Software Tuning, Performance Optimization & Platform Monitoring
Discussion regarding monitoring and software tuning methodologies, Performance Monitoring Unit (PMU) of Intel microprocessors, and platform updating.
1711 Discussions

Intel performance monitoring events

SOOJIN__KIM
Beginner
‎04-28-2020 12:29 AM
481 Views

Hi,

 

I am using a performance counter of Intel. I’m trying to use ‘BR_MISP_EXEC.TAKEN_RETURN_NEAR’ this event, and the description in the Manual says ‘This event counts taken speculative and retired mispredicted indirect branches that have a return mnemonic’. I don't understand what 'that have a return mnemonic' means. Could you please let me know

 

Thank you.

0 Kudos

Link Copied

1 Reply
McCalpinJohn
Honored Contributor III
‎05-13-2020 07:58 AM
481 Views

I might not get this exactly right, but this should help get you started....

In Intel's terminology, an "indirect branch" is any branch whose target address is not hard-coded as an argument to the instruction.  A "RET" instruction is an indirect branch because the address that it jumps to an address pulled from the top of the stack.   

Intel processor implementations use aggressive and sophisticated "branch prediction" implementations that apply to both conditional branches and indirect branches:

  • For conditional branches, the target is always directly specified as an argument to the instruction, so the speculation decision is "branch taken" or "branch not taken".
  • For indirect branches, there is no condition, but the address of the branch target itself is not available with the instruction, so the speculation is on the branch target address.   If a function is usually called from a single place in your program, the branch predictor will quickly learn the return address.  When subsequent function calls hit their RET statements, the branch predictor will use the program counter of the RET instruction to predict that "typical" return address and begin fetching instructions from that location.  When the processor pipeline actually completes popping the return address off the top of the stack, it will be compared to the predicted address to see if the speculation was correct.

A very interesting discussion of implementation details is at https://blog.stuffedcow.net/2018/04/ras-microbenchmarks/

So pulling it all together, this event increments when a RET instruction is executed and the speculation of the indirect branch target is incorrect.  The event will increment if the RET instruction is executed and retired, or if the RET instruction itself is speculatively executed (i.e., beyond another incorrectly speculated branch).

All of this fits into Intel's work on trying to reduce security exposures due to control flow speculation.  This is a large topic, with many issues discussed in Chapter 18 of Volume 1 of the Intel Architecture SW Developer's Manual (document 253665, revision 071, October 2019) on "Control-flow Enforcement Technology" (CET).

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.