Internships/ProjectIdeas/TCGBinaryTracing

Binary tracing of TCG

Summary: Right now, most logging for the TCG accelerator can only be produced on stderr: this includes input and output assembly, unoptimized and optimized TCG opcodes, and exceptions/interrupts. Text output is easy to interpret but it is more expensive to produce and harder to filter.

This project will consist of integrating three new kinds of "trace events" into the "simple" trace backend: target assembly (as used by -d in_asm), host assembly (-d out_asm), TCG opcodes (-d op and op_opt). To do so, a few ancillary tasks are required:

• Support for the various kinds of "-d" output is currently done with code such as

   if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM) ... {
       FILE *logfile = qemu_log_trylock();
       if (logfile) {
           fprintf(logfile, "----------------\n");
           ops->disas_log(db, cpu, logfile);
           fprintf(logfile, "\n");
           qemu_log_unlock(logfile);
       }
   }

the code within the "if" statement has to be replaced with a function call that will call into the trace backends. While the current code applies to the "log" backend, different logic has to be used for the "simple" backend.

• a new formatter for simpletrace output files. Instead of using Python, the new formatter will be written in C or Rust in order to use the capstone disassembler. It will be placed in the contrib/ directory and, if Rust is used, it will be built with cargo.

Tasks:

• Implement a basic equivalent of scripts/simpletrace.py in C or Rust
• Implement a binary dump format for assembly fragments, so that "-d in_asm" and "-d out_asm" can be used by both the "log" backend and the "simple" backend
• Implement a binary dump format for TCG opcodes
• Implement variable buffer size for

Details:

• Project size: 350 hours
• Skill level: intermediate (some understanding of QEMU machine modeling would be good)
• Language: C
• Mentor: Paolo Bonzini (OFTC: bonzini, Email: pbonzini@redhat.com)