Metastability and Synchronization Failure

- Synchronization failure

1
What happens when we violate setup and hold time
constraints?
d q
D Q

clk

d
ts th
clk
tdCQ
q
Metastability and Synchronization Failure
- Metastability

3
Storage loop has a metastable state between 0 and 1

V2
Stable point

Metastable point

Stable point
V1 V2
+ DV -

V1
Dynamics of DV
V2
Stable point

Metastable point
V1 V2
+ DV -
Stable point

V1
 Dynamics of DV

DV
1

e-1

V1 V2
+ DV - 1t 2t t

-e-1

-1
Metastability and Synchronization Failure
- Probability of illegal state

7
 Probability of entering an illegal state

Probability that an input signal transition violates the setup or hold time
of flip-flop is

ts + th
PE = = fcy (ts + th)
tcy
If the asynchronous signal has transitions with frequency fa, then the
frequency of violating setup or hold time is
fE = fa PE = fa fcy (ts + th)

8
 Example

Suppose we have a flip-flop with ts = th = 100ps and our cycle time tcy = 2ns.
Then, the probability of error is

ts + th 100 + 100
PE = = = 0.1
tcy 2000

Suppose that the asynchronous signal has a transition frequency of 1MHz.

Then, the frequency of error is
fE = fa PE = 1 MHz (0.1) = 100kHz

9
 Probability of leaving an illegal state

Given that a flip-flop enters an illegal state, it lands at a particular state

voltage DV(0) with some probability, assuming a uniform distribution
over -1 and 1. Then, the probability of taking longer than tw to exit an
illegal state is the same as the probability that
DV(0)   exp(- tw / s ).

With DV(0)  uniformly distributed between 0 and 1, the probability of

taking longer than tw to reach a stable stage is
Ps = exp(- tw / s ).

10
 Summary

Clocking a flip-flop during the “keep-out” interval may leave the storage node in an
“illegal state”
Some “illegal states” are Metastable
Time to decay to a legal state depends on log of initial voltage

t = -t log(DV (0))
Probability of entering metastable state is probability of hitting “keep-out” interval.
ts + th
PE =
tcy
Probability of staying in metastable state after time tw is the probability that initial
voltage was too small to decay in time tw.
æ - tW ö
PS = expç ÷
è t ø
11
Synchronizer Design – Where
are synchronizers used?

12
Where are synchronizer used?

13
Synchronizer Design
– Brute-force synchronizer

14
A Brute-Force Synchronizer

A FF1 AW FF2 AS
D Q D Q

Clk

Clk

AW

AS

15
What if AW is still in a metastable state when FF2 is
clocked?

Clk

AW

AS

16
Calculating Synchronization Failure
(The Big Picture)

P(failure) = P(enter metastable state) x P(still in state after tw)

17
 Probability of Entering a Metastable State

• FF1 may enter the metastable state • Probability of a given transition

if the input signal transitions during being in the setup+hold window
the setup+hold window of the flip flop is the fraction of time that is
setup+hold window

Clk
t +t
PE = s h = fcy (t s + th )
t cy

ts+th
tcy

18
 Probability of Staying in the Metastable State

• Still in metastable state if initial • Probability of starting with this

voltage difference was too small to voltage is proportion of total
be exponentially amplified during voltage range that is ‘too small’
wait time

æ - tw ö
DVS = DVF expçç ÷÷
è tS ø
æ - tw ö DVF=1
PS = expçç ÷÷
è tS ø DVS

tw

19
 Failure Probability and Error Rate

• Each event can potentially fail. æ -t ö

PF = PEPS = (t s + th )fcy expç w ÷
• Failure rate = event rate x failure è t ø
probability æ -t ö
fF = fePF = (t s + th )fe fcy expç w ÷
è t ø

Clk

DVF=1
ts+th
tcy DVS

tw

20
Failure Rate Calculation

• ts = th = tdCQ =  =100ps, tcy = 2ns

• must sample with fE = 1MHz asynchronous signal
• PE = (.1+.1)/2 = 0.1
• PS = exp(-1.8/.1) = exp(-18) = 1.5 x 10-8
• PF = PSPE = 1.5 x 10-9
• fF = fEPF = 1.5 x 10-3

• 1 failure every 656 seconds ~ every 11 minutes

• This is not adequate. How do we improve it?
using clock enable vs. using multiple flip-flops

• How do we get failure rate to one every 10 years ~ 3 x 108s (fF < 3 x 10-9)

21
 Example: Brute-force synchronizer

Calculate the mean time to failure for a system with fa = 100kHz, fcy = 1GHz,
ts = th = 50ps, s = 100ps, and tdCQ = 80ps that uses three back-to-back flip-
flops for a synchronizer.

PE = (ts + th ) / tcy = (50 + 50) / 1000 = 0.1

tw = 2 (tcy – ts – tdCQ) = 2 (1000 – 50 – 80) = 1740ps = 17.4 s

PF = PE PS = (0.1)exp(- tw / s) = (0.1)exp(-17.4) = 2.78 x 10-9

fF = fa PF = (105)(2.78 x 10-9) = 2.78 x10-4 Hz

The MBFF is 1/ fF = 3.60 x 103 seconds

22
 Summary

While it is impossible to reduce the probability of synchronization failure to zero, it

can be made small by designing an appropriate synchronizer.

Synchronizers are typically used on asynchronous inputs and on the boundaries of

clock domains.

Brute-force synchronizer synchronizes a single-bit signal by sampling, waiting, and

resampling. By choosing the waiting interval large enough, the probability of
synchronization failure very small.

Brute-force synchronizer can also be used on multi-bit signals only when they are
Gray-coded.

Arbitrary multi-bit signals can be synchronized with a FIFO synchronizer.

Synchronization is only required to pass the head and tail pointers between the two
domains to check for empty and full conditions. Gray coding is required for the head
and tail pointers to synchronize them with brute-force synchronizers.
23
Synchronizer Design – FIFO synchronizer

24
 Synchronizing multi-bit signals

Consider a 4-bit counter running on clk1 you need the value of this
counter sampled by clk2. Will the following circuit work? (assume tw >> )

counter

cnt cnt_w cnt_s

D Q D Q
4 4 4

clk1 clk2

25
When synchronizing a multi-bit signal, each changing bit is independently
synchronized
Consider what happens on the 0111 to 1000 transition. All bits are
changing. Each can independently fall either way.

How do you fix this?

counter

cnt cnt_w cnt_s

D Q D Q
4 4 4

clk1 clk2
26
Solution:

Use a Gray code counter

For all but the MSB:
next_b[i] = (b[i-1] & !(|b[i-2:0])) ? !xor(b[n-1:i+1]) : b[i];
For the MSB:
next_b[n-1] = (|b[n-3:0]) ? b[n-1] : b[n-2] ;

27
module GrayCount4(clk, rst, out) ;
input clk, rst ;
output [3:0] out ;
wire [3:0] out, next ;

DFF #(4) count(clk, next, out) ;

assign next[0] = !rst & !(out[1]^out[2]^out[3]) ;

assign next[1] = !rst & (out[0] ? !(out[2]^out[3]) : out[1]) ;
assign next[2] = !rst & ((out[1] & !out[0]) ? !out[3] : out[2]) ;
assign next[3] = !rst & (!(|out[1:0]) ? out[2] : out[3]) ;
endmodule

28
# xxxx
# 0000
# 0001
# 0011
# 0010
# 0110
# 0111
# 0101
# 0100
# 1100
# 1101
# 1111
# 1110
# 1010
# 1011
# 1001
# 1000
# 0000
# 0001
# 0011
# 0010
FIFO Synchronizer Showing Control Path

30
 Summary

While it is impossible to reduce the probability of synchronization failure to zero, it

can be made small by designing an appropriate synchronizer.

Synchronizers are typically used on asynchronous inputs and on the boundaries of

clock domains.

Brute-force synchronizer synchronizes a single-bit signal by sampling, waiting, and

resampling. By choosing the waiting interval large enough, the probability of
synchronization failure very small.

Brute-force synchronizer can also be used on multi-bit signals only when they are
Gray-coded.

Arbitrary multi-bit signals can be synchronized with a FIFO synchronizer.

Synchronization is only required to pass the head and tail pointers between the two
domains to check for empty and full conditions. Gray coding is required for the head
and tail pointers to synchronize them with brute-force synchronizers.
31