You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When DCLS and `lockstep_regfile_enable` is enabled, previously, a
subset of registers were directly compared. This has two drawbacks:
- Area overhead is quite large as multiple registers need to be
compared
- No comprehensive protection as only a subset of registers were
covered.
This commit switches from a comparison of a subset of registers to
the comparison of the read output ports of the main and the shadow
core. This:
- Saves area as only the output ports need to be compared
- Covers all registers
The detection latency is a bit higher as a fault injected into a
registes is only detected when the register is read from the RF.
However, this is fine as we are interested in detecting a fault
when we are consuming the register file value.
Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
Copy file name to clipboardExpand all lines: docs/source/dual-core-lock-step.md
+28-16Lines changed: 28 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,7 @@ The diagram below outlines the architecture of the proposed solution.
21
21
22
22

23
23
24
-
Outputs and the register file from the main core are delayed by `DELAY` cycles and passed to the `Equivalency Checker` for verification against the outputs and the register file of the Shadow Core.
24
+
Outputs and the register file from the main core are delayed by `DELAY` cycles and passed to the `Equivalency Checker` for verification against the outputs and the register file outputs of the Shadow Core.
25
25
26
26
### Error Policy
27
27
@@ -35,27 +35,23 @@ The corruption error will be reported always when all of the following requireme
35
35
36
36
### Monitored Registers
37
37
38
-
The Shadow Core can have its internal copy of the register file by setting a proper VeeR EL2 configuration flag.
38
+
#### Register File
39
+
40
+
Enabling the `lockstep_regfile_enable` VeeR EL2 configuration flag exposes the register file read ports of both cores to the `Equivalency Checker`.
39
41
Even though every discrepancy between register files of the Main Core and Shadow Core will eventually lead to difference between IOs of these modules, it might take some time for the mismatch to manifest.
40
-
To determine whether a discrepancy has occurred immediately, the register files from both cores will be compared taking into account a reasonable subset of the VeeR EL2 registers, as defined in the table below:
42
+
To detect the discrepancy on a read immediately, the register file read port outputs from both cores are compared.
43
+
44
+
#### Control and Status Registers
45
+
46
+
The following CSRs from both cores will be compared:
41
47
42
-
:::{list-table} Monitored VeeR EL2 Registers
48
+
:::{list-table} Monitored VeeR EL2 CSRs
43
49
:header-rows: 0
44
-
:name: tab-dcls-monitored-veer-el2-registers
50
+
:name: tab-dcls-monitored-veer-el2-csrs
45
51
:align: center
46
52
47
53
*-**Name**
48
54
-**Description**
49
-
*- x1 (ra)
50
-
- Return address
51
-
*- x2 (sp)
52
-
- Stack pointer
53
-
*- x8 (s0/fp)
54
-
- Saved register / frame pointer
55
-
*- x10-x11 (a0-a1)
56
-
- Function arguments / return values
57
-
*- x12-17 (a2-7)
58
-
- Function arguments
59
55
*- pc
60
56
- Program Counter
61
57
*- npc
@@ -1179,7 +1175,7 @@ Entering Debug Mode with DCLS enabled will disable DCLS until the next reset.
1179
1175
The DCLS feature can be enabled via `-set lockstep_enable=1` option.
1180
1176
There are two configuration options:
1181
1177
*`-set lockstep_delay={2, 3, 4}` - the delay applied on the Shadow Core between 2 and 4 cycles,
1182
-
*`-set lockstep_regfile_enable=1` - enable exposing the VeeR Register File so the Shadow Core will have an internal copy to compare with the Main Core Register File.
1178
+
*`-set lockstep_regfile_enable=1` - enable exposing the VeeR register file read ports so the Shadow Core's read-port outputs can be compared against the Main Core's.
1183
1179
1184
1180
The configuration options are ignored and their macros are not generated if the Dual Core Lockstep feature is disabled.
1185
1181
@@ -1307,4 +1303,20 @@ The DCLS feature will be tested within:
1307
1303
-`dcls_debug`
1308
1304
*-
1309
1305
-
1306
+
*-**Function**
1307
+
-**Register file fault injection detection**
1308
+
*- Reference Document
1309
+
-
1310
+
*- Check description
1311
+
- Inject a fault into the register file or the register file output ports of the main or the shadow core.
1312
+
*- Coverage groups
1313
+
-
1314
+
*- Assertions
1315
+
- Detection bit is asserted upon encountered corruption. Error behavior follows the relevant error handling policy. No action is taken if no corruption was introduced.
0 commit comments