SYSRST_CTRL DV document

Goals

  • DV
    • Verify all SYSRST_CTRL IP features by running dynamic simulations with a SV/UVM based testbench
    • Develop and run all tests based on the testplan below towards closing code and functional coverage on the IP and all of its sub-modules
  • FPV
    • Verify TileLink device protocol compliance with an SVA based testbench

Current status

Design features

For detailed information on SYSRST_CTRL design features, please see the SYSRST_CTRL HWIP technical specification.

Testbench architecture

SYSRST_CTRL testbench has been constructed based on the CIP testbench architecture.

Block diagram

Block diagram

Top level testbench

The top level testbench is located at hw/ip/sysrst_ctrl/dv/tb.sv. It instantiates the SYSRST_CTRL DUT module hw/ip/sysrst_ctrl/rtl/sysrst_ctrl.sv. In addition, it instantiates the following interfaces, connects them to the DUT and sets their handle into uvm_config_db:

Common DV utility components

The following utilities provide generic helper tasks and functions to perform activities that are common across the project:

Compile-time configurations

[list compile time configurations, if any and what are they used for]

Global types & methods

All common types and methods defined at the package level can be found in sysrst_ctrl_env_pkg.

TL_agent

The SYSRST_CTRL testbench instantiates (already handled in CIP base env) tl_agent. This provides the ability to drive and independently monitor random traffic via the TL host interface into the SYSRST_CTRL device.

Alert_agents

SYSRST_CTRL testbench instantiates (already handled in CIP base env) alert_agents: [list alert names]. The alert_agents provide the ability to drive and independently monitor alert handshakes via alert interfaces in SYSRST_CTRL device.

UVM RAL Model

The SYSRST_CTRL RAL model is created with the ralgen FuseSoC generator script automatically when the simulation is at the build stage.

It can be created manually by invoking regtool:

Stimulus strategy

Test sequences

The test sequences reside in hw/ip/sysrst_ctrl/dv/env/seq_lib. All test sequences are extended from sysrst_ctrl_base_vseq, which is extended from cip_base_vseq and serves as a starting point. It provides commonly used handles, variables, functions and tasks that the test sequences can simple use / call.

Functional coverage

To ensure high quality constrained random stimulus, it is necessary to develop a functional coverage model. The following covergroups have been developed to prove that the test intent has been adequately met:

  • sysrst_ctrl_combo_detect_action_cg: This covergroup will cover all the combo detect actions for combo detect register set 0-3.
  • sysrst_ctrl_combo_detect_sel_cg: This covergroup will sample the input selected for combo detect.
  • sysrst_ctrl_combo_detect_det_cg: This covergroup will cover the combo detect debounce timer value.
  • sysrst_ctrl_auto_block_debounce_ctl_cg: This will cover the auto block enable/disable feature, debounce timer value.
  • sysrst_ctrl_combo_intr_status_cg: This covergroup will capture the combo detect interrupt status.
  • sysrst_ctrl_key_intr_status_cg: This covergroup will capture the edge detect status for all the inputs.
  • sysrst_ctrl_ulp_status_cg: This covergroup will cover the ultra low power status.
  • sysrst_ctrl_wkup_status_cg: This will capture the wakeup status event after the low power event is triggered.
  • sysrst_ctrl_pin_in_value_cg: This covergroup will cover the raw input values of all the input pins.
  • sysrst_ctrl_auto_blk_out_ctl_cg: This covergroup will cover the input selected for auto block and the output value status for the selected input pin.
  • pin_cfg_cg: This is the generic covergroup to cover the override and allowed values for the selected input and output values. An array of this covergroup is created for all the input pins.
  • debounce_timer_cg: This is the generic covergroup to cover the debounce timer values for the below register. key_intr_debounce_ctl ulp_ac_debounce_ctl ulp_pwrb_debounce_ctl ulp_lid_debounce_ctl ec_rst_ctl
  • sysrst_ctrl_key_invert_ctl_cg: This covergroup will cover which input/output pins are allowed to invert their values.The invert values are crossed with the input/output values.

Self-checking strategy

Scoreboard

The sysrst_ctrl_scoreboard is primarily used for end to end checking.

Assertions

  • TLUL assertions: The sva/sysrst_ctrl_bind.sv file binds the tlul_assert assertions to the IP to ensure TileLink interface protocol compliance.
  • Unknown checks on DUT outputs: The RTL has assertions to ensure all outputs are initialized to known values after coming out of reset.
  • Assertions in tb.sv
  • CheckFlashWrProtRst: Checks flash_wp_l output pin is asserted active low which it is in reset.
  • CheckEcPwrOnRst: Checks ec_rst_l_o is asserted active low when it is in reset.

Building and running tests

We are using our in-house developed regression tool for building and running our tests and regressions. Please take a look at the link for detailed information on the usage, capabilities, features and known issues. Here’s how to run a smoke test:

$ $REPO_TOP/util/dvsim/dvsim.py $REPO_TOP/hw/ip/sysrst_ctrl/dv/sysrst_ctrl_sim_cfg.hjson -i sysrst_ctrl_smoke

Testplan

Testpoints

Stage Name Tests Description
V1 smoke sysrst_ctrl_smoke

Verify end to end data transfer in normal operation mode.

  • Write a random data to the input keys.
  • Read the data at the output pins and compare it with the input data.
V1 input_output_inverted sysrst_ctrl_in_out_inverted

Verify end to end data transfer with inverted input and inverted output.

  • Write a random data to the input keys.
  • Configure KEY_INVERT_CTL register to invert the input.
  • Read the data at the output pins and compare it with the input data.
  • Configure KEY_INVERT_CTL register to invert the output.
  • Check if the output is inverted form of input pins.
V1 combo_detect_ec_rst sysrst_ctrl_combo_detect_ec_rst

Verify the combo detection with ec_rst action.

  • Trigger the input keys by configuring COM_SEL_CTL_0 register.
  • Set the combo duration via the COM_DET_CTL_0 register.
  • Select the action to be taken by configuring COM_OUT_CTL_0 register.
  • Set the pulse width via EC_RST_CTL register only to raise ec_rst action.
  • Read the COMBO_INTR_STATUS register to check if the interrupt is raised and clear the interrupt.
  • NOTE: This is a directed test with no random values for V1 stage, further this test will be randomized.
V1 csr_hw_reset sysrst_ctrl_csr_hw_reset

Verify the reset values as indicated in the RAL specification.

  • Write all CSRs with a random value.
  • Apply reset to the DUT as well as the RAL model.
  • Read each CSR and compare it against the reset value. it is mandatory to replicate this test for each reset that affects all or a subset of the CSRs.
  • It is mandatory to run this test for all available interfaces the CSRs are accessible from.
  • Shuffle the list of CSRs first to remove the effect of ordering.
V1 csr_rw sysrst_ctrl_csr_rw

Verify accessibility of CSRs as indicated in the RAL specification.

  • Loop through each CSR to write it with a random value.
  • Read the CSR back and check for correctness while adhering to its access policies.
  • It is mandatory to run this test for all available interfaces the CSRs are accessible from.
  • Shuffle the list of CSRs first to remove the effect of ordering.
V1 csr_bit_bash sysrst_ctrl_csr_bit_bash

Verify no aliasing within individual bits of a CSR.

  • Walk a 1 through each CSR by flipping 1 bit at a time.
  • Read the CSR back and check for correctness while adhering to its access policies.
  • This verify that writing a specific bit within the CSR did not affect any of the other bits.
  • It is mandatory to run this test for all available interfaces the CSRs are accessible from.
  • Shuffle the list of CSRs first to remove the effect of ordering.
V1 csr_aliasing sysrst_ctrl_csr_aliasing

Verify no aliasing within the CSR address space.

  • Loop through each CSR to write it with a random value
  • Shuffle and read ALL CSRs back.
  • All CSRs except for the one that was written in this iteration should read back the previous value.
  • The CSR that was written in this iteration is checked for correctness while adhering to its access policies.
  • It is mandatory to run this test for all available interfaces the CSRs are accessible from.
  • Shuffle the list of CSRs first to remove the effect of ordering.
V1 csr_mem_rw_with_rand_reset sysrst_ctrl_csr_mem_rw_with_rand_reset

Verify random reset during CSR/memory access.

  • Run csr_rw sequence to randomly access CSRs
  • If memory exists, run mem_partial_access in parallel with csr_rw
  • Randomly issue reset and then use hw_reset sequence to check all CSRs are reset to default value
  • It is mandatory to run this test for all available interfaces the CSRs are accessible from.
V1 regwen_csr_and_corresponding_lockable_csrsysrst_ctrl_csr_rw
sysrst_ctrl_csr_aliasing

Verify regwen CSR and its corresponding lockable CSRs.

  • Randomly access all CSRs
  • Test when regwen CSR is set, its corresponding lockable CSRs become read-only registers

Note:

  • If regwen CSR is HW read-only, this feature can be fully tested by common CSR tests - csr_rw and csr_aliasing.
  • If regwen CSR is HW updated, a separate test should be created to test it.

This is only applicable if the block contains regwen and locakable CSRs.

V2 combo_detect sysrst_ctrl_combo_detect

Verify the combo detection with random action.

  • Trigger the input keys by configuring COM_SEL_CTL_0 register.
  • Set the random combo duration via the COM_DET_CTL_0 register.
  • Randomly select the action to be taken by configuring COM_OUT_CTL_0 register.
  • Set the pulse width via EC_RST_CTL register.
  • Read the COMBO_INTR_STATUS register to check if the interrupt is raised and clear the interrupt.
V2 auto_block_key_outputs sysrst_ctrl_auto_blk_key_output

Verify the auto block key output feature.

  • Trigger the input keys combo.
  • Set the debounce timer value in AUTO_BLOCK_DEBOUNCE_CTL register.
  • Select the output override value by configuring AUTO_BLOCK_OUT_CTL register.
  • Check whether the input keys stays low for the selected debounce time.
  • Read the AUTO_BLOCK_OUT_CTL register to check if the output key is overridden.
V2 keyboard_input_triggered_interrupt sysrst_ctrl_edge_detect

Verify the keyboard and input triggered interrupt feature by detecting the edge transitions on input pins.

  • Set the input signals and edge transition by configuring KEY_INTR_CTL register.
  • Set the debounce timer value via KEY_INTR_DEBOUNCE_CTL register.
  • Read the KEY_INTR_STATUS register to check if the interrupt caused and clear the interrupt.
V2 pin_output_keyboard_inversion_control sysrst_ctrl_override_test

Verify the keyboard inversion feature by override logic.

  • Select the output signals to override via PIN_OUT_CTL register.
  • Allow the output signals to override the value via PIN_ALLOWED_CTL register.
  • Set the override value to the output signal via PIN_OUT_VALUE register.
V2 pin_input_value_accessibility sysrst_ctrl_pin_access_test

Verify the pin input value accessibilty.

  • Trigger the key[0,1,2], ac_present_in, pwrb_in, ec_rst_in_l input pins with random values.
  • Read the PIN_IN_VALUE register and check if the read value is same as input value.
V2 ec_power_on_reset sysrst_ctrl_ec_pwr_on_rst

Verify the EC and power on reset.

  • Enable the override value by writing to PIN_ALLOWED_CTL.EC_RST_L_1 and PIN_OUT_CTL.EC_RST_L register.
  • Make sure ec_rst_out_l is asserted even after opentitan reset is released.
  • Set PIN_OUT_CTL.EC_RST_L to 0 to release the ec_rst_out_l reset.
V2 flash_write_protect_output sysrst_ctrl_flash_wr_prot_out

Verify the flash write protect.

  • Make sure flash_wp_out_l signal is asserted low by reading PIN_OUT_CTL.flash_wp_l.
  • Enable the override function by setting PIN_OUT_CTL.FLASH_WP_L to value 1.
  • Randomize the corresponding flash_wp_l_i input pin.
  • Check flash_wp_l_i does not have a bypass path to flash_wp_l_o.
  • Check if flash_wp_l_o is released only by the override function.
V2 ultra_low_power_test sysrst_ctrl_ultra_low_pwr

Verify the ultra low power feature.

  • Configure ULP_AC_DEBOUNCE_CTL, ULP_LID_DEBOUNCE_CTL and ULP_PWRB_DEBOUNCE_CTL register to set the debounce timer value.
  • Disable the bus clock to check detection logic works in sleep mode.
  • Trigger the ac_present_i, lid_open_in, ec_rst_l_i input keys.
  • Turn on the bus clock to read the status register.
  • Read the WKUP_STATUS register to check if the event has occured.
  • Read the ULP_STATUS register and check if the ultra low power wakeup event is detected.
V2 stress_all sysrst_ctrl_stress_all

Test all the sequences randomly in one sequence.

  • Combine above sequences in one test then randomly select for running.
  • All sequences should be finished and checked by the scoreboard.
V2 alert_test sysrst_ctrl_alert_test

Verify common alert_test CSR that allows SW to mock-inject alert requests.

  • Enable a random set of alert requests by writing random value to alert_test CSR.
  • Check each alert_tx.alert_p pin to verify that only the requested alerts are triggered.
  • During alert_handshakes, write alert_test CSR again to verify that: If alert_test writes to current ongoing alert handshake, the alert_test request will be ignored. If alert_test writes to current idle alert handshake, a new alert_handshake should be triggered.
  • Wait for the alert handshakes to finish and verify alert_tx.alert_p pins all sets back to 0.
  • Repeat the above steps a bunch of times.
V2 intr_test sysrst_ctrl_intr_test

Verify common intr_test CSRs that allows SW to mock-inject interrupts.

  • Enable a random set of interrupts by writing random value(s) to intr_enable CSR(s).
  • Randomly "turn on" interrupts by writing random value(s) to intr_test CSR(s).
  • Read all intr_state CSR(s) back to verify that it reflects the same value as what was written to the corresponding intr_test CSR.
  • Check the cfg.intr_vif pins to verify that only the interrupts that were enabled and turned on are set.
  • Clear a random set of interrupts by writing a randomly value to intr_state CSR(s).
  • Repeat the above steps a bunch of times.
V2 tl_d_oob_addr_access sysrst_ctrl_tl_errors

Access out of bounds address and verify correctness of response / behavior

V2 tl_d_illegal_access sysrst_ctrl_tl_errors

Drive unsupported requests via TL interface and verify correctness of response / behavior. Below error cases are tested bases on the [TLUL spec]({{< relref "hw/ip/tlul/doc/_index.md#explicit-error-cases" >}})

  • TL-UL protocol error cases
    • invalid opcode
    • some mask bits not set when opcode is PutFullData
    • mask does not match the transfer size, e.g. a_address = 0x00, a_size = 0, a_mask = 'b0010
    • mask and address misaligned, e.g. a_address = 0x01, a_mask = 'b0001
    • address and size aren't aligned, e.g. a_address = 0x01, a_size != 0
    • size is greater than 2
  • OpenTitan defined error cases
    • access unmapped address, expect d_error = 1 when devmode_i == 1
    • write a CSR with unaligned address, e.g. a_address[1:0] != 0
    • write a CSR less than its width, e.g. when CSR is 2 bytes wide, only write 1 byte
    • write a memory with a_mask != '1 when it doesn't support partial accesses
    • read a WO (write-only) memory
    • write a RO (read-only) memory
    • write with instr_type = True
V2 tl_d_outstanding_access sysrst_ctrl_csr_hw_reset
sysrst_ctrl_csr_rw
sysrst_ctrl_csr_aliasing
sysrst_ctrl_same_csr_outstanding

Drive back-to-back requests without waiting for response to ensure there is one transaction outstanding within the TL device. Also, verify one outstanding when back- to-back accesses are made to the same address.

V2 tl_d_partial_access sysrst_ctrl_csr_hw_reset
sysrst_ctrl_csr_rw
sysrst_ctrl_csr_aliasing
sysrst_ctrl_same_csr_outstanding

Access CSR with one or more bytes of data. For read, expect to return all word value of the CSR. For write, enabling bytes should cover all CSR valid fields.

V2S tl_intg_err sysrst_ctrl_tl_intg_err
sysrst_ctrl_sec_cm

Verify that the data integrity check violation generates an alert.

  • Randomly inject errors on the control, data, or the ECC bits during CSR accesses. Verify that triggers the correct fatal alert.
  • Inject a fault at the onehot check in u_reg.u_prim_reg_we_check and verify the corresponding fatal alert occurs
V2S sec_cm_bus_integrity

Verify the countermeasure(s) BUS.INTEGRITY.

V3 stress_all_with_rand_reset sysrst_ctrl_stress_all_with_rand_reset

This test runs 3 parallel threads - stress_all, tl_errors and random reset. After reset is asserted, the test will read and check all valid CSR registers.

Covergroups

Name Description
debounce_timer_cg

Cover the debounce timer of the following registers

  • ec_rst_ctl register.
  • key_intr_debounce_ctl register.
  • ulp_ac_debounce_ctl register.
  • ulp_pwrb_debounce_ctl register.
  • ulp_lid_debounce_ctl register.
pin_cfg_cg

Cover the override enable/disable of all the inputs. Cover the override values of all the input values. Cover the allowed value 0 and 1 of all the inputs. Cross all the above coverpoints.

regwen_val_when_new_value_written_cg

Cover each lockable reg field with these 2 cases:

  • When regwen = 1, a different value is written to the lockable CSR field, and a read occurs after that.
  • When regwen = 0, a different value is written to the lockable CSR field, and a read occurs after that.

This is only applicable if the block contains regwen and locakable CSRs.

sysrst_ctrl_auto_blk_out_ctl_cg

Cover the auto blk input select and their values. Cross the key outputs selected to override with their override values. Sample the covergroup when the event occurs.

sysrst_ctrl_auto_block_debounce_ctl_cg

Cover the auto block enable/disable feature. Cover the auto block debounce timer.

sysrst_ctrl_combo_detect_action_cg

Cover all the combo detect actions. Create 4 instance to cover the combo detect register [0-3]. Sample the covergroup when the event occurs. Cross the covergroup with combo_detect_sel_cg to cover all the input combination with all the possible combo_detect actions.

sysrst_ctrl_combo_detect_det_cg

Cover the combo detect debounce timer. Create 4 instance to cover the combo detect register [0-3].

sysrst_ctrl_combo_detect_sel_cg

Cover all the combo detect input select. Cross all the inputs to cover all the combos. Create 4 instance to cover the combo detect register [0-3]. Sample the covergroup when the event occurs. Cross the covergroup with combo_detect_action_cg to cover all the input combination with all the possible combo_detect actions.

sysrst_ctrl_combo_intr_status_cg

Cover the combo detect status of all 4 set of combo registers. Cover all the input combinations has generated selected outcome actions and cross with the status generated.

sysrst_ctrl_key_intr_status_cg

Cover the H2L/L2H edge detect event of all the inputs.

sysrst_ctrl_key_invert_ctl_cg

Cover the invert values of all input and output values.

sysrst_ctrl_pin_in_value_cg

Cover the raw input values before inversion for all inputs.

sysrst_ctrl_ulp_status_cg

Cover the ultra low power event triggered. Cover the following condition triggers the ultra low power event:

  • High to low transition on pwrb_in input pin
  • Low to High transition on lid_open pin.
  • A level high on ac_present pin. Cross the above three condition with the ulp_status.
sysrst_ctrl_wkup_event_cg

Cover the ultra low power wakeup event and status. Cover the wkup event could occur due to following condition:

  • High to low transition on pwrb_in input pin when ulp feature is enable.
  • Low to High transition on lid_open pin when ulp feature is enable.
  • A level high on ac_present pin when ulp feature is enable.
  • When an interrupt is generated. Cross the above condition with the wkup_status register.
tl_errors_cg

Cover the following error cases on TL-UL bus:

  • TL-UL protocol error cases.
  • OpenTitan defined error cases, refer to testpoint tl_d_illegal_access.
tl_intg_err_cg

Cover all kinds of integrity errors (command, data or both) and cover number of error bits on each integrity check.

Cover the kinds of integrity errors with byte enabled write on memory if applicable: Some memories store the integrity values. When there is a subword write, design re-calculate the integrity with full word data and update integrity in the memory. This coverage ensures that memory byte write has been issued and the related design logic has been verfied.