From 26ba9a1658265cf411030192de33031e3e3dfe0a Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Thu, 21 Aug 2025 11:56:06 +0000 Subject: [PATCH 1/7] feat: added operation fields for zicfiss instructions --- spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml | 24 +++++++++++++++++++-- spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml | 24 +++++++++++++++++++-- spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml | 25 ++++++++++++++++++++-- spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml | 25 ++++++++++++++++++++-- spec/std/isa/inst/Zicfiss/sspush.x1.yaml | 23 ++++++++++++++++++-- spec/std/isa/inst/Zicfiss/sspush.x5.yaml | 23 ++++++++++++++++++-- spec/std/isa/inst/Zicfiss/ssrdp.yaml | 19 +++++++++++++++- 7 files changed, 150 insertions(+), 13 deletions(-) diff --git a/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml b/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml index 99b3ab3c94..f2b114ff8d 100644 --- a/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml +++ b/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml @@ -6,9 +6,11 @@ $schema: inst_schema.json# kind: instruction name: ssamoswap.d -long_name: No synopsis available +long_name: Atomic Swap from a Shadow Stack Location description: | - No description available. + The `ssamoswap.w` atomically loads a 64-bit data value from address of a shadow + stack location in rs1, puts the loaded value into register rd, and stores the + 64-bit value held in rs2 to the original address in rs1. definedBy: Zicfiss assembly: xd, xs2, xs1 encoding: @@ -31,3 +33,21 @@ access: vu: always data_independent_timing: false operation(): | + Csr csr_handle = direct_csr_lookup(12'h011); + + if (csr_handle.valid == false) { + unimplemented_csr($encoding); + } else if (!implemented?(ExtensionName::S)) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } else if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || + (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || + (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } + + if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { + X[xd] = read_memory<64>(X[xs1], $encoding); + write_memory<64>(X[xs1], X[xs2], $encoding); + } diff --git a/spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml b/spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml index 0c21c13d09..083f8426d4 100644 --- a/spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml +++ b/spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml @@ -6,9 +6,11 @@ $schema: inst_schema.json# kind: instruction name: ssamoswap.w -long_name: No synopsis available +long_name: Atomic Swap from a Shadow Stack Location description: | - No description available. + The `ssamoswap.w` atomically loads a 32-bit data value from address of a shadow + stack location in rs1, puts the loaded value into register rd, and stores the + 32-bit value held in rs2 to the original address in rs1. definedBy: Zicfiss assembly: xd, xs2, xs1 encoding: @@ -31,3 +33,21 @@ access: vu: always data_independent_timing: false operation(): | + Csr csr_handle = direct_csr_lookup(12'h011); + + if (csr_handle.valid == false) { + unimplemented_csr($encoding); + } else if (!implemented?(ExtensionName::S)) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } else if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || + (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || + (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } + + if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { + X[xd] = $signed(read_memory<32>(X[xs1][31:0], $encoding)); + write_memory<32>(X[xs1], X[xs2][31:0], $encoding); + } diff --git a/spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml b/spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml index 685ca04ad1..173ade8e43 100644 --- a/spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml +++ b/spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml @@ -6,9 +6,10 @@ $schema: inst_schema.json# kind: instruction name: sspopchk.x1 -long_name: No synopsis available +long_name: Pop from the Shadow Stack description: | - No description available. + A shadow stack pop operation is defined as an XLEN wide read from the current top + of the shadow stack followed by an increment of the ssp by XLEN/8. definedBy: Zicfiss assembly: sspopchk_x1 encoding: @@ -21,3 +22,23 @@ access: vu: always data_independent_timing: false operation(): | + Csr csr_handle = direct_csr_lookup(12'h011); + + if (csr_handle.valid == false) { + unimplemented_csr($encoding); + } else if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || + (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || + (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } + + if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { + Bits ssp = csr_sw_read(csr_handle); + XReg temp = read_memory(ssp, $encoding); + if (temp != X[1]) { + raise(ExceptionCode::SoftwareCheck, mode(), $encoding); + } else { + csr_sw_write(csr_handle, (ssp + (XLEN/8))); + } diff --git a/spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml b/spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml index c660552ba4..b1351a67f6 100644 --- a/spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml +++ b/spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml @@ -6,9 +6,10 @@ $schema: inst_schema.json# kind: instruction name: sspopchk.x5 -long_name: No synopsis available +long_name: Pop from the Shadow Stack description: | - No description available. + A shadow stack pop operation is defined as an XLEN wide read from the current top + of the shadow stack followed by an increment of the ssp by XLEN/8. definedBy: Zicfiss assembly: sspopchk_x5 encoding: @@ -21,3 +22,23 @@ access: vu: always data_independent_timing: false operation(): | + Csr csr_handle = direct_csr_lookup(12'h011); + + if (csr_handle.valid == false) { + unimplemented_csr($encoding); + } else if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || + (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || + (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } + + if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { + Bits ssp = csr_sw_read(csr_handle); + XReg temp = read_memory(ssp, $encoding); + if (temp != X[5]) { + raise(ExceptionCode::SoftwareCheck, mode(), $encoding); + } else { + csr_sw_write(csr_handle, (ssp + (XLEN/8))); + } diff --git a/spec/std/isa/inst/Zicfiss/sspush.x1.yaml b/spec/std/isa/inst/Zicfiss/sspush.x1.yaml index aa94160293..c28f9150d9 100644 --- a/spec/std/isa/inst/Zicfiss/sspush.x1.yaml +++ b/spec/std/isa/inst/Zicfiss/sspush.x1.yaml @@ -6,9 +6,11 @@ $schema: inst_schema.json# kind: instruction name: sspush.x1 -long_name: No synopsis available +long_name: Push to the Shadow Stack description: | - No description available. + A shadow stack push operation is defined as decrement of the ssp by XLEN/8 + followed by a store of the value in the link register to memory at the new + top of the shadow stack. definedBy: Zicfiss assembly: sspush_x1 encoding: @@ -21,3 +23,20 @@ access: vu: always data_independent_timing: false operation(): | + Csr csr_handle = direct_csr_lookup(12'h011); + + if (csr_handle.valid == false) { + unimplemented_csr($encoding); + } else if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || + (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || + (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } + + if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { + Bits ssp = csr_sw_read(csr_handle) - (XLEN/8); + write_memory(ssp, X[1], $encoding); + csr_sw_write(csr_handle, ssp); + } diff --git a/spec/std/isa/inst/Zicfiss/sspush.x5.yaml b/spec/std/isa/inst/Zicfiss/sspush.x5.yaml index 95300ec8fe..9752f473ff 100644 --- a/spec/std/isa/inst/Zicfiss/sspush.x5.yaml +++ b/spec/std/isa/inst/Zicfiss/sspush.x5.yaml @@ -6,9 +6,11 @@ $schema: inst_schema.json# kind: instruction name: sspush.x5 -long_name: No synopsis available +long_name: Push to the Shadow Stack description: | - No description available. + A shadow stack push operation is defined as decrement of the ssp by XLEN/8 + followed by a store of the value in the link register to memory at the new + top of the shadow stack. definedBy: Zicfiss assembly: sspush_x5 encoding: @@ -21,3 +23,20 @@ access: vu: always data_independent_timing: false operation(): | + Csr csr_handle = direct_csr_lookup(12'h011); + + if (csr_handle.valid == false) { + unimplemented_csr($encoding); + } else if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || + (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || + (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } + + if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { + Bits ssp = csr_sw_read(csr_handle) - (XLEN/8); + write_memory(ssp, X[5], $encoding); + csr_sw_write(csr_handle, ssp); + } diff --git a/spec/std/isa/inst/Zicfiss/ssrdp.yaml b/spec/std/isa/inst/Zicfiss/ssrdp.yaml index 3d5a019def..88990315e5 100644 --- a/spec/std/isa/inst/Zicfiss/ssrdp.yaml +++ b/spec/std/isa/inst/Zicfiss/ssrdp.yaml @@ -8,7 +8,7 @@ kind: instruction name: ssrdp long_name: Read ssp into a Register description: | - No description available. + The SSRDP instruction is provided to move the contents of ssp to a destination register. definedBy: Zicfiss assembly: xd encoding: @@ -24,3 +24,20 @@ access: vu: always data_independent_timing: false operation(): | + Csr csr_handle = direct_csr_lookup(12'h011); + + if (csr_handle.valid == false) { + unimplemented_csr($encoding); + } else if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || + (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || + (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } + + if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { + X[xd] = csr_sw_read(csr_handle); + } else { + X[xd] = 0; + } From 4209a09325bdd5295ac8fb05b110191f08e3c61f Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Fri, 22 Aug 2025 19:23:35 +0000 Subject: [PATCH 2/7] feat: updated the files as suggested --- spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml | 9 +++++---- spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml | 9 +++++---- spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml | 3 ++- spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml | 3 ++- spec/std/isa/inst/Zicfiss/sspush.x1.yaml | 9 +++++---- spec/std/isa/inst/Zicfiss/sspush.x5.yaml | 9 +++++---- spec/std/isa/inst/Zicfiss/ssrdp.yaml | 5 +++-- 7 files changed, 27 insertions(+), 20 deletions(-) diff --git a/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml b/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml index f2b114ff8d..e93323c999 100644 --- a/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml +++ b/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml @@ -6,11 +6,11 @@ $schema: inst_schema.json# kind: instruction name: ssamoswap.d -long_name: Atomic Swap from a Shadow Stack Location +long_name: Atomic Swap Doubleword from a Shadow Stack Location description: | The `ssamoswap.w` atomically loads a 64-bit data value from address of a shadow - stack location in rs1, puts the loaded value into register rd, and stores the - 64-bit value held in rs2 to the original address in rs1. + stack location in xs1, puts the loaded value into register xd, and stores the + 64-bit value held in xs2 to the original address in xs1. definedBy: Zicfiss assembly: xd, xs2, xs1 encoding: @@ -33,7 +33,8 @@ access: vu: always data_independent_timing: false operation(): | - Csr csr_handle = direct_csr_lookup(12'h011); + Bits<12> ssp_addr = 0x011; + Csr csr_handle = direct_csr_lookup(ssp_addr); if (csr_handle.valid == false) { unimplemented_csr($encoding); diff --git a/spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml b/spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml index 083f8426d4..2a27c9b4ee 100644 --- a/spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml +++ b/spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml @@ -6,11 +6,11 @@ $schema: inst_schema.json# kind: instruction name: ssamoswap.w -long_name: Atomic Swap from a Shadow Stack Location +long_name: Atomic Swap Word from a Shadow Stack Location description: | The `ssamoswap.w` atomically loads a 32-bit data value from address of a shadow - stack location in rs1, puts the loaded value into register rd, and stores the - 32-bit value held in rs2 to the original address in rs1. + stack location in xs1, puts the loaded value into register xd, and stores the + 32-bit value held in xs2 to the original address in xs1. definedBy: Zicfiss assembly: xd, xs2, xs1 encoding: @@ -33,7 +33,8 @@ access: vu: always data_independent_timing: false operation(): | - Csr csr_handle = direct_csr_lookup(12'h011); + Bits<12> ssp_addr = 0x011; + Csr csr_handle = direct_csr_lookup(ssp_addr); if (csr_handle.valid == false) { unimplemented_csr($encoding); diff --git a/spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml b/spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml index 173ade8e43..d7a177c4fc 100644 --- a/spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml +++ b/spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml @@ -22,7 +22,8 @@ access: vu: always data_independent_timing: false operation(): | - Csr csr_handle = direct_csr_lookup(12'h011); + Bits<12> ssp_addr = 0x011; + Csr csr_handle = direct_csr_lookup(ssp_addr); if (csr_handle.valid == false) { unimplemented_csr($encoding); diff --git a/spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml b/spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml index b1351a67f6..8be28309ec 100644 --- a/spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml +++ b/spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml @@ -22,7 +22,8 @@ access: vu: always data_independent_timing: false operation(): | - Csr csr_handle = direct_csr_lookup(12'h011); + Bits<12> ssp_addr = 0x011; + Csr csr_handle = direct_csr_lookup(ssp_addr); if (csr_handle.valid == false) { unimplemented_csr($encoding); diff --git a/spec/std/isa/inst/Zicfiss/sspush.x1.yaml b/spec/std/isa/inst/Zicfiss/sspush.x1.yaml index c28f9150d9..887316cbf5 100644 --- a/spec/std/isa/inst/Zicfiss/sspush.x1.yaml +++ b/spec/std/isa/inst/Zicfiss/sspush.x1.yaml @@ -6,11 +6,11 @@ $schema: inst_schema.json# kind: instruction name: sspush.x1 -long_name: Push to the Shadow Stack +long_name: Push to the Shadow Stack from register x1 description: | A shadow stack push operation is defined as decrement of the ssp by XLEN/8 - followed by a store of the value in the link register to memory at the new - top of the shadow stack. + followed by a store of the value in the link register x1 to memory at the + new top of the shadow stack. definedBy: Zicfiss assembly: sspush_x1 encoding: @@ -23,7 +23,8 @@ access: vu: always data_independent_timing: false operation(): | - Csr csr_handle = direct_csr_lookup(12'h011); + Bits<12> ssp_addr = 0x011; + Csr csr_handle = direct_csr_lookup(ssp_addr); if (csr_handle.valid == false) { unimplemented_csr($encoding); diff --git a/spec/std/isa/inst/Zicfiss/sspush.x5.yaml b/spec/std/isa/inst/Zicfiss/sspush.x5.yaml index 9752f473ff..c8d7322a88 100644 --- a/spec/std/isa/inst/Zicfiss/sspush.x5.yaml +++ b/spec/std/isa/inst/Zicfiss/sspush.x5.yaml @@ -6,11 +6,11 @@ $schema: inst_schema.json# kind: instruction name: sspush.x5 -long_name: Push to the Shadow Stack +long_name: Push to the Shadow Stack from register x5 description: | A shadow stack push operation is defined as decrement of the ssp by XLEN/8 - followed by a store of the value in the link register to memory at the new - top of the shadow stack. + followed by a store of the value in the link register x5 to memory at the + new top of the shadow stack. definedBy: Zicfiss assembly: sspush_x5 encoding: @@ -23,7 +23,8 @@ access: vu: always data_independent_timing: false operation(): | - Csr csr_handle = direct_csr_lookup(12'h011); + Bits<12> ssp_addr = 0x011; + Csr csr_handle = direct_csr_lookup(ssp_addr); if (csr_handle.valid == false) { unimplemented_csr($encoding); diff --git a/spec/std/isa/inst/Zicfiss/ssrdp.yaml b/spec/std/isa/inst/Zicfiss/ssrdp.yaml index 88990315e5..5029b2150b 100644 --- a/spec/std/isa/inst/Zicfiss/ssrdp.yaml +++ b/spec/std/isa/inst/Zicfiss/ssrdp.yaml @@ -8,7 +8,7 @@ kind: instruction name: ssrdp long_name: Read ssp into a Register description: | - The SSRDP instruction is provided to move the contents of ssp to a destination register. + Move the contents of ssp to a destination register. definedBy: Zicfiss assembly: xd encoding: @@ -24,7 +24,8 @@ access: vu: always data_independent_timing: false operation(): | - Csr csr_handle = direct_csr_lookup(12'h011); + Bits<12> ssp_addr = 0x011; + Csr csr_handle = direct_csr_lookup(ssp_addr); if (csr_handle.valid == false) { unimplemented_csr($encoding); From 995c7330e6fce73a142fc121a59a6c0ad78398d1 Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Mon, 25 Aug 2025 12:41:02 +0000 Subject: [PATCH 3/7] used an atomic swap operation for ssamoswap.w/d --- spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml | 11 +++-------- spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml | 11 +++-------- 2 files changed, 6 insertions(+), 16 deletions(-) diff --git a/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml b/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml index e93323c999..32a0304fde 100644 --- a/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml +++ b/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml @@ -33,12 +33,7 @@ access: vu: always data_independent_timing: false operation(): | - Bits<12> ssp_addr = 0x011; - Csr csr_handle = direct_csr_lookup(ssp_addr); - - if (csr_handle.valid == false) { - unimplemented_csr($encoding); - } else if (!implemented?(ExtensionName::S)) { + if (!implemented?(ExtensionName::S)) { raise(ExceptionCode::IllegalInstruction, mode(), $encoding); } else if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { @@ -49,6 +44,6 @@ operation(): | } if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { - X[xd] = read_memory<64>(X[xs1], $encoding); - write_memory<64>(X[xs1], X[xs2], $encoding); + XReg addr_in_ssp = X[xs1]; + X[xd] = amo<64>(addr_in_ssp, X[xs2], AmoOperation::Swap, aq, rl, $encoding); } diff --git a/spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml b/spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml index 2a27c9b4ee..3fdc94a7e8 100644 --- a/spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml +++ b/spec/std/isa/inst/Zicfiss/ssamoswap.w.yaml @@ -33,12 +33,7 @@ access: vu: always data_independent_timing: false operation(): | - Bits<12> ssp_addr = 0x011; - Csr csr_handle = direct_csr_lookup(ssp_addr); - - if (csr_handle.valid == false) { - unimplemented_csr($encoding); - } else if (!implemented?(ExtensionName::S)) { + if (!implemented?(ExtensionName::S)) { raise(ExceptionCode::IllegalInstruction, mode(), $encoding); } else if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { @@ -49,6 +44,6 @@ operation(): | } if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { - X[xd] = $signed(read_memory<32>(X[xs1][31:0], $encoding)); - write_memory<32>(X[xs1], X[xs2][31:0], $encoding); + XReg addr_in_ssp = X[xs1]; + X[xd] = amo<32>(addr_in_ssp, X[xs2][31:0], AmoOperation::Swap, aq, rl, $encoding); } From 23b883d015aec3dab93501e0905a09dafb7af6b5 Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Tue, 26 Aug 2025 09:13:28 +0000 Subject: [PATCH 4/7] added base 64 in ssamoswap.d.yaml file --- spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml b/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml index 32a0304fde..7d0fd86d82 100644 --- a/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml +++ b/spec/std/isa/inst/Zicfiss/ssamoswap.d.yaml @@ -13,6 +13,7 @@ description: | 64-bit value held in xs2 to the original address in xs1. definedBy: Zicfiss assembly: xd, xs2, xs1 +base: 64 encoding: match: 01001------------011-----0101111 variables: From 3a0a8273d609ea260e0d4af0585f6910f3e2197a Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Mon, 1 Sep 2025 07:22:40 +0000 Subject: [PATCH 5/7] added c.sspush and c.sspopchk yaml files --- spec/schemas/inst_schema.json | 53 ++++++++++++++++++----- spec/std/isa/inst/Zcmop/c.mop.n.yaml | 7 +++ spec/std/isa/inst/Zicfiss/c.sspopchk.yaml | 45 +++++++++++++++++++ spec/std/isa/inst/Zicfiss/c.sspush.yaml | 43 ++++++++++++++++++ 4 files changed, 136 insertions(+), 12 deletions(-) create mode 100644 spec/std/isa/inst/Zicfiss/c.sspopchk.yaml create mode 100644 spec/std/isa/inst/Zicfiss/c.sspush.yaml diff --git a/spec/schemas/inst_schema.json b/spec/schemas/inst_schema.json index f1a8aa206a..46d229358c 100644 --- a/spec/schemas/inst_schema.json +++ b/spec/schemas/inst_schema.json @@ -337,19 +337,48 @@ "hints": { "type": "array", "items": { - "type": "object", - "properties": { - "$ref": { - "type": "string", - "format": "uri-reference", - "pattern": "^inst/.+\\.yaml#.*$", - "description": "Ref to an instruction that is using a HINT codepoint(s) of this instruction" + "oneOf": [ + { + "type": "object", + "properties": { + "$ref": { + "type": "string", + "format": "uri-reference", + "pattern": "^inst/.+\\.yaml#.*$", + "description": "Ref to an instruction that is using a HINT codepoint(s) of this instruction" + } + }, + "required": ["$ref"], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "when": { + "type": "string", + "description": "Condition under which the following refs apply" + }, + "refs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "$ref": { + "type": "string", + "format": "uri-reference", + "pattern": "^inst/.+\\.yaml#.*$" + } + }, + "required": ["$ref"], + "additionalProperties": false + } + } + }, + "required": ["when", "refs"], + "additionalProperties": false } - }, - "required": ["$ref"], - "additionalProperties": false - }, - "description": "List of HINTs that use this instruction's codepoints" + ] + } }, "base": { "enum": [32, 64], diff --git a/spec/std/isa/inst/Zcmop/c.mop.n.yaml b/spec/std/isa/inst/Zcmop/c.mop.n.yaml index 3ccdb34795..9ed0199833 100644 --- a/spec/std/isa/inst/Zcmop/c.mop.n.yaml +++ b/spec/std/isa/inst/Zcmop/c.mop.n.yaml @@ -21,6 +21,13 @@ access: vs: always vu: always data_independent_timing: false +hints: + - when: (n == 0) + refs: + - { $ref: inst/Zicfiss/c.sspush.yaml# } + - when: (n == 2) + refs: + - { $ref: inst/Zicfiss/c.sspopchk.yaml# } pseudoinstructions: - when: (n == 0) to: c.mop.1 diff --git a/spec/std/isa/inst/Zicfiss/c.sspopchk.yaml b/spec/std/isa/inst/Zicfiss/c.sspopchk.yaml new file mode 100644 index 0000000000..266e3ef944 --- /dev/null +++ b/spec/std/isa/inst/Zicfiss/c.sspopchk.yaml @@ -0,0 +1,45 @@ +# Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. +# SPDX-License-Identifier: BSD-3-Clause-Clear + +# yaml-language-server: $schema=../../../../schemas/inst_schema.json + +$schema: inst_schema.json# +kind: instruction +name: c.sspopchk.x5 +long_name: Pop from the Shadow Stack, 16 bit version of sspopchk +description: | + The c.sspopchk x5 expands to sspopchk x5, which is defined for an XLEN wide read from + the current top of the shadow stack followed by an increment of the ssp by XLEN/8. +definedBy: Zicfiss +assembly: c.sspopchk_x5 +encoding: + match: "0110001010000001" + variables: [] +access: + s: always + u: always + vs: always + vu: always +data_independent_timing: false +operation(): | + Bits<12> ssp_addr = 0x011; + Csr csr_handle = direct_csr_lookup(ssp_addr); + + if (csr_handle.valid == false) { + unimplemented_csr($encoding); + } else if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || + (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || + (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } + + if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { + Bits ssp = csr_sw_read(csr_handle); + XReg temp = read_memory(ssp, $encoding); + if (temp != X[1]) { + raise(ExceptionCode::SoftwareCheck, mode(), $encoding); + } else { + csr_sw_write(csr_handle, (ssp + (XLEN/8))); + } diff --git a/spec/std/isa/inst/Zicfiss/c.sspush.yaml b/spec/std/isa/inst/Zicfiss/c.sspush.yaml new file mode 100644 index 0000000000..b44160feed --- /dev/null +++ b/spec/std/isa/inst/Zicfiss/c.sspush.yaml @@ -0,0 +1,43 @@ +# Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. +# SPDX-License-Identifier: BSD-3-Clause-Clear + +# yaml-language-server: $schema=../../../../schemas/inst_schema.json + +$schema: inst_schema.json# +kind: instruction +name: c.sspush.x1 +long_name: Push to the Shadow Stack from register x1, 16 bit version of sspush +description: | + The c.sspush x1 expands to sspush x1, which is defined for decrement of the ssp by XLEN/8 + followed by a store of the value in the link register x1 to memory at the new top of the + shadow stack. +definedBy: Zicfiss +assembly: c.sspush_x1 +encoding: + match: "0110000010000001" + variables: [] +access: + s: always + u: always + vs: always + vu: always +data_independent_timing: false +operation(): | + Bits<12> ssp_addr = 0x011; + Csr csr_handle = direct_csr_lookup(ssp_addr); + + if (csr_handle.valid == false) { + unimplemented_csr($encoding); + } else if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || + (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || + (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } + + if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { + Bits ssp = csr_sw_read(csr_handle) - (XLEN/8); + write_memory(ssp, X[1], $encoding); + csr_sw_write(csr_handle, ssp); + } From 2206d7b3257712f407d900a2dd6b4b24c09d0412 Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Wed, 3 Sep 2025 07:17:01 +0000 Subject: [PATCH 6/7] renamed the files for CI to pass --- spec/schemas/inst_schema.json | 3 ++- .../isa/inst/Zicfiss/{c.sspopchk.yaml => c.sspopchk.x5.yaml} | 0 spec/std/isa/inst/Zicfiss/{c.sspush.yaml => c.sspush.x1.yaml} | 0 3 files changed, 2 insertions(+), 1 deletion(-) rename spec/std/isa/inst/Zicfiss/{c.sspopchk.yaml => c.sspopchk.x5.yaml} (100%) rename spec/std/isa/inst/Zicfiss/{c.sspush.yaml => c.sspush.x1.yaml} (100%) diff --git a/spec/schemas/inst_schema.json b/spec/schemas/inst_schema.json index 46d229358c..e46b6649f7 100644 --- a/spec/schemas/inst_schema.json +++ b/spec/schemas/inst_schema.json @@ -378,7 +378,8 @@ "additionalProperties": false } ] - } + }, + "description": "List of HINTs that use this instruction's codepoints" }, "base": { "enum": [32, 64], diff --git a/spec/std/isa/inst/Zicfiss/c.sspopchk.yaml b/spec/std/isa/inst/Zicfiss/c.sspopchk.x5.yaml similarity index 100% rename from spec/std/isa/inst/Zicfiss/c.sspopchk.yaml rename to spec/std/isa/inst/Zicfiss/c.sspopchk.x5.yaml diff --git a/spec/std/isa/inst/Zicfiss/c.sspush.yaml b/spec/std/isa/inst/Zicfiss/c.sspush.x1.yaml similarity index 100% rename from spec/std/isa/inst/Zicfiss/c.sspush.yaml rename to spec/std/isa/inst/Zicfiss/c.sspush.x1.yaml From eb97e744f5d038016222d947dcdeb9573dc0f3ff Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Wed, 3 Sep 2025 07:52:32 +0000 Subject: [PATCH 7/7] fixed the syntax error --- spec/std/isa/inst/Zicfiss/c.sspopchk.x5.yaml | 4 ++-- spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml | 4 ++-- spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/spec/std/isa/inst/Zicfiss/c.sspopchk.x5.yaml b/spec/std/isa/inst/Zicfiss/c.sspopchk.x5.yaml index 266e3ef944..ae26f3e284 100644 --- a/spec/std/isa/inst/Zicfiss/c.sspopchk.x5.yaml +++ b/spec/std/isa/inst/Zicfiss/c.sspopchk.x5.yaml @@ -38,8 +38,8 @@ operation(): | if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { Bits ssp = csr_sw_read(csr_handle); XReg temp = read_memory(ssp, $encoding); - if (temp != X[1]) { + if (temp != X[5]) { raise(ExceptionCode::SoftwareCheck, mode(), $encoding); - } else { + } csr_sw_write(csr_handle, (ssp + (XLEN/8))); } diff --git a/spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml b/spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml index d7a177c4fc..312ba33bfd 100644 --- a/spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml +++ b/spec/std/isa/inst/Zicfiss/sspopchk.x1.yaml @@ -35,11 +35,11 @@ operation(): | raise(ExceptionCode::VirtualInstruction, mode(), $encoding); } - if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { + if ((CSR[menvcfg].SSE == 1) || (CSR[henvcfg].SSE == 1) || (CSR[senvcfg].SSE == 1)) { Bits ssp = csr_sw_read(csr_handle); XReg temp = read_memory(ssp, $encoding); if (temp != X[1]) { raise(ExceptionCode::SoftwareCheck, mode(), $encoding); - } else { + } csr_sw_write(csr_handle, (ssp + (XLEN/8))); } diff --git a/spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml b/spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml index 8be28309ec..c2bc4b2d3d 100644 --- a/spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml +++ b/spec/std/isa/inst/Zicfiss/sspopchk.x5.yaml @@ -35,11 +35,11 @@ operation(): | raise(ExceptionCode::VirtualInstruction, mode(), $encoding); } - if ((CSR[menvcfg].SSE == 1'b1) || (CSR[henvcfg].SSE == 1'b1) || (CSR[senvcfg].SSE == 1'b1)) { + if ((CSR[menvcfg].SSE == 1) || (CSR[henvcfg].SSE == 1) || (CSR[senvcfg].SSE == 1)) { Bits ssp = csr_sw_read(csr_handle); XReg temp = read_memory(ssp, $encoding); if (temp != X[5]) { raise(ExceptionCode::SoftwareCheck, mode(), $encoding); - } else { + } csr_sw_write(csr_handle, (ssp + (XLEN/8))); }