1. CDC Tool Landscape
Three categories of CDC tools:
- Simulators: Mentor Questa, Cadence Xcelium, VCS (dynamic verification)
- Formal/Static: Cadence Incisive, OneSpin 360, Jasper (formal proof)
- Lint/Analysis: Cadence Conformal, Synopsys SpyGlass (static checks)
2. Mentor Questa CDC Verification
Features
- CDC rule checking: Automatic detection of common CDC violations
- Metastability simulation: Built-in metastability injection
- CDC reports: Detailed analysis of all clock domain crossings
- Coverage tracking: CDC-specific coverage metrics
Workflow
- Elaborate RTL: Load design into Questa
- Run CDC analysis: Questa identifies all CDC crossings
- Review CDC report: Inspect detected synchronizers
- Simulate: Run testbench with metastability injection
- Sign-off: CDC review passed, design ready
3. Cadence Incisive CDC Analysis
Capabilities
- Synchronization checker: Verifies all async signals are synchronized
- MTBF calculation: Proves MTBF bounds mathematically
- Setup/hold verification: Ensures timing met at CDC boundaries
- Gray code validation: Confirms correct encoding
Integration
Cadence Incisive integrates with:
- Xcelium: Simulation engine (fast, parallel)
- JasperGold: Formal verification (proof engine)
- Conformal: Equivalence checking (logic verification)
4. OneSpin 360 CDC
Specialized formal CDC tool:
- Exhaustive formal proof: Proves CDC safety without simulation
- MTBF quantification: Calculates exact MTBF bounds
- Synchronizer patterns: Database of known-good CDC patterns
- Property generation: Automatically generates CDC properties
Typical Workflow
OneSpin automatically detects CDC crossing, generates properties, and proves safety in minutes.
5. Static Analysis & Lint Tools
Cadence Conformal
Checks for:
- No combinational paths across clock domains (stops logic glitches)
- All async signals synchronized with dual-FF minimum
- Gray code on multi-bit transitions
- Reset synchronized to all domains
- Setup/hold met (except in metastable window)
Synopsys SpyGlass
Similar CDC lint rules. Industry standard for pre-synthesis CDC checking.
6. Tool Selection Guide
| Design Type | Recommended Tool | Why |
|---|---|---|
| Simple FPGA (1-2 domains) | Mentor Questa + testbench | Simulation sufficient, fast |
| Medium ASIC (3-5 domains) | Mentor Questa + Conformal lint | Balanced simulation + static checking |
| Complex SoC (10+ domains) | Cadence Incisive + JasperGold | Comprehensive verification + formal |
| High-reliability (automotive, aerospace) | OneSpin 360 + formal proofs | Exhaustive proof, quantified MTBF |
| All designs | Lint tools (Conformal, SpyGlass) | Catches obvious violations early |
7. CDC Tool Workflow in Design Flow
Phase 1: RTL Design (Days 1-30)
- Designers write CDC synchronizers manually or instantiate IP
- Run CDC lint (SpyGlass/Conformal) nightly
- Fix violations incrementally
Phase 2: Functional Verification (Weeks 3-6)
- Run Mentor Questa with CDC testbenches
- Inject metastability, stress test all crossings
- Achieve CDC coverage targets (95%+)
Phase 3: Pre-Synthesis (Week 7)
- Final CDC lint pass (must pass with zero warnings)
- Formal verification (OneSpin or JasperGold) on critical paths
- Design review sign-off by CDC expert
Phase 4: Post-Synthesis (Week 8-9)
- Verify CDC still correct after synthesis (Conformal equivalence checking)
- Timing closure (STA must meet CDC constraints)
Phase 5: Tape-Out (Week 10)
- Final CDC sign-off (no CDC violations in design)
- Documentation: CDC map, synchronizer list, timing constraints
8. Common Tool Pitfalls
- ❌ Pitfall: Relying only on lint (misses some CDC bugs)
- ✓ Fix: Combine lint + simulation + formal for comprehensive coverage
- ❌ Pitfall: Lint passing = CDC safe (lint checks necessary but insufficient)
- ✓ Fix: Lint is baseline. Add simulation and formal proofs.
- ❌ Pitfall: Running tools once, then ignoring updates
- ✓ Fix: Integrate CDC tools into regression (run every change)
9. Simulation Framework for CDC
Typical CDC testbench structure:
- Clock generation: Multiple independent clock generators
- Reset synchronization: Asynchronous reset and sync verification
- Stimulus generation: Random input patterns, metastability injection
- Verification: Assertions on data integrity, no glitches
- Coverage collection: Track metastable windows, pointer wrap, transitions
10. Formal Property Specification
Using PSL (Property Specification Language) or SVA (SystemVerilog Assertions):
- MTBF property: "MTBF > 1 million years"
- No data loss: "Every write eventually appears in read domain"
- No deadlock: "FIFO never stuck in full or empty"
- No corruption: "Data out matches data in"
Tools like JasperGold and OneSpin prove these automatically.
11. Integration with CI/CD Pipeline
Modern design flows integrate CDC verification into continuous integration:
- Every commit triggers CDC lint
- Nightly: Full simulation + formal proofs
- Weekly: Design review with CDC expert
- Pre-tape-out: Comprehensive CDC sign-off
12. Checklist: CDC Tools
- ✅ Run lint early and often (SpyGlass, Conformal)
- ✅ Integrate simulation (Mentor Questa with CDC testbenches)
- ✅ Use formal verification (OneSpin or JasperGold)
- ✅ CDC expert review before tape-out
- ✅ Documentation: CDC map, synchronizer list, MTBF targets
- ✅ Continuous integration: CDC tools in nightly build
- ✅ Regression testing: CDC verification on all changes
Next (Day 13): Design patterns and best practices.