| |
| SSP - The Single Step Profiler |
| |
| Original Author: DJ Delorie <dj@redhat.com> |
| |
| The SSP is a program that uses the Win32 debug API to run a program |
| one ASM instruction at a time. It records the location of each |
| instruction used, how many times that instruction is used, and all |
| function calls. The results are saved in a format that is usable by |
| the profiling program "gprof", although gprof will claim the values |
| are seconds, they really are instruction counts. More on that later. |
| |
| Because the SSP was originally designed to profile the cygwin DLL, it |
| does not automatically select a block of code to report statistics on. |
| You must specify the range of memory addresses to keep track of |
| manually, but it's not hard to figure out what to specify. Use the |
| "objdump" program to determine the bounds of the target's ".text" |
| section. Let's say we're profiling cygwin1.dll. Make sure you've |
| built it with debug symbols (else gprof won't run) and run objdump |
| like this: |
| |
| objdump -h cygwin1.dll |
| |
| It will print a report like this: |
| |
| cygwin1.dll: file format pei-i386 |
| |
| Sections: |
| Idx Name Size VMA LMA File off Algn |
| 0 .text 0007ea00 61001000 61001000 00000400 2**2 |
| CONTENTS, ALLOC, LOAD, READONLY, CODE, DATA |
| 1 .data 00008000 61080000 61080000 0007ee00 2**2 |
| CONTENTS, ALLOC, LOAD, DATA |
| . . . |
| |
| The only information we're concerned with are the VMA of the .text |
| section and the VMA of the section after it (sections are usually |
| contiguous; you can also add the Size to the VMA to get the end |
| address). In this case, the VMA is 0x61001000 and the ending address |
| is either 0x61080000 (start of .data method) or 0x0x6107fa00 (VMA+Size |
| method). |
| |
| There are two basic ways to use SSP - either profiling a whole |
| program, or selectively profiling parts of the program. |
| |
| To profile a whole program, just run ssp without options. By default, |
| it will step the whole program. Here's a simple example, using the |
| numbers above: |
| |
| ssp 0x61001000 0x61080000 hello.exe |
| |
| This will step the whole program. It will take at least 8 minutes on |
| a PII/300 (yes, really). When it's done, it will create a file called |
| "gmon.out". You can turn this data file into a readable report with |
| gprof: |
| |
| gprof -b cygwin1.dll |
| |
| The "-b" means "skip the help pages". You can omit this until you're |
| familiar with the report layout. The gprof documentation explains |
| a lot about this report, but ssp changes a few things. For example, |
| the first part of the report reports the amount of time spent in each |
| function, like this: |
| |
| Each sample counts as 0.01 seconds. |
| % cumulative self self total |
| time seconds seconds calls ms/call ms/call name |
| 10.02 231.22 72.43 46 1574.57 1574.57 strcspn |
| 7.95 288.70 57.48 130 442.15 442.15 strncasematch |
| |
| The "seconds" columns are really CPU opcodes, 1/100 second per opcode. |
| So, "231.22" above means 23,122 opcodes. The ms/call values are 10x |
| too big; 1574.57 means 157.457 opcodes per call. Similar adjustments |
| need to be made for the "self" and "children" columns in the second |
| part of the report. |
| |
| OK, so now we've got a huge report that took a long time to generate, |
| and we've identified a spot we want to work on optimizing. Let's say |
| it's the time() function. We can use SSP to selectively profile this |
| function by using OutputDebugString() to control SSP from within the |
| program. Here's a sample program: |
| |
| #include <windows.h> |
| main() |
| { |
| time_t t; |
| OutputDebugString("ssp on"); |
| time(&t); |
| OutputDebugString("ssp off"); |
| } |
| |
| Then, add the "-d" option to ssp to default to *disabling* profiling. |
| The program will run at full speed until the first OutputDebugString, |
| then step until the second. |
| |
| ssp -d 0x61001000 0x61080000 hello.exe |
| |
| You can then use gprof (as usual) to see the performance profile for |
| just that portion of the program's execution. |
| |
| OK, now for the other ssp options, and when to use them: |
| |
| "-v" - verbose. This prints messages about threads starting and |
| stopping, OutputDebugString calls, DLLs loading, etc. |
| |
| "-t" and "-tc" - tracing. With -t, *every* step's address is written |
| to the file "trace.ssp". This can be used to help debug functions, |
| since it can trace multiple threads. Clever use of scripts can match |
| addresses with disassembled opcodes if needed. Warning: creates |
| *huge* files, very quickly. "-tc" prints each address to the console, |
| useful for debugging key chunks of assembler. |
| |
| "-s" - subthreads. Usually, you only need to trace the main thread, |
| but sometimes you need to trace all threads, so this enables that. |
| It's also needed when you want to profile a function that only a |
| subthread calls. However, using OutputDebugString automatically |
| enables profiling on the thread that called it, not the main thread. |
| |
| "-dll" - dll profiling. Generates a pretty table of how much time was |
| spent in each dll the program used. No sense optimizing a function in |
| your program if most of the time is spent in the DLL. |
| |
| I usually use the -v, -s, and -dll options: |
| |
| ssp -v -s -dll -d 0x61001000 0x61080000 hello.exe |
