Methodologies for Reliable Design Implementation Melanie Berg NASA Office of Logic Design 2004 MAPLD International Conference September 8-10, 2004 Washington, D.C. 2004 MAPLD VHDL Synthesis Introduction.
Download ReportTranscript Methodologies for Reliable Design Implementation Melanie Berg NASA Office of Logic Design 2004 MAPLD International Conference September 8-10, 2004 Washington, D.C. 2004 MAPLD VHDL Synthesis Introduction.
Methodologies for Reliable Design Implementation
Melanie Berg NASA Office of Logic Design 2004 MAPLD International Conference September 8-10, 2004 Washington, D.C.
2004 MAPLD 1 VHDL Synthesis Introduction
Overview
• This session will present methodologies for reliable design implementation • Designs that are covered will first be explained. Following the design description, the corresponding VHDL will be presented • Topics that will be covered: – Counters: Ripple vs. Synchronous – Triple Mode Redundancy (TMR) – Asynchronous Clock domain crossing – FIFO Memories – State Machines and Mitigation 2004 MAPLD 2 VHDL Synthesis Introduction
Common VHDL/Synthesis Misperceptions
• VHDL and its synthesis tools produce unexpected results • VHDL does not produce efficient circuitry • The synthesis tool will not produce what is desired • VHDL is for software folks 2004 MAPLD 3 VHDL Synthesis Introduction
VHDL and Design
• One should not start writing VHDL code until the design is well understood and analyzed • Anyone can pick up a VHDL book and learn syntax • Anyone can pick up a synthesis manual and learn directives • But how do we create reliable circuits?
2004 MAPLD 4 VHDL Synthesis Introduction
Key Ingredients for Successful and Reliable Designs: VHDL through Synthesis
• • • • • Remember … the goal is to design reliable hardware.
VHDL – looks like software, however, the designer must understand proper hardware design techniques including the electrical characteristics of the employed technology VHDL RTL must functionally match gate level (post synthesis) for simulation purposes. This requires enforcing strict coding rules Designer must be familiar with the synthesis tools and their interpretation of VHDL code – Combinatorial circuits vs. Sequential – Clock structures and potential skew – Proper State machine implementation – Arithmetic circuitry – Clock domain crossings – Reset logic – Mitigation – When to use specific Synthesis directives – Etc…
VHDL Coding Style is very important
2004 MAPLD 5 VHDL Synthesis Introduction
What is the Importance of VHDL Coding Styles.
• No Synthesis tool can be as efficient as proper Coding Style • ASICS and FPGAs will be smaller and faster.
• Proper VHDL Coding Style is easier to verify • We would like to shorten the Design Cycle. Coding Style will affect – Quality of Synthesis: drive to tool to better results, – FPGA mapping or design: can take advantage of the technology – Place and Route: designs that are well thought out will have a clean route 2004 MAPLD 6 VHDL Synthesis Introduction
Coding Style Specifics Think “Hardware”
• Architect with comprehension of your target’s features (ASIC and FPGA) • Separate Combinational and Registered blocks • Watch out for inferred latches • Pay attention to large fan-out nets • Consider how you code state machines • Be careful with designing long paths of logic • Be aware of when you are able to use Resource sharing 2004 MAPLD 7 VHDL Synthesis Introduction
Code Restructuring
If (Aflag=‘1’) outdata <= Adata; elsif (Bflag=‘1’) outdata <= Bdata; elsif (Cflag=‘1’) outdata <= Cdata; else outdata <= ‘0’; • What circuit structure does this code produce?
• Which line of code is likely to be in the critical path?
2004 MAPLD 8 VHDL Synthesis Introduction
Answer:
If (Aflag = ‘1’) outdata <= Adata; elsif (Bflag = ‘1’) outdata <= Bdata;
elsif (Cflag = ‘1’) outdata <= Cdata;
else outdata <= ‘0’; Adata Bdata outdata Cdata 0 Cflag 2004 MAPLD Bflag Aflag 9 VHDL Synthesis Introduction
2004 MAPLD
Code for Late-Arriving Signal
0 if (cflag=‘1’ and aflag=‘0’ and bflag=‘0’) outdata <= Cflag; elsif (aflag=‘1’) outdata <= Aflag; elsif (bflag=‘1’) outdata <= Bflag; else outdata <= ‘0’; Cdata Bdata Adata mux mux outdata mux Bflag 10 Aflag and Cflag VHDL Synthesis Introduction
Duplicating Logic to Improve Speed
• Most synthesis tools have a fanout control – Be careful, the tools don’t always pick the best implementation creating a more difficult design to place and route • Better to explicitly duplicate logic in code – you may need to use the syn_keep option for combinational logic • Good Examples to duplicate: – Address and control lines to large RAM – Clock enables – Synchronous reset signal – Other high fanout nets 2004 MAPLD 11 VHDL Synthesis Introduction
Pipelining Logic to Improve Speed
• Pipelining is most efficient for critical paths which can not be fixed by special coding schemes.
• Some may think that it will increase area. However, with very long paths, synthesis may be duplicating logic in order to meet timing. Pipelining can reduce the replication.
• It also will help while in Place and route 2004 MAPLD 12 VHDL Synthesis Introduction
Synthesis Tools
• Synthesis Optimization Algorithms are geared towards synchronous designs.
– Unexpected synthesis gate level output can occur if the design is extremely asynchronous – tool gets confused • The major parameters within the optimization algorithm are Timing and area – Timing is measured from a starting DFF (or input) through a combinatorial path to the next DFF (or output). Timing can only accurately be measured (during optimization) when the DFFs are connected to the same clock – Redundancy within VHDL code is usually synthesized away (area optimization). The designer must place synthesis directives (attributes) on the nets that are part of the redundant path 2004 MAPLD 13 VHDL Synthesis Introduction
Synthesis Tools
• Designers should beware of push-button mitigation within synthesis.
– Mitigation must be glitch-free – Safe directive for state machines is not effective … false sense of safety – When logic is added after VHDL-RTL phase, it is generally difficult/tedious to verify. Remember, reliable circuits must be verified – Companies are aware and are working on some of these issues • Synthesis output can be trusted if proper synchronous design techniques (including cleanly written VHDL) are followed. However, Formal Verifiers are needed! This will increase our test coverage.
– Companies are also aware of this… but … where is it?
2004 MAPLD 14 VHDL Synthesis Introduction
Reliability
• Design can be verified to work under worse case conditions • Aerospace specifics includes verifiable mitigation techniques under worse case conditions • Circuit has predictable behavior • Circuit has a definable reset state • Bottom line is to Use the following Techniques: – Design for Verification (DFV) – Design for Test (DFV) – Design for Reliability (DFR) 2004 MAPLD 15 VHDL Synthesis Introduction
2004 MAPLD
Example: Reliability…Assumes a Technology with no Built-in TMR
16 VHDL Synthesis Introduction
Unreliable Circuit Design Example: Ripple Counters
0 1 2 3 D SET
Q
CLR
Q
D SET
Q
CLR
Q
D SET
Q
CLR
Q
D SET
Q
CLR
Q
N MHz reset SEU Hits Bit 0 as output of Bit 1 changes.
Bit 1 can go metastable.
Bit 1 output can Oscillate.
Clock pin to Bit 2 will Oscillate: Will violate DFF specifications can damage the FPGA As the input clock frequency increases, the probability of this event occurring grows exponentially Bottom line: DFF clock pins need to be protected.
2004 MAPLD 17 VHDL Synthesis Introduction
VHDL Example of a Data output feeding a Clock input: Avoid for Reliability
Process (sysclk,reset) Begin if reset = ‘0’ then dff0 <= ‘0’; elsif rising_edge(sysclk) then dff0 <= not dff0; end if; End process; Process (dff0,reset) Begin if reset = ‘0’ then dff1 <= ‘0’; elsif rising_edge(dff0) then dff1 <= not dff1; end if; End process; 2004 MAPLD 18 VHDL Synthesis Introduction
Adding TMR to Circuitry
• It is up to the designer to pick the strategic places that TMR will be inserted. • TMR must be glitch free • TMR must be verifiable • Synthesis directives (attributes) generally need to be used in order to not optimize away the Mitigation 2004 MAPLD 19 VHDL Synthesis Introduction
Shared TMR Logic
• In this scheme – The designer must triple the number of DFF’s. • The DFFs feed 1 TMR block • If the technology is susceptible to transients, this method will not be efficient D SET
Q
CLR
Q
D SET
Q
CLR
Q
D SET
Q
CLR
Q
Combinatorial logic Combinatorial logic Combinatorial logic TMR 2004 MAPLD 20 VHDL Synthesis Introduction
Distributed TMR
• In this scheme – The designer must triple the number of DFF’s and triple the number of inserted TMR blocks. • Although more area extensive, this method adds a level of reliability, If the technology is susceptible to transients D SET
Q
CLR
Q
D SET
Q
CLR
Q
D SET
Q
CLR
Q
Combinatorial logic Combinatorial logic Combinatorial logic TMR TMR TMR 2004 MAPLD 21 VHDL Synthesis Introduction
More Reliable Ripple Counter – Distributed TMR: Picture Depicts bit 0 and bit 1
One line can oscillate but the voting logic will override TMR glitch free N MHz D SET
Q
CLR
Q
reset TMR glitch free D SET
Q
CLR
Q
Path A D SET
Q
CLR
Q
D SET
Q
CLR
Q
Path B reset TMR glitch free D SET
Q
CLR
Q
D SET
Q
CLR
Q
Path C reset 2004 MAPLD 22 VHDL Synthesis Introduction
More Reliable Ripple Counter – Still a Potential Problem
• Paths delays due to routing differences are never exact • What happens if (referencing paths A, B, and C) A, B, and C are all logic 0 and are expected to go to a logic 1: – Path A comes in first – Path B comes in second (TMR logic will go to logic 1) – Path B gets hit by a SEU – path C has not come in yet – TMR logic will go to logic 0 … start of GLITCH!
– Path C comes in – TMR now turns on once again • Probability can be very small to negligible – depends on clock speed, and routing delay differences • The glitch will have a relatively small period – will probably violate device specifications and can damage the device • Also adds a major level of complexity within verification 2004 MAPLD 23 VHDL Synthesis Introduction
Synchronous Reliable Solution
• Instead of a ripple counter, use a synchronous counter – Without Mitigation Case (no SEUs): • Assumes a reset will clear any SEU hits that cause incorrect counting – With mitigation (glitch free TMR for example).
• Assumes counter must always be correct for Single Event Upsets • Clock tree feeds the clock pin – Assuming a hardened clock tree (SET – free), SEU hits should not create DFF clock oscillations • Data feeds data pins • Although the SEU is Asynchronous, the glitch free TMR circuit will override the possible metastable oscillation on the data pin.
• The following example shares TMR circuitry per stage (unlike the other example where each path has separate TMR logic per stage). This design choice assumes a technology that will not have (or has an extremely low probability of) internal transient glitches or SETs. 2004 MAPLD 24 VHDL Synthesis Introduction
VHDL Synchronous Counter without Mitigation
Counter <= counter_in; Counter_plus_1 <= counter_in + 1 ; -- need special library for this statement Process (sysclk,reset) Begin if reset = ‘0’ then counter_in <= (others=> ‘0’); elsif rising_edge(sysclk) then counter_in <= counter_plus_1; end if; End process; -- counter is resetable to a constant value -- clock pin is connected to system clock 2004 MAPLD 25 VHDL Synthesis Introduction
Post Synthesis RTL View without TMR (non-technology dependent)
2004 MAPLD 26 VHDL Synthesis Introduction
VHDL Synchronous Counter with Mitigation
-------------------------------------------------------------------------------------------------------------------- -- signal declarations: For this circuit we will use 3 counters that feed into TMR voting logic.
-- the output of the TMR will be fed into a combinatorial logic for the counter.
-- the output of the combinatorial logic of the counter will be fed back into counter register -------------------------------------------------------------------------------------------------------------------- signal counter_plus_1 signal counter0_in signal counter1_in signal counter2_in signal counter_tmr : std_logic_vector(3 downto 0); : std_logic_vector(3 downto 0); : std_logic_vector(3 downto 0); : std_logic_vector(3 downto 0); : std_logic_vector(3 downto 0); -------------------------------------------------------------------------------------------------------------------- -- attributes used as synthesis directives: Important so that mitigation logic will not get optimized away -------------------------------------------------------------------------------------------------------------------- attribute syn_preserve : boolean; attribute syn_preserve of counter0_in : signal is true; attribute syn_preserve of counter1_in : signal is true; attribute syn_preserve of counter2_in : signal is true; 2004 MAPLD 27 VHDL Synthesis Introduction
VHDL Synchronous Counter with Mitigation
- generate TMR logic for each bit of counter … works across the 3 counters -- TMR is a compiled entity in the work directory -- TMR_OUT <= (a and b) or (a and c) or (b and c) -- This TMR entity is written bit-wise, however, the designer can make a more robust entity that will accept vector inputs counter_string_tmr: for i in 3 downto 0 generate begin ucount_bit port map( A : entity work.TMR
=> counter0_in(i), B C => counter1_in(i), => counter2_in(i), TMR_OUT ); end generate; => counter_tmr(i) 2004 MAPLD 28 VHDL Synthesis Introduction
VHDL Synchronous Counter with Mitigation
counter_plus_1 <= counter_tmr + 1; -- Output of TMR circuitry counter <= counter_TMR; Process (sysclk,reset) Begin if reset = '0' then counter0_in <= (others=> '0'); elsif rising_edge(sysclk) then counter0_in <= counter_plus_1; end if; End process; -- counter is resetable to a constant value -- clock pin is connected to system clock Process (sysclk,reset) Begin if reset = '0' then counter1_in <= (others=> '0'); elsif rising_edge(sysclk) then counter1_in <= counter_plus_1; end if; End process; -- counter is resetable to a constant value -- clock pin is connected to system clock Process (sysclk,reset) Begin if reset = '0' then counter2_in <= (others=> '0'); elsif rising_edge(sysclk) then counter2_in <= counter_plus_1; end if; -- counter is resetable to a constant value -- clock pin is connected to system clock 29 VHDL Synthesis Introduction
Post Synthesis RTL View with TMR (non technology dependent)
2004 MAPLD 30 VHDL Synthesis Introduction
VHDL Synchronous Counter with Mitigation Analysis
• No SEUs: – After static timing analysis has been verified and all paths meet timing with slack, all data is considered to be stable at each clock edge – no concerns for metastability or incorrect data capture • SEU Hit – If an SEU hits a DFF, then the glitch free TMR will override any one DFF input change (output of TMR is stable), thus, data is still considered to be stable near a clock edge - no concerns for metastability or incorrect data capture • Synchronous Advantage Meets Reliability Requirements – Easily verifiable in the RTL domain if static timing is met and gate level is functionally equivalent to RTL – Mitigation and general functional behavior is predictable under worse case conditions – TMR circuitry is verifiable (due to it being within the RTL vs being inserted in synthesis) – A Definable reset state exists 2004 MAPLD 31 VHDL Synthesis Introduction
Asynchronous Clock Domain Crossing
2004 MAPLD 32 VHDL Synthesis Introduction
Asynchronous Clock Domain Crossing
• Most common problem within designs.
• Why?
– Designers usually don’t design for all corner cases – i.e. data must be synchronized to capturing clock domain before usage – Multiple clock domains add an extra level of complexity to the synthesis optimization algorithm. • The major optimization parameters for the synthesis algorithm are timing and area • Timing is measured for each synchronous path (DFFs connected to the same clock tree) • Generally, extra timing constraints are necessary when crossing clock domains 2004 MAPLD 33 VHDL Synthesis Introduction
Design Example
• Implement a serial asynchronous input port that receives: DCLK, DATA, and DENV. Skew relative to DCLK will be less than 10 ns • Input speed can range from 5Khz to 10Mhz.
• DATA and DENV will change at the rising edge of the DCLK signal (thus will be stable at the falling edge).
• Input Data is in the form of 16 bit words MSB first.
• DENV is active high • Technology has glitch-free hardened by design mitigation within the silicon (attached to DFFs) 2004 MAPLD 34 VHDL Synthesis Introduction
Determine FPGA System Clock speed • Limiting factor is the 10MHZ input – new data can come every 100 ns • Data is asynchronous – need a metastability filter … No other connection to these points Asynchronous Input D SET
Q
D SET
Q
Clock CLR
Q
CLR
Q
Edge detection can be placed at this point 2004 MAPLD 35 VHDL Synthesis Introduction
Need an Edge Detection for the Input signal
• Remember – there is a difference between the input clock and the FPGA system clock (asynchronous)
• Goal: Capture data while data is stable (avoid metastability)
• We want to detect an edge of the input control (DCLK), then look at the envelope (DENV) - see if it is active, then grab the data.
• Why the edge and not the level …We only want to sample input data once per input clock period … at a stable place in the clock period … • Which edge should we use (falling or rising)?… 2004 MAPLD 36 VHDL Synthesis Introduction
Analysis
• Most people will want to capture at the falling edge because data is known to be stable there. • However, once you detect the stable edge you only have half an input clock period minus overhead … minus data to clock skew … • Therefore – you will be required to implement a much faster system clock 2004 MAPLD 37 VHDL Synthesis Introduction
Positive Edge Clock Transition - Data changes Negative Edge Clock Transition - Data stable CLOCK Input Data Input Data1 Data2 Data3 If we implement a detection scheme that looks for the falling edge of the clock - we only have half a clock to do the detection and capture data - thus designer must use a fast clock relative to the input clock - may be impossible to implement!!!!!!
If we implement a detection scheme that looks for the rising edge of the clock - we have more time (approx. 1 clock cycle) to do the detection and capture data - This enable the designer to 2004 MAPLD VHDL Synthesis Introduction
Rising Edge Detection Example CLOCK Input Data Input Now we have plenty of time to grab the new data Data2 Data3 Data1 Data is valid after the delay for clock detection is complete!
Falling Edge Detection Example CLOCK Input Data Input 2004 MAPLD Data1 Not too much time left to grab data - need FAST internal FPGA clock Data2 39 Data3 VHDL Synthesis Introduction
Best Choice
• Look for the rising edge of the input clock. Although data is changing here… by the time you actually detect the clock – data will be valid!
• Remember – because the DCLK is asynchronous to your FPGA, it must go through a metastability filter before you can sample – THIS TAKES TIME … how much?… 2004 MAPLD 40 VHDL Synthesis Introduction
Synchronous Signal Clock Rising Edge Detect Circuit D SET
Q
CLR
Q
If signal=’1' and signal_d1 = ‘0’ then edge_det <= ‘1 FPGA system clock Synchronous signal — want to edge detect Synchronous signal — 1 cycle delay: DFF output
Output of edge detection
2004 MAPLD 41 VHDL Synthesis Introduction
Metastability Filter uses DFFs … data only gets passed at a clock edge Signal from other clock domain D 0 SET
Q
CLR
Q
D 1 SET
Q
CLR
Q
Edge detect only performed after 2 nd Meta DFF 2 D SET
Q
CLR
Q
Clock 2004 MAPLD 42 VHDL Synthesis Introduction
Design Decision…
• Envelope will be captured by one DFF (no metastability filter) and will be “anded” with the clock edge detect in order to enable data capture …’ • I.e. if the clock edge is detected and the envelope is valid then capture data. Thus the data does not go through a metastability filter either!!! Saves gates and is safe – we only look at data (and envelope when they are stable – the input clock edge tells all ) • We can use only one DFF because the enable is guaranteed to be stable by the time the clock edge is detected …clock edge detection has to take at least 2 system clock cycles – by then envelope is clean.
• Why not send the DENV signal through a metastability filter too??
2004 MAPLD 43 VHDL Synthesis Introduction
Do not send both the Clock and Envelope Asynchronous Signal through a Metastability Filter Asynchronous clock Input D SET
Q
D SET
Q
Clock_d2 Clock CLR
Q
CLR
Q
Asynchronous Envelope Input Evn_d2 D SET
Q
CLR
Q
D SET
Q
CLR
Q
Watch Out!!!!!!!
Data is captured at the rising edge of the clock detection … but env_d2 is not valid Yet!!!! We will miss the first piece of DATA!!!!!!!!!!!!!
Clock Input Clock_d2
Skew < 10 ns
Rising edge detect Env 2004 MAPLD Env_d2 44 Env_d2 not valid yet VHDL Synthesis Introduction
Input Clock Signal D 0 SET
Q
CLR
Q
D 1 SET
Q
CLR
Q
Rising Edge detect only performed after 2 nd Meta DFF D 2 SET
Q
CLR
Q
D SET
Q
E CLR
Q
Data Input Clock Input clock Missed this edge Data capture happens in approximately 3 clock cycles FPGA system clock Input Clock DFF0 DFF1 DFF2
Rising_edge_detect Rising edge is detected because DFF1= ‘1’ and DFF2 = ‘0’ during this clock cylce
DATA Input D0 2004 MAPLD DFF 45 D0 VHDL Synthesis Introduction
FPGA system clock Input Clock Input clock Captured at this edge: Data Capture happens with in 2 system clock cycles DFF0 DFF1 DFF2 DATA Capture DFF 2004 MAPLD 46 VHDL Synthesis Introduction
Metastability Filter Recap:
• Choose only one signal (control signal) to send through the metastability filter – avoid skew of asynchronous input signal near clock edge problems • Determine where the signals are stable relative to the incoming control signal • Sample and grab data • Do a complete timing analysis: watch out for skew, setup & hold, input clock frequency vs. system clock frequency.
• Watchout!!!! For large Fan-out of output of metastability filter – Synthesis tool may duplicate the filter. This will cause data to possibly be out of sync within different portions of the circuit – use a don’t_replicate attribute on the filter output
47 VHDL Synthesis Introduction
Metastability Filter Recap:
• Remember – Our example’s timing analysis applies to capturing the data relative to the same edge of the input clock that the input data changes spec. choose a slower clock requirements.
– we can do this because we have a delay due to the metastability filter and this delay is larger than the 10 ns skew (between the clock, data, and envelope) listed in the • We chose to capture data relative to the same clock edge that the input data changes so that we can – slower clock means less power and easier design implementation 2004 MAPLD 48 VHDL Synthesis Introduction
Metastability Filter Recap:
• The designer could make the decision to capture data relative to the edge that the input clock is changing there – however, that would require a much faster FPGA system clock for proper implementation -- see timing analysis. • The designer could also choose to send the DENV and DDATA lines though metastability filters (not a good choice – unnecessary extra logic). However, this can only be done if you detect the input clock where data and envelope are stable …and capture – otherwise (due to skew) incorrect results can occur 2004 MAPLD 49 VHDL Synthesis Introduction
Based on the two previous Cases…Best and Worse
• Upon the worse case – we see that we will need at least 3 FPGA system clock cycles to capture the data… however we also need some overhead (20%) due to variations in environment (voltage, temperature, clock skew, process…) • Clock needs to be… 3x < 100 ns - .20x –10 ns X becomes about 28.125 ns … or 36MHZ For ease …Lets choose a 40 MHZ FPGA system clock (25 ns clock period … definitely fast enough) 2004 MAPLD 50 VHDL Synthesis Introduction
Rule of Thumb: Asynchronous Data Capture • Use a system clock that is 4 times faster than input clock… if possible… • Otherwise you might be able to use both edges of the clock – can be tricky • Or… use an asynchronous FIFO to capture the input data and then extract the data with the system clock … great choice if input clock and data rates are too fast!
2004 MAPLD 51 VHDL Synthesis Introduction
Rule of Thumb: Asynchronous Data Capture (cont…) • Only send one signal – a control signal – through a metastability filter. Otherwise, signal skew can cause data to be incorrectly captured.
• Determine where to sample the control signal such that data is stable (under all conditions) • Use an edge detection circuit on your control signal (after the metastability filter) because your clock domain will be faster than your input clock domain.
• Use this one-cycle edge detection output to control data capture and other necessary functions – avoids multiple samples or counts per clock/data input pair 2004 MAPLD 52 VHDL Synthesis Introduction
Next…Now that we figured out the FPGA System Clock Frequency … Let’s Construct the Input Block • We need to shift the data into a shift register • Count how many bits we have shifted in – this will need 4 bits in order to count to 16 • Once we have captured 16 data bits… store the shift register into a Dout (data out) register and raise a ready flag. • For our design, ready flag will only be valid for one system clock cycle • Dout will only change once a full 16 bits have been captured into the shift register.
• Let’s check out the VHDL code 2004 MAPLD 53 VHDL Synthesis Introduction
How Does VHDL Tie Into This?
• We need to create DFF’s and we need to create combinatorial logic.
• DFF’s store information and can only change at a clock edge.
– Counters – Delay elements (I.e. an edge detection delay) – Flags – Shift registers 2004 MAPLD 54 VHDL Synthesis Introduction
How Do We Create a DFF in VHDL ?
• Our job is to direct the synthesis tool to do exactly what we want… its difficult to get precisely what you want if you do not take the time to understand how the tool works.
• The synthesis tool looks for: -- sensitivity list for clock and reset process(sysclk,reset) begin if reset = '0' then DFF <= ‘0’; Elsif rising_edge(sysclk) then DFF <= data; end if; End process; -- connect the reset to the DFF -- DFF gets a constant at reset -- clock connection -- at clock edge DFF gets new data 2004 MAPLD 55 VHDL Synthesis Introduction
Using a DFF Enable connection
process(sysclk,reset) begin -- sensitivity list for clock and reset if reset = '0' then -- connect the reset to the DFF DFF <= ‘0’; -- DFF gets a 0 at reset Elsif rising_edge(sysclk) then if enable = ‘0’ then DFF <= data; end if; end if; End process; -- if statement creates an enable condition -- at clock edge and enable DFF gets data 2004 MAPLD 56 VHDL Synthesis Introduction
Using an Enable Connection
• In our case, we only want to capture data, and then count up (we’re counting how many bits we have), once per clock/data input pair. • This input is generated at a slower rate than our FPGA internal clock. So it sits around for several of our clock periods.
• Thus we will use an enable that is only valid for one clock cycle in order to capture data and count it.
• This enable (as described earlier) will be active if we have detected a rising_clock_edge and an active envelope signal 2004 MAPLD 57 VHDL Synthesis Introduction
FPGA CLOCK FPGA CLOCK is faster than CLOCK/ DATA Input DCLK (Clock Input) DDATA (Data Input) DENV (Envelope) Rising_clock : occurs 2 FPGA clock edges after DCLK transition occurs because of metastability filter Env_reg ==DENV delayed by one cycle
Enable for capturing and counting data => rising_clock is ‘1’ and
2004 MAPLD
env_reg is ‘1’
Data1 58 Data2 Data3 VHDL Synthesis Introduction
Using an If statement in VHDL can create a direct connection to a DFF Enable pin - This depends on the Technology being targeted
From Metastability Filter and edge detection of input clock edge: DCLK CLOCK rising_edge_detect ENV_reg D SET
Q
E CLR
Q
Notice we are connecting to the enable of the DFF by using an if statement inside the sequential process
This enable has been designed to only be active for one FPGA clock signal
elsif rising_edge(sysclk) then if rising_clk = '1' and env_reg = '1' then counter <= counter+1; data_shft <= data_shft(14 downto 0) & DDATA 2004 MAPLD 59 end if; -- clock connection -- enable connection -- 4 DFF’s created here - 16 DFF’s created here VHDL Synthesis Introduction
Synchronous Shift Register: Shifts at each clock edge - Can also use an enable (VHDL if statement to selectively shift)
Q
SET D
d11
Q
CLR
...
Q
SET D
d2
Q
CLR
Q
SET D
d1
Q
CLR
Q
SET D
d0
Q
CLR D_in 11 10
Bit positions (11 downto 1) Bit position 0 Shifting
: shft_reg <= shft_reg(10 downto 0) & data_in 10 9 9 8 8 7 7 6 6 5 5 4 4 3 3 2 2 1 1 0 0 D_in0 Bi t 11 gets lost
Assuming shft_reg is defined as 12 bits it is the same as:
shft_reg(11 downto 0) <= shft_reg(10 downto 0) & data_in 11 10 9 8 2004 MAPLD 10 9 8 7 9 8 7 6 8 7 6 5 7 6 5 4 6 5 4 3 60 5 4 3 2 4 3 2 1 3 2 1 0
Sysclk n
2 1 1 0 0 D_in0
Sysclk n+1
D_in0
Sysclk n+2
D_in1 0 D_in0 D_in1 VHDL Synthesis Introduction
Sysclk n+3 D_in2
Metastability Filter Implementation within a Device without built in Mitigation
• A tradeoff analysis between mitigation techniques should be performed based off of: – clock speed – transient pulse width and probability of occurrence – additional area due to of an increase of logic gates • Example: Distributed TMR with asynchronous inputs incurs a larger fanout (vs. shared TMR) on the DFF that can go metastable – this increases the probability of metastability on the second DFF of the metastability filter. However, with a slow enough clock speed, this may not be an issue.
2004 MAPLD 61 VHDL Synthesis Introduction
FIFO Memory Control
2004 MAPLD 62 VHDL Synthesis Introduction
FIFO Memories
• Definition: First in – First out memory • Simultaneous write and read access to memory (dual port) • Data written into a FIFO is sequentially read out in a pipelined manner – such that the first written will be the first read 2004 MAPLD 63 VHDL Synthesis Introduction
General Package
WR_CLK DATA_IN FIFO_FULL 2004 MAPLD RD_CLK DATA_OUT FIFO MEMORY 64 FIFO_EMPTY VHDL Synthesis Introduction
FIFO Memory Ports
• Input port: write • Output port: read • Each port has an associated pointer (I.e. counter, address) • No random access • Write operation will increment the write pointer • Read operation will increment the read pointer 2004 MAPLD 65 VHDL Synthesis Introduction
2004 MAPLD Read Pointer = 1 Write Pointer = 4 The contents of memory location 1 is available on the data output pins If a read is invoked the contents of address location 2 is on the output data pins If a write occurs then the input data bus is written to address location 4 0
Read Pointer
1 2 3 Write Pointer 4 5 66 N-3 N-2 N-1 N VHDL Synthesis Introduction
Clock Domains
• READ enable and READ pointer is synchronous to the read domain (rd_clk) • WRITE enable and WRITE pointer is synchronous to wr_clk • Rd_clk and wr_clk do not have to be synchronous!!!!!… Asynchronous FIFO 2004 MAPLD 67 VHDL Synthesis Introduction
Rd_clk D SET
Q
1 CLR
Q
Each of these bits are DFFs Read Pointer = 25 0 0 0 0 0 0 1 1 0 1 1 Write Pointer = 31 0 0 0 0 0 0 1 1 1 1 1 2004 MAPLD WR_clk 68 D SET
Q
1 CLR
Q
VHDL Synthesis Introduction
Write Pointer Are we full or empty?
0 1 2 3 4 5
Read Pointer
2004 MAPLD N-3 N-2 N-1 N 69 VHDL Synthesis Introduction
WR_CLK WR_EN DATA_IN FIFO_FULL
New Package
RD_CLK RD_EN DATA_OUT FIFO MEMORY 70 FIFO_EMPTY VHDL Synthesis Introduction 2004 MAPLD
FIFO Full and Empty
• FIFO full when both pointers are equal • FIFO empty when both pointers are equal • Use an extra bit (MSB of counter) as a flag – If MSB’s are equal : Both pointers have wrapped around the memory an equal amount of time: EMPTY – If MSB’s are not equal: Write pointer has wrapped around one more cycle than the read - FULL 2004 MAPLD 71 VHDL Synthesis Introduction
Pointer Compare
• How do we compare two pointers (counters) that are located in two different clock domains?
2004 MAPLD 72 VHDL Synthesis Introduction
Rd_clk D SET
Q
1 CLR
Q
Each of these bits are DFFs Read Pointer = 25 0 0 0 0 0 0 1 1 0 1 1 Write Pointer = 31 0 0 0 0 0 0 1 1 1 1 1 COMPARE 2004 MAPLD WR_clk 73 D SET
Q
1 CLR
Q
VHDL Synthesis Introduction
Synchronization
• We need to synchronize the pointers before we do a compare (test for empty or full) • Full Test: – Can not write another item if full!
– As soon as write pointer reaches the read pointer set full flag – Synchronize the read pointer to the write clk before doing compare 2004 MAPLD 74 VHDL Synthesis Introduction
Synchronization
• Empty Test: – Can not read another item if empty!
– As soon as read pointer reaches the write pointer set empty flag – Synchronize the write pointer to the rd_clk before doing compare 2004 MAPLD 75 VHDL Synthesis Introduction
Rd_clk D SET
Q
1 CLR
Q
Synchronizing the Rd counter to the wr_clk
Desired Synchronization: Each DFF (BIT) will go through a metastability synchronizing filter:
0 1 1 1
T0
2004 MAPLD WR_clk D SET
Q
1 CLR
Q
D SET
Q
CLR
Q
76 0 1 1 1 VHDL Synthesis Introduction
WT0
Rd_clk D SET
Q
1 CLR
Q
Synchronizing the Rd counter to the wr_clk Desired Synchronization: Each DFF (BIT) will go through a metastability synchronizing filter:
0 1 1 1 1 0 0 0
T0
Every bit of the read counter has changed in the Rd_clk domain - that’s ok for the rd_clk domain but...
T1
2004 MAPLD WR_clk D SET
Q
1 CLR
Q
D SET
Q
CLR
Q
What happens if a rd_clk happens at a wr_clk edge!
Every bit is changing - may catch it in the wr_clk domain may not!
77 ?
0 ?
1 1 1
WT0
?
WT1
?
VHDL Synthesis Introduction
Synchronization Solution
• Use Gray Code Counter • Only 1 bit changes per clock period.
• Will not end up with a non deterministic value • May still miss the bit as it changes, but will catch it by the next cycle • Algorithm: – Convert the binary counters to Gray – Send the Gray encoded counter through a metastability filter in the other clock domain – The other clock domain will convert the Gray encoded counter (output of metastability filter) back to binary – The other clock domain will use the newly converted binary encoded counter to make a comparison with its counter 2004 MAPLD 78 VHDL Synthesis Introduction
Gray Code Counters
• Very easy to implement … only 1 bit changes per transition 0000 0001 0011 0010 0110 0111 0101 0100 1100 1101 1111 1110 1010 1011 1001 1000 2004 MAPLD 79 VHDL Synthesis Introduction
FIFO VHDL CODE
• Please see handout 2004 MAPLD 80 VHDL Synthesis Introduction
State Machines
2004 MAPLD 81 VHDL Synthesis Introduction
Definition of Fault Tolerance
• Masking or recovering from erroneous conditions in a system once they have been detected • The degree of fault tolerance implementation is defined by your system level requirements… I.e. what actually is acceptable behavior upon error • Questions that must be answered within the system requirements documentation: – Does your system only need to detect an error?
– How quickly must the system respond to an error?
– Must your system also correct the error?
– Is the system susceptible to more than one error per clock cycle?
2004 MAPLD 82 VHDL Synthesis Introduction
Synchronous State Machines
• A Finite State Machine (FSM) is designed to deterministically transition through a pattern of defined states • A synchronous FSM transitions according to a clock edge and only accepts inputs that have been synchronized to the same clock • Generally FSMs are utilized as control mechanisms • Concern: – If an SEU occurs within a FSM, the entire system can lock up into an unreachable state 2004 MAPLD 83 VHDL Synthesis Introduction
Synchronous State Machines
• The structure consists of four major parts: – Inputs – Current State Register – Next State Logic – Output logic Inputs
Clock
Next State 2004 MAPLD 84 VHDL Synthesis Introduction
Encoding Schemes
• Each state of a FSM must be mapped into some type of encoding (pattern of bits) • Once the state is mapped, it is then considered a defined (legal) state • Unmapped bit patterns are illegal states
Example: Five states need to be mapped.
There is only one input: Start
IDLE
Start=1
GetData Process Data Start=0 BadData Send Data 2004 MAPLD 85 VHDL Synthesis Introduction
2004 MAPLD
Encoding Schemes
Registers: binary encoding Good state : SEND_DATA
STATES (5): IDLE SEND_DATA :000 GET_DATA :001 PROCESS_DATA:010 BAD_DATA :011 :100 1 1 0 1 0 0
Bad state: unmapped
STATES (5): IDLE GET_DATA PROCESS_DATA:00100 BAD_DATA :01000 SEND_DATA :00001 :00010 :10000
Registers: One Hot encoding
1 0
Good state : SEND_DATA
0 0 0 1 1 0 0 0
Bad state: unmapped
86 VHDL Synthesis Introduction
Safe State Machines???
• A “Safe” State Machine has been defined as one that: – Has a set of defined states – Can jump to a defined state if an illegal state has been reached (due to a SEU).
• Precision and Leonardo Synthesis tools offer a “Safe” option:
TYPE states IS ( IDLE, GET_DATA, PROCESS_DATA, SEND_DATA, BAD_DATA ); SIGNAL current_state, next_state : states; attribute SAFE_FSM: Boolean; attribute SAFE_FSM of states: type is true;
• Designers Beware!!!!!!!
– If using a CASE statement to implement the state machine: The others (or default) clause in your HDL is ignored by the synthesis tools. This logic will not get synthesized unless you explicitly attribute your FSM as “Safe” – Some versions of synthesis tools will not synthesize a “Safe” One-Hot 2004 MAPLD 87 VHDL Synthesis Introduction
Binary Encoding: How Safe is the “Safe” Attribute?
• If a Binary encoded FSM flips into an illegal (unmapped) state, the safe option will return the FSM into a known state that is defined by the others or default clause • If a Binary encoded FSM flips into a good state, this error will go undetected. – If the FSM is controlling a critical output, this phenomena can be very detrimental!
– How safe is this?
2004 MAPLD 88 VHDL Synthesis Introduction
2004 MAPLD
Safe State Machines???
State(1) Flips upon SEU: Using the “Safe” attribute will transition the user to a specified legal state upon an SEU
2 1 0 1 0 0
Good State
1 1 0
Illegal State: unmapped
STATES (5): IDLE TURNON_A TURNOFF_A TURNON_B TURNOFF_B :000 :001 :010 :011 :100
Using the “Safe” attribute will not detect the SEU: This could cause detrimental behavior
2 1 0 0 0 1
Good State: TURNON_A
0 1 1
legal State: TURNON_B
89 VHDL Synthesis Introduction
One-Hot vs. Binary
• There used to be a consensus suggesting that Binary is “safer” than One-Hot – Based on the idea that One-Hot requires more DFFs to implement a FSM thus has a higher probability of incurring an error • This theory has been changed!
– The community now understands that although One-Hot requires more registers, it has the built-in detection that is necessary for safe design – Binary encoding can lead to a very “un-safe” design 2004 MAPLD 90 VHDL Synthesis Introduction
One-Hot vs. Binary Analysis
• One-Hot – Synthesis “Safe” directive will generally not work – FSM becomes too large – Each state in a One-Hot encoding has a hamming distance of two.
– Error Detection: • During normal operation, only one bit is turned on, thus It inherently has SEU error detection • SEU Error detection can be accomplished using combinational logic • SEUs occurring near a clock edge will always be detected • Binary – Synthesis “Safe” directive generally will not meet requirements – can flip into a good state undetected – Binary Encoding has a hamming distance of One – Error Detection: • It needs extra DFFs in order to implement error detection • Utilizing an extra DFF can cause a SEU to go undetected due to glitches and routing differences between combinational logic and DFFs.
2004 MAPLD 91 VHDL Synthesis Introduction
Conclusion of One-Hot vs. Binary
• Within a reliable architecture, it is best for the designer to use a one-hot state machine. True Error detection can be accomplished. • However, if your system needs error correction, a more complex encoding scheme is required 2004 MAPLD 92 VHDL Synthesis Introduction
FSM SEU: Error Correction : Using Companion States
• There exists many publications on Error Correction theory. • None directly address how to correctly implement FSM fault correction while using current day synthesis tools.
– Glitch control: Generally synthesis tools will produce “glitchy” logic – Synthesis “optimization” algorithms will erase the necessary redundancy for EDAC – The user must sometimes hand instantiate logic – The user must place the necessary attributes to avoid redundant logic erasure.
2004 MAPLD 93 VHDL Synthesis Introduction
Error Correction within One Cycle: Using Companion States
2004 MAPLD STATED Outsig=’0'
Original FSM
Intrans=’0' STATEA Ousig=’1' Intrans=’1' STATEB Outsig = ‘0’ STATEC Outsig=’0' 94 VHDL Synthesis Introduction
Error Correction within One Cycle: Using Companion States
• 1.
Find an encoding such that the states have a hamming distance of 3 (at least 3 bits must be different from state to state)...
00000 (state-A), 11100(state-B), 01111(state-C), 10011(state-D). • Five bits are necessary to encode a four-state machine in order to achieve the required hamming distance of three.
2004 MAPLD 95 VHDL Synthesis Introduction
Error Correction within One Cycle: Hamming 3 Encoding …Using Companion States
• For each encoding, calculate the companion encodings such that the hamming distance is one… for example: – Companion encoding for state A (00000) is: • 00001,00010,00100,01000,10000 – Companion encoding for state B (11100) is: • 11101,11110,11001,10100,01100 2004 MAPLD 96 VHDL Synthesis Introduction
Error Correction within One Cycle: Using Companion States
• When implementing the state machine, state A is encoded as 00000 and then (theoretically) “ OR-ed ” with all of its companion encodings. This covers all possible SEUs • Do the same for all other states • Use the output of the “ OR-ed ” states to determine next state logic. – Thus if a bit flips … the companion state will catch it and the FSM will be able to correctly determine the next state • Be careful! The “ OR ” logic is more complex than simply using a string of “ OR ” gates .
2004 MAPLD 97 VHDL Synthesis Introduction
Error Correction within One Cycle: Glitch Control
• One major issue that is extremely overlooked is SEUs are asynchronous and can occur near clock edges • If this occurs, your error checking logic may cause a glitch • Due to routing timing differences, this can cause incorrect values to be latched into the current state registers.
• Refer to a Karnaugh Map for glitch-less implementation • The designer may have to hand instantiate the logic if the synthesis tool does not adhere to the VHDL as expected 2004 MAPLD 98 VHDL Synthesis Introduction
Error Correction within One Cycle: Glitch Control
State(0) 00 00 01 11 10
1 1
1 01 1 11 State(2) 10
1
State(3) State(1) StateA companion states SOP (including State(4) dimension): State(0)State(1)State(2)State(3) + State(0)State(1)State(2)State(4) + State(0)State(1)State(3)State(4) + State(0)State(2)State(3)State(4) + 2004 MAPLD State(1)State(2)State(3)State(4) 99 VHDL Synthesis Introduction
Error Correction within One Cycle: Glitch Control
• The designer will have to include the synthesis directives: – Preserve_driver – Preserve_signal • Always check the gate level output of the synthesis tool.
2004 MAPLD 100 VHDL Synthesis Introduction