ABSTRACT
INTRODUCTION
Recently, there has been a lot of interest in using the automated test pattern generation (ATPG) based schemes in logic optimization, which explore the redundant wires [10] . Further, implementation verification techniques based on simulations, place special emphasis on wire replacement errors in a netlist. The wire error modeling and detection, as well as the redundant error identification, are used in such verifications and logic optimizations. Design errors are often the results of changes introduced manually or even during the automated synthesis [1] . The most common errors of that kind are gate or wire replacements which belong to the design error models proposed in [1] and [2] . A fault model is a necessity when verification is performed by simulations. It has been reported in [2] that by applying modern design flows, 98.9% of all design errors of a common processor, and 94.2% of errors in floating point units are caused by gate or wire replacement errors.
A detecting capability and running time of the simulation-based verification is seriously impaired by redundant faults. Simulations alone cannot deal with that problem, unless applied exhaustively.
In this paper we propose novel procedures for identifying redundant wire replacement faults. Safe approximations to local don't cares are used to identify faults that are either likely to be redundant or detected by standard s-a-v methods. In Section 3 we construct an exact identification of replacement faults using an all-SAT formulation. In addition to identifying redundant wire replacements for the verification purposes, such information can be used to improve the process of circuit optimization. Our approach to redundant wire identification can be applied to such logic optimizations.
Majority of rewiring techniques are based on s-a-v ATPG. However, as the rewiring faults differ from s-a-v faults, and the redundant wire detection requires that both s-a-0 and s-a-1 faults at that wire are redundant, each identification of such a redundant wire requires two runs of ATPG. Additionally, ATPG algorithms are optimized for quick deterministic vector generation, rather than for identifying the faults that are redundant.
Similarly, verification by test vectors relies on full testability of all possible design faults considered. This application also critically depends on the ability to detect redundant faults from a fault model.
WIRE REPLACEMENT FAULTS
Wire replacements are used both in synthesis [3] , [4] , [9] , [10] and verification, [1] , [2] applications. Many recent advances in synthesis are due to the rewiring approach, where selected wires are chosen for the replacement, in the attempt to find a better implementation for logic at nodes considered. It is recognized [9] that the rewiring techniques critically depend on quick identification of redundant faults.
Rewiring or insertion of design-for-testability (DFT) elements like scan, test points or Built-in Self Test (BIST) are post-synthesis steps, as they are performed on the originally synthesized netlist, and generally affect small areas of the design. They often require human interaction, and can potentially result in errors, such as wrong wire connections, missing/added gate or wire, etc. Hence, there is an obvious need to verify whether such errors were introduced to the final netlist. In the remainder of this paper we discuss the detection of wire replacement errors in combinational networks. We are interested only in the errors that do not create cycles, which are easy to detect.
We can classify wire replacements into two categories. The first one deals with errors affecting I/O port connections. I/O ports in this context can be either primary I/O pins, or can represent ports of internal complex blocks (cores) such as adders in the datapath architecture. Detection of these errors is discussed in detail in Section 4. The second category describes errors causing one or more internal wires in the circuit to be wrongly connected to nodes. We distinguish two types of such replacements. A redundant replacement is a substitution that does not change the original function of the circuit. Unlike a s-a-v fault, which permanently ties a signal to either 0 or 1, the polarity of an error caused by a replacement fault depends on stimuli. To deal efficiently with such faults, we seek new redundant fault identification methods.
Redundancy Detection by Don't Cares
Although single port wire errors (SPWEs) and Internal wire interchange errors (IWIEs) affect the wires, the fault effects are observed at nodes to which the erroneous wires fan in. Therefore, the redundancies are caused by don't care (DC) conditions at such nodes. These are either observability don't care (ODC) or controllability don't cares (CDCs) inhibiting the error detection.
Our first redundant fault identification consists of two steps, both of which can be performed in various degrees of approximation. First, we use the don't care (DC) information in the network to screen out most of the redundant faults. The use of DC subsets guarantees that no irredundant fault will be declared as redundant. For selected remaining faults, in the second step, we apply the modification of single stuck-at-fault redundancy identifications. We employ a method based on the satisfiability (SAT) formulation of the problem. Information on replacements that are to be probed by SAT is provided by DC care sets obtained in the first step. . ' Table 1 . When a stem has multiple branches, the additional index is added to the branch, as with a_ 1 , a_ 2 and x 3_2 . The functions at the nets a, b and c are given as well. Upon a replacement, these functions are interchanged, and we aim to detect the difference between the original and replaced functions, according to Lemma 1. ♦ Figure 3 
Don't Care Approximations
If we have the exact don't care sets, Lemma 1 provides us with the exact redundancy identification. Practical schemes use only the subset of DCs. ODC space requirements are the biggest, and we approximate them by compatible observability don't cares (CODCs) [8] . The advantage of ODC subsets is that the replacements affecting multiple nodes do not change the CODC value. CODCs can hence be used for multiple wire replacements. 
The distance information is used for assessing the likelihood that a fault will be redundant without applying a complete redundancy identification scheme. Further identifications can be parameterized by nonzero distance:
The small distance replacements possess the additional properties, useful in detecting redundant replacements. The distance-1 replacements (i.e., ε = 2), can be detected by sa-v identifications, as the fault will be of one polarity only.
Using SAT for Redundancy Identification
A satisfiability (SAT) solver is used for our redundancy identifications [5] . To test for a s-a-v fault in a circuit, a Conjunctive Normal Form (CNF) is constructed. This product of sums (clauses) is equal to one for all solutions; therefore the satisfying assignment is a test vector. If there is no solution, i.e., the fault is redundant, then the CNF expression is unsatisfiable. The SAT formulation for a single s-a-v fault redundancy consists of several types of clauses. Good circuit clauses represent the correct operation of a circuit. Faulty circuit clauses describe effects of a single s-a-v fault on the downstream network nodes. Active clauses are introduced to give the activation conditions of a fault. Finally, the fault site and goal clauses describe the observation and detection of the fault.
Example 3:
The following clauses are generated for a s-a-0 fault at node b of the correct circuit in Figure 3 .a. The SAT variables are associated with nodes in the network. Those with no subscripts are the good clause variables, such as x, the faulty circuit variables at the same node have the subscript f, as in x f , while the activation variables have the subscript a. The conditions for which the individual clauses are created are placed in square brackets, Table 3 : SAT Clauses for Node b s-a-0 (Figure 3 .a) This approach can be time consuming if applied to all faults. Next, we show how our DC-based algorithm can be used to filter out many cases of replacement faults.
Approximate Redundancy Identification
We can derive a SAT formulation for replacements not filtered by don't cares (DCs) using Lemma 2. The distance between the original and the replacement gate, obtained by approximate DC set, can be passed to SAT. This proximity information can represent additional criteria for creating further approximations to the problem.
By considering only the single-cube distance replacements, as in Equation 2, an efficient SAT formulation can be obtained. We first create an s-a-v SAT instance corresponding to the polarity of the single-value faults, according to Lemma 2. It is sufficient to add to CNF the 1-clauses (clauses with one literal) to restrict gate inputs to a single failing cube. Example 4: To obtain a SAT instance for replacing the OR gate from Figure 3 with an XOR gate, clauses are added to restrict the inputs to their (single-cube) assignments that differentiate the gate functions. The following 1-clauses are added to those for s-a-0 fault at node b (Example 3). 
EXACT REDUNDANCY IDENTIFICATION
The approximate solution has the advantage of reusing fast stuck-at fault methodologies, while possibly missing some redundant faults. Next, we present an all-SAT formulation that is exact. The SAT formulation uses the good circuit, faulty circuit and active clauses that are the same as in the standard single stuck-at SAT. However, fault site clauses will be augmented by an activating condition. The condition for activating a fault where function g is replaced by a function h is g ≠ h, regardless of the fault. We hence create an auxiliary node equal to l = g ⊕ h. Then, the fault location clause will assert l = 1. Figure 4 depicts the SAT formulation that is applicable for any faults affecting two nodes in a netlist.
In the case of internal wire interchange errors (IWIEs), when multiple nodes are affected, the same inequality is introduced for each node affected. The conditions at each node are OR-ed, i.e., the additional OR gate is added to assert that the difference in the faulty and fault-free circuits
1.
Generate CODC Approx. of the network 2.
for each fault (g → h){ 3.
4.
Obtain
if (detect_s-a-0_with_cube(l)) 13.
break; 14.
if (detect_s-a-1_with_cube(l)) 16.
break; 17. } 18.
simulate_fault_n_lattice_layers (g, network)} Algorithm 1: Approximate Redundancy Identification has to be present in at least one of the nodes affected, as shown in Figure 4 .b. Further optimizations are applied for replacements that do not create combinational cycles.
Figure 4: Exact SAT Formulation Lemma 3: Consider an internal wire interchange error (IWIE) at nets g and h, applied to acyclic combinational netlist that results in a faulty netlist that is still acyclic and combinational. The activating condition for a fault is to XOR the logic functions g and h of the two wires that are replaced. Then, instead of OR-ing the two XOR differences, considering only one difference is sufficient. Proof:
If there is no path between g and h, the two differences are the same, and the lemma is proven. Assume without loss of generality that the node g is downstream from node h in acyclic combinational netlist. Then, the replacement at net g, will be activated by condition l 1 = g ⊕ h, since the function g is replaced by h. The second replacement, i.e., at net h, will in general affect all the downstream nodes, including g, changing it to a function g 1 . Then, the condition for activating this wire replacement would be l 2 = g 1 ⊕ h. However, notice that if g has changed, a combinational loop was created, and the circuit is cyclic, contradicting our assumption. Hence, the node g, will not change i.e., g = g 1, and conditions at both nets affected will be g ⊕ h. Then, the overall activation condition is:
. Therefore, one XOR-ing of the nodes affected is sufficient to describe the activating conditions. ~ Figure 5 depicts the application of Lemma 3 to the condition for IWIE faults that result in an acyclic netlist. Example 5: Consider again faults in Figure 3 . For exact SAT formulations of these three faults, the activation condition are created. According to Lemma 3, the original functions at the affected node pairs (the second column in Table 4 : Activation Conditions for Faults in Figure 3 For example, the SAT formulation for F.C.2 is created by clauses for a (unspecified polarity) fault at node c (similar to those in Table 3 ), and by additional clauses that assert the activation condition (third column in Table 4 ): 
I/O PORT REPLACEMENT DETECTION
We now investigate conditions for detecting the replacements external to a block. We model such faults by Arithmetic Transform leading to their efficient detection.
Arithmetic Transform
Arithmetic Transform is a canonical polynomial representation of multi-output Boolean functions 
The following theorem, proven in [6] , uses the properties of the input space, considered as a Boolean lattice B n , to derive a test set among the top layers of the lattice. In B n , vectors belong to one of n+1 lattice layers, depending on the number of ones in a vector -the top lattice layer has n ones, etc. 
Detection of I/O Port Wire Switching Errors
I/O port wire replacement errors happen, when at least two ports of the design are wrongly connected, see Figure 6 . There errors are often caused by either manual intervention or the wrong connection declaration. A typical example is when ports of one block are declared as Little Endian, while ports of the other block are represented as Big Endian. In the case of an I/O port wire replacement error, it is easy to derive its error polynomial. .
The error polynomials are not needed explicitly to obtain the number of lattice layers required for their unique identification. Rather, the lower and upper bounds on the sizes of the possible error polynomials are used. The lower bound (switching only two inputs) is presented in Example 6. The upper bound, i.e. the case of wrongly connecting all the inputs, still results in a small AT.
The same test vector set is applied to the faults within the netlist. It detects not only the faults resulting in t spectral coefficients, but also many faults resulting in larger error spectra. Since the error spectra cannot be simply bounded, unlike I/O wire faults, there is a number of faults that are either hard to detect (and AT decoding vector set will consequently not detect them) or redundant. These faults are handled by our identification schemes.
EXPERIMENTAL RESULTS
The redundancy identification schemes have been implemented on 440 MHz SUN Ultra10 workstation with 512 MB of main memory. We used UC Berkeley SIS SAT solver and the BDD package for representing local don't care subsets. The proposed schemes were compared with respect to their running times and the performance. The exact redundancy identification finds all redundant errors for the benchmarks considered. The approximation performed almost as well, as shown in Table 5 Figure 2 , where the wire is substituted with a wire from its fanin input cone, as shown by the shaded area.
While DCs perform worst with respect to their space complexity, preprocessing can reduce the time requirements of SAT. Table 6 and Table 7 show the fault coverage of SIPWE faults for MCNC benchmarks and arithmetic circuits. In the latter 
CONCLUSIONS
In this paper, we proposed the methods for redundant wire replacement identifications. The methods differ in the level of approximation. While the exact SAT-based solution is practical, we have shown that the consideration of replacements that are within a single-cube distance from the replaced gate provides almost complete redundancy identification by the use of standard s-a-v methods. In the latter, we use the CODC subsets of local don't cares to reduce the number of cases considered, and to provide distance information. Further preprocessing to SAT procedures that exploits the properties of the test set is demonstrated. Both approaches can benefit by improvements in underlying SAT and structure-based s-a-v methods. The approximate method can completely avoid the use of SAT solvers.
We 
