2012/3/15 周春华 uulinux@gmail.com:
Dear Peter Maydell,
Thank you for your help. I got an idea to log the guest physical address, would you mind help me to check it?
Because the function tcg_out_qemu_ld() and tcg_out_qemu_st() know the guest virtual address should be accessed, we can call the [target-arm/helper.c:get_phys_addr] function to translate the guest virtual address to the guest physical address and log the guest physical address.
Is it feasible? I know it will be slow the QEMU.
Depends what you mean by 'feasible'. It's not totally impossible. Bear in mind that you'll have to write C code which writes out x86 instructions which do the actual function call, and that you will need to do it without accidentally trashing any registers which are in use at that point. You'll also need to find all the slow path accesses which don't go through this point.
You might find it simpler to attack the problem at a higher level by modifying the translator to output calls to tracing helper functions before every load/store instruction.
This is all getting pretty complicated, though, and I wouldn't recommend it without a decent understanding of how QEMU works...
-- PMM