qemu手写插件

wget https://download.qemu.org/qemu-10.0.0-rc3.tar.xz
tar xvJf qemu-10.0.0-rc3.tar.xz
cd qemu-10.0.0-rc3
./configure --enable-plugins --target-list=riscv32-softmmu --enable-debug
make -j32
mkdir my_plugin && cd my_plugin
vim measure.c

写入如下内容：

#include <stdio.h>
#include <stdint.h>
#include <inttypes.h>
#include <qemu-plugin.h>

QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION;

static uint64_t insn_count = 0;

static void insn_exec_cb(unsigned int vcpu_index, void *userdata) {
    insn_count++;
}

static void tb_trans_cb(qemu_plugin_id_t id, struct qemu_plugin_tb *tb) {
    size_t n = qemu_plugin_tb_n_insns(tb);
    for (size_t i = 0; i < n; i++) {
        struct qemu_plugin_insn *insn = qemu_plugin_tb_get_insn(tb, i);
        qemu_plugin_register_vcpu_insn_exec_cb(insn, insn_exec_cb, QEMU_PLUGIN_CB_NO_REGS, NULL);
    }
}

static void plugin_exit_cb(qemu_plugin_id_t id, void *data) {
    printf("Executed %" PRIu64 " instructions.\n", insn_count);
}

QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id, const qemu_info_t *info,
                                           int argc, char **argv) {
    qemu_plugin_register_vcpu_tb_trans_cb(id, tb_trans_cb);
    qemu_plugin_register_atexit_cb(id, plugin_exit_cb, NULL);
    return 0;
}

继续 shell 执行：缺库的话用 pkg-config --cflags glib-2.0 找库

gcc -Wall -g -fPIC -shared \
  -o measure.so measure.c \
  -I../build/qemu-bundle/usr/local/include \
  -I/usr/include/glib-2.0 \
  -I/usr/lib/x86_64-linux-gnu/glib-2.0/include

坑

1

❯ ../../../qemu-10.0.0-rc3/build/qemu-system-riscv32 \
  -machine virt -bios ../../../qemu-10.0.0-rc3/pc-bios/opensbi-riscv32-generic-fw_dynamic.bin \
  -nographic \
  -kernel hello.out
qemu-system-riscv32: Some ROM regions are overlapping
These ROM regions might have been loaded by direct user request or by default.
They could be BIOS/firmware images, a guest kernel, initrd or some other file loaded into guest memory.
Check whether you intended to load all this guest code, and whether it has been built to load to the correct addresses.

The following two regions overlap (in the memory address space):
  ../../../qemu-10.0.0-rc3/pc-bios/opensbi-riscv32-generic-fw_dynamic.bin (addresses 0x0000000080000000 - 0x0000000080041818)
  hello.out ELF program header segment 0 (addresses 0x0000000080000000 - 0x000000008000000e)