©Copyright 2012 Real Intent Inc., Proprietary and Confidential

Lending a ‘Formal’ hand to CDC Verification : A Case

Study of Unexpected Failure Signatures

©Copyright 2013, All rights reserved.

Constant demand for high-performance, low-power, feature-rich devices with shorttime-to-market windows is the new normal in the chip design industry. Designsspend 70% of the product cycle in the hands of verification engineers who aretrying to grapple with an exponential increase in the chip’s functional modes partlythanks to multiple power and clock domains. Certainly, they can benefit from someverification assistance from designers especially in areas which require a relativelydeep understanding of the microarchitecture. One such niche area involves ClockDomain Crossings whose verification typically spans functional simulation, statictiming analysis and gate-level simulation.

In this presentation, we identify parts of the CDC verification problem that areamenable to verification by digital design engineers and highlight cases wherenon-intuitive failure signatures are exposed by the use of formal analysis. Weshow how these failure signatures can be used to improve design quality and tobolster the verification suite. Additionally, we also discuss how the knowledgegained from this exercise can help design engineers make their designs future-proof, a much desired trait in this age of heavy design reuse. Designers lending a‘formal’ hand to verification engineers enhances productivity, reduces productcycles and helps meet aggressive time-to-market deadlines.

AbstractAbstract

©Copyright 2013, All rights reserved.©Copyright 2013, All rights reserved.

Motivation – DAC SurveyMotivation – DAC Survey

* Over 300 responders

©Copyright 2013, All rights reserved.

Fundamental CDC Problem – MetastabilityFundamental CDC Problem – Metastability

CDC Signal

clk1

D Q

clk2

D Q

Transmitting Flop Receiving Flop

For designs with asynchronous clock domains, it is unavoidablethat the CDC signal violates the setup/hold window of the receiving

clock, resulting in metastability

Metastability related failures can be intermittent and hard to find,

resulting in expensive chip re-spins when found late in design cycle.

©Copyright 2013, All rights reserved.

DQ

DQ

D Q DQ

D Q DQ

D Q

DQ

D QDQ

D Q

DQ

D Q

Transmit Data

Control Signal

Receive Data

CLK2CLK1

Control Logic

Common Synchronization SchemeCommon Synchronization Scheme

Control crossing must be:

1. Synchronized

2. Only one signal transition for buses (gray-coded)

3. Free of hazards & glitches

4. Stable for more than 1 receiving clock cycle

Data crossing needs to

be a multi-cycle path

©Copyright 2013, All rights reserved.©Copyright 2013, All rights reserved.

TerminologyTerminology

� Pulse Width Check� Uses Formal Analysis to verify that the control signal(s) is

stable for longer than one receive clock period� This check ensures that data will not be lost due to inadequate

width of the control signal

� Data Stability Check� Uses Formal Analysis to verify that data updated by the

transmit domain cannot be captured by the immediately following receive clock edge

� This check ensures that captured data will not be metastable in the receive domain

� Tx and Rx� Tx refers to the transmit clock frequency and Rx refers to the

receive clock frequency

©Copyright 2013, All rights reserved.©Copyright 2013, All rights reserved.

CDC Verification in the Design Flow TodayCDC Verification in the Design Flow Today

� Spread across the flow� Scripts built around STA tools� Custom gate-level simulation environments� Protocol verification with RTL simulations

� Primarily handled by Verification and Back-End teams � Insufficient insight into design� Longer debug iterations� Late in the flow

� Recommendation� Move CDC verification partially to Front-End teams� Leverage automatic formal CDC verification

©Copyright 2013, All rights reserved.©Copyright 2013, All rights reserved.

Case Study - Design Exploration VariablesCase Study - Design Exploration Variables

� Design Options� Control Logic

� Counter-based� FSM-based� Pulse stretcher

� Detector� Signal transition-based (XOR

gate, low-to-high detect etc.)� FSM-based

� System Variables� Clock Frequencies and Ratios

� Specified via environment file of CDC tool

� Reset Timing� Relative reset release of clock

domains specified in environment file of CDC tool

©Copyright 2013, All rights reserved.©Copyright 2013, All rights reserved.

DUT Results - Pulse WidthDUT Results - Pulse Width

Control Logic: Counter-based Detector: Low-to-High Transition Resets: Aligned

Control Logic: Counter-based Detector: Low-to-High Transition Resets: Aligned

©Copyright 2013, All rights reserved.©Copyright 2013, All rights reserved.

DUT Results - Data StabilityDUT Results - Data Stability

Control Logic: Counter-based Detector: Low-to-High Transition Resets: Aligned

Control Logic: Counter-based Detector: Low-to-High Transition Resets: Aligned

©Copyright 2013, All rights reserved.©Copyright 2013, All rights reserved.

Data Stability Fail (Counter =14, Tx = 3Rx)Data Stability Fail (Counter =14, Tx = 3Rx)

Tx Clk

Rx Clk

Control

Mux-on

Data

Rx Data

Counter

Tx Clk Rx Clk

Rx Data

Mux-on

©Copyright 2013, All rights reserved.©Copyright 2013, All rights reserved.

Data Stability Fail ( Counter =16 , Tx = 3Rx)Data Stability Fail ( Counter =16 , Tx = 3Rx)

Tx Clk

Rx Clk

Control

Mux-on

Data

Rx Data

Counter

Tx Clk Rx Clk

Rx Data

Mux-on

©Copyright 2013, All rights reserved.©Copyright 2013, All rights reserved.

Pulse Width Results – Aligned vs. Offset ResetsPulse Width Results – Aligned vs. Offset Resets

Control Logic: Counter-based Detector: Low-to-High Transition Resets: AlignedControl Logic: Counter-based Detector: Low-to-High Transition Resets: Offset

Control Logic: Counter-based Detector: Low-to-High Transition Resets: Aligned

©Copyright 2013, All rights reserved.©Copyright 2013, All rights reserved.

BenefitsBenefits

� For Verification Engineers� Saves testbench development time and effort� Deep understanding of design not required

� For CAD Engineers� Saves Back-End CDC verification time and effort� Streamlines design flow as RTL fixes need not be rerun through

multiple tools

� For Design Engineers� Design exploration enables configurable designs to be future-

ready� Helps understand legacy designs and helps identify the range of

safe frequencies � Higher quality RTL handoff to the verification team

©Copyright 2013, All rights reserved.©Copyright 2013, All rights reserved.

SummarySummary

CDC-related design trends require use of dedicated CDC toolsand a re-evaluation of current CDC verification methodology, flows and practices.

The use of automatic formal CDC verification in a case-study involving a common synchronization scheme revealed non-intuitive failure signatures .

Moving CDC verification partly to the design teams has numerous benefits including enhanced productivity, reduced verification complexity and shorter time-to-product .