[Bug Report] Illegal CSR access to mtval2 does not raise exception in Rocket

[YzhDDDing]

Description

While performing differential testing against the Spike reference model, I observed a discrepancy in how Rocket handles accesses to unsupported CSRs.

Specifically, executing a CSR instruction targeting mtval2 does not raise an Illegal Instruction exception in Rocket, whereas Spike correctly traps with mcause = 0x2, as required by the RISC-V privileged specification.

This behavior violates the spec requirement that accesses to unimplemented or unsupported CSRs must raise an Illegal Instruction exception.

Environment

• Core: Rocket
• ISA: RV64IMCB + Zicsr + Zifencei + Zmmul + Zca/Zba/Zbb/Zbc/Zbs
• Reference model: Spike

Reproduction Case

Instruction:

csrrs x20, mtval2, x20

No debug-related or advanced trap CSRs are enabled.

Observed Behavior

Implementation	Instruction	Register Result	Exception
Spike	csrrs x20, mtval2, x20	x20 = 0xa9944fc2181ddb84	Illegal Instruction (mcause = 0x2)
Rocket	csrrs x20, mtval2, x20	x20 = 0xa9944fc2181ddb84	No exception

Expected Behavior

According to the RISC-V Privileged Specification:

• mtval2 is not part of the base privileged CSRs
• When a CSR is not implemented or not accessible in the current privilege mode, any CSR instruction accessing it must raise an Illegal Instruction exception

Therefore, Rocket should trap with:

mcause = 0x2 (Illegal Instruction)