The Boolean satisfiability problem (SAT) 
I. Introduction
Many electronic design automation (EDA) problems can be cast as instances of Boolean satisfiability (SAT): given a Boolean function , find an assignment such that or prove that no such assignment exists. The function is typically expressed in conjunctive normal form (CNF) and the problem is usually solved by a backtracking search algorithm that systematically explores the n-dimensional Boolean space of the variables. Even though it is well known that SAT is NP-complete, recent advances in this field, e.g. [1] [13] [14] , have made it possible to apply SAT to problems of considerable size.
Incremental satisfiability was first considered in [7] but its application was limited to solving one large problem by partitioning it into m partitions where m is the number of clauses and solving them incrementally by adding one clause at a time. In this paper we propose a modification to the incremental satisfiability problem suggested in [7] , and a corresponding modification to the search algorithm, to address a situation that frequently arises in many application domains. The incremental satisfiability (ISAT) problem is: determine the satisfiability of each function in a set of m Boolean functions that share a
but have different suffix functions . We will refer to each such function as an extension of the common prefix . This problem can be obviously cast and solved as m independent SAT problems. Significant computational savings can be realized, however, by solving them "together." Specifically, a solution is found for the common prefix, which is then extended or slightly modified to obtain solutions to each of the m extensions. The maximum benefit from such an approach accrues when is unsatisfiable since that obviates the need to even consider the suffixes to prove that all of the m extensions are unsatisfiable. The satisfiability of , on the other hand, is a necessary but not sufficient condition for the satisfiability of its m extensions. The potential savings in this case are harder to predict. In particular, significant savings are still possible if the solutions to each of the m extensions can be found by augmenting the partial solution obtained for the prefix with assignments to previously unassigned variables. A more likely scenario, however, is that the solution to at least some of the extensions can only be obtained by reversing existing assignments in the solution found for the prefix. Fortunately, in the EDA application domain, the size of the prefix is usually much larger than the sizes of each of the suffixes. This means that the performance gain obtained by incremental SAT can be larger than the performance loss from reversing current assignments.
Boolean satisfiability has been widely used for both stuck-at fault testing [9] and delay fault testing [2] of combinational circuits. In this paper we will apply ISAT to prove the untestability of non-robust delay faults in logic circuits.
Test pattern generation for path delay fault has been researched heavily recently. Various classifications of delay faults (e.g., robust, non-robust, validatable non-robust etc.) exist. Although robust test is preferred to non-robust test in general, there have been some research results that prove the importance of non-robust test [4] [12] .
It should be noted that the objective of this paper is not to advocate a certain kind of delay fault model. Non-robust delay fault generation was chosen in this paper since it allows for straightforward application of ISAT to EDA problems. This paper is organized as follows. In Section II incremental satisfiability is introduced. The application of ISAT to delay fault testing is presented in Section III. Experimental results and conclusions are presented in Section IV and Section V, respectively. A CNF formula is said to be satisfiable when there is at least one truth assignment to its variables that makes all clauses equal to 1. A CNF formula is said to be unsatisfiable when no such assignment exists.
Let us consider a case when the given Boolean function is found to be satisfiable. If a set of additional clauses which represent the function is added to , what can we say about the satisfiability of the overall function ? Note that the satisfiability of is a necessary, but not sufficient condition for the satisfiability of . Instead of "resetting" all the decisions made in deriving the solution for , we can resume the search by updating the status of the clauses in against the assignments that were made for the problem for the overlapping portion of the support set.
When we update the new clauses against the current assignment, there is no need to reverse current assignments unless some new clause becomes unsatisfied as the following example illustrates.
Example 1 Consider a prefix boolean function . A possible decision tree of the satisfying assignment for this problem is shown in Figure  1 (a). Now let us add the clauses and solve a new problem . The current assignment can be used to update the status of the new clauses. As a result, the first clause of , becomes a unit clause (an unresolved clause with only one free literal) and the second clause becomes satisfied. The resulting decision sequence after satisfying the unit clause is shown in Figure  1 (b). Now let us consider adding a different set of clauses to the prefix function. Let and . The first clause becomes unsatisfied when we update the clause with the current assignment. The conflict analysis procedure [13] will be triggered and generate a conflict induced clause , which "asserts" the value of to be 0 under the assignment .The decision sequence for this problem is shown in Figure 1 (c) with assignment . Finally let us consider adding to obtain the function (Figure 1 (d) ). Not only does the addition of function conflict with current assignments, it makes the overall function unsatisfiable under any assignment. s
III. ISAT Applied to Delay Fault Testing
Delay fault testing is performed after fabrication of an integrated circuit. There are two widely used fault models, gate delay faults and path delay faults. We will consider the path delay fault model [11] [3] in this paper.
A path delay fault models distributed fault effects on a given path which causes the delay of the path to exceed a specified limit. For each structural path, two path delay faults can be considered, rising and falling transition at the output of the path.
To detect a delay fault, it is common to apply a pair of vectors at the inputs of the circuit and sample the output of the circuit after one clock period. The interval between v 1 and v 2 must be long enough so that all signals in the circuit can stabilize.
A test for a given delay fault is called robust if the test can detect the given fault independent of the presence of other delay faults in the circuit. A test is called non-robust if the given fault can be masked by the presence of other delay faults in the circuit.
Our experimental results are based on the non-robust delay fault testing model. Note that the side input condition of v 2 for non-robust faults is exactly the same as the static sensitization criterion in timing analysis. Hence if we have an efficient way of checking static sensitizability, it can be readily used as a test pattern generator for non-robust faults.
The approach used in [2] extracts a fan-in cone for each primary output and finds a test for each path to that primary output. This improves on the simplistic path-by-path approach since extraction is performed only once for each primary output. However, both the size of each SAT problem and the number of paths for each primary output can become very large for most practical circuits.
Instead of explicitly enumerating all paths, we can use incremental satisfiability to prune away large portions of untestable faults by applying ISAT to incremental path sensitization as proposed in [5] . Consider a partial path that starts from a primary input g 0 . If the path P is untestable for delay faults, then all other paths that have P as a prefix can be removed from consideration since these faults are untestable as well. We can use depth first search when choosing paths, backtracking when an untestable fault is identified. The algorithm is illustrated in Figure 2 . We generate consistency functions which enforce consistent assignments to the inputs and output of each gate according to its functionality.
For a gate which realizes a function , we can generate the consistency function by deriving a CNF representation of . Example 2 Consider a two input AND gate . The consistency function for this gate can be derived as follows.
Consistency functions of simple two input gates are shown in Table I . Side input constraints are then added to enforce the static sensitization condition which requires side inputs to assume non-controlling values. Side input conditions of complex gates can be generated using the Boolean difference of the gate function with respect to the on-path input.
The next example illustrates the application of ISAT to the path sensitization problem.
Example 3 Consider the path with a rising input at in Figure 3 . The function that captures non-robust delay fault testability of is:
Note that these clauses consist of
• the consistency function of :
• on-path transition constraints:
• side input conditions:
can be satisfied by . Consider next path . Five additional clauses must be added to yielding: 
382
This function can easily be shown to be unsatisfiable. Hence we can conclude that all paths that extend from , namely and , are unsensitizable and can be removed from further consideration. The next set of paths considered by the incremental search algorithm would now extend through x 8 . s It is worth noting that there are other approaches to identify non-robust untestable faults such as [6] [10] which use logic implication to identify untestable faults. Even though they are substantially faster than the methods which target paths, they are not complete in that they cannot guarantee 100% identification of untestable faults. A similar method is used in [8] to identify robust dependent and functionally unsensitizable faults.
IV. Experimental Results
The prototype of the presented algorithm is implemented in C++ and integrated with the SAT solver GRASP [13] . It was run on a workstation with Intel Pentium II 300 MHz CPU and 256 MB of memory running Linux. The result of the experiment is shown in Table II .
The first four columns present general information about the benchmark circuits. In the remaining columns, the number of SAT calls and average problem size in terms of number of variables and clauses for both incremental method and the method in [2] are presented. Average execution time per each SAT call as well as total execution time is also reported.
We implemented the algorithm used in [2] for comparison with our method within our framework; for each path in a circuit, we identify a corresponding formula, add constraints clauses and solve the SAT problem. Note that in the actual implementation, the CNF formula for the entire circuit is generated only once.
From the experimental results, we can observe that the savings we gain by using incremental satisfiability accrue for circuits with a large number of untestable faults such as s713, s1238, s1423, s9234.1 and below.
Note that our method can generate complete test sets for three circuits (s13207.1, s38417, s38584.1) which we could not finish within the given time limit (30,000 seconds) using the explicit path enumeration method.
It is also worthwhile to note that even though our method requires more SAT calls in general, the time per each SAT call (reported in milliseconds in the table) of our method is significantly smaller than that of the explicit method because TA B LE II: Ge ne rat i on of non -ro bu st t est s fo r t he co m bi n at i ona l p ort i on of I SC A S 8 9 ci rc ui t s 383 of the application of ISAT which uses the decision sequence from previous problems. Also note that average problem size in terms of number of clauses and variables of incremental method is substantially smaller than that of explicit method. Although the size of a SAT problem is not necessarily a measure of the difficulty of the problem, it is generally considered that larger SAT problems are harder to solve than smaller problems.
V. Conclusions
In this paper, we presented a method of solving incremental satisfiability problems (ISAT) which can check the satisfiability of a family of related functions. The application of ISAT to delay fault testing is also presented. Promising results were obtained when we applied this method to the generation of non-robust tests for the combinational part of ISCAS 89 benchmark circuits.
Incremental satisfiability can be applied to the problems in other EDA domains, such as timing analysis and logic verification. We are currently working on applying this method to timing analysis of sequential circuits.
Also, the application of ISAT is not limited to solving CNF based satisfiability problems but can be applied to problems where there are general constraints on Boolean variables that are not expressed in CNF. We are presently implementing the extension of ISAT to general constraints.
