report execution failed when vm trapped (#1208)

`let _ = vm.iter_until_halt().take(max_steps).count();` will keep
calling `next()` even emulator halt.
This PR add termination mechanism

Author: hero78119

ceno_emul/src/tracer.rs

@@ -90,7 +90,7 @@ pub trait Tracer {
 
     fn advance(&mut self) -> Self::Record;
 
-    fn is_busy_loop(record: &Self::Record) -> bool;
+    fn is_busy_loop(&self, record: &Self::Record) -> bool;
 
     fn store_pc(&mut self, pc: ByteAddr);
 
@@ -654,6 +654,7 @@ impl FullTracer {
         if self.record.memory_op.is_some() {
             unimplemented!("Only one memory access is supported");
         }
+
         // update min/max mmio access
         if let Some((start_addr, (_, end_addr, min_addr, max_addr))) = self
             .mmio_min_max_access
@@ -767,6 +768,7 @@ impl FullTracer {
 #[derive(Debug)]
 pub struct PreflightTracer {
     cycle: Cycle,
+    pc: Change<ByteAddr>,
     mmio_min_max_access: Option<BTreeMap<WordAddr, (WordAddr, WordAddr, WordAddr, WordAddr)>>,
     latest_accesses: LatestAccesses,
     next_accesses: NextCycleAccess,
@@ -783,6 +785,7 @@ impl PreflightTracer {
     pub fn new(platform: &Platform) -> Self {
         let mut tracer = PreflightTracer {
             cycle: <Self as Tracer>::SUBCYCLES_PER_INSN,
+            pc: Default::default(),
             mmio_min_max_access: Some(init_mmio_min_max_access(platform)),
             latest_accesses: LatestAccesses::new(platform),
             next_accesses: NextCycleAccess::new(ACCESSED_CHUNK_SIZE),
@@ -800,6 +803,8 @@ impl PreflightTracer {
             .and_then(|mmio_max_access| mmio_max_access.range_mut(..=addr).next_back())
             && addr < *end_addr
         {
+            // skip if the target address is not within the range tracked by this MMIO region
+            // this condition ensures the address is within the MMIO region's end address
             if addr >= *max_addr {
                 *max_addr = addr + WordAddr::from(WORD_SIZE as u32);
             }
@@ -828,15 +833,19 @@ impl Tracer for PreflightTracer {
         self.reset_register_tracking();
     }
 
-    fn is_busy_loop(_: &Self::Record) -> bool {
-        false
+    fn is_busy_loop(&self, _: &Self::Record) -> bool {
+        self.pc.before == self.pc.after
     }
 
     #[inline(always)]
-    fn store_pc(&mut self, _pc: ByteAddr) {}
+    fn store_pc(&mut self, pc: ByteAddr) {
+        self.pc.after = pc;
+    }
 
     #[inline(always)]
-    fn fetch(&mut self, _pc: WordAddr, _value: Instruction) {}
+    fn fetch(&mut self, pc: WordAddr, _value: Instruction) {
+        self.pc.before = pc.baddr();
+    }
 
     #[inline(always)]
     fn track_mmu_maxtouch_before(&mut self) {}
@@ -944,7 +953,7 @@ impl Tracer for FullTracer {
     }
 
     #[inline(always)]
-    fn is_busy_loop(record: &Self::Record) -> bool {
+    fn is_busy_loop(&self, record: &Self::Record) -> bool {
         record.is_busy_loop()
     }
 

ceno_emul/src/vm_state.rs

@@ -129,7 +129,7 @@ impl<T: Tracer> VMState<T> {
     fn step(&mut self) -> Result<T::Record> {
         crate::rv32im::step(self)?;
         let step = self.tracer.advance();
-        if T::is_busy_loop(&step) && !self.halted() {
+        if self.tracer.is_busy_loop(&step) && !self.halted() {
             Err(anyhow!("Stuck in loop {}", "{}"))
         } else {
             Ok(step)

ceno_zkvm/src/e2e.rs

@@ -823,7 +823,10 @@ pub fn emulate_program<'a>(
     }
 
     let exit_code = info_span!("[ceno] emulator.preflight-execute").in_scope(|| {
-        let _ = vm.iter_until_halt().take(max_steps).count();
+        vm.iter_until_halt()
+            .take(max_steps)
+            .try_for_each(|step| step.map(|_| ()))
+            .unwrap_or_else(|err| panic!("emulator trapped before halt: {err}"));
         vm.halted_state().map(|halt_state| halt_state.exit_code)
     });