Metastability is one of the major concerns in complex designs involving multiple clocks/resets. Modern designs often have multiple resets i.e., power on resets, soft resets, debug resets, low power & local/global resets. Different resets may be asserted at different times, such that one part of the design is reset while the other part is still functionally operational. Any metastable value arising at the interface can result in erroneous functionality, which might be very crucial, for example in secure applications. Reset domain crossing (RDC) is a scenario where in sequential logic, where the source & destination flops operate on different resets, the destination flop is susceptible to corruption when the source reset is asserted but the destination reset is not and hence resulting in data transition at the destination flop. Reset paths are untimed and not guaranteed to meet within a clock period, resulting in metastability at the destination flop. Hence, it is needed to identify these scenarios in the design and include appropriate measures to ensure that the design properly handles metastable situations.
This article presents a secure hardened implementation to handle reset domain crossing. The implementation uses a reset generation request from the reset generation module to gate the clock of the destination flop prior to reset assertion. The clock (for the destination flops) is re-enabled only after ensuring that all the transitions triggered by reset assertion have settled to safe values.