系统模拟器通过模拟处理器、内存、外设等硬件资源创建一个完整的虚拟计算机环境, 支持运行和调试不同架构的软件, 可大大缩短跨架构的软件开发周期. 模拟器的调试模块通常具有指令追踪功能, 可记录程序运行的指令序列以用于进一步分析, 如程序运行时间评估、程序行为模式分析、软硬件联合仿真等. 支持RISC-V架构的主流模拟器QEMU和Spike均具有指令追踪功能, 但其时间和空间开销过大, 在应对规模较大的应用时效率低下. 本文提出了一种基于QEMU的指令追踪技术, 将程序中的基本块、控制流图等静态信息与分支选择等动态信息解耦, 在保证指令序列不失真的同时高效追踪执行序列. 相比QEMU原生实现的指令追踪, 本文提出的指令追踪技术的时间开销平均降低了80%以上, 空间开销平均降低了95%以上. 此外, 本文面向RISC-V架构, 实现了多种场景下的指令序列离线分析, 包括指令分类统计、程序热点标记、行为模式分析等.
The system emulator creates a virtual environment by emulating hardware resources such as processor, memory, and peripherals, which can support software running and debugging of different architectures and greatly shorten the cross-architecture software development cycle. The emulator usually supports instruction tracing and can be employed for analysis by recording the instruction sequence of program running, such as running time evaluation and behavior pattern analysis related to the program, and joint emulation of software and hardware. As the mainstream emulators supporting RISC-V architecture, both QEMU and Spike support instruction tracing. However, they are time- and space-expensive and inefficient when dealing with large-scale applications. Thus, this study proposes an instruction tracing technology with QEMU. When instructions are traced without distortion, static information such as basic blocks and control flow charts in the program is decoupled from branch selection and other dynamic information. Compared with the native instruction tracing implemented by QEMU, the proposed technology reduces the time overhead by more than 80% and the space overhead by more than 95%. Additionally, based on RISC-V architecture, this study realizes off-line analysis of instruction sequences in various scenarios, such as instruction classification statistics, program hotspot marking, and program behavior analysis.