a pragmatic approach to metastability-aware simulation · metastability effects •storage elements...
TRANSCRIPT
A Pragmatic Approach to Metastability-Aware Simulation
Joseph Bulone, Kalray
Roger Sabbagh, Mentor Graphics
© Accellera Systems Initiative 1
Metastability Effects
• Storage elements can enter a metastable state
• When timing constraints are violated
• Cycle-based effect: unpredictable propagation time
© Accellera Systems Initiative 2
din tffMTBF
clk
1
fc lk = Clock Frequency
fin = Input Signal Frequency
td = Duration of critical time window
CLK
D
Q
CLK
D QDomain A
Domain B
Setup/hold window
Single-Cycle Delay and Bleed-Through
© Accellera Systems Initiative 3
Q
D
CLK
Simulation captures a ‘1’ while
silicon produces either a ‘1’ or ‘0’.
Effect: single-cycle delay
Setup Violation
Q
D
CLK
Hold Violation
Q in silicon Q in silicon
Simulation captures a ‘0’ while
silicon produces either a ‘1’ or ‘0’.
Effect: bleed-through
CDC Reconvergence
© Accellera Systems Initiative 4
Tx1 Rx1
Tx2 Rx2
Logic
in clock
domain A
Logic
in clock
domain B
Logic in clock domain C
Setup violation
Tx1
clk_B
Tx2
Rx1
Rx1
Rx2
Rx2
Timing relationships between signals look OK in simulation…
but may be skewed in silicon
If the logic in domain B depends on such timing relationships, it will lead to a functional bug
Classical Methods
• Modified synchronizer
Incomplete Bleed-through not modeled
Misses paths with other synchronizers E.g. 3rd party IP
• CDC formal analysis
Must manually review
May miss some deep endpoints
© Accellera Systems Initiative 5
Questa CDC-FX Method
• Metastability effects model
Models bleed-through and single-cycle delay
Independent random control for each bit
Built-in coverage points
• Bind to each CDC signal
All paths covered
Independent of synchronizer type
© Accellera Systems Initiative 6
Application to the MPPA-256
• 160 Mgates
• 28 nm
• 3rd party IPs as
– DDR controller
– PCIe controller
– Ether. controller
– Flash controller
© Accellera Systems Initiative 7
The static CDC results are a user issue
• Extracted CDC scheme classification– Well-known and formally proved as correct
– Conditionally proved thus formal investigation• OK
• KO
• No conclusion
– Missing synchronizer
– Not extracted e.g. too deep reconvergence
• Small in-house IPs or synchronizers– Can be controlled and managed
• Complex 3rd party IP– Not manageable: too many (> 10 000)
© Accellera Systems Initiative 8
CDC correctness scheme can be stimuli/constraint dependent
• Correctness meaning ?
– Data register 1 interpretation ?
• How to ensure correctness ?
– Input stimuli constraints
– clkB skew and clkA frequency
• No general formal model including metastabilityeffects and constraints
© Accellera Systems Initiative 9
Software controlled
bit
Metastable bit register
Bit register 0
select_new_data
clkA domainSoftware
controlleddata
clkB domain
Metastable data register
Data register 0
Data register 1
0 1
Some partial solutions
• Systematic waiving– Usually too risky
• Specific mode selection– Time consuming
• Knowledge requirement
• Number of modes
– Mode description
– Mode transitions
• Increase convergence depth threshold– Time consuming
• Knowledge requirement
• Manual analysis
© Accellera Systems Initiative 10
The metastability-aware simulation
• Instrumentation thanks to static analysis results
– Automated
• Seed choice
• Reception clock window parameter definition
– Too large >= 100% of clock cycle • may lead to false errors
– Too small < 100% of clock cycle• may lead to missed metastability potential events
– Our choice = 99%
© Accellera Systems Initiative 11
Metastability-aware simulationwithin continuous integration flow
© Accellera Systems Initiative 12
Wait for integration request
Test for user rights
Try for a local merge
Run short test suite
Warn user
Requestcorrection
Update a main branchwith merge result
Wait for main branch update
Update passedrevision table
Derive metastability tests
Requestcorrection
Generate metastability seed
Run long test suite
Practical results
• Low impact onto overall simulation time
– Setup/compilation time: 2x
– Execution time: below parallel execution variability
• DDR controller bug observed on FPGA platform
– Diagnostic in metastable-aware simulation
– Reconvergent paths via 2 asynchronous FIFOs
• Flash controller was CDC behavior dependent onto software code
© Accellera Systems Initiative 13
Conclusion and future
• Static approach is not enough especially with 3rd party IPs
• Dynamic results will depend on stimuli quality
• Expectations as user– CDC coverage metrics improvement
– Qualification notion extension
– Formal verification environment based on• Formal modeling of metastability effects
• Formal constraints on the use model
• Formal modeling of expected behavior taking into account metastability effects
© Accellera Systems Initiative 14
Questions
© Accellera Systems Initiative 15