QEMU4V

h1. Trace Format

{{toc}}

QEMU4V is able to generate traces of program execution. Here is the description of the trace format.

The QEMU4V trace contains records of the following kinds: instruction records, memory access records, register write records.

h2. Instruction record

Appears in the trace when the corresponding instruction from the target program has been executed.

The record format is as follows:

<pre><code class="text">

<time> <scale> <cpu> [IT|IS] (<inst_id>) <addr> <opcode> [A|T|X] <mode>_<security> : <disasm>

</code></pre>

The record fields are described in the following table:

| *Field* | *Description* | *Value* |

| <time> | Timestamp | Decimal integer value |

| <scale> | Timestamp unit | String (the _clk_ value means, that the timestamp field shows not physical time but the inex of executed instruction) |

| <cpu> | Identifier for the processor at which the instruction is executed | Decimal integer value |

| [IT<notextile>|</notextile>IS] | Instruction execution flag | IT when "Instruction Taken", IS when "Instruction Skipped" |

| <inst_id> | Index of the executed instruction | Decimal integer value |

| <addr> | Virtual memory address for the instruction | Hexadecimal value |

| <opcode> | 16\32\64-bit code for the instruction | Hexadecimal value |

| [A<notextile>|</notextile>T<notextile>|</notextile>X] | Instruction set identifier | TODO |

| <mode> | Execution mode | String (one of the following: svc, irq, fiq, usr, mon, sys, abt, und) |

| <security> | Flag for the processor security mode | s when "secure", ns when "non-secure" |

| <disasm> | Disassembly representation for the instruction | String |

Example:

<pre><code class="text">

1 clk 0 IT (1) 00000004 3c080001 A svc : lui t0,0x1

</code></pre>

h2. Memory access record

TODO

h2. Register write record

TODO