



# SpyGlass® CDC

## Customer Training Release 5.3.0

---

*This presentation may contain forward-looking statements regarding product development. Information or statements contained in this presentation are for informational purposes only and do not represent a commitment, promise, or legal obligation of any kind by Atrenta Inc. or its affiliates.*

# SpyGlass User Training Tracks



Getting Started with SpyGlass

Pre-Requisites: None - Recommended for all users

Lint & SoC Lint

Pre-Requisites: Getting Started with SpyGlass or equivalent

SpyGlass Advanced Lint

Pre-Requisites: Getting Started with SpyGlass or equivalent

SpyGlass CDC

Pre-Requisites: Getting Started with SpyGlass or equivalent

SpyGlass Power Verify

Pre-Requisites: Getting Started with SpyGlass or equivalent

SpyGlass Power Estimate/Reduce

Pre-Requisites: Getting Started with SpyGlass or equivalent

SpyGlass Constraints

Pre-Requisites: Getting Started with SpyGlass or equivalent

SpyGlass TXV

Pre-Requisites: SpyGlass Constraints

SpyGlass Physical Base

Pre-Requisites: Getting Started with SpyGlass or equivalent

SpyGlass DFT & DSM

Pre-Requisites: Getting Started with SpyGlass or equivalent

SpyGlass MBIST

Pre-Requisites: Getting Started with SpyGlass or equivalent

SpyGlass Tcl Interface

Pre-Requisites: Getting Started with SpyGlass or equivalent



## An Introduction to Clock Domain Crossing

### ■ The SpyGlass CDC solution

- CDC setup
- CDC setup check
- CDC structural verification
- CDC functional verification

### ■ Appendix

- Atrenta support information

# Principles of Synchronous Design



Input to combination logic changes  
upon SOURCE clock edge

Combo logic creates  
**GLITCHES**

**GLITCHES SETTLE** before edge of  
SYNCHRONOUS clock

D1 captures stable data  
assuming setup/hold time is met.  
Clock domains are SYNCHRONOUS

But what if D1 is clocked by an ASYNCHRONOUS  
clock where setup/hold time can't be guar...

Asynchronous designs are NOT safe and will always  
eventually fail.  
 $MTBF = 1/(F_{clk} * F_{data} * X)$



## ■ **Timing verification only checks Synchronous Logic.**

- STA designed for synchronous modules/blocks
- STA can report ALL async crossings, but can't differentiate between good/bad CDC's
- Paths crossing clock domains are set to false paths and ignored.
- Happens late in the design cycle at netlist level

## ■ **Functional simulation very incomplete.**

- Blackbox testing is too cumbersome and not exhaustive
- Whitebox testing requires you to write assertions
- Requires test benches for all the crossings
- Is very reliant on luck (since simulation is not exhaustive), and will only detect a small subset of errors
- Detected late in the design cycle

***Clearly, Existing Techniques are Inadequate for CDC***

## ■ Problem #1: Metastability

*How do you ensure that you have isolated metastability across clock domains so it does not affect design functionality?*

## ■ Problem #2: Convergence (correlation/coherency/re-convergence)

*How do you ensure that a group of converging synchronized control signals are in sync at a particular clock cycle?*

## ■ Problem #3: Functional problems (data loss, gray encoding)

*How do you ensure that data from one clock domain is held long enough to be captured by the other clock domain? (Fast to slow clock data transfers)*

## ■ **Other CDC issues:**

### ■ Reset synchronization

*How do you ensure that an asynchronous set/reset is properly synchronized for a set of flops, and the reset is asynchronously asserted and synchronously de-asserted*

### ■ Constraint and exception validation

*How do you ensure that your clocks, set\_case\_analysis, quasi\_static, waivers, Incomplete Formal Checks are accurate?*

# Problem #1: Metastability

## Metastability problem



Output "B" becomes metastable whenever input "A" violates setup & hold time



## Why is this an issue?

- The output of flop F2 is unpredictable
- This may lead to chip failures.

## How can SpyGlass CDC Help?

- SpyGlass CDC identifies cases where synchronization is missing in the destination domain

# Problem #1: Metastability



**What designers typically do:**

- Add additional flops in the destination domain to isolate meta and increase MTBF
- Add a mux recirculation flop in the destination domain
- Add a synchronization cell in the destination domain

**Note:** Meta-stability can NEVER be eliminated

- It can only be isolated so MTBF can be increased
- Multi-Flop sync cells creates N clock cycles of Uncertainty
- Side Effect is data-coherency / re-convergence issues

# Problem #2: Coherency of CDC Signals



## Why is this an issue?

- Meta-stability introduces latency and cycle uncertainty of N cycles in the receiving domain
- This may cause an invalid value being captured in the receiving domain. For example, in above picture  $clk_B$  domain captures an invalid state of 10
- High cause of chip failures



# Problem #2: Coherency of CDC Signals

## How do designers solve this problem:

- Gray encoding the signal, so it does not enter any invalid state
- Verify signals can never change in the same destination clock cycle and waive the violation



# Problem #3: Data Hold

## Data Hold Problem

(Signal crosses from a fast clock domain to a slow clock domain)



## Why is this an issue?

- It's possible that the signal in the faster clock domain of F1 is not held long enough to be captured in the much slower clock domain of F2
- If you do not fix this violation, data change may not be captured properly

## How can SpyGlass CDC help?

- For every CDC crossing, a formal check is automatically carried out.
- If the data crossing the domain crossing is not captured
- In a DATA crossing if the Source Data is not Stable.
- A waveform trace is generated

# Problem #3: Data Hold



## What designers typically do?

### Implement pulse extender or a state machine

- This ensures a good margin between the data being stable and the clock edge being active

**1. What is the difference between synchronous clock domains and asynchronous clock domains?**

Asynchronous clock domains have no guaranteed phase relation between clocks.

**2. Are synchronized clock domain crossings safe?**

NO – They will ALL eventually FAIL. It is a matter of time.  $MTBF=1/(Fclk \cdot Fdata \cdot X)$ . Goal is to maximize MTBF by putting in more sync flops.

**3. Name the two key problems caused by asynchronous clock domain crossings**

METASTABILITY (output unpredictable) and data COHERENCY (correlated becomes uncorrelated)

**4. Do meta-stability problems depend on the frequency of the destination clock?**

YES! The FASTER the CLOCK and DATA the SMALLER the MTBF

**5. Can static timing tool like Synopsys Prime Time detect asynchronous clock domain crossings?**

YES they IDENTIFY CDC's. BUT, STA (PrimeTime) CAN NOT be used for clock domain crossing verification. They can identify CDC, but can't classify them as GOOD or BAD!

**6. Can clock tree synthesis (CTS) fix clock domain crossing issues?**

NO – Clock Tree Synthesis is used to balance and optimize clock trees to insure synchronous transfers of DATA.



## ■ An Introduction to CDC



### The SpyGlass CDC solution

- CDC setup
- CDC setup check
- CDC structural verification
- CDC functional verification

## ■ Appendix

- Atrenta support information

## ■ SpyGlass CDC is a set of rules that find issues related to:

- Safe and complete setup
- Meta-stability (-rules Ac\_sync/Ac\_unsync)
- Fast to slow clock crossing data loss (-rules Ac\_datahold01a)
- Convergence data coherency/correlation (-rules Ac\_conv)

## ■ Rules are grouped together as goals

- For information management and user guidance
- Always resolve rules from the TOP to Bottom. Waive or constrain if not an issue

## ■ Goals are progressive (e.g., **cdc\_setup\_check** is included in **cdc\_verify** goal)

- **cdc/cdc\_setup** => SpyGlass finds your clocks, resets, clk mux, config registers, inputs
- **cdc/cdc\_setup\_check** -> Is there anything missing or wrong in my setup?
- **cdc/cdc\_verify\_struct** -> Structural CDC issues. Run often and resolve issues ASAP
- **cdc/cdc\_verify** -> **Signoff goal Including formal rules (Covered in advanced training)**
- **cdc\_validate, cdc\_abstract, block\_extract** (**Covered in SoC training**)
  - SoC verification or constraint extraction

design read

cdc\_setup

cdc\_setup\_check

cdc\_verify\_struct

cdc\_verify

## Assumptions

- SpyGlass 5.3.0+ installed (Earlier version may not have some features)
- If you have an IPKIT or CAD installed infrastructure then refer to that training
- GuideWare 2.0 Goals or IP KIT goals (rule ordering supported)

## Verify SpyGlass version:

- TYPE: `spyglass -version`

## All SpyGlass jobs start with a project file (Next 2 slides)

- Project file defines: where to find source files, constraints, options, rules

## SpyGlass can run in BATCH or GUI mode

- BATCH:
  - TYPE: `spyglass -project training.prj -goals cdc/cdc_setup -batch`
- GUI:
  - TYPE: `spyglass -project training.prj -goals cdc/cdc_setup`

## Typical use is to run analysis in batch mode then DEBUG the results using GUI

- It is easier to edit project file by hand than use GUI
- GUI can interactively create constraints on-the-fly as necessary

## ■ Project file tell SG where to find RTL, Libs, Constraints, Run Options/Parameter, Rules, etc...: (Example on next page)

- RTL Source files or source files lists (Verilog/VHDL/netlists)
- Constraints (SpyGlass specific or SDC)
  - Clocks, Resets, set\_case\_analysis, etc.
- Run options (set\_option / set\_goal\_option)
  - Top level module, System Verilog, library mappings, etc.
- Rule specific (set\_parameter)
  - Parameters: Combo logic in crossing's are good or bad
- Goal specific (set\_goal\_option)
  - Parameters and options and enable/disable specific rules
  - Scenarios/modes where you run the same design but with different constraints



# TCL Project File Example

```
#Training Project File
#This file supports all Standard TCL constructs in addition to SpyGlass specific constructs.
#Set the Top of the Design Tree
set_option top training
#Read in individual RTL Files (Verilog/VHDL/Netlists):
read_file -type hdl RTL/training.v
#Read in a file list from an location defined in an environmental file
###read_file -type sourcefile $env(SOURCE)/filelist.f
#Read in a Design Constraints File that contains clocks, resets, set_case_analysis, etc..
read_file -type sgdc SGDC/training.sgdc
#Define a waiver file to put EXCEPTIONS INTO and a default waiver file.
read_file -type waiver training.swl
set_option default_waiver_file training.swl
#Set a global option that all Verilog will be System Verilog Compliant.
set_option enableSV yes
#Where do we find our rule sets:
current_methodology $env(SPYGLASS_HOME)/GuideWare2.0/block/rtl_handoff
#Define goal specific parameters and options
current_goal cdc/cdc_verify
set_parameter ac_sync_debug yes #Turns on extra debuggin during cdc_verify goal
set_parameter enable_handshake no #Turn off Handshake Sync Scheme
set_goal_option XXXX # Only for this goal
#Define a scenario that uses different SGDC file "-goals cdc_verify@model1"
current_goal cdc/cdc_verify -scenario model1
read_file -type sgdc model1.sgdc
```



- **SG-CDC needs clocks and resets in order to do CDC analysis**
  - Specify Clocks/Resets in a SpyGlass Design Constraint file (SGDC)
  - Without Clocks/Resets, SpyGlass will not be able to perform CDC analysis
    - SpyGlass will complain loudly about missing Clocks/Resets/SCA
  - An incorrectly specified constraint can lead to false violations, unnecessary debugging time and frustration.
- **SG can automatically infer Clocks, Resets, Set\_case\_analysis, Quasi\_static.**
- **Optionally remove complex clock logic from the analysis.**
  - It is easier to specify clocks on boundaries of a Clock Block instead of trying to figure every set\_case\_analysis on every mux to constrain specific clocks.
- **If you already know the clocks and resets specify them**
- **If you have a Synopsys Design Constraint (SDC) file**
  - This can be used directly or translated to SGDC
  - Only contains Clocks and SCA. Still need to provide resets.



## ■ SGDC = SpyGlass Design Constraints

- Defines constraints similar to what an SDC file does for DC/STA.
  - SDC is not sufficient since it doesn't describe resets or CDC specific data
- Example SGDC constraints
  - Clock –name <port|net> -domain <unique domain name> -period <10> -edge <0 5>
  - Reset <-async|-sync> –name <reset port|net name>
  - set\_case\_analysis
    - » The *set\_case\_analysis* constraint specifies the case analysis conditions. It uses the following syntax:  
`set_case_analysis -name {<name>} -value <value>`
    - » The value set on the signal specified with the *set\_case\_analysis* keyword is automatically propagated through the design
  - quasi\_static –name <port|reg|net name>
    - » There are some primary inputs, flip-flops, or nets present in the design, which may change briefly at the start but assume a static value of 0 or 1 for the rest of the circuit operation.
    - » You can specify the primary inputs, flip-flops, or nets as static signals using the *quasi\_static* constraint to skip the verification of paths that involve such signals
  - Design cell constraints
    - » sync\_cell –name <module names> -other\_options
    - » reset\_synchronizer –reset <reset port> -clock <clock> -name <reset output name>

## ■ Location of SDC file for sdc2sgdc conversion

- sdc\_data –file my.sdc



# SGDC File Example



```
//Scope the constraints to a specific module.  
current_design training  
//clocks and set_case_analysis come from SDC file  
sdc_data -file ....../my_file.sdc  
  
#DEFINE MY CLOCKS  
clock -name clkA #Incomplete clock constraint, missing -domain -period and -edge  
clock -name clkB -domain SysClk -period 10 -edge 0 5  
  
#DEFINE MY RESETS  
reset -name reset_n #Incomplete reset constraint, missing active value  
reset -name reset_n -value 0 #Complete reset Constraint  
  
#DEFINE MY INPUT CLOCK RELATIONSHIPS  
abstract_port -ports reset -clocks Vclk  
  
#DEFINE MY STATIC SIGNALS  
Quasi_static -name "training.u2.config_reg[1]"
```



- **Recommendation:** **Blackbox the clock generation logic if you don't have all the SCA.**
  - IP that contains complex clock generation logic and requires lot of set\_case\_analysis to configure properly, are best blackboxed
  - Clocks and resets can be defined on outputs of clock generation logic or module.
  - Otherwise time is wasted looking at special crossings inside the clock generation logic and trying to configure it in proper functional mode.
- **Some clocks are harmonically related, though different frequencies.**
  - Put them in the same domain using –domain on clock constraint.
- **Could have same frequencies but different domains.**
  - Put them in different domains with –domain.
- **Exceptions:**
  - If SDC is provided that configures clock generation logic
    - If you blackbox the clock generation logic you will get fatal errors on objects that don't exist in design due to blackboxes
    - Since SDC is provided then most configuration issues have already been defined
- **Tricks:**
  - CTS/CRC (clock tree synthesis/clock root cells) could be blackboxed so clocks get identified at these cells. These are usually unique domains so they make good starting points for clocks



# Handling BlackBoxes (BBox)

## There are two types of Bbox's.

- GOOD BBox – These can be ignored
  - Liberty Models with related\_pin info. (Warning)
  - BBox with single clock will assume all I/O on single clock domain.
- BAD BBoxs – These produce “noise” in CDC analysis
  - Bbox with multiple clocks

## Parameters control the level of analysis and reporting during CDC analysis

- cdc\_reduce\_pessimism=bbox (This will filter all crossings to/from Bbox. Caution)

## 2 Options for handing Bbox's.

- 1) Treat it as a constraint model using “signal\_in\_domain”
- 2) Create an Abstract Model of block and use SoC Validation (Refer to SoC Training)



### current\_design BBox

```
#Define port domain information
signal_in_domain -name Bbox -signal inA -clock clkA
signal_in_domain -name Bbox -signal outA -clock clkA
signal_in_domain -name Bbox -signal inB -clock clkB
signal_in_domain -name Bbox -signal outB -clock clkB
#Feedthrough for clock port
assume_path -name Bbox -input clkA -output clkAA
#Internally Generated Clock
Clock -name clkGen -domain new -period 10 -edge 0 5
```

### SGDC file

- **Assumptions: You already have a project file**
- **First time you run SpyGlass it will analyze, elaborate and synthesize the design**
  - Then it traces backwards from flops clocks and resets to:
    - Primary Inputs (primary clocks)
    - Blackbox (blackbox clocks)
    - Flops (generated clocks/resets)
  - DEFINITE CLOCK = If it is a direct path, then it is a known clock
  - PROBABLE CLOCK = IF it goes through combo-logic
    - Then one of the inputs could be gating/enable logic
  - You have to review all clocks/reset to:
    - Confirm correctness, Add domain Info, add period/edge information, active value
- **Command line to find clocks:**
  - `spyglass -project training.prj -batch -goals cdc/cdc_setup`
  - NOTE! If you forget the name of the goal, then abbreviate:
    - `spyglass -project training.prj -batch -goals cdc`
      - » It will return all goals that have the string “cdc” in them and you can copy/paste
- **Clocks, resets and other setup files will be found in:**
  - Project name/top level name/GOAL NAME/spyglass\_reports/clock\_reset  
i.e., `training/training/cdc/cdc_setup/spyglass_reports/clock_reset`



# SpyGlass CDC Flow





## Purpose

- Using SpyGlass, define clocks and resets as a preparation step for setup check and clock domain crossing verification

## Pre-requisites

- Zero errors and zero warning during the designread

## Command

- %shell> spyglass -project lab-CDC\_proc.prj -goals cdc/cdc\_setup -batch

## Output

- SGDC files with clock/ reset information. The following are the files generated:
  - autoclocks.sgdc
  - generated\_clocks.sgdc
  - autoresets.sgdc
  - generated\_resets.sgdc

# After Running CDC/cdc\_setup Goal



- AIPK copies the clock/resets automatically to your block.sgdc file.
- Examine the files autoclocks.sgdc/generated\_clocks.sgdc
  - [training/training/cdc/cdc\\_setup/spyglass\\_reports/clock\\_reset/autoclocks.sgdc](#)
  - Are these real clocks or are some control signals? (testmode, clock enable)
  - Clocks can be added to your own SGDC file or this file copied to your local area
  - Confirm the –domain is correct. –domain is how you group synchronous clocks
  - Control signals should get a `set_case_analysis` on them
- Examine the file autoresets.sgdc
  - [training/training/cdc/cdc\\_setup/spyglass\\_reports/clock\\_reset/autoresets.sgdc](#)
  - Are these your real resets or are some control signals?
  - Do they have the right –value <acative reset value=1/0> 'X=Can't determine'
  - resets can be added to your own SGDC file or this file copied to your local area
  - Control signals should get a `set_case_analysis` on them
- There are some other files that should also be looked at and used if necessary
  - Generated\_clocks.sgdc – Any clock dividers will create generated clocks
    - These should get used in addition to autoclocks.sgdc
  - Auto\_set\_case\_analysis.sgdc
    - Clocks that go through muxes need to have a `set_case_analysis`.
    - This file identifies them so you can set them up-front before they cause problems later



# Using GUI to Help Examine Clocks/Resets

- Many times you may be unfamiliar with the clocks or resets of the block you are running.  
Using the GUI can save a lot of time tracing signals through hierarchy

## Open the GUI:

- spyglass –project training.prj –goals cdc/cdc\_setup
  - NOTE! If you leave off the –goals, you can choose the goal when the GUI opens

## Configure the group by: Goal by rule

- This is important, as lots of rules violate, so you will know where to start.



## RULES are grouped in FOLDERS with “Rule Name” and short description

- Click on FOLDER or RULE to get HELP

## Individual rules have details –

- Read messages carefully and they will guide you to the issue



- **Clock\_info01 – reports likely clock signals**
- **Reset\_info01 – reports likely reset signals**
- **Goal: cdc/cdc\_setup**
- **Why: This automatically finds clocks and resets for you**
  - If you already know your clocks, then you don't need this rule
  - It always generates a complete set of clocks. It is not incremental
  - It puts the clocks in the ..../spyglass\_reports/clock\_reset/autoclocks.sgdc
- **Schematic info – Shows likely clock to the first flop it finds**
- **What to do? Determine if this is a REAL clock or control signal**
  - Is it in the correct domain?
- **Issues: The autoclock.sgdc file is incomplete and assumes all clocks are async**
  - The clock constraint automatically puts every clock in a unique –domain
  - The –domain argument is just text that describes the domain
    - A good practice is to change it to the name of the clock
  - It is missing –period X.XX and –edge 0 Y.YY information
    - If you don't add this information, SpyGlass will trigger the Ac\_clockperiod01 rules





## ■ An Introduction to CDC

## ■ The SpyGlass CDC solution



- CDC setup
- CDC setup check
- CDC structural verification
- CDC functional verification

## ■ Appendix

- Atrenta support information



## Purpose

- The purpose of this step is to perform constraints sanity checks and detect any conflicting/missing constraints. For correct CDC analysis, it is very important to define the clocks and reset correctly in the constraint file
- If clocks are properly defined, this goal will also generate input domain constraints

## Pre-requisites

- Zero errors and zero warning in the previous goal cdc/cdc\_setup
  - Clocks, resets, and mode settings properly set
  - All rules from cdc\_setup are included in this goal too

## Command

- `%shell> spyglass -project lab-CDC_proc.prj -goals cdc/cdc_setup_check -batch`

## Output

- List of possible setup problems reported as rule violations. The CDC-Setup-check template runs the following rules:
  - `Clock_info03a` - reports flops with unconstrained clocks
  - `Clock_info03b` - reports flops with data pin tied to constant
  - `Clock_info05` - reports clock signals converging on muxes

## With no case analysis

- FF1 will assume a merged domain which is different than clk1 or clk2
  - Without constraining the clock-mux, domain crossing will be reported because source and destination flops can receive different clocks
  - With case analysis the source and dest clock are the same so there is no CDC
    - » `set_case_analysis -name sel -value 0`
- Clock\_info05 identifies pure MUX's
- Clock\_info05a identifies clocks merging on logic. (Glitch Free Clock Mux).

## Recommended method, use

- It is important for you to apply a case analysis constraint on the select pin `sel` of the mux



- 1. Name two important constraints required to do CDC analysis**  
1) Clock 2) reset 3) set\_case\_analysis
  
- 2. Name three sources of finding all the clocks and resets to be constrained for CDC analysis**  
1) Design Spec 2) Infer from RTL 3) SDC file
  
- 3. Should clock-generation/manipulation logic be part of CDC analysis?**  
Generally NOT, unless you fully understand how to constrain.
  
- 4. How do you exclude clock generation/manipulation logic from CDC analysis?**  
-stop module (Bbox's a module)
  
- 5. Name one constraint to create association between CLOCK and OUTPUT pins of a blackbox to do CDC analysis**  
signal\_in\_domain -name MY\_PORT -clock MY\_CLOCK
  
- 6. Name a rule to detect unconstrained clock nets**  
Clock\_info03a – Unconstrained clock Nets
  
- 7. How do you resolve multiple clocks converging on a mux?**  
Set\_case\_analysis or define clock on output of mux





## ■ Hands-on exercise objectives:

- Lab1 : CDC setup Lab
  - ✓ Identify the clocks and resets in the design
  - ✓ Resolve blackboxes in clock tree path and crossing path
  - ✓ Perform reset setup and IO setup
- Lab2: CDC setup check lab
  - ✓ Verify clocks and reset setup
  - ✓ Ensure all flops are receiving clocks



## ■ Duration: 60 minutes



# SpyGlass CDC Flow – cdc\_verify\_struct



# Protocol Independent CDC Recognition

- Following picture represents ALL CDC's. (Fifo, Handshake, Mux, Enable, etc)
- SpyGlass FIRST identifies all qualifiers (multi-flop) crossings.
- Then for non-multi-flop crossings, SpyGlass looks for qualifier in fanin of dest. flop



- SpyGlass sees all crossings as only 2 types of clock domain crossing's (CDC's)
  - Control crossings: These are **muti-flop** or **sync\_cell** or **qualifier constraint** crossings
    - Control crossings move control signal across a clock domain
    - Control crossings qualify data crossing
      - » **Control crossings synchronizer is synonymous with qualifier**
  - Data crossings: Can be scalar or vector signals
    - They are always qualified by a single control crossing.
    - A good data crossing will always contain a good control crossing
  - **NOTE! If the control crossing is marked as unsynchronized, then the data crossing will also be unsync'd**
- Multi-flop -> Minimum of two back-to-back flops
  - Constraint **num\_flops** can configure SpyGlass to require more than two flops
  - Disable Multi-Flop and require ONLY sync\_cell.
    - **set\_parameter disable\_multi\_flop yes**
- Sync\_cell -> Module constraint to define a control synchronizer
  - Defined on a single flop or library cell.
  - Many options to define frequency/periods where it can be applied
  - Replaces parameters (synchronize\_data\_cell (Vector) and synchronize\_cell (scalar) synchronizers
  - Don't use for large block like a FIFO that contains both source and destination. Not safe!
- Qualifier -> Constraint that can be applied anywhere in the design including inputs to define a control synchronizer





## Purpose

- Discover structural issues in clock domain crossings

## Pre-requisites

- Zero errors and zero warning in the previous goal cdc/cdc\_setup\_check
  - Clocks, resets, and mode settings properly set
  - All rules from cdc\_setup\_check are included in this goal too

## Command

- `%shell> spyglass -project lab-CDC_proc.prj -goals cdc/cdc_verify_struct -batch`

## Output

- List of possible clocking problems reported as rule violations*
- Debug each violation in the rule order, iterate running SpyGlass*



- The following slides show some of what SpyGlass automatically recognizes
- Also shows where some parameters can be applied to configure what is good and bad
- This is not an exhaustive list and new schemes get added with each release
- All sync schemes can be disabled if not allowed
- GuideWare2.0 has pre-selected the most robust and safest synchronizers and parameters.
  - You should review to confirm!



## Control crossings can be:

- RTL multi-flops (auto detected)
- Liberty cells (require sync\_cell constraint)
- Single flops (require sync\_cell constraint)

## All data crossings contain at least:

- One control crossing



- Automatically recognized
- `set_parameter enable_mux_sync all`
- **NOTE! It contains a control crossing**



- ① `ignore_num_rtl_buf_invs` parameter applicable here.
- ② `sync_reset` parameter applicable here.
- ③ `strict_sync_check` parameter applicable here
- ④ `allow_combo_logic` constraint applicable here



- `set_parameter enable_and_sync yes`
- AND gate can be AND/OR/NAND/NOR
- XOR not allowed or complex AOI, unless AND gate does gating
- NOTE! It contains a control crossing



- SpyGlass CDC solution reports a clock domain crossing as synchronized based on the following different clock domain crossing synchronization schemes:

1. *Conventional multi-flop synchronization scheme (Control) – num\_flops*
2. *Synchronizing cell synchronization scheme (Control) – sync\_cell constraint*
3. *Delay signals synchronization scheme (Control or Data)*
4. *Synchronized enable synchronization scheme (Data)*
5. *Recirculation MUX synchronization scheme (Data)*
6. *AND gate synchronization scheme (Data)*
7. *MUX-select sync (without Recirculation) Synchronization scheme (Data)*
8. *FIFO synchronization scheme (Data)*
9. *Glitch protection cell synchronization scheme (Data)*
10. *Clock-gating cell synchronization scheme (Data)*
11. *Qualifier synchronization scheme (Data)*
12. *Handshake synchronization scheme (Data For Request and Control for Acknowledge)*
13. *MUX lock synchronization scheme (Data)*
14. *Pattern synchronization scheme (Data)*

*RED is for Control Crossings*

*Black is for Data Crossings*



# Some Reasons for Being Unsync'd (Ac\_unsync)

Clock domains of destination instance and synchronizer flop do not match



Destination instance is driving multiple paths



strict\_sync\_check failed for path between synchronizer flops



Sync reset used in multi-flop synchronizer



Synchronizer flop is the destination flop for another crossing



Combinational logic used between crossing is ALLOWED  
Ac\_glitch03 will identify these.



- You will spend most of your time looking at unsynchronized crossings in the Ac\_unsync rule
- Every crossing has a reason for being unsynchronized
  - ALWAYS READ THE REASON!!! This will save you a lot of time
- Current list of unsynchronized crossings:
  1. Sync reset used in multi-flop synchronizer (Control)
  2. Combinational logic used between crossing (Control) (OK->Ac\_glitch03 reports)
  3. Destination instance is driving multiple paths (Control)
  4. Sources from different domains converging (Control)  
set\_parameter cdc\_reduce\_pessimism ignore\_multi\_domain
  5. Synchronizer flop is the destination flop for another crossing (Control)
  6. No valid synchronizer (Control and/or Data)
  7. Merges with inferred qualifier at invalid gate (Data)
  8. Merges with inferred qualifier from invalid domain (Data)
  9. Clock phase difference between destination instance and synchronizer flop (Control)
  10. Clock domains of destination instance and synchronizer flop do not match (Control)
  11. Number of inverters/buffers between sync flops exceeds limit (Control)



- Every single flop will get reported by SpyGlass as one of the following:
  - Synchronized
  - Unsynchronized
  - No analysis due to stuck clock or data (Clock\_info03b or Clock\_info03c)
- For every crossing, SpyGlass will report the **REASON** it is unsynchronized
  - The REASON is the first place to look to verify a crossing or solve an unsync'd crossing
  - Some crossings could have multiple reasons. Only one reason is given at a time
    - For same destination flop there could be both sync'd and unsync'd sources
    - **Do not make a determination that it is good based on only looking at one source**
- SpyGlass will shows CDC's in 2 ways
  - Message tree/Moresimple.rpt
    - Limitation: Only shows one source/clk, dest/clock, reason
  - Primary spreadsheet
    - Similar limitation as message tree, but gives additional information of # sources, # domains
  - Secondary spreadsheet
    - Gives all information about every source in a crossing



# Debugging Unsynchronized Crossings



■ Don't try to read the message tree

■ This isn't Lint!

■ Use spreadsheet to view!

■ It lists the **IMPORTANT** information

■ One line/destination (synchronizer)

- Source
- Source clock(s)
- Destination
- Destination clock(s)
- **REASON**
- **Total sources**
- Total source domains
- Source instance
- Destination instance
- Crossing module
- Waived (don't use)

■ ***NOTE! IF there is more than one source, you MUST push into the detailed spreadsheet***



# Using Spreadsheets to View CDC

## Picture of rule-based spreadsheet (primary spreadsheet)

- Tricks and tips:
  - Sorting (reason, clocks, destinations)
  - Filtering (from/to clocks, reasons, destinations)
- Many times control synchronizers contain special names
  - Search for “meta” or “sync”
  - (And) Rule Ac\_unsync01 or 02
  - To quickly identify unsync’d control crossings



The screenshot shows a spreadsheet viewer interface with a table of CDC data. The columns are labeled: A (ID), B (SOURCE), C (SOURCE CLOCK), D (DEST), E (IFC), F (SOURCE), G (PARENT INSTANCE), H (CROSSING MODULE), I (MODULE), K (WAIVED). The data includes rows for various components like 'training.u\_ACUS.regD' and 'training.u\_CI05.data\_out'. A filter sidebar on the right shows '(All)' selected. A message at the bottom says 'Displayed: 10 Total: 10'.

| A     | B                        | C             | D                        | E   | F      | G               | H               | I      | K      | L |
|-------|--------------------------|---------------|--------------------------|-----|--------|-----------------|-----------------|--------|--------|---|
| ID    | SOURCE                   | SOURCE CLOCK  | DEST.                    | IFC | SOURCE | PARENT INSTANCE | CROSSING MODULE | MODULE | WAIVED |   |
| 5 A7  | training.inputA          | training.clkA | training.u_CI05.data_out |     |        |                 |                 |        |        |   |
| 6 90  | training.u_ACUS01.src    | training.clkA | training.u_ACUS01.u_s    |     |        |                 |                 |        |        |   |
| 7 97  | training.u_ACUS.bad_gate | training.clkA | training.u_ACUS.bad_g    |     |        |                 |                 |        |        |   |
| 8 96  | training.u_ACUS.bad_sync | training.clkA | training.u_ACUS.bad_s    |     |        |                 |                 |        |        |   |
| 9 99  | training.u_ACUS.bin_cout | training.clkA | training.u_ACUS.u_sync   |     |        |                 |                 |        |        |   |
| 10 A3 | training.u_ACUS.regS     | training.clkA | training.u_ACUS.u_men    |     |        |                 |                 |        |        |   |

# Using Spreadsheets to View CDC

## Push into violation spreadsheet (2<sup>nd</sup> spreadsheet)

### Columns contain:

- Type of Info = destination, source, input, qualifier, potential qualifier
- Name of object – Full instance path to output NET of object
- FAILURE REASON – ALWAYS LOOK HERE!**
- SYNC REASON – Not all sources are unsynchronized**
- Clock name(s), internal clock domain tag



### Tricks: You can sort/search on columns just like previous

A screenshot of the 'Spreadsheet Viewer - ac\_unsync\_11.csv (ReadOnly)' application. The window has a toolbar with various icons for file operations and a search bar. Below the toolbar is a 'Show Header' button and a dropdown menu set to 'value='.

| Index | Value | A                | B    | C                       | D                               | E                      | F             | G                         | H                      | I                               |
|-------|-------|------------------|------|-------------------------|---------------------------------|------------------------|---------------|---------------------------|------------------------|---------------------------------|
|       |       | hemis            | Type | Signal Name             | Failure Reason                  | Synchronization Scheme | Clock Names   | Internal Clock Domain Tag | Source Parent Instance | Dest. Parent Instance           |
| 1     | 155   | Destination flop |      | .u_merge_sources.meta   | unsynchronized destination N.A. |                        | training.clkC | 2                         | -                      | -                               |
| 2     | 155   | Source flop      |      | training.u_ACUS.regS    | Sources from different do N.A.  |                        | training.clkA | 0                         | training.u_ACUS        | training.u_ACUS.u_merge_sources |
| 3     | 155   |                  |      | training.u_ACUS.rtc_129 | Sources from different do       |                        |               |                           | B1=0 B2=0 D=0          |                                 |
| 4     |       |                  |      |                         |                                 |                        |               |                           |                        |                                 |
| 5     | 156   | Source flop      |      | training.u_ACUS.regD    | Sources from different do N.A.  |                        | training.clkB | 1                         | training.u_ACUS        | training.u_ACUS.u_merge_sources |
| 6     | 156   |                  |      | training.u_ACUS.rtc_129 | Sources from different do       |                        |               |                           | B1=0 B2=0 D=0          |                                 |
| 7     |       |                  |      |                         |                                 |                        |               |                           |                        |                                 |

Messages: Displayed: 5 Total: 5

# Schematics and CDC's (DEMO)



- Colors are used to identify the domains and qualifiers – Legend is provided at bottom
- Info case analysis (^A) always turn on!
- Right click on any NET (NO PINS) and select DEBUG\_DATA to see domain info
- Hierarchy boundaries can be expanded by (double-click) on edges
- Tracing inputs/outputs using double-click
- Tracing inputs/outputs using menus to trace to flops/latches/inputs/outputs/module
- Cross probing happens automatically between schematic and source code
  - Schematic to RTL
  - RTL to schematic
- Finding anything using find button
- Reports that help with CDC
  - CDC-report
  - Ac\_sync\_group
  - CKSGDCInfo
  - Clock-Reset-Detail
  - Ac\_sync\_qualifier



# Ac\_unsync Schematic Colors / Legend



# Debug\_data – Right Click on NET



# Example Debug Session (1 of 6)

- Start with Ac\_unsync01 spreadsheet – There are MANY violations
- The two most interesting columns to start with are the DESTINATION and REASON

| B                         | C             | D                                    | E                  | F                                              |
|---------------------------|---------------|--------------------------------------|--------------------|------------------------------------------------|
| SOURCE ▾                  | SOURCE CLOCK  | DEST.                                | DEST. CLOCK        | REASON                                         |
| training.inputA           | training.clkA | training.u_C105.data_out             | training.clkB      | Qualifier not found                            |
| training.inputA           | training.clkA | training.u_C105.data_out1            | training.clkB      | Qualifier not found                            |
| training.inputA           | training.clkA | training.u_ACUS.regD                 | training.clkB      | Qualifier not found                            |
| training.inputA           | training.clkA | training.u_ACUS.u_badsync.meta       | training.clkB      | Combinational logic used between clock domains |
| training.inputA           | training.clkA | training.u_C103a.data_out            | training.Clock_inf | Qualifier not found                            |
| training.u_ACUS01.src     | training.clkA | training.u_ACUS01.u_sync2s.meta      | training.clkB      | Sync reset used in multi-flop synchronizer     |
| training.u_ACUS.bad_gate  | training.clkA | training.u_ACUS.bad_gate_D           | training.clkB      | Gating logic not accepted: source clock        |
| training.u_ACUS.bad_sync  | training.clkA | training.u_ACUS.bad_sync_D           | training.clkB      | Qualifier not found                            |
| training.u_ACUS.bin_court | training.clkA | training.u_ACUS.u_sync2s.meta        | training.clkB      | Sync reset used in multi-flop synchronizer     |
| training.u_ACUS.regS      | training.clkA | training.u_ACUS.u_merge_sources.meta | training.clkC      | Sources from different domains combined        |

Show/Hide Columns  
Sort Ascending  
Sort Descending  
Set Sorting Order...

**Filter**

(All)  
 Custom...  
 training.u\_ACUS.bad\_gate\_D  
 training.u\_C105.data\_out  
 training.u\_ACUS.u\_badsync.meta  
 (Other...)

Custom Filter (DEST.)

Match all of the following  Match any of the following More

| Filter Criteria | Value |
|-----------------|-------|
| Contains        | meta  |

Ok Cancel

- Change Filter Criteria to “Contains”
- Type in Value=meta
- Click OK

# Example Debug Session (2 of 6)

## After filtering only four violations are shown

- NOTE! Column D has little “Filter” symbol now

## Select the violation instance:

- training.u\_AC01.....
- New spreadsheet appears

| B                        | C             | D                                    | E             | F                                              | G   |
|--------------------------|---------------|--------------------------------------|---------------|------------------------------------------------|-----|
| SOURCE ▾                 | SOURCE CLOCK  | DEST. ▾                              | DEST. CLOCK   | REASON                                         | ... |
| training.u_AC01.src      | training.clkA | training.u_AC01.u_sync2s.meta        | training.clkB | Sync reset used in multi-flop synchronizer     |     |
| training.u_AC01.bin_cour | training.clkA | training.u_AC01.u_sync2s.meta        | training.clkB | Sync reset used in multi-flop synchronizer     |     |
| training.inputA          | training.clkA | training.u_AC01.u_badsync.meta       | training.clkB | Combinational logic used between clock domains |     |
| training.u_AC01.regS     | training.clkA | training.u_AC01.u_merge_sources.meta | training.clkC | Sources from different domains combined        |     |
|                          |               |                                      |               |                                                |     |

## Note the REASON:

- Sync reset used in multi-flop synchronizer

## In a CONTROL CROSSING, combinatorial logic is NOT allowed since it could GLITCH

- Glitches are OK in a synchronous crossing since STA insures stability before clock

## Open the incremental schematic by typing “I” or clicking the icon with + on it



# Example Debug Session (3 of 6)

- Incremental schematic shows an AND gate in middle of crossing
  - SpyGlass says this is wrong and guesses that the INTENT was a synchronous reset
  - NOTE! This is not always the case and must be verified



- Double-Click on the “in1” of the AND gate and start walking it back
- We can immediately see that the NET goes through the RST\_N pin of the synchronizer (next page)



# Example Debug Session (4 of 6)

- RIGHT-CLICK on the RESET NET (not the pin) and select the DEBUG\_DATA->RESET information

- Net is already defined
- Net is an AsyncClear

- You can't have an ASYNC RESET control a data reset pin, since It will cause meta-stability

- Follow rst\_n net back to primary input

- RIGHT-CLICK on primary reset

- Cross reference to constraints
- It shows constraint and file location

- You can EDIT this file or create a NEW constraint on-the-fly!



# Example Debug Session (5 of 6)

## Add a constraint on-the-fly

- RIGHT-CLICK on reset\_n primary input pin
- Click on “Set SGDC Constraints”

## Fill out form as follows:

- Constraint: Reset
- Name: AUTO FILLED
- SYNC: CHECK!
- Comment:
  - Email (unique name)
  - Date
  - Reason
- Click Generate
- Confirm constraint file

## Click Append & Run

## Violation is gone

- It moved to Ac\_sync



## ■ After fixing the reset –sync issue:

- Re-open the Ac\_sync01 spreadsheet ,and,
- Filter on meta
- There are ONLY THREE violations now

## ■ Pick the REASON: Sources from different domains converge before being synchronized

- NOTE! A multi-flop synchronizer can only sync data from ONE domain
- Open the incremental schematic
- RIGHT-CLICK on NET after the AND gate and show the DEBUG\_DATA->Domain
  - NOTE! It is two domains
- Expand the source of the AND gate and see the 2<sup>nd</sup> register
  - Designer TOLD ME that regS is a “STATIC” config register that won’t change
- Use the “Constraint Editor” gui to apply a Quasi\_static constraint to the regS NET
- APPLY and RERUN
- Confirm that the Violation is GONE
  - It has moved to the Ac\_sync folder

## ■ You now have the idea of what it takes to debug CDC crossings in SpyGlass



## ■ Do not waive Ac\_unsync01/02 violations

- It only waives the crossings listed in the message tree
- It HIDES other potential crossing violations from other sources
- If you need to reuse constraints at next higher level can sometimes be difficult.

## ■ Use constraints to resolve synchronization issues

- **set\_case\_analysis** – Use to insure only one clock or correct mode of operation
- **quasi\_static** – Signals that won't toggle during functional operation
  - This will resolve combo-logic issues
- **reset** - Use in a multi-flop synchronizer
- **qualifier** – Use when real multi-flop doesn't exist
  - Primary inputs (abstract\_port –sync)
  - Blackboxes (qualifier)
- **sync\_cell** – Only necessary if SpyGlass doesn't automatically recognize it
- **FIFO constraint**
- **cdc\_false\_path** – If sync scheme is externally or software controlled
  - Examples: clocks are off during changing
  - There are other rules that will honor this constraint and remove other potential violations

*SpyGlass can Recognize 99.99% of Real Crossings,  
So If SpyGlass Says Its Bad, It May Really Be BAD!*



- If the number of violations is very high (say thousands of violations), it could be due to incorrect/ incomplete setup

- Check setup
  - Multi clock Black-Boxes are very noisy. Fix First
  - Clock\_info05/a – Missing case\_analysis on Muxes is very noisy

- Open the spreadsheet of this rule

- RIGHT-CLICK on the rule header in the message tree, and select the Open Spreadsheet option from the shortcut menu
- Spreadsheet provides an easy way to navigate through large number of violations
- Cross-probe to RTL code and view a schematic of the violation
- Use filtering and sorting to debug the related messages
- Waive or apply cdc\_false\_path constraint directly from the spreadsheet



## ■ Debug Ac\_unsyncXX (control crossings) first

- Ac\_unsync01 flags CDC on SCALAR signals.
- Ac\_unsync02 flags CDC on VECTOR signals.
  - A single bit Vector is still a Vector (Example: meta[1] is a vector).
- Usually, but not always, Scalar Crossings are Control Crossings.
- Know your design style to decide to look for control crossings in Ac\_unsync02.

## ■ Open rule spreadsheet to see all destinations of Ac\_unsync01

- Each row in the spreadsheet shows unique destination of crossing
- It will show one of the source for a destination, refer violation spreadsheet to see all sources

| value= |        |                              |               |                                |                    |                                      |
|--------|--------|------------------------------|---------------|--------------------------------|--------------------|--------------------------------------|
| A      | B      | C                            | D             | E                              | F                  | G                                    |
| ID     | SOURCE | SOURCE CLOCK                 | DEST. ▲       | DEST. CLOCK                    | REASON             | TOTAL SOURCE                         |
| 1      | 9D     | training.inputA              | training.clkA | training.u_C105.data_out       | training.clkB      | Qualifier not found                  |
| 2      | 95     | training.inputA              | training.clkA | training.u_C105.data_out1      | training.clkB      | Qualifier not found                  |
| 3      | 98     | training.u_ACUS_bad_sync_98  | training.clkA | training.u_ACUS_bad_sync_D     | training.clkB      | Qualifier not found                  |
| 4      | 99     | training.u_ACUS_bad_gate_99  | training.clkA | training.u_ACUS.bad_gate_D     | training.clkB      | Gating logic not accepted: source c1 |
| 5      | 9A     | training.inputA              | training.clkA | training.u_ACUS.regD           | training.clkB      | Qualifier not found                  |
| 6      | 9B     | training.u_ACUS.bin_count[1] | training.clkA | training.u_ACUS.u_sync2s.meta  | training.clkB      | Combinational logic used between c1  |
| 7      | 9D     | training.inputA              | training.clkA | training.u_ACUS.u_badsync.meta | training.clkB      | Combinational logic used between c1  |
| 8      | 95     | training.u_ACUS_reg5         | training.clkA | training.u_ACUS.u_merge_source | training.clkC      | Sources from different domains col2  |
| 9      | 99     | training.inputA              | training.clkA | training.u_C103a.data_out      | training.Clock_inf | Qualifier not found                  |



## Open violation spreadsheet by clicking on ID field

| Spreadsheet Viewer - ac_unsync_03.csv (ReadOnly) |                          |                         |                            |      |                |          |   |   |
|--------------------------------------------------|--------------------------|-------------------------|----------------------------|------|----------------|----------|---|---|
| File View Tools Help                             |                          |                         |                            |      |                |          |   |   |
| Show Header                                      |                          |                         |                            |      |                |          |   |   |
| value=                                           |                          |                         |                            |      |                |          |   |   |
| A                                                | B                        | C                       | D                          | E    | F              | G        | H | I |
| 1                                                | 140 Destination flop     | aining.u_C105.data_out1 | unsynchronized destination | N.A. | training.clkB1 | -        |   |   |
| 2                                                | 140 Source primary input | training.inputA         | Qualifier not found        | N.A. | training.clkA0 | training |   |   |

## Violation spreadsheet will represent the “Complete Architecture” of the crossing

- Showing all sources for that destination
- Listing which sources are unsynchronized with failure reason in column D
- Listing which sources are synchronized with synchronization scheme in column E
- Qualifiers detected for synchronized crossings
- Potential qualifiers as debug hint for unsynchronized crossing (if they exist)

## Fix Ac\_unsyncXX violations

- In case it is missing synchronizer, add the synchronizer
- Custom sync cell
- Exception



## View offending crossing, reason, stats in Summary spreadsheet



### IMPORTANT NOTE

Ac\_sync rules in message tree & summary spreadsheet only report one source. To see all sources review the detailed spreadsheet

| ID | SOURCE | SOURCE CLOCK         | DEST.         | DEST. CLOCK                    | REASON                            | TOTAL SOURCES | TOTAL SOURCE DOMAIN |
|----|--------|----------------------|---------------|--------------------------------|-----------------------------------|---------------|---------------------|
| 8  | A3     | training.u_ACUS.regS | training.clkA | training.u_ACUS.u_merge_source | Sources from different domains co | 2             | 1                   |
| 9  | 90     | training.u_AC01.sra  | training.clkA | training.u_AC01.u_sync2s.meta  | Sync reset used in multi-flop syn | 1             | 1                   |

## Link to crossing architecture in Detailed spreadsheet

| A    | B    | C                | D                                 | E                                          | F           | G               |
|------|------|------------------|-----------------------------------|--------------------------------------------|-------------|-----------------|
| hema | Type | Signal Name      | Failure Reason                    | Synchronization Scheme                     | Clock Names | ck              |
| 1    | 137  | Destination flop | training.u_AC01.u_sync2s.meta     | unsynchronized destination                 | N.A.        | training.clkB 1 |
| 2    | 137  | Source flop      | training.u_AC01.sra               | Sync reset used in multi-flop synchronizer | N.A.        | training.clkA 0 |
| 3    | 137  |                  | training.u_AC01.u_sync2s.rtlc_I20 | Qualifier not found                        |             |                 |

## Cross-highlight individual crossing paths in Incremental Schematic



# Specify Missing Synchronous Resets

## Explore fanin to identify sync reset net



## Specify SGDC constraint reset on sync reset net

```
38
39 ##Synchronous Reset Signals
40
41 reset -name reset_n -sync -value 0
```

### IMPORTANT NOTE

Declaring as sync reset implies reset is static and will not jeopardize intended metastability synchronization; implies that when reset changes, metastability synchronization is not a concern

## Confirm desired effect (on to next Ac\_unsync01 failure reason)

|   | A      | B                    | C                        | D                                         | E                      | F             |
|---|--------|----------------------|--------------------------|-------------------------------------------|------------------------|---------------|
|   | :hemat | Type                 | Signal Name              | Failure Reason                            | Synchronization Scheme | Clock Names   |
| 1 | 148    | Destination flop     | ig.u_ACUS.u_badsync.meta | unsynchronized destination                | N.A.                   | training.clkB |
| 2 | 148    | Source primary input | training.inputA          | Combinational logic used between crossing | N.A.                   | training.clkA |
| 3 | 148    |                      | training.u_ACUS.rtlc_I28 | Qualifier not found                       |                        |               |

# Specify Missing Quasi-Static Constraints

- When failure reason is “Combinational logic used between crossing,” explore sources to identify any that should be considered static



- Specify SGDC constraint `quasi_static` on static net(s)

#### IMPORTANT NOTE

Declaring as quasi-static implies signal is static and will not jeopardize intended metastability synchronization; implies that when signal changes, metastability synchronization is not a concern (typically the destination clock is stopped or the path is blocked)

```
#####
## QUASI-STATIC SIGNALS
##
// Avoid Ac_unsync01 "Combo logic in crossing"
quasi_static -name "cfg_reg[0]"
##=====
```

- Confirm desired effect (in Ac\_sync01 INFO message)

|   | A         | B                | C               | D                                                          | E              |
|---|-----------|------------------|-----------------|------------------------------------------------------------|----------------|
|   | Schematic | Type             | Signal Name     | Synchronization Scheme                                     | Clock Names    |
| 1 | 1         | Destination flop | design1.dest    | Conventional multi-flop for metastability technique        | design1.rx_clk |
| 2 | 1         | Source flop      | design1.src     | Conventional multi-flop for metastability technique        | design1.tx_clk |
| 3 | 2         | Source flop      | design1.cfg_reg | does not require synchronization (long-delay/quasi-static) | design1.tx_clk |

- See recognized synchronization flop (green) in incremental schematic

|   | A         | B                | C               | D                                                          | E              |
|---|-----------|------------------|-----------------|------------------------------------------------------------|----------------|
|   | Schematic | Type             | Signal Name     | Synchronization Scheme                                     | Clock Names    |
| 1 | 1         | Destination flop | design1.dest    | Conventional multi-flop for metastability technique        | design1.rx_clk |
| 2 | 1         | Source flop      | design1.src     | Conventional multi-flop for metastability technique        | design1.tx_clk |
| 3 | 2         | Source flop      | design1.cfg_reg | does not require synchronization (long-delay/quasi-static) | design1.tx_clk |



- Glitch, Convergence and Functional Checks are NOT done on Unsynchronized crossings.
- Data Crossings require a GOOD control crossing.
  - If Control Crossing is reported UN-synchronized,
  - then related DATA crossing will be reported Un-synchronized
- Use proper design constraints (`quasi_static`, `reset`, `set_case_analysis`, `input`, `signal_in_domain`, etc.) in order for Synchronized Crossings to get reported as synchronized.
- Unsynchronized control crossings will not be checked for Glitches (Ac\_glitch03), Fast2Slow (Ac\_cdc01a), DataHold (Ac\_datahold01a), and Coherency Checks (Ac\_convXX)
- If the crossing was never meant to be synchronized, then it is OK to waive.
- All other types of violations except Ac\_unsyncXX are usually OK to waive.
  - Except violations that tell you that you are missing Clocks/Resets



## ■ There are two types of unsynchronized crossings:

### 1) Intentionally left unsynchronized

- Configuration registers
- Software controlled crossings
- Use quasi\_static constraint to remove from analysis
  - » It is self documenting
- DON'T USE WAIVERS
  - » Only first source is reported/waived
  - » You could miss the REAL crossing

### 2) Intentionally synchronized but assumption(setup) missing

- Use constraints to provide assumption to the tool
  - » One source is left unsynchronized, but others are sync
  - » Like GPIO (interrupts)
- Static signals – declare quasi\_static
- Undeclared synchronous reset
- Don't waive or cdc\_false\_path a synchronized crossing
  - » You will miss the following checks:
  - » Data coherency, data hold, data crossings



## ■ Resolve Control Crossings and re-running the block verification

- Ensure there are 0 violations of Control Crossings before debugging Data Crossings.
- Ac\_unsync01 flags clock domain crossings for scalar signals

## ■ Analyze and fix Ac\_unsync02 (typically data-bus) violations

- Refer to the earlier slide of the architectural view of the crossing which shows how resolving the qualifier will automatically synchronize data and address
- Use debug hint from failure reason and potential qualifier

## ■ Run and follow existing CDC methodology guide for cdc\_verif template



## ■ Static flops are the leading cause of false synchronization violations

- Debugging such violations is not easy as there is no sign of synchronization, and SpyGlass CDC cannot give any hints
- Often you don't have a list of quasi-static flops – you often look at violations and then waive them as quasi-static



## ■ How to investigate it, and who to ask for more information

- Ideally, static register definitions should be covered during setup
- Add rule `Setup_quasi_static01` to project file to find signals that are likely to be quasi-static.
- The rule Infers quasi-static signals in a design, and generates `quasi_static` constraints for such signals in `auto_quasi_static.sgdc` file.
- You must review the `quasi_static` constraints in this file and use them in the subsequent SpyGlass CDC runs.
- Quasi-static information is also typically available with the person or team responsible for software control of the chip
- Add the `quasi_static` constraint for these signals as follows
  - Example syntax: `quasi_static -name <net-name>`



- Reports reset pins of flip-flops that do not have a reset synchronizer in any of the paths between an asynchronous reset source and flops
- Design scenarios reported are :

1 Missing synchronizer

2 Invalid synchronizer



Multiple fan-out of flip-flops in a synchronizer chain are present

3 Different domain synchronizer



## How to debug and fix ?

- To fix this violation, add a proper synchronization circuit for the reset signal

## Reset synchronization schemes

1

Multi-flop synchronizer



2

Reset constrained with input constraint

```
input -name rst_n -clock clk
```

The clock domain specified by the input constraint is matched with the clock domain of the flip-flop where it is used as a reset

3

User-defined reset synchronizer

- Incase a synchronizer scheme is not recognized by SpyGlass, use constraint `reset_synchronizer` to specify the synchronizer signal
- Use synchronizer cells and specify them using parameter: `reset_synchronize_cells`

- Reports if reset signal is asynchronously de-asserted
- Scenarios reported:

## 1 Domain-mismatch



Domain mismatch occurs when:

1. Clock domain of reset flip-flop does not match clock domain of a functional flip-flop
2. If reset is constrained by using the `input constraint` and the clock specified by the `-clock` argument is not in the domain of the clock of the functional flip-flop

## 2 Improper de-assertion



Functional Flip-Flop is not synchronously de-asserted for the inactive value of the reset signal

## 3 Missing synchronizer

### How to debug and fix

- Use the `reset_synchronizer` constraint to specify a net/port <check from definition>
- Use the `reset_synchronize_cells` parameter to specify a black box, library cell, or a module that has a custom reset synchronizer.
- Use the `input constraint` to specify input constraint on reset source if it is synchronized outside the block.

## Reports synchronized reset signals in the design

### Synchronization methods reported by the rule-

- Multi-flop reset synchronizer
- Reset constrained by using the input constraint
- User-defined reset synchronizer

#### Example



In the schematic, a **multi-flop reset synchronizer** is present between the reset source and flip-flop

### Schematic Highlight

- Following details are highlighted in different colors:
  - Reset path
  - Destination flop
  - Reset synchronizer used for synchronizing a flop

### This is a Info only rule - No action is required



- Reports if reset signal is synchronously de-asserted or not de-asserted at all
- Scenarios flagged



1. Reset is specified by using the input constraint
2. And the domain of the flip-flop matches the 'clock' of the input constraint

```
input -name rst -clock clk
```



1. At least one reset flip-flop exists in the path of a reset and a functional flip-flop
2. The functional flip-flop is de-asserted appropriately for the inactive value of the specified reset

3

If its path is blocked such that the functional flip-flop is never de-asserted

- This is an Info only rule. No action is required



## Reports clock domain crossings subject to glitches



The glitch captured on D1 propagates to D2 and then to the downstream logic, potentially causing a functional failure

## Checks glitch prone combinational logic in crossings synchronized by one of the following:

- Conventional Multi-Flop Synchronization Scheme
- Synchronizing Cell Synchronization Scheme
- Qualifier Synchronization Scheme Using qualifier -crossing

## Rule usage guideline

- Set parameter `allow_combo_logic` to yes to perform glitch-related checks on such crossings

## ■ Design patterns checked ...

### 1. Sources from different domains in fanin



To fix such violations:

1. Ensure that the setup of clocks is correct
2. Check if a source in other domain is quasi-static

### 2. Signals from destination domain in fanin



To fix such violations:

1. Ensure that setup for clocks is correct and check if synchronous source is quasi-static
2. Else, first synchronize the asynchronous source before it converges with synchronous sources

## Design Patterns Checked

### 3. Source re-converges

To fix such violations:

1. Modify the design so that the reported source reaches its destination through a single path
2. Ensure that timing delays of all paths from where source reaches the destination are same



### 4. Multiple same domain sources are toggling in a control crossing

1. Gray-encoding check is performed to ensure that at the most only one source is changing
2. This is a functional check, which is enabled only when parameter fa\_audit is set to no



- No action required. Informational message
- Open waveform-viewer for the violation
- Point of failure is marked on the waveform-viewer



- At this point both asynchronous-signals are changing from 0 to 1, violating gray-encoding check
- Follow methodology for analyzing partially-proven results

## ■ Use `cdc_false_path -from/-to`

- When source should otherwise be excluded from verification
- On a CDC that will NEVER be synchronized (static path, test)

## ■ Use `set_parameter enable_debug_data yes` to enable schematic right-click-menu access to clock, domain info for each net

- This is enabled in GuideWare2.0

## ■ Use `Ac_sync_group_detail` report for listing of all crossing architectures (scalar and vector destinations) and their pass/fail status

## ■ Change spreadsheet column alignments to right justification

- Allows easy viewing of signal names



- 1. Is it safe to use double flop synchronizers to pass multi-bit data across asynchronous clock domains?**

NO! It will create coherency problems. That is why you use DATA synchronizers with a single multi-bit qualifier.

- 2. Name three synchronization scheme for passing multiple bit data across asynchronous clock domains**

FIFO, Mux-Select, And-Scheme, Glitch-Protect.

- 3. Why is de-assertion of reset asynchronously unsafe?**

Violates Clock->Reset (Setup/Hold time) and will cause metastability.





## ■ Hands-on exercise objectives:

- Lab3: CDC structural verification
  - ✓ Use SpyGlass to identify clock domain crossings that cause metastability in the design
  - ✓ Use the spreadsheet viewer in sorting CDC violations
  - ✓ Use the `cdc_false_path` constraint to prevent SpyGlass from reporting messages along specified paths



## ■ Duration: 60 minutes





## Purpose

- The rules in this goal use **formal verification techniques** to discover functional issues in clock domain crossings.

## Pre-requisites

- Functional checks will only run on properly synchronized logic
  - If a crossing is reported as unsynchronized, then SpyGlass will not run formal checks. For example, fast to slow or datahold checks will not be run
  - That is why we want GOOD CDC crossings reported as Ac\_sync01/02
- Zero errors and zero warning in the previous goal cdc/cdc\_verify\_struct
  - Clocks, resets, and mode settings properly set
  - All structural issues resolved

## Command

- `%shell> spyglass -project lab-CDC_proc.prj -goals cdc/cdc_verify -batch`

## Output

- List of possible clocking problems reported as rule violations*
- Debug each violation in the rule order, iterate running SpyGlass*

# cdc\_verify Goal: Formal Rules

| Rule             | Description                                                                                                              |
|------------------|--------------------------------------------------------------------------------------------------------------------------|
| Ac_datahold01a   | Checks functional synchronization of synchronized data crossings                                                         |
| Ac_cdc01a        | Checks data loss from fast-to-slow multi-flop or sync-cell synchronized clock domain crossings                           |
| Ac_conv02        | Reports same-domain signals that are synchronized in the same destination domain and converge before sequential elements |
| Ac_conv04        | Checks all the control-bus clock domain crossings that neither converge nor follow gray encoding                         |
| Ac_glitch03      | Reports clock domain crossings subject to glitches                                                                       |
| * Ac_fifo01      | Reports a violation if there is an overflow or underflow in any FIFO of the design                                       |
| * Ac_handshake01 | Checks data loss in handshake protocol                                                                                   |
| * Ar_handshake02 | Checks whether request and acknowledgement signals are following the handshake protocol or not                           |

**NOTE: This is not an exhaustive list. For a complete list of rules refer to cdc\_verify.spq in GuideWare 2.0**

**\* These are checked as part of Ac\_datahold01a and are not required or recommended.**

## Formal verification: tackling the limitations of simulation

## View this circuit as a BIG finite state machine

- Example: If a design has 1000 flops, it is a BIG FSM with  $2^{1000} = 10^{301}$  states



## Visit states of the machine in search of a bug

- Start from an initial state – colored GREEN
- Search for a bug state – colored RED
  - If path is found, there is a BUG, report FAIL
  - If no path is found, no bug found, report PASS
  - If time/memory resources are UP, report partially-proven (PP)



## ■ Why functional verification is needed?

- Well-accepted structure will not stop metastability if D changes when EN is high
- Many signals in the enable path may have multi-flop sync, not all of them are designed to prevent metastability
- Only functional verification can ensure correctness

## ■ MUST-Run functional checks – `cdc_verify` goal

- Data hold check for data crossings – `Ac_datahold01`
- Width extender for control crossings – `Ac_cdc01`
- Exclusivity of correlated signals – `Ac_conv02`



## ■ NICE to run checks

- FIFO overflow/underflow checks
- Handshake protocol check

## ■ What if you do not run functional verification

- Structural CDC verification typically finds most of CDC issues, however
- You may still have some apparently properly built synchronizers that can cause metastability – e.g., qualifier not filling its duty of halting asynchronous data transfer

## Basic concept of Ac\_sync



## Structural rule \*cannot\* guarantee that when qualifier enables data crossing:

- Data will remain stable
- Tool-detected qualifier is appropriate (for example, synchronous reset)

## ■ Properly synchronized crossing...



## ■ Ac\_datahold01 will ensure that if **Q** is asserted then **D** will not toggle!

- A synchronous reset, or any other signal not intended for synchronization will not be able to fulfill “qualifier” functional requirement and will be flagged by Ac\_datahold01

# Quiz: What should Ac\_datahold01a check?



- Should it check if **S** is changing when **Q** is active?
  - No, because **Q** is not directly enabling gate **G**
- Should it check if **S** is changing when **E** is active?
  - No, because neither ensures a change at destination
- Should it check if **S** is changing causing a change in **D** when **E** is active?
  - Yes, this is what **Ac\_datahold01a** checks

# Data Loss issues: Ac\_cdc01a

## There can be data loss when

- There is a fast-to-slow crossings
- Even clocks with same period defined in SGDC file, can lead to data loss issues

In the figure below, data passes from fast-to-slow clock domain crossing

There is a high possibility of data loss, as shown in the timing diagram



**Ac\_cdc01a Flags for such situations as described above**



The solution is to use an extender source data for at least a full cycle of the destination clock

## ■ **Ac\_conv02 – structural (cdc/cdc\_verify\_struct)**

- Reports synchronized CDC signals (sources from single domain) that converge immediately after synchronizer

## ■ **Ac\_conv02 – functional (cdc/cdc\_verify)**

- Detects convergences of synchronized CDC signals as in structural
- Additionally, verifies that sources of convergences are gray-encoded
- Reports violating convergences

## ■ **Ac\_conv01 – structural-only (cdc/cdc\_verify\_struct)**

- Reports synchronized CDC signals (sources from single domain) that converge after some additional sequential depth

## ■ **Ac\_conv03 – structural-only (cdc/cdc\_verify\_struct)**

- Reports synchronized CDC signals (sources from \*multiple\* domains) that converge

## ■ **What about signals that do not converge in current design but need to be coherent ?**

- Example → control bus values read in software
- Add 'gray\_signals' on sources and check gray-encoding with rule Ac\_conv04





## ■ Hands-on exercise objectives:

- Lab4: CDC functional verification
  - ✓ Use SpyGlass to identify clock domain crossings that cause which can lead to functional problems in the design
  - ✓ Use cdc\_verify goal
  - ✓ Review and fix data coherency and combinational convergence issues
  - ✓ How to deal with partially analyzed results



## ■ Duration: 60 minutes





---

## Where to Look for More Information

---

*This presentation may contain forward-looking statements regarding product development. Information or statements contained in this presentation are for informational purposes only and do not represent a commitment, promise, or legal obligation of any kind by Atrenta Inc. or its affiliates.*

# Where to Look for Help → ACE Videos



## ■ 3 – 5 Minute ‘How To’ Educational Videos

- Capabilities, Features and Best Practices
- Searchable, Sortable, Quick and Easy

## ■ Atrenta.com/ACE

- Atrenta.com → Resources → ACE Videos

The screenshot shows the ACE Videos page. At the top, there's a navigation bar with links to Home, Resources, Education Videos, and ACE Videos. Below the navigation, the title "ACE Videos - Atrenta Customer Education" is displayed. On the left, there are sorting and viewing options: "Sort By: Popular, Latest" and "View By: Detail, List, Grid". A search bar with a "Search" button is also present. The main content area features two video thumbnails. The first thumbnail is for "Understanding Projects and Project Files" (07:15 Mins.) and the second is for "How to Setup Clocks for FPGA PLL Cells" (5:23 Mins.). Both thumbnails include a "Watch Video" button. To the right, there's a sidebar titled "ACE Videos" with categories: Home, SpyGlass, SpyGlass Power, SpyGlass CDC, GenSys, and Miscellaneous. At the bottom right, there's a link to "More Videos".

ACE Videos

Home » Resources » Education Videos » ACE Videos

ACE Videos - Atrenta Customer Education

Sort By: Popular Latest View By: Detail List Grid First 1 2 3 » Last

Search

[Understanding Projects and Project Files](#)  
07:15 Mins.  
Are you confused by Projects and Project files? Do you wonder why this structure is needed? This introduction will walk you through what projects are and why they are valuable, and what project files are and why they are valuable. This is a basic introduction to understand the principles of projects. It does not go into detail on project options.

[Watch Video](#)

[How to Setup Clocks for FPGA PLL Cells](#)  
5:23 Mins.  
This video will show how to setup clocking for a FPGA PLL cell. It includes how to setup the blackbox block, how to connect it to the rest of the design, and how to complete and verify the design.

ACE Videos

Home

SpyGlass

SpyGlass Power

SpyGlass CDC

GenSys

Miscellaneous

More Videos

## ■ Access the 'man' pages from within 'sg\_shell'

```
sg_shell> man mb_connect_net

mb_connect_net(1)      sg_shell attribute documentation      mb_connect_net(1)

NAME
    mb_connect_net
        connect nets in the design

SCOPE
    mbist

SYNTAX
    mb_connect_net [-from <pin_name>] [-to <pin_name>]
                    [-tie_extra_receivers]
                    [-broadcast | -parallel | -bitwise_broadcast]
                    [-through_in_pin <pin_name>] [-through_out_pin <pin_name>]
                    [-multiplex]
                    [-select_enable <pin_name>]
                    [-active <polarity>]
                    [-cell <cell>]
                    [-add_port <bool>]
                    [-id <id_string>]

DESCRIPTION
:
```

## ■ SpyGlass CDC Methodology User Guide

- Tcl CDC methodology document
- *\$SPYGLASS\_HOME/doc/methodology\_guides/SpyGlass\_CDCMethodology\_GuideWare2.0\_UserGuide.pdf*

## ■ SpyGlass CDC Reference User Guide

- *\$SPYGLASS\_HOME/doc/policy\_guides/SpyGlass\_ClockResetRules\_Reference.pdf*

## ■ SpyGlass Tcl Shell Interface

- Describes the interactive SpyGlass Tcl shell interface and all the available Tcl commands
- *\$SPYGLASS\_HOME/doc/user\_guides/SpyGlassTclShellInterface\_UserGuide.pdf*

- The following files can be found at the top-level of install directory:

**SpyGlass\_ReadMe.pdf**

- Download and installation information

**SpyGlass\_ReleaseNotes.pdf**

- What's new in this release. Also contains the list of incidents Fixed in this release

**SpyGlass\_KPNS.pdf**

- SpyGlass\_KPNS.pdf: Known problems in this release and workarounds

# Accessing the SpyGlass HTML Help Set



- You do not have to launch Atrenta Console or run SpyGlass to access the HTML help set



# Technical Support



[Logout](#) | [Update Profile](#) | [Atrenta Home](#)



[Home](#) | [User Guide](#) | [New Ticket](#) | [My Tickets](#) | [FAQ](#) | [Download Software](#) | [Documentation](#) | [ACE Videos](#) | [Policies](#) | [OS Support Roadmap](#)

**Atrenta Support Portal - Home**  
Welcome to Atrenta Support Portal, your one stop for all support needs.

**Get Started**

-  [User Guide](#)
-  [Search FAQs](#)

**Downloads**

-  [Download Software](#)

**Tickets**

-  [New Ticket](#)
-  [My Tickets](#)

**Customer Education**

-  [ACE Videos \(New\)](#)

**Information**

-  [EOL Notices](#)
-  [Documentation](#)

The information contained in support portal is Atrenta confidential information. By accessing, using or downloading any materials from Atrenta Support Portal, you agree not to share such information with any third party without Atrenta's prior written consent.

© 2013 Atrenta Inc. All rights reserved. Atrenta, the Atrenta logo, SpyGlass, GenSys and Early Design Closure are registered trademarks of Atrenta Inc. All others are the property of their respective holders.

## Atrenta Support Portal

- [www.atrenta.com/support](http://www.atrenta.com/support)
- Provides access to the following;
- Support system - to submit, view status and resolve support tickets
- Download the latest SpyGlass release, release notes and What's New document
- Product FAQ
- And much more...

## E-mail

- [support@atrenta.com](mailto:support@atrenta.com)
- Sending email to this address automatically creates a new ticket in the Atrenta support system. View and update the ticket via the Support Portal

Atrenta Confidential © 2014 Atrenta Inc.

98



Thank you!