riscv / riscv-debug-spec

Working Draft of the RISC-V Debug Specification Standard
https://jira.riscv.org/browse/RVG-94
Other
458 stars 92 forks source link

Target identification and discovery #735

Closed nipo closed 1 year ago

nipo commented 2 years ago

I've been implementing JTAG-DTM and DM lately, and have been wondering about automatic target identification and discovery methods. I skimmed through public discussions I could find around DM, DTM and DMI and did not find this point discussed. Maybe I missed it. If so, please point me to relevant documents.

For now, entry point is JTAG TAP, which has an IDCODE register. This is the only target identification we have, but:

Let's take an example in an existing infrastructure that has been quite successful: ARM Cortex. In CoreSight world, there is a full hierarchy of components, each one with its identification registers (See DDI0314H for details):

This allows complete blind enumeration of the target, which is a very appreciable. One drawback of this model, though, is target identification relies on access to the main memory bus, which may be disabled by memory protection features.

I would suggest adding a method for identifying target at the DMI level, but before the main memory bus. Moreover, with increasing availability of softcores, I would suggest not relying on JEP106 IDs for namespacing. Something like a 128-bit UUID would totally eliminate the need for a central registry.

timsifive commented 2 years ago

Currently, if a JTAG debugger knows that it's talking to a RISC-V target, it can discover just about everything that it needs to know. There are some details about the system (like what kinds of triggers are supported) that are hard to discover. We hope to use https://github.com/riscv/configuration-structure/blob/master/riscv-configuration-structure-draft.adoc for that. (This has the same memory access drawback as you describe. I'd be open to adding some DM functionality that provides access to the structure.) If there are other details that are important, stuffing them into the configuration structure generally feels like a good solution.

nipo commented 2 years ago

For trace and debug, of course, we can reasonably assume access to main memory as a prerequisite to CS. Most things described in CS will require accessing DM anyway.

Let me rephrase my point:

I think we should be able to identify the target platform before enabling any DM, but we don't require any details at the level of CS.

Yet, I think we should not rely on IDCODEs from TAP because:

What to do then ?

Bluetooth, for instance, managed to mix between standard-allocated numbers and non-allocated, freely-generated IDs by using UUIDs everywhere (allocated numbers derive from a "base" UUID, but this is an implementation detail, actually). This is quite nice as it avoids need for central allocation. Hence the proposition for an UUID.

Something like 128-bit vendor UUID (totally freely generated), and 32-bit (or more) vendor-allocated ID for chip / version would solve those needs with no chance of running out of IDs.

timsifive commented 1 year ago

I'm not sure what the action item here is. If someone wants to propose a new, better, discovery mechanism, then we can talk about that.