Pages

Generating assembly ops and micro ops in qemu

The QEMU emulator is able to exectue code written for on archiecture on another by converting the assembly code from one architecture to another.

QEMU does this by converting the guest code to some thing called as TCG(Tiny code generator) ops or micro ops, which is nothing but each instrution of the guest code coverted to an intermediate set of code, which when compiled by the host compiler generates the assembly code for the host.

In the post "Executing ARM executable on x86" we saw how we can execute the ARM binary on x86 to see how the above steps are carried out internally we can print the assembly code at each step and comapre them

To generated the assembly code of the guest, while executing the binary using the command "qemu-arm" pass the option -d in_asm

Note: To see how to generate an excutable for arm see the post "Executing arm executable on x86".



This will generate the input assembly code, that is the guest assebly code . By default the output is place in /tmp/qemu.log , we can save it in a file for later comaprisions.



To see the TCG ops/micro ops , pass the option -d op



To see the assembly code generated for the host that is x86 pass the option
-d out_asm . The output again by default goes to /tmp/qemu.log







Thus we can see the input guest code, the intermediate microps as well as the output assembly of the host os using the qemu.

To see all of the three at the same time we can use the split command of the vi editor. The detials of using split can be found in the post Splitting window in the vi eidtor.

The following is a screenshot of the three files being viewed simultaneously in the vi editor.



No comments:

Post a Comment