Added coverpoint and cross names to relevant plan entries so plan is up
to date with implemented coverage. Also some minor changes to remove
plan entries that are no longer required.
This groups the various different illegal instructions categories within
ibex_id_stage rather than spreading them between ibex_id_stage and
ibex_controller.
This commit removes extra hierarchy of ic_top inside icache TB and moves
the scrambling request generation logic and instantiation of data and
tag RAMs to tb.
This commit adds a new scrambling agent to drive scrambling key and
valid to the data and tag memory interfaces.
Update lowrisc_ip to lowRISC/opentitan@7c4f8b3fd
Update code from upstream repository
https://github.com/lowRISC/opentitan to revision
7c4f8b3fde4bb625ac3330ff52d3f66507190fe5
Signed-off-by: Prajwala Puttappa <prajwalaputtappa@lowrisc.org>
Earlier the design supported single clock cycle error responses from PMP
block whenever a read was done from blocked memory. Now there is at
least one clock cycle delay after the request has been granted for the
error to be asserted. Therefore, this commit removes the support for
single clock cycle PMP error response.
Update code from upstream repository
https://github.com/lowRISC/opentitan to revision
7c4f8b3fde4bb625ac3330ff52d3f66507190fe5
Please note that we're adding push_pull_agent for the first time in this
commit.
Signed-off-by: Prajwala Puttappa <prajwalaputtappa@lowrisc.org>
There was issue with rtespect to calculating number of instructions per
word and this commit fixes that issue.
Number of instructions per word = 1/4*1 + 3/4(1/4*3/2 + 3/4*2) = 53/32.
Earlier th5s was calculated as 7/4.
Ideal window length needed to calculate fetch ratio percentage is
calculated as 53/32*C*2 = 848. Earlier it was calculated to be 300.
Previously integrity checks for incoming memory reads and integrity
generation for outgoing memory writes were handled within ibex_lockstep
and weren't duplicated.
This moves the integrity checks and generation into the core so they are
replicated and checked as part of the lockstep mechanism.
Additionally it generates a bus error on any memory integrity check
failure. This will result in Ibex taking an exception if any data read
or instruction fetch has bad integrity.
Ibex has a top-level `fetch_enable_i` input. When set to on (noting it's a multi-bit signal for
security hardening though only the bottom bit is looked at for non secure ibex) Ibex executes
normally. When set to off Ibex will stop executing. Randomly toggling it should have no functional
effect on Ibex's behaviour.
The fetch enable sequence will randomly toggle the value of `fetch_enable_i` with a configurable
bias between the 'On' value and all other values.
This commit adds functionalty to the memory response agent to make delays more
configurable.
There are two delays
- Delay between req and gnt
- Delay between gnt and rvalid
For each of these delays we have three modes:
* Fully random delay
* Fixed delay
* Biased delay. Randomised delays but allow biasing towards 0 delay, to give a mix of runs with back
to back transfers with no delay and some with delays.
Signed-off-by: Prajwala Puttappa <prajwalaputtappa@lowrisc.org>
Added an independent base test with following capabilities:
* chooses between single run, multiples runs or infinite runs (existing sequence
does this via the `num_of_interations` variable).
* interval between runs can be fixed or random, with 0 delay between runs possible.
For random intervals there should be a way to bias them more towards 0 delay
(e.g. specify 75% of delays should 0 with the rest randomly chosen).
Added an interrupt sequence that inherits from the above base sequence.
It has following capabilities:
* chooses the number of interrupts to raise
* specifies the interval between interrupt being raised and dropped
* a mask to specify interrupts that shouldn't be raised.
Added a debug sequence with the only functionality to specify the interval between
the debug request being raised and dropped
Added a sequence to corrupt instruction and data memory.
Signed-off-by: Prajwala Puttappa <prajwalaputtappa@lowrisc.org>
This is triggered by the fact that if the ICache parameter is false
then we don't instantiate the ibex_icache module. For verilator
simulations, the module is then discarded entirely, which means that
its two DPI functions are not defined. That's unfortunate because
we're also compiling the code in scrambled_ecc32_mem_area.cc, which
expects the functions to be defined.
The obvious solution (don't include scrambled_ecc32_mem_area.cc if you
don't have an icache) isn't easy to do, because FuseSoc doesn't
currently allow us to use parameters to configure its dependency
tree (see fusesoc issue 438 for a discussion).
The super-clever solution that I came up with before(!) was to declare
these symbols as weak in the C++ code. That way, we can do a runtime
check to make sure that no-one is silly enough to call them without an
icache, but everything will still build properly either way.
Unfortunately, that doesn't work well with xcelium simulations.
Xcelium turns out to compile all the C++ code into one .so library and
generate functions for exported DPI functions in another. These two
solibs then get loaded at runtime with dlopen(). But this doesn't work
with weak symbols: in fact, it seems you end up with the C++ version
every time. Boo!
So let's be stupider about it and define (bogus) versions of the DPI
functions in this case. Fortunately, both of them are designed to
return zero on failure so we can just return zero and needn't worry
too much.
The idea is that when this lands, we can revert the OpenTitan change
that switched the C++ code to using weak symbols and Xcelium
simulations will start working.
Defining agent configuration for any agent is a standard UVM flow and is
a cleaner flow for defining delay between driving sequence items,
passing virtual interface etc.
Agent configuration has been added to the existing agent to make delay
configuration more flexible in the future.
Signed-off-by: Prajwala Puttappa <prajwalaputtappa@lowrisc.org>
When the icache is enabled and data independent timing is required
variable fetch latency due to cache hit or miss may introduce
undesirable timing behaviour. This adds explicit mention of this to the
documentation.
A sufficiently agressive optimiser may optimise these away as under
normal functioning they effectively don't do anything. They are purely
to detect the presence of induced faults.
We're going to want to make a couple more releases of Spike, cleaving
a bit closer to the upstream repository. Let's be explicit about which
version people should get.
This is to allow more consistent signalling in systems that integrate
Ibex (e.g. OpenTitan) so bus integrity errors external to Ibex and one's
detected within Ibex can be fed into the same alert whilst seperating
out Ibex's various internal alert causes.
We can now point at a single version of Spike (the "ibex_cosim"
branch, until we've managed to upstream things properly). And ditch
the OVPsim stuff: that's not going to be supported again any time
soon.
This will only have an effect on our private CI, which picks up this
spike build from the toolnas. The build is the ibex_cosim branch,
which contains the stuff we need for the recent cosim support. It's
also new enough to support the v1.0+0.93 bitmanip flavour that we
support in the RTL.
