[dv/formal] Cleanup RTL for use by yosys-slang

Yosys-slang is a SystemVerilog frontend to yosys, which will be used in
upcoming formal work.

It takes issue with some parts of the formal flow. This commit cleans
things up so that it may consume the RTL happily.

Author: mndstrmr

dv/formal/check/peek/follower.sv

@@ -25,16 +25,16 @@ assign ex_err = `IDC.exc_req_d;
 assign ex_kill = `ID.wb_exception | ~`ID.controller_run;
 // Note that this only kills instructions because e.g. of a jump ahead of it or an exception
 
-assign exc_finishing = `IDC.ctrl_fsm_cs == `ID.controller_i.FLUSH;
-assign wbexc_handling_irq = `IDC.ctrl_fsm_cs == `ID.controller_i.IRQ_TAKEN;
+assign exc_finishing = `IDC.ctrl_fsm_cs == FLUSH;
+assign wbexc_handling_irq = `IDC.ctrl_fsm_cs == IRQ_TAKEN;
 
 assign wb_finishing = wbexc_is_wfi? wfi_will_finish:`CR.instr_done_wb;
 
-assign wfi_will_finish = `IDC.ctrl_fsm_cs == `ID.controller_i.FLUSH;
+assign wfi_will_finish = `IDC.ctrl_fsm_cs == FLUSH;
 
 assign wbexc_err =  wbexc_ex_err |
                     `IDC.wb_exception_o |
-                    ((`IDC.ctrl_fsm_cs == `ID.controller_i.FLUSH) & ~wbexc_csr_pipe_flush);
+                    ((`IDC.ctrl_fsm_cs == FLUSH) & ~wbexc_csr_pipe_flush);
                     // CSR pipe flushes don't count as exceptions
 
 assign wbexc_finishing =
@@ -51,7 +51,7 @@ always_comb begin
 
     ex_has_branched_d = (ex_has_branched_d | `IF.branch_req) &&
                         ~ex_kill &&
-                        (`IDC.ctrl_fsm_cs == `IDC.DECODE);
+                        (`IDC.ctrl_fsm_cs == DECODE);
 end
 
 always @(posedge clk_i or negedge rst_ni) begin
@@ -60,6 +60,58 @@ always @(posedge clk_i or negedge rst_ni) begin
         ex_has_compressed_instr <= 1'b0;
         ex_has_branched_q <= 1'b0;
         wbexc_csr_pipe_flush <= 1'b0;
+
+        // Zero initialise everything to avoid warnings
+        wbexc_post_wX <= 32'b0;
+        wbexc_post_wX_addr <= 5'b0;
+        wbexc_post_wX_en <= 1'b0;
+        wbexc_instr <= 32'b0;
+        wbexc_decompressed_instr <= 32'b0;
+        wbexc_compressed_illegal <= 1'b0;
+        wbexc_ex_err <= 1'b0;
+        wbexc_fetch_err <= 1'b0;
+        wbexc_post_int_err <= 1'b0;
+        wbexc_illegal <= 1'b0;
+        wbexc_pc <= 32'b0;
+        wbexc_is_checkable_csr <= 1'b0;
+        wbexc_spec_mem_read_fst_rdata <= 32'b0;
+        wbexc_spec_mem_read_snd_rdata <= 32'b0;
+        wbexc_mem_had_snd_req <= 1'b0;
+        ex_compressed_instr <= 32'b0;
+        wbexc_post_pc <= 32'h0;
+        wbexc_post_priv <= Machine;
+        wbexc_post_mstatus <= 32'h0;
+        wbexc_post_mie <= 32'h0;
+        wbexc_post_mcause <= 32'h0;
+        wbexc_post_mtval <= 32'h0;
+        wbexc_post_mtvec <= 32'h0;
+        wbexc_post_mscratch <= 32'h0;
+        wbexc_post_mepc <= 32'h0;
+        wbexc_post_mcycle <= 32'h0;
+        wbexc_post_mshwmb <= 32'h0;
+        wbexc_post_mshwm <= 32'h0;
+        wbexc_post_mcounteren <= 32'h0;
+        wbexc_post_mseccfg <= 32'h0;
+        wbexc_dut_post_pc <= 32'h0;
+        wbexc_dut_post_priv <= Machine;
+        wbexc_dut_post_mstatus <= 32'h0;
+        wbexc_dut_post_mie <= 32'h0;
+        wbexc_dut_post_mcause <= 32'h0;
+        wbexc_dut_post_mtval <= 32'h0;
+        wbexc_dut_post_mtvec <= 32'h0;
+        wbexc_dut_post_mscratch <= 32'h0;
+        wbexc_dut_post_mepc <= 32'h0;
+        wbexc_dut_post_mcycle <= 32'h0;
+        wbexc_dut_post_mshwmb <= 32'h0;
+        wbexc_dut_post_mshwm <= 32'h0;
+        wbexc_dut_post_mcounteren <= 32'h0;
+        wbexc_dut_post_mseccfg <= 32'h0;
+        for (integer i = 0; i < PMPNumRegions; i++) begin
+            wbexc_post_pmp_cfg[i] <= 32'h0;
+            wbexc_post_pmp_addr[i] <= 32'h0;
+            wbexc_dut_post_pmp_cfg[i] <= 32'h0;
+            wbexc_dut_post_pmp_addr[i] <= 32'h0;
+        end
     end else begin
         if (wbexc_finishing) begin
             wbexc_exists <= 1'b0;

dv/formal/check/peek/mem.sv

@@ -60,7 +60,10 @@ assign mem_req_fst_d = data_req_o & ~mem_gnt_fst_q;
 assign mem_req_snd_d = data_req_o & mem_gnt_fst_q;
 
 always @(posedge clk_i or negedge rst_ni) begin
-    if (~rst_ni | instr_will_progress) begin
+    if (~rst_ni) begin
+        mem_gnt_fst_q <= 1'b0;
+        mem_gnt_snd_q <= 1'b0;
+    end else if (instr_will_progress) begin
         mem_gnt_fst_q <= 1'b0;
         mem_gnt_snd_q <= 1'b0;
     end else begin

dv/formal/spec/spec_api.sv

@@ -57,8 +57,6 @@ module spec_api #(
     output mstatus_t mstatus_o,
     input logic [31:0] mcause_i,
     output logic [31:0] mcause_o,
-    input logic [63:0] mcycle_i,
-    output logic [63:0] mcycle_o,
     input logic [31:0] mtval_i,
     output logic [31:0] mtval_o,
     input logic [31:0] mtvec_i,
@@ -67,10 +65,6 @@ module spec_api #(
     output logic [31:0] mscratch_o,
     input logic [31:0] mepc_i,
     output logic [31:0] mepc_o,
-    input logic [31:0] mshwmb_i,
-    output logic [31:0] mshwmb_o,
-    input logic [31:0] mshwm_i,
-    output logic [31:0] mshwm_o,
     input logic [31:0] mcounteren_i,
     output logic [31:0] mcounteren_o,
 
@@ -166,7 +160,12 @@ end
 t_Mseccfg_ent mseccfg_out;
 assign mseccfg_o = mseccfg_out.bits;
 
+logic sail_reached_unreachable;
+logic [31:0] sail_reached_unreachable_loc;
+
 sail_ibexspec spec_i(
+    .sail_reached_unreachable,
+    .sail_reached_unreachable_loc,
     .cur_inst_in(insn_bits),
     .cur_inst_out(),
     .cur_privilege_in(priv_i),
@@ -345,7 +344,7 @@ sail_ibexspec spec_i(
     .mode(main_mode)
 );
 
-assign int_err_o = spec_i.sail_reached_unreachable |
+assign int_err_o = sail_reached_unreachable |
                    spec_i.sail_have_exception |
                    (main_result != MAINRES_OK);
 

dv/formal/spec/stub.sv

@@ -4,6 +4,8 @@
 // Original author: Louis-Emile Ploix
 // SPDX-License-Identifier: Apache-2.0
 
+`include "sail.sv"
+
 /*
 Provides stubs (mostly) for the native functions the Sail expects to see, mostly
 handling config stuff.

dv/formal/thm/ibex.proof

@@ -39,7 +39,7 @@ lemma ibex
   NonCompressedMatch: have (wbexc_finishing && wbexc_instr[1:0] == 2'b11 |-> wbexc_instr == wbexc_decompressed_instr)
   CompressedMatch: have (ex_has_compressed_instr |-> ex_compressed_instr[15:0] == `CR.instr_rdata_c_id)
 
-  PostFlushNoInstr: have (`IDC.ctrl_fsm_cs == `IDC.FLUSH |=> ~`CR.instr_valid_id)
+  PostFlushNoInstr: have (`IDC.ctrl_fsm_cs == FLUSH |=> ~`CR.instr_valid_id)
 
   DecompressionIllegalIdEx: have (ex_has_compressed_instr |-> decompressed_instr_illegal == `CR.illegal_c_insn_id)
   DecompressionMatchIdEx: have (ex_has_compressed_instr & ~`CR.illegal_insn_id & ~`CR.illegal_c_insn_id |-> decompressed_instr == `CR.instr_rdata_id)
@@ -69,13 +69,13 @@ lemma ibex
 
   RfWriteWb: have (`CR.rf_write_wb & wbexc_finishing |-> `WB.rf_we_wb_o)
 
-  CtrlWbexc: have (wbexc_exists |-> `IDC.ctrl_fsm_cs == `IDC.DECODE || `IDC.ctrl_fsm_cs == `IDC.FLUSH)
-  ProgressDecode: have (instr_will_progress |-> `IDC.ctrl_fsm_cs == `IDC.DECODE)
+  CtrlWbexc: have (wbexc_exists |-> `IDC.ctrl_fsm_cs == DECODE || `IDC.ctrl_fsm_cs == FLUSH)
+  ProgressDecode: have (instr_will_progress |-> `IDC.ctrl_fsm_cs == DECODE)
 
   BranchedProg: have (ex_has_branched_d & ~instr_will_progress |=> ex_has_branched_d | `IDC.wb_exception_o)
 
-  IDCFsmAny: have (`IDC.ctrl_fsm_cs inside {`IDC.RESET, `IDC.BOOT_SET, `IDC.WAIT_SLEEP, `IDC.SLEEP, `IDC.FIRST_FETCH, `IDC.DECODE, `IDC.IRQ_TAKEN, `IDC.FLUSH})
-  IDCFsmNotBoot: have (##3 ~(`IDC.ctrl_fsm_cs inside {`IDC.RESET, `IDC.BOOT_SET}))
+  IDCFsmAny: have (`IDC.ctrl_fsm_cs inside {RESET, BOOT_SET, WAIT_SLEEP, SLEEP, FIRST_FETCH, DECODE, IRQ_TAKEN, FLUSH})
+  IDCFsmNotBoot: have (##3 ~(`IDC.ctrl_fsm_cs inside {RESET, BOOT_SET}))
 
   MemInstrEx: have (`LSU.ls_fsm_cs != `LSU.IDLE |-> ex_is_mem_instr)
   MemInstrWbLoad: have (`WB.outstanding_load_wb_o |-> wbexc_is_load_instr)
@@ -207,13 +207,13 @@ lemma ibex
   StallNoChangeA: have (`LSU.ls_fsm_cs != `LSU.IDLE && ($past(`LSU.ls_fsm_cs) != `LSU.IDLE || $past(`LSU.lsu_req_i)) |-> $stable(`ID.rf_rdata_a_fwd))
   StallNoChangeB: have (data_we_o && `LSU.ls_fsm_cs != `LSU.IDLE && ($past(`LSU.ls_fsm_cs) != `LSU.IDLE || $past(`LSU.lsu_req_i)) |-> $stable(`ID.rf_rdata_b_fwd))
 
-  BecameDecodeIsInstrStart: have (`IDC.ctrl_fsm_cs == `IDC.DECODE && !$stable(`IDC.ctrl_fsm_cs) |-> ~`ID.instr_valid_i | `CR.instr_new_id)
-  BecameDecodeIsEmptyWbexc: have (`IDC.ctrl_fsm_cs == `IDC.DECODE && !$stable(`IDC.ctrl_fsm_cs) |-> ~wbexc_exists)
+  BecameDecodeIsInstrStart: have (`IDC.ctrl_fsm_cs == DECODE && !$stable(`IDC.ctrl_fsm_cs) |-> ~`ID.instr_valid_i | `CR.instr_new_id)
+  BecameDecodeIsEmptyWbexc: have (`IDC.ctrl_fsm_cs == DECODE && !$stable(`IDC.ctrl_fsm_cs) |-> ~wbexc_exists)
   FetchErrIsErr: have (wbexc_fetch_err & wbexc_exists |-> wbexc_err & `IDC.instr_fetch_err)
 
   # If control FSM is in `FIRST_FETCH`, then there shouldn't be an instruction that is already fetched by IF but not consumed by ID.
   # This helps to prove FetchErrRoot.
-  FirstFetchNoInstr: have (`IDC.ctrl_fsm_ns == `IDC.FIRST_FETCH |-> ~`IF.instr_valid_id_q)
+  FirstFetchNoInstr: have (`IDC.ctrl_fsm_ns == FIRST_FETCH |-> ~`IF.instr_valid_id_q)
 
   MemOpRequiresValid: have (`LSU.ls_fsm_cs != `LSU.IDLE || `CR.lsu_req |-> `ID.instr_valid_i)
 
@@ -253,7 +253,7 @@ lemma ibex
   SpecStableStoreData: have (ex_is_store_instr && `LSU.ls_fsm_cs != `LSU.IDLE && ($past(`LSU.ls_fsm_cs) != `LSU.IDLE || $past(`LSU.lsu_req_i)) |-> $stable(spec_mem_write_fst_wdata))
   SpecStableStoreSndData: have (ex_is_store_instr && `LSU.ls_fsm_cs != `LSU.IDLE && ($past(`LSU.ls_fsm_cs) != `LSU.IDLE || $past(`LSU.lsu_req_i)) |-> $stable(spec_mem_write_snd_wdata))
 
-  FetchErrRoot: have (`ID.instr_valid_i && (`IDC.ctrl_fsm_cs == `IDC.FLUSH -> ~$past(`IDC.csr_pipe_flush)) |-> spec_fetch_err == `ID.instr_fetch_err_i)
+  FetchErrRoot: have (`ID.instr_valid_i && (`IDC.ctrl_fsm_cs == FLUSH -> ~$past(`IDC.csr_pipe_flush)) |-> spec_fetch_err == `ID.instr_fetch_err_i)
 
   LoadNotSpecWrite: have (`ID.instr_valid_i & ex_is_load_instr |-> ~spec_mem_write)
   StoreNotSpecRead: have (`ID.instr_valid_i & ex_is_store_instr |-> ~spec_mem_read)
@@ -301,9 +301,9 @@ lemma live
   DivMiddle: have (`MULT.div_counter_q == 5'd31 && `MULT.md_state_q == `MULT.MD_COMP |-> ##30 `MULT.div_counter_q == 5'd1 && `MULT.md_state_q == `MULT.MD_COMP)
   DivEnd: have (`MULT.div_counter_q == 5'd1 && `MULT.md_state_q == `MULT.MD_COMP |-> ##3 instr_will_progress)
 
-  WFIStart: have (instr_will_progress & ex_is_wfi & ~ex_err |-> ##[0:5] `IDC.ctrl_fsm_cs == `IDC.SLEEP)
-  WFIMiddle: have (`IDC.ctrl_fsm_cs == `IDC.SLEEP |-> ##[0:20] `IDC.ctrl_fsm_cs == `IDC.SLEEP && `IDC.ctrl_fsm_ns == `IDC.FIRST_FETCH)
-  WFIEnd: have (`IDC.ctrl_fsm_cs == `IDC.SLEEP && `IDC.ctrl_fsm_ns == `IDC.FIRST_FETCH |-> ##[0:5] `IF.id_in_ready_i)
+  WFIStart: have (instr_will_progress & ex_is_wfi & ~ex_err |-> ##[0:5] `IDC.ctrl_fsm_cs == SLEEP)
+  WFIMiddle: have (`IDC.ctrl_fsm_cs == SLEEP |-> ##[0:20] `IDC.ctrl_fsm_cs == SLEEP && `IDC.ctrl_fsm_ns == FIRST_FETCH)
+  WFIEnd: have (`IDC.ctrl_fsm_cs == SLEEP && `IDC.ctrl_fsm_ns == FIRST_FETCH |-> ##[0:5] `IF.id_in_ready_i)
 
   NewProgNormal: have (`CR.instr_new_id & `CR.instr_valid_id & ~ex_is_div & ~ex_is_mem_instr |-> ##[0:5] (instr_will_progress | (ex_kill & `CR.instr_valid_id)))
   NewProgMem: have (`CR.instr_new_id & `CR.instr_valid_id & ex_is_mem_instr |-> ##[0:10] (instr_will_progress | (ex_kill & `CR.instr_valid_id)))

dv/formal/thm/riscv.proof

@@ -153,7 +153,7 @@ lemma riscv
          Pmp_cfg:(pmp_cfg) Pmp_addr:(pmp_addr) Mseccfg:(mseccfg)
       have (spec_past_``X == pre_``X)
 
-  SleepSpecPastPC: have (has_spec_past & (`IDC.ctrl_fsm_cs == `IDC.WAIT_SLEEP || `IDC.ctrl_fsm_cs == `IDC.SLEEP) |-> spec_past_pc == `CR.pc_if)
+  SleepSpecPastPC: have (has_spec_past & (`IDC.ctrl_fsm_cs == WAIT_SLEEP || `IDC.ctrl_fsm_cs == SLEEP) |-> spec_past_pc == `CR.pc_if)
 
   /