## An Exact Solution to the Minimum-Size Test Pattern Problem

Paulo F. Flores, Horácio C. Neto and João P. Marques Silva

Instituto Superior Técnico
Cadence European Laboratories/INESC
R. Alves Redol, 9, 1
1000 Lisboa, Portugal
{pff,hcn,jpms}@inesc.pt

#### **Abstract**

This paper addresses the problem of test pattern generation for single stuck-at faults in combinational circuits, under the additional constraint that the number of specified primary input assignments is minimized. This problem has different applications in testing, including the identification of don't care conditions to be used in the synthesis of Built-In Self-Test (BIST) logic. The proposed solution is based on an integer linear programming (ILP) formulation which builds on an existing Propositional Satisfiability (SAT) model for test pattern generation. The resulting ILP formulation is linear on the size of the original SAT model for test generation, which is linear on the size of the circuit. Nevertheless, the resulting ILP instances represent complex optimization problems, that require dedicated ILP algorithms. Preliminary results on benchmark circuits validate the practical applicability of the test pattern minimization model and associated ILP algorithm.

### 1 Introduction

Automatic test pattern generation (ATPG) for stuck-at faults in combinational circuits is now a mature field, with an impressive number of highly effective models and algorithms [4-8, 10-13, 19, 22-24]. Furthermore, besides being effective at detecting the target faults, recent ATPG tools have aimed the heuristic minimization (i.e. compaction) of the total number of test patterns required for detecting all faults in a circuit [3, 18, 20]. In general, the degree of test pattern compaction is expected to be related to the number of unspecified input assignments in each test pattern. In addition, for applications where testing time and fault coverage requirements can only be obtained with dedicated Finite-State Machine (FSM) controllers, the computation of test patterns with a large number of unspecified input assignments may allow for significantly smaller synthesized FSMs. Indeed, if the test set is used as input to a logic synthesis tool with the purpose of synthesizing BIST logic, then by maximizing the number of unspecified input assignments, i.e. by maximizing the don't care set of each test pattern, the logic synthesis tool is in general able to yield smaller synthesized logic. Thus the maximization of the don't care set of each test pattern, or conversely, the computation of test patterns of minimum-size, can have significant practical consequences.

Nevertheless, there exists no model or algorithm in the literature for computing test patterns for which the number of unspecified primary input assignments is maximized. Accordingly, the main objective of this paper is to propose a first attempt at solving this problem. We start by formalizing the notion of test pattern minimization. We then develop a new model for test pattern generation, based on propositional satisfiability (SAT), in the presence of unspecified input assignments. Next, we derive an integer linear programming (ILP) model for maximizing the number of unspecified primary input assignments. Afterwards, we show that the model is indeed correct and analyze some of its limitations. Finally, we provide preliminary results that justify using the proposed model in medium-size combinational circuits and describe an ATPG methodology, which can incorporate the proposed model and supporting algorithm and which can also be applied to large-size combinational circuits. Besides its practical applicability, to our best knowledge this is the first *formal* non-heuristic model towards computing minimum size test patterns<sup>1</sup>.

The paper is organized as follows. We start in Section 2 with several definitions regarding combinational circuits, Conjunctive Normal Form (CNF) representations of circuits and CNF representations of fault detection problems, which are used throughout the paper. Afterwards, in Section 3, the CNF models described in Section 2 are generalized for correctly handling unspecified variable assignments. The next step is to introduce the ILP optimization model for minimizing test patterns and prove its correctness. Section 5 includes preliminary experimental results on several practical applications of the model. We conclude in Section 6 with a brief overview of future research work in the area of test pattern minimization.

### 2 Definitions

#### 2.1 Combinational Circuits

We start by introducing unified representations for circuits and fault detection problems. These representations are

<sup>1.</sup> This problem was addressed before by S. Hellebrand et al. in [9], but using a completely heuristic approach, hence not based on a formal model.



| Node x                 | x <sub>11</sub>                                        |
|------------------------|--------------------------------------------------------|
| O(x)                   | $\{x_{16}, x_{19}\}$                                   |
| O*(x)                  | $\{x_{16}, x_{19}, x_{22}, x_{23}\}$                   |
| I(x)                   | $\{x_3, x_6\}$                                         |
| <i>I</i> *( <i>x</i> ) | $\{x_3, x_6\}$                                         |
| $K_O(x)$               | $\{x_2, x_7, x_{10}, x_{16}, x_{19}, x_{22}, x_{23}\}$ |
| $K_I(x)$               | $\{x_{10}, x_2, x_7, x_1, x_3, x_6\}$                  |

(b) Stuck-at faults

Collapsed fault set size [2]

(c) Topological data for  $x_{11}$ 

Figure 1: Example circuit — C17 [2]

used throughout the paper. A combinational circuit C is represented as a directed acyclic graph  $C=(V_C,E_C)$ , where the elements of  $V_C$ , i.e. the circuit nodes, are either primary inputs or gate outputs, with  $\left|V_C\right|=N$ . The set of edges  $E_C\subseteq V_C\times V_C$  identifies gate input-output connections. We shall assume gates with bounded fanin, and so  $\left|E_C\right|=O(|N|)$ . For every circuit node x in  $V_C$ , the following definitions apply:

• O(x) denotes the **fanout** nodes of node x, i.e. nodes y in  $V_C$  such that  $(x, y) \in E_C$ .

22

- $O^*(x)$  denotes the *transitive fanout* of node x, i.e. the set of all nodes y such that there is a path connecting x to y.
- I(x) denotes the **fanin** nodes of node x, i.e. nodes y in  $V_C$  such that  $(y, x) \in E_C$ .
- $I^*(x)$  denotes the *transitive fanin* of node x, i.e. the set of all nodes y such that there is a path connecting y to x.
- $K_O(x)$  denotes *immediate fanout cone of influence* of x, being defined as follows:

$$K_O(x) = \{ y | y \in O^*(x) \lor y \in I(w) \land w \in O^*(x) \}.$$
 (1)

•  $K_I(x)$  denotes *immediate fanin cone of influence* of x, being defined as follows:

$$K_{I}(x) = \left[ \bigcup_{y \in O^{*}(x)} I^{*}(y) \right] - (O^{*}(x) \cup \{x\}) . \tag{2}$$

The set of primary inputs can also be referred to as PI, and the set of primary outputs as PO. Simple gates are assumed: AND, NAND, OR, NOR, NOT and BUFF. Finally, the number of stuck-at faults in the circuit is M, with M = O(N), since  $\left| E_C \right| = O(|N|)$ , and are numbered 1, ..., M. The example in Figure 1 illustrates the previous definitions.

## 2.2 Conjunctive Normal Form Formulas

A conjunctive normal form (CNF) formula  $\varphi$  on n binary variables  $x_1, ..., x_n$  is the conjunction (AND) of m clauses  $\omega_1, ..., \omega_m$  each of which is the disjunction (OR) of one or more literals, where a literal is the occurrence of a variable  $x_i$  or its complement  $\neg x_i$ . A formula  $\varphi$  denotes a unique n-variable Boolean function  $f(x_1, ..., x_n)$  and each of its clauses corresponds to an implicate of f. An assignment for a formula  $\varphi$  is a set of variables and their corresponding Boolean values, represented as variable/value pairs; for example  $A = \{(x_1, 0), (x_7, 1), (x_{13}, 0)\}$ . Alternatively, assignments can be denoted as  $A = \{x_1 = 0, x_7 = 1, x_{13} = 0\}$ . In general we will consider complete assignments, which involve all variables. In this situation, the value assumed by a formula  $\varphi$  given an assignment A is denoted by  $\varphi|_A \in \{0, 1\}$ . (Note that if we allow partial assignments, which might not involve all variables, the value assumed by a formula  $\varphi$  could also be X.)

The CNF formula of a circuit is the conjunction of the CNF formulas for each gate output, where the CNF formula of each gate denotes the valid input-output assignments to the gate. For an AND gate,  $x = \text{AND}(w_1, ..., w_j)$ , the resulting CNF formula is [12, 22, 23],

$$\varphi_{x} = \left[ \prod_{i=1}^{j} (w_{i} + \neg x) \right] \cdot \left( \sum_{i=1}^{j} \neg w_{i} + x \right)$$
(3)

A complete list of the CNF formulas for simple gates with an arbitrary number of inputs can be found in [22]. If we view a CNF formula as a set of clauses, the CNF formula  $\varphi$  for the circuit is defined by the set union of the CNF formulas for each gate with output x,  $\varphi_x$ :

$$\varphi = \bigcup_{x \in V_C} \varphi_x \tag{4}$$

Given the CNF formula  $\varphi$  for a circuit and an assignment A to the primary inputs, then the assignment  $A_C$  denotes the values on the circuit nodes obtained from A by implying the assignments on all gate outputs [1].

#### 2.3 Test Pattern Generation

For Automatic Test Pattern Generation (ATPG), the single stuck-at line (SSF) fault model is assumed [1]<sup>2</sup>.

**Definition 1.** We say that a stuck-at fault is *detectable* if and only if there exists an assignment of logic values to the circuit primary inputs such that the effect of the discrepancy caused by the fault (i.e. the error signal) can be observed on at least one of the circuit primary outputs (i.e. the value in the good and faulty circuit differ).

When referring to primary input assignments, or test patterns, we may in general assume that some primary inputs may be unspecified.

**Definition 2.** We define a test pattern T as an assignment to the primary inputs, such that some assignments may be

<sup>2.</sup> See [1] for ATPG definitions used throughout the paper.

unspecified, i.e.  $T = \{(x, v), x \in PI \land v \in \{0, 1, X\}\}.$ 

**Definition 3.** A test pattern T is *completely specified* whenever  $T = \{(x, v), x \in PI \land v \in \{0, 1\}\}$ . Otherwise, we say that T is said to be *incompletely specified*.

In the remainder of this section we shall assume that test patterns are completely specified. The generation of incompletely specified test patterns is addressed in Section 3.

CNF representations of circuits and fault detection problems have been extensively used and studied in ATPG [4, 12, 22, 23]. In this section we describe a simple CNF representation of combinational circuits and fault detection problems, which will be used throughout the remainder of the paper.

In the context of test pattern generation, and for capturing the fault detection problem, each node *x* is characterized by three propositional variables:

- $x^G$  denotes the logic value assumed by the node in the **good** circuit.
- $x^F$  denotes the logic value assumed by the node in the *faulty* circuit.
- $x^S$  denotes whether  $x^G$  and  $x^F$  assume different logic value [12]. We shall refer to this variable as the *sensitization status* of node x.

Given the definition of variable  $x^{S}$ , the following relationship must hold:

$$\left[\left(x^{G} \neq x^{F}\right) \leftrightarrow x^{S}\right] \Leftrightarrow \left(x^{G} + \neg x^{F} + x^{S}\right) \cdot \left(\neg x^{G} + x^{F} + x^{S}\right) \cdot \left(\neg x^{S} + x^{G} + x^{F}\right) \cdot \left(\neg x^{S} + \neg x^{G} + \neg x^{F}\right) \tag{5}$$

which basically states that the logic values of  $x^{G}$  and  $x^{F}$  differ if and only if  $x^{S}$  assumes logic value 1.

Let  $\varphi_x$  denote the CNF formula associated with gate output x. The notation  $\varphi_x^G$  denotes the CNF formula for x in the good circuit, i.e. using  $x^G$  variables, whereas  $\varphi_x^F$  denotes the CNF formula for x in the faulty circuit, i.e. using  $x^F$  variables. For a *stem* fault z s-a-v, the CNF representation of the associated fault detection problem contains the following components:

- CNF formula for the circuit, denoting the good circuit.
- CNF formula for the circuit, denoting the faulty circuit. This formula only needs to contain the CNF formulas for the nodes that are relevant for detecting the given fault, i.e. nodes in the transitive fanout of node z.
- CNF formulas for defining the sensitization status of every node in the transitive fanout of the fault site, i.e. node z. Hence, for each of these nodes,  $\varphi_x^S$  is given by (5), which requires  $x^S = 1$  if and only if  $x^G \neq x^F$ .
- Clauses that prevent each node x from being sensitized, by having  $x^S = 0$ , whenever x is not in the transitive fanout of z but at least one fanout node of x is in the transitive fanout of z, i.e.  $x \in K_O(z) O^*(z)$ . (Observe that this condition on a node x also implies  $x^G = x^F$ . Moreover, this condition permits reducing the number of  $x^F$  and  $x^S$  variables that must be considered.)

| Sub-formula/Condition           | Clause Set                                                                                                                                                                                                                          |
|---------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Good Circuit                    | $\varphi^G = \bigcup_{x \in V_C} \varphi^G_x$                                                                                                                                                                                       |
| Faulty Circuit                  | $\varphi^F = \bigcup_{x \in O^*(z)} \varphi_x^F$                                                                                                                                                                                    |
| Node Sensitization              | $\varphi^S = \bigcup_{x \in O^*(z)} \varphi_x^S$                                                                                                                                                                                    |
| Propagation Blocking Conditions | $\varphi^B = \left(\neg x^S\right) \qquad x \in K_O(z) - O^*(z)$                                                                                                                                                                    |
| Fault Activation Conditions     | $\varphi^{A} = \left(z^{S}\right) \cdot \left(\neg z^{G}\right) \cdot \left(z^{F}\right) \qquad \text{if } v = 1$ $\varphi^{A} = \left(z^{S}\right) \cdot \left(z^{G}\right) \cdot \left(\neg z^{F}\right) \qquad \text{if } v = 0$ |
| Fault Detection Requirement     | $\varphi^R = \left(\sum_{x \in PO \land x \in O^*(z)} x^S\right)$                                                                                                                                                                   |
| Detection of Fault z s-a-v      | $\varphi^D = \varphi^G \cup \varphi^F \cup \varphi^S \cup \varphi^B \cup \varphi^A \cup \varphi^R$                                                                                                                                  |

Table 1: Definition of the fault detection problem for the stem fault z s-a-v

- Clauses capturing conditions for *activating* the fault, i.e. by requiring  $z^G \neq z^F$  and by forcing a suitable logic value on  $z^G$ .
- Finally, we guarantee that the fault effect is observed at a primary output by requiring that for at least one primary output x,  $x^S = 1$ .

The formula for detecting a fault z s-a-v is summarized in Table 1 and will henceforth be referred to as the *fault detection formula*,  $\phi^D$ .

The CNF formula for fanout-branch faults can be similarly defined [22]. In addition, the model described above can be improved with additional clauses which further constrain the problem definition [4, 12, 22, 23].

# 3 Test Generation With Unspecified Variable Assignments

The SAT-based test generation model described in the previous section requires all clauses to be satisfied, hence most if not all variables must be assigned a logic value. However, we want to develop a test generation model that properly handles unspecified variable assignments, since our goal is to compute minimum size test patterns. As a result, in this section we develop models for circuit satisfiability and test generation using CNF formulas that can be satisfied in the presence of unspecified variable assignments.



(a) Interpretation of the new variables

(b) Example of unspecified assignments for C17

Figure 2: Modeling unspecified assignments

#### 3.1 Modeling Unspecified Variable Assignments

Given a circuit and its associated CNF formula or a fault f and its associated fault detection formula, the existence of unspecified assignments implies that each of the original circuit variables can now be assigned a value in the set  $\{0, 1, X\}$ . In this situation an assignment x = X indicates that x is *unspecified*, or that the value assumed by x is an unspecified assignment. In contrast  $x \in \{0, 1\}$  indicates that x is *specified*, or that the value assumed by x is a specified assignment. In this situation, an assignment A is allowed to leave variables unspecified. Furthermore, the value of a CNF formula  $\phi$  for an assignment A can also be X,  $\phi|_{A} \in \{0, 1, X\}$ .

With the purpose of deciding CNF formula satisfiability, in the presence of unspecified variables, a new set of variables is created. This basically consists of duplicating the number of Boolean variables, which is a common solution for capturing unspecified assignments [17]. (Observe that since only  $3^M$  assignments need to be considered for M variables, the actually required number of Boolean variables is  $\log 3^M$ , since there are only three possible assignments to each of the original variables. Nevertheless, considering instead  $2^M$  variables greatly simplifies the proposed model.) As a result, we propose to represent each Boolean variable x with two new variables x and x having the interpretation indicated in Figure 2-a. For this interpretation, x = X indicates that x is unspecified. The simultaneous assignment of variables x and x to 1 is not allowed, requiring the inclusion of the following constraints in the resulting CNF formula,

$$\varphi_{inv, x} = \left(\neg x^1 + \neg x^0\right) \tag{6}$$

for each node  $x \in V_C$ , where  $V_C$  represents the set of nodes in the circuit. In addition, for each basic gate type we need to define the corresponding CNF formula. However, using the ideas above, each gate input and output must now be replaced by two variables. Let us consider for example an AND gate, which will now be denoted by the generalized form  $\begin{pmatrix} 0 & 1 \\ x & x \end{pmatrix} = \text{UAND}\begin{pmatrix} 0 & 1 & 0 & 1 \\ w_1 & w_1 & \dots & w_j & w_j \end{pmatrix}$ , and which allows unspecified assignments on the gate inputs and output. Since the simultaneous assignment of any pair of variables  $\begin{pmatrix} 0 & 1 \\ x & x \end{pmatrix}$  to 1 is prevented by (6), then we just need to relate the remaining assignments. The output variable  $x^1$  can only assume value 1 whenever all input variables  $w_j^1$  also assume value 1. Hence, we can say that  $x^1 = \text{AND}\begin{pmatrix} w_1^1, \dots, w_j^1 \end{pmatrix}$ . In addition, the output variable  $x^0$ 

assumes value 1 provided at least one input variable  $w_j^0$  assumes value 1. Hence, we can say that  $x^0 = OR(w_1^0, ..., w_j^0)$ . As a result we obtain from [12, 22],

$$\phi_{u, x^{0}} = \left[ \prod_{i=1}^{j} \left( \neg w_{i}^{0} + x^{0} \right) \right] \cdot \left( \sum_{i=1}^{j} w_{i}^{0} + \neg x^{0} \right) 
\phi_{u, x^{1}} = \left[ \prod_{i=1}^{j} \left( w_{i}^{1} + \neg x^{1} \right) \right] \cdot \left( \sum_{i=1}^{j} \neg w_{i}^{1} + x^{1} \right)$$
(7)

Furthermore, the CNF formula for an AND gate with output x now becomes,

$$\Phi_{u,x} = \Phi_{u,x}^{1} \cup \Phi_{u,x}^{0} \cup \Phi_{inv,x}$$
 (8)

which properly models unspecified assignments to the inputs and output of an AND gate. Similar relations can be derived for the other simple gates. Consequently, the CNF formulas for simple gates given in [22] can be generalized by following the same approach used for deriving (7). These generalized CNF formulas are given in Table 2. As a result, and as was done in Section 2.2, we can now create the CNF formula for the circuit, one in which unspecified variable assignments are allowed. In Figure 2-b, we illustrate the outcome of applying an incompletely specified assignment to the primary inputs of C17. As can be seen, the assignments  $x_1 = 0$  and  $x_2 = 0$  represent a sufficient condition for the assignment  $x_{22} = 0$  to be observed.

### 3.2 Test Pattern Generation with Unspecified Input Assignments

We can now generalize the test pattern generation model of Section 2.3 so that unspecified variable assignments are allowed. Each circuit node x is still characterized by three variables:

- $x^G$  denoting the value in the good circuit. This variable can be unspecified, and so we use two new variables to characterize its value,  $x^{G,0}$  and  $x^{G,1}$ , with the semantic definition given earlier.
- $x^F$  denoting the value in the faulty circuit. This variable can also be unspecified, and so we use two new variables to characterize its value,  $x^{F,0}$  and  $x^{F,1}$ , with the semantic definition given earlier.
- $x^S$  denoting the sensitization status of each node. As we will justify below, the sensitization status of each node needs not be unspecified, and so its value is always either 0 or 1.

Modeling unspecified assignments in test generation requires a detailed characterization of the propagation of the fault effect. Hence, the sensitization status  $x^S$  of a node can only assume value 1 when both the values of node in the good and faulty circuits are *specified* and assume different logic values. Moreover this requirement also causes the value of a node in the faulty circuit to be specified *only* when the value of that node in the good circuit is also specified. These constraints indicate that propagation of the fault effect to a node can only be guaranteed when the values in the good and faulty circuit are specified for that node.

Consequently, the relationship between the value of  $x^{S}$  and the possible values of  $x^{G}$  and  $x^{F}$  is shown in Figure

| Gate type | Gate function                                   | $\Phi_{u,x^i}$                                                                                                                      |
|-----------|-------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------|
| AND       | $x^0 = \mathrm{OR}\left(w_1^0,, w_j^0\right)$   | $\left[\prod_{i=1}^{j} \left(\neg w_i^0 + x^0\right)\right] \cdot \left(\sum_{i=1}^{j} w_i^0 + \neg x^0\right)$                     |
| AND       | $x^{1} = AND\left(w_{1}^{1},, w_{j}^{1}\right)$ | $\left[\prod_{i=1}^{j} \left(w_i^1 + \neg x^1\right)\right] \cdot \left(\sum_{i=1}^{j} \neg w_i^1 + x^1\right)$                     |
| NAND      | $x^0 = AND\left(w_1^1,, w_j^1\right)$           | $\left[\prod_{i=1}^{j} \left(w_i^1 + \neg x^0\right)\right] \cdot \left(\sum_{i=1}^{j} \neg w_i^1 + x^0\right)$                     |
| NAND      | $x^{1} = OR\left(w_{1}^{0},, w_{j}^{0}\right)$  | $\left[\prod_{i=1}^{j} \left(\neg w_i^0 + x^1\right)\right] \cdot \left(\sum_{i=1}^{j} w_i^0 + \neg x^1\right)$                     |
| OR        | $x^0 = \text{AND}\left(w_1^0,, w_j^0\right)$    | $\left[\prod_{i=1}^{j} \left(w_i^0 + \neg x^0\right)\right] \cdot \left(\sum_{i=1}^{j} \neg w_i^0 + x^0\right)$                     |
| OR        | $x^{1} = OR(w_{1}^{1},, w_{j}^{1})$             | $\left[\prod_{i=1}^{j} \left(\neg w_i^1 + x^1\right)\right] \cdot \left(\sum_{i=1}^{j} w_i^1 + \neg x^1\right)$                     |
| NOR       | $x^0 = OR\left(w_1^1,, w_j^1\right)$            | $\left[\prod_{i=1}^{j} \left(\neg w_i^1 + x^0\right)\right] \cdot \left(\sum_{i=1}^{j} w_i^1 + \neg x^0\right)$                     |
| NOR       | $x^{1} = AND(w_{1}^{0},, w_{j}^{0})$            | $\left[\prod_{i=1}^{j} \left(w_i^0 + \neg x^1\right)\right] \cdot \left(\sum_{i=1}^{j} \neg w_i^0 + x^1\right)$                     |
| NOT       | $x^0 = BUFF(w_1^1)$                             | $\left(\begin{array}{c} u_1^1 + \neg x^0 \\ \end{array}\right) \cdot \left(\begin{array}{c} \neg w_1^1 + x^0 \\ \end{array}\right)$ |
| 1101      | $x^1 = BUFF(w_1^0)$                             | $\left(w_1^0 + \neg x^1\right) \cdot \left(\neg w_1^0 + x^1\right)$                                                                 |
| BUFFER    | $x^0 = BUFF(w_1^0)$                             | $\left(w_1^0 + \neg x^0\right) \cdot \left(\neg w_1^0 + x^0\right)$                                                                 |
| BUTTER    | $x^1 = BUFF(w_1^1)$                             | $\left(w_1^1 + \neg x^1\right) \cdot \left(\neg w_1^1 + x^1\right)$                                                                 |

Table 2: Generalized CNF formulas for simple gates

3. Entries with a '—' denote invalid value assignments, for which the CNF formula for  $x^S$  must assume value 0. Similarly to the model for completely specified assignments,  $x^S$  assumes value 1 if and only if  $x^G$  and  $x^F$  assume opposing logic values, provided that both  $x^G$  and  $x^F$  are specified. The simplification of the truth table in Figure 3 yields the following CNF formula for the sensitization status of node x,  $x^S$ :

| $x^{G}$ | $x^{F}$ | $x^{S}$ |
|---------|---------|---------|
| X       | X       | 0       |
| 0       | 0       | 0       |
| 0       | 1       | 1       |
| 1       | 0       | 1       |
| 1       | 1       | 0       |
| 1       | X       | 0       |
| 0       | X       | 0       |
| X       | 0       | _       |
| X       | 1       | _       |

Figure 3: Truth table for the sensitization status

$$\varphi_{u,x}^{S} = \left(x^{G,1} + x^{G,0} + \neg x^{S}\right) \cdot \left(x^{F,1} + x^{F,0} + \neg x^{S}\right) \cdot \left(x^{F,1} + x^{G,1} + \neg x^{S}\right) \cdot \left(\neg x^{G,1} + \neg x^{F,1} + \neg x^{S}\right) \cdot \left(x^{G,1} + \neg x^{F,1} + x^{S}\right) \cdot \left(x^{G,0} + \neg x^{F,0} + x^{S}\right) \cdot \left(x^{G,0} + \neg x^{G,0} + x^{G,0}\right) \cdot \left(x^{G,0} + + x^{G,0}\right) \cdot \left(x^{G,0}\right) \cdot \left(x^{G,0}$$

The next step is to describe the modifications to the CNF formula used for computing the faulty values, which for completely specified assignments are equivalent to the CNF formula for the good value. For incompletely specified assignments the same holds true but, as justified above, we introduce the additional constraint that an unspecified good value implies and unspecified faulty value,

$$\begin{pmatrix} x^G = X \end{pmatrix} \Rightarrow \begin{pmatrix} x^F = X \end{pmatrix} \tag{10}$$

Let us assume that the CNF formula for the faulty value of a node x with completely specified assignments is given by,

$$\varphi_x^F = \prod_{i=1}^j \omega_i \tag{11}$$

As a result of (10), the CNF formula for the faulty circuit, in the presence of incompletely specified assignments, is defined by,

| Sub-formula/Condition           | Clause Set                                                                                                                                                                                                                                                                                                                                                       |
|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Good Circuit                    | $\varphi_u^G = \bigcup_{x \in V_C} \varphi_{u,x}^G$                                                                                                                                                                                                                                                                                                              |
| Faulty Circuit                  | $\varphi_u^F = \bigcup_{x \in O^*(z)} \varphi_{u,x}^F$                                                                                                                                                                                                                                                                                                           |
| Node Sensitization              | $\varphi_u^S = \bigcup_{x \in O^*(z)} \varphi_{u,x}^S$                                                                                                                                                                                                                                                                                                           |
| Propagation Blocking Conditions | $\varphi_u^B = \left(\neg x^S\right) \qquad x \in K_O(z) - O^*(z)$                                                                                                                                                                                                                                                                                               |
| Fault Activation Conditions     | $ \varphi_{u}^{A} = \left(z^{S}\right) \cdot \left(\neg z^{G,1}\right) \cdot \left(z^{G,0}\right) \cdot \left(z^{F,1}\right) \cdot \left(\neg z^{F,0}\right)  \text{if } v = 1 \\ \varphi_{u}^{A} = \left(z^{S}\right) \cdot \left(z^{G,1}\right) \cdot \left(\neg z^{G,0}\right) \cdot \left(\neg z^{F,1}\right) \cdot \left(z^{F,0}\right)  \text{if } v = 0 $ |
| Fault Detection Requirement     | $\varphi_u^R = \left(\sum_{x \in PO \land x \in O^*(z)} x^S\right)$                                                                                                                                                                                                                                                                                              |
| Detection of Fault z s-a-v      | $\varphi_u^D = \varphi_u^G \cup \varphi_u^F \cup \varphi_u^S \cup \varphi_u^B \cup \varphi_u^A \cup \varphi_u^R$                                                                                                                                                                                                                                                 |

Table 3: Definition of the fault detection problem for the stem fault *z* s-a-*v* 

$$\phi_{u, x}^{F} = \left(\neg x^{F, 0} + x^{G, 0} + x^{G, 1}\right) \cdot \left(\neg x^{F, 1} + x^{G, 0} + x^{G, 1}\right) \cdot \prod_{i=1}^{j} \left(\omega_{i} + \neg x^{G, 0} \cdot \neg x^{G, 1}\right) \\
= \left(\neg x^{F, 0} + x^{G, 0} + x^{G, 1}\right) \cdot \left(\neg x^{F, 1} + x^{G, 0} + x^{G, 1}\right) \cdot \prod_{i=1}^{j} \left[\left(\omega_{i} + x^{G, 1}\right) \cdot \left(\omega_{i} + x^{G, 0}\right)\right]$$
(12)

Hence, the faulty value of a node x is computed by its original formula provided the good value is specified (i.e.  $x^{G, 0} + x^{G, 1} = 1$ ). In contrast, if the good value is unspecified (i.e.  $x^{G, 0} + x^{G, 1} = 0$ ), then the faulty value is *forced* to also be unspecified.

The formulas for  $\varphi_{u,\,x}^S$  and for  $\varphi_{u,\,x}^F$  are defined so that an unspecified good value immediately implies an unspecified faulty value and  $x^S=0$ . Thus propagation of the error signal is only permitted in the presence of properly specified values for the good circuit variables.

Furthermore, we note that the remaining CNF formulas of Table 1, i.e. propagation blocking conditions  $\varphi^B$  and fault detection requirements  $\varphi^R$ , remain unchanged, whereas the fault activation conditions  $\varphi^A$  must be updated to the new set of variables. As a result the complete CNF formula for a given stem fault z s-a-v is summarized in Table 3. Similarly, we can derive the CNF formula for a fanout-branch fault. Furthermore, we refer to  $\varphi^D_u$  as the fault-detection formula in the presence of unspecified variable assignments.

# 4 Computing Minimum Size Test Patterns

In this section we develop the optimization model for computing minimum-size test patterns. This optimization model is based on test pattern generation in the presence of incompletely specified primary input assignments. Moreover, stem faults are assumed throughout, even though the same approach is readily applied to fanout-branch faults.

### 4.1 The Complete Optimization Model

The main objective of test pattern minimization is to identify the minimum number of primary input assignments which detect the fault. Hence, our goal is to minimize the number of specified primary input assignments such that the given fault is still detected. As a result we obtain the following optimization model,

minimize 
$$\sum_{x \in PI} {0 \choose x^0 + x^1}$$
 subject to 
$$\phi_u^D$$
 (13)

which basically requires that the total number of assigned input variables be minimized under the constraint that the fault be detected. (Observe that we have  $0 \le x^0 + x^1 \le 1$  given (6), which implies an upper bound on the value of the cost function of |PI|.) Given the mapping between CNF clauses and linear inequalities described in [15, 17] we immediately conclude that (13) corresponds to an integer linear program, and so different integer linear optimization packages can be used for solving the test pattern minimization problem. Nevertheless, the constraints of (13) are tightly related with propositional satisfiability. Consequently, and as shown in [15], SAT-based ILP solvers are preferable for solving ILPs for which the constraints correspond to CNF formulas. For the experimental results given in Section 5, the SAT-based ILP solver of [15] was used.

Furthermore, we note that the optimization model of (13) can be viewed as a formalization of guided pseudo-exhaustive ternary simulation on the primary inputs of a combinational circuit, with the objective of minimizing the number of specified primary inputs assignments, and given the constraint that the fault is detected. The proposed model casts this basic idea into an ILP formulation, thus providing a formal framework for describing the problem and allowing a significant number of algorithms and theoretical results from integer optimization to be used.

In Appendix 1 we formally establish the validity of the proposed optimization model.

#### 4.2 Limitations of the Model

In general there may exist faults for which it is possible to identify test patterns with a smaller number of specified assignments, but which do not uniquely identify a set of sensitizable paths [1]. Let us consider the example circuit in Figure 4. Let the target fault be x s-a-1. From the circuit it is clear that any assignment to the selection variables s permits detecting the fault. Hence a valid test pattern is  $T = \{(x, 0)\}$ , since any assignment to the remaining variable permits detecting the fault. However, observe that T by itself does not yield any sensitization path for the fault to be detected. Only the additional assignment to the remaining primary input s allows the fault effect to propagate to the primary outputs. Consequently, any test generation model based on the D-calculus [1] or any of its derivations is by



Figure 4: Minimum-size test pattern for which no propagation path exists

itself unable to identify *all* of these test patterns, since for some cases propagation does not actually take place and only the propagation conditions are implicitly validated. As a result, our proposed model yields the minimum-size test patterns which guarantee, given the specified assignments, propagation of the fault effect to a primary output by defining one or more sensitizable paths.

## **5 Experimental Results**

The model described in the previous section has been integrated in a test pattern generation framework for the computation of minimum size test patterns referred to as *Minimum Test Pattern generator* (MTP), which uses the SAT-based ILP algorithm of *bsolo* [15] and the fault simulator provided with ATALANTA [13]. The results included below were obtained with the IWLS'89 benchmark suite [14] and with the ISCAS'85 benchmark suite [2]. In all cases MTP was run with a bound on the amount of allowed search (i.e. the total number of conflicts [15]). This permits MTP to identify acceptable solutions, which in some cases may not be necessarily optimal. Moreover, in order to speed up convergence to the optimal solutions, MTP uses the solution computed by ATALANTA (or by any other ATPG tool) as the startup assignment. These assignments provide an initial upper bound on the value of the optimal solution. If ATALANTA aborts the fault, then TG-GRASP [22] is used for computing a startup test pattern.

Table 4 contains the results for the IWLS'89 benchmarks for both ATALANTA [13] and MTP. ATALANTA is an ATPG tool that can generate test patterns with don't cares. For each benchmark *all* faults were targeted in order to allow for a a meaningful comparison between the two algorithms. Columns #PI, #G, #F, #R and #A denote, respectively, the number of primary inputs, gates, faults, redundant faults and aborted faults. %X denotes the percentage of don't care bits in all test patterns;  $\Delta$  denotes the variation in percentage from ATALANTA to MTP; %Opt denotes the percentage of faults for which MTP was able to find the actual minimum-size test pattern. Finally, time/fault denotes the average time in seconds spent solving the ILP for each fault.

From these results several conclusions can be drawn. First, MTP allows validating the heuristics used in ATAL-ANTA for computing test patterns with don't cares. Indeed for several benchmarks, ATALANTA already identifies the minimum-size test patterns for all faults. Nevertheless, for other benchmarks, the test patterns computed by ATALANTA can be far from the minimum-size test patterns. For these cases the percentage of don't cares computed with MTP can be as much as 15% above the values computed by ATALANTA. Finally, we observe that for medium-size circuits MTP is able to compute the actual minimum-size test patterns for all faults in the circuit in a reasonable amount of time per fault. For larger circuits, MTP finds solutions that are better than those computed by ATALANTA, but which are not guaranteed to be optimal.

|           |     | ATALANTA [13] |            |    |    |      |    | МТР |       |      |      |                |  |  |  |
|-----------|-----|---------------|------------|----|----|------|----|-----|-------|------|------|----------------|--|--|--|
| Benchmark | #PI | # <i>G</i>    | # <b>F</b> | #R | #A | %X   | #R | #A  | %X    | Δ    | %Opt | time/<br>fault |  |  |  |
| 9symml    | 9   | 157           | 752        | 2  | 0  | 1.4  | 2  | 0   | 8.9   | 7.5  | 100  | 2.04           |  |  |  |
| cht       | 47  | 209           | 820        | 0  | 0  | 93.6 | 0  | 0   | 94.4  | 0.8  | 100  | 0.64           |  |  |  |
| cm138a    | 6   | 26            | 124        | 0  | 0  | 16.7 | 0  | 0   | 16.7  | 0.0  | 100  | 0.02           |  |  |  |
| cm150a    | 21  | 62            | 232        | 0  | 0  | 68.4 | 0  | 0   | 71.0  | 2.6  | 100  | 1.55           |  |  |  |
| cm163a    | 16  | 54            | 220        | 0  | 0  | 70.7 | 0  | 0   | 72.8  | 2.1  | 100  | 0.28           |  |  |  |
| cmb       | 16  | 54            | 248        | 0  | 0  | 29.6 | 0  | 0   | 30.0  | 0.4  | 100  | 0.07           |  |  |  |
| comp      | 32  | 105           | 480        | 1  | 0  | 24.0 | 1  | 0   | 39.6  | 15.6 | 2    | 10.64          |  |  |  |
| comp16    | 35  | 221           | 960        | 0  | 0  | 30.7 | 0  | 0   | 32.9  | 2.2  | 4    | 13.66          |  |  |  |
| cordic    | 23  | 74            | 342        | 0  | 0  | 30.7 | 0  | 0   | 40.2  | 9.5  | 37   | 6.28           |  |  |  |
| cu        | 14  | 51            | 262        | 7  | 0  | 53.0 | 7  | 0   | 57.1  | 4.1  | 100  | 0.14           |  |  |  |
| majority  | 5   | 12            | 54         | 0  | 0  | 8.5  | 0  | 0   | 8.5   | 0.0  | 100  | 0.01           |  |  |  |
| misex1    | 8   | 52            | 224        | 0  | 0  | 49.8 | 0  | 0   | 54.4  | 4.6  | 100  | 0.17           |  |  |  |
| misex2    | 25  | 84            | 422        | 0  | 0  | 73.5 | 0  | 0   | 75.8  | 2.3  | 100  | 0.20           |  |  |  |
| misex3    | 14  | 533           | 2590       | 7  | 0  | 24.4 | 7  | 0   | 37.7  | 13.3 | 76   | 25.29          |  |  |  |
| mux       | 21  | 47            | 202        | 0  | 0  | 67.3 | 0  | 0   | 75.8  | 8.5  | 100  | 0.94           |  |  |  |
| pcle      | 19  | 76            | 328        | 0  | 0  | 73.3 | 0  | 0   | 74.9  | 1.6  | 99   | 0.45           |  |  |  |
| pcler8    | 27  | 94            | 400        | 0  | 0  | 78.1 | 0  | 0   | 79.2  | 1.1  | 98   | 1.97           |  |  |  |
| term1     | 34  | 155           | 708        | 6  | 0  | 72.2 | 6  | 0   | 74.42 | 2.2  | 86   | 4.35           |  |  |  |
| too_large | 38  | 234           | 1132       | 15 | 0  | 54.9 | 15 | 0   | 62.2  | 7.3  | 20   | 18.27          |  |  |  |
| unreg     | 36  | 103           | 448        | 0  | 0  | 90.6 | 0  | 0   | 91.7  | 1.1  | 86   | 0.93           |  |  |  |

Table 4: Experimental results for the IWLS'89 benchmarks (allowing 1000 conflicts per fault)

Table 5 contains the results for the ISCAS'85 circuits<sup>3</sup>. For these benchmarks a smaller search effort (i.e. 100 conflicts) was allowed. This leads to smaller run times and, consequently, less optimal results. Once more we can conclude that MTP is able to improve over the ATALANTA results, but in this case the improvements are in general smaller, since it becomes harder for the ILP solver [15] to find optimal solutions. (As can be concluded the percentage of optimal solutions found ranges from 0 to 20 percent.) For some of these circuits we run MTP with a larger number of allowed conflicts (i.e. 1000 conflicts). The obtained results are shown in Table 6. As can be observed, a larger percentage of unspecified input assignments is obtained at the cost of a larger search effort per fault. Accordingly, the time per fault also increases.

From the previous experimental results for the IWLS'89 and ISCAS'85 benchmarks we can draw the following

<sup>3.</sup> Observe that ATALANTA aborts several faults for c432, c2670, c6288 and c7552. For those cases, MTP uses TG-GRASP [22] as the startup ATPG tool, and consequently does not abort any fault.

| Benchmark |     |            |            | ATA | ATALANTA [13] |      |     | МТР        |      |     |      |                |  |
|-----------|-----|------------|------------|-----|---------------|------|-----|------------|------|-----|------|----------------|--|
|           | #PI | # <i>G</i> | # <b>F</b> | #R  | #A            | %X   | #R  | # <b>A</b> | %X   | Δ   | %Opt | time/<br>fault |  |
| c432      | 36  | 160        | 524        | 3   | 1             | 56.2 | 4   | 0          | 60.8 | 4.6 | 0    | 3.21           |  |
| c499      | 41  | 202        | 758        | 8   | 0             | 17.1 | 8   | 0          | 18.7 | 1.6 | 0    | 4.35           |  |
| c880      | 60  | 383        | 942        | 0   | 0             | 82.2 | 0   | 0          | 83.8 | 1.6 | 12   | 2.54           |  |
| c1355     | 41  | 546        | 1574       | 8   | 0             | 13.3 | 8   | 0          | 13.7 | 0.4 | 0    | 9.12           |  |
| c1908     | 33  | 880        | 1878       | 8   | 0             | 44.7 | 8   | 0          | 48.4 | 3.7 | 0    | 9.61           |  |
| c2670     | 233 | 1193       | 2746       | 97  | 20            | 92.0 | 117 | 0          | 92.4 | 0.4 | 23   | 10.99          |  |
| c3540     | 50  | 1669       | 3425       | 134 | 0             | 74.6 | 134 | 0          | 77.3 | 2.7 | 15   | 16.81          |  |
| c5315     | 178 | 2307       | 5350       | 59  | 0             | 92.6 | 59  | 0          | 92.9 | 0.3 | 14   | 9.34           |  |
| c6288     | 32  | 2416       | 7744       | 34  | 387           | 22.2 | 34  | 0          | 25.1 | 2.9 | 1    | 36.65          |  |
| c7552     | 207 | 3512       | 7550       | 77  | 181           | 86.9 | 131 | 0          | 86.9 | 0.0 | 4    | 17.46          |  |

Table 5: Experimental results for the ISCAS'85 benchmarks (allowing 100 conflicts per fault)

| Benchmark |     |            |            | ATALANTA [13] |    |      | МТР |    |      |      |      |                |
|-----------|-----|------------|------------|---------------|----|------|-----|----|------|------|------|----------------|
|           | #PI | # <b>G</b> | # <b>F</b> | #R            | #A | %X   | #R  | #A | %X   | Δ    | %Opt | time/<br>fault |
| c432      | 36  | 160        | 524        | 3             | 1  | 56.2 | 4   | 0  | 64.1 | 7.9  | 2    | 27.04          |
| c499      | 41  | 202        | 758        | 8             | 0  | 17.1 | 8   | 0  | 19.5 | 2.4  | 0    | 33.71          |
| c880      | 60  | 383        | 942        | 0             | 0  | 82.2 | 0   | 0  | 85.6 | 3.4  | 40   | 22.34          |
| c1355     | 41  | 546        | 1574       | 8             | 0  | 13.3 | 8   | 0  | 15.2 | 1.9  | 0    | 64.86          |
| c1908     | 33  | 880        | 1878       | 8             | 0  | 44.7 | 8   | 0  | 60.0 | 15.3 | 1    | 73.44          |
| c2670     | 233 | 1193       | 2746       | 97            | 20 | 92.0 | 117 | 0  | 93.0 | 1.0  | 25   | 83.46          |

Table 6: Experimental results for some of the ISCAS'85 benchmarks (allowing 1000 conflicts per fault)

#### conclusions:

- For some circuits the heuristics used by ATALANTA, as well as by other structural ATPG algorithms, are extremely effective and MTP can be used to formally prove this result.
- Whenever the main goal is maximizing the number of don't care bits, then MTP can be run on top of ATALANTA (or any other ATPG algorithm), thus in general allowing for an increased number of unspecified bit assignments. The improvements obtained by MTP are related to the amount of allowed search effort, and MTP is always guaranteed to produce results that are no worse than the startup tool (in our case ATALANTA or TG-GRASP).

#### 6 Conclusions

In this paper we introduce a SAT-based integer linear programming model for computing minimum-size test patterns. The applicability of the model has been illustrated by computing minimum size test patterns for several benchmark circuits. The next step of this work is to study the application of minimum-size test patterns to the synthesis of BIST logic, with the objective of evaluating the reduction in size of the synthesized logic obtained from using MTP.

Additional research work involves further constraining the ILP formulation so that larger problem instances can be solved optimally. Furthermore, the tradeoffs between minimum-size test pattern computation, fault simulation and fault compaction need to be studied. Finally, a long-term objective of this work is the integration of the proposed model in a complete testing environment, thus enabling the use of minimum-size test patterns for different purposes, such as the validation of test pattern minimization heuristics or the synthesis of reduced-size FSMs for BIST in specific target applications.

### References

- [1] M. Abramovici, M. A. Breuer and A. D. Friedman, *Digital Systems Testing and Testable Design*, Computer Science Press, 1990.
- [2] F. Brglez and H. Fujiwara, "A Neutral List of 10 Combinational Benchmark Circuits and a Target Translator in FORTRAN," in *Proceedings of the International Symposium on Circuits and Systems*, 1985.
- [3] K. Chakrabarty, B. T. Murray, J. Liu and M. Zhu, "Test Width Reduction for Built-In Self Testing", in *Proceedings of the International Test Conference*, November 1997.
- [4] S. T. Chakradhar, V. D. Agrawal and S. G. Rothweiler, "A Transitive Closure Algorithm for Test Generation," *IEEE Transactions on Computer-Aided Design*, vol. 12, no. 7, pp. 1015-1028, July 1993.
- [5] H. Cox and J. Rajski, "On Necessary and Nonconflicting Assignments in Algorithmic Test Pattern Generation," *IEEE Transactions on Computer-Aided Design*, vol. 13, no. 4, pp. 515-530, April 1994.
- [6] H. Fujiwara and T. Shimono, "On the Acceleration of Test Generation Algorithms," *IEEE Transactions on Computers*, vol. 32, no. 12, pp. 1137-1144, December 1983.
- [7] J. Giraldi and M. L. Bushnell, "Search State Equivalence for Redundancy Identification and Test Generation," in *Proceedings* of the International Test Conference, pp. 184-193, 1991.
- [8] P. Goel, "An Implicit Enumeration Algorithm to Generate Tests for Combinational Logic Circuits," *IEEE Transactions on Computers*, vol. 30, no. 3, pp. 215-222, March 1981.
- [9] S. Hellebrand, B. Reeb, S. Tarnick and H.-J. Wunderlich, "Pattern Generation for a Deterministic BIST Scheme," in *Proceedings of the International Conference on Computer-Aided Design*, 1995.
- [10] T. Kirkland and M. Ray Mercer, "A Topological Search Algorithm for ATPG," in *Proceedings of the 24th Design Automation Conference*, pp. 502-508, 1987.
- [11] W. Kunz and D. K. Pradhan, "Recursive Learning: An Attractive Alternative to the Decision Tree for Test Generation in Digital Circuits," in *Proceedings of the International Test Conference*, pp. 816-825, 1992.
- [12] T. Larrabee, "Test Pattern Generation Using Boolean Satisfiability," *IEEE Transactions on Computer-Aided Design*, vol. 11, no. 1, pp. 4-15, January 1992.
- [13] H. K. Lee and D. S. Ha, "On the Generation of Test Patterns for Combinational Circuits," Technical Report No. 12\_93, Department t of Electrical Engineering, Virginia Polytechnic Institute and State University, 1993.
- [14] IWLS'89 Benchmark Suite, available from http://www.cbl.ncsu.edu/pub/Benchmark\_dirs/LGSynth89/.
- [15] V. Manquinho, P. Flores, J. P. M. Silva and A. Oliveira, "Prime Implicant Computation Using Satisfiability Algorithms," in *Proceedings of the International Conference on Tools with AI*, November 1997.
- [16] T. M. Niermann and J. H. Patel, "HITEC: A test generation package for sequential circuits," in *Proceedings of the European Conference on Design Automation (EDAC)*, February 1991.
- [17] C. Pizzuti, "Computing Prime Implicants by Integer Programming," in *Proceedings of International Conference on Tools with Artificial Intelligence*, November 1996.
- [18] I. Pomeranz, L.N. Reddy, S.M. Reddy, "COMPACTEST: A Method to Generate Compact Test Sets for Combinational Cir-

- cuits," in IEEE Transactions on Computer-Aided Design, vol. 12, no. 7, pp. 1040-1049, July 1993.
- [19] M. H. Schulz, E. Trischler and T. M. Sarfert, "SOCRATES: A Highly Efficient Automatic Test Pattern Generation System," *IEEE Transactions on Computer-Aided Design*, vol. 7, no. 1, pp. 126-137, January 1988.
- [20] M. H. Schulz and E. Auth, "Improved Deterministic Test Pattern Generation with Applications to Redundancy Identification," *IEEE Transactions on Computer-Aided Design*, vol. 8, no. 7, pp. 811-816, July 1989.
- [21] J. P. M. Silva and K. A. Sakallah, "Dynamic Search-Space Pruning Techniques in Path Sensitization," in *Proceedings of the 31st Design Automation Conference*, pp. 705-711, 1994.
- [22] J. P. M. Silva and K. A. Sakallah, "Robust Search Algorithms for Test Pattern Generation," in *Proceedings of the Fault-Toler-* ant Computing Symposium, June 1997.
- [23] P. R. Stephan, R. K. Brayton and A. L. Sangiovanni-Vincentelli, "Combinational Test Generation Using Satisfiability," *IEEE Transactions on Computer-Aided Design*, vol. 15, no. 9, pp. 1167-1176, September 1996.
- [24] M. Teramoto, "A Method for Reducing the Search Space in Test Pattern Generation," in *Proceedings of the International Test Conference*, pp. 429-435, 1993.

# Appendix 1

In order to establish the validity of the proposed model we must first formally define the notion of test pattern minimization. This notion in tightly related with the way error signals propagate from the fault site to the primary outputs.

**Definition 4.** Given incompletely specified test patterns  $T_1$  and  $T_2$ , we say that  $T_2$  *specializes*  $T_1$  provided there exists at least one variable x, such that  $(x, v_1) \in T_1$  and  $(x, v_2) \in T_2$ , which is unspecified in  $T_1$  and specified in  $T_2$ , i.e.  $v_1 = X \wedge v_2 \in \{0, 1\}$ . Moreover, any specified assignment in  $T_1$  is also a specified assignment in  $T_2$ , i.e.  $(x, v) \in T_1 \wedge v \in \{0, 1\} \Rightarrow (x, v) \in T_2$ . Conversely, we say that  $T_1$  covers  $T_2$ .

**Definition 5.** For a fault f an s-path (i.e. sensitization path) denotes a sequence of nodes  $\langle x_1, x_2, ..., x_k \rangle$ , connecting the fault site  $x_1$  to a primary output  $x_k \in PO$  such that  $x_i^S = 1, i \in \{1, ..., k\}$ . For a given fault f and a test pattern T, the set of s-paths is denoted by  $P_S(T, f)$ .

**Definition 6.** We say that an assignment (x, v) is *s-irrelevant* (i.e. sensitization irrelevant) with respect to a fault f if and only if the fault is detectable given a test pattern  $T_1$  with  $(x, X) \in T_1$ , and for a new test pattern  $T_2$  that specializes  $T_1$  such that  $T_2 = T_1 - \{(x, X)\} \cup \{(x, v)\}$ , we have  $P_S(T_1, f) \subseteq P_S(T_2, f)$ .

**Definition 7.** For a given fault f we say that a test pattern  $T_1$  imposes *s-irrelevancy* if and only if any specialization  $T_2$  of  $T_1$  is such that  $P_S(T_1, f) \subseteq P_S(T_2, f)$ .

For example for the C17 circuit in Figure 1,  $T = \{(x_1, 1), (x_2, X), (x_3, 1), (x_6, 1), (x_7, X)\}$  represents a test pattern for fault  $x_1$  s-a-0, which in this case imposes s-irrelevancy. Indeed any assignment to nodes  $x_2$  or  $x_7$  does not change any of the fault effect propagation conditions defined by T.

The above definitions basically allow us to introduce the following definition of minimum size test pattern.

**Definition 8.** Let T be a test pattern, we define the size of T, ||T||, as the number of specified assignments in T, i.e.  $||T|| = |\{(x, v) \in T | v \in \{0, 1\}\}|$ .

**Definition 9.** Let T(f) be the set of all test patterns which detect a given fault f. Let  $T_m$  be a test pattern such that  $T_m$  imposes s-irrelevancy and any other test pattern  $T_j$  which imposes s-irrelevancy is such that  $\|T_m\| \le \|T_j\|$ . In such a situation,  $T_m$  is said to be a *minimum-size test pattern (with respect to s-irrelevancy)*.

As the previous definition implies, in general there may be smaller test patterns which do not impose *s*-irrelevancy. These other test patterns are studied in the Section 4.2.

In the remainder of this appendix we show that the proposed optimization model can indeed be used for computing minimum-size test patterns. The sequence of formal results basically shows that any implied good and faulty circuit node assignments, due to a given test pattern T, will not be modified by any specialization of T. This is particularly relevant for path sensitization, because it ensures that any computed test pattern T with unspecified assignments, that detects a given fault f, still detects that same fault if some of the unspecified assignments of T become specified. Thus T is a test for the fault and implicitly represents a set of tests for the same fault (i.e. all of its specializations). We conclude by showing that any solution to (13) must be of minimum size.

**Lemma 1.** Let  $\varphi_u$  be a CNF formula for a circuit and let T be an assignment to the primary inputs such that  $\varphi_u|_T = 1$ . Let  $x = v, v \in \{0, 1\}$  be a circuit node assignment implied by T. In this situation and given any specialization of T, the assignment x = v is also implied.

**Proof:** Given a gate connected solely to the primary inputs of the circuit, if its output is specified given *T* is either because all inputs assume a non-controlling value or because at least one input assumes a controlling value. (Observe that for NOT and BUFF gates the analysis is similar.) Clearly, the value of the output of this gate cannot change by any specialization of *T*. By induction on the topological level of a circuit, the same reasoning applies on all gates, and the results follows.

**Proposition 1.** Given a fault f and a test pattern T and a circuit node y for which  $y^S = 1$ , then for any specialization of T,  $y^S = 1$  holds.

**Proof:** From Lemma 1 we know that any specified good value of any node in the circuit cannot change with any specialization of T. Furthermore, the faulty value of a node is only specified when the good value is also specified from (10). Again applying Lemma 1 to the faulty values, we can conclude that a specified faulty value cannot change with any specialization of T. Finally, since specified good and the faulty values cannot change for any specialization of T, then any assignment  $y^S = 1$  cannot change.

**Corollary 1.** Given a fault f and a test pattern T such that  $\phi_u^D \Big|_{T} = 1$ , then any unspecified assignment  $(x, X) \in T$  is s-irrelevant with respect to f. Moreover, test pattern T imposes s-irrelevancy.

**Proof:** The proof follows from Proposition 1.

**Proposition 2.** A fault f is detectable if and only if the corresponding CNF formula  $\varphi_u^D$  is satisfiable.

**Proof:** Let us consider a detectable fault f. It is known that for completely specified test patterns,  $\varphi^D$  is satisfied if and only if fault f is detectable [22]. Since f is detectable we can always find a completely specified test pattern T for which  $\varphi^D$  is satisfied. Thus, we can identify at least one path connecting the fault site to a primary output such that for any node x in the path  $x^S = 1$ . Consequently, and by the definition of  $\varphi^D_u$ , T must also satisfy

 $\varphi^D_{..}$ 

Conversely, let us consider an assignment for which  $\varphi_u^D$  is satisfiable. This necessarily implies the existence of at least one primary output x for which  $x^S = 1$ . By construction, the value of the good variable for every node in at least one path from the fault site to primary output x must be specified, and such that for each such node the good value differs from the faulty value. Given that T imposes s-irrelevancy (from Corollary 1), then any complete specialization of T still satisfies  $\varphi_u^D$ . Using the reverse mapping to the original set of variables, then  $\varphi_u^D$  is also satisfied and from [22] the fault f is detected.

**Corollary 2.** Given a fault f and a test pattern T such that  $\left. \phi_u^D \right|_T = 1$ , then the fault effect is observable on at least one primary output.

**Proof:** Since  $\varphi_u^D\Big|_T = 1$ , then we must necessarily have  $\varphi_u^R\Big|_T = 1$ . Thus we have a primary output x such that  $x^S = 1$ . Consequently,  $x^G \neq x^F \land x^G \in \{0, 1\}$ , and so the fault effect is observable on primary output x.

**Corollary 3.** Given a fault f and a test pattern T such that  $\left. \phi_u^D \right|_T = 1$ , then there exists an s-path from the fault site to at least one primary output.

**Proposition 3.** Given a fault f, the solution of ILP (13) is a minimum-size test pattern with respect to s-irrelevancy.

**Proof:** From Proposition 2 we know that  $\varphi_u^D|_{T} = 1$  if and only if the fault is detectable. Hence the constraints of the ILP (13) are only satisfied for test patterns detecting the fault. Suppose now that  $T_1$  is the computed solution of (13) and suppose further that there exists  $T_2$  such that  $T_2$  also detects the fault and  $||T_2|| < ||T_1||$ . However, since  $T_2$  detects the fault, it also satisfies the constraints of (13), and so it would be a better solution than the computed solution of the ILP; a contradiction.