ADC_CTRL DV document

Goals

  • DV
    • Verify all ADC_CTRL IP features by running dynamic simulations with a SV/UVM based testbench
    • Develop and run all tests based on the testplan below towards closing code and functional coverage on the IP and all of its sub-modules
  • FPV
    • Verify TileLink device protocol compliance with an SVA based testbench

Current status

Design features

For detailed information on ADC_CTRL design features, please see the ADC_CTRL HWIP technical specification.

Testbench architecture

ADC_CTRL testbench has been constructed based on the CIP testbench architecture.

Block diagram

Block diagram

Top level testbench

Top level testbench is located at hw/ip/adc_ctrl/dv/tb/tb.sv. It instantiates the ADC_CTRL DUT module hw/ip/adc_ctrl/rtl/adc_ctrl.sv. In addition, it instantiates the following interfaces, connects them to the DUT and sets their handle into uvm_config_db:

Common DV utility components

The following utilities provide generic helper tasks and functions to perform activities that are common across the project:

Global types & methods

All common types and methods defined at the package level can be found in adc_ctrl_env_pkg.

TL_agent

ADC_CTRL testbench instantiates (already handled in CIP base env) tl_agent which provides the ability to drive and independently monitor random traffic via TL host interface into ADC_CTRL device.

push_pull agents

The ADC data interface is emulated using push_pull agents. (push_pull_agent

UVM RAL Model

The ADC_CTRL RAL model is created with the ralgen FuseSoC generator script automatically when the simulation is at the build stage.

It can be created manually by invoking regtool:

Stimulus strategy

Test sequences

All test sequences reside in hw/ip/adc_ctrl/dv/env/seq_lib. The adc_ctrl_base_vseq virtual sequence is extended from cip_base_vseq and serves as a starting point. All test sequences are extended from adc_ctrl_base_vseq. It provides commonly used handles, variables, functions and tasks that the test sequences can use.

Functional coverage

To ensure high quality constrained random stimulus, it is necessary to develop a functional coverage model. The following covergroups have been developed to prove that the test intent has been adequately met:

  • adc_ctrl_filter_cg: filter configurations, one instance per filter These are sampled by the scoreboard when the ADC_CRTL is enabled by register and also on interrupt and wakeup line assertion. To distinguish between these situations and the fast clock gating status additional flags are also sampled enabling cross coverage.
  • adc_ctrl_testmode_cg: The mode of operation of the ADC_CTRL with transition bins to show modes can be selected independently of a previous selected mode.
  • adc_ctrl_hw_reset_cg: The state of the FSM and counters when a hardware reset is applied.
  • adc_ctrl_fsm_reset_cg: The state of the FSM and counters when a FSM reset is applied.

Self-checking strategy

Scoreboard

The adc_ctrl_scoreboard is primarily used for end to end checking. It creates the following analysis ports to retrieve the data monitored by corresponding interface agents:

  • tl_[a_chan, d_chan, dir]_fifo_lc_ctrl_reg_block.analysis_export: TileLink CSR reads/writes.
  • m_adc_push_pull_fifo_[0,1,…].analysis_export: Transactions representing the ADC channel data Using data from the TileLink and ADC data streams a model within the scoreboard predicts the interrupt and wakeup line logic level at any point in the simulation. It also predicts various volatile register content. The scoreboard uses the predictions to compare against the RTL signals and register read data.

Assertions

  • TLUL assertions: The sva/adc_ctrl_bind.sv binds the tlul_assert assertions to the IP to ensure TileLink interface protocol compliance.
  • ADC_CTRL FSM assertions sva/adc_ctrl_fsm_sva.sv bound inside adc_ctrl_fsm
    • FsmStateSwReset_A: Checks FSM is reset by rst_aon_ni
    • PwrupTimerCntSwReset_A: Checks powerup timer counter is reset by rst_aon_ni
    • WakeupTimerCntSwReset_A: Checks wakeup timer counter is reset by rst_aon_ni
    • NpSampleCntSwReset_A: Checks normal power sample counter is reset by rst_aon_ni
    • LpSampleCntSwReset_A: Checks low power sample counter is reset by rst_aon_ni
    • FsmStateHwReset_A: Checks FSM is reset by register adc_fsm_rst
    • PwrupTimerCntHwReset_A: Checks powerup timer counter is reset by register adc_fsm_rst
    • WakeupTimerCntHwReset_A: Checks wakeup timer counter is reset by register adc_fsm_rst
    • NpSampleCntHwReset_A: Checks normal power sample counter is reset register adc_fsm_rst
    • LpSampleCntHwReset_A: Checks low power sample counter is reset by register adc_fsm_rst
  • Unknown checks on DUT outputs: The RTL has assertions to ensure all outputs are initialized to known values after coming out of reset.
  • Assertions in tb.sv
    • ChannelSelOnehot_A: Checks at most one ADC channel select is asserted at any time
    • ChannelSelKnown_A: Checks all ADC channel selects have a known logic value
    • PwrupTime_A: Checks the time period between low power sampling cycles is consistent with the value in the configuration object.
    • WakeupTime_A: Checks the time period between power up and first channel selected is consistent with the value in the configuration object.
    • EnterLowPower_A: Checks the ADC power down is asserted between sampling periods in low power mode.

Building and running tests

We are using our in-house developed regression tool for building and running our tests and regressions. Please take a look at the link for detailed information on the usage, capabilities, features and known issues. Here’s how to run a smoke test:

$ $REPO_TOP/util/dvsim/dvsim.py $REPO_TOP/hw/ip/adc_ctrl/dv/adc_ctrl_sim_cfg.hjson -i adc_ctrl_smoke

Testplan

Testpoints

Stage Name Tests Description
V1 smoke adc_ctrl_smoke

Verify datapath between AST ADC interface and ADC sample registers.

Stimulus:

For a number of iterations:

  • Configure DUT no filters or events.
  • Generate ADC data.
  • Sample into capture registers using oneshot mode.

Checks:

  • From monitored ADC data predict the value of the ADC sample register
  • Compare sample registers against expected.
  • Check oneshot bit of interrupt status register works as expected.
V1 csr_hw_reset adc_ctrl_csr_hw_reset

Verify the reset values as indicated in the RAL specification.

  • Write all CSRs with a random value.
  • Apply reset to the DUT as well as the RAL model.
  • Read each CSR and compare it against the reset value. it is mandatory to replicate this test for each reset that affects all or a subset of the CSRs.
  • It is mandatory to run this test for all available interfaces the CSRs are accessible from.
  • Shuffle the list of CSRs first to remove the effect of ordering.
V1 csr_rw adc_ctrl_csr_rw

Verify accessibility of CSRs as indicated in the RAL specification.

  • Loop through each CSR to write it with a random value.
  • Read the CSR back and check for correctness while adhering to its access policies.
  • It is mandatory to run this test for all available interfaces the CSRs are accessible from.
  • Shuffle the list of CSRs first to remove the effect of ordering.
V1 csr_bit_bash adc_ctrl_csr_bit_bash

Verify no aliasing within individual bits of a CSR.

  • Walk a 1 through each CSR by flipping 1 bit at a time.
  • Read the CSR back and check for correctness while adhering to its access policies.
  • This verify that writing a specific bit within the CSR did not affect any of the other bits.
  • It is mandatory to run this test for all available interfaces the CSRs are accessible from.
  • Shuffle the list of CSRs first to remove the effect of ordering.
V1 csr_aliasing adc_ctrl_csr_aliasing

Verify no aliasing within the CSR address space.

  • Loop through each CSR to write it with a random value
  • Shuffle and read ALL CSRs back.
  • All CSRs except for the one that was written in this iteration should read back the previous value.
  • The CSR that was written in this iteration is checked for correctness while adhering to its access policies.
  • It is mandatory to run this test for all available interfaces the CSRs are accessible from.
  • Shuffle the list of CSRs first to remove the effect of ordering.
V1 csr_mem_rw_with_rand_reset adc_ctrl_csr_mem_rw_with_rand_reset

Verify random reset during CSR/memory access.

  • Run csr_rw sequence to randomly access CSRs
  • If memory exists, run mem_partial_access in parallel with csr_rw
  • Randomly issue reset and then use hw_reset sequence to check all CSRs are reset to default value
  • It is mandatory to run this test for all available interfaces the CSRs are accessible from.
V1 regwen_csr_and_corresponding_lockable_csradc_ctrl_csr_rw
adc_ctrl_csr_aliasing

Verify regwen CSR and its corresponding lockable CSRs.

  • Randomly access all CSRs
  • Test when regwen CSR is set, its corresponding lockable CSRs become read-only registers

Note:

  • If regwen CSR is HW read-only, this feature can be fully tested by common CSR tests - csr_rw and csr_aliasing.
  • If regwen CSR is HW updated, a separate test should be created to test it.

This is only applicable if the block contains regwen and locakable CSRs.

V2 filters_polled adc_ctrl_filters_polled

Verify filter functionality by polling filter status register.

Stimulus:

For a number of iterations:

  • Configure DUT with randomized filter parameters, filters enabled but no interrupts or wake events.
  • Generate ADC data stream.

Checks:

  • From monitored ADC data predict when filters should be triggered.
  • Confirm this by reading the filter status register.
  • Ensure that only one ADC channel is selected at a time.
V2 filters_polled_fixed adc_ctrl_filters_polled_fixed

As filters_polled but with filter parameters fixed during the test.

V2 filters_interrupt adc_ctrl_filters_interrupt

Verify filter interrupt functionality.

Stimulus:

For a number of iterations:

  • Configure DUT with randomized filter parameters, filters and interrupts enabled.
  • Generate ADC data stream.

Checks:

  • From monitored ADC data predict when filters should be triggered.
  • Confirm this by reading the filter status register and interrupt status register.
  • Confirm correct interrupt sample value has been captured in ADC sample registers(s)
  • Check interrupt signal operates as expected.
V2 filters_interrupt_fixed adc_ctrl_filters_interrupt_fixed

As filters_interrupt but with filter parameters fixed during the test.

V2 filters_wakeup adc_ctrl_filters_wakeup

Verify filter wakeup functionality

Stimulus: For a number of iterations:

  • Configure DUT with randomized filter parameters, filters and wakeup enabled, low power sampling mode.
  • Generate ADC data stream.

Checks:

  • From monitored ADC data predict when filters should be triggered.
  • Confirm this by reading the filter status register.
  • Check wakeup signal operates as expected.
V2 filters_wakeup_fixed adc_ctrl_filters_wakeup_fixed

As filters_wakeup but with filter parameters fixed during the test.

V2 filters_both adc_ctrl_filters_both

Verify filter wakeup and interrupt function correctly together

Stimulus:

For a number of iterations:

  • Configure DUT with randomized filter parameters, filters, interrupt and wakeup enabled, randomized low/high power sampling mode.
  • Generate ADC data stream.

Checks:

  • From monitored ADC data predict when filters should be triggered.
  • Confirm this by reading the filter status register and interrupt status register.
  • Check wakeup signal operates as expected.
  • Check interrupt signal operates as expected.
V2 clock_gating adc_ctrl_clock_gating

Verify filter wakeup and interrupts function correctly when fast clock is turned off as would occur in the system.

Stimulus:

For a number of iterations:

  • Configure DUT with randomized filter parameters, filters, interrupt and wakeup enabled, low power sampling mode.
  • Turn off fast clock.
  • Generate ADC data stream.
  • When wakeup occurs after a further random period turn fast clock back on.

Checks:

  • From monitored ADC data predict when filters should be triggered.
  • Confirm this by reading the filter status register and interrupt status register.
  • Check wakeup signal operates as expected.
  • Check interrupt signal operates as expected.
V2 poweron_counter adc_ctrl_poweron_counter

Verify ADC power on counter

Stimulus:

For a number of iterations:

  • Configure DUT with a random ADC power on count.
  • Enable ADC.
  • Generate ADC data stream.

Checks:

  • Confirm timing of power down and channel select signals to ADC.
V2 lowpower_counter adc_ctrl_lowpower_counter

Verify ADC low power counter

Stimulus:

For a number of iterations:

  • Configure DUT with a random low power sample count.
  • Enable ADC in low power mode.
  • Generate ADC data stream.

Checks:

  • Confirm return to fast sampling happens as expected.
V2 fsm_reset adc_ctrl_fsm_reset

Verify ADC controller FSM software reset

Stimulus:

For a number of iterations:

  • Configure DUT with a random low power sample count.
  • Enable ADC randomly in low or high power mode.
  • Generate ADC data stream.
  • Trigger a software reset by writing to adc_fsm_rst register.

Checks:

  • Ensure ADC controller FSM and counters are reset.
V2 stress_all adc_ctrl_stress_all

Combine above sequences in one test then randomly select for running

Stimulus:

  • Start sequences and randomly add reset between each sequence

Checking:

  • All sequences should be finished and checked by the scoreboard
V2 alert_test adc_ctrl_alert_test

Verify common alert_test CSR that allows SW to mock-inject alert requests.

  • Enable a random set of alert requests by writing random value to alert_test CSR.
  • Check each alert_tx.alert_p pin to verify that only the requested alerts are triggered.
  • During alert_handshakes, write alert_test CSR again to verify that: If alert_test writes to current ongoing alert handshake, the alert_test request will be ignored. If alert_test writes to current idle alert handshake, a new alert_handshake should be triggered.
  • Wait for the alert handshakes to finish and verify alert_tx.alert_p pins all sets back to 0.
  • Repeat the above steps a bunch of times.
V2 intr_test adc_ctrl_intr_test

Verify common intr_test CSRs that allows SW to mock-inject interrupts.

  • Enable a random set of interrupts by writing random value(s) to intr_enable CSR(s).
  • Randomly "turn on" interrupts by writing random value(s) to intr_test CSR(s).
  • Read all intr_state CSR(s) back to verify that it reflects the same value as what was written to the corresponding intr_test CSR.
  • Check the cfg.intr_vif pins to verify that only the interrupts that were enabled and turned on are set.
  • Clear a random set of interrupts by writing a randomly value to intr_state CSR(s).
  • Repeat the above steps a bunch of times.
V2 tl_d_oob_addr_access adc_ctrl_tl_errors

Access out of bounds address and verify correctness of response / behavior

V2 tl_d_illegal_access adc_ctrl_tl_errors

Drive unsupported requests via TL interface and verify correctness of response / behavior. Below error cases are tested bases on the [TLUL spec]({{< relref "hw/ip/tlul/doc/_index.md#explicit-error-cases" >}})

  • TL-UL protocol error cases
    • invalid opcode
    • some mask bits not set when opcode is PutFullData
    • mask does not match the transfer size, e.g. a_address = 0x00, a_size = 0, a_mask = 'b0010
    • mask and address misaligned, e.g. a_address = 0x01, a_mask = 'b0001
    • address and size aren't aligned, e.g. a_address = 0x01, a_size != 0
    • size is greater than 2
  • OpenTitan defined error cases
    • access unmapped address, expect d_error = 1 when devmode_i == 1
    • write a CSR with unaligned address, e.g. a_address[1:0] != 0
    • write a CSR less than its width, e.g. when CSR is 2 bytes wide, only write 1 byte
    • write a memory with a_mask != '1 when it doesn't support partial accesses
    • read a WO (write-only) memory
    • write a RO (read-only) memory
    • write with instr_type = True
V2 tl_d_outstanding_access adc_ctrl_csr_hw_reset
adc_ctrl_csr_rw
adc_ctrl_csr_aliasing
adc_ctrl_same_csr_outstanding

Drive back-to-back requests without waiting for response to ensure there is one transaction outstanding within the TL device. Also, verify one outstanding when back- to-back accesses are made to the same address.

V2 tl_d_partial_access adc_ctrl_csr_hw_reset
adc_ctrl_csr_rw
adc_ctrl_csr_aliasing
adc_ctrl_same_csr_outstanding

Access CSR with one or more bytes of data. For read, expect to return all word value of the CSR. For write, enabling bytes should cover all CSR valid fields.

V2S tl_intg_err adc_ctrl_tl_intg_err
adc_ctrl_sec_cm

Verify that the data integrity check violation generates an alert.

  • Randomly inject errors on the control, data, or the ECC bits during CSR accesses. Verify that triggers the correct fatal alert.
  • Inject a fault at the onehot check in u_reg.u_prim_reg_we_check and verify the corresponding fatal alert occurs
V2S sec_cm_bus_integrity adc_ctrl_tl_intg_err

Verify the countermeasure(s) BUS.INTEGRITY.

V3 stress_all_with_rand_reset adc_ctrl_stress_all_with_rand_reset

This test runs 3 parallel threads - stress_all, tl_errors and random reset. After reset is asserted, the test will read and check all valid CSR registers.

Covergroups

Name Description
adc_ctrl_filter_cg

Cover filter configuration (one instance per filter)

adc_ctrl_fsm_reset_cg

Cover FSM state and counter values when fsm_reset is triggered

adc_ctrl_hw_reset_cg

Cover FSM state and counter values when hardware reset is asserted

adc_ctrl_power_mode_cg

Cover power mode configuration

regwen_val_when_new_value_written_cg

Cover each lockable reg field with these 2 cases:

  • When regwen = 1, a different value is written to the lockable CSR field, and a read occurs after that.
  • When regwen = 0, a different value is written to the lockable CSR field, and a read occurs after that.

This is only applicable if the block contains regwen and locakable CSRs.

tl_errors_cg

Cover the following error cases on TL-UL bus:

  • TL-UL protocol error cases.
  • OpenTitan defined error cases, refer to testpoint tl_d_illegal_access.
tl_intg_err_cg

Cover all kinds of integrity errors (command, data or both) and cover number of error bits on each integrity check.

Cover the kinds of integrity errors with byte enabled write on memory if applicable: Some memories store the integrity values. When there is a subword write, design re-calculate the integrity with full word data and update integrity in the memory. This coverage ensures that memory byte write has been issued and the related design logic has been verfied.