针对 DO-254（及其他安全关键型）设计的跨时钟域验证自动化

亚稳态是安全关键型设计中的一个严重问题，通常会导致芯片出现间歇性故障，这些故障可能直到在飞行中出现失效时才被发现。传统仿真无法准确分析多时钟设计，并且依赖于手动流程，容易出错。本文描述了 DO-254 项目所需的自动化跨时钟域验证解决方案以及工具评估技巧。

The metastability challenge in safety-critical designs

Metastability is the term used to describe what happens in digital circuits when the clock and data inputs of a flip-flop change values at approximately the same time. This is not a problem in single-clock designs, but this becomes a problem on paths transmitting data between asynchronous clock domains. When the data changes in the setup/hold window, this leads to the flip-flop output oscillating and settling to a random value.

In this case, the output of the flip-flop is said to have gone metastable and will lead to incorrect design functionality, such as data loss or data corruption on CDC paths. This situation happens in every design containing multiple asynchronous clocks, which occurs any time two or more discrete systems communicate.

Metastability is a serious problem in safety-critical designs, frequently causing chips to exhibit intermittent bugs that may not be caught until an in-flight failure. Traditional simulation does not accurately analyze multi-clock designs and relies on a manual, error-prone process. This paper describes the automated clock domain crossing verification solution DO-254 projects need and tool assessment tips.