qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RFC PATCH v1 0/2] riscv: Add preliminary custom instruction support


From: Ruinland Chuan-Tzu Tsai
Subject: [RFC PATCH v1 0/2] riscv: Add preliminary custom instruction support
Date: Thu, 21 Oct 2021 23:13:41 +0800

Hi Alistair, Bin and all,

This patchset is based on the V5 patch of custom CSR support.
It demonstrates how Andes intends to use custom CSR by revealing how
Andes CoDense Extension(c), exec.it, uses a custom CSR, uitb, to
execute an instruction mapped by either user code or firmware.

To accomplish such features, we bumped into obstacles which lead us
to expose DisasContext and we feel the urge to reuse riscv_csrrw() as
a "general" API to access either custom or standard CSR.

Furthermore, since Andes Performance Extension(c) instructions, e.g.
bfoz/bfos has the same opcode with different encoding of bitfields on
RV32 and RV64, also, it's highly likely that some custom instruction
might only appear in either RV32 or RV64 (e.g. PULP is RV32 only),
we'd suggest to give some leeway to use `when: TARGET_RISCV32/64`
directive to toggle custom decoder in `target/riscv/meson.build`.

= = = =

How to test - -

/* payload.S */
addi t1,zero,1
.word 0x0013235b # bfoz t1,t1,0,1
addi t1,zero,-1
.word 0x0413335b # bfos t1,t1,1,1

/* test.c */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/mman.h>

int main(int ac, char *av[]) {

    int efd = open("./payload.bin", O_RDONLY);
    void* exec_heap = mmap(0, 1024, PROT_READ | PROT_WRITE | PROT_EXEC, 
MAP_PRIVATE, efd, 0);

    __asm__("csrrw x0, 0x800, %0"::"r" (exec_heap));
    __asm__(".hword 0x8000"); // exec.it exec_heap
    __asm__(".hword 0x8010"); // exec.it exec_heap+4
    __asm__("csrrw x0, 0x800, %0"::"r" ((char *)exec_heap+0x8));
    __asm__(".hword 0x8000"); // exec.it exec_heap+0x8
    __asm__(".hword 0x8010"); // exec.it exec_heap+0x12

    close(efd);

    return 0;
    }

= = = =

$ riscv64-linux-gcc -g3 -O0 -fno-builtin -static ./test.c -o ./test
$ riscv64-linux-as ./payload.S -o ./payload.o
$ riscv64-linux-objcopy -O binary ./payload.o ./payload.bin
$ qemu-riscv64 -g 1234 ./test &
$ gdb-multiarch ./test -ex 'target remote localhost:1234' -ex 'b main' -ex 'c'
# You can single step through the custom instructions and witness the
change on $t1.

Cordially yours,
Ruinland Chuan-Tzu Tsai

Ruinland Chuan-Tzu Tsai (2):
  riscv: Add preliminary infra for custom instrcution handling
  Enable custom instruction suport for Andes A25 and AX25 CPU model

 target/riscv/andes_codense.decode         |  23 +++++
 target/riscv/andes_custom_rv32.decode     |  27 +++++
 target/riscv/andes_custom_rv64.decode     |  27 +++++
 target/riscv/andes_helper.c               |  49 +++++++++
 target/riscv/andes_helper.h               |   1 +
 target/riscv/cpu.c                        |  33 ++++++-
 target/riscv/helper.h                     |   2 +
 target/riscv/insn_trans/trans_andes.c.inc | 115 ++++++++++++++++++++++
 target/riscv/meson.build                  |  13 +++
 target/riscv/translate.c                  |  90 ++++++++++++++---
 10 files changed, 362 insertions(+), 18 deletions(-)
 create mode 100644 target/riscv/andes_codense.decode
 create mode 100644 target/riscv/andes_custom_rv32.decode
 create mode 100644 target/riscv/andes_custom_rv64.decode
 create mode 100644 target/riscv/andes_helper.c
 create mode 100644 target/riscv/andes_helper.h
 create mode 100644 target/riscv/insn_trans/trans_andes.c.inc

-- 
2.25.1




reply via email to

[Prev in Thread] Current Thread [Next in Thread]