Innovating the Intelligence of Formal Techniques for Automatic Design Verification

Press Releases

Real Talk Blog

Events

Published Articles

Newsletters

Video Interviews

Blog Archive
July 2010
7/30/2010: Hardware-Assisted Verification Usage Survey of DAC Attendees
7/23/2010: Leadership with Authenticity
7/16/2010: Clock Domain Verification Challenges: How Real Intent is Solving Them
7/09/2010: Building Strong Foundations
7/02/2010: Celebrating Freedom from Verification
June 2010
6/25/2010: My DAC Journey: Past, Present and Future
6/18/2010: Verifying Today’s Large Chips
6/11/2010: You Got Questions, We Got Answers
6/04/2010: Will 70 Remain the Verification Number?
May 2010
5/28/2010: A Model for Justifying More EDA Tools
5/21/2010: Mind the Verification Gap
5/14/2010: ChipEx 2010: a Hot Show under the Hot Sun
5/07/2010: We Sell Canaries
April 2010
4/30/2010: Celebrating 10 Years of Emulation Leadership
4/23/2010: Imagining Verification Success
4/16/2010: Do you have the next generation verification flow?
4/09/2010: A Bug’s Eye View under the Rug of SNUG
4/02/2010: Globetrotting 2010
March 2010
3/26/2010: Is Your CDC Tool of Sign-Off Quality?
3/19/2010: DATE 2010 – There Was a Chill in the Air
3/12/2010: Drowning in a Sea of Information
3/05/2010: DVCon 2010: Awesomely on Target for Verification
February 2010
2/26/2010: Verifying CDC Issues in the Presence of Clocks with Dynamically Changing Frequencies
2/19/2010: Fostering Innovation
2/12/2010: CDC (Clock Domain Crossing) Analysis – Is this a misnomer?
2/05/2010: EDSFair – A Successful Show to Start 2010
January 2010
1/29/2010: Ascent Is Much More Than a Bug Hunter
1/22/2010: Ascent Lint Steps up to Next Generation Challenges
1/15/2010: Google and Real Intent, 1st Degree LinkedIn
1/08/2010: Verification Challenges Require Surgical Precision
1/07/2010: Introducing Real Talk!

CDC (Clock Domain Crossing) Analysis – Is this a misnomer?

Al Joseph   Al Joseph
   Sr. Application Consulting Engineer at Real Intent

The high-tech industry is chock-full of acronyms. Each time a new problem is identified, out comes a new acronym that quickly gets standardized. It is very typical for complex new problems in, for example, our VLSI design industry to take years to understand and solve fully. Unfortunately, in many of these cases, the new acronym gets co-opted by a premature solution or a solution to a subset of the actual problem rather than be associated with the fundamental problem itself. The end result can be confusion and miscommunication as customers who use these incomplete solutions with the fancy acronyms do not realize that their problem is not fully solved and end up with project failure.

A revealing instance of this phenomenon is CDC – Clock Domain Crossing – analysis. As asynchronous crossings became more mainstream because of larger dies and greater system-level complexity on chip, it became clear that managing metastability was of paramount importance. The analysis of the design for proper metastability management came to be known as CDC analysis. Unfortunately, early solutions for CDC analysis only verified single-bit metastability management (synchronizers implemented as back-to-back flops) and data-bus metastability management (controlled by a synchronized common enable signal).  Designers’ understanding of CDC analysis even up to this day, as CDC analysis has become mission-critical for SOC designs, is that it only requires checking these two attributes.

In reality, the above two checks are just the tip of the CDC analysis iceberg. To begin with, they represent only a limited checking of metastability management. In addition, clock domain analysis must check for many more issues than just metastability management like the ones listed here:

-          Data correlation when you have fast to slow clock crossings

-          Cycle jitter tolerance in data crossings

-          Cycle jitter in control crossings

-          Glitch issues even when control busses are gray coded

-          Glitch issues with clock gating implementation

-          Re-convergence of signals synchronized separately to a single clock domain

-          Correct implementation of asynchronous FIFO protocols

-          Correct implementation of resets that cross multiple domains

As with metastability verification, all of the above issues are very difficult to characterize and verify with simulation-based techniques.  There have been many silicon re-spins as a result of not comprehensively verifying the above issues. Examples of failures we have seen happen in practice are quite revealing:

-          An asynchronous reset-control that crossed clock domains but was  not synchronously de-asserted, causing a glitch in control lines to an FSM

-          Improper FIFO-protocol controlling an asynchronous data crossing resulting in a read-before-write resulting in functional failure

-          Reconvergence of synchronized control signals to an FSM that were not gray-encoded, resulting in cycle jitter that, in turn, caused a transition to an incorrect state

-          Glitch in a logic cone on an asynchronous crossing path that was latched into the destination domain resulting in corrupt data being captured

-          Gating logic inserted by back-end tools for power management resulted in glitches on a clock

Verifying the above issues must use a combination of structural analysis and static formal property checking. Older tools that do only a limited amount of checking but continue to use the CDC moniker do the customer a disservice. They also do a disservice to modern tools like the Meridian product family from Real Intent that provides the most comprehensive analysis of CDC related issues.    Meridian does this by identifying all asynchronous crossings, verifying proper metastability management in crossings, comprehensively verifying that logic in asynchronous crossings is glitch free and by verifying asynchronous crossing control protocols.  Since logic is inserted by back-end tools into clock nets, it is important that the tool be able to run on a netlist. Meridian is the only CDC tool that can be run on netlists as well as on RTL, recognizing all asynchronous crossing controls including FIFO’s. Meridian is also the only tool that enables CDC checks to be performed in simulation in addition to static structural and formal analyses.

So, beware of acronyms! Make sure you know what they really represent.

Feb 12, 2010

blog comments powered by Disqus