From d339bf6b99edfa7fa959c668642970349edd84ad Mon Sep 17 00:00:00 2001 From: Cairo Caplan Date: Thu, 13 Nov 2025 16:47:02 +0100 Subject: [PATCH 1/2] [sec] Improved the SEC script to parameterize the checked designs, with the option to enable the CV-X-IF --- Makefile | 4 ++ scripts/sec/sec.sh | 74 ++++++++++++++++++++++++++++--------- scripts/sec/yosys/sec.eqy | 21 ++--------- scripts/sec/yosys/sec.tcl | 78 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 142 insertions(+), 35 deletions(-) create mode 100644 scripts/sec/yosys/sec.tcl diff --git a/Makefile b/Makefile index e8349432b0..d75c9b094e 100644 --- a/Makefile +++ b/Makefile @@ -156,6 +156,10 @@ python-lint: sec: ./scripts/sec/sec.sh -t yosys +.PHONY: sec_XInterface +sec_XInterface: + ./scripts/sec/sec.sh -t yosys -X + .PHONY: clean clean: -rm -rf ./build ./formal/riscv-formal/build \ No newline at end of file diff --git a/scripts/sec/sec.sh b/scripts/sec/sec.sh index 5e1418f6d9..23bd37a41b 100755 --- a/scripts/sec/sec.sh +++ b/scripts/sec/sec.sh @@ -15,49 +15,69 @@ # See the License for the specific language governing permissions and # limitations under the License. + +# Config and args parsing +# ======================= + CVE2_REPO_BASE="$(readlink -f -- "$( dirname -- "$( readlink -f -- "$0"; )"; )/../../")" SEC_BUILD_DIR="$CVE2_REPO_BASE/build/sec/" +# Create a working directory for the SEC script on the /build directory if [ ! -d $SEC_BUILD_DIR ]; then mkdir -p $SEC_BUILD_DIR + # Create a FUSESOC_IGNORE file, so fusesoc ignores this dir when looking + # for .core files touch "$SEC_BUILD_DIR/FUSESOC_IGNORE" fi usage() { # Function: Print a help message. - echo "Usage: $0 [ -t {cadence,mentor,synopsys,yosys} ]" 1>&2 + echo "Usage: $0 [ -t {cadence,mentor,synopsys,yosys} ] [ -X ]" 1>&2 } exit_abnormal() { # Function: Exit with error. usage exit 1 } -while getopts "t:" flag +# Disable the CV-X-IF support on the CVE2 by default +XInterface=0 + +while getopts "t:X" flag do case "${flag}" in - t) - target_tool=${OPTARG} - ;; + t) # Choice of SEC tool + target_tool=${OPTARG} + ;; + X) # Enable CV-X-IF support + XInterface=1 + ;; :) - exit_abnormal - ;; + exit_abnormal + ;; *) - exit_abnormal - ;; - ?) - exit_abnormal - ;; + exit_abnormal + ;; esac done -if [ ! -d "$SEC_BUILD_DIR/reports/" ]; then - mkdir -p "$SEC_BUILD_DIR/reports/" -fi - if [[ "${target_tool}" != "cadence" && "${target_tool}" != "synopsys" && "${target_tool}" != "mentor" && "${target_tool}" != "yosys" ]]; then exit_abnormal fi +if [[ $XInterface == "1" ]]; then + echo "CV-X-IF enabled" +fi + + +# Execution +# ========= + +if [ ! -d "$SEC_BUILD_DIR/reports/" ]; then + mkdir -p "$SEC_BUILD_DIR/reports/" +fi + +# Obtain the latest code from the main branch, defined as the a Golden version of the design, +# to be used as reference when performing the checking GOLDEN_DIR=$(readlink -f $SEC_BUILD_DIR/ref_design/) if [[ -z "${GOLDEN_RTL}" ]]; then echo "The env variable GOLDEN_RTL is empty." @@ -70,15 +90,18 @@ else echo "SEC: Using ${GOLDEN_RTL} as reference design" fi +# The proposed design, defined as the Revised version, is the code of the current repo REVISED_DIR=$CVE2_REPO_BASE var_golden_rtl=$(awk '{ if ($0 ~ "{DESIGN_RTL_DIR}" && $0 !~ "#" && $0 !~ "tracer" && $0 !~ "wrapper") print $0 }' ${GOLDEN_DIR}/cv32e20_manifest.flist | sed 's|${DESIGN_RTL_DIR}|./ref_design/rtl/|') var_revised_rtl=$(awk '{ if ($0 ~ "{DESIGN_RTL_DIR}" && $0 !~ "#" && $0 !~ "tracer" && $0 !~ "wrapper") print $0 }' ${REVISED_DIR}/cv32e20_manifest.flist | sed 's|${DESIGN_RTL_DIR}|../../rtl/|') +# Saves the list of concerned RTL files of each version echo $var_golden_rtl > "$SEC_BUILD_DIR/golden.src" echo $var_revised_rtl > "$SEC_BUILD_DIR/revised.src" +# Creates a dated report dir, for each run of the script report_dir="$SEC_BUILD_DIR/reports/$(date +%Y-%m-%d/%H-%M)/" if [[ -d ${report_dir} ]]; then @@ -86,6 +109,7 @@ if [[ -d ${report_dir} ]]; then fi mkdir -p ${report_dir} +# Tool dependent section if [[ "${target_tool}" == "cadence" ]]; then tcl_script=$(readlink -f $(dirname "${BASH_SOURCE[0]}"))/cadence/sec.tcl jg -sec -proj ${report_dir} -batch -tcl ${tcl_script} -define report_dir ${report_dir} &> ${report_dir}/output.cadence.log @@ -107,6 +131,10 @@ elif [[ "${target_tool}" == "mentor" ]]; then elif [[ "${target_tool}" == "yosys" ]]; then echo "Using Yosys EQY" + + if [[ -d "$SEC_BUILD_DIR/yosys" ]]; then + rm -rf "$SEC_BUILD_DIR/yosys" + fi mkdir -p "$SEC_BUILD_DIR/yosys" if ! [ -x "$(command -v eqy)" ]; then @@ -114,23 +142,33 @@ elif [[ "${target_tool}" == "yosys" ]]; then exit 1 fi - (cd $SEC_BUILD_DIR && \ + # Execute Yosys EQY on a separate environment on the build dir. + # XInterface is passed as an env var, in order to parametrize subsequent scripts + ( + export XInterface + cd $SEC_BUILD_DIR && \ eqy -f $CVE2_REPO_BASE/scripts/sec/yosys/sec.eqy -j $(($(nproc)/2)) -d ${report_dir} &> /dev/null ) mv ${report_dir}/logfile.txt ${report_dir}/output.yosys.log - rm "$SEC_BUILD_DIR/yosys/golden_io.txt" if [ -f "${report_dir}/PASS" ]; then RESULT=0 + # rm "$SEC_BUILD_DIR/yosys/golden_io.txt" elif [ -f "${report_dir}/FAIL" ]; then RESULT=1 echo "Check ${report_dir}/output.yosys.log" 1>&2 else echo "Failed to run Yosys EQY" 1>&2 + if [ -f "${report_dir}/output.yosys.log" ]; then + echo "Check ${report_dir}/output.yosys.log" 1>&2 + fi exit 1 fi fi +# End of the script +# ================= + if [[ $RESULT == 0 ]]; then echo "SEC: The DESIGN IS SEQUENTIALLY EQUIVALENT" exit 0 diff --git a/scripts/sec/yosys/sec.eqy b/scripts/sec/yosys/sec.eqy index e9346d3c78..de013bd240 100644 --- a/scripts/sec/yosys/sec.eqy +++ b/scripts/sec/yosys/sec.eqy @@ -1,4 +1,4 @@ -# Copyright 2025 OpenHW Foundation +# Copyright (c) 2025 Eclipse Foundation # # Licensed under the Solderpad Hardware Licence, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,22 +15,10 @@ # To be run as part of `./sec.sh -t yosys` from `scripts/sec` [gold] -plugin -i slang -read_slang --ignore-assertions -DGOLD --top cve2_top -f ./golden.src - -# Save the list of IO signals, in case the new revised version is different -select -write yosys/golden_io.txt o:* i:* +tcl ../../scripts/sec/yosys/sec.tcl GOLD [gate] -plugin -i slang -read_slang --ignore-assertions -DGATE --top cve2_top -f ./revised.src - - -# Delete eventual new IO signals from the revised design from analysis -select -set golden_io -read yosys/golden_io.txt -select -set revised_io o:* i:* -select -set excl_sigs @revised_io @golden_io %d -delete @excl_sigs +tcl ../../scripts/sec/yosys/sec.tcl GATE [script] prep -top cve2_top @@ -38,5 +26,4 @@ memory_map [strategy sat] use sat -depth 5 - +depth 5 \ No newline at end of file diff --git a/scripts/sec/yosys/sec.tcl b/scripts/sec/yosys/sec.tcl new file mode 100644 index 0000000000..7bc0452e55 --- /dev/null +++ b/scripts/sec/yosys/sec.tcl @@ -0,0 +1,78 @@ +# Copyright (c) 2025 Eclipse Foundation +# +# Licensed under the Solderpad Hardware Licence, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://solderpad.org/licenses/ +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# sec.tcl is an aux Tcl script used to compile RTL files with parameters, +# passed as env vars, with Yosys. +# This script is called by the Yosys EQY script sec.eqy +# +# Currently the only parameter supported is the CV-X-IF interface +# (XInterface=1) + +yosys plugin -i slang + +# GOLD or GATE +set DESIGN [lindex $argv 0] +set XInterface $::env(XInterface) + +puts "Compiling the $DESIGN design" +puts "XInterface: $XInterface" + + +# Conditional logic based on its value +if {$DESIGN eq "GOLD"} { + puts "Running GOLD flow" + + yosys read_slang --ignore-assertions -D$DESIGN -DXInterface=$XInterface --top cve2_top -f ./golden.src + + if {$XInterface eq 0} { + # Exclude specifically the top IO CV-X-IF signals from analysis + yosys select -set x_interface_set o:\x_* i:\x_* + yosys delete @x_interface_set + } + + # Save the list of IO signals, in case the new revised version is different + yosys select -write yosys/golden_io.txt o:* i:* + +} elseif {$DESIGN eq "GATE"} { + puts "Running GATE flow" + + yosys read_slang --ignore-assertions -D$DESIGN -DXInterface=$XInterface --top cve2_top -f ./revised.src + + # Delete eventual new IO ports from the revised design from analysis, as we + # cannot compare designs with different sets of IO ports + + + for {set i 10} {$i >= 0} {incr i -1} { + if {[file exists "yosys/golden_io.txt"]} { + break + } else { + puts "Attempt [ expr 10-$i+1 ]: File not found" + if {$i > 0} { + after 50 + } else { + puts "yosys/golden_io.txt not found after 10 attempts" + } + } + } + + yosys select -set golden_io -read yosys/golden_io.txt + yosys select -set revised_io o:* i:* + yosys select -set excl_sigs @revised_io @golden_io %d + yosys delete @excl_sigs + yosys select -write yosys/revised_io.txt o:* i:* + +} else { + error "Wrong first argument: $DESIGN. Only GOLD or GATE are accepted" +} \ No newline at end of file From 4c2f24906332114eb4c6221e919520e318526b47 Mon Sep 17 00:00:00 2001 From: Cairo Caplan Date: Thu, 13 Nov 2025 16:48:49 +0100 Subject: [PATCH 2/2] [sec][ci] GitHub action to perform SEC on RTL-related PRs --- .github/workflows/pr_sec.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/pr_sec.yml diff --git a/.github/workflows/pr_sec.yml b/.github/workflows/pr_sec.yml new file mode 100644 index 0000000000..c7d3a28aca --- /dev/null +++ b/.github/workflows/pr_sec.yml @@ -0,0 +1,30 @@ +# Copyright (c) 2025 Eclipse Foundation + +name: CI to run SEC on RTL changes + +on: + workflow_dispatch: {} + pull_request: + paths: + - 'rtl/**' + +jobs: + sec: + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + # From https://github.com/marketplace/actions/setup-oss-cad-suite + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install OSS CAD Suite + uses: YosysHQ/setup-oss-cad-suite@v3 + + - name: Check yosys installation + run: yosys --version || true + + - name: Run SEC on the standard core configuration + run: make sec + + - name: Run SEC on the eXtension InterFace configuration + run: make sec_Xinterface \ No newline at end of file