Browse Prior Art Database

Low-Cost Instruction and Address Tracing

IP.com Disclosure Number: IPCOM000116193D
Original Publication Date: 1995-Aug-01
Included in the Prior Art Database: 2005-Mar-30
Document File: 2 page(s) / 85K

Publishing Venue

IBM

Related People

Lipasti, MH: AUTHOR [+2]

Abstract

A low-overhead mechanism for collecting instruction and address traces using trap-driven simulation and processor emulation is disclosed. The mechanism minimizes both collection-time CPU overhead as well as trace size by capturing the working set of the process being traced and storing it offline. The captured working set is then used to feed a functional CPU emulator which can then regenerate all instruction and data memory references for subsequent simulation and/or analysis.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Low-Cost Instruction and Address Tracing

      A low-overhead mechanism for collecting instruction and address
traces using trap-driven simulation and processor emulation is
disclosed.  The mechanism minimizes both collection-time CPU overhead
as well as trace size by capturing the working set of the process
being traced and storing it offline.  The captured working set is
then used to feed a functional CPU emulator which can then regenerate
all instruction and data memory references for subsequent simulation
and/or analysis.

      The trace collection mechanism operates by inserting code into
a handful of key paths in the operating system.  These include the
memory
breakpoint handler, the page fault path, and the system call path.

      When collection is started on a task in the system, all of the
physical memory mapped by that task is marked with memory breakpoints
(this is accomplished with the same mechanism that a debugger would
use, which usually involves manipulating the Error Correction Code
(ECC) bits for the memory in question).  A special trace record is
generated that contains the initial register state of the task in
question.  Once the process starts executing, and makes a memory
reference, a memory breakpoint exception occurs.  The exception
handler then creates a trace record consisting of the data in the
cache line that was referenced, and then removes the breakpoints from
memory for that cache line.  Any subsequent references to that line
will be treated as hits, and will proceed at full hardware speed.
This process is repeated for every first reference to a
cache-line-sized piece of storage, and effectively captures the
entire working set of the process being traced.  Standard compression
techniques can be applied to the collected trace records to minimize
storage and bandwidth requirements.

      Page faults that bring data into the address space of the task
being traced must also be modified to mark the entire page with
memory
breakpoints. ...