CDC verification of billion-gate SoCs

Shaker Sarwary , Bernard Murphy , Maher Mneimneh & Ravindra Aneja (Atrenta)
EDN (July 13, 2014)

This article describes three different clock domain crossing (CDC) verification methodologies and how they can best be used in verifying SoCs being designed today. Growing design size, proliferation of internal and external protocols, and aggressive power requirements are driving an explosion in the number of asynchronous clocks in SoCs. This demands that design and verification teams spend an increasing amount of time on verifying the correctness of asynchronous boundaries on the chip. Incorrect asynchronous boundaries can lead to multiple design defects not encountered in simpler designs.

Metastability is one of the major defects. A flip-flop has metastability issues if the clock and data change very closely in time, causing the output to be at an unknown logic value for an unbounded period of time. While metastability cannot be eliminated, it is usually tolerated by adding a multi-flop synchronizer to control asynchronous boundaries, and using those synchronizers to block the destination of an asynchronous boundary when its source is changing. FIFOs and 2-phase and 4-phase handshakes are typical structures used for this type of synchronization.

Glitches on asynchronous boundaries can also cause defects since a glitch on an asynchronous crossing can trigger the capture of an incorrect signal transition. Data coherency issues occur in a design when multiple synchronizers settle to their new values in different cycles and subsequently interact in downstream logic. The list goes on. While the concepts and methodologies for verification of such issues have been extensively researched in the past ten years, practical solutions have been offered primarily at the IP-level. Little work has been attempted to tackle CDC verification signoff of large system-on-chip (SoC) designs.

Click here to read more ...