World Library  
Flag as Inappropriate
Email this Article

Instruction set simulator

Article Id: WHEBN0003076791
Reproduction Date:

Title: Instruction set simulator  
Author: World Heritage Encyclopedia
Language: English
Subject: Simulation software, Assembly language, Debugger, Wild branch, SIMMON
Publisher: World Heritage Encyclopedia

Instruction set simulator

An instruction set simulator (ISS) is a simulation model, usually coded in a high-level programming language, which mimics the behavior of a mainframe or microprocessor by "reading" instructions and maintaining internal variables which represent the processor's registers.

Instruction simulation is a methodology employed for one of several possible reasons:

For example, the IBM 1401 was simulated on the later IBM/360 through use of microcode emulation.
  • To monitor and execute the machine code instructions (but treated as an input stream) on the same hardware for test and debugging purposes, e.g. with memory protection (which protects against accidental or deliberate Buffer overflow).
  • To improve the speed performance—compared to a slower cycle-accurate simulator—of simulations involving a processor core where the processor itself is not one of the elements being verified; in Hardware description language design using verilog where simulation with tools like ISS can be run faster by means of "PLI" (not to be confused with PL/1, which is a programming language).


An ISS is often provided with (or is itself) a debugger in order for a software engineer/programmer to debug the program prior to obtaining target hardware. GDB is one debugger which has compiled-in ISS. It is sometimes integrated with simulated peripheral circuits such as timers, interrupts, serial ports, general I/O ports, etc. to mimic the behavior of a microcontroller.

The basic instruction simulation technique is the same regardless of purpose: first execute the monitoring program passing the name of the target program as an additional input parameter.

The target program is then loaded into memory, but control is never passed to the code. Instead, the entry point within the loaded program is calculated, and a pseudo program status word (PSW) is set to this location. A set of pseudo registers are set to what they would have contained if the program had been given control directly.

It may be necessary to amend some of these to point to other pseudo "control blocks" depending on the hardware and operating system. It may also be necessary to reset the original parameter list to 'strip out' the previously added program name parameter.

Thereafter, execution proceeds as follows:

  1. Determine length of instruction at pseudo PSW location (initially the first instruction in the target program). If this instruction offset within program matches a set of previously given "pause" points, set "Pause" reason, go to 7.
  2. "Fetch" the instruction from its original location (if necessary) into the monitor's memory. If "trace" is available and "on", store program name, instruction offset and any other values.
  3. Depending upon instruction type, perform pre-execution checks and execute. If the instruction cannot proceed for any reason (invalid instruction, incorrect mode etc.) go to 7. If the instruction is about to alter memory, check memory destination exists (for this thread) and is sufficiently large. If OK, load appropriate pseudo registers into temporary real registers, perform equivalent move with the real registers, save address and length of altered storage if trace is "on" and go to 4. If the instruction is a "register-to-register" operation, load pseudo registers into monitors real registers, perform operation, store back to respective pseudo registers, go to 4. If the instruction is a conditional branch, determine if the condition is satisfied: if not go to 4, if condition IS satisfied, calculate branch to address, determine if valid (if not, set error = "Wild branch") and go to 7. If OK, go to 5. If instruction is an operating system call, do real call from monitorng program by "faking" addresses to return control to monitor program and then reset pseudo registers to reflect call; go to 4.
  4. Add instruction length to current Pseudo PSW value.
  5. Store next address in Pseudo PSW.
  6. Go to 1.
  7. Halt execution.

For test and debugging purposes, the monitoring program can provide facilities to view and alter registers, memory, and restart location or obtain a mini core dump or print symbolic program names with current data values. It could permit new conditional "pause" locations, remove unwanted pauses and suchlike.

Instruction simulation provides the opportunity to detect errors BEFORE execution which means that the conditions are still exactly as they were and not destroyed by the error. A very good example from the IBM S/360 world is the following instruction sequence that can cause difficulties debugging without an instruction simulation monitor.

     LM    R14,R12,12(R13)   where r13 incorrectly points to string of X"00"s
     BR    R14              causes PSW to contain X"0000002" with program check "Operation Exception"
*                           all registers on error contain nulls.



The number of instructions to perform the above basic "loop" (Fetch/Execute/calculate new address) depends on hardware but it could be accomplished on IBM S/360/370/390/ES9000 range of machines in around 12 or 13 instructions for many instruction types. Checking for valid memory locations or for conditional "pause"s add considerably to the overhead but optimization techniques can reduce this to acceptable levels. For testing purposes this is normally quite acceptable as powerful debugging capabilities are provided including instruction step, trace and deliberate jump to test error routine (when no actual error). In addition, a full instruction trace can be used to test actual (executed) code coverage.

Added benefits

Occasionally, monitoring the execution of a target program can help to highlight random errors that appear (or sometimes disappear) while monitoring but not in real execution. This can happen when the target program is loaded at a different location than normal because of the physical presence of the monitoring program in the same address space.

If the target program picks up the value from a "random" location in memory (one it doesn't 'own' usually), it may for example be nulls (X"00") in almost every normal situation and the program works OK. If the monitoring program shifts the load point, it may pick up say X"FF" and the logic would cause different results during a comparison operation. Alternatively, if the monitoring program is now occupying the space where the value is being "picked up" from, similar results might occur.

Re-entrancy bugs: accidental use of static variables instead of "dynamic" thread memory can cause re-entrancy problems in many situations. Use of a monitoring program can detect these even without a storage protect key.

Illegal operations: some operating systems (or hardware) require the application program to be in the correct "mode" for certain calls to the Operating system. Instruction simulation can detect these conditions before execution.

Hot spot analysis & instruction usage by counting the instructions executed during simulation (which will match the number executed on the actual processor or unmonitored execution), the simulator can provide both a measure of relative performance between different versions of algorithm and also be used to detect "hot spots" where optimization can then be targeted by the programmer. In this role it can be considered a form of Performance analysis as it is not easy to obtain these statistics under normal execution and this is especially true for high level language programs which effectively 'disguise' the extent of machine code instructions by their nature.

Educational Purposes

Some of these software simulators remains to be used as tools for assembly language and Instruction Set Architecture teaching, with some specifically designed using multiple simulation layers and ISA to ISA simulation, with the ability to even design ISAs and simulate them.[1]


In the first volume of The Art of Computer Programming, Donald Knuth wrote: "In the author's opinion, entirely too much programmers' time has been spent in writing such [machine language] simulators and entirely too much computer time has been wasted in using them."[2] In the following section, however, the author gives examples of how such simulators are useful as trace or monitor routines for debugging purposes.


Typical trace output from simulation by monitoring program used for test & debugging:

Program        offset         instruction            Dis-assembled             register/ storage (after execution)
TEST001        000000         X'05C0'                BALR   R12,0              R12=002CE00A
               000002         X'47F0C00E'            BC    15,X'00C'(R12)    
               00000E         X'98ECD00C'            STM   R14,R12,X'00C'(R13)   X'002E0008' ==> X'00004CE,002CE008,..etc....'
               000012         X'45E0C122'            BAL   R14,X'122'(R12)     R14=002C0016
SUB1           000124         X'50E0C28A'            ST    R14,X'28A'(R12)       X'002CE294' ==> X'002C0016'

See also

External links

  • "Instruction-Level Simulation And Tracing"


  1. ^ Almasri, I., Abandah, G., Shhadeh, A., & Shahrour, A. (2011, December). Universal ISA simulator with soft processor FPGA implementation. In Applied Electrical Engineering and Computing Technologies (AEECT), 2011 IEEE Jordan Conference on (pp. 1-6). IEEE.
  2. ^ “The Art of Computer Programming”, Donald Knuth, 1997, Volume 1, 3rd edition, Page 202.
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.