CDC Verification and Common Mistakes
How CDC is checked, and the traps to avoid
CDC bugs do not show up in normal timing analysis and often hide from plain simulation, so they are caught with dedicated methods. This lesson covers how, plus the mistakes that cause most real CDC failures.
How CDC is verified
- Structural CDC analysis: a tool scans the netlist for every asynchronous crossing and checks that each one has a recognized synchronizer.
- Metastability injection: simulation deliberately randomizes the timing of synchronizer outputs to expose logic that wrongly assumes a clean value.
- Assertions and protocol checks: verify handshakes complete and gray-coded pointers only ever change one bit at a time.
The mistakes that cause real failures
| Mistake | Why it fails | Fix |
|---|---|---|
| Bus synchronized bit by bit | Bits resolve independently, value is corrupt | Gray code or a handshake |
| Logic between the two sync flops | First flop loses its settling time | Keep the two flops back to back |
| Synchronizing a narrow pulse | Destination clock steps over it | Toggle-based pulse synchronizer |
| Reconverging synchronized signals | Independently synchronized bits realign wrongly | Synchronize once, then fan out |
| No reset synchronizer | Metastable flop on reset release | Async assert, sync de-assert |
The reconvergence trap
A subtle one: if you synchronize two related signals through separate synchronizers and then combine them in logic, they may arrive on different cycles and produce a glitch or wrong decision. The rule is to synchronize a signal once and then use the single synchronized copy everywhere, rather than synchronizing the same information through multiple paths.
When you reach a crossing, name the technique out loud: single control bit means two-flop synchronizer; a pointer means gray code; a data stream means async FIFO; an occasional word means handshake; a pulse means pulse synchronizer; reset means reset synchronizer. Matching the structure to the situation is the whole skill of CDC.
Do not rely on simulation alone to sign off CDC. A normal simulation uses ideal zero-delay flops and will happily show a broken design working. Always run structural CDC analysis with metastability modeling before you trust a multi-clock design.