☐ riscv-software-src / riscv-isa-sim (Public) <> Code • Issues 174 11 Pull requests 29 Actions Projects Wiki Jump to bottom

## [Bug Report] Incorret mask for mcontrol.action #1032

Open Phantom1003 opened this issue on Jun 16 · 2 comments

New issue



We triggered this bug by randomly writing data to csr.

If users try to set the sizelo field next to it (although it appears that spike does not yet support), it will cause an illegal action to be saved, and then the abort() will be triggered at line 337 below, causing the simulation to end.

```
riscv-isa-sim/riscv/execute.cc
Lines 327 to 337 in 89745ab
         switch (t.action) {
327
           case triggers::ACTION_DEBUG_MODE:
328
329
             enter_debug_mode(DCSR_CAUSE_HWBP);
330
331
           case triggers::ACTION_DEBUG_EXCEPTION: {
             trap_breakpoint trap(state.v, t.address);
332
             take_trap(trap, pc);
333
```

@ProjectDimlight helps reproduce the problem

cc to @timsifive

## Phantom1003 commented on Jun 17

Contributor

Author

Following is the test case we use, in this program we add a breakpoint to the 0x80000178 and specify the size field is 3.

```
0: 0x0000000080000140 (0x00000593) li
core
                                                a1, 0
core
      0: 0x0000000080000144 (0x7a059073) csrw
                                                tselect, a1
      0: 0x0000000080000148 (0x00000597) auipc
                                                a1, 0x0
core
      0: 0x000000008000014c (0x03058593) addi
                                                a1, a1, 48
core
core
      0: 0x0000000080000150 (0x7a259073) csrw
                                                tdata2, a1
      0: 0x0000000080000154 (0x7a2025f3) csrr
                                                a1, tdata2
core
: reg 0 a1 -> 0x0000000080000178
     0: 0x0000000080000158 (0x0010059b) addiw
                                                a1, zero, 1
core
core 0: 0x000000008000015c (0x02d59593) slli
                                                a1, a1, 45
core 0: 0x0000000080000160 (0x00358593) addi
                                                a1, a1, 3
core 0: 0x00000000080000164 (0x01059593) slli
                                                a1, a1, 16
      0: 0x0000000080000168 (0x05c58593) addi
                                                a1, a1, 92
core 0: 0x000000008000016c (0x7a159073) csrw
                                                tdata1, a1
: reg 0 a1 -> 0x200000000003005c
                                   (action was set to 48 here)
      0: 0x0000000080000170 (0x7a1025f3) csrr
                                                a1, tdata1
core
      0: 0x0000000080000174 (0x00100193) li
                                                gp, 1
core
[exit simulation]
```

spike-1.zip

## timsifive commented on Jun 17

Collaborator

This is definitely a bug, easily fixed by using the CSR\_MCONTROL\_ACTION macro instead of MCONTROL\_ACTION (which is out-of-date) in triggers.cc. But I've got a bunch of other stuff going on and it will take a while before I get to this.



| Assignees                    |  |  |
|------------------------------|--|--|
| No one assigned              |  |  |
| Labels                       |  |  |
| None yet                     |  |  |
| Projects                     |  |  |
| None yet                     |  |  |
| Milestone                    |  |  |
| No milestone                 |  |  |
| Development                  |  |  |
| No branches or pull requests |  |  |
|                              |  |  |

2 participants

