add support for CMO v1.0

[liweiwei90]

Add support for CMO v1.0:

• Add zicboz,zicbom,zicbop flags to isa string
• Add blocksz parameter to specify the cache block size
• Update cache access function to support cache block size access
• Add clean_invalidate function for cache
• Add functions for CMO instructions
• Add disasm support for CMO instructions

[aswaterman]

I'd like someone from the CMO TG to perform a code review. @dkruckemyer-ventana can you nominate someone?

[a4lg]

I was also making RISC-V CMO instruction but my implementation lacked actual cache invalidation.
I generally support this branch with a few fixes.

[a4lg]

This PR is definitely better than my test implementation (not PR-ed).
Still, my work told me that there's a few changes are required.

[a4lg]

Disassembly support for prefetch.[irw] instructions must be placed before ori instruction because prefetch hint instructions are special encodings of ori instruction.

[a4lg]

You can test this file (spike --isa=rv64gc_zicbom_zicbop_zicboz -l test-zicbo.bare.elf): test-zicbo.bare.zip

This is built with GNU Binutils + my CBO support patchset and my toy builder (will be open-sourced later).

    .globl  _start
    .section .entry, "ax", %progbits
    .attribute arch, "rv64gc_zicbom_zicbop_zicboz"
_start:
    prefetch.i 0(x0)
    prefetch.r 32(x1)
    prefetch.w 64(x2)
    cbo.clean x1
    cbo.clean x30
    cbo.inval x1
    cbo.inval x30
    cbo.flush x1
    cbo.flush x30
    cbo.zero x1
    cbo.zero x30
    ret

[liweiwei90]

That's true. I didn't realize this question before jrtc27 comment in riscv/sail-riscv#137. It's easy to fix the problem in disasm. However, It seems hard to fix the function code of prefetch.* . Is there any suggestion?

[a4lg]

My changes including CBIE, CBCFE and CBZE bits are merged into riscv-opcodes.
riscv/riscv-opcodes#94

Because riscv/encoding.h is intended to be auto-generated by riscv-opcodes, managing our bits (especially with our names) is not a good idea.

Even if we change riscv/encoding.h manually, we should use following changes instead (as upstreamed into master):

#define MENVCFG_CBIE  0x00000030
#define MENVCFG_CBCFE 0x00000040
#define MENVCFG_CBZE  0x00000080

[liweiwei90]

OK. I'll update encoding.h.

[a4lg]

Extension masking is required.

envcfg_mask = (proc->extension_enabled(EXT_ZICBOM) ? MENVCFG_CBCFE | MENVCFG_CBIE: 0)
            | (proc->extension_enabled(EXT_ZICBOZ) ? MENVCFG_CBZE: 0);

[liweiwei90]

OK. I'll update this.

[a4lg]

Actually, those CSRs are not that simple.
I'm working on the fix as a part of other privileged spec 1.12 CSR changes and will support merging this simple implementation for now (I just let you know there is a todo-list entry here).

[liweiwei90]

OK.

[a4lg]

Delete this line since this instruction is a hint and must not generate illegal instruction trap.

[a4lg]

You can optionally stop prefetching if EXT_ZICBOP is not enabled. Even so, we must not generate any trap here (even prefetch.i 0(zero) must be safe).

[liweiwei90]

OK. I'll fix this.

[a4lg]

Delete this line since this instruction is a hint and must not generate illegal instruction trap.

[a4lg]

Delete this line since this instruction is a hint and must not generate illegal instruction trap.

[a4lg]

DISASM_INSN("prefetch.r", prefetch_r, 0, {&store_address});

[liweiwei90]

Sorry. I forgot to update the second argument after copy.

[a4lg]

DISASM_INSN("prefetch.w", prefetch_w, 0, {&store_address});

[liweiwei90]

This PR is definitely better than my test implementation (not PR-ed). Still, my work told me that there's a few changes are required.

Thanks for your comments.

[a4lg]

(Comment by @a4lg)
Disassembly support for prefetch.[irw] instructions must be placed before ori instruction because prefetch hint instructions are special encodings of ori instruction.

(Comment by @liweiwei90)
That's true. I didn't realize this question before jrtc27 comment in riscv/sail-riscv#137. It's easy to fix the problem in disasm. However, It seems hard to fix the function code of prefetch.* . Is there any suggestion?

I looked into the current implementation and... I concluded that ori and Zicbop instructions will not be decoded incorrectly.

1. Hash table is not relevant here (because hash table key is exact instruction bits) and linear search using the instruction list is important.
2. Instruction list is initially ordered in descending order of (match, mask).
3. Related four instructions are ordered in following order (that is okay):
   • prefetch.w (match == 0x306013)
   • prefetch.r (match == 0x106013)
   • prefetch.i (match == 0x006013, mask == 0x01f07fff)
   • ori (match == 0x006013, mask == 0x707f)
4. processor_t::decode_insn moves matched instruction to front to reduce decode miss penalty but that behavior is suppressed if there's another instruction with the same match value exists and...
5. prefetch.i and ori share the same match value (of 0x006013). That means they will not be moved to the front (on the other hand, prefetch.[rw] will be).
6. prefetch.[irw] are always tested before ori. (Q.E.D.)

There will be a small performance degradation, but nothing more.

Yes, it's not very intuitive behavior but not very urgent to fix either.
What do you think? >@aswaterman

[a4lg]

I first didn't notice that disasm part is resolved (because cbo.* instructions are moved too). Anyway, here's my suggestions.

[a4lg]

I agree with riscv/sail-riscv#137 (comment) and default block size would be better to be 64.

[liweiwei90]

OK, I'll fix this. There is still some problem unsolved in the review of sail-riscv, this may also affect the implementation of spike.

[a4lg]

How about checking whether the block size is a power of 2 somewhere? See processor_t::check_pow2 for argument checking.

[liweiwei90]

I have sent email to David to discuss about the unsolved problems, including the reasonable range for cache block size. There is no reply currently. Anyway, I agree it should be power of 2. I'll update it later.

[a4lg]

This is not sail-riscv but actual extension name would be better here, too. How about zicbo (for Zicbo[mpz]) instead of cmo?

[liweiwei90]

The name in riscv_insn_list are all use the total name of extensions(k, b, v,...) or specific extension name(svinval). I think cmo is more like the total name of zicbo[mpz] than zicbo.

[a4lg]

Got it. If the maintainer agrees, that's okay.

[liweiwei90]

(Comment by @a4lg)
Disassembly support for prefetch.[irw] instructions must be placed before ori instruction because prefetch hint instructions are special encodings of ori instruction.

(Comment by @liweiwei90)
That's true. I didn't realize this question before jrtc27 comment in riscv/sail-riscv#137. It's easy to fix the problem in disasm. However, It seems hard to fix the function code of prefetch.* . Is there any suggestion?

I looked into the current implementation and... I concluded that ori and Zicbop instructions will not be decoded incorrectly.

1. Hash table is not relevant here (because hash table key is exact instruction bits) and linear search using the instruction list is important.

2. Instruction list is initially ordered in descending order of `(match, mask)`.

3. Related four instructions are ordered in following order (that is okay):
   
   * `prefetch.w` (`match == 0x306013`)
   * `prefetch.r` (`match == 0x106013`)
   * `prefetch.i` (`match == 0x006013, mask == 0x01f07fff`)
   * `ori` (`match == 0x006013, mask == 0x707f`)

4. `processor_t::decode_insn` moves matched instruction to front to reduce decode miss penalty but that behavior is suppressed if there's another instruction with the same `match` value exists and...

5. `prefetch.i` and `ori` share the same `match` value (of `0x006013`). That means they will not be moved to the front (on the other hand, `prefetch.[rw]` will be).

6. `prefetch.[irw]` are always tested before `ori`. (Q.E.D.)

There will be a small performance degradation, but nothing more.

Yes, it's not very intuitive behavior but not very urgent to fix either. What do you think? >@aswaterman

Thanks for your explanation. I missed the case that the instruction will not moved to the front if it have the same match value with its previous or later instruction.

[liweiwei90]

I first didn't notice that disasm part is resolved (because cbo.* instructions are moved too). Anyway, here's my suggestions.

Sorry, I don't understand the problem for moving cbo.* instructions before.

[a4lg]

I first didn't notice that disasm part is resolved (because cbo.* instructions are moved too). Anyway, here's my suggestions.

Sorry, I don't understand the problem for moving cbo.* instructions before.

I just felt that it wasn't necessary. prefetch.* instructions need to be placed before ori but regular extended instructions are placed under base instructions, organized by extension (so I thought cbo.* instruction should follow regular coding style).
But that's just about cleanliness, not functionality.

[liweiwei90]

I first didn't notice that disasm part is resolved (because cbo.* instructions are moved too). Anyway, here's my suggestions.

Sorry, I don't understand the problem for moving cbo.* instructions before.

I just felt that it wasn't necessary. prefetch.* instructions need to be placed before ori but regular extended instructions are placed under base instructions, organized by extension (so I thought cbo.* instruction should follow regular coding style). But that's just about cleanliness, not functionality.

OK. I just want to put the cmo related instructions together.

[aswaterman]

The prefetch instructions should be deleted from this PR. Executing them as no-ops is a fully legitimate implementation of the extension. The proposed approach adds complexity but doesn't provide meaningful benefit.

[scottj97]

Use modern C++ loop:

for (auto it: list)

[liweiwei90]

OK.

[liweiwei90]

The prefetch instructions should be deleted from this PR. Executing them as no-ops is a fully legitimate implementation of the extension. The proposed approach adds complexity but doesn't provide meaningful benefit.

OK. The prefetchs have been deleted

[scottj97]

There is a lot of logic here (and in clean_inval() too) to perform what is basically a simple store, no? There ought to be a better way than to have to deal with all these possibilities (TLB hit/miss, tracing, triggers) over and over.

[liweiwei90]

Yes, this is similar to simple store, However the store length is longer. So the effect of TLB hit/miss, tracing, triggers is a little different from simple store.

[liweiwei90]

Sorry, I cannot get your idea of a better way. Current MACRO for load/store cannot fit into block size operation.

[scottj97]

@aswaterman any ideas? cbo_zero() and clean_inval() ought to be much simpler for what they do.

[aswaterman]

@scottj97 I agree.

cbo.zero was defined in such a way that breaking it into a sequence of smaller stores is legal. IMO, we should take advantage of that property here. Could delete this routine and replace the instruction implementation with something like

auto base = RS1 & -blocksz;
for (size_t offset = 0; offset < blocksz; offset += 4)
  MMU.store_uint32(base + offset, 0);

[dkruckemyer-ventana]

Better yet, increment "offset" by 1 and simply store bytes, since that's the arch definition (and avoids assumptions about the atomicity of the individual operations).

[aswaterman]

Yeah, that would get the point across better. They should be equivalent as far as Spike's concerned, though, since the difference in atomicity isn't observable--Spike's single-threaded, and 4 bytes is the smallest protection granule.

[liweiwei90]

OK. I still have one problem: How about the tracer for cache_misses and write_accesses counter? Do we need to take it into acount?

[aswaterman]

I think this approach is OK with respect to those counters. They're part of the Spike implementation, rather than governed by the ISA, and so we can just say that the current behavior is correct by definition.

[liweiwei90]

OK.

[scottj97]

Please squash the fixes back into the original commits. I.e. everything starting with d819da1

[liweiwei90]

Please squash the fixes back into the original commits. I.e. everything starting with d819da1

OK.

[scottj97]

This is much improved, but clean_inval() still smells funny.

[scottj97]

This seems excessive, especially all the special handling of exceptions.

[liweiwei90]

In the spec, " A cache-block management instruction is permitted to access the specified cache block whenever a load
instruction, store instruction, or instruction fetch is permitted to access the corresponding physical addresses." That means it may do LOAD STORE or FETCH check. However, current translate progress can only pass one type at a time. So in above implementation it divide into three steps to check each access type:

• No matter which access type pass the translation progress, cbo instruction will execute successfully.
• If all of them trigger exceptions. it will combine the final exception result according which exception is triggered at last (birefly access fault> guest page fault > page fault)

[aswaterman]

Since stores don't succeed where loads fail, it should be possible to only check for load or fetch permissions.

Furthermore, the interaction between CBOs and triggers is implementation-defined, so we're free to skip that part.

We're also under no obligation to refill the TLB. For these instructions, simple code is

And finally, we don't need to be quite so precise about what type gets passed to tracer.interested_in_range. Between all of those, I think this can be simplified substantially. Something like this:

void mmu_t::clean_inval(reg_t addr, bool clean, bool inval)
{ 
  reg_t paddr;
  
  try {
    paddr = translate(addr, 1, LOAD, 0);
  } catch (...) {
    // Try again with fetch permissions 
    try {
      paddr = translate(addr, 1, FETCH, 0);
    } catch (trap_instruction_access_fault& t) {
      trap_store_access_fault(t.has_gva(), addr, 0, 0);
    } catch (trap_instruction_page_fault& t) {
      trap_store_page_fault(t.has_gva(), addr, 0, 0);
    } catch (trap_instruction_guest_page_fault& t) {
      trap_store_guest_page_fault(addr, t.get_tval2(), 0);
    } catch (...) {
      abort();
    }
  }

  if (auto host_addr = sim->addr_to_mem(paddr)) { 
    if (tracer.interested_in_range(paddr, paddr + PGSIZE, LOAD))
      tracer.clean_invalidate(paddr, blocksz, clean, inval);
  } else {
    throw trap_store_access_fault((proc) ? proc->state.v : false, addr, 0, 0);
  }
}

[scottj97]

Would it make any sense to modify translate() so that we can pass a list of access types? So we could do:

paddr = translate(addr, 1, LOAD | FETCH | STORE, 0);

[aswaterman]

I'd need to see it both ways to judge. I'm worried that doing so would make the already complex page-table-walking code messier. This approach is certainly ugly, but at least it is contained.

[scottj97]

In the spec, " A cache-block management instruction is permitted to access the specified cache block whenever a load instruction, store instruction, or instruction fetch is permitted to access the corresponding physical addresses." That means it may do LOAD STORE or FETCH check. However, current translate progress can only pass one type at a time. So in above implementation it divide into three steps to check each access type:

• No matter which access type pass the translation progress, cbo instruction will execute successfully.
• If all of them trigger exceptions. it will combine the final exception result according which exception is triggered at last (birefly access fault> guest page fault > page fault)

How does this work with MPRV=1 (which does not affect fetch)? Perhaps the spec is too vague here. As of 83fdb70, clean_inval() tries a load access type, and if that detects a fault, it tries a fetch access type. Those could be two completely different paddrs if MPRV=1. That doesn't seem desirable. The spec refers only to "the corresponding physical address", i.e. only a single possible physical address.

[dkruckemyer-ventana]

You had me stumped there for a moment, but I think everything is OK in the spec....

The translation is based on the effective address of the CBO, which, like other explicit load and store accesses, is affected by MPRV. Once the translation is performed, the permissions are checked against the RWX bits in the various mechanisms. So the translation and permission check is not performed as if the access were an instruction fetch.

But this likely highlights an issue with performing a FETCH translation by itself.... (I was wrong in thinking that was OK.)

[dkruckemyer-ventana]

Perhaps a way to approach this is to perform two LOAD accesses, one with MXR=0 and one with MXR=1? (Though I haven't quite thought through whether that explodes with virtualization....)

Edit: or just force MXR=1?

[aswaterman]

MXR doesn't affect PMP, and so that wouldn't suffice to allow CBOs to regions that have a R=0 X=1 PMP configuration.

[liweiwei90]

I have modified translation progress to support check for cbo ops If virt is not a problem.

[scottj97]

Two problems I see in this logic:

1. If LOAD detects an access fault, it tries again with FETCH. But access will still be true, so this will take a store access fault, when it should successfully perform the CBO if the fetch succeeds.
2. This does not seem to check for STORE permissions at all? If the page is read-only, the operation should not be allowed (right?). Edit: apparently cache ops are allowed to read-only pages, so never mind.

[liweiwei90]

Yeah. this is a logic error. I should take all of them to false if FETCH succeeds.

[scottj97]

Why use a reference for type?

[scottj97]

Nevermind, I see why. This smells bad but I can't think of a better way. :(

[aswaterman]

This is going to lead to a lot of confusion. Return an aggregate (e.g. struct { reg_t addr; int type; };) instead?

[liweiwei90]

OK. I'll try this way.

[aswaterman]

@dkruckemyer-ventana tells me that the perms checking for CBOs might be relaxed so that merely checking for load permissions is a correct implementation. I'll let him confirm or deny. That would greatly simplify things: we could leave the translation functions as-is, and simply check for load perms, catch load exceptions, and rethrow as store exceptions.

[dkruckemyer-ventana]

I think that change is highly likely. Let's see what things look like with Andrew's suggestions.

[liweiwei90]

I think that change is highly likely. Let's see what things look like with Andrew's suggestions.

Sorry. do you mean the spec will change as this way?
If so, the code can be simplified to as follows without change to translate function:

void mmu_t::clean_inval(reg_t addr, bool clean, bool inval)
{ 
  reg_t paddr;
  
  try {
    paddr = translate(addr, 1, LOAD, 0);
  }  catch (trap_load_access_fault& t) {
      trap_store_access_fault(t.has_gva(), addr, 0, 0);
  } catch (trap_load_page_fault& t) {
      trap_store_page_fault(t.has_gva(), addr, 0, 0);
  } catch (trap_load_guest_page_fault& t) {
      trap_store_guest_page_fault(addr, t.get_tval2(), 0);
  } catch (...) {
      abort();
  }

  if (auto host_addr = sim->addr_to_mem(paddr)) { 
    if (tracer.interested_in_range(paddr, paddr + PGSIZE, LOAD))
      tracer.clean_invalidate(paddr, blocksz, clean, inval);
  } else {
    throw trap_store_access_fault((proc) ? proc->state.v : false, addr, 0, 0);
  }
}

[dkruckemyer-ventana]

Yes, barring any last minute objections, load (read) permission is the only requirement for management CBOs. There's a PR with the updated text:

riscv/riscv-CMOs#46

[liweiwei90]

OK. I have reverted the modification for translate function and update the clean_inval function.

[dkruckemyer-ventana]

I'm not sure what "writebacks" counts, but an actual writeback is only required if a clean is required. For inval only, a proper writeback of data would not need to occur.

[liweiwei90]

OK. I'll try to fix this.

[scottj97]

Thank you for your patience with all my nitpicking.

[aswaterman]

Thanks for both your effort and your patience, @liweiwei90!

[ingallsj]

default 16 or 64?

[gfavor]

I would suggest a default of 64B - based on that being the most common block size in the industry today (in x86 and ARMv8 architectures).

[aswaterman]

Agreed, @ingallsj please make a PR to fix.

[ingallsj]

#923