Can I examine Qemu tcg ir code? If so how?

Question

I am trying to analyse QEMU tcg IR code

I saw this post which discusses QEMU code flow. According to the diagram, the translation occurs at target-xxx/translate.c and that's where QEMU translates code from source (or front end) to TCG IR. Then further at tcg/xxx/tcg-target.c.

This process can be summarize as follows (at least according to my understanding) - Say, we have x86 as a front-end and powerpc (ppc64abi32) as a back-end, then -

x86 --> TCG IR --> ppc64abi32

I want to analyse this TCG IR code. Is there any way we can generate this code (This may not be relevant, but for eg. we can generate LLVM IR code using a flag -S with clang)?

I did some research myself and found struct TranslationBlock (in the file /include/exec/exec-all.h) which has something to do with the tcg IR code (So, I tried to print some struct variables, but I'm not sure if I'm going in the right direction). I also read the tiny code generator readme, but could not find the generation related information.

Answer 1

Look at the -d option, which enables debug printing of various things. "-d op" traces the TCG ops. You probably also will want to trace the input and output asm with in_asm and out_asm. The -D file option to dump the tracing to a file is also helpful as the tracing is usually quite large.