[Qemu-devel] [RFC v2 00/38] Plugin support

Emilio G. Cota posted 38 patches 5 years, 3 months ago
Failed in applying to current master (apply log)
.gitignore                                |    2 +
Makefile                                  |    8 +-
Makefile.target                           |   18 +
accel/tcg/Makefile.objs                   |    1 +
accel/tcg/atomic_template.h               |  117 +++-
accel/tcg/cpu-exec.c                      |    2 +
accel/tcg/cputlb.c                        |   23 +-
accel/tcg/plugin-gen.c                    | 1085 +++++++++++++++++++++++++++++
accel/tcg/plugin-helpers.h                |    6 +
accel/tcg/softmmu_template.h              |   43 +-
accel/tcg/translate-all.c                 |   15 +-
accel/tcg/translator.c                    |   16 +
bsd-user/syscall.c                        |   12 +
configure                                 |   86 ++-
cpus-common.c                             |    2 +
cpus.c                                    |   10 +
exec.c                                    |    2 +
include/exec/cpu-defs.h                   |    9 +
include/exec/cpu_ldst.h                   |    9 +
include/exec/cpu_ldst_template.h          |   43 +-
include/exec/cpu_ldst_useronly_template.h |   42 +-
include/exec/exec-all.h                   |   13 +
include/exec/helper-gen.h                 |    1 +
include/exec/helper-proto.h               |    1 +
include/exec/helper-tcg.h                 |    1 +
include/exec/plugin-gen.h                 |   75 ++
include/exec/translator.h                 |   28 +
include/qemu/plugin.h                     |  253 +++++++
include/qemu/qemu-plugin.h                |  241 +++++++
include/qemu/queue.h                      |   10 +
include/qom/cpu.h                         |   19 +
linux-user/exit.c                         |    1 +
linux-user/main.c                         |   18 +
linux-user/syscall.c                      |    3 +
plugin.c                                  | 1030 +++++++++++++++++++++++++++
qemu-options.hx                           |   17 +
qemu-plugins.symbols                      |   34 +
qom/cpu.c                                 |    2 +
target/alpha/translate.c                  |    2 +-
target/arm/translate-a64.c                |    2 +
target/arm/translate.c                    |    8 +-
target/hppa/translate.c                   |    2 +-
target/i386/translate.c                   |   10 +-
target/m68k/translate.c                   |    2 +-
target/openrisc/translate.c               |    2 +-
target/ppc/translate.c                    |    8 +-
target/riscv/translate.c                  |    2 +-
target/sh4/translate.c                    |    2 +-
target/sparc/translate.c                  |    2 +-
target/xtensa/translate.c                 |    4 +-
tcg/README                                |    2 +-
tcg/i386/tcg-target.inc.c                 |    7 +
tcg/optimize.c                            |    4 +-
tcg/tcg-op.c                              |   44 +-
tcg/tcg-op.h                              |   16 +
tcg/tcg-opc.h                             |    3 +
tcg/tcg.c                                 |   27 +-
tcg/tcg.h                                 |   32 +-
tests/plugin/Makefile                     |   28 +
tests/plugin/bb.c                         |   66 ++
tests/plugin/empty.c                      |   30 +
tests/plugin/insn.c                       |   63 ++
tests/plugin/mem.c                        |   93 +++
trace-events                              |    2 +-
vl.c                                      |   11 +
65 files changed, 3653 insertions(+), 119 deletions(-)
[Qemu-devel] [RFC v2 00/38] Plugin support
Posted by Emilio G. Cota 5 years, 3 months ago
v1: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg05682.html

Changes since v1:

- Drop the 2-pass translation. Instead, empty instrumentation
  is injected during translation. If it turns out that this
  empty instrumentation is not needed, it is removed from
  the output. For this, add 2 TCG ops that mark the beginning
  and end of this empty instrumentation.

  This is cleaner than 2-pass translation, although it
  ends up being quite a bit more code, since we have
  to copy backend TCG ops, which is tedious. Performance-wise,
  it is at worst ~9% slower (~1.3% avg) than 2-pass for SPEC06int:

    https://imgur.com/a/bUNox3H

  This is for an "empty" plugin (also added to tests/plugin/empty.c).
  That is, it subscribes to TB translation events and does nothing
  with them (i.e. no execution-time subscriptions).
  This means the empty instrumentation has to be injected and then
  removed, which is the worst-case scenario since all the injection
  work is wasted.

- Add QTAILQ_REMOVE_SEVERAL, which helps speed up the removal
  of empty instrumentation.

- Drop the "TCG runtime helper" support. We do not need it
  for empty instrumentation; we just replace the function pointer
  in the copied "call" op directly.
  + To detect when an instruction uses helpers, just strncmp
  the helper's name against "plugin_".

- Drop tb->plugin_mask. Instead, read cpu->plugin_mask from
  translator_loop.

- Drop the xxhash patches, since I submitted those as a separate
  series.

- Move a lot of plugin-related code from translator.c to
  plugin-gen.c, leaving only a few function calls in translator.c.

- Add support for only subscribing to an instruction's reads or
  writes. This is implemented via a flag added to the memory
  registration functions of the public API.

- Disentangle callbacks into separate arrays. Instead of just
  having 3 arrays (tb, insn and mem callbacks), have 5 arrays
  (tb, insn, virt. mem, hostaddr mem) of 2 arrays each (udata_cb
  and inline). This takes a bit more space per TB, but note that
  this struct is allocated only once in each TCGContext. OTOH,
  it makes the code much simpler. The union in struct dyn_cb
  remains, since for instrumenting memory accesses from helpers
  we still coalesce all types of memory callbacks into a single
  array.

- Add get_page_addr_code_hostp to get the host address of code
  from common code. Use this to export the host address of
  instructions (qemu_plugin_insn_haddr() added to the public API).

- Define TCGMemOp MO_HADDR. If set, the TCG backend copies on
  a TLB hit the corresponding host address to env->hostaddr.
  This allows us to only do this copy when needed.

- Use helpers for reading and setting env->hostaddr, so that
  we minimize the use of #ifdef CONFIG_PLUGIN.

- Only define env->hostaddr if CONFIG_PLUGIN.

- Drop the trailing 'S' in CONFIG_PLUGINS: it is now CONFIG_PLUGIN.

- Drop a few optional features from the RFC:
  + lockstep execution
  + plugin-chan + guest hooks
  + virtual clock control

- Define translator_ld* helpers and use them, as suggested
  by Alex and rth. All target ISAs that use translator_loop
  have been converted, except s390x and mips.

- Do not bloat TCGContext if !CONFIG_PLUGIN.

- Define TCGContext.plugin_tb as a pointer, instead of the
  whole struct.

- Test on 32-bit and 64-bit hosts (i386, x86_64, ppc64, aarch64).

- Add cpu_in_exclusive_work_context() and use it in tb_flush(),
  as suggested by Alex.

- configure fixes, including MacOSX builds thanks to Roman's help.

- Remove macros in atomic_template.h, as suggested by Alex.
  Turns out they aren't needed, inlines are enough.

- Fixed a bug by which cpu->plugin_mem was not being cleared
  if the instruction that used helpers was the last one in
  a TB (e.g. an exception). Fix it by adding checks (1) when
  returning from longjmp, and (2) when finishing a TB from
  tcg, so that we're sure to leave cpu->plugin_mem
  in a good state. (I noticed the bug by uninstalling a plugin
  that had registered memory callbacks, which resulted in
  callbacks to the uninstalled [dlclose'd] plugin.)

- Make sure tcg_ctx->plugin_mem_cb is always NULL after finishing
  the translation of a TB. This fixes a bug on uninstall.

- Do not abort when qemu_plugin_uninstall is called more than
  once. This is actually quite common, so just silently return
  on subsequent calls to uninstall.

- Drop the "qemu"/QEMU from some overly long function/macro
  names. This applies to qemu-internal files, of course.

- Keep the plugin's argument array in memory until the plugin
  is uninstalled, so that plugins don't have to strdup their
  arguments.

- Drop nargs argument from tcg_op_insert_before/after; it's
  unused.

- Rename plugin-api.h to qemu-plugin.h, which is the same name
  it gets in the final destination (after `make install').

- Add insn_inline function to the API.

- Add some sample plugins to tests/plugin.

You can fetch this series from:
  https://github.com/cota/qemu/tree/plugin-v2

Thanks,

		Emilio
---
 .gitignore                                |    2 +
 Makefile                                  |    8 +-
 Makefile.target                           |   18 +
 accel/tcg/Makefile.objs                   |    1 +
 accel/tcg/atomic_template.h               |  117 +++-
 accel/tcg/cpu-exec.c                      |    2 +
 accel/tcg/cputlb.c                        |   23 +-
 accel/tcg/plugin-gen.c                    | 1085 +++++++++++++++++++++++++++++
 accel/tcg/plugin-helpers.h                |    6 +
 accel/tcg/softmmu_template.h              |   43 +-
 accel/tcg/translate-all.c                 |   15 +-
 accel/tcg/translator.c                    |   16 +
 bsd-user/syscall.c                        |   12 +
 configure                                 |   86 ++-
 cpus-common.c                             |    2 +
 cpus.c                                    |   10 +
 exec.c                                    |    2 +
 include/exec/cpu-defs.h                   |    9 +
 include/exec/cpu_ldst.h                   |    9 +
 include/exec/cpu_ldst_template.h          |   43 +-
 include/exec/cpu_ldst_useronly_template.h |   42 +-
 include/exec/exec-all.h                   |   13 +
 include/exec/helper-gen.h                 |    1 +
 include/exec/helper-proto.h               |    1 +
 include/exec/helper-tcg.h                 |    1 +
 include/exec/plugin-gen.h                 |   75 ++
 include/exec/translator.h                 |   28 +
 include/qemu/plugin.h                     |  253 +++++++
 include/qemu/qemu-plugin.h                |  241 +++++++
 include/qemu/queue.h                      |   10 +
 include/qom/cpu.h                         |   19 +
 linux-user/exit.c                         |    1 +
 linux-user/main.c                         |   18 +
 linux-user/syscall.c                      |    3 +
 plugin.c                                  | 1030 +++++++++++++++++++++++++++
 qemu-options.hx                           |   17 +
 qemu-plugins.symbols                      |   34 +
 qom/cpu.c                                 |    2 +
 target/alpha/translate.c                  |    2 +-
 target/arm/translate-a64.c                |    2 +
 target/arm/translate.c                    |    8 +-
 target/hppa/translate.c                   |    2 +-
 target/i386/translate.c                   |   10 +-
 target/m68k/translate.c                   |    2 +-
 target/openrisc/translate.c               |    2 +-
 target/ppc/translate.c                    |    8 +-
 target/riscv/translate.c                  |    2 +-
 target/sh4/translate.c                    |    2 +-
 target/sparc/translate.c                  |    2 +-
 target/xtensa/translate.c                 |    4 +-
 tcg/README                                |    2 +-
 tcg/i386/tcg-target.inc.c                 |    7 +
 tcg/optimize.c                            |    4 +-
 tcg/tcg-op.c                              |   44 +-
 tcg/tcg-op.h                              |   16 +
 tcg/tcg-opc.h                             |    3 +
 tcg/tcg.c                                 |   27 +-
 tcg/tcg.h                                 |   32 +-
 tests/plugin/Makefile                     |   28 +
 tests/plugin/bb.c                         |   66 ++
 tests/plugin/empty.c                      |   30 +
 tests/plugin/insn.c                       |   63 ++
 tests/plugin/mem.c                        |   93 +++
 trace-events                              |    2 +-
 vl.c                                      |   11 +
 65 files changed, 3653 insertions(+), 119 deletions(-)