Update: September 30, 2004. Added Reference 5.
Date: July 15, 2003
This is the thirteenth in a series of OLD News articles.
Timing analysis for combinational and sequential circuits has always been a critical part of reliable hardware design. While historically a lengthy, manual process, the use of new Computer Aided Engineering (CAE) software tools and modern devices seemingly allows "push button" timing analyses with the gate array designer not seeing the intricate numerical details and calculations. The newest high-speed devices and the proper characterization of generic gate array devices present new challenges.
Guaranteed minimum and maximum values for both logic paths and clock skew are required for worst-case timing analyses. For each sequentially adjacent1 flip-flop pair, two calculations must be performed: setup time (tSU) and hold time (tH) verification. To guarantee tSU, maximum propagation and routing logic delay values are used. For hold time analysis, minimum propagation and routing logic delay values are required to ensure that adequate timing margin is available to avoid the parallel clocking problem. Bounded values of clock skew also must be known for both calculations.
Moreover, the hold time margin can not be demonstrated during system test.2 Hence, the analysis of this parameter, for all relevant flip-flops in a design, is critical. Additionally, parameter databases, timing models, and algorithms must be correct. In short, the minimum logic path races against the maximum clock skew. The analysis must show that the clock is always guaranteed to win, over all environmental conditions and the life of the mission.
In previous, slower, generations of Actel devices, the hold time analysis was usually a formality, with placing flip-flops on any of the global clock busses resulting in designs that are correct by construction. This is no longer the case for the newest, fastest devices, where the minimum logic path delay may be less than the maximum skew. The RT54SX-S and A54SX-A data sheets specify limits on global skew when using dedicated clock drivers and distribution system.
Table 1. Maximum Clock Skew for RT54SX-S Devices3
VCCA = 2.3V, VCCI = 4.5, TJ = +125 °C, Standard Speed
HCLK RCLK RT54SX32S 0.6 2.3 RT54SX72S 1.6 3.7
Table 2. Maximum Clock Skew for RT54SX-S Devices3
VCCA = 2.3V, VCCI = 3.0, TJ = +125 °C, Standard Speed
HCLK RCLK RT54SX32S 0.6 2.0 RT54SX72S 1.6 3.7
Table 3. Maximum Clock Skew for A54SX-A Devices4
VCCA = 2.25V, VCCI = 3.0, TJ = +125 °C, Standard Speed
HCLK RCLK
(Light Load)RCLK
(50% Load)RCLK
(100% Load)A54SX32A 0.2 1.5 2.2 2.3 A54SX72A 0.6 1.5 2.2 2.3 The global clock skew numbers are large enough, when compared with possible range of logic delays in these modern devices, that calculated clock skew numbers for sequentially adjacent flip-flops pairs are needed for hold time analysis. Designs may not be "correct by construction" anymore. The timing numbers must be extracted from the circuit using the manufacturer's back end timing tools and databases. The algorithms in the tools must have sufficient fidelity and the databases must accurately reflect both worst-case and best-case situations for min-max analysis.
Note that this is not purely an academic exercise. Failures have been observed in commercial A54SX32A devices using the routed array clock (RCLK) at nominal voltage and temperature. The design of the failed device heavily loaded the clock with long shift registers. Additionally, the failing flip-flop pairs were not in a worst-case configuration (e.g., using fast connect) and were "spread out." Lastly, space-grade devices, the RT54SX-S series, will have higher clock skew because of increase in the die size and the load from the triple modular redundant (TMR) flip-flops. The fundamental question is how do we tell a good design from a not good one? Unfortunately, the current tools and databases are inadequate and the ongoing failure analysis at Actel indicates that there is a timing prediction issue.
Figure 1. Comparison of military and space-grade grade devices.The findings below are accurate at the time of this posting and is the manufacturer's current guidance.
- Minimum delay numbers calculated by the timing analysis tools are not guaranteed. They are not bound and actuals may be less then the reported values. This is true for Designer's TIMER as well as files containing extracted delays such as .sdf files.
- Any flip-flop pair, with a common edge (either rising or falling), is guaranteed to have sufficient hold time margin under all conditions and placements, when clocked by HCLK.
- For an arbitrary flip-flop pair, with a common edge (either rising or falling), when clocked by a global routed array clock:
- There is no guarantee that it will be correct by construction under all conditions and placements.
- There is no certified technique to prove adequate margin by analysis with the current tool set.
- Skew-tolerant design techniques are recommended.
- For an arbitrary flip-flop pair, with a common edge (either rising or falling), when clocked by a quadrant routed array clock:
- Within a single quadrant: Any flip-flop pair, with a common edge (either rising or falling), is guaranteed to have sufficient hold time margin under all conditions and placements.
- Over multiple quadrants5:
- When using internal routing to connect quadrant drivers: There is no guarantee that circuits will be correct by construction under all conditions and placements.
- When using dedicated routing to connect quadrant drivers: There is currently no guarantee that circuits will be correct by construction under all conditions and placements. This case is currently being analyzed and tested by the manufacturer.
An additional recommendation from the manufacturer (Actel) is: As is standard with all critical applications, proper system testing is required under all required conditions to detect as many faults as possible.
The manufacturer is continuing to work on both hardware and software issues associated with this problem.
Notes
1 Two flip-flops are sequentially adjacent if there only is combinational logic or interconnect from the output of the source flip-flop to the input of the sink flip-flop.
2 This discussion is limited to designs with edge-triggered flip-flops, with a common clock, all sensitive to transitions on the same edge (e.g., all rising edge-triggered flip-flops on a single clock network).
3 "RT54SX-S RadTolerant FPGAs for Space Applications," Advanced v1.4, November 2002.
4 "HiRel SX-A Family FPGAs," Advanced v1.2, December 2002.
5 Note that when a QCLK pin the design software may allocate flip-flops in multiple quadrants and use the dedicated wiring to connect multiple quadrant clock drivers.
In my new OLD (Office of Logic Design) position, I am now making some of my informal e-mail lists semi-formal. These mailings will have pointers to technical tips that can [hopefully] proactively prevent errors from getting into flight designs or make things go faster and smoother. I have included an array of people from a number of organizations; different NASA Centers, ESA, etc., as you all may distribute to people in your own organizations and other colleagues. Please let me know if you are on this list in error or if someone should be added to it. This list is targeted towards those that either will design or review space flight digital electronics. Feel free to suggest topics for discussion and research or to contribute news items. [Note for this web-based release: to become a recipient on this mailing list, please send e-mail to: richard.b.katz@nasa.gov.]
All application notes are uploaded onto my www site. New additions are noted on the what's new page. I will give these mailings from time to time; too much and they will be filtered and ignored - too little and not enough information flows. So I'll try and hit a good balance.
Best regards,
-- rk
Home - NASA
Office of Logic Design
Last Revised:
September 30, 2004
Digital Engineering
Institute
Web Grunt: Richard
Katz
