ALERT_HANDLER DV document
Goals
- DV
- Verify all ALERT_HANDLER IP features by running dynamic simulations with a SV/UVM based testbench
- Develop and run all tests based on the testplan below towards closing code and functional coverage on the IP and all of its sub-modules
- Verify transmitter and receiver pairs for alert (/hw/ip/prim/dv/prim_alert) and escalation (/hw/ip/prim/dv/prim_esc) via direct stimulus.
- FPV
- Verify TileLink device protocol compliance with an SVA based testbench
- Verify transmitter and receiver pairs for alert and escalator
- Verify alert_handler_esc_timer and alert_handler_ping_timer
Current status
Design features
For detailed information on ALERT_HANDLER design features, please see the ALERT_HANDLER HWIP technical specification.
Testbench architecture
ALERT_HANDLER testbench has been constructed based on the CIP testbench architecture.
Block diagram
Top level testbench
Top level testbench is located at hw/ip/alert_handler/dv/tb/tb.sv
. It instantiates the ALERT_HANDLER DUT module hw/ip/alert_handler/rtl/alert_handler.sv
.
In addition, it instantiates the following interfaces, connects them to the DUT and sets their handle into uvm_config_db
:
- Clock and reset interface
- TileLink host interface
- ALERT_HANDLER IOs
- Alerts and escalations(
alert_esc_if
) - Interrupts (
pins_if
) - Devmode (
pins_if
)
The alert_handler testbench environment can be reused in chip level testing.
Common DV utility components
The following utilities provide generic helper tasks and functions to perform activities that are common across the project:
Global types & methods
All common types and methods defined at the package level can be found in
alert_handler_env_pkg
. Some of them in use are:
parameter uint NUM_MAX_ESC_SEV = 8;
TL_agent
ALERT_HANDLER testbench instantiates (already handled in CIP base env) tl_agent which provides the ability to drive and independently monitor random traffic via TL host interface into ALERT_HANDLER device.
ALERT_ESC Agent
ALERT_ESC agent is used to drive and monitor transmitter and receiver pairs for the alerts and escalators. Alert_handler DUT includes alert_receivers and esc_senders, so the alert_esc agent will drive output signals of the alert_senders and esc_receivers.
UVM RAL Model
The ALERT_HANDLER RAL model is created with the ralgen
FuseSoC generator script automatically when the simulation is at the build stage.
It can be created manually by invoking regtool
.
Stimulus strategy
Test sequences
All test sequences reside in hw/ip/alert_handler/dv/env/seq_lib
.
The alert_handler_base_vseq
virtual sequence is extended from cip_base_vseq
and serves as a starting point.
All test sequences are extended from alert_handler_base_vseq
.
It provides commonly used handles, variables, functions and tasks that the test sequences can simple use / call.
Some of the most commonly used tasks / functions are as follows:
- alert_handler_init: Configure alert_handler DUT by writing to
intr_en
,alert_en_shadowed_*
,alert_class_shadowed_*
,loc_alert_en_shadowed_*
,loc_alert_class_shadowed_*
registers. - drive_alert: Drive alert_tx signal pairs through
alert_sender_driver
. - drive_esc_rsp: Drive esc_rx signal pairs through
esc_receiver_driver
. - read_ecs_status: Readout registers that reflect escalation status, including
classa/b/c/d_accum_cnt
,classa/b/c/d_esc_cnt
, andclassa/b/c/d_state
. - wait_alert_handshake_done: Wait for alert_rx/tx handshake to finish. If the alert’s low-power-group(LPG) is enabled, immediately return.
- wait_esc_handshake_done: Wait for esc_rx/tx handshake to finish by reading
class*_state
registers and check esc_rx/tx signals. - set_alert_lpg: Given alert index, find the linked LPG group and enabled the LPG group by driving
lpg_cg_en
orlpg_rst_en
to Mubi4True. - run_esc_rsp_seq_nonblocking: A non-blocking sequence to drive
esc_tx
when received escalation or escalation-ping requests. - run_alert_ping_rsp_seq_nonblocking: A non-blocking sequence to drive
alert_rx
when received alert-ping requests.
Functional coverage
To ensure high quality constrained random stimulus, it is necessary to develop a functional coverage model. The detailed covergroups are documented under alert_handler testplan.
Self-checking strategy
Scoreboard
The alert_handler_scoreboard
is primarily used for end to end checking.
It creates the following analysis ports to retrieve the data monitored by corresponding interface agents:
- tl_a_chan_fifo: tl address channel
- tl_d_chan_fifo: tl data channel
- alert_fifo: An array of
alert_fifo
that connects to corresponding alert_monitors - esc_fifo: An array of
esc_fifo
that connects to corresponding esc_monitors
Alert_handler scoreboard monitors all valid CSR registers, alert handshakes, and escalation handshakes. To ensure certain alert, interrupt, or escalation signals are triggered at the expected time, the alert_handler scoreboard implemented a few counters:
- intr_cnter_per_class[NUM_ALERT_HANDLER_CLASSES]: Count number of clock cycles that the interrupt bit stays high.
If the stored number is larger than the
timeout_cyc
registers, the corresponding escalation is expected to be triggered - accum_cnter_per_class[NUM_ALERT_HANDLER_CLASSES]: Count number of alerts triggered under the same class.
If the stored number is larger than the
accum_threshold
registers, the corresponding escalation is expected to be triggered - esc_cnter_per_signal[NUM_ESC_SIGNALS]: Count number of clock cycles that each escalation signal stays high.
Compare the counter against
phase_cyc
registers
The alert_handler scoreboard is parameterized to support different number of classes, alert pairs, and escalation pairs.
Assertions
- TLUL assertions: The
tb/alert_handler_bind.sv
binds thetlul_assert
assertions to the IP to ensure TileLink interface protocol compliance. - Unknown checks on DUT outputs: The RTL has assertions to ensure all outputs are initialized to known values after coming out of reset.
Building and running tests
We are using our in-house developed regression tool for building and running our tests and regressions. Please take a look at the link for detailed information on the usage, capabilities, features and known issues. Here’s how to run a smoke test:
$ $REPO_TOP/util/dvsim/dvsim.py $REPO_TOP/hw/$CHIP/ip_autogen/alert_handler/dv/alert_handler_sim_cfg.hjson -i alert_handler_smoke
In this run command, $CHIP can be top_earlgrey, etc.
Testplan
Testpoints
Stage | Name | Tests | Description |
---|---|---|---|
V1 | smoke | alert_handler_smoke |
|
V1 | csr_hw_reset | alert_handler_csr_hw_reset | Verify the reset values as indicated in the RAL specification.
|
V1 | csr_rw | alert_handler_csr_rw | Verify accessibility of CSRs as indicated in the RAL specification.
|
V1 | csr_bit_bash | alert_handler_csr_bit_bash | Verify no aliasing within individual bits of a CSR.
|
V1 | csr_aliasing | alert_handler_csr_aliasing | Verify no aliasing within the CSR address space.
|
V1 | csr_mem_rw_with_rand_reset | alert_handler_csr_mem_rw_with_rand_reset | Verify random reset during CSR/memory access.
|
V1 | regwen_csr_and_corresponding_lockable_csr | alert_handler_csr_rw alert_handler_csr_aliasing | Verify regwen CSR and its corresponding lockable CSRs.
Note:
This is only applicable if the block contains regwen and locakable CSRs. |
V2 | esc_accum | alert_handler_esc_alert_accum | Based on the smoke test, this test will focus on testing the escalation accumulation feature. So all the escalations in the test will be triggered by alert accumulation. |
V2 | esc_timeout | alert_handler_esc_intr_timeout | Based on the smoke test, this test will focus on testing the escalation timeout feature. So all the escalations in the test will be triggered by interrupt timeout. |
V2 | entropy | alert_handler_entropy | Based on the smoke test, this test enables ping testing, and check if the ping feature correctly pings all devices within certain period of time. |
V2 | sig_int_fail | alert_handler_sig_int_fail | This test will randomly inject differential pair failures on alert tx/rx pairs and the escalator tx/rx pairs. Then check if integrity failure alert is triggered and escalated. |
V2 | clk_skew | alert_handler_smoke | This test will randomly inject clock skew within the differential pairs. Then check no alert is raised. |
V2 | random_alerts | alert_handler_random_alerts | Input random alerts and randomly write phase cycles. |
V2 | random_classes | alert_handler_random_classes | Based on random_alerts test, this test will also randomly enable interrupt classes. |
V2 | ping_timeout | alert_handler_ping_timeout | Based on entropy test, this test request alert_sender and esc_receiver drivers to randomly create ping requests timeout stimulus. Checks:
|
V2 | lpg | alert_handler_lpg alert_handler_lpg_stub_clk | Test alert_handler low_power_group(lpg) request. Stimulus:
Checks:
|
V2 | stress_all | alert_handler_stress_all | Combine above sequences in one test to run sequentially with the following exclusions:
|
V2 | alert_handler_entropy_stress_test | alert_handler_entropy_stress | Stress the alert_handler's entropy request and make sure there is no spurious alert. Stimulus:
|
V2 | alert_handler_alert_accum_saturation | alert_handler_alert_accum_saturation | This sequence forces all four alert classes' accumulate counters to a large value that is close to the max saturation value. Then the sequence triggers alerts until the count saturates. Checks:
|
V2 | intr_test | alert_handler_intr_test | Verify common intr_test CSRs that allows SW to mock-inject interrupts.
|
V2 | tl_d_oob_addr_access | alert_handler_tl_errors | Access out of bounds address and verify correctness of response / behavior |
V2 | tl_d_illegal_access | alert_handler_tl_errors | Drive unsupported requests via TL interface and verify correctness of response / behavior. Below error cases are tested bases on the [TLUL spec]({{< relref "hw/ip/tlul/doc/_index.md#explicit-error-cases" >}})
|
V2 | tl_d_outstanding_access | alert_handler_csr_hw_reset alert_handler_csr_rw alert_handler_csr_aliasing alert_handler_same_csr_outstanding | Drive back-to-back requests without waiting for response to ensure there is one transaction outstanding within the TL device. Also, verify one outstanding when back- to-back accesses are made to the same address. |
V2 | tl_d_partial_access | alert_handler_csr_hw_reset alert_handler_csr_rw alert_handler_csr_aliasing alert_handler_same_csr_outstanding | Access CSR with one or more bytes of data. For read, expect to return all word value of the CSR. For write, enabling bytes should cover all CSR valid fields. |
V2S | shadow_reg_update_error | alert_handler_shadow_reg_errors | Verify shadowed registers' update error.
|
V2S | shadow_reg_read_clear_staged_value | alert_handler_shadow_reg_errors | Verify reading a shadowed register will clear its staged value.
|
V2S | shadow_reg_storage_error | alert_handler_shadow_reg_errors | Verify shadowed registers' storage error.
|
V2S | shadowed_reset_glitch | alert_handler_shadow_reg_errors | Verify toggle shadowed_rst_n pin can trigger storage error.
|
V2S | shadow_reg_update_error_with_csr_rw | alert_handler_shadow_reg_errors_with_csr_rw | Run shadow_reg_update_error sequence in parallel with csr_rw sequence.
|
V2S | tl_intg_err | alert_handler_tl_intg_err alert_handler_sec_cm | Verify that the data integrity check violation generates an alert.
|
V2S | sec_cm_bus_integrity | alert_handler_tl_intg_err | Verify the countermeasure(s) BUS.INTEGRITY. |
V2S | sec_cm_config_shadow | alert_handler_shadow_reg_errors | Verify the countermeasure(s) CONFIG.SHADOW. |
V2S | sec_cm_ping_timer_config_regwen | alert_handler_smoke | Verify the countermeasure(s) PING_TIMER.CONFIG.REGWEN. |
V2S | sec_cm_alert_config_regwen | alert_handler_smoke | Verify the countermeasure(s) ALERT.CONFIG.REGWEN. |
V2S | sec_cm_alert_loc_config_regwen | alert_handler_smoke | Verify the countermeasure(s) ALERT_LOC.CONFIG.REGWEN. |
V2S | sec_cm_class_config_regwen | alert_handler_smoke | Verify the countermeasure(s) CLASS.CONFIG.REGWEN. |
V2S | sec_cm_alert_intersig_diff | alert_handler_sig_int_fail | Verify the countermeasure(s) ALERT.INTERSIG.DIFF. |
V2S | sec_cm_lpg_intersig_mubi | alert_handler_lpg | Verify the countermeasure(s) LPG.INTERSIG.MUBI. |
V2S | sec_cm_esc_intersig_diff | alert_handler_sig_int_fail | Verify the countermeasure(s) ESC.INTERSIG.DIFF. |
V2S | sec_cm_alert_rx_intersig_bkgn_chk | alert_handler_entropy | Verify the countermeasure(s) ALERT_RX.INTERSIG.BKGN_CHK. |
V2S | sec_cm_esc_tx_intersig_bkgn_chk | alert_handler_entropy | Verify the countermeasure(s) ESC_TX.INTERSIG.BKGN_CHK. |
V2S | sec_cm_esc_rx_intersig_bkgn_chk | N/A | Verify the countermeasure(s) ESC_RX.INTERSIG.BKGN_CHK. |
V2S | sec_cm_esc_timer_fsm_sparse | alert_handler_sec_cm | Verify the countermeasure(s) ESC_TIMER.FSM.SPARSE. |
V2S | sec_cm_ping_timer_fsm_sparse | alert_handler_sec_cm | Verify the countermeasure(s) PING_TIMER.FSM.SPARSE. |
V2S | sec_cm_esc_timer_fsm_local_esc | alert_handler_sec_cm | Verify the countermeasure(s) ESC_TIMER.FSM.LOCAL_ESC. |
V2S | sec_cm_ping_timer_fsm_local_esc | alert_handler_sec_cm | Verify the countermeasure(s) PING_TIMER.FSM.LOCAL_ESC. |
V2S | sec_cm_esc_timer_fsm_global_esc | alert_handler_sec_cm | Verify the countermeasure(s) ESC_TIMER.FSM.GLOBAL_ESC. |
V2S | sec_cm_accu_ctr_redun | alert_handler_sec_cm | Verify the countermeasure(s) ACCU.CTR.REDUN. |
V2S | sec_cm_esc_timer_ctr_redun | alert_handler_sec_cm | Verify the countermeasure(s) ESC_TIMER.CTR.REDUN. |
V2S | sec_cm_ping_timer_ctr_redun | alert_handler_sec_cm | Verify the countermeasure(s) PING_TIMER.CTR.REDUN. |
V2S | sec_cm_ping_timer_lfsr_redun | alert_handler_sec_cm | Verify the countermeasure(s) PING_TIMER.LFSR.REDUN. |
V3 | stress_all_with_rand_reset | alert_handler_stress_all_with_rand_reset | This test runs 3 parallel threads - stress_all, tl_errors and random reset. After reset is asserted, the test will read and check all valid CSR registers. |
Covergroups
Name | Description |
---|---|
accum_cnt_cg | Covers escalation due to accumulated alerts.
|
alert_cause_cg | Covers alert_cause register and related items.
|
alert_class_regwen_cg | Covers if regwen is locked for alert_class registers. |
alert_en_regwen_cg | Covers if regwen is locked for alert_en registers. |
alert_handshake_complete_cg | Cover if the alert handshake completes. |
alert_loc_alert_cause_cg | Covers loc_alert_cause register regarding alert.
|
alert_lpg_cg | Covers alert lpg status during an alert request. Cover if its lower-power-group (lpg) is enabled or disabled during an alert request. |
alert_ping_with_lpg_wrap_cg | Covers ping requests are initiated with LPG enabled or disabled. |
alert_trans_cg | Cover if the transaction is a ping request or an actual alert request. |
class_accum_thresh_regwen_cg | Covers if regwen is locked for class_accum_thresh registers. |
class_clr_regwen_cg | Covers if regwen is locked for class_clr registers. |
class_crashdump_trigger_regwen_cg | Covers if regwen is locked for class_crashdump_trigger registers. |
class_ctrl_regwen_cg | Covers if regwen is locked for class_ctrl registers. |
class_phase_cyc_regwen_cg | Covers if regwen is locked for class_phase_cyc registers. |
class_timeout_cyc_regwen_cg | Covers if regwen is locked for class_timeout_cyc registers. |
clear_esc_cnt_cg | Covers escalation counter being cleared by class_clr_shadowed register. |
clear_intr_cnt_cg | Covers interrupt counter being cleared by class_clr_shadowed register. |
crashdump_trigger_cg | Covers which phase triggers crashdump. |
cycles_bwtween_pings_cg | Covers how many cycles are there between two ping requests. |
esc_handshake_complete_cg | Cover if the escalation handshake completes. |
esc_loc_alert_cause_cg | Covers loc_alert_cause register regarding escalation.
|
esc_sig_length_cg | Covers escalation signal length for each escalation signal. |
esc_trans_cg | Cover if the transaction is a ping request or an actual escalation request. |
intr_timeout_cnt_cg | Covers escalation due to interrupt timeout.
|
loc_alert_class_regwen_cg | Covers if regwen is locked for loc_alert_class registers. |
loc_alert_en_regwen_cg | Covers if regwen is locked for loc_alert_en registers. |
num_checked_pings_cg | Covers if simulation runs long enough to capture more than twenty ping requests. |
num_edn_reqs_cg | Covers if simulation runs long enough to capture more than five EDN requests. |
regwen_val_when_new_value_written_cg | Cover each lockable reg field with these 2 cases:
This is only applicable if the block contains regwen and locakable CSRs. |
shadow_field_errs_cg | Cover all shadow register errors for each register field. For all register fields within the shadowed register, this coverpoint covers the following errors:
|
tl_errors_cg | Cover the following error cases on TL-UL bus:
|
tl_intg_err_cg | Cover all kinds of integrity errors (command, data or both) and cover number of error bits on each integrity check. Cover the kinds of integrity errors with byte enabled write on memory if applicable: Some memories store the integrity values. When there is a subword write, design re-calculate the integrity with full word data and update integrity in the memory. This coverage ensures that memory byte write has been issued and the related design logic has been verfied. |