Closed
Description
Hi, we are currently doing some co-simulation with cva6 and spike, and we found the decoder has an incorrect behavior when meeting a sfence.vma with non-zero rd field.
According to the ISA Specification (Volume II: RISC-V Privileged Architectures V20211203 Page 152) for the SFENCE.VMA format, instr[11:7] should be 5'b00000.
When modified instr[11:7] to 5'b00001. cva6 treats this instruction as SFENCE.VMA as well. No exception occurred. The implementation is missing a check for this field.
Lines 152 to 165 in 44a89b9
In the following test case, there is an invalid sfence.vma at 0x80000190, whose rd field is 1, cva6 execute it as normal instruction, while spike throws an excaption.
[cva6] 532890ns 26637 M 000000008000018c 0 12000073 sfence.vma
[spike] core 0: 0x000000008000018c (0x12000073) sfence.vma zero, zero
[cva6] 534950ns 26740 M 0000000080000190 0 120000f3 sfence.vma
[spike] core 0: 0x0000000080000190 (0x120000f3) unknown
[spike] core 0: exception trap_illegal_instruction, epc 0x0000000080000190
[spike] core 0: tval 0x0000000000000000
@LuminaDCIX helps reproduce the problem
Metadata
Metadata
Assignees
Labels
No labels