The operation of a typical IC follows the synchronous paradigm, said synchronous paradigm implying that the timing of changes to inputs of a combinatorial logic block and the timing of observing or storing values at the output of said logic block is controlled by a periodic waveform (“clock”). In order for the IC to perform correctly, the time interval between an input change at a logic block and said logic block's output being observed or stored should be greater than the time taken for the final effect of said input change to propagate along any path in said logic block to said output. To ensure said correct operation, propagation delays on said paths are measured in an IC validation operation called timing analysis. Paths whose delays are measured using said timing analysis, said delays being appropriate to ensure correct operation, are called timed paths. Paths in said logic blocks, said paths being such that their delays are either not measured by said timing analysis or being such that their delays are greater than the nominal time interval between said input change and said output observation or storage, are called untimed paths.
A glitch is a transient value-change at a wire in a logic block. An example of a glitch in a logic block is shown in FIG. 1. Consider the AND gate G shown in FIG. 1. It has two inputs A and B, and an output C. C is connected to a flip-flop FF1 with input D and output Q. FF1 is controlled by a clock signal named CLK. FF1 is a positive-edge triggered flip-flop, which is a common form of flip-flop used in a typical IC, said term “positive-edge triggered” implying that FF1 will update its stored value to the value at input D at the time CLK changes value from 0 to 1, said value change of CLK being termed a “positive edge”. The detailed operation of a flip-flop has additional nuances which are not material to the present exposition. Consider, as shown in FIG. 1, that A changes from 1 to 0 at time t1, and B changes from 0 to 1 at time t2, such that t1 is later than t2. The initial value of output C, prior to said value changes at t1 and t2, is 0. The final value of C, after said value changes at t1 and t2, is also 0. Since t1 and t2 are not identical, and t1>t2, C has a transient value of 1 between its 0 initial and final value, said transient value being shown in a waveform for C in FIG. 1. Said transient value of C is shown to occur between times t3 and t4. The phenomenon of occurrence of a transient value, as shown by example for C in FIG. 1, is called a glitch, and such a transient value is called a glitchy value. The positive edge of CLK in FIG. 1 is shown to occur at time t5. The correct operation of the logic block intends to store the final value of C in FF1. If the path from A to the input D of FF1 was timed, it would be guaranteed that t5 would be later than t4, which would cause said glitch on C to not impede the correct operation of the logic circuit. On the other hand, if said path from A to the input D of FF1 were untimed, said guaranteed would not be provided, and it would be possible for t5 to be later than t3 and prior to t4. In the event of said possibility, FF1 would store the transient value of C, causing the logic block to operate incorrectly.
A salient aspect of the glitch phenomenon is that it is dependent on the specific implementation of a logic function embodied in a logic block, rather than purely on said logic function. An example of said dependence is shown in FIG. 2. Said example is illustrative in terms of providing a first-principles understanding to practitioners of IC design of situations when transient values in a logic circuit can be functionally harmful.
In FIG. 2, 101 shows a logic block with AND gate G1, AND gate G2 and OR gate G3, with the output of G3 connected to the flip-flop FF1. Said logic block has inputs A, B and C, and the combinatorial logic has output D that is input to said flip-flop FF1. FF1 is controlled by clock CLK. The paths from C to D are timed, the path from A to D is untimed, and the path from B to D is untimed. A has a constant 1 value, C transitions from 0 to 1 at time t2, and B transitions from 1 to 0 at time t1. Assume for the purpose of said 101 example that t1 is greater than t2, which implies that B transitions to 0 after C transitions to 1. Also assume for the purpose of said 101 example that the first active edge (0 to 1 transition) after t2 of CLK is at time t3. With the values of A, B and C as shown in 101, the value of signal D is 1 prior to any transitions on the inputs, and the value of signal D is also 1 after all the effects of said input transitions have settled. The net effect of said 0 to 1 transition on signal C is to block input B at gate G2 and to enable the value of input A at gate G1 to pass through to the output F of gate G1. When said 0 to 1 transition occurs on input C at time t2, the post-transition value 1 of C determines, i.e., controls, the final value of signal G. Since the path from C to D through signal G is timed, and since C determines the final value of G on said path, t3 is guaranteed to be later than any transient values on said path. After said transition on C at time t2, the 1 value on input A propagates to the F output of gate G1. Since input A does not transition, it is the final value after said transition on C that determines the final value on signal F. Since the path from C to D through F is timed, t3 is guaranteed to be later than the time required for the value at D, as determined by the path from C to D through F, to settle down. In summary, for the logic implementation in 101, the value at D, for the values and transitions on inputs A, B and C in 101, is determined by paths originating at input C. Since said paths originating at input C are timed, D will be sampled by flip-flop FF1 only after all transient values have settled, hence ensuring that no glitch value is captured and logic functionality is not impaired. In other words, the logic implementation in 101 can be said to be glitch-free.
In FIG. 2, 102 shows an alternate implementation of the same logic function embodied in 101. The 102 implementation is different from the implementation in 101 in that gate G1 as been split into two gates, namely G4 and G5, in 102. Said split is enabled by the addition of signal B as input to gate G5 and the inverted version of signal B as input to gate G4. A practitioner of logic design will recognize the circuits in 101 and 102 are functionally identical. As for 101, the signal D in 102 will also have the value 1 prior to and after the transitions on inputs A, B and C. However, 101 and 102 exhibit different behavior with respect to transient values. The behavior of gate G6 in 102 is the same as gate G2 in 101, and any transient values on the path from C to D through gate G6 in 102 settle down prior to the arrival of the active clock edge on CLK at t3, said prior arrivals ensuring that the effects of transient values on said path are not captured by FF2 in 102. The behavior of gates G4 and G5 in 102 is different from the behavior of gate G1 in 101 with respect to transient values. The 0 to 1 transition on signal C at time t2 enables the values on both signals A and B to propagate to the outputs of G4 and G5 in 102. Since signal A has a constant value 1, it does not cause any transient values at the outputs of G4 and G5. Signal B, however, has a transition from 1 to 0 at time t1, and the effects of said transition are enabled to propagate through gates G4 and G5 once signal C transition to value 1. If the delays on paths from signal B to gates G4 and G5 are such that the effect of said transition on B arrives at the input to G4 later than at the input to G5, it is possible to have a transient condition in which the outputs of G4, G5 and G6 are all at value 0. Said transient condition will cause the output of G7 to become 0, causing signal D in 102 to have a transient value of 0 between times t4 and t5 as shown in FIG. 2. Since said transient value on D is caused by signal B, and since the paths from B to D are not timed, it is possible for the active edge on clock CLK at t3 in 102 to arrive prior to the settling of said transient value on D at t5. Said prior arrival of the active clock edge will cause flip-flop FF2 in 102 to capture said transient value on D rather than the intended final value. In other words, the glitch value will be captured in FF2, causing the logic function to behave erroneously.
In summary, FIG. 2 illustrates lucidly that the specific logic circuit implementation of a logic function determines whether a logic block has potential for glitch failure. In a typical IC design process, an initial description of logic functionality is transformed by means of a series of steps, said steps collectively termed “synthesis” by IC design practitioners, into a final representation of logic functionality in terms of logic gates and storage elements, flip-flops and latches being examples of said storage elements, said final representation being called a “netlist”, following which the placement, routing, mask-creation and fabrication steps are carried out, said following steps not changing the logic circuit implementation of logic blocks in the IC. FIG. 3 illustrates said steps in IC design, highlighting that the process arrives at a final netlist representation before further steps are carried out. Since a netlist is the final version of logic circuits in the IC, and since the potential for glitch failure is dependent on logic circuit implementation, it is imperative that the final netlist be checked for glitch-failure potential before an IC is manufactured. Said final netlist in an IC is likely to have millions of points of potential glitch failure that must be checked prior to IC manufacture, making sign-off-level detection of glitch failures, said sign-off-level detection implying that all likely glitch-failures are detected (100% recall) and very few false failures are reported (high precision), in acceptable computer run time very challenging. It is in this background and context that the present invention proposes methods for efficient sign-off-level detection of glitch failures in large netlists. Said methods are extremely beneficial in the practice and commercial success of IC design.
As previously stated in the present disclosure, glitch failures occur on untimed paths, said untimed paths being present in an IC as a consequence of a number of common design patterns. One of said design patterns is an asynchronous clock-domain crossing, as shown in FIG. 4. CLK1 and CLK2 in FIG. 4 are clock signals and are asynchronous to each other. Said asynchronous relationship implies that time intervals between the value-transitions on CLK1 and CLK2 cannot be obtained deterministically, said lack of determinism making it impossible to time the paths between pairs of flip-flops such that one flip-flop in the pair is controlled by CLK1 and the other by CLK2. When a clock signal controls the time at which a flip-flop's stored value is updated, said flip-flop is termed as belonging to said signal's clock-domain. In FIG. 4, flip-flop FF1 belongs to the CLK1 clock domain, and FF2 belongs to the CLK2 clock domain. Since CLK1 and CLK2 are asynchronous to each other, any path starting at FF1 and ending at FF2 is untimed. G8 in FIG. 4 is a multiplexor logic circuit, which is functionally equivalent to the logic circuits in 101 and 102 of FIG. 2. If G8 in FIG. 4 were implemented as the circuit in 102 in FIG. 2 with gates G4, G5, G6 and G7, with input B of G8 corresponding to signal B in 102, a transition on signal Q1 in FIG. 4 could cause a transient value on the untimed path from Q1 to D2 in FIG. 4, creating the potential for glitch failure. Untimed paths due to asynchronous clock-domain crossings are by far the majority of untimed paths in an IC.
Another source of untimed paths in an IC are paths that are explicitly specified to be timing exceptions, i.e., they are purposely left untimed. A reason for said leaving paths purposely untimed is generally that the logic circuit in said paths is complex and requires more than one clock cycle to evaluate. An example of a timing exception is shown in FIG. 5. Said example is essentially similar to the example in FIG. 4, except that there is no asynchronous clock-domain crossing. All flip-flops in FIG. 5 are controlled by the same clock CLK. The paths between flip-flops FF1 and FF2 in FIG. 5 are purposely left untimed because the logic circuit “L” is very complex, said complexity causing L to require more than one clock period of CLK to complete an evaluation. Gate G9 in FIG. 5 is a multiplexor equivalent in logic functionality to the logic circuits in 101 and 102 of FIG. 2. If G9 were to be implemented as gates G4, G5, G6 and G7 in 102 of FIG. 2, and input B2 of G9 were analogous to signal B of 102 of FIG. 2, a transition on Q1 in FIG. 5 could cause a transient value change at D2 in FIG. 5, causing a glitch failure on the untimed path from said Q1 to said D2.
In addition to asynchronous clock-domain crossings and timing exceptions, untimed paths also occur in an IC due to reset signals, power management signals etc.
Said reset signals are intended to initialize flip-flops to a predetermined value. A specialized flip-flop termed “asynchronous reset flip-flop” has an input port, said port termed “reset port”, to which said reset is connected. When said reset signal connected to said reset port a flip-flop is asserted, said flip-flop assumes the predetermined initialization value, said initialization value superseding any value currently stored in the flip-flop or being provided as input on the data-input port of said flip-flop. A flip-flop without an asynchronous reset port is termed a “synchronous reset flip-flop”. A reset signal initializes a synchronous reset flip-flop by asserting the initial value through the data input of said flip-flop. In asynchronous reset flip-flops as well as synchronous reset flip-flops, the operation of the reset signal is essential for correct operation of an IC. Reset signal paths through a reset port of an asynchronous reset flip-flop are usually untimed. As a result, a glitch during reset assertion on a reset port of an asynchronous reset flip-flop can cause malfunction in logic downstream from said flip-flop.
Said power-management signals are intended to dynamically turn off or turn on a logic circuit in an IC by turning on or turning off power or clock signals to said logic circuit. Said power management signals also ensure that when a logic circuit is turned on, flip-flops in said logic circuit are in a desired initial state. Paths involving said power-management signals may be untimed, in which case glitches on said paths are likely to cause malfunction in a logic circuit to which said power-management signals are connected.
As a result of potential of IC failure due to glitches on said reset and said power-management signals, detection of likely glitch failure prior to IC manufacture is essential in these cases as well.