Metastability occurs when digital signals passed between circuit elements (e.g., from one flip-flop to a second flip flop) are unable to settle into a stable ‘0’ or ‘1’ logic level within the time required for proper circuit operation, thereby resulting in erroneous data transfers. A well-known source of metastability occurs when signals are passed from a first circuit element controlled by one clock signal to a second circuit element controlled by a second clock signal. Clock domain crossings (CDCs) and power domain crossings (PDCs) are well-known sources of metastability. Asynchronous reset crossings within a same clock domain can also cause metastability. Use of asynchronous resets is becoming more prevalent because of the wider use of multiphase power-up boot sequences. As a consequence, Reset Domain Crossing (RDC) issues are causing more and more design errors. Such errors can add significant time and expense to the design and debug cycles, and may even find their way into the silicon, necessitating costly re-spins. Like CDC verification, RDC verification is equally important to ensure that the designs work as expected.
In modern integrated circuits (ICs), there may exist domains (sub-circuits) where the power can be independently controlled (power domains), and also domains that can be independently reset (reset domains). Problems arise when signals cross from one domain to another. This is referred to as a domain crossing. Each type of crossing (power and reset) must be checked to ensure that domain crossings do not lead to circuit instability.
One technique for addressing signal domain crossing is to gate the crossing between domains and to open the gate only when it is safe for data signals to cross the domains. Referring to FIG. 1(A), if a first reset signal 58 is asserted to a source flop 52 in a first reset domain (first reset signal 60), then the source flop data output 64 of source flop 52 is asynchronous to the clock 55. If second reset signal 58 is not asserted (not active) to flop 54 in a second reset domain (with second reset signal 59), a destination flop data output of destination flop 54 in a second reset domain can become metastable due to a data setup/hold violation caused by the asynchronous assertion of the first reset signal 58 in the first reset domain.
FIG. 1(B) illustrates one technique to make a safe data path between the two reset domains. A second flop 64 is inserted immediately after the data path between the source flop 52 and the destination flop 54. At reset signal 59 assertion, output 68 of destination flop 64 can still go metastable but second flop 54 adds one extra clock cycle delay to path. Metastable value of a signal tends to settle down eventually to known value with time. Metastable value of signal 68 of flop 64 may settle down because of extra clock delay of second flop 54. Thus containing unstable (metastable) behavior of circuit.
FIG. 1(C) illustrates yet another technique to make a safe data path between reset domains. The source flop data output 52 (data of reset domain with reset signal 58) is passed through a gate 72 before reaching the data input of destination flop 54 (another reset domain with reset signal 59), again ensuring that the destination flop data input 76 is a stable value regardless of when the first reset signal 58 asserts. The gate 72 may be operated by an isolation flop 76 that outputs a gate control 78 signal to the gate 72.
FIG. 1(D) illustrates a circuit 80 comprising a first power domain 82 and a second power domain 84. A first power domain output 88 is gated by a gate 86 under the control of a gate enable 85. This controls the gate output 87 to the second power domain 84, providing a safe path between the power domains.
The various gating circuits for creating safe data paths between domains described in FIG. 1(D) may collectively be referred to as “isolation strategies”. And signal 85 in FIG. 4 is called UPF isolation enable signal, UPF isolation control signal, or power domain control signal.
Conventionally, when both reset domain and power domain crossings are present together on same design path in an IC design, the designer analyzes them separately and applies control gates separately. That is, modern IC designs are typically defined using both a Hardware Description Language (HDL) description and a Unified Power Format (UPF) description, and modern EDA software tools include both HDL design and verification tools that are configured to identify and addressing RDC issues using the HDL description, and separate UPF tools configured to identify and addressing PDC issues using the UPF description. Because design must use separate design and verification tools to address RDC and PDC issues, the designer often generates isolation and synchronization circuitry to address RDC issues that is different from isolation circuitry generated to address PDC issues, even when some of the circuitry could be efficiently “shared” (i.e., utilized to address both RDC issues and related PDC issues). The generation of separate circuitry thus generates an unnecessarily high design burden on the designer, and can lead to unnecessarily larger circuit designs and signal delays due, for example, to redundant isolation gates.
What is needed is a methodology and associated design and verification tools that avoids the issues set forth above. In particular, what is needed is an efficient method for providing isolation/synchronization circuitry in a circuit design that automatically detects and either notifies a designer when isolation resources may be shared by related reset domain crossings (RDCs) and power domain crossings (PDCs), or automatically generates a shared RDC/PDC isolation solution.