NASA Office of Logic Design

A scientific study of the problems of digital engineering for space flight systems,
with a view to their practical solution.

Analysis of POR Circuit Topologies

The seemingly simple issue of FPGA and ASIC power-on reset circuits is nevertheless often a frequent cause of problems.  The discussion in this application note will cover both the key issues and a variety of circuits, analyzing their strong and weak points.  The discussion will in most cases be general logic design but will deal with some particular issues with Field Programmable Gate Arrays (FPGAs).

For this analysis the following assumptions are made:

1. The external POR circuitry is properly designed.  This is not always a valid assumption as there have been many "wacky" implementations of power-on reset circuits.  Design of these circuits is outside the scope of this application note.
2. The clock is generated by a crystal clock oscillator.  One of the important characteristics of these devices is their response during the turn-on transient, mainly that they take a certain amount of time to start and then become stable.   Additionally, the oscillator may not start clean.
3. The clock is not gated off.  If that is not true, such as when areas of the circuit where the clock is gated off for power savings, then additional issues arise.
4. The POR signal is asynchronous to CLK.
5. The period of CLK is large compared with the metastable state resolution time of the flip-flop being used for synchronization.
6. The POR assertion time exceeds the clock oscillator and FPGA start times.
7. The output of the internal POR circuit drives the asynchronous set/reset of flip-flops (alternatively it may be pipelined, which is another distinct case).  Since modern FPGAs all have asynchronous flip-flop inputs, this is often used to save logic resources, delay, and power.  This is an important consideration since these inputs, unlike D's and ENABLE's, are sensitive to glitches.  It is further assumed that timing specifications are met for set/reset distribution including the "removal" time.
8. Noise pulses on the input POR  signal is a credible situation.

Expanding on Assumption 7 above, many finite state machines will not operate correctly if the flip-flops come out of reset during different clock periods.  Similarly, many systems will not operate correctly if sets of finite state machines do not come out of reset during the same clock period.  Unintended operation or even a lockup state may result.  Additionally, of course, asynchronously removing the reset signals from the device's flip-flops will result in the potential for one or more uncontrolled metastable states if the clock is running.  Therefore, only reset circuits that [attempt to] remove power-on reset synchronously (PORS) will be discussed.

A significant problem with many power-on reset circuits is that the designers often implement a favored circuit without first establishing the true system requirements and then analyzing the circuit performance to those requirements, particularly under transient or anomalous conditions.  As one example, many power-on reset signals are reliable when bringing the logic on-line after the application of power.  However, many circuits that have been examined have shown poor performance during the turn-off transient, which is critical to protect the contents of devices such as EEPROMs.   This application note will only deal with power-on circuits and does not handle the power-off transient condition.

In addition, none of the circuits discussed in this application note are intended to deal with issues of logic devices not starting (e.g., following their truth table) instantly after the application of power.  These system-level issues, based on system-level requirements, must be analyzed and, if necessary, dealt with at the system level and not at the logic level internal to the FPGA or ASIC.

Significant issues related to the analysis and selection of a power-on reset circuit for a particular application include:

• Dependence on clock signal being operational
• Noise immunity
• Critical timing path impact

None of the circuits discussed below is universally better than others and the relevance of the factors listed above must form the basis for the analysis of a particular device, system, and application.

Discussion

Figure 1A.

Circuit 1, Fully Synchronous: This very simple circuit is fully synchronous.   That is something that many analysts do not like since the output of the circuit, PORS, will not be asserted until the clock oscillator starts, which can be 10's of milliseconds after the application of logic voltages.  However, for many FPGA implementations, the effect of an asynchronous reset signal is academic since the FPGA itself takes a considerable amount of time to start.  Indeed, the start time for an FPGA (charge pump, release of inputs and outputs, load of configuration, etc.) can be long enough such that the transient and uncontrolled output of the device can initiate one-time actions such as changing the state of latching relays or initiate the firing of pyrotechnic devices.  Thus, for a system design where the turn-on and -off transients are critical, external circuits should be used for protection.  In light of that analysis, the simple fully synchronous approach has benefits.

Along with the simplicity of the design it offers a fair amount of noise protection since only noise coincident with the clock will be recognized; the rest will be rejected.  If further protection is needed, then one approach would be to use an external analog filters can be used, while remembering to meet the input transition time specification of the logic device.  Other approaches include "analog" filters inside of the FPGA or ASIC by combining delay elements and simple gates.  Another approach is to have a small state machine that will only recognize reset signals if a pulse of sufficient width is presented, while ensuring that the circuit will always start correctly under nominal conditions.  There is no general solution since the width of a potential noise pulse is system dependent and the allowable time is another system-unique parameter.  Of course, when implementing any state machine with asynchronous signals such as random noise pulses, care must be taken to ensure that the FSM is robust with respect to the metastable states on the flip-flops that will occur.

Figure 1B

Figure 1B shows one sample circuit that attempts to filter out noise on the PORS line.  This circuit contains a flaw since there is a static hazard present for short noise pulses, making the PORS signal unclean.

Figure 1C

The circuit in Figure 1C fixes the static hazard problem.  Only one input to the "AND gate" -- or LUT table -- changes at a time.  This technique can be extended in principle to reject pulses of arbitrary width.

The rest of the examples will of the "asynchronously applied, synchronously removed" variety.  Note that for many logic devices the asynchronously applied reset will be blocked as the logic devices start.  Material written above (and below) will not be repeated for each circuit example.

Figure 2.

Circuit 2: This circuit starts with the fully synchronous approach shown in Figure 1 above and wraps the POR signal around the two synchronizing flip-flops to provide an asynchronous assertion of PORS.  Thus, the reset signal can be asserted prior to the clock starting or even in the case of clock oscillator failure.

The removal of reset to the system is clean since it is properly synchronized with the pair of flip-flops, FFA and FFB.

The use of this circuit is limited in, for example, many FPGAs since PORS will not be asserted and affected signals will not propagate off-chip until the device starts and the outputs have been released.  By then, it can be too late for system safety.  Unless properly analyzed, this circuit, as many other ones, can give the designer and system engineer a false sense of security since "on paper" it looks like the application of reset to the system will be instantaneously.  The simple schematics that are used are not a good electrical model of device behavior and are overly simplified.

An advantage of this circuit type is that the reset signal does not have to wait until the clock starts to oscillate.  There is a straight combinational path to the asynchronous resets of flip-flops.

A disadvantage is that any noise or runt pulses can get onto the reset network, resulting in incomplete resets and metastable states from both runt pulses and removal close to the clock rising edge.

Another disadvantage is that if the PORS signal is in the critical path, the additional level of gating will hurt performance.

Figure 3.

Circuit 3:This class of circuit fixes some of the problems of the circuit shown in Figure 2 although it does not have the straight through path to the flip-flops' reset pins.  Thus, a limitation is that the clock must be oscillating for the reset to be applied.

In these circuits there may be some or perhaps no difference if the D of FFA is tied high or to POR.

An advantage to this circuit is that the POR signal need not propagate.  In the event of a transient, only a single flip-flop needs to be set.  If that flip-flop "goes metastable," then it will be cleaned up by FFB.

Figure 4A.

Circuit 4A: By connecting POR to the resets of both FFA and FFB then the PORS signal can be distributed prior to the clock starting, giving us "asynchronously applied" as long as one understands the characteristics of the device.  In FPGA, this is often not applied as the transistors start to function but, as described above, at a later time after the charge pump has started and finished sequencing or a volatile, reprogrammable device has been loaded and initialized.

FFB will take care of any metastability on the PORA signal.

Noise glitches are reasonably well handled.  FFA and FFB should be hand placed, on the same row, so that each is stimulated as identically as possible for the PORS signal.  A runt pulse on POR is not bulletproof.  While in the vast majority of cases it will either be ignored or recognized by both, this may not happen.  Additional filtering is discussed above.

Note that there is a concern of FFB going metastable when the POR signal is asynchronously removed.  While it appears that this is not a problem, if there is a static hazard present inside of the circuit then it is conceivable that it will not be a robust implementation.  Particularly for aerospace circuits, which may employ unique structures such as C-C modules or TMR, one should not assume that things will behave as expected (or perhaps just hoped for!).  For the case of SX-S circuits, correct operation during the removal of POR is guaranteed, as the Actel Chief Designer both examined the design and ran SPICE simulations to verify proper behavior.

Figure 4B.

Circuit 4B: This circuit is an extension of that shown in Figure 4.  Structurally it is quite similar but extends the reset period for one additional clock in the event of a transient on the POR line.  Additional stages will lengthen the duration of the reset.  Some off-the-shelf devices may need reset to be asserted for a certain number of clocks.  Additionally, the reset characteristics of each finite state machine must be examined and its reset requirements met.  For instance, instead of loading the PORS line with every flip-flop and possibly causing timing problems, a subset of the flip-flops may be directly reset by this signal with the reset initialized by simple sequences, which are often present for robust operation in the SEU environment.

Notes and References:

1. "Some Characteristics of Crystal Clock Oscillators During the Turn-On Transient."  This application note discusses and shows what the output of an oscillator may be during the turn-on transient.  Examples shows include runt pulses of various sizes and polarities.

2. "Asynchronous & Synchronous Reset Design Techniques - Part Deux"

3. "Small Explorer WIRE Failure Investigation Report." This is Appendix F of the WIRE Mishap Investigation Board Report, June 8, 1999.

4. "Startup Transient," from Advanced Design: Designing for Reliability, 2001 MAPLD International Conference, Laurel, MD, September 10, 2001.

5. "Current Radiation Issues for Programmable Elements and Devices," IEEE Transactions on Nuclear Science, December 1998.

6. "RH1020 Single Event Clock Upset Summary Report," Richard B. Katz and J. J. Wang, March 5, 1998
7. Thanks to Melanie Berg of Ball for the helpful comments and suggesting to add notes about the extra delay in the reset path when using topologies such as those shown in Figure 2.
8. "Hazard Analysis," from Design Guidelines and Criteria for Space Flight Digital Electronics.
9. Timing Analysis of Asynchronous Signals

Home - NASA Office of Logic Design
Last Revised: December 05, 2003
Digital Engineering Institute
Web Grunt: Richard Katz