search

chipsalliance / riscv-dv

Random instruction generator for RISC-V processor verification
Apache License 2.0
1.02k stars 328 forks source link

kIllegalCompressedOpcode generates valid instruction (```c.fswsp```) when XLEN=32 #927

Open atsushi-shinbo-esoltrinity opened 1 year ago

atsushi-shinbo-esoltrinity commented 1 year ago

Overview

The riscv-dv will generate kIllegalCompressedOpcode instruction sequence in the riscv_illegal_instr_test when the target supports C-extension.

kIllegalCompressedOpcode have to generate undefined/invalid instruction code on RV32C/RV64C. However, the problem is that valid instruction c.fswsp may included in kIllegalCompressedOpcode when target=rv32imafdc.

c.fswsp is valid instruction in RV32C. Executing this instruction is not expected in the program context. So, storing data to the stack memory may cause a corruption of the program flow and may cause unexpected behavior.

It seems other compressed floating point instructions also should be excluded form kIllegalCompressedOpcode when C+F/D-extention is enabled.

How to reproduce

python3 ./run.py --target rv32imafdc -si vcs --isa rv32imafdc -m ilp32 -tn riscv_illegal_instr_test -s gen,gcc_compile -o out --start_seed 200 -i 10
out/asm_test/riscv_illegal_instr_test_1.S

                csrrsi       tp, 0x340, 27
                .4byte 0xe4ee # kIllegalCompressedOpcode
                mul          a0, a0, t6

8000b984: 340de273 csrrsi tp,mscratch,27 8000b988: e4ee fsw fs11,72(sp) <--- valid instruction 8000b98a: 0000 unimp 8000b98c: 03f50533 mul a0,a0,t6


**Investigation**

- The riscv-dv defines ```legal_c10_opcode``` as following. ```3'b111``` is included only when XLEN=64.

riscv-dv/src/riscv_illegal_instr.sv

bit [2:0] legal_c10_opcode[$] = '{3'b000, 3'b010, 3'b100, 3'b110};

function void init(riscv_instr_gen_config cfg); if (riscv_instr_pkg::RV64I inside {riscv_instr_pkg::supported_isa}) begin legal_c00_opcode = {legal_c00_opcode, 3'b011, 3'b111}; legal_c10_opcode = {legal_c10_opcode, 3'b011, 3'b111}; end


- According to riscv-spec-20191213.pdf, ([15:13]=3'b111, [1:0]=2'b10) is also valid in RV32C as ```C.FSWSP```.
![image](https://user-images.githubusercontent.com/41603582/227415962-31ff7109-c76a-4c7d-bc20-2e9fd9c5131e.png)

**Version**

commit b032c397bc2fad23bd87ff2bacd6e2dc731fd318 Merge: 4cf18db 8a6e482 Author: Pradheep Kaliraj 41653565+pradheepkaliraj@users.noreply.github.com Date: Tue Feb 14 21:14:16 2023 -0800

JJ-Gaisler commented 1 year ago

I noticed this issue too and proposed a fix for it in PR #921