When last we discussed metastability (click here to see the first part of this mini-series), we broke off at the point where we were poised to start considering the math used to determine if a two-stage synchroniser would be suitable for a particular application. The alternative would be to have three or even more stages, so how do we determine if two stages are acceptable... or not?
Well, as engineers we can actually calculate this. Sadly, this does involve some math, but I will try and keep the painful parts to a minimum. The mean time between failure (MTBF) for a flip-flop (register) depends upon the manufacturing process. Let's start with the equation for a single flip-flop as follows:
Based on this, we can calculate the MTBF for a multi-stage synchroniser using the following equation:
For both equations:
I really am sorry about this, and I will do my best to keep math out of future columns. Having said this, by means of this equation, it is possible to determine the mean time between a metastability event occurring for your chosen synchronizer structure (two or more flip-flops). If the resulting MTBF for a two-stage synchronizer shows that the time between metastable events is not acceptable (that is, they will occur too often), then you can introduce a third flip-flop.
The use of a three-stage synchronizer is often required in the case of high-speed or high-reliability systems. If you are designing for a high-reliability application, then you will need to demonstrate that the metastability event cannot occur during the operating life of the equipment (at a minimum). This MTBF (or, more correctly, its reciprocal, which is the failure rate) can also be fed into the system-level reliability calculations to determine the overall reliability of the entire system.
When it comes time to simulate these synchronizers, it quickly becomes obvious that the tools are limited in regard to the way in which they can model metastable events. For example, consider the following results generated by simulating an RTL version of a two-stage synchronizer (click here to see a larger, more detailed image):
The RTL simulation appears to indicate that there are no problems.
Even though there is, in fact, a problem with this design, no errors are detected or displayed, due to the fact that the RTL does not -- in this case -- contain any timing information.
For a simulation to exhibit metastability, you have to simulate at the gate level using a standard delay file (SDF) that contains the appropriated timing information. The synthesis tool extracts this timing information from the library associated with the target FPGA component. For example, consider the following gate-level simulation results for the same two-stage synchronizer (click here to see a larger, more detailed image):
The gate-level simulation reveals a timing error (where the traces go red).
Also, the following warning messages were generated as part of this gate-level simulation:
If you wish, you can replicate these results for yourself by downloading this ZIP file, which contains the following files:
- meta_testbench.vhd -- The VHDL testbench
- meta_rtl.vhd -- The RTL version of the design
- meta_gate.vhd -- The synthesized gate-level version of the design
- meta_gate.sdf -- The delays associated with the gate-level version of the design
You can replicate the RTL simulation using the "meta_testbench.vhd" and "meta_rtl.vhd" files. Similarly, you can replicate the gate-level simulation using the "meta_testbench.vhd" and "meta_gate.vhd" files with the delays in the "meta_gate.sdf" file being applied to the "/uut/" region.
Tweet This
