rv8 is a RISC-V simulation suite comprising a high performance x86-64 binary translator, a user mode simulator, a full system emulator, an ELF binary analysis tool and ISA metadata:

  • rv-jit – user mode x86-64 binary translator
  • rv-sim – user mode system call proxy simulator
  • rv-sys – full system emulator with soft MMU
  • rv-bin – ELF disassembler and histogram tool
  • rv-meta – code and documentation generator

The rv8 simulator suite contains libraries and command line tools for creating instruction opcode maps, C headers and source containing instruction set metadata, instruction decoders, a JIT assembler, LaTeX documentation, a metadata based RISC-V disassembler, a histogram tool for generating statistics on RISC-V ELF executables, a RISC-V proxy syscall simulator, a RISC-V full system emulator that implements the RISC-V 1.9.1 privileged specification and an x86-64 binary translator.

rv8 binary translation

RISC-V to x86-64 binary translator

The rv8 binary translation engine works by interpreting code while profiling it for hot paths. Hot paths are translated on the fly to native code. The translation engine maintains a call stack to allow runtime inlining of hot functions. A jump target cache is used to accelerate returns and indirect calls through function pointers. The translator supports hybrid binary translation and interpretation to handle instructions that do not have native translations. Currently ‘IM’ code is translated and ‘AFD’ is interpreted. The translator supports RVC compressed code.

The rv8 binary translator supports a number of simple optimisations:

  • Hybrid interpretation and compilation of hot code paths
  • Incremental translation with dynamic trace linking
  • Inline caching of function calls in hot code paths
  • L1 jump target cache for indirect calls and returns
  • Macro-op fusion for common RISC-V instruction sequences

RISC-V full system emulator

The rv8 suite includes a full system emulator that implements the RISC-V privileged ISA with support for interrupts, MMIO (memory mapped input output) devices, a soft MMU (memory management unit) with separate instruction and data TLBs (translation lookaside buffers). The full system emulator has a simple integrated debugger that allows setting breakpoints, single stepping and disassembling instructions as they are executed.

The rv8 full system emulator has the following features:

  • RISC-V IMAFD Base plus Privileged ISA (riscv32 and riscv64)
  • Simple integrated debug command line interface
  • Histograms (registers, instruction and program counter frequency)
  • Soft MMU supporting sv32, sv39, sv48 page translation modes
  • Abstract MMIO device interface for device emulation
  • Extensible interpreter generated from ISA metadata
  • Protected address space

RISC-V user mode simulator

The rv8 user mode simulator is a single address space implementation of the RISC-V ISA that implements a subset of the RISC-V Linux syscall ABI (application binary interface) and delegates system calls to the underlying native host operating system. The user mode simulator can run RISC-V Linux binaries on non-Linux operating systems via system call emulation. The current user mode simulator implements a small number of system calls to allow running RISC-V Linux ELF static binaries.

The rv8 user mode simulator has the following features:

  • RISC-V IMAFD Base ISA (riscv32 and riscv64)
  • Simple integrated debug command line interface
  • A small set of emulated Linux system calls for simple file IO
  • Extensible interpreter generated from ISA metadata
  • Instruction logging mode for tracing program execution
  • Shared address space
    • 0x000000000000 - 0x000000000fff (zero)
    • 0x000000001000 - 0x7ffdffffffff (guest)
    • 0x7ffe00000000 - 0x7fffffffffff (host)

Project Goals

The future goals of the rv8 project are:

  • Concise metadata representing the RISC-V ISA
  • Tools for metadata-based generation of source and documentation
  • High performance emulation, sandboxing and binary translation
  • RISC-V-(n) → RISC-V-(n+1)
  • RISC-V-(n) → Intel i7 / AMD64 + AVX-512
  • RISC-V Linux ABI emulation on MacOS, Windows, Linux and *BSD
  • RISC-V Linux ABI randomisation and entropy coding
  • RISC-V Specification undefined behaviour investigation
  • RISC-V Virtualization and memory protection investigation

Supported Platforms

  • Target
    • RV32IMAFDC
    • RV64IMAFDC
    • Privilged ISA 1.9.1
  • Host
    • Linux (Debian 9.0 x86-64, Ubuntu 16.04 x86-64, Fedora 25 x86-64) (stable)
    • macOS (Sierra 10.11 x86-64) (stable)
    • FreeBSD (11 x86-64) (alpha)

 

You can download rv8 here