Page 753 - Engineering Digital Design
P. 753
14.11 INITIALIZATION AND RESET OF ASYNCHRONOUS FSMs 719
in some cases, actually provide an indirect path for E-hazard formation, thereby making
E-hazard formation possible whereas otherwise it would not be. E-hazards are potential
defects in the sense that the FSM logic is not "born" with these defects as can be the case
for static hazards. E-hazards require explicitly located path delays of magnitude exceeding
the minimum requirements before they can form. However, an active E-hazard is guaranteed
to cause malfunction of the FSM, whereas active static hazards in the NS logic may or may
not be disruptive to the operation of the FSM. Before a static hazard in the NS-forming logic
can cause malfunction, it must be "strong" enough to cross the switching threshold, but even
then the hazard may not cause malfunction. However, the designer must assume that the
static hazard has the potential to cause malfunction of the FSM and must add hazard cover.
In fact, some designers find it worthwhile to take the "shotgun approach," which means
adding hazard cover to any pair of coupled terms appearing in the NS logic functions.
The d-trio is a special case of an E-hazard that causes the FSM to undergo an error
transition before residing in the intended state. Sometimes this has the effect of only delaying
the transition from the origin state to the intended state. However, at other times an output
can be activated erroneously as in Fig. 14.30b. Such an erroneous output can be just as
disruptive as an active E-hazard would be. For this reason, active E-hazards and d-trios are
considered equally capable of causing malfunction of an asynchronous FSM and corrective
action should be taken where warranted. This action usually amounts to nothing more than
adding a delay in the feedback path of the second invariant state variable, a delay equal to
about the minimum path delay requirement for E-hazard formation.
Corrective action to prevent the formation of E-hazards can take the form of carefully
choosing routing paths in a circuit layout so as to avoid excessive path delays at certain
critical locations in the circuit. Thus, an E-hazard analysis is of value in this regard, since
knowledge of the position and magnitude of a causal delay can offer the designer the
information needed to make an engineering judgment as to possible corrective action. Again,
it must be remembered that a strongly active E-hazard is guaranteed to cause malfunction of
the FSM. If the minimum path delay requirements are just barely exceeded, a weakly active
E-hazard may cause the FSM to become logically unstable or may even permit the FSM
to operate properly. But the designer should not take a chance except for the case where a
large minimum path delay requirement is indicated. The E-hazard and d-trio effects given
in Fig. 14.30 are those of a strongly active E-hazard, since the delay of 5r p that is used
exceeds the minimum requirements by about a factor of 2. A causal delay that just exceeds
the minimum path delay requirements for an E-hazard, as indicated in Eqs. (14.22), will
cause the FSM to oscillate when simulated. The same reduction in the causal delay for the
d-trio only narrows the error pulse. Real circuits, on the other hand, may require causal
dalays considerably in excess of the theoretical minimum.
14.11 INITIALIZATION AND RESET OF ASYNCHRONOUS FSMs
Like synchronous FSMs, most asynchronous FSMs must also be initialized or reset. But
unlike synchronous FSMs that can be initialized or reset via sanity circuit inputs to PR and
CL overrides of the flip-flops, asynchronous FSMs must be initialized or reset by using
sanity circuit inputs to the gates of which the NS logic is configured. The sanity circuit
shown in Fig. 11.28 presented in connection with synchronous FSMs applies here also.
Figure 14.31 illustrates the means by which an asynchronous FSM must be initialized or
reset. Figure 14.31 a applies to an active low output from the sanity circuit while Fig. 14.3 Ib
