Profiling and Coverage
| Profile and coverage collection support is currently experimental. |
TEMU supports the collection of execution profiles. These profiles can also be used for coverage analysis.
At present the following metrics are collected:
-
Taken branch counters
-
Not-taken branches counters
As profiling has a negative performance impact, it needs to be enabled.
Enabling Profiling Mode
To enable profiling in the command line
invoke the enableProfiling command method.
| The memSpace property should be set to the CPUs memory space object. The memSpace property was introduced as an optional property in TEMU 2.2.6 in order to support forwards compatibility. |
cpu0.memSpace=mem0
cpu0.enableProfilingTo enable profiling in the API
call the enableProfiling() method in the CpuIface
cpuIfaceRef.Iface->enableProfiling(cpuIfaceRef.Obj);Exporting Profiles
Profiles can be exported in YAML format with the cov-write command.
Before cov-write, the profile state should be flushed.
cpu0.flushProfile
cov-write file='-'
cov-write can use the - name in order to specify stdout.
|
The exported format currently looks like the following:
---
branch-arcs:
- {src: 0x4, tgt: 0x204, count: 1}src-
Marks out the physical address of the branch instruction.
tgt-
Marks the physical address of the target of the branch.
count-
Marks how many time that branch arc has been executed.
From the branch arcs (in combination with the binary), it is possible to derive information such as instruction coverage and branch coverage.