lrw/scw reservation

- Cleanup exception trigger code
- Cleanup division to divide by 0
- Cleanup SRET code
- Cleanup CSR code
- Added interrupts
- Added TIMER interrupt

LICENSE

@@ -0,0 +1,9 @@
+MIT License
+
+Copyright 2023 Valentin HAUDIQUET
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Makefile

@@ -4,11 +4,14 @@ CFLAGS=-O3 -Wall -I src
 LDFLAGS=-lpthread
 BUILD_DIR=build
 
+# Risc-V toolchain
+RV_LINUX_CCPREFIX=riscv32-unknown-linux-gnu-
+
 C_FILES := $(shell find src/ -name '*.c')
 
 all: $(BUILD_DIR)/$(NAME)
 
-# Top-level targets
+# Top-level target : vriscv
 $(BUILD_DIR)/$(NAME): $(C_FILES) | $(BUILD_DIR)
 	$(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS)
 
@@ -16,16 +19,51 @@ $(BUILD_DIR)/$(NAME): $(C_FILES) | $(BUILD_DIR)
 $(BUILD_DIR):
 	mkdir -p $(BUILD_DIR)
 
-# Phony targets
+# Clean : clean built executable
 .PHONY: clean
 clean:
+	rm -rf $(BUILD_DIR)/$(NAME)
+
+# Distclean : clean build directory
+.PHONY: distclean
+distclean:
 	rm -rf $(BUILD_DIR)
 
+rungdb: all
+	echo $(shell objdump -h ../riscv-pk/build/bbl | grep .payload | awk '{print $4}')
+
+# Linux and bootloader, for running linux
+$(BUILD_DIR)/linux:
+	cd $(BUILD_DIR) && git clone https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git --depth 1 -b v6.6
+
+$(BUILD_DIR)/linux/.config: hardware/linux.config | $(BUILD_DIR)/linux
+	cp hardware/linux.config $(BUILD_DIR)/linux/.config
+
+$(BUILD_DIR)/linux/vmlinux: $(BUILD_DIR)/linux/.config | $(BUILD_DIR)/linux
+	cd $(BUILD_DIR)/linux/ && make ARCH=riscv CROSS_COMPILE=$(RV_LINUX_CCPREFIX) -j7 vmlinux
+
+$(BUILD_DIR)/riscv-pk:
+	cd $(BUILD_DIR) && git clone https://github.com/riscv-software-src/riscv-pk --depth 1
+
+$(BUILD_DIR)/riscv-pk/build: | $(BUILD_DIR)/riscv-pk
+	mkdir $(BUILD_DIR)/riscv-pk/build
+
+$(BUILD_DIR)/riscv-pk/build/bbl: $(BUILD_DIR)/linux/vmlinux hardware/vriscv.dts | $(BUILD_DIR)/riscv-pk/build
+	cd $(BUILD_DIR)/riscv-pk/build && ../configure \
+	--prefix=$(CURDIR)/$(BUILD_DIR)/riscv-pk/build/prefix \
+	--host=riscv32-unknown-elf \
+	--with-arch=rv32ima_zicsr_zifencei --with-abi=ilp32 \
+	--with-dts=../../../hardware/vriscv.dts \
+	--with-payload=../../linux/vmlinux
+	cd $(BUILD_DIR)/riscv-pk/build && make && make install
+
+# Run : run linux on the emulator
 .PHONY: run
 .SILENT: run
-run: all
-	./$(BUILD_DIR)/$(NAME)
+run: all $(BUILD_DIR)/riscv-pk/build/bbl
+	./$(BUILD_DIR)/$(NAME) -m4096 $(BUILD_DIR)/riscv-pk/build/bbl
 
+# Test : all the tests
 .PHONY: tests
 .SILENT: tests
 tests: all

README.md

@@ -1,5 +1,10 @@
 # vriscv - a risc-v simulator
 
+Linux and the BBL bootloader can be downloaded, built, and ran on the simulator using: 
+```
+make run
+```
+
 ## Unit tests
 
 Unit tests can be compiled and run using :
@@ -22,6 +27,3 @@ Juraj's Blog, mostly:
 
 RISC-V SBI Specifications:
 - https://github.com/riscv-non-isa/riscv-sbi-doc/releases
-
-Buildroot fork for nommu linux:
-- https://github.com/regymm/buildroot

hardware/vriscv.dts

@@ -0,0 +1,74 @@
+/dts-v1/;
+/ {
+    #address-cells = <1>;
+    #size-cells = <1>;
+    compatible = "riscv-virtio";
+    model = "riscv-virtio,qemu";
+
+    chosen {
+        bootargs = "debug keep_bootcon earlycon=sbi console=sbi";
+        stdout-path = "/uart0@3000000";
+    };
+
+    cpus {
+        #address-cells = <1>;
+        #size-cells = <0>;
+        timebase-frequency = <10000000>;
+
+        cpu0: cpu@0 {
+            device_type = "cpu";
+            reg = <0>;
+            compatible = "riscv";
+            riscv,isa = "riscv,sv32";
+            clock-frequency = <10000000>;
+            cpu0_intc: interrupt-controller {
+                #interrupt-cells = <1>;
+                compatible = "riscv,cpu-intc";
+                interrupt-controller;
+            };
+        };
+    };
+
+    ram: memory@0 {
+        device_type = "memory";
+        reg = <0x0 0xFFFFFFFF>;
+    };
+
+    soc {
+        #address-cells = <1>;
+        #size-cells = <1>;
+        compatible = "simple-bus";
+        ranges;
+
+        clint0: clint@2000000 {
+            #interrupt-cells = <1>;
+            compatible = "riscv,clint0";
+            reg = <0x2000000 0xC000>;
+            interrupts-extended =  <&cpu0_intc 3 &cpu0_intc 7>;
+        };
+
+        // /* FIXME: This is probably not correct for now */
+        plic0: interrupt-controller@c000000 {
+            #interrupt-cells = <1>;
+            interrupt-controller;
+            compatible = "riscv,plic0";
+            reg = <0xC000000 0x4000000>;
+            interrupts-extended = <&cpu0_intc 9>, <&cpu0_intc 11>;
+            riscv,ndev = <1>;
+            riscv,max-priority = <7>;
+        };
+
+        // uart0: serial@3000000 {
+        //     interrupts = <0xa>;
+        //     interrupt-parent = <&plic0>;
+        //     clock-frequency = <0x384000>;
+        //     reg = <0x3000000 0x1>;
+        //     compatible = "simple-uart";
+        // };
+    };
+    uart0: serial@3000000 {
+        clock-frequency = <0x384000>;
+        reg = <0x3000000 0x1>;
+        compatible = "sifive,uart0";
+    };
+};

src/bootloader/elf/elf.c

@@ -68,8 +68,12 @@ uint32_t elf_32_load(void* file)
 
 		// Check segment type
 		if(current.segment_type != SEGMENT_TYPE_LOAD)
+		{
+            // Don't message for riscv-specific attributes segment
+			if(current.segment_type != SEGMENT_TYPE_RISCV_SPECIFIC_SHT_RISCV_ATTRIBUTES)
 			{
 				fprintf(stderr, "WARNING: Unknown segment type %u in ELF file ; skipping\n", current.segment_type);
+			}
 			continue;
 		}
 

src/bootloader/elf/elf.h

@@ -77,6 +77,7 @@ typedef struct ELF_PROGRAM_HEADER_32
 #define SEGMENT_TYPE_DYNAMIC 2
 #define SEGMENT_TYPE_INTERP 3
 #define SEGMENT_TYPE_NOTE 4
+#define SEGMENT_TYPE_RISCV_SPECIFIC_SHT_RISCV_ATTRIBUTES 0x70000003
 
 uint32_t elf_32_load(void* file);
 

src/cpu/csr.c

@@ -0,0 +1,40 @@
+#include "csr.h"
+#include "rv32cpu.h"
+
+uint32_t csr_read(struct RV32_CPU* cpu, uint32_t csr)
+{
+	switch(csr)
+	{
+		case CSR_CYCLE:
+			return cpu->sim_ticks_done;
+		case CSR_SSTATUS:
+			return csr_read(cpu, CSR_MSTATUS);
+		case CSR_SIE:
+			return csr_read(cpu, CSR_MIE);
+		case CSR_SIP:
+			return csr_read(cpu, CSR_MIP);
+		default:
+			break;
+	}
+
+	return cpu->csr[csr];
+}
+
+void csr_write(struct RV32_CPU* cpu, uint32_t csr, uint32_t value)
+{
+	switch(csr)
+	{
+		case CSR_SSTATUS:
+			csr_write(cpu, CSR_MSTATUS, value);
+			return;
+		case CSR_SIE:
+			csr_write(cpu, CSR_MIE, value);
+			return;
+		case CSR_SIP:
+			csr_write(cpu, CSR_MIP, value);
+			return;
+		default:
+			break;
+	}
+	cpu->csr[csr] = value;
+}

src/cpu/csr.h

@@ -1,9 +1,17 @@
 #ifndef CSR_H
 #define CSR_H
 
+#include <stdint.h>
+
 /* ZICSR : Control and Status Registers */
 #define CSR_COUNT 0x2000
 
+/* Unprivileged CSR */
+#define CSR_CYCLE 0xC00
+#define CSR_TIME 0xC01
+#define CSR_CYCLEH 0xC80
+#define CSR_TIMEH 0xC81
+
 /* Supervisor-level CSR */
 /* Supervisor Trap setup CSR */
 #define CSR_SSTATUS 0x100
@@ -53,4 +61,40 @@
 /* Machine Memory Protection */
 #define CSR_PMPCFG0 0x3A0
 
+// CSR STATUS
+// SIE: Supervisor Interrupt Enable
+#define STATUS_SIE 0x2
+// MIE: Machine Interrupt Enable
+#define STATUS_MIE 0x8
+// SPIE: Supervisor Previous Interrupt Enable
+#define STATUS_SPIE 0x20
+// MPIE: Machine Previous Interrupt Enable
+#define STATUS_MPIE 0x80
+// UBE : User Big Endian (always 0 for us, we are little endian)
+#define STATUS_UBE 0x40
+// SPP : Supervisor Previous Privilege
+#define STATUS_SPP 0x100
+// VS (2bits) : for extensions
+#define STATUS_VS 0x600
+// MPP (2bits) : Machine Previous Privilege
+#define STATUS_MPP 0x1800
+// FS (2bits) : for extensions
+#define STATUS_FS 0x6000
+// XS (2bits) : for extensions
+#define STATUS_XS 0x18000
+// MPRV : Modify PRiVilege
+#define STATUS_MPRV 0x20000
+// SUM : permit Supervisor User Memory access
+#define STATUS_SUM 0x40000
+// MXR : Make eXecutable Readable
+#define STATUS_MXR 0x80000
+// TVM : Trap Virtual Memory (virtualization support)
+#define STATUS_TVM 0x100000
+// TW : Timeout Wait (virtualization support)
+#define STATUS_TW 0x200000
+// TSR : Trap SRET (virtualization support)
+#define STATUS_TSR 0x400000
+// SD : for extensions
+#define STATUS_SD 0x80000000
+
 #endif

src/cpu/exception.c

@@ -1,8 +1,9 @@
 #include "exception.h"
+#include "vriscv.h"
 
 #include <stdio.h>
 
-void exception_trigger(rv32_cpu_t* cpu, uint32_t scause)
+__attribute__((noreturn)) void exception_trigger(rv32_cpu_t* cpu, uint32_t scause, uint32_t tval)
 {
 	// An exception can only be triggered by the CPU itself,
 	// so we know we already own the mutex
@@ -12,14 +13,57 @@ void exception_trigger(rv32_cpu_t* cpu, uint32_t scause)
 	// To achieve that, we can just call cpu_loop (noreturn)
 	// at the end of this function
 
-    // Save execution context, so that 'mret/sret/..' can restore it
+	// Exceptions cannot be disabled
+
+	// TODO : Check medeleg to see if we should handle exception in S mode or M mode
+
+	// Unset SIE (interrupt enable) bit
+	csr_write(cpu, CSR_SSTATUS, csr_read(cpu, CSR_SSTATUS) & (~STATUS_SIE));
+
+	// Set xCAUSE : exception cause, with interrupt bit set to null
+	csr_write(cpu, CSR_SCAUSE, scause);
+	if(gdbstub && scause == SCAUSE_BREAKPOINT)
+	{
+		cpu->sim_ticks_left = 0;
+		// No simulation ticks left : wakeup people waiting on sim end
+		pthread_cond_signal(&cpu->sim_condition);
+		// Then, wait for simulation state to change until we get more ticks to simulate
+		while(!cpu->sim_ticks_left)
+			pthread_cond_wait(&cpu->sim_condition, &cpu->mutex);
+	}
+
+	// Save previous interrupt enable in xSTATUS.xPIE
+	if(csr_read(cpu, CSR_SSTATUS) & STATUS_SIE)
+		csr_write(cpu, CSR_SSTATUS, csr_read(cpu, CSR_SSTATUS) | STATUS_SPIE);
+	else
+		csr_write(cpu, CSR_SSTATUS, csr_read(cpu, CSR_SSTATUS) & (~STATUS_SPIE));
+
+	// Set previous privilege mode in xSTATUS.xPP
+	if(cpu->privilege_mode == SUPERVISOR)
+		csr_write(cpu, CSR_SSTATUS, csr_read(cpu, CSR_SSTATUS) | STATUS_SPP);
+	else if(cpu->privilege_mode == USER)
+		csr_write(cpu, CSR_SSTATUS, csr_read(cpu, CSR_SSTATUS) & (~STATUS_SPP));
+
+	// Set privilege mode for exception handling, checking for delegation
 	// TODO
 
-    // Set PC to STVEC, and set SCAUSE
-    // TODO: If PC cannot be mmu_resolved, throw a 'double fault' ?
-    cpu->pc = cpu->csr[CSR_STVEC];
-    cpu->csr[CSR_SCAUSE] = scause;
+	// Set xTVAL, exception-specific information related to xCAUSE
+	csr_write(cpu, CSR_STVAL, tval);
 
-    pthread_mutex_unlock(&cpu0_mutex);
+	// Set SEPC to instruction that caused exception
+	csr_write(cpu, CSR_SEPC, cpu->pc);
+
+	// Set PC to xTVEC : exception handling code
+	// xTVEC: [Base(30bits) Mode(2 bits)], address 4-byte aligned in base
+	// Exceptions are not vectored (we can safely ignore mode)
+	cpu->pc = csr_read(cpu, CSR_STVEC) & 0xFFFFFFFC;
+
+	// Unlock cpu mutex, cpu_loop will lock it just after
+	pthread_mutex_unlock(&cpu->mutex);
+
+	// TODO : Hard reset the stack pointer
+	// cpu loop
 	cpu_loop(cpu);
+
+	__builtin_unreachable();
 }

src/cpu/exception.h

@@ -3,7 +3,7 @@
 
 #include "rv32cpu.h"
 
-void exception_trigger(rv32_cpu_t* cpu, uint32_t scause);
+__attribute__((noreturn)) void exception_trigger(rv32_cpu_t* cpu, uint32_t scause, uint32_t tval);
 
 #define SCAUSE_INSTRUCTION_MISSALIGNED 0x0
 #define SCAUSE_INSTRUCTION_ACCESS_FAULT 0x1

src/cpu/interrupt.c

@@ -0,0 +1,99 @@
+#include "interrupt.h"
+#include "rv32cpu.h"
+
+#include <stdio.h>
+#include <unistd.h>
+
+uint32_t interrupt_mi_from_scause(uint32_t scause)
+{
+	switch(scause)
+	{
+		case SCAUSE_SUPERVISOR_TIMER_INTERRUPT:
+			return 0x20;
+		default:
+			fprintf(stderr, "interrupt_mie_bit_from_scause: wrong scause 0x%x\n", scause);
+			exit(EXIT_FAILURE);
+	}
+
+	return 0;
+}
+
+void interrupt_trigger(rv32_cpu_t* cpu, uint32_t scause)
+{
+	// Make sure that interrupts are enabled globally
+	if(!(csr_read(cpu, CSR_MSTATUS) & STATUS_SIE))
+		return;
+
+	// Make sure that current interrupt is enabled
+	if(!(csr_read(cpu, CSR_MIE) & interrupt_mi_from_scause(scause)))
+	{
+		// Mark interrupt as pending
+		csr_write(cpu, CSR_MIP, csr_read(cpu, CSR_MIP) | interrupt_mi_from_scause(scause));
+
+		return;
+	}
+
+	// TODO : CHECK mideleg to see wether we should handle interrupt is S mode or M mode
+	
+
+	// An interrupt can only be triggered from outside
+	// of the cpu, so we are on a different thread
+	// and we don't already own the CPU mutex
+	// We obtain in this thread the control of the CPU,
+	// but we know it is not in the middle of an instruction
+	// (we got the mutex) ; this way we can just change
+	// registers to set interrupt handler execution
+	pthread_mutex_lock(&cpu->mutex);
+
+	// Set xCAUSE with interrupt bit set
+	cpu->csr[CSR_SCAUSE] = 0x80000000 | scause;
+
+	// Set xSTATUS.xPIE (previous interrupt enable) bit
+	cpu->csr[CSR_MSTATUS] |= STATUS_SPIE;
+
+	// Set xSTATUS.xPP (Previous Privilege) bit
+	// TODO : Allow user mode interrupts (by not setting this)
+	cpu->csr[CSR_MSTATUS] |= 0x100;
+
+	// Unset xSTATUS.xIE (interrupt enable) bit
+	cpu->csr[CSR_MSTATUS] &= (~STATUS_SIE);
+
+	// Set xEPC : PC at interruption
+	cpu->csr[CSR_SEPC] = cpu->pc;
+
+	// Set PC to xTVEC : exception handler code
+	// xTVEC: [Base(30bits) Mode(2 bits)], address 4-byte aligned in base
+	// Interrupts can be vectored, if mode == 1, then pc = xTVEC + scause * 4
+	int mode = cpu->csr[CSR_STVEC] & 0b11;
+	switch(mode)
+	{
+		case 0:
+			cpu->pc = cpu->csr[CSR_STVEC] & 0xFFFFFFFC;
+			break;
+		case 1:
+			cpu->pc = (cpu->csr[CSR_STVEC] & 0xFFFFFFFC) + scause * 4;
+			break;
+		default:
+			fprintf(stderr, "interrupt_trigger: invalid mode encountered in sTVEC register\n");
+			exit(EXIT_FAILURE);
+			break;
+	}
+
+	pthread_mutex_unlock(&cpu->mutex);
+}
+
+void interrupt_timer_thread()
+{
+	while(1)
+	{
+		cpu0->csr[CSR_TIME]++;
+		interrupt_trigger(cpu0, SCAUSE_SUPERVISOR_TIMER_INTERRUPT);
+		usleep(1);
+	}
+}
+
+void interrupt_timer_setup()
+{
+	pthread_t timer_thread;
+	pthread_create(&timer_thread, 0, (void*) interrupt_timer_thread, 0);
+}

src/cpu/interrupt.h

@@ -0,0 +1,15 @@
+#ifndef INTERRUPT_H
+#define INTERRUPT_H
+
+#include <stdint.h>
+
+#include "rv32cpu.h"
+
+#define SCAUSE_SUPERVISOR_SOFTWARE_INTERRUPT 0x1
+#define SCAUSE_SUPERVISOR_TIMER_INTERRUPT 0x5
+#define SCAUSE_SUPERVISOR_EXTERNAL_INTERRUPT 0x9
+
+void interrupt_trigger(rv32_cpu_t* cpu, uint32_t scause);
+void interrupt_timer_setup();
+
+#endif

src/cpu/rv32cpu.c

@@ -5,12 +5,12 @@
 
 #include "memory/memory.h"
 #include "vriscv.h"
+#include "exception.h"
 
 #include <stdlib.h>
 #include <stdio.h>
 
 rv32_cpu_t* cpu0;
-pthread_mutex_t cpu0_mutex;
 
 typedef union RAW_INSTRUCTION
 {
@@ -42,12 +42,13 @@ static void cpu_print_instruction(instruction_t* instruction);
 void cpu_init()
 {
 	cpu0 = calloc(1, sizeof(rv32_cpu_t));
-	pthread_mutex_init(&cpu0_mutex, 0);
+	pthread_mutex_init(&cpu0->mutex, 0);
 	pthread_cond_init(&cpu0->sim_condition, 0);
 	cpu0->regs.zero = 0;
+	cpu0->privilege_mode = MACHINE;
 }
 
-static void cpu_decode(raw_instruction_t raw_instruction, instruction_t* output)
+static void cpu_decode(rv32_cpu_t* cpu, raw_instruction_t raw_instruction, instruction_t* output)
 {
 	output->opcode = raw_instruction.opcode;
 	output->immediate = 0;
@@ -110,8 +111,8 @@ static void cpu_decode(raw_instruction_t raw_instruction, instruction_t* output)
 			// TODO : Decode NOP instructions
 			break;
 		default:
-			fprintf(stderr, "Error: Unknown instruction opcode 0x%x, could not decode\n", raw_instruction.opcode);
-			exit(EXIT_FAILURE);
+			// Throw an 'Invalid OPCODE' exception
+			exception_trigger(cpu, SCAUSE_ILLEGAL_INSTRUCTION, 0);
 			break;
 	}
 }
@@ -431,6 +432,13 @@ static void cpu_execute(rv32_cpu_t* cpu, instruction_t* instruction)
 							cpu->regs.x[instruction->rd] = cpu->regs.x[instruction->rs1] ^ cpu->regs.x[instruction->rs2];
 							break;
 						case FUNC7_DIV:
+							if(!cpu->regs.x[instruction->rs2])
+							{
+								// ISA dictates that we return FFFFFFFF and set a flag bit to signal the exception
+								cpu->regs.x[instruction->rd] = 0xFFFFFFFF;
+								// TODO flag ?
+								break;
+							}
 							cpu->regs.x[instruction->rd] = ((int32_t) cpu->regs.x[instruction->rs1]) / ((int32_t) cpu->regs.x[instruction->rs2]);
 							break;
 						default:
@@ -505,6 +513,7 @@ static void cpu_execute(rv32_cpu_t* cpu, instruction_t* instruction)
 		}
 		case OPCODE_SYSTEM:
 		{
+			uint32_t csr = instruction->immediate;
 			switch(instruction->func3)
 			{
 				case FUNC3_ECALL_EBREAK:
@@ -514,17 +523,36 @@ static void cpu_execute(rv32_cpu_t* cpu, instruction_t* instruction)
 							sbi_call(cpu, cpu->regs.a7, cpu->regs.a6);
 							break;
 						case IMM_EBREAK:
-							// EBREAK : on debug, give back hand to debugger ; without debug, end simulation
-							// In any way, we set back simulation ticks to 0
-							cpu->sim_ticks_left = 1;
-							cpu->pc -= 4;
+							// EBREAK : generate a breakpoint exception
+							exception_trigger(cpu, SCAUSE_BREAKPOINT, 0);
 							break;
 						case IMM_SRET:
-							fprintf(stderr, "SRET: We don't support that.\n");
+							// SRET: Return from supervisor interrupt
+							// Restore Interrupt Enable from Previous Interrupt Enable
+							if(csr_read(cpu, CSR_SSTATUS) & STATUS_SPIE)
+								csr_write(cpu, CSR_SSTATUS, csr_read(cpu, CSR_SSTATUS) | STATUS_SIE);
+
+							// Restore privilege mode from Previous Privilege
+							if(!(csr_read(cpu, CSR_SSTATUS) & STATUS_SPP))
+							{
+								// Previous Privilege was 0, return to user mode
+								fprintf(stderr, "SRET to user mode : not implemented yet\n");
+								exit(EXIT_FAILURE);
+							}
+
+							// Set Previous Interrupt Enable to 1
+							csr_write(cpu, CSR_SSTATUS, csr_read(cpu, CSR_SSTATUS) | STATUS_SPIE);
+
+							// Set Previous Privilege to 0
+							csr_write(cpu, CSR_SSTATUS, csr_read(cpu, CSR_SSTATUS) & (~STATUS_SPP));
+
+							// Saved PC before interrupt is in CSR SEPC, jump back
+							cpu->pc = csr_read(cpu, CSR_SEPC) - 4;
 							break;
 						case IMM_MRET:
-							// Act like a normal ret/jalr, with destination address being CSR_MEPC content
-							fprintf(stderr, "Warning: MRET: We don't support privilege mode change\n");
+							// Ret to destination address : CSR_MEPC content
+							// TODO fix it to act like sret
+							cpu->privilege_mode = SUPERVISOR;
 							cpu->pc = cpu->csr[CSR_MEPC] - 4;
 							break;
 						default:
@@ -534,7 +562,9 @@ static void cpu_execute(rv32_cpu_t* cpu, instruction_t* instruction)
 									// TODO : Check if we really need to do something on SFENCE.VMA ?
 									break;
 								case FUNC7_WFI:
-									fprintf(stderr, "WFI: Guest kernel must think we have interrupts. We have none. Halting simulation.\n");
+									// Wait For Interrupt : halt the simulation
+									// It will be woken up by an interruption
+									fprintf(stderr, "WFI: Halting simulation.\n");
 									cpu->sim_ticks_left = 1;
 									break;
 								default:
@@ -547,33 +577,39 @@ static void cpu_execute(rv32_cpu_t* cpu, instruction_t* instruction)
 					break;
 				case FUNC3_CSRRW:
 					// CSR atomic Read/Write
-					uint32_t csrrw_old_value = cpu->csr[instruction->immediate];
-					cpu->csr[instruction->immediate] = cpu->regs.x[instruction->rs1];
+					uint32_t csrrw_old_value = 0;
+					if(instruction->rd)
+						csrrw_old_value = csr_read(cpu, csr);
+					csr_write(cpu, csr, cpu->regs.x[instruction->rs1]);
 					cpu->regs.x[instruction->rd] = csrrw_old_value;
 					break;
 				case FUNC3_CSRRS:
 					// CSR atomic Read and Set bits
-					cpu->regs.x[instruction->rd] = cpu->csr[instruction->immediate];
-					cpu->csr[instruction->immediate] |= cpu->regs.x[instruction->rs1];
+					cpu->regs.x[instruction->rd] = csr_read(cpu, csr);
+					csr_write(cpu, csr, cpu->regs.x[instruction->rd] | cpu->regs.x[instruction->rs1]);
 					break;
 				case FUNC3_CSRRC:
 					// CSR atomic Read and Clear bits
-					cpu->regs.x[instruction->rd] = cpu->csr[instruction->immediate];
-					cpu->csr[instruction->immediate] &= (~cpu->regs.x[instruction->rs1]);
+					cpu->regs.x[instruction->rd] = csr_read(cpu, csr);
+					csr_write(cpu, csr, cpu->regs.x[instruction->rd] & (~cpu->regs.x[instruction->rs1]));
 					break;
 				case FUNC3_CSRRWI:
 					// CSR atomic Read/Write Immediate (immediate in rs1)
-					uint32_t csrrwi_old_value = cpu->csr[instruction->immediate];
-					cpu->csr[instruction->immediate] = instruction->rs1;
+					uint32_t csrrwi_old_value = 0;
+					if(instruction->rd)
+						csrrwi_old_value = csr_read(cpu, csr);
+					csr_write(cpu, csr, instruction->rs1);
 					cpu->regs.x[instruction->rd] = csrrwi_old_value;
 					break;
 				case FUNC3_CSRRSI:
-					fprintf(stderr, "CSRRSI\n");
+					// CSR atomic Read and Set bits immediate
+					cpu->regs.x[instruction->rd] = csr_read(cpu, csr);
+					csr_write(cpu, csr, cpu->regs.x[instruction->rd] | instruction->rs1);
 					break;
 				case FUNC3_CSRRCI:
 					// CSR atomic Read and Clear bits Immediate (immediate in rs1)
-					cpu->regs.x[instruction->rd] = cpu->csr[instruction->immediate];
-					cpu->csr[instruction->immediate] &= (~((uint32_t) instruction->rs1));
+					cpu->regs.x[instruction->rd] = csr_read(cpu, csr);
+					csr_write(cpu, csr, cpu->regs.x[instruction->rd] & (~((uint32_t) instruction->rs1)));
 					break;
 				default:
 					fprintf(stderr, "FATAL: Unknown func3 0x%x for SYSTEM instruction while executing\n", instruction->func3);
@@ -600,13 +636,19 @@ static void cpu_execute(rv32_cpu_t* cpu, instruction_t* instruction)
 				case FUNC75_LRW:
 					// Load-Reserved Word
 					cpu->regs.x[instruction->rd] = mem_read32(address);
-					// TODO register reservation set that subsumes the bytes in word
+					cpu->load_reservation = address;
 					break;
 				case FUNC75_SCW:
 					// Store-Conditional Word
-					// TODO succeed only if the reservation is still valid and the reservation set contains the bytes written
+					if(cpu->load_reservation == address)
+					{
 						mem_write32(address, cpu->regs.x[instruction->rs2]);
-					cpu->regs.x[instruction->rd] = 0; // TODO write 1 in rd on failure
+						cpu->regs.x[instruction->rd] = 0; // Write 0 in rd on success
+					}
+					else
+					{
+						cpu->regs.x[instruction->rd] = 1; // Write 1 in rd on failure
+					}
 					break;
 				case FUNC75_AMOSWAPW:
 					// Atomic Memory Operation SWAP Word
@@ -682,17 +724,15 @@ __attribute__((noreturn)) void cpu_loop(rv32_cpu_t* cpu)
 {
 	while(1)
 	{
-		// Aquire CPU and memory mutex
-		pthread_mutex_lock(&cpu0_mutex);
+		// Aquire CPU mutex
+		pthread_mutex_lock(&cpu->mutex);
 
 		// No simulation ticks left : wakeup people waiting on sim end
 		if(!cpu->sim_ticks_left)
-			pthread_cond_signal(&cpu0->sim_condition);
+			pthread_cond_signal(&cpu->sim_condition);
 		// Then, wait for simulation state to change until we get more ticks to simulate
 		while(!cpu->sim_ticks_left)
-			pthread_cond_wait(&cpu0->sim_condition, &cpu0_mutex);
-
-		// pthread_mutex_lock(&memory_mutex);
+			pthread_cond_wait(&cpu->sim_condition, &cpu->mutex);
 
 		// Fetch
 		raw_instruction_t raw_instruction;
@@ -701,11 +741,11 @@ __attribute__((noreturn)) void cpu_loop(rv32_cpu_t* cpu)
 			fprintf(stderr, "Error: instruction fetch: pc is out of addressable memory\n");
 			exit(EXIT_FAILURE);
 		}
-		raw_instruction.data = mem_read32(cpu->pc);
+		raw_instruction.data = mem_fetch(cpu->pc);
 
 		// Decode
 		instruction_t instruction;
-		cpu_decode(raw_instruction, &instruction);
+		cpu_decode(cpu, raw_instruction, &instruction);
 
 		if(trace)
 		{
@@ -726,10 +766,11 @@ __attribute__((noreturn)) void cpu_loop(rv32_cpu_t* cpu)
 		if(cpu->sim_ticks_left != (-1))
 			cpu->sim_ticks_left--;
 
-		// Let go of cpu and memory mutex
-		// pthread_mutex_unlock(&memory_mutex);
-		pthread_mutex_unlock(&cpu0_mutex);
+		// Let go of cpu mutex
+		pthread_mutex_unlock(&cpu->mutex);
 	}
+
+	__builtin_unreachable();
 }
 
 static void cpu_print_instruction(instruction_t* instruction)

src/cpu/rv32cpu.h

@@ -7,13 +7,20 @@
 
 #include "csr.h"
 
+typedef enum RVCPU_PRIVILEGE_MODE
+{
+	USER,
+	SUPERVISOR,
+	MACHINE
+} rvcpu_privilege_mode_t;
+
 /*
-* This is a structure encoding for the registers of
-* the rv32 cpu.
-* It allows access of register x0 using :
-* structname.x0, structname.zero, structname.x[0]
-* This way, access can be really flexible
-*/
+ * This is a structure encoding for the registers of
+ * the rv32 cpu.
+ * It allows access of register x0 using :
+ * structname.x0, structname.zero, structname.x[0]
+ * This way, access can be really flexible
+ */
 typedef struct RV32_CPU_REGS
 {
 	union
@@ -192,14 +199,21 @@ typedef struct RV32_CPU
 	uint32_t pc;
 	uint32_t csr[CSR_COUNT];
 
+	rvcpu_privilege_mode_t privilege_mode;
+	uint32_t load_reservation;
+
 	// Simulation data
 	ssize_t sim_ticks_left; // -1 : simulate forever
 	size_t sim_ticks_done;
 	pthread_cond_t sim_condition;
+
+	pthread_mutex_t mutex;
 } rv32_cpu_t;
 
+uint32_t csr_read(struct RV32_CPU* cpu, uint32_t csr);
+void csr_write(struct RV32_CPU* cpu, uint32_t csr, uint32_t value);
+
 extern rv32_cpu_t* cpu0;
-extern pthread_mutex_t cpu0_mutex;
 void cpu_init();
 __attribute__((noreturn)) void cpu_loop(rv32_cpu_t* cpu);
 

src/devices/sbi/sbi.c

@@ -13,16 +13,33 @@ void sbi_call(rv32_cpu_t* cpu, uint32_t extension_id, uint32_t func_id)
 				case SBI_FUNCTION_GET_SPEC_VERSION:
 					// Format: [31(reserved,0) 7 bits(major) 24 bits(minor)]
 					// Version 2.0
-					cpu->regs.a0 = 0x2000000;
+					cpu->regs.a0 = 0;
+					cpu->regs.a1 = 0x2000000;
+					break;
+				case SBI_FUNCTION_GET_IMPL_ID:
+					cpu->regs.a0 = 0;
+					cpu->regs.a1 = 0;
+					break;
+				case SBI_FUNCTION_GET_IMPL_VERSION:
+					cpu->regs.a0 = 0;
+					cpu->regs.a1 = 0;
+					break;
+				case SBI_FUNCTION_PROBE_EXTENSION:
+					// For now, we say that everything is available
+					cpu->regs.a0 = 0;
+					cpu->regs.a1 = 1;
 					break;
 				case SBI_FUNCTION_GET_MVENDOR_ID:
 					cpu->regs.a0 = 0;
+					cpu->regs.a1 = 0;
 					break;
 				case SBI_FUNCTION_GET_MARCH_ID:
 					cpu->regs.a0 = 0;
+					cpu->regs.a1 = 0;
 					break;
 				case SBI_FUNCTION_GET_MIMPL_ID:
 					cpu->regs.a0 = 0;
+					cpu->regs.a1 = 0;
 					break;
 				default:
 					fprintf(stderr, "sbi_call: unknown function id 0x%x for base extension\n", func_id);
@@ -30,6 +47,19 @@ void sbi_call(rv32_cpu_t* cpu, uint32_t extension_id, uint32_t func_id)
 			}
 			break;
 		}
+		case SBI_EXTENSION_TIMER:
+		{
+			switch(func_id)
+			{
+				case SBI_FUNCTION_SET_TIMER:
+					cpu->regs.a0 = 0;
+					cpu->regs.a1 = 0;
+					break;
+				default:
+					fprintf(stderr, "sbi_call: unknown function id 0x%x for timer extension\n", func_id);
+					break;
+			}
+		}
 		case SBI_EXTENSION_SET_TIMER:
 		{
 			// TODO : Correctly implement that
@@ -45,7 +75,7 @@ void sbi_call(rv32_cpu_t* cpu, uint32_t extension_id, uint32_t func_id)
 		case SBI_EXTENSION_LEGACY_SHUTDOWN:
 		{
 			printf("sbi_call: shutdown, goodbye !\n");
-			cpu->sim_ticks_left = 1;
+			exit(cpu->regs.a0);
 			break;
 		}
 		default:

src/devices/sbi/sbi.h

@@ -13,6 +13,11 @@
 #define SBI_FUNCTION_GET_MARCH_ID 0x5
 #define SBI_FUNCTION_GET_MIMPL_ID 0x6
 
+/* SBI Timer extension */
+#define SBI_EXTENSION_TIMER 0x54494d45
+#define SBI_FUNCTION_SET_TIMER 0x0
+
+/* SBI legacy */
 #define SBI_EXTENSION_SET_TIMER 0x0
 #define SBI_EXTENSION_LEGACY_CONSOLE_PUTCHAR 0x1
 #define SBI_EXTENSION_LEGACY_SHUTDOWN 0x8

src/gdbstub/gdbstub.c

@@ -203,7 +203,7 @@ void gdbstub_thread_gdb()
 			char resp[32 * 8 + 8 + 1] = {0};
 
 			// Obtain CPU0 mutex
-			pthread_mutex_lock(&cpu0_mutex);
+			pthread_mutex_lock(&cpu0->mutex);
 
 			// All general purpose registers in host byte order as chars
 			for(size_t i = 0; i < 32; i++)
@@ -217,7 +217,7 @@ void gdbstub_thread_gdb()
 			snprintf(resp + 32 * 8, 9, "%08x", pc);
 
 			// Let go of CPU0 mutex
-			pthread_mutex_unlock(&cpu0_mutex);
+			pthread_mutex_unlock(&cpu0->mutex);
 
 			// Final packet size, send packet
 			size_t size = 32 * 8 + 8;
@@ -228,7 +228,7 @@ void gdbstub_thread_gdb()
 			// G : write all registers -> read and set all registers
 
 			// Obtain CPU0 mutex
-			pthread_mutex_lock(&cpu0_mutex);
+			pthread_mutex_lock(&cpu0->mutex);
 
 			// All general purpose registers in host byte order as chars
 			for(size_t i = 1; i < 32; i++)
@@ -247,7 +247,7 @@ void gdbstub_thread_gdb()
 			cpu0->pc = pc;
 
 			// Let go of CPU0 Mutex
-			pthread_mutex_unlock(&cpu0_mutex);
+			pthread_mutex_unlock(&cpu0->mutex);
 
 			gdbstub_send_packet("OK", 2);
 		}
@@ -296,9 +296,9 @@ void gdbstub_thread_gdb()
 			send(gdb_socket, "+", 1, 0);
 
 			// Continue simulation, for 1 tick
-			pthread_mutex_lock(&cpu0_mutex);
+			pthread_mutex_lock(&cpu0->mutex);
 			cpu0->sim_ticks_left = 1;
-			pthread_mutex_unlock(&cpu0_mutex);
+			pthread_mutex_unlock(&cpu0->mutex);
 			pthread_cond_signal(&cpu0->sim_condition);
 		}
 		else if(packet[0] == 'c')
@@ -309,9 +309,9 @@ void gdbstub_thread_gdb()
 			send(gdb_socket, "+", 1, 0);
 
 			// Continue simulation
-			pthread_mutex_lock(&cpu0_mutex);
+			pthread_mutex_lock(&cpu0->mutex);
 			cpu0->sim_ticks_left = -1;
-			pthread_mutex_unlock(&cpu0_mutex);
+			pthread_mutex_unlock(&cpu0->mutex);
 			pthread_cond_signal(&cpu0->sim_condition);
 		}
 		else gdbstub_send_unsupported();
@@ -322,8 +322,8 @@ void gdbstub_cpu_watcher_thread()
 {
 	while(1)
 	{
-		pthread_mutex_lock(&cpu0_mutex);
-		pthread_cond_wait(&cpu0->sim_condition, &cpu0_mutex);
+		pthread_mutex_lock(&cpu0->mutex);
+		pthread_cond_wait(&cpu0->sim_condition, &cpu0->mutex);
 		if(!cpu0->sim_ticks_left && cpu0->sim_ticks_done > 0)
 		{
 			// Send back halt reason
@@ -331,7 +331,7 @@ void gdbstub_cpu_watcher_thread()
 			char* resp = "S05";
 			gdbstub_send_packet(resp, 3);
 		}
-		pthread_mutex_unlock(&cpu0_mutex);
+		pthread_mutex_unlock(&cpu0->mutex);
 	}
 }
 
@@ -342,7 +342,7 @@ void gdbstub_cpu_watcher_thread()
 static void gdbstub_handle_ctrlc()
 {
 	// Halt the simulation
-	pthread_mutex_lock(&cpu0_mutex);
+	pthread_mutex_lock(&cpu0->mutex);
 	cpu0->sim_ticks_left = 0;
-	pthread_mutex_unlock(&cpu0_mutex);
+	pthread_mutex_unlock(&cpu0->mutex);
 }

src/main.c

@@ -2,6 +2,7 @@
 #include "memory/memory.h"
 #include "bootloader/bootloader.h"
 #include "cpu/rv32cpu.h"
+#include "cpu/interrupt.h"
 #include "gdbstub/gdbstub.h"
 #include "devices/uart/uart.h"
 
@@ -31,34 +32,20 @@ int main(int argc, char** argv)
 		gdbstub_wait_for_connection();
 	}
 
+	// Initialize timer for timer interrupt
+	interrupt_timer_setup();
+
 	// CPU simulation : create cpu0 thread
 	if(!gdbstub) cpu0->sim_ticks_left = -1; // Simulate forever
 	pthread_t cpu0_thread;
 	pthread_create(&cpu0_thread, 0, (void*) cpu_loop, cpu0);
 
-	// Wait for the simulation to end
+	// Wait forever, until simulation end (which should be an ecall shutdown)
+	pthread_join(cpu0_thread, 0);
 	if(gdbstub)
 	{
-		pthread_join(cpu0_thread, 0);
 		gdbstub_stop();
 	}
-	else
-	{
-		while(1)
-		{
-			pthread_mutex_lock(&cpu0_mutex);
-			pthread_cond_wait(&cpu0->sim_condition, &cpu0_mutex);
-			if(!cpu0->sim_ticks_left && cpu0->sim_ticks_done > 0)
-			{
-				// Simulation ended
-                break;
-			}
-			pthread_mutex_unlock(&cpu0_mutex);
-		}
-
-        fprintf(stderr, "Simulation ended (in a non-debug environment)\n");
-        return cpu0->regs.a0;
-	}
 
 	return 0;
 }

src/memory/memory.c

@@ -40,7 +40,7 @@ void mem_register_mmio(uint32_t address, uint32_t reg_size, uint32_t reg_count,
 
 void mem_write8(uint32_t address, uint8_t value)
 {
-	address = mmu_resolve(cpu0, address);
+	address = mmu_resolve(cpu0, WRITE, address);
 
 	// Look wether we are on an MMIO region
 	struct MMIO_ENTRY* io = mmio;
@@ -63,6 +63,13 @@ void mem_write8(uint32_t address, uint8_t value)
 		io = io->next;
 	}
 
+	// Check if we are inside of physical memory
+	if(address + 1 > memory_size)
+	{
+		fprintf(stderr, "MEMORY: Invalid write of size 1 outside of physical memory at address 0x%x\n", address);
+		exit(EXIT_FAILURE);
+	}
+
 	// Proceed with memory write
 	pthread_mutex_lock(&memory_mutex);
 	memory[address] = value;
@@ -71,7 +78,7 @@ void mem_write8(uint32_t address, uint8_t value)
 
 void mem_write16(uint32_t address, uint16_t value)
 {
-	address = mmu_resolve(cpu0, address);
+	address = mmu_resolve(cpu0, WRITE, address);
 
 	// Look wether we are on an MMIO region
 	struct MMIO_ENTRY* io = mmio;
@@ -94,6 +101,13 @@ void mem_write16(uint32_t address, uint16_t value)
 		io = io->next;
 	}
 
+	// Check if we are inside of physical memory
+	if(address + 2 > memory_size)
+	{
+		fprintf(stderr, "MEMORY: Invalid write of size 2 outside of physical memory at address 0x%x\n", address);
+		exit(EXIT_FAILURE);
+	}
+
 	// Proceed with memory write
 	pthread_mutex_lock(&memory_mutex);
 	*((uint16_t*) &memory[address]) = value;
@@ -102,7 +116,7 @@ void mem_write16(uint32_t address, uint16_t value)
 
 void mem_write32(uint32_t address, uint32_t value)
 {
-	address = mmu_resolve(cpu0, address);
+	address = mmu_resolve(cpu0, WRITE, address);
 
 	// Look wether we are on an MMIO region
 	struct MMIO_ENTRY* io = mmio;
@@ -125,6 +139,13 @@ void mem_write32(uint32_t address, uint32_t value)
 		io = io->next;
 	}
 
+	// Check if we are inside of physical memory
+	if(address + 4 > memory_size)
+	{
+		fprintf(stderr, "MEMORY: Invalid write of size 1 outside of physical memory at address 0x%x\n", address);
+		exit(EXIT_FAILURE);
+	}
+
 	// Proceed with memory write
 	pthread_mutex_lock(&memory_mutex);
 	*((uint32_t*) &memory[address]) = value;
@@ -133,7 +154,7 @@ void mem_write32(uint32_t address, uint32_t value)
 
 uint8_t mem_read8(uint32_t address)
 {
-	address = mmu_resolve(cpu0, address);
+	address = mmu_resolve(cpu0, READ, address);
 
 	// Look wether we are on an MMIO region
 	struct MMIO_ENTRY* io = mmio;
@@ -155,6 +176,13 @@ uint8_t mem_read8(uint32_t address)
 		io = io->next;
 	}
 
+	// Check if we are inside of physical memory
+	if(address + 1 > memory_size)
+	{
+		fprintf(stderr, "MEMORY: Invalid read of size 1 outside of physical memory at address 0x%x\n", address);
+		exit(EXIT_FAILURE);
+	}
+
 	// Proceed with memory read
 	pthread_mutex_lock(&memory_mutex);
 	uint8_t tr = memory[address];
@@ -164,7 +192,7 @@ uint8_t mem_read8(uint32_t address)
 
 uint16_t mem_read16(uint32_t address)
 {
-	address = mmu_resolve(cpu0, address);
+	address = mmu_resolve(cpu0, READ, address);
 
 	// Look wether we are on an MMIO region
 	struct MMIO_ENTRY* io = mmio;
@@ -186,6 +214,13 @@ uint16_t mem_read16(uint32_t address)
 		io = io->next;
 	}
 
+	// Check if we are inside of physical memory
+	if(address + 2 > memory_size)
+	{
+		fprintf(stderr, "MEMORY: Invalid read of size 2 outside of physical memory at address 0x%x\n", address);
+		exit(EXIT_FAILURE);
+	}
+
 	// Proceed with memory read
 	pthread_mutex_lock(&memory_mutex);
 	uint16_t tr = *((uint16_t*) &memory[address]);
@@ -195,7 +230,7 @@ uint16_t mem_read16(uint32_t address)
 
 uint32_t mem_read32(uint32_t address)
 {
-	address = mmu_resolve(cpu0, address);
+	address = mmu_resolve(cpu0, READ, address);
 
 	// Look wether we are on an MMIO region
 	struct MMIO_ENTRY* io = mmio;
@@ -217,6 +252,43 @@ uint32_t mem_read32(uint32_t address)
 		io = io->next;
 	}
 
+	// Check if we are inside of physical memory
+	if(address + 4 > memory_size)
+	{
+		fprintf(stderr, "MEMORY: Invalid read of size 4 outside of physical memory at address 0x%x\n", address);
+		exit(EXIT_FAILURE);
+	}
+
+	// Proceed with memory read
+	pthread_mutex_lock(&memory_mutex);
+	uint32_t tr = *((uint32_t*) &memory[address]);
+	pthread_mutex_unlock(&memory_mutex);
+	return tr;
+}
+
+uint32_t mem_fetch(uint32_t address)
+{
+	address = mmu_resolve(cpu0, INSTRUCTION_FETCH, address);
+
+	// Look wether we are on an MMIO region
+	struct MMIO_ENTRY* io = mmio;
+	while(io)
+	{
+		if(MMIO_INSIDE(io, address))
+		{
+			fprintf(stderr, "MEMORY: Trying to fetch an instruction inside an MMIO region !\n");
+			exit(EXIT_FAILURE);
+		}
+		io = io->next;
+	}
+
+	// Check if we are inside of physical memory
+	if(address + 4 > memory_size)
+	{
+		fprintf(stderr, "MEMORY: Invalid fetch outside of physical memory at address 0x%x\n", address);
+		exit(EXIT_FAILURE);
+	}
+
 	// Proceed with memory read
 	pthread_mutex_lock(&memory_mutex);
 	uint32_t tr = *((uint32_t*) &memory[address]);

src/memory/memory.h

@@ -14,5 +14,6 @@ void mem_write32(uint32_t address, uint32_t value);
 uint8_t mem_read8(uint32_t address);
 uint16_t mem_read16(uint32_t address);
 uint32_t mem_read32(uint32_t address);
+uint32_t mem_fetch(uint32_t address);
 
 #endif

src/memory/mmu.c

@@ -44,7 +44,24 @@ extern uint8_t* memory;
 #define VADDR_VPN_0 (0x003FF000)
 #define VADDR_PAGE_OFFSET (0x00000FFF)
 
-uint32_t mmu_resolve(rv32_cpu_t* cpu, uint32_t vaddr)
+uint32_t mmu_scause_from_access(memory_access_type_t access_type)
+{
+	switch(access_type)
+	{
+		case READ:
+			return SCAUSE_LOAD_PAGE_FAULT;
+		case WRITE:
+			return SCAUSE_STORE_AMO_PAGE_FAULT;
+		case INSTRUCTION_FETCH:
+			return SCAUSE_INSTRUCTION_PAGE_FAULT;
+		default:
+			fprintf(stderr, "mmu_scause_from_access: invalid parameter\n");
+			exit(EXIT_FAILURE);
+			break;
+	}
+}
+
+uint32_t mmu_resolve(rv32_cpu_t* cpu, memory_access_type_t access_type, uint32_t vaddr)
 {
 	// TODO: Make sure we are in S-mode or U-mode
 
@@ -64,8 +81,7 @@ uint32_t mmu_resolve(rv32_cpu_t* cpu, uint32_t vaddr)
 	if(!(pte & PTE_V))
 	{
 		// Invalid PTE
-		// TODO : Add a MEMORY_ACCESS_TYPE
-		exception_trigger(cpu, SCAUSE_INSTRUCTION_PAGE_FAULT);
+		exception_trigger(cpu, mmu_scause_from_access(access_type), vaddr);
 	}
 
 	if((pte & PTE_R) || (pte & PTE_W) || (pte & PTE_X))
@@ -73,6 +89,18 @@ uint32_t mmu_resolve(rv32_cpu_t* cpu, uint32_t vaddr)
 		// Leaf PTE, we are ready to resolve the mapping
 		// This is a 4 MiB megapage
 
+		// For an execute, check if we are allowed to execute
+		if(access_type == INSTRUCTION_FETCH && !(pte & PTE_X))
+			exception_trigger(cpu, mmu_scause_from_access(access_type), vaddr);
+
+		// For a write, check if we are allowed to write
+		if(access_type == WRITE && !(pte & PTE_W))
+			exception_trigger(cpu, mmu_scause_from_access(access_type), vaddr);
+
+		// For a read, check if we are allowed to read
+		if(access_type == READ && !(pte & PTE_R))
+			exception_trigger(cpu, mmu_scause_from_access(access_type), vaddr);
+
 		// Physical Address: [PPN[1] = pte.PPN[1], PPN[0] = vaddr.VPN[0], offset]
 		uint32_t paddr = 0;
 		paddr |= (PTE_PPN_1(pte) << 22);
@@ -93,7 +121,7 @@ uint32_t mmu_resolve(rv32_cpu_t* cpu, uint32_t vaddr)
 	if(!(pte & PTE_V))
 	{
 		// Invalid PTE
-		exception_trigger(cpu, SCAUSE_INSTRUCTION_PAGE_FAULT);
+		exception_trigger(cpu, mmu_scause_from_access(access_type), vaddr);
 	}
 
 	// This must be a leaf PTE, as Sv32 only supports 2-level mappings
@@ -104,6 +132,18 @@ uint32_t mmu_resolve(rv32_cpu_t* cpu, uint32_t vaddr)
 		exit(EXIT_FAILURE);
 	}
 
+	// For an execute, check if we are allowed to execute
+	if(access_type == INSTRUCTION_FETCH && !(pte & PTE_X))
+		exception_trigger(cpu, mmu_scause_from_access(access_type), vaddr);
+
+	// For a write, check if we are allowed to write
+	if(access_type == WRITE && !(pte & PTE_W))
+		exception_trigger(cpu, mmu_scause_from_access(access_type), vaddr);
+
+	// For a read, check if we are allowed to read
+	if(access_type == READ && !(pte & PTE_R))
+		exception_trigger(cpu, mmu_scause_from_access(access_type), vaddr);
+
 	// Physical Address: [PPN[1] = pte.PPN[1], PPN[0] = pte.PPN[0], offset]
 	uint32_t paddr = 0;
 	paddr |= (PTE_PPN_1(pte) << 22);

src/memory/mmu.h

@@ -4,6 +4,13 @@
 #include <stdint.h>
 #include "cpu/rv32cpu.h"
 
-uint32_t mmu_resolve(rv32_cpu_t* cpu, uint32_t vaddr);
+typedef enum MEMORY_ACCESS_TYPE
+{
+    READ,
+    WRITE,
+    INSTRUCTION_FETCH
+} memory_access_type_t;
+
+uint32_t mmu_resolve(rv32_cpu_t* cpu, memory_access_type_t access_type, uint32_t vaddr);
 
 #endif

tests/Makefile

@@ -2,7 +2,7 @@ AS=riscv32-elf-as
 LD=riscv32-elf-ld
 BUILD_DIR=../build/tests/
 
-S_FILES := $(shell find ./ -name '*.s')
+S_FILES := $(shell find ./ -name '*.s' -not -name 'exit_return.s')
 NAMES = $(basename $(S_FILES))
 OBJECTS=$(patsubst %, $(BUILD_DIR)/%, $(NAMES))
 

tests/addi.s

@@ -1,4 +1,6 @@
+.include "exit_return.s"
+
 .global _start
 _start:
     addi a0, zero, 0xBA
-    ebreak
+    exret

tests/beq.s

@@ -1,3 +1,5 @@
+.include "exit_return.s"
+
 .global _start
 _start:
     # Set base value of a0 to 'test failed'
@@ -14,18 +16,18 @@ _start:
     beq t0, t1, eq1
 
     # On failure, return
-    ebreak
+    exret
 
 eqNeg:
     # All passed
     addi a0, zero, 0
-    ebreak
+    exret
 
 eq0:
     # Inequality failed
-    ebreak
+    exret
 
 eq1:
     # Equality passed ; now try to test a negative offset case
     beq t0, t1, eqNeg
-    ebreak
+    exret

tests/blt.s

@@ -1,3 +1,5 @@
+.include "exit_return.s"
+
 .global _start
 _start:
     # Set base value of a0 to 'test failed'
@@ -12,20 +14,20 @@ _start:
     blt t0, t1, lt1
 
     # On failure, return
-    ebreak
+    exret
 
 ltNeg:
     # All passed
     addi a0, zero, 0
-    ebreak
+    exret
 
 lt0:
     # Inequality failed
-    ebreak
+    exret
 
 lt1:
     # Inequality passed ; now try with negative numbers
     addi t0, zero, -1
     addi t1, zero, -2
     blt t1, t0, ltNeg
-    ebreak
+    exret

tests/exit_return.s

@@ -0,0 +1,4 @@
+.macro exret
+addi a7, zero, 0x8
+ecall
+.endm

tests/jal.s

@@ -1,3 +1,5 @@
+.include "exit_return.s"
+
 .global _start
 _start:
     # Set base value of a0 to 'test failed'
@@ -8,17 +10,17 @@ _start:
     addi t0, t0, 12
     # Jump and link
     jal ra, fn0
-    ebreak
+    exret
 
 fnNeg:
     # All good
     addi a0, zero, 0
-    ebreak
+    exret
 
 fn0:
     # Check ra value with our t0 construct
     beq t0, ra, eq0
-    ebreak
+    exret
 
 eq0:
    # Try to jump back to a negative offset

tests/jalr.s

@@ -1,3 +1,5 @@
+.include "exit_return.s"
+
 .global _start
 _start:
     # Set base value of a0 to 'test failed'
@@ -19,13 +21,13 @@ _start:
     # Jump far to test jalr with negative offset
     jal fnfar
 
-    ebreak
+    exret
 
 # just_after : address is 16 bytes after auipc
 just_after:
     # ra must still be the old address
     ret
-    ebreak
+    exret
 
 # fn0 : function that calls fn1 and returns
 fn0:
@@ -42,18 +44,18 @@ fn0:
     addi sp, sp, 4
 
     ret
-    ebreak
+    exret
 
 # fn1 : just return
 fn1:
     ret
-    ebreak
+    exret
 
 fnneg:
     addi a0, zero, 0
-    ebreak
+    exret
 
 fnfar:
     auipc ra, 0
     jalr -8(ra)
-    ebreak
+    exret

tests/mulh.s

@@ -0,0 +1,40 @@
+.include "exit_return.s"
+
+.global _start
+_start:
+    # Set base value of a0 to 'test failed'
+    addi a0, zero, 1
+
+    # Multiply 2 * 3 in t0, high bits
+    addi t0, zero, 3
+    addi t1, zero, 2
+    mulh t0, t0, t1
+    addi t1, zero, 0
+    beq t0, t1, mulh_low_ok
+    exret
+
+mulh_low_ok:
+    # Multiply 2<<29 * 8 in t0, high bits
+    # Result high should be 2
+    addi t1, zero, 2
+    slli t0, t1, 29
+    addi t1, zero, 8
+    mulh t0, t0, t1
+    addi t1, zero, 2
+    beq t0, t1, mulh_high_ok
+    exret
+
+mulh_high_ok:
+    # Multiply 2 << 29 * -8 in t0, high bits
+    # Result high should be 0xFFFF_FFFE ie -2 signed ?
+    addi t1, zero, 2
+    slli t0, t1, 29
+    addi t1, zero, -8
+    mulh t0, t0, t1
+    addi t1, zero, -2
+    beq t0, t1, mulh_neg_ok
+    exret
+
+mulh_neg_ok:
+    addi a0, zero, 0
+    exret

tests/mv.s

@@ -1,5 +1,7 @@
+.include "exit_return.s"
+
 .global _start
 _start:
     addi a1, zero, 0xBA
     mv a0, a1
-    ebreak
+    exret

tests/swlw.s

@@ -1,3 +1,5 @@
+.include "exit_return.s"
+
 .global _start
 _start:
     # Set base value of a0 to 'test failed'
@@ -16,12 +18,12 @@ _start:
     # Compare
     beq t0, t1, good
 
-    ebreak
+    exret
 
 good:
     beq t0, t2, xtragood
-    ebreak
+    exret
 
 xtragood:
     addi a0, zero, 0
-    ebreak
+    exret

tests/test.sh

@@ -29,3 +29,4 @@ test "BLT  : Branch Less Than       " "../build/tests/blt  " 0
 test "JAL  : Jump And Link          " "../build/tests/jal  " 0
 test "SWLW : Store Word Load Word   " "../build/tests/swlw " 0
 test "JALR : Jump And Link Register " "../build/tests/jalr " 0
+test "MULH : MULtply High           " "../build/tests/mulh " 0