Recovery and removal checks

Recovery and removal checks are associated with deassertion of asynchronous reset. The assertion of reset causes the output to get reset and deassertion transfers the control of output to clock signal; i.e., deassertion of reset does not change the output as we discussed in post synchronous and asynchronous resets. However, to ensure that the design comes out of reset in deterministic cycle and to avoid metastability, there must be a region around arrival of clock edge within which reset must not be deasserted. This is similar to setup and hold timing checks, the difference being that:
Setup and hold checks are associated with synchronous data signals for a flop and are applied to both rise and fall transitions of data. Recovery and removal checks, on the other hand, are for asynchronous reset transitioning from active state to inactive state only (deassertion of reset).

Recovery check: Recovery check ensures that the deasserted reset signal allows the clock signal to take control of the output at the desired clock edge. For this, reset signal must be stable at least "recovery time" before the active clock edge. Recovery time is the minimum time required between the deassertion of reset signal and arrival of clock edge. This can be modelled similarly as a setup check with the difference of it being a single sided synchronous check only.

Removal check: Removal check ensures that the deasserted reset signal does not get captured on the clock edge at which it is launched by reset synchronizer. For this, reset signal must be stable at lease "removal time" after the active clock edge. Removal time is the minimum time required between the arrival of clock edge and the deassertion of reset. This can be modelled similarly as a hold check with the difference of it being a single sisded synchronous check only.

Synchronous and asynchronous resets

In the post reset basics, we discussed the need of having reset and the strategies used by designers related to reset. One of the decisions that designers need to finalize is to choose synchronous vs asynchronous reset strategy. Each of these reset strategies is capable of achieving the purpose of a reset. A design may also have a mixed approach in which a part of the device is driven by synchronous reset and another part has an asynchronous approach to reset. In this post, we will be discussing the pros and cons of each.
  • Synchronous reset: If the reset affects the state of the design only on the active edge of the clock, we term it as a synchronous reset signal. A synchronous reset is fed into the D fanin cone of a flip-flop. Figure 1 below shows a sample design with synchronous reset.

Generally, the reset signal must be closest to the target flip-flop in order to have least number of gates. If the reset of above figure is restructured, one AND gate must be converted to two AND gates to have the reset propagated to the target flip-flop in all situations. But this kind of data path results in increased data path for other critical functional paths. So, synthesis tool needs to take intelligent decision of gate count vs critical signals' timing.
Synchronous reset generation results in smaller flip-flops, but the combinational gate count grows as reset must be applied through combinational logic only.
We can afford to have glitches in reset signal as long as it is meeting setup and hold timing. Therefore, if reset signal is generated by a set of internal logic conditions, synchronous reset is the only goto as there will be glitches formed upon mingling of different conditions. 
Reset pulse must be big enough to get captured at the active clock edge target registers. For example, if the register gets launched on a clock of period 5 ns and is targetted for a flip clop receiving a clock of period 20 ns, there is a chance of getting the reset pulse not getting captured. So, there will be a requirement of a pulse stretcher circuit.
There are further complexities when clock gating is implemented to save power. If the clock is gated, you cannot force the design into reset state. Only asynchronous reset can work in that scenario. 
  • Asynchronous reset: If the reset affects the state of the design asynchronously; i.e., whether or not clock is running, then the design is said to have asynchronous reset.
For designs with asynchronous reset, datapath is independent of reset signal. So, logic levels in datapath are less. This means that we can achieve higher frequency using asynchronous resets.
The design can be reset even when clock is gated. Also, no work arounds are needed during synthesis as in case of synchronous resets.
An asynchronous reset signal needs to be glitch free. Even a small glitch on reset signal can reset the design.
For a flip-flop with asynchronous reset, assertion of reset resets the flip-flop asynchronously. Deassertion of reset leaves the output of flip-flop unchanged. The state of flip-flop will change only on arrival of next clock pulse. There can be two scenarios:
  1. Clock is gated during deassertion of reset: In this case, we can safely deassert the reset and ungate the clock some time after deassertion.
  2. Clock is running during deassertion of reset: In this case, we need to take care of the recovery/removal timing of deassertion of reset. The deassertion of reset must be synchronous with respect to clock. Reset synchronizers are needed to synchronize the deassertion of reset signal.

Figure below shows the timing waveform for assertion and deassertion of asynchronous reset. As we can see, the assertion of reset causes the output to go to '0', whereas deassertion waits for the clock edge to arrive and cause the output to change.