RISC-V 双周简报 (2018-07-20)

要点新闻：

上海市经信委发布RISC-V相关支持政策
ARM F.U.D. 后续报道以及各方回应

头条

上海市经信委发布RISC-V支持政策

上海市经济信息委最近发布了《上海市经济信息化委关于开展2018年度第二批上海市软件和集成电路产业发展专项资金（集成电路和电子信息制造领域）项目申报工作的通知》，开始将从事RISC-V相关设计和开发的公司作为扶持对象，这也是国内第一个和RISC-V相关的扶持政策，说明上海市政府认可RISC-V的先进性、开放性以及逐渐完善的生态。

企业首先要是在上海注册成立的，其次要以项目制的形式根据项目指南向上海市经信委政府提出申请，同时满足一系列其他条件。

以下摘抄自《通知》的附件《2018年第二批上海市软件和集成电路产业发展专项资金（集成电路和电子信息制造领域部分）项目指南》:

5、基于RISC-V指令集架构的处理器芯片方向。

支持基于RISC-V指令集架构、32位及以上的处理器芯片的研发及产业化，内核需拥有自主知识产权。

方向一：面向物联网和工控应用领域，具有优异的性能、功耗、面积等指标，优先支持有明确用户合作协议的项目。项目执行期内累计销售收入不低于2000 万元。

方向二：面向智能终端应用领域，主频不低于1GHz，性能不低于1.5 DMIPS/MHz，支持双精度浮点运算，支持主流操作系统、多核技术及缓存一致性。项目执行期内累计销售收入不低于1000 万元。

Link: 上海市经济信息化委关于开展2018年度第二批上海市软件和集成电路产业发展专项资金（集成电路和电子信息制造领域）项目申报工作的通知

行业视角

EETime: Is This the Moment for RISC-V?

EETime最近发表文章”Is this the moment for RISC-V?”，文章提到了RISC-V在中国和印度的发展。

Sherwani commented that there are some 300 companies already looking at or developing with RISC-V in China. Rupert Baines, CEO of UltraSoC, said to EE Times that there’s huge innovation going on in China and that the drive for the architecture and products will more likely come from China than India. He has a point — India has been talking about its development of a RISC-V processor, the Shakti processor, for some time, as Rick Merritt wrote two years ago.

同时也提到了印度大量人才都转向了处理器和EDA工具的开发，而且这也是有历史原因的。

India does indeed have a strong background in advanced electronics and computing, but somehow its talent was in the early days diverted to becoming part of the offshore development teams for many of international semiconductor and EDA companies. The country’s ecosystem and engineers already have over 30 years of experience in developing electronics systems and processors. Texas Instruments first established a design center in Bangalore in 1985, and engineers there have worked on several DSPs and application specific products, including its first DSP for automotive in 1995, and various DSP cores and mixed signal ASICs, including 3G wireless chip set designs back in 2000.

Links:

RV新闻

Chennai Workshop成功举办

紧随着Shanghai Day，7月16日，RISC-V Workshop在印度金奈举办，为期两天的Workshop内容非常丰富。

其中InCore Semiconductor，也就是Shakti项目孵化出的公司表现比较抢眼，大家可以着重去看看他们的Slides，

InCore Semiconductor is founded by members of the Shakti Research team to create commercial RISC-V solutions leveraging the Shakti Open Source IP and research efforts.

Focus is on AI/ML, Security, IoT Wireless and Fault Tolerant applications.

InCore的路线图中，除了3级流水和5级流水的通用核以外，支持高可靠、容错和Lock-step的核心也在其版图范围内。

Links:

ARM F.U.D. 后续报道以及各方回应

来看看业界对于ARM前端时间发起的业界普遍认为是典型的F.U.D.行为的后续报道和业界的回应。

先来看看什么是F.U.D.(Fear, Uncertainty, Doubt)，它最早指IBM销售人员对客户灌输阿姆达尔公司和其他竞争对手产品的负面观念，在顾客的头脑中注入疑惑与惧怕，使顾客误以为除了该公司的产品外，他们别无其他选择。两千年左右Microsoft对Linux也做过类似的事情。

根据The Register的报道，ARM内部员工似乎对这样的宣传手段产生了分析和不认同，随后该网站被关闭。

RISC-V基金会主席在EETime上发表文章，非常温柔的回应了arm的5条置疑(中文翻译来自eettaiwan)：

RISC-V has the potential to cut processor licensing costs, but more importantly gives customers the freedom to choose. An open architecture enables competition between open-source implementations, home-grown implementations and commercial pre-verified implementations with professional support.

RISC-V具备能削减处理器授权成本的潜在能力，但更重要的是提供客户选择的自由。一个开放性架构能促成开放源码设计成果、自产设计成果，以及具备专业支援的商业化预验证设计成果之间的竞争。

The RISC-V ecosystem is relatively young, but growing far more rapidly than any previous ISA. The RISC-V ecosystem would have taken far longer to advance to its current state without the high-quality open-source compilers, operating-systems and debug tools used by all architectures that were quickly ported and up-streamed by the open-source community. In addition to the broad range of open-source tools, there are an increasing number of professional development tools from established industry leaders being ported to RISC-V in response to customer demand.

RISC-V生态系统相对较年轻，但成长速度高于任何一种过去的ISA。而若不是有适用于所有架构的高品质开放源码编译器、作业系统与除错工具RISC-V，能快速移植并让开放源码社群纳入上层(up-stream)，RISC-V生态系统可能要花更长的时间才能进展到目前的状态。除了广泛的开放源码工具，也有厂商推出越来越多支援RISC-V的专业开发工具，以因应客户需求。

RISC-V was designed to support specialization while avoiding fragmentation by mandating a frozen common ISA standard around which the software community coalesces, while leaving ample space for innovative custom extensions that do not interfere with standard instructions and the standard software stack.

RISC-V的宗旨在于支援专门化(specialization)，同时借由授权一个软件社群所聚集的、冻结的常用ISA标准避免多头发展(fragmentation)，同时为不干扰标准指令与标准软件堆叠的创新客制化延伸留下足够空间。

Security is perhaps the greatest challenge in modern computer architecture and existing proprietary security architectures have clearly failed, as is evident from wave after wave of published attacks. RISC-V provides perhaps the best hope for developing effective security architectures.

安全性或许是现代电脑架构面临的最大挑战，而现有的专属安全架构显然已经失败──有鉴于层出不穷的骇客攻击事件曝光；RISC-V能为开发有效的安全架构带来最大希望。

The ISA is simple and amenable to formal verification. The free and open license allows implementations to be audited by external experts. The security research community has embraced RISC-V, and there are already several commercial secure RISC-V core implementations. Several governments are investing heavily in RISC-V because they can develop their own trusted secure cores without relying on foreign IP, but while still maintaining compatibility with the RISC-V software ecosystem.

此种ISA的形式化验证(formal verification)简单易行，免费与开放性授权让各种设计实作能透过外部专家审核；安全性方案研发社群已经采用了RISC-V，而且已经有很多商用安全性RISC-V设计成果。有多国政府也正在大举投资RISC-V，因为能在不需仰赖外国IP的情况下开发他们自己的可信任安全核心，同时维持与RISC-V软件生态系统的相容性。

The free and open license terms have enabled a rapid proliferation of open-source RISC-V cores and a rapidly growing commercial RISC-V soft-core industry. Multiple companies that are foundation members are supplying high-quality pre-verified cores and professional support. RISC-V already has far more commercial soft-core suppliers than any other ISA, all compatible with a single standard.

免费、开放的授权条款，让开放源码RISC-V核心快速繁殖，也让商用RISC-V软核心市场快速成长；有多家身为基础成员的公司正在提供高品质的预验证核心以及专业支援，RISC-V已经拥有比其他ISA更多的商用软核心供应商，而且都相容于单一标准。

Freedom to innovate and collaborate is critical to our industry’s future, and will enable hardware to become a vibrant partner following software’s lead in creating trailblazing new products. We welcome all to join us in the open hardware revolution.

自由地创新以及合作对产业的未来至关重要，也将使得硬件成为活跃的伙伴，追随软件的脚步打造新产品；我们欢迎所有人加入开放性硬件革命的行列！

而由某个匿名者发起的arm-basics.com网站也随着ARM FUD网站的关闭而于最近关闭。arm-basics.com最有趣的地方在于网站完全运行在Github上，从一个空白的网页，通过网友不断的提交Pull Request来完善其内容，以一种开源和开放的方式有力的回应了Arm的指责。

以下是根据Github上的存档，网站上反驳ARM的六点。

Six things to consider before designing a System-on-Chip

The instruction set architecture (ISA) is the foundation of all chip or System-on-Chip (SoC) products. It is therefore one of the most fundamental design choices you will make. If you are considering using a proprietary ISA, such as ARM, it is critical to understand the key factors you should consider as part of your go-to-market strategy.

Cost

Proprietary instruction set architectures, such as ARM, have a license fee and currently an ongoing royalty model that can cost tens of millions of dollars. Moreover, the cost of licensing an ARM ISA accounts for at least 1% of all your sales.

ARM annual architectural license fee pays for complete design team for several RISC-V cores.

Fragmentation risk

ARM fragments their own ISAs (ARM v6/7/8, Thumb 1, Thumb2, ThumbEE, Jazelle, ARM v8, v8-M, NVIC/VIC/GICv2/3/4, multiple hypervisor variants/…, DSP/NEON/VFP/SVE).

ARM doesn’t allow users to customize, forcing them to buy a second core, or more wisely, move to RISC-V.

Improvements

The ARM instruction set architecture doesn’t allow open-source developers to contribute. This means you are stuck at the mercy of the original vendor and any backdoors it might have. This restriction makes it more difficult for people to trust your chip and prevents the community from bringing improvements to your systems for free.

Design Assurance

Verification and validation of processor designs can consume 75% of total design time. Having it open source means volunteers can participate in the creation of your design by bringing their unique expertise in the field, for free. This reduces design costs.

Extensions are optional, you can buy preverified cores. In fact, 8x fewer instructions and simpler privilege architecture results in a much simpler verification process.

Large, Supportive Community

It is important an architecture is well received by an active community, so it can help you port a more diverse range of software, services and designs to your processor architecture. This guarantees market choice, product quality and an optimal time to market. Proprietary ecosystems do not have this level of trust and openness.

It’s true RISC-V ecosystem is weaker than ARM’s right now, but it is growing much faster.

Security

Cyberthreats mean that robust chip security cannot ever be optional. Proprietary products can be severely insecure, and because they can’t benefit from years of scrutiny from open source developers and industry experts, Spectre and Meltdown can happen to them. ARM doesn’t concern itself with security issues as the public expects. They ignored ret2usr for a very long period of time, while millions of ARM users were exposed to the massive exploit, until a few security features (domain, PXN) were added into ARMv7. The 1st PXN implementation was done by PaX/Grsecurity, while the 1st implementation of domain was done by PaX’s UDEREF. To date, ARM has yet to credit them. RISC-V will have the chance to make things right in the beginning and that’s what security subgroups and Security Standing Committee from the RISC-V foundation have been doing from the start.

Links:

技术讨论

39 位的指令虚拟地址宽度已经够宽的了

Peter J Smith 在 RISCV ISA Dev 的邮件列表里提出建议，指令的虚拟地址宽度保持 39位足矣，甚至位数可以更少；而数据的虚拟地址可以用到 48 位宽的。指令和数据的地址空间没有必要一样，一般来说指令的地址空间只会非常小。随着访问的数据越大，消耗在指令虚拟地址转换上的硬件资源就越多（数据、指令的虚拟地址宽度一致，但指令用到的空间不多）。他认为应用程序不会用到这么多的指令虚拟地址空间。

David Chisnall 回应到，他想到两个需要比较大的指令虚拟地址空间的使用例子：

如果需要做类似 ASLR 的事情，限制指令虚拟地址空间会降低随机性（熵）。代码地址必须在按页对齐的块里，也经常在父页（superpag-aligned）对齐的块里。对于 2MB 的 spuerpages（SV48），需要花费 20 bits 用于底部，因此留下19位用于随机化（熵），这样探测出来需要的成本低。
对于CHERI 类型的单个地址空间划分，甚至 48 位都不太够。每个划分保留 4GB，48 位的话只有分成 64K 个，这对于大多数的 UNIX 系统使用的 PID 空间小得多。也就是说，他不认为数据和代码的虚拟地址空间非要一致以及对于任何特定的微体系结构进行解耦它们是有意义的。

对于这点指令的虚拟地址宽度，39 位是否已经足够的更多看法，可以参见邮件列表: isa_dev

Custom instructions (如何添加自定义指令到risc-v中)

arup de在RISC-V SW Dev提问如何添加自定义指令到risc-v中. arup de按照https://nitish2112.github.io/post/adding-instruction-riscv/指引添加了自定义指令但是汇编器没有按预期生成机器码。Jim Wilson解释说:

riscv-opcodes wasn’t added to FSF binutils, so it not being used to maintain the assembler/disassembler, though I don’t know if it was ever used for that. The info in this URL looks OK. And the fact it works for mod seems to indicate that it is OK. if it isn’t working for your mac instruction then maybe you made a mistake.

Actually, looking at this again, I see you want an instruction with 3 inputs, but are using an instruction format that only supports 2 input registers. Maybe compiler optimization is changing the destination register, which is breaking your attempt to use the destination register as an input. You also need to modify the asm to indicate that the destination is also an input. You can do this by changing

: [z] "=r" (c) to : [z] "+r" (c)

However, it would be best if you used an instruction format that properly supports 3 input registers to avoid confusion. See for instance the fmadd instructions, though since you want to do this for an integer instruction, you will need more changes to add operand description letters for a third input, which will require gas/config/tc-riscv.c changes.

it is probably easier is you just use .insn instead.

大意是repo: riscv/riscv-opcodes的指令还没有upstream到binutils中，所以binutils的维护者FSF过去没有持续维护汇编器和反汇编器关于RISC-V指令功能。

arup de添加的是一个三输入指令，但是参考的是已有的两输入指令修改的, 最好是是参考比如fmadd这样的三输入指令来修改。

Sathya Narayanan N给出了详细完全的指导:

Go to riscv-tools/riscv-opcodes/opcodes. All the instructions will be written there in a specific format. The format will also be mentioned in the file. Instructions will also be grouped together in a specific logic. Choose which logic is more suitable for the custom instruction and then add it to that group. For example, the instruction added is ‘ctz’, it can be.

在riscv-tools/riscv-opcodes/opcodes包括了risc-v现在支持的所有指令，而且被分门别类的整理好了。你从中找一个跟你新添加的指令最适合的指令来参考添加你的自定义指令。

Then, run the following command from the riscv-opcodes folder terminal to obtain the match and mask code.

通过下面命令把添加的指令生成相关的代码,并保存在temp.h中

cat opcodes-pseudo opcodes opcodes-rvc opcodes-rvc-pseudo opcodes-custom | ./parse-opcodes -c > <path name>/temp.h

Go to the temp.h and copy the match and mask code.

打开temp.h并复制代码

Paste the match and mask code in the

把代码粘贴到

riscv-gnu-toolchain/riscv-binutils-gdb/include/riscv-opc.h

Then, the instruction is initialised by going to

然后在下面文件中初始化你的指令 riscv-gnu-toolchain/riscv-binutils-gdb/opcode/riscv-opc.c

The constructors have various parameters such as type of instruction (I for immediate and C for compressed) and operands, where in most cases, the variables given will be d(destination), s(source), t(transition).

构造方法中有很多参数，包括指令的类型(比如I为立即数，C为压缩指令), 操作数。操作数可能是目标数，源操作数，中间传递寄存器

同时Sathya Narayanan N也提到RISC-V不但支持三操作数指令，也支持四操作数指令

p.136 (table 22.2) v2.3-draft risc-v isa manual shows you some of the types of standard instructions (and p134 shows more). one of them is called “R4 type”. so the answer’s yes.

Link: sw-dev

Rocket-chip里DecodeLogic的工作原理

Liwei(david mlw)在HW-Dev邮件组提到了关于Rocket芯片代码的疑惑: DecodeLogic()函数分别在idecode.scala和fpu.scala以不同的方式被调用。在DecodeLogic的原始定义中（参看decode.scala）, 返回值是UInt类型的系列。但在idecode.scala和fpu.scala的调用里，返回值却是不一样的。这是如何做到的呢？

在idecode.scala

def decode(inst: UInt, table: Iterable[(BitPat, List[BitPat])]) = {
   val decoder = DecodeLogic(inst, default, table)
   val sigs = Seq(legal, fp, rocc, branch, jal, jalr, rxs2, rxs1, sel_alu2,
                  sel_alu1, sel_imm, alu_dw, alu_fn, mem, mem_cmd, mem_type,
                  rfs1, rfs2, rfs3, wfd, mul, div, wxd, csr, fence_i, fence, amo, dp)
   sigs zip decoder map {case(s,d) => s := d}
   this
}

在fpu.scala

val decoder = DecodeLogic(io.inst, default, insns)
val s = io.sigs
val sigs = Seq(s.ldst, s.wen, s.ren1, s.ren2, s.ren3, s.swap12,
               s.swap23, s.singleIn, s.singleOut, s.fromint, s.toint,
               s.fastpipe, s.fma, s.div, s.sqrt, s.wflags)
sigs zip decoder map {case(s,d) => s := d}

Chris提供的答案是，DecodeLogic调用Quine-Mccluskey算法(注：一种布尔函数最小化的简化方法)执行逻辑最小化，将一组键值映射到输出信号，其中输入表允许使用0,1和dontCare。更详尽的解释是instructions.scala定义了指令模式，Decode中的表是从指令到结果信号的映射，而DecodeLogic优化了映射逻辑。之所以idecode.scala和fpu.scala得到不同的结果，是因为它们输入不同的表。

另外，Ed提出了一个有趣的问题: 像DecodeLogic这样的预先简化控制逻辑是否比直接使用逻辑综合工具（synthesis tool）更好的结果？是不是Chisel工具本身还有限制，让生成的”always” blocks还没办法让逻辑综合工具（synthesis tool）在现阶段进行很好的优化？

对于这个问题，Chris的回答是，在Chisel中，我们避开了语言中1’hx的使用（除了一些非常有限的特例外）。因此，我们不能在常规case语句中提供1’hx，没法让verilog工具做优化。

Link: https://groups.google.com/a/groups.riscv.org/forum/#!msg/hw-dev/sCJdI5F91B0/pXwskO5UBgAJ

理解（Return Address Stack）RAS （push）推栈和（pop）弹栈的用例

Pierre G. 提出了自己对于 RISC-V 指令集手册卷 1:用户级指令集体系结构 2.2 版中对于表 2.1: 在指令中将返回地址栈预测暗示编码进寄存器的分类使用的理解，并提出了自己对于“ push and pop ” 的疑惑。

背景信息：

间接跳转指令 JALR(jump and link register) 使用I类编码。通过将 12 位有符号 I 类立即数加上 rs1, 然后将结果的最低位设置为0, 作为目标地址。跳转指令之后的指令地址 (pc + 4) 保存到寄存器 rd 中。

rd rs1 rs1=rd RAS action

!link !link - none

!link link - pop

link !link - push

link link 0 push and pop

link link 1 push

rd	rs1	rs1=rd	RAS action
!link	!link	-	none
!link	link	-	pop
link	!link	-	push
link	link	0	push and pop
link	link	1	push

Samuel Falvo II 纠正了他的观点：

RAS 是实现细节和一种优化手段，通过主分支的预测逻辑以加速子程序的调用和返回。执行 JAL(R) 时并不影响对寄存器 Rd 的更新，如果预测失败，核心将必须跳入 Rs1 + imm。
立即数总是有用的。
当对 RAS 做弹栈操作的目的是预测返回地址。如，在取指阶段获取 RAS 顶的地址，并希望这是对的。但有可能猜错，这仅在 Rs1+imm == RAS 的 top (栈顶) 时，则JALR 实际执行了，才算预测正确。否则，必须清流水线，从 Rs1+imm 重新取指。
- 有四种典型的栈操作： Push， Pop ，Push & Pop； Peek 是一个非破坏性栈顶读操作。

Cesar Eduardo Barros 也确认了以下观点：