Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

misalligned trap handler in I-C-EBREAK-01 #16

Open
jeras opened this issue Sep 6, 2021 · 2 comments
Open

misalligned trap handler in I-C-EBREAK-01 #16

jeras opened this issue Sep 6, 2021 · 2 comments

Comments

@jeras
Copy link

jeras commented Sep 6, 2021
edited
Loading

The trap handler code in the test is misaligned and the tests is passing just by chance.

Form the disassembled code you can see the trap handler placement 00000000000003ba <_trap_handler> at 0x3ba, which is not 4-byte aligned:

0000000080000410 <rvtest_code_begin>:
    80000410:   00000097                auipc   ra,0x0
    80000414:   02a08093                addi    ra,ra,42 # 8000043a <_trap_handler>
    80000418:   30509ff3                csrrw   t6,mtvec,ra
    8000041c:   00002097                auipc   ra,0x2
    80000420:   be408093                addi    ra,ra,-1052 # 80002000 <begin_signature>

0000000080000424 <inst_0>:
    80000424:   11111137                lui     sp,0x11111
    80000428:   1111011b                addiw   sp,sp,273
    8000042c:   9002                    ebreak
    8000042e:   0000a023                sw      zero,0(ra)
    80000432:   305f9073                csrw    mtvec,t6
    80000436:   0240006f                j       8000045a <test_end>

000000008000043a <_trap_handler>:
    8000043a:   34102f73                csrr    t5,mepc
    8000043e:   0f09                    addi    t5,t5,2
    80000440:   341f1073                csrw    mepc,t5
    80000444:   34202f73                csrr    t5,mcause
    80000448:   01e0a023                sw      t5,0(ra)
    8000044c:   0020a223                sw      sp,4(ra)
    80000450:   0000a423                sw      zero,8(ra)
    80000454:   00b1                    addi    ra,ra,12
    80000456:   30200073                mret

In the trace you can see two details:

  1. While there is an attempt to write the misaligned address 0x43a from ra into mtvec, mtvec[1] remains zero, so mtvec becomes 0x438. If 1 were written into the reserved bit, then a reserved TVEC mode would be selected.
  2. The c.ebreak instruction causes a jump into the middle of the instruction 80000436: 0240006f j 8000045a <test_end> which is interpreted as a compressed instruction 0240 addi s0,sp,260. Since this instruction does not modify any checked registers, the test is not failing.
Info (ICV_ST) Starting coverage at 0x80000410
Info   ra feedbeadfeedbead -> 0000000080000410
Info 'riscvOVPsim/cpu', 0x0000000080000414(rvtest_code_begin+4): 02a08093 addi    ra,ra,42
Info   ra 0000000080000410 -> 000000008000043a
Info 'riscvOVPsim/cpu', 0x0000000080000418(rvtest_code_begin+8): 30509ff3 csrrw   t6,mtvec,ra
Info   t6 fbb6fab7fbb6fab7 -> 0000000080000004
Info   mtvec 0000000080000004 -> 0000000080000438
Info 'riscvOVPsim/cpu', 0x000000008000041c(rvtest_code_begin+c): 00002097 auipc   ra,0x2
Info   ra 000000008000043a -> 000000008000241c
Info 'riscvOVPsim/cpu', 0x0000000080000420(rvtest_code_begin+10): be408093 addi    ra,ra,-1052
Info   ra 000000008000241c -> 0000000080002000
Info 'riscvOVPsim/cpu', 0x0000000080000424(inst_0): 11111137 lui     sp,0x11111
Info   sp ff76df56ff76df56 -> 0000000011111000
Info 'riscvOVPsim/cpu', 0x0000000080000428(inst_0+4): 1111011b addiw   sp,sp,273
Info   sp 0000000011111000 -> 0000000011111111
Info 'riscvOVPsim/cpu', 0x000000008000042c(inst_0+8): 9002     ebreak
Info   mstatus 0000000a00000080 -> 0000000a00001800
Info   mepc 0000000080000080 -> 000000008000042c
Info   mcause 0000000000000000 -> 0000000000000003
Info   mtval 0000000000000000 -> 000000008000042c
Info 'riscvOVPsim/cpu', 0x0000000080000438(inst_0+14): 0240     addi    s0,sp,260
Info   s0 5bfddb7d5bfddb7d -> 0000000011111215
Info 'riscvOVPsim/cpu', 0x000000008000043a(_trap_handler): 34102f73 csrr    t5,mepc
Info   t5 f76df56ff76df56f -> 000000008000042c
Info 'riscvOVPsim/cpu', 0x000000008000043e(_trap_handler+4): 0f09     addi    t5,t5,2
Info   t5 000000008000042c -> 000000008000042e

The test can probably be fixed by adding alignment into riscv-test-suite/rv64i_m/C/src/I-C-EBREAK-01.S.

Some kind of detection when writing illegal values into CSR would help with this kind of issues.
@duncangraham-Imperas
Copy link
Contributor

Thank you for spotting this, we will get it fixed for the next upload/release.

@duncangraham-Imperas
Copy link
Contributor

I think this is now fixed, please could you check and close the issue if you are happy with the solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jeras @duncangraham-Imperas