Instruction set simulator

An instruction set simulator (ISS) is a simulation model, usually coded in a high-level programming language, which mimics the behavior of a mainframe or microprocessor by "reading" instructions and maintaining internal variables which represent the processor's registers.

Instruction simulation is a methodology employed for one of several possible reasons:

  • To simulate the instruction set architecture (ISA) of a future processor to allow software development and test to proceed without waiting for the development and production of the hardware to finish. This is often known as "shift-left" or "pre-silicon support" in the hardware development field. A full system simulator or virtual platform for the future hardware typically includes one or more instruction set simulators.
  • To simulate the machine code of another hardware device or entire computer for upward compatibility.
For example, the IBM 1401 was simulated on the later IBM/360 through use of microcode emulation.

Implementation

Instruction-set simulators can be implemented using three main techniques:

  • Interpretation, where each instruction is executed directly by the ISS.
  • Just-in-time compilation (JIT), where the code to be executed is first translated into the instruction set of the host computer. This is typically about ten times faster than a well-optimized interpreter.
  • Virtualization, where processor extensions for virtual machines are used to execute instructions in the ISS. This only works for same-on-same instruction-set simulation, such as running x86 simulators on x86 hosts, or ARM simulators on ARM hosts.

An ISS is often provided with (or is itself) a debugger in order for a software engineer/programmer to debug the program prior to obtaining target hardware. GDB is one debugger which has a compiled-in ISS. It is sometimes integrated with simulated peripheral circuits such as timers, interrupts, serial ports, general I/O ports, etc. to mimic the behavior of a microcontroller.

The basic instruction simulation technique is the same regardless of purpose: first execute the monitoring program passing the name of the target program as an additional input parameter.

The target program is then loaded into memory, but control is never passed to the code. Instead, the entry point within the loaded program is calculated, and a pseudo program status word (PSW) is set to this location. The Program Status Word (PSW) is composed of a status register and a program counter, the latter of which signifies the next instruction to be executed.[1] Therefore, it is specifically the program counter that is assigned to this location. A set of pseudo registers are set to what they would have contained if the program had been given control directly.

It may be necessary to amend some of these to point to other pseudo "control blocks" depending on the hardware and operating system. It may also be necessary to reset the original parameter list to 'strip out' the previously added program name parameter.

Thereafter, execution proceeds as follows:

  1. Determine length of instruction at pseudo PSW location (initially the first instruction in the target program). If this instruction offset within the program matches a set of previously given "pause" points, set "Pause" reason, go to 7.
  2. "Fetch" the instruction from its original location (if necessary) into the monitor's memory. If "trace" is available and "on", store program name, instruction offset and any other values.
  3. Depending upon the instruction type, perform pre-execution checks and execute. If the instruction cannot proceed for any reason (invalid instruction, incorrect mode etc.) go to 7. If the instruction is about to alter memory, check memory destination exists (for this thread) and is sufficiently large. If OK, load appropriate pseudo registers into temporary real registers, perform equivalent move with the real registers, save address and length of altered storage if trace is "on" and go to 4. If the instruction is a "register-to-register" operation, load pseudo registers into monitor's real registers, perform operation, store back to respective pseudo registers, go to 4. If the instruction is a conditional branch, determine if the condition is satisfied: if not go to 4, if condition IS satisfied, calculate branch to address, determine if valid (if not, set error = "Wild branch" and go to 7.) If OK, go to 5. If instruction is an operating system call, do real call from monitoring program by "faking" addresses to return control to monitor program and then reset pseudo registers to reflect call; go to 4.
  4. Add instruction length to current Pseudo PSW value.
  5. Store next address in Pseudo PSW.
  6. Go to 1.
  7. Halt execution.

For test and debugging purposes, the monitoring program can provide facilities to view and alter registers, memory, and restart location or obtain a mini core dump or print symbolic program names with current data values. It could permit new conditional "pause" locations, remove unwanted pauses and suchlike.

Instruction simulation provides the opportunity to detect errors BEFORE execution which means that the conditions are still exactly as they were and not destroyed by the error. A very good example from the IBM S/360 world is the following instruction sequence that can cause difficulties debugging without an instruction simulation monitor.

     LM    R14,R12,12(R13)   where r13 incorrectly points to string of X"00"s
     BR    R14              causes PSW to contain X"0000002" with program check "Operation Exception"
*                           all registers on error contain nulls.

Consequences

Overhead

The number of instructions to perform the above basic "loop" (Fetch/Execute/calculate new address) depends on hardware but it could be accomplished on IBM S/360/370/390/ES9000 range of machines in around 12 or 13 instructions for many instruction types. Checking for valid memory locations or for conditional "pause"s add considerably to the overhead but optimization techniques can reduce this to acceptable levels. For testing purposes this is normally quite acceptable as powerful debugging capabilities are provided including instruction step, trace and deliberate jump to test error routine (when no actual error). In addition, a full instruction trace can be used to test actual (executed) code coverage.

Added benefits

Occasionally, monitoring the execution of a target program can help to highlight random errors that appear (or sometimes disappear) while monitoring but not in real execution. This can happen when the target program is loaded at a different location than normal because of the physical presence of the monitoring program in the same address space.

If the target program picks up the value from a "random" location in memory (one it doesn't 'own' usually), it may for example be nulls (X"00") in almost every normal situation and the program works OK. If the monitoring program shifts the load point, it may pick up say X"FF" and the logic would cause different results during a comparison operation. Alternatively, if the monitoring program is now occupying the space where the value is being "picked up" from, similar results might occur.

Re-entrancy bugs: accidental use of static variables instead of "dynamic" thread memory can cause re-entrancy problems in many situations. Use of a monitoring program can detect these even without a storage protect key.

Illegal operations: some operating systems (or hardware) require the application program to be in the correct "mode" for certain calls to the Operating system. Instruction simulation can detect these conditions before execution.

Hot spot analysis & instruction usage by counting the instructions executed during simulation (which will match the number executed on the actual processor or unmonitored execution), the simulator can provide both a measure of relative performance between different versions of algorithm and also be used to detect "hot spots" where optimization can then be targeted by the programmer. In this role it can be considered a form of performance analysis as it is not easy to obtain these statistics under normal execution and this is especially true for high level language programs which effectively 'disguise' the extent of machine code instructions by their nature.

Educational purposes

Some of these software simulators remains to be used as tools for assembly language and Instruction Set Architecture teaching, with some specifically designed using multiple simulation layers and ISA to ISA simulation, with the ability to even design ISAs and simulate them.[2]

Criticism

In the first volume of The Art of Computer Programming, Donald Knuth wrote: "In the author's opinion, entirely too much programmers' time has been spent in writing such [machine language] simulators and entirely too much computer time has been wasted in using them."[3] In the following section, however, the author gives examples of how such simulators are useful as trace or monitor routines for debugging purposes.

Example

Typical trace output from simulation by monitoring program used for test & debugging:

Program        offset         instruction            Dis-assembled             register/ storage (after execution)
TEST001        000000         X'05C0'                BALR   R12,0              R12=002CE00A
               000002         X'47F0C00E'            BC    15,X'00C'(R12)    
               00000E         X'98ECD00C'            STM   R14,R12,X'00C'(R13)   X'002E0008' ==> X'00004CE,002CE008,..etc....'
               000012         X'45E0C122'            BAL   R14,X'122'(R12)     R14=002C0016
SUB1           000124         X'50E0C28A'            ST    R14,X'28A'(R12)       X'002CE294' ==> X'002C0016'
etc...

See also

Simulators

  • ARMulator - CPU simulators for the ARM architecture, provided by ARM itself as both a reference and software development vehicle.
  • Computer architecture simulator
  • CPU Sim - Java-based program that allows the user to design and create an instruction set and then run programs of instructions from the set through simulation
  • Gpsim - PIC microcontroller simulator
  • INTERP/8 - Intel 8008 and INTERP/80 for Intel 8080.
  • Little man computer - simple Java-based example of an instruction set simulator
  • MikroSim - CPU simulator, allowing instruction set definition on microcode level for educational use
  • VIP - CPU simulator, allowing instruction set definition on microcode level for educational use
  • OVPsim - CPU and full system simulator, providing over 170 instruction accurate models of processors. Allows user defined instruction sets.
  • Saturn+, enhanced Saturn CPU and system simulator to run RPL on newer HP graphing calculators with ARM-based processors between 2003–2015
  • Simics - CPU and full system simulator framework, building complete models of complex modern hardware.
  • Simh - Simulation of 50+ historic computers including full PDP-11 systems with I/O, in development since the 1960's.
  • CPU-OS Simulator - Integrated RISC type CPU and multithreading operating system educational simulators.

Other

References

  1. ^ Hayes, John P. (1978). Computer Architecture and Organization. McGRAW-HILL International Book Company. p. 51. ISBN 0-07-027363-4.
  2. ^ Almasri, I., Abandah, G., Shhadeh, A., Shahrour, A. (2011, December). Universal ISA simulator with soft processor FPGA implementation. In Applied Electrical Engineering and Computing Technologies (AEECT), 2011 IEEE Jordan Conference on (pp. 1–6). IEEE.
  3. ^ “The Art of Computer Programming”, Donald Knuth, 1997, Volume 1, 3rd edition, Page 202.

Read other articles:

American actress Mary Jo CatlettCatlett with her character, Mrs. Puff, at a convention in 2013Born (1938-09-02) September 2, 1938 (age 85)Denver, Colorado, U.S.Other namesMary CatlettOccupationActressYears active1962–present Mary Jo Catlett (born September 2, 1938) is an American actress. She is a main cast member on the animated series SpongeBob SquarePants, providing the voice of Mrs. Puff. She is also known for originating the role of Ernestina in the 1964 Broadway pro...

Béla Guttmann Béla Guttmann 1966 Persoonlijke informatie Volledige naam Béla Guttmann Geboortedatum 27 januari 1899 Geboorteplaats Boedapest, Oostenrijk-Hongarije Overlijdensdatum 28 augustus 1981 Overlijdensplaats Wenen, Oostenrijk Positie Middenvelder Jeugd 1917–1919 Törekvés SE Senioren Seizoen Club W 0(G) 1919–19201921–19221922–192619261926–19291929–193019301931–19321932–1933 Törekvés SE MTK Boedapest Hakoah WienVlag van Verenigde Staten Brooklyn WanderersVlag van V...

Château fort de LongueuilRuines du fort de Longueuillavis de John Drake, 1825PrésentationPartie de Co-cathédrale Saint-Antoine-de-PadoueDestination initiale Fort militaireConstruction XVIIe - XVIIIe sièclesPropriétaire ÉtatPatrimonialité Lieu historique national (1923)LocalisationPays CanadaRégion MontérégieCommune LongueuilCoordonnées 45° 32′ 26″ N, 73° 30′ 30″ Omodifier - modifier le code - modifier Wikidata Le château fort de Lo...

Опис файлу Опис Джерело Автор зображення Ліцензія див. нижче У цього зображення немає: опису інформації про автора інформації про джерело Якщо ви маєте таку інформацію чи маєте до неї доступ, будь ласка, додайте її на сторінку опису зображення. Для сповіщення завантажувач

Untuk kegunaan lain, lihat Janggut Biru (disambiguasi). Janggut biru, istrinya, dan kunci-kunci dalam ilustrasi abad ke-19 karya Gustave Doré Janggut Biru (Bahasa Prancis: Barbe bleue) adalah sebuah cerita rakyat Prancis, versi paling terkenal yang masih ada ditulis oleh Charles Perrault dan pertama kali diterbitkan oleh Barbin di Paris pada 1697 dalam Histoires ou contes du temps passé.[1][2] Cerita tersebut mengisahkan cerita pria kaya yang keras pernah membunuh para istri...

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Agricultural History journal – news · newspapers · books · scholar · JSTOR (March 2023) (Learn how and when to remove this template message)Academic journalAgricultural HistoryDisciplineHistoryLanguageEnglishEdited byAlbert WayPublication detailsHisto...

Este artículo o sección necesita referencias que aparezcan en una publicación acreditada.Este aviso fue puesto el 4 de noviembre de 2021. Simón V de Lippe Conde de Lippe Información personalNacimiento 1471Fallecimiento 1536FamiliaDinastía Casa de LippePadre Bernardo VII de LippeMadre Ana de Holstein-PinnebergConsorte Walpurgis de BronckhorstMagdalena de Mansfeld-Mittelort[editar datos en Wikidata] El Conde Simón V de Lippe (1471 - 17 de septiembre de 1536) fue un noble Señor...

Untuk artikel mengenai dua belas suku dalam Bani Israil, lihat Suku Israel Mosaik pertengahan abad kedua puluh tentang dua belas suku dalam Bani Israel, dari dinding sinagoga Etz Yosef di Givat Mordechai, Yerusalem Bani Israil atau Bani Israel (Ibrani: בני ישראל Bnei Yisra'el, Arab: بني إسرائيل , Banī Israīl) adalah persekutuan suku-suku berbahasa Semit pada Zaman Besi dari kawasan Timur Dekat Kuno yang mendiami wilayah Kanaan (Israel) pada masa kesukuan dan monark...

Species of fish Acanthopagrus berda Acanthopagrus berda (Forsskål, 1775) Conservation status Least Concern (IUCN 3.1)[1] Scientific classification Domain: Eukaryota Kingdom: Animalia Phylum: Chordata Class: Actinopterygii Order: Spariformes Family: Sparidae Genus: Acanthopagrus Species: A. berda Binomial name Acanthopagrus berda(Forsskål, 1775) Synonyms Sparus berda Forsskål, 1775 Sparus hasta Bloch & Schneider,1801 Acanthopagrus berda, the goldsilk seabream, sly brea...

Các ví dụ và quan điểm trong bài viết này có thể không thể hiện tầm nhìn toàn cầu về chủ đề này. Vui lòng giúp cải thiện bài viết này hoặc thảo luận về vấn đề này tại trang thảo luận, hoặc tạo bài viết mới sao cho phù hợp. Quản trị kinh doanh  • Công ty  • Doanh nghiệp  • Tập đoàn Nhân cách pháp lý · Nhóm công ty  · Tổng công ty  ...

Suburban settlement in South Bačka, Vojvodina, SerbiaLedinci Лединци (Serbian)Suburban settlementLedinci SealLedinciLocation within Novi SadShow map of Novi SadLedinciLedinci (Vojvodina)Show map of VojvodinaLedinciLedinci (Serbia)Show map of SerbiaCoordinates: 45°12′39″N 19°48′13″E / 45.21083°N 19.80361°E / 45.21083; 19.80361Country SerbiaProvince VojvodinaDistrictSouth BačkaMunicipality Novi SadArea[1] • Tot...

This article includes a list of general references, but it lacks sufficient corresponding inline citations. Please help to improve this article by introducing more precise citations. (June 2012) (Learn how and when to remove this template message) Heart pine refers to the heartwood of the pine tree, which is the non-living center of the tree trunk, while the sapwood is the outer living layer which transports nutrients. Heartwood and sapwood in pinus sylvestris The heartwood from the pine tree...

College basketball team season. 2022–23 Stanford Cardinal men's basketballConferencePac-12 ConferenceRecord14–19 (7–13 Pac-12)Head coachJerod Haase (7th season)Assistant coaches Jesse Pruitt Robert Ehsan Brandon Dunson Home arenaMaples PavilionSeasons← 2021–222023–24 → 2022–23 Pac-12 Conference men's basketball standings vte Conf Overall Team W   L   PCT W   L   PCT No. 7 UCLA 18 – 2   .900 31 – 6   .838 No....

Design system created by Microsoft in 2017 This article relies excessively on references to primary sources. Please improve this article by adding secondary or tertiary sources. Find sources: Fluent Design System – news · newspapers · books · scholar · JSTOR (March 2019) (Learn how and when to remove this template message) Fluent Design SystemThe notepad and calculator application in Windows 11Other names Fluent UI Microsoft Fluent Design System Origin...

Hypervelocity Wind Tunnel 9Active1976–PresentCountryUnited StatesBranchUS Air ForceRoleTest FacilityMilitary unit AEDC Hypervelocity Wind Tunnel 9 is a hypersonic wind tunnel owned by the United States Air Force and operated by National Aerospace Solutions The facility can generate high Mach numbers and high Reynolds for hypersonic ground testing and the validation of computational simulations for the Air Force and Department of Defense.[1] History After World War II several critica...

Somerset Trained BandsActive1558–1662Country EnglandBranch Trained BandsRoleInfantry and CavalrySize5–6 Regiments of Foot, 1 Regiment of HorseEngagementsRising of the NorthBattle of NewburnBattle of Marshall's ElmSiege of Sherborne CastleBattle of Braddock DownSecond Battle of ModburySiege of Lyme RegisBattle of LostwithielSieges of TauntonBattle of LangportSiege of Bristol (1645)CommandersNotablecommandersLt-Col Thomas LunsfordSir Edward RodneySir John StawellCol William StrodeMilit...

Esta página cita fontes, mas que não cobrem todo o conteúdo. Ajude a inserir referências. Conteúdo não verificável pode ser removido.—Encontre fontes: ABW  • CAPES  • Google (N • L • A) (Novembro de 2012)  Nota: Se procura outros sentidos para a palavra Boa Viagem, veja Boa Viagem. Boa Viagem   Bairro do Brasil   Bairro de Boa Viagem em primeiro planoBairro de Boa Viagem em primeiro plano Localiza...

Trio of backup singers who support Bette Midler The Harlettes, also known as The Staggering Harlettes, is a trio of backup singers who support Bette Midler during her live musical performances. The Harlettes' line-up has changed many times since their inception. History Melissa Manchester was one of the original Harlettes Bette Midler's stage act grew out of her early 1970s performances at the Continental Baths, a gay bathhouse in Manhattan which offered entertainment on the weekends. With he...

Belangrijkste leden van de Gens Aurelia Antoninus Pius Marcus Aurelius Commodus Gaius Aurelius Cotta was een veelvoorkomende naam in de gens Aurelia. Beroemde dragers van deze naam zijn: Gaius Aurelius Cotta (consul in 252 v.Chr.); Gaius Aurelius Cotta (consul in 200 v.Chr.); Gaius Aurelius Cotta (consul in 75 v.Chr.). Bekijk alle artikelen waarvan de titel begint met Gaius Aurelius Cotta of met Gaius Aurelius Cotta in de titel. Dit is een doorverwijspagina, bedoeld o...

Parliamentary constituency in the United Kingdom, 1832–1918 Worcestershire, Mid or Droitwich DivisionFormer County constituencyfor the House of Commons1885–1918SeatsoneReplaced byKidderminster and Evesham1554–1885Seatstwo (1554–1832); one (1832–1885)Type of constituencyBorough constituency Droitwich was the name of a constituency of the House of Commons of England in 1295, and again from 1554, then of the House of Commons of Great Britain from 1707 to 1800 and of the House of Common...