Skip to content

DFT · Chapter 15 · Interview & Signoff Review Preparation

DFT Signoff Review Checklist

The signoff review checklist is the team-facing gate that says a design is testable. A signoff review is a cross-team meeting where DFT presents evidence that the design is testable and the test is valid, and reviewers from DFT, STA, RTL, and product test gate tapeout, so the checklist is both the agenda and the required evidence. It runs by area, and each item is a question plus the evidence that answers it: scan and DRC, test and fault coverage, patterns with a diagnostic mode, multi-mode timing, memory BIST and repair, test access, debug readiness, and no open mistakes. The mindset is evidence-based, not assertion-based, so every claim must be backed by an artifact, and signoff means all areas are green because coverage is necessary but not sufficient. A good reviewer catches the red flags before tapeout.

Advanced15 min readDFTSignoffReviewChecklistTapeout

Chapter 15 · Section 15.4 · Interview & Signoff Review Preparation

Project thread — the mini-SoC's signoff review: the 14.6 package, presented and gated by the checklist. 15.3 built debug reflexes; 15.5 self-assesses readiness.

1. Why Should I Learn This?

The signoff review is where 'is this design testable?' gets decided — a cross-team, evidence-based gate. The checklist turns the whole track into a runnable agenda that catches the known mistakes before tapeout.

  • A signoff review = a cross-team gate (DFT/STA/RTL/test) where DFT presents evidence the design is testable and the test valid.
  • The checklist runs by area — scan, coverage, patterns, timing, memory, test access, debug, no-open-mistakes — each item a question + its evidence.
  • Evidence-based, not assertion-basedeach claim needs an artifact; 'trust me' is not signoff.
  • Signoff = all areas greencoverage is necessary, not sufficient (14.6); red flags = known mistakes surfacing (13.6).

2. Real Silicon Story — the signoff that a checklist saved

A team pushed to sign off an IP on a strong coverage number'99% fault coverage, we're done.' The pressure was to tape out on schedule. Someone ran the signoff checklist anyway.

The checklist's other items surfaced two would-be silicon failures. TIMING: the multi-mode STA item asked 'is shift constrained?' — and it wasn't. The design was functional-clean but the shift mode had never been timed (no hold checks) — a functional-clean ≠ test-clean trap (12.5) that would have shipped as silicon chain miscompares. DEBUG READINESS: the diagnostic-mode item asked 'with compression on, is there a bypass mode for localization?' — and there wasn't — so any real defect would have diagnosed loosely (13.4), stalling failure analysis. Signoff was blocked until both were closed: they added the shift-run SDC + lock-ups and built the diagnostic mode, then re-reviewedall areas green — and signed off. The checklist caught two silicon failures before tapeout. Lesson: signoff is all areas green, not a coverage numbercoverage is necessary, not sufficient (14.6). The checklist forces the other questions, and each red flag it catches is a known mistake (13.6) that would otherwise have shipped. 'Trust me' is not signoff — evidence is.

3. Factory Perspective — the signoff review through each lens

  • What the DFT lead sees: the checklist as the agenda — present evidence per area, drive all green, block on any red flag.
  • What the STA reviewer sees: the timing itemmulti-mode / test-clean (functional + shift + capture), SE constrained — backed by the SDC.
  • What the RTL/DV reviewer sees: the no-open-mistakes item — unmasked X, redundant classification, scan-friendly RTL closed.
  • What product/test + management see: the manufacturable testcompressed patterns + diagnostic mode + MBIST/repair + test access — and a gate that prevents test-broken tapeouts (schedule/cost).

4. Concept — the checklist, the evidence rule, and the red flags

What a signoff review is:

  • A cross-team meeting where DFT presents evidence that the design is testable and the test is valid; reviewers (DFT lead, STA, RTL/DV, product/test) gate tapeout.
  • The checklist = the agenda + the required evidence.

The checklist by area (question + evidence):

  • SCAN: all state flops scanned? chains balanced? DRC clean (no uncontrolled clocks/resets/latches)? → [DRC report]
  • COVERAGE: test and fault coverage reported? redundant classified? at/above target? gaps understood? → [coverage report]
  • PATTERNS: stuck-at + at-speed generated? compressed? a diagnostic (bypass) mode present? → [pattern set]
  • TIMING: multi-mode STA clean — functional + shift + capture/at-speed = test-clean? SE constrained? → [timing/SDC]
  • MEMORY: MBIST coverage (fault models) reported? BISR/repair? bitmap diagnosability? → [MBIST/repair report]
  • TEST ACCESS: JTAG/1500 brought up? test modes decoded? boundary scan (if needed)? → [access/mode plan]
  • DEBUG READINESS: diagnostic mode, chain-diagnosis, failure-analysis flow ready? → [debug plan]
  • NO OPEN MISTAKES (13.6): unmasked X? unconstrained mode? skipped structural check? all closed? → [mistakes gate]

The review mindset:

  • Evidence-based, not assertion-basedeach claim must be backed by an artifact. 'Trust me' is not signoff.
  • Signoff = all areas greencoverage is necessary, not sufficient (14.6).

Red flags (each a known mistake surfacing, 13.6):

  • Coverage without the fault categories (test vs fault, redundant).
  • 'Functional-clean' offered as test-clean (unconstrained mode).
  • No diagnostic mode with compression (loose diagnosis).
  • Memory not signed off (untested array).
  • An open DRC waiver (skipped structural check).
  • A mode not constrained (multi-mode gap).
The signoff review checklist areas: scan, coverage, patterns, timing, memory, test access, debug readiness, and no-open-mistakes, all of which must be green with evidence for tapeout
Figure 1 - the DFT signoff review checklist areas (representative). A signoff review gates tapeout by driving EVERY area GREEN, each backed by evidence: SCAN (DRC report) -> COVERAGE (test+fault, classified) -> PATTERNS (stuck-at+at-speed, compressed, diagnostic mode) -> TIMING (multi-mode = test-clean) -> MEMORY (MBIST/BISR) -> TEST ACCESS (JTAG/1500) -> DEBUG READINESS (diagnostic/chain-diagnosis/FA) -> NO OPEN MISTAKES (unmasked X / unconstrained mode / skipped check, 13.6). Signoff = ALL green (coverage is necessary, NOT sufficient, 14.6). A red flag in any area = a known mistake surfacing -> BLOCK until closed.

5. Mental Model — an aircraft pre-flight sign-off, not a thumbs-up

A DFT signoff review is an aircraft pre-flight sign-off — a checklist with evidence, not a pilot's casual thumbs-up.

  • Before a plane flies, a crew runs a checklist by systemfuel, hydraulics, control surfaces, avionics, engines — and each item requires evidence (a gauge reading, a visual inspection), not the mechanic's word. A 'looks fine to me' doesn't clear the aircraft; a green gauge does.
  • A DFT signoff is the same: each area (scan, coverage, timing, memory…) has an item and requires an artifact (the DRC report, the coverage report, the SDC). 'Coverage is good, trust me' is a thumbs-up; the coverage report with fault categories is a green gauge.
  • And you can't fly on one green gauge: full fuel doesn't clear a plane with dead hydraulics — just as 99% coverage doesn't clear a design with an unconstrained shift mode. All systems green, or it doesn't fly.
  • The checklist exists precisely to catch the known failure modes (13.6) — the red flags are the items that have grounded planes before — so a rushed thumbs-up under schedule pressure can't skip them.

An aircraft pre-flight sign-off (checklist by system, evidence per item, all green or it doesn't fly) — not a casual thumbs-up; the checklist catches the known failure modes before takeoff (tapeout).

6. Working Example — the checklist with evidence per claim

The signoff checklist as questions, evidence, and red flags:

Azvya Education Pvt. Ltd.VLSI Mentor
Snippet
# DFT signoff review checklist - QUESTION + EVIDENCE + RED FLAG - REPRESENTATIVE:
 
AREA          QUESTION (must be YES)                                  EVIDENCE (artifact)        RED FLAG (block)
-----------   ------------------------------------------------------  -------------------------  ------------------------------
SCAN          all flops scanned? chains balanced? DRC clean?          DRC report                 open DRC waiver
COVERAGE      test AND fault reported? redundant classified? target?  coverage report            coverage w/o fault categories
PATTERNS      stuck-at + at-speed? compressed? diagnostic mode?       pattern set + diag mode     no diagnostic mode w/ compression
TIMING        multi-mode clean (functional+shift+capture)? SE constr? timing/SDC + STA reports   "functional-clean" as test-clean
MEMORY        MBIST fault-model coverage? BISR/repair? bitmap?        MBIST/repair report        memory not signed off
TEST ACCESS   JTAG/1500 up? test modes decoded? boundary scan?        access/mode plan           no test access plan
DEBUG READY   diagnostic mode? chain diagnosis? FA flow?              debug plan                 no debug/diagnosability plan
NO OPEN MIST. unmasked X? unconstrained mode? skipped check? (13.6)   mistakes gate closed       any 13.6 root cause open
 
# RULE 1: EVIDENCE-BASED - each YES is backed by an ARTIFACT ; "trust me" is NOT signoff.
# RULE 2: ALL GREEN - signoff needs EVERY area green ; coverage is NECESSARY, not SUFFICIENT (14.6).
# RULE 3: A RED FLAG = a known mistake (13.6) surfacing -> BLOCK signoff until closed.

Each claim in the review must map to an artifact — no artifact, no green:

Each signoff claim maps to a required artifact: coverage-is-good to the coverage report, timing-is-clean to the SDC and STA reports, memory-is-tested to the MBIST report, and no-open-mistakes to the closed mistakes gate'Coverage is good'→ coverage report(test+fault, classified)'Timing is clean'→ multi-mode SDC + STAreports'Memory is tested'→ MBIST/repair report'We can debug it'→ diagnostic mode +chain-diagnosis planNo artifact = 'trustme' = NOT signoffdemand the artifact behindeach claim12
Figure 2 - claim -> required evidence (representative). Signoff is EVIDENCE-BASED: every claim maps to an artifact, and no artifact means no green. 'Coverage is good' -> the COVERAGE REPORT (test+fault, redundant classified). 'Timing is clean' -> the multi-mode SDC + STA reports (functional+shift+capture). 'Memory is tested' -> the MBIST/repair report. 'We can debug it' -> the diagnostic-mode + chain-diagnosis plan. 'No open mistakes' -> the 13.6 gate closed. A claim with no backing artifact is 'trust me' - which is NOT signoff. The reviewer's job is to demand the artifact behind each claim.

7. Industry Flow — present evidence, probe, gate

The review presents evidence per area, reviewers probe each claim, and tapeout is gated on all-green:

The signoff review flow: DFT presents evidence per area, reviewers probe each claim for its artifact, and tapeout is gated on all areas being green with any red flag blockingPresent evidence per area → reviewers probe (demand artifacts) → all green? sign off : block until closedPresent evidence per area → reviewers probe (demand artifacts) → all green? sign off : block until closed1Present evidence per areaeach claim backed by an artifact2Reviewers probedemand the artifact; check fault categories, shift, diag mode3All areas green?coverage necessary, not sufficient (14.6)4Sign off (tapeout)evidence-based, cross-team decision5Red flag → BLOCKa known mistake (13.6) → close first
Figure 3 - the signoff review flow (representative). (1) DFT PRESENTS EVIDENCE per area (scan/coverage/patterns/timing/memory/access/debug/mistakes), each claim backed by an artifact. (2) REVIEWERS PROBE - demand the artifact, check the fault categories, ask 'is shift constrained?', 'is there a diagnostic mode?'. (3) ALL GREEN? -> SIGN OFF (tapeout). (4) ANY RED FLAG? -> BLOCK until closed (a known mistake surfacing, 13.6). Signoff is evidence-based and requires EVERY area green - coverage is necessary, not sufficient (14.6). The checklist catches the known silicon failures before tapeout.

8. Debugging Session — the review pushed to sign off on coverage alone

1

A review is pushed under schedule pressure to sign off on a strong coverage number alone, but running the full checklist surfaces the other areas: the multi-mode timing item reveals the shift mode was never constrained so functional-clean is not test-clean, and the debug-readiness item reveals there is no diagnostic bypass mode despite compression so real defects would diagnose loosely -- both are known mistakes, so signoff is blocked until the shift-run SDC with lock-ups and the diagnostic mode are added, after which all areas are green and the checklist has caught two would-be silicon failures before tapeout

SIGNOFF IS ALL AREAS GREEN, NOT A COVERAGE NUMBER — EVIDENCE-BASED, AND THE CHECKLIST CATCHES THE KNOWN MISTAKES BEFORE TAPEOUT
Symptom

Under schedule pressure, a review is pushed to sign off on a strong coverage number alone'99% fault coverage, tape out.' Is a coverage number enough to sign off?

Root Cause

No — signoff is all areas green, not a coverage number, and running the full checklist surfaces two would-be silicon failures: the multi-mode timing item reveals the shift mode was never constrained (functional-clean is not test-clean), and the debug-readiness item reveals there is no diagnostic bypass mode despite compression (so real defects would diagnose loosely). The 14.6 lesson is explicit: coverage is necessary but not sufficient — a design is test-clean only when every area is closed. The checklist forces the other questions that a coverage-number-only signoff skips. TIMING: the multi-mode STA item asks 'is shift constrained (hold checks)?' — and here it wasn't; the design is functional-clean but the shift mode was never timed, a functional-clean ≠ test-clean trap (12.5) that ships as silicon chain miscompares. DEBUG READINESS: the diagnostic-mode item asks 'with compression on, is there a bypass mode for localization?' — and there isn't; so any real defect would diagnose loosely (13.4), stalling failure analysis in silicon. Both are known mistakes from the catalog (13.6) — an unconstrained mode and a missing diagnosability provision — surfacing as red flags exactly where the checklist is designed to catch them. Signing off on coverage alone would have shipped both — the review would have rubber-stamped two silicon failures because it substituted one green gauge (coverage) for the whole pre-flight.

Fix

Block signoff until all areas are green: close the timing gap by adding the shift-run SDC with lock-up latches so multi-mode STA is test-clean, and close the debug gap by building the diagnostic bypass mode, then re-review — after which every area is green and the checklist has caught two would-be silicon failures before tapeout. Treat the checklist as a gate, not a formality: a red flag blocks signoff until closed. For TIMING, add the shift-mode SDC (slow shift clock, scan_enable=1 case analysis, hold checks) and lock-up latches across domain crossings, then run multi-mode STA (functional + shift + capture/at-speed) to confirm test-clean (12.5) — backed by the SDC + STA reports. For DEBUG READINESS, build the diagnostic (bypass) mode so the compactor can be bypassed for failing patterns, restoring per-cell observability for diagnosis (13.4) — backed by the debug/diagnosability plan. Re-review with evidence per area: coverage (test + fault, classified), scan DRC, patterns (now with a diagnostic mode), timing (now multi-mode clean), memory (MBIST/BISR), test access, debug readiness, and no open mistakesall green — then sign off. The principle to lock in: a DFT signoff review is a cross-team, evidence-based gate that says the design is testable and the test is valid, and it is passed only when every area is green — scan and DRC, test and fault coverage with redundant classified, stuck-at and at-speed patterns with a diagnostic mode, multi-mode timing that is test-clean, memory MBIST and repair, test access, debug readiness, and no open mistakes — because coverage is necessary but not sufficient (a high coverage number can coexist with an unconstrained shift mode, a missing diagnostic mode, or an untested memory), and each claim must be backed by an artifact rather than an assertion ('trust me' is not signoff); the checklist exists precisely to force the questions a rushed, coverage-only signoff skips, so that the known mistakes (an unmasked X, an unconstrained mode, a skipped structural check, no diagnosability) surface as red flags and are closed before tapeout rather than shipping as silicon failures. (The mistakes catalog is 13.6; the signoff package is 14.6; multi-mode timing is 12.5; the diagnostic mode is 13.4.)

9. Common Mistakes

  • Signing off on a coverage number alone. All areas green — coverage is necessary, not sufficient (14.6).
  • Accepting assertions. Each claim needs an artifact — the report/SDC/plan; 'trust me' is not signoff.
  • Offering 'functional-clean' as test-clean. A red flag — demand multi-mode STA (shift + capture) (12.5).
  • Skipping the diagnostic-mode check with compression. Loose diagnosis ships — require a bypass mode (13.4).
  • Waiving a DRC/mode item under schedule pressure. A red flag is a known mistake (13.6) — block, don't waive.

10. Industry Best Practices

  • Run the checklist by area — scan, coverage, patterns, timing, memory, test access, debug, no-open-mistakes.
  • Demand an artifact per claim — evidence-based; 'trust me' is not signoff.
  • Require all areas green — coverage is necessary, not sufficient (14.6).
  • Treat red flags as blocks — each is a known mistake (13.6); close before tapeout.
  • Keep the checklist reusable — it's the cross-team gate for every project (and a lessons-learned carrier).

11. Senior Engineer Thinking

  • Beginner: "Coverage is 99% — sign it off."
  • Senior: "Coverage is one green gauge, not the whole pre-flight. I run the checklist: is shift constrained (multi-mode test-clean)? is there a diagnostic mode with compression? is the memory MBIST-signed-off? are there open mistakes (unmasked X, unconstrained mode)? Each claim needs an artifact'trust me' is not signoff. All areas green or we don't tape out — because coverage is necessary, not sufficient, and every red flag is a known mistake waiting to ship."

The senior treats signoff as an evidence-based, all-green gate, demands artifacts, and blocks on red flags.

12. Silicon Impact

The signoff review checklist is where the entire track becomes a decision — the cross-team gate that says 'this design is testable and the test is valid' and authorizes tapeout. It consolidates the mistakes catalog (13.6) and the IP signoff package (14.6) into the form they take in the room: a review where DFT presents evidence and the DFT lead, STA, RTL/DV, and product/test gate the design. The checklist runs by areaSCAN (DRC clean), COVERAGE (test + fault, redundant classified), PATTERNS (stuck-at + at-speed, compressed, diagnostic mode), TIMING (multi-mode = test-clean, SE constrained), MEMORY (MBIST/BISR, bitmap), TEST ACCESS (JTAG/1500, modes), DEBUG READINESS (diagnostic mode, chain-diagnosis, FA), and NO OPEN MISTAKES (unmasked X / unconstrained mode / skipped check) — and each item is a question plus the evidence that answers it. Two rules give the checklist its force. First, evidence-based, not assertion-based: each claim must be backed by an artifact (the DRC report, the coverage report, the SDC), because 'trust me' is not signoff. Second, signoff = all areas green, the 14.6 truth that coverage is necessary, not sufficient — a 99% coverage number can coexist with an unconstrained shift mode (functional-clean ≠ test-clean, 12.5), a missing diagnostic mode (loose diagnosis under compression, 13.4), or an untested memory (14.5). The checklist's red flags are exactly the known mistakes of 13.6 surfacing — coverage without fault categories, functional-clean offered as test-clean, no diagnostic mode with compression, memory not signed off, an open DRC waiver, a mode not constrained — and the checklist is the gate that catches them before tapeout rather than letting them ship as silicon failures. For the DFT lead, it's the agenda and the evidence bar; for the STA/RTL/test reviewers, it's the cross-team language that lets each probe their domain; and for management, it's the guardrail against a schedule-pressured, coverage-only tapeout. This lesson is where 13.6's prevention and 14.6's package become a repeatable ritual, and it's the team-facing counterpart to the individual skills of 15.1–15.3 (facts, judgment, debug reflexes). It leads directly to 15.5 — the readiness self-assessment, where you ask the same evidence-based question of yourself: can I stand in this review and defend every area? The throughline: a DFT signoff is an evidence-based, cross-team, all-green gate — each claim backed by an artifact, coverage necessary but not sufficient — and the checklist exists to catch the known mistakes before tapeout, because 'trust me' is not signoff.

13. Engineering Checklist

  • Ran the review by area — scan, coverage, patterns, timing, memory, test access, debug, no-open-mistakes.
  • Backed every claim with an artifact — evidence-based; refused 'trust me' as signoff.
  • Required all areas green — treated coverage as necessary, not sufficient (14.6).
  • Blocked on every red flag — each a known mistake (13.6); closed before tapeout.
  • Verified the specific traps — multi-mode timing (shift constrained), diagnostic mode with compression, memory signed off.

14. Try Yourself

  1. List the checklist areas and, for each, the question and the evidence (artifact) that answers it.
  2. Explain why signoff = all areas green — why coverage is necessary but not sufficient (14.6).
  3. State the evidence rule — why 'trust me' is not signoff and each claim needs an artifact.
  4. Name four red flags and the known mistake (13.6) each represents.
  5. Run a mock review on a design that has 99% coverage but an unconstrained shift mode — what do you catch, and do you sign off?

The checklist is tool-neutral and consolidates the whole track; the evidence is the standard signoff artifacts. No paid tool required to run the review.

15. Interview Perspective

  • Weak: "For signoff you check that coverage is high enough."
  • Good: "Signoff checks coverage, timing, patterns, and memory, and you need reports to back each up."
  • Senior: "A DFT signoff is a cross-team, evidence-based gate — I run a checklist by area: scan (DRC clean), coverage (test + fault, redundant classified), patterns (stuck-at + at-speed, compressed, diagnostic mode), timing (multi-mode = test-clean, SE constrained), memory (MBIST/BISR), test access (JTAG/1500), debug readiness, and no open mistakes (13.6). Each claim needs an artifact — the DRC report, the coverage report, the SDC — because 'trust me' is not signoff. And I require all areas green: coverage is necessary but not sufficient (14.6) — a 99% number can hide an unconstrained shift mode or no diagnostic mode. Every red flag is a known mistake surfacing, and the checklist is the gate that catches it before tapeout."

16. Interview / Review Questions

17. Key Takeaways

  • A DFT signoff review is a cross-team, evidence-based gate where DFT presents evidence that the design is testable and the test is valid, and reviewers (DFT/STA/RTL/test) gate tapeout — the checklist is the agenda + the required evidence.
  • The checklist runs by area, each item a question + its evidence: scan (DRC), coverage (test + fault, classified), patterns (stuck-at + at-speed, compressed, diagnostic mode), timing (multi-mode = test-clean, SE), memory (MBIST/BISR), test access (JTAG/1500), debug readiness, no open mistakes (13.6).
  • Evidence-based, not assertion-based: each claim needs an artifact — the report/SDC/plan. 'Trust me' is not signoff.
  • Signoff = all areas greencoverage is necessary, not sufficient (14.6); a high number can hide an unconstrained mode, a missing diagnostic mode, or an untested memory.
  • Red flags = known mistakes (13.6) surfacing — coverage without fault categories, functional-clean-as-test-clean, no-diagnostic-mode-with-compression, memory-not-signed-off, open-DRC-waiver, unconstrained-mode — each blocks signoff; the checklist catches them before tapeout. Next: 15.5 — DFT readiness self-assessment.

18. Quick Revision

DFT signoff review checklist. A signoff review = a CROSS-TEAM, EVIDENCE-BASED gate: DFT presents evidence the design is testable + the test valid ; reviewers (DFT/STA/RTL/test) gate tapeout. CHECKLIST by area (question + evidence): SCAN (DRC clean) · COVERAGE (test AND fault, redundant classified, target) · PATTERNS (stuck-at + at-speed, compressed, DIAGNOSTIC MODE) · TIMING (multi-mode = TEST-CLEAN, SE constrained) · MEMORY (MBIST/BISR, bitmap) · TEST ACCESS (JTAG/1500) · DEBUG READINESS (diag/chain-diagnosis/FA) · NO OPEN MISTAKES (unmasked X / unconstrained mode / skipped check, 13.6). RULES: each claim backed by an ARTIFACT ('trust me' is NOT signoff) ; ALL areas GREEN (coverage NECESSARY, not SUFFICIENT, 14.6). RED FLAGS = known mistakes surfacing → BLOCK until closed (catches silicon failures pre-tapeout). Next: 15.5 — DFT readiness self-assessment.