Description
Our co-simulation framework found the decoder has an incorrect behavior when execute a dret with non-zero rd field.
According to the Debug Specification Version 1.0.0:
To resume execution, the debug module sets a flag which causes the hart to execute a
dret.dretis an instruction that only has meaning while in Debug Mode and not executing from the Program Buffer. Its recommended encoding is 0x7b200073.
When modified instr[11:7] to 5'b00001. cva6 treats this invalid dret as normal dret as well. No exception occurred. The implementation is missing a check for this field.
In the following test case, there is an invalid dret at 0x8000019c, whose rd field is 1, cva6 execute it as normal instruction, while spike throws an excaption.
[spike] core 0: 0x000000008000019c (0x7b200273) unknown
[spike] core 0: exception trap_illegal_instruction, epc 0x000000008000019c
[spike] core 0: tval 0x000000007b200273
[spike] core 0: 0x0000000080000004 (0x00000f17) auipc t5, 0x0
[error] PC SIM 0000000080000004, DUT 000000008000019c
[error] INSN SIM 00000f17, DUT 7b200273
[CJ] Commit Failed
[cva6] 786ns 771 D 000000008000019c 0 7b200273 INVALID // CVA6 continues to execute
[cva6] 1068ns 1053 S 000000008000017c 0 0ff0000f fence // subsequent instructions
We believe is the debug mode checking reset the correct signal:
Lines 134 to 135 in 909d85a
@LuminaDCIX helps reproduce the problem