Advertisement

Blog

Metastability in Space

Metastability can cause a spacecraft electronic failure. It may render a very expensive spacecraft/satellite unusable and if the spacecraft is manned, there could be lives in danger. A simple D Flip-Flop can wreak havoc in the cold void of Space. (I strongly suggest you read Max Maxfield’s three-part article on Metastability in References 2, 3, and 4. That series is quite informative as well as entertaining, as only someone like Max can pull off.)

Metastability events are common in digital circuits; synchronizers are necessary to protect from their devastating effects. Originally, synchronizers were necessary when playing an asynchronous input (that is, one synchronized with the clock input, so it could change exactly with the sample timing).

Metastability5

  • Problem: Introducing an asynchronous signal into a synchronous (edge triggered) system or creating a combinatorial logic path that does not meet timing constraints
  • Output hovers at a voltage level between high and low, causing the output transition to be delayed beyond the specified clock (clk) to q (CQ) delay.
  • Probability that the D Flip-Flop enters a metastable state and the time required to return to a stable state varies on the process technology and on ambient conditions.
  • Generally, the D Flip-Flop quickly returns to a stable state. However, the resultant stable state is not deterministic.

A proposed design for Metastability issues was developed by Robert M. Simle and Jose A. Cavazos of Lockheed Martin Corp. for NASA Johnson Space Center. The patent was for a digital synchronizing circuit that would eliminate metastability conditions that greatly affect flip-flop circuits in digital input/output interfaces. The metastability is associated with sampling, via the use of flip-flops, of an external signal that is asynchronous with a clock signal that drives the flip-flops (It is a temporary flip-flop failure that can occur when the rising or falling edge of an asynchronous signal happens during the setup and/or hold time of a flip-flop.)1

Their proposed design suggests the following:

  1. use of a clock frequency greater than the frequency of the asynchronous signal
  2. use of flip-flop asynchronous preset or clear signals for the asynchronous input
  3. use of a clock asynchronous recovery delay with pulse width discriminator
  4. tying the data inputs to constant logic levels to obtain two half-rate synchronous partial signals — one for the falling and one for the rising edge.

Since the flip-flop data inputs would be permanently tied to constant logic levels, setup and hold times would not be violated. The half-rate partial signals would be recombined to construct a signal that would replicate the original asynchronous signal at its original rate but would be synchronous with the clock signal.

Title to this invention, covered by U.S. Patent No. 6,771,099 B2, has been waived under the provisions of the National Aeronautics and Space Act {42 U.S.C. 2457 (f)}.

Metastability Equation5

MTBF = Ec2*tmet /F0*Fd*C1

F0: Clock Frequency

Fd: incoming data frequency

C1: related to the window of susceptibility

C2: device specific constant

Reference 5 also shows how to set up a Metastability Filter:

(Image courtesy of Reference 5)

(Image courtesy of Reference 5)

References 2, 3, 4, and 5 also show how clock skew can cause not only metastability but other aspects of instability. These References also provide various solutions as well.

References

1 Digital Synchronizer without metastability, Lyndon B. Johnson Space Center, NASA Tech Briefs, 9/1/2009

2 Building a 4-Bit Computer: Mitigating Metastability (Part 1), (What is metastability and how can timing violations cause it?), EEWeb, Max Maxfield

3 Building a 4-Bit Computer: Mitigating Metastability (Part 2), (How can metastability creep into designs and how can we weed it out again), EEWeb, Max Maxfield

4 Building a 4-Bit Computer: Mitigating Metastability (Part 3), (Radiation-induced metastability and how to deal with it), EEWeb, Max Maxfield

5 FPGA design strategies for the space radiation environment, Melanie Berg, NASA Goddard Space Flight Center

2 comments on “Metastability in Space

  1. D Feucht
    February 2, 2019

    Oscilloscope trigger generators are high-performance synchronizers. For lower-speed 'scopes, a delay is placed in the clock path between the first and second of the D flops in the diagram. This gives the first flop output time to settle to a valid logic state within the setup time needed by the second flop so that when the delayed clock comes along, the second flop avoids metastability. The delay time is chosen from the exponential equation to reduce the probability of excessive delay (the metastable state) in achieving a valid output state to an acceptably low value.

    Faster scopes use hysteretic RS flops, but that is a longer story …

     

     

  2. Steve Taranovich
    February 2, 2019

    @D Feucht—well spoken from a guy who really knows oscilloscopes

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.