Volume 3B System Programming Guide_ Part 2 (794104), страница 4
Текст из файла (страница 4)
If theexternal interrupt is still pending, then it is serviced. The external interrupt handlerdoes not run in single-step mode. To single step an interrupt handler, single step anINT n instruction that calls the interrupt handler.18.3.1.5Task-Switch Exception ConditionThe processor generates a debug exception after a task switch if the T flag of the newtask's TSS is set. This exception is generated after program control has passed to thenew task, and prior to the execution of the first instruction of that task.
The exceptionhandler can detect this condition by examining the BT flag of the DR6 register.18-12 Vol. 3DEBUGGING AND PERFORMANCE MONITORINGIf the debug exception handler is a task, the T bit of its TSS should not be set. Failureto observe this rule will put the processor in a loop.18.3.2Breakpoint Exception (#BP)—Interrupt Vector 3The breakpoint exception (interrupt 3) is caused by execution of an INT 3 instruction.See Chapter 5, “Interrupt 3—Breakpoint Exception (#BP).” Debuggers use breakexceptions in the same way that they use the breakpoint registers; that is, as amechanism for suspending program execution to examine registers and memorylocations. With earlier IA-32 processors, breakpoint exceptions are used extensivelyfor setting instruction breakpoints.With the Intel386 and later IA-32 processors, it is more convenient to set breakpoints with the breakpoint-address registers (DR0 through DR3). However, thebreakpoint exception still is useful for breakpointing debuggers, because a breakpoint exception can call a separate exception handler.
The breakpoint exception isalso useful when it is necessary to set more breakpoints than there are debug registers or when breakpoints are being placed in the source code of a program underdevelopment.18.4LAST BRANCH RECORDING OVERVIEWP6 family processors introduced the ability to set breakpoints on taken branches,interrupts, and exceptions, and to single-step from one branch to the next. Thiscapability has been modified and extended in the Pentium 4, Intel Xeon, Pentium M,Intel® Core™ Solo, and Intel® Core™ Duo processors to allow logging of branch tracemessages in a branch trace store (BTS) buffer in memory.See the following sections:— Section 18.5, “Last Branch, Interrupt, and Exception Recording (Intel®Core™2 Duo Processor Family)”— Section 18.6, “Last Branch, Interrupt, and Exception Recording (Processorsbased on Intel NetBurst® Microarchitecture)”— Section 18.7, “Last Branch, Interrupt, and Exception Recording (Intel® Core™Solo and Intel® Core™ Duo Processors)”— Section 18.8, “Last Branch, Interrupt, and Exception Recording (Pentium MProcessors)”— Section 18.9, “Last Branch, Interrupt, and Exception Recording (P6 FamilyProcessors)”Branch instructions that are tracked with the last branch recording mechanism arethe JMP, Jcc, LOOP, and CALL instructions.Vol.
3 18-13DEBUGGING AND PERFORMANCE MONITORING18.5LAST BRANCH, INTERRUPT, AND EXCEPTIONRECORDING (INTEL® CORE™2 DUO PROCESSORFAMILY)The Intel Core 2 Duo processor family and Intel Xeon processors based on Intel Coremicroarchitecture provide last branch interrupt and exception recording. These capabilities are similar to those found in Pentium 4 processors, including support for thefollowing:•Last branch record (LBR) stack — There are four pairs of MSRs that store thesource and destination addresses related to recently executed branches. SeeSection 18.5.1.•CPL-qualified last branch recording mechanism — This is the samemechanism described in Section 18.6.1, but using the LBR stack described inSection 18.5.1.•Monitoring and single-stepping of branches, exceptions, and interrupts— See Section 18.6.4 and Section 18.6.5. In addition, the ability to freeze theLBR stack on a PMI request is available.•Branch trace messages and last exception records — See Section 18.6.6and Section 18.6.7.•Branch trace store and CPL-qualified BTS — See Section 18.6.8.18.5.1IA32_DEBUGCTL MSRThe IA32_DEBUGCTL MSR provides bit field controls to enable debug trace interrupts, debug trace stores, trace messages enable, single stepping on branches, lastbranch record recording, and to control freezing of LBR stack or performancecounters on a PMI request.
IA32_DEBUGCTL MSR is located at register address01D9H.See Figure 18-3 for the MSR layout and the bullets below for a description of theflags:•LBR (last branch/interrupt/exception) flag (bit 0) — When set, theprocessor records a running trace of the most recent branches, interrupts, and/orexceptions taken by the processor (prior to a debug exception being generated)in the last branch record (LBR) stack. For more information, see the “Last BranchRecord (LBR) Stack” bullet below.•BTF (single-step on branches) flag (bit 1) — When set, the processor treatsthe TF flag in the EFLAGS register as a “single-step on branches” flag rather thana “single-step on instructions” flag.
This mechanism allows single-stepping theprocessor on taken branches, interrupts, and exceptions. See Section 18.6.5,“Single-Stepping on Branches, Exceptions, and Interrupts,” for more informationabout the BTF flag.18-14 Vol. 3DEBUGGING AND PERFORMANCE MONITORING•TR (trace message enable) flag (bit 6) — When set, branch trace messagesare enabled. When the processor detects a taken branch, interrupt, or exception;it sends the branch record out on the system bus as a branch trace message(BTM).
See Section 18.6.6, “Branch Trace Messages,” for more information aboutthe TR flag.•BTS (branch trace store) flag (bit 7) — When set, the flag enables BTSfacilities to log BTMs to a memory-resident BTS buffer that is part of the DS savearea. See Section 18.15.5, “DS Save Area.”•BTINT (branch trace interrupt) flag (bit 8) — When set, the BTS facilitiesgenerate an interrupt when the BTS buffer is full. When clear, BTMs are logged tothe BTS buffer in a circular fashion. See Section 18.6.8, “Branch Trace Store (BTS),”for a description of this mechanism.3112 11 10 9 8 7 6 5 4 3 2 1 0ReservedFREEZE_PERFMON_ON_PMIFREEZE_LBRS_ON_PMIBTS_OFF_USR — BTS off in user codeBTS_OFF_OS — BTS off in OSBTINT — Branch trace interruptBTS — Branch trace storeTR — Trace messages enableReservedBTF — Single-step on branchesLBR — Last branch/interrupt/exceptionFigure 18-3.
IA32_DEBUGCTL MSR for Processors basedon Intel Core microarchitecture•BTS_OFF_OS (branch trace off in privileged code) flag (bit 9) — When set,BTS or BTM is skipped if CPL is 0. See Section 18.6.1.•BTS_OFF_USR (branch trace off in user code) flag (bit 10) — When set,BTS or BTM is skipped if CPL is greater than 0. See Section 18.6.1.•FREEZE_LBRS_ON_PMI flag (bits 11) — When set, the LBR stack is frozen ona hardware PMI request (e.g.
when a counter overflows and is configured to triggerPMI).•FREEZE_PERFMON_ON_PMI flag (bits 12) — When set, a PMI request clearseach of the “ENABLE” field of MSR_PERF_GLOBAL_CTRL MSR (see Figure 18-18) todisable all the counters.•Last Branch Record (LBR) Stack — The LBR consists of 4 pairs of MSRs thatstore source and destination address of recent branches (see Figure 18-4):Vol.
3 18-15DEBUGGING AND PERFORMANCE MONITORING— MSR_LASTBRANCH_0_FROM_IP (address 40H) throughMSR_LASTBRANCH_3_FROM_IP (address 43H) stores source addresses— MSR_LASTBRANCH_0_TO_IP (address 60H) throughMSR_LASTBRANCH_3_To_IP (address 63H) stores destination addresses.MSR_LASTBRANCH_0_FROM_IP through MSR_LASTBRANCH_3_FROM_IP063Source AddressMSR_LASTBRANCH_0_TO_IP through MSR_LASTBRANCH_3_TO_IP063Destination AddressFigure 18-4. LBR MSR Layout for Processors Based on Intel Core MicroarchitectureSoftware should query an architectural MSR IA32_PERF_CAPABILITIES[5:0]about the format of the address that is stored in the LBR stack.
Three formats aredefined by following encoding:— 000000B (32-bit record format) — Stores 32-bit offset in current CS ofrespective source/destination,— 000001B (64-bit LIP record format) — Stores 64-bit linear address ofrespective source/destination,— 000010B (64-bit EIP record format) — Stores 64-bit offset (effectiveaddress) of respective source/destination.Processor’s support for the architectural MSR IA32_PERF_CAPABILITIES isprovided by CPUID.01H:ECX[PERF_CAPAB_MSR] (bit 15).•Last Branch Record Top-of-Stack (TOS) Pointer — The TOS Pointer MSR(MSR_LASTBRANCH_TOS, address 1C9H) contains a 2-bit pointer (bits 1-0) tothe MSR in the LBR stack that contains the most recent branch, interrupt, orexception recorded.For compatibility, the MSR_LER_TO_LIP and the MSR_LER_FROM_LIP MSRs) duplicate functions of the LastExceptionToIP and LastExceptionFromIP MSRs found in P6family processors.18.5.2BTS and Related FacilitiesThe Debug store (DS) feature flag (bit 21), returned by CPUID.1:EDX[21] Indicatesthat the processor provides the debug store (DS) mechanism.
This mechanismallows BTMs to be stored in a memory-resident BTS buffer. See Section 18.6.8,18-16 Vol. 3DEBUGGING AND PERFORMANCE MONITORING“Branch Trace Store (BTS).” Precise event-based sampling (PEBS) also uses the DSsave area provided by debug store mechanism.18.5.2.1Freezing LBR and Performance Counters on PMIMany issues may generate a performance monitoring interrupt (PMI); a PMI servicehandler will need to determine cause to handle the situation. Two capabilities thatallow a PMI service routine to improve branch tracing and performance monitoringare:•Freezing LBRs on PMI — The processor freezes LBRs on a PMI request byclearing the LBR bit (bit 0) in IA32_DEBUGCTL. Software must then re-enableIA32_DEBUGCTL.[0] to continue monitoring branches.•Freezing PMCs on PMI — The processor freezes the performance counters on aPMI request by clearing the MSR_PERF_GLOBAL_CTRL MSR (see Figure 18-18).The PMCs affected include both general-purpose counters and fixed-functioncounters (see Section 18.14.1, “Fixed-function Performance Counters”).Software must re-enable counts by writing 1s to the corresponding enable bits inMSR_PERF_GLOBAL_CTRL before leaving a PMI service routine to continuecounter operation.Freezing LBRs and PMCs on PMIs occur when:•A performance counter had an overflow and was programmed to signal a PMI incase of an overflow.— For the general-purpose counters; this is done by setting bit 20 of theIA32_PERFEVTSELx register.— For the fixed-function counters; this is done by setting the 3rd bit in thecorresponding 4-bit control field of the MSR_PERF_FIXED_CTR_CTRL register(see Figure 18-17) or IA32_FIXED_CTR_CTRL MSR (see Figure 18-13).••The PEBS buffer is almost full and reaches the interrupt threshold.The BTS buffer is almost full and reaches the interrupt threshold.18.5.2.2Debug Store (DS) MechanismThe debug store mechanism provides the DS save area for software to collect branchrecords or precise-event-based-sampling (PEBS) records.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
