Google Git
Sign in
opensecura / 3p / lowrisc / opentitan / 5d45379e3d57f669cc27c6579a40394790cb0384
commit5d45379e3d57f669cc27c6579a40394790cb0384[log] [tgz]
authorMichael Schaffner <msf@google.com>Tue Jul 20 16:56:39 2021 -0700
committerMichael Schaffner <msf@google.com>Wed Jul 21 10:43:40 2021 -0700
tree671033c308741d08d4662350f8297c708d63a7b9
parent29dd5d69a763ba1768e3b5bdab7a7b65f7f28929 [diff]
[prim_lfsr] Fix assertion issue occuring right after reset

There are cases where the LFSR enable signal remains asserted
by the instantiating design while in reset. In such a case,
the NextStateCheck_A may erroneously fire in the first
cycle after reset release due to a SystemVerilog scheduler
peculiarity when the reset is synchronized with a reset synchronizer
flop that releases the reset right on the active clock edge with 0
simulation delay.

If this happens, the assertion body may be out of sync with the design,
since the assertion disable_iff statement is NOT evaluated with a value
sampled in the PREPONED region. In other words: when the assertion is
evaluated in the OBSERVED region (after active and NBA), rst_ni may
already read as 1 due to reset deassertion - however the flops in the
design may not have seen that change yet, leading to an assertion
failure because the flops have not yet changed state, whereas the
assertion expects them to have changed state.

There are a couple of possible solutions:
1) ignore the first clock tick after reset release by shifting the
assertion by one clock tick to the right
2) use a sampled reset value for disable_iff (#sampled(!rst_ni))
3) make sure the surrounding logic never asserts the LFSR enable
signal while in reset.
4) make sure that there is an artificial propagation delay on
all reset synchronizer outputs to shift reset deassertion away from
the active clock edge.

This patch implements solution 1) since this should ensure that the
issue does not occur anymore (also in future designs that instantiate
this prim).

Signed-off-by: Michael Schaffner <msf@google.com>
2 files changed
tree: 671033c308741d08d4662350f8297c708d63a7b9
  1. .github/
  2. ci/
  3. doc/
  4. hw/
  5. site/
  6. sw/
  7. test/
  8. util/
  9. .clang-format
  10. .dockerignore
  11. .flake8
  12. .gitignore
  13. .style.yapf
  14. .svlint.toml
  15. .svls.toml
  16. _index.md
  17. apt-requirements.txt
  18. azure-pipelines.yml
  19. check_tool_requirements.core
  20. CLA
  21. COMMITTERS
  22. CONTRIBUTING.md
  23. LICENSE
  24. meson.build
  25. meson_init.sh
  26. meson_options.txt
  27. python-requirements.txt
  28. README.md
  29. tool_requirements.py
  30. toolchain.txt
  31. topgen-generator.core
  32. topgen-reg-only.core
  33. topgen.core
  34. yum-requirements.txt
README.md

OpenTitan

OpenTitan logo

About the project

OpenTitan is an open source silicon Root of Trust (RoT) project. OpenTitan will make the silicon RoT design and implementation more transparent, trustworthy, and secure for enterprises, platform providers, and chip manufacturers. OpenTitan is administered by lowRISC CIC as a collaborative project to produce high quality, open IP for instantiation as a full-featured product. See the OpenTitan site and OpenTitan docs for more information about the project.

About this repository

This repository contains hardware, software and utilities written as part of the OpenTitan project. It is structured as monolithic repository, or “monorepo”, where all components live in one repository. It exists to enable collaboration across partners participating in the OpenTitan project.

Documentation

The project contains comprehensive documentation of all IPs and tools. You can access it online at docs.opentitan.org.

How to contribute

Have a look at CONTRIBUTING and our documentation on project organization and processes for guidelines on how to contribute code to this repository.

Licensing

Unless otherwise noted, everything in this repository is covered by the Apache License, Version 2.0 (see LICENSE for full text).