One of the great benefits of working with simulation (RTL, SystemC, or any Virtual Platform) is the ability to provide non-intrusive interactive software debugging. Interactive software debugging provides the control and data access needed to inspect the state of the hardware and software in a running system. Because everything is simulated, it is easy to read and write memory without any actual simulation. This is in contrast to working with hardware. With hardware there is usually no way to peek into memory without stopping the CPU and performing instructions to read memory or use JTAG sequences to insert instructions into the CPU pipeline to access memory. In summary, working with real hardware results in an intrusive debugging environment where debugging results in extra system activity that would not be there if debugging were not being done. In the simulated world, debugging activity can be non-intrusive because the simulation can be stopped and a debugging tool can directly inspect the values in memory without any simulation occurring.
One thing that should be obvious, but should be reviewed, is that software debugging is memory intensive, mostly memory read intensive. The primary operation performed by a software debugger is reading memory and CPU registers. Scrolling the debugger’s memory window or source code window requires large quantities of memory data. It's also important to review that there are two kinds of memory accesses that occur:
- Memory reads and writes that result from the software program running on the CPU; loads and stores in the program being executed (labeled with 2 in the diagram below)
- Memory reads and writes that are caused by the debugger inspecting or changing the system (labeled with 1 in the diagram below)
Software debuggers read both CPU registers and memory data to display the current context of the software. Many debugger commands require access to memory to display useful information. The debugger can even change the program or data values to change software and system behavior.
In an RTL simulation environment tools can use backdoor accesses to memory for debug reads and writes, but the memory map of the design must be specified or declared somehow. Different tools have different ways to do it, but generally the flow consists of specifying a range of addresses as seen by the software running on the CPU (a memory map) and linking this set of addresses to the memory models in the design.
name TBplatform.uPlatform.uProcSubSys.uIRAM.addr 0x40010000
With SystemC TLM-2.0 provisions were made for separating debug accesses from regular memory accesses. The debug transport interface can be used to provide backdoor memory reads and writes to be done with no simulation. Or as the TLM-2.0 specification says, "the debug interface is for debug access free of the delays or side-effects associated with regular transactions".
To date, it has been my general assumption that non-intrusive debugging is best and intrusive debugging is usually better than nothing, but less desirable. Recently, I heard an engineer explain that he preferred intrusive debugging, even in a simulation environment. I'm not sure why running simulation with bus traffic to satisfy debug memory reads and writes would be better, but I agree that if backdoor accesses cannot be used then running simulation is a must to retrieve the memory data. To me this would be a last resort if the memory map is too complex to describe. Furthermore, this engineer made a case for intrusive debugging because it makes sure the design doesn't use any techniques that have strange side-effects such as register bits that automatically clear after the register is read (although stumbling upon such a register during debugging is probably not a good idea either).
In conclusion, the best solution seems to be one that allows backdoor accesses for non-intrusive debugging (like TLM-2.0 does), but still allows the use of simulation cycles to run bus transactions in cases where backdoor access is not practical or is not implemented. Any comments on intrusive vs. non-intrusive debugging are welcome.
As I pondered this topic it occurred to me that the only reason such a discussion exists is because there is no single debugging tool that understands the hardware AND software. For example, SimVision understands very well a hardware design running in the Incisive Simulator and can display all hardware values (and memory contents) automatically. A software debugger like gdb knows very well how to display the information about the software as long as it can access register and memory values. You can probably guess that for engineers working across the hardware/software boundary a single debugger that understands both the hardware and software would be an ideal solution compared to trying to operate a hardware debugger and a software debugger, both of which have the ability to start and stop execution. Stay tuned for more information on this topic.
This discussion doesn't cover the other type of debugging, tracing. There are really two ways to debug, interactive and tracing. Tracing can range from something as simple as printf() statements to something more complex like dedicated hardware used to capture instruction traces from a CPU, but tracing vs. interactive debugging is a a topic for another time. Another topic not covered today is using backdoor accesses to run faster by not simulating transactions generated by the software running on the CPU. Again, SystemC TLM-2.0 provides an example with the direct memory interface (DMI), but this is also a good topic for the future. If you cannot wait for future posts you can find additional information in my (somewhat outdated, but still relevant) book, Co-Verification of Hardware and Software for ARM SoC Design.
Good luck with all your debugging.