Design and Timing Closure Techniques for Managing Wide Semiconductor Timing Variations in Space Applications

1
Design and Timing Closure Techniques for
Managing Wide Semiconductor Timing Variations in
Space Applications

• Alexander Osovets
• Orbital Sciences
• Corporation

Michael Cuviello Swales Aerospace Incorporated
September 7, 2005
2
The Design Problem

• Long term exposure to radiation in space

• Causes Component degradation resulting in
  Integrated Circuit specifications with wide
  timing variations.

• Problems guaranteeing timing margin of FPGA
  based digital systems.

3
Example System
Micro-controller Aeroflex RH80C196KDS
Memory
FPGA ACTEL RT54SX72S
Peripherals
4
ExampleAeroflex RH80C196KDS Micro-controller
Timing tolerance 40-50 of system clock
Timing tolerance 40-50 of system clock
Timing tolerances 40-50 of system clock period
Signal Timing relative to output clock
Signal Timing relative to address latch
Worst case timing doesnt add up!
5
Time for an Updated Approach A Multiple Clock
System
6
New Issues!

• Need for glitch free handshaking logic.
• Re-synchronization of cross-clock domain signals.
• A more sophisticated static timing analysis tool
  flow with multi-clock multi-mode capability.

7
What Causes FPGA Cells To Glitch?
Issue 1 Glitch Free Handshaking

• ASIC combinatorial cells do not glitch, since
  they are custom designed for a specific function.
• In FPGAs all combinatorial functions are created
  from components available in the slice, i.e.
  C-Cell.
• Actel devices have multiplexer based structures.
• This results in all gates being built from muxes.
• That in turn implies possibility of output
  glitches on the input signal transitions, even in
  the cases when other inputs are stable.

8
Issue 1 Glitch Free Logic Why do we need
glitch free components?

• To avoid tri-state bus contention during the
  enable/disable boundaries of multiple drivers.
• To create glitch free clocks and clock like
  signals i.e. ram writes, interrupts
• Clock gating.
• Power dissipation reduction.
• EMI reduction.

9
Issue 1 Glitch Free LogicOption 1 Register all
desired ports

• Hard macro Flip-Flops in Actel R-Cell provide
  glitch free operation.
• However, 54SX-S device has Triple Module
  Redundancy (TMR) combinatorial voting circuit on
  the output of the registers.
• Fortunately, glitch free operation is verified
  through simulation by NASA TMR designers.
• This solution is not always feasible due to
  design speed, asynchronous driving modules or
  other limitations.

10
Issue 1 Glitch Free LogicOption 2 OR-Gate or
Multiplexer Macros

• 4 OR-gate macros with glitch free operation
• MX2 macro with glitch free operation
• Only on S input transition
• When A and B inputs 0
• For Both
• The only way to ensure glitch free operation is
  to keep inputs transitions far apart from each
  other (few gate delays).
• Indicated by ACTEL Engineers but not guaranteed.
• Use syn_keep and alspreserve attributes for
  instantiation in VHDL.
• Significantly reduces output glitch possibility.

11
Issue 1 Glitch Free Logic Option 3
Asynchronous RS-Latch

• Asynchronous RS-Latch may provide glitch free
  output transition
• However, most of the Actel Flop and Latch macros
  are built from combinatorial logic
• DFPCB (presented on the previous slide) is one of
  few Actel macros comprised out of pure sequential
  logic.
• In addition CLR input has a precedence over PRE
  input, avoiding an uncertain condition.
• Actel confirmed glitch free operation of this
  device, but again, as long as inputs transitions
  are kept far enough from each other
• The hard macro approach is less susceptible to
  the affects of routing delays, synthesis and
  placement variations.
• This option shows the most promise.
• Good Luck!

12
Issue 2 Synchronizing Clock Domains Out of
Phase Correlated Clock Domains - Metastability
e-(tco-tmet)/t
Tapperture To
Clock
tholdtsetup metastability window
Input
Metastable Output
tmet output sample time
Normal Output
tco normal output delay
13
Issue 2 Synchronizing Clock Domains Out of
Phase Correlated Clock Domains - Metastability

• Metastability
• The output of the flip-flop becomes indeterminate
  for an extended period of time beyond the normal
  specified output delay.
• Caused by flip-flop input setup or hold time
  violations.
• tmet denotes the extended duration before the
  output settles.
• tmet is related to a time window about the clock
  edge in which the input data transitions.
• taperture. denotes a time window about the clock
  edge in which the input data transitions.
• As tmet increases, taperture decreases.
• The aperture need not be exactly centered on the
  clock edge.

14
Issue 2 Synchronizing Clock Domains Out of
Phase Correlated Clock Domains - Metastability

• To reduce the likelihood of propagating an
  indeterminate value into the system, we double
  sample data that might transition within the
  taperture window at a period beyond what tmet is
  likely to be.
• The Worst Case Correlated Clocks (from the same
  source)
• Presents the possibility that the nominal data
  transition is always centered exactly in the
  middle of the aperture.
• Typically, only the case of random occurrence is
  analyzed.
• A Latent Fault - Because of timing changes due to
  radiation and correlated clock domains, this
  could occur repetitively at sometime during the
  life of a mission.

15
Issue 2 Synchronizing Clock Domains Out of
Phase Correlated Clock Domains - Metastability

• To analyze
• Rely only on system noise to cause the actual
  data transition to occur sometime off nominal
  that is outside taperture.
• To eliminate any possibility that correlation
  between the system noise and the input clock
  might work against us, we consider only thermal
  noise that we know is truly random.
• This thermal noise could be considered to be in
  the input signal or actually noise on an internal
  node of the latch in the flip-flop. It is caused
  by channel resistance of the transistor.
• If we make our sampling period large enough,
  taperture reduces to the point that it is
  insignificant compared to the timing jitter
  caused by thermal noise.
• Thus, the failure rate because of tmet exceeding
  our sampling period also becomes very small.

16
Issue 2 Synchronizing Clock Domains Out of
Phase Correlated Clock Domains - Metastability
Tc
Clock
Uniform Input Distribution
Corelated Input Distribution
Td
Tjitter
Apperture Window
Tapperture
17
Issue 2 Synchronizing Clock Domains Out of
Phase Correlated Clock Domains - Metastability
MTBF is expected value of the time between
failures For uniform failure distribution
MTBF E(t)T/Ne Where T is operation time, Ne is
number of faults
Ne fdTPfail fdT Tapperure/Tjitter
e-(tco-tmet)/t
MTBF 1/fjitterfdTo
18
Issue 2 Synchronizing Clock Domains Out of
Phase Correlated Clock Domains
Input Jitter Estimate
MTBF Estimate for Synchronizer in Actel RT54SX72S
Input slew dU/dt1V/ns
MTBF (Tjitter Td / C1) e(C2 tmet) For
Actel RT54SX72S C1 Toe-(tco/ t) ?
7E-10 C21/ t ? 1e10 tmet
Tc-tsetup-tpd-tco tpd propagation
delay tsetup flip-flop setup time. tco
flip-flop output delay tcotpdtsetup ? 1.5 ns
Tc 1/32 MHz Td 1/8 MHz MTBF ?
2.62 x 10110 years
Thermal noise V2noiseKT/C For T303K(30C) C
5E-12 pF k1.38E-23 J/K Vnoise30µV
translates into Tjitter.03pS This is a
conservative noise estimate disregarding system
noise
19
Issue 3 Static Timing Analysisfor Multi-Clock
Domains Multimode Systems

• Multiple Pseudo Asynchronous clocks - phase
  shifted synchronous clocks with slow drifting
  undefined phases.
• Synchronization to master clock leads to messy
  manual analysis with reduced operating frequency
  and high probability of mistakes. Clock
  uncertainty is on the order of full cycle.
• Sequential multi-cycle CPU operation and external
  DMA block require multi-mode analysis.
• Board level cross chip analysis is required to
  meet ICs specification.
• CLOCK DOMAINS ENCAPSULATION AND BOUNDARY
  RE-SYNCHRONIZATION IS A BETTER SOLUTION.
• PRIMETIME IS AN ASIC TOOL, WHICH CAN BE USED FOR
  FPGA ANALYSIS TO MEET TIMING REQUIREMENTS.

20
Processor BlockDiagram
Issue 3 Static Timing Analysis for Multi-Clock
Domains Multimode Systems
Addr
Data
Wr_n
wrln
Clko
OE
ALE
CS
RAM
CPU
DMA
FPGA
Sys_clk
21
SRAMBusRead
Issue 3 Static Timing Analysis Example of
Manual Analysis Required with full
resynchronization to master clock
22
Issue 3 Static Timing AnalysisMulti Mode, Multi
Clock Analysis
SYS_CLK
Read margin
Address margin
Clocks
Clocks
Clocks
Clocks
Clocks
Write margin
80C196BusTiming
23
Issue 3 Static Timing AnalysisCross chip Data
Mode Analysis
Latch Ram Address
80C196BusTimingData Read margins from Ram CS
to CPU read strobe
RAM data out propagation delay
CPU data read
24
Issue 3 Static Timing AnalysisPrimeTime
Advantages for FPGA design

• Industry standard timing analysis tool
• Tcl scripting capabilities
• Case analysis capabilities
• Allows you to perform board level timing analysis
• Advanced timing analysis features
• exceptions handling
• multiple clocks and frequencies
• transparent latch and time borrowing
• mode analysis

25
Issue 3 Static Timing AnalysisActel FPGA Static
Timing Analysis Results w/ PrimeTime

• Analyzed modes for setup and hold margins for
  best and worst case corners
• CPU address to RAM write
• CPU address to IO write
• CPU data to RAM write
• CPU data to IO write
• RAM data to CPU read
• Timing analysis results
• Setup timing margins were improved from negative
  slack to greater than 20 positive slack.
• Some tight hold margins were identified for
  buffer insertion.

• CPU address latch
• Clkout register to register
• Sys_clk register to register
• DMA RAM read/write

26
Summary

• Radiation environments present unique challenges
  for timing closure.
• Relaxed Timing Definition
• Long term timing Drift
• To address these challenges, a single clock
  synchronous design was changed to a multi-clock
  architecture.
• To implement the new architecture, new issues had
  to be addressed.
• Guaranteeing glitch free handshaking signals from
  FPGA logic blocks.
• Careful analysis of metastability in the
  cross-domain re-synchronization circuits.
• Multi-mode, multi-clock Static Timing Analysis
• The new design successfully improved overall
  system performance, timing margin, and quality of
  design.

27
References

• 1 Actel, Metastability Characterization Report
  for Actel
• Antifuse FPGAs, Application Note, May 2004
• 2 Actel, Antifuse Macro Library Guide for
  Software 6.0, May 2004
• 3 Paul R. Gray and Robert G. Meyer. Analysis
  and Design of Analog Integrated Circuits. Wiley,
  New York, 1993.
• 4 Charles Dike and Edward (Ted) Burton, Miller
  and Noise Effects in a Synchronizing Flip-Flop,
  IEEE J. Solid State Circuits, vol. 34, No. 6,
  June 1999.