Use The Source
A way to answer your questions that I'm fond of, is to look at the sources. You don't say which linux kernel specifically, so taking a peek then at the 3.17.2 sources seems to serve at least for exposition of this technique.
Let's start then with recursive greps for each trap...
Grepping for TRAP_BRANCH
$ grep -r TRAP_BRANCH .
./arch/ia64/kernel/brl_emu.c: siginfo.si_code = TRAP_BRANCH;
./arch/ia64/kernel/traps.c: case 35: siginfo.si_code = TRAP_BRANCH; ifa = 0; break;
./arch/parisc/kernel/traps.c: handle_gdb_break(regs, TRAP_BRANCH);
./include/uapi/asm-generic/siginfo.h:#define TRAP_BRANCH (__SI_FAULT|3) /* process taken branch trap */
Grepping for TRAP_TRACE
$ grep -r TRAP_TRACE . | egrep -v HV
./arch/avr32/kernel/ptrace.c: code = TRAP_TRACE;
./arch/avr32/kernel/ptrace.c: code = TRAP_TRACE;
./arch/blackfin/include/uapi/asm/siginfo.h:#define TRAP_TRACEFLOW (__SI_FAULT|2) /* trace buffer overflow ************* */
./arch/blackfin/kernel/traps.c: info.si_code = TRAP_TRACEFLOW;
./arch/frv/kernel/traps.c: (__frame->__status & REG__STATUS_STEPPED) ? TRAP_TRACE : TRAP_BRKPT;
./arch/ia64/kernel/brl_emu.c: siginfo.si_code = TRAP_TRACE;
./arch/ia64/kernel/traps.c: case 36: siginfo.si_code = TRAP_TRACE; ifa = 0; break;
./arch/m68k/kernel/asm-offsets.c: DEFINE(LTRAP_TRACE, TRAP_TRACE);
./arch/m68k/kernel/traps.c: info.si_code = TRAP_TRACE;
./arch/m68k/math-emu/fp_entry.S: pea LTRAP_TRACE
./arch/mn10300/kernel/kgdb.c: si_code = TRAP_TRACE;
./arch/mn10300/kernel/traps.c: [EXCEP_ISTEP >> 3] = { SIGTRAP, TRAP_TRACE }, /* Monitor */
./arch/openrisc/kernel/traps.c: info.si_code = TRAP_TRACE;
./arch/parisc/kernel/ptrace.c: si.si_code = TRAP_TRACE;
./arch/parisc/kernel/traps.c: handle_gdb_break(regs, TRAP_TRACE);
./arch/powerpc/kernel/traps.c: info->si_code = TRAP_TRACE;
./arch/powerpc/kernel/traps.c: _exception(SIGTRAP, regs, TRAP_TRACE, regs->nip);
./arch/powerpc/kernel/traps.c: _exception(SIGTRAP, regs, TRAP_TRACE, regs->nip);
./arch/x86/include/asm/traps.h:#include <asm/siginfo.h> /* TRAP_TRACE, ... */
./arch/x86/include/asm/traps.h: return TRAP_TRACE;
./include/uapi/asm-generic/siginfo.h:#define TRAP_TRACE (__SI_FAULT|2) /* process trace trap */
Comparing grep results
So at least comparatively speaking, it appears TRAP_TRACE is used more often and on more architectures than TRAP_BRANCH. More specifically, TRAP_BRANCH is used on just 2 architectures (ia64 and parisc), while TRAP_TRACE is used on 10 architectures (avr32, blackfin, frv, ia64, m68k, mn10300, openrisc, parisc, powerpc, and x86).
I'm not finding it satisfying enough to just note syntactic differences however. I'd also like to understand the semantic differences.
Inspecting Code
From the grep output, I'm seeing a pattern where matches are most consistently found in ./arch/*/kernel/traps.c files.
Taking a gander then at ./arch/parisc/kernel/traps.c which has both traps used in it, I see that these both get used within the context of the handle_interruption function. TRAP_TRACE for the integer code of 3, and TRAP_BRANCH for the integer code of 25. Searching for invocations of handle_interruption, I see it's only from ./arch/parisc/kernel/entry.S that this function is called.
So now we're down in hardware land (IMO) and it's time to move on from source code.
Reviewing the Technical Manual(s)
A quick google for pa risc code for TRAP_BRANCH provides PA-RISC 1.1 Architecture and Instruction Set ... - PA-RISC Linux as the top hit.
Inside this PDF, a search for interrupt code 25, reveals the Interruptions section of the manual wherein both codes show up. Code 3 appears in "Group 2" of the interrupt categories based on their priorities where its specified as being for the "Recovery counter trap", while code 25 appears in "Group 4" and called the "Taken branch trap".
Searching next for "Taken branch", I found there's a T field of the PSW disable/enable bits along with the following notation:
Taken branch trap enable. When 1, any taken branch is terminated with a taken branch trap.
And then:
Traps Associated with Branches
Branch instructions may cause various traps based on the value of PSW bits. If the PSW T-bit is 1, and a branch is taken, a taken branch trap occurs. This trap may be used for the purposes of debugging. If the PSW H-bit is 1, and a branch instruction raises the privilege level, a higher-privilege transfer trap occurs. If the PSW L-bit is 1, and a branch instruction lowers the privilege level, a lower-privilege transfer trap occurs.
Meanwhile text for "Recovery Counter", says:
Recovery Counter
The Recovery Counter (CR 0) is a 32-bit counter that can be used to provide software recovery of hardware faults in fault-tolerant systems, and can also be used for debugging purposes.
Later on in the document there's a note that says:
The recovery counter can be used to log interruptions during normal operation and to simulate interruptions during recovery from a fault.
In Summary
From what I can tell then (at least for the PA RISC architecture)...
- The process branch trap is associated with the
TRAP_BRANCH linux code, and is available on some architectures for detecting when a code branch has been taken.
- The difference between "process trap" and "process branch trap", assuming that by "process trap" you mean the
TRAP_TRACE linux code, is that the former is used for debugging of interrupt handling while the latter is used for debugging of branches being taken.
I suspect these answers aren't too far off for other architectures, but I'll leave checking other architectures up to others to do.
Hope this helps.
