Features/TCGPlugins
TCG Plugins are a new feature since 4.2 that provide the ability to run instrumentation experiments on code. They are capable for doing passive monitoring of every instruction and memory access made by the system.
Full details can be found in docs/devel/tgc-plugins.rst
Building
The build needs to be configured with `--enable-plugins`
Running
Multiple plugins can be loaded and each one can have arguments passed to it. The builtin plugins will also only output via debug output so you can filter this with -d plugin and use -D to redirect as appropriate.
$QEMU $QEMU_ARGS -plugin=libplugin.so,arg="foo",arg="bar" -d plugin -D output.plugin
Example
What FPSIMD instructions does sha1 execute:
qemu-aarch64 -d plugin -plugin ./tests/plugin/libhowvec.so,arg=fpsimd ./tests/tcg/aarch64-linux-user/sha1