Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TASK] Cascade CPU fuzzing research bugs track #1573

Open
1 task done
acaldaya opened this issue Oct 25, 2023 · 7 comments
Open
1 task done

[TASK] Cascade CPU fuzzing research bugs track #1573

acaldaya opened this issue Oct 25, 2023 · 7 comments
Assignees
@ASintzoff
Labels
Component:Verif For issues in the verification environment or test cases (e.g. for testbench, C code, etc.) notCV32A65X It is not an CV32A65X issue PARAM:FPU Issue depends on the FPU parameter PARAM:PERFCOUNTER Performance counter Type:Bug For bugs in the RTL, Documentation, Verification environment or Tool and Build system

Comments

@acaldaya
Copy link
Contributor

Is there an existing CVA6 task for this?

  • I have searched the existing task issues

Task Description

Recently the paper: Cascade: CPU Fuzzing via Intricate Program Generation showcased some bugs of the CVA6. The goal of this issue is to track which bugs have been fixed and the corresponding PR.

ID (paper) Description CVE Status
C1 Double-precision multiplications yield wrong sign when rounding down 2023-34904
C2 Single-precision floating-point operations may treat NaNs as zeros 2023-34906
C3 Division by NAN incorrectly sets NX and NV fflags 2023-34905
C4 The inexact (NX) flag not set in case of overflow or underflow 2023-34907
C5 Division of zero by zero incorrectly sets the DZ flag 2023-34909
C6 Plus and Minus infinity microarchitectural structures are inverted 2023-34910
C7 Infinities are not rounded properly and stick to infinity 2023-34911
C8 Spurious exceptions when reading some performance counters 2023-34911
C9 Wrong supervisor performance counter access control 2023-42311
C10 Under some microarchitectural circumstances, wrong NAN conversion 2023-34908

Required Changes

When a bug of the table is fixed, please link this issue with the corresponding bug ID or CVE in the PR.

Current Status

It is not straightforward to know if the bugs are already fixed.

Risks

No response

Prerequisites

No response

KPI (KEY Performance Indicators)

No response

Description of Done

When all bugs have been fixed and the status column is updated with the corresponding PR.

Associated PRs

No response
@JeanRochCoulon
Copy link
Contributor

JeanRochCoulon commented Oct 26, 2023
edited

Thank you for the work done on CVA6 !! I like it!
Maybe I ask you the corresponding CVA6 hash on which the verification has been executed ?
Reminder: https://comsec.ethz.ch/wp-content/files/cascade_sec24.pdf

@JeanRochCoulon
Copy link
Contributor

@acaldaya Would you be available to present the results in cva6 verification meeting ? it is scheduled at 2pm CET on Thursday

@ASintzoff moderates it

@JeanRochCoulon JeanRochCoulon added Type:Bug For bugs in the RTL, Documentation, Verification environment or Tool and Build system Component:Verif For issues in the verification environment or test cases (e.g. for testbench, C code, etc.) labels Oct 26, 2023
@acaldaya
Copy link
Contributor Author

acaldaya commented Oct 26, 2023 via email

@JeanRochCoulon
Copy link
Contributor

@flaviens Would you be available to present the work results ?

@suppamax
Copy link

I have found these existing issues, which seem to be related to the report
#1213
#1212
#1192
#1091
#1071

@flaviens
Copy link
Contributor

Hello, thank you for your interest!

I would like to underline that all the bugs were reported to you many months before the paper went public, in accordance with responsible disclosure.

Here are some links to help you.

openhwgroup/cvfpu#72
#1071
#1192
pulp-platform/fpu_div_sqrt_mvp#15
pulp-platform/fpu_div_sqrt_mvp#17
pulp-platform/fpu_div_sqrt_mvp@ecfabd1
pulp-platform/fpu_div_sqrt_mvp@de10d67
#1212
#1213
openhwgroup/cvfpu#77

openhwgroup/cvfpu#73
pulp-platform/fpu_div_sqrt_mvp#16
pulp-platform/fpu_div_sqrt_mvp#18
pulp-platform/fpu_div_sqrt_mvp#20

Regarding the presentation, I must unfortunately decline for this specific time slot (this is a very short notice!).
@JeanRochCoulon, if you would like a presentation or discussion, please contact me by email directly to schedule it, I'd be very glad to have the opportunity to exchange with you.

Kind regards,
Flavien

@flaviens
Copy link
Contributor

Additionally, @KatCe suggested that you may be interested in this issue (Y1) as well, despite being seemingly a yosys-related issue.

@JeanRochCoulon JeanRochCoulon added PARAM:FPU Issue depends on the FPU parameter PARAM:PERFCOUNTER Performance counter labels Dec 6, 2023
@JeanRochCoulon JeanRochCoulon added the notCV32A65X It is not an CV32A65X issue label May 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ASintzoff ASintzoff

Labels
Component:Verif For issues in the verification environment or test cases (e.g. for testbench, C code, etc.) notCV32A65X It is not an CV32A65X issue PARAM:FPU Issue depends on the FPU parameter PARAM:PERFCOUNTER Performance counter Type:Bug For bugs in the RTL, Documentation, Verification environment or Tool and Build system
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@acaldaya @suppamax @flaviens @JeanRochCoulon @ASintzoff