| V1 | smoke | rv_dm_smoke | A basic smoke test.
- Read the DTM register
idcode and verify that it reflects the correct value.
- Enable debug by setting lc_hw_debug_en to true.
- Write to the DMI register field dmcontrol[dmactive] via JTAG and verify that the
dmactive output pin reflects the same value.
- Write to the DMI register field dmcontrol[haltreq] via JTAG and verify that the
debug_req output pin reflects the same value.
- Write to the DMI register field dmcontrol[ndmreset] via JTAG and verify that the
ndmreset output pin reflects the same value.
- Wiggle the
unavailable input and read the DTM register field dmstatus[allunavail]
to verify that it reflects the same value as the input signal.
|
| V1 | jtag_dtm_csr_hw_reset | rv_dm_jtag_dtm_csr_hw_reset | Verify the reset values of JTAG DTM CSRs as indicated in the RAL specification.
See hw/dv/tools/dvsim/testplans/csr_testplan.hjson for more description, This follows
the same approach, but applies to the JTAG DTM regisers.
In these set of tests, the lc_hw_debug_en is set to true, scanmode & scan_rst_n inputs
to false. |
| V1 | jtag_dtm_csr_rw | rv_dm_jtag_dtm_csr_rw | Verify accessibility of JTAG DTM CSRs as indicated in the RAL specification.
See hw/dv/tools/dvsim/testplans/csr_testplan.hjson for more description, This follows
the same approach, but applies to the JTAG DTM regisers. |
| V1 | jtag_dtm_csr_bit_bash | rv_dm_jtag_dtm_csr_bit_bash | Verify no aliasing within individual bits of JTAG DTM CSR.
See hw/dv/tools/dvsim/testplans/csr_testplan.hjson for more description, This follows
the same approach, but applies to the JTAG DTM regisers. |
| V1 | jtag_dtm_csr_aliasing | rv_dm_jtag_dtm_csr_aliasing | Verify no aliasing within the JTAG DTM CSR address space.
See hw/dv/tools/dvsim/testplans/csr_testplan.hjson for more description, This follows
the same approach, but applies to the JTAG DTM regisers. |
| V1 | jtag_dmi_csr_hw_reset | rv_dm_jtag_dmi_csr_hw_reset | Verify the reset values of JTAG DMI CSRs as indicated in the RAL specification.
See hw/dv/tools/dvsim/testplans/csr_testplan.hjson for more description, This follows
the same approach, but applies to the JTAG DMI regisers.
In these set of tests, the lc_hw_debug_en is set to true, scanmode & scan_rst_n inputs
to false.
Also, the dmcontrol[dmactive] field is set to 1 at the start, to ensure CSR accesses to
all other registers go through. |
| V1 | jtag_dmi_csr_rw | rv_dm_jtag_dmi_csr_rw | Verify accessibility of JTAG DMI CSRs as indicated in the RAL specification.
See hw/dv/tools/dvsim/testplans/csr_testplan.hjson for more description, This follows
the same approach, but applies to the JTAG DMI regisers. |
| V1 | jtag_dmi_csr_bit_bash | rv_dm_jtag_dmi_csr_bit_bash | Verify no aliasing within individual bits of JTAG DMI CSR.
See hw/dv/tools/dvsim/testplans/csr_testplan.hjson for more description, This follows
the same approach, but applies to the JTAG DMI regisers. |
| V1 | jtag_dmi_csr_aliasing | rv_dm_jtag_dmi_csr_aliasing | Verify no aliasing within the JTAG DMI CSR address space.
See hw/dv/tools/dvsim/testplans/csr_testplan.hjson for more description, This follows
the same approach, but applies to the JTAG DMI regisers. |
| V1 | csr_hw_reset | rv_dm_csr_hw_reset | Verify the reset values as indicated in the RAL specification.
- Write all CSRs with a random value.
- Apply reset to the DUT as well as the RAL model.
- Read each CSR and compare it against the reset value.
it is mandatory to replicate this test for each reset that affects
all or a subset of the CSRs.
- It is mandatory to run this test for all available interfaces the
CSRs are accessible from.
- Shuffle the list of CSRs first to remove the effect of ordering.
|
| V1 | csr_rw | rv_dm_csr_rw | Verify accessibility of CSRs as indicated in the RAL specification.
- Loop through each CSR to write it with a random value.
- Read the CSR back and check for correctness while adhering to its
access policies.
- It is mandatory to run this test for all available interfaces the
CSRs are accessible from.
- Shuffle the list of CSRs first to remove the effect of ordering.
|
| V1 | csr_bit_bash | rv_dm_csr_bit_bash | Verify no aliasing within individual bits of a CSR.
- Walk a 1 through each CSR by flipping 1 bit at a time.
- Read the CSR back and check for correctness while adhering to its
access policies.
- This verify that writing a specific bit within the CSR did not affect
any of the other bits.
- It is mandatory to run this test for all available interfaces the
CSRs are accessible from.
- Shuffle the list of CSRs first to remove the effect of ordering.
|
| V1 | csr_aliasing | rv_dm_csr_aliasing | Verify no aliasing within the CSR address space.
- Loop through each CSR to write it with a random value
- Shuffle and read ALL CSRs back.
- All CSRs except for the one that was written in this iteration should
read back the previous value.
- The CSR that was written in this iteration is checked for correctness
while adhering to its access policies.
- It is mandatory to run this test for all available interfaces the
CSRs are accessible from.
- Shuffle the list of CSRs first to remove the effect of ordering.
|
| V1 | csr_mem_rw_with_rand_reset | rv_dm_csr_mem_rw_with_rand_reset | Verify random reset during CSR/memory access.
- Run csr_rw sequence to randomly access CSRs
- If memory exists, run mem_partial_access in parallel with csr_rw
- Randomly issue reset and then use hw_reset sequence to check all CSRs
are reset to default value
- It is mandatory to run this test for all available interfaces the
CSRs are accessible from.
|
| V1 | regwen_csr_and_corresponding_lockable_csr | rv_dm_csr_rw
rv_dm_csr_aliasing | Verify regwen CSR and its corresponding lockable CSRs.
- Randomly access all CSRs
- Test when regwen CSR is set, its corresponding lockable CSRs become
read-only registers
Note:
- If regwen CSR is HW read-only, this feature can be fully tested by common
CSR tests - csr_rw and csr_aliasing.
- If regwen CSR is HW updated, a separate test should be created to test it.
This is only applicable if the block contains regwen and locakable CSRs. |
| V1 | mem_walk | rv_dm_mem_walk | Verify accessibility of all memories in the design.
- Run the standard UVM mem walk sequence on all memories in the RAL model.
- It is mandatory to run this test from all available interfaces the
memories are accessible from.
|
| V1 | mem_partial_access | rv_dm_mem_partial_access | Verify partial-accessibility of all memories in the design.
- Do partial reads and writes into the memories and verify the outcome for
correctness.
- Also test outstanding access on memories
|
| V2 | idcode | rv_dm_smoke | Verify that the JTAG IDCODE reads the correct value.
- Set a different JTAG ID code an rv_dm design parameter.
- Read the IDCODE register in JTAG DTM register space, via JTAG.
- Verify it reads back what was set.
|
| V2 | jtag_dtm_hard_reset | | Verify that the debugger can camcel an on-going DMI transaction with a hard reset.
- Perform a random legal DMI write to a chosen DMI register and immediately write to
dtmcs[dmihardreset] bit.
- Read the target DMI register to verify the write did not succeed.
|
| V2 | jtag_dtm_idle_hint | | Verify that the JTAG debugger does not need to stay any longer than the advertized idle
time indicated in dtmcs register.
- Read the dtmcs[idle] value and configure the JTAG DMI register adapter to insert that
many delay between transactions.
- Issue random legal DMI accesses back to back and ensure that all of them complete
successfully, without dmistat reflecting an error.
|
| V2 | jtag_dmi_failed_op | | Verify that a failed DMI op is reflected properly in dtmcs register.
- Issue a random legal DMI write to a chosen DMI register.
- Before that access completes, issue another random legal DMI access.
- Read the dtmcs[dmistat] register to verify busy error.
- Clear it by writing to dtmcs[dmireset] register.
- Poll the DMI access for completion and verify that the first write completed
successfully by doing a read-check.
- TBO - unclear how to generate other types of failed DMI transactions.
|
| V2 | jtag_dmi_dm_inactive | | Verify that writes to DMI registers other than dmcontrol[dmactive] and ignored and they
all retain the reset values on reads.
- Perform random writes to DMI registers while dmcontrol[dmactive] is 0 (exclude it).
- Read all DMI registers back and verify they reflect POR values.
|
| V2 | sba | rv_dm_sba_tl_access
rv_dm_delayed_resp_sba_tl_access | Verify all types of accesses from JTAG to SBA.
- Enable debug by setting lc_hw_debug_en to true and activate the dm
- Write to SBA registers to inject randomized 8/16/32bit writes and reads.
- Randomize readonaddr and readondata settings and ensure those have the intended
effect.
- Generate sbbusy = 1 scenario by picking a very large response delay, since JTAG
accesses are much slower (SBA TL accesses tend to complete faster than JTAG can
read the SBCS register).
|
| V2 | bad_sba | rv_dm_bad_sba_tl_access | Verify attempts to make bad SBA accesses results in the error sticky bits getting set.
- Enable debug by setting lc_hw_debug_en to true and activate the dm.
- Build on the previous
sba test and randomly inject errors in the following
ways:
- Inject a response error on the TL response channel (d_error = 1) and verify that
the sberror bit is set to 2.
- Inject a randomized SBA access that is not aligned to the size of the transfer and
verify that the sberror bit is set to 3.
- Inject a randomized SBA access that is greater that the supported transfer size and
verify that the sberror bit is set to 4.
- Inject an integrity error on the TL response channel and verify that the sberror
bit is set to 7. Verify that an alert is seen. Reset the DUT.
- Inject a new SBA traffic before the previous one completes - verify that the
sbbusyerror asserts. This is achieved by setting a large TL response delay (TODO).
- Have more than one of these types of errors trigger at the same time.
Note: The following error scenarios are not supported by the design:
- pulp-platform/riscv-dbg#128: response timeout (sberror = 1) is not implemented.
|
| V2 | sba_autoincrement | rv_dm_autoincr_sba_tl_access | Verify the address autoincrement functionality of SBA.
- Enable debug by setting lc_hw_debug_en to true and activate the dm.
- Write to the SBCS register to inject randomized 8/16/32bit writes. Set the
autoincrement bit.
- Pick a random address and write to sbaddress0 register.
- Write a random value to sbdata0, repeating a randomized number of times.
- Each write should trigger a new SBA TL write access with the address incremented with
the transfer size. Verify that the SBA TL access shows up.
- Repeat the same procedure for reads. For reads, set the readondata register and read
the sbdata0 a randomized number of times - each read should trigger a new SBA TL read
access.
- Intermittently also generate busy and error conditions.
|
| V2 | jtag_dmi_debug_disabled | | Verify that the JTAG DMI register space cannot be accessed if pinmux_hw_debug_en is a non
strict true value.
- Set pinmux_hw_debug_en to true and activate the dm.
- Write a known value to a randomly picked DMI CSR.
- Set pinmux_hw_debug_en to non-true value.
- Write a different value to the same DMI CSR.
- Attempt to read that DMI CSR - it should read all 0s.
- Note that the above steps are rendered moot because the JTAG DTM itself will not
receive any incoming JTAG transactions.
- Set pinmux_hw_debug_en to true and again read the DMI CSR - it should reflect the
originally written value.
|
| V2 | sba_debug_disabled | | Verify that access to SBA interface is disabled if lc_hw_debug_en is set to not strict
true value.
- Set lc_hw_debug_en to true and activate the dm.
- Attempt to inject a legal randomized SBA access - verify that it comes through.
- Set lc_hw_debug_en to non-true value and activate the dm.
- Attempt to inject a legal randomized SBA access - verify that no SBA TL accesses
appear on the TL interface.
- Reapeat, a random number of times.
- Verify via assertion checks, no transactions were seen on the SBA TL interface.
|
| V2 | ndmreset_req | | Verify that the debugger can issue a non-debug reset to the rest of the system.
- Set lc_hw_debug_en / pinmux_hw_debug_en to true value and activate the dm.
- Pick a random set of write/readable CSRs in all 3 RALs (JTAG DMI, regs RAL and debug
mem RAL). Write known values to them.
- Write the dmcontrol register to assert ndmreset - verify that the ndmreset output
stays asserted.
- Mimic the CPU going into reset by asserting unavailable input, asserting rst_ni
and setting lc_hw_debug_en to false. Keep pinmux_hw_debug_en set to true to keep
the JTAG side open while the ndmreset is in progress.
- Read the dmstatus register to verify allunavail is asserted.
- De-assert the ndmreset by writing 0 to the dmcontrol register field, verify the
ndmreset output deasserted as well.
- Mimic the CPU going out of reset by de-asserting unavailable input and rst_ni
after some delay. Set lc_hw_debug_en to true again as well.
- Read the previously written registers back and verify that they reflect the previously
written value, proving that ndmreset assertion had no effect on them.
|
| V2 | hart_unavail | | Verify that the debugger can read the status of unavailable hart
- Set lc_hw_debug_en to true value and activate the dm.
- Randomly assert and de-assert the
unavailable input (indicates the CPU is under
reset). This ideally happens when ndmreset is issued by the debugger.
- Periodically issue reads to dmstatus register to verify allunavail matches the
unavailable input value
|
| V2 | tap_ctrl_transitions | | Verify all JTAG TAP controller FSM transitions
This test should verify that the standardized JTAG TAP FSM is working correctly. |
| V2 | stress_all | rv_dm_stress_all | A 'bug hunt' test that stresses the DUT to its limits.
- Combine above sequences in one test and run as many of them as possible in parallel.
Run the rest sequentially.
- Randomly inject a full device reset intermittently.
|
| V2 | alert_test | rv_dm_alert_test | Verify common alert_test CSR that allows SW to mock-inject alert requests.
- Enable a random set of alert requests by writing random value to
alert_test CSR.
- Check each
alert_tx.alert_p pin to verify that only the requested alerts
are triggered.
- During alert_handshakes, write
alert_test CSR again to verify that:
If alert_test writes to current ongoing alert handshake, the alert_test
request will be ignored.
If alert_test writes to current idle alert handshake, a new alert_handshake
should be triggered.
- Wait for the alert handshakes to finish and verify
alert_tx.alert_p pins
all sets back to 0.
- Repeat the above steps a bunch of times.
|
| V2 | tl_d_oob_addr_access | rv_dm_tl_errors | Access out of bounds address and verify correctness of response / behavior |
| V2 | tl_d_illegal_access | rv_dm_tl_errors | Drive unsupported requests via TL interface and verify correctness of response
/ behavior. Below error cases are tested bases on the
TLUL spec
- TL-UL protocol error cases
- invalid opcode
- some mask bits not set when opcode is
PutFullData
- mask does not match the transfer size, e.g.
a_address = 0x00, a_size = 0,
a_mask = 'b0010
- mask and address misaligned, e.g.
a_address = 0x01, a_mask = 'b0001
- address and size aren't aligned, e.g.
a_address = 0x01, a_size != 0
- size is greater than 2
- OpenTitan defined error cases
- access unmapped address, expect
d_error = 1 when devmode_i == 1
- write a CSR with unaligned address, e.g.
a_address[1:0] != 0
- write a CSR less than its width, e.g. when CSR is 2 bytes wide, only write 1 byte
- write a memory with
a_mask != '1 when it doesn't support partial accesses
- read a WO (write-only) memory
- write a RO (read-only) memory
- write with
instr_type = True
|
| V2 | tl_d_outstanding_access | rv_dm_csr_hw_reset
rv_dm_csr_rw
rv_dm_csr_aliasing
rv_dm_same_csr_outstanding | Drive back-to-back requests without waiting for response to ensure there is one
transaction outstanding within the TL device. Also, verify one outstanding when back-
to-back accesses are made to the same address. |
| V2 | tl_d_partial_access | rv_dm_csr_hw_reset
rv_dm_csr_rw
rv_dm_csr_aliasing
rv_dm_same_csr_outstanding | Access CSR with one or more bytes of data.
For read, expect to return all word value of the CSR.
For write, enabling bytes should cover all CSR valid fields. |
| V2S | tl_intg_err | rv_dm_tl_intg_err
rv_dm_sec_cm | Verify that the data integrity check violation generates an alert.
- Randomly inject errors on the control, data, or the ECC bits during CSR accesses.
Verify that triggers the correct fatal alert.
- Inject a fault at the onehot check in
u_reg.u_prim_reg_we_check and verify the
corresponding fatal alert occurs
|
| V2S | sec_cm_bus_integrity | | Verify the countermeasure(s) BUS.INTEGRITY. |
| V2S | sec_cm_lc_hw_debug_en_intersig_mubi | | Verify the countermeasure(s) LC_HW_DEBUG_EN.INTERSIG.MUBI. |
| V2S | sec_cm_dm_en_ctrl_lc_gated | | Verify the countermeasure(s) DM_EN.CTRL.LC_GATED. |
| V2S | sec_cm_sba_tl_lc_gate_fsm_sparse | | Verify the countermeasure(s) SBA_TL_LC_GATE.FSM.SPARSE. |
| V2S | sec_cm_mem_tl_lc_gate_fsm_sparse | | Verify the countermeasure(s) MEM_TL_LC_GATE.FSM.SPARSE. |
| V2S | sec_cm_exec_ctrl_mubi | | Verify the countermeasure(s) EXEC.CTRL.MUBI. |
| V3 | stress_all_with_rand_reset | rv_dm_stress_all_with_rand_reset | This test runs 3 parallel threads - stress_all, tl_errors and random reset.
After reset is asserted, the test will read and check all valid CSR registers. |