- tftp_send_optack() was not 64-bit clean (patch from SF bug #1787500)

[bochs-mirror.git] / instrument / instrumentation.txt

README-instrumentation\r
\r
To  use instrumentation features in bochs, you must compile in support for it.\r
You  should  build a custom instrumentation library in a separate directory in\r
the  "instrument/"  directory. To tell configure which instrumentation library\r
you  want  to  use,  use  the  "--enable-instrumentation"  option. The default\r
library consists of a set of stubs, and the following are equivalent:\r
\r
  ./configure [...] --enable-instrumentation\r
  ./configure [...] --enable-instrumentation="instrument/stubs"\r
\r
You  could  make  a  separate  directory with your custom library, for example\r
"instrument/myinstrument",   copy   the  contents  of  the  "instrument/stubs"\r
directory to it, then customize it. Use:\r
\r
 ./configure [...] --enable-instrumentation="instrument/myinstrument"\r
\r
-----------------------------------------------------------------------------\r
BOCHS instrumentation callbacks\r
\r
        void bx_instr_init(unsigned cpu);\r
\r
The  callback  is  called each time, when Bochs initializes the CPU object. It\r
can  be  used for initialization of user's data, dynamic memory allocation and\r
etc.\r
\r
        void bx_instr_shutdown(unsigned cpu);\r
\r
The  callback is called each time, when Bochs destructs the CPU object. It can\r
be used for destruction of user's data, allocated by bx_instr_init callback.\r
\r
\r
        void bx_instr_reset(unsigned cpu);\r
\r
The  callback  is called each time, when Bochs resets the CPU object. It would\r
be  executed  once  at the start of simulation and each time that user presses\r
RESET BUTTON on the simulator's control panel.\r
\r
\r
        void bx_instr_hlt(unsigned cpu);\r
\r
The  callback is called each time, when Bochs' emulated CPU enters to the HALT\r
state. \r
\r
        void bx_instr_new_instruction(unsigned cpu);\r
\r
The  callback  is  called  each  time,  when Bochs completes (commits) already\r
finished instruction and starts a new one.\r
\r
\r
        void bx_instr_cnear_branch_taken(unsigned cpu, bx_address new_eip);\r
\r
The  callback  is  called  each time, when currently executed instruction is a\r
conditional near branch and it is taken.\r
\r
\r
        void bx_instr_cnear_branch_not_taken(unsigned cpu);\r
\r
The  callback  is  called  each time, when currently executed instruction is a\r
conditional near branch and it is not taken.\r
\r
\r
        void bx_instr_ucnear_branch(unsigned cpu, unsigned what, bx_address new_eip);\r
\r
The  callback  is  called each time, when currently executed instruction is an\r
unconditional near branch (always taken).\r
\r
\r
        void bx_instr_far_branch(unsigned cpu, unsigned what, Bit16u new_cs, bx_address new_eip);\r
\r
The  callback  is  called each time, when currently executed instruction is an\r
unconditional far branch (always taken).\r
\r
\r
        void bx_instr_opcode(unsigned cpu, Bit8u *opcode, unsigned len, bx_bool is32, bx_bool is64);\r
\r
The  callback  is  called  each  time,  when  Bochs  starts  to  decode  a new\r
instruction.  Through  this callback function Bochs could provide an opcode of\r
the instruction, opcode length and an execution mode (16/32/64).\r
\r
\r
        void bx_instr_fetch_decode_completed(unsigned cpu, const bxInstruction_c *i);\r
\r
The  callback  is  called  each  time,  when  Bochs  finishes  decoding of new\r
instruction.  Through  this  callback  function  Bochs  could provide decoding\r
information  of the instruction. The bxInstruction_c argument of the callbacks\r
it  is  a  Bochs internal structure that holds all necessary information about\r
currently executed instruction, such as sib/modrm bytes, execution pointer and\r
etc.\r
\r
        void bx_instr_prefix(unsigned cpu, Bit8u prefix);\r
\r
These  callback  functions  are called by Bochs decoding stage each time, when\r
any prefix byte was decoded.\r
\r
\r
        void bx_instr_interrupt(unsigned cpu, unsigned vector);\r
\r
The  callback  is called each time, when Bochs simulator executes an interrupt\r
(software interrupt, hardware interrupt or an exception).\r
\r
\r
        void bx_instr_exception(unsigned cpu, unsigned vector);\r
\r
The callback is called each time, when Bochs simulator executes an exception.\r
\r
\r
        void bx_instr_hwinterrupt(unsigned cpu, unsigned vector, Bit16u cs, bx_address eip);\r
\r
The  callback  is  called  each time, when Bochs simulator executes a hardware\r
interrupt.\r
\r
\r
        void bx_instr_tlb_cntrl(unsigned cpu, unsigned what, Bit32u newval);\r
        void bx_instr_cache_cntrl(unsigned cpu, unsigned what);\r
\r
The  callback  is  called each time, when Bochs simulator executes a cache/tlb\r
control instruction.\r
\r
Possible instruction types, passed through bx_instr_tlb_cntrl:\r
\r
        #define BX_INSTR_MOV_CR3        10\r
        #define BX_INSTR_INVLPG         11\r
        #define BX_INSTR_TASKSWITCH     12\r
\r
Possible instruction types, passed through bx_instr_cache_cntrl:\r
\r
        #define BX_INSTR_INVD           20\r
        #define BX_INSTR_WBINVD         21\r
\r
\r
        void bx_instr_prefetch_hint(unsigned cpu, unsigned what, unsigned seg, bx_address offset);\r
\r
The  callback  is  called  each time, when Bochs simulator executes a PREFETCH\r
instruction.\r
\r
Possible PREFETCH types:\r
\r
        #define BX_INSTR_PREFETCH_NTA   00\r
        #define BX_INSTR_PREFETCH_T0    01\r
        #define BX_INSTR_PREFETCH_T1    02\r
        #define BX_INSTR_PREFETCH_T2    03\r
\r
The seg/offset arguments indicate the address of the requested prefetch.\r
\r
\r
        void bx_instr_wrmsr(unsigned cpu, unsigned msr, Bit64u value);\r
\r
This callback is called each time when WRMSR instruction is executed.\r
MSR number and written value passed as parameters to the callback function.\r
\r
\r
        void bx_instr_repeat_iteration(unsigned cpu, const bxInstruction_c *i);\r
\r
The  callback  is  called  each time, when Bochs simulator starts a new repeat\r
iteration.\r
\r
\r
        void bx_instr_before_execution(unsigned cpu, const bxInstruction_c *i);\r
\r
The  callback  is  called  each time, when Bochs simulator starts a new\r
instruction execution. In case of repeat instruction the callback will\r
be called only once before the first iteration will be started. \r
\r
\r
        void bx_instr_after_execution(unsigned cpu, const bxInstruction_c *i);\r
\r
The  callback  is  called  each time, when Bochs simulator finishes any\r
instruction execution. In case of repeat instruction the callback will\r
be called only once after all repeat iterations. \r
\r
\r
        void bx_instr_mem_code(unsigned cpu, bx_address linear, unsigned len);\r
        void bx_instr_mem_data(unsigned cpu, bx_address linear, unsigned len, unsigned rw);\r
\r
The  callback  is called each time, when Bochs simulator executes code or data\r
memory access. Possible access types are: BX_READ, BX_WRITE and BX_RW.\r
\r
\r
        void bx_instr_lin_read(unsigned cpu, bx_address lin, bx_address phy, unsigned len);\r
        void bx_instr_lin_write(unsigned cpu, bx_address lin, bx_address phy, unsigned len);\r
\r
The  callback  is  called  each  time,  when Bochs simulator executes a memory\r
access.  Note  that  no  page  split  accesses will be generated because Bochs\r
splits  page  split  accesses  to  two  different  memory  accesses during its\r
execution flow.\r
\r
Currently the callbacks are not supported in case of guest-to-host-tlb feature\r
enabled.\r
\r
\r
        void bx_instr_phy_read(unsigned cpu, bx_address addr, unsigned len);\r
        void bx_instr_phy_write(unsigned cpu, bx_address addr, unsigned len);\r
\r
These callback functions are a feedback from external memory system.\r
\r
\r
        void bx_instr_inp(Bit16u addr, unsigned len);\r
        void bx_instr_outp(Bit16u addr, unsigned len);\r
        void bx_instr_inp2(Bit16u addr, unsigned len, unsigned val);\r
        void bx_instr_outp2(Bit16u addr, unsigned len, unsigned val);\r
\r
These callback functions are a feedback from various system devices.\r
\r
-----------------------------------------------------------------------------\r
Known problems:\r
\r
1. BX_INSTR_MEM_CODE never called from Bochs's code.\r
2. BX_INSTR_LIN_READ doesn't work when Guest-To-Host-TLB feature is enabled.\r
3. BX_INSTR_LIN_WRITE doesn't work when Guest-To-Host-TLB feature is enabled.\r
4.\r
\r
While using Bochs as a reference model for simulations, the simulator needs\r
information about what loads/stores are taking place with each instruction.\r
Presumably,  that  is  what  the BX_INSTR_MEM_DATA() instrumentation macros\r
cover (which is the place where our simulator hooks up).\r
\r
The RETnear_xxx() functions call access_linear() directly, rather than call\r
read_virtual_xxx()  functions. This is a problem for code making use of the\r
BX_INSTR_MEM_DATA()   hook  because  it  does  not  get  called  for  these\r
instructions.  Should  this  be  changed along with some other instructions\r
that exhibit this?\r
                                                        Brian Slechta\r
\r
Feature requests:\r
\r
1. BX_INSTR_CNEAR_BRANCH_NOT_TAKEN callback should have an additional \r
   'not taken' new_EIP parameter.\r
\r
2. X86-64 support\r
\r
3. BX_INSTR_SMI, BX_INSTR_NMI, BX_INSTR_SIPI and other external events\r
   callbacks\r