Without this an instruction taking an exception will enter WB whilst
simultaneously remaining in ID. This didn't cause any known functional
issues as in the scenarios it occurred the RF write was disabled and the
WB stage eventually gets flushed. However it's still bad behaviour and
could lead to functional issues when RTL changes. It also eases the
co-simulation DV implementation.
Extra bits are added alongside read/write data for the instruction and
data buses to facilitate data integrity checking.
Ibex testbench extended to generate the expected bits.
All other top-levels modified to add the new signals (which are mostly
ignored).
Signed-off-by: Tom Roberts <tomroberts@lowrisc.org>
Previously the raw incremented address was used which is the calculated
address + 4. This is confusing as it refers to a byte that wouldn't be
accessed (e.g. a lw at 0x8000009e which faults on the access to
0x8000000a0, would report an mtval of 0x8000000a2). With this change
mtval will refer to the first byte on the other half of the word
boundary the unaligned access crosses.
Random constants are sent through the hierarchy as parameters in-line
with other OpenTitan modules.
Further detail on this mechanism can be found in lowrisc/opentitan#2229
Signed-off-by: Tom Roberts <tomroberts@lowrisc.org>
mseccfg and mseccfgh have changed their addresses. This updates to the
newly allocated values.
The ePMP specification is now available as a versioned PDF,
documentation is updated to point to that removing the local PDF copy.
A minor change to use the Width parameter of prim_buf. No functional
impact but stops the hierarchy from being cluttered with hundreds of
generate contexts in the top level.
Signed-off-by: Tom Roberts <tomroberts@lowrisc.org>
This parameter forces a reset of all registers inside the core. This is
required to guarantee a common starting point for lockstep and thus
prevent spurious lockstep failure alerts.
Another minor change in this commit rearranges the writeback stage
multiplexing to gate incoming lsu write data when not valid. This stops
any X values from the data bus propagating to the register file
signalling (and thus to the lockstep comparison) which would cause the
lockstep alert to be X. It has the side effect of possibly reducing
power consumption in the register file.
Signed-off-by: Tom Roberts <tomroberts@lowrisc.org>
This signal used to be a one shot enable out of reset. We need an option
to pause execution for OpenTitan, so fetch_enable is extended to cover
that.
The signal is already driven low by the testbench at the end of test.
This is moved after the performance counter reads to ensure they can
complete.
Fixes#1105
Signed-off-by: Tom Roberts <tomroberts@lowrisc.org>
With data-independent timing enabled and BranchTargetALU configured,
branches will stall for a cycle causing an illegal value to be decoded
for the B Operand. No functional impact of this, but an assertion fires
so we might as well tie it off properly.
Fixes#1367
Signed-off-by: Tom Roberts <tomroberts@lowrisc.org>
In tests with multiple resets, these signals could hold onto spurious
values through reset (since the clock is also gated) which caused
assertion failures on resumption.
Fixes#1368
Signed-off-by: Tom Roberts <tomroberts@lowrisc.org>
Certain synthesis tools like DC are very smart at optimizing away redundant logic.
Hence, we have to insert an optimization barrier at the IOs of the lockstep Ibex.
This is achieved by manually buffering each bit using prim_buf.
Our Xilinx and DC synthesis flows make sure that these buffers cannot be optimized
away using keep attributes (Vivado) and size_only constraints (DC).
Signed-off-by: Michael Schaffner <msf@google.com>
1. Missing prim_assert in ibex_top.sv (more of an rtl bug but only found
in running synthesis scripts)
2. Write out the pre-mapped netlist before mapping latches
Relates to #1335
Signed-off-by: Tom Roberts <tomroberts@lowrisc.org>
This adds more instruction categories and corrects various issues in the
categorization code. Further cross coverage has been added including
illegal bins to remove bins that cannot occur.
The concept of using SVAs with cross coverage has been dropped. The
systemverilog scheduling model makes the concept unworkable.
The read enables should only be asserted where an actual RF read will
occur. Where there is an illegal instruction or a fetch error the raw
decoder signals might still be asserted but should be squashed before
they become the true enable signals.
csr_op_en_i signals whether or not the CSR access will actually happen,
but whether an illegal write is being can be determined with just the
address and access type. This change will improve timing and avoid
circular logic that might occur from the use of the illegal_csr_write
signal.
Note that the alert output is tied off for now until an option is added
to reset all registers (otherwise there will be X propagation).
Signed-off-by: Tom Roberts <tomroberts@lowrisc.org>
This commit creates a new top level wrapping the core, register file and
icache RAMs. The tracing top level is also renamed to ibex_top_tracing
to match. This new top level is intended to enable a dual core lockstep
implementation of Ibex.
There are no functional changes in this commit, only wiring.
Signed-off-by: Tom Roberts <tomroberts@lowrisc.org>
No functional change. These parameters are effectively fixed. Moving
them to the pkg eases top-level wiring of RAM signals.
Signed-off-by: Tom Roberts <tomroberts@lowrisc.org>
This signal is used to gate several assertions related to
unknown/invalid selector signals. We want to be sure to catch any X
values entering the compressed decoder and ultimately ID.
This is related to lowRISC/Ibex#540.
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
This change will cause the ID stage to stall if there is a potential
debug mode entry until instructions in both ID and WB have completed.
This fixes an issue with incorrect behaviour around hardware breakpoints
and exceptions that could cause exception entry to be missed, hardware
breakpoints to be triggered incorrectly or missed entirely.
In addition single step control logic is altered to work correctly with
the new debug mode entry behaviour.
Changes the ECC granularity in the data RAMs from 64bit to 32bit. This
is to align with an upcoming change in bus ECC. Relates to
lowRISC/opentitan#5450
Signed-off-by: Tom Roberts <tomroberts@lowrisc.org>
This commit adds the MCOUNTEREN CSR as required by the RISC-V spec.
The register is defined as WARL. At the moment, Ibex doesn't enable U-mode
access to the performance montiors. Consequently, writes to the register are
ignored and it reads as zero which is okay according to the spec.
This resolveslowRISC/Ibex#1278 .
Prior to this change Ibex had multiple feedthrough paths from the data
memory interface to the instruction memory interface. This existed
because Ibex would hold off doing a instruction fetch for a jump or
branch if there was a outstanding memory request. It would wait for the
response to be available so either the jump or branch would occur or an
exception was taken.
With this change the branch or jump will speculatively begin the
instruction fetch whilst there is an outstanding memory request. Should
an exception result from the memory request the fetch will be discarded
and the exception taken as normal.
An alternative fix would not factor the data error response
(data_err_i) directly into the controller logic for branches and jumps.
With this option new stall cycles would be introduced anywhere a branch
or jump immediately follows a memory instruction which would have an
adverse impact on performance.
* `if` in `DBG_TAKEN_IF` is needless as the conditions it checks will be
true if controller enters `DBG_TAKEN_IF` state
* flop `enter_debug_mode` so `FLUSH` state looks at what
`enter_debug_mode` was when it was seen in `DECODE` state rather than
what it has become. In particular the controller could enter `FLUSH`
on the basis of performing a WFI then divert down the debug control
path due to a new debug request being raised. In this instance it is
preferable for the WFI to complete entering `SLEEP` before the debug
request wakes the core back up.
This implemements the RISC-V Trusted Execution Environment (TEE) working
group proposal 'PMP Enhancements for memory access and execution
prevention on Machine mode'. The proposal is awaiting ratification and
is not expected to change beyond minor tweaks before it becomes part of
the RISC-V priviledged specification.
No seperate 'classic' PMP only mode is provided as different PMP
behaviour only occurs when the MSECCFG CSR is written to. This CSR is
introduced by the proposal and has no specified function in the current
RISC-V priviledged specification.
The previous change was wrong: it was trying to define a signal with
DbgHwNumLen bits that contained DbgHwBreakNum - 1. Unfortunately, '1
is *not* the same as a zero-extended version of 1'b1.
