Branch trace

Last updated

Branch trace is a computer program debugging tool or analysis technique. It is an abbreviated instruction trace in which only the successful branch instructions are recorded. On IBM System/360 this was implemented as part of Program-Event Recording (PER) [1] but was seldom used at the application programming level. Program Event Recording hardware was used and due to the overhead of this tool, it was removed from customer-available MVS systems.

Contents

Branch tracing is also available for Pentium 4, Xeon and later Intel processors. [2] There are dedicated processor commands to enable branch tracing and save executed branches into special Intel Branch Trace Store (BTS) area of resident memory. The Branch Trace Store can be also configured to be a circular buffer, so that last executed branches are recorded. Branch tracing on Intel processors using the Branch Trace Store can cause 40x application run-time slow down. [3] For the Intel Core M and the 5th Generation of Intel Processors, Intel PT (Processor Trace) has been introduced, which aims to provide a full control flow trace. Intel PT is said to have only a minimum impact on the program's execution (< 5%). [4]

Use

With the availability and reference to a compiler listing of the program together with a branch trace, the full path of executed instructions can be reconstructed. With a lot more effort, the full path can even be reconstructed with a memory dump (containing the program storage) and a branch trace.

Alternatives

A more comprehensive trace of all the instructions (including instructions between branches) can be obtained by the use of an instruction set simulator (where available on some platforms). A full instruction trace can provide additional information such as address/length and value of memory alterations.

See also

Related Research Articles

In processor design, microcode serves as an intermediary layer situated between the central processing unit (CPU) hardware and the programmer-visible instruction set architecture of a computer, also known as its machine code. It consists of a set of hardware-level instructions that implement the higher-level machine code instructions or control internal finite-state machine sequencing in many digital processing components. While microcode is utilized in Intel and AMD general-purpose CPUs in contemporary desktops and laptops, it functions only as a fallback path for scenarios that the faster hardwired control unit is unable to manage.

x86 Family of instruction set architectures

x86 is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel, based on the 8086 microprocessor and its 8-bit-external-bus variant, the 8088. The 8086 was introduced in 1978 as a fully 16-bit extension of 8-bit Intel's 8080 microprocessor, with memory segmentation as a solution for addressing more memory than can be covered by a plain 16-bit address. The term "x86" came into being because the names of several successors to Intel's 8086 processor end in "86", including the 80186, 80286, 80386 and 80486. Colloquially, their names were "186", "286", "386" and "486".

<span class="mw-page-title-main">64-bit computing</span> Computer architecture bit width

In computer architecture, 64-bit integers, memory addresses, or other data units are those that are 64 bits wide. Also, 64-bit central processing units (CPU) and arithmetic logic units (ALU) are those that are based on processor registers, address buses, or data buses of that size. A computer that uses such a processor is a 64-bit computer.

In computing, protected mode, also called protected virtual address mode, is an operational mode of x86-compatible central processing units (CPUs). It allows system software to use features such as segmentation, virtual memory, paging and safe multi-tasking designed to increase an operating system's control over application software.

Memory-mapped I/O (MMIO) and port-mapped I/O (PMIO) are two complementary methods of performing input/output (I/O) between the central processing unit (CPU) and peripheral devices in a computer. An alternative approach is using dedicated I/O processors, commonly known as channels on mainframe computers, which execute their own instructions.

Tomasulo's algorithm is a computer architecture hardware algorithm for dynamic scheduling of instructions that allows out-of-order execution and enables more efficient use of multiple execution units. It was developed by Robert Tomasulo at IBM in 1967 and was first implemented in the IBM System/360 Model 91’s floating point unit.

A processor register is a quickly accessible location available to a computer's processor. Registers usually consist of a small amount of fast storage, although some registers have specific hardware functions, and may be read-only or write-only. In computer architecture, registers are typically addressed by mechanisms other than main memory, but may in some cases be assigned a memory address e.g. DEC PDP-10, ICT 1900.

Simics is a full-system simulator or virtual platform used to run unchanged production binaries of the target hardware. Simics was originally developed by the Swedish Institute of Computer Science (SICS), and then spun off to Virtutech for commercial development in 1998. Virtutech was acquired by Intel in 2010. Currently, Simics is provided by Intel in a public release and sold commercially by Wind River Systems, which was in the past a subsidiary of Intel.

Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug or malware within a process from affecting other processes, or the operating system itself. Protection may encompass all accesses to a specified area of memory, write accesses, or attempts to execute the contents of the area. An attempt to access unauthorized memory results in a hardware fault, e.g., a segmentation fault, storage violation exception, generally causing abnormal termination of the offending process. Memory protection for computer security includes additional techniques such as address space layout randomization and executable-space protection.

JTAG is an industry standard for verifying designs of and testing printed circuit boards after manufacture.

<span class="mw-page-title-main">Breakpoint</span> Debugging method used in software development

In software development, a breakpoint is an intentional stopping or pausing place in a program, put in place for debugging purposes. It is also sometimes simply referred to as a pause.

In computing, a non-maskable interrupt (NMI) is a hardware interrupt that standard interrupt-masking techniques in the system cannot ignore. It typically occurs to signal attention for non-recoverable hardware errors. Some NMIs may be masked, but only by using proprietary methods specific to the particular NMI. With regard to SPARC, the non-maskable interrupt (NMI), despite having the highest priority among interrupts, can be prevented from occurring through the use of an interrupt mask.

In software engineering, profiling is a form of dynamic program analysis that measures, for example, the space (memory) or time complexity of a program, the usage of particular instructions, or the frequency and duration of function calls. Most commonly, profiling information serves to aid program optimization, and more specifically, performance engineering.

An instruction set simulator (ISS) is a simulation model, usually coded in a high-level programming language, which mimics the behavior of a mainframe or microprocessor by "reading" instructions and maintaining internal variables which represent the processor's registers.

System Management Mode is an operating mode of x86 central processor units (CPUs) in which all normal execution, including the operating system, is suspended. An alternate software system which usually resides in the computer's firmware, or a hardware-assisted debugger, is then executed with high privileges.

The interrupt descriptor table (IDT) is a data structure used by the x86 architecture to implement an interrupt vector table. The IDT is used by the processor to determine the memory addresses of the handlers to be executed on interrupts and exceptions.

A control register is a processor register that changes or controls the general behavior of a CPU or other digital device. Common tasks performed by control registers include interrupt control, switching the addressing mode, paging control, and coprocessor control.

On the x86 architecture, a debug register is a register used by a processor for program debugging. There are six debug registers, named DR0...DR7, with DR4 and DR5 as obsolete synonyms for DR6 and DR7. The debug registers allow programmers to selectively enable various debug conditions associated with a set of four debug addresses. Two of these registers are used to control debug features. These registers are accessed by variants of the MOV instruction. A debug register may be either the source operand or destination operand. The debug registers are privileged resources; the MOV instructions that access them can only be executed at privilege level zero. An attempt to read or write the debug registers when executing at any other privilege level causes a general protection fault.

<span class="mw-page-title-main">Emulator</span> System allowing a device to imitate another

In computing, an emulator is hardware or software that enables one computer system to behave like another computer system. An emulator typically enables the host system to run software or use peripheral devices designed for the guest system. Emulation refers to the ability of a computer program in an electronic device to emulate another program or device.

ptrace is a system call found in Unix and several Unix-like operating systems. By using ptrace one process can control another, enabling the controller to inspect and manipulate the internal state of its target. ptrace is used by debuggers and other code-analysis tools, mostly as aids to software development.

References

  1. "IBM Knowledge Center". publib.boulder.ibm.com.[ permanent dead link ]
  2. IA-32 Intel® Architecture Software Developer’s Manual (ftp://download.intel.com/support/processors/celeron/sb/6.pdf%5B‍%5D), Volume 3B: System Programming Guide, Part 2, Chapter 18.4 Last branch recording overview.
  3. Exploiting Hardware Advances for Software Testing and Debugging (NIER Track) , by Mary Lou Soffa, Kristen R. Walcott, Jason Mars, in Proceedings of ICSE, 2011. See Chapter 4.2 Branch Trace Store.
  4. Intel® 64 and IA-32 Architectures Software Developer’s Manual , See Chapter 35 Intel Processor Trace.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.