MET - Aria
Aria is the execution-driven trace generator. Aria traces program execution under the supervision of a control program (such as Turandot, the processor model), also referred to as the trace consumer. Both tools, and the program being traced, execute in the same address space so that simple procedure calls accomplish the communication between tools.
At start-up, Aria determines the initial user program state and its starting address, and presents these data to the control program. This program controls the execution path through the user program by providing Aria the starting address of the instructions to be traced and a copy of the program state (all register values). Aria executes instructions starting at the given address, with the provided user program state, until the first branch encountered. Aria returns to the control program the execution trace for the executed instructions, plus the user program state modified by the execution of those instructions.
Aria generates traces by dynamically instrumenting a program at the basic block level. The first time Aria encounters a basic program block, it translates it into a code sequence that executes the block and produces a trace buffer including instruction and address information. Translated blocks are saved, eliminating repeated translation.
Aria can generate two versions of each block of instructions. The taken version corresponds to the block's normal execution; the not-taken version corresponds to a mispredicted path's execution. The control program specifies which version should be executed (and generated if necessary) each time. The not-taken version differs from the taken version as follows:
- load instructions are guarded to ensure they do not introduce spurious segmentation faults;
- store instructions are not executed, to avoid polluting the executing programs' memory state; and
- illegal instructions -data values embedded in the program- are replaced by no-ops.
Any other exception that raises a signal in the not-taken version leads to having the corresponding signal raised.
Aria's translation mechanism does not guarantee that data addresses placed in the trace are exactly those generated by the same program when executed independently. Data segments might be moved to a different region in the address space during translation, such that data address can be offset from the original addresses. The approach tries to minimize such perturbation. Instruction address in the trace, however, are correct.
Aria also allows the simulation of new instructions in the architecture. Aria translates a new instruction into a native-instruction sequence that performs the same functionality, but the information in the trace corresponds to the new instruction.
Experimental evidence indicates that the slowdown factor arising from Aria's translation mechanism is around 40 instructions executed for each instruction in the program being traced.
See the Publications and Presentations for further information regarding Aria.