On 7/21/25 9:55 PM, Pierrick Bouvier wrote:
> This plugin generates a binary trace compatible with the excellent uftrace:
> https://github.com/namhyung/uftrace
>
> In short, it tracks all function calls performed during execution, based on
> frame pointer analysis. A big advantage over "uftrace record" is that it works
> in system mode, allowing to trace a full system execution, which was the
> original goal. It works as well in user mode, but uftrace itself already does
> this. It's implemented for aarch64 only (with the intent to add x86_64 later).
>
> Let's start with concrete examples of the result.
>
> First, in system mode, booting a stack using TF-A + U-boot + Linux:
> - Two first stages of boot sequence in Arm Trusted Firmware (EL3 and S-EL1)
> https://fileserver.linaro.org/s/kkxBS552W7nYESX/preview
> - Stat and open syscalls in kernel
> https://fileserver.linaro.org/s/dXe4MfraKg2F476/preview
> - Poweroff sequence (from kernel back to firmware, NS-EL2 to EL3)
> https://fileserver.linaro.org/s/oR2PtyGKJrqnfRf/preview
>
> Full trace is available here:
> https://fileserver.linaro.org/s/WsemLboPEzo24nw/download/aarch64_boot.json.gz
> You can download and open it on https://ui.perfetto.dev/ to explore it.
>
> Second, in user mode, tracing qemu-aarch64 (itself) running git --help:
> - Loading program and its interpreter
> https://fileserver.linaro.org/s/fie8JgX76yyL5cq/preview
> - TB creation
> https://fileserver.linaro.org/s/GXY6NKMw5EeRCew/preview
>
> Full trace is available here:
> https://fileserver.linaro.org/s/N8X8fnZ5yGRZLsT/download/qemu_aarch64_git_help.json.gz
>
> If you had curiosity and now you're ready to give some attention, most of the
> details you want to read are included in the documentation patch (final one).
>
> Overhead is around x2 (sampling only) to x10-x15 (precise), and long traces can
> be directly filtered with uftrace if needed.
>
> The series is splitted in:
> - implementing the plugin
> - adding useful options (especially sampling and privilege level tracing)
> - add a companion script to symbolize traces generated
> - add documentation with examples
>
> I hope this plugin can help people trying to understand what happens out of the
> user space, and get a better grasp of how firmwares, bootloader, and kernel
> interact behind the curtain.
>
> v2
> --
>
> - trace active stacks on exit
> - do not erase map generated in system_emulation
> - add documentation to generate restricted visual traces around specific events
> of execution
>
> v3
> --
>
> - fix missing include unistd.h (build failed on MacOS only)
>
> Pierrick Bouvier (6):
> contrib/plugins/uftrace: new uftrace plugin
> contrib/plugins/uftrace: add trace-sample option
> contrib/plugins/uftrace: add trace-privilege-level option
> contrib/plugins/uftrace: add timestamp-based-on-real-time option
> contrib/plugins/uftrace_symbols.py
> contrib/plugins/uftrace: add documentation
>
> docs/about/emulation.rst | 207 +++++++
> contrib/plugins/uftrace.c | 920 +++++++++++++++++++++++++++++
> contrib/plugins/meson.build | 3 +-
> contrib/plugins/uftrace_symbols.py | 152 +++++
> 4 files changed, 1281 insertions(+), 1 deletion(-)
> create mode 100644 contrib/plugins/uftrace.c
> create mode 100755 contrib/plugins/uftrace_symbols.py
>
Sent v4:
https://lore.kernel.org/qemu-devel/20250724204527.3175839-1-pierrick.bouvier@linaro.org/T/#t