| Intel Processor Trace |
| ===================== |
| |
| Overview |
| ======== |
| |
| Intel Processor Trace (Intel PT) is an extension of Intel Architecture that |
| collects information about software execution such as control flow, execution |
| modes and timings and formats it into highly compressed binary packets. |
| Technical details are documented in the Intel 64 and IA-32 Architectures |
| Software Developer Manuals, Chapter 36 Intel Processor Trace. |
| |
| Intel PT is first supported in Intel Core M and 5th generation Intel Core |
| processors that are based on the Intel micro-architecture code name Broadwell. |
| |
| Trace data is collected by 'perf record' and stored within the perf.data file. |
| See below for options to 'perf record'. |
| |
| Trace data must be 'decoded' which involves walking the object code and matching |
| the trace data packets. For example a TNT packet only tells whether a |
| conditional branch was taken or not taken, so to make use of that packet the |
| decoder must know precisely which instruction was being executed. |
| |
| Decoding is done on-the-fly. The decoder outputs samples in the same format as |
| samples output by perf hardware events, for example as though the "instructions" |
| or "branches" events had been recorded. Presently 3 tools support this: |
| 'perf script', 'perf report' and 'perf inject'. See below for more information |
| on using those tools. |
| |
| The main distinguishing feature of Intel PT is that the decoder can determine |
| the exact flow of software execution. Intel PT can be used to understand why |
| and how did software get to a certain point, or behave a certain way. The |
| software does not have to be recompiled, so Intel PT works with debug or release |
| builds, however the executed images are needed - which makes use in JIT-compiled |
| environments, or with self-modified code, a challenge. Also symbols need to be |
| provided to make sense of addresses. |
| |
| A limitation of Intel PT is that it produces huge amounts of trace data |
| (hundreds of megabytes per second per core) which takes a long time to decode, |
| for example two or three orders of magnitude longer than it took to collect. |
| Another limitation is the performance impact of tracing, something that will |
| vary depending on the use-case and architecture. |
| |
| |
| Quickstart |
| ========== |
| |
| It is important to start small. That is because it is easy to capture vastly |
| more data than can possibly be processed. |
| |
| The simplest thing to do with Intel PT is userspace profiling of small programs. |
| Data is captured with 'perf record' e.g. to trace 'ls' userspace-only: |
| |
| perf record -e intel_pt//u ls |
| |
| And profiled with 'perf report' e.g. |
| |
| perf report |
| |
| To also trace kernel space presents a problem, namely kernel self-modifying |
| code. A fairly good kernel image is available in /proc/kcore but to get an |
| accurate image a copy of /proc/kcore needs to be made under the same conditions |
| as the data capture. A script perf-with-kcore can do that, but beware that the |
| script makes use of 'sudo' to copy /proc/kcore. If you have perf installed |
| locally from the source tree you can do: |
| |
| ~/libexec/perf-core/perf-with-kcore record pt_ls -e intel_pt// -- ls |
| |
| which will create a directory named 'pt_ls' and put the perf.data file and |
| copies of /proc/kcore, /proc/kallsyms and /proc/modules into it. Then to use |
| 'perf report' becomes: |
| |
| ~/libexec/perf-core/perf-with-kcore report pt_ls |
| |
| Because samples are synthesized after-the-fact, the sampling period can be |
| selected for reporting. e.g. sample every microsecond |
| |
| ~/libexec/perf-core/perf-with-kcore report pt_ls --itrace=i1usge |
| |
| See the sections below for more information about the --itrace option. |
| |
| Beware the smaller the period, the more samples that are produced, and the |
| longer it takes to process them. |
| |
| Also note that the coarseness of Intel PT timing information will start to |
| distort the statistical value of the sampling as the sampling period becomes |
| smaller. |
| |
| To represent software control flow, "branches" samples are produced. By default |
| a branch sample is synthesized for every single branch. To get an idea what |
| data is available you can use the 'perf script' tool with no parameters, which |
| will list all the samples. |
| |
| perf record -e intel_pt//u ls |
| perf script |
| |
| An interesting field that is not printed by default is 'flags' which can be |
| displayed as follows: |
| |
| perf script -Fcomm,tid,pid,time,cpu,event,trace,ip,sym,dso,addr,symoff,flags |
| |
| The flags are "bcrosyiABEx" which stand for branch, call, return, conditional, |
| system, asynchronous, interrupt, transaction abort, trace begin, trace end, and |
| in transaction, respectively. |
| |
| While it is possible to create scripts to analyze the data, an alternative |
| approach is available to export the data to a postgresql database. Refer to |
| script export-to-postgresql.py for more details, and to script |
| call-graph-from-postgresql.py for an example of using the database. |
| |
| As mentioned above, it is easy to capture too much data. One way to limit the |
| data captured is to use 'snapshot' mode which is explained further below. |
| Refer to 'new snapshot option' and 'Intel PT modes of operation' further below. |
| |
| Another problem that will be experienced is decoder errors. They can be caused |
| by inability to access the executed image, self-modified or JIT-ed code, or the |
| inability to match side-band information (such as context switches and mmaps) |
| which results in the decoder not knowing what code was executed. |
| |
| There is also the problem of perf not being able to copy the data fast enough, |
| resulting in data lost because the buffer was full. See 'Buffer handling' below |
| for more details. |
| |
| |
| perf record |
| =========== |
| |
| new event |
| --------- |
| |
| The Intel PT kernel driver creates a new PMU for Intel PT. PMU events are |
| selected by providing the PMU name followed by the "config" separated by slashes. |
| An enhancement has been made to allow default "config" e.g. the option |
| |
| -e intel_pt// |
| |
| will use a default config value. Currently that is the same as |
| |
| -e intel_pt/tsc,noretcomp=0/ |
| |
| which is the same as |
| |
| -e intel_pt/tsc=1,noretcomp=0/ |
| |
| Note there are now new config terms - see section 'config terms' further below. |
| |
| The config terms are listed in /sys/devices/intel_pt/format. They are bit |
| fields within the config member of the struct perf_event_attr which is |
| passed to the kernel by the perf_event_open system call. They correspond to bit |
| fields in the IA32_RTIT_CTL MSR. Here is a list of them and their definitions: |
| |
| $ grep -H . /sys/bus/event_source/devices/intel_pt/format/* |
| /sys/bus/event_source/devices/intel_pt/format/cyc:config:1 |
| /sys/bus/event_source/devices/intel_pt/format/cyc_thresh:config:19-22 |
| /sys/bus/event_source/devices/intel_pt/format/mtc:config:9 |
| /sys/bus/event_source/devices/intel_pt/format/mtc_period:config:14-17 |
| /sys/bus/event_source/devices/intel_pt/format/noretcomp:config:11 |
| /sys/bus/event_source/devices/intel_pt/format/psb_period:config:24-27 |
| /sys/bus/event_source/devices/intel_pt/format/tsc:config:10 |
| |
| Note that the default config must be overridden for each term i.e. |
| |
| -e intel_pt/noretcomp=0/ |
| |
| is the same as: |
| |
| -e intel_pt/tsc=1,noretcomp=0/ |
| |
| So, to disable TSC packets use: |
| |
| -e intel_pt/tsc=0/ |
| |
| It is also possible to specify the config value explicitly: |
| |
| -e intel_pt/config=0x400/ |
| |
| Note that, as with all events, the event is suffixed with event modifiers: |
| |
| u userspace |
| k kernel |
| h hypervisor |
| G guest |
| H host |
| p precise ip |
| |
| 'h', 'G' and 'H' are for virtualization which is not supported by Intel PT. |
| 'p' is also not relevant to Intel PT. So only options 'u' and 'k' are |
| meaningful for Intel PT. |
| |
| perf_event_attr is displayed if the -vv option is used e.g. |
| |
| ------------------------------------------------------------ |
| perf_event_attr: |
| type 6 |
| size 112 |
| config 0x400 |
| { sample_period, sample_freq } 1 |
| sample_type IP|TID|TIME|CPU|IDENTIFIER |
| read_format ID |
| disabled 1 |
| inherit 1 |
| exclude_kernel 1 |
| exclude_hv 1 |
| enable_on_exec 1 |
| sample_id_all 1 |
| ------------------------------------------------------------ |
| sys_perf_event_open: pid 31104 cpu 0 group_fd -1 flags 0x8 |
| sys_perf_event_open: pid 31104 cpu 1 group_fd -1 flags 0x8 |
| sys_perf_event_open: pid 31104 cpu 2 group_fd -1 flags 0x8 |
| sys_perf_event_open: pid 31104 cpu 3 group_fd -1 flags 0x8 |
| ------------------------------------------------------------ |
| |
| |
| config terms |
| ------------ |
| |
| The June 2015 version of Intel 64 and IA-32 Architectures Software Developer |
| Manuals, Chapter 36 Intel Processor Trace, defined new Intel PT features. |
| Some of the features are reflect in new config terms. All the config terms are |
| described below. |
| |
| tsc Always supported. Produces TSC timestamp packets to provide |
| timing information. In some cases it is possible to decode |
| without timing information, for example a per-thread context |
| that does not overlap executable memory maps. |
| |
| The default config selects tsc (i.e. tsc=1). |
| |
| noretcomp Always supported. Disables "return compression" so a TIP packet |
| is produced when a function returns. Causes more packets to be |
| produced but might make decoding more reliable. |
| |
| The default config does not select noretcomp (i.e. noretcomp=0). |
| |
| psb_period Allows the frequency of PSB packets to be specified. |
| |
| The PSB packet is a synchronization packet that provides a |
| starting point for decoding or recovery from errors. |
| |
| Support for psb_period is indicated by: |
| |
| /sys/bus/event_source/devices/intel_pt/caps/psb_cyc |
| |
| which contains "1" if the feature is supported and "0" |
| otherwise. |
| |
| Valid values are given by: |
| |
| /sys/bus/event_source/devices/intel_pt/caps/psb_periods |
| |
| which contains a hexadecimal value, the bits of which represent |
| valid values e.g. bit 2 set means value 2 is valid. |
| |
| The psb_period value is converted to the approximate number of |
| trace bytes between PSB packets as: |
| |
| 2 ^ (value + 11) |
| |
| e.g. value 3 means 16KiB bytes between PSBs |
| |
| If an invalid value is entered, the error message |
| will give a list of valid values e.g. |
| |
| $ perf record -e intel_pt/psb_period=15/u uname |
| Invalid psb_period for intel_pt. Valid values are: 0-5 |
| |
| If MTC packets are selected, the default config selects a value |
| of 3 (i.e. psb_period=3) or the nearest lower value that is |
| supported (0 is always supported). Otherwise the default is 0. |
| |
| If decoding is expected to be reliable and the buffer is large |
| then a large PSB period can be used. |
| |
| Because a TSC packet is produced with PSB, the PSB period can |
| also affect the granularity to timing information in the absence |
| of MTC or CYC. |
| |
| mtc Produces MTC timing packets. |
| |
| MTC packets provide finer grain timestamp information than TSC |
| packets. MTC packets record time using the hardware crystal |
| clock (CTC) which is related to TSC packets using a TMA packet. |
| |
| Support for this feature is indicated by: |
| |
| /sys/bus/event_source/devices/intel_pt/caps/mtc |
| |
| which contains "1" if the feature is supported and |
| "0" otherwise. |
| |
| The frequency of MTC packets can also be specified - see |
| mtc_period below. |
| |
| mtc_period Specifies how frequently MTC packets are produced - see mtc |
| above for how to determine if MTC packets are supported. |
| |
| Valid values are given by: |
| |
| /sys/bus/event_source/devices/intel_pt/caps/mtc_periods |
| |
| which contains a hexadecimal value, the bits of which represent |
| valid values e.g. bit 2 set means value 2 is valid. |
| |
| The mtc_period value is converted to the MTC frequency as: |
| |
| CTC-frequency / (2 ^ value) |
| |
| e.g. value 3 means one eighth of CTC-frequency |
| |
| Where CTC is the hardware crystal clock, the frequency of which |
| can be related to TSC via values provided in cpuid leaf 0x15. |
| |
| If an invalid value is entered, the error message |
| will give a list of valid values e.g. |
| |
| $ perf record -e intel_pt/mtc_period=15/u uname |
| Invalid mtc_period for intel_pt. Valid values are: 0,3,6,9 |
| |
| The default value is 3 or the nearest lower value |
| that is supported (0 is always supported). |
| |
| cyc Produces CYC timing packets. |
| |
| CYC packets provide even finer grain timestamp information than |
| MTC and TSC packets. A CYC packet contains the number of CPU |
| cycles since the last CYC packet. Unlike MTC and TSC packets, |
| CYC packets are only sent when another packet is also sent. |
| |
| Support for this feature is indicated by: |
| |
| /sys/bus/event_source/devices/intel_pt/caps/psb_cyc |
| |
| which contains "1" if the feature is supported and |
| "0" otherwise. |
| |
| The number of CYC packets produced can be reduced by specifying |
| a threshold - see cyc_thresh below. |
| |
| cyc_thresh Specifies how frequently CYC packets are produced - see cyc |
| above for how to determine if CYC packets are supported. |
| |
| Valid cyc_thresh values are given by: |
| |
| /sys/bus/event_source/devices/intel_pt/caps/cycle_thresholds |
| |
| which contains a hexadecimal value, the bits of which represent |
| valid values e.g. bit 2 set means value 2 is valid. |
| |
| The cyc_thresh value represents the minimum number of CPU cycles |
| that must have passed before a CYC packet can be sent. The |
| number of CPU cycles is: |
| |
| 2 ^ (value - 1) |
| |
| e.g. value 4 means 8 CPU cycles must pass before a CYC packet |
| can be sent. Note a CYC packet is still only sent when another |
| packet is sent, not at, e.g. every 8 CPU cycles. |
| |
| If an invalid value is entered, the error message |
| will give a list of valid values e.g. |
| |
| $ perf record -e intel_pt/cyc,cyc_thresh=15/u uname |
| Invalid cyc_thresh for intel_pt. Valid values are: 0-12 |
| |
| CYC packets are not requested by default. |
| |
| no_force_psb This is a driver option and is not in the IA32_RTIT_CTL MSR. |
| |
| It stops the driver resetting the byte count to zero whenever |
| enabling the trace (for example on context switches) which in |
| turn results in no PSB being forced. However some processors |
| will produce a PSB anyway. |
| |
| In any case, there is still a PSB when the trace is enabled for |
| the first time. |
| |
| no_force_psb can be used to slightly decrease the trace size but |
| may make it harder for the decoder to recover from errors. |
| |
| no_force_psb is not selected by default. |
| |
| |
| new snapshot option |
| ------------------- |
| |
| The difference between full trace and snapshot from the kernel's perspective is |
| that in full trace we don't overwrite trace data that the user hasn't collected |
| yet (and indicated that by advancing aux_tail), whereas in snapshot mode we let |
| the trace run and overwrite older data in the buffer so that whenever something |
| interesting happens, we can stop it and grab a snapshot of what was going on |
| around that interesting moment. |
| |
| To select snapshot mode a new option has been added: |
| |
| -S |
| |
| Optionally it can be followed by the snapshot size e.g. |
| |
| -S0x100000 |
| |
| The default snapshot size is the auxtrace mmap size. If neither auxtrace mmap size |
| nor snapshot size is specified, then the default is 4MiB for privileged users |
| (or if /proc/sys/kernel/perf_event_paranoid < 0), 128KiB for unprivileged users. |
| If an unprivileged user does not specify mmap pages, the mmap pages will be |
| reduced as described in the 'new auxtrace mmap size option' section below. |
| |
| The snapshot size is displayed if the option -vv is used e.g. |
| |
| Intel PT snapshot size: %zu |
| |
| |
| new auxtrace mmap size option |
| --------------------------- |
| |
| Intel PT buffer size is specified by an addition to the -m option e.g. |
| |
| -m,16 |
| |
| selects a buffer size of 16 pages i.e. 64KiB. |
| |
| Note that the existing functionality of -m is unchanged. The auxtrace mmap size |
| is specified by the optional addition of a comma and the value. |
| |
| The default auxtrace mmap size for Intel PT is 4MiB/page_size for privileged users |
| (or if /proc/sys/kernel/perf_event_paranoid < 0), 128KiB for unprivileged users. |
| If an unprivileged user does not specify mmap pages, the mmap pages will be |
| reduced from the default 512KiB/page_size to 256KiB/page_size, otherwise the |
| user is likely to get an error as they exceed their mlock limit (Max locked |
| memory as shown in /proc/self/limits). Note that perf does not count the first |
| 512KiB (actually /proc/sys/kernel/perf_event_mlock_kb minus 1 page) per cpu |
| against the mlock limit so an unprivileged user is allowed 512KiB per cpu plus |
| their mlock limit (which defaults to 64KiB but is not multiplied by the number |
| of cpus). |
| |
| In full-trace mode, powers of two are allowed for buffer size, with a minimum |
| size of 2 pages. In snapshot mode, it is the same but the minimum size is |
| 1 page. |
| |
| The mmap size and auxtrace mmap size are displayed if the -vv option is used e.g. |
| |
| mmap length 528384 |
| auxtrace mmap length 4198400 |
| |
| |
| Intel PT modes of operation |
| --------------------------- |
| |
| Intel PT can be used in 2 modes: |
| full-trace mode |
| snapshot mode |
| |
| Full-trace mode traces continuously e.g. |
| |
| perf record -e intel_pt//u uname |
| |
| Snapshot mode captures the available data when a signal is sent e.g. |
| |
| perf record -v -e intel_pt//u -S ./loopy 1000000000 & |
| [1] 11435 |
| kill -USR2 11435 |
| Recording AUX area tracing snapshot |
| |
| Note that the signal sent is SIGUSR2. |
| Note that "Recording AUX area tracing snapshot" is displayed because the -v |
| option is used. |
| |
| The 2 modes cannot be used together. |
| |
| |
| Buffer handling |
| --------------- |
| |
| There may be buffer limitations (i.e. single ToPa entry) which means that actual |
| buffer sizes are limited to powers of 2 up to 4MiB (MAX_ORDER). In order to |
| provide other sizes, and in particular an arbitrarily large size, multiple |
| buffers are logically concatenated. However an interrupt must be used to switch |
| between buffers. That has two potential problems: |
| a) the interrupt may not be handled in time so that the current buffer |
| becomes full and some trace data is lost. |
| b) the interrupts may slow the system and affect the performance |
| results. |
| |
| If trace data is lost, the driver sets 'truncated' in the PERF_RECORD_AUX event |
| which the tools report as an error. |
| |
| In full-trace mode, the driver waits for data to be copied out before allowing |
| the (logical) buffer to wrap-around. If data is not copied out quickly enough, |
| again 'truncated' is set in the PERF_RECORD_AUX event. If the driver has to |
| wait, the intel_pt event gets disabled. Because it is difficult to know when |
| that happens, perf tools always re-enable the intel_pt event after copying out |
| data. |
| |
| |
| Intel PT and build ids |
| ---------------------- |
| |
| By default "perf record" post-processes the event stream to find all build ids |
| for executables for all addresses sampled. Deliberately, Intel PT is not |
| decoded for that purpose (it would take too long). Instead the build ids for |
| all executables encountered (due to mmap, comm or task events) are included |
| in the perf.data file. |
| |
| To see buildids included in the perf.data file use the command: |
| |
| perf buildid-list |
| |
| If the perf.data file contains Intel PT data, that is the same as: |
| |
| perf buildid-list --with-hits |
| |
| |
| Snapshot mode and event disabling |
| --------------------------------- |
| |
| In order to make a snapshot, the intel_pt event is disabled using an IOCTL, |
| namely PERF_EVENT_IOC_DISABLE. However doing that can also disable the |
| collection of side-band information. In order to prevent that, a dummy |
| software event has been introduced that permits tracking events (like mmaps) to |
| continue to be recorded while intel_pt is disabled. That is important to ensure |
| there is complete side-band information to allow the decoding of subsequent |
| snapshots. |
| |
| A test has been created for that. To find the test: |
| |
| perf test list |
| ... |
| 23: Test using a dummy software event to keep tracking |
| |
| To run the test: |
| |
| perf test 23 |
| 23: Test using a dummy software event to keep tracking : Ok |
| |
| |
| perf record modes (nothing new here) |
| ------------------------------------ |
| |
| perf record essentially operates in one of three modes: |
| per thread |
| per cpu |
| workload only |
| |
| "per thread" mode is selected by -t or by --per-thread (with -p or -u or just a |
| workload). |
| "per cpu" is selected by -C or -a. |
| "workload only" mode is selected by not using the other options but providing a |
| command to run (i.e. the workload). |
| |
| In per-thread mode an exact list of threads is traced. There is no inheritance. |
| Each thread has its own event buffer. |
| |
| In per-cpu mode all processes (or processes from the selected cgroup i.e. -G |
| option, or processes selected with -p or -u) are traced. Each cpu has its own |
| buffer. Inheritance is allowed. |
| |
| In workload-only mode, the workload is traced but with per-cpu buffers. |
| Inheritance is allowed. Note that you can now trace a workload in per-thread |
| mode by using the --per-thread option. |
| |
| |
| Privileged vs non-privileged users |
| ---------------------------------- |
| |
| Unless /proc/sys/kernel/perf_event_paranoid is set to -1, unprivileged users |
| have memory limits imposed upon them. That affects what buffer sizes they can |
| have as outlined above. |
| |
| Unless /proc/sys/kernel/perf_event_paranoid is set to -1, unprivileged users are |
| not permitted to use tracepoints which means there is insufficient side-band |
| information to decode Intel PT in per-cpu mode, and potentially workload-only |
| mode too if the workload creates new processes. |
| |
| Note also, that to use tracepoints, read-access to debugfs is required. So if |
| debugfs is not mounted or the user does not have read-access, it will again not |
| be possible to decode Intel PT in per-cpu mode. |
| |
| |
| sched_switch tracepoint |
| ----------------------- |
| |
| The sched_switch tracepoint is used to provide side-band data for Intel PT |
| decoding. sched_switch events are automatically added. e.g. the second event |
| shown below |
| |
| $ perf record -vv -e intel_pt//u uname |
| ------------------------------------------------------------ |
| perf_event_attr: |
| type 6 |
| size 112 |
| config 0x400 |
| { sample_period, sample_freq } 1 |
| sample_type IP|TID|TIME|CPU|IDENTIFIER |
| read_format ID |
| disabled 1 |
| inherit 1 |
| exclude_kernel 1 |
| exclude_hv 1 |
| enable_on_exec 1 |
| sample_id_all 1 |
| ------------------------------------------------------------ |
| sys_perf_event_open: pid 31104 cpu 0 group_fd -1 flags 0x8 |
| sys_perf_event_open: pid 31104 cpu 1 group_fd -1 flags 0x8 |
| sys_perf_event_open: pid 31104 cpu 2 group_fd -1 flags 0x8 |
| sys_perf_event_open: pid 31104 cpu 3 group_fd -1 flags 0x8 |
| ------------------------------------------------------------ |
| perf_event_attr: |
| type 2 |
| size 112 |
| config 0x108 |
| { sample_period, sample_freq } 1 |
| sample_type IP|TID|TIME|CPU|PERIOD|RAW|IDENTIFIER |
| read_format ID |
| inherit 1 |
| sample_id_all 1 |
| exclude_guest 1 |
| ------------------------------------------------------------ |
| sys_perf_event_open: pid -1 cpu 0 group_fd -1 flags 0x8 |
| sys_perf_event_open: pid -1 cpu 1 group_fd -1 flags 0x8 |
| sys_perf_event_open: pid -1 cpu 2 group_fd -1 flags 0x8 |
| sys_perf_event_open: pid -1 cpu 3 group_fd -1 flags 0x8 |
| ------------------------------------------------------------ |
| perf_event_attr: |
| type 1 |
| size 112 |
| config 0x9 |
| { sample_period, sample_freq } 1 |
| sample_type IP|TID|TIME|IDENTIFIER |
| read_format ID |
| disabled 1 |
| inherit 1 |
| exclude_kernel 1 |
| exclude_hv 1 |
| mmap 1 |
| comm 1 |
| enable_on_exec 1 |
| task 1 |
| sample_id_all 1 |
| mmap2 1 |
| comm_exec 1 |
| ------------------------------------------------------------ |
| sys_perf_event_open: pid 31104 cpu 0 group_fd -1 flags 0x8 |
| sys_perf_event_open: pid 31104 cpu 1 group_fd -1 flags 0x8 |
| sys_perf_event_open: pid 31104 cpu 2 group_fd -1 flags 0x8 |
| sys_perf_event_open: pid 31104 cpu 3 group_fd -1 flags 0x8 |
| mmap size 528384B |
| AUX area mmap length 4194304 |
| perf event ring buffer mmapped per cpu |
| Synthesizing auxtrace information |
| Linux |
| [ perf record: Woken up 1 times to write data ] |
| [ perf record: Captured and wrote 0.042 MB perf.data ] |
| |
| Note, the sched_switch event is only added if the user is permitted to use it |
| and only in per-cpu mode. |
| |
| Note also, the sched_switch event is only added if TSC packets are requested. |
| That is because, in the absence of timing information, the sched_switch events |
| cannot be matched against the Intel PT trace. |
| |
| |
| perf script |
| =========== |
| |
| By default, perf script will decode trace data found in the perf.data file. |
| This can be further controlled by new option --itrace. |
| |
| |
| New --itrace option |
| ------------------- |
| |
| Having no option is the same as |
| |
| --itrace |
| |
| which, in turn, is the same as |
| |
| --itrace=ibxe |
| |
| The letters are: |
| |
| i synthesize "instructions" events |
| b synthesize "branches" events |
| x synthesize "transactions" events |
| c synthesize branches events (calls only) |
| r synthesize branches events (returns only) |
| e synthesize tracing error events |
| d create a debug log |
| g synthesize a call chain (use with i or x) |
| |
| "Instructions" events look like they were recorded by "perf record -e |
| instructions". |
| |
| "Branches" events look like they were recorded by "perf record -e branches". "c" |
| and "r" can be combined to get calls and returns. |
| |
| "Transactions" events correspond to the start or end of transactions. The |
| 'flags' field can be used in perf script to determine whether the event is a |
| tranasaction start, commit or abort. |
| |
| Error events are new. They show where the decoder lost the trace. Error events |
| are quite important. Users must know if what they are seeing is a complete |
| picture or not. |
| |
| The "d" option will cause the creation of a file "intel_pt.log" containing all |
| decoded packets and instructions. Note that this option slows down the decoder |
| and that the resulting file may be very large. |
| |
| In addition, the period of the "instructions" event can be specified. e.g. |
| |
| --itrace=i10us |
| |
| sets the period to 10us i.e. one instruction sample is synthesized for each 10 |
| microseconds of trace. Alternatives to "us" are "ms" (milliseconds), |
| "ns" (nanoseconds), "t" (TSC ticks) or "i" (instructions). |
| |
| "ms", "us" and "ns" are converted to TSC ticks. |
| |
| The timing information included with Intel PT does not give the time of every |
| instruction. Consequently, for the purpose of sampling, the decoder estimates |
| the time since the last timing packet based on 1 tick per instruction. The time |
| on the sample is *not* adjusted and reflects the last known value of TSC. |
| |
| For Intel PT, the default period is 100us. |
| |
| Also the call chain size (default 16, max. 1024) for instructions or |
| transactions events can be specified. e.g. |
| |
| --itrace=ig32 |
| --itrace=xg32 |
| |
| To disable trace decoding entirely, use the option --no-itrace. |
| |
| |
| dump option |
| ----------- |
| |
| perf script has an option (-D) to "dump" the events i.e. display the binary |
| data. |
| |
| When -D is used, Intel PT packets are displayed. The packet decoder does not |
| pay attention to PSB packets, but just decodes the bytes - so the packets seen |
| by the actual decoder may not be identical in places where the data is corrupt. |
| One example of that would be when the buffer-switching interrupt has been too |
| slow, and the buffer has been filled completely. In that case, the last packet |
| in the buffer might be truncated and immediately followed by a PSB as the trace |
| continues in the next buffer. |
| |
| To disable the display of Intel PT packets, combine the -D option with |
| --no-itrace. |
| |
| |
| perf report |
| =========== |
| |
| By default, perf report will decode trace data found in the perf.data file. |
| This can be further controlled by new option --itrace exactly the same as |
| perf script, with the exception that the default is --itrace=igxe. |
| |
| |
| perf inject |
| =========== |
| |
| perf inject also accepts the --itrace option in which case tracing data is |
| removed and replaced with the synthesized events. e.g. |
| |
| perf inject --itrace -i perf.data -o perf.data.new |