README_TOOL.txt
15.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
*******************************************************************************
* README *
* *
* This file provides all the information regarding Intel(R) Processor Trace *
* Tool. It consists explanation about how Tool internally works, its hardware *
* and software dependencies, build procedure and usage of the API. *
*******************************************************************************
============
Introduction
============
The Intel(R) Processor Trace Tool is developed on top of LLDB and provides its
its users execution trace of the debugged applications. Tool makes use of
Intel(R) Processor Trace hardware feature implementation inside LLDB for this
purpose. This hardware feature generates a set of trace packets that
encapsulates program flow information. These trace packets along with the binary
of the application can be decoded with the help of a software decoder to
construct the execution trace of the application.
More information about Intel(R) Processor Trace feature can be obtained from
website: https://software.intel.com/en-us/blogs/2013/09/18/processor-tracing
=========
Details
=========
The functionality of the Tool consists three parts:
1. Raw Trace Collection from LLDB
With the help of API of this Tool (given below), Intel(R) Processor Trace
can be started on the application being debugged with LLDB. The generated
trace of the application is gathered inside LLDB and is collected by the
Tool from LLDB through LLDB's public API.
2. Raw Trace Decoding
For decoding the raw trace data, the Tool makes use of "libipt", an
Intel(R) Processor Trace Decoder Library. The library needs binary of
the application and information about the cpu on which the application is
running in order to decode the raw trace. The Tool gathers this
information from LLDB public API and provide it to "libipt". More
information about "libipt" can be found at:
https://software.intel.com/en-us/blogs/2013/09/18/processor-tracing and
https://github.com/01org/processor-trace
3. Decoded Trace Post-processing
The decoded trace is post-processed to reconstruct the execution flow of
the application. The execution flow contains the list of assembly
instructions (called instruction log hereafter).
=============
Dependencies
=============
The Tool has following hardware and software dependencies:
- Hardware dependency: The Tool makes use of this hardware feature to capture
raw trace of an application from LLDB. This hardware feature may not be
present in all processors. The hardware feature is supported on Broadwell
and other succeeding CPUs such as Skylake etc. In order for Tool to provide
something meaningful, the target machine on which the application is running
should have this feature.
- Software dependency: The Tool has an indirect dependency on the Operating
System level software support for Intel(R) Processor Trace on the target
machine where the application is running and being debugged by LLDB. This
support is required to enable raw trace generation on the target machine.
Currently, the Tool works for applications running on Linux OS as till now
the Operating System level support for the feature is present only in Linux
(more specifically starting from the 4.1 kernel). In Linux, this feature is
implemented in perf_events subsystem and is usable through perf_event_open
system call. In the User space level, the Tool has a direct dependency on
"libipt" to decode the captured raw trace. This library might be
pre-installed on host systems. If not then the library can be built from
its sources (available at): https://github.com/01org/processor-trace
============
How to Build
============
The Tool has a cmake based build and can be built by specifying some extra flags
while building LLDB with cmake. The following cmake flags need to be provided to
build the Tool:
- LIBIPT_INCLUDE_PATH - The flag specifies the directory where the header
file of "libipt" resides. If the library is not pre-installed on the host
system and is built directly from "libipt" project sources then this file
may either come as a part of the sources itself or will be generated in
build folder while building library.
- LIBIPT_LIBRARY_PATH - The flag points to the location of "libipt" shared
library.
The Tool currently works successfully with following versions of this library:
- v1.4, v1.5, v1.6
============
How to Use
============
The Tool's API are exposed as a C++ object oriented interface (file PTDecoder.h)
in a shared library. The main class that implements the whole functionality is
PTDecoder. This class makes use of 3 other classes,
- PTInstruction to represent an assembly instruction
- PTInstructionList to return instruction log
- PTTraceOptions to return trace specific information
The users can use these API to develop their own products. All API are also
available as python functions through a script bridging interface, allowing
them to be used directly from python either interactively or to build python
apps.
Currently, cli wrapper has been developed on top of the Tool to use it through
LLDB's command line. Please refer to README_CLI.txt file for command line usage.
A brief introduction about the classes and their API are given below.
class PTDecoder
===============
This class makes use of Intel(R) Processor Trace hardware feature
(implemented inside LLDB) to gather trace data for an inferior (being
debugged with LLDB) to provide meaningful information out of it. Currently
the meaningful information comprises of the execution flow of the inferior
(in terms of assembly instructions executed). The class enables user to:
- start the trace with configuration options for a thread/process,
- stop the trace for a thread/process,
- get the execution flow (assembly instructions) for a thread and
- get trace specific information for a thread
Corresponding API are explained below:
a) void StartProcessorTrace(lldb::SBProcess &sbprocess,
lldb::SBTraceOptions &sbtraceoptions,
lldb::SBError &sberror)
------------------------------------------------------------------------
This API allows the user to start trace on a particular thread or on
the whole process with Intel(R) Processor Trace specific
configuration options.
@param[in] sbprocess : A valid process on which this operation
will be performed. An error is returned in case of an invalid
process.
@param[out] sberror : An error with the failure reason if API
fails. Else success.
@param[in] sbtraceoptions : Contains thread id information and
configuration options:
For tracing a single thread, provide a valid thread id. If
sbprocess doesn't contain this thread id, error will be returned.
For tracing complete process, set to lldb::LLDB_INVALID_THREAD_ID
Configuration options comprises of:
- trace buffer size, meta data buffer size, TraceType and
- All other possible Intel(R) Processor Trace specific
configuration options (hereafter collectively referred as
CUSTOM_OPTIONS)
Trace buffer, meant to store the trace data read from target
machine, inside LLDB is configured as a cyclic buffer. Hence,
depending upon the trace buffer size provided here, buffer
overwrites may happen while LLDB writes trace data into it.
CUSTOM_OPTIONS are formatted as json text i.e. {"Name":Value,
"Name":Value,...} inside sbtraceoptions, where "Value" should be
a 64-bit unsigned integer in hex format. For information
regarding what all configuration options are currently supported
by LLDB and detailed information about CUSTOM_OPTIONS usage,
please refer to SBProcess::StartTrace() API description. An
overview of some of the various CUSTOM_OPTIONS are briefly given
below. Please refer to "Intel(R) 64 and IA-32 Architectures
Software Developer's Manual" for more details about them.
- CYCEn Enable/Disable Cycle Count Packet (CYC) Packet
- OS Packet generation enabled/disabled if
Current Privilege Level (CPL)=0
- User Packet generation enabled/disabled if CPL>0
- CR3Filter Enable/Disable CR3 Filtering
- MTCEn Enable/disable MTC packets
- TSCEn Enable/disable TSC packets
- DisRETC Enable/disable RET Compression
- BranchEn Enable/disable COFI-based packets
- MTCFreq Defines MTC Packet Frequency
- CycThresh CYC Packet threshold
- PSBFreq Frequency of PSB Packets
TraceType should be set to
lldb::TraceType::eTraceTypeProcessorTrace, else error is
returned. To find out any other requirement to start tracing
successfully, refer to SBProcess::StartTrace() API description.
LLDB's current implementation of Intel(R) Processor Trace
feature may round off invalid values for configuration options.
Therefore, the configuration options with which the trace was
actually started, might be different to the ones with which
trace was asked to be started by user. The actual used
configuration options can be obtained from
GetProcessorTraceInfo() API.
b) void StopProcessorTrace(lldb::SBProcess &sbprocess,
lldb::SBError &sberror,
lldb::tid_t tid = LLDB_INVALID_THREAD_ID)
------------------------------------------------------------------------
This API allows the user to Stop trace on a particular thread or on
the whole process.
@param[in] sbprocess : A valid process on which this operation will
be performed. An error is returned in case of an invalid process.
@param[in] tid : To stop tracing a single thread, provide a
valid thread id. If sbprocess doesn't contain the thread tid,
error will be returned. To stop tracing complete process, use
lldb::LLDB_INVALID_THREAD_ID
@param[out] sberror : An error with the failure reason if API fails.
Else success
c) void GetInstructionLogAtOffset(lldb::SBProcess &sbprocess, lldb::tid_t tid,
uint32_t offset, uint32_t count,
PTInstructionList &result_list,
lldb::SBError &sberror)
------------------------------------------------------------------------
This API provides instruction log that contains the execution flow
for a thread of a process in terms of assembly instruction executed.
The API works on only 1 thread at a time. To gather this information
for whole process, this API needs to be called for each thread.
@param[in] sbprocess : A valid process on which this operation
will be performed. An error is returned in case of an invalid
process.
@param[in] tid : A valid thread id of the thread for which
instruction log is desired. If sbprocess doesn't contain the
thread tid, error will be returned.
@param[in] count : Number of instructions requested by the
user to be returned from the complete instruction log. Complete
instruction log refers to all the assembly instructions obtained
after decoding the complete raw trace data obtained from LLDB.
The length of the complete instruction log is dependent on the
trace buffer size with which processor tracing was started for
this thread.
The number of instructions actually returned are dependent on
'count' and 'offset' parameters of this API.
@param[in] offset : The offset in the complete instruction log
from where 'count' number of instructions are requested by the
user. offset is counted from the end of of this complete
instruction log (which means the last executed instruction
is at offset 0 (zero)).
@param[out] result_list : Depending upon 'count' and 'offset' values,
list will be overwritten with the instructions.
@param[out] sberror : An error with the failure reason if API
fails. Else success
d) void GetProcessorTraceInfo(lldb::SBProcess &sbprocess, lldb::tid_t tid,
PTTraceOptions &options, lldb::SBError &sberror)
------------------------------------------------------------------------
This API provides Intel(R) Processor Trace specific information for
a thread of a process. The API works on only 1 thread at a time. To
gather this information for whole process, this API needs to be
called for each thread. The information contains the actual
configuration options with which the trace was started for this
thread.
@param[in] sbprocess : The valid process on which this operation
will be performed. An error is returned in case of an invalid
process.
@param[in] tid : A valid thread id of the thread for which the
trace specific information is required. If sbprocess doesn't
contain the thread tid, an error will be returned.
@param[out] options : Contains actual configuration options (they
may be different to the ones with which tracing was asked to be
started for this thread during StartProcessorTrace() API call).
@param[out] sberror : An error with the failure reason if API
fails. Else success
class PTInstruction
===================
This class represents an assembly instruction containing raw instruction
bytes, instruction address along with execution flow context and
Intel(R) Processor Trace context. For more details, please refer to
PTDecoder.h file.
class PTInstructionList
=======================
This class represents a list of assembly instructions. Each assembly
instruction is of type PTInstruction.
class PTTraceOptions
====================
This class provides Intel(R) Processor Trace specific configuration
options like trace type, trace buffer size, meta data buffer size along
with other trace specific options. For more details, please refer to
PTDecoder.h file.