Branch trace

Last updated

Branch trace is a computer program debugging tool or analysis technique. It is an abbreviated instruction trace in which only the successful branch instructions are recorded. On IBM System/360 this was implemented as part of Program-Event Recording (PER) [1] but was seldom used at the application programming level. Program Event Recording hardware was used and due to the overhead of this tool, it was removed from customer-available MVS systems.

Contents

Branch tracing is also available for Pentium 4, Xeon and later Intel processors. [2] There are dedicated processor commands to enable branch tracing and save executed branches into special Intel Branch Trace Store (BTS) area of resident memory. The Branch Trace Store can be also configured to be a circular buffer, so that last executed branches are recorded. Branch tracing on Intel processors using the Branch Trace Store can cause 40x application run-time slow down. [3] For the Intel Core M and the 5th Generation of Intel Processors, Intel PT (Processor Trace) has been introduced, which aims to provide a full control flow trace. Intel PT is said to have only a minimum impact on the program's execution (< 5%). [4]

Use

With the availability and reference to a compiler listing of the program together with a branch trace, the full path of executed instructions can be reconstructed. With a lot more effort, the full path can even be reconstructed with a memory dump (containing the program storage) and a branch trace.

Alternatives

A more comprehensive trace of all the instructions (including instructions between branches) can be obtained by the use of an instruction set simulator (where available on some platforms). A full instruction trace can provide additional information such as address/length and value of memory alterations.

See also

Related Research Articles

Assembly language Low-level programming language

In computer programming, assembly language, often abbreviated asm, is any low-level programming language in which there is a very strong correspondence between the instructions in the language and the architecture's machine code instructions. Because assembly depends on the machine code instructions, every assembly language is designed for exactly one specific computer architecture. Assembly language may also be called symbolic machine code.

Microcode is a computer hardware technique that interposes a layer of organisation between the CPU hardware and the programmer-visible instruction set architecture of the computer. As such, the microcode is a layer of hardware-level instructions that implement higher-level machine code instructions or internal state machine sequencing in many digital processing elements. Microcode is used in general-purpose central processing units, although in current desktop CPUs, it is only a fallback path for cases that the faster hardwired control unit cannot handle.

x86 Family of instruction set architectures

x86 is a family of instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introduced in 1978 as a fully 16-bit extension of Intel's 8-bit 8080 microprocessor, with memory segmentation as a solution for addressing more memory than can be covered by a plain 16-bit address. The term "x86" came into being because the names of several successors to Intel's 8086 processor end in "86", including the 80186, 80286, 80386 and 80486 processors.

In computer science, an instruction set architecture (ISA) is an abstract model of a computer. It is also referred to as architecture or computer architecture. A realization of an ISA, such as a central processing unit (CPU), is called an implementation.

Debugger Computer program used to test and debug other programs

A debugger or debugging tool is a computer program used to test and debug other programs. The main use of a debugger is to run the target program under controlled conditions that permit the programmer to track its operations in progress and monitor changes in computer resources that may indicate malfunctioning code. Typical debugging facilities include the ability to run or halt the target program at specific points, display the contents of memory, CPU registers or storage devices, and modify memory or register contents in order to enter selected test data that might be a cause of faulty program execution.

In computer architecture, 64-bit integers, memory addresses, or other data units are those that are 64 bits wide. Also, 64-bit CPU and ALU architectures are those that are based on registers, address buses, or data buses of that size. 64-bit microcomputers are computers in which 64-bit microprocessors are the norm. From the software perspective, 64-bit computing means the use of code with 64-bit virtual memory addresses. However, not all 64-bit instruction sets support full 64-bit virtual memory addresses; x86-64 and ARMv8, for example, support only 48 bits of virtual address, with the remaining 16 bits of the virtual address required to be all 0's or all 1's, and several 64-bit instruction sets support fewer than 64 bits of physical memory address.

In computing, protected mode, also called protected virtual address mode, is an operational mode of x86-compatible central processing units (CPUs). It allows system software to use features such as virtual memory, paging and safe multi-tasking designed to increase an operating system's control over application software.

Memory-mapped I/O (MMIO) and port-mapped I/O (PMIO) are two complementary methods of performing input/output (I/O) between the central processing unit (CPU) and peripheral devices in a computer. An alternative approach is using dedicated I/O processors, commonly known as channels on mainframe computers, which execute their own instructions.

Tomasulo’s algorithm is a computer architecture hardware algorithm for dynamic scheduling of instructions that allows out-of-order execution and enables more efficient use of multiple execution units. It was developed by Robert Tomasulo at IBM in 1967 and was first implemented in the IBM System/360 Model 91’s floating point unit.

A processor register is a quickly accessible location available to a computer's processor. Registers usually consist of a small amount of fast storage, although some registers have specific hardware functions, and may be read-only or write-only. In computer architecture, registers are typically addressed by mechanisms other than main memory, but may in some cases be assigned a memory address e.g. DEC PDP-10, ICT 1900.

Simics is a full-system simulator used to run unchanged production binaries of the target hardware at high-performance speeds. Simics was originally developed by the Swedish Institute of Computer Science (SICS), and then spun off to Virtutech for commercial development in 1998. Virtutech was acquired by Intel in 2010 and Simics is now marketed by Wind River Systems, which was in the past a subsidiary of Intel.

Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug or malware within a process from affecting other processes, or the operating system itself. Protection may encompass all accesses to a specified area of memory, write accesses, or attempts to execute the contents of the area. An attempt to access unauthorized memory results in a hardware fault, e.g., a segmentation fault, storage violation exception, generally causing abnormal termination of the offending process. Memory protection for computer security includes additional techniques such as address space layout randomization and executable space protection.

JTAG is an industry standard for verifying designs and testing printed circuit boards after manufacture.

Breakpoint

In software development, a breakpoint is an intentional stopping or pausing place in a program, put in place for debugging purposes. It is also sometimes simply referred to as a pause.

In computing, a non-maskable interrupt (NMI) is a hardware interrupt that standard interrupt-masking techniques in the system cannot ignore. It typically occurs to signal attention for non-recoverable hardware errors.

In software engineering, profiling is a form of dynamic program analysis that measures, for example, the space (memory) or time complexity of a program, the usage of particular instructions, or the frequency and duration of function calls. Most commonly, profiling information serves to aid program optimization.

An instruction set simulator (ISS) is a simulation model, usually coded in a high-level programming language, which mimics the behavior of a mainframe or microprocessor by "reading" instructions and maintaining internal variables which represent the processor's registers.

A control register is a processor register which changes or controls the general behavior of a CPU or other digital device. Common tasks performed by control registers include interrupt control, switching the addressing mode, paging control, and coprocessor control.

Program animation or Stepping refers to the now very common debugging method of executing code one "line" at a time. The programmer may examine the state of the program, machine, and related data before and after execution of a particular line of code. This allows evaluation of the effects of that statement or instruction in isolation and thereby gain insight into the behavior of the executing program. Nearly all modern IDEs and debuggers support this mode of execution. Some testing tools allow programs to be executed step-by-step optionally at either source code level or machine code level depending upon the availability of data collected at compile time.

ptrace is a system call found in Unix and several Unix-like operating systems. By using ptrace one process can control another, enabling the controller to inspect and manipulate the internal state of its target. ptrace is used by debuggers and other code-analysis tools, mostly as aids to software development.

References

  1. "IBM Knowledge Center". publib.boulder.ibm.com.[ permanent dead link ]
  2. IA-32 Intel® Architecture Software Developer’s Manual (ftp://download.intel.com/support/processors/celeron/sb/6.pdf%5B%5D), Volume 3B: System Programming Guide, Part 2, Chapter 18.4 Last branch recording overview.
  3. Exploiting Hardware Advances for Software Testing and Debugging (NIER Track) , by Mary Lou Soffa, Kristen R. Walcott, Jason Mars, in Proceedings of ICSE, 2011. See Chapter 4.2 Branch Trace Store.
  4. Intel® 64 and IA-32 Architectures Software Developer’s Manual , See Chapter 35 Intel Processor Trace.