Search code examples
assemblycpuspecificationsriscvprogram-counter

What does RISC-V do on PC overflow?


What happens on a RISC-V CPU when the program counter (PC) overflows?

For example, what happens on RV32G IALIGN = 32 after a (32-bit) NOP at 0xFFFF’FFFC has been executed? Or on RV32GC after a 16-bit NOP at 0xFFFF’FFFE has been executed? The easiest answer to both of these questions to be “nothing much, execution proceeds from 0x0000’0000”, but then what happens on RV32GC after a 16-bit NOP at 0xFFFF’FFFC has been executed? The same answer would imply the instruction fetch might then need to span the end of the address space, which doesn’t sound architecturally pleasant. (Then again, with IALIGN = 16 an instruction fetch might have to span a page boundary, which doesn’t sound all that pleasant either, and IIRC x86 implementations have caused plenty of hilarity for partially-faulting instruction fetches.)

A reference to the specPDF would be preferred, though I haven’t been able to find anything relevant there. Failing that, it’d be interesting to hear what actual hardware implementations do in this situation.


Solution

  • https://riscv.org/wp-content/uploads/2019/12/riscv-spec-20191213.pdf

    1.4 Memory

    A RISC-V hart has a single byte-addressable address space of 2XLEN bytes for all memory accesses. A word of memory is defined as 32 bits (4 bytes). Correspondingly, a halfword is 16 bits (2 bytes), a doubleword is 64 bits (8 bytes), and a quadword is 128 bits (16 bytes). The memory address space is circular, so that the byte at address 2XLEN−1 is adjacent to the byte at address zero. Accordingly, memory address computations done by the hardware ignore overflow and instead wrap around modulo 2XLEN.

    This suggests to me that the PC wraps, since incrementing it is a memory address computation.