1 /*
2 * QEMU RISC-V Native Debug Support
3 *
4 * Copyright (c) 2022 Wind River Systems, Inc.
5 *
6 * Author:
7 * Bin Meng <bin.meng@windriver.com>
8 *
9 * This provides the native debug support via the Trigger Module, as defined
10 * in the RISC-V Debug Specification:
11 * https://github.com/riscv/riscv-debug-spec/raw/master/riscv-debug-stable.pdf
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms and conditions of the GNU General Public License,
15 * version 2 or later, as published by the Free Software Foundation.
16 *
17 * This program is distributed in the hope it will be useful, but WITHOUT
18 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
19 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
20 * more details.
21 *
22 * You should have received a copy of the GNU General Public License along with
23 * this program. If not, see <http://www.gnu.org/licenses/>.
24 */
25
26 #include "qemu/osdep.h"
27 #include "qemu/log.h"
28 #include "qapi/error.h"
29 #include "cpu.h"
30 #include "trace.h"
31 #include "exec/exec-all.h"
32 #include "exec/helper-proto.h"
33 #include "sysemu/cpu-timers.h"
34
35 /*
36 * The following M-mode trigger CSRs are implemented:
37 *
38 * - tselect
39 * - tdata1
40 * - tdata2
41 * - tdata3
42 * - tinfo
43 *
44 * The following triggers are initialized by default:
45 *
46 * Index | Type | tdata mapping | Description
47 * ------+------+------------------------+------------
48 * 0 | 2 | tdata1, tdata2 | Address / Data Match
49 * 1 | 2 | tdata1, tdata2 | Address / Data Match
50 */
51
52 /* tdata availability of a trigger */
53 typedef bool tdata_avail[TDATA_NUM];
54
55 static tdata_avail tdata_mapping[TRIGGER_TYPE_NUM] = {
56 [TRIGGER_TYPE_NO_EXIST] = { false, false, false },
57 [TRIGGER_TYPE_AD_MATCH] = { true, true, true },
58 [TRIGGER_TYPE_INST_CNT] = { true, false, true },
59 [TRIGGER_TYPE_INT] = { true, true, true },
60 [TRIGGER_TYPE_EXCP] = { true, true, true },
61 [TRIGGER_TYPE_AD_MATCH6] = { true, true, true },
62 [TRIGGER_TYPE_EXT_SRC] = { true, false, false },
63 [TRIGGER_TYPE_UNAVAIL] = { true, true, true }
64 };
65
66 /* only breakpoint size 1/2/4/8 supported */
67 static int access_size[SIZE_NUM] = {
68 [SIZE_ANY] = 0,
69 [SIZE_1B] = 1,
70 [SIZE_2B] = 2,
71 [SIZE_4B] = 4,
72 [SIZE_6B] = -1,
73 [SIZE_8B] = 8,
74 [6 ... 15] = -1,
75 };
76
extract_trigger_type(CPURISCVState * env,target_ulong tdata1)77 static inline target_ulong extract_trigger_type(CPURISCVState *env,
78 target_ulong tdata1)
79 {
80 switch (riscv_cpu_mxl(env)) {
81 case MXL_RV32:
82 return extract32(tdata1, 28, 4);
83 case MXL_RV64:
84 case MXL_RV128:
85 return extract64(tdata1, 60, 4);
86 default:
87 g_assert_not_reached();
88 }
89 }
90
get_trigger_type(CPURISCVState * env,target_ulong trigger_index)91 static inline target_ulong get_trigger_type(CPURISCVState *env,
92 target_ulong trigger_index)
93 {
94 return extract_trigger_type(env, env->tdata1[trigger_index]);
95 }
96
get_trigger_action(CPURISCVState * env,target_ulong trigger_index)97 static trigger_action_t get_trigger_action(CPURISCVState *env,
98 target_ulong trigger_index)
99 {
100 target_ulong tdata1 = env->tdata1[trigger_index];
101 int trigger_type = get_trigger_type(env, trigger_index);
102 trigger_action_t action = DBG_ACTION_NONE;
103
104 switch (trigger_type) {
105 case TRIGGER_TYPE_AD_MATCH:
106 action = (tdata1 & TYPE2_ACTION) >> 12;
107 break;
108 case TRIGGER_TYPE_AD_MATCH6:
109 action = (tdata1 & TYPE6_ACTION) >> 12;
110 break;
111 case TRIGGER_TYPE_INST_CNT:
112 case TRIGGER_TYPE_INT:
113 case TRIGGER_TYPE_EXCP:
114 case TRIGGER_TYPE_EXT_SRC:
115 qemu_log_mask(LOG_UNIMP, "trigger type: %d is not supported\n",
116 trigger_type);
117 break;
118 case TRIGGER_TYPE_NO_EXIST:
119 case TRIGGER_TYPE_UNAVAIL:
120 qemu_log_mask(LOG_GUEST_ERROR, "trigger type: %d does not exit\n",
121 trigger_type);
122 break;
123 default:
124 g_assert_not_reached();
125 }
126
127 return action;
128 }
129
build_tdata1(CPURISCVState * env,trigger_type_t type,bool dmode,target_ulong data)130 static inline target_ulong build_tdata1(CPURISCVState *env,
131 trigger_type_t type,
132 bool dmode, target_ulong data)
133 {
134 target_ulong tdata1;
135
136 switch (riscv_cpu_mxl(env)) {
137 case MXL_RV32:
138 tdata1 = RV32_TYPE(type) |
139 (dmode ? RV32_DMODE : 0) |
140 (data & RV32_DATA_MASK);
141 break;
142 case MXL_RV64:
143 case MXL_RV128:
144 tdata1 = RV64_TYPE(type) |
145 (dmode ? RV64_DMODE : 0) |
146 (data & RV64_DATA_MASK);
147 break;
148 default:
149 g_assert_not_reached();
150 }
151
152 return tdata1;
153 }
154
tdata_available(CPURISCVState * env,int tdata_index)155 bool tdata_available(CPURISCVState *env, int tdata_index)
156 {
157 int trigger_type = get_trigger_type(env, env->trigger_cur);
158
159 if (unlikely(tdata_index >= TDATA_NUM)) {
160 return false;
161 }
162
163 return tdata_mapping[trigger_type][tdata_index];
164 }
165
tselect_csr_read(CPURISCVState * env)166 target_ulong tselect_csr_read(CPURISCVState *env)
167 {
168 return env->trigger_cur;
169 }
170
tselect_csr_write(CPURISCVState * env,target_ulong val)171 void tselect_csr_write(CPURISCVState *env, target_ulong val)
172 {
173 if (val < RV_MAX_TRIGGERS) {
174 env->trigger_cur = val;
175 }
176 }
177
tdata1_validate(CPURISCVState * env,target_ulong val,trigger_type_t t)178 static target_ulong tdata1_validate(CPURISCVState *env, target_ulong val,
179 trigger_type_t t)
180 {
181 uint32_t type, dmode;
182 target_ulong tdata1;
183
184 switch (riscv_cpu_mxl(env)) {
185 case MXL_RV32:
186 type = extract32(val, 28, 4);
187 dmode = extract32(val, 27, 1);
188 tdata1 = RV32_TYPE(t);
189 break;
190 case MXL_RV64:
191 case MXL_RV128:
192 type = extract64(val, 60, 4);
193 dmode = extract64(val, 59, 1);
194 tdata1 = RV64_TYPE(t);
195 break;
196 default:
197 g_assert_not_reached();
198 }
199
200 if (type != t) {
201 qemu_log_mask(LOG_GUEST_ERROR,
202 "ignoring type write to tdata1 register\n");
203 }
204
205 if (dmode != 0) {
206 qemu_log_mask(LOG_UNIMP, "debug mode is not supported\n");
207 }
208
209 return tdata1;
210 }
211
warn_always_zero_bit(target_ulong val,target_ulong mask,const char * msg)212 static inline void warn_always_zero_bit(target_ulong val, target_ulong mask,
213 const char *msg)
214 {
215 if (val & mask) {
216 qemu_log_mask(LOG_UNIMP, "%s bit is always zero\n", msg);
217 }
218 }
219
do_trigger_action(CPURISCVState * env,target_ulong trigger_index)220 static void do_trigger_action(CPURISCVState *env, target_ulong trigger_index)
221 {
222 trigger_action_t action = get_trigger_action(env, trigger_index);
223
224 switch (action) {
225 case DBG_ACTION_NONE:
226 break;
227 case DBG_ACTION_BP:
228 riscv_raise_exception(env, RISCV_EXCP_BREAKPOINT, 0);
229 break;
230 case DBG_ACTION_DBG_MODE:
231 case DBG_ACTION_TRACE0:
232 case DBG_ACTION_TRACE1:
233 case DBG_ACTION_TRACE2:
234 case DBG_ACTION_TRACE3:
235 case DBG_ACTION_EXT_DBG0:
236 case DBG_ACTION_EXT_DBG1:
237 qemu_log_mask(LOG_UNIMP, "action: %d is not supported\n", action);
238 break;
239 default:
240 g_assert_not_reached();
241 }
242 }
243
244 /*
245 * Check the privilege level of specific trigger matches CPU's current privilege
246 * level.
247 */
trigger_priv_match(CPURISCVState * env,trigger_type_t type,int trigger_index)248 static bool trigger_priv_match(CPURISCVState *env, trigger_type_t type,
249 int trigger_index)
250 {
251 target_ulong ctrl = env->tdata1[trigger_index];
252
253 switch (type) {
254 case TRIGGER_TYPE_AD_MATCH:
255 /* type 2 trigger cannot be fired in VU/VS mode */
256 if (env->virt_enabled) {
257 return false;
258 }
259 /* check U/S/M bit against current privilege level */
260 if ((ctrl >> 3) & BIT(env->priv)) {
261 return true;
262 }
263 break;
264 case TRIGGER_TYPE_AD_MATCH6:
265 if (env->virt_enabled) {
266 /* check VU/VS bit against current privilege level */
267 if ((ctrl >> 23) & BIT(env->priv)) {
268 return true;
269 }
270 } else {
271 /* check U/S/M bit against current privilege level */
272 if ((ctrl >> 3) & BIT(env->priv)) {
273 return true;
274 }
275 }
276 break;
277 case TRIGGER_TYPE_INST_CNT:
278 if (env->virt_enabled) {
279 /* check VU/VS bit against current privilege level */
280 if ((ctrl >> 25) & BIT(env->priv)) {
281 return true;
282 }
283 } else {
284 /* check U/S/M bit against current privilege level */
285 if ((ctrl >> 6) & BIT(env->priv)) {
286 return true;
287 }
288 }
289 break;
290 case TRIGGER_TYPE_INT:
291 case TRIGGER_TYPE_EXCP:
292 case TRIGGER_TYPE_EXT_SRC:
293 qemu_log_mask(LOG_UNIMP, "trigger type: %d is not supported\n", type);
294 break;
295 case TRIGGER_TYPE_NO_EXIST:
296 case TRIGGER_TYPE_UNAVAIL:
297 qemu_log_mask(LOG_GUEST_ERROR, "trigger type: %d does not exist\n",
298 type);
299 break;
300 default:
301 g_assert_not_reached();
302 }
303
304 return false;
305 }
306
307 /* Common matching conditions for all types of the triggers. */
trigger_common_match(CPURISCVState * env,trigger_type_t type,int trigger_index)308 static bool trigger_common_match(CPURISCVState *env, trigger_type_t type,
309 int trigger_index)
310 {
311 return trigger_priv_match(env, type, trigger_index);
312 }
313
314 /* type 2 trigger */
315
type2_breakpoint_size(CPURISCVState * env,target_ulong ctrl)316 static uint32_t type2_breakpoint_size(CPURISCVState *env, target_ulong ctrl)
317 {
318 uint32_t sizelo, sizehi = 0;
319
320 if (riscv_cpu_mxl(env) == MXL_RV64) {
321 sizehi = extract32(ctrl, 21, 2);
322 }
323 sizelo = extract32(ctrl, 16, 2);
324 return (sizehi << 2) | sizelo;
325 }
326
type2_breakpoint_enabled(target_ulong ctrl)327 static inline bool type2_breakpoint_enabled(target_ulong ctrl)
328 {
329 bool mode = !!(ctrl & (TYPE2_U | TYPE2_S | TYPE2_M));
330 bool rwx = !!(ctrl & (TYPE2_LOAD | TYPE2_STORE | TYPE2_EXEC));
331
332 return mode && rwx;
333 }
334
type2_mcontrol_validate(CPURISCVState * env,target_ulong ctrl)335 static target_ulong type2_mcontrol_validate(CPURISCVState *env,
336 target_ulong ctrl)
337 {
338 target_ulong val;
339 uint32_t size;
340
341 /* validate the generic part first */
342 val = tdata1_validate(env, ctrl, TRIGGER_TYPE_AD_MATCH);
343
344 /* validate unimplemented (always zero) bits */
345 warn_always_zero_bit(ctrl, TYPE2_MATCH, "match");
346 warn_always_zero_bit(ctrl, TYPE2_CHAIN, "chain");
347 warn_always_zero_bit(ctrl, TYPE2_ACTION, "action");
348 warn_always_zero_bit(ctrl, TYPE2_TIMING, "timing");
349 warn_always_zero_bit(ctrl, TYPE2_SELECT, "select");
350 warn_always_zero_bit(ctrl, TYPE2_HIT, "hit");
351
352 /* validate size encoding */
353 size = type2_breakpoint_size(env, ctrl);
354 if (access_size[size] == -1) {
355 qemu_log_mask(LOG_UNIMP, "access size %d is not supported, using "
356 "SIZE_ANY\n", size);
357 } else {
358 val |= (ctrl & TYPE2_SIZELO);
359 if (riscv_cpu_mxl(env) == MXL_RV64) {
360 val |= (ctrl & TYPE2_SIZEHI);
361 }
362 }
363
364 /* keep the mode and attribute bits */
365 val |= (ctrl & (TYPE2_U | TYPE2_S | TYPE2_M |
366 TYPE2_LOAD | TYPE2_STORE | TYPE2_EXEC));
367
368 return val;
369 }
370
type2_breakpoint_insert(CPURISCVState * env,target_ulong index)371 static void type2_breakpoint_insert(CPURISCVState *env, target_ulong index)
372 {
373 target_ulong ctrl = env->tdata1[index];
374 target_ulong addr = env->tdata2[index];
375 bool enabled = type2_breakpoint_enabled(ctrl);
376 CPUState *cs = env_cpu(env);
377 int flags = BP_CPU | BP_STOP_BEFORE_ACCESS;
378 uint32_t size;
379
380 if (!enabled) {
381 return;
382 }
383
384 if (ctrl & TYPE2_EXEC) {
385 cpu_breakpoint_insert(cs, addr, flags, &env->cpu_breakpoint[index]);
386 }
387
388 if (ctrl & TYPE2_LOAD) {
389 flags |= BP_MEM_READ;
390 }
391 if (ctrl & TYPE2_STORE) {
392 flags |= BP_MEM_WRITE;
393 }
394
395 if (flags & BP_MEM_ACCESS) {
396 size = type2_breakpoint_size(env, ctrl);
397 if (size != 0) {
398 cpu_watchpoint_insert(cs, addr, size, flags,
399 &env->cpu_watchpoint[index]);
400 } else {
401 cpu_watchpoint_insert(cs, addr, 8, flags,
402 &env->cpu_watchpoint[index]);
403 }
404 }
405 }
406
type2_breakpoint_remove(CPURISCVState * env,target_ulong index)407 static void type2_breakpoint_remove(CPURISCVState *env, target_ulong index)
408 {
409 CPUState *cs = env_cpu(env);
410
411 if (env->cpu_breakpoint[index]) {
412 cpu_breakpoint_remove_by_ref(cs, env->cpu_breakpoint[index]);
413 env->cpu_breakpoint[index] = NULL;
414 }
415
416 if (env->cpu_watchpoint[index]) {
417 cpu_watchpoint_remove_by_ref(cs, env->cpu_watchpoint[index]);
418 env->cpu_watchpoint[index] = NULL;
419 }
420 }
421
type2_reg_write(CPURISCVState * env,target_ulong index,int tdata_index,target_ulong val)422 static void type2_reg_write(CPURISCVState *env, target_ulong index,
423 int tdata_index, target_ulong val)
424 {
425 target_ulong new_val;
426
427 switch (tdata_index) {
428 case TDATA1:
429 new_val = type2_mcontrol_validate(env, val);
430 if (new_val != env->tdata1[index]) {
431 env->tdata1[index] = new_val;
432 type2_breakpoint_remove(env, index);
433 type2_breakpoint_insert(env, index);
434 }
435 break;
436 case TDATA2:
437 if (val != env->tdata2[index]) {
438 env->tdata2[index] = val;
439 type2_breakpoint_remove(env, index);
440 type2_breakpoint_insert(env, index);
441 }
442 break;
443 case TDATA3:
444 qemu_log_mask(LOG_UNIMP,
445 "tdata3 is not supported for type 2 trigger\n");
446 break;
447 default:
448 g_assert_not_reached();
449 }
450
451 return;
452 }
453
454 /* type 6 trigger */
455
type6_breakpoint_enabled(target_ulong ctrl)456 static inline bool type6_breakpoint_enabled(target_ulong ctrl)
457 {
458 bool mode = !!(ctrl & (TYPE6_VU | TYPE6_VS | TYPE6_U | TYPE6_S | TYPE6_M));
459 bool rwx = !!(ctrl & (TYPE6_LOAD | TYPE6_STORE | TYPE6_EXEC));
460
461 return mode && rwx;
462 }
463
type6_mcontrol6_validate(CPURISCVState * env,target_ulong ctrl)464 static target_ulong type6_mcontrol6_validate(CPURISCVState *env,
465 target_ulong ctrl)
466 {
467 target_ulong val;
468 uint32_t size;
469
470 /* validate the generic part first */
471 val = tdata1_validate(env, ctrl, TRIGGER_TYPE_AD_MATCH6);
472
473 /* validate unimplemented (always zero) bits */
474 warn_always_zero_bit(ctrl, TYPE6_MATCH, "match");
475 warn_always_zero_bit(ctrl, TYPE6_CHAIN, "chain");
476 warn_always_zero_bit(ctrl, TYPE6_ACTION, "action");
477 warn_always_zero_bit(ctrl, TYPE6_TIMING, "timing");
478 warn_always_zero_bit(ctrl, TYPE6_SELECT, "select");
479 warn_always_zero_bit(ctrl, TYPE6_HIT, "hit");
480
481 /* validate size encoding */
482 size = extract32(ctrl, 16, 4);
483 if (access_size[size] == -1) {
484 qemu_log_mask(LOG_UNIMP, "access size %d is not supported, using "
485 "SIZE_ANY\n", size);
486 } else {
487 val |= (ctrl & TYPE6_SIZE);
488 }
489
490 /* keep the mode and attribute bits */
491 val |= (ctrl & (TYPE6_VU | TYPE6_VS | TYPE6_U | TYPE6_S | TYPE6_M |
492 TYPE6_LOAD | TYPE6_STORE | TYPE6_EXEC));
493
494 return val;
495 }
496
type6_breakpoint_insert(CPURISCVState * env,target_ulong index)497 static void type6_breakpoint_insert(CPURISCVState *env, target_ulong index)
498 {
499 target_ulong ctrl = env->tdata1[index];
500 target_ulong addr = env->tdata2[index];
501 bool enabled = type6_breakpoint_enabled(ctrl);
502 CPUState *cs = env_cpu(env);
503 int flags = BP_CPU | BP_STOP_BEFORE_ACCESS;
504 uint32_t size;
505
506 if (!enabled) {
507 return;
508 }
509
510 if (ctrl & TYPE6_EXEC) {
511 cpu_breakpoint_insert(cs, addr, flags, &env->cpu_breakpoint[index]);
512 }
513
514 if (ctrl & TYPE6_LOAD) {
515 flags |= BP_MEM_READ;
516 }
517
518 if (ctrl & TYPE6_STORE) {
519 flags |= BP_MEM_WRITE;
520 }
521
522 if (flags & BP_MEM_ACCESS) {
523 size = extract32(ctrl, 16, 4);
524 if (size != 0) {
525 cpu_watchpoint_insert(cs, addr, size, flags,
526 &env->cpu_watchpoint[index]);
527 } else {
528 cpu_watchpoint_insert(cs, addr, 8, flags,
529 &env->cpu_watchpoint[index]);
530 }
531 }
532 }
533
type6_breakpoint_remove(CPURISCVState * env,target_ulong index)534 static void type6_breakpoint_remove(CPURISCVState *env, target_ulong index)
535 {
536 type2_breakpoint_remove(env, index);
537 }
538
type6_reg_write(CPURISCVState * env,target_ulong index,int tdata_index,target_ulong val)539 static void type6_reg_write(CPURISCVState *env, target_ulong index,
540 int tdata_index, target_ulong val)
541 {
542 target_ulong new_val;
543
544 switch (tdata_index) {
545 case TDATA1:
546 new_val = type6_mcontrol6_validate(env, val);
547 if (new_val != env->tdata1[index]) {
548 env->tdata1[index] = new_val;
549 type6_breakpoint_remove(env, index);
550 type6_breakpoint_insert(env, index);
551 }
552 break;
553 case TDATA2:
554 if (val != env->tdata2[index]) {
555 env->tdata2[index] = val;
556 type6_breakpoint_remove(env, index);
557 type6_breakpoint_insert(env, index);
558 }
559 break;
560 case TDATA3:
561 qemu_log_mask(LOG_UNIMP,
562 "tdata3 is not supported for type 6 trigger\n");
563 break;
564 default:
565 g_assert_not_reached();
566 }
567
568 return;
569 }
570
571 /* icount trigger type */
572 static inline int
itrigger_get_count(CPURISCVState * env,int index)573 itrigger_get_count(CPURISCVState *env, int index)
574 {
575 return get_field(env->tdata1[index], ITRIGGER_COUNT);
576 }
577
578 static inline void
itrigger_set_count(CPURISCVState * env,int index,int value)579 itrigger_set_count(CPURISCVState *env, int index, int value)
580 {
581 env->tdata1[index] = set_field(env->tdata1[index],
582 ITRIGGER_COUNT, value);
583 }
584
check_itrigger_priv(CPURISCVState * env,int index)585 static bool check_itrigger_priv(CPURISCVState *env, int index)
586 {
587 target_ulong tdata1 = env->tdata1[index];
588 if (env->virt_enabled) {
589 /* check VU/VS bit against current privilege level */
590 return (get_field(tdata1, ITRIGGER_VS) == env->priv) ||
591 (get_field(tdata1, ITRIGGER_VU) == env->priv);
592 } else {
593 /* check U/S/M bit against current privilege level */
594 return (get_field(tdata1, ITRIGGER_M) == env->priv) ||
595 (get_field(tdata1, ITRIGGER_S) == env->priv) ||
596 (get_field(tdata1, ITRIGGER_U) == env->priv);
597 }
598 }
599
riscv_itrigger_enabled(CPURISCVState * env)600 bool riscv_itrigger_enabled(CPURISCVState *env)
601 {
602 int count;
603 for (int i = 0; i < RV_MAX_TRIGGERS; i++) {
604 if (get_trigger_type(env, i) != TRIGGER_TYPE_INST_CNT) {
605 continue;
606 }
607 if (check_itrigger_priv(env, i)) {
608 continue;
609 }
610 count = itrigger_get_count(env, i);
611 if (!count) {
612 continue;
613 }
614 return true;
615 }
616
617 return false;
618 }
619
helper_itrigger_match(CPURISCVState * env)620 void helper_itrigger_match(CPURISCVState *env)
621 {
622 int count;
623 for (int i = 0; i < RV_MAX_TRIGGERS; i++) {
624 if (get_trigger_type(env, i) != TRIGGER_TYPE_INST_CNT) {
625 continue;
626 }
627 if (!trigger_common_match(env, TRIGGER_TYPE_INST_CNT, i)) {
628 continue;
629 }
630 count = itrigger_get_count(env, i);
631 if (!count) {
632 continue;
633 }
634 itrigger_set_count(env, i, count--);
635 if (!count) {
636 env->itrigger_enabled = riscv_itrigger_enabled(env);
637 do_trigger_action(env, i);
638 }
639 }
640 }
641
riscv_itrigger_update_count(CPURISCVState * env)642 static void riscv_itrigger_update_count(CPURISCVState *env)
643 {
644 int count, executed;
645 /*
646 * Record last icount, so that we can evaluate the executed instructions
647 * since last privilege mode change or timer expire.
648 */
649 int64_t last_icount = env->last_icount, current_icount;
650 current_icount = env->last_icount = icount_get_raw();
651
652 for (int i = 0; i < RV_MAX_TRIGGERS; i++) {
653 if (get_trigger_type(env, i) != TRIGGER_TYPE_INST_CNT) {
654 continue;
655 }
656 count = itrigger_get_count(env, i);
657 if (!count) {
658 continue;
659 }
660 /*
661 * Only when privilege is changed or itrigger timer expires,
662 * the count field in itrigger tdata1 register is updated.
663 * And the count field in itrigger only contains remaining value.
664 */
665 if (check_itrigger_priv(env, i)) {
666 /*
667 * If itrigger enabled in this privilege mode, the number of
668 * executed instructions since last privilege change
669 * should be reduced from current itrigger count.
670 */
671 executed = current_icount - last_icount;
672 itrigger_set_count(env, i, count - executed);
673 if (count == executed) {
674 do_trigger_action(env, i);
675 }
676 } else {
677 /*
678 * If itrigger is not enabled in this privilege mode,
679 * the number of executed instructions will be discard and
680 * the count field in itrigger will not change.
681 */
682 timer_mod(env->itrigger_timer[i],
683 current_icount + count);
684 }
685 }
686 }
687
riscv_itrigger_timer_cb(void * opaque)688 static void riscv_itrigger_timer_cb(void *opaque)
689 {
690 riscv_itrigger_update_count((CPURISCVState *)opaque);
691 }
692
riscv_itrigger_update_priv(CPURISCVState * env)693 void riscv_itrigger_update_priv(CPURISCVState *env)
694 {
695 riscv_itrigger_update_count(env);
696 }
697
itrigger_validate(CPURISCVState * env,target_ulong ctrl)698 static target_ulong itrigger_validate(CPURISCVState *env,
699 target_ulong ctrl)
700 {
701 target_ulong val;
702
703 /* validate the generic part first */
704 val = tdata1_validate(env, ctrl, TRIGGER_TYPE_INST_CNT);
705
706 /* validate unimplemented (always zero) bits */
707 warn_always_zero_bit(ctrl, ITRIGGER_ACTION, "action");
708 warn_always_zero_bit(ctrl, ITRIGGER_HIT, "hit");
709 warn_always_zero_bit(ctrl, ITRIGGER_PENDING, "pending");
710
711 /* keep the mode and attribute bits */
712 val |= ctrl & (ITRIGGER_VU | ITRIGGER_VS | ITRIGGER_U | ITRIGGER_S |
713 ITRIGGER_M | ITRIGGER_COUNT);
714
715 return val;
716 }
717
itrigger_reg_write(CPURISCVState * env,target_ulong index,int tdata_index,target_ulong val)718 static void itrigger_reg_write(CPURISCVState *env, target_ulong index,
719 int tdata_index, target_ulong val)
720 {
721 target_ulong new_val;
722
723 switch (tdata_index) {
724 case TDATA1:
725 /* set timer for icount */
726 new_val = itrigger_validate(env, val);
727 if (new_val != env->tdata1[index]) {
728 env->tdata1[index] = new_val;
729 if (icount_enabled()) {
730 env->last_icount = icount_get_raw();
731 /* set the count to timer */
732 timer_mod(env->itrigger_timer[index],
733 env->last_icount + itrigger_get_count(env, index));
734 } else {
735 env->itrigger_enabled = riscv_itrigger_enabled(env);
736 }
737 }
738 break;
739 case TDATA2:
740 qemu_log_mask(LOG_UNIMP,
741 "tdata2 is not supported for icount trigger\n");
742 break;
743 case TDATA3:
744 qemu_log_mask(LOG_UNIMP,
745 "tdata3 is not supported for icount trigger\n");
746 break;
747 default:
748 g_assert_not_reached();
749 }
750
751 return;
752 }
753
itrigger_get_adjust_count(CPURISCVState * env)754 static int itrigger_get_adjust_count(CPURISCVState *env)
755 {
756 int count = itrigger_get_count(env, env->trigger_cur), executed;
757 if ((count != 0) && check_itrigger_priv(env, env->trigger_cur)) {
758 executed = icount_get_raw() - env->last_icount;
759 count += executed;
760 }
761 return count;
762 }
763
tdata_csr_read(CPURISCVState * env,int tdata_index)764 target_ulong tdata_csr_read(CPURISCVState *env, int tdata_index)
765 {
766 int trigger_type;
767 switch (tdata_index) {
768 case TDATA1:
769 trigger_type = extract_trigger_type(env,
770 env->tdata1[env->trigger_cur]);
771 if ((trigger_type == TRIGGER_TYPE_INST_CNT) && icount_enabled()) {
772 return deposit64(env->tdata1[env->trigger_cur], 10, 14,
773 itrigger_get_adjust_count(env));
774 }
775 return env->tdata1[env->trigger_cur];
776 case TDATA2:
777 return env->tdata2[env->trigger_cur];
778 case TDATA3:
779 return env->tdata3[env->trigger_cur];
780 default:
781 g_assert_not_reached();
782 }
783 }
784
tdata_csr_write(CPURISCVState * env,int tdata_index,target_ulong val)785 void tdata_csr_write(CPURISCVState *env, int tdata_index, target_ulong val)
786 {
787 int trigger_type;
788
789 if (tdata_index == TDATA1) {
790 trigger_type = extract_trigger_type(env, val);
791 } else {
792 trigger_type = get_trigger_type(env, env->trigger_cur);
793 }
794
795 switch (trigger_type) {
796 case TRIGGER_TYPE_AD_MATCH:
797 type2_reg_write(env, env->trigger_cur, tdata_index, val);
798 break;
799 case TRIGGER_TYPE_AD_MATCH6:
800 type6_reg_write(env, env->trigger_cur, tdata_index, val);
801 break;
802 case TRIGGER_TYPE_INST_CNT:
803 itrigger_reg_write(env, env->trigger_cur, tdata_index, val);
804 break;
805 case TRIGGER_TYPE_INT:
806 case TRIGGER_TYPE_EXCP:
807 case TRIGGER_TYPE_EXT_SRC:
808 qemu_log_mask(LOG_UNIMP, "trigger type: %d is not supported\n",
809 trigger_type);
810 break;
811 case TRIGGER_TYPE_NO_EXIST:
812 case TRIGGER_TYPE_UNAVAIL:
813 qemu_log_mask(LOG_GUEST_ERROR, "trigger type: %d does not exit\n",
814 trigger_type);
815 break;
816 default:
817 g_assert_not_reached();
818 }
819 }
820
tinfo_csr_read(CPURISCVState * env)821 target_ulong tinfo_csr_read(CPURISCVState *env)
822 {
823 /* assume all triggers support the same types of triggers */
824 return BIT(TRIGGER_TYPE_AD_MATCH) |
825 BIT(TRIGGER_TYPE_AD_MATCH6);
826 }
827
riscv_cpu_debug_excp_handler(CPUState * cs)828 void riscv_cpu_debug_excp_handler(CPUState *cs)
829 {
830 RISCVCPU *cpu = RISCV_CPU(cs);
831 CPURISCVState *env = &cpu->env;
832
833 if (cs->watchpoint_hit) {
834 if (cs->watchpoint_hit->flags & BP_CPU) {
835 do_trigger_action(env, DBG_ACTION_BP);
836 }
837 } else {
838 if (cpu_breakpoint_test(cs, env->pc, BP_CPU)) {
839 do_trigger_action(env, DBG_ACTION_BP);
840 }
841 }
842 }
843
riscv_cpu_debug_check_breakpoint(CPUState * cs)844 bool riscv_cpu_debug_check_breakpoint(CPUState *cs)
845 {
846 RISCVCPU *cpu = RISCV_CPU(cs);
847 CPURISCVState *env = &cpu->env;
848 CPUBreakpoint *bp;
849 target_ulong ctrl;
850 target_ulong pc;
851 int trigger_type;
852 int i;
853
854 QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
855 for (i = 0; i < RV_MAX_TRIGGERS; i++) {
856 trigger_type = get_trigger_type(env, i);
857
858 if (!trigger_common_match(env, trigger_type, i)) {
859 continue;
860 }
861
862 switch (trigger_type) {
863 case TRIGGER_TYPE_AD_MATCH:
864 ctrl = env->tdata1[i];
865 pc = env->tdata2[i];
866
867 if ((ctrl & TYPE2_EXEC) && (bp->pc == pc)) {
868 env->badaddr = pc;
869 return true;
870 }
871 break;
872 case TRIGGER_TYPE_AD_MATCH6:
873 ctrl = env->tdata1[i];
874 pc = env->tdata2[i];
875
876 if ((ctrl & TYPE6_EXEC) && (bp->pc == pc)) {
877 env->badaddr = pc;
878 return true;
879 }
880 break;
881 default:
882 /* other trigger types are not supported or irrelevant */
883 break;
884 }
885 }
886 }
887
888 return false;
889 }
890
riscv_cpu_debug_check_watchpoint(CPUState * cs,CPUWatchpoint * wp)891 bool riscv_cpu_debug_check_watchpoint(CPUState *cs, CPUWatchpoint *wp)
892 {
893 RISCVCPU *cpu = RISCV_CPU(cs);
894 CPURISCVState *env = &cpu->env;
895 target_ulong ctrl;
896 target_ulong addr;
897 int trigger_type;
898 int flags;
899 int i;
900
901 for (i = 0; i < RV_MAX_TRIGGERS; i++) {
902 trigger_type = get_trigger_type(env, i);
903
904 if (!trigger_common_match(env, trigger_type, i)) {
905 continue;
906 }
907
908 switch (trigger_type) {
909 case TRIGGER_TYPE_AD_MATCH:
910 ctrl = env->tdata1[i];
911 addr = env->tdata2[i];
912 flags = 0;
913
914 if (ctrl & TYPE2_LOAD) {
915 flags |= BP_MEM_READ;
916 }
917 if (ctrl & TYPE2_STORE) {
918 flags |= BP_MEM_WRITE;
919 }
920
921 if ((wp->flags & flags) && (wp->vaddr == addr)) {
922 return true;
923 }
924 break;
925 case TRIGGER_TYPE_AD_MATCH6:
926 ctrl = env->tdata1[i];
927 addr = env->tdata2[i];
928 flags = 0;
929
930 if (ctrl & TYPE6_LOAD) {
931 flags |= BP_MEM_READ;
932 }
933 if (ctrl & TYPE6_STORE) {
934 flags |= BP_MEM_WRITE;
935 }
936
937 if ((wp->flags & flags) && (wp->vaddr == addr)) {
938 return true;
939 }
940 break;
941 default:
942 /* other trigger types are not supported */
943 break;
944 }
945 }
946
947 return false;
948 }
949
riscv_trigger_realize(CPURISCVState * env)950 void riscv_trigger_realize(CPURISCVState *env)
951 {
952 int i;
953
954 for (i = 0; i < RV_MAX_TRIGGERS; i++) {
955 env->itrigger_timer[i] = timer_new_ns(QEMU_CLOCK_VIRTUAL,
956 riscv_itrigger_timer_cb, env);
957 }
958 }
959
riscv_trigger_reset_hold(CPURISCVState * env)960 void riscv_trigger_reset_hold(CPURISCVState *env)
961 {
962 target_ulong tdata1 = build_tdata1(env, TRIGGER_TYPE_AD_MATCH, 0, 0);
963 int i;
964
965 /* init to type 2 triggers */
966 for (i = 0; i < RV_MAX_TRIGGERS; i++) {
967 /*
968 * type = TRIGGER_TYPE_AD_MATCH
969 * dmode = 0 (both debug and M-mode can write tdata)
970 * maskmax = 0 (unimplemented, always 0)
971 * sizehi = 0 (match against any size, RV64 only)
972 * hit = 0 (unimplemented, always 0)
973 * select = 0 (always 0, perform match on address)
974 * timing = 0 (always 0, trigger before instruction)
975 * sizelo = 0 (match against any size)
976 * action = 0 (always 0, raise a breakpoint exception)
977 * chain = 0 (unimplemented, always 0)
978 * match = 0 (always 0, when any compare value equals tdata2)
979 */
980 env->tdata1[i] = tdata1;
981 env->tdata2[i] = 0;
982 env->tdata3[i] = 0;
983 env->cpu_breakpoint[i] = NULL;
984 env->cpu_watchpoint[i] = NULL;
985 timer_del(env->itrigger_timer[i]);
986 }
987
988 env->mcontext = 0;
989 }
990