Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug Report] Incorrect *tval for ecall/ebreak #898

Open
Phantom1003 opened this issue Jun 3, 2022 · 4 comments
Open

[Bug Report] Incorrect *tval for ecall/ebreak #898

Phantom1003 opened this issue Jun 3, 2022 · 4 comments
Assignees
Labels
Component:RTL For issues in the RTL (e.g. for files in the rtl directory) Status:In Progress Work on this issue has started, but is not complete. Type:Bug For bugs in the RTL, Documentation, Verification environment or Tool and Build system

Comments

@Phantom1003
Copy link
Contributor

Phantom1003 commented Jun 3, 2022

Our co-simulation framework found that the *tval of ecall/ebreak is incorrect.
In cva6, after ecall/ebreak, *tval will set to the machine code of the ecall/ebreak instruction.

In the following test case, after calling ebreak in s-mode, the value of mtval register is written to 0x100073, which is the machine code of ebreak instruction.

[spike] core   0: 0x0000000080000174 (0x00100193) li      gp, 1
[cva6]       664ns      649 S 0000000080000174 0 00100193 li             gp, 1
[cva6]  Exception @     66500, PC: 0000000080000178, Cause: Breakpoint, tval: 0000000000100073
[spike] core   0: 0x0000000080000178 (0x00100073) ebreak
[spike] core   0: exception trap_breakpoint, epc 0x0000000080000178
[spike] core   0:           tval 0x0000000080000178
... /* in handler */
[spike] core   0: 0x0000000080000190 (0x343022f3) csrr    t0, mtval
[error] WDATA SIM 0000000080000178, DUT 0000000000100073
[error] check board clear 5 error
[CJ]  integer register Judge Failed

riscv-priviledged P41 :If mtval is written with a nonzero value when a breakpoint, address-misaligned, access-fault, or page-fault exception occurs on an instruction fetch, load, or store, then mtval will contain the faulting virtual address.
According to specifications, mtval should be the faulting address (or zero).

Issue 448 tests the value in stval of ecall from user mode, our verification framework further discovered that ebreak also has the same bug, and both of them could be triggered under any privilege modes.

ebreak testcase: cva6-1.zip
ecall testcase: cva6-2.zip

@LuminaDCIX helps reproduce the problem

@zarubaf
Copy link
Contributor

zarubaf commented Jun 7, 2022

Indeed, the instruction bits are the default case for every instruction. Confirming that we are not complying.

ebreak/ecall should be able to be triggered from any privilege level, no? How would a syscall/debug call work otherwise from user space?

@Phantom1003
Copy link
Contributor Author

Thanks, the point we wanted to confirm was the mismatched *tval.
And sorry for the confusion in my description, we wanted to point out that the ecall/ebreak triggered in any privileged mode will produce a mismatched value, not just the case in user mode as mentioned in 448.

@MikeOpenHWGroup MikeOpenHWGroup added Component:RTL For issues in the RTL (e.g. for files in the rtl directory) Status:In Progress Work on this issue has started, but is not complete. labels Feb 11, 2023
@MikeOpenHWGroup MikeOpenHWGroup added the Type:Bug For bugs in the RTL, Documentation, Verification environment or Tool and Build system label Feb 11, 2023
@MikeOpenHWGroup
Copy link
Member

Hi @JeanRochCoulon, this issue appears to be a bug in the CVA6 RTL and so I am assigning it to you - please move to the appropriate engineer for a resolution.

@JeanRochCoulon
Copy link
Contributor

This issue should be covered by step1 verification. But I have a doubt. @ASintzoff can you give visibility on it ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Component:RTL For issues in the RTL (e.g. for files in the rtl directory) Status:In Progress Work on this issue has started, but is not complete. Type:Bug For bugs in the RTL, Documentation, Verification environment or Tool and Build system
Projects
None yet
Development

No branches or pull requests

5 participants