qemu-trace -- a tool to generate traces for cache simulators by: Vince Weaver vince _at_ csl.cornell.edu instruction tracing based on some code posted by: Stuart Brady sdbrady _at_ ntlworld.com Note ~~~~ This patch only works for the qemu-mips target (for running MIPS binaries). Using the patch it should be straightforward to see what changes need to be made to get similar output for other architectures. Background ~~~~~~~~~~ Qemu (http://fabrice.bellard.free.fr/qemu/) is a simulator that dynamically translates programs on the fly while executing them. Qemu is primarily used for full-system simulation, but it also can do user-space simulation by translating system calls. While not overtly designed for computer architecture simulations, the code can be patched to enable useful results (usually with a performance penalty). In our case, this patch modifies Qemu so it adds code that generates Dinero IV (http://pages.cs.wisc.edu/~markhill/DineroIV/) cache trace information. Compiling ~~~~~~~~~ + Obtain the source from the Qemu website. The code here was made against the qemu-snapshot-2007-08-14_05 tree, but it should work with the 0.9.0 release. + Build qemu according to the directions that come with it. + Enter into the qemu directory, and patch the source code: patch -p0 < qemu-mips-dinero.patch Where qemu-mips-dinero.patch is the patch file that came with this README. You might want to try the "--dry-run" option to patch first to make sure everything looks good before applying it. + Now run "make" and in the ./mips-linux-user directory should be a file "qemu-mips" that is patched to generate the output. Using ~~~~~ + You will need statically linked 32-bit big-ending Linux MIPS binaries. You can generate these on a real Linux-MIPS machine, or else with a cross-compiler (setting up a cross compiling environment is a bit beyond the scope of this document). Here is a sample compile command-line on a MIPS machine: gcc -O2 -Wall -static -o hello.mips hello.c Note optimizations or on, you'll probably want this because gcc w/o optimizations generates a lot of extreneous load and store instructions. + Once you have your MIPS executable (you can use the "file" command to make sure it is MIPS, ie "file hello.mips") you can test it by running an unmodified qemu on it. You generate an unmodified version of qemu by building from source as before, just without the patch applied. If all goes well, running ./qemu-mips hello.mips Should generate the output you expect. + Now that you know your program works, run the modified qemu on it. In our example, we have renamed "qemu-mips" the be called "qemu-mips-cachetrace" to avoid confusion with standard qemu-mips. ./qemu-mips-cachetrace hello.mips This will generate a file called "trace.mem" in your current directory that has a dinero-format memory trace of all data accesses in your program. Right now the output file is hard coded to be "trace.mem". I know this isn't very user friendly, but this whole project is currently just a quick hack. Be sure to rename "trace.mem" before tracing another program, or the file will get over-written! Now that you have "trace.mem", you can run dinero on it. ./dineroIV -l1-isize 8k -l1-dsize 8k -l1-ibsize 32 -l1-dbsize 32 < trace.mem Things to Note ~~~~~~~~~~~~~~ + The traces can be *huge* if you are tracing a long program. Also, right now it might be impossible to generate a trace file > 2GB. You might want to compress the trace files once you have them: gzip trace.mem And you can then run them into dinero like this: zcat trace.mem.gz | dineroIV -l1-isize 8k ... + the qemu-mips-cachetrace program is only works with 32-bit big-endian binaries for now. Also it might not handle un-alligned loads ("lwl") and ll/sc locking instructions properly. Newest Version ~~~~~~~~~~~~~~ The newest version of this utility should always be available here: http://www.csl.cornell.edu/~vince/projects/qemu-trace/ -- vmw 16 August 2007