Automating Clock-Domain Crossing Verification for Do-254 (and other Safety-Critical) Designs
|
Contributor: Michelle Lange Format: PDF Document As designs get more complex and previously independent functions become integrated on a single chip, chips with multiple asynchronous clock domains are becoming the norm. Signals that cross between these domains called clock-domain crossings, or simply "CDCs") can result in metastable operation, which often causes intermittent chip failures that can go undetected until the chip is in the lab or even operating in the field. This is a serious risk to safe system operation (not to mention the long debug times and extensive costs associated with troubleshooting and fixing these difficult problems). This concern is driving a swift adoption of CDC verification tools even into military and aerospace companies. This paper introduces the issues concerning CDC, how to verify CDCs to avoid inadvertent design failures, and how/why to use 0-In CDC on DO-254 projects (including what is needed for tool assessment). |