When encountering certain illegal compressed instructions, incorrect instruction information was displayed. Now, illegal instructions can be printed correctly.
This removes several assertions from `ibex_controller`. They aimed to
ensure that controller behaviour was correct on exception behaviour
(e.g. ensuring that a pending interrupt will actually trigger an
interrupt). However they've proved to be flaky and hard to maintain with
multiple edge cases needing to be accounted for.
The co-simulation checking in functional verification will catch the
same issues these assertions catch. The assertions (when working
correctly) would cause a failure directly when the bug happens which
makes debugging easier. However they've added significant effort in
regression triage due to their many false failures so it's not worth the
maintenance burden.
Within formal they don't really add any value now we have the full
end-to-end formal flow.
This fixes#2193, an issue that meant bit clears in PMP related CSRs
didn't immediately apply to an instruction already in the fetch stage
due to a lack of a pipeline flush.
With this change the pipeline will flush in that scenario, fixing the
issue. It now flushes the pipeline on all CSR modifications as this
makes the pipeline more resliant against similar issues in the future
(where the list of CSRs to flush on should have been updated but
wasn't).
Previously the ibex_cs_registers module received the CSR address via the
operand muxes. This has been observed to cause timing issues in some
cases. The CSR address is always read from the same bits of the
instruction so there's no need to go via the operand muxes. With this
change the relevant instruction bits are fed straight out of the decoder
and into the ibex_cs_registers module.
This assertion wasn't quite correct if SecureIbex is false because it
was checking for the magic IbexMuBiOn value instead of just looking at
the bottom bit.
Fixes#2249.
These were noticed by someone responding to issue #2230. I think the
author's original logic was to point out that there's a path from e.g.
raddr_a_i to rdata_a_o which doesn't depend on any clock, so is
"asynchronous".
But that's the same in the other modes and also for the other register
file implementations, which don't have analogous comments.
Drop these ones.
The RISC-V Debug Specification (current release 1.0.0-rc4) in Section
A.2 states that the PMP must not disallow accesses to addresses of the
Debug Module when the hart is in debug mode, regardless of how the PMP
is configured. This commit changes the PMP accordingly.
Signed-off-by: Andreas Kurth <adk@lowrisc.org>
Although the current code isn't wrong as far as I can tell, it would be
better to initialize the lognest_name_length variable when it is
declared to avoid a build warning with older Verilator versions.
When targeting Xilinx FPGAs, we utilize a DSP for counters
with a width of less than 49-bit. In this case, a sync. reset
is needed. However, currently, there is a bug in the RTL
where also a sync. reset is used for the non-DSP counters
on the FPGA.
Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
If the counter width is >= 49, we do not use a DSP on the FPGA.
Then, we should use an asynchronous reset to initialize the counter.
This bug was detected when enabling the lockstep for the CW340. A
lockstep mismatch happend as the mcycle counters of the main and
shadow core did not match due to this bug.
Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
We have been using GitHub Actions for some time now, both for public CI
and private CI, and it seems to be functioning well.
Signed-off-by: Gary Guo <gary.guo@lowrisc.org>
We should use `WordZeroVal` instead of `0` for reads from register `x0` in the
FPGA register file.
This bug was discovered when enabling the `RegFileECC` parameter. When this is
enabled, the core performs ECC checks, expecting that `WordZeroVal` is returned
for `x0`. Else, we get a major alert.
FixeslowRISC/opentitan#25146
Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
- Move background to its own layer
- Make font sizes consistent
- Fix icache and pc background
Previously the background was morphed around the text, this makes it a
background again.
- Remove redundant rectangle
The instruction memory interface had two rectangles, one black and one
purple. I removed the purple one that was bleeding through in the
corners.
- Instruction fetch alignment
The Instruction fetch block was not the same height and was not top
aligned with the other blocks.
- Align text with boxes
This essentially aligns all the text insides the blocks
- Standardize lines as 0.265mm
The lines between blocks and the ones making the triangular shapes were
mostly 0.265mm with a few exceptions.
- Stroke width of block outlines same
Made all the stroke widths for all the blocks 0.5mm. I've made the outer
box a nice round 1.0mm.
- Use lowRISC colors
E0384F for the background (including the start of the gradient)
A21F4F for the outside line
- Alignment of in/out arrows
Many of these arrows were not aligned, this improves that alignment.
- Add white background to instr inf
Instruction memory interface lost its white background when the purple
outline was removed. This commits adds it back in.
- Use Liberation Sans everywhere
Exo 2 is not supported natively in browsers and there was no easy way to
embed fonts in SVG where Inkscape knew about it.
- Fade to white, not transparent
- PMP check font is now smaller
- Add background to debug request input
- Make text under prefetcher bigger so it is rendered on GitHub
- Execute text is now its own block so that it is rendered on GitHub
The previous code here was a bit too hacky, so implement a solution that
directly follows the suggestion in the Cadence support article.
An example was also added to make it clear what this transformation is
achieving.
Add some more typehints, and cleanup names.
Signed-off-by: Harry Callahan <hcallahan@lowrisc.org>
By using top-level straps for the PMP reset configuration its
easier to implement different reset configurations if there are
multiple Ibex cores in the system.
Signed-off-by: Robert Schilling <rschilling@rivosinc.com>
It appears that VCS require expression after `iff` to be wrapped inside
parenthesis otherwise it will complain about syntax error.
This should fix the weekly VCS regression.
Signed-off-by: Gary Guo <gary.guo@lowrisc.org>
Prior to this commit an ECC failure on the incoming data memory response
factored directly into the outputs for the instruction memory
interfaces. This existed due to a desire to take an NMI on an ECC
failure as soon as possible but causes timing issues so it has been
altered.
Now rather than directly raise the NMI the same cycle the assertion of
'irq_nm_int' is delayed by a cycle which breaks the feedthrough path.
Previously the riscv_rf_intg_test skipped certain scenarios where an ECC
error from the register file should trigger an alert. This change stops
it from skipping those scenarios.
A spurious response is one that isn't associated with any on-going
request. With this new feature the memory agent can generate them
randomly when the interface is idle (i.e. there are no outstanding
requests).
This test injects a fault into different MuBi encoded signals within
the prim_ram_1p_scr and prim_ram_1p_adv and checks whether a fatal
alert is triggered.
I have excluded the addr_match signal from FI as its encoding
is not directly checked. If the signal was a MuBi True, a
fault into it is treated by the mubi4_and_hi as a False.
If the signal was a MuBi False, a fault into it is treated
by the mubi4_and_hi also as a False. Hence, no address
collision occurs and the holding register is not returned.
This PR is based on #2182 and closes#2173.
Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
When an interrupt is raised the Ibex controller will move from the
DECODE state to the IRQ_TAKEN state when it chooses to handle the
interrupt. When in IRQ_TAKEN it's possible for the interrupt state to
change again which aborts the interrupt entry. This leads to mis-matches
against cosim.
This change adds a warning to flag up cases where this has occurred to
enable quick triage of failures related to this scenario.
The cosimulation environment does not know if a memory access from spike
is due to an instruction fetch or a data memory access. It uses a
heuristic to differentiate the two. Any access between the PC and the PC
+ 8 is considered an instruction fetch.
This heuristic did not correctly handle addresses at the top of the
range where the PC + 8 calculation overflows. This commit fixes the top
of range handling.
The 'pre_val' MIP addresses the scenario where MIP changes as an
instruction is excuting, this means a CSR instruction can observe a
different MIP from the one that decides whether or not that instruction
will be interrupted.
Where an access is unaligned Ibex splits it into two transactions, each
of which undergoes a PMP check. It is possible for the first half to
fail a PMP check and the second to succeed and hence produce a request
on the memory interface.
In Spike it accesses memory byte by byte and if it encounters a PMP
error for a particular byte it won't try any further bytes.
This results in a mis-match between Ibex and spike when an unaligned
transaction is split across two PMP regions, one of which allows the
access and the other doesn't. Ibex generates a transaction and spike
doesn't producing an error.
This adds a fixup into the co-simulation environment. It detects when we
have an access that fails PMP that is misaligned. Where this has
resulted in Ibex producing a memory request that spike would not we
remove it from the list of memory requests to check after checking that
the request passes PMP within spike.
