=</span><span class="mh">0xd3</span> </pre></div> </div> </div> </div> </div> </div> </div> <footer> <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> <a href="multi-thread-tcg.html" class="btn btn-neutral float-right" title="Multi-threaded TCG" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right"></span></a> <a href="tcg-icount.html" class="btn btn-neutral" title="TCG Instruction Counting" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left"></span> Previous</a> </div> <hr/> <div role="contentinfo"> <p> © Copyright 2021, The QEMU Project Developers. </p> </div> Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/rtfd/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. <!-- Empty para to force a blank line after "Built with Sphinx ..." --> <p></p> <p>This documentation is for QEMU version 6.2.0.</p> <p><a href="../about/license.html">QEMU and this manual are released under the GNU General Public License, version 2.</a></p> </footer> </div> </div> </section> </div> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT:'../', VERSION:'qemu-kvm-6.2.0-53.module+el8.10.0+2055+8eb7870b.4', LANGUAGE:'None', COLLAPSE_INDEX:false, FILE_SUFFIX:'.html', HAS_SOURCE: false, SOURCELINK_SUFFIX: '.txt' }; </script> <script type="text/javascript" src="../_static/jquery.js"></script> <script type="text/javascript" src="../_static/underscore.js"></script> <script type="text/javascript" src="../_static/doctools.js"></script> <script type="text/javascript" src="../_static/js/theme.js"></script> <script type="text/javascript"> jQuery(function () { SphinxRtdTheme.Navigation.enable(true); }); </script> </body> </html>