1 / 14

Microprocessor system architectures – IA32 debugging and performance monitoring

Microprocessor system architectures – IA32 debugging and performance monitoring. Jakub Yaghob. Debug exception #DB Nearly all debug events Breakpoint exception #BP Exception invoked by INT3 Debug registers DR0 - DR3 , DR6 , DR7 T flag in TSS During attempt to switch task.

orli-nixon
Download Presentation

Microprocessor system architectures – IA32 debugging and performance monitoring

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microprocessor system architectures– IA32 debugging and performance monitoring Jakub Yaghob

  2. Debug exception#DB Nearly all debug events Breakpoint exception#BP Exception invoked by INT3 Debug registers DR0-DR3, DR6, DR7 Tflag in TSS During attempt to switch task EFLAGS[RF] Resume Flag – disables multiple exceptions to the instruction EFLAGS[TF] Trap Flag – generates #DB after every execution of an instruction Breakpoint instruction INT3 Last branch recording Only P6+ Overview of debugging support

  3. Conditions for invoking the debugger • Task switch • Execution of breakpoint instruction • Execution of any instruction • Execution of an instruction at a specified address • Read or write of B, W, D at a specified memory address • Write to B, W, D at a specified memory address • Input of B, W, D at a specified I/O address (Pentium+) • Output to B, W, D at a specified I/O address (Pentium+) • Attempt to change the contents of a debug register

  4. Program tracing • Tracing enabled byEFLAGS[TF]=1 • Exception#DBinvoked after every instruction execution withTFset before the instruction execution • It is a TRAP • An instruction, which sets TF, does not invoke the exception • An instruction, which clearsTF, invokes the exception • TFcleared before calling the exception/interrupt handler • TFdoes not change its state during CPL changes • Concurrent occurrence of single-step and an external interrupt • #DB invoked • TF cleared • The external interrupt handler invoked before the first instruction of #DB handler

  5. Task switching • TSS[T] set for a target task • Invoked after the task is switched before the first instruction of the target task is executed • #DB should not be handled by a task with T flag set • CPU in loop

  6. Breakpoint instruction • InstructionINT3 • Encoded as 1B instruction • Suitable for inserting into the code to any address • Using • Write theINT3instruction to the breakpoint and remember previous contents • #BPinvokes debugger • Before returning from#BPthe EFLAGS[TF] is set on the stack and original contents is written back to the breakpoint • Return from the exception • #DB for single-step invoked after the instruction on the breakpoint is executed • Clear the TFand write back INT3to the breakpoint

  7. Debug registers– I

  8. Debug registers– II • Status registerDR6 • Bn – condition n detected • BD – debug registers access detected withDR7[GD] • BS – singlestep • BT – task switch • Control registerDR7 • Ln – local breakpoint enabled • Gn – global breakpoint enabled • GD – general detect enable • R/Wn – breakpoint condition • LENn – size of memory location

  9. Breakpoint recognition • Address • The addressmust be aligned to the size • Data and I/O breakpoint • Any accessed byte inside the range • Instruction breakpoint • Must have size 1B • Only the first byte of an instruction

  10. Breakpoint conditions

  11. Instruction breakpoint • It is FAULT • We need to avoid endless loop on the breakpoint • High priority • Invoked before other exceptions • Not invoked on an instruction after the POP SS/MOV SS instruction • How to avoid the endless loop • The flagEFLAGS[RF] • Automatically set before any FAULT exception is invoked, except of instruction breakpoint • Cleared after successful execution of an instruction, except of task switch (JMP, CALL, INT, IRET) • It can be explicitly set only by reading EFLAGS from the stack/TSS returning from interrupt handler • Using as a breakpoint • Set the RF in the EFLAGS image on the stack/v TSS

  12. Last branch recording • Introduced in the Pentium Pro • Depends tightly on model and MSRs • Branches, interrupts, exceptions • Branches: JMP, Jcc, LOOP, CALL/RET

  13. Performance monitoring • Introduced in the Pentium • Time-stamp counter • Architectural performance monitoring • Behaves consistently across microarchitectures • Performance monitoring depending on a microarchitecture • MSRs

  14. Time-stamp counter • Support • TSC flag • Availability check in CPUID.1:EDX.TSC • IA32_TIME_STAMP_COUNTER MSR • MSR used as a counter • 64-bit • RDTSC instruction • TSD flag • Enable/disable TSC (CR4[TSD]) • Behavior • Older CPUs • Increments with every internal clock cycle • Newer CPUs • Increments at a constant rate

More Related