This series adds an API to add instrumentation events.

It also provides additional APIs for:
* Controlling tracing events
* Peek/poke guest memory

There's still missing APIs for (can be added in later series?):
* Provide something like tracing's per-vCPU trace states (i.e., so that each
  vCPU can have different instrumentation code). It's still not clear to me if
  we should extend the per-vCPU bitmap with instrumentation events, or otherwise
  somehow reuse the bits in tracing events (since they're currently limited).
* Peek/poke guest registers

The instrumentation code is dynamically loaded as a library into QEMU either
when it starts or later using its remote control interfaces.

Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
---

Changes in v4
=============

* Add missing stub function.


Changes in v3
=============

* Use a separate event set for instrumentation (i.e., do not instrument tracing
  events) [Stefan Hajnoczi].
* Add API for peek/poke guest memory.


Changes in v2
=============

* Update QEMU version in QAPI [Eric Blake].
* Clarify 'msg' result in QAPI is for humans only.
* Make 'msg' and 'handle' results optional in QAPI.
* Use a list of 'str' in 'instr-load' QAPI command.
* Update MAINTAINERS.
* Add macros for error-reporting in API.


Lluís Vilanova (20):
      instrument: Add documentation
      instrument: Add configure-time flag
      instrument: Add generic library loader
      instrument: [linux-user] Add command line library loader
      instrument: [bsd-user] Add command line library loader
      instrument: [softmmu] Add command line library loader
      instrument: [qapi] Add library loader
      instrument: [hmp] Add library loader
      instrument: Add basic control interface
      instrument: Add support for tracing events
      instrument: Track vCPUs
      instrument: Add event 'guest_cpu_enter'
      instrument: Add event 'guest_cpu_exit'
      instrument: Add event 'guest_cpu_reset'
      trace: Introduce a proper structure to describe memory accesses
      instrument: Add event 'guest_mem_before_trans'
      instrument: Add event 'guest_mem_before_exec'
      instrument: Add event 'guest_user_syscall'
      instrument: Add event 'guest_user_syscall_ret'
      instrument: Add API to manipulate guest memory


 .gitignore                                |    1 
 MAINTAINERS                               |    7 +
 Makefile                                  |    8 +
 Makefile.objs                             |    4 +
 Makefile.target                           |    1 
 bsd-user/main.c                           |   15 ++
 bsd-user/syscall.c                        |   11 ++
 configure                                 |   12 ++
 cpus-common.c                             |    9 +
 docs/instrument.txt                       |  174 ++++++++++++++++++++++++++
 hmp-commands.hx                           |   28 ++++
 include/exec/cpu_ldst_template.h          |   19 +--
 include/exec/cpu_ldst_useronly_template.h |   19 +--
 include/exec/helper-gen.h                 |    1 
 include/exec/helper-proto.h               |    1 
 include/exec/helper-tcg.h                 |    1 
 instrument/Makefile.objs                  |    9 +
 instrument/cmdline.c                      |  124 ++++++++++++++++++
 instrument/cmdline.h                      |   49 +++++++
 instrument/control.c                      |  148 ++++++++++++++++++++++
 instrument/control.h                      |  123 ++++++++++++++++++
 instrument/control.inc.h                  |   56 ++++++++
 instrument/error.h                        |   34 +++++
 instrument/events.h                       |   86 +++++++++++++
 instrument/events.inc.h                   |  108 ++++++++++++++++
 instrument/helpers.h                      |    1 
 instrument/load.c                         |  196 +++++++++++++++++++++++++++++
 instrument/load.h                         |   87 +++++++++++++
 instrument/qemu-instr/control.h           |  169 +++++++++++++++++++++++++
 instrument/qemu-instr/state.h             |  104 +++++++++++++++
 instrument/qemu-instr/types.h             |  115 +++++++++++++++++
 instrument/qemu-instr/types.inc.h         |   15 ++
 instrument/qemu-instr/visibility.h        |   58 +++++++++
 instrument/qmp.c                          |   88 +++++++++++++
 instrument/state.c                        |   72 +++++++++++
 instrument/trace.c                        |  125 ++++++++++++++++++
 linux-user/main.c                         |   19 +++
 linux-user/syscall.c                      |    6 +
 monitor.c                                 |   60 +++++++++
 qapi-schema.json                          |    3 
 qapi/instrument.json                      |   96 ++++++++++++++
 qemu-options.hx                           |   19 +++
 qom/cpu.c                                 |    2 
 stubs/Makefile.objs                       |    1 
 stubs/instrument.c                        |   25 ++++
 tcg/tcg-op.c                              |   27 +++-
 trace/control-target.c                    |    2 
 trace/control.c                           |    4 -
 trace/control.h                           |   24 ++++
 trace/mem-internal.h                      |   22 ++-
 trace/mem.h                               |    8 +
 vl.c                                      |   15 ++
 52 files changed, 2371 insertions(+), 40 deletions(-)
 create mode 100644 docs/instrument.txt
 create mode 100644 instrument/Makefile.objs
 create mode 100644 instrument/cmdline.c
 create mode 100644 instrument/cmdline.h
 create mode 100644 instrument/control.c
 create mode 100644 instrument/control.h
 create mode 100644 instrument/control.inc.h
 create mode 100644 instrument/error.h
 create mode 100644 instrument/events.h
 create mode 100644 instrument/events.inc.h
 create mode 100644 instrument/helpers.h
 create mode 100644 instrument/load.c
 create mode 100644 instrument/load.h
 create mode 100644 instrument/qemu-instr/control.h
 create mode 100644 instrument/qemu-instr/state.h
 create mode 100644 instrument/qemu-instr/types.h
 create mode 100644 instrument/qemu-instr/types.inc.h
 create mode 100644 instrument/qemu-instr/visibility.h
 create mode 100644 instrument/qmp.c
 create mode 100644 instrument/state.c
 create mode 100644 instrument/trace.c
 create mode 100644 qapi/instrument.json
 create mode 100644 stubs/instrument.c


To: qemu-devel@nongnu.org
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Emilio G. Cota <cota@braap.org>
Cc: Eric Blake <eblake@redhat.com>

On Wed, Sep 06, 2017 at 20:22:41 +0300, Lluís Vilanova wrote:
> This series adds an API to add instrumentation events.
> 
> It also provides additional APIs for:
> * Controlling tracing events

hmm didn't Stefan say that tracing should be decoupled from this?

> * Peek/poke guest memory
> 
> There's still missing APIs for (can be added in later series?):
> * Provide something like tracing's per-vCPU trace states (i.e., so that each
>   vCPU can have different instrumentation code). It's still not clear to me if
>   we should extend the per-vCPU bitmap with instrumentation events, or otherwise
>   somehow reuse the bits in tracing events (since they're currently limited).

As I said in the description of my alternative implementation [*], I don't see
much value in having per-vCPU events, as most instrumenters just care about
the guest application/system. I can only think of cases where the instrumenter
is only interested in a guest process (in system-mode), but that'd be ugly
anyway (would need to change both QEMU and the guest kernel to track the pid).

If the need ever arises, we could add __vcpu(cpu_index) registration functions.

[*] https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg01446.html

		E.

Emilio G Cota writes:

> On Wed, Sep 06, 2017 at 20:22:41 +0300, Lluís Vilanova wrote:
>> This series adds an API to add instrumentation events.
>> 
>> It also provides additional APIs for:
>> * Controlling tracing events

> hmm didn't Stefan say that tracing should be decoupled from this?

>> * Peek/poke guest memory
>> 
>> There's still missing APIs for (can be added in later series?):
>> * Provide something like tracing's per-vCPU trace states (i.e., so that each
>> vCPU can have different instrumentation code). It's still not clear to me if
>> we should extend the per-vCPU bitmap with instrumentation events, or otherwise
>> somehow reuse the bits in tracing events (since they're currently limited).

> As I said in the description of my alternative implementation [*], I don't see
> much value in having per-vCPU events, as most instrumenters just care about
> the guest application/system. I can only think of cases where the instrumenter
> is only interested in a guest process (in system-mode), but that'd be ugly
> anyway (would need to change both QEMU and the guest kernel to track the pid).

Yes, that's exactly what I was using it for (track guest processes in softmmu
mode).


> If the need ever arises, we could add __vcpu(cpu_index) registration functions.

You still need the functionality I cited if you're using
"qi_event_gen_guest_mem_before_exec" or similar.


> [*] https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg01446.html

> 		E.

Cheers,
  Lluis

Emilio G Cota writes:

> On Wed, Sep 06, 2017 at 20:22:41 +0300, Lluís Vilanova wrote:
>> This series adds an API to add instrumentation events.
>> 
>> It also provides additional APIs for:
>> * Controlling tracing events

> hmm didn't Stefan say that tracing should be decoupled from this?

I understood decoupling instr from the tracing infrastructure (since tracing
events are defined as not stable, and instr must be stable by definition).


>> * Peek/poke guest memory
>> 
>> There's still missing APIs for (can be added in later series?):
>> * Provide something like tracing's per-vCPU trace states (i.e., so that each
>> vCPU can have different instrumentation code). It's still not clear to me if
>> we should extend the per-vCPU bitmap with instrumentation events, or otherwise
>> somehow reuse the bits in tracing events (since they're currently limited).

> As I said in the description of my alternative implementation [*], I don't see
> much value in having per-vCPU events, as most instrumenters just care about
> the guest application/system. I can only think of cases where the instrumenter
> is only interested in a guest process (in system-mode), but that'd be ugly
> anyway (would need to change both QEMU and the guest kernel to track the pid).

> If the need ever arises, we could add __vcpu(cpu_index) registration functions.

> [*] https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg01446.html

Sorry, your series slipped my radar. I'll take a look at it.


Thanks,
  Lluis

Lluís Vilanova <vilanova@ac.upc.edu> writes:

> This series adds an API to add instrumentation events.
>
> It also provides additional APIs for:
> * Controlling tracing events
> * Peek/poke guest memory
>
> There's still missing APIs for (can be added in later series?):
> * Provide something like tracing's per-vCPU trace states (i.e., so that each
>   vCPU can have different instrumentation code). It's still not clear to me if
>   we should extend the per-vCPU bitmap with instrumentation events, or otherwise
>   somehow reuse the bits in tracing events (since they're currently limited).
> * Peek/poke guest registers
>
> The instrumentation code is dynamically loaded as a library into QEMU either
> when it starts or later using its remote control interfaces.
>
> Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>

Taking a step back.

This looks like a way to dynamically load arbitrary code.  What
interfaces can this code use?  Your cover letter should answer this.

As long as the answer is "everything the dynamic linker is willing to
resolve", this series heading nowhere.  We can talk about an interface
for plugins, but "anything goes" is not on the menu.

On Thu, Sep 07, 2017 at 12:58:05 +0200, Markus Armbruster wrote:
> Lluís Vilanova <vilanova@ac.upc.edu> writes:
> 
> > This series adds an API to add instrumentation events.
> >
> > It also provides additional APIs for:
> > * Controlling tracing events
> > * Peek/poke guest memory
> >
> > There's still missing APIs for (can be added in later series?):
> > * Provide something like tracing's per-vCPU trace states (i.e., so that each
> >   vCPU can have different instrumentation code). It's still not clear to me if
> >   we should extend the per-vCPU bitmap with instrumentation events, or otherwise
> >   somehow reuse the bits in tracing events (since they're currently limited).
> > * Peek/poke guest registers
> >
> > The instrumentation code is dynamically loaded as a library into QEMU either
> > when it starts or later using its remote control interfaces.
> >
> > Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
> 
> Taking a step back.
> 
> This looks like a way to dynamically load arbitrary code.  What
> interfaces can this code use?  Your cover letter should answer this.
> 
> As long as the answer is "everything the dynamic linker is willing to
> resolve", this series heading nowhere.  We can talk about an interface
> for plugins, but "anything goes" is not on the menu.

A simple solution to this is to only export the API symbols by passing
--dynamic-file to the linker -- see patch 2 of the following series for an
example (ELF-only, although I'm pretty sure this can be achieved on Windows
as well):
  https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg01446.html

Thanks,

		Emilio

Emilio G Cota writes:

> On Thu, Sep 07, 2017 at 12:58:05 +0200, Markus Armbruster wrote:
>> Lluís Vilanova <vilanova@ac.upc.edu> writes:
>> 
>> > This series adds an API to add instrumentation events.
>> >
>> > It also provides additional APIs for:
>> > * Controlling tracing events
>> > * Peek/poke guest memory
>> >
>> > There's still missing APIs for (can be added in later series?):
>> > * Provide something like tracing's per-vCPU trace states (i.e., so that each
>> >   vCPU can have different instrumentation code). It's still not clear to me if
>> >   we should extend the per-vCPU bitmap with instrumentation events, or otherwise
>> >   somehow reuse the bits in tracing events (since they're currently limited).
>> > * Peek/poke guest registers
>> >
>> > The instrumentation code is dynamically loaded as a library into QEMU either
>> > when it starts or later using its remote control interfaces.
>> >
>> > Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
>> 
>> Taking a step back.
>> 
>> This looks like a way to dynamically load arbitrary code.  What
>> interfaces can this code use?  Your cover letter should answer this.
>> 
>> As long as the answer is "everything the dynamic linker is willing to
>> resolve", this series heading nowhere.  We can talk about an interface
>> for plugins, but "anything goes" is not on the menu.

> A simple solution to this is to only export the API symbols by passing
> --dynamic-file to the linker -- see patch 2 of the following series for an
> example (ELF-only, although I'm pretty sure this can be achieved on Windows
> as well):
>   https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg01446.html

Sorry, I adapted the instr series in a rush and missed your series. I'm now
preparing a new version that fixes this without the flags you mention (missed to
add a line in this series).


Thanks,
  Lluis

Lluís Vilanova <vilanova@ac.upc.edu> writes:

> This series adds an API to add instrumentation events.
>
> It also provides additional APIs for:
> * Controlling tracing events
> * Peek/poke guest memory
>
> There's still missing APIs for (can be added in later series?):
> * Provide something like tracing's per-vCPU trace states (i.e., so that each
>   vCPU can have different instrumentation code). It's still not clear to me if
>   we should extend the per-vCPU bitmap with instrumentation events, or otherwise
>   somehow reuse the bits in tracing events (since they're currently limited).
> * Peek/poke guest registers
>
> The instrumentation code is dynamically loaded as a library into QEMU either
> when it starts or later using its remote control interfaces.
>
> Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>

Doesn't apply to current master, and appears to have whitespace errors.
Please rebase and use scripts/checkpatch.pl to tidy up.