libriscv is a simple, slim and complete RISC-V userspace emulator library that is highly embeddable and configurable. It is a specialty emulator that specializes in low-latency, low-footprint emulation. libriscv may be the only one of its kind. Where other solutions routinely require ~50-100ns to enter the virtual machine and return, libriscv requires 3ns. libriscv is also routinely faster than other interpreters. libriscv has specialized APIs that make passing data in and out of the sandbox safe and low-latency.
There is also a CLI that you can use to run RISC-V programs and step through instructions one by one, like a simulator, or to connect with GDB in order to remotely live-debug programs. A Cosmopolitan build can be downloaded here.
For discussions & help, visit Discord.
libriscv is an ultra-low latency emulator, designed specifically to have very low overheads when sandboxing certain programs, such as game scripts. All the listed goals reflect current implementation.
Goals:
- Lowest possible latency
- Calling a guest VM function can finish an order of magnitude before other emulators begin executing the first instruction
- Modern, type-safe VM call and system call interfaces
- The safe interfaces prevents all kinds of footguns that the author has personally suffered, and consequently blocked off forever :-)
- Secure speculation-safe sandbox
- Low attack surface, only 20k LOC
- Platform-independent and super-easy to embed
- Supports platforms with C++20 or later support (GCC/Clang with C++17 or later)
- Just-in-time compilation for development usage
- libtcc can used to instantly improve emulation of RISC-V programs on Linux systems
- High-performance binary translation on end-user systems through DLLs (eg. Windows)
- Cross-compile RISC-V programs to a binary translated .dll executable in libriscv on end-user systems (where shared libraries are allowed)
- Maximum final-build performance on all platforms, including Consoles, Mobiles, production systems
- Supports embeddable high-performance binary translations that can be baked into final builds (eg. where shared libraries are not allowed, or static builds are preferred)
- Tiny memory footprint
- Less than 40kB total memory usage for fibonacci program
- High scalability with special fork support and shared memories
- Serve requests using ephemeral VMs in ~1us in production (not microbenchmark/slideware)
- Execute segments are automatically shared among all instances (with or without forking)
- Dynamic linking and run-time dlopen() support
Non goals:
- Wide support for Linux system calls
- Proxying system calls
- Higher performance at the cost of call latency
STREAM benchmark CoreMark: 35475 vs 41382 native (~86%).
Run D00M 1 in libriscv and see for yourself. It should use around 8% CPU at 60 fps.
Benchmark between binary translated libriscv vs LuaJIT, interpreted libriscv vs LuaJIT and also interpreted libriscv vs Luau. Most benchmarks are hand-picked for the purposes of game engine scripting, but there are still some classic benchmarks.
Register vs stack machines (interpreted)
RISC-V is a register machine architecture, which makes it very easy to reach good interpreter performance without needing a register allocator.
We can see that libriscv in interpreter mode is substantially faster than wasm3, also an interpreter.
libriscv can call the above function 5.25-7.25 times before wasmtime has called it once. libriscv beats all established emulators for short-running functions due to its substantially lower latency.
See the example project for directly embedding libriscv using CMake. You can also use libriscv as a packaged artifact, through the package example, although you will need to install the package first.
On Windows you can use Clang-cl in Visual Studio. See the example CMake project. It requires Clang and Git installed.
docker build . -t libriscv
docker run -v $PWD/binaries:/app/binaries --rm -i -t libriscv binaries/<binary>A fib(256000000) program for testing is built automatically. You can test-run it like so:
docker run -v $PWD/binaries:/app/binaries --rm -i -t libriscv fibYou can enter the docker container instead of using it from the outside. A 64-bit RISC-V compiler is installed in the container, and it can be used to build RISC-V programs.
docker run -v $PWD/binaries:/app/binaries --entrypoint='' -i -t libriscv /bin/bashInside the container you have access to rvlinux, and the compilers riscv64-linux-gnu-gcc-13 and riscv64-linux-gnu-g++-13. There is also rvlinux-fast which uses binary translation to make emulation a lot faster, but needs time to compile beforehand.
On Ubuntu and Linux distributions like it, you can install a 64-bit RISC-V GCC compiler for running Linux programs with a one-liner:
sudo apt install gcc-12-riscv64-linux-gnu g++-12-riscv64-linux-gnu
Depending on your distro you may have access to GCC versions 10 to 14. Now you have a full Linux C/C++ compiler for 64-bit RISC-V.
To build smaller and leaner programs you will want a (limited) Linux userspace environment. Check out the guide on how to build a Newlib compiler.
cd emulator
./build.sh
./rvlinux <path to RISC-V ELF binary>Check out the CLI documentation.
The binaries folder contains several example programs.
The newlib and newlib64 example projects have much more C and C++ support, but still misses things like environment variables and such. This is a deliberate design as newlib is intended for embedded development. It supports C++ RTTI and exceptions, and is the best middle-ground for running a fuller C++ environment that still produces small binaries. You can run these programs with rvnewlib.
The linux and linux64 example projects require a Linux-configured cross compiler. You can run these programs with rvlinux.
The Go examples only require Go installed. Go produces complex RV64G ELF executables.
There are also examples for Nim, Zig, Rust and Nelua.
If you have built the emulator, you can use ./rvlinux --gdb /path/to/program to enable GDB to connect. Most distros have gdb-multiarch, which is a separate program from the default gdb. It will have RISC-V support already built in. Start your GDB like so: gdb-multiarch /path/to/program. Make sure your program is built with -O0 and with debuginfo present. Then, once in GDB connect with target remote :2159. Now you can step through the code.
Most modern languages embed their own pretty printers for debuginfo which enables you to go line by line in your favorite language.
The emulator currently supports RV32GCB, RV64GCB (imafdc_zicsr_zifence_zba_zbb_zbc_zbs) and RV128G. The A-, F-, D-, C- and B-extensions should be 100% supported on 32- and 64-bit. V-extension is undergoing work.
The 128-bit ISA support is experimental, and the specification is not yet complete.
Load a Linux program built for RISC-V and run through main:
#include <libriscv/machine.hpp>
int main(int /*argc*/, const char** /*argv*/)
{
// Load ELF binary from file
const std::vector<uint8_t> binary /* = ... */;
using namespace riscv;
// Create a 64-bit machine (with default options, see: libriscv/common.hpp)
Machine<RISCV64> machine { binary };
// Add program arguments on the stack, and set a few basic
// environment variables.
machine.setup_linux(
{"myprogram", "1st argument!", "2nd argument!"},
{"LC_TYPE=C", "LC_ALL=C", "USER=groot"});
// Add all the basic Linux system calls.
// This includes `exit` and `exit_group` which we will override below.
machine.setup_linux_syscalls();
// Install our own `exit_group` system call handler (for all 64-bit machines).
Machine<RISCV64>::install_syscall_handler(94, // exit_group
[] (Machine<RISCV64>& machine) {
const auto [code] = machine.sysarg <int> (0);
printf(">>> Program exited, exit code = %d\n", code);
machine.stop();
});
// This function will run until the exit syscall has stopped the
// machine, an exception happens which stops execution, or the
// instruction counter reaches the given 5bn instruction limit:
try {
machine.simulate(5'000'000'000ull);
} catch (const std::exception& e) {
fprintf(stderr, ">>> Runtime exception: %s\n", e.what());
}
}In order to have the machine not throw an exception when the instruction limit is reached, you can call simulate with the template argument false, instead:
machine.simulate<false>(5'000'000ull);If the machine runs out of instructions, it will now simply stop running. Use machine.instruction_limit_reached() to check if the machine stopped running because it hit the instruction limit.
You can limit the amount of (virtual) memory the machine can use like so:
const uint64_t memsize = 1024 * 1024 * 64ul;
riscv::Machine<riscv::RISCV32> machine { binary, { .memory_max = memsize } };You can find the MachineOptions structure in common.hpp.
You can find details on the Linux system call ABI online as well as in the docs. You can use these examples to handle system calls in your RISC-V programs. The system calls emulate normal Linux system calls, and is compatible with a normal Linux RISC-V compiler.
Check out the C API and the test project.
You can create your own custom instruction loop if you want to do things manually by yourself:
#include <libriscv/machine.hpp>
#include <libriscv/rv32i_instr.hpp>
...
Machine<RISCV64> machine{binary};
machine.setup_linux(
{"myprogram"},
{"LC_TYPE=C", "LC_ALL=C", "USER=root"});
machine.setup_linux_syscalls();
// Instruction limit is used to keep running
machine.set_max_instructions(50'000'000ull);
while (!machine.stopped()) {
auto& cpu = machine.cpu;
// Read next instruction
const auto instruction = cpu.read_next_instruction();
// Print the instruction to terminal
printf("%s\n", cpu.to_string(instruction).c_str());
// Execute instruction directly
cpu.execute(instruction);
// Increment PC to next instruction, and increment instruction counter
cpu.increment_pc(instruction.length());
machine.increment_counter(1);
}If we only want to run for a small amount of time and then leave the simulation, we can use the same example as above with an outer loop to keep it running as long as we want to until the machine stops normally.
do {
// Only execute 1000 instructions at a time
machine.reset_instruction_counter();
machine.set_max_instructions(1'000);
while (!machine.stopped())
{
auto& cpu = machine.cpu;
// Read next instruction
const auto instruction = cpu.read_next_instruction();
// Print the instruction to terminal
printf("%s\n", cpu.to_string(instruction).c_str());
// Execute instruction directly
cpu.execute(instruction);
// Increment PC to next instruction, and increment instruction counter
cpu.increment_pc(instruction.length());
machine.increment_counter(1);
}
} while (machine.instruction_limit_reached());The function machine.instruction_limit_reached() only returns true when the instruction limit was reached, and not if the machine stops normally. Using that we can keep going until either the machine stops, or an exception is thrown.
You can create a machine without a binary, with no ELF loader invoked:
Machine<RISCV32> machine;
machine.setup_minimal_syscalls();
std::vector<uint32_t> my_program {
0x29a00513, // li a0,666
0x05d00893, // li a7,93
0x00000073, // ecall
};
// Set main execute segment (12 instruction bytes)
const uint32_t dst = 0x1000;
machine.cpu.init_execute_area(my_program.data(), dst, 12);
// Jump to the start instruction
machine.cpu.jump(dst);
// Geronimo!
machine.simulate(1'000ull);The fuzzing program does this, so have a look at that. There are also unit tests.
See this unit test for an example on how to add your own instructions. They work in all simulation modes.
- Bytecode simulation using switch case
- Threaded bytecode simulation
- Tailcall bytecode simulation
This can be controlled with CMake options, however the default is usually fastest.
Using an RSP server:
- Step through the code using GDB and your programs embedded pretty printers
- Using CPU::step_one(), one can step one instruction
- Precise simulation with custom conditions
Using the debugging wrapper:
- Simulate one instruction at a time
- Verbose instruction logging
- Debugger CLI with commands
The binary translation feature (accessible by enabling the RISCV_BINARY_TRANSLATION CMake option) can greatly improve performance in most cases, but requires compiling the program on the first run. The RISC-V binary is scanned for code blocks that are safe to translate, and then a C compiler is invoked on the generated code. This step takes a long time. The resulting code is then dynamically loaded and ready to use. It is also possible to cross-compile the binary translation for end-user systems, such as Windows. In other words, it's possible to ship a game with not just a sandboxed RISC-V program, but also a complementary binary translated .dll in order to reap heavy performance gains.
You can control binary translation by passing CC and CFLAGS environment variables to the program that runs the emulator. You can show the compiler arguments using VERBOSE=1. Example: CFLAGS=-O2 VERBOSE=1 ./myemulator. You may use KEEPCODE=1 to preserve the generated code output from the translator for inspection. For the CLI, the --no-translate option can be used to disable binary translation in order to compare output or performance.
When embedded libtcc is enabled, by setting the CMake option RISCV_LIBTCC to ON, libriscv behaves like it's dynamically translated. libriscv will invoke libtcc on code generated for each execute segment, including those loaded from shared objects. You can use your distros libtcc-dev package, or embed libtcc with the emulator (default).
The read-write arena simplifies memory operations immediately outside of the loaded ELF, leaving the heap unprotectable. If page protections are needed, pages can still be allocated outside of the arena memory area, and there page protections will apply as normal. It is default-enabled, providing a performance boost. Disabling the read-write arena enables full virtual paging.
When binary translation is enabled, the option RISCV_LIBTCC is also available. libtcc will be embedded in the RISC-V emulator and used as a JIT-compiler. The libtcc-dev package will be required for building. It will give a handsome 25-100% performance boost compared to interpreter mode.
If you are seeing the error tcc: error: file 'libtcc1.a' not found, you can change to using the distro package instead by enabling RISCV_LIBTCC_DISTRO_PACKAGE, where libtcc1.a is pre-installed. In which case, install your distros libtcc-dev equivalent package. Otherwise, the CMake build scripts produces libtcc1.a and puts it at the root of the build folder. So, a very quick solution to the error is to just create a symbolic link: ln -fs build/libtcc1.a .. It is a run-time dependency of TCC.
It is possible to generate C99 freestanding source files from a binary translated program, embed it in a project at some later time, and automatically load and utilize the binary translation at run-time. This feature makes it possible to use full binary translation on platforms where it is ordinarily not possible. If a RISC-V program is changed without generating new sources, the emulator will (intentionally) not find these embedded functions and instead fall back to other modes, eg. interpreter mode. Changing a RISC-V program requires regenerating the sources and rebuilding the final program. This practically adds support for high-performance emulation on all console systems, for final/shipped builds.
In order to test this feature, follow these instructions:
cd emulator
./build.sh --bintr
./rvlinux -o test ~/github/coremark/coremark-rv32g_b
$ ls test*
test17A11122.cpp
./build.sh --embed test17A11122.cpp
./rvlinux -v ~/github/coremark/coremark-rv32g_b
$ ./rvlinux -v ~/github/coremark/coremark-rv32g_b
* Loading program of size 75145 from 0x77e75e5b2010 to virtual 0x10000 -> 0x22589
* Program segment readable: 1 writable: 0 executable: 1
* Loading program of size 1864 from 0x77e75e5c459c to virtual 0x2358c -> 0x23cd4
* Program segment readable: 1 writable: 1 executable: 0
Found embedded translation for hash 17A11122
...
CoreMark 1.0 : 35475.669603 / GCC13.2.0 -O3 -DPERFORMANCE_RUN=1 / Static
- The original RISC-V binary is still needed, as it is treated as the ultimate truth by the emulator
- If the RISC-V program changes, the emulator will not use the outdated embedded code and instead fall back to another emulation mode, eg. interpreter mode
- Many files can be embedded allowing for dynamic executables to be embedded, with all their dependencies
- The configuration settings of libriscv are added to the hash of the filename, so in order to use the generated code on other systems and platforms the configurations must match exactly
- Embedded segments can be re-used by many emulators, for high scalability
There is multiprocessing support, but it is in its early stages. It is achieved by simultaneously calling a (C/SYSV ABI) function on many machines, each with a unique CPU ID. The input data to be processed should exist beforehand. It is not well tested, and potential page table races are not well understood. That said, it passes manual testing and there is a unit test for the basic cases.
It is possible to map out the entire 32-bit address space for 32-bit RISC-V guests, such that memory operations no longer require bounds-checking. This mode usually goes with features like userfaultfd, however currently only the address space is created, fully readable and writable. This means the feature should not be used when sandboxing is necessary, and instead it makes more sense currently for running CLI applications from the terminal. It can be enabled with RISCV_EXPERIMENTAL and then RISCV_ENCOMPASSING_ARENA. 64-bit is supported by casting all addresses to 32-bit.
The feature is not restricted to just 32-bit address spaces. It can be configured by setting RISCV_ENCOMPASSING_ARENA_BITS to something other than 32. 32 is the fastest as addresses are replaced with 32-bit casts. For other N-bit address spaces, and-masking is used. For example, the bit value 27 represents a 128MB address space, and 33 is an 8GB address space.
When binary translation is enabled, all emulator settings have roughly the same performance. However, when in interpreter mode (eg. on devices where loading shared objects is not allowed), there are a few ways to reliably improve performance.
Disabling the C-extension increases interpreter speed by ~20-25%, but requires a custom RISC-V toolchain. Here's how to create one. There are technical reasons for this, and it will not get better over time.
The C-extension can be disabled by setting the RISCV_EXT_C CMake option to OFF:
cd build
cmake .. -DRISCV_EXT_C=OFF -DCMAKE_BUILD_TYPE=ReleaseOther build options that aid performance: Enabling link-time optimizations. Using the latest and greatest compiler version. Enabling all the native accelerated system calls. Enabling the read-write arena (default ON). Enabling experimental features, like 32-bit unbounded address space. Unrolling loops in the sandboxed program.
There is a simple step-by-step gamedev example under the examples folder. There are also examples for the C++, Rust, Nelua and Nim languages.
For a more complete and thorough implementation, have a look at RVScript. It embeds libriscv in a tiny example game framework and automatically builds fully functional C++ programs for ultra low-latency scripting.