Functional Justification in Sequential Circuits using SAT and Craig Interpolation Matthias Sauer * Stefan Kupferschmid * Alexander Czutro * Ilia Polian † Sudhakar Reddy ‡ Bernd Becker * * Albert-Ludwigs-University Freiburg Georges-K¨ ohler-Allee 051 79110 Freiburg, Germany { sauerm | skupfers | aczutro | becker } @informatik.uni-freiburg.de † University of Passau Innstraße 43 94032 Passau, Germany ilia.polian@uni-passau.de ‡ University of Iowa 5324 Seamans Center Iowa City, United States reddy@engineering.uiowa.edu Abstract—Test pattern generation for sequential circuits ben- efits from scanning strategies as these allow the justification of arbitrary circuit states. However, some of these states may be unreachable during normal operation. This results in non- functional operation which may lead to abnormal circuit be- haviour and result in over-testing. In this work, we present a versatile approach to solve the line justification problem without the use of scan. Based on recent advances in SAT-based test generation, the presented method utilises a model-checking solver for invariant properties that relies on the theory of Craig interpolants. The method yields the shortest possible functional justification sequence, or it proves that such a sequence does not exist. We present detailed experimental results on the reachability and initialisation of sensitisable paths. I. I NTRODUCTION Scan-based manufacturing tests are universally used to screen out defective VLSI devices. Scan allows to justify arbitrary cir- cuit states that may be unreachable and thus do not occur during functional operation. Non-functional operation during test is known to not only cause abnormal switching activity, which causes power dissipation and supply-voltage droops, but also to sensitise non-functional paths [1]. These effects may lead to yield loss as good devices could fail the manufacturing test [2]. One way to avoid non-functional operation during scan-based test is to scan in only states that are reachable from the reset state or from a state reached after circuit synchronisation [3]. A simulation-based test generation procedure to compute such tests for transition-delay faults was investigated in [4] and a sequential ATPG-based procedure was proposed in [5]. Other previous works on reachability in sequential circuits are often based on probabilistic methods. [6] and [7] combine random simulation with a BDD-based approach to compute the complete set of reachable states. However, these methods scale poorly as the search space grows exponentially with the number of flip-flops. Furthermore, it is not possible to directly obtain the necessary assignments required to get into a reachable state. In [8] a genetic algorithm is used for sequential ATPG. However, due to the randomness of evolutionary approaches, that method is heuristic and hence not complete. Previous related SAT-based approaches [9], [10] do not consider the properties of multiple-time-frame environments with justification requirements on internal circuit lines. Also, the identification of unsatisfiable justification requirements poses a This work has been supported by the German Research Council (DFG) as part of the Transregional Collaborative Research Center “Automatic Verification and Analysis of Complex Systems” (SFB/TR 14 AVACS, www.avacs.org), and under grants GRK 1103, BE 1176-14/2, BE 1176-15/2 and PO 1220/1-2. challenge as the search is executed until eventually an upper bound is reached. Hence, the methods suffers from scaling problems. In this work, we consider the generation of functional- justification sequences for arbitrary value assignments to lines in the circuit without the necessity of scan. For a user- defined set of such assignments, our method either generates a provably minimal sequence of input patterns that imply all the assignments, or it proves that no such sequence exists. This versatile approach based on recent advances in SAT-based test generation benefits from the sophisticated learning strategies that have been incorporated into modern SAT-solvers in the last few years. The classification of hard-to-detect and identification of redundant faults has recently been proved to be managed by SAT-based tools in a more efficient way than classical structural ATPG [11], [12], [13]. We present an approach that generates functional justification sequences that use only the primary circuit inputs starting in an arbitrary initial state to justify the requirements. The method is complete and therefore generates a sequence if one exists or proves that such a sequence can not exist regardless of the allowed number of time frames. Also, the method yields the shortest sequence possible with regards to the requirements. Here, by functional justification sequence we mean a sequence of assignments to the primary circuit inputs such that the sequence is functional and justifies the imposed circuit assignments with respect to a given initial state. This is done by formulating the problem as a model- checking problem (MC) which is passed to the CIP-solver (Craig Interpolation Prover) [14]. CIP has been originally designed for formal verification problems and matches the performance of the best pure Bounded-Model-Checking(BMC)- solvers, while providing competitive performance when proving safety properties, i.e. proving that no counter-example exists. The applicability and flexibility of the method is shown by measuring the reachability of longest sensitisable paths. Given a set of circuit paths, the approach determines the functional sensitisability of every path starting at reachable states. In addition, the method yields functional test patterns. We further present detailed experimental results on the reachability of sensitisable paths given a variety of conditions. As a second application we present the generation of initialisation sequences that start in an unknown circuit state. The remainder of the paper is structured as follows. A brief overview of Craig-interpolant-based model checking is provided