Intel processor trace - What are Recorded?
-
Upload
pipat-methavanitpong -
Category
Engineering
-
view
402 -
download
6
description
Transcript of Intel processor trace - What are Recorded?
![Page 1: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/1.jpg)
Processor TraceWHAT ARE RECORDED?
Pipat Methavanitpong+PipatMethavanitpong@fulcronz27
![Page 2: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/2.jpg)
Foreword
This work is done solely by myself without support from Intel Information in this document is derived from
IA64 System Programming Manual – Chapter 36 Some are from my understanding Mistakes or wrong information may appear I am willing to update and correct errata
Please contact me via Google Hangout I am not responsible for damage using this document
![Page 3: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/3.jpg)
Objective
Give summary of data generated from Intel PT
Include relationships between data types partially Not include its mechanism and controlling
![Page 4: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/4.jpg)
PT Overview
Machine instruction-level tracing Use dedicated hardware to trace
Convention uses software to trace software Bird eye view observation
Can fully reconstruct execution at Analyze time Record events that cannot be refer solely from binary Usage
Low-level debugging Fine tuning performance State recovery
![Page 5: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/5.jpg)
Background
At the lowest level programs are chunks of machine instructions Processor executes machine instructions in sequential fashion Processor does not execute in sequence when
Executing a redirecting machine instruction Handling an interrupt or an exception (asynchronous event) …
Execution context may be changed Changing execution mode Page switching …
![Page 6: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/6.jpg)
Pros and Cons
Pros Finest grain in software tracing
Machine instruction level
Cons Design overhead
Additional hardware Man-picked dynamic events
May miss some categories Hard to change
Hardware implementation
*My own opinion
![Page 7: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/7.jpg)
Packet Types
1. Packet Stream Boundary – Interval beats, Sync point for analyzer2. Taken Not-Taken – Conditional branch decision3. Target IP – Target address within program binary4. Flow Update Packets – Target address outside program binary (async events)5. Paging Information Packet – Modification to CR3 task page base address6. Time-Stamp Counter – Wall clock data7. MODE – Execution mode8. Core Bus Ratio – Bus clock ratio9. Overflow – Internal buffer overflow10. PAD – Alignment purpose
![Page 8: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/8.jpg)
Packet Summary
Processor Trace Packets
Redirection
Inside traced program
TNT TIP
Outside traced
program
FUP
Environment
Execution
PIP MODE CBR
Trace
PSB OVF
Misc
Alignment
PAD
Time
TSC
*does not imply packet combination
![Page 9: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/9.jpg)
Taken Not-Taken (TNT)
A group of binary decisions 2 types of event
Conditional branch Taken(1) / Not taken(0)
Unmodified return address Taken(1)
2 sizes Short TNT – 8-bit packet contains 6 decision bits Long TNT – 64-bit packet contains 47 decision bits
No need to fill all the bits Partial TNT when generates other packets in the middle
Decision
Taken (1) Not Taken (0)
![Page 10: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/10.jpg)
Target IP (TIP)
A destination address within traced program Used for
Indirect jump / call – use an address from a register or memory Modified return address – return address on a call stack is modified
Has different packet signature from FUP Has 2 extra variants
TIP.PGE – Packet Generation Enable TIP.PGD – Packet Generation Disable
![Page 11: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/11.jpg)
Flow Update Packet (FUP)
A destination address outside a traced program Generated when asynchronous event happens
External interrupts Exceptions and faults X instructions #SMI WRMSR that clears TraceEn (one of flags that control tracing operation)
Generated in combination with other packets (not talked here) Has different packet signature from TIP
![Page 12: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/12.jpg)
Page Information Packet (PIP)
Keep track of page information Current linear address range
CR3 register contains task’s page base address Generated when CR3 is modified
Has exceptional cases
![Page 13: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/13.jpg)
MODE packet
Record of processor modes that affect Execution behavior Analyze operation
2 modes are recorded Execution modes
16- / 32- / 64-bit TSX transaction operations
Begin / commit / abort Either HLE or RTM
![Page 14: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/14.jpg)
Core Bus Ratio (CBR) Packet
Tells current core:bus ratio Cannot tell CBR change starts affecting which IP Generated when
CBR changes As a part of PSB+
![Page 15: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/15.jpg)
Packet Stream Boundary (PSB)
Generated every 4k traces Like heartbeats for trace operation
Analyzer searches for this packet first to start decoding PSB itself does not contains any information
Just pure binary signature Generated in combination with other packets
A whole pack is called PSB+ Tells current execution environment
![Page 16: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/16.jpg)
Overflow (OVF) Packet
Generated when PT happens to overflow its internal buffer
Analyzer skips to next FUP or TIP.PGE
![Page 17: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/17.jpg)
PAD
Simply padding No information contained Improve packet-alignment
Or some implementation reasons
![Page 18: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/18.jpg)
Time-Stamp Counter (TSC)
Give wall clock time Included in PSB+ Precedes CBR packet
![Page 19: Intel processor trace - What are Recorded?](https://reader033.fdocuments.us/reader033/viewer/2022061207/54843b63b4af9f83478b45fd/html5/thumbnails/19.jpg)
THE END