A port of [riscv-formal](https://github.com/SymbioticEDA/riscv-formal) to nMigen
Go to file
2020-09-15 15:44:02 +08:00
rvfi Tweak parameters for Minerva verification tasks 2020-09-15 15:44:02 +08:00
LICENSE Fix copyright holder in license 2020-08-03 12:19:14 +08:00
README.md Tweak parameters for Minerva verification tasks 2020-09-15 15:44:02 +08:00
shell.nix Remove copy of Minerva 2020-08-20 15:32:10 +08:00

riscv-formal-nmigen

A port of riscv-formal to nMigen

Breakdown

File/Directory Description
shell.nix nix-shell configuration file
rvfi RISC-V Formal Verification Framework (nMigen port)
rvfi/insns Supported RISC-V instructions and ISAs
rvfi/checks Checks for RISC-V compliant cores
rvfi/cores Cores currently tested against this port of riscv-formal
rvfi/cores/minerva/verify.py Verification tasks for the Minerva core

Running the Verification

First make sure you have Nix installed. Then cd to the root directory of this repo and run:

$ nix-shell

This should run the tests (cache, multiplier, divider) provided by Minerva itself and give you an environment with all the dependencies required for this project. Then, to run the main verification tasks for Minerva provided in this repo:

$ python -m rvfi.cores.minerva.verify

This should run in the order of a few hours.

Progress

  • Instruction Checks (mostly passing)
    • JAL failing at line 202
    • LB, LH, LW, LBU, LHU, SB, SH, SW: Parser error - invalid slice
    • SRL failing at line 201
  • PC forward checks
  • PC backward checks
  • Register checks
  • Causal checks
  • Liveness checks
  • Uniqueness checks

Scope

The RV32I, RV32M, RV64I and RV64M ISAs are currently implemented but only RV32IM are being tested by integrating with the Minerva core.

Known Issues

  • 21/08/2020: Verification passes unconditionally, even in the presence of obvious bugs. This is due to the rvfi.valid signal from the CPU being held at constant 0. Suitable instruction and data buses as well as interrupt signals have not been wired to Minerva which is likely preventing the core and verification from functioning properly
  • 25/08/2020: Interrupts have been hardwired to zero and instruction/data buses attached to the Minerva core; however, running the verification quickly exhausts available memory on a machine with 32G RAM. Possible culprit: huge number of Assume statements on memory values
  • 07/09/2020: Instruction checks fail at line 201 asserting the value of rd_wdata. At least we now have a proper failure instead of an unconditional pass or an out of memory issue. Whether the translated specs themselves are in error is under investigation.
  • 15/09/2020: Apart from the occasional failed assertion in specific verification tasks (likely due to bugs in translation), all of the memory-related instruction checks fail with a "parser error: invalid slice" preventing the assertions from ever running. The root cause of this issue is yet to be determined.

License

See LICENSE