Execution profiling mechanism

The invention claimed is: 1. A computing device for branch event filtering comprising: a processor including a branch event filter to filter branch trap events of a process; a monitoring component, communicatively coupled to the branch event filter, to monitor the branch event filter and to capture indirect branch trap events of the process that cause a control flow trap exception; and a handler component to receive and process the indirect branch trap events. 2. The computing device of claim 1 wherein the monitoring component communicates with the branch event filter to specify criteria for one more types of branch trap events that are to be captured by the branch event filter. 3. The computing device of claim 2 wherein the monitor component and the handler component are protection ring-3 components. 4. The computing device of claim 3 wherein the branch event filter is programmed by the monitoring component via a processor model-specific register (MSR) to enable branch trap events. 5. The computing device of claim 2 wherein the monitoring component and the handler component are protection ring-0 components. 6. The computing device of claim 5 wherein the monitoring component configures the branch event filter to capture only mis-predicted return instructions. 7. The computing device of claim 6 wherein the processor further comprises a counter to track predicted return instructions. 8. The computing device of claim 2 wherein the branch event filter captures indirect branch trap events without the processor having to perform a pipeline flush. 9. The computing device of claim 8 further comprising a memory device including a shadow stack not accessible by software, wherein the handler component maintains and checks the shadow stack. 10. The computing device of claim 9 wherein the handler component accesses the shadow stack during execution of call instructions and return instructions. 11. The computing device of claim 10 wherein the processor further comprises: a first counter to enable the branch event filter to track call instructions; and a second counter to enable the branch event filter to track return instructions. 12. A branch event filtering method for a processor comprising: filtering branch trap events of a process by a branch event filter; monitoring the branch event filter to capture indirect branch trap events of the process that cause a control flow trap exception; receiving the indirect branch trap events at a handler; and processing the indirect branch trap events by the handler. 13. The method of claim 12 wherein the indirect branch trap events are captured without the having to perform a processor pipeline flush. 14. The method of claim 13 further comprising communicating with the branch event filter to specify criteria for one more types of indirect branch trap events that are to be captured by the branch event filter. 15. The method of claim 14 wherein the indirect branch trap events are call instructions and return instructions. 16. The method of claim 15 further comprising accessing a shadow stack during execution of the call instructions and return instructions by the handler component. 17. The method of claim 16 further comprising: tracking call instructions via a first counter by the branch event filter; and tracking return instructions via a second counter by the branch event filter. 18. The method of claim 16 wherein accessing the shadow stack during a call instruction by the handler component comprises: computing a return address for the call instruction; and pushing the return address on to the shadow stack. 19. The method of claim 18 wherein accessing the shadow stack during a return instruction by the handler component comprises: computing a return address for the return instruction; comparing a return address of the shadow stack to a return address of a legacy stack; and popping the return address from the shadow stack upon determining there is a match between return address of the shadow stack and the return address of the legacy stack. 20. The method of claim 19 further comprising triggering a shadow stack violation upon determining there is a mismatch between return address of the shadow stack and the return address of the legacy stack. 21. One or more non-transitory computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to perform operations comprising: filtering branch trap events of a process by a branch event filter; monitoring the branch event filter to capture indirect branch trap events of the process that cause a control flow trap exception; receiving the indirect branch trap events at a handler; and processing the indirect branch trap events by the handler. 22. The computer-readable storage media of claim 21 comprising a plurality of instructions that in response to being executed cause the computing device to further perform accessing a shadow stack during execution of call instructions and return instructions by the handler. 23. The computer-readable storage media of claim 22 wherein accessing the shadow stack during a call instruction by the handler comprises: computing a return address for the call instruction; and pushing the return address on to the shadow stack. 24. The computer-readable storage media of claim 23 wherein accessing the shadow stack during a return instruction by the handler comprises: computing a return address for the return instruction; comparing a return address of the shadow stack to a return address of a legacy stack; and popping the return address from the shadow stack upon determining there is a match between return address of the shadow stack and the return address of the legacy stack. 25. The computer-readable storage media of claim 24 comprising a plurality of instructions that in response to being executed cause the computing device to further perform triggering a shadow stack violation upon determining there is a mismatch between return address of the shadow stack and the return address of the legacy stack.