typedef struct { logical_address_t (*get_program_counter)(conf_object_t *NOTNULL cpu); void (*set_program_counter)(conf_object_t *NOTNULL cpu, logical_address_t pc); int (*get_privilege_level)(conf_object_t *NOTNULL cpu); tuple_int_string_t *(*disassemble)(conf_object_t *NOTNULL cpu, generic_address_t address, int type); tuple_int_string_t (*disassemble_buf)( conf_object_t *NOTNULL cpu, generic_address_t address, byte_string_t opcode); struct instr_info *(*instruction_info)(conf_object_t *NOTNULL cpu, generic_address_t address, int type); void (*reset)(conf_object_t *NOTNULL cpu, int hard_reset); processor_t *(*simcore)(processor_t *NOTNULL); void (*pre_simcore)(processor_t *NOTNULL); void (*post_simcore)(processor_t *NOTNULL); processor_t *(*in_order_simcore)(processor_t *NOTNULL); processor_t *(*step_queue_simcore)(processor_t *NOTNULL); processor_t *(*mai_simcore)(processor_t *NOTNULL); int (*dump_sr_stat)(const char *NOTNULL filename); void (*print_instruction_queue)(conf_object_t *NOTNULL cpu, int verbose); void (*dbg_print_pistc)(conf_object_t *NOTNULL cpu, int table); int (*stc_load)(conf_object_t *cpu, logical_address_t laddr, uint8 *value, int size); int (*stc_store)(conf_object_t *cpu, logical_address_t laddr, uint8 *value, int size); attr_value_t (*disassemble_range)(processor_t *NOTNULL cpu, logical_address_t start, int nlines, int back, disass_flags_t flags); } processor_interface_t; #define PROCESSOR_INTERFACE "processor"
The functions correspond to the API functions SIM_get_program_counter, SIM_set_program_counter, SIM_processor_privilege_level, and SIM_disassemble. See the documentation for those functions for more complete documentation.
The function instruction_info can take either a physical address (type = 0) or a logical address (type = 1). It returns a filled instr_info_t structure. Only the SPARCv9 and the x86 architectures provides a list of register dependencies as an array of reg_info_t.
struct instr_info { instr_type_t type; /* ORed representation of instr_type_t */ logical_address_t return_pc; /* (SPARC only) Return program counter (defined iff It_Call is true) */ int delay_slots; /* (SPARC only) Delay slots for instruction (defined iff It_Return) */ int length; /* Instruction length in bytes */ const char *name; /* (SPARC and x86) instruction name */ instr_info_dep_t *dependencies; };
typedef struct instr_info instr_info_t;
struct instr_info_dep { int number_of_regs; reg_info_t regs[MAX_REG_INFO_REGS]; };
typedef struct instr_info_dep instr_info_dep_t;
struct reg_info { register_type_t type; /* register type */ register_id_t id; /* register id */ unsigned input:1; /* used as input */ unsigned output:1; /* used as output */ };
typedef struct reg_info reg_info_t;
add-memory-profiler | add a memory profiler to the processor |
aprof-views | manipulate list of selected address profiling views |
attach-branch-recorder | attach a branch recorder to a processor |
break-cr | break on control register updates |
cycle-break | set cycle breakpoint |
cycle-break-absolute | set absolute cycle breakpoint |
detach-branch-recorder | detach a branch recorder from a processor |
disable | switch processor off |
disassemble | disassemble instructions |
down | go down N stack frames |
enable | switch processor on |
frame | change current stack frame |
info | print information about the processor |
instruction-fetch-mode | set or get current mode for instruction fetching |
io-read | perform an I/O read inquiry coming from the processor |
io-write | perform an I/O write inquiry coming from the processor |
list | list source and/or disassemble |
list-memory-profilers | list memory profilers connected to the processor |
load-binary | load binary (executable) file into memory |
logical-to-physical | translate logical address to physical |
pos | address of line or function |
pregs | print cpu registers |
pregs-hyper | print hypervisor registers |
print-statistics | print various statistics |
print-time | print number of steps and cycles executed |
psym | print value of symbolic expression |
read | perform a read inquiry coming from the processor |
read-reg | read a register |
register-number | get the number of a processor register |
remove-memory-profiler | remove a memory profiler from the processor |
set-context | set the current context of a CPU |
set-pc | set the program counter |
stack-trace | display stack trace |
start-instruction-profiling | get started with instruction profiling |
step-break | set time breakpoint |
step-break-absolute | set absolute time breakpoint |
sum | deprecated — sum a memory range |
symval | evaluate symbolic expression |
trace-cr | trace control register updates |
unbreak-cr | break on control register updates |
untrace-cr | trace control register updates |
up | go up N stack frames |
wait-for-cycle | wait until reaching cycle |
wait-for-step | wait until reaching step |
write | perform a write inquiry coming from the processor |
write-reg | write to register |
x | examine raw memory contents |
The add and view arguments select an address profiler view to add to the list. Alternatively, the remove and view arguments specify an address profiler view to remove from the list. view defaults to 0 if not specified.
If called with the -clear flag, remove all address profiler views from the list.
If called without arguments, print a detailed list of the currently selected address profiler views for the processor.
The reg-name parameter specifies which control register should be traced. The available control registers depends on the simulated target.
Instead of a register name, the -all flag may be given. This will enable or disable tracing of all control register.
To list all breakpoints set use the command list-breakpoints.
To list all breakpoints set use the command list-breakpoints.
pdisable takes processor as parameter. If no processor is given, it will list all enabled processors. The method variant can also be used to disable a processor. A disabled processor is simply stalled for an infinite amount of time. Make sure that you always have at least one enabled processor.
On some architectures, address must be word aligned. A physical address is given by prefixing the address with p: (e.g., p:0xf000). With no prefix, a virtual address will be assumed. If the address is omitted the current program counter will be used. count defaults to 1 instruction.
Global disassembly settings, such as whether to print the raw opcodes, can be set by the disassemble-settings command.
This command will also include various profiling statistics for the address of each instruction, one column for each profiler view listed in the processor attribute aprof-views. For descriptions of the columns, use the <processor>.aprof-views command.
pdisable takes processor as parameter. If no processor is given, it will list all enabled processors. The method variant can also be used to disable a processor. A disabled processor is simply stalled for an infinite amount of time. Make sure that you always have at least one enabled processor.
line or file:line --- list from given line
function or file:function --- list that function
address --- list from that address
At most maxlines lines of source or asm are printed. -s produces source intermixed with disassembly, and -d only disassembles.
By default the virtual load address from the file is used, but the physical address can be used instead by specifying the -pa flag.
The -v flag turns on verbose mode, printing information about the loaded file.
When used as a global command, it will use the currently selected processor to find the memory space to load the binary into. If the -l flag is given, it will load it into the virtual memory space, otherwise it will use the physical memory space.
When using the namespace command on a processor object, it will load the binary into the virtual memory space of that processor.
When using the namespace command on a memory-space object, it will load the binary directly into that memory space.
The return value is the address of the execution entry point. This value is typically used in a call to set-pc.
load-binary uses Simics's Search Path and path markers (%simics%, %script%) to find the file to load. Refer to Simics User Guide (CLI chapter) for more information on how Simics's Search Path is used to locate files.
If called from a processor namespace (e.g., cpu0.print-time), the time for that processor is printed. Otherwise, the time for the current processor is printed, or, if the -all flag is given, the time for all processors.
if the -c flag used, the cycle count for the processor is returned and nothing is printed. The -s flag is similar and returns the step count.
A step is a completed instruction or an exception. An instruction that fails to complete because of an exception will count as a single step, including the exception.
If no cpu-name is supplied, the current frontend processor is used.
It creates a branch recorder and attaches it to the processor, just as if you had typed
new-branch-recorder branch_recorder physical
cpu.attach-branch-recorder branch_recorder
The branch recorder will (as the name implies) record branches taken by the processor (by physical addresses); various useful numbers can be computed from them. You can for example display execution count statistics by typing
branch_recorder.address-profile-data
(but you will not see anything interesting until you have let the processor run a few instructions).
To list all breakpoints set use the command list-breakpoints.
To list all breakpoints set use the command list-breakpoints.
Sum a memory range. The width of the running sum is specified with the -w8 (default), -w16, or -w32 flag, standing for 8, 16, and 32 bits respectively.
The reg-name parameter specifies which control register should be traced. The available control registers depends on the simulated target.
Instead of a register name, the -all flag may be given. This will enable or disable tracing of all control register.
The reg-name parameter specifies which control register should be traced. The available control registers depends on the simulated target.
Instead of a register name, the -all flag may be given. This will enable or disable tracing of all control register.
The reg-name parameter specifies which control register should be traced. The available control registers depends on the simulated target.
Instead of a register name, the -all flag may be given. This will enable or disable tracing of all control register.
This function may or may not have the correct side-effects, depending on target and register. If no cpu-name is given, the current frontend processor is used.
If the memory is accessed via a CPU, the type of address is specified by a prefix. For physical addresses use p:address; for virtual addresses, v:address on non-x86 targets. On x86, use segment-register:offset or l:address for x86 linear addresses.
If no prefix is given it will be interpreted as a virtual address. On x86 the default is ds:address (data segment addressing).
The size argument specifies the number of bytes to examine. When examining virtual memory, only addresses which can be found in the TLB or hardware page tables (if any) are shown. Unmapped addresses are shown as "--", undefined physical addresses as "**".