About a decade ago, semiconductor designs had just a few asynchronous clocks which were easily managed by designers through the process of manual design reviews. The situation today is completely different. An SoC can have hundreds of asynchronous clocks, driving different complex functions, spread across various IPs, supplied by different vendors. It’s just not possible to analyze the interaction of all these asynchronous clocks manually, and even the traditional tools are not sufficient. Tools need special intelligence to recognize the synchronized and unsynchronized crossings between various asynchronous clocks to identify design issues. In the SoC verification arena, Clock Domain Crossing verification is at the forefront of RTL verification because a single CDC issue, if not resolved well, can result in design failure forcing an expensive design re-spin.
Knowing that Atrenta’sSpyGlass® has a comprehensive solution for CDC analysis, I fixed up an appointment with Paras Mal Jain, Director Engineering at Atrenta, to learn about their SpyGlass CDC product. Paras has been involved in the development of the SpyGlass CDC product from the very beginning when customers started demanding an automated tool for handling CDC issues. It was an interesting conversation involving intricate details about CDC in general and the SpyGlass CDC product in particular.
Q: Paras, I hear these days, CDC has become a big issue in SoC Verification. I also hear that you have a comprehensive solution for this. Tell us more about the solution.
A: Yes, CDC has become one of the most dreaded problems in SoC designs. The issue appears when signals cross asynchronous clock boundaries without being synchronized. It’s difficult to catch CDC issues precisely by using traditional tools which may either under-report real design issues and / or over-report false violations; static timing analysis and RTL simulation tools are not suitable to identify the CDC problems. We have a state-of-the-art solution with a strong structural CDC verification sign-off flow, proven across a very large number of customers. We also offer solutions for SoC level CDC analysis and functional CDC verification. Then, there is also simulation based dynamic CDC verification for certifying the SoC design to be CDC safe, i.e., CDC sign-off.
Q: What kind of structural analysis is done? More importantly, how are the identified issues resolved?
A: SpyGlass CDC provides a rich suite of rule-sets to verify all kinds of structural CDC issues. To begin with, it helps in validating the user setup to ensure that CDC verification does not result in bogus violations. Next, it identifies unsynchronized and synchronized clock domain crossings. There can be numerous unsynchronized crossings detected, but the real value of the product is in performing the protocol independent analysis to enable identification and filtering out the false negatives upfront.
· Paths that can be between clocks of two slaves that never interact among themselves
· Crossings due to quasi-static signals and crossings between other groups of signals that don’t require synchronization
· User defined synchronizers
SpyGlass CDC provides flexibility to the user to define custom synchronizers. By eliminating the majority of false violations, SpyGlass CDC saves lots of the designers’ time and allows them to focus on real design issues.
Other structural CDC checks include convergence and reset verification. Another important aspect of CDC verification is analysis across power domains without power logic instrumentation. This helps users identify the CDC issues which would otherwise be shown after power logic instrumentation. As part of its CDC methodology, SpyGlass CDC provides guidance to users throughout the design and validation process. It also helps users identify the inputs such as the synchronous and asynchronous reset signals. Additionally, it also identifies quasi-static signals that need to be ignored during investigation and analysis for unsynchronized crossings.
Q: What is protocol independent technology?
A: SpyGlass offers low noise CDC verification using protocol independent synchronization checks. With this technology, we identify generic synchronization elements as opposed to rigid structures. We don’t need to necessarily chase around RTL specific structures which may be design style dependent. Depending on rigid RTL structures can be error-prone and it is almost impossible to detect all RTL styles; protocol independent analysis is immune to design structures and can identify FIFO, handshake, and other synchronizers that are properly designed in a generic way. It identifies critical signals for a clock domain crossing which may synchronize the crossing structurally and it also checks if it would make the crossing work functionally correct.
Our protocol independent synchronization verification is a patented technology and can exhaustively verify any CDC problems in a holistic way and provides ease of debug. This is seamlessly integrated into the SpyGlass Platform.
Q: How are the functional checks done?
A: The functional checks are done to ascertain that the circuit is working properly without any data loss, data incoherency issues, or glitches in the design. The functional checks are necessary because structural CDC analysis only makes sure that synchronizers are in place to avoid metastability, but functionality of the synchronization circuit is verified using functional verification. Assertion based verification techniques are used to perform the functional checks. The assertions are inferred automatically without requiring any user intervention and then they are verified using advanced formal engines. For example, in case synchronized signals are converging in the design, they should be gray-encoded. SpyGlass CDC automatically infers such signals and verifies them automatically, to ensure they are gray encoded using formal verification techniques. Use of a wide range of formal engines, abstraction refinement techniques, multi-core features, and support of verification languages such as OVL / SVA results in a comprehensive and productive functional verification.
We have a combined methodology for both structural and functional verification to perform early CDC sign-off.
Q: This seems quite interesting. Considering the SpyGlass RTL sign-off solution, how is the overall flow constituted? How are the issues substantiated from RTL to Gate level, because there can be a few structural changes, if not more, between the two?
A: There are primarily three types of verification – structural, functional, and dynamic, as shown in the figure below:
At the RTL, substantial structural analysis and functional analysis is performed to find all CDC issues. At the gate level, insertion of clock gating, power optimization logic, or some other net-list level changes may introduce new CDC issues. Therefore, it is mandatory to perform complete structural analysis. The functional verification is done as required depending upon the fixes done during structural analysis.
Q: What is your experience from customers with the product?
A: Our customers have been extremely positive. Most of the top 20 semiconductor companies and over 150 customers are using the SpyGlass CDC solution. It’s the market leader in the industry for identifying CDC issues at the IP level, as well as the SoC level. We have many success stories from our customers who avoided re-spins of their chips by using SpyGlass CDC.
This was a very absorbing conversation with Paras, and I could gauge the finer handling of the issues by SpyGlass CDC that provides automated and comprehensive guidance to the users.
SpyGlass CDC provides comprehensive CDC signoff including structural and functional CDC analysis, ease of debug, low noise and highest performance for very large size designs.
Atrenta has organized a free live webinar on ‘Signoff Quality CDC Solution for Billion+ Gate Designs’. Here is the schedule –
Date: Wednesday, June 25, 2014
Time: 10 AM PDT
Interested people can register to reserve the slot and know more about CDC.