v811_spc009/external/vixl/doc/aarch64/topics/state-trace.md

AArch64 Simulator state trace
=============================

The AArch64 Simulator can be configured to produce traces of instruction
execution, register contents, and memory accesses. The trace is designed to be
intuitive for human readers, but this document describes the format of the
trace, so that post-processing tools can confidently parse the output.

In VIXL's own test runner, the trace is controlled by the `--trace*` options.
Run `test-runner --help` for details.

Basic structure
---------------

Executed instructions show the address, the encoding of the instruction and the
disassembly (as produced by VIXL's Disassembler). For example:

    0x00007fbe2a6a9044  d299d200		mov x0, #0xce90

The first field is the address of the instruction, with exactly 16 hexadecimal
characters and a leading 0x, and is followed by two spaces. The second field is
the instruction encoding, with exactly eight hexadecimal characters (and no
leading 0x). This is followed by two _tab_ characters, and the instruction
disassembly. The following regular expression can be used to capture each field:

    (0x[0-9a-f]{16})  ([0-9a-f]{8})\t\t(.*)

Following each instruction are zero or more lines of state update. Most notably,
these represent the register state updates and memory accesses that occurred
during simulation of the instruction. All of these lines begin with a '#'
character, so that they can be easily identified, and filtered if necessary. For
example:

    0x00007fd2221c907c  8b82200e		add x14, x0, x2, asr #8
    #            x14: 0xfffedcba98765432
    0x00007fd2221c9080  0b81200f		add w15, w0, w1, asr #8
    #            w15:         0xff89abcd

Note that the Simulator uses these state update lines to describe its initial
state. As a result, there will be state trace output before the first simulated
instruction, and parsers need to be tolerant of this.

Note that padding white space is used liberally to keep values vertically
aligned throughout the trace (as shown with the write to `w15` in the example
above). Similarly, some compound values are split into parts using the C++14
literal separator (`'`) character. Refer to the "Memory accesses" section
(below) for examples.

Ordering
--------

VIXL guarantees that each instruction is printed before its associated state
trace.

State trace must be interpreted sequentially, line by line. VIXL avoids updating
the same register more than once (because it makes the trace hard for humans to
read), but this can occur in some situations, and should be supported by
parsers.

The state is intended to be consistent with architectural execution at the start
of each instruction and at the end of the whole trace, but no such guarantees
are made about the traced state _between_ instructions. VIXL prioritises
human-readability when choosing the ordering of state updates.

If simulated registers are modified externally, for example using
`WriteRegister` from C++ code, their state will (by default) be logged
immediately. In the full trace, it will appear as though the (runtime) call or
return instruction modified the state. This is consistent with the guarantees
above, but it can result in single instructions appearing to generate a large
number of state updates.

There is no upper limit on the number of state update lines that any one
instruction can generate.

Whole register trace
--------------------

The simplest form of state trace has the form "`REG: VALUE`", meaning that
the register `REG` has the specified value, and any high-order bits in aliased
registers are set to zero.

    0x00007fd2221c907c  8b82200e		add x14, x0, x2, asr #8
    #            x14: 0xfffedcba98765432

Note that to correctly track state, parsers need to be aware of architectural
register aliasing rules. Also, VIXL uses some standard register aliases, such as
`lr` (`x30`). To avoid misinterpreting a register alias (and thereby potentially
missing an aliased register update), some tools may need to treat an
unrecognised register name as an error.

This trace format attempts to represent _architectural_ register writes.
However, this is not strictly checked or enforced.

`VALUE` is always shown in hexadecimal (raw bits) form, with a leading `0x` and
enough digits to exactly fill `REG`. `VALUE` may also include annotations (for
example to show FP arithmetic values) in parentheses. These annotations are for
the benefit of human readers, and parsers may ignore them.

Note that SVE registers _always_ use the partial register trace format,
described below, so a plain `z` or `p` register will never be used in a whole
register trace. This is true even if the vector length is configured to 16
bytes.

Partial register trace
----------------------

Sometimes, VIXL needs to show _part_ of a register without implying that the
rest of the register is zeroed. A partial register value is indicated by a bit
range in angled brackets after the register name: "`REG<MSB:LSB>: VALUE`".
This format is used for stores, for example.

SVE register updates are split across multiple lines, and therefore always use
the partial register trace format. For example (with a 384-bit VL):

    0x00007fb1978da044  04214000		index z0.b, #0, #1
    #   z0<383:256>: 0x2f2e2d2c2b2a29282726252423222120
    #   z0<255:128>: 0x1f1e1d1c1b1a19181716151413121110
    #     z0<127:0>: 0x0f0e0d0c0b0a09080706050403020100

Note that VIXL will omit whole lines where they are unnecessary, for example if
they have no active (predicated) lanes. Parsers should not assume that every
part of a register will appear in such cases.

The `VALUE` has the same format as in the whole register trace, except in the
case of SVE `p` registers (as described below).

SVE `p` registers
-----------------

For `p` registers, we try to keep the lanes vertically aligned with the
corresponding parts of the `z` registers that they affect. To do this, we use a
binary format, with a leading `0b`, and spaces between each digit. For example:

    0x00007f66e539b0b8  04f54607		index z7.d, x16, #-11
    #     z7<127:0>: 0x00000000000000150000000000000020
    0x00007f66e539b0bc  25d8e3a7		ptrue p7.d, all
    #      p7<15:0>: 0b 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1

Memory accesses
---------------

The pattern for a memory access is "`VALUE OP ADDRESS`", where:

- `VALUE` is a hexadecimal value, with visual separators (') between
  structure components,
- `OP` is `"->"` for a store, or `"<-"` for a load,
- `ADDRESS` is the (hexadecimal) address of the access.

Accesses shown in this style are always contiguous, and with little-endian
semantics. However, a given instruction might have multiple lines of memory
access trace, particularly if the instruction performs non-contiguous accesses.

In the case of simple accesses, the `VALUE` is shared with register value trace:

    0x00007f3835372058  e400e401		st1b { z1.b }, p1, [x0]
    #      z1<127:0>: 0xd4d7dadde0e3e6e9eceff2f5f8fbfe01 -> 0x000055d170298e90

Sign-extending loads show the whole resulting register value, with the (smaller)
access represented on a separate line. This makes the (differing) values in the
register and in memory unambiguous, without parsers needing to understand the
instruction set:

    0x00007f47922d0068  79800306		ldrsh x6, [x24]
    #             x6: 0xffffffffffff8080
    #                                  ╙─ 0x8080 <- 0x00007fffbc197708

Some instructions access several different memory locations. In these cases,
each access is given its own line, with the highest lane index first so that
(for contiguous accesses) the lowest address ends up at the bottom:

    0x00007fa6001e9060  e4217c0a		st2b { z10.b, z11.b }, p7, [x0, x1]
    #     z10<127:0>: 0x0f0e0d0c0b0a09080706050403020100
    #     z11<127:0>: 0x1f1e1d1c1b1a19181716151413121110
    #                    ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ╙─ 0x10'00 -> 0x00007ffe485d2f90
    #                    ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ╙─── 0x11'01 -> 0x00007ffe485d2f92
    #                    ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ╙───── 0x12'02 -> 0x00007ffe485d2f94
    #                    ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ╙─────── 0x13'03 -> 0x00007ffe485d2f96
    #                    ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ╙───────── 0x14'04 -> 0x00007ffe485d2f98
    #                    ║ ║ ║ ║ ║ ║ ║ ║ ║ ║ ╙─────────── 0x15'05 -> 0x00007ffe485d2f9a
    #                    ║ ║ ║ ║ ║ ║ ║ ║ ║ ╙───────────── 0x16'06 -> 0x00007ffe485d2f9c
    #                    ║ ║ ║ ║ ║ ║ ║ ║ ╙─────────────── 0x17'07 -> 0x00007ffe485d2f9e
    #                    ║ ║ ║ ║ ║ ║ ║ ╙───────────────── 0x18'08 -> 0x00007ffe485d2fa0
    #                    ║ ║ ║ ║ ║ ║ ╙─────────────────── 0x19'09 -> 0x00007ffe485d2fa2
    #                    ║ ║ ║ ║ ║ ╙───────────────────── 0x1a'0a -> 0x00007ffe485d2fa4
    #                    ║ ║ ║ ║ ╙─────────────────────── 0x1b'0b -> 0x00007ffe485d2fa6
    #                    ║ ║ ║ ╙───────────────────────── 0x1c'0c -> 0x00007ffe485d2fa8
    #                    ║ ║ ╙─────────────────────────── 0x1d'0d -> 0x00007ffe485d2faa
    #                    ║ ╙───────────────────────────── 0x1e'0e -> 0x00007ffe485d2fac
    #                    ╙─────────────────────────────── 0x1f'0f -> 0x00007ffe485d2fae

The line-drawing characters are encoded as UTF-8 (as is this document). There is
currently no locale handling in VIXL, so this is not configurable. However,
since these annotations are for the benefit of human readers, parsers can safely
ignore them, and treat the whole trace as an ASCII byte stream (ignoring 8-bit
characters). This is useful in situations where UTF-8 handling carries an
unacceptable performance cost.

In the future, VIXL may offer an option to avoid printing these annotations, so
that the trace is restricted to single-byte characters.

Floating-point value annotations
--------------------------------

Some floating-point operations produce register trace that annotates the raw
values with the corresponding FP arithmetic values. This is for the benefit of
human readers (and has limited precision). Such annotations follow the `VALUE`
in parentheses.

Scalar form:

    #             s1:                         0x3f800000 (1.000) <- 0x00007ffdc64d2314

Vector form, updating all S lanes using a load:

    #            v16: 0x1211100f0e0d0c0b0a09080706050403 (4.577e-28, 1.739e-30, 6.598e-33, 2.502e-35)
    #                          ║       ║       ║       ╙─ 0x06050403 <- 0x00007ffe56fd7863
    #                          ║       ║       ╙───────── 0x0a090807 <- 0x00007ffe56fd7867
    #                          ║       ╙───────────────── 0x0e0d0c0b <- 0x00007ffe56fd786b
    #                          ╙───────────────────────── 0x1211100f <- 0x00007ffe56fd786f

Vector form, updating a single S lane using a load:

    #             v2: 0x03020100040302017ff0f0027f80f000 (..., 1.540e-36, ...)
    #                                  ╙───────────────── 0x04030201 <- 0x00007ffc7b2e3ca1

Vector form, replicating a single struct load to all S lanes:

    #            v15: 0x100f0e0d100f0e0d100f0e0d100f0e0d (2.821e-29, 2.821e-29, 2.821e-29, 2.821e-29)
    #            v16: 0x14131211141312111413121114131211 (7.425e-27, 7.425e-27, 7.425e-27, 7.425e-27)
    #            v17: 0x18171615181716151817161518171615 (1.953e-24, 1.953e-24, 1.953e-24, 1.953e-24)
    #                          ╙───────╨───────╨───────╨─ 0x18171615'14131211'100f0e0d <- 0x00007ffdd64d847d