1 /*
2 * Copyright (C) 2018, Emilio G. Cota <cota@braap.org>
3 *
4 * License: GNU GPL, version 2 or later.
5 * See the COPYING file in the top-level directory.
6 */
7 #include <inttypes.h>
8 #include <assert.h>
9 #include <stdlib.h>
10 #include <string.h>
11 #include <unistd.h>
12 #include <stdio.h>
13 #include <glib.h>
14
15 /*
16 * plugins should not include anything from QEMU aside from the
17 * API header. However as this is a test plugin to exercise the
18 * internals of QEMU and we want to avoid needless code duplication we
19 * do so here. bswap.h is pretty self-contained although it needs a
20 * few things provided by compiler.h.
21 */
22 #include <compiler.h>
23 #include <bswap.h>
24 #include <qemu-plugin.h>
25
26 QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION;
27
28 typedef struct {
29 uint64_t mem_count;
30 uint64_t io_count;
31 } CPUCount;
32
33 typedef struct {
34 uint64_t vaddr;
35 const char *sym;
36 } InsnInfo;
37
38 /*
39 * For the "memory" system test we need to track accesses to
40 * individual regions. We mirror the data written to the region and
41 * then check when it is read that it matches up.
42 *
43 * We do this as regions rather than pages to save on complications
44 * with page crossing and the fact the test only cares about the
45 * test_data region.
46 */
47 static uint64_t region_size = 4096 * 4;
48 static uint64_t region_mask;
49
50 typedef struct {
51 uint64_t region_address;
52 uint64_t reads;
53 uint64_t writes;
54 uint8_t *data;
55 /* Did we see every write and read with correct values? */
56 bool seen_all;
57 } RegionInfo;
58
59 static struct qemu_plugin_scoreboard *counts;
60 static qemu_plugin_u64 mem_count;
61 static qemu_plugin_u64 io_count;
62 static bool do_inline, do_callback, do_print_accesses, do_region_summary;
63 static bool do_haddr;
64 static enum qemu_plugin_mem_rw rw = QEMU_PLUGIN_MEM_RW;
65
66
67 static GMutex lock;
68 static GHashTable *regions;
69
addr_order(gconstpointer a,gconstpointer b)70 static gint addr_order(gconstpointer a, gconstpointer b)
71 {
72 RegionInfo *na = (RegionInfo *) a;
73 RegionInfo *nb = (RegionInfo *) b;
74
75 return na->region_address > nb->region_address ? 1 : -1;
76 }
77
78
plugin_exit(qemu_plugin_id_t id,void * p)79 static void plugin_exit(qemu_plugin_id_t id, void *p)
80 {
81 g_autoptr(GString) out = g_string_new("");
82
83 if (do_inline || do_callback) {
84 g_string_printf(out, "mem accesses: %" PRIu64 "\n",
85 qemu_plugin_u64_sum(mem_count));
86 }
87 if (do_haddr) {
88 g_string_append_printf(out, "io accesses: %" PRIu64 "\n",
89 qemu_plugin_u64_sum(io_count));
90 }
91 qemu_plugin_outs(out->str);
92
93
94 if (do_region_summary) {
95 GList *counts = g_hash_table_get_values(regions);
96
97 counts = g_list_sort(counts, addr_order);
98
99 g_string_printf(out, "Region Base, Reads, Writes, Seen all\n");
100
101 if (counts && g_list_next(counts)) {
102 for (/* counts */; counts; counts = counts->next) {
103 RegionInfo *ri = (RegionInfo *) counts->data;
104
105 g_string_append_printf(out,
106 "0x%016"PRIx64", "
107 "%"PRId64", %"PRId64", %s\n",
108 ri->region_address,
109 ri->reads,
110 ri->writes,
111 ri->seen_all ? "true" : "false");
112 }
113 }
114 qemu_plugin_outs(out->str);
115 }
116
117 qemu_plugin_scoreboard_free(counts);
118 }
119
120 /*
121 * Update the region tracking info for the access. We split up accesses
122 * that span regions even though the plugin infrastructure will deliver
123 * it as a single access.
124 */
update_region_info(uint64_t region,uint64_t offset,qemu_plugin_meminfo_t meminfo,qemu_plugin_mem_value value,unsigned size)125 static void update_region_info(uint64_t region, uint64_t offset,
126 qemu_plugin_meminfo_t meminfo,
127 qemu_plugin_mem_value value,
128 unsigned size)
129 {
130 bool be = qemu_plugin_mem_is_big_endian(meminfo);
131 bool is_store = qemu_plugin_mem_is_store(meminfo);
132 RegionInfo *ri;
133 bool unseen_data = false;
134
135 g_assert(offset + size <= region_size);
136
137 g_mutex_lock(&lock);
138 ri = (RegionInfo *) g_hash_table_lookup(regions, GUINT_TO_POINTER(region));
139
140 if (!ri) {
141 ri = g_new0(RegionInfo, 1);
142 ri->region_address = region;
143 ri->data = g_malloc0(region_size);
144 ri->seen_all = true;
145 g_hash_table_insert(regions, GUINT_TO_POINTER(region), (gpointer) ri);
146 }
147
148 if (is_store) {
149 ri->writes++;
150 } else {
151 ri->reads++;
152 }
153
154 switch (value.type) {
155 case QEMU_PLUGIN_MEM_VALUE_U8:
156 if (is_store) {
157 ri->data[offset] = value.data.u8;
158 } else if (ri->data[offset] != value.data.u8) {
159 unseen_data = true;
160 }
161 break;
162 case QEMU_PLUGIN_MEM_VALUE_U16:
163 {
164 uint16_t *p = (uint16_t *) &ri->data[offset];
165 if (is_store) {
166 if (be) {
167 stw_be_p(p, value.data.u16);
168 } else {
169 stw_le_p(p, value.data.u16);
170 }
171 } else {
172 uint16_t val = be ? lduw_be_p(p) : lduw_le_p(p);
173 unseen_data = val != value.data.u16;
174 }
175 break;
176 }
177 case QEMU_PLUGIN_MEM_VALUE_U32:
178 {
179 uint32_t *p = (uint32_t *) &ri->data[offset];
180 if (is_store) {
181 if (be) {
182 stl_be_p(p, value.data.u32);
183 } else {
184 stl_le_p(p, value.data.u32);
185 }
186 } else {
187 uint32_t val = be ? ldl_be_p(p) : ldl_le_p(p);
188 unseen_data = val != value.data.u32;
189 }
190 break;
191 }
192 case QEMU_PLUGIN_MEM_VALUE_U64:
193 {
194 uint64_t *p = (uint64_t *) &ri->data[offset];
195 if (is_store) {
196 if (be) {
197 stq_be_p(p, value.data.u64);
198 } else {
199 stq_le_p(p, value.data.u64);
200 }
201 } else {
202 uint64_t val = be ? ldq_be_p(p) : ldq_le_p(p);
203 unseen_data = val != value.data.u64;
204 }
205 break;
206 }
207 case QEMU_PLUGIN_MEM_VALUE_U128:
208 /* non in test so skip */
209 break;
210 default:
211 g_assert_not_reached();
212 }
213
214 /*
215 * This is expected for regions initialised by QEMU (.text etc) but we
216 * expect to see all data read and written to the test_data region
217 * of the memory test.
218 */
219 if (unseen_data && ri->seen_all) {
220 g_autoptr(GString) error = g_string_new("Warning: ");
221 g_string_append_printf(error, "0x%016"PRIx64":%"PRId64
222 " read an un-instrumented value\n",
223 region, offset);
224 qemu_plugin_outs(error->str);
225 ri->seen_all = false;
226 }
227
228 g_mutex_unlock(&lock);
229 }
230
vcpu_mem(unsigned int cpu_index,qemu_plugin_meminfo_t meminfo,uint64_t vaddr,void * udata)231 static void vcpu_mem(unsigned int cpu_index, qemu_plugin_meminfo_t meminfo,
232 uint64_t vaddr, void *udata)
233 {
234 if (do_haddr) {
235 struct qemu_plugin_hwaddr *hwaddr;
236 hwaddr = qemu_plugin_get_hwaddr(meminfo, vaddr);
237 if (qemu_plugin_hwaddr_is_io(hwaddr)) {
238 qemu_plugin_u64_add(io_count, cpu_index, 1);
239 } else {
240 qemu_plugin_u64_add(mem_count, cpu_index, 1);
241 }
242 } else {
243 qemu_plugin_u64_add(mem_count, cpu_index, 1);
244 }
245
246 if (do_region_summary) {
247 uint64_t region = vaddr & ~region_mask;
248 uint64_t offset = vaddr & region_mask;
249 qemu_plugin_mem_value value = qemu_plugin_mem_get_value(meminfo);
250 unsigned size = 1 << qemu_plugin_mem_size_shift(meminfo);
251
252 update_region_info(region, offset, meminfo, value, size);
253 }
254 }
255
print_access(unsigned int cpu_index,qemu_plugin_meminfo_t meminfo,uint64_t vaddr,void * udata)256 static void print_access(unsigned int cpu_index, qemu_plugin_meminfo_t meminfo,
257 uint64_t vaddr, void *udata)
258 {
259 InsnInfo *insn_info = udata;
260 unsigned size = 8 << qemu_plugin_mem_size_shift(meminfo);
261 const char *type = qemu_plugin_mem_is_store(meminfo) ? "store" : "load";
262 qemu_plugin_mem_value value = qemu_plugin_mem_get_value(meminfo);
263 uint64_t hwaddr =
264 qemu_plugin_hwaddr_phys_addr(qemu_plugin_get_hwaddr(meminfo, vaddr));
265 g_autoptr(GString) out = g_string_new("");
266 g_string_printf(out,
267 "0x%"PRIx64",%s,0x%"PRIx64",0x%"PRIx64",%d,%s,",
268 insn_info->vaddr, insn_info->sym,
269 vaddr, hwaddr, size, type);
270 switch (value.type) {
271 case QEMU_PLUGIN_MEM_VALUE_U8:
272 g_string_append_printf(out, "0x%02"PRIx8, value.data.u8);
273 break;
274 case QEMU_PLUGIN_MEM_VALUE_U16:
275 g_string_append_printf(out, "0x%04"PRIx16, value.data.u16);
276 break;
277 case QEMU_PLUGIN_MEM_VALUE_U32:
278 g_string_append_printf(out, "0x%08"PRIx32, value.data.u32);
279 break;
280 case QEMU_PLUGIN_MEM_VALUE_U64:
281 g_string_append_printf(out, "0x%016"PRIx64, value.data.u64);
282 break;
283 case QEMU_PLUGIN_MEM_VALUE_U128:
284 g_string_append_printf(out, "0x%016"PRIx64"%016"PRIx64,
285 value.data.u128.high, value.data.u128.low);
286 break;
287 default:
288 g_assert_not_reached();
289 }
290 g_string_append_printf(out, "\n");
291 qemu_plugin_outs(out->str);
292 }
293
vcpu_tb_trans(qemu_plugin_id_t id,struct qemu_plugin_tb * tb)294 static void vcpu_tb_trans(qemu_plugin_id_t id, struct qemu_plugin_tb *tb)
295 {
296 size_t n = qemu_plugin_tb_n_insns(tb);
297 size_t i;
298
299 for (i = 0; i < n; i++) {
300 struct qemu_plugin_insn *insn = qemu_plugin_tb_get_insn(tb, i);
301
302 if (do_inline) {
303 qemu_plugin_register_vcpu_mem_inline_per_vcpu(
304 insn, rw,
305 QEMU_PLUGIN_INLINE_ADD_U64,
306 mem_count, 1);
307 }
308 if (do_callback || do_region_summary) {
309 qemu_plugin_register_vcpu_mem_cb(insn, vcpu_mem,
310 QEMU_PLUGIN_CB_NO_REGS,
311 rw, NULL);
312 }
313 if (do_print_accesses) {
314 /* we leak this pointer, to avoid locking to keep track of it */
315 InsnInfo *insn_info = g_malloc(sizeof(InsnInfo));
316 const char *sym = qemu_plugin_insn_symbol(insn);
317 insn_info->sym = sym ? sym : "";
318 insn_info->vaddr = qemu_plugin_insn_vaddr(insn);
319 qemu_plugin_register_vcpu_mem_cb(insn, print_access,
320 QEMU_PLUGIN_CB_NO_REGS,
321 rw, (void *) insn_info);
322 }
323 }
324 }
325
qemu_plugin_install(qemu_plugin_id_t id,const qemu_info_t * info,int argc,char ** argv)326 QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id,
327 const qemu_info_t *info,
328 int argc, char **argv)
329 {
330
331 for (int i = 0; i < argc; i++) {
332 char *opt = argv[i];
333 g_auto(GStrv) tokens = g_strsplit(opt, "=", 2);
334
335 if (g_strcmp0(tokens[0], "haddr") == 0) {
336 if (!qemu_plugin_bool_parse(tokens[0], tokens[1], &do_haddr)) {
337 fprintf(stderr, "boolean argument parsing failed: %s\n", opt);
338 return -1;
339 }
340 } else if (g_strcmp0(tokens[0], "track") == 0) {
341 if (g_strcmp0(tokens[1], "r") == 0) {
342 rw = QEMU_PLUGIN_MEM_R;
343 } else if (g_strcmp0(tokens[1], "w") == 0) {
344 rw = QEMU_PLUGIN_MEM_W;
345 } else if (g_strcmp0(tokens[1], "rw") == 0) {
346 rw = QEMU_PLUGIN_MEM_RW;
347 } else {
348 fprintf(stderr, "invalid value for argument track: %s\n", opt);
349 return -1;
350 }
351 } else if (g_strcmp0(tokens[0], "inline") == 0) {
352 if (!qemu_plugin_bool_parse(tokens[0], tokens[1], &do_inline)) {
353 fprintf(stderr, "boolean argument parsing failed: %s\n", opt);
354 return -1;
355 }
356 } else if (g_strcmp0(tokens[0], "callback") == 0) {
357 if (!qemu_plugin_bool_parse(tokens[0], tokens[1], &do_callback)) {
358 fprintf(stderr, "boolean argument parsing failed: %s\n", opt);
359 return -1;
360 }
361 } else if (g_strcmp0(tokens[0], "print-accesses") == 0) {
362 if (!qemu_plugin_bool_parse(tokens[0], tokens[1],
363 &do_print_accesses)) {
364 fprintf(stderr, "boolean argument parsing failed: %s\n", opt);
365 return -1;
366 }
367 } else if (g_strcmp0(tokens[0], "region-summary") == 0) {
368 if (!qemu_plugin_bool_parse(tokens[0], tokens[1],
369 &do_region_summary)) {
370 fprintf(stderr, "boolean argument parsing failed: %s\n", opt);
371 return -1;
372 }
373 } else {
374 fprintf(stderr, "option parsing failed: %s\n", opt);
375 return -1;
376 }
377 }
378
379 if (do_inline && do_callback) {
380 fprintf(stderr,
381 "can't enable inline and callback counting at the same time\n");
382 return -1;
383 }
384
385 if (do_print_accesses) {
386 g_autoptr(GString) out = g_string_new("");
387 g_string_printf(out,
388 "insn_vaddr,insn_symbol,mem_vaddr,mem_hwaddr,"
389 "access_size,access_type,mem_value\n");
390 qemu_plugin_outs(out->str);
391 }
392
393 if (do_region_summary) {
394 region_mask = (region_size - 1);
395 regions = g_hash_table_new(NULL, g_direct_equal);
396 }
397
398 counts = qemu_plugin_scoreboard_new(sizeof(CPUCount));
399 mem_count = qemu_plugin_scoreboard_u64_in_struct(
400 counts, CPUCount, mem_count);
401 io_count = qemu_plugin_scoreboard_u64_in_struct(counts, CPUCount, io_count);
402 qemu_plugin_register_vcpu_tb_trans_cb(id, vcpu_tb_trans);
403 qemu_plugin_register_atexit_cb(id, plugin_exit, NULL);
404 return 0;
405 }
406