Using the Intel® Software Development Emulator Chip-Check Feature

Published: 10/03/2013   Last Updated: 09/05/2021

The Intel® Software Development Emulator (Intel® SDE) includes a software validation mechanism to restrict executed instructions to a particular microprocessor. This is intended to be a helpful diagnostic tool for use when deploying new software. Use chip check when you want to make sure that your program is not using instruction features that are not present on a specific microarchitecture implementation.

In the output of "sde -long-help", under “Chip-check controls” section there is a section describing the controls for this feature: 

-chip_check  [default ]
        Restrict to a specific XED chip.
-chip_check_call_stack  [default 0]
        Emit the call stack on error
-chip_check_call_stack_depth  [default 10]
        Specify chip-check call-stack max depth
-chip_check_cpuid  [default 0]
        Check against features in the active CPUID definition
-chip_check_die  [default 1]
        Die on errors. 0=warn, 1=die
-chip_check_disable  [default 0]
        Disable the chip checking mechanism.
-chip_check_emit_file  [default 0]
        Emit messages to a file. 0=no file, 1=file
-chip_check_exe_only  [default 0]
        Check only the main executable
-chip_check_file  [default sde-chip-check.txt]
        Output file chip-check errors.
-chip_check_image 
        Repeatable knob to specify specific images to check.
-chip_check_jit  [default 0]
        Check during JIT'ing only. Checked code might not be executed due to
        speculative JIT'ing, but this mode is a little faster.
-chip_check_list  [default 0]
        List valid chip names and exit.
-chip_check_list_iforms  [default 0]
        List valid iforms for a specific chip
-chip_check_stderr  [default 1]
        Try to emit messages to stderr. 0=no stderr, 1=stderr
-chip_check_vsyscall  [default 0]
        Enable the chip checking checking in the vsyscall area.
-chip_check_zcnt  [default 0]
        The tzcnt/lzcnt has backward compatibility, check it explicitly anyway

To list all the chips that Intel SDE knows about, you can use "sde -chip-check-list". The output will vary depending on the version of Intel SDE you use. For the current version, you will see this output:

% kits/current/sde -chip-check-list -- /bin/ls
          INVALID               I86             I86FP              I186 
           I186FP          I286REAL              I286           I2186FP 
         I386REAL              I386            I386FP          I486REAL 
             I486       PENTIUMREAL           PENTIUM             QUARK 
   PENTIUMMMXREAL        PENTIUMMMX           ALLREAL        PENTIUMPRO 
         PENTIUM2          PENTIUM3          PENTIUM4        P4PRESCOTT 
P4PRESCOTT_NOLAHF    P4PRESCOTT_VTX             MEROM            PENRYN 
         PENRYN_E           NEHALEM          WESTMERE           BONNELL 
         SALTWELL        SILVERMONT               VIA           AMD_K10 
    AMD_BULLDOZER    AMD_PILEDRIVER           AMD_ZEN       AMD_ZENPLUS 
         AMD_ZEN2        AMD_FUTURE          GOLDMONT     GOLDMONT_PLUS 
          TREMONT        SNOW_RIDGE       SANDYBRIDGE         IVYBRIDGE 
          HASWELL         BROADWELL           SKYLAKE        COMET_LAKE 
   SKYLAKE_SERVER      CASCADE_LAKE       COOPER_LAKE               KNL 
              KNM        CANNONLAKE          ICE_LAKE   ICE_LAKE_SERVER 
       TIGER_LAKE        ALDER_LAKE   SAPPHIRE_RAPIDS            FUTURE
              ALL

To limit instructions to the Intel® microarchitecture code name Westmere, use "sde -chip-check WESTMERE -- yourapp". using “sde -wsm -- yourapp" is equivalent to running sde with chip-check WESTMERE and emulating the CPUID instruction as if running on Westmere CPU.

If you do not want to limit instructions to a particular chip, use "-chip-check ALL". To limit the allowed instructions to just those implemented on the current Intel® Quark™ processors, use "-chip-check PENTIUM".

By default, Intel SDE emits warnings to a file called sde-chip-check.txt and also to stderr (if the application has not closed stderr). This behavior can be customized using the above knobs.

On Linux*, there are instructions in the virtual system call area that are not under direct user control. To avoid flagging those instructions, the chip check mechanism defaults to ignoring instructions in that region. If you wanted to check the instructions in the vsyscall area for some reason, use "-chip-check-vsyscall".

There is a performance cost for using the chip-check feature. At instrumentation (JIT) time, we must do an extra check on each instruction. And at the run time every instruction that is not valid for a particular chip gets code inserted before it to trigger the error (or warning). There is also a JIT time code to finding the function symbols (if any) associated with the unwanted instructions.

Using the "-chip-check-jit" option, the JIT instrument can report disallowed instructions at JIT instrumentation time. This may be too aggressive as the JIT speculates and the JITted code may never execute due to the dynamic control flow in the program. It is more conservative though if you want to be sure there are no unwanted instructions.

Example

Here is a little example of the error message you get when your program does not have symbols:

% kits/current/sde -chip-check PENTIUM -- /bin/ls
TID 0 SDE-ERROR: Executed instruction not valid for specified chip (PENTIUM): 0x7ffff7dde4d1: cmovnbe rdx, rax
Image: /lib64/ld-linux-x86-64.so.2+0x14d1 (in multi-region image, region# 0)
Function: _dl_start
Instruction bytes are: 48 0f 47 d0 

If your program was compiled in debug mode or has function symbols, Intel SDE tries to provide additional information when it reports problems. This can be very useful for figuring out where the unwanted instructions are coming from.

kits/current/sde -chip-check IVYBRIDGE -- tests/a.out
TID 0 SDE-ERROR: Executed instruction not valid for specified chip (IVYBRIDGE): 0x400623: vfmadd231sd xmm1, xmm2, xmm3

Function: main
File Name: /tmp/fma1.c:36
Instruction bytes are: c4 e2 e9 b9 cb 

In binaries without debug symbols, sde will still show the function name when it can be located.

Finding More Errors

By default, Intel SDE issues the above error message and terminates when it encounters an unwanted instruction. Sometimes there is more than one unwanted instruction in a large program. By using the "-chip-check-die 0" option, Intel SDE will continue to execute after reporting the error.

If an unwanted instruction is not executed, it will not be flagged by Intel SDE. Intel SDE is built upon the Pin dynamic binary instrumentation system. Pin is a JIT for the application being run.  As with all path-based checking mechanisms, you must exercise any code paths if you want them to be checked.

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.