2

I’m new for spike and RISC V. I’m trying to do some dynamic instruction trace with spike. These instructions are from a sample.c file. I have tried the following commands:

$ riscv64-unknown-elf-gcc simple.c -g -o simple.out
$ riscv64-unknown-elf-objdump -d --line-numbers -S simple.out

But these commands display the assembled instructions in an out file, which is not I want. I need to trace the dynamic executed instruction in runtime. I find only two relative commands in spike host option:

  • -g - track histogram of PCs

  • -l - generate a log of execution

I’m not sure if the result is what I expected as above. Does anyone have an idea how to do the dynamic instruction trace in spike? Thanks a lot!

maxschlepzig
  • 35,645
  • 14
  • 145
  • 182
Rosyphoton
  • 23
  • 3

1 Answers1

2

Yes, you can call spike with -l to get a trace of all executed instructions.

Example:

$ spike -l --isa=RV64gc ~/riscv/pk/riscv64-unknown-elf/bin/pk ./hello 2> ins.log

Note that this trace also contains all instructions executed by the proxy-kernel - rather than just the trace of your user program.

The trace can still be useful, e.g. you can search for the start address of your code (i.e. look it up in the objdump output) and consume the trace from there.

Also, when your program invokes a syscall you see something like this in the trace:

[.. inside your program ..]
core   0: 0x0000000000010088 (0x00000073) ecall
core   0: exception trap_user_ecall, epc 0x0000000000010088
core   0: 0x0000000080001938 (0x14011173) csrrw   sp, sscratch, sp
[.. inside the pk ..]
sret
[.. inside your program ..]

That means you can skip to the sycall instruction (that are executed in the pk) by searching for the next sret.

Alternatively, you can call spike with -d to enter debug mode. Then you can set a breakpoint on the first instruction of interest in your program (until pc 0 YOURADDRESS - look up the address in the objdump output) and single step from there (by hitting return multiple times). See also the help screen by entering h at the spike prompt.

maxschlepzig
  • 35,645
  • 14
  • 145
  • 182
  • Thanks for your answer. That is exactly what I need! But I still have some questions about the trace instructions. I did see "ecall" and "sret" in the trace and I found the corresponding relation between them. However, there are also some "sret" corresponding to "exception trap_instruction_page_fault, ...". Are those instructions between them the instructions executed in the pk? – Rosyphoton Mar 23 '20 at 14:12
  • @Rosyphoton Your program is executed in user-mode while the pk is executed in supervisor mode. If you see a `sret` instruction this means return-from-supervisor-mode. That means the instructions preceding `sret` (until a trap) belong to the pk. A page fault is just another example how a switch from user to supervisor mode (i.e. switch from user to kernel space) is invoked. In the answer you see the trap is caused by `ecall`. – maxschlepzig Mar 23 '20 at 18:39