fixed RTL issues for exception prioirty (bound_vio vs misalignment) a…

…nd set_bounds base check for exp=24 case
microsoft · Feb 5, 2024 · ad90fc7 · ad90fc7
1 parent 2da44fd
commit ad90fc7
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 5 deletions.
diff --git a/rtl/cheri_ex.sv b/rtl/cheri_ex.sv
@@ -884,7 +884,6 @@ module cheri_ex import cheri_pkg::*; #(
     else
       addr_bound_vio = 1'b0;
 
-
     // main permission logic
     perm_vio_vec = 0;
     cs2_bad_type = 1'b0;
@@ -948,8 +947,19 @@ module cheri_ex import cheri_pkg::*; #(
 
   assign cheri_wb_err_d      = cheri_wb_err_raw & cheri_exec_id_i & ~debug_mode_i;
 
+  // addr_bound_vio is the timing optimized version (gating data_req) 
+  // However we need to generate full version of addr_bound_vio to match the sail exception 
+  // priority definition (bound_vio has higher priority over alignment_error).
+  // this has less timing impact since it goes to a flop stage
+  logic addr_bound_vio_ext;
+  logic [32:0] cheri_top_chkaddr_ext;
+
+  assign cheri_top_chkaddr_ext = cheri_ls_chkaddr + 8;   // extend to 33 bit for compare
+  assign addr_bound_vio_ext = is_cap ?  addr_bound_vio | (cheri_top_chkaddr_ext > rf_fullcap_a.top33) :
+                              addr_bound_vio;
+
   always_comb begin : err_cause_comb 
-    cheri_err_cause  = vio_cause_enc(addr_bound_vio, perm_vio_vec);
+    cheri_err_cause  = vio_cause_enc(addr_bound_vio_ext, perm_vio_vec);
     rv32_err_cause   = vio_cause_enc(addr_bound_vio_rv32, perm_vio_vec_rv32);
 
     ls_addr_misaligned_only = perm_vio_vec[PVIO_ALIGN] && (cheri_err_cause == 0);

diff --git a/rtl/cheri_pkg.sv b/rtl/cheri_pkg.sv
@@ -438,15 +438,20 @@ $display("--- set_bounds: exact = %x, ovrflw = %x, exp1 = %x, exp2 = %x, exp = %
 $display("--- set_bounds:  b1 = %x, t1 = %x, b2 = %x, t2 = %x", base1, top1, base2, top2);
 `endif
 
-    // Note in this case always addr >= base, but top < base or address is possible
-    //   so - addr_hi = FALSE, top_cor can only be either either 0 or +1;
+    // top/base correction values
+    //   Note the new base == addr >> exp, so addr_hi == FALSE, thus base_cor == 0
+    //   as such, top_cor can only be either either 0 or +1;
     out_cap.top_cor  = tophi ? 2'b00 : 2'b01;
     out_cap.base_cor = 2'b00;
 
     if (req_exact & (topoff | baseoff)) out_cap.valid = 1'b0;
 
     // we used the "requested top" to verify the results against original bounds
-    if (top33req > in_cap.top33 ) out_cap.valid = 1'b0;
+    // also compare address >= old base 32 to handle exp=24 case
+    //   exp = 24 case: can have addr < base (not covered by representibility checking);
+    //   other exp cases: always addr >= base when out_cap.tag == 1
+    if ((top33req > in_cap.top33) || (addr < in_cap.base32)) 
+      out_cap.valid = 1'b0;
 
     return out_cap;
   endfunction