Vol. 3B 17-9
DEBUG, BRANCH PROFILE, TSC, AND RESOURCE MONITORING FEATURES
is set when the processor returns from the exception handler, it is copied into the RF flag in the EFLAGS register by
IRETD/IRETQ or a task switch that causes the return. The processor then ignores instruction breakpoints for the
duration of the next instruction. (Note that the POPF, POPFD, and IRET instructions do not transfer the RF image
into the EFLAGS register.) Setting the RF flag does not prevent other types of debug-exception conditions (such as,
I/O or data breakpoints) from being detected, nor does it prevent non-debug exceptions from being generated.
For the Pentium processor, when an instruction breakpoint coincides with another fault-type exception (such as a
page fault), the processor may generate one spurious debug exception after the second exception has been
handled, even though the debug exception handler set the RF flag in the EFLAGS image. To prevent a spurious
exception with Pentium processors, all fault-class exception handlers should set the RF flag in the EFLAGS image.
17.3.1.2 Data Memory and I/O Breakpoint Exception Conditions
Data memory and I/O breakpoints are reported when the processor attempts to access a memory or I/O address
specified in a breakpoint-address register (DR0 through DR3) that has been set up to detect data or I/O accesses
(R/W flag is set to 1, 2, or 3). The processor generates the exception after it executes the instruction that made the
access, so these breakpoint condition causes a trap-class exception to be generated.
Because data breakpoints are traps, an instruction that writes memory overwrites the original data before the
debug exception generated by a data breakpoint is generated. If a debugger needs to save the contents of a write
breakpoint location, it should save the original contents before setting the breakpoint. The handler can report the
saved value after the breakpoint is triggered. The address in the debug registers can be used to locate the new
value stored by the instruction that triggered the breakpoint.
If a data breakpoint is detected during an iteration of a string instruction executed with fast-string operation (see
Section 7.3.9.3 of IntelĀ® 64 and IA-32 Architectures Software Developerās Manual, Volume 1), delivery of the
resulting debug exception may be delayed until completion of the corresponding group of iterations.
Intel486 and later processors ignore the GE and LE flags in DR7. In Intel386 processors, exact data breakpoint
matching does not occur unless it is enabled by setting the LE and/or the GE flags.
For repeated INS and OUTS instructions that generate an I/O-breakpoint debug exception, the processor gener-
ates the exception after the completion of the first iteration. Repeated INS and OUTS instructions generate a data-
breakpoint debug exception after the iteration in which the memory address breakpoint location is accessed.
17.3.1.3 General-Detect Exception Condition
When the GD flag in DR7 is set, the general-detect debug exception occurs when a program attempts to access any
of the debug registers (DR0 through DR7) at the same time they are being used by another application, such as an
emulator or debugger. This protection feature guarantees full control over the debug registers when required. The
debug exception handler can detect this condition by checking the state of the BD flag in the DR6 register. The
processor generates the exception before it executes the MOV instruction that accesses a debug register, which
causes a fault-class exception to be generated.
17.3.1.4 Single-Step Exception Condition
The processor generates a single-step debug exception if (while an instruction is being executed) it detects that the
TF flag in the EFLAGS register is set. The exception is a trap-class exception, because the exception is generated
after the instruction is executed. The processor will not generate this exception after the instruction that sets the
TF flag. For example, if the POPF instruction is used to set the TF flag, a single-step trap does not occur until after
the instruction that follows the POPF instruction.
The processor clears the TF flag before calling the exception handler. If the TF flag was set in a TSS at the time of
a task switch, the exception occurs after the first instruction is executed in the new task.
The TF flag normally is not cleared by privilege changes inside a task. The INT n and INTO instructions, however,
do clear this flag. Therefore, software debuggers that single-step code must recognize and emulate INT n or INTO
instructions rather than executing them directly. To maintain protection, the operating system should check the
CPL after any single-step trap to see if single stepping should continue at the current privilege level.
The interrupt priorities guarantee that, if an external interrupt occurs, single stepping stops. When both an
external interrupt and a single-step interrupt occur together, the single-step interrupt is processed first. This oper-