Supporting RISC-V Vendor Extensions in the GNU Toolchain

[Palmer Dabbelt]

On Fri, 13 May 2022 03:37:22 PDT (-0700), philipp.tomsich@vrull.eu wrote:
> On Fri, 13 May 2022 at 12:00, Christoph Müllner <cmuellner@gcc.gnu.org> wrote:
>>
>> On Wed, May 11, 2022 at 2:02 AM Palmer Dabbelt <palmer@dabbelt.com> wrote:
>> >
>> > [Sorry for cross-posting to a bunch of lists, I figured it'd be best to
>> > have all the discussions in one thread.]
>> >
>> > We currently only support what is defined by official RISC-V
>> > specifications in the various GNU toolchain projects.  There's certainly
>> > some grey areas there, but in general that means not taking code that
>> > relies on drafts or vendor defined extensions, even if that would result
>> > in higher performance or more featured systems for users.
>> >
>> > The original goal of these policies were to steer RISC-V implementers
>> > towards a common set of specifications, but over the last year or so
>> > it's become abundantly clear that this is causing more harm that good.
>> > All extant RISC-V systems rely on behaviors defined outside the official
>> > specifications, and while that's technically always been the case we've
>> > gotten to the point where trying to ignore that fact is impacting real
>> > users on real systems.  There's been consistent feedback from users that
>> > we're not meeting their needs, which can clearly be seen in the many out
>> > of tree patch sets in common use.
>> >
>> > There's been a handful of discussions about this, but we've yet to have
>> > a proper discussion on the mailing lists.  From the various discussions
>> > I've had it seems that folks are broadly in favor of supporting vendor
>> > extensions, but the devil's always in the details with this sort of
>> > thing so I thought it'd be best to write something up so we can have a
>> > concrete discussion.
>> >
>> > The idea is to start taking code that depends on vendor-defined behavior
>> > into the core GNU toolchain ports, as long as it meets the following
>> > criteria:
>> >
>> > * An ISA manual is available that can be redistributed/archived, defines
>> >   the behaviors in question as one or more vendor-specific extensions,
>> >   and is clearly versioned.  The RISC-V foundation is setting various
>> >   guidelines around how vendor-defined extensions and instructions
>> >   should be named, we strongly suggest that vendors follow those
>> >   conventions whenever possible (this is all new, though, so exactly
>> >   what's necessary from vendor specifications will likely evolve as we
>> >   learn).
>> > * There is a substantial user base that depends on the behavior in
>> >   question, which probably means there is hardware in the wild that
>> >   implements the extensions and users that require those extensions in
>> >   order for that hardware to be useful for common applications.  This is
>> >   always going to be a grey area, but it's essentially the same spot
>> >   everyone else is in.
>
> I must take exception to the "There is a substantial user base" rule,
> as this conflicts with the goal of avoiding fragmentation: the support
> for vendor-defined extensions should ideally have landed in an
> upstream release before the silicon is widely released.  This would
> see these extensions being sent upstream significantly before
> widespread sampling (and sometimes around the time of the announcement
> of a device on the roadmap).  Simply put: I want everyone defining
> vendor extensions to contribute to our mainline development efforts
> instead of extending their own ancient forks.
>
> I suspect that this rule is intended to ensure that experimental,
> purely academic, or "closed" (as in: even if you have the silicon, it
> will be so deeply embedded that no one can run their own software —
> e.g. radio baseband controllers) extensions don't make the maintenance
> work harder.  If that is the case: could we use wording such as (a
> native speaker might wordsmith something more accurate) "accessible to
> run user-developed software" and "intended for a wider audience"?

I agree "substantial user base that depends on the behavior" is a bit 
heavy-handed, as it essentially requires that the upstream software 
shows up late enough that it's a headache for at least some users.  
We've tried a bunch of times to come up with some sort of wording around 
what it means to have hardware and everything's been full of holes, 
which is why the language never gets written down.

I'm not personally all that worried about the experimental/academic 
hardware as there's good precedent for pushing back on that.  I'm also 
not worried about embedded stuff: sure it's wacky, but a lot of vendors 
end up doing the same things in subtly different ways so there'll be a 
bunch of shared code.  Plus, these vendors tend to err on the side of 
secrecy anyway so I doubt it'll be a problem.  I am worried about bad 
actors leveraging any policy to make a bunch of noise, as that's a 
pretty persistent problem in RISC-V land and it looks like things are 
going to get worse before they get better.  You can't really fake having 
users, though, and in the end the whole point of the toolchain is to 
make something useful for those users.

So I think I arrived at describing this in terms of a user base because 
ultimately users is all I really care about.  From talking to folks I 
think that's a pretty common opinion, but someone else might have a more 
nuanced way to state it so probably best to let others chime in here.

>> > * There is a mechanism for testing the code in question without direct
>> >   access to hardware, which in practice means a QEMU port (or whatever
>> >   simulator is relevant in the space and that folks use for testing) or
>> >   some community commitment to long-term availability of the hardware
>> >   for testing (something like the GCC compile farm, for example).
>> > * It is possible to produce binaries that are compatible with all
>> >   upstream vendors' implementations.  That means we'll need mechanisms
>> >   to allow extensions from multiple vendors to be linked together and
>> >   then probed at runtime.  That's not to say that all binaries will be
>> >   compatible, as users are always free to skip the compatibility code
>> >   and there will be conflicting definitions of instruction encodings,
>> >   but we can at least provide users with the option of compatibility.
>
> We today have:
> - Tag_RISCV_arch (see
> https://github.com/riscv-non-isa/riscv-elf-psabi-doc/blob/master/riscv-elf.adoc#tag_riscv_arch-5-ntbssubarch)
> - ifunc support
>
> Admittedly, there's some loose ends in the end-to-end story (e.g.
> Unified Discovery -> DTB -> glibc ifunc initialisation): we know just
> too well how this plays out as there are optimised string/memory
> functions (Zbb, Zicboz, cache-block-length, …) in our pipeline as well
> as OpenSSL support for Zbb and Zbc.  However, this is a known gap and
> will be fully addressed in the future.
>
> Is there something specific beyond this that you'd be looking for?

I might be forgetting something, but at least:

* Tag_RISCV_arch attributes are really fundamentally based around 
  compatible extension sets and just don't work when faced with the 
  realities of what RISC-V is today -- that's true even for standard 
  extensions, but it's going to be way worse with vendor extensions.
* Some scheme that allows relocations from multiple vendors to be linked 
  together.  There's been some proposals here, but nothing that the 
  psABI folks seem to like (and also might not play well with dynamic 
  relocations).
* There's a lot between device tree and ifunc (not to mention ACPI).  
  Kito had a proposal for how to get this up to userspace, there's an 
  earlier version from Plumbers last year but there's a lot of work that 
  needs to be done to turn that into reality.
* Some use cases won't be met by ifunc, there's a whole lot of 
  techniques available and we at least want to allow those to function.  
  In the long run binary compatibility is going to be a losing battle, 
  but we can at least try to keep things sane so the folks in charge at 
  the foundation have a chance to understand what a hole we're in with 
  enough time left to fix it.

I know it's a lot more work to give users the option of compatibility, 
but once that's gone it'll never come back so I'm willing to at least 
try -- though of course that'll put a burden on everyone, even those 
outside the RISC-V ports, so everyone needs to be on board.

> Thanks,
> Philipp.
>
>> >
>> > These are pretty loosely written on purpose, both because this is all
>> > new and because each project has its own set of contribution
>> > requirements so it's going to be all but impossible to have a single
>> > concrete set of rules that applies everywhere -- that's nothing specific
>> > to the vendor extensions (or even RISC-V), it's just life.  Specifically
>> > a major goal here is to balance the needs of users, both in the short
>> > term (ie, getting new hardware to work) and the long term (ie, the long
>> > term stability of their software).  We're not talking about taking code
>> > that can't be tested, hasn't been reviewed, isn't going to be supported
>> > long-term, or doesn't have a stable ABI; just dropping the specific
>> > requirement that a specification must be furnished by the RISC-V
>> > foundation in order to accept code.
>> >
>> > Nothing is decided yet, so happy to hear any thought folks have.  This
>> > is certainly a very different development methodology than what we've
>> > done in the past and isn't something that should be entreated into
>> > lightly, so any comments are welcome.
>>
>> I'd like to add two points to this topic and raise two questions.
>>
>> 1) Accepting vendor extensions = avoidance of fragmentation
>>
>> RISC-V implementors are actively encouraged to implement their
>> own ISA extensions. To avoid fragmentation in the SW ecosystem
>> (every vendor maintains a fork of tools, distros and binaries) there
>> needs to be a principle acceptance to get vendor extension support
>> upstream.

I'd actually argue that accepting vendor extensions upstream will 
massively increase fragmentation.  We've already got a huge problem with 
fragmentation as it stands, but only allowing standard extensions in 
upstream software provides an incentive to work with other vendors on 
the standards.  Accepting vendor extensions essentially changes the 
incentive to just ship first.  That's a well understood way to do things 
in HW land, but it's bad for everyone in the long run.

I've personally been in favor of supporting vendor extensions for quite 
a while now so the folks who have stuck to that for longer might have 
other reasons, but pushing vendors towards common specs was the main 
reason I was in favor of this policy when we first set it.  Maybe other 
folks can share what changed their minds, though.

>> 2) Leading upstream maintainers already agreed on supporting vendor-extensions
>>
>> We have discussed the topic of vendor extensions in many forums last year.
>> This topic was also part of the discussions at the Linux Plumbers conference.
>> Further, there exists a place for documenting toolchain conventions of
>> the RISC-V
>> ecosystem ([1]), which everyone in the RISC-V ecosystem is aware about.
>>
>> As a result of the discussions last year, a PR ([2]) has been crafted to clarify
>> the rules for upstreaming vendor extension support. These RISC-V
>> toolchain conventions recently added a section for vendor extensions
>> which covers important aspects like:
>>
>> * naming schemes
>> * assembly mnemonic prefixes
>> * links to the documentation and version information
>>
>> The PR even includes an explicit rule to clarify that maintainers decide on
>> upstream inclusion:
>> """
>> Open source toolchain maintainer has final say on accepting vendor extension,
>> comply with this conventions isn't guarantee upstream will accept.
>> """

I'm pretty sure that was added specifically as part of some discussions 
around this topic, with the hope of making it clear that these policies 
are decided upstream.  That clearly didn't get the message across, 
though, but we'd need to have this discussion either way so it doesn't 
really matter that much.

And IMO it's way better to have a discussion regarding what we're going 
to accept upstream ahead of time rather than just piecemeal as patches 
go by, that way contributors to at least have an idea of what to expect.

>> A lot of people (maintainers and active developers) were notified
>> (including you)
>> and many also actively contributed to the PR. In the end there was an agreement
>> of how to document vendor extensions (as a requirement for upstreaming).
>>
>> I believe that your set of rules is compatible with what is specified there.

I didn't comment on the PR in question because it's talking about naming 
requirements for vendor extensions/instructions and I don't care about 
those at all.  Luckily some of the other toolchain folks do and have put 
together those guidelines, that's specifically called out here as what 
should be used.  That said, there's a lot more to accepting vendor 
extensions than a naming scheme for them.

>> Note however, that you could have mentioned them during the PRs review
>> process as you were notified when the PR was created.

We've talked about this many times and my position has been consistent: 
decisions happen in the relevant forum, which for most open source 
projects means the project's mailing list -- we're even generally pretty 
careful to make sure things like conferences/IRC get reflected to the 
mailing lists, as not everyone can participate real-time.  Certainly 
these decisions are not made at the RISC-V foundation.

I get you guys don't listen to me, that's fine, but just pretending 
that these discussions never happened is pretty silly.

>> My questions are now the following:
>>
>> * Where to document the requirements?
>>
>>   Most RISC-V upstream maintainers are accepting the riscv-toolchains-convention
>>   repository. Where if not there should we document requirements for the tool's
>>   conventions?  Why not accept what has already been agreed upon?

Each project generally has its own documentation, that varies from 
project to project but is frequently somewhere like doc/.  There are 
generally guidelines/requirements for contributions, that seems like a 
reasonable place to put this sort of thing to me.

>> * Where to track the status?
>>
>>   You mentioned testing requirements (e.g. QEMU support).
>>   I've created a wiki page to show the adoption status of all the
>> RISC-V extensions ([3])
>>   last year. As the chair of the Toolchains SIG, I'm willing to create
>> and maintain one for
>>   vendor extensions as well. This allows users to see which projects
>> support which
>>   extensions upstream. However, a wiki is a joint effort. So
>> maintainers that merge
>>   changes upstream need to update the page. Will you support this?
>>   If not what is your proposal to track the status of the upstream
>> extension support?

Again that's really going to depend on the project, but there's 
generally documentation of features somewhere like doc/ and high-level 
new features are called out in the release notes: historically some sort 
of NEWS file, but these days a lot of projects have another way of doing 
things.  We also have patch descriptions and such.  To answer a question 
like "does QEMU support Xvendorextension" I'd just read the code as 
that's always both precise and accurate.

There are certainly lots of downstream collections of information about 
various aspects of these projects and if you want to keep some on the 
RISC-V wiki then that's fine with me.  Happy to try and do a better job 
on release notes and such, particularly if you've got specific issues 
with them, but everyone else seems to get along tracking things that way 
so I don't see any reason to do anything special for RISC-V.

>>
>> BR
>> Christoph
>>
>> [1] https://github.com/riscv-non-isa/riscv-toolchain-conventions#conventions-for-vendor-extension
>> [2] https://github.com/riscv-non-isa/riscv-toolchain-conventions/pull/17
>> [3] https://wiki.riscv.org/display/HOME/RISC-V+extension+and+feature+support+in+the+Open+Source+SW+Ecosystem