A port of [riscv-formal](https://github.com/SymbioticEDA/riscv-formal) to nMigen
rvfi | ||
LICENSE | ||
README.md | ||
shell.nix |
riscv-formal-nmigen
A port of riscv-formal to nMigen
Breakdown
File/Directory | Description |
---|---|
shell.nix |
nix-shell configuration file |
rvfi |
RISC-V Formal Verification Framework (nMigen port) |
rvfi/insns |
Supported RISC-V instructions and ISAs |
rvfi/checks |
Checks for RISC-V compliant cores |
rvfi/cores |
Cores currently tested against this port of riscv-formal |
rvfi/cores/minerva/verify.py |
Verification tasks for the Minerva core |
Running the Verification
First make sure you have Nix installed. Then cd
to the root directory of this repo and run:
$ nix-shell
This should run the tests (cache, multiplier, divider) provided by Minerva itself and give you an environment with all the dependencies required for this project. Then, to run the main verification tasks for Minerva provided in this repo:
$ python -m rvfi.cores.minerva.verify
This should run in the order of a few hours.
Progress
- Instruction Checks
- PC forward checks
- PC backward checks
- Register checks
- Causal checks
- Liveness checks
- Uniqueness checks
Scope
The RV32I, RV32M, RV64I and RV64M ISAs are currently implemented but only RV32IM are being tested by integrating with the Minerva core.
Known Issues
21/08/2020: Verification passes unconditionally, even in the presence of obvious bugs. This is due to thervfi.valid
signal from the CPU being held at constant 0. Suitable instruction and data buses as well as interrupt signals have not been wired to Minerva which is likely preventing the core and verification from functioning properly25/08/2020: Interrupts have been hardwired to zero and instruction/data buses attached to the Minerva core; however, running the verification quickly exhausts available memory on a machine with 32G RAM. Possible culprit: huge number ofAssume
statements on memory values07/09/2020: Instruction checks fail at line 201 asserting the value ofrd_wdata
. At least we now have a proper failure instead of an unconditional pass or an out of memory issue. Whether the translated specs themselves are in error is under investigation.- 15/09/2020: Apart from the occasional failed assertion in specific verification tasks (likely due to bugs in translation), all of the memory-related instruction checks fail with a "parser error: invalid slice" preventing the assertions from ever running. The root cause of this issue is yet to be determined.
License
See LICENSE