DETAILED ACTION
This office action addresses Applicant’s response filed on 3 August 2022.  Claims 1, 7, 8, 14, 15, and 21 are pending.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 7, 8, 14, 15, and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 2018/0349521 to Jana in view of US 2004/0237012 to Prasad, Fisette (“Debugging Low Test-Coverage Situations”), Syal (“Untestable Fault Identification using Recurrence Relations and Impossible Value Assignments”), US 2020/0200820 to Strasser, and Smith (“How formal reduces fault analysis for ISO 26262”).
Regarding claim 1, Jana discloses a non-transitory computer-readable storage medium storing instructions, which when executed by a processor, cause the processor (¶51) to:
use a formal verification environment to prove a first set of properties for a design under verification (DUV) (¶32-34, 37);
identify a set of non-detected faults (NDFs) that do not falsify the first set of properties, wherein the set of NDFs corresponds to weaknesses in the formal verification environment (¶32-34, 37);
adding a fault register, wherein each bit of the fault register corresponds to an enable signal that injects a corresponding fault (¶40);
creating a set of properties, each property expressed as an implication from a bit in the fault register to a conjunction of a set of assertions (¶40);
Jana does not appear to explicitly disclose that instructions cause a processor to construct a sequential equivalence checking formulation based on the DUV and the set of NDFs wherein said constructing the sequential equivalence checking formulation comprises: creating a first model that models the DUV, and a second model that models a mutated DUV with injected NDFs, creating a set of assumptions, each assumption forcing an input of the first model to be equal to a corresponding input of the second model, creating a set of assertions, each assertion requiring an output of the first model to be equal to a corresponding output of the second model, use a formal sequential equivalence checking tool to prove the second set of properties in the sequential equivalence checking formulation; determine a subset of the set of NDFs that falsifies at least one property in the second set of properties; and prioritize the subset of the set of NDFs in the set of NDFs, which prioritizes an order in which weaknesses of the formal verification environment are analyzed and fixed.
Prasad, Fisette, and Syal disclose prioritizing the subset of the set of NDFs in the set of NDFs, which prioritizes an order in which weaknesses of the formal verification environment are analyzed and fixed.  Specifically, Prasad discloses classifying NDFs as testable or untestable (¶5, 34), and Fisette (p. 5, last paragraph) and Syl (p. 1, section 1, par. 1) disclose that untestable faults should be deprioritized.
Strasser discloses constructing a sequential equivalence checking formulation based on the DUV and the set of NDFs (¶49, 50) wherein said constructing the sequential equivalence checking formulation comprises:
creating a first model that models the DUV, and a second model that models a mutated DUV with injected NDFs, creating a set of assumptions, each assumption forcing an input of the first model to be equal to a corresponding input of the second model, creating a set of assertions, each assertion requiring an output of the first model to be equal to a corresponding output of the second model, use a formal sequential equivalence checking tool to prove the second set of properties in the sequential equivalence checking formulation; and determine a subset of the set of NDFs that falsifies at least one property in the second set of properties (¶50).
In the event that Strasser is found to be unclear regarding the set of assumptions and the set of assertions, Smith also discloses creating a set of assumptions, each assumption forcing an input of the first model to be equal to a corresponding input of the second model, and creating a set of assertions, each assertion requiring an output of the first model to be equal to a corresponding output of the second model (p. 6, col. 2, par. 1).
Jana does not appear to explicitly disclose that the enable signal injects a corresponding NDF into the second model, and that the created set of properties is a second set of properties, each property expressed as an implication from a bit in the fault register to a conjunction of the set of assertions.  However, these limitations are taught by the combination of Jana, Prasad, Syal, Strasser, and Smith.  Jana discloses determining faults that are not detected by a set of test patterns, and Prasad discloses that undetected faults can be further processed to identify untestable faults, which are faults that do not propagate to observable outputs, as noted by Syal.  Strasser and Smith disclose that fault propagation is determined by formal sequential equivalence checking in which faults are injected into a design to create a faulty design, the inputs of the original and fault-injected designs are constrained/assumed to be equal, the outputs of the original and fault-injected designs are asserted to be equal, and the assertions are (dis)proved.  Jana discloses that formal checking by fault injection uses a fault register in which the enable signal injects the fault, and the set of properties being proved are implications from a bit in the fault register to a conjunction of the assertions (¶40).  Thus, performing the formal checking by fault injection of Strasser and Smith in the manner taught by Jana would result in the enable signal injecting a corresponding NDF into the second model and creating a second set of properties, each property expressed as an implication from a bit in the fault register to a conjunction of the set of assertions, as claimed.
It would have been obvious to persons having ordinary skill in the art before the effective filing date of the application to combine the teachings of Jana, Prasad, Fisette, Syal, Strasser, and Smith, because doing so would have involved merely the routine combination of known elements according to known techniques to produce merely the predictable results of more quickly classifying faults that do not propagate to observable outputs as undetectable, so that test debugging efforts can be prioritized elsewhere.  KSR Int’l Co. v. Teleflex Inc., 82 U.S.P.Q.2d 1385, 1395.  Jana discloses determining NDFs that are not detected by test patterns.  Prasad discloses that NDFs can be classified as testable or untestable to improve efficiency of test pattern generation by allowing test debugging effort to be prioritized elsewhere, as taught by Fisette and Syal.  Syal further teaches that untestable faults do not propagate to observable outputs.  Strasser and Smith disclose that such non-propagating faults can be identified by sequential equivalence checking in which faults are injected and the outputs of original and fault-injected designs are asserted to be equal, and then formally verifying the assertions.  Jana further teaches that formal verification with fault-injection is performed by fault register to allow simultaneous evaluation of faults.  The teachings of Prasad, Fisette, Syal, Strasser, and Smith are directly applicable to Jana, so that Jana’s NDFs could similarly be rapidly classified as (un)testable faults, so that test debugging effort could be prioritized away from untestable faults.
Regarding claim 7, Jana does not appear to explicitly disclose that the formal checking tool provides a counter-example trace for each property in the second set of properties that is falsified, and wherein the instructions, which when executed by the processor, cause the processor to provide the counter-example trace to a user.  Strasser discloses these limitations (¶50).  Motivation to combine remains consistent with claim 1.
Claims 8 and 14 are directed to apparatuses for performing the same process as in claims 1 and 7, and are rejected under the same reasoning.  Strasser further discloses apparatuses comprising memory and processor for performing the claimed process (¶81).
Claims 15 and 21 are directed to the same process recited in claims 1 and 7, and are rejected under the same reasoning.

Response to Arguments
Applicant’s arguments with respect to claims 1, 7, 8, 14, 15, and 21 have been considered but are moot in view of the new grounds of rejection.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARIC LIN whose telephone number is (571)270-3090. The examiner can normally be reached M-F 07:30-17:00 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jack Chiang can be reached on 571-272-7483. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
19 November 2022







/ARIC LIN/            Examiner, Art Unit 2851     




/JACK CHIANG/            Supervisory Patent Examiner, Art Unit 2851