Not applicable.
Not applicable.
1. Field of the Invention
The present invention relates generally to the instruction stream executed by a microprocessor. More particularly, the invention relates to recreating an actual instruction stream executed by a microprocessor in part by using the microprocessor""s branch trace data. More particularly still, the invention relates to capturing branch trace data, input/output reads and writes, and direct memory access transactions to recreate an actual instruction stream executed by the microprocessor.
2. Background of the Invention
Computer programs are typically written in various high level programming languages. For example, a program may be written in C, C++, Fortran, Cobal or any other of a vast array of programming languages optimized for specific applications. However, computer systems do not directly execute the instructions written in these high level languages; rather, each of these languages must be compiled. Compiling involves taking the text file in a particular language and creating a series of instructions, in binary format, that are executable by the microprocessor. However, the instructions executed by the microprocessor are not as simplistic or straightforward as a particular programming language may imply. For example, a simple C or C++ instruction may be:
if (variablexe2x80x941 greater than  variablexe2x80x942) {[perform some task]}
In a C or C++ language, this instruction simply says that if variablexe2x80x941 is greater than variablexe2x80x942, perform the task within the brackets. However, for a microprocessor to make the determination takes significantly more steps than the simple xe2x80x98ifxe2x80x99 statement implies. For example, the xe2x80x98ifxe2x80x99 statement above may result in at least the following functions performed by the microprocessor, expressed in assembly language format:
Thus, it is the compiler""s job to translate from the human readable programming language to machine language and also to implement the shorthand notation of the programming language into steps that may be performed by the microprocessor.
Using de-compilers or the like, it is possible to de-compile executable programs to determine the series of instructions executed by a microprocessor to perform some program, e.g. the xe2x80x98ifxe2x80x99 statement as described above. However, executable programs, particularly in machine language form, contain many jumps and conditional jumps based on variables that may be known only during actual program execution. In other words, while one may be able to determine generally how a microprocessor steps through a particular program, including multiple jumps to various locations, the exact steps a microprocessor takes may not be determined because they may be based on real time variables generated or created during execution.
Consider, for example, a jump to a particular location. The microprocessor steps through various instructions and then comes to the jump instruction which commands the microprocessor to jump to and continue executing at a non-contiguous program location. Jump commands can be direct jumps, meaning that the microprocessor jumps to a particular location in the program which is known in advance. Jumps can also be indirect jumps, meaning that the microprocessor is commanded to jump to a location whose address is stored in a register. The locations indicated by the register may be based on variables available only during an actual execution of a program. Thus, one attempting to de-compile the steps a microprocessor takes in executing a program cannot determine the sequence to which the microprocessor jumps by looking at the executable program alone.
Microprocessor instruction sets also include conditional jumps, meaning that the microprocessor jumps to a different location in the program based on the outcome of some mathematical calculation. A microprocessor may jump, for example, if variable in a register is larger than another variable. By looking only at the executable program, it may not be possible to determine whether a microprocessor jumps at this program location because the variables controlling the condition of the jump may be specific to the particular execution. Indeed, these variable may change from execution to execution.
Some microprocessor manufacturers design their microprocessors with the ability to output data relating to conditional jumps. That is, some microprocessors may have the ability to output information regarding whether they jumped or did not jump at a particular executable instruction. However, this information alone falls short of the information necessary to reconstruct or recreate the actual instruction stream.
Thus, what is needed in the art is a method to synthesize or reconstruct the actual instruction stream executed by a microprocessor including the target locations of indirect jumps and other execution specific variables.
The problems noted above are solved in large part by a method of synthesizing the instruction stream executed by the microprocessor which has several facets. The first facet is a microprocessor adapted to write branch instruction data. Specifically, the microprocessor has the ability to write or output whether a conditional jump was taken, the target location of an indirect jump, the value of the code segment (CS) and extended instruction pointer (EIP) registers when the microprocessor received an interrupt and the processor internal registers. The microprocessor preferably writes this information to a buffer in main memory. Further, a data capture device on the primary expansion bus captures all input/output (I/O) information and all direct memory access (DMA) transactions.
Finally, the method includes installing a memory dump device on a secondary expansion bus of the computer. Based on the assertion of a system management interrupt (SMI), system management mode (SMM) software dumps the entire contents of the main memory array to a control computer coupled to the test system through the memory dump device. Based on the memory dump information, the branch trace data generated by the microprocessor, the processor internal registers at the time of memory dump, and the I/O and DMA information captured by the logic analyzer, a user may recreate or synthesize the microprocessor instruction stream.
Broadly speaking, the invention contemplates a system capable of capturing data necessary for synthesizing an instruction stream comprising a target computer system having a microprocessor for which the instruction stream is to be synthesized, where the target system is adapted to capture branch trace data sufficient to reconstruct the instruction stream. The system also comprises a control computer system coupled to the target computer system, where the control computer system is adapted to control program execution in the target system and to download branch trace data from the target computer system.
The invention further contemplates a method of recreating an instruction stream for a microprocessor comprising writing branch trace data to buffers, capturing system memory images, capturing processor internal registers, capturing input/output (I/O) reads and writes, capturing direct memory access (DMA) transactions, and recreating an instruction stream executed by a microprocessor using the branch trace data, captured I/O reads and writes, and the captured DMA transactions.