QEMU4V

h1. QEMU4V Trace Format

{{toc}}

QEMU4V is able to generate traces of program execution. Here is the description of the trace format.

The QEMU4V trace contains records of the following kinds: instruction records, memory access records, register write records.

h2. Instruction record

Appears in the trace when the corresponding instruction from the target program has been executed.

The record format is as follows:

<pre><code class="text">

<time> <scale> <cpu> [IT|IS] (<inst_id>) <addr> <opcode> [A|T|X] <mode>_<security> : <disasm>

</code></pre>

The record fields are described in the following table:

| *Field* | *Description* | *Value* |

| <time> | Timestamp | Decimal integer value |

| <scale> | Timestamp unit | String (the _clk_ value means, that the timestamp field shows not physical time but the inex of executed instruction) |

| <cpu> | Identifier for the processor at which the instruction is executed | Decimal integer value |

| [IT<notextile>|</notextile>IS] | Instruction execution flag | IT when "Instruction Taken", IS when "Instruction Skipped" |

| <inst_id> | Index of the executed instruction | Decimal integer value |

| <addr> | Virtual memory address for the instruction | Hexadecimal value |

| <opcode> | 16\32\64-bit code for the instruction | Hexadecimal value |

| [A<notextile>|</notextile>T<notextile>|</notextile>X] | Instruction set identifier | TODO |

| <mode> | Execution mode | String (one of the following: svc, irq, fiq, usr, mon, sys, abt, und) |

| <security> | Flag for the processor security mode | s when "secure", ns when "non-secure" |

| <disasm> | Disassembly representation for the instruction | String |

Example:

<pre><code class="text">

1 clk 0 IT (1) 00000004 3c080001 A svc : lui t0,0x1

</code></pre>

h2. Memory access record

Appears in the trace when reading from or writing to memory starts.

The record format is as follows:

<pre><code class="text">

<time> <scale> M<rw><sz><attrib> <addr> <data>

</code></pre>

The record fields are described in the following table:

| *Field* | *Description* | *Value* |

| <time> | Timestamp | Decimal integer value |

| <scale> | Timestamp unit | String (the _clk_ value means, that the timestamp field shows not physical time but the inex of executed instruction) |

| <rw> | Type of access | R for reading, W for writing |

| <sz> | Size of received\transmitted data in bytes | Decimal integer value |

| <attrib> | Access attribute (optional) | X for privileged, T for non-privileged (translated) |

| <addr> | Virtual memory address to which an access is made | Hexadecimal value |

| <data> | The data to be written (has been read) | Hexadecimal value of the corresponding size |

Example:

<pre><code class="text">

10 clk MR8 00103fc4 0010400000000000

</code></pre>

h2. Register write record

Appears in the trace when writing to register happens.

The record format is as follows:

<pre><code class="text">

<time> <scale> R <register> <value>

</code></pre>

The record fields are described in the following table:

| *Field* | *Description* | *Value* |

| <time> | Timestamp | Decimal integer value |

| <scale> | Timestamp unit | String (the _clk_ value means, that the timestamp field shows not physical time but the inex of executed instruction) |

| <register> | Name of register | lowercase string |

| <value> | The value to be written in the register | Hexadecimal value |

Example:

<pre><code class="text">

14 clk R r8 00000000

</code></pre>