[PATCH v2 0/5] target/riscv: Fix pointer mask related support

[PATCH v2 0/5] target/riscv: Fix pointer mask related support

[Weiwei Li]

This patchset tries to fix some problem in current implementation for pointer mask, and add support for pointer mask of instruction fetch.

The port is available here:
https://github.com/plctlab/plct-qemu/tree/plct-pm-fix-v2

v2:
* drop some error patchs
* Add patch 2 and 3 to fix the new problems
* Add patch 4 and 5 to use PC-relative translation for pointer mask for instruction fetch

Weiwei Li (5):
  target/riscv: Fix pointer mask transformation for vector address
  target/riscv: Update cur_pmmask/base when xl changes
  target/riscv: Sync cpu_pc before update badaddr
  target/riscv: Add support for PC-relative translation
  target/riscv: Add pointer mask support for instruction fetch

 target/riscv/cpu.c                      | 33 +++++++++----
 target/riscv/cpu.h                      |  1 +
 target/riscv/cpu_helper.c               | 20 +++++++-
 target/riscv/csr.c                      | 11 +++--
 target/riscv/insn_trans/trans_rvi.c.inc | 42 +++++++++++++---
 target/riscv/translate.c                | 66 ++++++++++++++++++-------
 target/riscv/vector_helper.c            |  2 +-
 7 files changed, 134 insertions(+), 41 deletions(-)

-- 
2.25.1

[PATCH v2 1/5] target/riscv: Fix pointer mask transformation for vector address

[Weiwei Li]

actual_address = (requested_address & ~mpmmask) | mpmbase.

Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
---
 target/riscv/vector_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
index 2423affe37..a58d82af8c 100644
--- a/target/riscv/vector_helper.c
+++ b/target/riscv/vector_helper.c
@@ -172,7 +172,7 @@ static inline uint32_t vext_get_total_elems(CPURISCVState *env, uint32_t desc,
 
 static inline target_ulong adjust_addr(CPURISCVState *env, target_ulong addr)
 {
-    return (addr & env->cur_pmmask) | env->cur_pmbase;
+    return (addr & ~env->cur_pmmask) | env->cur_pmbase;
 }
 
 /*
-- 
2.25.1

[PATCH v2 2/5] target/riscv: Update cur_pmmask/base when xl changes

[Weiwei Li]

write_mstatus() can only change current xl when in debug mode.
And we need update cur_pmmask/base in this case.

Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
---
 target/riscv/csr.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index d522efc0b6..43b9ad4500 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1277,8 +1277,15 @@ static RISCVException write_mstatus(CPURISCVState *env, int csrno,
         mstatus = set_field(mstatus, MSTATUS64_SXL, xl);
     }
     env->mstatus = mstatus;
-    env->xl = cpu_recompute_xl(env);
 
+    /*
+     * Except in debug mode, UXL/SXL can only be modified by higher
+     * privilege mode. So xl will not be changed in normal mode.
+     */
+    if (env->debugger) {
+        env->xl = cpu_recompute_xl(env);
+        riscv_cpu_update_mask(env);
+    }
     return RISCV_EXCP_NONE;
 }
 
-- 
2.25.1

[PATCH v2 3/5] target/riscv: Sync cpu_pc before update badaddr

[Weiwei Li]

We should sync cpu_pc before storing it into badaddr when mis-aligned
exception is triggered.

Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
---
 target/riscv/insn_trans/trans_rvi.c.inc | 1 +
 target/riscv/translate.c                | 1 +
 2 files changed, 2 insertions(+)

diff --git a/target/riscv/insn_trans/trans_rvi.c.inc b/target/riscv/insn_trans/trans_rvi.c.inc
index 4ad54e8a49..05d8b5d57f 100644
--- a/target/riscv/insn_trans/trans_rvi.c.inc
+++ b/target/riscv/insn_trans/trans_rvi.c.inc
@@ -171,6 +171,7 @@ static bool gen_branch(DisasContext *ctx, arg_b *a, TCGCond cond)
 
     if (!has_ext(ctx, RVC) && ((ctx->base.pc_next + a->imm) & 0x3)) {
         /* misaligned */
+        gen_set_pc_imm(ctx, ctx->base.pc_next + a->imm);
         gen_exception_inst_addr_mis(ctx);
     } else {
         gen_goto_tb(ctx, 0, ctx->base.pc_next + a->imm);
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 0ee8ee147d..f7ddf4c50d 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -551,6 +551,7 @@ static void gen_jal(DisasContext *ctx, int rd, target_ulong imm)
     next_pc = ctx->base.pc_next + imm;
     if (!has_ext(ctx, RVC)) {
         if ((next_pc & 0x3) != 0) {
+            gen_set_pc_imm(ctx, next_pc);
             gen_exception_inst_addr_mis(ctx);
             return;
         }
-- 
2.25.1

[PATCH v2 4/5] target/riscv: Add support for PC-relative translation

[Weiwei Li]

Add a base save_pc For PC-relative translation(CF_PCREL).
Diable the directly sync pc from tb by riscv_cpu_synchronize_from_tb.
Sync pc before it's used or updated from tb related pc:
   real_pc = (old)env->pc + target_pc(from tb) - ctx->save_pc

Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
---
 target/riscv/cpu.c                      | 29 +++++++----
 target/riscv/insn_trans/trans_rvi.c.inc | 41 +++++++++++++---
 target/riscv/translate.c                | 65 ++++++++++++++++++-------
 3 files changed, 99 insertions(+), 36 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 1e97473af2..646fa31a59 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -658,16 +658,18 @@ static vaddr riscv_cpu_get_pc(CPUState *cs)
 static void riscv_cpu_synchronize_from_tb(CPUState *cs,
                                           const TranslationBlock *tb)
 {
-    RISCVCPU *cpu = RISCV_CPU(cs);
-    CPURISCVState *env = &cpu->env;
-    RISCVMXL xl = FIELD_EX32(tb->flags, TB_FLAGS, XL);
+    if (!(tb_cflags(tb) & CF_PCREL)) {
+        RISCVCPU *cpu = RISCV_CPU(cs);
+        CPURISCVState *env = &cpu->env;
+        RISCVMXL xl = FIELD_EX32(tb->flags, TB_FLAGS, XL);
 
-    tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
+        tcg_debug_assert(!(cs->tcg_cflags & CF_PCREL));
 
-    if (xl == MXL_RV32) {
-        env->pc = (int32_t) tb->pc;
-    } else {
-        env->pc = tb->pc;
+        if (xl == MXL_RV32) {
+            env->pc = (int32_t) tb->pc;
+        } else {
+            env->pc = tb->pc;
+        }
     }
 }
 
@@ -693,11 +695,18 @@ static void riscv_restore_state_to_opc(CPUState *cs,
     RISCVCPU *cpu = RISCV_CPU(cs);
     CPURISCVState *env = &cpu->env;
     RISCVMXL xl = FIELD_EX32(tb->flags, TB_FLAGS, XL);
+    target_ulong pc;
+
+    if (tb_cflags(tb) & CF_PCREL) {
+        pc = (env->pc & TARGET_PAGE_MASK) | data[0];
+    } else {
+        pc = data[0];
+    }
 
     if (xl == MXL_RV32) {
-        env->pc = (int32_t)data[0];
+        env->pc = (int32_t)pc;
     } else {
-        env->pc = data[0];
+        env->pc = pc;
     }
     env->bins = data[1];
 }
diff --git a/target/riscv/insn_trans/trans_rvi.c.inc b/target/riscv/insn_trans/trans_rvi.c.inc
index 05d8b5d57f..1ba00f30a9 100644
--- a/target/riscv/insn_trans/trans_rvi.c.inc
+++ b/target/riscv/insn_trans/trans_rvi.c.inc
@@ -38,7 +38,15 @@ static bool trans_lui(DisasContext *ctx, arg_lui *a)
 
 static bool trans_auipc(DisasContext *ctx, arg_auipc *a)
 {
-    gen_set_gpri(ctx, a->rd, a->imm + ctx->base.pc_next);
+    assert(ctx->pc_save != -1);
+    if (tb_cflags(ctx->base.tb) & CF_PCREL) {
+        TCGv target_pc = tcg_temp_new();
+        tcg_gen_addi_tl(target_pc, cpu_pc, a->imm + ctx->base.pc_next -
+                                           ctx->pc_save);
+        gen_set_gpr(ctx, a->rd, target_pc);
+    } else {
+        gen_set_gpri(ctx, a->rd, a->imm + ctx->base.pc_next);
+    }
     return true;
 }
 
@@ -51,26 +59,43 @@ static bool trans_jal(DisasContext *ctx, arg_jal *a)
 static bool trans_jalr(DisasContext *ctx, arg_jalr *a)
 {
     TCGLabel *misaligned = NULL;
+    TCGv succ_pc = tcg_temp_new();
+    TCGv target_pc = tcg_temp_new();
+
+    if (tb_cflags(ctx->base.tb) & CF_PCREL) {
+        tcg_gen_addi_tl(succ_pc, cpu_pc, ctx->pc_succ_insn - ctx->pc_save);
+    }
+
+    tcg_gen_addi_tl(target_pc, get_gpr(ctx, a->rs1, EXT_NONE), a->imm);
+    tcg_gen_andi_tl(target_pc, target_pc, (target_ulong)-2);
 
-    tcg_gen_addi_tl(cpu_pc, get_gpr(ctx, a->rs1, EXT_NONE), a->imm);
-    tcg_gen_andi_tl(cpu_pc, cpu_pc, (target_ulong)-2);
+    if (get_xl(ctx) == MXL_RV32) {
+        tcg_gen_ext32s_tl(target_pc, target_pc);
+    }
 
-    gen_set_pc(ctx, cpu_pc);
     if (!has_ext(ctx, RVC)) {
         TCGv t0 = tcg_temp_new();
 
         misaligned = gen_new_label();
-        tcg_gen_andi_tl(t0, cpu_pc, 0x2);
+        tcg_gen_andi_tl(t0, target_pc, 0x2);
         tcg_gen_brcondi_tl(TCG_COND_NE, t0, 0x0, misaligned);
     }
 
-    gen_set_gpri(ctx, a->rd, ctx->pc_succ_insn);
+    tcg_gen_mov_tl(cpu_pc, target_pc);
+
+    if (tb_cflags(ctx->base.tb) & CF_PCREL) {
+        gen_set_gpr(ctx, a->rd, succ_pc);
+    } else {
+        gen_set_gpri(ctx, a->rd, ctx->pc_succ_insn);
+    }
     lookup_and_goto_ptr(ctx);
 
     if (misaligned) {
         gen_set_label(misaligned);
-        gen_exception_inst_addr_mis(ctx);
+        gen_exception_inst_addr_mis(ctx, target_pc);
     }
+
+    ctx->pc_save = -1;
     ctx->base.is_jmp = DISAS_NORETURN;
 
     return true;
@@ -172,7 +197,7 @@ static bool gen_branch(DisasContext *ctx, arg_b *a, TCGCond cond)
     if (!has_ext(ctx, RVC) && ((ctx->base.pc_next + a->imm) & 0x3)) {
         /* misaligned */
         gen_set_pc_imm(ctx, ctx->base.pc_next + a->imm);
-        gen_exception_inst_addr_mis(ctx);
+        gen_exception_inst_addr_mis(ctx, cpu_pc);
     } else {
         gen_goto_tb(ctx, 0, ctx->base.pc_next + a->imm);
     }
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index f7ddf4c50d..faf6975e80 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -59,6 +59,7 @@ typedef struct DisasContext {
     DisasContextBase base;
     /* pc_succ_insn points to the instruction following base.pc_next */
     target_ulong pc_succ_insn;
+    target_ulong pc_save;
     target_ulong priv_ver;
     RISCVMXL misa_mxl_max;
     RISCVMXL xl;
@@ -224,18 +225,19 @@ static void decode_save_opc(DisasContext *ctx)
 
 static void gen_set_pc_imm(DisasContext *ctx, target_ulong dest)
 {
-    if (get_xl(ctx) == MXL_RV32) {
-        dest = (int32_t)dest;
-    }
-    tcg_gen_movi_tl(cpu_pc, dest);
-}
+    assert(ctx->pc_save != -1);
+    if (tb_cflags(ctx->base.tb) & CF_PCREL) {
+        tcg_gen_addi_tl(cpu_pc, cpu_pc, dest - ctx->pc_save);
+        if (get_xl(ctx) == MXL_RV32) {
+            tcg_gen_ext32s_tl(cpu_pc, cpu_pc);
+        }
 
-static void gen_set_pc(DisasContext *ctx, TCGv dest)
-{
-    if (get_xl(ctx) == MXL_RV32) {
-        tcg_gen_ext32s_tl(cpu_pc, dest);
+        ctx->pc_save = dest;
     } else {
-        tcg_gen_mov_tl(cpu_pc, dest);
+        if (get_xl(ctx) == MXL_RV32) {
+          dest = (int32_t)dest;
+        }
+        tcg_gen_movi_tl(cpu_pc, dest);
     }
 }
 
@@ -257,9 +259,9 @@ static void gen_exception_illegal(DisasContext *ctx)
     }
 }
 
-static void gen_exception_inst_addr_mis(DisasContext *ctx)
+static void gen_exception_inst_addr_mis(DisasContext *ctx, TCGv target)
 {
-    tcg_gen_st_tl(cpu_pc, cpu_env, offsetof(CPURISCVState, badaddr));
+    tcg_gen_st_tl(target, cpu_env, offsetof(CPURISCVState, badaddr));
     generate_exception(ctx, RISCV_EXCP_INST_ADDR_MIS);
 }
 
@@ -290,8 +292,21 @@ static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
       * direct block chain benefits will be small.
       */
     if (translator_use_goto_tb(&ctx->base, dest) && !ctx->itrigger) {
-        tcg_gen_goto_tb(n);
-        gen_set_pc_imm(ctx, dest);
+        /*
+         * For pcrel, the pc must always be up-to-date on entry to
+         * the linked TB, so that it can use simple additions for all
+         * further adjustments.  For !pcrel, the linked TB is compiled
+         * to know its full virtual address, so we can delay the
+         * update to pc to the unlinked path.  A long chain of links
+         * can thus avoid many updates to the PC.
+         */
+        if (tb_cflags(ctx->base.tb) & CF_PCREL) {
+            gen_set_pc_imm(ctx, dest);
+            tcg_gen_goto_tb(n);
+        } else {
+            tcg_gen_goto_tb(n);
+            gen_set_pc_imm(ctx, dest);
+        }
         tcg_gen_exit_tb(ctx->base.tb, n);
     } else {
         gen_set_pc_imm(ctx, dest);
@@ -552,13 +567,21 @@ static void gen_jal(DisasContext *ctx, int rd, target_ulong imm)
     if (!has_ext(ctx, RVC)) {
         if ((next_pc & 0x3) != 0) {
             gen_set_pc_imm(ctx, next_pc);
-            gen_exception_inst_addr_mis(ctx);
+            gen_exception_inst_addr_mis(ctx, cpu_pc);
             return;
         }
     }
 
-    gen_set_gpri(ctx, rd, ctx->pc_succ_insn);
-    gen_goto_tb(ctx, 0, ctx->base.pc_next + imm); /* must use this for safety */
+    assert(ctx->pc_save != -1);
+    if (tb_cflags(ctx->base.tb) & CF_PCREL) {
+        TCGv succ_pc = tcg_temp_new();
+        tcg_gen_addi_tl(succ_pc, cpu_pc, ctx->pc_succ_insn - ctx->pc_save);
+        gen_set_gpr(ctx, rd, succ_pc);
+    } else {
+        gen_set_gpri(ctx, rd, ctx->pc_succ_insn);
+    }
+
+    gen_goto_tb(ctx, 0, next_pc); /* must use this for safety */
     ctx->base.is_jmp = DISAS_NORETURN;
 }
 
@@ -1152,6 +1175,7 @@ static void riscv_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
     RISCVCPU *cpu = RISCV_CPU(cs);
     uint32_t tb_flags = ctx->base.tb->flags;
 
+    ctx->pc_save = ctx->base.pc_first;
     ctx->pc_succ_insn = ctx->base.pc_first;
     ctx->mem_idx = FIELD_EX32(tb_flags, TB_FLAGS, MEM_IDX);
     ctx->mstatus_fs = tb_flags & TB_FLAGS_MSTATUS_FS;
@@ -1197,8 +1221,13 @@ static void riscv_tr_tb_start(DisasContextBase *db, CPUState *cpu)
 static void riscv_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
 {
     DisasContext *ctx = container_of(dcbase, DisasContext, base);
+    target_ulong pc_next = ctx->base.pc_next;
+
+    if (tb_cflags(dcbase->tb) & CF_PCREL) {
+        pc_next &= ~TARGET_PAGE_MASK;
+    }
 
-    tcg_gen_insn_start(ctx->base.pc_next, 0);
+    tcg_gen_insn_start(pc_next, 0);
     ctx->insn_start = tcg_last_op();
 }
 
-- 
2.25.1

[PATCH v2 5/5] target/riscv: Add pointer mask support for instruction fetch

[Weiwei Li]

Transform the fetch address in cpu_get_tb_cpu_state() when pointer
mask for instruction is enabled.
Enable PC-relative translation when J is enabled.

Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
---
 target/riscv/cpu.c        |  4 ++++
 target/riscv/cpu.h        |  1 +
 target/riscv/cpu_helper.c | 20 +++++++++++++++++++-
 target/riscv/csr.c        |  2 --
 4 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 646fa31a59..99f0177c6d 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1193,6 +1193,10 @@ static void riscv_cpu_realize(DeviceState *dev, Error **errp)
 
 
 #ifndef CONFIG_USER_ONLY
+    if(cpu->cfg.ext_j) {
+        cs->tcg_cflags |= CF_PCREL;
+    }
+
     if (cpu->cfg.ext_sstc) {
         riscv_timer_init(cpu);
     }
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 638e47c75a..57bd9c3279 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -368,6 +368,7 @@ struct CPUArchState {
 #endif
     target_ulong cur_pmmask;
     target_ulong cur_pmbase;
+    bool cur_pminsn;
 
     /* Fields from here on are preserved across CPU reset. */
     QEMUTimer *stimer; /* Internal timer for S-mode interrupt */
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index f88c503cf4..b683a770fe 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -40,6 +40,19 @@ int riscv_cpu_mmu_index(CPURISCVState *env, bool ifetch)
 #endif
 }
 
+static target_ulong adjust_pc_address(CPURISCVState *env, target_ulong pc)
+{
+    target_ulong adjust_pc = pc;
+
+    if (env->cur_pminsn) {
+        adjust_pc = (adjust_pc & ~env->cur_pmmask) | env->cur_pmbase;
+    } else if (env->xl == MXL_RV32) {
+        adjust_pc &= UINT32_MAX;
+    }
+
+    return adjust_pc;
+}
+
 void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong *pc,
                           target_ulong *cs_base, uint32_t *pflags)
 {
@@ -48,7 +61,7 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong *pc,
 
     uint32_t flags = 0;
 
-    *pc = env->xl == MXL_RV32 ? env->pc & UINT32_MAX : env->pc;
+    *pc = adjust_pc_address(env, env->pc);
     *cs_base = 0;
 
     if (cpu->cfg.ext_zve32f) {
@@ -124,6 +137,7 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong *pc,
 void riscv_cpu_update_mask(CPURISCVState *env)
 {
     target_ulong mask = -1, base = 0;
+    bool insn = false;
     /*
      * TODO: Current RVJ spec does not specify
      * how the extension interacts with XLEN.
@@ -135,18 +149,21 @@ void riscv_cpu_update_mask(CPURISCVState *env)
             if (env->mmte & M_PM_ENABLE) {
                 mask = env->mpmmask;
                 base = env->mpmbase;
+                insn = env->mmte & MMTE_M_PM_INSN;
             }
             break;
         case PRV_S:
             if (env->mmte & S_PM_ENABLE) {
                 mask = env->spmmask;
                 base = env->spmbase;
+                insn = env->mmte & MMTE_S_PM_INSN;
             }
             break;
         case PRV_U:
             if (env->mmte & U_PM_ENABLE) {
                 mask = env->upmmask;
                 base = env->upmbase;
+                insn = env->mmte & MMTE_U_PM_INSN;
             }
             break;
         default:
@@ -161,6 +178,7 @@ void riscv_cpu_update_mask(CPURISCVState *env)
         env->cur_pmmask = mask;
         env->cur_pmbase = base;
     }
+    env->cur_pminsn = insn;
 }
 
 #ifndef CONFIG_USER_ONLY
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 43b9ad4500..0902b64129 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -3518,8 +3518,6 @@ static RISCVException write_mmte(CPURISCVState *env, int csrno,
     /* for machine mode pm.current is hardwired to 1 */
     wpri_val |= MMTE_M_PM_CURRENT;
 
-    /* hardwiring pm.instruction bit to 0, since it's not supported yet */
-    wpri_val &= ~(MMTE_M_PM_INSN | MMTE_S_PM_INSN | MMTE_U_PM_INSN);
     env->mmte = wpri_val | PM_EXT_DIRTY;
     riscv_cpu_update_mask(env);
 
-- 
2.25.1

Re: [PATCH v2 3/5] target/riscv: Sync cpu_pc before update badaddr

[Richard Henderson]

On 3/28/23 20:23, Weiwei Li wrote:
> We should sync cpu_pc before storing it into badaddr when mis-aligned
> exception is triggered.
> 
> Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
> ---
>   target/riscv/insn_trans/trans_rvi.c.inc | 1 +
>   target/riscv/translate.c                | 1 +
>   2 files changed, 2 insertions(+)

Yes, badaddr should get the invalid pc, but surely epc should contain the pc of the branch 
instruction causing the fault.  I thought that was the primary reason to handle this 
exception here, rather than at the start of the translation loop.


r~

> 
> diff --git a/target/riscv/insn_trans/trans_rvi.c.inc b/target/riscv/insn_trans/trans_rvi.c.inc
> index 4ad54e8a49..05d8b5d57f 100644
> --- a/target/riscv/insn_trans/trans_rvi.c.inc
> +++ b/target/riscv/insn_trans/trans_rvi.c.inc
> @@ -171,6 +171,7 @@ static bool gen_branch(DisasContext *ctx, arg_b *a, TCGCond cond)
>   
>       if (!has_ext(ctx, RVC) && ((ctx->base.pc_next + a->imm) & 0x3)) {
>           /* misaligned */
> +        gen_set_pc_imm(ctx, ctx->base.pc_next + a->imm);
>           gen_exception_inst_addr_mis(ctx);
>       } else {
>           gen_goto_tb(ctx, 0, ctx->base.pc_next + a->imm);
> diff --git a/target/riscv/translate.c b/target/riscv/translate.c
> index 0ee8ee147d..f7ddf4c50d 100644
> --- a/target/riscv/translate.c
> +++ b/target/riscv/translate.c
> @@ -551,6 +551,7 @@ static void gen_jal(DisasContext *ctx, int rd, target_ulong imm)
>       next_pc = ctx->base.pc_next + imm;
>       if (!has_ext(ctx, RVC)) {
>           if ((next_pc & 0x3) != 0) {
> +            gen_set_pc_imm(ctx, next_pc);
>               gen_exception_inst_addr_mis(ctx);
>               return;
>           }

Re: [PATCH v2 4/5] target/riscv: Add support for PC-relative translation

[Richard Henderson]

On 3/28/23 20:23, Weiwei Li wrote:
>   static bool trans_auipc(DisasContext *ctx, arg_auipc *a)
>   {
> -    gen_set_gpri(ctx, a->rd, a->imm + ctx->base.pc_next);
> +    assert(ctx->pc_save != -1);
> +    if (tb_cflags(ctx->base.tb) & CF_PCREL) {
> +        TCGv target_pc = tcg_temp_new();

dest_gpr(s, a->rd)

> @@ -51,26 +59,43 @@ static bool trans_jal(DisasContext *ctx, arg_jal *a)
>   static bool trans_jalr(DisasContext *ctx, arg_jalr *a)
>   {
>       TCGLabel *misaligned = NULL;
> +    TCGv succ_pc = tcg_temp_new();

succ_pc can by null for !CF_PCREL...

> +    TCGv target_pc = tcg_temp_new();
> +
> +    if (tb_cflags(ctx->base.tb) & CF_PCREL) {
> +        tcg_gen_addi_tl(succ_pc, cpu_pc, ctx->pc_succ_insn - ctx->pc_save);
> +    }

... or initialized like

        } else {
            succ_pc = tcg_constant_tl(ctx->pc_succ_insn);
        }

> -    gen_set_pc(ctx, cpu_pc);
>       if (!has_ext(ctx, RVC)) {
>           TCGv t0 = tcg_temp_new();
>   
>           misaligned = gen_new_label();
> -        tcg_gen_andi_tl(t0, cpu_pc, 0x2);
> +        tcg_gen_andi_tl(t0, target_pc, 0x2);
>           tcg_gen_brcondi_tl(TCG_COND_NE, t0, 0x0, misaligned);
>       }
...
>       if (misaligned) {
>           gen_set_label(misaligned);
> -        gen_exception_inst_addr_mis(ctx);
> +        gen_exception_inst_addr_mis(ctx, target_pc);
>       }

This is what I expected from patch 3: cpu_pc is unchanged, with the new (incorrect) 
address passed to inst_addr_mis for assigning to badaddr.  Bug being fixed here, thus 
should really be a separate patch.

> @@ -172,7 +197,7 @@ static bool gen_branch(DisasContext *ctx, arg_b *a, TCGCond cond)
>       if (!has_ext(ctx, RVC) && ((ctx->base.pc_next + a->imm) & 0x3)) {
>           /* misaligned */
>           gen_set_pc_imm(ctx, ctx->base.pc_next + a->imm);
> -        gen_exception_inst_addr_mis(ctx);
> +        gen_exception_inst_addr_mis(ctx, cpu_pc);

But this one's different and (probably) incorrect.

> @@ -552,13 +567,21 @@ static void gen_jal(DisasContext *ctx, int rd, target_ulong imm)
>       if (!has_ext(ctx, RVC)) {
>           if ((next_pc & 0x3) != 0) {
>               gen_set_pc_imm(ctx, next_pc);
> -            gen_exception_inst_addr_mis(ctx);
> +            gen_exception_inst_addr_mis(ctx, cpu_pc);

Likewise.

> +    assert(ctx->pc_save != -1);
> +    if (tb_cflags(ctx->base.tb) & CF_PCREL) {
> +        TCGv succ_pc = tcg_temp_new();
> +        tcg_gen_addi_tl(succ_pc, cpu_pc, ctx->pc_succ_insn - ctx->pc_save);
> +        gen_set_gpr(ctx, rd, succ_pc);

dest_gpr.



r~

Re: [PATCH v2 5/5] target/riscv: Add pointer mask support for instruction fetch

[Richard Henderson]

On 3/28/23 20:23, Weiwei Li wrote:
> Transform the fetch address in cpu_get_tb_cpu_state() when pointer
> mask for instruction is enabled.
> Enable PC-relative translation when J is enabled.
> 
> Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
> ---
>   target/riscv/cpu.c        |  4 ++++
>   target/riscv/cpu.h        |  1 +
>   target/riscv/cpu_helper.c | 20 +++++++++++++++++++-
>   target/riscv/csr.c        |  2 --
>   4 files changed, 24 insertions(+), 3 deletions(-)
> 
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index 646fa31a59..99f0177c6d 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -1193,6 +1193,10 @@ static void riscv_cpu_realize(DeviceState *dev, Error **errp)
>   
>   
>   #ifndef CONFIG_USER_ONLY
> +    if(cpu->cfg.ext_j) {
> +        cs->tcg_cflags |= CF_PCREL;
> +    }

"if ("

Consider enabling it always for system mode.  The reason for the existence of CF_PCREL is 
to improve performance with the guest kernel's address space randomization.  Each guest 
process maps libc.so (et al) at a different virtual address, and this allows those 
translations to be shared.

I would enable CF_PCREL in a separate patch from MMTE_*_PM_INSN.


r~

Re: [PATCH v2 3/5] target/riscv: Sync cpu_pc before update badaddr

[liweiwei]

On 2023/3/29 23:33, Richard Henderson wrote:
> On 3/28/23 20:23, Weiwei Li wrote:
>> We should sync cpu_pc before storing it into badaddr when mis-aligned
>> exception is triggered.
>>
>> Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
>> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
>> ---
>>   target/riscv/insn_trans/trans_rvi.c.inc | 1 +
>>   target/riscv/translate.c                | 1 +
>>   2 files changed, 2 insertions(+)
>
> Yes, badaddr should get the invalid pc, but surely epc should contain 
> the pc of the branch instruction causing the fault.  I thought that 
> was the primary reason to handle this exception here, rather than at 
> the start of the translation loop.
>
Yeah. the pc will be restored to the current pc in gen_exception() after 
updating the invalid pc into badaddr.

Regards,

Weiwei Li

>
> r~
>
>>
>> diff --git a/target/riscv/insn_trans/trans_rvi.c.inc 
>> b/target/riscv/insn_trans/trans_rvi.c.inc
>> index 4ad54e8a49..05d8b5d57f 100644
>> --- a/target/riscv/insn_trans/trans_rvi.c.inc
>> +++ b/target/riscv/insn_trans/trans_rvi.c.inc
>> @@ -171,6 +171,7 @@ static bool gen_branch(DisasContext *ctx, arg_b 
>> *a, TCGCond cond)
>>         if (!has_ext(ctx, RVC) && ((ctx->base.pc_next + a->imm) & 
>> 0x3)) {
>>           /* misaligned */
>> +        gen_set_pc_imm(ctx, ctx->base.pc_next + a->imm);
>>           gen_exception_inst_addr_mis(ctx);
>>       } else {
>>           gen_goto_tb(ctx, 0, ctx->base.pc_next + a->imm);
>> diff --git a/target/riscv/translate.c b/target/riscv/translate.c
>> index 0ee8ee147d..f7ddf4c50d 100644
>> --- a/target/riscv/translate.c
>> +++ b/target/riscv/translate.c
>> @@ -551,6 +551,7 @@ static void gen_jal(DisasContext *ctx, int rd, 
>> target_ulong imm)
>>       next_pc = ctx->base.pc_next + imm;
>>       if (!has_ext(ctx, RVC)) {
>>           if ((next_pc & 0x3) != 0) {
>> +            gen_set_pc_imm(ctx, next_pc);
>>               gen_exception_inst_addr_mis(ctx);
>>               return;
>>           }

Re: [PATCH v2 4/5] target/riscv: Add support for PC-relative translation

[liweiwei]

On 2023/3/30 00:27, Richard Henderson wrote:
> On 3/28/23 20:23, Weiwei Li wrote:
>>   static bool trans_auipc(DisasContext *ctx, arg_auipc *a)
>>   {
>> -    gen_set_gpri(ctx, a->rd, a->imm + ctx->base.pc_next);
>> +    assert(ctx->pc_save != -1);
>> +    if (tb_cflags(ctx->base.tb) & CF_PCREL) {
>> +        TCGv target_pc = tcg_temp_new();
>
> dest_gpr(s, a->rd)
OK. I'll fix this.
>
>> @@ -51,26 +59,43 @@ static bool trans_jal(DisasContext *ctx, arg_jal *a)
>>   static bool trans_jalr(DisasContext *ctx, arg_jalr *a)
>>   {
>>       TCGLabel *misaligned = NULL;
>> +    TCGv succ_pc = tcg_temp_new();
>
> succ_pc can by null for !CF_PCREL...
I think this is OK since it's only used for CF_PCREL.
>
>> +    TCGv target_pc = tcg_temp_new();
>> +
>> +    if (tb_cflags(ctx->base.tb) & CF_PCREL) {
>> +        tcg_gen_addi_tl(succ_pc, cpu_pc, ctx->pc_succ_insn - 
>> ctx->pc_save);
>> +    }
>
> ... or initialized like
>
>        } else {
>            succ_pc = tcg_constant_tl(ctx->pc_succ_insn);
>        }
>
>> -    gen_set_pc(ctx, cpu_pc);
>>       if (!has_ext(ctx, RVC)) {
>>           TCGv t0 = tcg_temp_new();
>>             misaligned = gen_new_label();
>> -        tcg_gen_andi_tl(t0, cpu_pc, 0x2);
>> +        tcg_gen_andi_tl(t0, target_pc, 0x2);
>>           tcg_gen_brcondi_tl(TCG_COND_NE, t0, 0x0, misaligned);
>>       }
> ...
>>       if (misaligned) {
>>           gen_set_label(misaligned);
>> -        gen_exception_inst_addr_mis(ctx);
>> +        gen_exception_inst_addr_mis(ctx, target_pc);
>>       }
>
> This is what I expected from patch 3: cpu_pc is unchanged, with the 
> new (incorrect) address passed to inst_addr_mis for assigning to 
> badaddr.  Bug being fixed here, thus should really be a separate patch.

It's OK to update cpu_pc before gen_exception_inst_addr_mis() since it 
will restore the current pc by gen_set_pc_imm() after update cpu_pc into 
badaddr.

However, after PC-relative translation is enabled, we cannot use 
gen_set_pc to directly update cpu_pc in above case, since gen_set_pc() 
will break the pc_save, and make gen_set_pc_imm() in 
gen_exception_inst_addr_mis() failed. So we introduce a temp target_pc  
instead of cpu_pc to compute the destination pc and use it to do 
misaligned check.

>
>> @@ -172,7 +197,7 @@ static bool gen_branch(DisasContext *ctx, arg_b 
>> *a, TCGCond cond)
>>       if (!has_ext(ctx, RVC) && ((ctx->base.pc_next + a->imm) & 0x3)) {
>>           /* misaligned */
>>           gen_set_pc_imm(ctx, ctx->base.pc_next + a->imm);
>> -        gen_exception_inst_addr_mis(ctx);
>> +        gen_exception_inst_addr_mis(ctx, cpu_pc);
>
> But this one's different and (probably) incorrect.
>
>> @@ -552,13 +567,21 @@ static void gen_jal(DisasContext *ctx, int rd, 
>> target_ulong imm)
>>       if (!has_ext(ctx, RVC)) {
>>           if ((next_pc & 0x3) != 0) {
>>               gen_set_pc_imm(ctx, next_pc);
>> -            gen_exception_inst_addr_mis(ctx);
>> +            gen_exception_inst_addr_mis(ctx, cpu_pc);
>
> Likewise.
>
>> +    assert(ctx->pc_save != -1);
>> +    if (tb_cflags(ctx->base.tb) & CF_PCREL) {
>> +        TCGv succ_pc = tcg_temp_new();
>> +        tcg_gen_addi_tl(succ_pc, cpu_pc, ctx->pc_succ_insn - 
>> ctx->pc_save);
>> +        gen_set_gpr(ctx, rd, succ_pc);
>
> dest_gpr.

OK. I'll fix this.

Regards,

Weiwei Li

>
>
>
> r~

Re: [PATCH v2 5/5] target/riscv: Add pointer mask support for instruction fetch

[liweiwei]

On 2023/3/30 00:36, Richard Henderson wrote:
> On 3/28/23 20:23, Weiwei Li wrote:
>> Transform the fetch address in cpu_get_tb_cpu_state() when pointer
>> mask for instruction is enabled.
>> Enable PC-relative translation when J is enabled.
>>
>> Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
>> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
>> ---
>>   target/riscv/cpu.c        |  4 ++++
>>   target/riscv/cpu.h        |  1 +
>>   target/riscv/cpu_helper.c | 20 +++++++++++++++++++-
>>   target/riscv/csr.c        |  2 --
>>   4 files changed, 24 insertions(+), 3 deletions(-)
>>
>> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
>> index 646fa31a59..99f0177c6d 100644
>> --- a/target/riscv/cpu.c
>> +++ b/target/riscv/cpu.c
>> @@ -1193,6 +1193,10 @@ static void riscv_cpu_realize(DeviceState 
>> *dev, Error **errp)
>>       #ifndef CONFIG_USER_ONLY
>> +    if(cpu->cfg.ext_j) {
>> +        cs->tcg_cflags |= CF_PCREL;
>> +    }
>
> "if ("
>
> Consider enabling it always for system mode.  The reason for the 
> existence of CF_PCREL is to improve performance with the guest 
> kernel's address space randomization.  Each guest process maps libc.so 
> (et al) at a different virtual address, and this allows those 
> translations to be shared.
>
> I would enable CF_PCREL in a separate patch from MMTE_*_PM_INSN.

OK. I'll update this in next version.

Regards,

Weiwei Li

>
>
> r~

Re: [PATCH v2 4/5] target/riscv: Add support for PC-relative translation

[Richard Henderson]

On 3/29/23 18:09, liweiwei wrote:
>>> @@ -51,26 +59,43 @@ static bool trans_jal(DisasContext *ctx, arg_jal *a)
>>>   static bool trans_jalr(DisasContext *ctx, arg_jalr *a)
>>>   {
>>>       TCGLabel *misaligned = NULL;
>>> +    TCGv succ_pc = tcg_temp_new();
>>
>> succ_pc can by null for !CF_PCREL...
> I think this is OK since it's only used for CF_PCREL.

It allocates an unused temp.  Not a bug per se, but an easily fixable mistake.

>> ... or initialized like
>>
>>        } else {
>>            succ_pc = tcg_constant_tl(ctx->pc_succ_insn);
>>        }

If you do this, you can avoid the test/set/seti later.

>>>       if (misaligned) {
>>>           gen_set_label(misaligned);
>>> -        gen_exception_inst_addr_mis(ctx);
>>> +        gen_exception_inst_addr_mis(ctx, target_pc);
>>>       }
>>
>> This is what I expected from patch 3: cpu_pc is unchanged, with the new (incorrect) 
>> address passed to inst_addr_mis for assigning to badaddr.  Bug being fixed here, thus 
>> should really be a separate patch.
> 
> It's OK to update cpu_pc before gen_exception_inst_addr_mis() since it will restore the 
> current pc by gen_set_pc_imm() after update cpu_pc into badaddr.

True, but I think it's confusing to set cpu_pc for it's mere use in copying to badaddr, 
and rely on generate_exception to reset cpu_pc to the correct value.

> However, after PC-relative translation is enabled, we cannot use gen_set_pc to directly 
> update cpu_pc in above case, since gen_set_pc() will break the pc_save, and make 
> gen_set_pc_imm() in gen_exception_inst_addr_mis() failed. So we introduce a temp target_pc 
> instead of cpu_pc to compute the destination pc and use it to do misaligned check.

Exactly.

Which is why I think it is better to simply pass gen_exception_inst_addr_mis the value to 
use with badaddr in a normal temp (or constant).  And do this always, not simply in the 
one case where it is absolutely required to not clobber cpu_pc.


r~

Re: [PATCH v2 2/5] target/riscv: Update cur_pmmask/base when xl changes

[LIU Zhiwei]

On 2023/3/29 11:23, Weiwei Li wrote:
> write_mstatus() can only change current xl when in debug mode.
> And we need update cur_pmmask/base in this case.
>
> Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
> ---
>   target/riscv/csr.c | 9 ++++++++-
>   1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index d522efc0b6..43b9ad4500 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -1277,8 +1277,15 @@ static RISCVException write_mstatus(CPURISCVState *env, int csrno,
>           mstatus = set_field(mstatus, MSTATUS64_SXL, xl);
>       }
>       env->mstatus = mstatus;
> -    env->xl = cpu_recompute_xl(env);
>   
> +    /*
> +     * Except in debug mode, UXL/SXL can only be modified by higher
> +     * privilege mode. So xl will not be changed in normal mode.
> +     */
> +    if (env->debugger) {
> +        env->xl = cpu_recompute_xl(env);
> +        riscv_cpu_update_mask(env);
> +    }
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>

Zhiwei
>       return RISCV_EXCP_NONE;
>   }
>   

Re: [PATCH v2 3/5] target/riscv: Sync cpu_pc before update badaddr

[LIU Zhiwei]

On 2023/3/29 11:23, Weiwei Li wrote:
> We should sync cpu_pc before storing it into badaddr when mis-aligned
> exception is triggered.
>
> Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
> ---
>   target/riscv/insn_trans/trans_rvi.c.inc | 1 +
>   target/riscv/translate.c                | 1 +
>   2 files changed, 2 insertions(+)
>
> diff --git a/target/riscv/insn_trans/trans_rvi.c.inc b/target/riscv/insn_trans/trans_rvi.c.inc
> index 4ad54e8a49..05d8b5d57f 100644
> --- a/target/riscv/insn_trans/trans_rvi.c.inc
> +++ b/target/riscv/insn_trans/trans_rvi.c.inc
> @@ -171,6 +171,7 @@ static bool gen_branch(DisasContext *ctx, arg_b *a, TCGCond cond)
>   
>       if (!has_ext(ctx, RVC) && ((ctx->base.pc_next + a->imm) & 0x3)) {
>           /* misaligned */
> +        gen_set_pc_imm(ctx, ctx->base.pc_next + a->imm);

target_ulong next_pc = ctx->base.pc_next + a->imm;

gen_set_pc_imm(ctx, next_pc);

>           gen_exception_inst_addr_mis(ctx);
>       } else {
>           gen_goto_tb(ctx, 0, ctx->base.pc_next + a->imm);
> diff --git a/target/riscv/translate.c b/target/riscv/translate.c
> index 0ee8ee147d..f7ddf4c50d 100644
> --- a/target/riscv/translate.c
> +++ b/target/riscv/translate.c
> @@ -551,6 +551,7 @@ static void gen_jal(DisasContext *ctx, int rd, target_ulong imm)
>       next_pc = ctx->base.pc_next + imm;
>       if (!has_ext(ctx, RVC)) {
>           if ((next_pc & 0x3) != 0) {
> +            gen_set_pc_imm(ctx, next_pc);

I think this patch is better than it in v6.  So this patch,

Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>

Zhiwei

>               gen_exception_inst_addr_mis(ctx);
>               return;
>           }