Five EmbedDev logo Five EmbedDev

An Embedded RISC-V Blog
RISC-V External Debug Support

Hardware Implementations

Below are two possible implementations. A designer could choose one, mix and match, or come up with their own design.

Abstract Command Based

Halting happens by stalling the hart execution pipeline.

Muxes on the register file(s) allow for accessing GPRs and CSRs using the Access Register abstract command.

Memory is accessed using the Abstract Access Memory command or through System Bus Access.

This implementation could allow a debugger to collect information from the hart even when that hart is unable to execute instructions.

Execution Based

This implementation only implements the Access Register abstract command for GPRs on a halted hart, and relies on the Program Buffer for all other operations. It uses the hart’s existing pipeline and ability to execute from arbitrary memory locations to avoid modifications to a hart’s datapath.

When the halt request bit is set, the Debug Module raises a special interrupt to the selected harts. This interrupt causes each hart to enter Debug Mode and jump to a defined memory region that is serviced by the DM and is only accessible to the harts in Debug Mode. When taking this trap, is saved to and is updated in .

The code in the Debug Module causes the hart to execute a “park loop.” In the park loop the hart writes its to a memory location within the Debug Module to indicate that it is halted. To allow the DM to individually control one out of several halted harts, each hart polls for flags in a DM-controlled memory location to determine whether the debugger wants it to execute the Program Buffer or perform a resume.

To execute an abstract command, the DM first populates some internal words of program buffer according to . When is set, the DM populates these words with lw <gpr>, 0x400(zero) or sw 0x400(zero), <gpr>. 64- and 128-bit accesses use ld/sd and lq/sq respectively. If is not set, the DM populates these instructions as nops. If is set, execution continues to the debugger-controlled Program Buffer, otherwise the DM causes a ebreak to execute immediately.

When ebreak is executed (indicating the end of the Program Buffer code) the hart returns to its park loop. If an exception is encountered, the hart jumps to a debug trap address within the Debug Module. The code at that address causes the hart to write to an address in the Debug Module which indicates exception. This address is considered I/O for fence instructions (see #[fence] on page ). Then the hart jumps back to the park loop. The DM infers from the write that there was an exception, and sets appropriately.

To resume execution, the debug module sets a flag which causes the hart to execute a dret. When dret is executed, is restored from and normal execution resumes at the privilege set by .

etc. are mapped into regular memory at an address relative to with only a 12-bit imm. The exact address is an implementation detail that a debugger must not rely on. For example, the data registers might be mapped to 0x400.

For additional flexibility, , etc. are mapped into regular memory immediately preceding , in order to form a contiguous region of memory which can be used for either program execution or data transfer.

© RISC-V Foundation, CC BY 4.0. Coverted to HTML from the LaTex source using Pandoc. For the official specifications refer to riscv.org.