Vol. 3B 17-13
DEBUG, BRANCH PROFILE, TSC, AND RESOURCE MONITORING FEATURES
17.4.3 Single-Stepping
on
Branches
When software sets both the BTF flag (bit 1) in the IA32_DEBUGCTL MSR and the TF flag in the EFLAGS register,
the processor generates a single-step debug exception only after instructions that cause a branch.
1
This mecha-
nism allows a debugger to single-step on control transfers caused by branches. This “branch single stepping” helps
isolate a bug to a particular block of code before instruction single-stepping further narrows the search. The
processor clears the BTF flag when it generates a debug exception. The debugger must set the BTF flag before
resuming program execution to continue single-stepping on branches.
17.4.4
Branch Trace Messages
Setting the TR flag (bit 6) in the IA32_DEBUGCTL MSR enables branch trace messages (BTMs). Thereafter, when
the processor detects a branch, exception, or interrupt, it sends a branch record out on the system bus as a BTM.
A debugging device that is monitoring the system bus can read these messages and synchronize operations with
taken branch, interrupt, and exception events.
When interrupts or exceptions occur in conjunction with a taken branch, additional BTMs are sent out on the bus,
as described in Section 17.4.2, “Monitoring Branches, Exceptions, and Interrupts.”
For P6 processor family, Pentium M processor family, processors based on Intel Core microarchitecture, TR and LBR
bits can not be set at the same time due to hardware limitation. The content of LBR stack is undefined when TR is
set.
For processors with Intel NetBurst microarchitecture, Intel Atom processors, and Intel Core and related Intel Xeon
processors both starting with the Nehalem microarchitecture, the processor can collect branch records in the LBR
stack and at the same time send/store BTMs when both the TR and LBR flags are set in the IA32_DEBUGCTL MSR
(or the equivalent MSR_DEBUGCTLA, MSR_DEBUGCTLB).
The following exception applies:
•
BTM may not be observable on Intel Atom processor families that do not provide an externally visible system
bus (i.e., processors based on the Silvermont microarchitecture or later).
17.4.4.1 Branch Trace Message Visibility
Branch trace message (BTM) visibility is implementation specific and limited to systems with a front side bus
(FSB). BTMs may not be visible to newer system link interfaces or a system bus that deviates from a traditional
FSB.
17.4.5
Branch Trace Store (BTS)
A trace of taken branches, interrupts, and exceptions is useful for debugging code by providing a method of deter-
mining the decision path taken to reach a particular code location. The LBR flag (bit 0) of IA32_DEBUGCTL provides
a mechanism for capturing records of taken branches, interrupts, and exceptions and saving them in the last
branch record (LBR) stack MSRs, setting the TR flag for sending them out onto the system bus as BTMs. The branch
trace store (BTS) mechanism provides the additional capability of saving the branch records in a memory-resident
BTS buffer, which is part of the DS save area. The BTS buffer can be configured to be circular so that the most
recent branch records are always available or it can be configured to generate an interrupt when the buffer is
nearly full so that all the branch records can be saved. The BTINT flag (bit 8) can be used to enable the generation
of interrupt when the BTS buffer is full. See Section 17.4.9.2, “Setting Up the DS Save Area.” for additional details.
Setting this flag (BTS) alone can greatly reduce the performance of the processor. CPL-qualified branch trace
storing mechanism can help mitigate the performance impact of sending/logging branch trace messages.
1. Executions of CALL, IRET, and JMP that cause task switches never cause single-step debug exceptions (regardless of the value of the
BTF flag). A debugger desiring debug exceptions on switches to a task should set the T flag (debug trap flag) in the TSS of that task.