[Question] mepc value on instruction access fault exception #938
Comments
|
The address of the instruction that was attempted to be fetched goes into
|
According to the priv. spec. instruction access fault and instruction page fault exception have the same priority (see cutout below). From my understanding
|
Yes, so what? I was explaining why Although the same thing could happen with an access fault on the second half of a page crossing. |
Oh course they are not redundant. I'm just trying to understand the behavior of I thought that for async. exceptions So, in my understanding that meant Seems like I got something wrong 😅 |
An access fault is not an async exception. If an instruction's execution causes a fault then yes its PC would end up in |
That's the point! 😉 The instruction access fault I tried to setup a table that shows which values will be written to
Maybe it would be good to have something like that in the RISC-V ISA manual - even if some points might be highly implementation-defined 😉 Anyway, seems like I was on the wrong track here... Thanks for clearing! |
By "interrupt bit" I assume you are talking about the top bit of An async interrupt means the timing of the trap is not connected to the specific sequence of instructions that were executing. It can come at any time and was not necessarily caused by anything in the instruction pipeline. |
Sorry, typo. This is what I actually meant:
Right.
That is the point :D If
I understood that. |
|
Another example to (hopefully) illustrate the cause of my confusion: 😅
So in the first case we have a SYNC exception, but in the second case we have an ASYNC exception, right? In both cases the "interrupt" bit of Thanks again for all your help! 😉 |
|
No, the second case is still synchronous. It sounds like you are conflating the value that populates mepc with whether the event is synchronous. Synchronous events are those that occur in a consistent fashion with respect to the instruction stream. Obviously, access faults fall into that classification. mepc always points to the place that execution should resume after the trap is processed, provided the trap is resumable. For most fetch-related exceptions, that means it contains the address of the instruction being fetched. Misaligned fetch exceptions are never resumable—they signify an irrecoverable error in the program. They are the special case here. We report the exception on the earlier PC because it helps with debugging and because it’s easy to implement. Access exceptions fall into the standard bucket: mepc points to where execution should resume. |
|
Soapbox time: misaligned access handling.
Just because HW misaligned accesses are supported doesn't mean that
misaligned accesses won't trap.
E.g. fetches (and stores) could be broken up and if the access crosses a
protection, translation or PMA boundary,
and one of the halves doesn't have legal permissions, translations or type,
xTVAL will point to just that half (with an illegal access cause - not
misaligned)
But, because the order of the accesses can be implementation specific, you
might not be able to depend on exactly which half is reported in xTVAL
(if both are illegal, so probably you don't care), or whether the other
half got stored in memory before the trap (in which case its a bit more
complicated)
But misaligned load/store accesses (but not instruction fetches) could also
trap even if both halves are legal - but not necessarily deterministically
- from an architectural perspective.
And that could depend on both architectural state, and microarchitectural
state.
e.g. if an access crosses a cacheline or protection boundary (architectural)
or an access crosses one of those boundaries and one half is not
currently resident in a cache or TLB (microarchitectural) .
The latter means you could execute the same instruction with the same
address at two different times, and sometimes it will trap, and sometimes
it won't.
And finally there is the corner case on top of the corner case, when both
misaligned and illegal conditions are met,
An implementation is allowed to set the priority of a misaligned access
exception to be either higher or lower than illegal access or page fault
exceptions,
so implementation independent code won't know which of those will be
reported.
Note that this only affects the xCAUSE CSR and not xTVAL
…On Fri, Dec 16, 2022 at 10:16 AM Andrew Waterman ***@***.***> wrote:
No, the second case is still synchronous.
It sounds like you are conflating the value that populates mepc with
whether the event is synchronous. Synchronous events are those that occur
in a consistent fashion with respect to the instruction stream. Obviously,
access faults fall into that classification.
mepc always points to the place that execution should resume after the
trap is processed, provided the trap is resumable. For most fetch-related
exceptions, that means it contains the address of the instruction being
fetched.
Misaligned fetch exceptions are never resumable—they signify an
irrecoverable error in the program. They are the special case here. We
report the exception on the earlier PC because it helps with debugging and
because it’s easy to implement.
Access exceptions fall into the standard bucket: mepc points to where
execution should resume.
—
Reply to this email directly, view it on GitHub
<#938 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHPXVJS6GB7ZXU67MVZ2WBLWNSWYBANCNFSM6AAAAAATAWNJOQ>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
I should have added: all of these corner cases are still synchronous
- they depend on the conditions at the time of instruction execution, and
their timing won't change. just their presence
On Fri, Dec 16, 2022 at 4:52 PM Allen Baum ***@***.***>
wrote:
… Soapbox time: misaligned access handling.
Just because HW misaligned accesses are supported doesn't mean that
misaligned accesses won't trap.
E.g. fetches (and stores) could be broken up and if the access crosses a
protection, translation or PMA boundary,
and one of the halves doesn't have legal permissions, translations or
type, xTVAL will point to just that half (with an illegal access cause -
not misaligned)
But, because the order of the accesses can be implementation specific, you
might not be able to depend on exactly which half is reported in xTVAL
(if both are illegal, so probably you don't care), or whether the other
half got stored in memory before the trap (in which case its a bit more
complicated)
But misaligned load/store accesses (but not instruction fetches) could
also trap even if both halves are legal - but not necessarily
deterministically - from an architectural perspective.
And that could depend on both architectural state, and microarchitectural
state.
e.g. if an access crosses a cacheline or protection boundary
(architectural)
or an access crosses one of those boundaries and one half is not
currently resident in a cache or TLB (microarchitectural) .
The latter means you could execute the same instruction with the same
address at two different times, and sometimes it will trap, and sometimes
it won't.
And finally there is the corner case on top of the corner case, when both
misaligned and illegal conditions are met,
An implementation is allowed to set the priority of a misaligned access
exception to be either higher or lower than illegal access or page fault
exceptions,
so implementation independent code won't know which of those will be
reported.
Note that this only affects the xCAUSE CSR and not xTVAL
On Fri, Dec 16, 2022 at 10:16 AM Andrew Waterman ***@***.***>
wrote:
> No, the second case is still synchronous.
>
> It sounds like you are conflating the value that populates mepc with
> whether the event is synchronous. Synchronous events are those that occur
> in a consistent fashion with respect to the instruction stream. Obviously,
> access faults fall into that classification.
>
> mepc always points to the place that execution should resume after the
> trap is processed, provided the trap is resumable. For most fetch-related
> exceptions, that means it contains the address of the instruction being
> fetched.
>
> Misaligned fetch exceptions are never resumable—they signify an
> irrecoverable error in the program. They are the special case here. We
> report the exception on the earlier PC because it helps with debugging and
> because it’s easy to implement.
>
> Access exceptions fall into the standard bucket: mepc points to where
> execution should resume.
>
> —
> Reply to this email directly, view it on GitHub
> <#938 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AHPXVJS6GB7ZXU67MVZ2WBLWNSWYBANCNFSM6AAAAAATAWNJOQ>
> .
> You are receiving this because you are subscribed to this thread.Message
> ID: ***@***.***>
>
|
|
I think OP's question has been answered, so I'll close the issue. Please reopen if I'm wrong. |
|
@allenjbaum @scottj97 @aswaterman Thank you all for the detailed explanations! For the recordsI should have read the priv. spec, more carefully... This is what I just found: 😅
|
Setup: simple
rv32iarchitecture, machine-mode onlyIf the CPU encounters an instruction access fault exception while accessing a specific address (for example
0x00000204), what value should be written to themepcCSR?As far as I understand, the trap value CSR
mtvalwill be set to the address that caused the exception -0x00000204in this case. But what aboutmepc? The spec. says:But in this case there is no instruction that was interrupted nor that explicitly caused the exception (so nothing like an
ebreakinstruction that explicitly raise an exception) - the exception was rather caused by the instruction fetch.Should
mepcalso be set to0x00000204(which feels somehow redundant asmtvalalready shows this address) or shouldmepcbe set to the previously-executed instruction (so0x00000200in this case)?Or is this something that is platform-defined? 😅
The text was updated successfully, but these errors were encountered: