Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

VHDL Synthesis for High-Reliability Systems

advertisement 
Methodologies for Reliable Design
Implementation
Melanie Berg
NASA Office of Logic Design
2004 MAPLD International Conference
September 8-10, 2004
Washington, D.C.
2004 MAPLD
1
VHDL Synthesis Introduction
Overview
• This session will present methodologies for
reliable design implementation
• Designs that are covered will first be explained.
Following the design description, the
corresponding VHDL will be presented
• Topics that will be covered:
–
–
–
–
–
Counters: Ripple vs. Synchronous
Triple Mode Redundancy (TMR)
Asynchronous Clock domain crossing
FIFO Memories
State Machines and Mitigation
2004 MAPLD
2
VHDL Synthesis Introduction
Common VHDL/Synthesis Misperceptions
• VHDL and its synthesis tools produce
unexpected results
• VHDL does not produce efficient circuitry
• The synthesis tool will not produce what is
desired
• VHDL is for software folks
2004 MAPLD
3
VHDL Synthesis Introduction
VHDL and Design
• One should not start writing VHDL code until the
design is well understood and analyzed
• Anyone can pick up a VHDL book and learn
syntax
• Anyone can pick up a synthesis manual and
learn directives
• But how do we create reliable circuits?
2004 MAPLD
4
VHDL Synthesis Introduction
Key Ingredients for Successful and Reliable
Designs: VHDL through Synthesis
•
•
•
•
Remember … the goal is to design reliable hardware.
VHDL – looks like software, however, the designer must understand proper
hardware design techniques including the electrical characteristics of the
employed technology
VHDL RTL must functionally match gate level (post synthesis) for simulation
purposes. This requires enforcing strict coding rules
Designer must be familiar with the synthesis tools and their interpretation of
VHDL code
–
–
–
–
–
–
–
–
–
Combinatorial circuits vs. Sequential
Clock structures and potential skew
Proper State machine implementation
Arithmetic circuitry
Clock domain crossings
Reset logic
Mitigation
When to use specific Synthesis directives
Etc…
• VHDL Coding Style is very important
2004 MAPLD
5
VHDL Synthesis Introduction
What is the Importance of VHDL Coding
Styles.
• No Synthesis tool can be as efficient as proper
Coding Style
• ASICS and FPGAs will be smaller and faster.
• Proper VHDL Coding Style is easier to verify
• We would like to shorten the Design Cycle.
Coding Style will affect
– Quality of Synthesis: drive to tool to better results,
– FPGA mapping or design: can take advantage of the technology
– Place and Route: designs that are well thought out will have a
clean route
2004 MAPLD
6
VHDL Synthesis Introduction
Coding Style Specifics - Think “Hardware”
• Architect with comprehension of your target’s
features (ASIC and FPGA)
• Separate Combinational and Registered blocks
• Watch out for inferred latches
• Pay attention to large fan-out nets
• Consider how you code state machines
• Be careful with designing long paths of logic
• Be aware of when you are able to use Resource
sharing
2004 MAPLD
7
VHDL Synthesis Introduction
Code Restructuring
If (Aflag=‘1’) outdata <= Adata;
elsif (Bflag=‘1’) outdata <= Bdata;
elsif (Cflag=‘1’) outdata <= Cdata;
else outdata <= ‘0’;
• What circuit structure does this code produce?
• Which line of code is likely to be in the critical
path?
2004 MAPLD
8
VHDL Synthesis Introduction
Answer:
If (Aflag = ‘1’) outdata <= Adata;
elsif (Bflag = ‘1’) outdata <= Bdata;
elsif (Cflag = ‘1’) outdata <= Cdata;
else outdata <= ‘0’;
Bdata
Adata
outdata
Cdata
0
Cflag
2004 MAPLD
Bflag
Aflag
9
VHDL Synthesis Introduction
Code for Late-Arriving Signal
if (cflag=‘1’ and aflag=‘0’ and bflag=‘0’)
outdata <= Cflag;
elsif (aflag=‘1’)
outdata <= Aflag;
elsif (bflag=‘1’)
outdata <= Bflag;
else outdata <= ‘0’;
Cdata
Bdata
Adata
mux
mux
0
outdata
mux
Bflag
Aflag
and
Cflag
2004 MAPLD
10
VHDL Synthesis Introduction
Duplicating Logic to Improve Speed
• Most synthesis tools have a fanout control
– Be careful, the tools don’t always pick the best
implementation creating a more difficult design to place
and route
• Better to explicitly duplicate logic in code
– you may need to use the syn_keep option for
combinational logic
• Good Examples to duplicate:
–
–
–
–
2004 MAPLD
Address and control lines to large RAM
Clock enables
Synchronous reset signal
Other high fanout nets
11
VHDL Synthesis Introduction
Pipelining Logic to Improve Speed
• Pipelining is most efficient for critical paths
which can not be fixed by special coding
schemes.
• Some may think that it will increase area.
However, with very long paths, synthesis
may be duplicating logic in order to meet
timing. Pipelining can reduce the
replication.
• It also will help while in Place and route
2004 MAPLD
12
VHDL Synthesis Introduction
Synthesis Tools
• Synthesis Optimization Algorithms are geared towards
synchronous designs.
– Unexpected synthesis gate level output can occur if the design is
extremely asynchronous – tool gets confused
• The major parameters within the optimization algorithm
are Timing and area
– Timing is measured from a starting DFF (or input) through a
combinatorial path to the next DFF (or output). Timing can only
accurately be measured (during optimization) when the DFFs are
connected to the same clock
– Redundancy within VHDL code is usually synthesized away (area
optimization). The designer must place synthesis directives (attributes)
on the nets that are part of the redundant path
2004 MAPLD
13
VHDL Synthesis Introduction
Synthesis Tools
• Designers should beware of push-button mitigation
within synthesis.
– Mitigation must be glitch-free
– Safe directive for state machines is not effective … false sense of safety
– When logic is added after VHDL-RTL phase, it is generally
difficult/tedious to verify. Remember, reliable circuits must be verified
– Companies are aware and are working on some of these issues
• Synthesis output can be trusted if proper synchronous
design techniques (including cleanly written VHDL) are
followed. However, Formal Verifiers are needed! This
will increase our test coverage.
– Companies are also aware of this… but … where is it?
2004 MAPLD
14
VHDL Synthesis Introduction
Reliability
• Design can be verified to work under worse case
conditions
• Aerospace specifics includes verifiable mitigation
techniques under worse case conditions
• Circuit has predictable behavior
• Circuit has a definable reset state
• Bottom line is to Use the following Techniques:
– Design for Verification (DFV)
– Design for Test (DFV)
– Design for Reliability (DFR)
2004 MAPLD
15
VHDL Synthesis Introduction
Example: Reliability…Assumes a
Technology with no Built-in TMR
2004 MAPLD
16
VHDL Synthesis Introduction
Unreliable Circuit Design Example: Ripple
Counters
0
D
SET
CLR
1
D
Q
Q
SET
CLR
2
Q
D
Q
SET
CLR
3
Q
Q
D
SET
CLR
Q
Q
N MHz
reset




SEU Hits Bit 0 as output of Bit 1 changes.
Bit 1 can go metastable.
Bit 1 output can Oscillate.
Clock pin to Bit 2 will Oscillate: Will violate DFF specifications can damage the FPGA
 As the input clock frequency increases, the probability of this
event occurring grows exponentially
 Bottom line: DFF clock pins need to be protected.
2004 MAPLD
17
VHDL Synthesis Introduction
VHDL Example of a Data output feeding a
Clock input: Avoid for Reliability
Process (sysclk,reset)
Begin
if reset = ‘0’ then
dff0 <= ‘0’;
elsif rising_edge(sysclk) then
dff0 <= not dff0;
end if;
End process;
Process (dff0,reset)
Begin
if reset = ‘0’ then
dff1 <= ‘0’;
elsif rising_edge(dff0) then
dff1 <= not dff1;
end if;
End process;
2004 MAPLD
18
VHDL Synthesis Introduction
Adding TMR to Circuitry
• It is up to the designer to pick the strategic
places that TMR will be inserted.
• TMR must be glitch free
• TMR must be verifiable
• Synthesis directives (attributes) generally need
to be used in order to not optimize away the
Mitigation
2004 MAPLD
19
VHDL Synthesis Introduction
Shared TMR Logic
• In this scheme – The
designer must triple the
number of DFF’s.
• The DFFs feed 1 TMR
block
• If the technology is
susceptible to transients,
this method will not be
efficient
2004 MAPLD
D
SET
CLR
D
SET
CLR
D
SET
CLR
20
Q
Combinatorial
logic
Q
Q
Combinatorial
logic
Q
Q
Combinatorial
logic
Q
VHDL Synthesis Introduction
TMR
Distributed TMR
• In this scheme – The
designer must triple the
number of DFF’s and
triple the number of
inserted TMR blocks.
• Although more area
extensive, this method
adds a level of reliability,
If the technology is
susceptible to transients
2004 MAPLD
D
SET
Q
Q
CLR
D
SET
CLR
D
TMR
TMR
Q
Q
SET
CLR
21
Combinatorial
logic
Combinatorial
logic
TMR
Q
Q
Combinatorial
logic
VHDL Synthesis Introduction
More Reliable Ripple Counter – Distributed
TMR: Picture Depicts bit 0 and bit 1
One line can oscillate but the voting logic will
override
TMR
glitch
free
D
SET
CLR
Q
SET
D
Q
CLR
Q
Path A
Q
N MHz
reset
D
SET
CLR
TMR
glitch
free
D
Q
Q
SET
CLR
Q
Path B
Q
reset
TMR
glitch
free
D
SET
CLR
Q
D
Q
SET
CLR
Q
Path C
Q
reset
2004 MAPLD
22
VHDL Synthesis Introduction
More Reliable Ripple Counter – Still a
Potential Problem
• Paths delays due to routing differences are never exact
• What happens if (referencing paths A, B, and C) A, B,
and C are all logic 0 and are expected to go to a logic 1:
– Path A comes in first
– Path B comes in second (TMR logic will go to logic 1)
– Path B gets hit by a SEU – path C has not come in yet – TMR logic will
go to logic 0 … start of GLITCH!
– Path C comes in – TMR now turns on once again
• Probability can be very small to negligible – depends on
clock speed, and routing delay differences
• The glitch will have a relatively small period – will
probably violate device specifications and can damage
the device
• Also adds a major level of complexity within verification
2004 MAPLD
23
VHDL Synthesis Introduction
Synchronous Reliable Solution
• Instead of a ripple counter, use a synchronous counter
– Without Mitigation Case (no SEUs):
• Assumes a reset will clear any SEU hits that cause incorrect counting
– With mitigation (glitch free TMR for example).
• Assumes counter must always be correct for Single Event Upsets
• Clock tree feeds the clock pin – Assuming a hardened clock tree
(SET – free), SEU hits should not create DFF clock oscillations
• Data feeds data pins
• Although the SEU is Asynchronous, the glitch free TMR circuit will
override the possible metastable oscillation on the data pin.
• The following example shares TMR circuitry per stage (unlike the
other example where each path has separate TMR logic per stage).
This design choice assumes a technology that will not have (or has
an extremely low probability of) internal transient glitches or SETs.
2004 MAPLD
24
VHDL Synthesis Introduction
VHDL Synchronous Counter without
Mitigation
Counter <= counter_in;
Counter_plus_1 <= counter_in + 1 ;
Process (sysclk,reset)
Begin
if reset = ‘0’ then
counter_in <= (others=> ‘0’);
elsif rising_edge(sysclk) then
counter_in <= counter_plus_1;
end if;
End process;
2004 MAPLD
-- need special library for this statement
-- counter is resetable to a constant value
-- clock pin is connected to system clock
25
VHDL Synthesis Introduction
Post Synthesis RTL View without TMR
(non-technology dependent)
2004 MAPLD
26
VHDL Synthesis Introduction
VHDL Synchronous Counter with Mitigation
---------------------------------------------------------------------------------------------------------------------- signal declarations: For this circuit we will use 3 counters that feed into TMR voting logic.
-- the output of the TMR will be fed into a combinatorial logic for the counter.
-- the output of the combinatorial logic of the counter will be fed back into counter register
---------------------------------------------------------------------------------------------------------------------
signal counter_plus_1
: std_logic_vector(3 downto 0);
signal counter0_in
signal counter1_in
signal counter2_in
signal counter_tmr
: std_logic_vector(3 downto 0);
: std_logic_vector(3 downto 0);
: std_logic_vector(3 downto 0);
: std_logic_vector(3 downto 0);
---------------------------------------------------------------------------------------------------------------------- attributes used as synthesis directives: Important so that mitigation logic will not get optimized away
--------------------------------------------------------------------------------------------------------------------attribute syn_preserve : boolean;
attribute syn_preserve of counter0_in : signal is true;
attribute syn_preserve of counter1_in : signal is true;
attribute syn_preserve of counter2_in : signal is true;
2004 MAPLD
27
VHDL Synthesis Introduction
VHDL Synchronous Counter with Mitigation
-- generate TMR logic for each bit of counter … works across the 3 counters
-- TMR is a compiled entity in the work directory
-- TMR_OUT <= (a and b) or (a and c) or (b and c)
-- This TMR entity is written bit-wise, however, the designer can make a more
robust entity that will accept vector inputs
counter_string_tmr: for i in 3 downto 0 generate
begin
ucount_bit
: entity work.TMR
port map(
A
=> counter0_in(i),
B
=> counter1_in(i),
C
=> counter2_in(i),
TMR_OUT
=> counter_tmr(i)
);
end generate;
2004 MAPLD
28
VHDL Synthesis Introduction
VHDL Synchronous Counter with Mitigation
counter_plus_1 <= counter_tmr + 1;
counter <= counter_TMR;
Process (sysclk,reset)
Begin
if reset = '0' then
counter0_in <= (others=> '0');
elsif rising_edge(sysclk) then
counter0_in <= counter_plus_1;
end if;
End process;
Process (sysclk,reset)
Begin
if reset = '0' then
counter1_in <= (others=> '0');
elsif rising_edge(sysclk) then
counter1_in <= counter_plus_1;
end if;
End process;
Process (sysclk,reset)
Begin
if reset = '0' then
counter2_in <= (others=> '0');
elsif rising_edge(sysclk) then
counter2_in <= counter_plus_1;
end if;
MAPLD
End2004
process;
-- Output of TMR circuitry
-- counter is resetable to a constant value
-- clock pin is connected to system clock
-- counter is resetable to a constant value
-- clock pin is connected to system clock
-- counter is resetable to a constant value
-- clock pin is connected to system clock
29
VHDL Synthesis Introduction
Post Synthesis RTL View with TMR (nontechnology dependent)
2004 MAPLD
30
VHDL Synthesis Introduction
VHDL Synchronous Counter with Mitigation
Analysis
• No SEUs:
– After static timing analysis has been verified and all paths meet timing
with slack, all data is considered to be stable at each clock edge – no
concerns for metastability or incorrect data capture
• SEU Hit
– If an SEU hits a DFF, then the glitch free TMR will override any one DFF
input change (output of TMR is stable), thus, data is still considered to
be stable near a clock edge - no concerns for metastability or incorrect
data capture
• Synchronous Advantage Meets Reliability Requirements
– Easily verifiable in the RTL domain if static timing is met and gate level
is functionally equivalent to RTL
– Mitigation and general functional behavior is predictable under worse
case conditions
– TMR circuitry is verifiable (due to it being within the RTL vs being
inserted in synthesis)
– A Definable reset state exists
2004 MAPLD
31
VHDL Synthesis Introduction
Asynchronous Clock Domain
Crossing
2004 MAPLD
32
VHDL Synthesis Introduction
Asynchronous Clock Domain Crossing
• Most common problem within designs.
• Why?
– Designers usually don’t design for all corner cases – i.e. data must be
synchronized to capturing clock domain before usage
– Multiple clock domains add an extra level of complexity to the synthesis
optimization algorithm.
• The major optimization parameters for the synthesis algorithm are timing
and area
• Timing is measured for each synchronous path (DFFs connected to the
same clock tree)
• Generally, extra timing constraints are necessary when crossing clock
domains
2004 MAPLD
33
VHDL Synthesis Introduction
Design Example
• Implement a serial asynchronous input port that
receives: DCLK, DATA, and DENV. Skew relative to
DCLK will be less than 10 ns
• Input speed can range from 5Khz to 10Mhz.
• DATA and DENV will change at the rising edge of the
DCLK signal (thus will be stable at the falling edge).
• Input Data is in the form of 16 bit words MSB first.
• DENV is active high
• Technology has glitch-free hardened by design mitigation
within the silicon (attached to DFFs)
2004 MAPLD
34
VHDL Synthesis Introduction
Determine FPGA System Clock speed
• Limiting factor is the 10MHZ input – new data
can come every 100 ns
• Data is asynchronous – need a metastability
filter …
No other
connection to
these points
Asynchronous
Input
D
Clock
CLR
35
Q
Q
Reset from
clock tree
2004 MAPLD
SET
D
SET
CLR
Q
Q
VHDL Synthesis Introduction
Edge detection
can be placed
at this point
Need an Edge Detection for the Input
signal
• Remember – there is a difference between the input
clock and the FPGA system clock (asynchronous)
• Goal: Capture data while data is stable
(avoid metastability)
• We want to detect an edge of the input control
(DCLK), then look at the envelope (DENV) - see if it
is active, then grab the data.
• Why the edge and not the level …We only want to
sample input data once per input clock period …at a
stable place in the clock period …
• Which edge should we use (falling or rising)?…
2004 MAPLD
36
VHDL Synthesis Introduction
Analysis
• Most people will want to capture at the falling
edge because data is known to be stable there.
• However, once you detect the stable edge you
only have half an input clock period minus
overhead … minus data to clock skew …
• Therefore – you will be required to implement a
much faster system clock
2004 MAPLD
37
VHDL Synthesis Introduction
Positive Edge Clock
Transition - Data changes
Negative Edge Clock
Transition - Data stable
100 ns
clock
period
CLOCK Input
Data Input
Data1
Data2
Data3
If we implement a detection scheme that
looks for the falling edge of the clock - we
only have half a clock to do the detection
and capture data - thus designer must use
a fast clock relative to the input clock - may
be impossible to implement!!!!!!
If we implement a detection scheme that looks
for the rising edge of the clock - we have more
time (approx. 1 clock cycle) to do the detection
and capture data - This enable the designer to
use a slower clock - great for38power!!!! VHDL Synthesis Introduction
2004 MAPLD
Rising Edge Detection Example
Data Input
Grab data
Delay from
clock
detection
CLOCK Input
Now we have plenty of time to
grab the new data
Data1
Data2
Data3
Data is valid after the delay for
clock detection is complete!
Falling Edge Detection Example
Grab data
Delay from
clock
detection
CLOCK Input
Data Input
2004 MAPLD
Data1
Not too much time left to grab data - need
FAST internal FPGA clock
Data2
39
Data3
VHDL Synthesis Introduction
Best Choice
• Look for the rising edge of the input clock.
Although data is changing here… by the time
you actually detect the clock – data will be valid!
• Remember – because the DCLK is
asynchronous to your FPGA, it must go through
a metastability filter before you can sample –
THIS TAKES TIME … how much?…
2004 MAPLD
40
VHDL Synthesis Introduction
Rising Edge Detect Circuit
D
Synchronous
Signal
SET
Q
Clock
CLR
Q
Reset from
clock tree
If signal=’1' and signal_d1 = ‘0’ then
edge_det <= ‘1
FPGA system clock
Synchronous signal —
want to edge detect
Synchronous signal —
1 cycle delay: DFF output
2004 MAPLD
One cycle
wide edge
detect
Output of edge
detection
41
VHDL Synthesis Introduction
Metastability Filter uses DFFs … data only gets passed at a clock edge
Edge detect
only performed
after 2nd Meta
DFF
0
Signal from
other clock domain
D
SET
CLR
2
1
Q
Q
D
SET
CLR
Q
D
Q
SET
CLR
Q
Q
Reset from
clock tree
Clock
2004 MAPLD
42
VHDL Synthesis Introduction
Design Decision…
• Envelope will be captured by one DFF (no metastability filter)
and will be “anded” with the clock edge detect in order to enable
data capture …’
• I.e. if the clock edge is detected and the envelope is valid then
capture data. Thus the data does not go through a
metastability filter either!!! Saves gates and is safe – we only
look at data (and envelope when they are stable – the input
clock edge tells all)
• We can use only one DFF because the enable is guaranteed to
be stable by the time the clock edge is detected …clock edge
detection has to take at least 2 system clock cycles – by then
envelope is clean.
• Why not send the DENV signal through a metastability filter
too??
2004 MAPLD
43
VHDL Synthesis Introduction
Do not send both the Clock and Envelope Asynchronous Signal through a
Metastability Filter
Asynchronous
clock Input
D
Clock
SET
CLR
Q
D
Q
SET
CLR
Q
Q
Reset from
clock tree
Asynchronous
Envelope Input
D
SET
CLR
Q
Q
D
SET
CLR
Clock_d2
Evn_d2
Q
Q
Reset from
clock tree
Watch Out!!!!!!!
Data is captured at the
rising edge of the clock
detection … but env_d2 is
not valid Yet!!!! We will
miss the first piece of
DATA!!!!!!!!!!!!!
Clock Input
Clock_d2
Skew < 10 ns
Rising edge detect
Env
Env_d2
2004 MAPLD
44
Env_d2 not valid yet
VHDL Synthesis Introduction
Rising Edge detect only
performed after 2nd Meta
DFF
Input Clock Signal
D
0
1
SET
SET
CLR
Q
Q
D
CLR
2
Q
D
Q
SET
CLR
Q
Q
Reset from
clock tree
D
E
Data Input
SET
CLR
Q
Q
Clock
Input clock Missed this edge Data capture happens in
approximately 3 clock cycles
FPGA system
clock
Data is stable here for capture
Input Clock
DFF0
DFF1
DFF2
Rising_edge_detect
DATA Input
DATA Capture
2004 MAPLD
DFF
Rising edge is detected because
DFF1= ‘1’ and DFF2 = ‘0’ during
this clock cylce
D0
45
D0
VHDL Synthesis Introduction
Input clock Captured at this edge: Data Capture
happens with in 2 system clock cycles
FPGA system
clock
Input Clock
DFF0
DFF1
DFF2
DATA Capture
DFF
2004 MAPLD
46
VHDL Synthesis Introduction
Metastability Filter Recap:
• Choose only one signal (control signal) to send
through the metastability filter – avoid skew of
asynchronous input signal near clock edge problems
• Determine where the signals are stable relative to the
incoming control signal
• Sample and grab data
• Do a complete timing analysis: watch out for skew,
setup & hold, input clock frequency vs. system clock
frequency.
• Watchout!!!! For large Fan-out of output
of metastability filter – Synthesis tool
may duplicate the filter. This will cause
data to possibly be out of sync within
different portions of the circuit – use a
don’t_replicate attribute on the filter
output
2004 MAPLD
47
VHDL Synthesis Introduction
Metastability Filter Recap:
• Remember – Our example’s timing analysis applies
to capturing the data relative to the same edge of the
input clock that the input data changes – we can do
this because we have a delay due to the metastability
filter and this delay is larger than the 10 ns skew
(between the clock, data, and envelope) listed in the
spec.
• We chose to capture data relative to the same clock
edge that the input data changes so that we can
choose a slower clock – slower clock means less
power and easier design implementation
requirements.
2004 MAPLD
48
VHDL Synthesis Introduction
Metastability Filter Recap:
• The designer could make the decision to capture
data relative to the edge that the input clock is
changing – however, that would require a much faster
FPGA system clock for proper implementation -- see
timing analysis.
• The designer could also choose to send the DENV
and DDATA lines though metastability filters (not a
good choice – unnecessary extra logic). However,
this can only be done if you detect the input clock
where data and envelope are stable …and capture
there– otherwise (due to skew) incorrect results can
occur
2004 MAPLD
49
VHDL Synthesis Introduction
Based on the two previous
Cases…Best and Worse
• Upon the worse case – we see that we will need at least
3 FPGA system clock cycles to capture the data…
however we also need some overhead (20%) due to
variations in environment (voltage, temperature, clock
skew, process…)
• Clock needs to be…
3x < 100 ns - .20x –10 ns
X becomes about 28.125 ns … or 36MHZ
For ease …Lets choose a 40 MHZ FPGA system clock (25 ns clock period
… definitely fast enough)
2004 MAPLD
50
VHDL Synthesis Introduction
Rule of Thumb: Asynchronous Data Capture
• Use a system clock that is 4 times faster than
input clock… if possible…
• Otherwise you might be able to use both edges
of the clock – can be tricky
• Or… use an asynchronous FIFO to capture the
input data and then extract the data with the
system clock … great choice if input clock and
data rates are too fast!
2004 MAPLD
51
VHDL Synthesis Introduction
Rule of Thumb: Asynchronous Data Capture
(cont…)
• Only send one signal – a control signal – through a
metastability filter. Otherwise, signal skew can cause
data to be incorrectly captured.
• Determine where to sample the control signal such that
data is stable (under all conditions)
• Use an edge detection circuit on your control signal
(after the metastability filter) because your clock domain
will be faster than your input clock domain.
• Use this one-cycle edge detection output to control data
capture and other necessary functions – avoids multiple
samples or counts per clock/data input pair
2004 MAPLD
52
VHDL Synthesis Introduction
Next…Now that we figured out the FPGA System Clock
Frequency … Let’s Construct the Input Block
• We need to shift the data into a shift register
• Count how many bits we have shifted in – this will need
4 bits in order to count to 16
• Once we have captured 16 data bits… store the shift
register into a Dout (data out) register and raise a ready
flag.
• For our design, ready flag will only be valid for one
system clock cycle
• Dout will only change once a full 16 bits have been
captured into the shift register.
• Let’s check out the VHDL code
2004 MAPLD
53
VHDL Synthesis Introduction
How Does VHDL Tie Into This?
• We need to create DFF’s and we need to create
combinatorial logic.
• DFF’s store information and can only change at
a clock edge.
–
–
–
–
Counters
Delay elements (I.e. an edge detection delay)
Flags
Shift registers
2004 MAPLD
54
VHDL Synthesis Introduction
How Do We Create a DFF in VHDL ?
• Our job is to direct the synthesis tool to do exactly what
we want… its difficult to get precisely what you want if
you do not take the time to understand how the tool
works.
• The synthesis tool looks for:
process(sysclk,reset)
begin
if reset = '0' then
DFF <= ‘0’;
Elsif rising_edge(sysclk) then
DFF <= data;
end if;
End process;
2004 MAPLD
-- sensitivity list for clock and reset
-- connect the reset to the DFF
-- DFF gets a constant at reset
-- clock connection
-- at clock edge DFF gets new data
55
VHDL Synthesis Introduction
Using a DFF Enable connection
process(sysclk,reset)
-- sensitivity list for clock and reset
begin
if reset = '0' then
-- connect the reset to the DFF
DFF <= ‘0’; -- DFF gets a 0 at reset
Elsif rising_edge(sysclk) then
if enable = ‘0’ then
-- if statement creates an enable condition
DFF <= data;
-- at clock edge and enable DFF gets data
end if;
end if;
End process;
2004 MAPLD
56
VHDL Synthesis Introduction
Using an Enable Connection
• In our case, we only want to capture data, and then
count up (we’re counting how many bits we have),
once per clock/data input pair.
• This input is generated at a slower rate than our
FPGA internal clock. So it sits around for several of
our clock periods.
• Thus we will use an enable that is only valid for one
clock cycle in order to capture data and count it.
• This enable (as described earlier) will be active if we
have detected a rising_clock_edge and an active
envelope signal
2004 MAPLD
57
VHDL Synthesis Introduction
FPGA CLOCK is faster than CLOCK/
DATA Input
FPGA CLOCK
DCLK (Clock Input)
DDATA (Data Input)
Data1
Data2
Data3
DENV (Envelope)
Rising_clock : occurs 2
FPGA clock edges after
DCLK transition occurs
because of metastability
filter
Env_reg ==DENV delayed
by one cycle
Enable for capturing
and counting data =>
rising_clock is ‘1’ and
2004 MAPLD
env_reg is ‘1’
58
VHDL Synthesis Introduction
Using an If statement in VHDL can
create a direct connection to a DFF
Enable pin - This depends on the
Technology being targeted
From Metastability Filter and edge detection of
input clock edge: DCLK
CLOCK
rising_edge_detect
D
E
ENV_reg
SET
CLR
Q
Q
Notice we are connecting to the enable of
the DFF by using an if statement inside the
sequential process
This enable has been
designed to only be
active for one FPGA
clock signal
elsif rising_edge(sysclk) then
if rising_clk = '1' and env_reg = '1' then
counter <= counter+1;
data_shft <= data_shft(14 downto 0) & DDATA
2004 MAPLD
59
end if;
-- clock connection
-- enable connection
-- 4 DFF’s created here
-- 16 DFF’s created here
VHDL Synthesis Introduction
Synchronous Shift Register: Shifts at each
clock edge - Can also use an enable
(VHDL if statement to selectively shift)
Q
SET
D
...
d11
Q
Q
SET
D
Q
d2
Q
CLR
SET
D
SET
Q
d0
d1
Q
CLR
D_in
D
Q
CLR
Bit positions (11 downto 1)
CLR
Bit position 0
Shifting : shft_reg <= shft_reg(10 downto 0) & data_in
11
10
9
8
7
6
5
4
3
2
1
10
9
8
7
6
5
4
3
2
1
0
0
D_in0
Bi t 11
gets lost
Assuming shft_reg is defined as 12 bits it is the same as:
shft_reg(11 downto 0) <= shft_reg(10 downto 0) & data_in
11
10
9
8
7
6
5
4
3
2
1
10
9
8
7
6
5
4
3
2
1
0
9
8
7
6
5
4
3
2
1
0
8
7
6
5
4
3
2
1
0
D_in0
0
Sysclk n
Sysclk n+1
D_in0
Sysclk n+2
D_in0 D_in1
Sysclk n+3
2004 MAPLD
60
D_in1 D_in2
VHDL Synthesis Introduction
Metastability Filter Implementation within a
Device without built in Mitigation
• A tradeoff analysis between mitigation techniques
should be performed based off of:
– clock speed
– transient pulse width and probability of occurrence
– additional area due to of an increase of logic gates
• Example: Distributed TMR with asynchronous inputs
incurs a larger fanout (vs. shared TMR) on the DFF that
can go metastable – this increases the probability of
metastability on the second DFF of the metastability
filter. However, with a slow enough clock speed, this
may not be an issue.
2004 MAPLD
61
VHDL Synthesis Introduction
FIFO Memory Control
2004 MAPLD
62
VHDL Synthesis Introduction
FIFO Memories
• Definition: First in – First out memory
• Simultaneous write and read access to memory
(dual port)
• Data written into a FIFO is sequentially read out
in a pipelined manner – such that the first written
will be the first read
2004 MAPLD
63
VHDL Synthesis Introduction
General Package
WR_CLK
RD_CLK
DATA_IN
FIFO
MEMORY
DATA_OUT
FIFO_FULL
FIFO_EMPTY
2004 MAPLD
64
VHDL Synthesis Introduction
FIFO Memory Ports
• Input port: write
• Output port: read
• Each port has an associated pointer (I.e. counter,
address)
• No random access
• Write operation will increment the write pointer
• Read operation will increment the read pointer
2004 MAPLD
65
VHDL Synthesis Introduction
Read Pointer = 1
Write Pointer = 4
The contents of memory location 1 is available on the data output pins
If a read is invoked the contents of address location 2 is on the output data pins
If a write occurs then the input data bus is written to address location 4
0
1
Read Pointer
2
3
Write Pointer
4
5
N-3
N-2
N-1
N
2004 MAPLD
66
VHDL Synthesis Introduction
Clock Domains
• READ enable and READ pointer is synchronous
to the read domain (rd_clk)
• WRITE enable and WRITE pointer is
synchronous to wr_clk
• Rd_clk and wr_clk do not have to be
synchronous!!!!!… Asynchronous FIFO
2004 MAPLD
67
VHDL Synthesis Introduction
Rd_clk
D
SET
Q
1
CLR
Q
Each of these bits are DFFs
Read Pointer = 25
0
0
0
0
0
0
1
1
0
Write Pointer = 31
0
0
0
0
0
0
1
1
WR_clk
1
D
1
SET
1
Q
1
CLR
2004 MAPLD
68
Q
VHDL Synthesis Introduction
1
1
Are we full or empty?
0
1
2
3
Write Pointer
Read Pointer
4
5
N-3
N-2
N-1
N
2004 MAPLD
69
VHDL Synthesis Introduction
New Package
WR_CLK
RD_CLK
WR_EN
DATA_IN
RD_EN
FIFO
MEMORY
DATA_OUT
FIFO_FULL
FIFO_EMPTY
2004 MAPLD
70
VHDL Synthesis Introduction
FIFO Full and Empty
• FIFO full when both pointers are equal
• FIFO empty when both pointers are equal
• Use an extra bit (MSB of counter) as a flag
– If MSB’s are equal : Both pointers have wrapped around the
memory an equal amount of time: EMPTY
– If MSB’s are not equal: Write pointer has wrapped around one
more cycle than the read - FULL
2004 MAPLD
71
VHDL Synthesis Introduction
Pointer Compare
• How do we compare two pointers (counters) that
are located in two different clock domains?
2004 MAPLD
72
VHDL Synthesis Introduction
Rd_clk
D
SET
Q
1
CLR
Q
Each of these bits are DFFs
Read Pointer = 25
0
0
0
0
0
0
1
1
0
1
1
Write Pointer = 31
0
0
0
COMPARE
0
0
0
1
1
WR_clk
1
D
1
SET
1
Q
1
CLR
2004 MAPLD
73
Q
VHDL Synthesis Introduction
Synchronization
• We need to synchronize the pointers before we
do a compare (test for empty or full)
• Full Test:
– Can not write another item if full!
– As soon as write pointer reaches the read pointer set full flag
– Synchronize the read pointer to the write clk before doing
compare
2004 MAPLD
74
VHDL Synthesis Introduction
Synchronization
• Empty Test:
– Can not read another item if empty!
– As soon as read pointer reaches the write pointer set empty flag
– Synchronize the write pointer to the rd_clk before doing compare
2004 MAPLD
75
VHDL Synthesis Introduction
Rd_clk
D
SET
Synchronizing the Rd
counter to the wr_clk
Q
1
CLR
0
1
Desired Synchronization: Each DFF (BIT) will go
through a metastability synchronizing filter:
Q
1
1
T0
WR_clk
D
SET
Q
D
SET
Q
0
1
2004 MAPLD
CLR
Q
CLR
Q76
1
1
1
VHDL Synthesis Introduction
WT0
Rd_clk
SET
D
Synchronizing the Rd
counter to the wr_clk
Q
1
CLR
0
1
Desired Synchronization: Each DFF (BIT) will go
through a metastability synchronizing filter:
Q
1
1
1
0
T0
0
0
T1
Every bit of the read counter has changed in the
Rd_clk domain - that’s ok for the rd_clk domain
but...
WR_clk
D
SET
Q
D
SET
Q
0
1
CLR
Q
CLR
1
1
1
WT0
Q
What happens if a rd_clk
happens at a wr_clk edge!
2004 MAPLD
Every bit is changing - may
catch it in the wr_clk domain may not!
?
77
?
?
?
WT1
VHDL Synthesis Introduction
Synchronization Solution
•
•
•
•
•
Use Gray Code Counter
Only 1 bit changes per clock period.
Will not end up with a non deterministic value
May still miss the bit as it changes, but will catch it by the next cycle
Algorithm:
– Convert the binary counters to Gray
– Send the Gray encoded counter through a metastability filter in the other clock
domain
– The other clock domain will convert the Gray encoded counter (output of
metastability filter) back to binary
– The other clock domain will use the newly converted binary encoded counter to
make a comparison with its counter
2004 MAPLD
78
VHDL Synthesis Introduction
Gray Code Counters
•
Very easy to implement … only 1 bit changes per transition
0000
0001
0011
0010
0110
0111
0101
0100
1100
1101
1111
1110
1010
1011
1001
1000
2004 MAPLD
79
VHDL Synthesis Introduction
FIFO VHDL CODE
• Please see handout
2004 MAPLD
80
VHDL Synthesis Introduction
State Machines
2004 MAPLD
81
VHDL Synthesis Introduction
Definition of Fault Tolerance
• Masking or recovering from erroneous conditions in a
system once they have been detected
• The degree of fault tolerance implementation is defined
by your system level requirements… I.e. what actually is
acceptable behavior upon error
• Questions that must be answered within the system
requirements documentation:
–
–
–
–
Does your system only need to detect an error?
How quickly must the system respond to an error?
Must your system also correct the error?
Is the system susceptible to more than one error per clock cycle?
2004 MAPLD
82
VHDL Synthesis Introduction
Synchronous State Machines
• A Finite State Machine (FSM) is designed to
deterministically transition through a pattern
of defined states
• A synchronous FSM transitions according to a
clock edge and only accepts inputs that have
been synchronized to the same clock
• Generally FSMs are utilized as control
mechanisms
• Concern:
– If an SEU occurs within a FSM, the entire system can lock
up into an unreachable state
2004 MAPLD
83
VHDL Synthesis Introduction
Synchronous State Machines
• The structure consists of four major parts:
–
–
–
–
Clock
Inputs
Current State Register
Next State Logic
Output logic
Inputs
84
VHDL Synthesis Introduction
Outputs
2004 MAPLD
Current State
Next State
Encoding Schemes
• Each state of a FSM
must be mapped
into some type of
encoding (pattern of
bits)
• Once the state is
mapped, it is then
considered a
defined (legal) state
• Unmapped bit
patterns are illegal
states
Example:
Five states need to be mapped.
There is only one input: Start
Start=0
IDLE
Start=1
GetData
Process
Data
Send
Data
2004 MAPLD
85
VHDL Synthesis Introduction
BadData
Encoding Schemes
Registers: binary
encoding
Good state : SEND_DATA
STATES (5):
1 0 0
IDLE
:000
GET_DATA
:001
PROCESS_DATA:010
BAD_DATA
:011
SEND_DATA
:100
1 1 0
Bad state: unmapped
Registers: One
Hot encoding
STATES (5):
Good state : SEND_DATA
1 0 0 0 0
IDLE
:00001
GET_DATA
:00010
PROCESS_DATA:00100
BAD_DATA
:01000
SEND_DATA
:10000
1 1 0 0 0
Bad state: unmapped
2004 MAPLD
86
VHDL Synthesis Introduction
Safe State Machines???
• A “Safe” State Machine has been defined as one that:
– Has a set of defined states
– Can jump to a defined state if an illegal state has been reached (due to a SEU).
• Precision and Leonardo Synthesis tools offer a “Safe” option:
TYPE states IS ( IDLE, GET_DATA, PROCESS_DATA, SEND_DATA, BAD_DATA );
SIGNAL current_state, next_state : states;
attribute SAFE_FSM: Boolean;
attribute SAFE_FSM of states: type is true;
• Designers Beware!!!!!!!
– If using a CASE statement to implement the state machine: The others (or
default) clause in your HDL is ignored by the synthesis tools. This logic will not
get synthesized unless you explicitly attribute your FSM as “Safe”
– Some versions of synthesis tools will not synthesize a “Safe” One-Hot
2004 MAPLD
87
VHDL Synthesis Introduction
Binary Encoding: How Safe is the
“Safe” Attribute?
• If a Binary encoded FSM flips into an illegal
(unmapped) state, the safe option will return the
FSM into a known state that is defined by the
others or default clause
• If a Binary encoded FSM flips into a good state,
this error will go undetected.
– If the FSM is controlling a critical output, this phenomena can be
very detrimental!
– How safe is this?
2004 MAPLD
88
VHDL Synthesis Introduction
Safe State Machines???
State(1) Flips upon SEU:
Using the “Safe” attribute will transition the user to
a specified legal state upon an SEU
2
1
0
1
0
0
1
1
0
Good State
STATES (5):
IDLE
TURNON_A
TURNOFF_A
TURNON_B
TURNOFF_B
Illegal State:
unmapped
:000
:001
:010
:011
:100
Using the “Safe” attribute will not detect the SEU:
This could cause detrimental behavior
2
1
0
0
0
1
0
1
1
Good State:
TURNON_A
legal State: TURNON_B
2004 MAPLD
89
VHDL Synthesis Introduction
One-Hot vs. Binary
• There used to be a consensus suggesting
that Binary is “safer” than One-Hot
– Based on the idea that One-Hot requires more DFFs to
implement a FSM thus has a higher probability of incurring
an error
• This theory has been changed!
– The community now understands that although One-Hot
requires more registers, it has the built-in detection that is
necessary for safe design
– Binary encoding can lead to a very “un-safe” design
2004 MAPLD
90
VHDL Synthesis Introduction
One-Hot vs. Binary Analysis
• One-Hot
– Synthesis “Safe” directive will generally not work – FSM becomes too large
– Each state in a One-Hot encoding has a hamming distance of two.
– Error Detection:
• During normal operation, only one bit is turned on, thus It inherently has SEU error
detection
• SEU Error detection can be accomplished using combinational logic
• SEUs occurring near a clock edge will always be detected
• Binary
– Synthesis “Safe” directive generally will not meet requirements – can flip into a
good state undetected
– Binary Encoding has a hamming distance of One
– Error Detection:
• It needs extra DFFs in order to implement error detection
• Utilizing an extra DFF can cause a SEU to go undetected due to glitches and routing
differences between combinational logic and DFFs.
2004 MAPLD
91
VHDL Synthesis Introduction
Conclusion of One-Hot vs. Binary
• Within a reliable architecture, it is best for the
designer to use a one-hot state machine. True
Error detection can be accomplished.
• However, if your system needs error correction,
a more complex encoding scheme is required
2004 MAPLD
92
VHDL Synthesis Introduction
FSM SEU: Error Correction : Using
Companion States
• There exists many publications on Error
Correction theory.
• None directly address how to correctly
implement FSM fault correction while using
current day synthesis tools.
– Glitch control: Generally synthesis tools will produce “glitchy”
logic
– Synthesis “optimization” algorithms will erase the necessary
redundancy for EDAC
– The user must sometimes hand instantiate logic
– The user must place the necessary attributes to avoid
redundant logic erasure.
2004 MAPLD
93
VHDL Synthesis Introduction
Error Correction within One Cycle: Using
Companion States
Original FSM
Intrans=’0'
STATEA
Ousig=’1'
STATED
Outsig=’0'
Intrans=’1'
STATEB
Outsig = ‘0’
STATEC
Outsig=’0'
2004 MAPLD
94
VHDL Synthesis Introduction
Error Correction within One Cycle: Using
Companion States
• 1.
Find an encoding such that the states have a
hamming distance of 3 (at least 3 bits must be different
from state to state)...
00000 (state-A),
11100(state-B),
01111(state-C),
10011(state-D).
• Five bits are necessary to encode a four-state machine
in order to achieve the required hamming distance of
three.
2004 MAPLD
95
VHDL Synthesis Introduction
Error Correction within One Cycle:
Hamming 3 Encoding …Using
Companion States
• For each encoding, calculate the companion
encodings such that the hamming distance is
one… for example:
– Companion encoding for state A (00000) is:
• 00001,00010,00100,01000,10000
– Companion encoding for state B (11100) is:
• 11101,11110,11001,10100,01100
2004 MAPLD
96
VHDL Synthesis Introduction
Error Correction within One Cycle: Using
Companion States
• When implementing the state machine, state A is encoded
as 00000 and then (theoretically) “OR-ed” with all of its
companion encodings. This covers all possible SEUs
• Do the same for all other states
• Use the output of the “OR-ed” states to determine next
state logic.
–
Thus if a bit flips… the companion state will catch it and the FSM will be
able to correctly determine the next state
• Be careful! The “OR” logic is more complex than
simply using a string of “OR” gates.
2004 MAPLD
97
VHDL Synthesis Introduction
Error Correction within One Cycle: Glitch
Control
• One major issue that is extremely overlooked is
SEUs are asynchronous and can occur near clock
edges
• If this occurs, your error checking logic may cause a
glitch
• Due to routing timing differences, this can cause
incorrect values to be latched into the current state
registers.
• Refer to a Karnaugh Map for glitch-less
implementation
• The designer may have to hand instantiate the logic if
the synthesis tool does not adhere to the VHDL as
expected
2004 MAPLD
98
VHDL Synthesis Introduction
Error Correction within One Cycle: Glitch Control
State(0)
00
00
1
01
1
01
11
1
10
1
State(3)
11
State(2)
10
1
State(1)
StateA companion states SOP (including State(4) dimension):
State(0)State(1)State(2)State(3) + State(0)State(1)State(2)State(4) +
State(0)State(1)State(3)State(4) + State(0)State(2)State(3)State(4) +
State(1)State(2)State(3)State(4)
2004 MAPLD
99
VHDL Synthesis Introduction
Error Correction within One Cycle:
Glitch Control
• The designer will have to include the synthesis
directives:
– Preserve_driver
– Preserve_signal
• Always check the gate level output of the
synthesis tool.
2004 MAPLD
100
VHDL Synthesis Introduction
Related documents
Year Two Homework – Thursday 12th September 2013
Year Two Homework – Thursday 12th September 2013
Ade002
Ade002
Population Growth Rate Calculations Using the World Population
Population Growth Rate Calculations Using the World Population
WAKE UP
WAKE UP
Code No.: ETEC 301 L T C Paper: Digital Circuits & Systems – II 3 1
Code No.: ETEC 301 L T C Paper: Digital Circuits & Systems – II 3 1
Motion Diagram Worksheet 1. Create a motion diagram
Motion Diagram Worksheet 1. Create a motion diagram
Download
advertisement