There are many systems in which monitoring of write transactions is desirable. For example, it is common to require more-privileged software to be able to monitor the actions of less-privileged software. Similarly, there may be situations where it is desirable for software executing under the control of a secure operating system or kernel to monitor write accesses of software executing under the control of a non-secure operating system or kernel. Furthermore, in multiprocessor systems, it may be desirable for one processor to monitor the write transactions issued by another bus master, for example, a processor or a Direct Memory Access (DMA) engine.
It is known in processor systems to provide Memory Protection Units (MPUs) and Memory Management Units (MMUs), which manage memory by disallowing access to certain memory regions by particular program applications. However, it is desirable to be able to provide more flexible and finely-tuned monitoring of data access operations rather than the known blanket-prevention of access performed by an MPU.
It is also known to perform speculative execution of program instructions where a processor is able to execute program instructions out of program order. In speculative execution subsequent program instructions are executed on the assumption that a condition associated with a preceding pending instruction is true. For example, whilst waiting for a given write instruction to complete, the processor is permitted to continue to process subsequent instructions on the assumption that the write instruction will in fact complete. However, the speculatively executed instructions in, for example, a pipelined data processing system cannot complete/retire from the pipeline until the instruction upon which the speculative assumption was based has itself completed. The processor in these speculative execution systems requires the capability to rewind to a previous (stored) state in the event that the write instruction does not in fact complete.
In known data processing systems having a bus, a write transaction issued onto the bus (as a result of execution of a corresponding write instruction by the processor) can have two possible outcomes i.e. the transaction can complete or fail, but may stall before proceeding to one of these outcomes. A failed bus transaction is likely to be catastrophic in terms of allowing system recovery because -the write data associated with the failed bus transaction will typically be abandoned by the bus fabric and lost, which means that the transaction cannot be subsequently reissued without the processor reissuing and re-executing the instruction that gave rise to the write transaction. Furthermore, failed bus transactions are likely to cause the bus to block, giving rise to processing inefficiencies. When monitoring write transactions on the bus and performing any required transaction authorisation it is desirable to be able to re-issue any transactions whose authorisation is successful without having to re-execute the corresponding write instruction.
However, in known systems where a write transaction gives rise to an exception, the exception behaviour is likely to be “imprecise”, which means that the write transaction that gave rise to the exception cannot subsequently be reissued because as far as the processor is concerned, execution of the write instruction corresponding to the transaction has already completed, so the final destination write address remains available and the associated write data is lost when such an imprecise exception occurs. So-called “precise” exception behaviour means that the associated write data is not lost and hence the write transaction can be reissued by the bus fabric so that the write to the final destination address can be performed without having to reissue and re-execute the corresponding write instruction.
One known approach to making write aborts have precise exception behaviour is to mark regions of memory as non-cacheable and strongly ordered. In such strongly-ordered systems the processor cannot make forward progress until, for example, a peripheral responds to the processor signalling that it has accepted a current write transaction. This has clear disadvantages in terms of efficiency, since one transaction must complete before a next transaction is serviced and one write instruction must complete before a subsequent write instruction is executed. Thus any transaction to be monitored inevitably causes stalling of forward progress of computations.
Currently known systems in which a more privileged operating system (e.g. secure operating system) is required to monitor write accesses (i.e. instructions and corresponding bus transactions) of a less privileged operating system (e.g. non-secure operating system) are required to vector all write accesses that the system wishes to monitor through the secure operating system in order to vet the write accesses. These known systems have a disadvantage in that they require changes to the less-privileged operating system to introduce a mechanism to invoke the more privileged operating system before data associated with the given write transaction is written to the required location. A processor often has an MMU or an MPU to enable a the more-privileged operating system to ensure that the region of memory requiring protection is marked as non-secure and read only.
Thus there is a requirement for a data processing system that has a mechanism for performing authorisation of write transactions such that precise aborts rather than imprecise aborts are associated with the authorised write transactions. There is also a requirement for a system that is capable of implementing monitoring of write transactions in a way that has reduced complexity and is less intrusive to forward progress of data processing operations.
In the present application, the term “bus” is taken to mean a collection of one or more conductors. A bus can be a one-to-one connection, a one-to-many connection, a many-to-one connection, or a many-to-many connection. A bus may or may not connect devices via interconnect circuitry.