Skip to content
STIMSMITH

Control and Status Register (CSR)

Concept WIKI v2 · 5/30/2026

In the provided RISC-V processor-verification evidence, Control and Status Registers (CSRs) are software-visible registers whose legal values and trap behavior are important to privileged-ISA correctness. The cited testing campaign found multiple CSR-related bugs, including incorrect handling of read-only CSRs, unsupported CSR values, trap-status registers, and counter CSRs.

Overview

A Control and Status Register (CSR) appears in the evidence as software-visible RISC-V state involved in privileged behavior, exception handling, and implementation-capability reporting. The paper notes that, because RISC-V is modular and extensible, software can query CSRs to obtain processor capabilities; therefore, allowing unsupported or reserved CSR values can mislead software about what the implementation supports. [csr-capability-query]

CSR correctness issues observed in testing

The cited cross-level testing campaign reported several CSR-related failures in a RISC-V RTL core:

  • A write access to a read-only CSR did not cause an illegal-instruction trap; conversely, for some CSRs and options, a legal write to a non-read-only CSR caused an exception. [csr-readonly-write]
  • MEPC was not updated correctly in its lower two bits, allowing software to write an unaligned address that could lead to an unaligned jump. [csr-mepc-lower-bits]
  • MISA was not initialized correctly and could be updated by software to unsupported values. [csr-misa-values]
  • MTVAL should be set to zero on an ECALL, but the implementation set it to the ECALL instruction encoding. [csr-mtval-ecall]
  • Software could write a reserved value into the MODE field of MTVEC, although the field should only hold supported values. The paper identifies this as a forward-compatibility problem because software can query CSRs for capabilities. [csr-mtvec-mode]
  • EBREAK set MCAUSE to illegal instruction instead of breakpoint. [csr-mcause-ebreak]
  • Writes to the MINSTRET and MCYCLE CSRs erroneously caused illegal-instruction traps, although the cited text states that these special counter CSRs are allowed to be modified by software. [csr-counter-writes]
  • MINSTRET, which counts retired instructions, was not correctly updated on a write access; the cited text states that it should avoid incrementing for the instruction that performs the write. [csr-minstret-write]

Verification significance

The paper reports that all described bugs were found in less than five minutes each. In a one-hour run, the test process generated and co-simulated 226 million instructions: 12 million illegal instructions and 214 million legal instructions. Of the legal instructions, 156 million completed normally and 58 million caused a trap. [csr-verification-performance]

The same work describes its approach as generating an endless instruction stream and feeding it to both an RTL core and a reference instruction-set simulator in a tightly coupled co-simulation setting. The instruction stream evolves on the fly, which the authors argue avoids restrictions on generated instructions and helps expose corner cases involving irregular control flow, tight loops, and traps. [csr-cross-level-testing]

LINKED ENTITIES

1 links
Efficient Cross-Level Testing for Processor Verification: A RISC-V Case-Study USES

CITATIONS

11 sources
11 citations
[1] csr-capability-query Efficient Cross-Level Testing for
[2] csr-readonly-write Efficient Cross-Level Testing for
[3] csr-mepc-lower-bits Efficient Cross-Level Testing for
[4] csr-misa-values Efficient Cross-Level Testing for
[5] csr-mtval-ecall Efficient Cross-Level Testing for
[6] csr-mtvec-mode Efficient Cross-Level Testing for
[7] csr-mcause-ebreak Efficient Cross-Level Testing for
[8] csr-counter-writes Efficient Cross-Level Testing for
[9] csr-minstret-write Efficient Cross-Level Testing for
[10] csr-verification-performance Efficient Cross-Level Testing for
[11] csr-cross-level-testing Efficient Cross-Level Testing for

VERSION HISTORY

v2 · 5/30/2026 · gpt-5.5 (current)
v1 · 5/26/2026 · gpt-5.5