Skip to content

Latest commit

 

History

History
200 lines (150 loc) · 7.39 KB

debug-integration.adoc

File metadata and controls

200 lines (150 loc) · 7.39 KB

Integrating {cheri_base_ext_name} with Sdext

This section describes changes to integrate the Sdext ISA and {cheri_base_ext_name}. It must be implemented to make external debug compatible with {cheri_base_ext_name}. Modifications to Sdext are kept to a minimum.

The following features, which are optional in Sdext, must be implemented for use with {cheri_base_ext_name}:

  • The hartinfo register must be implemented.

  • All harts which support {cheri_base_ext_name} must provide hartinfo.nscratch of at least 1 and implement the dscratch0c register.

  • All harts which support {cheri_base_ext_name} must provide hartinfo.datasize of at least 1 and hartinfo.dataaccess of 0.

  • The program buffer must be implemented, with abstractcs.progbufsize of at least 4 if dmstatus.impebreak is 1, or at least 5 if dmstatus.impebreak is 0.

Note

These requirements allow a debugger to read and write capabilities in integer registers without disturbing other registers. These requirements may be relaxed if some other means of accessing capabilities in integer registers, such as an extension of the Access Register abstract command, is added. The following sequences demonstrate how a debugger can read and write a capability in c1 if MXLEN is 64, hartinfo.dataaccess is 0, hartinfo.dataaddr is 0xBF0, hartinfo.datasize is 1, dmstatus.impebreak is 0, and abstractcs.progbufsize is 5:

# Read the high MXLEN bits into data0-data1
csrrw  c2, dscratch0c, c2
gchi   x2, c1
csrw   0xBF0, x2
csrrw  c2, dscratch0c, c2
ebreak

# Read the tag into data0
csrrw  c2, dscratch0c, c2
gctag  x2, c1
csrw   0xBF0, x2
csrrw  c2, dscratch0c, c2
ebreak

# Write the high MXLEN bits from data0-data1
csrrw  c2, dscratch0c, c2
csrr   x2, 0xBF0
schi   c1, c1, x2
csrrw  c2, dscratch0c, c2
ebreak

# Write the tag (if nonzero)
csrrw   c2, dscratch0c, c2
csrr    c2, dinfc
cbld    c1, c2, c1
csrrw   c2, dscratch0c, c2
ebreak

The low MXLEN bits of a capability are read and written using normal Access Register abstract commands. If dscratch0c were known to be preserved between abstract commands, it would be possible to remove the requirements on hartinfo.datasize, hartinfo.dataaccess, and abstractcs.progbufsize, however there is no way to discover the former property.

Debug Mode

When executing code due to an abstract command, the hart stays in debug mode and the rules outlined in Section 4.1 of cite:[riscv-debug-spec] apply.

Core Debug Registers

{cheri_base_ext_name} renames and extends debug CSRs that are designated to hold addresses to be able to hold capabilities. The renamed debug CSRs are listed in [dcsrnames-renamed].

The [pcc] must grant [asr_perm] to access debug CSRs. This permission is automatically provided when the hart enters debug mode as described in the dpcc section. The [pcc] metadata can only be changed if the implementation supports executing control transfer instructions from the program buffer — this is an optional feature according to cite:[riscv-debug-spec].

Debug Program Counter (dpc)

The dpc register is as defined in cite:[riscv-debug-spec]. It is a DXLEN-bit register used as the PC saved when entering debug mode. dpc is extended into dpcc.

Debug program counter

img/dpcreg.edn

Debug Program Counter Capability (dpcc)

The dpcc register is a renamed extension to dpc that is able to hold a capability.

{TAG_RESET_CSR}

Debug program counter capability

img/dpccreg.edn

Upon entry to debug mode, cite:[riscv-debug-spec], does not specify how to update the PC, and says PC relative instructions may be illegal. This concept is extended to include any instruction which reads or updates [pcc], which refers to all jumps, conditional branches and [AUIPC]. The exceptions are [MODESW_CAP] and [MODESW_INT] which are supported if {cheri_default_ext_name} is implemented, see dinfc for details.

As a result, the value of [pcc] is UNSPECIFIED in debug mode according to this specification. The [pcc] metadata has no architectural effect in debug mode. Therefore [asr_perm] is implicitly granted for access to all CSRs and no CHERI instruction fetch faults are possible.

dpcc (and consequently dpc) are updated with the capability in [pcc] whose address field is set to the address of the next instruction to be executed as described in cite:[riscv-debug-spec] upon debug mode entry.

When leaving debug mode, the capability in dpcc is unsealed and written into [pcc]. A debugger may write dpcc to change where the hart resumes and its mode, permissions, sealing or bounds.

The legalisation of dpcc follows the same rules described for [mepcc].

Debug Scratch Register 0 (dscratch0)

The dscratch0 register is as defined in cite:[riscv-debug-spec]. It is an optional DXLEN-bit scratch register that can be used by implementations which need it. dscratch0 is extended into dscratch0c.

Debug scratch 0 register

img/dscratch0reg.edn

Debug Scratch Register 0 Capability (dscratch0c)

The dscratch0c register is a CLEN-bit plus tag bit renamed extension to dscratch0 that is able to hold a capability.

{TAG_RESET_CSR}

Debug scratch 0 capability register

img/dscratch0creg.edn

Debug Scratch Register 1 (dscratch1)

The dscratch1 register is as defined in cite:[riscv-debug-spec]. It is an optional DXLEN-bit scratch register that can be used by implementations which need it. dscratch1 is extended into dscratch1c.

Debug scratch 1 register

img/dscratch1reg.edn

Debug Scratch Register 1 Capability (dscratch1c)

The dscratch1c register is a CLEN-bit plus tag bit renamed extension to dscratch1 that is able to hold a capability.

{TAG_RESET_CSR}

Debug scratch 1 capability register

img/dscratch1creg.edn

Debug Infinite Capability Register (dinfc)

The dinfc register is a CLEN-bit plus tag bit CSR only accessible in debug mode.

The reset value is the [infinite-cap] capability.

If {cheri_default_ext_name} is implemented:

  • The [m_bit] is reset to {cheri_int_mode_name} ({INT_MODE_VALUE}).

  • The debugger can set the [m_bit] to {cheri_cap_mode_name} ({CAP_MODE_VALUE}) by executing [MODESW_CAP] from the program buffer

    • if [MODESW_CAP] is not supported in debug mode then the same can be done by reading the CSR, using [SCMODE] and then writing the CSR.

    • This only needs doing once after resetting the core.

  • The [m_bit] is used on debug mode entry to determine which CHERI execution mode to enter.

The [m_bit] is the only writeable field in dinfc:

  • It is only updated on a [CSRRW] write if the capability being written has a valid [m_bit].

  • If any other CSR instruction is used, or if the written [m_bit] is not valid then dinfc is not updated.

If {cheri_default_ext_name} is not implemented then dinfc is read-write with no writeable fields.

Note
 A future version of this specification may add writeable fields to allow creation of other capabilities, if, for example, a future extension requires multiple formats for the [infinite-cap] capability.
Debug infinite capability register

img/dinfcreg.edn