Академический Документы
Профессиональный Документы
Культура Документы
Software Trace1
Anthony Berent ARM2
Abstract
Until a few years ago real-time software trace was only available using a Logic Analyzer or In Circuit
Emulators. These tools were expensive and difficult to use, and as such were often only used for software
debugging when everything else has failed. Also, as processors became more complex and more deeply
embedded, it became less and less practical to make the signals required for such debugging accessible
to the tools.
In the last few years, however, processors, such as ARMs cores, have included real-time trace facilities.
The easy availability of such real-time trace facilities allows new debugging paradigms to be developed.
In this paper I describe some of these techniques for debugging embedded systems. I also show that
real-time trace can have advantages even for debugging systems that do not have hard real-time
requirements.
Introduction
Most software engineers spend a significant portion of their time looking for bugs in
software. Traditionally this is done using a start/stop debugger. Using such a debugger
the engineer can define breakpoints at which the system is to stop, and then examine
the state of the system when the program hits a breakpoint. The engineer can, from
this, see how the software is failing.
Unfortunately such techniques are almost useless for real-time systems, since stopping
the system changes its real-time behavior. This causes the problems one is trying to
debug to disappear as soon as a breakpoint is introduced. An alternative technique is
needed. One such technique is real-time software trace, in which the some hardware
captures the sequence of instructions, and possibly data accesses, executed by the
processor. The engineer then uses this historical record of the behavior of the processor
to investigate the bug.
1
Anthony Berent is a Principal Engineer at ARM Ltd, and is the lead engineer on ARM's Trace Debug
Tools. He has over 20 years experience as a software engineer, mainly working with embedded systems,
and has spent most of the last 10 years developing debugging tools and techniques for embedded
systems.
Page 1
Until a few years ago real-time software trace was only available using a Logic Analyzer
or In Circuit Emulators. These tools were expensive and difficult to use, and as such
were often only used for software debugging when everything else has failed. Also, as
processors became more complex and more deeply embedded, it became less and less
practical to make the signals required for such debugging accessible to the tools.
In the last few years, however, processors, such as ARMs cores, have included realtime trace facilities. The easy availability of such real-time trace facilities allows new
debugging paradigms to be developed. In this paper I describe some of these
techniques for debugging embedded systems. I also show that real-time trace can have
advantages even for debugging systems that do not have hard real-time requirements.
Why real-time trace is needed
In a traditional start/stop debugging environment the processor, or the application, has
to be stopped to find out anything about the state the system. There are two major
problems with this in real-time systems:
1. It may be impossible to safely stop the system. For example, in a disk drive, the
head may keep moving until told to stop by the processor. If the processor is
stopped, so the head is not told to stop in time, the disk will crash. This is an
expensive debugging technique.
2. Even if it safe to stop the processor doing so will change the state of the system. In
particular, in real-time systems many bugs may depend on the timing of the software
relative to external events (e.g. clock interrupts). Stopping the processor will change
the relative timing of events, hence causing the bugs to disappear or to
metamorphose into different problems.
The effect of this is that it is often very difficult to debug real-time embedded systems.
This can add considerably to the time taken to complete the development of such
systems, and as such adds considerably to the cost of developing such systems.
How real-time trace works
Real-time trace captures a trace of the instructions executed by a processor, running in
real-time, and stores these instructions in a buffer for later analysis. In addition to the
instructions executed the data used by those instructions may be captured. It is typically
possible to select which instructions or data is captured.
It is also normally possible to select a trigger condition, such as execution of a particular
instruction, or writing a particular value to a particular location in memory. Much more
complex trigger conditions are also sometimes available. When the trigger condition
occurs the buffer stops capturing the trace data, either immediately or some time later,
hence ensuring that the buffer retains a trace of the systems behavior around the time
the trigger condition occurred.
Page 2
Trace output
Logic Analyser
Processor
Address bus
Other
devices
Data bus
Target System
Page 3
Microcontroller
ARM CPU Macrocell
Control
Trace Debug
Tools running
on host
BREAKPT
Multi-ICE
5 wire
JTAG
JTAG
Port
Address
Execution
Unit
ETM
Data
EmbeddedICE
TAP
Trace
Port
MultiTrace
Cost. If the chip has an on chip trace buffer then trace can be used with no
additional hardware beyond that used for normal debugging. Even if the chip does
not have an on-chip buffer the cost of an external trace buffer is considerably less
than the cost of a full logic analyzer.
Access to the processor. Since the trace is captured within the chip the ETM can
easily access the processor.
Page 4
Complex processors. The ETM always monitors the data and address busses
between the processor and the cache. This means that caches are not a problem.
ARMs more complex processors contain private interfaces to the ETM that provide
the ETM with all the information it needs to fully trace the processor.
While this does add something to the cost of the processors, in terms of silicon area, the
incremental cost typically is small. For ARM processors the ETM is optional, but we
have been finding that most of our partners are now including it in their designs.
Page 5
The fact that real-time trace is not intrusive means that it is possible to debug parts of
the system that are typically not debuggable using breakpoints. For example, one can
usefully set trace triggers on interrupt routines, and hence, for example, discover the
timing of interrupt routines, and how interrupt routines are interacting with one another.
Figure 3 shows an example of trace output. The trigger point is defined to occur when a
value is stored to x, and occurs on index 0. As we can see the trace allows the user to
see how this point was reached, which is not something that is available using start/stop
debugging. The trace buffer will contain hundreds of thousands or millions of
instructions leading up to the trace point, giving extensive information about how the
trigger point was reached.
By filtering the trace to only capture selected instructions one can extend the time
period over which trace is captured to seconds or longer. Using the filtering facilities of
ARMs ETMs one can, for example, capture only the code executed when handling a
particular interrupt, or exclude all code in a particular source file.
Page 6
Page 7
3%
1%
2% 1%1%
11%
Func_1
3%
Proc_8
4%
Proc_7
_memcpy_small
11%
5%
_strcmp_loop
Func_3
_strcmp_return
5%
_memcpy_aligned_loop
Proc_2
Proc_4
5%
11%
__rt_sdiv
Proc_3
Func_2
6%
Proc_1
Proc_5
9%
8%
strcmp
Proc_6
8%
8%
__rt_memcpy_w
Page 8
Conclusion
The use of embedded real-time trace, as provided by ARMs ETMs, provides new ways
of debugging real-time and non-real-time embedded systems. In many cases the
availability of real-time trace allows the easy analysis of bugs that would otherwise be
difficult or impossible to analyze. As such using processors that include embedded realtime trace can significantly reduce the time taken to debug the resulting systems, and
hence produce significant cost savings.
In addition real-time trace is one of the few techniques that gives truly accurate
performance profiling information. This allows performance bottlenecks to be found and
resolved, and hence eases the development of performance critical software.
ARM, ARM Powered, StrongARM, Thumb, Multi-ICE, Integrator, PrimeCell and ARM7TDMI are registered trademarks of ARM
Limited. ARM7TDMI-S, ARM7EJ, ARM720T, ARM740T, ARM9TDMI, ARM920T, ARM922T, ARM940T, ARM9E, ARM926EJ-S,
ARM946E-S, ARM966E-S, ARM1020E, ARM1022E, EmbeddedICE, EmbeddedICE-RT, AMBA, MultiTrace, ModelGen, ARM
Developer Suite, RealView, ETM, ETM7, ETM9, ETM10, Embedded Trace Macrocell, Jazelle, PrimeXsys, MOVE and JTEK are
trademarks of ARM Limited. CodeWarrior is a registered trademark of Metrowerks Corporation. All other brand names or product
names are the property of their respective holders. "ARM" is used to represent ARM holdings plc (LSE: ARM and NASDAQ:
ARMHY); its operating company ARM Limited and the regional subsidiaries ARM, INC.; ARM KK; ARM Korea Ltd. Neither the whole
nor any part of the information contained in, or the product described in, this document may be adapted or reproduced in any
material form except with the prior written permission of the copyright holder. The product described in this document is subject to
continuous developments and improvements. All particulars of the product and its use contained in this document are given by ARM
in good faith. All warranties implied or expressed, including but not limited to implied warranties of satisfactory quality or fitness for
purpose are excluded. This document is intended only to provide information to the reader about the product. To the extent
permitted by local laws ARM shall not be liable for any loss or damage arising from the use of any information in this document or
any error or omission in such information.
Page 9