The need for reducing manufacturing defect escape in today's safety-critical applications requires increased fault coverage. However, generating a test set using commercial automatic test pattern generation (ATPG) tools that lead to zero-defect escape is still an open problem. It is challenging to detect all stuck-at faults to reach 100% fault coverage. In parallel, the hardware security community has been actively involved in developing solutions for logic locking to prevent IP piracy. In logic locking, locks are inserted in different locations of the netlist to modify the original functionality. Unless the correct key is programmed into the IC, the circuit functions incorrectly. Unfortunately, the Boolean satisfiability (SAT) based attack, introduced in (Subramanyan et al. 2015), can determine the secret key efficiently, and break different logic locking schemes. In this article, we propose a novel test pattern generation approach using the powerful SAT attack on logic locking. A stuck-at fault is modeled as a locked gate with a secret key, where it can effectively deduce the satisfiable assignment with reduced backtracks under key initialization of the SAT attack. The input pattern that determines the key is a test for the stuck-at fault. We propose two different approaches for test pattern generation. First, a single stuck-at fault is targeted, and a corresponding locked circuit with one key bit is created. This approach generates one test pattern per fault. Second, we consider a group of faults and convert the circuit to its locked version with multiple key bits. The inputs obtained from the SAT attack tool are the test set for detecting this group of faults. Our approach can find test patterns for all hard-to-detect faults that were previously undetected in commercial ATPG tools. The proposed test pattern generation approach can efficiently detect redundant faults as well. We demonstrate the effectiveness of the approach on ITC'99 benchmarks. The results show that we can detect all the hard-to-detect faults and identify redundant faults and a 100% stuck fault coverage is achieved. In addition, we show that test generation time saving becomes significant for Approach 2 as multiple faults help reduce or remove conflicts.
