From 0183f251707c5673977bed88ba0a5470e90ce3b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mikael=20=C3=85gren?= Date: Wed, 11 Dec 2024 12:02:42 +0100 Subject: [PATCH] PoC: Add basic syscall example firmware Adds a basic example firmware that copies an app to app RAM. The app triggers syscall interrupts and tries to execute ROM code from app mode. A make target (`tb_application_fpga_irqpoc_with_app`) that simulates a Tkey running the firmware is added. --- hw/application_fpga/Makefile | 16 +++ .../fw/irqpoc_with_app/Makefile | 9 ++ .../fw/irqpoc_with_app/custom_ops.S | 102 ++++++++++++++++++ hw/application_fpga/fw/irqpoc_with_app/main.c | 10 ++ .../fw/irqpoc_with_app/start.S | 75 +++++++++++++ .../tb/tb_application_fpga_sim.v | 2 +- 6 files changed, 213 insertions(+), 1 deletion(-) create mode 100644 hw/application_fpga/fw/irqpoc_with_app/Makefile create mode 100644 hw/application_fpga/fw/irqpoc_with_app/custom_ops.S create mode 100644 hw/application_fpga/fw/irqpoc_with_app/main.c create mode 100644 hw/application_fpga/fw/irqpoc_with_app/start.S diff --git a/hw/application_fpga/Makefile b/hw/application_fpga/Makefile index 91cb08c..0959ae2 100644 --- a/hw/application_fpga/Makefile +++ b/hw/application_fpga/Makefile @@ -153,6 +153,10 @@ IRQPOC_LED_TOGGLE_OBJS = \ $(P)/fw/irqpoc_led_toggle/main.o \ $(P)/fw/irqpoc_led_toggle/start.o +IRQPOC_WITH_APP_OBJS = \ + $(P)/fw/irqpoc_with_app/main.o \ + $(P)/fw/irqpoc_with_app/start.o + #------------------------------------------------------------------- # All: Complete build of HW and FW. #------------------------------------------------------------------- @@ -191,6 +195,7 @@ $(FIRMWARE_OBJS): $(FIRMWARE_DEPS) $(TESTFW_OBJS): $(FIRMWARE_DEPS) $(IRQPOC_OBJS): $(FIRMWARE_DEPS) $(IRQPOC_LED_TOGGLE_OBJS): $(FIRMWARE_DEPS) +$(IRQPOC_WITH_APP_OBJS): $(FIRMWARE_DEPS) firmware.elf: $(FIRMWARE_OBJS) $(P)/fw/tk1/firmware.lds $(CC) $(CFLAGS) $(FIRMWARE_OBJS) $(LDFLAGS) -o $@ @@ -239,6 +244,9 @@ irqpoc.elf: $(IRQPOC_OBJS) $(P)/fw/tk1/firmware.lds irqpoc_led_toggle.elf: $(IRQPOC_LED_TOGGLE_OBJS) $(P)/fw/tk1/firmware.lds $(CC) $(CFLAGS) $(IRQPOC_LED_TOGGLE_OBJS) $(LDFLAGS) -o $@ +irqpoc_with_app.elf: $(IRQPOC_WITH_APP_OBJS) $(P)/fw/tk1/firmware.lds + $(CC) $(CFLAGS) $(IRQPOC_WITH_APP_OBJS) $(LDFLAGS) -o $@ + # Generate a fake BRAM file that will be filled in later after place-n-route bram_fw.hex: $(ICESTORM_PATH)icebram -v -g 32 $(BRAM_FW_SIZE) > $@ @@ -251,6 +259,9 @@ testfw.hex: testfw.bin testfw_size_mismatch python3 $(P)/tools/makehex/makehex.py $< $(BRAM_FW_SIZE) > $@ irqpoc.hex: irqpoc.bin python3 $(P)/tools/makehex/makehex.py $< $(BRAM_FW_SIZE) > $@ +irqpoc_with_app.hex: irqpoc_with_app.bin + python3 $(P)/tools/makehex/makehex.py $< $(BRAM_FW_SIZE) > $@ + .PHONY: check-binary-hashes check-binary-hashes: @@ -470,6 +481,10 @@ emptyapp: tb_application_fpga_irqpoc: SIMFIRMWARE=irqpoc.hex tb_application_fpga_irqpoc: irqpoc.hex emptyapp tb_application_fpga +.PHONY: tb_application_fpga_irqpoc_with_app +tb_application_fpga_irqpoc_with_app: SIMFIRMWARE=irqpoc_with_app.hex +tb_application_fpga_irqpoc_with_app: irqpoc_with_app.hex emptyapp tb_application_fpga + #------------------------------------------------------------------- # FPGA device programming. @@ -519,6 +534,7 @@ clean_fw: rm -f $(TESTFW_OBJS) rm -f $(IRQPOC_OBJS) rm -f $(IRQPOC_LED_TOGGLE_OBJS) + rm -f $(IRQPOC_WITH_APP_OBJS) rm -f qemu_firmware.elf .PHONY: clean_fw diff --git a/hw/application_fpga/fw/irqpoc_with_app/Makefile b/hw/application_fpga/fw/irqpoc_with_app/Makefile new file mode 100644 index 0000000..82b9262 --- /dev/null +++ b/hw/application_fpga/fw/irqpoc_with_app/Makefile @@ -0,0 +1,9 @@ +# Uses ../.clang-format +FMTFILES=main.c +.PHONY: fmt +fmt: + clang-format --dry-run --ferror-limit=0 $(FMTFILES) + clang-format --verbose -i $(FMTFILES) +.PHONY: checkfmt +checkfmt: + clang-format --dry-run --ferror-limit=0 --Werror $(FMTFILES) diff --git a/hw/application_fpga/fw/irqpoc_with_app/custom_ops.S b/hw/application_fpga/fw/irqpoc_with_app/custom_ops.S new file mode 100644 index 0000000..71889b9 --- /dev/null +++ b/hw/application_fpga/fw/irqpoc_with_app/custom_ops.S @@ -0,0 +1,102 @@ +// This is free and unencumbered software released into the public domain. +// +// Anyone is free to copy, modify, publish, use, compile, sell, or +// distribute this software, either in source code form or as a compiled +// binary, for any purpose, commercial or non-commercial, and by any +// means. + +#define regnum_q0 0 +#define regnum_q1 1 +#define regnum_q2 2 +#define regnum_q3 3 + +#define regnum_x0 0 +#define regnum_x1 1 +#define regnum_x2 2 +#define regnum_x3 3 +#define regnum_x4 4 +#define regnum_x5 5 +#define regnum_x6 6 +#define regnum_x7 7 +#define regnum_x8 8 +#define regnum_x9 9 +#define regnum_x10 10 +#define regnum_x11 11 +#define regnum_x12 12 +#define regnum_x13 13 +#define regnum_x14 14 +#define regnum_x15 15 +#define regnum_x16 16 +#define regnum_x17 17 +#define regnum_x18 18 +#define regnum_x19 19 +#define regnum_x20 20 +#define regnum_x21 21 +#define regnum_x22 22 +#define regnum_x23 23 +#define regnum_x24 24 +#define regnum_x25 25 +#define regnum_x26 26 +#define regnum_x27 27 +#define regnum_x28 28 +#define regnum_x29 29 +#define regnum_x30 30 +#define regnum_x31 31 + +#define regnum_zero 0 +#define regnum_ra 1 +#define regnum_sp 2 +#define regnum_gp 3 +#define regnum_tp 4 +#define regnum_t0 5 +#define regnum_t1 6 +#define regnum_t2 7 +#define regnum_s0 8 +#define regnum_s1 9 +#define regnum_a0 10 +#define regnum_a1 11 +#define regnum_a2 12 +#define regnum_a3 13 +#define regnum_a4 14 +#define regnum_a5 15 +#define regnum_a6 16 +#define regnum_a7 17 +#define regnum_s2 18 +#define regnum_s3 19 +#define regnum_s4 20 +#define regnum_s5 21 +#define regnum_s6 22 +#define regnum_s7 23 +#define regnum_s8 24 +#define regnum_s9 25 +#define regnum_s10 26 +#define regnum_s11 27 +#define regnum_t3 28 +#define regnum_t4 29 +#define regnum_t5 30 +#define regnum_t6 31 + +// x8 is s0 and also fp +#define regnum_fp 8 + +#define r_type_insn(_f7, _rs2, _rs1, _f3, _rd, _opc) \ +.word (((_f7) << 25) | ((_rs2) << 20) | ((_rs1) << 15) | ((_f3) << 12) | ((_rd) << 7) | ((_opc) << 0)) + +#define picorv32_getq_insn(_rd, _qs) \ +r_type_insn(0b0000000, 0, regnum_ ## _qs, 0b100, regnum_ ## _rd, 0b0001011) + +#define picorv32_setq_insn(_qd, _rs) \ +r_type_insn(0b0000001, 0, regnum_ ## _rs, 0b010, regnum_ ## _qd, 0b0001011) + +#define picorv32_retirq_insn() \ +r_type_insn(0b0000010, 0, 0, 0b000, 0, 0b0001011) + +#define picorv32_maskirq_insn(_rd, _rs) \ +r_type_insn(0b0000011, 0, regnum_ ## _rs, 0b110, regnum_ ## _rd, 0b0001011) + +#define picorv32_waitirq_insn(_rd) \ +r_type_insn(0b0000100, 0, 0, 0b100, regnum_ ## _rd, 0b0001011) + +#define picorv32_timer_insn(_rd, _rs) \ +r_type_insn(0b0000101, 0, regnum_ ## _rs, 0b110, regnum_ ## _rd, 0b0001011) + diff --git a/hw/application_fpga/fw/irqpoc_with_app/main.c b/hw/application_fpga/fw/irqpoc_with_app/main.c new file mode 100644 index 0000000..c98f474 --- /dev/null +++ b/hw/application_fpga/fw/irqpoc_with_app/main.c @@ -0,0 +1,10 @@ +/* + * Copyright (C) 2022, 2023 - Tillitis AB + * SPDX-License-Identifier: GPL-2.0-only + */ + +int main(void) +{ + while (1) { + } +} diff --git a/hw/application_fpga/fw/irqpoc_with_app/start.S b/hw/application_fpga/fw/irqpoc_with_app/start.S new file mode 100644 index 0000000..05b1f3a --- /dev/null +++ b/hw/application_fpga/fw/irqpoc_with_app/start.S @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2022, 2023 - Tillitis AB + * SPDX-License-Identifier: GPL-2.0-only +*/ + +// This firmware copies an app from ROM to app RAM. The app triggers both +// IRQ_SYSCALL_HI and IRQ_SYSCALL_LO. One after the other. Finally, the +// app tries to jump firmware. This should result in a trap since the +// app in executing in app mode. +// + +#include "custom_ops.S" // PicoRV32 custom instructions + + .section ".text.init" + .globl _start +_start: + j init + +// +// IRQ handler +// + .=0x10 // IRQ handler at fixed address 0x10 +irq_handler: + // PicoRV32 stores the IRQ bitmask in x4. + // If bit 31 is 1: IRQ31 was triggered. + // If bit 30 is 1: IRQ30 was triggered. + + nop // NOPs are not necessary. Only added to make it easier to find + nop // when simulating. + nop + picorv32_retirq_insn() // Return from interrupt + +// +// Init +// + .=0x20 // Setting location of init to 0x20. Makes it easier to find when + // simulating. +init: + li t0, 0x3fffffff // IRQ31 & IRQ30 mask + picorv32_maskirq_insn(zero, t0) // Enable IRQs + + // Copy app to App RAM + la t0, app_start + la t1, app_end + li t2, 0x40000000 // 0x40000000: App RAM +copy_app: + lw t3, 0(t0) + sw t3, 0(t2) + addi t0, t0, 4 + addi t2, t2, 4 + bleu t0, t1, copy_app + + // Jump to app + li t2, 0x40000000 // 0x40000000: App RAM + jalr zero, 0(t2) + +// +// App +// + .align 4 +app_start: + li t0, 0xe1000000 // IRQ_SYSCALL_HI (IRQ31) trigger address + sw zero, 0(t0) // Raise IRQ by writing to interrupt trigger address. + // Writing any data triggers an interrupt. + + li t0, 0xe0000000 // IRQ_SYSCALL_LO (IRQ30) trigger address + sw zero, 0(t0) // Raise IRQ by writing to interrupt trigger address. + // Writing any data triggers an interrupt. + + jalr zero, 0(zero) // Jumping to firmware. Expecting trap +app_loop: + j app_loop + .align 4 +app_end: + diff --git a/hw/application_fpga/tb/tb_application_fpga_sim.v b/hw/application_fpga/tb/tb_application_fpga_sim.v index ad3f7e8..e770b86 100644 --- a/hw/application_fpga/tb/tb_application_fpga_sim.v +++ b/hw/application_fpga/tb/tb_application_fpga_sim.v @@ -84,7 +84,7 @@ module tb_application_fpga_sim (); //---------------------------------------------------------------- initial begin // End simulation after XXX time units (set by timescale) - #700; + #1600; $display("TIMEOUT"); $finish; end