An instruction set simulator (ISS) is a

simulation A simulation is the imitation of the operation of a real-world process or system over time. Simulations require the use of models; the model represents the key characteristics or behaviors of the selected system or process, whereas the ...

model, usually coded in a

high-level programming language In computer science, a high-level programming language is a programming language with strong abstraction from the details of the computer. In contrast to low-level programming languages, it may use natural language ''elements'', be easier to ...

, which mimics the behavior of a mainframe or

microprocessor A microprocessor is a computer processor where the data processing logic and control is included on a single integrated circuit, or a small number of integrated circuits. The microprocessor contains the arithmetic, logic, and control circu ...

by "reading" instructions and maintaining internal variables which represent the processor's registers. Instruction simulation is a methodology employed for one of several possible reasons: * To simulate the

machine code In computer programming, machine code is any low-level programming language, consisting of machine language instructions, which are used to control a computer's central processing unit (CPU). Each instruction causes the CPU to perform a ver ...

of another hardware device or entire computer for upward

compatibility Compatibility may refer to: Computing * Backward compatibility, in which newer devices can understand data generated by older devices * Compatibility card, an expansion card for hardware emulation of another device * Compatibility layer, compon ...

—a full system simulator typically includes an instruction set simulator. :: For example, the

IBM 1401 The IBM 1401 is a variable-wordlength decimal computer that was announced by IBM on October 5, 1959. The first member of the highly successful IBM 1400 series, it was aimed at replacing unit record equipment for processing data stored on pu ...

was simulated on the later IBM/360 through use of

microcode In processor design, microcode (μcode) is a technique that interposes a layer of computer organization between the central processing unit (CPU) hardware and the programmer-visible instruction set architecture of a computer. Microcode is a la ...

emulation. * To monitor and execute the machine code instructions (but treated as an input stream) on the same hardware for test and debugging purposes, e.g. with

memory protection Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that h ...

(which protects against accidental or deliberate

buffer overflow In information security and programming, a buffer overflow, or buffer overrun, is an anomaly whereby a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. Buffers are areas of memor ...

). * To improve the speed performance—compared to a slower

cycle-accurate simulator A computer architecture simulator is a program that simulates the execution of computer architecture. Computer architecture simulators are used for the following purposes: * Lowering cost by evaluating hardware designs without building physical ha ...

—of simulations involving a processor core where the processor itself is not one of the elements being verified; in

hardware description language In computer engineering, a hardware description language (HDL) is a specialized computer language used to describe the structure and behavior of electronic circuits, and most commonly, digital logic circuits. A hardware description language e ...

design using

Verilog Verilog, standardized as IEEE 1364, is a hardware description language (HDL) used to model electronic systems. It is most commonly used in the design and verification of digital circuits at the register-transfer level of abstraction. It is a ...

where simulation with tools like ISS can be run faster by means of " PLI" (not to be confused with PL/1, which is a

programming language A programming language is a system of notation for writing computer programs. Most programming languages are text-based formal languages, but they may also be graphical. They are a kind of computer language. The description of a programming l ...

Implementation

An ISS is often provided with (or is itself) a

debugger A debugger or debugging tool is a computer program used to test and debug other programs (the "target" program). The main use of a debugger is to run the target program under controlled conditions that permit the programmer to track its execut ...

in order for a software engineer/

programmer A computer programmer, sometimes referred to as a software developer, a software engineer, a programmer or a coder, is a person who creates computer programs — often for larger computer software. A programmer is someone who writes/creates ...

to debug the program prior to obtaining target hardware. GDB is one debugger which has a compiled-in ISS. It is sometimes integrated with simulated peripheral circuits such as

timer A timer is a specialized type of clock used for measuring specific time intervals. Timers can be categorized into two main types. The word "timer" is usually reserved for devices that counts down from a specified time interval, while devices th ...

interrupt In digital computers, an interrupt (sometimes referred to as a trap) is a request for the processor to ''interrupt'' currently executing code (when permitted), so that the event can be processed in a timely manner. If the request is accepted ...

serial port In computing, a serial port is a serial communication interface through which information transfers in or out sequentially one bit at a time. This is in contrast to a parallel port, which communicates multiple bits simultaneously in paralle ...

s, general I/O ports, etc. to mimic the behavior of a

microcontroller A microcontroller (MCU for ''microcontroller unit'', often also MC, UC, or μC) is a small computer on a single VLSI integrated circuit (IC) chip. A microcontroller contains one or more CPUs ( processor cores) along with memory and programma ...

. The basic instruction simulation technique is the same regardless of purpose: first execute the monitoring program passing the name of the target program as an additional input parameter. The target program is then loaded into memory, but control is never passed to the code. Instead, the

entry point In computer programming, an entry point is the place in a program where the execution of a program begins, and where the program has access to command line arguments. To start a program's execution, the loader or operating system passes c ...

within the loaded program is calculated, and a pseudo program status word (PSW) is set to this location. A set of pseudo registers are set to what they would have contained if the program had been given control directly. It may be necessary to amend some of these to point to other pseudo "control blocks" depending on the hardware and operating system. It may also be necessary to reset the original parameter list to 'strip out' the previously added program name parameter. Thereafter, execution proceeds as follows: #Determine length of instruction at pseudo PSW location (initially the first instruction in the target program). If this instruction offset within the program matches a set of previously given "pause" points, set "Pause" reason, go to 7. #"Fetch" the instruction from its original location (if necessary) into the monitor's memory. If "trace" is available and "on", store program name, instruction offset and any other values. #Depending upon the instruction type, perform pre-execution checks and execute. If the instruction cannot proceed for any reason (invalid instruction, incorrect mode etc.) go to 7. If the instruction is about to alter memory, check memory destination exists (for this

thread Thread may refer to: Objects * Thread (yarn), a kind of thin yarn used for sewing ** Thread (unit of measurement), a cotton yarn measure * Screw thread, a helical ridge on a cylindrical fastener Arts and entertainment * ''Thread'' (film), 2016 ...

) and is sufficiently large. If OK, load appropriate pseudo registers into temporary real registers, perform equivalent move with the real registers, save address and length of altered storage if trace is "on" and go to 4. If the instruction is a "register-to-register" operation, load pseudo registers into monitors real registers, perform operation, store back to respective pseudo registers, go to 4. If the instruction is a conditional branch, determine if the condition is satisfied: if not go to 4, if condition IS satisfied, calculate branch to address, determine if valid (if not, set error = " Wild branch" and go to 7.) If OK, go to 5. If instruction is an operating system call, do real call from monitoring program by "faking" addresses to return control to monitor program and then reset pseudo registers to reflect call; go to 4. #Add instruction length to current Pseudo PSW value. #Store next address in Pseudo PSW. #Go to 1. #Halt execution. For test and debugging purposes, the monitoring program can provide facilities to view and alter registers, memory, and restart location or obtain a mini

core dump In computing, a core dump, memory dump, crash dump, storage dump, system dump, or ABEND dump consists of the recorded state of the working Computer storage, memory of a computer program at a specific time, generally when the program has crash (comp ...

or print symbolic program names with current data values. It could permit new conditional "pause" locations, remove unwanted pauses and suchlike. Instruction simulation provides the opportunity to detect errors BEFORE execution which means that the conditions are still exactly as they were and not destroyed by the error. A very good example from the IBM S/360 world is the following instruction sequence that can cause difficulties debugging without an instruction simulation monitor. LM R14,R12,12(R13) where r13 incorrectly points to string of X"00"s BR R14 causes PSW to contain X"0000002" with program check "Operation Exception" * all registers on error contain nulls.

Consequences

Overhead

The number of instructions to perform the above basic "loop" (Fetch/Execute/calculate new address) depends on hardware but it could be accomplished on IBM S/360/370/390/ES9000 range of machines in around 12 or 13 instructions for many instruction types. Checking for valid memory locations or for conditional "pause"s add considerably to the overhead but optimization techniques can reduce this to acceptable levels. For testing purposes this is normally quite acceptable as powerful debugging capabilities are provided including instruction step, trace and deliberate jump to test error routine (when no actual error). In addition, a full instruction trace can be used to test actual (executed)

code coverage In computer science, test coverage is a percentage measure of the degree to which the source code of a program is executed when a particular test suite is run. A program with high test coverage has more of its source code executed during testing ...

Added benefits

Occasionally, monitoring the execution of a target program can help to highlight

random In common usage, randomness is the apparent or actual lack of pattern or predictability in events. A random sequence of events, symbols or steps often has no order and does not follow an intelligible pattern or combination. Individual rando ...

errors that appear (or sometimes disappear) while monitoring but not in real execution. This can happen when the target program is loaded at a different location than normal because of the physical presence of the monitoring program in the same address space. If the target program picks up the value from a "random" location in memory (one it doesn't 'own' usually), it may for example be nulls (X"00") in almost every normal situation and the program works OK. If the monitoring program shifts the load point, it may pick up say X"FF" and the logic would cause different results during a comparison operation. Alternatively, if the monitoring program is now occupying the space where the value is being "picked up" from, similar results might occur. Re-entrancy bugs: accidental use of static variables instead of "dynamic" thread memory can cause re-entrancy problems in many situations. Use of a monitoring program can detect these even without a storage protect key. Illegal operations: some operating systems (or hardware) require the application program to be in the correct "mode" for certain calls to the Operating system. Instruction simulation can detect these conditions before execution. Hot spot analysis & instruction usage by counting the instructions executed during simulation (which will match the number executed on the actual processor or unmonitored execution), the simulator can provide both a measure of relative performance between different versions of algorithm and also be used to detect "hot spots" where optimization can then be targeted by the programmer. In this role it can be considered a form of performance analysis as it is not easy to obtain these statistics under normal execution and this is especially true for high level language programs which effectively 'disguise' the extent of machine code instructions by their nature.

Educational purposes

Some of these software simulators remains to be used as tools for assembly language and Instruction Set Architecture teaching, with some specifically designed using multiple simulation layers and ISA to ISA simulation, with the ability to even design ISAs and simulate them.

Criticism

In the first volume of ''

The Art of Computer Programming ''The Art of Computer Programming'' (''TAOCP'') is a comprehensive monograph written by the computer scientist Donald Knuth presenting programming algorithms and their analysis. Volumes 1–5 are intended to represent the central core of comp ...

'',

Donald Knuth Donald Ervin Knuth ( ; born January 10, 1938) is an American computer scientist, mathematician, and professor emeritus at Stanford University. He is the 1974 recipient of the ACM Turing Award, informally considered the Nobel Prize of computer ...

wrote: "In the author's opinion, entirely too much programmers' time has been spent in writing such achine languagesimulators and entirely too much computer time has been wasted in using them."“The Art of Computer Programming”,

, 1997, Volume 1, 3rd edition, Page 202. In the following section, however, the author gives examples of how such simulators are useful as trace or monitor routines for debugging purposes.

Example

Typical trace output from simulation by monitoring program used for test & debugging: Program offset instruction Dis-assembled register/ storage (after execution) TEST001 000000 X'05C0' BALR R12,0 R12=002CE00A 000002 X'47F0C00E' BC 15,X'00C'(R12) 00000E X'98ECD00C' STM R14,R12,X'00C'(R13) X'002E0008'

> X'00004CE,002CE008,..etc....' 000012 X'45E0C122' BAL R14,X'122'(R12) R14=002C0016 SUB1 000124 X'50E0C28A' ST R14,X'28A'(R12) X'002CE294'

> X'002C0016' etc...

References

External links

*{{cite web, url=http://www.mikrocodesimulator.de/index_eng.php , title=Mikrocodesimulator MikroSim 2010 , publisher=0/1-SimWare , access-date=2010-12-06
"Instruction-Level Simulation And Tracing"

Imperas
provide an ISS for over 170 processor variants for ARM, ARMv8, MIPS, MIPS64, PowerPC, RISC-V, ARC, Nios-II, MicroBlaze ISAs. Simulation software Debuggers Software testing tools