n Ways to Fool Your Synchronizer

1
n Ways to Fool Your Synchronizer

• Ran Ginosar
• Technion, Israel
• With generous contribution of numerous designers

2
Outline

• Whats good
• Whats bad

3
Not Really Errors !

• Most examples actually worked as planned
• Some of them failed when
• They were reused in a different context
• They were reused by a different team
• Some assumptions have changed
• Assumptions were not documented
• Design methodology was not enforced
• They were validated by simulation
• They were subject to the shrink team syndrome

4
What is a Good Synchronizer?
TX FSM
R
RX FSM
R2
V
A
A2
L
L
IDLE
IDLE
V
R2
R2
REQ/R1
A2
ACK/A1
A2
WAIT
5
What is a Good Synchronizer?

• Solid synchronization circuitshigh MTBF
• Bundled data
• Asynchronous handshake protocol
• Bi-directional ! Or else it isnt a handshake
• A control signal does NOT change until it is
  acknowledged
• No shortcuts!
• No circuit tricks!
• No assumptions!

6
What is a solid sync circuit ?
data
data
REG
REG
RDY
RDY
FF1
en
en
One-cycle
Two-flop
S2 cycles, 2ltL?3
S1 cycle, 1ltL?2
data
data
REG
REG
RDY
RDY
FF1
en
FF1
en
T-d
Half-cycle
Flash
S1/2 cycle, 0.5ltL?1.5
Sd, dltL?1d
7
How much settling time is needed?
0.13m, t5ps, TW50ps, FDFC/10
10K years
100 years
One year
One day
MHz
8
How does it look when it fails?

• Normal operation

9
How often does this happen?

• Data arrive uniformly over clock cycle T
• Assume TW is the danger zone
• p( enter metastability ) TW / T TW ? FC
• Data may arrive not every cycle but only at
  frequency FD
• Rate ( entering metastability ) TW ? FC ? FD
• Consider the 0.13mm technology example
• FC400 MHz, FD40 MHz, TWlt50ps
• Rate (entering metastability ) 1 MHz (every
  1msec !!!)

10
Outline

• Whats good
• Whats bad

11
Avoiding Synchronization

• Myth Since MTBF is a million years, there is no
  metastability and I dont need a synchronizer
• Fact
• Many synchronizers enter metastability a zillion
  times every second !
• Circuit should be metastability-tolerant.There
  is no such thing as a metastability-free
  interconnect of asynchronous clock domains.

12
Listening to FAB or Vendors

• Dont worry, in our new process we managed to
  get t down to 5 ps, so you will never have a
  problem!
• We can build an always-failing synchronizer on
  any process
• And some of us actually have

13
One-FF Synchronizer
R
A
SENDER
RECEIVER

• Long delay may lead to setup violation
• We have seen that in action
• Advise against in SoC methodology
• Use with caution, only in latency-critical
  situations

14
Sneaky Path

• Unintentional clock-domain crossing
• Typically results from
• Design change
• Lack of sync validation
• Validate
• Use STA tools
• report_timing -clock_from CLK1 -clock_to
  CLK2
• Account for each crossing
• Some available tools (unidirectional only)
• Synopsys (Avant!) CDC
• _at_HDLs _at_Verifier / _at_Designer

15
(No Transcript)
16
Simulating Synchronizers

• Use random delays on a logic simulator
• No one will ever hit any synchronization failure
• Use random 0/1 extra cycle delay in the
  synchronizer
• The circuit might fail on 2 cycles delay, or 3,
  or 4
• Use analog simulation to identify failures
• So what ?

17
Greedy Path
D
R
R1
R2
SENDER
RECEIVER

• Typically wrong edge detector
• An un-intentional One-FF Synchronizer
• Advise against in SoC methodology
• Use with caution, only in latency-critical
  situations

18
Half Protocol
TX FSM
R
R2
V
D
R
R2
L
delay
U
R-
R2-
L
L
IDLE

• We know the ratio TCLK/RCLK
• Sender waits k cycles
• Unsafe, non-persistent STG
• But what can go wrong ?

V
REQ/R1 for k
19
Half Protocol
TX FSM
R
R2
V
D
R
R2
L
delay
U
R-
R2-
L
L
IDLE

• Assumptions that change

V
REQ/R1 for k
20
Global Reset

• See any problem?
• RESET gets into an asynchronous clear, so why
  should we bother?

21
Global Reset
RESET
CLK

• Must synchronize trailing edge of reset

22
Pulse Synchronizer
D
Q
P
R
EN
SENDER
RECEIVER
P
cycle
R
Q
D

• What can go wrong?

23
Pulse Synchronizer
D
Q
P
R
EN
SENDER
RECEIVER
P
cycle
cycle
Q
R
D
24
Slow-to-Fast Synchronizer

• How does it work?
• T is set for one cycle
• Receiver has at least 2 chances to read T
• What can go wrong?

25
Slow-to-Fast Synchronizer

• In a next generation chip, the sender is faster
• Reuse limitation

26
Parallel Synchronizer
REG
REG

• Used in Multi-Sync cases
• New data sent every cycle
• This one is extremely dangerous (MTBF0) !
• Why?

27
Parallel Synchronizer
...

• Some bits may go metastable
• Some will resolve to 0, others to 1
• Guaranteed to fail

28
A Two-Latch Synchronizer

• Whats wrong with this one?

29
A Two-Latch Synchronizer

• The synchronizers were left out

30
Conservative Synchronizer
R
SENDER
RECEIVER
A

• Whats the MTBF for
• Two-FF sync ?
• Three-FF sync ?
• Eight-FF sync ?

• FC 200MHz
• FD FC
• TW 50 psec (0.18m)
• t 10 psec

31
Conservative Synchronizer

• FC 200MHz
• FD FC
• TW 50 psec (0.18m)
• t 10 psec

The universe is only 1010 years old..
Now I am really safe!
32
Conservative Synchronizer

• Whats wrong with being conservative ?
• The guy doesnt know what hes doing
• So I am worried about OTHER synchronizers that he
  has done!

33
Summary

• Lots of innovative designs out there
• But some are wrong ?
• They are validated / verified / simulated /
  proven
• They fail some times (maybe rarely)
• They are hard to detect
• They rely on elusive assumptions
• Some synchronizers are non-reusable
• And this may be discovered too late
• A sound methodology should always be enforced
• Standing offercontribute to my catalog Show me
  a new real-life synchronizer that has failed, and
  Ill take you to dinner ?
• And the first winner is .