1

Friends, I am working on an in-house architectural simulator which is used to simulate the timing-effect of a code running on different architectural parameters like core, memory hierarchy and interconnects.

I am working on a module takes the actual trace of a running program from an emulator like "PinTool" and "qemu-linux-user" and feed this trace to the simulator.

Till now my approach was like this : 1) take objdump of a binary executable and parse this information. 2) Now the emulator has to just feed me an instruction-pointer and other info like load-address/store-address.

Such approaches work only if the program content is known.

But now I have been trying to take traces of an executable running on top of a standard linux-kernel. The problem now is that the base kernel image does not contain the code for LKM(Loadable Kernel Modules). Also the daemons are not known when starting a kernel.

So, my approach to this solution is : 1) use qemu to emulate a machine. 2) When an instruction is encountered for the first time, I will parse it and save this info. for later. 3) create a helper function which sends the ip, load/store address when an instruction is executed.

i am stuck in step2. how do i differentiate between different processes from qemu which is just an emulator and does not know anything about the guest OS ??

I can modify the scheduler of the guest OS but I am really not able to figure out the way forward.

Sorry if the question is very lengthy. I know I could have abstracted some part but felt that some part of it gives an explanation of the context of the problem.

Improve this question

1 Answer 1

Reset to default
2

In the first case, using qemu-linux-user to perform user mode emulation of a single program, the task is quite easy because the memory is linear and there is no virtual memory involved in the emulator. The second case of whole system emulation is a lot more complex, because you basically have to parse the addresses out of the kernel structures.

If you can get the virtual addresses directly out of QEmu, your job is a bit easier; then you just need to identify the process and everything else functions just like in the single-process case. You might be able to get the PID by faking a system call to get_pid().

Otherwise, this all seems quite a bit similar to debugging a system from a physical memory dump. There are some tools for this task. They are probably too slow to run for every instruction, though, but you can look for hints there.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

ya, i am using qemu-linux-user for user-mode emulation and qemu-system-i386 for complete system emulation. For the complete system emulation, the problem is precisely what you pointed out. Knowing the pid of the process whose instruction is being parsed by qemu. I am getting virtual address in qemu's disassemble instruction phase.
Can somebody point the place in the linux scheduler where i can output the current process's pid on some output port.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.