The Three Witches: Preventing Glitch Nightmares on CDC Paths

During the synthesis and power optimization processes, many CDC errors can be introduced unknowingly. Possible CDC issues that can be brought about by synthesis include:

• New glitch-prone combinational logic in CDC paths
• New CDC paths due to insertion of power, test, or safety logic
• Existing CDC synchronization structures may break due to logic optimizations

Hence, CDC verification is not only necessary at the RT level; it is also essential at the gate level. At the RTL, the focus is on identifying the clock domains and CDC paths by recognizing the CDC structures and schemes. At the gate level, CDC paths with multiplexer or combinational logic are often prone to glitch defects that can be introduced during the synthesis, timing, and power optimization processes. If CDC verification is only done at the RTL, such glitch defects can easily be missed and lead to costly post-silicon chip failure.^1,3 Based on our experience deploying Questa Signoff CDC on multiple projects with our customers, we have learned that:

1. Potential glitches can be generated from different types of CDC paths. It is essential to identify them clearly so that algorithms can be created to analyze them effectively.
2. Gate-level CDC analysis takes a long time (from a few hours to a few days). If refinements must be made, it is much more efficient to restart from the last step instead of beginning again.
3. As design complexity continues to grow, it is essential to support a heterogeneous hierarchical approach. At the same time, as memory consumption continues to grow, it is useful to identify parallelism in the process and enable a divide-and-conquer strategy.

In this paper, we first explain the glitch problems in various types of CDC paths. Then we summarize an automated formal-based glitch detection methodology.² The methodology utilizes structural CDC analysis, expression analysis, and formal methods to prune and prove real glitches in a design. In order to handle much more complex designs with even longer run times, we have fractionated the previous methodology into a much more flexible, hierarchical, multi-stage and multi-processing flow. We describe the stages of the flow and how to achieve parallel processing.

The Three Witches of Glitch

A glitch generated in one clock domain can be captured unintentionally by a register in the receiving clock domain if the glitch passes through a CDC path. Although some unsynchronized CDC paths may be deemed safe due to stable signals, such as configuration or mode registers, most unsynchronized CDC paths are not.

The three types of CDC paths (our Three Witches [4]) that cause potential glitches are:

1. Data mux synchronized paths
2. Combinational logic before synchronizers
3. Unsynchronized single-bit or multi-bit paths

^{Figure 1: Distribution of CDC paths in a design project}

The figure above summarizes the four major types of CDC paths in a design. Static and dynamic combinational glitches can happen on three of these four types of CDC paths, the excepting being glitch-safe CDC paths.