Add Formal Verification Flow Using Yosys's riscv-formal

[5iri]

This PR adds documentation and configuration for formal verification of the Synapse-32 CPU core using Yosys's riscv-formal and SymbiYosys.

The README is updated to explain the verification flow, including how to run SBY tasks, what is checked, and how to interpret results.

Changes

• describing the formal verification setup and usage.
• Explained the integration of riscv-formal checkers and the verification of RV32I compliance, pipeline behavior, and hazard handling.
• Provided instructions for running verification tasks and interpreting outputs.

[SuperChamp234]

Is this ready for review?

[5iri]

yes @SuperChamp234

[5iri]

@SuperChamp234 can you review now?

I have reduced the line size by a lot now :)

[Copilot]

Pull Request Overview

This PR introduces formal verification infrastructure for the Synapse-32 CPU core using Yosys's riscv-formal framework and SymbiYosys. The changes include:

• RVFI (RISC-V Formal Interface) implementation in the CPU and top-level modules
• Formal verification scripts and configuration files for instruction-level and system-level checks
• Test infrastructure with parallel execution support
• Documentation updates explaining the verification workflow

Reviewed Changes

Copilot reviewed 35 out of 35 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
rtl/riscv_cpu.v	Added RVFI output ports and logic to track instruction execution for formal verification
rtl/top.v	Added RVFI interface ports and conditional memory sizing for formal vs functional builds
rtl/core_modules/alu.v	Added simplified ALU implementation for formal verification mode
rtl/execution_unit.v	Fixed ALU output connections from hierarchical to wire-based references
rtl/data_mem.v	Moved loop variable declarations outside initial blocks for synthesis compatibility
rtl/instr_mem.v	Moved local variables outside always blocks to module scope
rtl/core_modules/uart.v	Complete rewrite to single always_comb block with next-state logic pattern
rtl/core_modules/csr_file.v	Exposed CSR registers as module outputs for external access
rtl/pipeline_stages/*.v	Added RVFI-related signals propagation through pipeline stages
formal/	Added comprehensive verification infrastructure with scripts, configs, and test suites
tests/unit_tests/*.py	Added PATH manipulation for tool discovery in test environments
README.md	Added formal verification documentation section
.gitmodules	Added riscv-formal submodule reference

Comments suppressed due to low confidence (1)

rtl/riscv_cpu.v:1

• Inconsistent indentation: these two lines should align with the indentation of surrounding port connections (lines 375-376 have different indentation than line 337).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull Request Overview

Copilot reviewed 34 out of 35 changed files in this pull request and generated 3 comments.

Comments suppressed due to low confidence (3)

rtl/riscv_cpu.v:1

• Removed the default_nettype none directive without explanation. This directive helps catch typos by requiring explicit wire declarations. Consider documenting why it was removed or restoring it if there's no technical reason for its removal.
  rtl/riscv_cpu.v:1
• The load mask calculation for halfword loads (line 665) shifts by addr[1:0], which can be 0, 1, 2, or 3. However, when addr[0] is 1 (misaligned), it returns 0, but when addr[0] is 0, it shifts 4'b0011 by addr[1:0]. If addr[1:0] is 2, this shifts to 4'b1100, which is correct. But the shift amount should only use addr[1] since halfwords are 2-byte aligned. Use 4'b0011 << {addr[1], 1'b0} instead.
  tests/unit_tests/test_alu.py:1
• The unused import of Path was removed, but the new prepend_to_path context manager (lines 9-27) is duplicated across both test files (test_alu.py and test_decoder_gcc.py). Consider moving this to a shared utility module to avoid duplication.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull Request Overview

Copilot reviewed 34 out of 35 changed files in this pull request and generated 3 comments.

Comments suppressed due to low confidence (2)

rtl/riscv_cpu.v:1

• These magic numbers (2'b11 for Machine mode, 2'b01 for RV32) should be defined as named constants or documented with references to the RISC-V specification sections that define these values.
  rtl/execution_unit.v:1
• [nitpick] Inconsistent indentation: these lines are not aligned with other port connections in the same instantiation (line 375-376 vs surrounding lines).

`default_nettype none

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[5iri]

@SuperChamp234 this pr is ready for review now, please check!

[5iri]

Running verification tests...
------------------------------------------------------------
[PASS] [instructions] bge                  - PASS     (6.86s)
[PASS] [instructions] addi                 - PASS     (6.92s)
[PASS] [instructions] andi                 - PASS     (6.95s)
[PASS] [instructions] beq                  - PASS     (7.04s)
[PASS] [instructions] auipc                - PASS     (7.08s)
[PASS] [instructions] bgeu                 - PASS     (7.08s)
[PASS] [instructions] add                  - PASS     (7.13s)
[PASS] [instructions] and                  - PASS     (7.19s)
[PASS] [instructions] blt                  - PASS     (6.12s)
[PASS] [instructions] bltu                 - PASS     (6.13s)
[PASS] [instructions] bne                  - PASS     (6.16s)
[PASS] [instructions] div                  - PASS     (6.09s)
[PASS] [instructions] divu                 - PASS     (6.19s)
[PASS] [instructions] jal                  - PASS     (6.20s)
[PASS] [instructions] jalr                 - PASS     (6.21s)
[PASS] [instructions] lb                   - PASS     (6.17s)
[PASS] [instructions] lbu                  - PASS     (6.10s)
[PASS] [instructions] lh                   - PASS     (6.14s)
[PASS] [instructions] lui                  - PASS     (6.05s)
[PASS] [instructions] mul                  - PASS     (5.93s)
[PASS] [instructions] lhu                  - PASS     (6.12s)
[PASS] [instructions] mulhsu               - PASS     (6.10s)
[PASS] [instructions] mulh                 - PASS     (6.28s)
[PASS] [instructions] lw                   - PASS     (6.43s)
[PASS] [instructions] mulhu                - PASS     (6.20s)
[PASS] [instructions] ori                  - PASS     (6.12s)
[PASS] [instructions] or                   - PASS     (6.16s)
[PASS] [instructions] remu                 - PASS     (6.12s)
[PASS] [instructions] rem                  - PASS     (6.24s)
[PASS] [instructions] sb                   - PASS     (6.18s)
[PASS] [instructions] sh                   - PASS     (6.12s)
[PASS] [instructions] sll                  - PASS     (6.15s)
[PASS] [instructions] slli                 - PASS     (5.97s)
[PASS] [instructions] sltu                 - PASS     (5.95s)
[PASS] [instructions] sltiu                - PASS     (6.10s)
[PASS] [instructions] slt                  - PASS     (6.16s)
[PASS] [instructions] slti                 - PASS     (6.24s)
[PASS] [instructions] srai                 - PASS     (6.02s)
[PASS] [instructions] sra                  - PASS     (6.20s)
[PASS] [instructions] srl                  - PASS     (6.06s)
[PASS] [instructions] srli                 - PASS     (6.26s)
[PASS] [instructions] sub                  - PASS     (6.15s)
[PASS] [instructions] xor                  - PASS     (6.17s)
[PASS] [instructions] xori                 - PASS     (6.15s)
[PASS] [instructions] sw                   - PASS     (6.29s)
[PASS] [system      ] verify_hang          - PASS     (19.00s)
[PASS] [system      ] verify_dmem          - PASS     (19.23s)
[PASS] [system      ] verify_causal        - PASS     (19.35s)
[PASS] [system      ] verify_imem          - PASS     (20.03s)
[PASS] [system      ] verify_ill           - PASS     (20.21s)
[PASS] [system      ] verify_liveness      - PASS     (20.16s)
[PASS] [system      ] verify_pc_fwd        - PASS     (20.13s)
[PASS] [system      ] verify_pc_bwd        - PASS     (20.20s)
[PASS] [system      ] verify_unique        - PASS     (17.53s)
[PASS] [system      ] verify_reg           - PASS     (17.70s)
[PASS] [integration ] verify_cover         - PASS     (73.34s)
[PASS] [integration ] verify_fault         - PASS     (70.32s)
[PASS] [integration ] verify_rv32i         - PASS     (70.74s)
[PASS] [integration ] verify_rv32mi        - PASS     (70.72s)

============================================================
RISC-V CPU Formal Verification Summary Report
============================================================
Total Tests: 59
Wall Time: 128.52 seconds
CPU Time: 762.33 seconds
Speedup: 5.93x

Overall Results:
  [PASS] PASS    :  59 tests (100.0%)
  [FAIL] FAIL    :   0 tests (  0.0%)
  [TIMEOUT] TIMEOUT :   0 tests (  0.0%)
  [ERROR] ERROR   :   0 tests (  0.0%)

Results by Category:
  instructions   : 45/45 passed (100.0%)
  system         : 10/10 passed (100.0%)
  integration    :  4/ 4 passed (100.0%)

Performance Statistics:
  Fastest: mul                  (5.93s)
  Slowest: verify_cover         (73.34s)
  Average: 12.92s per test

Detailed report saved to: /Users/apple/github/Synapse32/formal/verification_report.json