Generate test_done: and test_fail: sections using handshake mechanism
Adding this behaviour to ibex_asm_program_gen allows all test to benefit
from the option of jumping directly to these label. Previously, ECALL was
used to provide a single path to this code.
Redefine ECALL handler to no-longer jump to 'write_tohost:'
This prevents the simulation from entering an infinite loop which it can no
longer detect and terminate from.
Add new uvm test to hit hardware breakpoints coverpoints
Overrides some riscv-dv classes to create a custom debug_rom for this test,
which is used to setup the breakpoint registers.
I have found it difficult to get stimulus of this hardware feature without
a more directed test. Improvements or ideas are welcome here.
Test-specific timeout of 5min within which I see >90% pass rate.
Change defaults for bad_intg on uninit accesses for Dmem/Imem
Imem : never create bad_intg on uninit access
Dmem : by default, enable bad_intg on uninit access. Plusarg to change behaviour.
Add 180s timeout for pmp_full_random tests (this sees a reasonable pass-rate)
Tweaked to latest api for double_fault detector
Squashed changes from Marno's ongoing work:
[pmp] Adjust full random PMP to use random memory addresses
[pmp] Enable double fault detecter for MML read only test
[dv,pmp] Add double fault pass flag
[dv,pmp] Different parameters for pmp full random test
If the DUT comes out of reset and immediately jumps into debug mode, the first
routine executed is to push the gpr's to the kernel stack. The register used as
the effective stack-pointer is initialized to zero, and the routine reserves the
address space (XLEN/4) * 31 to push the GPR's (excluding x0).
This routine however assumes that the original value in the sp register is valid
to be stored to. This is often not the case out of reset, when it is 0x00000000.
Therefore an address range from 0xffffff80 up to and including
0x00000000 (wrapping) is stored to.
This patch reserves 32 words instead, preventing the final gpr from writing to
an invalid addr in this case.
Signed-off-by: Harry Callahan <hcallahan@lowrisc.org>
[RISCV-DV] Functional changes to fix nested_interrupt_test
This coverpoint does not make sense. The hardware breakpoint is
triggered as the instruction moves into the ID/EX stage so it never has
a chance to take an exception (it effectively never begins executing).
We should only indicate an ebreak debug cause if an ebreak leads to a
debug entry (otherwise when single stepping over an ebreak that traps to
an exception we incorrectly enter debug mode with an ebreak cause).
Update code from upstream repository https://github.com/google/riscv-
dv to revision ada58fc57a6bc1265e6c261b0f468a79c946a640
* [pmp] Fix plusarg detection for MML and MMWP (Marno van der Maas)
* [pmp] Add missing line return (Marno van der Maas)
* [pmp] Improve formatting of PMP addresses for debug (Marno van der
Maas)
* [pmp] Add a register for loop counter in PMP traps instead of
mscratch (Marno van der Maas)
* [pmp] Add illegal TOR and NAPOT address mode constraints (Marno van
der Maas)
* [pmp] Try to skip instruction if no PMP match and in MMWP (Marno van
der Maas)
* [pmp] Store and load faults caused by locked PMP regions now skip to
next instruction (Marno van der Maas)
* [pmp] Check for MML before modifying PMP entry in trap handler
(Marno van der Maas)
* [pmp] Allow already configured addresses to be overwritten with
plusargs (Marno van der Maas)
* [pmp] Use kernel_inst_end for end of code entry (Marno van der Maas)
* [pmp] Add end of kernel stack to stack entry (Marno van der Maas)
* [pmp] Put signature and stack in last PMP entries (Marno van der
Maas)
Signed-off-by: Harry Callahan <hcallahan@lowrisc.org>
This commit protects the core_busy_o signal using a multi-bit encoding
to reduce the chances of an adversary for glitching this signal to low,
thereby putting the core to sleep and e.g. not handling an alert.
Without this commit, the glitch would only be detected once both the
main core and the shadow core wake up again and the comparison of the
core_busy_o signals continues.
This resolveslowRISC/Ibex#1827.
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
Previously if a dummy instruction entered the pipeline whilst it
wouldn't make RVFI stage 0 valid, it would make RVFI stage 1 valid.
Now stage 1 can only become valid if stage 0 was valid.
Use a DPI call to unix 'date' to implement a wall-clock timeout entirely within
a simulation. This allows the UVM environment to gracefully end when the
threshold is reached, and for things like logs and coverage databases to be
generated correctly.
Previously, a process-level timeout was used, which gave the running simulation
no time to commit any logs/databases to disk before ending. Hence we would not
gather any coverage from timed-out tests.
A plusarg 'test_timeout_s' can be specified to each test to set the timeout. The
default timeout is 1800s.
Adding the key 'timeout_s' to the testlist.yaml file for each test
now sets the timeout for all iterations of that test. Value in seconds.
e.g.
Set all iterations of the pmp_full_random test to have a 10s timeout.
```
- test: riscv_pmp_full_random_test
timeout_s: 10
```
Give the sequence a handle to the cosim_agent, upon which it can call a method
to update the cosim memory model directly.
This required a small restructure of the mem_intf packages to prevent a circular dependency.
Reading uninit DMEM returns a random value.
Reading uninit IMEM returns returns {2{C.unimp}}.
Inserting intg errors upon uninit accesses is now gated with a plusarg
"+enable_bad_intg_on_uninit_access=1"
Fix missing update of the rtl mem_model when returning random data.
Update code from upstream repository https://github.com/google/riscv-
dv to revision e0eae9e0ca69770c519c82c48421005f65521eac
* [sv] Explicit type casting for VCS compability (Canberk Topal)
Signed-off-by: Canberk Topal <ctopal@lowrisc.org>
Add a plusargs "+is_double_fault_detected_fatal" to the top-level cfg,
which is set to 1 by default.
Set the default for the "+enable_double_fault_detector" to 1.
Add a new scoreboard component to the core_ibex uvm environment, which contains
a double_fault detector task. This uses the top-level output
'double_fault_seen_o' to count the number of total and consecutive double_faults
seen with a test. A helper task allows the base_test to wait upon each of these
counters reaching the configured thresholds, and then to end the test early with
a passing result.
The default thresholds are 100 for consecutive faults, and 1000 for total faults.
The double_fault detector is disabled by default.
A plusarg '+enable_double_fault_detector=1' enables the checker.
This commit enables it for only the 'pmp_full_random_test', as that is a useful
test candidate to begin with.
Previously the time over which fetch enable was disabled was randomized
at the start of the sequence and kept constant throught. Now it is
randomized for every `send_req`.
Stop generating FetchEnableOn as a possible fetch_enable value to set
and use the SecureIbex parameter to decide if full randomisation off all
of the non FetchEnableOn MUBI values if needed or we just always switch
between FetchEnableOn/FetchEnableOff
Tweaks the default min/max delay values for how long fetch remains
disabled.
Previously `fetch_enable_i` only controlled the request going into the
instruction fetch stage. Due to buffering in the prefetch queue and
icache when this request is dropped it's possible for multiple
instructions to still be available for the ID/EX stage to consume. So
when `fetch_enable_i` was set to off you would get a 'soft stop'. Some
finite number of instructions may still execute and Ibex would come to
an eventual halt.
Now `fetch_enable_i` also gates the instruction moving between the fetch
stage and the ID/EX stage. This gives a 'hard stop' where once fetch is
disabled Ibex comes to an immediate halt.
This commit changes when we cath the debug causes. Since debug_cause_o
only gets latched when `csr_save_cause_o` is high, it would work if
we change the cause with a mux that is connected to the input signals.
Resolves#1772
Signed-off-by: Canberk Topal <ctopal@lowrisc.org>
Previously Ibex signalled a major alert on an integrity error (where
incoming read data doesn't match its integrity bits) for both read and
write responses. This was removed as the data part of a response to a
write is ignored.
This brings it back in a more measured way. This provides a little extra
fault injection hardening as an attacker glitching the memory bus will
generate an alert on both read and write responses.
This test doesn't actually check the performance counters, it just runs
a random instruction test and dumps the performance counters at the end
for some final checking. That checking does not exist. The test is
currently broken as well so just remove it as it adds nothing to the
regression.
Update code from upstream repository https://github.com/google/riscv-
dv to revision c6acc1897429f5245cc89b2ecee2e3eefdefd18d
* Add plusarg to enable ECALL insn in main randomized body (Harry
Callahan)
Signed-off-by: Harry Callahan <hcallahan@lowrisc.org>
This commit adds another field in SpikeCosim class so that Spike
can hardcode the correct event registers.
Signed-off-by: Canberk Topal <ctopal@lowrisc.org>
Previously it was sourced from the OpenSUSE build service. This has
produced some reliability issues. Downloading pre-built binaries from a
GCP bucket should improve things.
This addresses a current testbench issue where asserting debug_req_i close to
when single_stepping over an instruction causes an incorrect 'cause' to be
recorded within DCSR.
This builds upon the cosimulation environment to allow us to rip-out all the
existing checking from the test, and instead focus on generating good stimulus
to hit all our coverage points.
Make use of the riscv-dv changes to insert ecall into the main test body, now
that we have a different mechanism for ending the test.
Allow illegal instructions, csr instructions, ebreak, etc. which the previous
brittle checking paradigms could not handle.
This commit adds a new field to the trr (test-run-result) structured data
that records the failure_mode of a testcase. If the test failed due to a
timeout, print a small addendum {T} to each log-line in the summary.
eg.
23.33% PASS 7 PASSED, 23 FAILED
riscv_debug_basic_test.21259: PASS
riscv_debug_basic_test.21260: FAILED {T}
riscv_debug_basic_test.21261: PASS
riscv_debug_basic_test.21262: FAILED {T}
riscv_debug_basic_test.21263: FAILED {T}
riscv_debug_instr_test.21259: FAILED {T}
riscv_debug_instr_test.21260: FAILED {T}
riscv_debug_instr_test.21261: FAILED {T}
riscv_debug_instr_test.21262: PASS
riscv_debug_instr_test.21263: FAILED {T}
riscv_dret_test.21259: FAILED
riscv_dret_test.21260: FAILED
riscv_dret_test.21261: FAILED {T}
