I'm encountering a problem where SEGGER tools are not correctly decoding RISC-V instructions.
My target is a RISC-V core (Ibex RV32IMC) with RISC-V debug (pulp riscv-dbg v0.13) on an Arty A7-A35T FPGA board (segger.com/evaluate-our-software/risc-v/digilent-arty/).
It works fine with OpenOCD, but SEGGER has problems with it. J-Link Commander doesn't correctly decode and single-step instructions (and Embedded Studio also trips over itself at the same point).
Testing was done with the latest J-Link release (v6.94). I have demonstration code for both the scenario of just using purely open-source Makefile as well as when using SEGGER Embedded Studio.
Problem 1: Incorrect decode of unconditional jump
Here is a simple unconditional jump in the code image:
80: 0100006f j 90 <reset_handler>
However, J-Link Commander decodes it like this when single-stepping:
J-Link>r
Reset delay: 0 ms
Reset type Normal: Resets core & peripherals using <ndmreset> bit in <dmcontrol> debug register.
RISC-V: Performing reset via <ndmreset>
J-Link>h
pc = 00000080 sp = 00010000 ra = 000000F6
gp = 00000000 tp = 00000000 fp = 00000000
t0 = 00000000 t1 = 00000000 t2 = 00000000
t3 = 00000000 t4 = 00000000 t5 = 00000000 t6 = 00000000
a0 = 00000000 a1 = 00000000 a2 = 00000000 a3 = 0000C000
a4 = 005F5E10 a5 = 0021A326 a6 = 00000000 a7 = 00000000
s1 = 00000000 s2 = 00000000 s3 = 00000000 s4 = 00000000
s5 = 00000000 s6 = 00000000 s7 = 00000000 s8 = 00000000
s9 = 00000000 s10 = 00000138 s11 = 00000138
J-Link>s
00000080: 6F 00 00 01 J 0x000F0086
Changed regs: pc = 000F0086
J-Link>s
000F0086: 00 00 ILLEGAL
Changed regs: pc = 00000000
Unlike J-Link Commander, Embedded Studio correctly decodes the jump instruction in its disassembly window. However, it still causes the PC to branch to the erroneous address (0x000F0086)that J-Link Commander invents.
Problem 2: Inability to decode compressed instructions?
Here is the code:
mv x1, x0
90: 00000093 li ra,0
mv x2, x1
94: 8106 mv sp,ra
mv x3, x1
96: 8186 mv gp,ra
mv x4, x1
98: 8206 mv tp,ra
mv x5, x1
9a: 8286 mv t0,ra
mv x6, x1
9c: 8306 mv t1,ra
and here is what J-Link Commander does:
Note that:
a) the "mv x1, x0" at 0x90 becomes "ADDI ra, t1, 9"
b) for the compact instructions beginning at 0x94, the PC half-steps but continues to display the earlier instruction at 32-bit word alignment
J-Link>r
Reset delay: 0 ms
Reset type Normal: Resets core & peripherals using <ndmreset> bit in <dmcontrol> debug register.
RISC-V: Performing reset via <ndmreset>
J-Link>h
pc = 00000080 sp = 00010000 ra = 000000F6
gp = 00000000 tp = 00000000 fp = 1A110000
t0 = 00000000 t1 = 00000000 t2 = 00000000
t3 = 00000000 t4 = 00000000 t5 = 00000000 t6 = 00000000
a0 = 1A110000 a1 = 00000000 a2 = 00000000 a3 = 0000C000
a4 = 005F5E10 a5 = 0021A326 a6 = 00000000 a7 = 00000000
s1 = 00000000 s2 = 00000000 s3 = 00000000 s4 = 00000000
s5 = 00000000 s6 = 00000000 s7 = 00000000 s8 = 00000000
s9 = 00000000 s10 = 00000138 s11 = 00000138
J-Link>SetPC 0x90
J-Link>h
pc = 00000090 sp = 00010000 ra = 000000F6
gp = 00000000 tp = 00000000 fp = 1A110000
t0 = 00000000 t1 = 00000000 t2 = 00000000
t3 = 00000000 t4 = 00000000 t5 = 00000000 t6 = 00000000
a0 = 1A110000 a1 = 00000000 a2 = 00000000 a3 = 0000C000
a4 = 005F5E10 a5 = 0021A326 a6 = 00000000 a7 = 00000000
s1 = 00000000 s2 = 00000000 s3 = 00000000 s4 = 00000000
s5 = 00000000 s6 = 00000000 s7 = 00000000 s8 = 00000000
s9 = 00000000 s10 = 00000138 s11 = 00000138
J-Link>s
00000090: 93 00 00 00 ADDI ra, t1, 9
Changed regs: pc = 00000094 ra = 00000009
J-Link>s
00000094: 06 81 C.MV sp, ra
Changed regs: pc = 00000096 sp = 00000009
J-Link>s
00000096: 06 81 C.MV sp, ra
Changed regs: pc = 00000098
J-Link>s
00000098: 06 82 C.MV tp, ra
Changed regs: pc = 0000009A tp = 00000009
J-Link>s
0000009A: 06 82 C.MV tp, ra
Changed regs: pc = 0000009C
J-Link>s
0000009C: 06 83 C.MV t1, ra
Changed regs: pc = 0000009E t1 = 00000009
On both problems, I would be happy to provide SEGGER with example code and Arty A7-A35T FPGA bitstream images for them to reproduce the problem.
My target is a RISC-V core (Ibex RV32IMC) with RISC-V debug (pulp riscv-dbg v0.13) on an Arty A7-A35T FPGA board (segger.com/evaluate-our-software/risc-v/digilent-arty/).
It works fine with OpenOCD, but SEGGER has problems with it. J-Link Commander doesn't correctly decode and single-step instructions (and Embedded Studio also trips over itself at the same point).
Testing was done with the latest J-Link release (v6.94). I have demonstration code for both the scenario of just using purely open-source Makefile as well as when using SEGGER Embedded Studio.
Problem 1: Incorrect decode of unconditional jump
Here is a simple unconditional jump in the code image:
80: 0100006f j 90 <reset_handler>
However, J-Link Commander decodes it like this when single-stepping:
J-Link>r
Reset delay: 0 ms
Reset type Normal: Resets core & peripherals using <ndmreset> bit in <dmcontrol> debug register.
RISC-V: Performing reset via <ndmreset>
J-Link>h
pc = 00000080 sp = 00010000 ra = 000000F6
gp = 00000000 tp = 00000000 fp = 00000000
t0 = 00000000 t1 = 00000000 t2 = 00000000
t3 = 00000000 t4 = 00000000 t5 = 00000000 t6 = 00000000
a0 = 00000000 a1 = 00000000 a2 = 00000000 a3 = 0000C000
a4 = 005F5E10 a5 = 0021A326 a6 = 00000000 a7 = 00000000
s1 = 00000000 s2 = 00000000 s3 = 00000000 s4 = 00000000
s5 = 00000000 s6 = 00000000 s7 = 00000000 s8 = 00000000
s9 = 00000000 s10 = 00000138 s11 = 00000138
J-Link>s
00000080: 6F 00 00 01 J 0x000F0086
Changed regs: pc = 000F0086
J-Link>s
000F0086: 00 00 ILLEGAL
Changed regs: pc = 00000000
Unlike J-Link Commander, Embedded Studio correctly decodes the jump instruction in its disassembly window. However, it still causes the PC to branch to the erroneous address (0x000F0086)that J-Link Commander invents.
Problem 2: Inability to decode compressed instructions?
Here is the code:
mv x1, x0
90: 00000093 li ra,0
mv x2, x1
94: 8106 mv sp,ra
mv x3, x1
96: 8186 mv gp,ra
mv x4, x1
98: 8206 mv tp,ra
mv x5, x1
9a: 8286 mv t0,ra
mv x6, x1
9c: 8306 mv t1,ra
and here is what J-Link Commander does:
Note that:
a) the "mv x1, x0" at 0x90 becomes "ADDI ra, t1, 9"
b) for the compact instructions beginning at 0x94, the PC half-steps but continues to display the earlier instruction at 32-bit word alignment
J-Link>r
Reset delay: 0 ms
Reset type Normal: Resets core & peripherals using <ndmreset> bit in <dmcontrol> debug register.
RISC-V: Performing reset via <ndmreset>
J-Link>h
pc = 00000080 sp = 00010000 ra = 000000F6
gp = 00000000 tp = 00000000 fp = 1A110000
t0 = 00000000 t1 = 00000000 t2 = 00000000
t3 = 00000000 t4 = 00000000 t5 = 00000000 t6 = 00000000
a0 = 1A110000 a1 = 00000000 a2 = 00000000 a3 = 0000C000
a4 = 005F5E10 a5 = 0021A326 a6 = 00000000 a7 = 00000000
s1 = 00000000 s2 = 00000000 s3 = 00000000 s4 = 00000000
s5 = 00000000 s6 = 00000000 s7 = 00000000 s8 = 00000000
s9 = 00000000 s10 = 00000138 s11 = 00000138
J-Link>SetPC 0x90
J-Link>h
pc = 00000090 sp = 00010000 ra = 000000F6
gp = 00000000 tp = 00000000 fp = 1A110000
t0 = 00000000 t1 = 00000000 t2 = 00000000
t3 = 00000000 t4 = 00000000 t5 = 00000000 t6 = 00000000
a0 = 1A110000 a1 = 00000000 a2 = 00000000 a3 = 0000C000
a4 = 005F5E10 a5 = 0021A326 a6 = 00000000 a7 = 00000000
s1 = 00000000 s2 = 00000000 s3 = 00000000 s4 = 00000000
s5 = 00000000 s6 = 00000000 s7 = 00000000 s8 = 00000000
s9 = 00000000 s10 = 00000138 s11 = 00000138
J-Link>s
00000090: 93 00 00 00 ADDI ra, t1, 9
Changed regs: pc = 00000094 ra = 00000009
J-Link>s
00000094: 06 81 C.MV sp, ra
Changed regs: pc = 00000096 sp = 00000009
J-Link>s
00000096: 06 81 C.MV sp, ra
Changed regs: pc = 00000098
J-Link>s
00000098: 06 82 C.MV tp, ra
Changed regs: pc = 0000009A tp = 00000009
J-Link>s
0000009A: 06 82 C.MV tp, ra
Changed regs: pc = 0000009C
J-Link>s
0000009C: 06 83 C.MV t1, ra
Changed regs: pc = 0000009E t1 = 00000009
On both problems, I would be happy to provide SEGGER with example code and Arty A7-A35T FPGA bitstream images for them to reproduce the problem.