The need for reducing manufacturing defect escape in today's safety-critical applications requires increased fault coverage. However, generating a test set using commercial automatic test pattern generation (ATPG) tools that lead to zero-defect escape is still an open problem. It is challenging to detect all stuck-at faults to reach 100% fault coverage. In parallel, the hardware security community has been actively involved in developing solutions for logic locking to prevent IP piracy. Locks (e.g., XOR gates) are inserted in different locations of the netlist so that an adversary cannot determine the secret key. Unfortunately, the Boolean satisfiability (SAT) based attack, introduced in [1], can break different logic locking schemes in minutes. In this paper, we propose a novel test pattern generation approach using the powerful SAT attack on logic locking. A stuck-at fault is modeled as a locked gate with a secret key. Our modeling of stuck-at faults preserves the property of fault activation and propagation. We show that the input pattern that determines the key is a test for the stuck-at fault. We propose two different approaches for test pattern generation. First, a single stuck-at fault is targeted, and a corresponding locked circuit with one key bit is created. This approach generates one test pattern per fault. Second, we consider a group of faults and convert the circuit to its locked version with multiple key bits. The inputs obtained from the SAT tool are the test set for detecting this group of faults. Our approach is able to find test patterns for hard-to-detect faults that were previously failed in commercial ATPG tools. The proposed test pattern generation approach can efficiently detect redundant faults present in a circuit. We demonstrate the effectiveness of the approach on ITC'99 benchmarks. The results show that we can achieve a perfect fault coverage reaching 100%.

翻译：在当今安全关键应用中，减少制造缺陷逃逸的需求要求提高故障覆盖率。然而，使用商用自动测试向量生成（ATPG）工具生成实现零缺陷逃逸的测试集仍是一个开放性难题。检测所有固定故障以实现100%故障覆盖率极具挑战性。与此同时，硬件安全领域一直积极开发逻辑锁定解决方案以防止知识产权盗用。锁定机制（例如异或门）被插入网表的不同位置，使得攻击者无法确定密钥。不幸的是，文献[1]提出的基于布尔可满足性（SAT）的攻击可在数分钟内破解不同逻辑锁定方案。本文提出一种新颖的测试向量生成方法，利用针对逻辑锁定的强效SAT攻击。我们将固定故障建模为带有密钥的锁定门。这种固定故障建模保留了故障激活与传播特性。我们证明：能确定密钥的输入模式正是该固定故障的测试向量。本文提出两种不同的测试向量生成方法：第一种方法针对单一固定故障，创建含一个密钥位的对应锁定电路，每个故障生成一个测试向量；第二种方法考虑一组故障，将电路转换为含多个密钥位的锁定版本，从SAT工具获得的输入即为检测这组故障的测试集。该方法能够找到此前商用ATPG工具无法生成的难测故障的测试向量。所提测试向量生成方法可有效检测电路中的冗余故障。我们在ITC'99基准电路上验证了该方法有效性，结果表明可实现完美的100%故障覆盖率。