1

EE 457 Unit 8

Exceptions
“What Happens When Things Go Wrong”
 2

User and Kernel Mode, Coprocessor Registers

BACKGROUND
 3

MIPS Programmer-Visible Registers

• Normal MIPS instructions CANNOT GPR’s

access coprocessor registers directly $0 - $31 $f0 - $f31

(since instruction format does not have
enough bits)
• Coprocessor registers can be accessed
via the mfc0 (move from c0) and mtc0
(move to c0) instructions
32-bits 64 or more
• mfc0 $gpr,$c0_reg Coprocessor 1 –
– R[gpr] = C0[c0_reg] PC: Floating-point Regs.

• mtc0 $gpr,$c0_reg Status:

– C0[c0_reg] = R[gpr] Cause:
HI:
• Sequence:
Coprocessor 0 –
– Move value from coprocessor register to LO: Status & Control Regs
normal GPR
– Process that value with regular MIPS MIPS Core
instructions
– Move value back to coprocessor register Special Purpose Registers
 4

MIPS Coprocessor Register Access

GPR’s
• Normal MIPS instructions CANNOT
access coprocessor registers directly $0 - $31 $f0 - $f31

(since instruction format does not have

enough bits)
• Coprocessor registers can be accessed
via the mfc0 and mtc0 instructions
• mfc0 $gpr,$c0_reg 32-bits 64 or more
Coprocessor 1 –
– R[gpr] = C0[c0_reg]
PC: Floating-point Regs.
• mtc0 $gpr,$c0_reg
Status:
– C0[c0_reg] = R[gpr]
• Sequence: HI: Cause:
– Move value from coprocessor register to Coprocessor 0 –
normal GPR LO: Status & Control Regs
– Process that value with regular MIPS
instructions MIPS Core
– Move value back to coprocessor register Special Purpose Registers
 5

User vs. Kernel Mode

• Kernel mode is a special mode of the processor for executing trusted (OS)
code
– Certain features/privileges are only allowed to code running in kernel mode
– OS and other system software should run in kernel mode
• User mode is where user applications are designed to run to limit what
they can do on their own
– Provides protection by forcing them to use the OS for many services
• User vs. kernel mode determined by some bit(s) in some processor control
register
– x86 Architecture uses lower 2-bits in the CS segment register (referred to as
the Current Privilege Level bits [CPL])
– MIPS: User Mode bit in the processor status register
• On an exception, the processor will automatically switch to
kernel mode
 6

Kernel Mode Privileges

0xffffffff
Kernel
• Privileged instructions Space

– User apps. shouldn’t be allowed to

0xc0000000

disable/enable interrupts, change

memory mappings, etc.
• Privileged Memory or I/O access User
– Processor supports special areas of Space

memory or I/O space that can only be

accessed from kernel mode
• Separate stacks and register sets 0x00000000

Address
– MIPS processors can use “shadow” Space
register sets (alternate GPR’s when in
kernel mode).
 7

EXCEPTIONS OVERVIEW
 8

What are Exceptions?

• Exceptions are "rare" events that cause a break in
normal program execution
• Can be synchronous (called by an instruction in the
program)
– Traps or system calls (calls from user apps to OS functions)
• Can be asynchronous (triggered by the hardware)
– HW Interrupts
– Error conditions
• Response: The processor hardware must call a
"predetermined" software routine (aka "handler" or
"service routine")
 9

Exception Processing
• Exception handling is similar to a subroutine ('jal') call but performed
automatically by the hardware
– Must save PC of offending instruction, program state, and any information needed to
return afterwards
– Flush the pipeline using the hardware already present for branches/jumps
– Execute the software handler by loading the PC with its start address (must be preset or
looked up by the hardware without help from software)
– Execute the handler routine to deal with the exception
– Return and restore the state
User Program System Exception
--------- Handler
--------- ---------
---------
1. Exception occurs ---------
Exception occurs ---------
2. Save State --------- ---------
3. Call handler
--------- ---------
--------- ---------
6. Resume normal
execution --------- Return from
--------- 4. Restore state exception
5. Return
 10

Sync. Exceptions: System Calls/Traps

• A controlled-method for user application calling OS
services
• Switches processor to “kernel” mode of the processor
where certain privileges are enabled that we would not
want normal user apps to access

MIPS System call

addi $v0,$0,5 // $v0 = service num.
syscall // enter OS

Instruction Tracing and Breakpoint

x86 System Call (old DOS OS call) Single-stepping & Breakpoint in x86
IN AH, 01H
PSW TF
INT 20H // getchar()
Processor
Status Word
Trap Flag
 11

Exception Examples 1
Example Stage Action
I/O Device Interrupt WB Take ASAP
• A peripheral device requires action from the CPU
(Interrupt I/O Driven)
Operating System Calls (“Traps”) [e.g. File Open] ID Precise
• Trap instruction causes processor to enter kernel mode

Instruction Tracing and Breakpoints ID Precise

• When TRAP Bit is set all instructions cause exceptions
• Particular instructions are flagged for exceptions
(debugging)

Arithmetic Exceptions EX Precise

• Overflow or Divide-by-0
 12

Exception Examples 2
Example Stage Action
Page Faults IF or MEM Precise
• Virtual memory access fault (no Page Table entry resident in
memory)
Misaligned Memory Address EX Abort
• Address is not multiple of operand size Process
Memory Protection Violations IF or MEM Abort
• Address is out of bounds; RWX violation Process
Undefined Instructions ID Precise
• Decode unit does not recognize opcode or other fields (Why not
• Could be useful to extend the instruction set abort)
Hardware failure WB Take ASAP
• Unrecoverable hardware error is detected; execution is
compromised
Power Failure WB Take ASAP
• Power has fallen below a threshold; Trap to software to save as
much state as possible
 13

Review: Exception Processing

• Save necessary state to be able to restart the process
– Save PC of offending instruction
• Call an appropriate “handler” routine to deal with
the error / interrupt / syscall
– Handler identifies cause of exception and handles it
– May need to save more state
• Restore state and return to offending application (or
kill it if recovery is impossible)
 14

MIPS Coprocessor 0 Registers

• Status Register
– Enables and disables the handling of exceptions/interrupts
– Controls user/kernel processor modes
• Kernel mode allows access to certain regions of the address space
and execution of certain instructions
• Cause Register: Indicates which exception/interrupt
occurred
• Exception PC (EPC) Register
– Indicates the address of the instruction causing the
exception
– This is also the instruction we should return to after
handling the exception (similar to $ra ($31) for jal )
 15

Status Register
• Allows software to understand the state of the processor and
to control whether certain exceptions (interrupts) are ignored
• Register 12 in coprocessor 0
– IM[7:0] – Interrupt Mask bits (1 = ignore / 0 = allow)
– UM – User Mode (1 = User mode / 0 = Kernel Mode)
– ERL/EXL = Exception/Error Level
• 1 = Already handling exception or error / 0 = Normal exec.
• If either bit is ‘1’ processor is also said to be in kernel mode
– IE = Interrupt Enable
• 1 = Allow unmasked interrupts / 0 = Ignore all interrupts

31 15 8 4 2 1 0
Status

ERL
EXL
IM5
IM7
IM6

IM4
IM3
IM2
IM1
IM0

UM
000 00

IE
0000 0000 0000 0000
Register
 16

EPC Register
• Exception PC holds the address of the offending
instruction
– Can be used along with ‘Cause’ register to find and correct
some error conditions
• ‘eret’ instruction used to return from exception
handler and back to execution point in original code
(unless handling the error means having the OS kill
the process)
– ‘eret’ Operation: PC = EPC
31 0
EPC =
Exception PC
Address of instruction that generated the exception
 17

Cause Register
Code Cause
• Register 13 in coprocessor 0 0 Interrupt (HW)

• Bit definitions 4, 5 Load (4), Store (5)

Address Error
– BD – Branch Delay 6, 7 Instruc. (6), Data (7) Bus
• The offending instruction was in the branch Error
delay slot
8 Syscall
• EPC points at the branch but it was EPC+4
that caused the exception 9 Breakpoint

– PI[7:0] – Pending Interrupt 10 Reserved Instruc.

• 1 = Interrupt Requested / 0 = No interrupt 11 CoProc. Unusable
requested 12 Arith. Overflow
– Exception Code – Indicates cause of 13 Trap
exception (see table) 15 Floating Point
31 15 8 7 6 2 1 0
Cause Exception Code
PI7
PI6
PI5
PI4
PI3
PI2
PI1
PI0
BD

000 0000 0000 0000 0 00

Register
 18

Problem of Calling a Handler

• We can't use explicit jal instructions to call
exception handlers since we don’t when they
will occur

.text Many instructions could cause

an error condition. Or a
MAIN: ----
hardware event like a keyboard
---- press could occur at any point in
---- the code.
----
----
jr $ra
 19

Handler Calling Methods

• Since we don’t know when an exception will occur there must be a preset
location where an exception handler should be defined or some way of telling
the processor in advance where our exception handlers will be located
Kernel 0xffffffff Kernel 0xffffffff Kernel 0xffffffff
Space Space Space

INT 2 Hand. x3
INT n Hand. 0x80000???

INT 2 Hand. 0x80000300 Handler 1 x1

INT 1 Hand. 0x80000200 INT 1 Hand. x2
Exception Exception
0x80000180
Handler 0x80000180 Handler addr x3
0x80000000 0x80000000
addr x2 0x80000000
addr x1

User User User

Space Space Space
0x00000000 0x00000000 0x00000000

Method 1 Method 2 Method 3

 20

Solution for Calling a Handler

• Method 1: Single hardwired address for master
handler
– Early MIPS architecture defines that the exception
handler should be located at 0x8000_0180. Code there
should then examine CAUSE register and then call
appropriate handler routine
• Method 2: Vectored locations (usually for
interrupts)
– Each interrupt handler at a different address based on
interrupt number (a.k.a. vector) (INT1 @ 0x80000200,
INT2 @ 0x80000300)
• Method 3: Vector tables
– Table in memory holding start address of exception
handlers (i.e. overflow exception handler pointer at
0x0004, FP exception handler pointer at 0x0008, etc.)
 21

"PRECISE" EXCEPTIONS
 22

Why are Exceptions So Important?

• Exceptions are part of the ISA (Instruction Set Architecture)
specification
• Any implementation of an ISA must comply with its
“Exception model”
• Precise exception handling constrains what the architecture
can do
– Exceptions are rare yet we must functionally support them
– If we did not have to comply to the exception model, architects would
have a lot more freedom in their design

When designing micro-architectures for the common case,

exceptions must always be in the back of your mind!
 23

Precise Exceptions
• Precise Exceptions: A pipelined or advanced out-of-
order execution processor's exception handling
should behave equivalently to exceptions on a
single-cycle CPU.
– Any instructions BEFORE the offending instruction should
complete before the handler runs
– Any instructions AFTER the offending instruction should
not appear to have executed (written to memory or
register)
• Very difficult in architectures in which multiple
instruction execute concurrently (i.e. our 5-stage
pipeline)
 24

Exceptions in the 5-Stage Pipeline

• To support precise exceptions in the 5-stage pipeline we
must…
– Identify the pipeline stage and instruction causing the exceptions
• Any stage can trigger an exception (except for the WB stage)
– Identify the cause of the exception
– Save the process state at the faulting instruction
• Including registers, PC, and cause
• Usually done by software exception handler
– Complete the execution of instructions preceding the faulting
instruction
– Flush instruction following the faulting instruction plus the faulting
instruction
– Transfer control to exception handler
Use many of the same mechanisms as conditional branches.
 25

Exception in EX stage
FLUSH • Save EPC=PC+4 of offending instruction
• Record Cause
EX.RegWrite • Add 3rd input of 0x8000_0180 to PCSrc Mux (start
address of exception handler)
Stall EX.RegDst

Ex Mem WB
PCWrite HDU
IRWrite

Mem WB
IF.Flush

WB
+

MemToReg
Control Branch
4
+

rs Sh.
Read Left 2
EPC

MemRead &
MemWrite
5 Reg. 1 # Read
0
data 1 Cause

Pipeline Stage Register

Pipeline Stage Register

rt 1
Instruction Register

Read
Reg. 2 # 2
5

Pipeline Stage Register

3 0
I-Cache

0 . Write Read ALUSelA

=
PC

Reg. #

ALU
1
data 2
8000_0180

2 0 Res.
Write 1
0

D-Cache
Data 2
3 1
1
Register File
ALUSelB

Sign ALUSrc
Extend RegDst
Reset
16 rs
32
Forwarding 0
rt Unit 1

rd
 26

Exception Handling Complexities

• When the arithmetic exception is triggered in EX, we must flush IF, ID and
EX and start fetching from 0x8000_0180
• Note that the handler’s software must have access to CAUSE and EPC
registers to figure out what to do
• Realize though exceptions may occur in all but the WB stage
– 4 possible values of CAUSE and EPC
– Software needs to know which value is the actual cause and EPC
– Depending on the stage where the exception occurs, we have to flush
different stages
Muxes

EPC EPC EPC EPC EPC

Cause Cause Cause Cause Cause

IM Reg ALU DM Reg

But it gets worse!!!
 27

More Complex Complexities?

Program Order
• What happens if multiple exceptions occur in the xor $9, $9, $9
same cycle from different instructions in different lw $2, 0($3)
sw $4, 0($3)
stages
illegal
– Should take the “oldest” exception in “program/process order”
add $5, $6, $7
– “Program/process order” = Order if only 1 instruction were executed
at a time (= Fetch order)
– Thus oldest instruction is the one deepest (furthest) into the pipeline
– There is no point in dealing with all exceptions, just the oldest one
– Let software deal with the oldest and then restart…if later instruction
were going to generate an exception, then they will again upon
restart and we can handle it then

We can start handling illegal instruction exception. What

Cycle n could happen on cycle n+1?

IM Reg ALU DM Reg

LW
I-Fetch
Illegal SW address TLB miss
TLB miss /
Instruction computation Page hit
But it gets worse!!!
Page Fault
(no exception)
 28

More Complex Complexities?

Program Order Temporal Order

• Remember we must complete xor $9, $9, $9

lw $2, 0($3)
instruction preceding the faulting sw $4, 0($3) 2
instruction illegal 1a
add $5, $6, $7 1b
• Remember we are supposed to handle
exceptions in program order (not
temporal order)

Cycle n+1 Which exception should we have

handled?

IM Reg ALU DM Reg

I-Fetch
Illegal LW
TLB miss / SW page fault
Instruction
Page Fault
 29

Simplify the Process

• It is not practical to take an exception in the cycle when it happens
– Multiple exceptions in the same cycle
– It is complex to take exception in various pipeline stages since we have to take them in program
order and not temporal order
• Instead, we will just tag an instruction in the pipeline if it causes and exception
(recording the cause and EPC)
– Turn the offending instruction into a NOOP (bubble)
– Let the instructions continue to flow down the pipeline and handle the offending instruction’s
execution in the WB stage
• The cause and status info is carried down the pipe via stage registers
– Exception remains “silent” until it reaches the WB stage
– Exceptions are then processed into the WB stage

Muxes Actual EPC & Cause Register

EPC EPC EPC EPC EPC

Cause Cause Cause Cause Cause

IM Reg ALU DM Reg

 30

Handling in WB Stage
• Handling in WB stage helps deal with temporal vs. program
order issues

CC1 CC2 CC3 CC4 CC5 CC6 CC7 CC8

40: LW $1,0($8) IM Reg ALU DM Reg

44: AND $12,$2,$5 IM Reg ALU DM Reg

48: OR $13,$6,$2 IM Reg ALU DM Reg

52: ADD $14,$2,$2 IM Reg ALU DM Reg

…
 31

Simplified Processing
• Precise exceptions are now taken in WB along with other HW interrupts
• Faulting instructions “carry” their cause and EPC values through the
pipeline stage registers
• Only one set of EPC and CAUSE registers in the WB stage
• When an instruction flagged as faulting reaches the WB stage
– Flush IF, ID, EX, MEM
• Make sure that if a SW is in MEM stage that it is not allowed to write
– Load the handler address in the PC
– Make sure EPC & Cause are software-readable (movable to GPR’s)

This is a general approach to dealing with exceptions in

the processor:
Wait until the faulting instruction exits the machine to
trigger the handling procedure