Skip to content

[BUG] PK Example results in seg fault

Created by: christian-lanius

Is there an existing CVA6 bug for this?

  • I have searched the existing bug issues

Bug Description

Commit 35f430d8 breaks the pk example (with Hello World) in questasim and vcs (but not in verilator for some reason). Before this commit, we get the expected output, but after this, an invalid instruction is read and the following error gets displayed:

# [TRACER] Output filename is: trace_hart_0.log
# [UART]: bbl loader
#                                                                                                                                                                                                                                            
# ** Warning:           1[l1 dcache] reading invalid instructions: vaddr=800044c0, data=xxxxxxxx
#    Time: 56631630 ns Started: 56631630 ns  Scope: ariane_tb.dut.i_ariane.i_cva6.i_cache_subsystem.a_invalid_instruction_fetch File: /home/lanius/code/cva6/cva6/core/cache_subsystem/wt_cache_subsystem.sv Line: 176
# ** Warning:           1[l1 dcache] reading invalid instructions: vaddr=000100c8, data=xxxxxxxx
#    Time: 57343150 ns Started: 57343150 ns  Scope: ariane_tb.dut.i_ariane.i_cva6.i_cache_subsystem.a_invalid_instruction_fetch File: /home/lanius/code/cva6/cva6/core/cache_subsystem/wt_cache_subsystem.sv Line: 176
# z  0000000000000000 ra 0000000000000000 sp 0000003ffffffb30 gp 0000000000000000
# tp 0000000000000000 t0 0000000000000000 t1 0000000000000000 t2 0000000000000000
# s0 0000000000000000 s1 0000000000000000 a0 0000000000000000 a1 0000000000000000
# a2 0000000000000000 a3 0000000000000000 a4 0000000000000000 a5 0000000000000000
# a6 0000000000000000 a7 0000000000000000 s2 0000000000000000 s3 0000000000000000
# s4 0000000000000000 s5 0000000000000000 s6 0000000000000000 s7 0000000000000000
# s8 0000000000000000 s9 0000000000000000 sA 0000000000000000 sB 0000000000000000
# t3 0000000000000000 t4 0000000000000000 t5 0000000000000000 t6 0000000000000000
# pc 00000000000100c4 va/inst 00000000000100c4 sr 8000000200006020
# User fetch segfault @ 0x00000000000100c4
# UVM_ERROR /home/lanius/code/cva6/cva6/corev_apu/tb/ariane_tb.sv(112) @ 91491750: reporter [Core Test] *** FAILED *** (tohost = 2147483647)

The exact command I used is

make sim elf-bin=$RISCV/riscv64-unknown-elf/bin/pk target-options=hello.elf batch-mode=1

I use the changes proposed in #988 to get the simulation to run. I got to the linked commit by bisecting the simulation, one before and it works, that one and it breaks. I have attached the trace logs for the two cases to this issue as well. trace_hart_0_commit.log trace_hart_0_commit_broken_shortened.log I had to shorten the broken commit log to fulfill the github requirements. The first difference occurs around line 146088, where in the correct simulation,

ld             a0, 0(s8)             a0  :0000000000000000 s8  :ffffffc000098000 VA: ffffffc000098000 PA: 00000080098000

and in broken simulation

ld             a0, 0(s8)             a0  :000000008009b000 s8  :ffffffc000098000 VA: ffffffc000098000 PA: 00000080098000

Note that this happens after 44025850ns, so well before the actual issue results in an error. I am not sure if this is linked to the issue I am seeing.

It seems in general, the questasim and VCS flows are not well tested (there are some other issues, like the target-options not propagating to VCS). Is it possible to extend the CI flow to run the same tests on the two simulators as well? This would have caught the issue raised in #1008 (closed). Running a barebones pk example as part of the pipeline should find the problem discussed in this issue.

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent