Logic designers often replicate logic for reliability or performance reasons. For example, if the load on an output is too high, then the load will often be split between multiple drivers (in some cases outputs may be joined together but this is not preferred and is usually avoidable). In other cases, cutting the load and duplicating the driver can help make timing by distributing the capacitive load. The replication of combinational logic is quite straightforward.
However, if this concept is extended to sequential logic then the situation is trickier since state information is involved. Indeed, the logic may present different information to different parts of the circuit and, for example, may be inconsistent in the presence of a trasient fault such as a single event upset, ESD event, etc. That is, the logical flip-flop can present different values to different parts of the circuit depending on which physical flip-flop they connected to. This is a call for caution in high-reliability applications. Software CAE tools are more than happy to generate circuits of this class and do not generate logic to ensure self-consistency.
This note will give three examples:
- VHDL Synthesis
- Netlist Translation
- Backend Place and Routing
VHDL Synthesis
In studying gray encoded finite state machines (FSMs), a variety of schematic and VHDL examples were implemented by a variety of individuals. One of the implementations, generated by a very experienced VHDL designer, was found (to his surprise!) to have 8 flip-flops rather than four; it was a 16-state FSM.
The synthesizer's report file was examined and it was found to contain the following:
Replicating q_h.q[3], fanout 13 segments 2
Replicating q_h.q[2], fanout 13 segments 2
Replicating q_h.q[1], fanout 12 segments 2
Replicating q_h.q[0], fanout 12 segments 2Added 0 Buffers
Added 4 Cells via replicationResource Usage Report of Gray_Code
Sequential Cells: 8 of 1080 (1%)
dfc1b: 8
This shows the failure of carefully examining the output file for all synthesis runs. Next, the EDIF netlist produced by the tool was converted into a schematic to examine what had happenned:
Four pairs of flip-flops are highlighted. This gray coded state
machine required only 4 flip-flops total but the synthesizer
replicated the flip-flops. Note that the identical VHDL code, when run on different
versions of the same synthesizer,
would produce different results. One such result was a design with just 4
flip-flops but with output that would glitch.
It was difficult to get the synthesizer to produce the desired results for a high-reliability application. The final approach which seemed to work well -- that is a glitch-free output from the gray encoded FSM and no flip-flop replication -- was obtained by turning off all FSM optimizations in the tool and not using an enumerated type for the signal. That is, the state assignment problem was done by the human, using constants for readability, and the synthesizer was told not to think of the circuit as a finite state machine but simply as bits. The result is shown below. Note the version of the synthesizer for our design target did not support a directive not to replicate flip-flops. Other designs that we have done, for complex machines in real applications, we controlled replication by increasing the fanout of each flip-flop in question or performing manual state assignment with constants and then carefully checking the synthesizer output after every run. Obviously, one must check the current version of the tool, it's support for this feature for each targeted family, and then verify the output.
No Enumerations or FSM Optimization for this synthesis run. This
resulted in a
16-state gray encoded finite state machine that was glitch-free and with 4 flip-flops.
Netlist Translation
One common methodology for the development of systems is to prototype the design with one family of devices (e.g., a reprogrammable device) and then translate or retarget the design to another family for system implementation (e.g., a one-time programmable device). The example below shows what happenned in the development of a motor controller for a deep-space spacecraft. Except for some small overlap, in the top circuit, there can be no inconsistency between Q and QN. However, after blowing the fuses in spacecraft test, it was determined that the "device had failed" since Q was in fact equal to QN, resulting in a short circuit. A failure analysis showed, however, that the real circuit, shown in the lower part of the figure below, was never seen by the designer; it was constructed, by the analyst by hand, from the translated netlist. There was nothing wrong with the "failed" device and it behaved exactly the way it was designed.
Since the input of the flip-flop was asynchronous to the clock, the problems were fortunately compounded as the problem was detected in test as opposed to being detected in flight by an SEU.
Note that equivalence checking and black box simulations are incapable of detecting this design flaw, put into the design, by the computer aided engineering software.
Logically equivalent circuits before and after netlist translation for a
motor controller
application in a radiation environment. Electrically they differ significantly.
Backend Place and Routing
Backend place and route tools often change the design. One example is the elimination of unneeded buffers, packing of logic, etc. Sometimes this is benign; other times it is not. With respect to this application note, some of these backend tools can and do duplicate flip-flops. This can be problematic, as discussed above, with synchronizers and finite state machines, for two examples.
Home -
NASA Office of Logic Design
Last Revised: November 14, 2003
Digital Engineering
Institute
Web Grunt: Richard
Katz
