Logic and fault simulation are essential techniques in electronic design automation. The accuracy of standard simulation algorithms is compromised by unknown or X-values. This results in a pessimistic overestimation of X-valued signals in the circuit and a pessimistic underestimation of fault coverage.
INTRODUCTION
Logic and fault simulation are fundamental techniques in electronic design automation with applications, for example, in validation, test generation, and product-quality estimation.
Unknown or X-values may emerge during the design and test generation process due to black boxes in the design. During operation and test application, X-values 28:2 D. Erb et al. may be caused by uncontrolled sequential elements, at clock domain crossings, or A/D boundaries, for example. Depending on the circuit and test method, a very high fraction of signals may have X-values. During test and in particular for special test modes such as faster than at-speed test, a high density of X-values has been reported [Wohl et al. 2008; Ramdas and Sinanoglu 2012] .
Standard logic and fault simulation algorithms are based on n-valued logics with a limited number of symbols to denote the signal states in the simulation. Not all X-states, and the correlations between them, are represented accurately. Thus, reconvergences of X-values, where canceling of Xs may occur, are not evaluated correctly and the resulting signal values are not exact. The result may either underestimate the number of X-values as in the case of logic simulation using Verilog models [Turpin 2003 ] or pessimistically overestimate their number, as illustrated next.
The example in Figure 1 shows a circuit with three gates and three inputs. The simulation result of pattern (a, b, c) = (1, X, 1) with a 3-valued logic simulator is annotated to the circuit lines. The signals d, e, and f are evaluated to the unknown value X by the simulator. Simulations with b = 0 and b = 1 show that output f has the logic value 1 in both cases and, thus, its state is known. Three-valued simulation overestimates the number of signals with unknown state.
For sequential logic simulation, the problem of simulation pessimism is more pronounced since the number of signals with X-value may even increase over time. Pessimistic sequential simulation may prevent the verification of reset or initialization sequences that target the initialization of a design from an unknown or partially unknown state [Keim et al. 1996] .
For fault simulation, well-defined logic values are required for fault activation and propagation. In consequence, fault simulation algorithms based on n-valued logics like the parallel pattern single fault (PPSFP) or the concurrent algorithm [Ulrich and Baker 1988; Waicukauski et al. 1985; Antreich and Schulz 1987; Lee and Ha 1991] 1 pessimistically underestimate the number of detected faults since logic simulation overestimates the number of X-valued signals. The number of potentially detected faults is overestimated, which may skew the fault coverage since a fraction of potentially detected faults is often counted as detected in commercial tools [Rudnick et al. 1996] . Both inaccuracies impact product quality and may increase test overhead and cost.
For the example in Figure 1 , the input stimuli cannot detect any stuck-at fault in the circuit based on 3-valued analysis. Yet, the actual value of output f is known and thus the pattern is indeed a test for the stuck-at 0 fault at f .
If X-values propagate into compaction logic as found in embedded deterministic test (EDT) or built-in self-test (BIST) environments, the response signature may be corrupted. X-blocking, X-masking [Naruse et al. 2003; Tang et al. 2006] , or X-tolerant [Mitra and Kim 2004] design-for-test structures try to remedy the problem at increased hardware overhead or reduced response compaction ratio. A pessimistic analysis of 1 In the following they are referred to as 3-valued fault simulators.
X-values further increases this overhead and may cause overmasking of failure data with impact on diagnosability.
This work presents algorithms for exact combinational and sequential logic simulation as well as for exact fault coverage computation for stuck-at and transition faults. The algorithms are free of any simulation pessimism and compute the exact result in presence of X-sources in the circuit. For the example of Figure 1 , the proposed fault simulation algorithm also identifies the detection of the stuck-at 0 fault at signal a by the given pattern.
The reduction of the pessimism of logic and fault simulation has been targeted in previous work using heuristics, formal reasoning, or a combination thereof.
Heuristic approaches are typically very fast, but cannot provide the exact result. Proposed methods include circuit analysis like static learning [Kajihara et al. 2004] , or partitioning and local exhaustive simulation [Kang and Szygenda 2003] . In restricted symbolic simulation [Carter et al. 1989 ], the number of symbols to express different X-values is increased, allowing to correctly evaluate a subset of reconvergences of Xvalued signals.
The exact logic simulation in presence of X-values corresponds to an NP-complete problem [Chang and Abraham 1987] . The exact solution can be computed by symbolic simulation of a circuit using reduced ordered BDDs (ROBDDs [Bryant 1986 ]), which may cause excessive memory consumption for arithmetic or larger circuits. The SAT-based approach of evaluates each reconvergence of X-valued signals for X-canceling. It provides the exact result for logic simulation, but at high runtimes for larger circuits and many X-sources. In Chou et al. [2010] , satisfiability of quantified Boolean formulae is used to identify the registers in a design that do not need to be initialized and to compute corresponding reset sequences. Reasoning about X-values also gained importance for verification of designs with black boxes. While modeling X-valued signals with 3-valued logic [Jain et al. 2000 ] only helps to distinguish the signals from those with defined binary values, an exact X-analysis based on symbolic simulation [Wilson et al. 2000; Scholl and Becker 2001] increases the accuracy of the verification task.
In fault simulation, each fault-free and faulty machine has to be analyzed per pattern, causing very high computational effort or excessive memory consumption. Therefore, the pessimism in fault simulation could only be targeted by heuristic or hybrid approaches combining heuristics and formal methods so far. This includes heuristics based on static learning [Kajihara et al. 2004] or restricted symbolic simulation [Kundu et al. 1991] . Hybrid SAT-or BDD-based fault simulation methods limit the application of formal reasoning in space or time: The SAT-based method of computes the exact result only for the fault-free circuit. The propagation of faults is evaluated pessimistically. The hybrid BDD-based method of Becker et al. [1999] restricts or even discards BDD-based symbolic simulation when memory consumption exceeds a threshold. In , an approximate symbolic fault simulation is proposed that constructs local BDDs limited in size to currectly evaluate local reconvergences of X-states. The result of these approaches is still pessimistic.
The recent progress in SAT solvers enables the exact reasoning about fault detection in presence of X-values even for larger circuits [Hillebrecht et al. 2012] . This work proposes a formal method to exactly compute the stuck-at and transition-delay fault coverage of a test set in presence of X-values. It combines heuristics and SAT reasoning to remove any simulation pessimism found in previous approaches. The state-of-theart incremental SAT solver antom [Schubert et al. 2010 ] is used to incrementally build and solve the SAT instances during analysis and reduce runtime.
Section 2 introduces the used terminology and a formal problem statement. The exact logic simulation algorithm is explained in Section 3, followed by the fault simulation in Section 4. Section 5 presents experimental results on ISCAS benchmark circuits and NXP circuits. Section 6 summarizes the article.
TERMINOLOGY AND OVERVIEW
This section introduces the used terminology and outlines the algorithms for the exact logic as well as exact stuck-at and transition-delay fault classification.
Terminology and Definitions
In 3-valued logic, the three symbols {0, 1, X} are used to represent logic value 0 (logic-0), logic value 1 (logic-1) and an unknown state, that is, either logic-0 or logic-1. Signals at which unknown values originate are called X-sources. During logic simulation of a test pattern p, a 3-valued simulator assigns logic-0, logic-1, or X to the signals. Signals with value X for pattern p belong to the set of Pessimistic-Xs PEX( p). PEX( p) can be partitioned into the sets of Real-Xs REX( p) and False-Xs FEX( p). FEX( p) contains the signals of PEX( p) which are independent from the X-sources, that is, the signals have a binary value of logic-0 or logic-1. REX( p) contains all signals which do depend on at least one X-source. In Figure 1 
These sets differ in the fault-free and in the faulty cases. Superscripts G and f are used to distinguish between the good (fault-free) and the faulty case, respectively.
In this work, definite detection (DD) and potential detection (PD) of a fault are distinguished. A fault f is definitely detected (DD) if an observable output o exists where the fault effect is visible independent of the logic value assignment to the Xsources. Let the functions v G ( p, s) and v f ( p, s) return the logic value of signal s under pattern p in the fault-free and faulty case in presence of unknown values.
The definite detection of a stuck-at-φ fault f (φ ∈ {0, 1}) at line l under pattern p is given as
where O is the set of output signals of the circuit. If f is not definitely detected, f is potentially detected (PD) if the fault is activated and an observable output o exists where the fault effect can be deterministically measured for at least one logic value assignment to the X-sources:
The definite detection of a transition-delay fault tf at line l requires the consideration of two cycles. In the first cycle, line l is driven to a defined value φ to activate the fault. For a slow-to-rise transition-delay fault, φ is logic-0 and for a slow-to-fall fault, φ equals logic-1. In the second cycle, the value of l is inverted and the resulting transition is propagated from l to an observable circuit output. This corresponds to detecting the stuck-at-φ fault at line l in the propagation cycle. Thus, the definite detection of tf at line l under pattern pair ( p −1 , p) is given as
with O the set of circuit outputs. Similar to the potential detection requirement for stuck-at faults, potential detection of a transition-delay fault requires that the fault is activated and its effect can be deterministically measured in the propagation cycle at at least one output o for at least one logic value assignment to the X-sources:
Note that, for both stuck-at and transition-delay faults, 3-valued fault simulation underapproximates the number of definitely detected faults since 3-valued simulation overestimates the number of signals with X-values. Consequently, the number of potentially detected stuck-at or transition-delay faults provides an overapproximation.
Overview of the Exact Logic and Fault Simulation Algorithms
The exact logic simulation algorithm efficiently computes the exact signal states in a combinational circuit by use of heuristics and formal reasoning based on incremental SAT solving. Exact sequential logic simulation is achieved by unrolling the sequential circuit for the number of considered time frames.
Exact fault simulation is performed for stuck-at and transition-delay faults. The proposed fault simulation process is divided into two parts. First, the test pattern set is pessimistically simulated with a parallel pattern single-fault propagation simulator based on 3-valued logic to mark as many faults as DD as possible. Afterwards the test pattern set is simulated by the exact stuck-at fault simulator, which performs an exact logic simulation of the fault-free circuit per pattern, and then analyzes the activated faults. The algorithm distinguishes definitely detected, potentially detected, and undetected faults.
Combinational Expansion of the Sequential Circuit
Both exact sequential logic simulation and exact transition-delay fault simulation require the consideration of multiple clock cycles or time frames. Transition-delay fault simulation requires the modeling of a minimum of two time frames. Combinational expansion of the circuit model is used to create a combinational circuit model representing all required time frames. It is used as a substitute for the original sequential circuit within the simulation. The combinational part of the circuit is duplicated by the number of required time frames, that is, there are instances of the circuit for each time frame considered. The different time frames are connected to each other according to the sequential elements in the circuit and depending on the targeted simulation.
In sequential logic simulation, the value captured by a sequential element is the initial value of the sequential element in the following time frame. This also holds for launch on capture (LOC) respectively, broadside transition-delay fault simulation [Savir and Patil 1994] . For these two cases, the input to a sequential element is directly connected to the corresponding input in the next time frame.
In contrast, in the launch on shift (LOS) respectively, skewed load transition-delay fault testing, the value stored in a sequential element in a scan chain is shifted in the following time frame according to the order in the scan chain [Savir and Patil 1993] . Figure 2 shows a sequential circuit and the two possible combinational expansions. The first type of expansion is used for functional sequential simulation as well as fault simulation of LOC tests. The second type is used for fault simulation of LOS tests.
If a sequential element is controllable in a time frame, it serves as a primary input to the respective signal in the time frame. If the value it captures is observable, then it serves as primary output of the corresponding time frame.
EXACT COMBINATIONAL AND SEQUENTIAL LOGIC SIMULATION
The exact logic simulation is performed using either the original combinational or the combinational expansion of the circuit under simulation. It consists of two consecutive steps. In the first step, a restricted symbolic simulator and a 2-valued logic simulator are used as heuristics to classify a high number of REXs, FEXs, and FEX candidates at low computational cost. In the second step, the set of FEX candidates is formally analyzed. For the formal proof whether an FEX candidate is a REX or not, the stateof-the-art incremental SAT solver antom [Schubert et al. 2010 ] is utilized. Figure 3 depicts the flow of the exact logic simulation.
Heuristic Analysis
In the heuristic analysis, the pattern p is simulated using restricted symbolic simulation (RSS [Carter et al. 1989] ) and 2-valued pattern parallel simulation of randomized assignments to the X-sources to classify as many signals as REX, FEX, and FEX candidates as possible. The gates of the circuit are processed in topological order and, for each gate, RSS and 2-valued simulation are performed. The identified FEX candidates are later classified using SAT reasoning.
In RSS, for each X-value at the X-sources a unique symbol X i is introduced in addition to the two symbols for logic-0 and logic-1. Hence, X-values from different X-sources are distinguishable. Furthermore, each X-symbol can be negated. This allows the correct evaluation of simple local reconvergences of X-valued signals and increases accuracy compared to 3-valued simulators. For the example in Figure 1 , RSS correctly computes the output value at f as logic-1, since the symbol X b introduced at X-source b is correctly tracked at d as ¬X b and at signal e as X b . Hence, the reconvergence is exactly evaluated to logic-1. Thus, RSS identifies a subset of FEX 
Classification of Remaining FEX Candidates
The FEX candidates computed in the previous step for pattern p are exactly classified by use of an incremental SAT solver. Input to the SAT solver is a Boolean formula in conjunctive normal form (CNF) which maps the classification of a signal to a Boolean satisfiability problem.
For each FEX candidate s, it is already known that all 64 random assignments to the X-sources force s to value v k s (0 ≤ k ≤ 63) of either logic-0 or logic-1. Signal s is a FEX if and only if it can be proven that s cannot have the complementary value ¬v k s for any assignment to the X-sources. Thus, the Boolean formula is constructed such that it is satisfiable if and only if s can be driven to ¬v k s . If the formula is satisfiable, s depends on the X-sources and is classified as REX. Otherwise s is independent of the X-sources and classified as FEX.
In the following we provide additional details on the generation of the SAT instances. The FEX candidates are evaluated starting from the X-sources in topological order. To increase efficiency, the SAT instance is extended incrementally for each FEX candidate, exploiting the result from the simulation step as well as learned knowledge from analysis of previous FEX candidates.
To check whether s can be driven to ¬v k s , the characteristic equations of the gates in the adjustment cone, respectively, transitive fanin, of s are translated into CNF and added to the SAT instance. This is done using the Tseitin transformation [Tseitin 1968 ]. The size of the resulting SAT instance is reduced by only considering those gates that have been classified as REX or FEX candidate for pattern p. The CNF for the adjustment cone of a signal s is created recursively as outlined in Algorithm 1.
This SAT instance is extended by a temporary unit clause with only one literal (called assumption) for FEX candidate s, which constrains the value of s in the search process of the SAT solver. If the value of s in the pattern parallel simulation was v s = [0, . . . , 0], the assumption {s} is added to constrain the SAT search to assignments to the X-sources which imply s to logic-1. If the instance is satisfiable, s belongs to the set REX. Otherwise s is a FEX with value logic-0 and v G ( p, s) is updated. In the latter case, the unit clause {¬s} is added permanently to the SAT instance to reduce runtime for subsequent calculations of the SAT solver. Correspondingly, if the value of s in the pattern parallel simulation was v s = [1, . . . , 1], the assumption {¬s} is added. During exact simulation, the algorithm maintains a lookup table derived from the result of the RSS step. The table contains the information if a symbol for an X-state assigned to signals during RSS is a logic-0, a logic-1, or a REX. Before analyzing an FEX candidate s using the SAT technique, a fast lookup is performed to check whether the corresponding symbol X s has already been computed. If the classification for X s is already known, s is set to the corresponding state. Otherwise, s is classified as described before. This effectively restricts the use of the SAT solver to signals at which REX values converge.
EXACT STUCK-AT AND TRANSITION-DELAY FAULT SIMULATION
The exact stuck-at fault simulation classifies a set of target faults as definitely detected, potentially detected, or undetected for a test set in presence of unknowns. It uses the heuristics and formal SAT reasoning explained in the previous section. An overview of the fault simulation of a pattern p is given in Figure 4 . Three-valued fault simulation is used to mark as many target faults as possible as DD. For the remaining faults, an exact analysis is conducted.
The exact analysis starts with the exact logic simulation of the fault-free circuit for pattern p to compute the set of activated faults. These faults are then analyzed serially. For the fault simulation of an activated fault f , f is injected into the circuit model. The algorithm then proceeds in two phases, similar to the fault-free approach: a heuristic simulation and an exact calculation step. During the simulation step the behavior of the faulty circuit is simulated in event-driven manner by RSS and 2-valued pattern parallel logic simulation that evaluates random assignments to the X-sources. If the results of the simulations allow the fault classification as DD or undetected, further analysis is not required. Otherwise, the SAT solver is invoked for analysis of the outputs of the faulty circuit. Internal signals in the faulty circuit do not need to be considered since the values at observable outputs are sufficient to reason about fault detection. 
Fault Analysis by RSS and Pattern Parallel Simulation
For an activated fault f , the circuit outputs o 1 , . . . , o k in the propagation cone, respectively, transitive fanout, of f are analyzed using the results of the faulty circuit simulations. According to Section 2.1, we only consider outputs o i which have a defined value in the fault-free circuit v 
, o i is added to O possPD since it may be an output at which the fault can be potentially detected. If the exact analysis reveals that o i is a REX, then f is a PD, otherwise f cannot be detected at o i at all.
Fault Classification by SAT Reasoning
If the set O possDD is not empty, the output values in the faulty circuit are iteratively derived using the incremental SAT solver. This is similar to the fault-free case. An SAT instance is constructed which is satisfiable iff the considered output is a REX (see Section 3.2). If output o i belongs to REX f ( p), o i is removed from O possDD and added to O PD . In the other case, the fault is marked as DD, because
is true. Thus, the fault is detected for all logic value assignments to the X-sources. Then the next stuck-at fault is analyzed.
If O possDD is empty and O PD is not empty, the stuck-at fault is marked as PD and the algorithm proceeds with the next stuck-at fault.
If the current fault is neither marked DD nor PD and O possPD is not empty, the SAT solver is used to determine if one of the outputs in O possPD belongs to REX f ( p). Note that this step is performed only if the fault is not yet marked as PD. If one output of O possPD is a member of REX f ( p), the fault is marked as PD. In the case that all outputs in O possPD belong to FEX f ( p), the fault remains unmarked and undetected.
Extension to Transition-Delay Fault Simulation
The exact transition-delay fault simulation requires the combinational expansion of the sequential circuit model as outlined in Section 2.3 and an extension of the fault simulation algorithm introduced previously. According to the definition in Section 2.1, a transition-delay fault is detected if:
-the activation value φ stipulated by the fault model is justified at the faulty signal line in the activation cycle, and -the stuck-at fault that describes the behavior of the considered transition-delay fault is detectable in the succeeding propagation cycle.
The exact fault simulation algorithm is extended such that, before simulating the stuck-at fault in the propagation time frame, it is checked whether the faulty signal has the value φ in the fault-free case in the activation time frame. If the faulty signal has the value ¬φ in the activation cycle, the fault is marked as undetected under the current pattern pair. If the faulty signal has the activation value φ, the stuck-at fault in the succeeding time frame is analyzed as described before. If the stuck-at fault is detected, the transition-delay fault is also marked as detected. If the stuck-at fault is potentially detected in the propgation time frame, the transition-delay fault is marked as PD. It is marked undetected if the stuck-at fault is not detected.
EXPERIMENTAL RESULTS
The presented algorithm has been applied to ISCAS benchmarks and large industrial circuits from NXP. The experiments were run on an Intel Xeon CPU with 3.3 GHz. The following two sections discuss the pessimism of classical combinational and sequential logic simulation algorithms. Section 5.3 discusses the increase in fault coverage in exact fault simulation, the trade-off between runtime and accuracy by use of timeouts, and the impact of clustered X-sources.
Reduction of Unknown Output Values
The exact logic simulation algorithm of Section 3 efficiently computes the exact output values of the circuit for a test set. This is in particular important for BIST and EDT environments to avoid unnecessary DFT overhead for X-masking or X-blocking structures, and overmasking of FEX-valued outputs.
For the considered circuits modeling one time frame, five simulation runs are performed and averaged. In each run, a fixed percentage of the controllable circuit inputs is randomly selected as X-sources (X-ratio). Then, a test set of 1 000 random patterns is analyzed. The difference in the number of PEX outputs of a 3-valued simulation, that is, the number of X-outputs due to a standard 3-valued simulation run, and the REX outputs of the exact analysis is compared. Figure 5 (a) shows the reduction of the number of outputs with X-value for ISCAS'85 circuit c7552 for different X-ratios when the exact algorithm is used (in red). The number of X-valued outputs is reduced by more than 25% for the X-source scenarios with 1% and 7% X-sources.The reduction decreases to 0% if nearly all inputs are X-sources. The reduction of X-valued outputs is not monotonously falling as different X-ratios and input patterns may lead to different numbers of reconvergences within the circuit and therefore also to different numbers of outputs showing an unknown value. Hence, it may happen that an increased X-ratio leads to additional reconvergences of X-valued signals. This may cause X-canceling at the reconvergences and a reduction of outputs with X-value compared to 3-valued simulation. The figure also shows the reduction of X-valued outputs for restricted symbolic simulation (RSS, in blue) and the approximate combinational BDD-based method of (in black): Restricted symbolic simulation and the approximate method of are able to reduce the pessimism of 3-valued combinational logic simulation and compute better lower bounds for X-propagation in the circuit, but in general they fail to provide the exact result.
Similar experiments have been conducted for other circuits as well. In Table I , we present the reduction of X-valued outputs of the proposed exact method for the case of 5% X-sources. Column "Circuit" contains the circuit name. Columns "PEX" and "REX" show the absolute number of unknown values at the outputs for the test set computed by 3-valued simulation, respectively, the exact algorithm. In a BIST architecture, only these REX outputs have to be masked for the computation of a signature. The last column in the table contains the reduction of X-values at the circuit outputs. On average, the number of X-values is reduced by 20.2%.
Exact Sequential Logic Simulation
For sequential ISCAS'89 and NXP circuits, additional experiments considering multiple time frames have been conducted to assess the pessimism of 3-valued sequential Table I . Reduction of X-Values at the Outputs for 1 000 Test Patterns and 5% X-Sources simulation for a given number of time frames. Five simulation runs considering a set of five input pattern sequences and 100 time frames were performed. In each run, 1% or 2% of the flip-flops in the first time frame have been randomly selected as X-sources. . If p = 1, then all PEXs computed by 3-valued simulation are actually classified as FEX by the accurate simulation and have a binary value. As shown in the figure, simulation pessimism increases during the first few cycles and saturates at a very high level of 0.8. On average over the cycles and circuits, the simulation pessimism is 0.72 for an X-ratio of 1% and 0.71 for an X-ratio of 2%.
The figure also shows the pessimism of restricted symbolic simulation ("RSS pess."), computed accordingly. Depending on circuit structure and input patterns, the pessimism of restricted symbolic simulation may still be very high.
Exact Fault Simulation
This section presents the increase of fault coverage of a test pattern set due to the exact analysis with the proposed algorithm. Similar to the previous section, five simulation runs are performed per circuit for stuck-at as well as transition-delay faults and averaged. In each run, a fixed percentage of the controllable circuit inputs is randomly selected as X-sources. Then, the fault coverage of 1 000 random patterns is computed using 3-valued fault simulation and the proposed exact algorithm.
For circuit c7552, Figure 6 depicts the increase in fault coverage of the exact algorithm with respect to 3-valued fault simulation for different X-ratios, and the runtime in seconds. The data points indicate the increase of fault coverage if 1 000 test patterns are analyzed exactly. The exact algorithm increases fault coverage by up to 14.2%. The highest increase of fault coverage is achieved when approximately 10% of the inputs are X-sources. . Increase in stuck-at fault coverage by the proposed exact algorithm, the hybrid SAT-based algorithm , the BDD-based algorithm , and RSS with 1 000 random test patterns for circuit c7552.
The figure also shows the increase of fault coverage for three approximate fault simulation algorithms: the hybrid SAT-based method of , the BDD-based algorithm of , and fault simulation based on RSS. Compared with these approximate methods, the exact algorithm reveals that a significant number of additional faults are actually detectable with the simulated test set.
The runtime of the proposed algorithm reaches the maximum of 45s at an X-ratio of about 35%. Compared to the method of with a runtime of 2 358s, the proposed algorithm is 52.4× faster. For small X-ratios, the runtime is low since RSS uncovers many FEXs at simple X-reconvergences. If the SAT solver is required, the size of the SAT instance is small. For high X-ratios, the pattern parallel simulation of random assignments to X-sources determines most of the REX signals. Table II reports the results for stuck-at faults considering a larger set of ISCAS and industrial circuits. Due to limited space, the results are limited to the case of 5% X-sources. For each circuit, the table shows the absolute number of stuck-at faults. Column "3-val. Fsim. DD" shows the absolute number of detected faults and the fault coverage in % of 3-valued fault simulation.
The number of additionally detected faults and fault coverage increase by the exact algorithm according to Eq. (1) is given in column " Exact sim. DD." Column "Exact sim. PD" lists the number and ratio of faults marked as PD according to Eq. (2). The last column lists the runtime for the exact analysis in seconds.
The lower bound on fault coverage computed by 3-valued fault simulation ranges from 46.72 to 84.08%, with an average of 70.88%. The exact fault simulation proves that, on average, an additional 4.98% of the faults are detected by the test sets. The increase in additionally detected faults is very high for the multiplier c6288 due to high signal observability and propagation of many X-values in the pessimistic simulation. The results also show that, on average, 5.79% of the stuck-at faults are classified as potential detect. The runtime of the algorithm for the considered ratio of X-sources ranges from 0.4 milliseconds up to 210 seconds for a single pattern. Table III additionally reports the results for transition-delay faults considering ISCAS'89 and NXP circuits. Like for Table II, the columns show the absolute number of detected faults and fault coverage for 3-valued simulation, the number and coverage of the additionally detected faults by the proposed accurate simulation, as well as the number and coverage of potentially detected faults. For transition-delay faults, the lower bound on the fault coverage computed by 3-valued fault simulation ranges between 27.25 and 78.21%. On average, 3.76% of the faults are marked as potentially detected. With the proposed exact fault simulation, 6.48% of the faults are additionally definitely detected on average. The runtime for the exact analysis is notably smaller, although two time frames have to be considered. This is mainly because, for many faults, the complex output classification (refer to formula (3) in Section 2.1 and Figure 4) is skipped if the fault is not activated in the first time frame.
For all conducted tests, the allocated memory of the proposed approach was below 3.5 GiBytes. The overall runtime of the exact stuck-at fault simulation is on the order of classical 3-valued ATPG, but the proposed algorithm is able to classify faults as detected for which classical 3-valued ATPG fails to generate a test pattern. For circuit p100k, the runtime is 23% less than the runtime of commercial ATPG, while for the largest circuit p388k, the runtime is about 7× larger than the ATPG runtime. Compared to a 3-valued fault simulation, the overall runtime is 130× larger on average. Considering transition-delay faults, the differences in runtime shrink notably. On average, the runtime of the accurate approach is 7× higher compared to 3-valued fault simulation.
5.3.1. Runtime Reduction by Applying a Timeout. As stated before, the runtime can be traded off with the accuracy by introducing a timeout for each invocation of the SAT solver during the simulation. Considering stuck-at fault simulation for the larger circuit p388k (p378k) and a timeout of 5 seconds per SAT solver invocation, the runtime reduces to 173 484s (120 750s). This is 14% (29.0%) less compared to the accurate solution. The number of additionally detected faults does not change, but the number of potentially detected faults decreases by 6.42% (13.2%). A more aggressive timeout of 1 second for circuit p388k (p378k) reduces the runtime further to 169 866s (105 276s). This reduces the number of additionally detected faults by 2 (213, 0.21%), and the potentially detected faults by 7.94% (20.0%) compared to the accurate result.
5.3.2. Clustered X-Sources. In order to evaluate the impact of clustered X-sources, additional stuck-at fault simulation experiments are conducted for NXP circuits in which the X-sources are clustered. In the first experiment, the scan cells of one, two, or three randomly selected scan chains are chosen as X-sources. The results are averaged over 5 runs per circuit and X-source configuration. Table IV presents, for the different numbers of scan chains (SC) selected as X-sources, the percentage of flip-flops (FF) which generate X-values in column 4, and the results of fault simulation in columns 5 to 7. For circuit p100k and one scan chain selected as X-source, that is, 7.66% of the flip-flops generate X-values, fault coverage increases by 2.41% compared to classical 3-valued simulation. Limiting the number of X-sources to 5% (selecting a consecutive part of the scan chain), the fault coverage increases by 2.11%, which is 21.3% more than in the case of 5% randomly selected X-sources (refer to Table II ).
In the second experiment, the X-sources are clustered by the input signal name: From the inputs sorted by name, a consecutive subset of 5% of the inputs is selected as X-sources, and fault simulation is performed with 1000 random patterns. The results are averaged over five runs per circuit and X-source configuration. For circuit p100k, the fault coverage increase is 2.41% compared to 3-valued simulation, which is 38.5% more than in the case of randomly selected X-sources. A similar result is observed for circuit p141k, where fault coverage increases by 5.44%, which is 74.9% more than for randomly selected X-sources.
The experiments indicate that, for clustered X-sources, exact logic and fault simulation as proposed here yield even better results than for randomly selected X-sources since clustering further increases the pessimism in classical simulation algorithms.
CONCLUSIONS
The work presented the first stuck-at and transition-delay fault simulator, that is able to calculate the exact fault coverage of a test pattern set in the presence of unknown values. The simulator employs logic and restricted symbolic simulation to classify as many signal states as possible without invoking formal SAT reasoning. Incremental SAT solving is utilized only to exactly analyze the remaining signal states. The usage and runtime of the SAT solver and the size of the CNF formulae are strongly reduced by considering the simulation results and employing incremental SAT techniques. The runtime can also be traded off against accuracy by use of timeouts. The algorithm is able to handle large industrial circuits. The results show that, in presence of unknown values, fault coverage is significantly increased by an accurate analysis, without increasing the number of test patterns.
