This repository has been archived by the owner on Jan 3, 2024. It is now read-only.
Add CHERI support to Ibex #2
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Also adds SocketPacketUtils from https://github.com/CTSRD-CHERI/SocketPacketUtils Change-Id: I2b175f8d33e2c21389a1e6780712aa38060ec09e
Change-Id: I65f8c23fed05fcacc4834e645be8886740d762f9
Change-Id: I24c5994c7b996e8238ae102ea79033cad9ed4467
The bus does not currently set the error signal when a request is out of ranges, so this commit adds a very simple error detection in the toplevel. At the moment writes are not cancelled. Change-Id: I11c269f4a01598a7497db0c0dc5674556929ee18
Change-Id: I9073533656c2b5378ff454a307f358964f0bdb17
Change-Id: I72b51851e11865b7f18c115b416cf2a8a118bef5
Change-Id: I93177e7bb0be8889e4da7f17c810c1e1f5af0ebb
Change-Id: Id97de7eb226cfff913c75c6883d7b52d68ee9c31
Change-Id: Iafa1eb7d6640e10590e3af6d64d79ed8078202c6
Change-Id: I4fbd14704ee1e2e24bd51f9ce96e825771b34d84
The SRAM block provided by the shared libraries does not handle reset, so memory is instead implemented in C++ so that it can be reset. Change-Id: Ic572f355ec5204c78425ce121791f461a43e28a0
Change-Id: I4ef24cd83617c1c808098641c82f2016ff426980
The in_count and out_count variables might have strange values when we encounter exceptions and jumps, so remove these as a factor when extracting RVFI data. Change-Id: If235e0aed99ae6ec21a76bf4d91ed43a939f9583
Previously, all our verilator "logic" happened while the clock cycle was low (apart from setting gnt_i signals which happened after it when high). Now, all our logic happens while the clock is high, then we evaluate the core so it can update, and then we set the clock low and evaluate. This commit also makes some tracing dependent on the verbosity - the next commit makes more printing and tracing dependent on verbosity. Change-Id: Id9927feec443d25c26f96eaa74560ecc533cdc31
Change-Id: I7bb76996b33d77cdd9c33b23914a2546fc45b4cd
If there is no real instruction to insert (ie we have run out of instructions, or for some reason our received, in_count or out_count variables got messed up), then insert NOPs instead. This should prevent the core from locking up if we run out of instructions, and should help in debugging. Change-Id: Ia3628b98fab8eeb248fbf497104828daf35d6ffb
When control flow changes occur in the core, the simulation environment needs to replay some instructions (since the instructions that have been inserted were flushed out of the pipeline). This commit adds that logic and also explains it. Change-Id: I9d7ff4f46a6e76edfee8cc60ffce32d10c708334
This is used to track when a MRET or DRET instruction occurs, so that the simulation environment can correctly replay instructions. Change-Id: I4f3f0b81ff8cda3e4b92fd58c393312ce2d47c2b
When an xRET or exception is encountered, the controller goes into the FLUSH state. RVFI data is read while the controller is in the FLUSH state, but the PC is only available the next cycle, so for RVFI we need to set the PC WData again once it is available. Change-Id: Ia6370d03ac15cbac15ae4c44cf3959138d04e21d
In typical uses, MTVEC can be set after the core fetches the first instruction and we can use the boot_addr_i signal to set it. However, when using TestRIG it is possible that the first instruction causes an exception, and in this case there is not enough time to set MTVEC before the exception is handled, so the exception vector will be whatever was in boot_addr_i on boot. This is incompatible with TestRIG, so MTVEC is set to 0 on boot rather than using boot_addr_i. Change-Id: I55f9d1daea9f18ab232d1d85311ed1e846767264
Change-Id: I0c2c98eb2d847ead3118dea69462f6376da1e401
With the changes so far, Ibex reports the same results in RVFI as the Sail-RISCV model modulo the caveats mentioned in the README. Change-Id: I17529b1d9ccb49b2d6f1253e21f6e8acffca2f9a
This was done using the vendor script from the OpenTitan repository. The SocketPacketUtils repository is pinned at the latest commit that successfully built; later commits seem to break compilation. Change-Id: I1f9c881c571257332c70789e8e6fd99b267bcc30
This will provide the CHERI instruction functionality. Currently there is no way to build BluespecSystemVerilog using fusesoc, so building the wrappers requires running "make verilog-wrappers" in the cheri-cap-lib directory. Change-Id: I75ffac7cd914769ddea758a56e5fd709418d467c
Change-Id: I1776e8073eaf8e9f96c2d9a06a13cf63d60e2123
Change-Id: I8521dfbc71693583a3184b7bfde6871eadcb9075
Change-Id: I384f96b0e64c7e8634ddfed81e911161bf073d02
This commit adds the CHERI ALU from the previous CHERI implementation, with several updates to fix some bugs and clean up the code. For now, the CHERI ALU is instantiated but not connected to anything; this is to check that it builds without syntax errors or warnings. Change-Id: I03c675268187b577d02a9ab265bb56eef9ba01f2
There are also a couple of TODOs left in the decoder for a couple of instructions - these will be implemented later Change-Id: I6755155ed23362b7e992ccd774189e718d9fc9a4
Change-Id: I4aa1c601cd1affb80dc8557dd158a902388f8f88
This adds logic in the Instruction Fetch stage to track whether there is an error in the fetch FIFO, and whether the error is a CHERI error or not. When it is, the CHERI exception information is passed to the controller. Since errors will cause FIFO flushes when they reach the controller, any later bus errors (which this logic does not handle) will be flushed and will not happen, so only one error needs to be tracked at a time. A new signal is connected from the fetch FIFO to the IF stage to signal when the output of the FIFO is the same as its input -- in this case the exception information comes directly from the input to the IF stage rather than from the registered exception signals. Change-Id: I2cf40bbaf62c6fe547dc9ae71cb7744eaf8881a7
Change-Id: I3d8833595a4f8b9362a14e797b6f1b7dfd9dabc0
Change-Id: I3e8573bdb47bdca9ac3888ef10136b550228b55b
This adds the CRRL, CRAM and getBaseAlignment to the list of BSV functions exported as modules and adds the files they generate to the core file. Change-Id: I24ae065aae1e050302117e3d0deef6c663307694
This significantly improves the performance of the TestRIG setup. Previously the simulation would sleep for 100ns every time an instruction was received before receiving the next one. Oops. Change-Id: Idbde402be8022902ad0cd419d9769395ea3d87e8
Change-Id: Idc44980f00f22dcfe4d1156660507b57cd6ad574
For the second half of a two-piece store, (i.e. misaligned or capability-width) the write-enable signal should be based on the registered exception information rather than the combinational information (the bounds check is performed for the full transaction in the first cycle). Change-Id: Ibf23e30a65c859d5831719a517699a5471611d2e
This commit splits the Program Counter Capability in the Instruction Fetch stage into: - a jump PCC (which assumes a jump will be taken); and - a nojump PCC (which assumes a jump is not taken). This is also the PCC of the instruction currently being returned by the prefetcher/caches The new_pcc muxes between the jump and nojump PCCs depending on whether there has been a jump or not. The new_pcc is used to provide authority for the current instruction fetch (since it needs to account for the new bounds) and the nojump PCC is used the same way as the old pc_if_o signal, so that it can be saved to MEPC/MEPCC when required. Change-Id: I7939efde4804872dc1b50eadd451c835fc399692
This commit should not have any behavioural effects, it just cleans up the code a bit. Change-Id: I349980af0108c91f6dfc71ce9e37ffe01493f316
Change-Id: I908f913e88957507d96694200251f79ba6d0b507
Change-Id: I43733102bf35093d75716e0dbec4ae6300415393
This improves the critical path. The previous implementation used the base of the new PCC, which requires significant logic, and then added this to the new fetch offset, despite the fact that the old logic was already factoring in the new offset into the new PCC. Getting the address of the new PCC (which has the new fetch offset factored in already) requires less logic. Change-Id: Iad2b14371c3d1c7b4b7d5fbb3e94c20050f54fc3
The value calculated by the ALU uses the PC, which is an offset of the current PCC. This means that we should compare it to the length rather than the base and top. Note: the comment explains that cheri-cap-lib does not rule out the possibility of the base being above the top, and also does not explain what happens to the length in this case. Change-Id: I92fffcee60671f53addd64f0e79f17efe7f04a68
This makes the memchecker modules purely combinational, and changes the data and instruction interfaces to not issue requests on the bus that will cause a CHERI exception. On the instruction interface, requests that might cause an exception are still issued because it is not known when the request is being made whether the request is allowed or not (because we don't know whether the resulting data contains a compressed instruction or not, and we don't know until the instruction leaves the fetch FIFO which half of the 4-byte-aligned fetch it came from). The "possible" exception signals are propagated through the fetch FIFO with the data. Fetches that are guaranteed to cause a CHERI exception (ones where both halves of the fetch are disallowed) halt the prefetcher and prevent it from making any further requests. Instructions in the fetch FIFO are executed and if none of these flush the FIFO then the error will be handled, which will flush the FIFO and restart prefetching. Change-Id: I50c9c65d55c69e3131722708799eb330bada6f2b
Change-Id: I5b2bc9c118817649a095eed03e1feafd18de287a
Change-Id: Id18b8ac94551eb781ab91fa61bd9ea11563d5987
Previously DDC was special-cased with PCC when the address of rs1 was 0, since this operation was just reading DDC into the general purpose register file, and not writing DDC. This changes it to be treated as a normal SCR in all cases. Change-Id: I6c36a1995d8f70438cd9f75a2a903cd7908dfecf
Issues were encountered when synthesizing the design when an unsized X value was being passed in, so pass in a proper value. The internal implementation of the modules ignores the value. Change-Id: I21e7700c719624a714e6613a1b3fe4dad3873d88
This change always issues requests on the instruction fetch interface regardless of whether they cause a CHERI exception or not. The exception signals are then passed through the prefetch buffer and fetch fifo the same way they were passed through before (but as a struct now). This improves the critical path. (~ -3.8ns slack before to ~ -2.73ns). Change-Id: I9e68f4f47da730afb9d152805f2147fa50db6a06
This removes a long path from the CHERI alu to the controller and then to the IF stage. We can still jump because if an exception is raised it will cause the controller to switch to the FLUSH state which will discard the effects of the jump. Change-Id: Iba845bebd791b340a71d93c69ccc7b1533e98074
Previously the path of CHERI jumps would go through the ALU, perform a setAddress, then go to the IF stage, perform a getOffset, perform a setOffset and then go through the memory checking. Now, the target capability goes directly from ID to IF without going through the CHERI ALU, and the IF stage sets the new offset and unseals the capability. The same exception checking is still performed in the CHERI ALU, and the CHERI ALU still needs to set the integer ALU inputs so that the new offset can be calculated and passed to the IF stage. Change-Id: I93983494f7f47a8481693cdbdc6fa2f673dc8fa3
The setOffset function does not modify the bounds or permissions of a capability, so the authority can be provided before this operation happens, to improve the critical path. Change-Id: I2fcd1982c11a7f53a8f6717e83b5d7eb9c2b81b9
A getAddr is almost free (the address is stored un-encoded in the capabillity format, so it just consists of selecting the appropriate bits). This commit removes some muxing logic that would extract the address (ie integer value) of a capability in the ID stage for the CHERI ALU - the extraction of the value is now done inside the ALU. Change-Id: I32d9ff81bd9c47cc2bf83008bf7579fdd7dd9d26
There are lots of comparisons performed in the CHERI ALU; this commit updates it to share two comparators for the majority of these to reduce the amount of logic. Change-Id: I283038ff53b6e9cc3c213df467645b0aa508f110
Some SystemVerilog tools cannot handle signal declarations occurring later in the file than their first use, so this moves the signals to the top of the file. Change-Id: Ib2c39754499441772f0d3c1de989e3b14cb85675
Extracting the address for RVFI is done in the ibex_core.sv file Change-Id: Ie02d94ea430fec2b2aa3889912f4327d1dad2b70
Change-Id: Ie5621a449beb3e7ae8284cfa7f8142891bde6790
The changes in the IF stage for boot address and how to change the address to be fetched on compressed instructions are only needed when compiling for TestRIG, so this commit (finally) makes this a compile time parameter. The parameter is of "int" type because as far as I can tell, it's not possible to have it set to 1 if it's a bit. FuseSoC uses the verilator edalize backend, which passes the parameter as a literal integer using verilator's -G argument (https://github.com/olofk/edalize/blob/4044f2de5bf7f43e018e18f881468baebb3452c2/edalize/verilator.py#L165) without giving it a size. Verilator interprets literal integer arguments as 32bit signed integers (https://github.com/verilator/verilator/blob/038d57070b539b2da2658edd7740d41ea069fd4f/src/V3AstNodes.cpp#L311) so it sticks "32'h" before the integer when passing the argument in to a module, and then complains because it is trying to set a 1 bit value to a 32 bit value. Change-Id: If2a147f52df98f5bdedf351279a45cc96f0dfbb3
Change-Id: I27903688cda591b3a2e8b233692af1f7410ac08b
Change-Id: Iba6a44bbbed1473bec7add62cd277e6090de07b3
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds CHERI support to Ibex.
The commits here are based on commit 31531f7.
The first few commits in this PR are the same as in #1 but with different commit messages; the code changes are identical.
Ideally this should be merged into a new
ibex_cheribranch rather than intomasteroribex_diibut it looks like GitHub only allows PRing into existing branches.