What “health” means (definition used throughout this page)

• Reliability: low error rates (retries / NAKs / CRC / framing), and predictable behavior under stress (temperature, load, hot-plug).
• Performance: sustained throughput and stable utilization without “hidden” costs (e.g., retries masking the true payload rate).
• Recoverability: fast, repeatable recovery from stalls and lockups (timeouts, bus reset, re-init), with measurable success rate and time-to-recover.

This page owns

• Metric definitions: units, denominators, windows, percentiles, tags, and interpretation.
• Instrumentation points and timebase rules for consistent latency and throughput measurement.
• Dashboard + alert patterns that turn numbers into actions (triage, regression detection, gates).

This page does NOT own

• Protocol fundamentals and tutorials (I²C timing, SPI mode walkthroughs, UART baud math).
• Detailed timing derivations and electrical/SI deep dives (termination, return paths, eye shaping).
• Long troubleshooting playbooks beyond metric-driven triage (only short “symptom→metric→link” pointers belong here).

Error metrics

• Retry rate (retries / transactions)
• NAK rate (NAKs / address transactions)
• CRC fail rate (CRC fails / frames)
• UART framing/parity/overrun rate (errors / received frames)

Performance metrics

• Throughput (payload bytes / time) with clear “payload vs line” definition
• Utilization (busy time / window)
• Inter-frame gap and queue depth percentiles (p50/p95)

Latency metrics

• Transaction latency p50/p95/p99 (microseconds)
• Queue wait vs service time separation (to isolate “scheduling” vs “bus/device”)
• Max stall time and timeout rate (rare events that dominate user experience)

Stability metrics

• Bus reset count / hour (how often recovery is needed)
• Bus stuck duration (total + worst-case)
• Recovery success rate and time-to-recover (TTR) p95/p99

Per-transaction event

Best for root-cause isolation and top-endpoint ranking. Use sampling or rate limits if volume is high.

Per-burst / per-batch event

Best for high-throughput transfers (DMA bursts, long frames). Preserve aggregate outcomes without logging every transaction.

Per-second (or per-window) rollup

Best for dashboards and field telemetry. Store counts, rates, percentiles, and worst-case stalls to enable trends and alerts.

Identity

bus_type, bus_instance, direction, endpoint_id, op_type

Endpoint conventions: addr0x50 (I²C), cs2 (SPI), uart3 (UART).

Timing

t_start, t_end, latency_us, timeout_ms, clock_domain_id

Store both t_start and t_end (not only derived latency) to support correlation and auditing.

Result

result, err_code, retries, crc_ok, sampled

Keep result (OK/RETRY/FAIL) separate from err_code (NAK/TIMEOUT/CRC/OVERRUN) for clean aggregation.

Context

fw_ver, board_id, power_state, temp_bin, firmware_state, load_bin

Prefer binned tags (e.g., temp_bin) to reduce volume while preserving drilldown power.

Firmware counters

• Driver boundaries: request start/end, queue entry/exit.
• ISR timestamps: interrupt arrival and servicing delay.
• DMA completion: transfer completion and FIFO underrun/overrun hooks.
• Retry loop decision points: retry counts and backoff behavior.

Bridge / expander stats

• FIFO depth and drop counts (congestion signatures).
• Internal counters for retries/CRC (if supported).
• Queue-watermark events (sustained pressure vs bursts).

Analyzer correlation

• Truthing boundaries: verify start/end definitions for latency and ordering.
• Detect sampling gaps and dropped events during stress runs.
• Cross-check top endpoints and error bursts with capture triggers.

Single MCU

Use a monotonic clock for t_start and t_end. Derive latency_us from the same clock domain.

Multi MCU / multi board

Define an explicit sync method and tag events with clock_domain_id. If full sync is unavailable, compare rollups within the same domain and use correlation windows for cross-domain analysis.

Sampling strategy

• Always keep window rollups (low volume, high value).
• Transaction events: sample by rate or trigger on anomalies (timeouts, CRC bursts).
• Attach sampled to every event for honest interpretation.

Ring buffer + retention

• Keep last N seconds of events for post-mortem correlation.
• Prioritize error events; degrade debug-first on pressure.
• Emit a compact “notable events” list on failures.

Compression + rate limits

• Prefer histogram bins for latency (p95/p99 from bins) over raw traces.
• Rate limit per endpoint to prevent “one bad device” flooding logs.
• Batch uploads; apply back-pressure and drop policies deterministically.

NAK_count (bucket by address + op_type)

Normalize as NAK_rate = NAK_count / addressed_txn_count to keep comparisons stable across traffic levels.

Required tags: addr, op_type, bus_instance, fw_ver, temp_bin, power_state.

arbitration_lost_count

Track as a rate: arb_lost_rate = arbitration_lost / master_txn_attempts. Use endpoint and firmware state to locate concurrency patterns.

Deep dive: multi-master policies and bus-stall recovery belong to the owner pages; this page only defines the drilldown signals.

stretch_timeout_count

Treat as a policy-triggered event: stretch_timeout_rate = stretch_timeout / txn_count. Correlate with temp_bin and load_bin.

Deep dive: clock stretching behavior and timeout tuning are covered in the Clock Stretching owner page.

bus_stuck_detected_count + stuck duration

Monitor both frequency and severity: stuck_events/hr, stuck_total_ms/window, and stuck_max_ms (tail risk).

Bucket by power_state and board_id to separate sequencing-related incidents from endpoint-specific faults.

recovery_attempts + success rate (and TTR)

Track reliability of recovery hooks: success_rate = success / attempts. Add time_to_recover_ms p95/p99 to expose tail failures.

Deep dive: recovery mechanisms and reset sequences belong to the Recovery owner page.

NAK spikes (looks intermittent)

Metric to check: NAK_rate (1s/10s windows). Prefer per-endpoint normalization.

Fast split: addr → op_type → power_state / fw_ver.

Likely buckets: device busy vs addressing conflict vs timeout policy mismatch. Deep dive: Page Write / Addressing / Timeout policy.

Stuck bus events (hard stalls)

Metric to check: stuck_max_ms + recovery_success_rate (tail + effectiveness).

Fast split: power_state → board_id → last-active addr.

Likely buckets: hung endpoint vs sequencing/ghost-power category. Deep dive: Recovery page.

crc_fail_count (if available)

Normalize as crc_fail_rate = crc_fail / frames. Treat CRC bursts as an integrity signature that should be stratified by context.

Required tags: sclk_band, temp_bin, load_bin, board_id, fw_ver.

underrun/overrun_count (DMA/FIFO)

Normalize by bursts or time: underrun_rate = underrun / bursts. Pair with queue metrics to distinguish congestion from integrity issues.

Companion metrics: queue_depth_p95, isr_latency_p95, throughput_Bps.

cs_glitch / sync_error_count (if detectable)

Track as per 1k transactions and bucket by cs_id and power_state to isolate boundary-state incidents.

This counter is a detector input; timing and electrical explanations should be routed to the owner pages.

retry_count (application-level)

Normalize as retry_rate = retry / transactions. Use retry changes to validate that “fixes” improve health without hiding errors via slowdowns.

Always view retry_rate alongside throughput and tail latency to avoid misleading wins.

CRC fails appear only at certain speeds

Primary metric: crc_fail_rate (10s window).

First split: sclk_band → temp_bin → load_bin → board_id.

Confirm with: throughput dip + retry_rate burst. Deep dive: Long-Trace SI / SCLK quality (owner pages).

Data drops under load (looks like “random failures”)

Primary metric: underrun_rate (1s window).

First split: load_bin → fw_state → isr_latency_p95.

Confirm with: queue_depth_p95 and burst size. Deep dive: DMA & High Throughput (owner page).

Integrity errors (Noise / Clock category)

• framing_error_count → normalize as framing_error_rate = framing_error / rx_frames
• parity_error_count → normalize as parity_error_rate = parity_error / rx_frames

Required tags: uart_instance, peer_id, baud_setting_id, clock_source_id, temp_bin, power_state, board_id, fw_ver.

Buffer / Flow-control pressure (Queue / Strategy category)

• overrun_count → overrun_rate = overrun / rx_frames
• rx_drop_count (buffer overflow) → rx_drop_rate = rx_drop / rx_frames
• flow_control_asserted_time → flow_control_ratio = asserted_time / window_s

Companion metrics (cross-validation): rx_queue_depth_p95/p99, queue_wait_p95/p99, isr_latency_p95, throughput_payload_Bps.

Power and wake context (phase attribution)

• break_detect_count → correlate errors by before_wake / after_wake phase tags
• idle_wake_count → validate whether error bursts align with state transitions

These counters are primarily bucket keys for time alignment; protocol explanations should be routed to the owner pages.

Timestamp edges (monotonic clock)

• t_rx_irq: RX interrupt/callback arrival (or DMA completion)
• t_enqueue: enqueue into RX ring/buffer
• t_dequeue: application stack dequeue
• t_done (optional): processing completion

Derived latency components (report percentiles)

• service_time = t_enqueue − t_rx_irq (driver/ISR pressure)
• queue_wait = t_dequeue − t_enqueue (congestion)
• processing_time = t_done − t_dequeue (upper stack)
• rx_to_process = t_dequeue − t_rx_irq (end-to-end)

Use p95/p99 and max to expose tail risks; avoid relying on mean latency.

I²C boundary

One driver-submitted message/combined transaction as a single txn. Use t_start/t_end from the event schema to keep latency comparable across firmware versions.

SPI boundary

One CS-active transfer segment or one DMA burst as a txn (choose one and keep it consistent). Record bytes and burst_id so rollups do not mix different batch definitions.

UART boundary

One application packet or fixed-size chunk as a txn. This prevents per-byte noise from dominating latency and makes drops and backpressure comparable across workloads.

Latency

• Report p50 / p95 / p99 plus max (tail risk).
• Track timeout_rate separately from latency to avoid silent failure masking.
• Use multi-window views (1s/10s/60s) to capture bursts and trends.

Throughput

• Report median and p05 (low-tail reveals congestion).
• Always pair throughput with error and tail-latency trends to avoid “slow but stable” misreads.

Latency components

• queue_wait: time waiting for CPU/locks/queue capacity
• on_wire: transfer segment duration (event boundary-defined)
• device_service: peripheral response/ready time (as observed)
• firmware_processing: local processing time after receipt

Percentiles should be computed per component so tail latency is not misattributed.

Throughput definitions

• throughput_payload_Bps = payload_bytes / window_s
• throughput_line_Bps = (payload_bytes + overhead_bytes_equiv) / window_s
• overhead_factor = throughput_line_Bps / throughput_payload_Bps

Overhead is a reported factor rather than a protocol tutorial; bus-specific overhead details should be routed to the owner pages.

Overview (4 KPIs)

• Health score (optional) for ranking and triage only.
• Error rate (normalized, e.g., per 1k or per 1M).
• p95 latency (tail-aware primary KPI; p99 as secondary).
• Throughput (payload_Bps; line_Bps optional).

Keep error, latency, and throughput on the same screen to prevent “stable by slowing down” misreads.

Drilldown (endpoint → context)

• By endpoint: addr / cs / port (top talkers ranked by error and tail latency).
• By operation: op_type (read/write/control) to avoid mixing semantics.
• By context: temp_bin, fw_ver, load_bin, power_state, board_id.

The drilldown order should remain fixed to preserve cross-team comparability.

Notable events (structured, not raw logs)

• First occurrence: first threshold crossing for an endpoint or context bucket.
• Regression: baseline shift after fw_ver change.
• Correlation spike: error/latency spikes aligned with temp_bin or load_bin.
• Recovery risk: repeated recovery attempts, reduced success, or long stuck_max_ms.

Rule template (mandatory fields)

• rule_id, metric, scope (global / per-endpoint / per-context)
• window (e.g., 1s/10s/60s/5min) and normalization unit
• condition (threshold / slope / baseline deviation)
• severity (warn/crit), suppression (debounce + cooldown)
• action (snapshot/dump, degrade, reset, protect-mode)
• pass_criteria reference (production gating hook)

Rule types (3 categories)

• Absolute thresholds: CRC/timeout/stuck_max_ms > X per window (with units).
• Trend / rate-of-change: fast worsening before thresholds cross.
• Anomaly / baseline deviation: endpoint-specific normals differ; alert on deviation.

Add debounce (N consecutive windows) and cooldown (X minutes) to prevent alert storms.

Burn-in / production gating (quality gates)

• Define a test phase (bring-up/burn-in/production) and duration (minutes/cycles).
• Specify gate metrics: error_rate, timeout_rate, recovery_success, latency_p99.
• Define outcomes: pass / retest / quarantine, plus notable-event capture on failures.

DEBUG

Bring-up only. Default off. Enable per endpoint and time-limited. Use probabilistic sampling to prevent log storms.

INFO

Rollup-first telemetry: counts per window, latency histograms, throughput summaries. Stable across firmware releases.

WARN

Threshold crossings and anomalies with minimal context. Triggered sampling can temporarily increase detail for top endpoints.

ERROR

Failures and recovery breakdowns. Always captured. Used to freeze buffers and produce crash-adjacent snapshots.

Ring buffer goals

• Capacity is defined by time horizon (keep last N seconds), not by event count.
• Metadata-only event schema; payload is scrubbed by default.
• Freeze-on-trigger prevents overwrite of pre-failure evidence.

Triggers (examples)

• panic / watchdog / fatal fault
• repeated recovery failures
• stuck episodes exceeding a time threshold
• consecutive alert windows (debounced)

Compression & aggregation

• Counts per window: txn_count, err_count, timeout_rate, recovery_success.
• Latency histograms: bins that can reconstruct p50/p95/p99 approximately.
• Top talkers sketch: keep only top-K endpoints per window.

Telemetry transport

• Batch upload and retry with back-pressure awareness.
• Drop policy priority: ERROR → WARN → rollup → DEBUG/txn events.
• Store-and-forward with explicit retention caps (time and size).

Privacy & security baseline

• Scrub payload by default; keep metadata only.
• Optional endpoint hashing for shared telemetry environments.
• Whitelist/blacklist fields, and protect uploads with authenticated transport.

Temperature sweep

• Track error_rate vs temp_bin (and per endpoint).
• Verify tail latency (p99) does not drift across bins.
• Capture correlation events (temp spikes → error bursts).

Load sweep

• Bind queue_depth_p95/p99 and isr_latency_p95 to overruns/drops.
• Confirm throughput stays stable while error_rate stays bounded.
• Identify Top-K endpoints that dominate tail behavior.

Long-run soak

• Watch p99 latency creep (memory pressure / queue accumulation signals).
• Ensure rollups remain consistent (no schema drift).
• Keep notable events for first seen/regression markers.

Hot-plug / brown-out

• Measure stuck_detected and max_stall_time_ms.
• Measure recovery_attempts and success_rate + time_to_recover p95.
• Freeze ring buffer on failure and export crash-adjacent snapshots.

• error_rate ≤ X per 1k (window=Y s, per-endpoint + global)
• p95_latency_us ≤ X (and p99 guardrail ≤ Y)
• recovery_success_rate ≥ X% (sample count ≥ N)
• max_stall_time_ms ≤ X (and time_to_recover p95 ≤ Y)

Evidence artifacts (required)

• KPI snapshot (same window, same normalization).
• Top talkers list (endpoint ranking).
• Notable events (first seen / regression / correlation).
• Ring buffer snapshot on failures (metadata-only).

Manufacturing test

• Acceptance thresholds: error_rate, timeout_rate, recovery_success, max_stall_time.
• Quick triage: Top talkers by endpoint and notable events on first occurrence.
• Evidence output: one-page KPI snapshot with identical windows and normalization.

Field reliability

• Early warning: trend + baseline deviation alerts (debounced + cooldown).
• Remote debugging: ring buffer snapshots + context tags (fw_ver/temp/load/power).
• Regression defense: fw_ver change detection tied to notable events.

System performance

• Tuning by evidence: throughput_payload_Bps vs p95/p99 latency and error_rate together.
• Component lens: queue_wait vs on-wire vs device_service vs processing.
• Before/after compare: same workload script and endpoint bucket order.

Must-have capabilities

• Deep FIFOs / readable queue depth (prevents silent drops).
• Hardware/driver error counters with per-endpoint bucketing.
• Timestamp hooks at tap points (IRQ/DMA completion/enqueue/dequeue).
• Deterministic retry/timeout controls (consistent windows + gates).
• Bounded telemetry support (rollups + histogram bins + Top-K).

Nice-to-have capabilities

• Hardware timestamping (lower overhead, better correlation).
• Deterministic latency hooks for station-to-station correlation.
• Configurable sampling modes and freeze-on-trigger buffers.
• Isolation delay budgeting awareness (logged as metadata).