Methodologies for Reliable Design Implementation
description
Transcript of Methodologies for Reliable Design Implementation
12004 MAPLD VHDL Synthesis Introduction
Methodologies for Reliable Design Implementation
Melanie Berg
NASA Office of Logic Design
2004 MAPLD International Conference
September 8-10, 2004
Washington, D.C.
22004 MAPLD VHDL Synthesis Introduction
Overview
• This session will present methodologies for reliable design implementation
• Designs that are covered will first be explained. Following the design description, the corresponding VHDL will be presented
• Topics that will be covered:– Counters: Ripple vs. Synchronous– Triple Mode Redundancy (TMR)– Asynchronous Clock domain crossing– FIFO Memories– State Machines and Mitigation
32004 MAPLD VHDL Synthesis Introduction
Common VHDL/Synthesis Misperceptions
• VHDL and its synthesis tools produce unexpected results
• VHDL does not produce efficient circuitry• The synthesis tool will not produce what is
desired• VHDL is for software folks
42004 MAPLD VHDL Synthesis Introduction
VHDL and Design
• One should not start writing VHDL code until the design is well understood and analyzed
• Anyone can pick up a VHDL book and learn syntax
• Anyone can pick up a synthesis manual and learn directives
• But how do we create reliable circuits?
52004 MAPLD VHDL Synthesis Introduction
Key Ingredients for Successful and Reliable Designs: VHDL through Synthesis
• Remember … the goal is to design reliable hardware.• VHDL – looks like software, however, the designer must understand proper
hardware design techniques including the electrical characteristics of the employed technology
• VHDL RTL must functionally match gate level (post synthesis) for simulation purposes. This requires enforcing strict coding rules
• Designer must be familiar with the synthesis tools and their interpretation of VHDL code
– Combinatorial circuits vs. Sequential– Clock structures and potential skew– Proper State machine implementation– Arithmetic circuitry– Clock domain crossings– Reset logic– Mitigation– When to use specific Synthesis directives– Etc…
• VHDL Coding Style is very important
62004 MAPLD VHDL Synthesis Introduction
What is the Importance of VHDL Coding Styles.
• No Synthesis tool can be as efficient as proper Coding Style
• ASICS and FPGAs will be smaller and faster.• Proper VHDL Coding Style is easier to verify• We would like to shorten the Design Cycle.
Coding Style will affect– Quality of Synthesis: drive to tool to better results, – FPGA mapping or design: can take advantage of the technology– Place and Route: designs that are well thought out will have a
clean route
72004 MAPLD VHDL Synthesis Introduction
Coding Style Specifics - Think “Hardware”
• Architect with comprehension of your target’s features (ASIC and FPGA)
• Separate Combinational and Registered blocks• Watch out for inferred latches• Pay attention to large fan-out nets• Consider how you code state machines• Be careful with designing long paths of logic• Be aware of when you are able to use Resource
sharing
82004 MAPLD VHDL Synthesis Introduction
Code Restructuring
If (Aflag=‘1’) outdata <= Adata;elsif (Bflag=‘1’) outdata <= Bdata;elsif (Cflag=‘1’) outdata <= Cdata;else outdata <= ‘0’;
• What circuit structure does this code produce?• Which line of code is likely to be in the critical
path?
92004 MAPLD VHDL Synthesis Introduction
Answer:
If (Aflag = ‘1’) outdata <= Adata;elsif (Bflag = ‘1’) outdata <= Bdata;elsif (Cflag = ‘1’) outdata <= Cdata;else outdata <= ‘0’;
Cdata
0
Cflag BflagAflag
BdataAdata
outdata
102004 MAPLD VHDL Synthesis Introduction
Code for Late-Arriving Signalif (cflag=‘1’ and aflag=‘0’ and bflag=‘0’)
outdata <= Cflag;elsif (aflag=‘1’)
outdata <= Aflag;elsif (bflag=‘1’)
outdata <= Bflag;else outdata <= ‘0’;
muxmux
mux
Cdata
0
Cflag
BflagAflag
Bdata Adata outdata
and
112004 MAPLD VHDL Synthesis Introduction
Duplicating Logic to Improve Speed• Most synthesis tools have a fanout control
– Be careful, the tools don’t always pick the best implementation creating a more difficult design to place and route
• Better to explicitly duplicate logic in code– you may need to use the syn_keep option for
combinational logic
• Good Examples to duplicate:– Address and control lines to large RAM– Clock enables – Synchronous reset signal– Other high fanout nets
122004 MAPLD VHDL Synthesis Introduction
Pipelining Logic to Improve Speed
• Pipelining is most efficient for critical paths which can not be fixed by special coding schemes.
• Some may think that it will increase area. However, with very long paths, synthesis may be duplicating logic in order to meet timing. Pipelining can reduce the replication.
• It also will help while in Place and route
132004 MAPLD VHDL Synthesis Introduction
Synthesis Tools
• Synthesis Optimization Algorithms are geared towards synchronous designs.– Unexpected synthesis gate level output can occur if the design is
extremely asynchronous – tool gets confused
• The major parameters within the optimization algorithm are Timing and area– Timing is measured from a starting DFF (or input) through a
combinatorial path to the next DFF (or output). Timing can only accurately be measured (during optimization) when the DFFs are connected to the same clock
– Redundancy within VHDL code is usually synthesized away (area optimization). The designer must place synthesis directives (attributes) on the nets that are part of the redundant path
142004 MAPLD VHDL Synthesis Introduction
Synthesis Tools
• Designers should beware of push-button mitigation within synthesis.– Mitigation must be glitch-free
– Safe directive for state machines is not effective … false sense of safety
– When logic is added after VHDL-RTL phase, it is generally difficult/tedious to verify. Remember, reliable circuits must be verified
– Companies are aware and are working on some of these issues
• Synthesis output can be trusted if proper synchronous design techniques (including cleanly written VHDL) are followed. However, Formal Verifiers are needed! This will increase our test coverage.– Companies are also aware of this… but … where is it?
152004 MAPLD VHDL Synthesis Introduction
Reliability
• Design can be verified to work under worse case conditions
• Aerospace specifics includes verifiable mitigation techniques under worse case conditions
• Circuit has predictable behavior• Circuit has a definable reset state• Bottom line is to Use the following Techniques:
– Design for Verification (DFV)
– Design for Test (DFV)
– Design for Reliability (DFR)
162004 MAPLD VHDL Synthesis Introduction
Example: Reliability…Assumes a Technology with no Built-in TMR
172004 MAPLD VHDL Synthesis Introduction
Unreliable Circuit Design Example: Ripple Counters
Q
QSET
CLR
D
N MHz
Q
QSET
CLR
D
Q
QSET
CLR
D
Q
QSET
CLR
D
SEU Hits Bit 0 as output of Bit 1 changes. Bit 1 can go metastable. Bit 1 output can Oscillate. Clock pin to Bit 2 will Oscillate: Will violate DFF specifications -
can damage the FPGA As the input clock frequency increases, the probability of this
event occurring grows exponentially
Bottom line: DFF clock pins need to be protected.
0 1 2 3
reset
182004 MAPLD VHDL Synthesis Introduction
VHDL Example of a Data output feeding a Clock input: Avoid for Reliability
Process (sysclk,reset)
Begin
if reset = ‘0’ then
dff0 <= ‘0’;
elsif rising_edge(sysclk) then
dff0 <= not dff0;
end if;
End process;
Process (dff0,reset)
Begin
if reset = ‘0’ then
dff1 <= ‘0’;
elsif rising_edge(dff0) then
dff1 <= not dff1;
end if;
End process;
192004 MAPLD VHDL Synthesis Introduction
Adding TMR to Circuitry
• It is up to the designer to pick the strategic places that TMR will be inserted.
• TMR must be glitch free• TMR must be verifiable• Synthesis directives (attributes) generally need
to be used in order to not optimize away the Mitigation
202004 MAPLD VHDL Synthesis Introduction
Shared TMR Logic
• In this scheme – The designer must triple the number of DFF’s.
• The DFFs feed 1 TMR block
• If the technology is susceptible to transients, this method will not be efficient
Q
QSET
CLR
D
Q
QSET
CLR
D
Q
QSET
CLR
D
TMRCombinatoriallogic
Combinatoriallogic
Combinatoriallogic
212004 MAPLD VHDL Synthesis Introduction
Distributed TMR
• In this scheme – The designer must triple the number of DFF’s and triple the number of inserted TMR blocks.
• Although more area extensive, this method adds a level of reliability, If the technology is susceptible to transients
Q
QSET
CLR
D
Q
QSET
CLR
D
Q
QSET
CLR
D
TMRCombinatorial
logic
TMR
TMR
Combinatoriallogic
Combinatoriallogic
222004 MAPLD VHDL Synthesis Introduction
More Reliable Ripple Counter – Distributed TMR: Picture Depicts bit 0 and bit 1
Q
QSET
CLR
D
N MHz
Q
QSET
CLR
D
reset
TMRglitchfree
Q
QSET
CLR
D
Q
QSET
CLR
D
reset
TMRglitchfree
Q
QSET
CLR
D
Q
QSET
CLR
D
reset
TMRglitchfree
Path A
Path B
Path C
One line can oscillate -but the voting logic will
override
232004 MAPLD VHDL Synthesis Introduction
More Reliable Ripple Counter – Still a Potential Problem
• Paths delays due to routing differences are never exact• What happens if (referencing paths A, B, and C) A, B,
and C are all logic 0 and are expected to go to a logic 1:– Path A comes in first– Path B comes in second (TMR logic will go to logic 1)– Path B gets hit by a SEU – path C has not come in yet – TMR logic will
go to logic 0 … start of GLITCH!– Path C comes in – TMR now turns on once again
• Probability can be very small to negligible – depends on clock speed, and routing delay differences
• The glitch will have a relatively small period – will probably violate device specifications and can damage the device
• Also adds a major level of complexity within verification
242004 MAPLD VHDL Synthesis Introduction
Synchronous Reliable Solution
• Instead of a ripple counter, use a synchronous counter – Without Mitigation Case (no SEUs):
• Assumes a reset will clear any SEU hits that cause incorrect counting
– With mitigation (glitch free TMR for example).• Assumes counter must always be correct for Single Event Upsets
• Clock tree feeds the clock pin – Assuming a hardened clock tree (SET – free), SEU hits should not create DFF clock oscillations
• Data feeds data pins• Although the SEU is Asynchronous, the glitch free TMR circuit will
override the possible metastable oscillation on the data pin.• The following example shares TMR circuitry per stage (unlike the
other example where each path has separate TMR logic per stage). This design choice assumes a technology that will not have (or has an extremely low probability of) internal transient glitches or SETs.
252004 MAPLD VHDL Synthesis Introduction
VHDL Synchronous Counter without Mitigation
Counter <= counter_in;Counter_plus_1 <= counter_in + 1 ; -- need special library for this statement
Process (sysclk,reset)Begin
if reset = ‘0’ then -- counter is resetable to a constant valuecounter_in <= (others=> ‘0’);
elsif rising_edge(sysclk) then -- clock pin is connected to system clockcounter_in <= counter_plus_1;
end if;End process;
262004 MAPLD VHDL Synthesis Introduction
Post Synthesis RTL View without TMR (non-technology dependent)
272004 MAPLD VHDL Synthesis Introduction
VHDL Synchronous Counter with Mitigation
----------------------------------------------------------------------------------------------------------------------- signal declarations: For this circuit we will use 3 counters that feed into TMR voting logic.-- the output of the TMR will be fed into a combinatorial logic for the counter.-- the output of the combinatorial logic of the counter will be fed back into counter register---------------------------------------------------------------------------------------------------------------------
signal counter_plus_1 : std_logic_vector(3 downto 0);
signal counter0_in : std_logic_vector(3 downto 0);signal counter1_in : std_logic_vector(3 downto 0);signal counter2_in : std_logic_vector(3 downto 0);signal counter_tmr : std_logic_vector(3 downto 0);
----------------------------------------------------------------------------------------------------------------------- attributes used as synthesis directives: Important so that mitigation logic will not get optimized away---------------------------------------------------------------------------------------------------------------------
attribute syn_preserve : boolean;
attribute syn_preserve of counter0_in : signal is true;attribute syn_preserve of counter1_in : signal is true; attribute syn_preserve of counter2_in : signal is true;
282004 MAPLD VHDL Synthesis Introduction
VHDL Synchronous Counter with Mitigation
-- generate TMR logic for each bit of counter … works across the 3 counters-- TMR is a compiled entity in the work directory-- TMR_OUT <= (a and b) or (a and c) or (b and c)-- This TMR entity is written bit-wise, however, the designer can make a more
robust entity that will accept vector inputs
counter_string_tmr: for i in 3 downto 0 generatebeginucount_bit : entity work.TMRport map(
A => counter0_in(i),B => counter1_in(i),C => counter2_in(i),TMR_OUT => counter_tmr(i));
end generate;
292004 MAPLD VHDL Synthesis Introduction
VHDL Synchronous Counter with Mitigationcounter_plus_1 <= counter_tmr + 1; -- Output of TMR circuitrycounter <= counter_TMR;
Process (sysclk,reset)Begin
if reset = '0' then -- counter is resetable to a constant valuecounter0_in <= (others=> '0');
elsif rising_edge(sysclk) then -- clock pin is connected to system clockcounter0_in <= counter_plus_1;
end if;End process;
Process (sysclk,reset)Begin
if reset = '0' then -- counter is resetable to a constant valuecounter1_in <= (others=> '0');
elsif rising_edge(sysclk) then -- clock pin is connected to system clockcounter1_in <= counter_plus_1;
end if;End process;
Process (sysclk,reset)Begin
if reset = '0' then -- counter is resetable to a constant valuecounter2_in <= (others=> '0');
elsif rising_edge(sysclk) then -- clock pin is connected to system clockcounter2_in <= counter_plus_1;
end if;End process;
302004 MAPLD VHDL Synthesis Introduction
Post Synthesis RTL View with TMR (non-technology dependent)
312004 MAPLD VHDL Synthesis Introduction
VHDL Synchronous Counter with Mitigation Analysis
• No SEUs:– After static timing analysis has been verified and all paths meet timing
with slack, all data is considered to be stable at each clock edge – no concerns for metastability or incorrect data capture
• SEU Hit– If an SEU hits a DFF, then the glitch free TMR will override any one
DFF input change (output of TMR is stable), thus, data is still considered to be stable near a clock edge - no concerns for metastability or incorrect data capture
• Synchronous Advantage Meets Reliability Requirements – Easily verifiable in the RTL domain if static timing is met and gate level
is functionally equivalent to RTL– Mitigation and general functional behavior is predictable under worse
case conditions– TMR circuitry is verifiable (due to it being within the RTL vs being
inserted in synthesis)– A Definable reset state exists
322004 MAPLD VHDL Synthesis Introduction
Asynchronous Clock Domain Crossing
332004 MAPLD VHDL Synthesis Introduction
Asynchronous Clock Domain Crossing
• Most common problem within designs.• Why?
– Designers usually don’t design for all corner cases – i.e. data must be synchronized to capturing clock domain before usage
– Multiple clock domains add an extra level of complexity to the synthesis optimization algorithm.
• The major optimization parameters for the synthesis algorithm are timing and area
• Timing is measured for each synchronous path (DFFs connected to the same clock tree)
• Generally, extra timing constraints are necessary when crossing clock domains
342004 MAPLD VHDL Synthesis Introduction
Design Example
• Implement a serial asynchronous input port that receives: DCLK, DATA, and DENV. Skew relative to DCLK will be less than 10 ns
• Input speed can range from 5Khz to 10Mhz.• DATA and DENV will change at the rising edge of the
DCLK signal (thus will be stable at the falling edge).• Input Data is in the form of 16 bit words MSB first.• DENV is active high• Technology has glitch-free hardened by design
mitigation within the silicon (attached to DFFs)
352004 MAPLD VHDL Synthesis Introduction
Determine FPGA System Clock speed
• Limiting factor is the 10MHZ input – new data can come every 100 ns
• Data is asynchronous – need a metastability filter …
Q
QSET
CLR
D
Q
QSET
CLR
DAsynchronousInput
Clock
Reset fro
mclock tree
No otherconnection tothese points
Edge detectioncan be placed
at this point
362004 MAPLD VHDL Synthesis Introduction
Need an Edge Detection for the Input signal
• Remember – there is a difference between the input clock and the FPGA system clock (asynchronous)
• Goal: Capture data while data is stable (avoid metastability)
• We want to detect an edge of the input control (DCLK), then look at the envelope (DENV) - see if it is active, then grab the data.
• Why the edge and not the level …We only want to sample input data once per input clock period …at a stable place in the clock period …
• Which edge should we use (falling or rising)?…
372004 MAPLD VHDL Synthesis Introduction
Analysis
• Most people will want to capture at the falling edge because data is known to be stable there.
• However, once you detect the stable edge you only have half an input clock period minus overhead … minus data to clock skew …
• Therefore – you will be required to implement a much faster system clock
382004 MAPLD VHDL Synthesis Introduction
Data1 Data2 Data3
Positive Edge ClockTransition - Data changes
CLOCK Input
Data Input
Negative Edge ClockTransition - Data stable
If we implement a detection scheme thatlooks for the falling edge of the clock - weonly have half a clock to do the detection
and capture data - thus designer must usea fast clock relative to the input clock - may
be impossible to implement!!!!!!
If we implement a detection scheme that looksfor the rising edge of the clock - we have moretime (approx. 1 clock cycle) to do the detectionand capture data - This enable the designer to
use a slower clock - great for power!!!!
100 nsclock
period
392004 MAPLD VHDL Synthesis Introduction
Data1 Data2 Data3
CLOCK Input
Data Input
Delay
from
cloc
k
dete
ction
Gra
b da
ta
Data1 Data2 Data3Data Input
Delay
from
cloc
k
dete
ction
Grab data
Rising Edge Detection Example
Falling Edge Detection Example
CLOCK Input
Data is valid after the delay forclock detection is complete!
Now we have plenty of time tograb the new data
Not too much time left to grab data - needFAST internal FPGA clock
402004 MAPLD VHDL Synthesis Introduction
Best Choice
• Look for the rising edge of the input clock. Although data is changing here… by the time you actually detect the clock – data will be valid!
• Remember – because the DCLK is asynchronous to your FPGA, it must go through a metastability filter before you can sample – THIS TAKES TIME … how much?…
412004 MAPLD VHDL Synthesis Introduction
Q
QSET
CLR
DSynchronousSignal
Clock
Reset fro
mclo
ck tree
Synchronous signal —want to edge detect
Synchronous signal —1 cycle delay: DFF output
Output of edgedetection
FPGA system clock
Rising Edge Detect Circuit
One c
ycle
wid
e e
dge
det
ect
If signal=’1' and signal_d1 = ‘0’ thenedge_det <= ‘1
422004 MAPLD VHDL Synthesis Introduction
Metastability Filter uses DFFs … data only gets passed at a clock edge
Q
QSET
CLR
D
Clock
Reset fro
m
clock tre
e
Q
QSET
CLR
D
Q
QSET
CLR
DSignal fromother clock domain
0 1 2
Edge detectonly performedafter 2nd Meta
DFF
432004 MAPLD VHDL Synthesis Introduction
Design Decision…• Envelope will be captured by one DFF (no metastability filter)
and will be “anded” with the clock edge detect in order to enable data capture …’
• I.e. if the clock edge is detected and the envelope is valid then capture data. Thus the data does not go through a metastability filter either!!! Saves gates and is safe – we only look at data (and envelope when they are stable – the input clock edge tells all)
• We can use only one DFF because the enable is guaranteed to be stable by the time the clock edge is detected …clock edge detection has to take at least 2 system clock cycles – by then envelope is clean.
• Why not send the DENV signal through a metastability filter too??
442004 MAPLD VHDL Synthesis Introduction
Q
QSET
CLR
D
Q
QSET
CLR
DAsynchronousclock Input
Clock
Rese
t from
clock tre
e
Q
QSET
CLR
D
Q
QSET
CLR
DAsynchronousEnvelope Input
Rese
t from
clock tree
Do not send both the Clock and Envelope Asynchronous Signal through aMetastability Filter
Evn_d2
Clock_d2
Clock Input
Clock_d2
Rising edge detect
Env
Env_d2
Watch Out!!!!!!!Data is captured at therising edge of the clock
detection … but env_d2 isnot valid Yet!!!! We willmiss the first piece of
DATA!!!!!!!!!!!!!
Env_d2 not valid yet
Skew < 10 ns
452004 MAPLD VHDL Synthesis Introduction
Q
QSET
CLR
D
Clock
Reset from
clock tree
Q
QSET
CLR
D
Q
QSET
CLR
DInput Clock Signal
0 1 2
Rising Edge detect onlyperformed after 2nd Meta
DFF
FPGA systemclock
Input Clock
Input clock Missed this edge Data capture happens inapproximately 3 clock cycles
DFF0
DFF1
DATA CaptureDFF
Q
QSET
CLR
D
Data InputE
DFF2
Dat
a is sta
ble
here
for ca
ptur
e
Rising_edge_detect
D0
D0DATA Input
Rising edge is detected becauseDFF1= ‘1’ and DFF2 = ‘0’ during
this clock cylce
462004 MAPLD VHDL Synthesis Introduction
FPGA systemclock
Input Clock
Input clock Captured at this edge: Data Capturehappens with in 2 system clock cycles
DFF0
DFF1
DATA CaptureDFF
DFF2
472004 MAPLD VHDL Synthesis Introduction
Metastability Filter Recap:• Choose only one signal (control signal) to send through the
metastability filter – avoid skew of asynchronous input signal near clock edge problems
• Determine where the signals are stable relative to the incoming control signal
• Sample and grab data• Do a complete timing analysis: watch out for skew, setup & hold,
input clock frequency vs. system clock frequency.
• Watchout!!!! For large Fan-out of output of metastability filter – Synthesis tool may duplicate the filter. This will cause data to possibly be out of sync within different portions of the circuit – use a don’t_replicate attribute on the filter output
482004 MAPLD VHDL Synthesis Introduction
Metastability Filter Recap:
• Remember – Our example’s timing analysis applies to capturing the data relative to the same edge of the input clock that the input data changes – we can do this because we have a delay due to the metastability filter and this delay is larger than the 10 ns skew (between the clock, data, and envelope) listed in the spec.
• We chose to capture data relative to the same clock edge that the input data changes so that we can choose a slower clock – slower clock means less power and easier design implementation requirements.
492004 MAPLD VHDL Synthesis Introduction
Metastability Filter Recap:
• The designer could make the decision to capture data relative to the edge that the input clock is changing – however, that would require a much faster FPGA system clock for proper implementation -- see timing analysis.
• The designer could also choose to send the DENV and DDATA lines though metastability filters (not a good choice – unnecessary extra logic). However, this can only be done if you detect the input clock where data and envelope are stable …and capture there– otherwise (due to skew) incorrect results can occur
502004 MAPLD VHDL Synthesis Introduction
Based on the two previous Cases…Best and Worse
• Upon the worse case – we see that we will need at least 3 FPGA system clock cycles to capture the data… however we also need some overhead (20%) due to variations in environment (voltage, temperature, clock skew, process…)
• Clock needs to be…3x < 100 ns - .20x –10 ns
X becomes about 28.125 ns … or 36MHZFor ease …Lets choose a 40 MHZ FPGA system clock (25 ns clock period
… definitely fast enough)
512004 MAPLD VHDL Synthesis Introduction
Rule of Thumb: Asynchronous Data Capture
• Use a system clock that is 4 times faster than input clock… if possible…
• Otherwise you might be able to use both edges of the clock – can be tricky
• Or… use an asynchronous FIFO to capture the input data and then extract the data with the system clock … great choice if input clock and data rates are too fast!
522004 MAPLD VHDL Synthesis Introduction
Rule of Thumb: Asynchronous Data Capture (cont…)
• Only send one signal – a control signal – through a metastability filter. Otherwise, signal skew can cause data to be incorrectly captured.
• Determine where to sample the control signal such that data is stable (under all conditions)
• Use an edge detection circuit on your control signal (after the metastability filter) because your clock domain will be faster than your input clock domain.
• Use this one-cycle edge detection output to control data capture and other necessary functions – avoids multiple samples or counts per clock/data input pair
532004 MAPLD VHDL Synthesis Introduction
Next…Now that we figured out the FPGA System Clock Frequency … Let’s Construct the Input Block
• We need to shift the data into a shift register• Count how many bits we have shifted in – this will need 4
bits in order to count to 16• Once we have captured 16 data bits… store the shift
register into a Dout (data out) register and raise a ready flag.
• For our design, ready flag will only be valid for one system clock cycle
• Dout will only change once a full 16 bits have been captured into the shift register.
• Let’s check out the VHDL code
542004 MAPLD VHDL Synthesis Introduction
How Does VHDL Tie Into This?
• We need to create DFF’s and we need to create combinatorial logic.
• DFF’s store information and can only change at a clock edge.– Counters– Delay elements (I.e. an edge detection delay)– Flags– Shift registers
552004 MAPLD VHDL Synthesis Introduction
How Do We Create a DFF in VHDL ?
• Our job is to direct the synthesis tool to do exactly what we want… its difficult to get precisely what you want if you do not take the time to understand how the tool works.
• The synthesis tool looks for:process(sysclk,reset) -- sensitivity list for clock and resetbegin
if reset = '0' then -- connect the reset to the DFFDFF <= ‘0’; -- DFF gets a constant at reset
Elsif rising_edge(sysclk) then -- clock connectionDFF <= data; -- at clock edge DFF gets new data
end if;End process;
562004 MAPLD VHDL Synthesis Introduction
Using a DFF Enable connection
process(sysclk,reset) -- sensitivity list for clock and reset
begin
if reset = '0' then -- connect the reset to the DFF
DFF <= ‘0’; -- DFF gets a 0 at reset
Elsif rising_edge(sysclk) then
if enable = ‘0’ then -- if statement creates an enable condition
DFF <= data; -- at clock edge and enable DFF gets data
end if;
end if;
End process;
572004 MAPLD VHDL Synthesis Introduction
Using an Enable Connection
• In our case, we only want to capture data, and then count up (we’re counting how many bits we have), once per clock/data input pair.
• This input is generated at a slower rate than our FPGA internal clock. So it sits around for several of our clock periods.
• Thus we will use an enable that is only valid for one clock cycle in order to capture data and count it.
• This enable (as described earlier) will be active if we have detected a rising_clock_edge and an active envelope signal
582004 MAPLD VHDL Synthesis Introduction
Data1 Data2 Data3
DCLK (Clock Input)
DDATA (Data Input)
FPGA CLOCK
FPGA CLOCK is faster than CLOCK/DATA Input
DENV (Envelope)
Rising_clock : occurs 2FPGA clock edges afterDCLK transition occursbecause of metastability
filter
Env_reg ==DENV delayedby one cycle
Enable for capturingand counting data =>rising_clock is ‘1’ and
env_reg is ‘1’
592004 MAPLD VHDL Synthesis Introduction
Q
QSET
CLR
D
E
CLOCK
rising_edge_detect
ENV_reg
elsif rising_edge(sysclk) then -- clock connection
if rising_clk = '1' and env_reg = '1' then -- enable connection
counter <= counter+1; -- 4 DFF’s created here
data_shft <= data_shft(14 downto 0) & DDATA -- 16 DFF’s created here
end if;
Notice we are connecting to the enable ofthe DFF by using an if statement inside thesequential process
This enable has beendesigned to only beactive for one FPGAclock signal
From Metastability Filter and edge detection ofinput clock edge: DCLK
Using an If statement in VHDL cancreate a direct connection to a DFFEnable pin - This depends on the
Technology being targeted
602004 MAPLD VHDL Synthesis Introduction
Synchronous Shift Register: Shifts at eachclock edge - Can also use an enable
(VHDL if statement to selectively shift)
Q
QSET
CLR
D
Q
QSET
CLR
D
Q
QSET
CLR
D
d1
Q
QSET
CLR
D
...d11 d2 d0
9 8 7 6 5 4 3 2 1 0 D_in0
11 10 9 8 7 6 5 4 3 2 1 0
10
Shifting : shft_reg <= shft_reg(10 downto 0) & data_in
Bi t 11gets lost
Assuming shft_reg is defined as 12 bits it is the same as:shft_reg(11 downto 0) <= shft_reg(10 downto 0) & data_in
Bit positions (11 downto 1) Bit position 0
D_in
9 8 7 6 5 4 3 2 1 0 D_in0
11 10 9 8 7 6 5 4 3 2 1 0
7 6 5 4 3 2 1 0 D_in2
9 8 7 6 5 4 3 2 1 0 D_in1D_in0
D_in0 D_in18
10
Sysclk n
Sysclk n+1
Sysclk n+2
Sysclk n+3
612004 MAPLD VHDL Synthesis Introduction
Metastability Filter Implementation within a Device without built in Mitigation
• A tradeoff analysis between mitigation techniques should be performed based off of:– clock speed
– transient pulse width and probability of occurrence
– additional area due to of an increase of logic gates
• Example: Distributed TMR with asynchronous inputs incurs a larger fanout (vs. shared TMR) on the DFF that can go metastable – this increases the probability of metastability on the second DFF of the metastability filter. However, with a slow enough clock speed, this may not be an issue.
622004 MAPLD VHDL Synthesis Introduction
FIFO Memory Control
632004 MAPLD VHDL Synthesis Introduction
FIFO Memories
• Definition: First in – First out memory• Simultaneous write and read access to memory
(dual port)• Data written into a FIFO is sequentially read out
in a pipelined manner – such that the first written will be the first read
642004 MAPLD VHDL Synthesis Introduction
General Package
FIFOMEMORY
WR_CLK
DATA_IN
RD_CLK
DATA_OUT
FIFO_FULL
FIFO_EMPTY
652004 MAPLD VHDL Synthesis Introduction
FIFO Memory Ports
• Input port: write• Output port: read• Each port has an associated pointer (I.e. counter,
address)• No random access• Write operation will increment the write pointer• Read operation will increment the read pointer
662004 MAPLD VHDL Synthesis Introduction
0
1
2
3
4
N-3
N-2
N-1
N
5
Write Pointer
Read Pointer
Read Pointer = 1Write Pointer = 4
The contents of memory location 1 is available on the data output pins
If a read is invoked the contents of address location 2 is on the output data pins
If a write occurs then the input data bus is written to address location 4
672004 MAPLD VHDL Synthesis Introduction
Clock Domains
• READ enable and READ pointer is synchronous to the read domain (rd_clk)
• WRITE enable and WRITE pointer is synchronous to wr_clk
• Rd_clk and wr_clk do not have to be synchronous!!!!!… Asynchronous FIFO
682004 MAPLD VHDL Synthesis Introduction
0 0 0 0 0 0 1 1 0 1
0 0 0 0 0 0 1 1 1 1
1
1
Read Pointer = 25
Write Pointer = 31
Each of these bits are DFFs
Q
QSET
CLR
DRd_clk
1
Q
QSET
CLR
DWR_clk
1
692004 MAPLD VHDL Synthesis Introduction
0
1
2
3
4
N-3
N-2
N-1
N
5
Write Pointer Read Pointer
Are we full or empty?
702004 MAPLD VHDL Synthesis Introduction
New Package
FIFOMEMORY
WR_CLK
DATA_IN
RD_CLK
DATA_OUT
FIFO_FULL
FIFO_EMPTY
WR_EN RD_EN
712004 MAPLD VHDL Synthesis Introduction
FIFO Full and Empty
• FIFO full when both pointers are equal• FIFO empty when both pointers are equal• Use an extra bit (MSB of counter) as a flag
– If MSB’s are equal : Both pointers have wrapped around the memory an equal amount of time: EMPTY
– If MSB’s are not equal: Write pointer has wrapped around one more cycle than the read - FULL
722004 MAPLD VHDL Synthesis Introduction
Pointer Compare
• How do we compare two pointers (counters) that are located in two different clock domains?
732004 MAPLD VHDL Synthesis Introduction
0 0 0 0 0 0 1 1 0 1
0 0 0 0 0 0 1 1 1 1
1
1
Read Pointer = 25
Write Pointer = 31
Each of these bits are DFFs
Q
QSET
CLR
DRd_clk
1
Q
QSET
CLR
DWR_clk
1
COMPARE
742004 MAPLD VHDL Synthesis Introduction
Synchronization
• We need to synchronize the pointers before we do a compare (test for empty or full)
• Full Test:– Can not write another item if full!– As soon as write pointer reaches the read pointer set full flag– Synchronize the read pointer to the write clk before doing
compare
752004 MAPLD VHDL Synthesis Introduction
Synchronization
• Empty Test:– Can not read another item if empty!– As soon as read pointer reaches the write pointer set empty flag– Synchronize the write pointer to the rd_clk before doing compare
762004 MAPLD VHDL Synthesis Introduction
0 1 1 1
Q
QSET
CLR
DRd_clk
1
Q
QSET
CLR
DWR_clk
1
Q
QSET
CLR
D
0 1 1 1
T0
WT0
Synchronizing the Rdcounter to the wr_clk
Desired Synchronization: Each DFF (BIT) will gothrough a metastability synchronizing filter:
772004 MAPLD VHDL Synthesis Introduction
0 1 1 1
Q
QSET
CLR
DRd_clk
1
Q
QSET
CLR
DWR_clk
1
1 0 0 0
Q
QSET
CLR
D
0 1 1 1
T0 T1
WT0
? ? ? ?WT1
Synchronizing the Rdcounter to the wr_clk
Desired Synchronization: Each DFF (BIT) will gothrough a metastability synchronizing filter:
Every bit of the read counter has changed in theRd_clk domain - that’s ok for the rd_clk domain
but...
What happens if a rd_clkhappens at a wr_clk edge!
Every bit is changing - maycatch it in the wr_clk domain -
may not!
782004 MAPLD VHDL Synthesis Introduction
Synchronization Solution
• Use Gray Code Counter• Only 1 bit changes per clock period.• Will not end up with a non deterministic value• May still miss the bit as it changes, but will catch it by the next cycle• Algorithm:
– Convert the binary counters to Gray– Send the Gray encoded counter through a metastability filter in the other clock
domain– The other clock domain will convert the Gray encoded counter (output of
metastability filter) back to binary– The other clock domain will use the newly converted binary encoded counter to
make a comparison with its counter
792004 MAPLD VHDL Synthesis Introduction
Gray Code Counters
• Very easy to implement … only 1 bit changes per transition0000000100110010011001110101010011001101111111101010101110011000
802004 MAPLD VHDL Synthesis Introduction
FIFO VHDL CODE
• Please see handout
812004 MAPLD VHDL Synthesis Introduction
State Machines
822004 MAPLD VHDL Synthesis Introduction
Definition of Fault Tolerance
• Masking or recovering from erroneous conditions in a system once they have been detected
• The degree of fault tolerance implementation is defined by your system level requirements… I.e. what actually is acceptable behavior upon error
• Questions that must be answered within the system requirements documentation:– Does your system only need to detect an error?– How quickly must the system respond to an error?– Must your system also correct the error?– Is the system susceptible to more than one error per clock cycle?
832004 MAPLD VHDL Synthesis Introduction
Synchronous State Machines
• A Finite State Machine (FSM) is designed to deterministically transition through a pattern of defined states
• A synchronous FSM transitions according to a clock edge and only accepts inputs that have been synchronized to the same clock
• Generally FSMs are utilized as control mechanisms
• Concern: – If an SEU occurs within a FSM, the entire system can lock up
into an unreachable state
842004 MAPLD VHDL Synthesis Introduction
Synchronous State Machines
• The structure consists of four major parts:– Inputs
– Current State Register
– Next State Logic
– Output logic
Next State
Curren
t State
Outputs
Inputs
Clock
852004 MAPLD VHDL Synthesis Introduction
Encoding Schemes
• Each state of a FSM must be mapped into some type of encoding (pattern of bits)
• Once the state is mapped, it is then considered a defined (legal) state
• Unmapped bit patterns are illegal states
IDLE
GetData
ProcessData
SendData
BadData
Start=0
Start=1
Example:Five states need to be mapped.There is only one input: Start
862004 MAPLD VHDL Synthesis Introduction
Encoding Schemes
1 1 0
STATES (5):
IDLE :000GET_DATA :001PROCESS_DATA:010BAD_DATA :011SEND_DATA :100
1 0 0
Registers: binaryencoding
Good state : SEND_DATA
Bad state: unmapped
1 0 0
0 0 0
Registers: OneHot encoding
1
1
Good state : SEND_DATA
Bad state: unmapped
STATES (5):
IDLE :00001GET_DATA :00010PROCESS_DATA:00100BAD_DATA :01000SEND_DATA :10000
0
0
872004 MAPLD VHDL Synthesis Introduction
Safe State Machines???• A “Safe” State Machine has been defined as one that:
– Has a set of defined states
– Can jump to a defined state if an illegal state has been reached (due to a SEU).
• Precision and Leonardo Synthesis tools offer a “Safe” option:TYPE states IS ( IDLE, GET_DATA, PROCESS_DATA, SEND_DATA, BAD_DATA );
SIGNAL current_state, next_state : states;
attribute SAFE_FSM: Boolean;
attribute SAFE_FSM of states: type is true;
• Designers Beware!!!!!!!– If using a CASE statement to implement the state machine: The others (or
default) clause in your HDL is ignored by the synthesis tools. This logic will not get synthesized unless you explicitly attribute your FSM as “Safe”
– Some versions of synthesis tools will not synthesize a “Safe” One-Hot
882004 MAPLD VHDL Synthesis Introduction
Binary Encoding: How Safe is the “Safe” Attribute?
• If a Binary encoded FSM flips into an illegal (unmapped) state, the safe option will return the FSM into a known state that is defined by the others or default clause
• If a Binary encoded FSM flips into a good state, this error will go undetected. – If the FSM is controlling a critical output, this phenomena can be
very detrimental!– How safe is this?
892004 MAPLD VHDL Synthesis Introduction
Safe State Machines???
1 1 0STATES (5):
IDLE :000TURNON_A :001TURNOFF_A :010TURNON_B :011TURNOFF_B :100
1 0 0
Using the “Safe” attribute will transition the user toa specified legal state upon an SEU
Good State
Illegal State:unmapped
0 0 1
Using the “Safe” attribute will not detect the SEU:This could cause detrimental behavior
Good State:TURNON_A
0 1 1
legal State: TURNON_B
State(1) Flips upon SEU:
012
012
902004 MAPLD VHDL Synthesis Introduction
One-Hot vs. Binary
• There used to be a consensus suggesting that Binary is “safer” than One-Hot– Based on the idea that One-Hot requires more DFFs to
implement a FSM thus has a higher probability of incurring an error
• This theory has been changed!– The community now understands that although One-Hot
requires more registers, it has the built-in detection that is necessary for safe design
– Binary encoding can lead to a very “un-safe” design
912004 MAPLD VHDL Synthesis Introduction
One-Hot vs. Binary Analysis
• One-Hot– Synthesis “Safe” directive will generally not work – FSM becomes too large– Each state in a One-Hot encoding has a hamming distance of two.– Error Detection:
• During normal operation, only one bit is turned on, thus It inherently has SEU error detection• SEU Error detection can be accomplished using combinational logic• SEUs occurring near a clock edge will always be detected
• Binary– Synthesis “Safe” directive generally will not meet requirements – can flip into a good
state undetected– Binary Encoding has a hamming distance of One– Error Detection:
• It needs extra DFFs in order to implement error detection• Utilizing an extra DFF can cause a SEU to go undetected due to glitches and routing
differences between combinational logic and DFFs.
922004 MAPLD VHDL Synthesis Introduction
Conclusion of One-Hot vs. Binary
• Within a reliable architecture, it is best for the designer to use a one-hot state machine. True Error detection can be accomplished.
• However, if your system needs error correction, a more complex encoding scheme is required
932004 MAPLD VHDL Synthesis Introduction
FSM SEU: Error Correction : Using Companion States
• There exists many publications on Error Correction theory.
• None directly address how to correctly implement FSM fault correction while using current day synthesis tools.– Glitch control: Generally synthesis tools will produce “glitchy”
logic– Synthesis “optimization” algorithms will erase the necessary
redundancy for EDAC– The user must sometimes hand instantiate logic– The user must place the necessary attributes to avoid
redundant logic erasure.
942004 MAPLD VHDL Synthesis Introduction
Error Correction within One Cycle: Using Companion States
STATEAOusig=’1'
STATEBOutsig = ‘0’
STATECOutsig=’0'
STATEDOutsig=’0'
Intrans=’1'
Intrans=’0'Original FSM
952004 MAPLD VHDL Synthesis Introduction
Error Correction within One Cycle: Using Companion States
• 1. Find an encoding such that the states have a hamming distance of 3 (at least 3 bits must be different from state to state)...
00000 (state-A), 11100(state-B), 01111(state-C), 10011(state-D).
• Five bits are necessary to encode a four-state machine in order to achieve the required hamming distance of three.
962004 MAPLD VHDL Synthesis Introduction
Error Correction within One Cycle: Hamming 3 Encoding …Using
Companion States• For each encoding, calculate the companion
encodings such that the hamming distance is one… for example:– Companion encoding for state A (00000) is:
• 00001,00010,00100,01000,10000
– Companion encoding for state B (11100) is:• 11101,11110,11001,10100,01100
972004 MAPLD VHDL Synthesis Introduction
Error Correction within One Cycle: Using Companion States
• When implementing the state machine, state A is encoded as 00000 and then (theoretically) “OR-ed” with all of its companion encodings. This covers all possible SEUs
• Do the same for all other states
• Use the output of the “OR-ed” states to determine next state logic.
– Thus if a bit flips… the companion state will catch it and the FSM will be able to correctly determine the next state
• Be careful! The “OR” logic is more complex than simply using a string of “OR” gates.
982004 MAPLD VHDL Synthesis Introduction
Error Correction within One Cycle: Glitch Control
• One major issue that is extremely overlooked is SEUs are asynchronous and can occur near clock edges
• If this occurs, your error checking logic may cause a glitch
• Due to routing timing differences, this can cause incorrect values to be latched into the current state registers.
• Refer to a Karnaugh Map for glitch-less implementation
• The designer may have to hand instantiate the logic if the synthesis tool does not adhere to the VHDL as expected
992004 MAPLD VHDL Synthesis Introduction
Error Correction within One Cycle: Glitch ControlState(0)
State(3)
State(1)
State(2)
00 01 11 10
00
01
11
10
1 1 1
1
StateA companion states SOP (including State(4) dimension):
State(0)State(1)State(2)State(3) + State(0)State(1)State(2)State(4) +
State(0)State(1)State(3)State(4) + State(0)State(2)State(3)State(4) +
State(1)State(2)State(3)State(4)
1
1002004 MAPLD VHDL Synthesis Introduction
Error Correction within One Cycle: Glitch Control
• The designer will have to include the synthesis directives:– Preserve_driver– Preserve_signal
• Always check the gate level output of the synthesis tool.