Vishvabhusan Pati is a senior staff engineer and manager at Qualcomm, where he’s involved in design work and formal and semi-formal design verification. In this Q&A interview, he discusses advantages and limitations of formal equivalence checking, and describes his experience with automated Engineering Change Order (ECO) handling with the Cadence Encounter Conformal ECO Designer.
Q: What kind of verification work does your team do, for what kinds of chips?
A: Typical of many design flows, we do vector-based simulation and semi-formal equivalence checks together. Our designs go into chips that are targeted towards wireless applications.
Q: What are your biggest challenges from a verification perspective?
A: First, complete and comfortable verification of complex designs involving digital and non-digital sections, and designs with aggressive power saving techniques. Second, formally and semi-formally verifying the correctness of designs that are becoming exponentially more complex.
Q: How, and why, do you use formal equivalence checking?
A: Our formal equivalence checking methodology is generally tool based. The methodology is used to augment design coverage that would otherwise be done through gate-level simulation, and to test causes and conditions that are not covered in simulation.
The biggest reason for using equivalence checking is the advantages it has over simulation. The methodology relies on mapping a reference design to a DUT [device under test] that is meant to be a replica of the reference through a tool-based transformation, such as a netlist generated out of synthesis or after place and route. They can then be compared for “likeness.” When done well, this will indicate whether every part, element, or cell of the DUT is functionally identical to the reference design. While a very large number of identical test cases and amount of test time would be required to simulate both the reference and the DUT, formal equivalence checking can do the job more completely as well as faster.
Limitations of equivalence checking, in my understanding, include the difficulty of mapping today’s complex designs to mathematical entities for formal comparison, particularly when today’s synthesis and place and route tools perform design transformations through unforeseen optimizations. Other limitations include problems caused by state-of-the-art power saving techniques, and the mapping of complex library cells that are custom designed for high performance.
Q: Did you use a manual ECO flow before using Conformal ECO? What were the problems?
A: We have traditionally used a manual ECO flow. Timing ECOs are still often done manually or inside of placement and routing. For functional ECOs, the problems of manual ECOs are very well known – large turnaround time for the ECOs, the need for netlist expertise, and limitation of the type of ECOs to simple non-state-machine kinds, cell additions, or simple arithmetic.
Q: How does Conformal ECO automate the functional ECO process? What are the advantages?
A: Conformal ECO provides an environment to perform the equivalence checking and ECO process together in a unified manner. Once the upfront setup is completed, both tasks can be performed in one run. In fact, the generation of ECO changes to the netlist is an extension of the equivalence checking. Generating the ECO netlist through the GUI has worked best for us.
As for advantages, getting an ECO done does not require an ECO expert, since the tool is the expert here. This does, however, bring in the requirement of getting well acquainted with the tool. In principle, very complex ECOs can be handled. This would be practically impossible if attempted manually.
What has not gone so smoothly is working with complex designs with multiple power domains and clock-gating controls. However, in principle, it works well.
Q: What advice would you give other engineers about formal equivalence checking and ECO handling?
A: As a regular user of formal equivalence checking, I would encourage users to use this formal technique wherever possible, to increase confidence in the fidelity of tool-generated netlists against their reference implementations. Now that tool-generated ECOs are possible, I would certainly recommend that flow.
However, I would encourage users to use their ingenuity. Understanding the tool, along with its strengths and limitations, makes for successful usage. Use appropriate constraints in equivalence checks to get the best results. Understand which warnings are important and which are safe to ignore. In the ECO process, manually cross-check the number and type of cells introduced. When attempting tool-based ECOs, always try to analyze the netlist. Roughly estimate the number of cells a manual ECO might add and compare with the tool-generated ECO. Watch out for cloning clock-gating logic or missing isolation logic in the ECOed netlist.