QEMU Support for the RISC-V Instruction Set Architecture
Transcript of QEMU Support for the RISC-V Instruction Set Architecture
![Page 1: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/1.jpg)
QEMUSupportfortheRISC-VInstructionSetArchitecture
KVMForum2016
https://github.com/riscv/riscv-qemu
![Page 2: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/2.jpg)
Outline
• WhyRISC-V?• BenefitsofanOpenISA• RISC-VISABasics• VirtualizationSupport• QEMURISC-VTargetSupport• WorkinProgress/TODOsforUpstreaming/FutureWork
![Page 3: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/3.jpg)
ISAsdon’tmatter
• Mostoftheperformanceandenergyofrunningsoftwareonacomputerisdueto:• Algorithms• Applicationcode• Compilers• OS/Runtimes• ISA• Microarchitecture(coreandmemoryhierarchy)• Circuitdesign• Physicaldesign• Fabricationprocess
+Inasystem,therearealsodisplays,radios,DC/DCconverters,sensors,actuators…
![Page 4: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/4.jpg)
WhyInstructionSetArchitectureMatters
• Whycan’tIntelsellmobilechips?• 99%+ofmobilephones/tabletsbasedonARMv7/v8ISA
• Whycan’tARMpartnerssellservers?• 99%+oflaptops/desktops/serversbasedonAMD64ISA(over95%+builtbyIntel)
• HowcanIBMstillsellmainframes?• IBM360,oldestsurvivingISA(50+years)
ISAisthemostimportantinterfaceinacomputersystemwheresoftwaremeetshardware
![Page 5: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/5.jpg)
WhysomanyISAsonanSoC?
• Applicationsprocessor(usuallyARM)• Graphicsprocessors• Imageprocessors• RadioDSPs• AudioDSPs• Securityprocessors• Power-managementprocessor• ….• AppsprocessorISA(e.g.ARM)toolargeformostaccelerators• IPboughtfromdifferentplaces,eachproprietaryISA• Home-grownISAcores• OveradozenISAsonsomeSoCs– eachwithuniquesoftwarestack
NVIDIATegraSoC
![Page 6: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/6.jpg)
DoweneedallthesedifferentISAs?
Musttheybeproprietary?
WhatiftherewereonefreeandopenISAeveryonecoulduseforeverything?
![Page 7: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/7.jpg)
ISAsshouldbeFreeandOpen
• WhileISAsmaybeproprietaryforhistoricalorbusinessreasons,thereisnogoodtechnicalreasonforthelackoffree,openISAs• It’snotanerrorofomission• Norisitbecausethecompaniesdomostofthesoftwaredevelopment• NeitherdocompaniesexclusivelyhavetheexperienceneededtodesignacompetentISA• NorarethemostpopularISAswonderfulISAs• NeithercanonlycompaniesverifyISAcompatibility• Finally,proprietaryISAsarenotguaranteedtolast
![Page 8: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/8.jpg)
BenefitsofaViableFreeandOpenISA
• Greaterinnovationviafree-marketcompetition frommanycoredesigners,closed-sourceandopen-source• Sharedopencoredesigns,shortertimetomarket,lowercostfromreuse,fewererrorsgivenmoreeyeballs• Processorsbecomingaffordableformoredevices,whichwouldhelpexpandtheInternetofThings(IoTs),whichcouldcostaslittleas$1• Softwarestackssurviveforlongtime upgradesoftwareonsystemsembeddedinconcrete50yearsago• Makearchitectureresearchandeducationmorereal withfullyopenhardwareandsoftwarestacks
![Page 9: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/9.jpg)
RISC-VOrigins
• In2010,aftermanyyearsandmanyprojectsusingMIPS,SPARC,andx86asbasisofresearch,itwastimefortheComputerScienceteamatUCBerkeleytolookatwhatISAstousefortheirnextsetofprojects• Obviouschoices:x86andARM• x86impossible– toocomplex,IPissues
![Page 10: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/10.jpg)
Intelx86“AAA”Instruction
• ASCIIAdjustAfterAddition• ALregisterisdefaultsourceanddestination• Ifthelownibbleis>9decimal,ortheauxiliarycarryflagAF=1,then• Add6tothelownibbleofALanddiscardoverflow• IncrementhighbyteofAL• SetCFandAF
• Else• CF=AF=0
• Asingle-byteinstruction
![Page 11: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/11.jpg)
RISC-VOrigins
• In2010,aftermanyyearsandmanyprojectsusingMIPS,SPARC,andx86asbasisofresearch,itwastimefortheComputerScienceteamatUCBerkeleytolookatwhatISAstousefortheirnextsetofprojects• Obviouschoices:x86andARM• x86impossible– toocomplex,IPissues• ARMmostlyimpossible– complex,IPissues
• UCBerkeleystarteda“3-monthproject”duringsummerof2010todeveloptheirownclean-slateISA• AndrewWaterman,YunsupLee,DavePatterson,KrsteAsanovicprincipaldesigners
![Page 12: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/12.jpg)
RISC-VBackground(cont’d)
• Fouryearslater,inMayof2014,UCBerkeleyreleasedfrozenbaseuserspec• Manychiptapeoutsandseveralresearchpublicationsalongtheway
• ThenameRISC-V(pronouncedrisk-five),waschosentorepresentthefifthmajorRISCISAdesigneffortatUCBerkeley• RISC-I,RISC-II,SOAR,andSPURwerethefirstfourwiththeoriginalRISC-Ipublicationsdatingbackto1981
• InAugust2015,articlesofincorporationwerefiledtocreateanon-profitRISC-VFoundationtogoverntheISA
![Page 13: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/13.jpg)
RISC-VisNOTanOpen-SourceProcessor
• RISC-VisanISAspecification– NOTanopen-sourceprocessorcore• Mostofthecostofchipdesign isinsoftware,sowewanttomakesuresoftwarecanbereusedacrossmanychipdesigns• TheFoundationwillencouragebothopen-sourceandproprietaryimplementationsoftheRISC-VISAspecification
![Page 14: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/14.jpg)
UCBerkeleyRISC-VCores:Raven-1 Raven-2
Raven-3
Raven-4
EOS14
EOS16
EOS18
EOS20
2011 2012 2013 2014 2015
May Apr Aug Feb Jul Sep Mar Nov Mar
EOS:IBM45nmSOIRaven:ST28nmFDSOIHurricane:ST28nmFDSOISWERVE:TSMC28nm
SWERVE
EOS22EOS24
1GHz50+DPGFLOPS/W
1.65GHz14DPGFLOPS/W
Hurricane-1
2016
![Page 15: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/15.jpg)
IndustrialSupport– PlatinumFoundingMembers
![Page 16: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/16.jpg)
IndustrialSupport– Gold,Silver,AuditorFoundingMembers
RumbleDevelopment
![Page 17: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/17.jpg)
TheRISC-VISA
• RV32,RV64,RV128variantsfor32b,64b,128baddressspacesdefined• BaseISAonly<50integerinstructions,butsupportscompiler,linker,OS,etc.• Extensionsprovidefullgeneral-purposeISA,includingIEEE-754/2008floating-point• ComparableISA-levelmetricstootherRISCs• Designedforextension,customization• Twelve64-bitsiliconprototypeimplementationscompletedatBerkeleysofar(45nm,28nm)
![Page 18: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/18.jpg)
RISC-VStandardBaseISADetails
• 32-bit,fixed-width,naturallyalignedinstructions• 31integerregistersx1-x31,plusx0zeroregister• rd/rs1/rs2infixedlocation,noimplicitregisters• Immediatefield(instr[31])alwayssign-extended• Floating-pointaddsf0-f31registersplusFPCSR,alsofusedmul-addfour-registerformat• DesignedtosupportPICanddynamiclinking
![Page 19: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/19.jpg)
RV64GDefinition
• G=I,M,A,F,D• I = BaseIntegerISA• M = StandardIntegerMultiplication/DivisionExtension• A = StandardAtomicsExtension• F = StandardSingle-precisionFloating-pointextension• D = StandardDouble-precisionfloating-pointextension
• Thisisthestandard,generalpurposeversionoftheISA,whatisimplementedinQEMU
![Page 20: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/20.jpg)
RISC-VPrivilegedSpecification
• FourPrivilegeModes:User,Supervisor,Hypervisor,Machine• MachineModerequired• Common:ProvideM,S,UforrunningUnix-likeOSes(QEMUdoesthis)• VirtualMemoryArchitecturedesignedtosupportcurrentUnix-likeoperatingsystems• Sv39(RV64)• Demand-paged39-bitvirtual-addressspaces• 3-levelpagetable• 4KiBpages,2MiBmegapages,1GiBgigapages
• AlsoSv32(RV32)andSv48,Sv57,Sv64(RV64)
![Page 21: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/21.jpg)
RISC-VVirtualization
• ISAdesignedwithvirtualizationin-mindfromthebeginning,evenwhenonlyusingU+S+Mmodes• “Theprivilegedarchitectureisdesignedtosimplifytheuseofclassicvirtualizationtechniques,whereaguestOSisrunatuser-level,asthefewprivilegedinstructionscanbeeasilydetectedandtrapped.”– RISC-VPrivilegedArchitecturev1.9Manual
• AvoidingSomeClassicalVirtualizationPitfalls…
![Page 22: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/22.jpg)
HandlingSensitive,butUnprivilegedInstructions• Inx86,fortheoriginalVMware– “TableIIliststhe[19]instructionsofthex86architecturethatunfortunatelyviolatedPopekandGoldberg’sruleandhencemadethex86non-virtualizeable”1
• InRISC-V,no“hidden”privilegedstatereads/writes• Smallsetofprivilegedinstructionsthatcanmodifyspaceofprivilegedstate(ControlStatusRegisters,orCSRs)
1.E.Bugnion,S.Devine,M.Rosenblum,J.Sugerman,andE.Y.Wang.2012.BringingVirtualizationtothex86ArchitecturewiththeOriginalVMwareWorkstation. ACMTrans.Comput.Syst. 30,4,Article12(November2012),51pages.
![Page 23: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/23.jpg)
TrackingChangesinVirtualMachineMemory
• Inx86,fortheoriginalVMware– “…privilegedhardwareregisterscontaintheaddressofsegmentdescriptortablesandpagetables...but regularloadandstoreinstructionscanaccessthesestructuresinmemory.”1
• InRISC-V,stilluseregularloads/storestomodifymemorymanagementstate• PrivilegedSFENCE.VM instructionrequiredbyspec.aftermodifyingmemorymanagementstate
1.E.Bugnion,S.Devine,M.Rosenblum,J.Sugerman,andE.Y.Wang.2012.BringingVirtualizationtothex86ArchitecturewiththeOriginalVMwareWorkstation. ACMTrans.Comput.Syst. 30,4,Article12(November2012),51pages.
![Page 24: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/24.jpg)
VirtualizingSegmentation
• Inx86,fortheoriginalVMware– Complicatedinteractionsbetweensegmentdescriptortablesandsegmentregisters,withvisibleandhiddenfields.Hiddenpiecesupdatedbyinstructionsorfaults.CausesproblemswithextrafaultsintroducedbyaVMM.1
• InRISC-V,nox86-stylesegmentation• Limitedbase-and-boundsmodewith2“segments”• Mostsoftwarewillusepaginginstead
1.E.Bugnion,S.Devine,M.Rosenblum,J.Sugerman,andE.Y.Wang.2012.BringingVirtualizationtothex86ArchitecturewiththeOriginalVMwareWorkstation. ACMTrans.Comput.Syst. 30,4,Article12(November2012),51pages.
![Page 25: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/25.jpg)
RISC-VVirtualizationStacks
• Providecleansplitbetweenlayersofthesoftwarestack• ApplicationcommunicateswithApplicationExecutionEnvironment(AEE)viaApplicationBinaryInterface(ABI)• OScommunicatesviaSupervisorExecutionEnvironment(SEE)viaSystemBinaryInterface(SBI)• HypervisorcommunicatesviaHypervisorBinaryInterface(HBI)toHypervisorExecutionEnvironment(HEE)• AlllevelsoftheISAdesignedtosupportvirtualization
2 1.1draft: Volume II: RISC-V Privileged Architectures
ApplicationABIAEE
ApplicationABI
OSSBISEE
ApplicationABI
SBIHypervisor
ApplicationABI
OS
ApplicationABI
ApplicationABI
OS
ApplicationABI
SBI
HBIHEE
Figure 1.1: Di↵erent implementation stacks supporting various forms of privileged execution.
the OS, which provides the AEE. Just as applications interface with an AEE via an ABI, RISC-Voperating systems interface with a supervisor execution environment (SEE) via a supervisor binaryinterface (SBI). An SBI comprises the user-level and supervisor-level ISA together with a set ofSBI function calls. Using a single SBI across all SEE implementations allows a single OS binaryimage to run on any SEE. The SEE can be a simple boot loader and BIOS-style IO system in alow-end hardware platform, or a hypervisor-provided virtual machine in a high-end server, or athin translation layer over a host operating system in an architecture simulation environment.
The rightmost configuration shows a virtual machine monitor configuration where multiple multi-programmed OSs are supported by a single hypervisor. Each OS communicates via an SBI with thehypervisor, which provides the SEE. The hypervisor communicates with the hypervisor executionenvironment (HEE) using a hypervisor binary interface, to isolate the hypervisor from details ofthe hardware platform.
Our graphical convention represents abstract interfaces using black boxes with white text, toseparate them from actual components.
The various ABI, SBI, and HBIs are still a work-in-progress, but we anticipate the SBI and HBIto support devices via virtualized device interfaces similar to virtio [2], and to support devicediscovery. In this manner, only one set of device drivers need be written that can support anyOS or hypervisor, and which can also be shared with the boot environment.
Hardware implementations of the RISC-V ISA will generally require additional features beyond theprivileged ISA to support the various execution environments (AEE, SEE, or HEE), but these weconsider separately as part of a hardware abstraction layer (HAL), as shown in Figure 1.2. Note
ApplicationABIAEEHAL
Hardware
ApplicationABI
OSSBISEE
ApplicationABI
HALHardware
SBIHypervisor
ApplicationABI
OS
ApplicationABI
ApplicationABI
OS
ApplicationABI
SBI
HBIHEE
HardwareHAL
Figure 1.2: Hardware abstraction layers (HALs) abstract underlying hardware platforms from theexecution environments.
![Page 26: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/26.jpg)
RISC-VHypervisorSpecification- WIP
• CurrentprivilegeddesigncanhaveanM-modemonitorthatprovidesphysicalresourcepartitioning,canactassimplehypervisor• UpcomingHypervisorExtensionSpecificationfor“full”Hypervisors• Rightnow,anemptyslotintheprivilegedspecification
• Wanttogetinvolved?• HypervisorSpecificationDraftwillmaketheroundssoononisa-dev@groups.riscv.org mailinglist
![Page 27: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/27.jpg)
TheRISC-VEcosystem
• SoftwareTools• GCC/glibc/GDB• LLVM/Clang• Linux• Yocto• VerificationSuite
• HardwareTools• ZynqFPGAInfrastructure• Chisel
• SoftwareImplementations• Spike,“Golden-standard”ISASimulator• ANGEL,JavaScriptISASimulator• QEMU
• HardwareImplementations• RocketChipGenerator
• RV64Gsingle-issuein-orderpipeline• SodorProcessorCollection• BOOM(BerkeleyOut-of-OrderMachine)
github.com/riscvandgithub.com/ucb-bar
![Page 28: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/28.jpg)
RISC-VTargetsupportforQEMU
• Maintainedathttps://github.com/riscv/riscv-qemu• QEMUfull-systememulation• QEMUonmodernx86iscurrentlythefastestRISC-Vimplementation• AbighelpinRISC-Vsoftwaredevelopment
![Page 29: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/29.jpg)
Spike QEMU
![Page 30: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/30.jpg)
TimelineofRISC-V“Firsts”
2014 2015 2016
riscv-qemuWorkStarted
1st LinuxBootonQEMU
FastestRISC-VImplementation
1st RISC-VImplementation
w/TCP/IPNetworking
1st PythonBringuponRISC-V
1st JavaBringuponRISC-V(HotspotZeroJVM)
1st RISC-VCoreBuiltonRISC-VSystem
withChisel
…allonQEMU!
![Page 31: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/31.jpg)
RISC-VChipDevelopmentonRISC-V
+4
Instruction Mem
RegFile
IType SignExtend
DecoderData Mem
ir[24:20]
branch
pc+4
pc_s
el
ir[31:20]
rs1
ALU
ControlSignals
wb_s
el
RegFile
rf_we
n
val
mem
_rw
PC
mem
_val
addrwdata
rdata
Inst
JumpTargGen
BranchTargGen
ir[19:15]
ir[31:25],ir[11:7]
PC+4jalr
rs2
BranchCondGen
br_eq?br_lt?
co-p
roce
ssor
(CSR
) reg
ister
s
ir[11
:7]
jump
ir[31:12]
Execute Stage
br_ltu?PC
addr
ir[31:12]
JumpRegTargGen
Op2Sel
Op1SelAluFun
data
wa
wd
en
addr data
UType
Note: for simplicity, the CSR File (control and status registers) and associated datapath is not shown
RISC-V Sodor 1-Stage
exception
SType SignExtend
ir[31:20]
PC
rs2rs1
rs2
BuildscreenshotcourtesyMichaelKnyszek
![Page 32: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/32.jpg)
TimelineofRISC-V“Firsts”
2014 2015 2016
riscv-qemuWorkStarted
1st LinuxBootonQEMU
FastestRISC-VImplementation
1st RISC-VImplementation
w/TCP/IPNetworking
1st PythonBringuponRISC-V
1st JavaBringuponRISC-V(HotspotZeroJVM)
1st RISC-VCoreBuiltonRISC-VSystem
withChisel
QEMURISC-V
Priv.Spec1.7Bump
QEMURISC-V
Priv.Spec1.9Bump
UpstreamingBegins
…allonQEMU!
1st RISC-VSystem
w/RemoteGDB
![Page 33: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/33.jpg)
RISC-VTargetsupportforQEMU
• RISC-Vsupportstartedin2014,evolvesastheISAdoes• SupportsRV64IMAFD(“RV64G”)Full-systememulation• UserISAsupportlargelyunchangedsincethen(currentlyv2.0)• PrivilegedISAnearingstandardization(currentlyv1.9)
• FuturePriv.SpecupgradestoQEMUmuchsimplerduetostructuralsimilarityofpriv.modeemulationcodewithSpike• Pre-1.7->1.7bump,~1month• 1.7->1.9bump,3days
• I/Ocurrentlylimitedto“Host-TargetInterface”(HTIF)devices• EnoughtobootLinux,interactthroughconsole• Otherdevicespreviouslyshoehornedin(networking,displays,consoles)
• Mainlywaitingonplatformstandardizationandsoftwaresupport
![Page 34: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/34.jpg)
hw/riscv/riscv_board.c
• Reference“board”designedtomatchSpike• Providessimplehardware,config:• HTIF-basedconsole(simple,non-standardconsoledeviceforearlyboot)• “Loopback”SoftwareInterruptEmulation• RTC/TimerscompliantwithRISC-Vv1.9privilegedspecification• ResetVector(BootROM)• ConfigurationString
0x8000_0000
0x0000_0000
0x0000_1000
0x4000_0000
... DRAM ...
Conf. StringReset Vector
RTCTimers
DRAM Base
DRAM Top
SoftInt Emu.
Base + Size
High
![Page 35: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/35.jpg)
I/O:HTIF(old),Debug(new)
• Host-TargetInterface(HTIF)isarelicofBerkeleyTestChips• Two64-bitregisters,fromhostandtohost• Formerlyprovidednetwork,blockdevice,console,nowusedonlyforconsole,signalingtestcompletion• Debugging:HTIFbeingphasedoutonrealhardware,replacedwithdraftDebugUnitspecification(willbestandardized)• I/O:Realhardware/softwaresimulatorswillalsophaseoutHTIFandmovetostandarddevicesassoftwaresupportprogresses
![Page 36: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/36.jpg)
SoftwareStackinsideRISC-VQEMU
• M-moderunssecurebootandmonitor(currentlybbl)• S-moderunsOS(OSalwaysrunsvirtualized)• U-moderunsapplicationontopofOSorM-mode
M-modemonitor
U-modesystemprocess
S-modeOS
Device2Interrupts
Device1Interrupts
OtherInterrupts
U-modeapp
![Page 37: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/37.jpg)
BootUp
BinarysuppliedtoQEMUcontains:• bbl – “BerkeleyBootLoader”performsMachine-Modemanagementofthesystem,exposesSBItoOSes• vmlinux – Linuxkernelaspayloadforbbl• Includesaramdiskforrootfs (currentlylimiteddevicesupport)
Systembootsintohardcodedbootrom,jumpstobbl,bbl initializesthesysteminM-mode,setsupSupervisorExecutionEnvironment(SEE),thenloadsandrunssuppliedkernel,e.g.Linux
![Page 38: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/38.jpg)
Testing/Debugging
• TheusualGDB,bruteforce,etc• Passestheriscv-testsstandardtestsuite• BootsLinux
• Withreasonablylargesoftwarestacksontop– Python,Java,etc.
• Fuzztestingagainstthe“GoldenStandard”
![Page 39: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/39.jpg)
FuzzTestingwithriscv-torture• Generatesarandomsequenceofinstructionsbasedonsuppliedparameters(%ofmeminstructions,floatingpointinstructions,integerinstructions,etc.)• RunscodeonSpikeandotherimplementationofyourchoice
• Spikeisthe“GoldenReference”RISC-VSimulator,writtenbytheauthorsoftheRISC-VSpecs
• Dumpregisterstateattheendandcompare• Onfailure,binarysearchtopinpointinstructionwherethingsgowrong• Scriptsforrunningriscv-tortureonQEMUavailableathttps://github.com/sagark/riscv-qemu-torture• Accumulated384hoursoffailure-freetestingsinceAugustPriv.1.9update!
![Page 40: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/40.jpg)
target-riscv SLoC*
• ARM- 45,438• MIPS- 37,501• x86- 30,437• RISC-V- 5,074
![Page 41: QEMU Support for the RISC-V Instruction Set Architecture](https://reader034.fdocuments.in/reader034/viewer/2022051506/58919c9d1a28ab84438c26ba/html5/thumbnails/41.jpg)
WorkinProgress/TODOs
• Functionality:Standarddevicesupport(comboofQEMU+Linux)• Upstreaming!– planningtostartinmid-September
• SubmittedagiantpatchinFebruaryasproof-of-existenceforgauginginterestinGSoC
• Somecleanupbasedongiant-patchfeedbackdone(e.g.usebuilt-inFPU)• LatestRISC-VPrivilegedSpec.v1.9bumpdone• TODO:
• Morecleanupbasedongiant-patchfeedback,checkpatch• Rebasetomaster(currentlyv2.5.0)• Small,logicalpatches
• Future:• SupportotherISAvariants,likeRV32,CompressedISA,QEMULinux-UserMode