This mirrors a mistaken OpenTitan commit that I made in
December (4c89520 on the OT side), editing a vendored file. Oops!
Match that behaviour here, so that we can re-vendor without undoing
the change.
The prototype of this task has to match the one in dv_base_monitor,
which we are importing from OpenTitan (called "lowrisc_ip").
Unfortunately, OpenTitan imports Ibex, causing a circular reference
which makes it a bit fiddly to change any types.
This commit switches the tasks to match the new prototype we're going
to use in OpenTitan. We can't just apply it in Ibex
immediately (because it won't work with our vendored lowrisc_ip code),
but creating the commit *does* mean we can vendor in the changed Ibex
code at the OpenTitan end.
Once that's sorted, we can vendor OpenTitan back into Ibex and get
everything cleaned up properly.
In hindsight, we probably should have made sure our vendoring
structure was a DAG.
The latest version of `prim_count` from OpenTitan introduces a
`commit_i` input. To retain the behaviour of the previous `prim_count`
this should be set to a constant 1.
The `cnt_next_o` output has been renamed to `cnt_after_commit_o`.
Modify tracer to use the appropriate read/write masks when logging
load/store traffic from the Load Store Unit.
Signed-off-by: Adrian Lees <a.lees@lowrisc.org>
Return an error signal to the host if an address request
does not match any device.
Previously a decode failure would match against the first
device, which in the Ibex Demo System happens to be
the SRAM.
Currently, the dual-core lockstep FI mitigation is enabled/disabled
using a single bit.
For transient bit-flips, this is not problematic, as one bit-flip
into this signal and one bit into the Ibex is required to threaten
the security of the system.
However, a permanent stuck-at-0 fault could disable the lockstep
completely by targeting this signal. Then, only a single, additional
fault (transient or permanent) is required.
This PR enhances the FI resilience of the Ibex lockstep by encoding
this single bit into a ibex_mubi_t signal, i.e., a 4-bit multi-bit
signal.
Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
To be consistent between projects, this PR updates the Verilator
version to 4.210, which is also used by OpenTitan. The reason for
this change is that in #2129 Verilator linting issues occured
that did not occur in OpenTitan.
Closes#2131.
Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
The private CI works by using workflow dispatch to trigger a CI on
another repository.
Pending status checks are created before calling the dispatch to
indicate their queued status before they are picked up in private CI,
and also serves to block merge group from success.
Signed-off-by: Gary Guo <gary.guo@lowrisc.org>
As described in #20715, a single fault-induced bit-flip inside the
register file could change which of the register file value is
provided to Ibex.
This PR fixes this issue by (i) encoding raddr_a/b to one-hot
encoded signals, (ii) checking these signals for faults, and
(iii) using an one-hot encoded MUX to select which register file
value is forwarded to rdata_a/b.
Area increases by ~1% (Yosys + Nangate45 synthesis).
I conducted a formal fault injection verification at the Yosys
netlist to ensure that the issue really is fixed.
Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
Currently, the verification documentation recommends to using
ibex-cosim-v0.3. However, this version of spike causes some
compilation issues on my side:
"class "processor_t" has no member "set_mhpm_counter_num"
when calling "make" in dv/uvm/core_ibex/.
This issue occurs when using the latest pre-build lowrisc toolchain
"20231205-1" or "20230427-1".
When using ibex-cosim-v0.5 DV works.
Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
`distutils` is deprecated and will generate warnings when used.
Replace it with packaging.version instead.
pip3 command line invocation is replaced with importlib.metadata,
which removes dependency on pip3 being present.
Signed-off-by: Gary Guo <gary.guo@lowrisc.org>
This change updates the GitHub actions workflows to run on PR updates
and within the GitHub merge queue, but not on the push to the master
branch.
Because we use merge queues, the re-run for the master branch would be
redundant.
Signed-off-by: James Wainwright <james.wainwright@lowrisc.org>
Recent versions of Verilator complain about the code that was there
because the csr_pmp_cfg argument clashes with a name in ibex_core.sv.
What's more, they mean different things! In ibex_core.sv, it was the
PMP configuration for the entire core. In the functions, it's the PMP
configuration for a single region. This patch adds a "region_" prefix
to the names, which fixes both the Verilator warning and my confusion!
Update code from upstream repository
https://github.com/lowRISC/opentitan to revision
e6a0e9a1363d33789283ea6ba3c4d94d41f2dee5
* [dvsim] fix seed in json report (Gary Guo)
* [prim_prince,rtl] Split data_state array into two pieces (Rupert
Swarbrick)
* [prim_prince] Move the split_var verilator hint to prim_cipher.vlt
(Rupert Swarbrick)
* [bazel] Use the new rules for building ROMs (Chris Frantz)
* [hw,rtl,prim] Switch AND/OR for Mubi W1S/W1C (Robert Schilling)
* [util] Error out if secure_prng seed is less than 256 bits (Vladimir
Rozic)
* [dv] Update dv_sim to support sram new targets (Miguel Osorio)
* [flash_ctrl,dv] update expected double bit error set (Jaedon Kim)
* [bazel] Update the binary/test rules for building ROMs (Chris
Frantz)
* [bazel] Prepare `dvsim` to work with the new rules (Chris Frantz)
* [mubi,gen] Fix comments (Guillermo Maturana)
* [reggen] Add mubi support SWAccess that sets/clears a reg (Robert
Schilling)
* [doc] Fixing a few typos in xoshiro PRNG documentation (Vladimir
Rozic)
* [doc] Testplan's are now generated as markdown. (Hugo McNally)
* [bazel,dvsim] Prevent dvsim from (trying to) copy irrelevant files
(Amaury Pouly)
* [doc] Moved badges over to using hosted images (Hugo McNally)
* [doc] Fixed links to the getting started section. (Hugo McNally)
* [dvsim] Avoid checking for gsutil when we just need gcloud (Rupert
Swarbrick)
* [dvsim] Simplify the code that copies files up to GCP (Rupert
Swarbrick)
* [dvsim] Use new results_server methods to list cleanly (Rupert
Swarbrick)
* [dvsim] Wrap logic to move "latest" directory into results_server.py
(Rupert Swarbrick)
* [dvsim] Add an object representing connections to results server
(Rupert Swarbrick)
* [dv/cov] Fix coverage handling in some common items (Guillermo
Maturana)
* [prim] Convert prim_clock_div to abtract (Alexander Williams)
* [dv/top-level] Fix sram data integrity error injection (Guillermo
Maturana)
* [tools,vcs] Make flops use the sampled value of data to avoid races
(Guillermo Maturana)
* [prim lfsr] Replace randomize() calls with $urandom in prim_lfsr_tb
(Vladimir Rozic)
* [doc] Update LFSR coeffs descriprion. (Vladimir Rozic)
* [prim_lfsr] Remove redundant list of LFSR_COEFF (Vladimir Rozic)
* [dv/top-level] Harden chip_sw_data_integrity_escalation (Guillermo
Maturana)
* [otbn,dv] Wait more carefully for secure wipes in vseqs (Rupert
Swarbrick)
* [doc,report] Fix the dvsim report links to the testplans (Harry
Callahan)
* [doc] Add the block-dashboards to the primative page (Harry
Callahan)
* [prim_subreg] Fix RC access corner case (Michael Schaffner)
* [prim_lc_dec] Fix Xcelium compile error (Michael Schaffner)
* [misc] Use lc_tx_t testing functions at endpoints (Michael
Schaffner)
Signed-off-by: Rupert Swarbrick <rswarbrick@lowrisc.org>
The keys in this file get incorporated into the FlowCfg object that
represents a simulation or similar. Adding a spurious key won't cause
any problems, but we actually need it for the next commit, which grabs
the current version of dvsim from OpenTitan. That version of dvsim
expects the "book" key to have been set in common_project_cfg.hjson.
Splitting the two commits like this should make it a bit more obvious
where things have come from.
The existing code wanted to open file_handle as a trace file if
necessary and then use it on that clock cycle. So it (sensibly) used a
blocking assignment.
Verilator now warns about blocking assignments to globals in
"sequential logic processes" (the always_ff that is driving
everything). This is sort of easy to fix: just use an "always" block!
This commit looks slightly more involved because I've changed things
to pass the file handle to printbuffer_dumpline as an argument. It
makes the state update (where we open the file handle) a little easier
to follow.
Update code from upstream repository
https://github.com/chipsalliance/riscv-dv to revision
71666ebacd69266b1abb7cdbad5e1897ce5884e6
* Fixes to support RV32 (Maciej Kurc)
* Extend CI matrix (Eryk Szpotanski)
* Add pyflow test (Grzegorz Placzek)
* Allow the CI to run from any branch and any PR (Maciej Kurc)
* [pmp] Remove MSECCFG reads from trap handler when Smepmp is disabled
(Marno van der Maas)
Signed-off-by: Greg Chadwick <gac@lowrisc.org>
The gen_csr_test.py script provided by RISC-V DV doesn't work with
version 4.0 and upwards of the bitstring library. This patch pins it to
3.1.9 to avoid the issue.
With the latest versions of all python packages in
python-requirements.txt ibex_cmd.py was seeing a run-time type error.
Data from a YAML file that had previously always been a string could now
be an int as well. This alters the code to allow the int to work.
It turns out that we use split_var in the code, which was added in
version 4.030 (and several bugs were fixed in following versions).
Change the minimum required version to match what we're using in
CI (and presumably works!)
This was triggered by issue #2080.
This shouldn't change the behaviour when it works. On a failure, we
now print out a bit more about what's going on.
When asked to do something impossible now, I think the output is a bit
clearer. For example, if you try to run riscv_bitmanip_full_test with
an OpenTitan configuration (which doesn't have full bitmanip), the
warning message is now:
WARNING:ibex_cmd:Rejecting test: riscv_bitmanip_full_test. It specifies rtl_params of ['ibex_pkg::RV32BFull'], which doesn't contain the expected 'ibex_pkg::RV32BOTEarlGrey'.
(The following stuff that appears is a bit messy, but at least the
first line is now clearer!)
The recent versions of Verible that I've tried die when they are given
an empty waiver file. The error message is "Fatal error: Broken waiver
config handle". I can't see a way to add a comment ("// No waiver" or
similar), so I think the best way to keep everything alive is to
delete the empty file.
The background of the Icache block was a not-well-fitted path that was
causing the background to seep through. This commit updates that
background to more tightly align with the lines and letters.
The background was originally a gradient background on the right
together with a solid background on the left. This caused some
distortion on closer inspection. This commit changes it to have one
background that is a gradient from left to right.
Running the verible linter and adding review comments to the pull
request previously had to be done in two stages:
1. Triggered on the pull request - prepare config and waiver files as
artifacts.
2. Running on the repo's HEAD - run Verible and add review comments.
This was required because Actions running in the context of the pull
request did not have write permissions to add comments to pull requests.
This is now possible with the `pull_request_target` event, which
triggers when pull requests change, but runs in the context of the
repo's HEAD and has the permissions to create comments.
See lowRISC/ibex#1427 and
chipsalliance/verible-linter-action#31 for details.
Signed-off-by: James Wainwright <james.wainwright@lowrisc.org>
Update code from upstream repository
https://github.com/chipsalliance/riscv-dv to revision
08b12066b34c9728f706e45098ba502a36d7ca59
Signed-off-by: Marno van der Maas <mvdmaas+git@lowrisc.org>
