1. Field of the Invention
Apparatuses and methods consistent with the present invention relate to the field of circuit design verification and in particular integrated circuit design verification. More particularly, the disclosed apparatuses and methods relate to a method for metastability verification of circuits of an integrated circuit.
2. Description of the Related Art
Today's system on a chip (SoC) size, timing, and power requirements cannot be met under traditional synchronous clocking methodologies where a single clock controls all memory elements. While controlling an integrated circuit (IC) with multiple clocks helps in meeting those requirements, the asynchronous nature of the clocks brings about new challenges. Signals transmitted asynchronously from one clock domain to another do not have a predictable timing and therefore violate timing requirements that are easily met in synchronous interfaces. Analysis and verification of asynchronous interfaces for correct synchronization mechanisms in such designs are becoming an essential part of SoC design flows. Neglecting this aspect of verification, often leads to chip failure. This is now handled by a verification step known as clock domain crossing (CDC) verification. Prior art solutions and products attempt to address this verification need, however, CDC verification remains a challenge to designers due to many limitations of the conventional solutions.
Several challenges must be addressed in order to be able to provide an effective solution. The first challenge has to do with the large amount of false violations. This is also known as the noise problem. Many verification tools generate large number of violations that are not real design problems. These violations are often due to the lack of in-depth analysis of the design resulting in identification of unsynchronized clock domain crossings while in fact the crossing is synchronized. Designers have to review thousands, tens of thousands or even hundreds of thousands of violations to identify the few real design problems. The second challenge involves missing real design bugs due to a large amount of violations and an inability to distinguish problematic ones. One approach involves the generation of a heuristic report that is a subset of potential problems causing some real design issues to be masked and therefore leading to real IC failures. The third challenge involves hard-to-debug violations. Lack of in-depth analysis of crossings and synchronization mechanisms result in superficial report of a design defect, leaving the user with little hint on determining the root cause of a problem and deciding how to fix the problem.
These shortcomings are mainly due to superficial structural analysis of the design which tends to generate false violations as well as mask real design bugs. For example, a FIFO, recognized on the basis of a memory and some control logic and corresponding clock domain crossings, maybe reported as synchronized regardless of whether asynchronous events are stopped by the control structure or not, and regardless of whether asynchronous glitches can propagate through the enable structure or not.
Synchronization circuitry is often verified with a variety of static and dynamic approaches. Typical static verification consists of design structure analysis targeted at identifying elements of a typical synchronization circuit such as a multi-flop synchronizer circuit on a control crossing. Such approaches are very convenient and fast as they rely on simple design traversal techniques. However, these approaches suffer from the shortcomings listed in the introduction section, such as high number of false violations.
There has been little research in solving synchronization verification and typically ad-hoc solutions addressing specific synchronization structures are provided. For example, U.S. Pat. No. 7,536,662 assigned to the current assignee, addresses such a specific case, and provides a method to recognize FIFO structures in a design. However, there are at least two scenarios not covered by this approach. In the first, the read/write pointer logic can be implemented using different styles. Traditionally it is implemented through counters or incrementers. However, other implementations based on shift registers with one active token are possible. The techniques for recognizing the FIFO in this case have to be enhanced to address this new style of read/write pointers. Since designers can always come up with new approaches to implementing the read/write pointer logic, a verification approach based solely on using structural recognition of FIFOs will not suffice. Another example is the case where the ratio of the clock domains is known and users decide to skip the empty and full flags which are essential to the recognition scheme used. Removing these flags makes the approach unsuitable for synchronization verification.
U.S. Pat. Nos. 7,506,292 and 7,073,146, both assigned to the current assignee, target the data hold problem only, and the method provided is not suitable for large designs as they are performing functional verification of a large part of the design which may not be needed to guarantee correctness of synchronization structures. The approaches consider a clock domain crossing as an individual flop to flop path and ignore the overall architecture of data crossings that would help in better understanding and effectively verifying the clock domain crossings. To illustrate this further, U.S. Pat. No. 7,509,292 considers a crossing as synchronized if a change at the source register and a change at the destination register of the crossing do not take place at the same time. However, in most designs there are multiple sources in the crossing. It is not sufficient to check that these two conditions do not occur at the same time. For example, although a destination changes at the same time that source S1 changes, it might be correctly loading the value of another source S2, with correct synchronization. Thus the condition described above is sufficient but not necessary for a crossing to be synchronized.
There is a need for comprehensive and systematic approach to verifying synchronization systems that leads to a robust result. As prior art solutions are point solutions where a FIFO structure or a handshake circuitry is identified using a-priori understanding of these structures, it would be advantageous to provide a generic recognition approach with improved performance. The solution should also overcome failures of prior art solutions due to simple modification to the structures as well as generation of new structures that combine these simple ones as building blocks.