Path Controllability Analysis for High Quality Designs

Transcription

1 Path Controllability Analysis for High Quality Designs Li-Jie Chen 1, Hong-Zu Chou 2, Kai-Hui Chang 2, Sy-Yen Kuo 1, Chi-Lai Huang 2 1 Department of Electrical Engineering, National Taiwan University, Taipei 106, Taiwan 2 Avery Design Systems, Inc., Tewksbury, MA, USA 1 {r , sykuo}@ntu.edu.tw, 2 {hzchou, changkh, chilai}@avery-design.com ABSTRACT Given a design variable and its fanin cone, determining whether one fanin variable has controlling power over other fanin variables can benefit many design steps such as verification, synthesis and test generation. In this work we formulate this path controllability problem and propose several algorithms that not only solve this problem but also return values that enable or block other fanin variables. Empirical results show that our algorithms can effectively perform path controllability analysis and help produce high-quality designs. CCS CONCEPTS Hardware Software tools for EDA; Semi-formal verification; Theorem proving and SAT solving; Test-pattern generation and fault simulation; KEYWORDS Path Controllability, At-Speed Test, CDTG, X-Analysis ACM Reference Format: Li-Jie Chen 1, Hong-Zu Chou 2, Kai-Hui Chang 2, Sy-Yen Kuo 1, Chi-Lai Huang Path Controllability Analysis for High Quality Designs. In ASPDAC 19: 24th Asia and South Pacific Design Automation Conference (ASPDAC 19), January 21 24, 2019, Tokyo, Japan. ACM, New York, NY, USA, 6 pages. 1 INTRODUCTION Given a variable and its functional fanin variables, determining whether any fanin variable has controlling power over the rest of the fanin variables is useful for several circuit designs and verification activities. For example, if a register has unexpected X propagation in its downstream logic [13], finding a side signal with controlling power can block the X propagation and fix the problem. Another example is that in Coverage-Driven Test Generation (CDTG) [4, 8, 10], if it is known that a fanin variable must have a specific value for other fanin variables to affect the target variable, then one can add a constraint to the constraint solver so that the target is easier to hit. In Automatic Test Pattern Generation (ATPG) [5, 7] knowing the controllability of a path is useful, too, because the ATPG algorithm can then use specific values to sensitize a particular Acknowledgement: This research was supported by the Ministry of Science and Technology, Taiwan under Grant E MY3 ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only. ASPDAC 19, January 21 24, 2019, Tokyo, Japan 2019 Association for Computing Machinery. ACM ISBN /19/01... $ path. For example, [3] reported that solving controllability issues before ATPG is performed can considerably reduce ATPG runtime. Despite the usefulness of this controllability analysis, to the best of our knowledge no existing work focuses entirely on this important topic, even though some work implies its usefulness [2, 3, 9]. The main contribution of this work is to formulate the path controllability problem and provide several algorithms based on SAT and Boolean quantification for solving the problem. Our experimental results show that our proposed algorithms can solve path controllability problems effectively and efficiently, and we provide an example to show how our analysis can help CDTG reach its goal quicker. Additionally, key control signals can be identified as a side-product of this analysis, which can help designers improve their Design-for-Verifiability (DFV) implementation. All such work can help improve final design quality. The rest of the paper is organized as follows. Section 2 provides necessary background. Path controllability problem is formulated in Section 3 and algorithms to solve it are presented in Section 4. Experimental results are reported in Section 5. Section 6 concludes this paper. 2 BACKGROUND In this section we provide background information for understanding our work and introduce related work. 2.1 Symbolic Simulation In this work we use symbolic traces generated by symbolic simulation [1] as the basis for our analysis. However, other Boolean representations for a design s logic can also be used. Symbolic simulation is different from logic simulation in that logic simulation simulates one specific value while symbolic simulation simulates symbols that represent all possible values. Take a two-input AND gate as an example, logic simulation takes values like {0, 1} as inputs and produces 0 at its output. Symbolic simulation takes two symbols, s 0 and s 1, as inputs and generates a symbolic trace s 0 AND s 1 at its output. This symbolic trace can be converted to Boolean functions and is suitable for formal analysis. In this work, we use And-Inverter Graph (AIG) [11] or Functionally Reduced AIG (FRAIG) [12] to represent the Boolean function of a symbolic trace. 2.2 Path Controllability Analysis Given a multi-output Boolean function, path controllability analysis identifies inputs along with specific values that control whether other inputs can affect the outputs of the function. Guzey et al. [9] run logic simulation on a Boolean network to find relationship between its inputs and outputs. It leverages data mining techniques to extract the values on part of the inputs that can possibly control the output value from simulation data. Campos et al. [2] build Data

2 ASPDAC 19, January 21 24, 2019, Tokyo, Japan Lie-Jie Chen et al. Dependency Graph (DDG) from RTL code for relations among output constraints, registers and primary inputs. Then the ATPG engine runs implication on DDG to find certain values on registers which allow a set of inputs to satisfy the constraints. In this work we take a formal approach and propose several algorithms based on Boolean analysis to solve this problem. 3 PATH CONTROLLABILITY ANALYSIS PROBLEM In this section we formulate the path controllability problem and describe how a Boolean function for solving the problem can be generated using symbolic simulation. 3.1 Problem Formulation Given a variable V and its n fanin variables i 1...i n, we say that one fanin variable i j has controlling power over other fanin variables if i j can control whether other fanin variables can affect the value of V or not. More specifically, certain values for i j that can disallow any other fanin variables to affect the value of V must exist, and certain values must also exist that allow other fanin variables to affect the value of V. In other words, both values must exist for i j to be controlling. If a fanin variable has controlling power, the values that allow other fanin variables to affect V are called enabling values since they enable other fanin variables to affect V. The rest of the values are called blocking values, which disallow V to change its value. Take Fig.1 as an example, addr, x and y are fanin variables of var1. Only addr has controlling power in this example because it has both enabling and blocking values: value 32 h1 is an enabling value because it allows other inputs, x and y, to affect the value of var1; all other values are blocking values because x and y cannot affect the value of var1 unless addr is 32 h1. Variables x and y do not have controlling power because there are no specific values for them to allow or disallow the value from addr to affect var1. reg [31:0] addr, val1, x, y; if (addr == 32 h1) var1 = x + y; Figure 1: Path controllability example. Variable addr controls path between var1 and its fanin variable x and y. Based on the above discussions, we formally formulate the path controllability analysis problem as follows. Definition 1. Given a variable V whose original value is val with n fanin variables i 1 to i n in its functional fanin cone, path controllability analysis determines whether fanin variable i j, j {1..n} has specific values that allow or disallow all other fanin variables i k, k {1..n}, k j to affect the value of V. In other words, whether i j possesses specific values that allow or disallow other fanin variables to produce a value for V that is different from val. Values that allow other fanin variables to affect the value of V are called enabling values. Values that disallow other fanin variables to affect the value of V are called blocking values. Each value of i j is either enabling value or blocking value. If variable i j has both enabling values and blocking values for V, we say i j has path controllability over other fanin variables of V. Path controllability analysis can be performed at either the word or the bit level. When performed at the word level, all bits in the variable are considered together for controllability; otherwise each bit is considered separately. 3.2 Generate Problem Instance Using Symbolic Simulation Under the problem definition in 3.1, we can generate an instance of controllability analysis problem using symbolic simulation as follows. We first use logic simulation to bring the design to a desired state. Next, we start symbolic simulation and inject symbols to variables whose path controllability need to be analyzed. We denote value of the variable Vk, typically a register, using Vk s0 when the symbolic simulation start. Vk s0 can be symbol or constant depending on whether a symbol is injected to Vk. We then perform symbolic simulation for the needed number of cycles to create symbolic traces among design variables. During symbolic simulation, new symbols are injected to primary inputs at each cycle if needed. We denote the symbol injected to input variable Ik at cycle j using Ik s j. After n cycle symbolic simulation is performed, the target variable, Vi, will have its original value denoted using Vi s0, and a symbolic trace denoted using Vi sn. Inputs of Vi sn come from injected symbols in Vk or Ik if they are fanin variables of Vi, which can be obtained by functional path extraction algorithms. We then create a Boolean function f V i for controllability analysis by f V i = Vi s0 Vi sn. f V i resolves to true when there is no value difference between Vi s0 and Vi sn, and it resolves to f alse otherwise. f V i can be used to analyze if any fanin variables of Vi have controllability, since it shows whether value of Vi can be changed. Based on our definition of controllability, we have the following corollary. Corollary 1. Given a Boolean function f V i constructed above and a variable V j, V j has controllability over Vi if and only if (1) f V i is not tautology (always true); and (2) under certain values of V j, f V i is tautology. Criterion (1) in the corollary ensures each fanin variable of Vi has enabling values because the value of Vi can change. (2) ensures that blocking values for V j exist. In the next section we describe three algorithms that solve the path controllability problem based on f V i. 4 ALGORITHMS TO SOLVE PATH CONTROLLABILITY In this section we propose three algorithms for solving the path controllability problem, and then we provide a heuristic that utilizes the strength of different algorithms for the best performance. To facilitate the presentation of our algorithms, we simplify the notation of f V i to f and rename inputs to f from {Vk s0, Ik s j } to i 1...i n, where n is the total number of Vi s fanin variables. In this new notation, we essentially have a Boolean function f with inputs i 1...i n for solving the controllability problem.

3 Path Controllability Analysis for High Quality Designs ASPDAC 19, January 21 24, 2019, Tokyo, Japan Under this new notation, the problem can be solved as follows. Given a function f and inputs i 1 to i n, our path controllability analysis algorithm iteratively tests each input i j, j {1..n} for controllability over other inputs. Inputs to our algorithm are the Boolean function f and the input i j being tested. The output is null if there is no controllability, and the output will be enabling values saved in enabling_vals if there is controllability. We assume all inputs i k, k {1..n} of f are in functional supports of f without any false path. As a result f cannot be tautoloдy since the value of Vi is possible to change, and hence each input has enabling values. Based on this assumption, i j has controllability if and only if i j has blocking values. We further assume that f is not contradiction (always false) because if f is always false, the value of Vi s0 and Vi sn will never be the same, and there is no blocking value for any input. Checking whether f is contradiction can be performed by forming a SAT instance from f and checking whether output 1 is satisfiable. If it is unsatisfiable, then none of the inputs have blocking values and hence no controllability. The following algorithms focus on how to find blocking values of i j. 4.1 Enabling Value Enumeration (EVE) One simple way to determine whether i j has controlling power over other inputs is to try all possible values of i j and see if any of the values makes f const1 (always true no matter what values other inputs are). If such a value exists, then the value is a blocking value because the target variable cannot have value change when i j has the specific value. All i j values that can make f resolve to f alse are then enabling values. Fig.2 shows our first algorithm. It uses a SAT solver to enumerate all enabling values, so the performance depends on the number of enabling values. In the algorithm, lines 3-6 use the SAT solver to enumerate the enabling values that make f false. When the result is SAT, we can extract the enabling value from the counterexample, and this value is added as a blocking clause so that the same value will not be enumerated again (lines 4-5). When the result is UNSAT, the loop is broken and we need to check if all possible values of i j are enumerated. If not, the remaining values are blocking values and i j has controllability over other inputs. Line 8 returns enablinд_vals only when i j has controllability over other inputs. Otherwise null is returned in line 10. 1: function EVE(input f, i j ; output enablinд_vals) 2: counter 0; 3: while (SatSolve(f = f alse)) do 4: push(enablinд_vals, InputGetSol(i j )); 5: AddClauseBlockVal(f, i j, enablinд_val); 6: counter counter + 1; 7: if (counter < 2 Bit Len(i j ) ) then 8: return enablinд_vals; 9: else 10: return null; Figure 2: Enabling Value Enumeration (EVE) algorithm This method is efficient when the number of enabling values is small. If there are too many enabling values, this method needs to add an exponential number of clauses to the SAT solver to block all the enumerated values, and it will greatly slow down the speed of the solver. 4.2 Exhaustive Enumeration (EE) In EVE, blocking clauses added to the solver considerably increase runtime and memory use when the number of enabling values is large. Our proposed second algorithm addresses this inefficiency using assumptions, which can be removed after the value is enumerated. Our algorithm is shown in Fig. 3. In the algorithm, lines 2-3 apply each value of i j as an assumption. If the result is SAT, the applied value is an enabling value; if the result is UNSAT, the value is a blocking value and i j has controllability over other inputs (lines 4-7). Line 9 returns enablinд_vals only when i j has controllability over other inputs. Otherwise null is returned. 1: function EE(input f, i j ; output enablinд_vals) 2: for val {0,..., 2 Bit Len(i j ) 1} do 3: AddAssumptionVal(i j,val) 4: if (SatSolve(f = f alse)) then 5: push(enablinд_vals, val)); 6: else 7: controllability true; 8: if (controllability) then 9: return enablinд_vals; 10: else 11: return null; Figure 3: Exhaustive Enumeration (EE) algorithm The advantage compared to EVE is that it does not need to add a large number of clauses to block the enabling values, so the solver is more efficient. Additionally, learned clauses from solving one value can be reused when solving other values, which also improves performance. The disadvantage is that if the bit length of i j is large, a large number of values will need to be enumerated. Setting an upper limit on the number of enabling values returned can alleviate this problem. However, if all enabling or blocking values cluster at the end of enumeration, runtime can still be long. 4.3 Enumeration after Quantification (EQ) Given a function f with n inputs, universal quantification on an input i k produces a new function f 1 = f (i k = 0) f (i k = 1). If f 1 can resolve to true, it means no matter what value i k has, the target variable will not have a different value under the given input values that make f 1 true. Based on this observation, if we perform universal quantification on all inputs other than i j, then the function f n 1 obtained after all the quantifications should resolve to true only when i j has a blocking value because f n 1 = true essentially means no matter what values all other inputs are, the value of i j can make sure the target variable does not have value change. Fig.4 shows our algorithm using quantification.

4 ASPDAC 19, January 21 24, 2019, Tokyo, Japan Lie-Jie Chen et al. 1: function EQ(input f, i j ; output enablinд_vals) 2: for k {1,..., n} do 3: if (k = j) then continue; 4: f UniversalQuantification(f, i k ); 5: f ToFRAIG(f ); 6: if (f = const0) then 7: return null; 8: while (SatSolve(f = f alse)) do; 9: push(enablinд_vals, InputGetSol(i j )); 10: AddClauseBlockVal(f, i j, enablinд_val); 11: return enablinд_vals; Figure 4: Enumeration after Quantification (EQ) algorithm In the algorithm, lines 2-7 perform universal quantification on input i k, k {1..n}, k j. Line 5 (ToFRAIG) is for better performance that we will discuss in Section 4.4. If f equals constant zero (f alse) after quantification, it means i j does not have blocking values because no value for i j can make f resolve to true, and null is returned. If f is still not a constant after all quantifications are done, then value of f only depends on i j because it is the only input left. In this case, there is at least one blocking value for i j. Otherwise, f will be constant. Therefore, i j has controllability over other inputs. Lines 8-10 use a SAT solver to enumerate enabling values for i j that make f f alse until all values are found. Line 11 then returns the results in enabling_vals. The advantage of this algorithm is that its performance often does not depend on the bit length of i j when there is no blocking value. This is important for word-level analysis because number of bits for i j can be large. Another advantage is that during universal quantification, if f becomes constant, the problem is solved. Additionally, if an input has controlling power over other inputs, its number of enabling values is typically small, hence the enumeration process is faster. However, total bit length of all other inputs i k, k {1..n}, k j is usually much larger than the bit length of i j, making the quantifications potentially time and memory intensive. 4.4 Heuristics for Better Performance Our algorithms rely on SAT solvers and the time complexity is at least NP-complete. Excluding SAT solving itself, time complexity of EVE is the number of enabling values, complexity of EE is O(2 Bit Len(i j ) ), and complexity of EQ is from performing universal quantification on n 1 inputs and SAT emulation on the final f. In practice, however, our algorithms can often determine controllability and enabling values in a reasonable amount of time. To further improve the performance of our algorithms, we present four heuristics. First, for algorithms EVE and EE, if i j is a word-level input, bitlevel false paths in i j should always be eliminated first: removing a bit in the false path can reduce enumeration by half. Second, in EQ algorithm, memory usage may grow exponentially during universal quantification. In addition, numerous dangling AIG nodes may be created that take considerable time to remove. Therefore, in our implementation we convert f into FRAIG after each quantification operation. We observed that the number of AIG nodes greatly reduced with this heuristic. After the number of nodes is reduced, if there is no blocking value for i j, f will become constant much faster. And if there are blocking values for i j, since blocking values can disallow other inputs to affect the output of f, the resulting Boolean function tends to be simpler. As a result, the number of AIG nodes also tends to be considerably smaller after converting f into FRAIG, which also makes value enumeration faster. Based on this observation, we propose the third heuristic: after quantifying i k, if f still has a large number of AIG nodes, we can skip i j because it is less likely to have blocking values. Our experimental results show that this heuristic can produce good approximate results with shorter runtime. From our experimental results, we observe that if the bit length of i j is small, EE usually can solve it efficiently. However, its performance deteriorates when the bit length gets large. Since the performance of EQ does not depend on the bit length of i j, it is more suitable for i j with larger bit length. Our fourth heuristic is that if the bit length of i j is small, EE should be used. Otherwise, use EQ. In this way, our algorithms can efficiently handle variables up to several tens of bits. In summary, we propose the following flow to efficiently solve the path controllability problem for an input i j. (1) Eliminate false paths for bits in i j. (2) If bit length of i j is large, use EQ with FRAIGing after quantification; otherwise use EE. 5 EXPERIMENTAL RESULTS In this section we show experimental results on our path controllability analysis algorithms. The benchmarks used in our experiments are summarized in Table 1. USB_RE is a commercial USB core and path controllability is obtained for CDTG or X propagation. More specifically, logic simulation brings the design to an initial state, and then symbols are injected to the inputs to read a USB packet. Symbolic simulation is performed for several cycles and path controllability analysis identifies which packet symbols can control target internal variables. The rest of the benchmarks are from Open- Cores [6] and have symbols injected to all storage devices with one cycle symbolic simulation performed. The obtained path controllability information is useful in ATPG, which enables a transition on a path under test. Table 1: Characteristics of benchmarks. Design #Register (word/bit) Description DLX 20/559 MIPS-lite 5-stage CPU CPU / compatible CPU TV80 101/230 Z-80 compatible CPU AES_core 23/426 AES encoder USB_funct 329/1767 USB function IP core USB_phy 60/98 USB physical layer USB_RE 3508/13415 Commercial USB core

5 Path Controllability Analysis for High Quality Designs ASPDAC 19, January 21 24, 2019, Tokyo, Japan Table 2: Results of path controllability analysis algorithms on different benchmarks. Word level #Variables #Ctrl. #Enab. Runtime Memory variables values EQ EVE EE EQ EVE EE DLX 1972 N/A N/A * * * N/A N/A N/A CPU s s 86.1s 12M 1340M 14M TV s 587.5s 85.7s 80M 439M 19M AES_core s 108.0s 77.8s 17M 33M 16M USB_funct s * 114.9s# 137M N/A 49M USB_phy s 0.2s 0.2s 5M 6M 6M USB_RE (10th clk) s * 468.5s# 28M N/A 25M Bit level EQ EVE EE EQ EVE EE DLX * 612.6s 566.1s N/A 12M 5M CPU s 14.9s 14.0s 53M 12M 12M TV s 39.9s 38.0s 130M 19M 19M AES_core s 78.3s 77.1s 17M 16M 16M USB_funct s 48.4s 45.3s 236M 40M 40M USB_phy s 0.3s 0.2s 17M 6M 6M USB_RE (10 clk) s 14.6s 14.5s 28M 15M 15M EQ = Enumeration after Quantification, EVE = Enabling Value Enumeration, EE = Exhaustive Enumeration, # = skip 32 bit variables Table 2 provides experimental results of our path controllability analysis algorithms applied to word-level and bit-level. In 4 of the 7 benchmarks, variables possessing controlling power are found, and some of them have multiple enabling values. When our algorithms are applied to word-level fanin variables, EQ can solve most variables in the benchmarks since it is not affected by the bit length of i j. Its memory usage is also reasonable because our FRAIG step will remove redundant nodes after each quantification operation. However, when f is too complicated, converting f into FRAIG can take an exceeding amount of time. We also observe from the results that EVE often has longer runtime. This is because there are many variables that do not have blocking values. For such variables, an exponential number of clauses need to be added to the solver, which increases memory usage and runtime. Our proposed EE algorithm uses assumptions to enumerate enabling values, which improves both runtime and memory usage. More specifically, by removing the assumption after trying a value, memory usage can be reduced. Runtime is improved because the number of total clauses is reduced and learned clauses are kept. However, EE timed out for DLX because there are numerous 32 bit variables and most bits are in real paths. In this case, EE needed to enumerate a large number of values and timed out. For USB_funct, there are also a large number of 32 bit variables, but only 6 of them have all 32 bits in real paths. For EE, we skipped these 32 bit variables to avoid timeout. Those variables in USB_funct are buffers and are less likely to have controllability over other variables. We also applied bit-level path controllability analysis to the benchmarks because bit-level analysis is important for applications such as DFT. Typically, variables can be solved very quickly at bitlevel and memory usage is reduced. More specifically, the efficiency of EVE is significantly improved because for each variable we only need to add one clause to block the enabling value. On the other hand, the efficiency of EQ is not improved much because it does not depend on the bit length of i j. To measure the performance of our third heuristic that skips inputs with a large number of nodes after quantification and FRAIGing, we apply it to the benchmarks at word level and the results are shown in Table 3. In the table, Dec. time is the runtime improvement in percentage compared with the original result. In our experiment we skip inputs that have more than 1000 nodes after quantification. Compared with the original word-level EQ results in Table 2, runtime and memory usage of most benchmarks were greatly reduced without losing much accuracy. For example, DLX timed out in the original algorithm but can be solved in 158s using our proposed heuristic. Although TV80 loses 69% enabling values, its runtime is reduced by 98.4%. This shows our heuristic is effective, but the threshold may need to be adjusted to provide good runtime and accuracy tradeoff. To measure the performance of our proposed fourth heuristic that uses different algorithms based on the bit length of the input, Table 3: Results of third heuristic that skips variables with large numbers of FRAIG nodes after quantification. Benchmark Time Dec. time Mem. Lost var. Lost val. DLX 158.5s N/A 5M 0% 0% CPU s 50.1% 11M 25.3% 19% TV s 98.4% 19M 37.6% 69% AES_core 50.2s 0% 17M 0% 0% USB_funct 313.6s 94.9% 41M 0% 0% USB_phy 0.8s 11.1% 6M 0% 0% USB_RE 10.1s 95.3% 16M 0% 0%

6 ASPDAC 19, January 21 24, 2019, Tokyo, Japan Lie-Jie Chen et al. Table 4: Results of fourth heuristic that uses different algorithms based on bit length. Benchmark Runtime Memory DLX * N/A CPU s 11M TV s 19M AES_core 78.2s 17M USB_funct 36.2s 41M USB_phy 0.2s 6M USB_RE (10th clk) 129.5s 34M clk) begin offset = offset + counter; if (addr + offset == 858 addr + offset == 13 ) if (rxdata == rxdata == 1148) begin counter = counter + 1; rxdata_d = rxdata[15:0] + counter; end if (counter % 3 == 0) txdata = rxdata_d; end Figure 5: Example RTL code of the DUT. we performed the same word-level experiments using the heuristic, and the results are shown in Table 4. In this experiment, if the functional bit length (i.e. number of bits in the real path) of i j is larger than 10, we use EQ. Otherwise, we use EE. The results show that runtime of most benchmarks are improved, suggesting the effectiveness of our heuristic. It is noteworthy to mention that for both bit and word-level experiments, the found variables with controllability often have names suggesting their controlling power. For example, state and opcode were found to have controllability over other inputs, and they usually have more than one enabling values. Variables such as rx_valid and rx_active were also found and they have enabling value 1 to allow propagation. Variable like rx_err was found and has enabling value 0. These results show that our controllability analysis algorithms can effectively extract meaningful controllability information from the circuit. To show how path controllability analysis can be used to improve design verifiability in a constrained-random simulation environment, we created a Design Under Test (DUT) and a simple testbench that generates random patterns to exercise the DUT. Fig.5 shows a simplified version of the DUT code. Variable addr and rxdata are inputs whose values are generated by the testbench, and txdata is the output of the DUT that will be checked by the testbench. A coverpoint is set on txdata and simulation stops when its coverage reaches 90%. In the DUT, specific values for addr and rxdata are needed for rxdata to reach txdata. Pure-random simulation will most likely time out because it is extremely difficult to generate correct values for addr and rxdata to enable data propagation from rxdata to txdata. To address this problem, we perform path controllability analysis by first injecting symbols into addr and rxdata and then run symbolic simulation for several cycles. Then we apply the EQ algorithm, which took 2.6 seconds to run and extracted 2 enabling values for rxdata and 6 for addr. After adding the enabling values as constraints to the testbench, it reached 90% coverage in 405 logic simulation cycles. In this simple example an engineer can easily deduce that rxdata and addr have controlling power and need to be constrained. However, for a large complicated design, such information may not be readily available, and our analysis can provide useful information to help engineers better constrain their testbenches to achieve coverage closure faster. 6 CONCLUSION Identifying variable controllability on functional paths is important for many circuit design steps such as verification and test generation. In this paper we formulated the path controllability problem and proposed several algorithms and heuristics to solve this problem. Our empirical results show that our proposed algorithms can solve path controllability analysis problems effectively and efficiently. This controllability analysis can help designers better verify and test their designs, producing higher quality final circuits that can benefit all end users. REFERENCES [1] R. E. Bryant Symbolic simulation techniques and applications. In DAC [2] J. Campos and H. Al-Asaad Search-space optimizations for high-level ATPG. In MTV [3] K. H. Chang, H. Z. Chou, and I. L. Markov RTL analysis and modifications for improving at-speed test. In DATE [4] W. Chen, L. C. Wang, J. Bhadra, and M. Abadir Simulation knowledge extraction and reuse in constrained random processor verification. In DAC [5] S. Eggersglüß and R. Drechsler As-robust-as-possible test generation in the presence of small delay defects using pseudo-boolean optimization. In DATE [6] D. Lampret et al OpenCores. Retrieved April 7, 2018 from opencores.org [7] S. Eggersglüß et al MONSOON: SAT-based ATPG for path delay faults using multiple-valued logics. Journal of Electronic Testing: Theory and Applications 26, 3 (2010), [8] D. Geist, M. Farkas, A. Landver, Y. Lichtenstein, S. Ur, and Y. Wolfsthal Coverage-directed test generation using symbolic techniques. In FMCAD [9] O. Guzey and L. C. Wang Coverage-directed test generation through automatic constraint extraction. In HLDVT Workshop [10] L. Liu and S. Vasudevan STAR Generating input vectors for design validation by static analysis of RTL. In HLDVT Workshop [11] A. Mishchenko, S. Chatterjee, and R. Brayton DAG-aware AIG rewriting: a fresh look at combinational logic synthesis. In DAC [12] A. Mishchenko, S. Chatterjee, R. Jiang, and R. Brayton FRAIGs: A unifying representation for logic synthesis and verification. In ERL Technical Report 05. [13] L. Piper and V. Vimjam X-Propagation Woes: Masking bugs at RTL and unnecessary debug at the netlist. In DVCon 12. session 5.3.