Re: trace_FOO_tcg bit-rotted?

[Stefan Hajnoczi]

On Mon, Apr 12, 2021 at 08:06:57PM +0100, Alex Bennée wrote:
> 
> Stefan Hajnoczi <stefanha@redhat.com> writes:
> 
> > On Fri, Apr 09, 2021 at 05:29:08PM +0100, Alex Bennée wrote:
> >> 
> >> Laurent Vivier <laurent@vivier.eu> writes:
> >> 
> >> > Le 06/04/2021 à 18:00, Alex Bennée a écrit :
> >> >> Hi,
> >> >> 
> >> >> It's been awhile since I last played with this but I think we are
> >> >> suffering from not having some test cases for tracing code
> >> >> generation/execution in the tree. I tried adding a simple trace point to
> >> >> see if I could track ERET calls:
> >> >> 
> >> >> --8<---------------cut here---------------start------------->8---
> >> >> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> >> >> index 0b42e53500..0d643f78fe 100644
> >> >> --- a/target/arm/translate-a64.c
> >> >> +++ b/target/arm/translate-a64.c
> >> >> @@ -36,6 +36,7 @@
> >> >>  #include "exec/log.h"
> >> >>  
> >> >>  #include "trace-tcg.h"
> >> >> +#include "trace.h"
> >> >>  #include "translate-a64.h"
> >> >>  #include "qemu/atomic128.h"
> >> >>  
> >> >> @@ -2302,6 +2303,9 @@ static void disas_uncond_b_reg(DisasContext *s, 
> >> >> uint32_t insn)
> >> >>          default:
> >> >>              goto do_unallocated;
> >> >>          }
> >> >> +
> >> >> +        trace_eret_tcg(s->current_el, dst);
> >> >> +
> >> >>          if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
> >> >>              gen_io_start();
> >> >>          }
> >> >> diff --git a/target/arm/trace-events b/target/arm/trace-events
> >> >> index 41c63d7570..2d4fca16a1 100644
> >> >> --- a/target/arm/trace-events
> >> >> +++ b/target/arm/trace-events
> >> >> @@ -1,5 +1,10 @@
> >> >>  # See docs/devel/tracing.txt for syntax documentation.
> >> >>  
> >> >> +# translate-a64.c
> >> >> +# Mode: softmmu
> >> >> +# Targets: TCG(aarch64-softmmu)
> >> >> +tcg eret(int current_el, TCGv target_el) "trans_eret: from EL%d", 
> >> >> "exec_eret: EL%d to EL%"PRId64
> >> >
> >> > If I read correctly, the name should be eret_tcg()
> >> > And I'm not sure TCGv will be accepted as a parameter type, use
> >> > uint64_t instead (and %PRIu64)
> >> 
> >> This was my confusion. I thought the trace-events file was prefixed with
> >> tcg like guest_mem_before:
> >> 
> >>   vcpu tcg guest_mem_before(TCGv vaddr, uint16_t info) "info=%d", 
> >> "vaddr=0x%016"PRIx64" info=%d"
> >> 
> >> and that signalled the tools to generate _trans, _exec and _tcg hooks in
> >> the generated files. The trace code (see other patch) also has logic to
> >> translate natural TCG types into the natives types as well signalling
> >> which values are only visible for the _exec portion.
> >> 
> >> Maybe I'm over thinking this. Perhaps all the TCG tracing use cases are
> >> just as easily supported with TCG plugins now and we should deprecate
> >> this unused bit of complexity. I certainly understand the plugin
> >> interactions better ;-)
> >
> > Lluís: are you happy to deprecate tcg trace events in favor of TCG
> > plugins?
> >
> > My question is whether TCG plugins are really equivalent here. Will TCG
> > plugin users have to write their own log file output code to extract
> > this information from the QEMU process (i.e. reinventing tracing)?
> 
> Yes - although there is no reason we couldn't expose the trace output as
> a helper. Currently there is:
> 
>   /**
>    * qemu_plugin_outs() - output string via QEMU's logging system
>    * @string: a string
>    */
>   void qemu_plugin_outs(const char *string);
> 
> which allows the user to echo to the log in conjunction with -d plugin
> on the command line. Plugins are of course free to do there own thing.
> 
> > Is
> > the performance at least as good as tracing?
> 
> Well like all things that depends ;-)
> 
> Generally on the sort of events you tend to trace (like the example
> memory access) you usually either want to aggregate or filter your
> results. With trace output their is no way to do this and you end up
> post processing potentially very large files (smaller if you use the
> non-default binary format). I don't know if a similar thing is possible
> with uprobes and ebpf - I've only ever used the simple logging output in
> anger. The example plugins generally do things like count total
> accesses:
> 
>   https://gitlab.com/qemu-project/qemu/-/blob/master/tests/plugin/mem.c
> 
> (pretty fast in comparison to writing out reams of data)
> 
> or aggregate the results:
> 
>   
> https://gitlab.com/qemu-project/qemu/-/blob/master/contrib/plugins/hotpages.c
> 
> (probably slower while running QEMU, but faster overall because no post
> processing of log files required.)
> 
> Of course plugins are a non-default build option because although light
> it does have a small performance impact on code generation even when no
> instrumentation is occurring. As a result you can't use it without
> building a version first.
> 
> If we had test code in the build that used the TCG tracing abilities I
> wouldn't worry because at least we are defending the feature and we
> wouldn't run into problems like the above. At least if plugins get
> broken we'll know about it due to the fairly thorough workout on CI, e.g.:
> 
>   https://gitlab.com/qemu-project/qemu/-/jobs/1172484753#L3458

I can see the trade-offs being acceptable for TCG instrumentation use
cases. There is a lot of overlap between the two approaches and if Lluís
agrees we could remove the TCG trace event functionality in favor of TCG
plugins. If any documentation is missing to explain how to solve these
types of problems using TCG plugins then that should be added.

That said, I haven't used the TCG trace event functionality and maybe
I'm missing something obvious that Lluís will point out :).

Stefan

signature.asc
Description: PGP signature