From a44558636aed935579701e7805684d1138383c7d Mon Sep 17 00:00:00 2001 From: Wilfred Mallawa Date: Tue, 23 Aug 2022 16:12:00 +1000 Subject: [PATCH 01/22] hw/ssi: ibex_spi: fixup typos in ibex_spi_host This patch fixes up minor typos in ibex_spi_host Signed-off-by: Wilfred Mallawa Reviewed-by: Alistair Francis Reviewed-by: Andrew Jones Message-Id: <20220823061201.132342-2-wilfred.mallawa@opensource.wdc.com> Signed-off-by: Alistair Francis --- hw/ssi/ibex_spi_host.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hw/ssi/ibex_spi_host.c b/hw/ssi/ibex_spi_host.c index d14580b409..601041d719 100644 --- a/hw/ssi/ibex_spi_host.c +++ b/hw/ssi/ibex_spi_host.c @@ -172,7 +172,7 @@ static void ibex_spi_host_irq(IbexSPIHostState *s) & R_INTR_STATE_SPI_EVENT_MASK; int err_irq = 0, event_irq = 0; - /* Error IRQ enabled and Error IRQ Cleared*/ + /* Error IRQ enabled and Error IRQ Cleared */ if (error_en && !err_pending) { /* Event enabled, Interrupt Test Error */ if (s->regs[IBEX_SPI_HOST_INTR_TEST] & R_INTR_TEST_ERROR_MASK) { @@ -434,7 +434,7 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr, case IBEX_SPI_HOST_TXDATA: /* * This is a hardware `feature` where - * the first word written TXDATA after init is omitted entirely + * the first word written to TXDATA after init is omitted entirely */ if (s->init_status) { s->init_status = false; @@ -487,7 +487,7 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr, break; case IBEX_SPI_HOST_ERROR_STATUS: /* - * Indicates that any errors that have occurred. + * Indicates any errors that have occurred. * When an error occurs, the corresponding bit must be cleared * here before issuing any further commands */ From 7a426f83c3192db8006ce29abc702dfa2eb00fc8 Mon Sep 17 00:00:00 2001 From: Wilfred Mallawa Date: Tue, 23 Aug 2022 16:12:04 +1000 Subject: [PATCH 02/22] hw/ssi: ibex_spi: update reg addr Updates the `EVENT_ENABLE` register to offset `0x34` as per OpenTitan spec [1]. [1] https://docs.opentitan.org/hw/ip/spi_host/doc/#Reg_event_enable Signed-off-by: Wilfred Mallawa Reviewed-by: Alistair Francis Message-Id: <20220823061201.132342-5-wilfred.mallawa@opensource.wdc.com> Signed-off-by: Alistair Francis --- hw/ssi/ibex_spi_host.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/ssi/ibex_spi_host.c b/hw/ssi/ibex_spi_host.c index 601041d719..94d7da9cc2 100644 --- a/hw/ssi/ibex_spi_host.c +++ b/hw/ssi/ibex_spi_host.c @@ -93,7 +93,7 @@ REG32(ERROR_STATUS, 0x30) FIELD(ERROR_STATUS, CMDINVAL, 3, 1) FIELD(ERROR_STATUS, CSIDINVAL, 4, 1) FIELD(ERROR_STATUS, ACCESSINVAL, 5, 1) -REG32(EVENT_ENABLE, 0x30) +REG32(EVENT_ENABLE, 0x34) FIELD(EVENT_ENABLE, RXFULL, 0, 1) FIELD(EVENT_ENABLE, TXEMPTY, 1, 1) FIELD(EVENT_ENABLE, RXWM, 2, 1) From 0c2d4671916333e5b66fd923279fb6fb62315bed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Mon, 5 Sep 2022 17:39:39 +0100 Subject: [PATCH 03/22] docs/system: clean up code escape for riscv virt platform MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The example code is rendered slightly mangled due to missing code block. Properly escape the code block and add shell prompt and qemu to fit in with the other examples on the page. Signed-off-by: Alex Bennée Reviewed-by: Alistair Francis Message-Id: <20220905163939.1599368-1-alex.bennee@linaro.org> Signed-off-by: Alistair Francis --- docs/system/riscv/virt.rst | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/system/riscv/virt.rst b/docs/system/riscv/virt.rst index f8ecec95f3..4b16e41d7f 100644 --- a/docs/system/riscv/virt.rst +++ b/docs/system/riscv/virt.rst @@ -168,14 +168,19 @@ Enabling TPM A TPM device can be connected to the virt board by following the steps below. -First launch the TPM emulator +First launch the TPM emulator: - swtpm socket --tpm2 -t -d --tpmstate dir=/tmp/tpm \ +.. code-block:: bash + + $ swtpm socket --tpm2 -t -d --tpmstate dir=/tmp/tpm \ --ctrl type=unixio,path=swtpm-sock -Then launch QEMU with: +Then launch QEMU with some additional arguments to link a TPM device to the backend: - ... +.. code-block:: bash + + $ qemu-system-riscv64 \ + ... other args .... \ -chardev socket,id=chrtpm,path=swtpm-sock \ -tpmdev emulator,id=tpm0,chardev=chrtpm \ -device tpm-tis-device,tpmdev=tpm0 From 513eb437aef7687ad1963d935ffb884fff3c4775 Mon Sep 17 00:00:00 2001 From: Rahul Pathak Date: Wed, 24 Aug 2022 20:22:55 +0530 Subject: [PATCH 04/22] target/riscv: Remove sideleg and sedeleg sideleg and sedeleg csrs are not part of riscv isa spec anymore, these csrs were part of N extension which is removed from the riscv isa specification. These commits removed all traces of these csrs from riscv spec (https://github.com/riscv/riscv-isa-manual) - commit f8d27f805b65 ("Remove or downgrade more references to N extension (#674)") commit b6cade07034d ("Remove N extension chapter for now") Signed-off-by: Rahul Pathak Reviewed-by: Andrew Jones Reviewed-by: Alistair Francis Message-Id: <20220824145255.400040-1-rpathak@ventanamicro.com> Signed-off-by: Alistair Francis --- disas/riscv.c | 2 -- target/riscv/cpu_bits.h | 2 -- 2 files changed, 4 deletions(-) diff --git a/disas/riscv.c b/disas/riscv.c index 489c2ae5e8..f107d94c4c 100644 --- a/disas/riscv.c +++ b/disas/riscv.c @@ -1304,8 +1304,6 @@ static const char *csr_name(int csrno) case 0x0043: return "utval"; case 0x0044: return "uip"; case 0x0100: return "sstatus"; - case 0x0102: return "sedeleg"; - case 0x0103: return "sideleg"; case 0x0104: return "sie"; case 0x0105: return "stvec"; case 0x0106: return "scounteren"; diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index 7be12cac2e..b762807e4e 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -190,8 +190,6 @@ /* Supervisor Trap Setup */ #define CSR_SSTATUS 0x100 -#define CSR_SEDELEG 0x102 -#define CSR_SIDELEG 0x103 #define CSR_SIE 0x104 #define CSR_STVEC 0x105 #define CSR_SCOUNTEREN 0x106 From a412829406905a7edf7a33ded754f89f50a33af1 Mon Sep 17 00:00:00 2001 From: Weiwei Li Date: Wed, 17 Aug 2022 16:37:56 +0800 Subject: [PATCH 05/22] target/riscv: fix csr check for cycle{h}, instret{h}, time{h}, hpmcounter3-31{h} - modify check for mcounteren to work in all less-privilege mode - modify check for scounteren to work only when S mode is enabled - distinguish the exception type raised by check for scounteren between U and VU mode Signed-off-by: Weiwei Li Signed-off-by: Junqiang Wang Reviewed-by: Alistair Francis Message-Id: <20220817083756.12471-1-liweiwei@iscas.ac.cn> Signed-off-by: Alistair Francis --- target/riscv/csr.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/target/riscv/csr.c b/target/riscv/csr.c index b96db1b62b..092b425196 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -98,17 +98,22 @@ static RISCVException ctr(CPURISCVState *env, int csrno) skip_ext_pmu_check: - if (((env->priv == PRV_S) && (!get_field(env->mcounteren, ctr_mask))) || - ((env->priv == PRV_U) && (!get_field(env->scounteren, ctr_mask)))) { + if (env->priv < PRV_M && !get_field(env->mcounteren, ctr_mask)) { return RISCV_EXCP_ILLEGAL_INST; } if (riscv_cpu_virt_enabled(env)) { - if (!get_field(env->hcounteren, ctr_mask) && - get_field(env->mcounteren, ctr_mask)) { + if (!get_field(env->hcounteren, ctr_mask) || + (env->priv == PRV_U && !get_field(env->scounteren, ctr_mask))) { return RISCV_EXCP_VIRT_INSTRUCTION_FAULT; } } + + if (riscv_has_ext(env, RVS) && env->priv == PRV_U && + !get_field(env->scounteren, ctr_mask)) { + return RISCV_EXCP_ILLEGAL_INST; + } + #endif return RISCV_EXCP_NONE; } From 94452ac4cf263e8996613db8d981e4ea85bd019a Mon Sep 17 00:00:00 2001 From: Andrew Burgess Date: Wed, 31 Aug 2022 09:41:22 +0100 Subject: [PATCH 06/22] target/riscv: remove fflags, frm, and fcsr from riscv-*-fpu.xml While testing some changes to GDB's handling for the RISC-V registers fcsr, fflags, and frm, I spotted that QEMU includes these registers twice in the target description it sends to GDB, once in the fpu feature, and once in the csr feature. Right now things basically work OK, QEMU maps these registers onto two different register numbers, e.g. fcsr maps to both 68 and 73, and GDB can use either of these to access the register. However, GDB's target descriptions don't really work this way, each register should appear just once in a target description, mapping the register name onto the number GDB should use when accessing the register on the target. Duplicate register names actually result in duplicate registers on the GDB side, however, as the registers have the same name, the user can only access one of these registers. Currently GDB has a hack in place, specifically for RISC-V, to spot the duplicate copies of these three registers, and hide them from the user, ensuring the user only ever sees a single copy of each. In this commit I propose fixing this issue on the QEMU side, and in the process, simplify the fpu register handling a little. I think we should, remove fflags, frm, and fcsr from the two (32-bit and 64-bit) fpu feature xml files. These files will only contain the 32 core floating point register f0 to f31. The fflags, frm, and fcsr registers will continue to be advertised in the csr feature as they currently are. With that change made, I will simplify riscv_gdb_get_fpu and riscv_gdb_set_fpu, removing the extra handling for the 3 status registers. Signed-off-by: Andrew Burgess Reviewed-by: Alistair Francis Message-Id: <0fbf2a5b12e3210ff3867d5cf7022b3f3462c9c8.1661934573.git.aburgess@redhat.com> Signed-off-by: Alistair Francis --- gdb-xml/riscv-32bit-fpu.xml | 4 ---- gdb-xml/riscv-64bit-fpu.xml | 4 ---- target/riscv/gdbstub.c | 32 ++------------------------------ 3 files changed, 2 insertions(+), 38 deletions(-) diff --git a/gdb-xml/riscv-32bit-fpu.xml b/gdb-xml/riscv-32bit-fpu.xml index 1eaae9119e..84a44ba8df 100644 --- a/gdb-xml/riscv-32bit-fpu.xml +++ b/gdb-xml/riscv-32bit-fpu.xml @@ -43,8 +43,4 @@ - - - - diff --git a/gdb-xml/riscv-64bit-fpu.xml b/gdb-xml/riscv-64bit-fpu.xml index 794854cc01..9856a9d1d3 100644 --- a/gdb-xml/riscv-64bit-fpu.xml +++ b/gdb-xml/riscv-64bit-fpu.xml @@ -49,8 +49,4 @@ - - - - diff --git a/target/riscv/gdbstub.c b/target/riscv/gdbstub.c index 9ed049c29e..9974b7aac6 100644 --- a/target/riscv/gdbstub.c +++ b/target/riscv/gdbstub.c @@ -114,20 +114,6 @@ static int riscv_gdb_get_fpu(CPURISCVState *env, GByteArray *buf, int n) if (env->misa_ext & RVF) { return gdb_get_reg32(buf, env->fpr[n]); } - /* there is hole between ft11 and fflags in fpu.xml */ - } else if (n < 36 && n > 32) { - target_ulong val = 0; - int result; - /* - * CSR_FFLAGS is at index 1 in csr_register, and gdb says it is FP - * register 33, so we recalculate the map index. - * This also works for CSR_FRM and CSR_FCSR. - */ - result = riscv_csrrw_debug(env, n - 32, &val, - 0, 0); - if (result == RISCV_EXCP_NONE) { - return gdb_get_regl(buf, val); - } } return 0; } @@ -137,20 +123,6 @@ static int riscv_gdb_set_fpu(CPURISCVState *env, uint8_t *mem_buf, int n) if (n < 32) { env->fpr[n] = ldq_p(mem_buf); /* always 64-bit */ return sizeof(uint64_t); - /* there is hole between ft11 and fflags in fpu.xml */ - } else if (n < 36 && n > 32) { - target_ulong val = ldtul_p(mem_buf); - int result; - /* - * CSR_FFLAGS is at index 1 in csr_register, and gdb says it is FP - * register 33, so we recalculate the map index. - * This also works for CSR_FRM and CSR_FCSR. - */ - result = riscv_csrrw_debug(env, n - 32, NULL, - val, -1); - if (result == RISCV_EXCP_NONE) { - return sizeof(target_ulong); - } } return 0; } @@ -404,10 +376,10 @@ void riscv_cpu_register_gdb_regs_for_features(CPUState *cs) CPURISCVState *env = &cpu->env; if (env->misa_ext & RVD) { gdb_register_coprocessor(cs, riscv_gdb_get_fpu, riscv_gdb_set_fpu, - 36, "riscv-64bit-fpu.xml", 0); + 32, "riscv-64bit-fpu.xml", 0); } else if (env->misa_ext & RVF) { gdb_register_coprocessor(cs, riscv_gdb_get_fpu, riscv_gdb_set_fpu, - 36, "riscv-32bit-fpu.xml", 0); + 32, "riscv-32bit-fpu.xml", 0); } if (env->misa_ext & RVV) { gdb_register_coprocessor(cs, riscv_gdb_get_vector, riscv_gdb_set_vector, From 4c0f0b6619126637e802f07c9fe8e9fffbc1c4bb Mon Sep 17 00:00:00 2001 From: Andrew Burgess Date: Wed, 31 Aug 2022 09:41:23 +0100 Subject: [PATCH 07/22] target/riscv: remove fixed numbering from GDB xml feature files The fixed register numbering in the various GDB feature files for RISC-V only exists because these files were originally copied from the GDB source tree. However, the fixed numbering only exists in the GDB source tree so that GDB, when it connects to a target that doesn't provide a target description, will use a specific numbering scheme. That numbering scheme is designed to be compatible with the first versions of QEMU (for RISC-V), that didn't send a target description, and relied on a fixed numbering scheme. Because of the way that QEMU manages its target descriptions, recording the number of registers in each feature, and just relying on GDB's numbering starting from 0, then I propose that we remove all the fixed numbering from the RISC-V feature xml files, and just rely on the standard numbering scheme. Plenty of other targets manage their xml files this way, e.g. ARM, AArch64, Loongarch, m68k, rx, and s390. Signed-off-by: Andrew Burgess Acked-by: Alistair Francis Reviewed-by: Palmer Dabbelt Message-Id: <6069395f90e6fc24dac92197be815fedf42f5974.1661934573.git.aburgess@redhat.com> Signed-off-by: Alistair Francis --- gdb-xml/riscv-32bit-cpu.xml | 6 +----- gdb-xml/riscv-32bit-fpu.xml | 6 +----- gdb-xml/riscv-64bit-cpu.xml | 6 +----- gdb-xml/riscv-64bit-fpu.xml | 6 +----- 4 files changed, 4 insertions(+), 20 deletions(-) diff --git a/gdb-xml/riscv-32bit-cpu.xml b/gdb-xml/riscv-32bit-cpu.xml index 0d07aaec85..466f2c0648 100644 --- a/gdb-xml/riscv-32bit-cpu.xml +++ b/gdb-xml/riscv-32bit-cpu.xml @@ -5,13 +5,9 @@ are permitted in any medium without royalty provided the copyright notice and this notice are preserved. --> - - - + diff --git a/gdb-xml/riscv-32bit-fpu.xml b/gdb-xml/riscv-32bit-fpu.xml index 84a44ba8df..24aa087031 100644 --- a/gdb-xml/riscv-32bit-fpu.xml +++ b/gdb-xml/riscv-32bit-fpu.xml @@ -5,13 +5,9 @@ are permitted in any medium without royalty provided the copyright notice and this notice are preserved. --> - - - + diff --git a/gdb-xml/riscv-64bit-cpu.xml b/gdb-xml/riscv-64bit-cpu.xml index b8aa424ae4..c4d83de09b 100644 --- a/gdb-xml/riscv-64bit-cpu.xml +++ b/gdb-xml/riscv-64bit-cpu.xml @@ -5,13 +5,9 @@ are permitted in any medium without royalty provided the copyright notice and this notice are preserved. --> - - - + diff --git a/gdb-xml/riscv-64bit-fpu.xml b/gdb-xml/riscv-64bit-fpu.xml index 9856a9d1d3..d0f17f9984 100644 --- a/gdb-xml/riscv-64bit-fpu.xml +++ b/gdb-xml/riscv-64bit-fpu.xml @@ -5,10 +5,6 @@ are permitted in any medium without royalty provided the copyright notice and this notice are preserved. --> - - @@ -17,7 +13,7 @@ - + From 277b210dd86636cc910bf6cd9a5477d01a10603f Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Wed, 14 Sep 2022 12:11:06 +0200 Subject: [PATCH 08/22] target/riscv: Set the CPU resetvec directly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of using our properties to set a config value which then might be used to set the resetvec (depending on your timing), let's instead just set the resetvec directly in the env struct. This allows us to set the reset vec from the command line with: -global driver=riscv.hart_array,property=resetvec,value=0x20000400 Signed-off-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20220914101108.82571-2-alistair.francis@wdc.com> Signed-off-by: Alistair Francis --- target/riscv/cpu.c | 13 +++---------- target/riscv/cpu.h | 3 +-- target/riscv/machine.c | 6 +++--- 3 files changed, 7 insertions(+), 15 deletions(-) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index aee14a239a..b29c88b9f0 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -228,13 +228,6 @@ static void set_vext_version(CPURISCVState *env, int vext_ver) env->vext_ver = vext_ver; } -static void set_resetvec(CPURISCVState *env, target_ulong resetvec) -{ -#ifndef CONFIG_USER_ONLY - env->resetvec = resetvec; -#endif -} - static void riscv_any_cpu_init(Object *obj) { CPURISCVState *env = &RISCV_CPU(obj)->env; @@ -336,7 +329,6 @@ static void rv32_imafcu_nommu_cpu_init(Object *obj) set_misa(env, MXL_RV32, RVI | RVM | RVA | RVF | RVC | RVU); set_priv_version(env, PRIV_VERSION_1_10_0); - set_resetvec(env, DEFAULT_RSTVEC); cpu->cfg.mmu = false; } #endif @@ -676,7 +668,6 @@ static void riscv_cpu_realize(DeviceState *dev, Error **errp) riscv_set_feature(env, RISCV_FEATURE_DEBUG); } - set_resetvec(env, cpu->cfg.resetvec); #ifndef CONFIG_USER_ONLY if (cpu->cfg.ext_sstc) { @@ -1079,7 +1070,9 @@ static Property riscv_cpu_properties[] = { DEFINE_PROP_UINT64("marchid", RISCVCPU, cfg.marchid, RISCV_CPU_MARCHID), DEFINE_PROP_UINT64("mimpid", RISCVCPU, cfg.mimpid, RISCV_CPU_MIMPID), - DEFINE_PROP_UINT64("resetvec", RISCVCPU, cfg.resetvec, DEFAULT_RSTVEC), +#ifndef CONFIG_USER_ONLY + DEFINE_PROP_UINT64("resetvec", RISCVCPU, env.resetvec, DEFAULT_RSTVEC), +#endif DEFINE_PROP_BOOL("short-isa-string", RISCVCPU, cfg.short_isa_string, false), diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 06751e1e3e..22344a620b 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -190,7 +190,7 @@ struct CPUArchState { /* This contains QEMU specific information about the virt state. */ target_ulong virt; target_ulong geilen; - target_ulong resetvec; + uint64_t resetvec; target_ulong mhartid; /* @@ -474,7 +474,6 @@ struct RISCVCPUConfig { bool pmp; bool epmp; bool debug; - uint64_t resetvec; bool short_isa_string; }; diff --git a/target/riscv/machine.c b/target/riscv/machine.c index 41098f6ad0..c4e6b3bba4 100644 --- a/target/riscv/machine.c +++ b/target/riscv/machine.c @@ -308,8 +308,8 @@ static const VMStateDescription vmstate_pmu_ctr_state = { const VMStateDescription vmstate_riscv_cpu = { .name = "cpu", - .version_id = 4, - .minimum_version_id = 4, + .version_id = 5, + .minimum_version_id = 5, .post_load = riscv_cpu_post_load, .fields = (VMStateField[]) { VMSTATE_UINTTL_ARRAY(env.gpr, RISCVCPU, 32), @@ -331,7 +331,7 @@ const VMStateDescription vmstate_riscv_cpu = { VMSTATE_UINT32(env.features, RISCVCPU), VMSTATE_UINTTL(env.priv, RISCVCPU), VMSTATE_UINTTL(env.virt, RISCVCPU), - VMSTATE_UINTTL(env.resetvec, RISCVCPU), + VMSTATE_UINT64(env.resetvec, RISCVCPU), VMSTATE_UINTTL(env.mhartid, RISCVCPU), VMSTATE_UINT64(env.mstatus, RISCVCPU), VMSTATE_UINT64(env.mip, RISCVCPU), From d057aaece7665d49e81ef8d8204b095351253f21 Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Wed, 14 Sep 2022 12:11:07 +0200 Subject: [PATCH 09/22] hw/riscv: opentitan: Fixup resetvec The resetvec for the OpenTitan machine ended up being set to an out of date value, so let's fix that and bump it to the correct start address (after the boot ROM) Fixes: bf8803c64d75 "hw/riscv: opentitan: bump opentitan version" Signed-off-by: Alistair Francis Message-Id: <20220914101108.82571-3-alistair.francis@wdc.com> Signed-off-by: Alistair Francis --- hw/riscv/opentitan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c index af13dbe3b1..45c92c9bbc 100644 --- a/hw/riscv/opentitan.c +++ b/hw/riscv/opentitan.c @@ -142,7 +142,7 @@ static void lowrisc_ibex_soc_realize(DeviceState *dev_soc, Error **errp) &error_abort); object_property_set_int(OBJECT(&s->cpus), "num-harts", ms->smp.cpus, &error_abort); - object_property_set_int(OBJECT(&s->cpus), "resetvec", 0x20000490, + object_property_set_int(OBJECT(&s->cpus), "resetvec", 0x20000400, &error_abort); sysbus_realize(SYS_BUS_DEVICE(&s->cpus), &error_fatal); From a06fded82e9edc471dbbe4321f856040b996b54c Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Wed, 14 Sep 2022 12:11:08 +0200 Subject: [PATCH 10/22] hw/riscv: opentitan: Expose the resetvec as a SoC property MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On the OpenTitan hardware the resetvec is fixed at the start of ROM. In QEMU we don't run the ROM code and instead just jump to the next stage. This means we need to be a little more flexible about what the resetvec is. This patch allows us to set the resetvec from the command line with something like this: -global driver=riscv.lowrisc.ibex.soc,property=resetvec,value=0x20000400 This way as the next stage changes we can update the resetvec. Signed-off-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20220914101108.82571-4-alistair.francis@wdc.com> Signed-off-by: Alistair Francis --- hw/riscv/opentitan.c | 8 +++++++- include/hw/riscv/opentitan.h | 2 ++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c index 45c92c9bbc..be7ff1eea0 100644 --- a/hw/riscv/opentitan.c +++ b/hw/riscv/opentitan.c @@ -142,7 +142,7 @@ static void lowrisc_ibex_soc_realize(DeviceState *dev_soc, Error **errp) &error_abort); object_property_set_int(OBJECT(&s->cpus), "num-harts", ms->smp.cpus, &error_abort); - object_property_set_int(OBJECT(&s->cpus), "resetvec", 0x20000400, + object_property_set_int(OBJECT(&s->cpus), "resetvec", s->resetvec, &error_abort); sysbus_realize(SYS_BUS_DEVICE(&s->cpus), &error_fatal); @@ -297,10 +297,16 @@ static void lowrisc_ibex_soc_realize(DeviceState *dev_soc, Error **errp) memmap[IBEX_DEV_PERI].base, memmap[IBEX_DEV_PERI].size); } +static Property lowrisc_ibex_soc_props[] = { + DEFINE_PROP_UINT32("resetvec", LowRISCIbexSoCState, resetvec, 0x20000400), + DEFINE_PROP_END_OF_LIST() +}; + static void lowrisc_ibex_soc_class_init(ObjectClass *oc, void *data) { DeviceClass *dc = DEVICE_CLASS(oc); + device_class_set_props(dc, lowrisc_ibex_soc_props); dc->realize = lowrisc_ibex_soc_realize; /* Reason: Uses serial_hds in realize function, thus can't be used twice */ dc->user_creatable = false; diff --git a/include/hw/riscv/opentitan.h b/include/hw/riscv/opentitan.h index 26d960f288..6665cd5794 100644 --- a/include/hw/riscv/opentitan.h +++ b/include/hw/riscv/opentitan.h @@ -46,6 +46,8 @@ struct LowRISCIbexSoCState { IbexTimerState timer; IbexSPIHostState spi_host[OPENTITAN_NUM_SPI_HOSTS]; + uint32_t resetvec; + MemoryRegion flash_mem; MemoryRegion rom; MemoryRegion flash_alias; From 9e37653b5c73d8e43013ed78ee9d7644f23d146c Mon Sep 17 00:00:00 2001 From: Frank Chang Date: Sun, 18 Sep 2022 16:32:44 +0800 Subject: [PATCH 11/22] target/riscv: Check the correct exception cause in vector GDB stub After RISCVException enum is introduced, riscv_csrrw_debug() returns RISCV_EXCP_NONE to indicate there's no error. RISC-V vector GDB stub should check the result against RISCV_EXCP_NONE instead of value 0. Otherwise, 'E14' packet would be incorrectly reported for vector CSRs when using "info reg vector" GDB command. Signed-off-by: Frank Chang Reviewed-by: Jim Shu Reviewed-by: Tommy Wu Reviewed-by: Alistair Francis Reviewed-by: LIU Zhiwei Message-Id: <20220918083245.13028-1-frank.chang@sifive.com> Signed-off-by: Alistair Francis --- target/riscv/gdbstub.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/riscv/gdbstub.c b/target/riscv/gdbstub.c index 9974b7aac6..6e7bbdbd5e 100644 --- a/target/riscv/gdbstub.c +++ b/target/riscv/gdbstub.c @@ -183,7 +183,7 @@ static int riscv_gdb_get_vector(CPURISCVState *env, GByteArray *buf, int n) target_ulong val = 0; int result = riscv_csrrw_debug(env, csrno, &val, 0, 0); - if (result == 0) { + if (result == RISCV_EXCP_NONE) { return gdb_get_regl(buf, val); } @@ -210,7 +210,7 @@ static int riscv_gdb_set_vector(CPURISCVState *env, uint8_t *mem_buf, int n) target_ulong val = ldtul_p(mem_buf); int result = riscv_csrrw_debug(env, csrno, NULL, val, -1); - if (result == 0) { + if (result == RISCV_EXCP_NONE) { return sizeof(target_ulong); } From 9dfa6c2aec299fda9946c327e889087365a715b5 Mon Sep 17 00:00:00 2001 From: Bernhard Beschow Date: Thu, 22 Sep 2022 09:52:32 +0200 Subject: [PATCH 12/22] hw/riscv/sifive_e: Fix inheritance of SiFiveEState MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SiFiveEState inherits from SysBusDevice while it's TypeInfo claims it to inherit from TYPE_MACHINE. This is an inconsistency which can cause undefined behavior such as memory corruption. Change SiFiveEState to inherit from MachineState since it is registered as a machine. Fixes: 0869490b1c ("riscv: sifive_e: Manually define the machine") Signed-off-by: Bernhard Beschow Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20220922075232.33653-1-shentey@gmail.com> Signed-off-by: Alistair Francis --- include/hw/riscv/sifive_e.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/hw/riscv/sifive_e.h b/include/hw/riscv/sifive_e.h index 83604da805..d738745925 100644 --- a/include/hw/riscv/sifive_e.h +++ b/include/hw/riscv/sifive_e.h @@ -22,6 +22,7 @@ #include "hw/riscv/riscv_hart.h" #include "hw/riscv/sifive_cpu.h" #include "hw/gpio/sifive_gpio.h" +#include "hw/boards.h" #define TYPE_RISCV_E_SOC "riscv.sifive.e.soc" #define RISCV_E_SOC(obj) \ @@ -41,7 +42,7 @@ typedef struct SiFiveESoCState { typedef struct SiFiveEState { /*< private >*/ - SysBusDevice parent_obj; + MachineState parent_obj; /*< public >*/ SiFiveESoCState soc; From a42bd0016654cafd6ca8ca4dbb82fc921ca19ae4 Mon Sep 17 00:00:00 2001 From: Frank Chang Date: Fri, 9 Sep 2022 21:42:08 +0800 Subject: [PATCH 13/22] target/riscv: debug: Determine the trigger type from tdata1.type Current RISC-V debug assumes that only type 2 trigger is supported. To allow more types of triggers to be supported in the future (e.g. type 6 trigger, which is similar to type 2 trigger with additional functionality), we should determine the trigger type from tdata1.type. RV_MAX_TRIGGERS is also introduced in replacement of TRIGGER_TYPE2_NUM. Signed-off-by: Frank Chang Reviewed-by: Bin Meng Signed-off-by: Bin Meng Reviewed-by: LIU Zhiwei [bmeng: fixed MXL_RV128 case, and moved macros to the following patch] Signed-off-by: Bin Meng Message-Id: <20220909134215.1843865-2-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis --- target/riscv/cpu.h | 2 +- target/riscv/csr.c | 2 +- target/riscv/debug.c | 186 +++++++++++++++++++++++++++++------------ target/riscv/debug.h | 13 +-- target/riscv/machine.c | 2 +- 5 files changed, 139 insertions(+), 66 deletions(-) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 22344a620b..73bcad3c9b 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -324,7 +324,7 @@ struct CPUArchState { /* trigger module */ target_ulong trigger_cur; - type2_trigger_t type2_trig[TRIGGER_TYPE2_NUM]; + type2_trigger_t type2_trig[RV_MAX_TRIGGERS]; /* machine specific rdtime callback */ uint64_t (*rdtime_fn)(void *); diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 092b425196..2c84c29bf0 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -3070,7 +3070,7 @@ static RISCVException read_tdata(CPURISCVState *env, int csrno, target_ulong *val) { /* return 0 in tdata1 to end the trigger enumeration */ - if (env->trigger_cur >= TRIGGER_NUM && csrno == CSR_TDATA1) { + if (env->trigger_cur >= RV_MAX_TRIGGERS && csrno == CSR_TDATA1) { *val = 0; return RISCV_EXCP_NONE; } diff --git a/target/riscv/debug.c b/target/riscv/debug.c index fc6e13222f..9dd468753a 100644 --- a/target/riscv/debug.c +++ b/target/riscv/debug.c @@ -52,8 +52,15 @@ /* tdata availability of a trigger */ typedef bool tdata_avail[TDATA_NUM]; -static tdata_avail tdata_mapping[TRIGGER_NUM] = { - [TRIGGER_TYPE2_IDX_0 ... TRIGGER_TYPE2_IDX_1] = { true, true, false }, +static tdata_avail tdata_mapping[TRIGGER_TYPE_NUM] = { + [TRIGGER_TYPE_NO_EXIST] = { false, false, false }, + [TRIGGER_TYPE_AD_MATCH] = { true, true, true }, + [TRIGGER_TYPE_INST_CNT] = { true, false, true }, + [TRIGGER_TYPE_INT] = { true, true, true }, + [TRIGGER_TYPE_EXCP] = { true, true, true }, + [TRIGGER_TYPE_AD_MATCH6] = { true, true, true }, + [TRIGGER_TYPE_EXT_SRC] = { true, false, false }, + [TRIGGER_TYPE_UNAVAIL] = { true, true, true } }; /* only breakpoint size 1/2/4/8 supported */ @@ -67,6 +74,27 @@ static int access_size[SIZE_NUM] = { [6 ... 15] = -1, }; +static inline target_ulong extract_trigger_type(CPURISCVState *env, + target_ulong tdata1) +{ + switch (riscv_cpu_mxl(env)) { + case MXL_RV32: + return extract32(tdata1, 28, 4); + case MXL_RV64: + case MXL_RV128: + return extract64(tdata1, 60, 4); + default: + g_assert_not_reached(); + } +} + +static inline target_ulong get_trigger_type(CPURISCVState *env, + target_ulong trigger_index) +{ + target_ulong tdata1 = env->type2_trig[trigger_index].mcontrol; + return extract_trigger_type(env, tdata1); +} + static inline target_ulong trigger_type(CPURISCVState *env, trigger_type_t type) { @@ -89,15 +117,17 @@ static inline target_ulong trigger_type(CPURISCVState *env, bool tdata_available(CPURISCVState *env, int tdata_index) { + int trigger_type = get_trigger_type(env, env->trigger_cur); + if (unlikely(tdata_index >= TDATA_NUM)) { return false; } - if (unlikely(env->trigger_cur >= TRIGGER_NUM)) { + if (unlikely(env->trigger_cur >= RV_MAX_TRIGGERS)) { return false; } - return tdata_mapping[env->trigger_cur][tdata_index]; + return tdata_mapping[trigger_type][tdata_index]; } target_ulong tselect_csr_read(CPURISCVState *env) @@ -137,6 +167,7 @@ static target_ulong tdata1_validate(CPURISCVState *env, target_ulong val, qemu_log_mask(LOG_GUEST_ERROR, "ignoring type write to tdata1 register\n"); } + if (dmode != 0) { qemu_log_mask(LOG_UNIMP, "debug mode is not supported\n"); } @@ -261,9 +292,8 @@ static void type2_breakpoint_remove(CPURISCVState *env, target_ulong index) } static target_ulong type2_reg_read(CPURISCVState *env, - target_ulong trigger_index, int tdata_index) + target_ulong index, int tdata_index) { - uint32_t index = trigger_index - TRIGGER_TYPE2_IDX_0; target_ulong tdata; switch (tdata_index) { @@ -280,10 +310,9 @@ static target_ulong type2_reg_read(CPURISCVState *env, return tdata; } -static void type2_reg_write(CPURISCVState *env, target_ulong trigger_index, +static void type2_reg_write(CPURISCVState *env, target_ulong index, int tdata_index, target_ulong val) { - uint32_t index = trigger_index - TRIGGER_TYPE2_IDX_0; target_ulong new_val; switch (tdata_index) { @@ -309,35 +338,64 @@ static void type2_reg_write(CPURISCVState *env, target_ulong trigger_index, return; } -typedef target_ulong (*tdata_read_func)(CPURISCVState *env, - target_ulong trigger_index, - int tdata_index); - -static tdata_read_func trigger_read_funcs[TRIGGER_NUM] = { - [TRIGGER_TYPE2_IDX_0 ... TRIGGER_TYPE2_IDX_1] = type2_reg_read, -}; - -typedef void (*tdata_write_func)(CPURISCVState *env, - target_ulong trigger_index, - int tdata_index, - target_ulong val); - -static tdata_write_func trigger_write_funcs[TRIGGER_NUM] = { - [TRIGGER_TYPE2_IDX_0 ... TRIGGER_TYPE2_IDX_1] = type2_reg_write, -}; - target_ulong tdata_csr_read(CPURISCVState *env, int tdata_index) { - tdata_read_func read_func = trigger_read_funcs[env->trigger_cur]; + int trigger_type = get_trigger_type(env, env->trigger_cur); - return read_func(env, env->trigger_cur, tdata_index); + switch (trigger_type) { + case TRIGGER_TYPE_AD_MATCH: + return type2_reg_read(env, env->trigger_cur, tdata_index); + break; + case TRIGGER_TYPE_INST_CNT: + case TRIGGER_TYPE_INT: + case TRIGGER_TYPE_EXCP: + case TRIGGER_TYPE_AD_MATCH6: + case TRIGGER_TYPE_EXT_SRC: + qemu_log_mask(LOG_UNIMP, "trigger type: %d is not supported\n", + trigger_type); + break; + case TRIGGER_TYPE_NO_EXIST: + case TRIGGER_TYPE_UNAVAIL: + qemu_log_mask(LOG_GUEST_ERROR, "trigger type: %d does not exit\n", + trigger_type); + break; + default: + g_assert_not_reached(); + } + + return 0; } void tdata_csr_write(CPURISCVState *env, int tdata_index, target_ulong val) { - tdata_write_func write_func = trigger_write_funcs[env->trigger_cur]; + int trigger_type; - return write_func(env, env->trigger_cur, tdata_index, val); + if (tdata_index == TDATA1) { + trigger_type = extract_trigger_type(env, val); + } else { + trigger_type = get_trigger_type(env, env->trigger_cur); + } + + switch (trigger_type) { + case TRIGGER_TYPE_AD_MATCH: + type2_reg_write(env, env->trigger_cur, tdata_index, val); + break; + case TRIGGER_TYPE_INST_CNT: + case TRIGGER_TYPE_INT: + case TRIGGER_TYPE_EXCP: + case TRIGGER_TYPE_AD_MATCH6: + case TRIGGER_TYPE_EXT_SRC: + qemu_log_mask(LOG_UNIMP, "trigger type: %d is not supported\n", + trigger_type); + break; + case TRIGGER_TYPE_NO_EXIST: + case TRIGGER_TYPE_UNAVAIL: + qemu_log_mask(LOG_GUEST_ERROR, "trigger type: %d does not exit\n", + trigger_type); + break; + default: + g_assert_not_reached(); + } } void riscv_cpu_debug_excp_handler(CPUState *cs) @@ -364,18 +422,28 @@ bool riscv_cpu_debug_check_breakpoint(CPUState *cs) CPUBreakpoint *bp; target_ulong ctrl; target_ulong pc; + int trigger_type; int i; QTAILQ_FOREACH(bp, &cs->breakpoints, entry) { - for (i = 0; i < TRIGGER_TYPE2_NUM; i++) { - ctrl = env->type2_trig[i].mcontrol; - pc = env->type2_trig[i].maddress; + for (i = 0; i < RV_MAX_TRIGGERS; i++) { + trigger_type = get_trigger_type(env, i); - if ((ctrl & TYPE2_EXEC) && (bp->pc == pc)) { - /* check U/S/M bit against current privilege level */ - if ((ctrl >> 3) & BIT(env->priv)) { - return true; + switch (trigger_type) { + case TRIGGER_TYPE_AD_MATCH: + ctrl = env->type2_trig[i].mcontrol; + pc = env->type2_trig[i].maddress; + + if ((ctrl & TYPE2_EXEC) && (bp->pc == pc)) { + /* check U/S/M bit against current privilege level */ + if ((ctrl >> 3) & BIT(env->priv)) { + return true; + } } + break; + default: + /* other trigger types are not supported or irrelevant */ + break; } } } @@ -389,26 +457,36 @@ bool riscv_cpu_debug_check_watchpoint(CPUState *cs, CPUWatchpoint *wp) CPURISCVState *env = &cpu->env; target_ulong ctrl; target_ulong addr; + int trigger_type; int flags; int i; - for (i = 0; i < TRIGGER_TYPE2_NUM; i++) { - ctrl = env->type2_trig[i].mcontrol; - addr = env->type2_trig[i].maddress; - flags = 0; + for (i = 0; i < RV_MAX_TRIGGERS; i++) { + trigger_type = get_trigger_type(env, i); - if (ctrl & TYPE2_LOAD) { - flags |= BP_MEM_READ; - } - if (ctrl & TYPE2_STORE) { - flags |= BP_MEM_WRITE; - } + switch (trigger_type) { + case TRIGGER_TYPE_AD_MATCH: + ctrl = env->type2_trig[i].mcontrol; + addr = env->type2_trig[i].maddress; + flags = 0; - if ((wp->flags & flags) && (wp->vaddr == addr)) { - /* check U/S/M bit against current privilege level */ - if ((ctrl >> 3) & BIT(env->priv)) { - return true; + if (ctrl & TYPE2_LOAD) { + flags |= BP_MEM_READ; } + if (ctrl & TYPE2_STORE) { + flags |= BP_MEM_WRITE; + } + + if ((wp->flags & flags) && (wp->vaddr == addr)) { + /* check U/S/M bit against current privilege level */ + if ((ctrl >> 3) & BIT(env->priv)) { + return true; + } + } + break; + default: + /* other trigger types are not supported */ + break; } } @@ -417,11 +495,11 @@ bool riscv_cpu_debug_check_watchpoint(CPUState *cs, CPUWatchpoint *wp) void riscv_trigger_init(CPURISCVState *env) { - target_ulong type2 = trigger_type(env, TRIGGER_TYPE_AD_MATCH); + target_ulong tdata1 = trigger_type(env, TRIGGER_TYPE_AD_MATCH); int i; - /* type 2 triggers */ - for (i = 0; i < TRIGGER_TYPE2_NUM; i++) { + /* init to type 2 triggers */ + for (i = 0; i < RV_MAX_TRIGGERS; i++) { /* * type = TRIGGER_TYPE_AD_MATCH * dmode = 0 (both debug and M-mode can write tdata) @@ -435,7 +513,7 @@ void riscv_trigger_init(CPURISCVState *env) * chain = 0 (unimplemented, always 0) * match = 0 (always 0, when any compare value equals tdata2) */ - env->type2_trig[i].mcontrol = type2; + env->type2_trig[i].mcontrol = tdata1; env->type2_trig[i].maddress = 0; env->type2_trig[i].bp = NULL; env->type2_trig[i].wp = NULL; diff --git a/target/riscv/debug.h b/target/riscv/debug.h index 27b9cac6b4..72e4edcd8c 100644 --- a/target/riscv/debug.h +++ b/target/riscv/debug.h @@ -22,13 +22,7 @@ #ifndef RISCV_DEBUG_H #define RISCV_DEBUG_H -/* trigger indexes implemented */ -enum { - TRIGGER_TYPE2_IDX_0 = 0, - TRIGGER_TYPE2_IDX_1, - TRIGGER_TYPE2_NUM, - TRIGGER_NUM = TRIGGER_TYPE2_NUM -}; +#define RV_MAX_TRIGGERS 2 /* register index of tdata CSRs */ enum { @@ -46,7 +40,8 @@ typedef enum { TRIGGER_TYPE_EXCP = 5, /* exception trigger */ TRIGGER_TYPE_AD_MATCH6 = 6, /* new address/data match trigger */ TRIGGER_TYPE_EXT_SRC = 7, /* external source trigger */ - TRIGGER_TYPE_UNAVAIL = 15 /* trigger exists, but unavailable */ + TRIGGER_TYPE_UNAVAIL = 15, /* trigger exists, but unavailable */ + TRIGGER_TYPE_NUM } trigger_type_t; typedef struct { @@ -56,7 +51,7 @@ typedef struct { struct CPUWatchpoint *wp; } type2_trigger_t; -/* tdata field masks */ +/* tdata1 field masks */ #define RV32_TYPE(t) ((uint32_t)(t) << 28) #define RV32_TYPE_MASK (0xf << 28) diff --git a/target/riscv/machine.c b/target/riscv/machine.c index c4e6b3bba4..a23cff4424 100644 --- a/target/riscv/machine.c +++ b/target/riscv/machine.c @@ -247,7 +247,7 @@ static const VMStateDescription vmstate_debug = { .needed = debug_needed, .fields = (VMStateField[]) { VMSTATE_UINTTL(env.trigger_cur, RISCVCPU), - VMSTATE_STRUCT_ARRAY(env.type2_trig, RISCVCPU, TRIGGER_TYPE2_NUM, + VMSTATE_STRUCT_ARRAY(env.type2_trig, RISCVCPU, RV_MAX_TRIGGERS, 0, vmstate_debug_type2, type2_trigger_t), VMSTATE_END_OF_LIST() } From 9d5a84db91f12bd843206a57e0cde01e6a9d488d Mon Sep 17 00:00:00 2001 From: Frank Chang Date: Fri, 9 Sep 2022 21:42:09 +0800 Subject: [PATCH 14/22] target/riscv: debug: Introduce build_tdata1() to build tdata1 register content Introduce build_tdata1() to build tdata1 register content, which can be shared among all types of triggers. Signed-off-by: Frank Chang Reviewed-by: Bin Meng Signed-off-by: Bin Meng Reviewed-by: LIU Zhiwei [bmeng: moved RV{32,64}_DATA_MASK definition to this patch] Signed-off-by: Bin Meng Message-Id: <20220909134215.1843865-3-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis --- target/riscv/debug.c | 15 ++++++++++----- target/riscv/debug.h | 2 ++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/target/riscv/debug.c b/target/riscv/debug.c index 9dd468753a..45aae87ec3 100644 --- a/target/riscv/debug.c +++ b/target/riscv/debug.c @@ -95,18 +95,23 @@ static inline target_ulong get_trigger_type(CPURISCVState *env, return extract_trigger_type(env, tdata1); } -static inline target_ulong trigger_type(CPURISCVState *env, - trigger_type_t type) +static inline target_ulong build_tdata1(CPURISCVState *env, + trigger_type_t type, + bool dmode, target_ulong data) { target_ulong tdata1; switch (riscv_cpu_mxl(env)) { case MXL_RV32: - tdata1 = RV32_TYPE(type); + tdata1 = RV32_TYPE(type) | + (dmode ? RV32_DMODE : 0) | + (data & RV32_DATA_MASK); break; case MXL_RV64: case MXL_RV128: - tdata1 = RV64_TYPE(type); + tdata1 = RV64_TYPE(type) | + (dmode ? RV64_DMODE : 0) | + (data & RV64_DATA_MASK); break; default: g_assert_not_reached(); @@ -495,7 +500,7 @@ bool riscv_cpu_debug_check_watchpoint(CPUState *cs, CPUWatchpoint *wp) void riscv_trigger_init(CPURISCVState *env) { - target_ulong tdata1 = trigger_type(env, TRIGGER_TYPE_AD_MATCH); + target_ulong tdata1 = build_tdata1(env, TRIGGER_TYPE_AD_MATCH, 0, 0); int i; /* init to type 2 triggers */ diff --git a/target/riscv/debug.h b/target/riscv/debug.h index 72e4edcd8c..c422553c27 100644 --- a/target/riscv/debug.h +++ b/target/riscv/debug.h @@ -56,9 +56,11 @@ typedef struct { #define RV32_TYPE(t) ((uint32_t)(t) << 28) #define RV32_TYPE_MASK (0xf << 28) #define RV32_DMODE BIT(27) +#define RV32_DATA_MASK 0x7ffffff #define RV64_TYPE(t) ((uint64_t)(t) << 60) #define RV64_TYPE_MASK (0xfULL << 60) #define RV64_DMODE BIT_ULL(59) +#define RV64_DATA_MASK 0x7ffffffffffffff /* mcontrol field masks */ From 9495c4888a80809ab9dba6d6e536b21c018c77a4 Mon Sep 17 00:00:00 2001 From: Frank Chang Date: Fri, 9 Sep 2022 21:42:10 +0800 Subject: [PATCH 15/22] target/riscv: debug: Introduce tdata1, tdata2, and tdata3 CSRs Replace type2_trigger_t with the real tdata1, tdata2, and tdata3 CSRs, which allows us to support more types of triggers in the future. Signed-off-by: Frank Chang Reviewed-by: Bin Meng Signed-off-by: Bin Meng Reviewed-by: LIU Zhiwei Message-Id: <20220909134215.1843865-4-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis --- target/riscv/cpu.h | 6 ++- target/riscv/debug.c | 103 +++++++++++++++-------------------------- target/riscv/debug.h | 7 --- target/riscv/machine.c | 20 ++------ 4 files changed, 48 insertions(+), 88 deletions(-) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 73bcad3c9b..b131fa8c8e 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -324,7 +324,11 @@ struct CPUArchState { /* trigger module */ target_ulong trigger_cur; - type2_trigger_t type2_trig[RV_MAX_TRIGGERS]; + target_ulong tdata1[RV_MAX_TRIGGERS]; + target_ulong tdata2[RV_MAX_TRIGGERS]; + target_ulong tdata3[RV_MAX_TRIGGERS]; + struct CPUBreakpoint *cpu_breakpoint[RV_MAX_TRIGGERS]; + struct CPUWatchpoint *cpu_watchpoint[RV_MAX_TRIGGERS]; /* machine specific rdtime callback */ uint64_t (*rdtime_fn)(void *); diff --git a/target/riscv/debug.c b/target/riscv/debug.c index 45aae87ec3..06feef7d67 100644 --- a/target/riscv/debug.c +++ b/target/riscv/debug.c @@ -91,8 +91,7 @@ static inline target_ulong extract_trigger_type(CPURISCVState *env, static inline target_ulong get_trigger_type(CPURISCVState *env, target_ulong trigger_index) { - target_ulong tdata1 = env->type2_trig[trigger_index].mcontrol; - return extract_trigger_type(env, tdata1); + return extract_trigger_type(env, env->tdata1[trigger_index]); } static inline target_ulong build_tdata1(CPURISCVState *env, @@ -188,6 +187,8 @@ static inline void warn_always_zero_bit(target_ulong val, target_ulong mask, } } +/* type 2 trigger */ + static uint32_t type2_breakpoint_size(CPURISCVState *env, target_ulong ctrl) { uint32_t size, sizelo, sizehi = 0; @@ -247,8 +248,8 @@ static target_ulong type2_mcontrol_validate(CPURISCVState *env, static void type2_breakpoint_insert(CPURISCVState *env, target_ulong index) { - target_ulong ctrl = env->type2_trig[index].mcontrol; - target_ulong addr = env->type2_trig[index].maddress; + target_ulong ctrl = env->tdata1[index]; + target_ulong addr = env->tdata2[index]; bool enabled = type2_breakpoint_enabled(ctrl); CPUState *cs = env_cpu(env); int flags = BP_CPU | BP_STOP_BEFORE_ACCESS; @@ -259,7 +260,7 @@ static void type2_breakpoint_insert(CPURISCVState *env, target_ulong index) } if (ctrl & TYPE2_EXEC) { - cpu_breakpoint_insert(cs, addr, flags, &env->type2_trig[index].bp); + cpu_breakpoint_insert(cs, addr, flags, &env->cpu_breakpoint[index]); } if (ctrl & TYPE2_LOAD) { @@ -273,10 +274,10 @@ static void type2_breakpoint_insert(CPURISCVState *env, target_ulong index) size = type2_breakpoint_size(env, ctrl); if (size != 0) { cpu_watchpoint_insert(cs, addr, size, flags, - &env->type2_trig[index].wp); + &env->cpu_watchpoint[index]); } else { cpu_watchpoint_insert(cs, addr, 8, flags, - &env->type2_trig[index].wp); + &env->cpu_watchpoint[index]); } } } @@ -285,36 +286,17 @@ static void type2_breakpoint_remove(CPURISCVState *env, target_ulong index) { CPUState *cs = env_cpu(env); - if (env->type2_trig[index].bp) { - cpu_breakpoint_remove_by_ref(cs, env->type2_trig[index].bp); - env->type2_trig[index].bp = NULL; + if (env->cpu_breakpoint[index]) { + cpu_breakpoint_remove_by_ref(cs, env->cpu_breakpoint[index]); + env->cpu_breakpoint[index] = NULL; } - if (env->type2_trig[index].wp) { - cpu_watchpoint_remove_by_ref(cs, env->type2_trig[index].wp); - env->type2_trig[index].wp = NULL; + if (env->cpu_watchpoint[index]) { + cpu_watchpoint_remove_by_ref(cs, env->cpu_watchpoint[index]); + env->cpu_watchpoint[index] = NULL; } } -static target_ulong type2_reg_read(CPURISCVState *env, - target_ulong index, int tdata_index) -{ - target_ulong tdata; - - switch (tdata_index) { - case TDATA1: - tdata = env->type2_trig[index].mcontrol; - break; - case TDATA2: - tdata = env->type2_trig[index].maddress; - break; - default: - g_assert_not_reached(); - } - - return tdata; -} - static void type2_reg_write(CPURISCVState *env, target_ulong index, int tdata_index, target_ulong val) { @@ -323,19 +305,23 @@ static void type2_reg_write(CPURISCVState *env, target_ulong index, switch (tdata_index) { case TDATA1: new_val = type2_mcontrol_validate(env, val); - if (new_val != env->type2_trig[index].mcontrol) { - env->type2_trig[index].mcontrol = new_val; + if (new_val != env->tdata1[index]) { + env->tdata1[index] = new_val; type2_breakpoint_remove(env, index); type2_breakpoint_insert(env, index); } break; case TDATA2: - if (val != env->type2_trig[index].maddress) { - env->type2_trig[index].maddress = val; + if (val != env->tdata2[index]) { + env->tdata2[index] = val; type2_breakpoint_remove(env, index); type2_breakpoint_insert(env, index); } break; + case TDATA3: + qemu_log_mask(LOG_UNIMP, + "tdata3 is not supported for type 2 trigger\n"); + break; default: g_assert_not_reached(); } @@ -345,30 +331,16 @@ static void type2_reg_write(CPURISCVState *env, target_ulong index, target_ulong tdata_csr_read(CPURISCVState *env, int tdata_index) { - int trigger_type = get_trigger_type(env, env->trigger_cur); - - switch (trigger_type) { - case TRIGGER_TYPE_AD_MATCH: - return type2_reg_read(env, env->trigger_cur, tdata_index); - break; - case TRIGGER_TYPE_INST_CNT: - case TRIGGER_TYPE_INT: - case TRIGGER_TYPE_EXCP: - case TRIGGER_TYPE_AD_MATCH6: - case TRIGGER_TYPE_EXT_SRC: - qemu_log_mask(LOG_UNIMP, "trigger type: %d is not supported\n", - trigger_type); - break; - case TRIGGER_TYPE_NO_EXIST: - case TRIGGER_TYPE_UNAVAIL: - qemu_log_mask(LOG_GUEST_ERROR, "trigger type: %d does not exit\n", - trigger_type); - break; + switch (tdata_index) { + case TDATA1: + return env->tdata1[env->trigger_cur]; + case TDATA2: + return env->tdata2[env->trigger_cur]; + case TDATA3: + return env->tdata3[env->trigger_cur]; default: g_assert_not_reached(); } - - return 0; } void tdata_csr_write(CPURISCVState *env, int tdata_index, target_ulong val) @@ -436,8 +408,8 @@ bool riscv_cpu_debug_check_breakpoint(CPUState *cs) switch (trigger_type) { case TRIGGER_TYPE_AD_MATCH: - ctrl = env->type2_trig[i].mcontrol; - pc = env->type2_trig[i].maddress; + ctrl = env->tdata1[i]; + pc = env->tdata2[i]; if ((ctrl & TYPE2_EXEC) && (bp->pc == pc)) { /* check U/S/M bit against current privilege level */ @@ -471,8 +443,8 @@ bool riscv_cpu_debug_check_watchpoint(CPUState *cs, CPUWatchpoint *wp) switch (trigger_type) { case TRIGGER_TYPE_AD_MATCH: - ctrl = env->type2_trig[i].mcontrol; - addr = env->type2_trig[i].maddress; + ctrl = env->tdata1[i]; + addr = env->tdata2[i]; flags = 0; if (ctrl & TYPE2_LOAD) { @@ -518,9 +490,10 @@ void riscv_trigger_init(CPURISCVState *env) * chain = 0 (unimplemented, always 0) * match = 0 (always 0, when any compare value equals tdata2) */ - env->type2_trig[i].mcontrol = tdata1; - env->type2_trig[i].maddress = 0; - env->type2_trig[i].bp = NULL; - env->type2_trig[i].wp = NULL; + env->tdata1[i] = tdata1; + env->tdata2[i] = 0; + env->tdata3[i] = 0; + env->cpu_breakpoint[i] = NULL; + env->cpu_watchpoint[i] = NULL; } } diff --git a/target/riscv/debug.h b/target/riscv/debug.h index c422553c27..76146f373a 100644 --- a/target/riscv/debug.h +++ b/target/riscv/debug.h @@ -44,13 +44,6 @@ typedef enum { TRIGGER_TYPE_NUM } trigger_type_t; -typedef struct { - target_ulong mcontrol; - target_ulong maddress; - struct CPUBreakpoint *bp; - struct CPUWatchpoint *wp; -} type2_trigger_t; - /* tdata1 field masks */ #define RV32_TYPE(t) ((uint32_t)(t) << 28) diff --git a/target/riscv/machine.c b/target/riscv/machine.c index a23cff4424..c2a94a82b3 100644 --- a/target/riscv/machine.c +++ b/target/riscv/machine.c @@ -229,26 +229,16 @@ static bool debug_needed(void *opaque) return riscv_feature(env, RISCV_FEATURE_DEBUG); } -static const VMStateDescription vmstate_debug_type2 = { - .name = "cpu/debug/type2", - .version_id = 1, - .minimum_version_id = 1, - .fields = (VMStateField[]) { - VMSTATE_UINTTL(mcontrol, type2_trigger_t), - VMSTATE_UINTTL(maddress, type2_trigger_t), - VMSTATE_END_OF_LIST() - } -}; - static const VMStateDescription vmstate_debug = { .name = "cpu/debug", - .version_id = 1, - .minimum_version_id = 1, + .version_id = 2, + .minimum_version_id = 2, .needed = debug_needed, .fields = (VMStateField[]) { VMSTATE_UINTTL(env.trigger_cur, RISCVCPU), - VMSTATE_STRUCT_ARRAY(env.type2_trig, RISCVCPU, RV_MAX_TRIGGERS, - 0, vmstate_debug_type2, type2_trigger_t), + VMSTATE_UINTTL_ARRAY(env.tdata1, RISCVCPU, RV_MAX_TRIGGERS), + VMSTATE_UINTTL_ARRAY(env.tdata2, RISCVCPU, RV_MAX_TRIGGERS), + VMSTATE_UINTTL_ARRAY(env.tdata3, RISCVCPU, RV_MAX_TRIGGERS), VMSTATE_END_OF_LIST() } }; From 6ea8d3fc40a8db8d22d00255cea9f9f8c927d643 Mon Sep 17 00:00:00 2001 From: Frank Chang Date: Fri, 9 Sep 2022 21:42:11 +0800 Subject: [PATCH 16/22] target/riscv: debug: Restrict the range of tselect value can be written The value of tselect CSR can be written should be limited within the range of supported triggers number. Signed-off-by: Frank Chang Reviewed-by: Bin Meng Signed-off-by: Bin Meng Reviewed-by: LIU Zhiwei Message-Id: <20220909134215.1843865-5-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis --- target/riscv/debug.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/target/riscv/debug.c b/target/riscv/debug.c index 06feef7d67..d6666164cd 100644 --- a/target/riscv/debug.c +++ b/target/riscv/debug.c @@ -127,10 +127,6 @@ bool tdata_available(CPURISCVState *env, int tdata_index) return false; } - if (unlikely(env->trigger_cur >= RV_MAX_TRIGGERS)) { - return false; - } - return tdata_mapping[trigger_type][tdata_index]; } @@ -141,8 +137,9 @@ target_ulong tselect_csr_read(CPURISCVState *env) void tselect_csr_write(CPURISCVState *env, target_ulong val) { - /* all target_ulong bits of tselect are implemented */ - env->trigger_cur = val; + if (val < RV_MAX_TRIGGERS) { + env->trigger_cur = val; + } } static target_ulong tdata1_validate(CPURISCVState *env, target_ulong val, From 31b9798d824512b7daf868cc8581f9a97a9d13a8 Mon Sep 17 00:00:00 2001 From: Frank Chang Date: Fri, 9 Sep 2022 21:42:12 +0800 Subject: [PATCH 17/22] target/riscv: debug: Introduce tinfo CSR tinfo.info: One bit for each possible type enumerated in tdata1. If the bit is set, then that type is supported by the currently selected trigger. Signed-off-by: Frank Chang Reviewed-by: Bin Meng Signed-off-by: Bin Meng Reviewed-by: LIU Zhiwei Message-Id: <20220909134215.1843865-6-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis --- target/riscv/cpu_bits.h | 1 + target/riscv/csr.c | 8 ++++++++ target/riscv/debug.c | 10 +++++++--- target/riscv/debug.h | 2 ++ 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index b762807e4e..d8f5f0abed 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -319,6 +319,7 @@ #define CSR_TDATA1 0x7a1 #define CSR_TDATA2 0x7a2 #define CSR_TDATA3 0x7a3 +#define CSR_TINFO 0x7a4 /* Debug Mode Registers */ #define CSR_DCSR 0x7b0 diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 2c84c29bf0..5c9a7ee287 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -3094,6 +3094,13 @@ static RISCVException write_tdata(CPURISCVState *env, int csrno, return RISCV_EXCP_NONE; } +static RISCVException read_tinfo(CPURISCVState *env, int csrno, + target_ulong *val) +{ + *val = tinfo_csr_read(env); + return RISCV_EXCP_NONE; +} + /* * Functions to access Pointer Masking feature registers * We have to check if current priv lvl could modify @@ -3898,6 +3905,7 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = { [CSR_TDATA1] = { "tdata1", debug, read_tdata, write_tdata }, [CSR_TDATA2] = { "tdata2", debug, read_tdata, write_tdata }, [CSR_TDATA3] = { "tdata3", debug, read_tdata, write_tdata }, + [CSR_TINFO] = { "tinfo", debug, read_tinfo, write_ignore }, /* User Pointer Masking */ [CSR_UMTE] = { "umte", pointer_masking, read_umte, write_umte }, diff --git a/target/riscv/debug.c b/target/riscv/debug.c index d6666164cd..7d546ace42 100644 --- a/target/riscv/debug.c +++ b/target/riscv/debug.c @@ -37,9 +37,7 @@ * - tdata1 * - tdata2 * - tdata3 - * - * We don't support writable 'type' field in the tdata1 register, so there is - * no need to implement the "tinfo" CSR. + * - tinfo * * The following triggers are implemented: * @@ -372,6 +370,12 @@ void tdata_csr_write(CPURISCVState *env, int tdata_index, target_ulong val) } } +target_ulong tinfo_csr_read(CPURISCVState *env) +{ + /* assume all triggers support the same types of triggers */ + return BIT(TRIGGER_TYPE_AD_MATCH); +} + void riscv_cpu_debug_excp_handler(CPUState *cs) { RISCVCPU *cpu = RISCV_CPU(cs); diff --git a/target/riscv/debug.h b/target/riscv/debug.h index 76146f373a..9f69c64591 100644 --- a/target/riscv/debug.h +++ b/target/riscv/debug.h @@ -95,6 +95,8 @@ void tselect_csr_write(CPURISCVState *env, target_ulong val); target_ulong tdata_csr_read(CPURISCVState *env, int tdata_index); void tdata_csr_write(CPURISCVState *env, int tdata_index, target_ulong val); +target_ulong tinfo_csr_read(CPURISCVState *env); + void riscv_cpu_debug_excp_handler(CPUState *cs); bool riscv_cpu_debug_check_breakpoint(CPUState *cs); bool riscv_cpu_debug_check_watchpoint(CPUState *cs, CPUWatchpoint *wp); From d1c111411e6240c01ee3d54801a7e3eeb6acc3b1 Mon Sep 17 00:00:00 2001 From: Frank Chang Date: Fri, 9 Sep 2022 21:42:13 +0800 Subject: [PATCH 18/22] target/riscv: debug: Create common trigger actions function Trigger actions are shared among all triggers. Extract to a common function. Signed-off-by: Frank Chang Reviewed-by: Bin Meng Signed-off-by: Bin Meng Reviewed-by: LIU Zhiwei [bmeng: handle the DBG_ACTION_NONE case] Signed-off-by: Bin Meng Message-Id: <20220909134215.1843865-7-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis --- target/riscv/debug.c | 59 ++++++++++++++++++++++++++++++++++++++++++-- target/riscv/debug.h | 13 ++++++++++ 2 files changed, 70 insertions(+), 2 deletions(-) diff --git a/target/riscv/debug.c b/target/riscv/debug.c index 7d546ace42..7a8910f980 100644 --- a/target/riscv/debug.c +++ b/target/riscv/debug.c @@ -92,6 +92,37 @@ static inline target_ulong get_trigger_type(CPURISCVState *env, return extract_trigger_type(env, env->tdata1[trigger_index]); } +static trigger_action_t get_trigger_action(CPURISCVState *env, + target_ulong trigger_index) +{ + target_ulong tdata1 = env->tdata1[trigger_index]; + int trigger_type = get_trigger_type(env, trigger_index); + trigger_action_t action = DBG_ACTION_NONE; + + switch (trigger_type) { + case TRIGGER_TYPE_AD_MATCH: + action = (tdata1 & TYPE2_ACTION) >> 12; + break; + case TRIGGER_TYPE_INST_CNT: + case TRIGGER_TYPE_INT: + case TRIGGER_TYPE_EXCP: + case TRIGGER_TYPE_AD_MATCH6: + case TRIGGER_TYPE_EXT_SRC: + qemu_log_mask(LOG_UNIMP, "trigger type: %d is not supported\n", + trigger_type); + break; + case TRIGGER_TYPE_NO_EXIST: + case TRIGGER_TYPE_UNAVAIL: + qemu_log_mask(LOG_GUEST_ERROR, "trigger type: %d does not exit\n", + trigger_type); + break; + default: + g_assert_not_reached(); + } + + return action; +} + static inline target_ulong build_tdata1(CPURISCVState *env, trigger_type_t type, bool dmode, target_ulong data) @@ -182,6 +213,30 @@ static inline void warn_always_zero_bit(target_ulong val, target_ulong mask, } } +static void do_trigger_action(CPURISCVState *env, target_ulong trigger_index) +{ + trigger_action_t action = get_trigger_action(env, trigger_index); + + switch (action) { + case DBG_ACTION_NONE: + break; + case DBG_ACTION_BP: + riscv_raise_exception(env, RISCV_EXCP_BREAKPOINT, 0); + break; + case DBG_ACTION_DBG_MODE: + case DBG_ACTION_TRACE0: + case DBG_ACTION_TRACE1: + case DBG_ACTION_TRACE2: + case DBG_ACTION_TRACE3: + case DBG_ACTION_EXT_DBG0: + case DBG_ACTION_EXT_DBG1: + qemu_log_mask(LOG_UNIMP, "action: %d is not supported\n", action); + break; + default: + g_assert_not_reached(); + } +} + /* type 2 trigger */ static uint32_t type2_breakpoint_size(CPURISCVState *env, target_ulong ctrl) @@ -384,11 +439,11 @@ void riscv_cpu_debug_excp_handler(CPUState *cs) if (cs->watchpoint_hit) { if (cs->watchpoint_hit->flags & BP_CPU) { cs->watchpoint_hit = NULL; - riscv_raise_exception(env, RISCV_EXCP_BREAKPOINT, 0); + do_trigger_action(env, DBG_ACTION_BP); } } else { if (cpu_breakpoint_test(cs, env->pc, BP_CPU)) { - riscv_raise_exception(env, RISCV_EXCP_BREAKPOINT, 0); + do_trigger_action(env, DBG_ACTION_BP); } } } diff --git a/target/riscv/debug.h b/target/riscv/debug.h index 9f69c64591..0e4859cf74 100644 --- a/target/riscv/debug.h +++ b/target/riscv/debug.h @@ -44,6 +44,19 @@ typedef enum { TRIGGER_TYPE_NUM } trigger_type_t; +/* actions */ +typedef enum { + DBG_ACTION_NONE = -1, /* sentinel value */ + DBG_ACTION_BP = 0, + DBG_ACTION_DBG_MODE, + DBG_ACTION_TRACE0, + DBG_ACTION_TRACE1, + DBG_ACTION_TRACE2, + DBG_ACTION_TRACE3, + DBG_ACTION_EXT_DBG0 = 8, + DBG_ACTION_EXT_DBG1 +} trigger_action_t; + /* tdata1 field masks */ #define RV32_TYPE(t) ((uint32_t)(t) << 28) From c32461d8eeb17490b1b1e969e2ce8f1ecd83bfbb Mon Sep 17 00:00:00 2001 From: Frank Chang Date: Fri, 9 Sep 2022 21:42:14 +0800 Subject: [PATCH 19/22] target/riscv: debug: Check VU/VS modes for type 2 trigger Type 2 trigger cannot be fired in VU/VS modes. Signed-off-by: Frank Chang Reviewed-by: Bin Meng Signed-off-by: Bin Meng Message-Id: <20220909134215.1843865-8-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis --- target/riscv/debug.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/target/riscv/debug.c b/target/riscv/debug.c index 7a8910f980..e16d5c070a 100644 --- a/target/riscv/debug.c +++ b/target/riscv/debug.c @@ -464,6 +464,11 @@ bool riscv_cpu_debug_check_breakpoint(CPUState *cs) switch (trigger_type) { case TRIGGER_TYPE_AD_MATCH: + /* type 2 trigger cannot be fired in VU/VS mode */ + if (riscv_cpu_virt_enabled(env)) { + return false; + } + ctrl = env->tdata1[i]; pc = env->tdata2[i]; @@ -499,6 +504,11 @@ bool riscv_cpu_debug_check_watchpoint(CPUState *cs, CPUWatchpoint *wp) switch (trigger_type) { case TRIGGER_TYPE_AD_MATCH: + /* type 2 trigger cannot be fired in VU/VS mode */ + if (riscv_cpu_virt_enabled(env)) { + return false; + } + ctrl = env->tdata1[i]; addr = env->tdata2[i]; flags = 0; From c472c142a7552f5b0e40378d5643a2810ef1b111 Mon Sep 17 00:00:00 2001 From: Frank Chang Date: Fri, 9 Sep 2022 21:42:15 +0800 Subject: [PATCH 20/22] target/riscv: debug: Add initial support of type 6 trigger Type 6 trigger is similar to a type 2 trigger, but provides additional functionality and should be used instead of type 2 in newer implementations. Signed-off-by: Frank Chang Reviewed-by: Bin Meng Signed-off-by: Bin Meng Message-Id: <20220909134215.1843865-9-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis --- target/riscv/debug.c | 174 ++++++++++++++++++++++++++++++++++++++++++- target/riscv/debug.h | 18 +++++ 2 files changed, 188 insertions(+), 4 deletions(-) diff --git a/target/riscv/debug.c b/target/riscv/debug.c index e16d5c070a..26ea764407 100644 --- a/target/riscv/debug.c +++ b/target/riscv/debug.c @@ -39,7 +39,7 @@ * - tdata3 * - tinfo * - * The following triggers are implemented: + * The following triggers are initialized by default: * * Index | Type | tdata mapping | Description * ------+------+------------------------+------------ @@ -103,10 +103,12 @@ static trigger_action_t get_trigger_action(CPURISCVState *env, case TRIGGER_TYPE_AD_MATCH: action = (tdata1 & TYPE2_ACTION) >> 12; break; + case TRIGGER_TYPE_AD_MATCH6: + action = (tdata1 & TYPE6_ACTION) >> 12; + break; case TRIGGER_TYPE_INST_CNT: case TRIGGER_TYPE_INT: case TRIGGER_TYPE_EXCP: - case TRIGGER_TYPE_AD_MATCH6: case TRIGGER_TYPE_EXT_SRC: qemu_log_mask(LOG_UNIMP, "trigger type: %d is not supported\n", trigger_type); @@ -379,6 +381,123 @@ static void type2_reg_write(CPURISCVState *env, target_ulong index, return; } +/* type 6 trigger */ + +static inline bool type6_breakpoint_enabled(target_ulong ctrl) +{ + bool mode = !!(ctrl & (TYPE6_VU | TYPE6_VS | TYPE6_U | TYPE6_S | TYPE6_M)); + bool rwx = !!(ctrl & (TYPE6_LOAD | TYPE6_STORE | TYPE6_EXEC)); + + return mode && rwx; +} + +static target_ulong type6_mcontrol6_validate(CPURISCVState *env, + target_ulong ctrl) +{ + target_ulong val; + uint32_t size; + + /* validate the generic part first */ + val = tdata1_validate(env, ctrl, TRIGGER_TYPE_AD_MATCH6); + + /* validate unimplemented (always zero) bits */ + warn_always_zero_bit(ctrl, TYPE6_MATCH, "match"); + warn_always_zero_bit(ctrl, TYPE6_CHAIN, "chain"); + warn_always_zero_bit(ctrl, TYPE6_ACTION, "action"); + warn_always_zero_bit(ctrl, TYPE6_TIMING, "timing"); + warn_always_zero_bit(ctrl, TYPE6_SELECT, "select"); + warn_always_zero_bit(ctrl, TYPE6_HIT, "hit"); + + /* validate size encoding */ + size = extract32(ctrl, 16, 4); + if (access_size[size] == -1) { + qemu_log_mask(LOG_UNIMP, "access size %d is not supported, using SIZE_ANY\n", + size); + } else { + val |= (ctrl & TYPE6_SIZE); + } + + /* keep the mode and attribute bits */ + val |= (ctrl & (TYPE6_VU | TYPE6_VS | TYPE6_U | TYPE6_S | TYPE6_M | + TYPE6_LOAD | TYPE6_STORE | TYPE6_EXEC)); + + return val; +} + +static void type6_breakpoint_insert(CPURISCVState *env, target_ulong index) +{ + target_ulong ctrl = env->tdata1[index]; + target_ulong addr = env->tdata2[index]; + bool enabled = type6_breakpoint_enabled(ctrl); + CPUState *cs = env_cpu(env); + int flags = BP_CPU | BP_STOP_BEFORE_ACCESS; + uint32_t size; + + if (!enabled) { + return; + } + + if (ctrl & TYPE6_EXEC) { + cpu_breakpoint_insert(cs, addr, flags, &env->cpu_breakpoint[index]); + } + + if (ctrl & TYPE6_LOAD) { + flags |= BP_MEM_READ; + } + + if (ctrl & TYPE6_STORE) { + flags |= BP_MEM_WRITE; + } + + if (flags & BP_MEM_ACCESS) { + size = extract32(ctrl, 16, 4); + if (size != 0) { + cpu_watchpoint_insert(cs, addr, size, flags, + &env->cpu_watchpoint[index]); + } else { + cpu_watchpoint_insert(cs, addr, 8, flags, + &env->cpu_watchpoint[index]); + } + } +} + +static void type6_breakpoint_remove(CPURISCVState *env, target_ulong index) +{ + type2_breakpoint_remove(env, index); +} + +static void type6_reg_write(CPURISCVState *env, target_ulong index, + int tdata_index, target_ulong val) +{ + target_ulong new_val; + + switch (tdata_index) { + case TDATA1: + new_val = type6_mcontrol6_validate(env, val); + if (new_val != env->tdata1[index]) { + env->tdata1[index] = new_val; + type6_breakpoint_remove(env, index); + type6_breakpoint_insert(env, index); + } + break; + case TDATA2: + if (val != env->tdata2[index]) { + env->tdata2[index] = val; + type6_breakpoint_remove(env, index); + type6_breakpoint_insert(env, index); + } + break; + case TDATA3: + qemu_log_mask(LOG_UNIMP, + "tdata3 is not supported for type 6 trigger\n"); + break; + default: + g_assert_not_reached(); + } + + return; +} + target_ulong tdata_csr_read(CPURISCVState *env, int tdata_index) { switch (tdata_index) { @@ -407,10 +526,12 @@ void tdata_csr_write(CPURISCVState *env, int tdata_index, target_ulong val) case TRIGGER_TYPE_AD_MATCH: type2_reg_write(env, env->trigger_cur, tdata_index, val); break; + case TRIGGER_TYPE_AD_MATCH6: + type6_reg_write(env, env->trigger_cur, tdata_index, val); + break; case TRIGGER_TYPE_INST_CNT: case TRIGGER_TYPE_INT: case TRIGGER_TYPE_EXCP: - case TRIGGER_TYPE_AD_MATCH6: case TRIGGER_TYPE_EXT_SRC: qemu_log_mask(LOG_UNIMP, "trigger type: %d is not supported\n", trigger_type); @@ -428,7 +549,8 @@ void tdata_csr_write(CPURISCVState *env, int tdata_index, target_ulong val) target_ulong tinfo_csr_read(CPURISCVState *env) { /* assume all triggers support the same types of triggers */ - return BIT(TRIGGER_TYPE_AD_MATCH); + return BIT(TRIGGER_TYPE_AD_MATCH) | + BIT(TRIGGER_TYPE_AD_MATCH6); } void riscv_cpu_debug_excp_handler(CPUState *cs) @@ -479,6 +601,24 @@ bool riscv_cpu_debug_check_breakpoint(CPUState *cs) } } break; + case TRIGGER_TYPE_AD_MATCH6: + ctrl = env->tdata1[i]; + pc = env->tdata2[i]; + + if ((ctrl & TYPE6_EXEC) && (bp->pc == pc)) { + if (riscv_cpu_virt_enabled(env)) { + /* check VU/VS bit against current privilege level */ + if ((ctrl >> 23) & BIT(env->priv)) { + return true; + } + } else { + /* check U/S/M bit against current privilege level */ + if ((ctrl >> 3) & BIT(env->priv)) { + return true; + } + } + } + break; default: /* other trigger types are not supported or irrelevant */ break; @@ -527,6 +667,32 @@ bool riscv_cpu_debug_check_watchpoint(CPUState *cs, CPUWatchpoint *wp) } } break; + case TRIGGER_TYPE_AD_MATCH6: + ctrl = env->tdata1[i]; + addr = env->tdata2[i]; + flags = 0; + + if (ctrl & TYPE6_LOAD) { + flags |= BP_MEM_READ; + } + if (ctrl & TYPE6_STORE) { + flags |= BP_MEM_WRITE; + } + + if ((wp->flags & flags) && (wp->vaddr == addr)) { + if (riscv_cpu_virt_enabled(env)) { + /* check VU/VS bit against current privilege level */ + if ((ctrl >> 23) & BIT(env->priv)) { + return true; + } + } else { + /* check U/S/M bit against current privilege level */ + if ((ctrl >> 3) & BIT(env->priv)) { + return true; + } + } + } + break; default: /* other trigger types are not supported */ break; diff --git a/target/riscv/debug.h b/target/riscv/debug.h index 0e4859cf74..a1226b4d29 100644 --- a/target/riscv/debug.h +++ b/target/riscv/debug.h @@ -85,6 +85,24 @@ typedef enum { #define TYPE2_HIT BIT(20) #define TYPE2_SIZEHI (0x3 << 21) /* RV64 only */ +/* mcontrol6 field masks */ + +#define TYPE6_LOAD BIT(0) +#define TYPE6_STORE BIT(1) +#define TYPE6_EXEC BIT(2) +#define TYPE6_U BIT(3) +#define TYPE6_S BIT(4) +#define TYPE6_M BIT(6) +#define TYPE6_MATCH (0xf << 7) +#define TYPE6_CHAIN BIT(11) +#define TYPE6_ACTION (0xf << 12) +#define TYPE6_SIZE (0xf << 16) +#define TYPE6_TIMING BIT(20) +#define TYPE6_SELECT BIT(21) +#define TYPE6_HIT BIT(22) +#define TYPE6_VU BIT(23) +#define TYPE6_VS BIT(24) + /* access size */ enum { SIZE_ANY = 0, From 5bda21c0ea02c1af160ddee6f0b62c569282294c Mon Sep 17 00:00:00 2001 From: Yang Liu Date: Wed, 17 Aug 2022 15:48:01 +0800 Subject: [PATCH 21/22] target/riscv: rvv-1.0: Simplify vfwredsum code Remove duplicate code by wrapping vfwredsum_vs's OP function. Signed-off-by: Yang Liu Reviewed-by: Alistair Francis Reviewed-by: Frank Chang Message-Id: <20220817074802.20765-1-liuyang22@iscas.ac.cn> Signed-off-by: Alistair Francis --- target/riscv/vector_helper.c | 62 ++++++++---------------------------- 1 file changed, 13 insertions(+), 49 deletions(-) diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c index d224861c2c..2828073497 100644 --- a/target/riscv/vector_helper.c +++ b/target/riscv/vector_helper.c @@ -4728,57 +4728,21 @@ GEN_VEXT_FRED(vfredmin_vs_h, uint16_t, uint16_t, H2, H2, float16_minimum_number) GEN_VEXT_FRED(vfredmin_vs_w, uint32_t, uint32_t, H4, H4, float32_minimum_number) GEN_VEXT_FRED(vfredmin_vs_d, uint64_t, uint64_t, H8, H8, float64_minimum_number) +/* Vector Widening Floating-Point Add Instructions */ +static uint32_t fwadd16(uint32_t a, uint16_t b, float_status *s) +{ + return float32_add(a, float16_to_float32(b, true, s), s); +} + +static uint64_t fwadd32(uint64_t a, uint32_t b, float_status *s) +{ + return float64_add(a, float32_to_float64(b, s), s); +} + /* Vector Widening Floating-Point Reduction Instructions */ /* Unordered reduce 2*SEW = 2*SEW + sum(promote(SEW)) */ -void HELPER(vfwredsum_vs_h)(void *vd, void *v0, void *vs1, - void *vs2, CPURISCVState *env, uint32_t desc) -{ - uint32_t vm = vext_vm(desc); - uint32_t vl = env->vl; - uint32_t esz = sizeof(uint32_t); - uint32_t vlenb = simd_maxsz(desc); - uint32_t vta = vext_vta(desc); - uint32_t i; - uint32_t s1 = *((uint32_t *)vs1 + H4(0)); - - for (i = env->vstart; i < vl; i++) { - uint16_t s2 = *((uint16_t *)vs2 + H2(i)); - if (!vm && !vext_elem_mask(v0, i)) { - continue; - } - s1 = float32_add(s1, float16_to_float32(s2, true, &env->fp_status), - &env->fp_status); - } - *((uint32_t *)vd + H4(0)) = s1; - env->vstart = 0; - /* set tail elements to 1s */ - vext_set_elems_1s(vd, vta, esz, vlenb); -} - -void HELPER(vfwredsum_vs_w)(void *vd, void *v0, void *vs1, - void *vs2, CPURISCVState *env, uint32_t desc) -{ - uint32_t vm = vext_vm(desc); - uint32_t vl = env->vl; - uint32_t esz = sizeof(uint64_t); - uint32_t vlenb = simd_maxsz(desc); - uint32_t vta = vext_vta(desc); - uint32_t i; - uint64_t s1 = *((uint64_t *)vs1); - - for (i = env->vstart; i < vl; i++) { - uint32_t s2 = *((uint32_t *)vs2 + H4(i)); - if (!vm && !vext_elem_mask(v0, i)) { - continue; - } - s1 = float64_add(s1, float32_to_float64(s2, &env->fp_status), - &env->fp_status); - } - *((uint64_t *)vd) = s1; - env->vstart = 0; - /* set tail elements to 1s */ - vext_set_elems_1s(vd, vta, esz, vlenb); -} +GEN_VEXT_FRED(vfwredsum_vs_h, uint32_t, uint16_t, H4, H2, fwadd16) +GEN_VEXT_FRED(vfwredsum_vs_w, uint64_t, uint32_t, H8, H4, fwadd32) /* *** Vector Mask Operations From a3ab69f9f6c000481c439923d16416b8941d5b37 Mon Sep 17 00:00:00 2001 From: Yang Liu Date: Wed, 17 Aug 2022 15:48:02 +0800 Subject: [PATCH 22/22] target/riscv: rvv-1.0: vf[w]redsum distinguish between ordered/unordered Starting with RVV1.0, the original vf[w]redsum_vs instruction was renamed to vf[w]redusum_vs. The distinction between ordered and unordered is also more consistent with other instructions, although there is no difference in implementation between the two for QEMU. Signed-off-by: Yang Liu Acked-by: Alistair Francis Reviewed-by: Frank Chang Message-Id: <20220817074802.20765-2-liuyang22@iscas.ac.cn> Signed-off-by: Alistair Francis --- target/riscv/helper.h | 15 ++++++++++----- target/riscv/insn32.decode | 6 ++++-- target/riscv/insn_trans/trans_rvv.c.inc | 6 ++++-- target/riscv/vector_helper.c | 19 +++++++++++++------ 4 files changed, 31 insertions(+), 15 deletions(-) diff --git a/target/riscv/helper.h b/target/riscv/helper.h index 4ef3b2251d..a03014fe67 100644 --- a/target/riscv/helper.h +++ b/target/riscv/helper.h @@ -1009,9 +1009,12 @@ DEF_HELPER_6(vwredsum_vs_b, void, ptr, ptr, ptr, ptr, env, i32) DEF_HELPER_6(vwredsum_vs_h, void, ptr, ptr, ptr, ptr, env, i32) DEF_HELPER_6(vwredsum_vs_w, void, ptr, ptr, ptr, ptr, env, i32) -DEF_HELPER_6(vfredsum_vs_h, void, ptr, ptr, ptr, ptr, env, i32) -DEF_HELPER_6(vfredsum_vs_w, void, ptr, ptr, ptr, ptr, env, i32) -DEF_HELPER_6(vfredsum_vs_d, void, ptr, ptr, ptr, ptr, env, i32) +DEF_HELPER_6(vfredusum_vs_h, void, ptr, ptr, ptr, ptr, env, i32) +DEF_HELPER_6(vfredusum_vs_w, void, ptr, ptr, ptr, ptr, env, i32) +DEF_HELPER_6(vfredusum_vs_d, void, ptr, ptr, ptr, ptr, env, i32) +DEF_HELPER_6(vfredosum_vs_h, void, ptr, ptr, ptr, ptr, env, i32) +DEF_HELPER_6(vfredosum_vs_w, void, ptr, ptr, ptr, ptr, env, i32) +DEF_HELPER_6(vfredosum_vs_d, void, ptr, ptr, ptr, ptr, env, i32) DEF_HELPER_6(vfredmax_vs_h, void, ptr, ptr, ptr, ptr, env, i32) DEF_HELPER_6(vfredmax_vs_w, void, ptr, ptr, ptr, ptr, env, i32) DEF_HELPER_6(vfredmax_vs_d, void, ptr, ptr, ptr, ptr, env, i32) @@ -1019,8 +1022,10 @@ DEF_HELPER_6(vfredmin_vs_h, void, ptr, ptr, ptr, ptr, env, i32) DEF_HELPER_6(vfredmin_vs_w, void, ptr, ptr, ptr, ptr, env, i32) DEF_HELPER_6(vfredmin_vs_d, void, ptr, ptr, ptr, ptr, env, i32) -DEF_HELPER_6(vfwredsum_vs_h, void, ptr, ptr, ptr, ptr, env, i32) -DEF_HELPER_6(vfwredsum_vs_w, void, ptr, ptr, ptr, ptr, env, i32) +DEF_HELPER_6(vfwredusum_vs_h, void, ptr, ptr, ptr, ptr, env, i32) +DEF_HELPER_6(vfwredusum_vs_w, void, ptr, ptr, ptr, ptr, env, i32) +DEF_HELPER_6(vfwredosum_vs_h, void, ptr, ptr, ptr, ptr, env, i32) +DEF_HELPER_6(vfwredosum_vs_w, void, ptr, ptr, ptr, ptr, env, i32) DEF_HELPER_6(vmand_mm, void, ptr, ptr, ptr, ptr, env, i32) DEF_HELPER_6(vmnand_mm, void, ptr, ptr, ptr, ptr, env, i32) diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode index 595fdcdad8..d0253b8104 100644 --- a/target/riscv/insn32.decode +++ b/target/riscv/insn32.decode @@ -664,11 +664,13 @@ vredmax_vs 000111 . ..... ..... 010 ..... 1010111 @r_vm vwredsumu_vs 110000 . ..... ..... 000 ..... 1010111 @r_vm vwredsum_vs 110001 . ..... ..... 000 ..... 1010111 @r_vm # Vector ordered and unordered reduction sum -vfredsum_vs 0000-1 . ..... ..... 001 ..... 1010111 @r_vm +vfredusum_vs 000001 . ..... ..... 001 ..... 1010111 @r_vm +vfredosum_vs 000011 . ..... ..... 001 ..... 1010111 @r_vm vfredmin_vs 000101 . ..... ..... 001 ..... 1010111 @r_vm vfredmax_vs 000111 . ..... ..... 001 ..... 1010111 @r_vm # Vector widening ordered and unordered float reduction sum -vfwredsum_vs 1100-1 . ..... ..... 001 ..... 1010111 @r_vm +vfwredusum_vs 110001 . ..... ..... 001 ..... 1010111 @r_vm +vfwredosum_vs 110011 . ..... ..... 001 ..... 1010111 @r_vm vmand_mm 011001 - ..... ..... 010 ..... 1010111 @r vmnand_mm 011101 - ..... ..... 010 ..... 1010111 @r vmandn_mm 011000 - ..... ..... 010 ..... 1010111 @r diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc index e58208f363..4dea4413ae 100644 --- a/target/riscv/insn_trans/trans_rvv.c.inc +++ b/target/riscv/insn_trans/trans_rvv.c.inc @@ -3136,7 +3136,8 @@ static bool freduction_check(DisasContext *s, arg_rmrr *a) require_zve64f(s); } -GEN_OPFVV_TRANS(vfredsum_vs, freduction_check) +GEN_OPFVV_TRANS(vfredusum_vs, freduction_check) +GEN_OPFVV_TRANS(vfredosum_vs, freduction_check) GEN_OPFVV_TRANS(vfredmax_vs, freduction_check) GEN_OPFVV_TRANS(vfredmin_vs, freduction_check) @@ -3148,7 +3149,8 @@ static bool freduction_widen_check(DisasContext *s, arg_rmrr *a) (s->sew != MO_8); } -GEN_OPFVV_WIDEN_TRANS(vfwredsum_vs, freduction_widen_check) +GEN_OPFVV_WIDEN_TRANS(vfwredusum_vs, freduction_widen_check) +GEN_OPFVV_WIDEN_TRANS(vfwredosum_vs, freduction_widen_check) /* *** Vector Mask Operations diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c index 2828073497..b94f809eb3 100644 --- a/target/riscv/vector_helper.c +++ b/target/riscv/vector_helper.c @@ -4714,9 +4714,14 @@ void HELPER(NAME)(void *vd, void *v0, void *vs1, \ } /* Unordered sum */ -GEN_VEXT_FRED(vfredsum_vs_h, uint16_t, uint16_t, H2, H2, float16_add) -GEN_VEXT_FRED(vfredsum_vs_w, uint32_t, uint32_t, H4, H4, float32_add) -GEN_VEXT_FRED(vfredsum_vs_d, uint64_t, uint64_t, H8, H8, float64_add) +GEN_VEXT_FRED(vfredusum_vs_h, uint16_t, uint16_t, H2, H2, float16_add) +GEN_VEXT_FRED(vfredusum_vs_w, uint32_t, uint32_t, H4, H4, float32_add) +GEN_VEXT_FRED(vfredusum_vs_d, uint64_t, uint64_t, H8, H8, float64_add) + +/* Ordered sum */ +GEN_VEXT_FRED(vfredosum_vs_h, uint16_t, uint16_t, H2, H2, float16_add) +GEN_VEXT_FRED(vfredosum_vs_w, uint32_t, uint32_t, H4, H4, float32_add) +GEN_VEXT_FRED(vfredosum_vs_d, uint64_t, uint64_t, H8, H8, float64_add) /* Maximum value */ GEN_VEXT_FRED(vfredmax_vs_h, uint16_t, uint16_t, H2, H2, float16_maximum_number) @@ -4740,9 +4745,11 @@ static uint64_t fwadd32(uint64_t a, uint32_t b, float_status *s) } /* Vector Widening Floating-Point Reduction Instructions */ -/* Unordered reduce 2*SEW = 2*SEW + sum(promote(SEW)) */ -GEN_VEXT_FRED(vfwredsum_vs_h, uint32_t, uint16_t, H4, H2, fwadd16) -GEN_VEXT_FRED(vfwredsum_vs_w, uint64_t, uint32_t, H8, H4, fwadd32) +/* Ordered/unordered reduce 2*SEW = 2*SEW + sum(promote(SEW)) */ +GEN_VEXT_FRED(vfwredusum_vs_h, uint32_t, uint16_t, H4, H2, fwadd16) +GEN_VEXT_FRED(vfwredusum_vs_w, uint64_t, uint32_t, H8, H4, fwadd32) +GEN_VEXT_FRED(vfwredosum_vs_h, uint32_t, uint16_t, H4, H2, fwadd16) +GEN_VEXT_FRED(vfwredosum_vs_w, uint64_t, uint32_t, H8, H4, fwadd32) /* *** Vector Mask Operations