Logging Execution Traces

QEMU Logging

Enable instruction logging in QEMU with these launch parameters:

-d in_asm -D ./qemu.log

For additional CPU register output, include the cpu parameter: -d in_asm,cpu.

NEMU Logging

Configure NEMU during compilation via make menuconfig:

Testing and Debugging -> [*] Enable debug features: instruction tracing and watchpoint
Testing and Debugging -> [*] Enable rich Log for tracing instructions, pc, inst and dasm

Launch NEMU with logging enabled:

-l nemu.log

Independent Debugging Sessions

For debugging socket communication between NEMU and QEMU, run them separately:

Debugging QEMU

gdb --args ./qemu-system-riscv64 -S -gdb tcp::1234 -nographic -d in_asm -D ./qemu.log

Debugging NEMU

Modify difftest_init in NEMU/tools/qemu-socket-diff/src/diff-test.c to prevent QEMU startup:

int pid = 2; //fork();

Then launch NEMU:

gdb --args ./riscv64-nemu-interpreter -b benos_payload.bin -d ./riscv64-qemu-so -l nemu.log

Key Breakpoints

QEMU Breakpoints

1. Instruction Fetch

   b translate.c:1052
   

   • opcode32: Current instruction binary
   • ctx->base.pc_next: Program counter

2. Command Processing

   b gdbstub.c:2565
   

   • Inspect line_buf for all commands from NEMU

3. Register Operations

   • Read: b gdbstub.c:1864
   • Writte: b gdbstub.c:1847

4. Memory Operations

   • Write: b gdbstub.c:1783
   • Read: b gdbstub.c:1810

NEMU Breakpoints

1. Instruction Execution

   b cpu-exec.c:532
   b cpu-exec.c:560
   

   • s.isa.instr.val: Current instruction
   • cpu.pc: Program counter
   • difftest_step: Triggers QEMU single-step comparison