GDB server stub

This is a GDB server stub written in SystemVerilog (and a bit of DPI-C). It is primarily designed for RISC-V standard processors, but it can be modified to connect to other processor families.

Advantages:

• can be used on RTL CPU without explicit debug functionality,

• real time debugging, no simulation time is consumed by the debugger (useful for bitbanging and real time interrupts),

• read/write access to registers and memories using direct references,

• hardware breakpoints/watchpoints.

Disadvantages/limitations:

• non synthesizable,

• writing to registers/memory can have unpredictable effects (seriously),

• RTL modifications are still needed to be able to change the SW execution flow (jump, …​),

• lack of system bus access, since it would consume simulation time,

• access by reference results in multiple drivers to memory/register file arrays, necessitating the use of always instead of always_ff to implement them, this results in missing simulator optimizations and subsequently slower simulations.

Terminology

Table 1. Terminology

acronym	definition
GRP	General Purpose Registers (register file)
PC	Program Counter
FPR	Floating-Point Registers (register file)
CSR	Configuration Status Registers
HDL	Hardware Description Language
RTL	Register-transfer level
ROM	Read-only memory
RAM	Random-access memory

Integration

The GDB server stub is connected to SoC signals:

• following the system clock and driving the reset,

• monitoring CPU IFU/LSU interfaces to trigger breakpoints/watchpoints (can also be used to detect illegal instruction execution),

• register files (GPR/FPR) and individual registers (PC/CSR) inside the CPU should be connected using bidirectional hierarchical path names,

• memory arrays inside memory modules should be connected using bidirectional hierarchical path names.

The connection to a GDB/LLDB client uses a Unix or TCP server socket.

Figure 1. Integration with a CPU block diagram

Parameters

https://sourceware.org/gdb/current/onlinedocs/gdb.html/Memory-Map-Format.html

https://sourceware.org/gdb/current/onlinedocs/gdb.html/Target-Descriptions.html#Target-Descriptions

https://sourceware.org/gdb/current/onlinedocs/gdb.html/General-Query-Packets.html#General-Query-Packets

Ports

Implementation details

The implementation is a mix of DPI-C and pure SystemVerilog code. The DPI-C code implements minimal socket functionality, while SystemVerilog implements packet parsing, responses and integration with the CPU.

DPI-C

The DPI-C implements socket functionality missing from the SystemVerilog language.

• opening/closing of Unix server sockets, (TODO: TCP sockets)

• blocking/non-blocking rend/receive access to sockets.

Note

While it would be partially possible to use a Linux character device model and existing SystemVerilog file IO functionality to implement communication with GDB, SystemVerilog only provides blocking fread/fgetc functions. Non-blocking read functionality is essential for implementing the GCC continue command, where the HDL simulation is running and consuming simulation time, while periodically (every clock cycle) checking for GDB commands.

SystemVerilog packet parsing

Development

TODO (simple):

• add support for more packets (q* queries, v*, …​),

• query for capabilities,

• advanced mode,

• mode without acknowledge,

• expand support for additional formats of partially supported packets,

• write regression tests (simple but a lot of work),

• integration with GUI tools,

• support for TCP sockets,

• support for handling illegal instructions,

• backtracing,

• support for binary memory access packets (x/X), but this is not really necessary,

• workarounds for Verilator issues,

• LLDB support,

• support for pausing the simulation ($stop()), to be able to see waveforms, also enabling/disabling waveform dumping,

• …​

TODO (difficult):

• understand packet patterns used by GDB,

• what state the system should start in (reset/running/breakpoint/…​)?,

• inserting/removing breakpoints/watchpoints and relation to step/continue,

• software breakpoints inserting/removing is done with z/Z packets or m/M (memory access),

• I/C (32/16 bit EBREAK instruction) breakpoints.

• check whether there are race conditions to fix,

• the code currently only runs in Questa, try to port to other simulators,

• generalize access to more than one memory, and additional registers (CSR) (full generalization requires the SystemVerilog simulator to support the alias keyword),

• …​

References

Additional maintenance commands can be found here (useful for RESET functionality?):

https://sourceware.org/gdb/current/onlinedocs/gdb.html/Maintenance-Commands.html

https://medium.com/@tatsuo.nomura/implement-gdb-remote-debug-protocol-stub-from-scratch-2-5e3025f0e987

Various stub implementations

• GDBWave

• Zephyr RTOS gdbstub

• OpenOCD gdb_server

• RISC-V based Virtual Prototype (VP) gdb-mc

• Qemu gdbstub

• gdbstub

DPI:

https://verificationacademy.com/forums/t/how-to-pass-time-in-systemverilog-while-waiting-for-data-on-a-socket-in-dpi/37817/2

Questa GCC issue: https://www.reddit.com/r/FPGA/comments/nfkuq6/modelsim_fatal_vsim3828_could_not_link_vsim_auto/

Socket

Linux socket send and recv.

Non-blocking: https://stackoverflow.com/questions/20588002/nonblocking-get-character

https://www.consulting.amiq.com/2020/08/14/non-blocking-socket-communication-in-systemverilog-using-dpi-c/

SV socket DPI: https://github.com/witchard/sock.sv https://github.com/xver/Shunt

This links are CPU intensive:

• https://www.geeksforgeeks.org/tcp-server-client-implementation-in-c/

• https://www.geeksforgeeks.org/computer-networks/simple-client-server-application-in-c/

Connecting to Python:

• https://www.consulting.amiq.com/2019/03/22/how-to-connect-systemverilog-with-python/

• https://github.com/xver/Shunt

• https://github.com/witchard/sock.sv

Talk about adding socket support to SystemVerilog

https://www.accellera.org/images/eda/sv-ec/0074.html