Secondary techniques for increasing fault coverage of fault detection test sequences for asynchronous sequential networks by Hoover, Lewis Ronald
Scholars' Mine 
Doctoral Dissertations Student Theses and Dissertations 
1972 
Secondary techniques for increasing fault coverage of fault 
detection test sequences for asynchronous sequential networks 
Lewis Ronald Hoover 
Follow this and additional works at: https://scholarsmine.mst.edu/doctoral_dissertations 
 Part of the Electrical and Computer Engineering Commons 
Department: Electrical and Computer Engineering 
Recommended Citation 
Hoover, Lewis Ronald, "Secondary techniques for increasing fault coverage of fault detection test 
sequences for asynchronous sequential networks" (1972). Doctoral Dissertations. 2078. 
https://scholarsmine.mst.edu/doctoral_dissertations/2078 
This thesis is brought to you by Scholars' Mine, a service of the Missouri S&T Library and Learning Resources. This 
work is protected by U. S. Copyright Law. Unauthorized use including reproduction for redistribution requires the 
permission of the copyright holder. For more information, please contact scholarsmine@mst.edu. 
SECONDARY TECHNIQUES FOR INCREASING FAULT COVERAGE 
OF FAULT DETECTION TEST SEQUENCES FOR 
ASYNCHRONOUS SEQUENTIAL NETWORKS 
by 
Lewis Ronald Hoover 
A DISSERTATION 
Presented to the Faculty of the Graduate School of the 
UNIVERSITY OF MISSOURI - ROLLA 
In Partial Fulfillment of the Requirements for the Degree 








The generation of fault detection sequences for asyn-
chronous sequential networks is considered here. Several 
techniques exist for the generation of fault detection 
sequences on combinational and clocked sequential networks. 
Although these techniques provide closed solutions for 
combinational and clocked networks, they meet with much 
less success when used as strategies on asynchronous net-
works. 
It is presently assumed that the general asynchronous 
problem defies closed solution. For this reason, a 
secondary procedure is presented here to facilitate in-
creased fault coverage by a given fault detection test 
sequence. This procedure is successful on all types of 
logic networks but is, perhaps, most useful in the asyn-
chronous case since this is the problem on which other 
techniques fail. 
The secondary procedure has been designed to improve 
the fault coverage accomplished by any fault detection 
sequence regardless of the origin of the sequence. The 
increased coverage is accomplished by a minimum amount 
of additional internal hardware and/or a minimum of addi-
tional package outputs. 
The procedure presented here will function as part 
of an overall digital fault detection system, which will be 
composed of: 1) a compatible digital logic simulator, 
2) a set of fault detection sequence generators, 3) 
secondary procedures for increasing fault coverage, 4) 
procedures to allow for diagnosis to a variable level. 
This research is directed at presenting a complete 
solution to the problems involved with developing 
secondary procedures for increasing the fault coverage 




I would like to express my appreciation to Dr. Tracey, 
not only for his helpful suggestions, constant supervision, 
and critical analysis of this work, but also for personal 
concern shown me during pursuit of my degree. 
I would like to acknowledge Dr. David Rouse of Bell 
Telephone Laboratories, Columbus, Ohio, for supplying the 
TEGAS digital simulator and modifications to facilitate 
its use during this research. 
Most of all, I wish to thank Bonnie for the under-
standing, encouragement and sacrifice, freely given, while 
obtaining my degrees. 
Appreciation is also extended to the National Science 
Foundation for the support given my studies under a NSF 
Traineeship. 
TABLE OF CONTENTS 
Page 
ABSTRACT ••••••••••••••••••••••••••••••••••••••••••••••••• i i 
ACKNOWLEDGEMENT • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • . i v 
LIST OF ILLUSTRATIONS ••••••••••••••••••.•••.•••••••••.•• vii 
LIST OF TABLES . .•.....•............•.....••..••........ viii 
I . INTRODUCTION • •.••••.•••.•••.•••••.•.••••••••.•... 1 
A. Objectives of This Research •••••••••••••••••• 1 
B. General Philosophies Governing Fault 
Detection Tests •••••••••••••••••••••••••••••• 3 
c. Review of Existing Techniques for Fault 
Detection Test Generation ••••••••••••.••••••• 6 
D. Detection Problems Unique to Asynchronous 
Networks .. · . •.•••.•.•.•...••..••..•..•.......•• 8 
E. Design Considerations for Development of 
Secondary Techniques ••.••••.•.•••.•••••••••• l2 
II. SELECTIVE MONITORING OF SIGNAL LINES .••••••••••• l6 
A. Summary of Signal Line Monitoring 
Techniques . ................................ . 16 
B. Solution by Cover Analysis •••••••••••••••••• l8 
c. A Method Using Minimization of Additional 
External Contacts •••••••••••••.••••.•.••••.• 25 
D. Trade Offs Involved in Using These Two 
Methods .....•....••......•.........•..•..... 32 
III. THE BACKWARD DRIVE METHOD FOR SETTING SIGNAL 
LINES ...........•..........••...•...........•... 3 5 
A. Summary of the Method ••.•.•••••••••.•••••••• 35 
B. Theoretical Discussion of the Backward 
Drive ....................................... 36 
v 
vi 
TABLE OF CONTENTS (Continued) 
Page 
IV. RESULTS AND CONCLUSIONS ........................ 45 
A. Data Acquisition ........................... 45 
B. Analysis of Data ........................... 48 
C. Conclusion ................................. 54 
v. APPENDIX- Sample Networks ..........••......... 57 
VI. BIBLIOGRAPHY . ...........•............••........ 6 5 
VII. VITA ........................................... 68 
vii 
LIST OF ILLUSTRATIONS 
Figures Page 
1. Example Network . .................................. 23 
2. Networks Leading to Additional Outputs ............ 31 
3. General Space Domain Model ...•.•.•.......•.....•.. 37 
4. Singular Cover for an AND Gate ...••...••.•........ 38 
5. Space Domain Model of Figure 1 ..••...•......•..... 42 
APPENDIX 
A.l. Sample Network A • ••••••••••••••••••••••••••••••••• 58 
A. 2. Sample Network B . ................................. 59 
A. 3. Sample Network c (Latched Adder) .••••.•••••••••••• 6 0 
A. 4. Sample Network D .•......•.••.•..•.••...........•.. 61 
A. 5. Sample Network E (Master-Slave FF) ••.••...•....... 6 2 
A. 6. Sample Network F •••••..•••••.•.•.•••.•••...•.•••.• 6 3 
viii 
LIST OF TABLES 
Table Page 
lo Faulty Machine List.o.ooooooooooooooooooooo•••oooo22 
2. Simulator Output Tableooooooo•oooooooooooooooooooo24 
3. Cover Analysis .... ................................ 25 
4. Fault Coverage Tableooooo••o•o•ooooooooooooooooooo30 
5o Singular Cover for Gate b(k) o o o o o o o o o o o o o o o o o o o o o o4l 
6. Singular Covers for the Gates of Figure 5oooo•o•oo43 
7o Intersection Tableoooooooooo••ooo•••oooooooo•o••oo43 
8. Results for the Sample Networksooooooooo••o•••oooo52 
9. Sequence Modifications for Table 8o•o••···········53 
APPENDIX 
A.l. Input Sequences for Sample Networks.ooo••ooooooooo64 
Chapter I 
Introduction 
A. Objectives of This Research 
This paper will first treat the general area of fault 
detection. Fault detection methods will be discussed for 
both combinational and sequential networks. 
The following definition for a fault detection test 
(fdt) will be used throughout this paper: 
An input sequence X (of length one or more} for a 
given network M is a fault detection test for fault fi 
located in M if the output response to X for M with no 
faults, and the output response to X for M with fi present, 
differ. 
It can be seen that if M is a combinational network, 
i 
the length of X for any f will be one; whereas, for an 
M of sequential structure, the length of the input sequence 
X may be greater than one. 
As will be seen in section I.e., the problem of fault 
detection for combinational networks is solved by several 
methods1 ' 2 • Many of the same methods which experience 
great success with combinational networks are also very 
3 4 ~ 
successful when dealing with synchronous networks ' '~. 
1 
This success can be accomplished readily when the synchronous 
network is considered in the space domain6 (as compared to 
the time domain). In the space domain, the synchronous 
network obeys all the restrictions placed upon a combi-
national network. 
With the asynchronous problem, however, success is 
more limited. Although some methods attempt to use space 
domain analysis on asynchronous networks3 ' 5 , the results 
are less acceptable. The reason being that due to the 
inequality of total delays within closed paths of an asyn-
chronous network, the space domain model fails. 
It is the problem of fault detection test generation 
for asynchronous networks to which this research is 
addressed. Although most of the techniques developed here-
in are applicable to general networks, the major objective 
will be to make improvements upon the results which cur-
rently exist for the asynchronous case. When considering 
the sequential problem, the asynchronous case is of most 
interest since it is more general. Faults within a syn-
chronous network may yield a network which does not obey 
the restrictions placed upon the general synchronous model. 
Throughout this paper the abbreviation fdt will be 
used when referring to a fault detection test for a single 
fault; whereas, FDT will be used when referring to the 
collection of fdt's or sequence of fdt's which attempt to 
cover all faults in a network. 
Further notation conventions, which will be followed 
where possible, will now be discussed. Lower case letters 
will be used when referring to elements of sets, vector 
2 
components, and signal lines. Upper case letters will be 
used to represent sets and vectors. Script notation, such 
asS, M etc., will be used when referring to sequences of 
vectors, sets of sets and also when naming a general net-
work. M will represent any arbitrary logic network in any 
of its faulty or fault free configurations. 
Every attempt will be made to adhere to these con-
ventions. As each new notation symbol is introduced, ex-
planation of its function will be given. 
B. General Philosophies Governing Fault Detection Tests 
When considering the packaging techniques being used 
to produce MSI and LSI networks, it can be seen that the 
generation of an efficient FDT sequence for the network is 
an important production step when the reliability require-
ments on the packages are high. In addition to aiding in 
the detection of fabrication errors and burn-in faults, the 
FDT sequence designed for a packaged network will certainly 
become an important part of the much larger FDT system for 
the entire digital system. 
It is critical that an efficient FDT sequence cover 
nearly all of the possible faults within a system. Another 
approach may be to require only that the FDT sequence cover 
the most probable faults. If near one hundred percent 
coverage is not easily attainable, then the selective 
coverage of the most probable faults is certainly a sound 
3 
approach. The assigning of meaningful probabilities of 
failure to all faults is an extremely difficult task. For 
this reason we will consider q/0 (where q = the number of 
single faults covered by an FDT sequence and Q = the total 
number of single faults contained in the network) as the 
evaluation factor for any FDT sequence. 
The methods considered within this paper will be based 
upon the validity of the single fault assumption (sfa). 
This is to say that we will be applying the FDT sequence 
to the network with sufficient frequency so that the 
probability of the system containing two or more faults is 
very small. There is certainly good reason to believe 
that the single fault assumption is not valid when search-
ing for fabrication errors in MSI and LSI packages or when 
detecting total systems structured from these packages. 
Fabrication errors caused by a bad layer within the chip 
or structural damage to the chip will cause the package 
to exhibit gross errors. It has long been accepted that 
FDTs designed under the sfa, which give good coverage of 
all single faults, will also detect the major portion of 
possible multiple fault patterns. A good FDT sequence 
would surely then detect multiple errors of the gross type 
discussed above. 
4 
When considering the design of FDT sequences, there 
are several cost factors that the engineer has available 
for trade off. Some of these are: 
1) The cost of generating the FDT sequence 
2) The cost of extra hardware within the package 
to facilitate easier generation and application 
of FDT sequence 
3) The cost of each application of the FDT se-
quence 
4) The cost of manual detection of uncovered 
faults 
The cost incurred in design of the FDT sequence is a 
one-shot cost that can be quite high. The generation of 
the FDT is usually done by computer, and if the network has 
a large number of possible faults, the time required for 
FDT generation may be very high. Time may also be spent in 
minimizing the FDT sequence, and this procedure can become 
a significant portion of the design cost. 
When the packaged elements are used in a total system 
design, costs which occur under 3) and 4) will require 
payment many times; thus, the cost of 1) may not seem so 
unbearable. 
An alternate solution to this trade off problem is 
provided by 2). In present technology the cost of adding 
a few more elements within the package while keeping the 
number of external contacts (pins) nearly constant is a 
5 
small expense. With this idea in mind, it would be inter-
esting to investigate techniques for adding internal ele-
ments which result in some of the following: 
1) Easier generation of FDT sequences 
2) Greater fault coverage for the FDT sequences 
3) Shorter FDT sequences-thus less cost for each 
application 
4) Small increase in the total cost of the 
packaged network 
c. Review of Existing Techniques for Fault Detection 
Test Generation 
The techniques employed for generating fdts are greatly 
dependent upon the type of network under consideration. 
If the network is entirely combinational in structure, there 
exist algorithms for generating fdts of length one for any 
fault within the network for which an fdt exists. Perhaps 
the most usable and useful algorithm for this purpose is 
the d-algorithrn. For a particular faulty line, the d-algor-
ithrn sensitizes all possible paths between the fault and 
outputs so that the value on the faulty line alone will con-
trol the value of the output vector. The gate inputs which 
had to be fixed to provide for the path sensitization are 
then driven back to primary inputs to obtain the test 
input vector. 
6 
The d-algorithm suffers from one weakness which is 
characteristic of most all fdt generation methods-it 
cannot detect faults in redundant elements. Redundancy 
may exist in a network for one or more of the following 
reasons: 
l) Complete functional minimization of the 
network not undertaken 
2) Redundancy used as a design tool to con-
trol erratic behaviour (such as hazards in 
a sequential network) 
3) To assure greater system reliability 
The fact that faults cannot be detected in the re-
dundant networks can, as Friedman7 points out, be very 
serious. Unless the redundancy is of the Eichelberger 
type, a failure within the redundant portion may conceal 
an otherwise detectable fault in the nonredundant portion. 
With the exception of this one shortcoming, the d-algorithm 
has solved the problem of generation of fdts for combi-
national networks. 
7 
The method of boolean difference2 ' 8 is also very success-
ful when dealing with combinational networks. This method 
depends upon an equation solving technique. The function, 
realized by the fault free network, is compared with the 
function realized by the faulty network. This comparison 
is done by a pseudo-differentiation operation based upon the 
logical XOR operation. 
There are numerous other methods for generation of 
fdts for combinational networks; however, the d-algorithrn 
and boolean difference appear to be the most useful when 
working with networks which contain more than a few ele-
ments. 
At present there is no acceptable algorithmic technique 
for generating fdts for all faults within general sequential 
networks. The methods of Kime9 and HennielO will generate 
fdts for sequential networks, but the length of the test 
sequence will in general be unacceptable. In addition to 
the production of unacceptably long sequences, these methods 
require the transition table for the network. These tech-
niques are only applicable to machines which have distin-
guishing sequences. Kohavi and Lavelle11 , 12 have demo-
strated a method for imbedding a machine with no distin-
guishing sequence within a new machine which has a distin-
guishing sequence and thereby making the faults within the 
original machine detectable. 
If the initial constraints are met, these methods are 
algorithmic; however, they require the transition table 
description of the network and result in unacceptably long 
FDT sequences. 
D. Detection Problems Unique to Asynchronous Networks 
As was mentioned in I.C., the problems which arise con-
cerning the generation of fdts for sequential networks are 
8 
much more formidable than those encountered when working 
with combinational networks. Furthermore, the problems en-
countered when considering asynchronous netvmrks are more 
formidable than those encountered with synchronous networks. 
The methods of Kime9 and Hennie10 provide a solution to the 
problem of FDT generation for synchronous sequential net-
works. 
Ashkinazy1 3 has presented a method, whereby, an asyn-
chronous network can be represented by its Augumented 
Differential Equivalent. This allows the methods of Kirne9, 
HennielO, and Kohavi and Lavelle11 , 12 to be applied to the 
asynchronous problem. 
9 
Although these methods offer a solution, it is generally 
considered to be unacceptable for several reasons. First 
of all, the FDT sequences resulting from these techniques 
are unacceptably lengthy and thus increase the cost of each 
FDT ~pplication. Furthermore, these techniques develop 
the FDT sequence based upon investigation of the transition 
table for the network. In general most networks are des-
cribed in some way other than transition table form, thus, 
the production of the transition table is an additional 
design step. Since the transition table is not ordinarily 
required in the design process, it seems that obtaining a 
transition table to facilitate fault detection is an un-
acceptable requirement. The FDT sequences obtained in 
these methods are unacceptably lengthy, thus, the additional 
design step does not yield sufficient reward. 
An approach to asynchronous sequential fault detec-
tion which does not require transition tables has been 
described by Seshu and Freeman1 4. Here the good and all 
faulty machines are simulated in parallel. At each step 
of the testing sequence all possible single input changes 
are simulated, and the one is selected which covers the 
most undetected faults. This technique is based upon 
local optimization and therefore guarantees no global 
optimization. Putzola and Roth 3 suggest that after 
initially detecting many faults, this method wanders aim-
lessly, providing no further fault coverage. 
Hsiao and Chia4 have proposed a modification of the 
combinational boolean difference technique for use in 
generating fdts for asynchronous networks-the major prob-
lem here being that the method does not guarantee maximum 
fault coverage. The authors suggest that for most net-
works tested the fault coverage was 65 to 75 percent. This 
percentage does not appear to be high enough to be totally 
acceptable. Since the number of possible paths to outputs 
increase with each level of feedback, it appears that this 
method will be most successful when dealing with a limited 
number of feedback lines, all of which have shallow feed-
back: that is, no global feedbacks. 
Putzola and Roth3 have recently presented a method 
for asynchronous fdt generation based upon a modified 
d-algorithm. This technique functions by first breaking 
10 
the feedback lines of the sequential network and then cas-
cading copies of this machine in a combinational fashion. 
Space domain analysis is being used in place of time do-
main analysis. The combinational d-algorithm is then used 
to generate a test for a particular fault in the machine. 
When the test is driven back to inputs, the result is an 
input vector at each spacial copy of the machine. The 
sequence of these input vectors is the fdt sequence for 
the fault under consideration. Due to the unequal total 
delays within closed paths of an asynchronous network, the 
space domain model is not an accurate model for the asyn-
chronous case. For this reason, this method must be con-
sidered heuristic and feedback loops must then be closed 
and the fdt sequence simulated to see if the test does 
indeed detect the fault under consideration. Since the 
path which is sensitized is not necessarily the same path 
through all copies of the machine, and since the space 
domain model is not accurate, it cannot be assumed that if 
a given fdt for a particular fault is successful, all 
faults along the sensitized path are covered by this fdt. 
In contrast, this assumption is guaranteed in the combi-
national case. 
It is found that this method also results in 65 to 
75 percent coverage of faults. If the sequential network 
being considered is at all complex, cascading copies of 
this network will result in a very complex combinational 
11 
network and will thus require a great amount of time for 
each fdt generation. An FDT sequence, generated in this 
fashion to cover all faults in a given network, could be-
come very lengthy. 
When considering those methods for generation of fdt 
sequences which do not need a transition table, it is 
apparent that the best that can be expected is 65 to 75 
percent fault coverage for a general network. Since re-
dundancies are often used in asynchronous networks and, 
as was mentioned in I.e., detection of faults within these 
redundancies is important, it must be considered a short-
coming that none of these techniques can handle redun-
dancies. 
It then appears critical to consider some secondary 
techniques which would improve the percentage of fault 
coverage and also facilitate fault detection within the 
redundant elements. 
E. Design Considerations for Development of Secondary 
Techniques 
If secondary techniques are to be useful 1n conjunc-
tion with the methods discussed in I.D., they must pro-
vide a significant increase in the total fault coverage 
realized by the resulting FDT sequence, without forcing a 
disproportionate increase in any of the cost areas 
associated with generation and application of the FDT 
sequence. 
12 
If secondary techniques can be developed, it would be 
essential that they work with the circuit description and 
information used by the primary technique and with data 
provided by the primary technique. All the techniques men-
tioned in I.D., which do not require transition tables, 
have as an integral part of their procedure, simulation of 
the generated FDT sequence on the good machine and all 
faulty machines. If the secondary techniques can be 
designed to use as input the circuit description and the 
output of the simulation provided by the primary technique, 
the additional cost caused by the secondary technique 
would be reduced. The output from the simulation may re-
quire modification; however, the actual simulation pro-
cedure would remain unchanged. 
In light of the cost discussions presented in I.B., 
it may be cost effective to add some internal package ele-
ments to facilitate a more efficient and cheaper FDT se-
quence. If additional hardware is added, it must not 
significantly increase the cost of the package and it must 
also lend itself to fault detection. Faults within the 
added elements must be detectable without destroying the 
cost efficiency of the FDT sequence. 
While the secondary techniques may be very tolerant 
of the addition of internal elements, the addition of 
external communication paths (pins) must be rigidly con-
trolled. If the secondary technique results in a large 
13 
increase in the number of pins from the package, then the 
cost struggle has been lost. Therefore, if extra pins 
are required, these must be kept to a minimum. If the cost 
effectiveness of the package is determined by: 
1) Cost to design and fabricate 
2) Cost to utilize (wire in) the package 
3) Cost to design the FDT s~quence for the package 
4) Cost of application of the FDT package 
5) Cost to manually detect uncovered faults 
the designer may find that a small increase in the cost of 
1) and 2) may yield a greater savings in areas of 3), 4), 
and 5). This suggests that the addition of selected in-
ternal elements and a minimum of external pins will not 
necessarily cause large overall cost increase. It would 
be hoped that the additional elements and pins would result 
in an FDT sequence with much greater fault coverage. 
14 
It would also be very beneficial if the secondary 
techniques could be structured so as to cover faults within 
the redundant circuits without jeopardizing the other design 
objectives. 
A good secondary technique would be one which greatly 
increases the coverage of an FDT sequence without a dis-
proportionate increase in total package and FDT cost. 
Since all existing techniques fall short of the total 
fault coverage goa~ for the asynchronous case, it will be 
the objective of this paper to present a secondary technique 
to increase the fault coverage. 
Generally it is felt that the asynchronous case will 
not have a network independent closed solution as is pro-
vided by d-algorithm and boolean difference in the com-
binational case. For this reason, it seems critical to 
develop secondary techniques which can increase the fault 
coverage of FDTs for asynchronous networks. 
Since the generation of FDT sequences for the asyn-
chronous case requires a major effort, and since the 
resulting sequence does not usually give satisfactory 
fault coverage, perhaps a more acceptable solution would 
be to use, as an FDT for an asynchronous network, a se-
quence which merely exercises the machine through its 
stable states or along some other transition paths. This 
sequence could then be backed by a good secondary tech-
nique-the result being greater fault coverage, shorter 
FDT sequences, less FDT generation time, with a small added 
cost to the package being tested. 
15 
Chapter II 
Selective Monitoring of Signal Lines 
A. Summary of Signal Line Monitoring Techniques 
In Chapter II, two techniques, which will facilitate 
coverage of faults that are undetectable by monitoring 
primary outputs under application of a given FDT sequence 
X, will be discussed. 
Consider M to represent the set of machines which can 
result from a given asynchronous network M being subjected 
to any of its possible internal single logical faults. 
That is, ifF= (f1 , f 2 , ..•.•.• fn) is the set of all pos-
16 
0 1 2 n 
sible single logical faults of M, then M = (m ,m ,m , .•..• m) 
is the set which corresponds to the configurations of the 
network M in the presence of the elements of F. That is, 
v fiE F there exists a unique miEM. The element m0 will be 
used to represent the network M in the fault free configu-
ration. 
It is assumed throughout this paper that an FDT se-
quence X is available for application to M. This FDT may 
have been generated by modified d-algorithm, boolean dif-
ference, or some other technique. However, since M may be 
asynchronous and observation is limited to primary outputs, 
in the general case X will not detect all of the single 
logical faults within M. Allow Md {d for detected) to 
. . 0 
represent the set of machines such that V m1 EMd Z1 1 Z 
(where zk represents the output sequence of mk under the 
application of X). A parallel definition exists for Mu 
(u for undetected). Thus, the application of X toM par-
titions M into two disjoint subsets, Md and Mu. Since the 
mapping from the set (M - m0) to the set F is one-to-one 
and onto, there exists a similar partitioning on F. That 
is, Fd will represent detected faults and Fu undetected 
faults. The sets Mu and Fu will be of concern here. 
A method will first be discussed which performs a 
cover analysis on all lines within the network. The result 
of this analysis will be a set of signal lines, Ss, which 
17 
can give maximum coverage to the faults of Fu under application 
of X to M. All signal lines are considered as possible out-
puts, and analysis is done to decide which set of signal 
lines can detect the most undetected faults under application 
of X. The method will lead to a set, Ss, which is minimal 
in number but not necessarily unique. The shortcoming of 
this method is that, in general, V sk£Ss' a new external 
contact must be added. Although a significant amount of 
external contact minimization can be achieved in conjunc-
tion with this method, it is found to be very network 
dependent, and in general, places no upper bound on the 
number of external contacts which must be added. 
In the second method, the set of lines which must be 
monitored is considered to be the set of all lines which 
correspond to the faults of Fu. For example, if Fu has as 
elements single faults [a(saO), a(sal), c(saO), e(saO), 
q(sal)], then the set of signal lines to be monitored will 
be Ss = (a,c,e,q). Note: As will be seen later, line a 
must be considered in two different ways. The major advan-
tage of this method is that the maximum number of new ex-
ternal contacts, which must be added to the network, is 
four (4). That is, a method is presented which allows all 
the elements of Ss to be tied to a minimum number of ex-
ternal pins. The disadvantage being that additional hard-
18 
ware is required internally to facilitate this minimization. 
Faults within this added hardware are also considered. 
The trade offs between these two techniques are dis-
cussed in section II.D. 
B. Solution by Cover Analysis 
The cover approach to the problem of selective signal 
line monitoring will be considered in this section. As 
mentioned in section II.A., this technique places no ab-
solute upper bound on the number of external contacts which 
must be added to the network. 
Consider the set of all signal lines contained in M 
to be S = s 1 , s 2 , s 3 , ....... sm). S contains all primary 
inputs, primary outputs, feedback lines, and all internal 
connection lines. For each s.t:S two logical faults can be l 
associated; that is, si (saO) and si(sal). The total number 
of faults can be collapsed across each network element, 
but since this in no way influences the method of solu-
tions, it will be ignored. For each s.£S there exists 
~ 
fi£F and fj£F and mi£M and mj£M. It has been shown that 
observation of the output sequence Z = z1 z 2z3 ..•••.. zw for 
the application of X= x 1x 2x3 •...••. xw toM performed a 
partitioning of M and F. This partitioning can be applied 
to the set S. Consider the set Su (undetected) to repre-
sent the set of signal lines such that V s.£Su there exists 
~ 
at least one fj£Fu corresponding to a logical fault on s .• 
~ 
19 
Sd will be the subset such that V s.£Sd there exists exactly 
J 
2 faults, fk and f 1 , £Fd which are associated with faults 
on signal line s .. 
J 
It can be seen that Sd and Su are dis-
joint although Su may contain signal lines which have only 
one undetected fault associated with each line. 
Since it is entirely possible that by monitoring a 
particular line, faults on other signal lines can be 
detected, all elements of the set S must be considered as 
candidates for monitoring. 
The value on signal line si after the application of 
Xk, in the X sequence, to machine mJ, will be represented 
by v(i,j,k). For the application of each input vector Xk' 
in the X sequence, first a comparison of v(i,O,k) with 
v(i,j,k) is made for all j to determine which elements of M 
can be detected by si under application of Xk. This must 
be done V s.£8. This entire process must then be repeated 
~ 
for xk+l" This continues until the entire sequence X has 
20 
been applied. The result from this operation will be a set 
of fault coverage lists of the form si,Xk,mP,ml, ... rnr, where 
this list represents the fact that by observing line s. , ]. 
while Xk' in the X sequence, is applied to M, faulty machines 
P 1 r m, m , ..... m can be detected. It is upon these fault 
coverage lists that the cover analysis must be performed to 
determine which signal lines must be monitored. 
The rules for performing the cover analysis will now 
be considered. All signal lines which are primary outputs 
are, by definition, going to be monitored. Consider the set 
of all primary output lines to be sz, V sissz) s, si is a 
primary output of M. Thus, the removal of all s.ss before ]. z 
the analysis starts is necessary. V s.sS , there is ]. z 
associated a set of fault coverage lists of the form 
p 1 r 
si,Xk,m ,m ... m. By combining all machines which are 
listed in the fault coverage lists for signal lines s., ]. 
the set Mz. is formed, where V mjsHz., mj can be detected ]. ]. 
by monitoring si. Similar sets Mzk are formed V k such that 
skssz. It can be seen that the set Md = U (Mzi) for all i 
such that s.ss (where U is the set union operation). In ]. z 
a similar fashion, sets Ms. for all i, such that, s.s(S- S) ]. ]. z 
are formed. From each such set Ms., the elements which ]. 
are common to Msi and Md are then removed. That is, 
* Ms. =Ms. - (Ms.~Md) is formed (where ~ is a set intersec-J. ]. ]. 
tion operation) . There now exists a set of the sets of 
form M:., where V mjsM:., mjsMu and mj can be detected by 
]. ]. 
monitoring s .. 
~ 
To decide which signal lines of the set 
(S - Sz) must be monitored, first a search for critical 
signal lines is performed. That is, V mi£Mu, for which 
mi is contained in one and only one 
s. 1s required. All machines which 
J 
* Msj, monitoring of 
are covered by any 
* 
such 
line sj must now be removed from the Msk for all remaining 
lines in (S- Sz). The cover analysis then proceeds using 
the following two rules: 
1) The signal line with the highest value is 
the next line entered into the set Ss. 
The value for any line is equal to the num-
ber of previously undetected faults which 
are covered by monitoring this line. 
2) If several lines have equal value, the 
choice will be arbitrary with the only priority 
being assigned to state variable lines. 
The results of this analysis will be two sets of sig-
nal lines Sz and S5 , where V si£Sz, si is a primary output 
and V sk£Ss' sk is not a primary output. Thus, SzASs = ~ 
(where~ represents the null set). 
21 
The members of Ss are the signal lines which will re-
quire additional primary outputs from the package to facili-
tate monitoring. 
If M represents a general network, then V sk£Ss' it 
is necessary to add an additional primary output. As was 
mentioned earlier, some minimization can usually be accomp-
lished; however, it is usually very network dependent. In 
general, this method places no upperbound on the number of 
new primary outputs which must be added. 
This method will be illustrated with the example 
shown in Figure 1. 
Table 1 associates with each machine m~ of the above 
network a single logical fault. 
mi Specific Fault 
1 x 1 (sal) m 
m2 x 1 (saO) 
m3 x 2 (sal) 
m4 x 2 (saO) 
mS x 3 (sal) 
m6 x 3 (saO) 
m7 a (saO) 
rna a (sal) 
m9 b(saO) 
mlO b (sal) 
mll c (saO) 
ml2 c(sal) 









Figure 1: Example Network 
For the input sequence X = x1x2x3x4 = (111) (101) (001) 
(011), Table 2 shows the values of all signal lines of the 
network shown in Figure 1. The table includes data for 
the fault free and all single fault machines. Note: Line 
c = 1 at start. 
From Table 2, it can be seen that since 
Md = 6 9 mll] then [m , m , 
* 1 m2] Mx = [m , 1 
* [m3, m4] Mx2 = 
* Mx 3 = ~ 
* 1 2 3 4 7 m8 l Ma = [m , m, m , m , m , 
* Mb = 13 
23 
24 
Signal i=machine number (mi) Fault Coverage 
Lines 0 1 2 3 4 5 6 7 8 9 10 11 12 Lists 
xl 1 1 0 1 1 1 1 1 1 1 1 1 1 x 1 ,x1 ,rn 
2 
x2 1 1 1 1 0 1 1 1 1 1 1 1 1 x 2 ,x1 ,m 
4 
x3 1 .1 ,1 1 1 1 0 1 1 1 1 1 1 x 3 ,x1 ,m 
6 
a 1 1 1 1 1 1 1 0 1 1 1 1 1 a,x1 ,m 7 
b 1 1 1 1 1 1 0 1 1 0 1 0 1 6 9 11 b,x1 ,m ,m ,rn 
c 1 1 1 1 1 1 1 1 1 1 1 0 1 c,x1 ,m 
11 
xl 1 1 0 1 1 1 1 1 1 1 1 1 1 x 1 ,x2 ,m 
2 
x2 0 0 0 1 0 0 0 0 0 0 0 0 0 x 2 ,x2 ,rn 
3 
x3 1 1 1 1 1 1 0 1 1 1 1 1 1 x 3 ,x2 ,rn 
6 
a 1 1 0 1 1 1 1 0 1 1 1 1 1 2 7 a,x2 ,rn ,m 
b 1 1 1 1 1 1 0 1 1 0 1 0 1 6 9 11 b,x2 ,rr. ,m ,m 
c 1 1 1 1 1 1 1 1 1 1 1 0 1 c,x2 ,rn 
11 
xl 0 1 0 0 0 0 0 0 0 0 0 0 0 X 1 xl, 3'rn 
x2 0 0 0 1 0 0 0 0 0 0 0 0 0 x 2 ,x3 ,m 
3 
x3 1 1 1 1 1 1 0 1 1 1 1 1 1 x 3 ,x3 ,m 
6 
a 0 1 0 1 0 0 0 0 1 0 0 0 0 1 3 8 a,x3 ,m ,rn ,m 
b 1 1 1 1 1 1 0 1 1 0 1 0 1 
6 9 b,x3 ,m ,m ,rn 
11 
c 1 1 1 1 1 1 0 1 1 0 1 0 1 6 9 11 c,x3 ,m ,rn ,rn 
xl 0 1 0 0 0 0 0 0 0 0 0 0 0 x 1 ,x4 ,rn 
1 
x2 1 1 1 1 0 1 1 1 1 1 1 1 1 x 2 ,x4 ,m 
4 
x3 1 1 1 1 1 1 0 1 1 1 1 1 1 x 3 ,x4 ,m 
6 
a 1 1 1 1 0 1 1 0 1 1 1 1 1 4 7 a,x4 ,m ,m 
b 1 1 1 1 1 1 0 1 1 0 1 0 1 6 9 11 b,x4 ,m ,m ,m 
c 1 1 1 1 1 1 1 1 1 1 1 0 1 c,X4,mll 
Table 2: Simulator Output 'l'able 
25 
The cover analysis is shown in Table -. .J • 
Elements of Mu 
ml 2 m3 4 ms 7 m8 mlO m12 m m m 
xl X X 
Signal 
x2 X X 
Lines 
a X X X X X X 
Table 3: Cover Analysis 
From Table 3, it can be seen that by monitoring sig-
nal line a, all faults coverable by this method are detected. 
By monitoring line a along with the primary output c, all 
faults except m5 , m1 0, and m12 can be detected. 
C. A Method Using Minimization of Additional External 
Contacts 
In this section a method will be described which will 
allow for selective monitoring of signal lines while mini-
mizing the number of additional external contacts required. 
The set M will again be partitioned into Md and Mu by 
the application of X to M. The elements of each Mu and Fu 
are then further partitioned into two disjoint subsets, 
Fu0 , Mu 0 and Fu1 
saO type logical 
. J. 
and Mu1 , where V mJ.€Mu 0 , the f €Fu 0 is a 
fault, and V rnj€Mu1 the fjEFu 1 is a sal 
type logical fault. 
signal line sk. s 0 
i Y fault f EFu 0 there is an associated 
will be the set of signal lines associ-
ated with the faults of Fu 0 and similarly s1 and Fu1 . 
Since, in general, we may have both logical faults fi and 
fj associated with a given line as elements of Fu, in 
general, s 1 As 0 ~ ~. The signal lines si, such that, 
26 
siE(S1 U s 0 ) are the lines which must be monitored. However, 
if under the input vector Xk from X, the signal line si 
(where s.ES 0 ) = 1 in rn°, then s. can be monitored to detect 1 1 
fi (where fiEFu 0 is one of the faults associated with si) 
during xk. Since there may be many such s. 's for a given 1 
Xk' there will be associated with each input vector two sets 
of signal lines, SXk(O) and SXk(l) where V siESXk(O) the 
fault fi (where fisFu 0 is a fault associated with si) can 
be detected by monitoring si during xk. Likewise, V 
sjESXk(l), the fault fj (where fjEFu1 is one of the faults 
associated with line s.) can be detected by monitoring line J 
sj during Xk. After the entire sequence has been applied to 
M and all of the sets of the type SXk(a) have been formed, 
a set S(O) = (SXk(O),SXk+j(O) ..••• ) is formed. S(O) is 
formed by including sufficient elements SXk(O) so that V 
siEs 0 , for which there exists at least one SXk(O) such that 
siESXk(O), there exists at least one SXk(O}ES(O}. Thus, 
fi£Fu 0 can be detected by monitoring si during xk. Similarly 
S(l) = (sx1 (1), sxl+r(l) ••••. ). 
The following notation is now defined. If we have a 
set R = (r1 ,r2 ,r3 , •.••.•• rk)' then II(R) = II(r1 ,r2 , ..•• rk) = 
(r1 • r 2 • r 3 • •.•• rk), where (·) represents the logical 
AND operation. Similarly, I (R) = I (rl ,r2----~) = 
(rl + r2 + r3 + --- r ) k where (+) is the logical OR 
operation. 
Utilizing the above notation, the functions 
cp ( 0) = I [II ( sx . { 0 ) , I 0 ] 
s (0) l. 
cp(l) = II [I (SX. (1) , Il] 
S(l) J are formed. 
The I signals are conditioning signals which will be de-
fined later. The cp's express the logic function which 
must be realized on the additional network outputs so as 
to cover the faults of Fu which are detectable by this 
method. 
In realizing cp(Q), it can be seen that each element 
of S(O) will define the input list to an AND gate. That 
is, V SXk(O)ES(O) there will be defined an AND gate AXk(O). 
Each such AXk(O) will have as inputs all elements of the 
set SXk(O) plus an additional conditioning signal I 0 • The 
outputs of all such AXk(O) gates will completely define the 
input set for an OR gate cp(Q). The output of cp(Q) will re-
present one of the additional required primary outputs. 
Note: This discussion has been based, for simplicity, 
upon two level AND-OR logic. Certainly, the type logic 
27 
elements actually utilized and the method of interconnection 
is unrestricted so long as the function realized is un-
altered. 
A similar two level OR-AND structure can be described 
for the cp(l) function. Due to the parallelism between these 
28 
two functions, the verbal description of ¢(1) is omitted. 
The I 0 and r 1 signal lines are used to facilitate fault 
detection of the added hardware. I 0 = 1 during the appli-
cation of every Xk toM, for which SXk(O)sS(O). I 1 = 0 
during the application of every Xk toM, for which SXk(l)sS(l). 
It must be mentioned that if the network is such that every 
Xi of X has associated with it an SXi(a)sS(a) (for a= 0 or 
a = 1), then an additional input vector must be added to X 
to facilitate the detection of the gates in the ¢(a) network. 
That is, if line I must be used to condition the gates of 
a 
network ¢(a) during the entire X sequence, then an additional 
input vector must be added to X so that I can be used to a 
detect faults in the ¢(a) network. 
From the above discussion it can be seen that if the 
machine is fault free, then ¢(0) = 1 VXi for which there 
exists an SXi(O)sS(O). Likewise, if we have the fault 
fJsFu 0 on the signal line siss0 , then ¢(0) = 0 for all Xk, 
such that sisSXk(O). 
A saO fault on the output of gate AXk(O) of the ¢(0) 
network will result in ¢(0) = 0 during Xk. Also, ¢(0) saO 
will be detected by ¢(0) = 0 during an Xk for which SXk(O) 
sS(O). If there exists an Xr such that SXr(0)¢$(0), then 
setting Io = 0 during xr yields .0 ( 0) = 0 for mo; but ¢ ( 0) 
will equal 1 if any gate in the .0 ( 0) network is sal. 
A similar argument can be given for the output values 
and the faults within the ¢ (1) network. 
The procedure for realizing the ¢(a) function will 
be demonstrated by Figure 2. 
Refering to the network of Figure 1, the following 
sets are enumerated to further clarify the theoretical 
discussion. 
Md = [m6 ,m9 ,roll] 
Mu = [ml' m21 m3 1 m41 mS' m7, m8' mlO, ml2] 
Mu 0 = [m2 , m4 1 m7] 
Mu1 = Im1 1 m31 mS, m8, mlO, ml2] 
Fu 0 = [x1 (saO), x 2 (sa0), a (saO) J 
29 
Fu1 = [x1 (sal), x 2 (sal), x 3 (sal), a (sal), b (sal), c (sal)] 
s 0 = [x1 , x 2 , a] 
s1 = [x1 , x 2 , x 3 , a, b, c) 
From Table 4, it can be seen that: 
S(O) = (SX1 (0)) or 
s ( 0) = ( SX 2 ( 0) I sx 4 ( 0) ) 
s ( 1 ) = ( sx 3 ( 1 ) ) 
The networks which lead to outputs %(0) and %(1) are 
shown in Figure 2. S(O) = [sx2 (0), sx4 (0)] is used to 
give an example of a two level result. 


































rno so sl 

























Table 4: Fault Coverage Table 
30 
sx1 (O)=[x1 ,x2 ,a] 
sx1 (1)=,0 
sx2 (0)=[x1 ,a] 
SX2 (l)=[x2 ] 
sx3 {0)=,0 
sx3 (l)=(x1 ,x2 ,a) 
SX4 (0)=(x2 ) 





+ cp ( 0) 






=-----~~~------------------------------- cp ( 1) 
a 
Figure 2: Net\vorks Leading to Additional Outputs 
Considering the example above, assume that while 
r 0 = 1, X is applied to m0 . With X= x1 or x2 , then ~(0) = 1. 
However, if any of the signal lines which constitute the 
sets contained in S(O) are saO, then during either x1 or x2 
¢(0) will equal 0. To check for any gate within the ¢(0) 
network sal, r 0 is set to 0 and this should yield ¢(0) = 0. 
Any gate contained in the ~(0) network which is saO will 
cause ¢(0) = 0 during x1 and/or x2 . 
Assume that while I 1 = 0, X is' applied to mO. With 
X= x3 , ~(1) should equal 0. If any of the signal lines 
which constitute the sets contained in S(l) are sal, ~(1) 
will equal 1. With I 1 = 1, ~(1) should equal 1 for all X. 
However, if any gate within the ~ ( 1) net'i.vork is saO, ~ ( 1) 
will equal 0 for I 1 = 1. With I 1 = 0, any gate within the 
~(1) network which is sal will yield ~(1) = 1 during some 
Xk for which ~(1) should= 0 under fault free conditions. 
D. Trade Offs Involved in Using These Two Methods 
Both methods presented above are attempts to yield 
increased fault coverage for any general asynchronous net-
work M. These methods will also be effective on combina-
tional or synchronous sequential networks for which the 
associated X does not give total coverage. It will be the 
purpose of this section to discuss the relative value of 
these methods. 
The obvious trade offs are very evident. The method 
of section II. B., to be referred to as method 1, required 
no additional hardware elements within the package. There 
are networks where the maximum number of new outputs, which 
must be added for method 1, will be less than the four con-
tacts which method 2 (the method of section II.C.) yields 
32 
as an upper bound. Certainly, on networks of this type, 
method 1 should be used. Since no upper bound can be placed 
on the number of new contacts required by method 1, it is 
felt that a technique similar to method 2 is critical. It 
seems necessary to establish an upper bound on new contacts 
required from any package since the actual interconnection 
33 
of external contacts is a major portion of the cost. In 
light of present fabrication techniques, the costs associated 
with addition of internal package elements is very minor. 
Most networks, which have been analyzed by method 2, have 
required a relatively small percentage of additional inter-
nal elements. For these reasons, method 2 appears to pre-
sent the most satisfactory solution to the general problem. 
Since method 1 and method 2 require the same type of 
data for analysis, it seems likely that an attempted solu-
tion by method 1, which does not yield success, could be 
followed by method 2 without an additional major analysis 
cost. 
It would certainly be hard to argue that a method 2 
solution with four new network contacts and additional 
internal hardware is better than a method 1 solution which 
requires five new network contacts. The decision mecha-
nisms would have to consider such variables as: cost of 
additional internal elements, cost to 11 wire in" each new 
network contact, cost of analysis of test sequence outputs. 
On some problems, it has proven beneficial to monitor 
several lines by method 1 and then switch to method 2 to 
guarantee a realistic upper bound on the number of new 
contacts required. 
It should be mentioned that either method allows faults 
within redundant logic sections to be detected. Inability 
to detect faults in the redundancies is one of the major 
shortcomings of the most popular FDT sequence generation 
schemes for all networks - combinational and sequential. 
One trade off for method 2 can yield an upper bound 
on the number of new network contacts of three. This can 
be done by eliminating one of the I lines. If the sequence 
X is applied twice, a single I line can serve as I 0 during 
the first application of X and serve as I 1 during the 
second application. During the first application, output 
~(0) would be observed; while during the second application, 
attention would be on ~(1). The only restriction, which 
must be met, is that all state requirements, which must be 
fulfilled by M before X is applied, must also be satisfied 
before the second application. The implications of this 
restriction are outside the scope of this paper. 
Since it has been assumed that the generation of the 
34 
X sequence was accomplished by one of the many existing 
methods, it can be seen that given an FDT sequence X for M 
the percentage of faults covered by X can be increased by 
selective signal line monitoring. Since for the asynchronous 
case, percentage of fault coverage has been generally much 
less than one hundred, it appears that the additional costs 
involved in adding a minimum of new package contacts is 
a cost which might be willingly paid. 
Chapter III 
The Backward Drive Method for Setting Signal Lines 
A. Summary of the Method 
It was shown in section II.A., that when an FDT 
sequence X was applied to M, observation of the output 
sequence peformed a partitioning of M into two disjoint 
subsets, Md and Mu, where V mi€Md, zi f z 0 (where zk is 
the output sequence for mk under the application of X) 
and V mj€MU, Zj f z0 . 
By selective monitoring of various state variable 
and internal signal lines, further partitioning of Mu 
into two disjoint subsets, Mud and Muu was accomplished. 
i A similar partition exists on Fu; that is, Y m €Mud, 
then fi€Fud and V mj€Muu, then fi€Fuu. If the external 
contacts, which have been added to facilitate this par-
titian are considered to be the r components of an output 
vector P, then for the application of X on M the results 
are: 
1) i i 0 k . V m €Mud' p f p (where p 1s the output 
sequence of P vectors from mk under appli-
cation of X). 
2) V mj€MUU, Pj = pO. 
Application of the FDT sequence X to M has been 
successful in detecting all single faults except those 
which result in the set Muu. Since these faults could 
not be detected by direct monitoring of the signal line, 
35 
it is apparent that under the application of X to M, the 
signal 
assume 
line associated with fault fi, v fi£Fu , did not 
u 
the proper value to allow for detection of fi. As 
an example, to facilitate detection of the fault, line a 
(sal), the FDT sequence must force line a in m0 to assume 
the value 0 at least once. The problem is to develop a 
heuristic which will allow modification of X so as to en-
able detection of the faults fi£Fu • The heuristic tech-u 
nique presented here borrows on the theory which has 
developed around the use of Roth's d-algorithm1 • A simi-
larity will be seen between this method and the consistency 
test or backward drive segment of the d-algorithm. 
B. Theoretical Discussion of the Backward Drive 
Following Breuer6 it is suggested that the time domain 
analysis of the system M be mapped into its corresponding 
spacial equivalent. This mapping can be accomplished if, 
for each new input vector, a new copy of M is allowed. 
Since it is the goal to force a given value on a particular 
line in m0 , the multiple copies of m0 will be labeled C{k), 
c0 (k-l) ,----c0 (k-L+l). The length L of the new sequence 
X mi is generated in this manner can be dynamically deter-
mined within reasonable restraints. The space domain analy-
sis can be understood by observing Figure 3. 
The copies of the machine are interconnected in such 
a way that in addition to the original input vector, c0 (k-d} 
























Y(k-d-l) from copy C (k-d-1). 
Assume that it is necessary to generate an input se-
quence X mi of length L to aid in detecting fiEFu , a sal u 
fault on line a. First, assign line~ in c0 (k) the value 
0 and attempt to drive this signal from c0 (k) back through 
all copies to c 0 (k-L+l). 
The method for accomplishing the backward drive will 
now be discussed. For all gates along the signal paths 
which control line a of c 0 (k), the singular covers15 must 
be formed. An example of the singular cover for a 3 input 
AND gate is given in Figure 4. 
The singular cover for c0 (k) is formed between inputs 
and signal line a. The required value on line a is then 
driven backward to the inputs of c0 (k) by performing inter-
sections on the singular covers of the gates along the 
38 
path. All parallel paths must be intersected simultaneously. 
However, intersections need not be made with singular cover 
vectors for gates whose outputs are unrestricted. The rules 
for intersection are: 
singular cover 
c b=O e b c d e d 
1 1 1 1 
0 X X 0 
X 0 X 0 
X X 0 0 
Figure 4: Singular Cover for an AND Gate 
lAO = Jij xAO = 0 = OAx 
OAl = J3 xAl = 1 = 1/\x 
If at any time during the backward drive a J3 results, then 
an inconsistency exists and a retrace is required beginning 
with a new vector from the appropriate singular cover. 
If M is asynchronous, care must be taken when picking 
.vectors from the singular cover for intersection. It must 
be assured that D[X(k-r)-X(k-r+l)] ~ 1 (Where o is the 
Hamming inter-vector distance). As an example, if X(k-2) = 
[Oxxl] and X(k-1) = [Olxl], D = 1. This, however, may force 
the revaluation of D[X(k-1) - X(k)]. 
When the backward drive to the inputs of c 0 (k) is com-
pleted, the values required on the input vectors X (k) , and 
Y(k) must be investigated. If the state variable vector 
Y(k) which is being input form the c0 (k-l) copy is Y(k) 
[xxx •••• x] (unrestricted}, then the result is a sequence 
mi of length L = 1. However, if Y{k) f. [xxxx ..• x], the 
backdrive must continue through c0 (k-l). This procedure 
= 
X 
continues until at some level (k-L+l), Y(k-L+l) = [xxx .•. x]. 
This strategy is required so that the sequence which is 
generated is not state dependent. Therefore, the sequence 
X mi is forced to produce the desired result on line ~ 
regardless of the state of M when X mi is applied. If, 
due to network configuration, information concerning machine 
state is known, this requirement can be appropriately 
relaxed. If at the (k-r) level the condition Y{k-r) = 
[xx ••••• x] is not satisfied, the procedure must continue 
39 
to the (k-r-1) level. However, this process must not 
be allowed to continue indefinitely. One criteria for 
stopping the process short of success would be to deter-
mine some cost effective constant R and require that L < 
R+l. 
If this technique yields a sequence X mi and if M 
is synchronous, X mi is certain to assign the proper 
value to line a; that is, if X mi = X(k-L+l), X(k-L+2) , .... 
X(k-1), X(k) is applied to rn° beginning at time t = t 0 , 
line a will assume the desired value at t = t 0 + L 
(with L assigned time units). If M is asynchronous, the 
space domain model fails; thus, the technique is heuristic, 
and X mi must be simulated to check on its validity. In 
either case, if X mi is valid, the new FDT which covers the 
set of faults, If there are other 
faults, fjEFu , which are not covered by XX mi then this 
u 
procedure would be repeated for fj. There is no guarantee 
that the X mi found in this manner is optimal. The length 
of X mi is dependent upon the choice of vectors from the 
singular covers. 
After all sequence modifications of the form X mj 
have been produced, the total modifications are then simu-
lated with X, to determine their success. If the X mJ•s 
are successful these results must be combined with either 
method 1 or method 2. 
To illustrate this method, an example follows b~sed 
upon the network of Figure 1. 
40 
Assume that signal line £ (saO) is a fault which has 
not been detected. It is necessary to force a logical 1 
on b. This procedure begins by turning to the space domain 
analysis and forming the singular cover of the network 
from line b to the inputs of copy c0 (k) . The space domain 
model is shown in Figure 5. 
x 3 (k) c(k-1) b(k) label 
1 1 1 A 
1 X 0 B 
X 1 0 c 
Table 5: Singular Cover for Gate b(k) 
Table 5 shows the singular cover vectors for b(k) 
in C 0 (k) . 
Since the feedback line c(k-1) ~ x when b(k) = 1, 
the process must proceed to the (k-1} level. Therefore, 
c0 (k-l) is added to Figure 5 and the singular covers listed 
in Table 6 are formed. 
The singular cover vector A from b(k), labeled Ab(k), 
can be intersected with either A or B of the singular 
cover of c(k-1). Since b is the gate which is influenced 
directly by the feedback line, the intersection between 
Ab(k) and Bc(k-l) is performed. This intersection will 
place less restrictions on the feedback line which is input 
to gate b(k). The results of the intersections are shown 
in Table 7. A* need not be intersected with any of the 
41 
x 2 (k-l} 
-___Jr 
x 1 (k-1) 
c (k-2) 














x3 (k} I 
c0 (k-l} c0 (k} 










x 1 (k-1) 
X 
c0 (k-1) c0 (k} 
c(k-2} x 3 (k-1} a(k-1) . ) c (k-1) label gate na me 
X 1 1 A 
1 X 1 B c(k-1) 
0 0 0 c 
1 1 1 A 
0 X 0 B b(k-1) 
X 0 0 c 
1 1 A 
X l B a(k-1) 
0 0 c 
Table 6: Singular Covers for the Gates of Figure 5 
x 2 (k-l) c(k-1} x 3 (k-l) a(k-1) b(k-1) c(k-1) x 3 (k) b (k) label I description 
l X l 1 l A* Ab (k)A Be (k-1) 
1 1 X 1 1 1 B* A*A Aa (k-1) 
Table 7: Intersection Table 
.;::. 
w 
singular covers of b(k-1) since b(k-1) = [x]. A* is now 
intersected with either Aa(k-l) or Ba{k-l). The result 
is shown for Aa(k-l)" This final vector has Y(k-1) = 
c{k-2) = [x]. Therefore, the procedure stops with L = 2. 
The X mi sequence is x1x2 = {xlx} (xxl). It can be verified 
by hand simulation that this sequence does indeed force 
line b to have a value 1. 
44 
Chapter IV 
Results and Conclusions 
A. Data Acquisition 
In order to do fault detection analysis on any network, 
it is necessary to simulate the behavior of the network in 
all of its faulty configurations under the application of X. 
This can be done most efficiently by utilizing a digital 
logic simulator with a parallel simulation feature. The 
TEGAs16 simulator is such a system. This system simulates 
32 different network configurations with each pass through 
the network. 
The sample networks, which were used in collecting 
data, are shown in the appendix. Networks were chosen 
which exhibit features that generally complicate the prob-
lem of realizing total fault coverage. 
Network A is an asynchronous sequential network which 
is highly redundant. By writing the output function for 
this network, it can be seen that the x1 input is unneces-
sary. 
Network D is a well known17 combinational network, 
which contains reconvergent fan-out. This network, with a 
large section of added redundancies, appears in Table 8 
as network D'. D', in conjunction with network A, provides 
a good test for the ability of the secondary techniques to 
cover faults within redundancies. 
45 
Networks B, E, and F are asynchronous sequential net-
works. These networks all contain several feedback lines, 
and the feedbacks are to several levels within the net-
works. This type problem is the most difficult type asyn-
chronous network to handle. The inequality of the total 
delays within closed feedback paths causes the analogy bet-
ween time domain analysis and space domain analysis to 
break down. It was felt that these networks would provide 
the most serious challenge for the secondary techniques. 
Network C is a synchronous sequential network. This 
network, along with network D, was included to demonstrate 
that the secondary techniques presented herein are appli-
cable to all types of networks. 
The input sequences which were applied to the sample 
networks are listed in Table A.l of the appendix. Although 
several algorithms for generating FDT sequences were dis-
cussed in Chapter II, these methods were not applied here. 
To generate sequences by any of these methods would require 
a computerized implementation of the algorithm. Since 
this was not readily available, the input sequences were 
generated in other ways. If a state table for the network 
was available, one of the sequences was chosen to exercise 
the network through its stable states. Otherwise, the 
sequences are random sequences. In the asynchronous net-
works the sequences were designed so that only one input 
variable was changing at a time. The input vector was 
46 
applied as a constant input to the asynchronous networks 
until the network stabilized (fundamental mode) . It 
would be interesting to observe the performance of the 
secondary techniques when working in conjunction with an 
FDT sequence of algorithmic origin. However, since no 
algorithmic technique for FDT generation can assure total 
fault coverage, the structure of the FDT merely governs 
the degree of dependence upon the secondary techniques. 
The TEGAS simulator is now implemented on an IBM 360/50 
system. The actual time required to do the simulation for 
the examples was very short. There was no test run which 
required more than 1 minute and 40 seconds of computer time. 
On most of the test runs, 2/3 of the actual computer time 
was spent preprocessing the data, while 1/3 was spent doing 
the actual simulation. This fraction is dependent upon 
the network and the length of the sequence being simulated. 
Assuming network structure independence, the actual time 
for simulation increases linearly with the number of network 
elements. 
47 
The simulator presents the network data in a form which 
is readily usable by the secondary techniques. The signal 
line values can be readily interrogated at any time to detect 
fault coverage. Although the actual data analysis for the 
secondary techniques was done manually, this process will 
be program implemented and interfaced with the simulator. 
Based upon an analysis of the operations actually 
performed by the simulator and the operations required by 
the secondary techniques, it appears that an increase in 
simulation time of less than 30% would be required by the 
secondary techniques. This increase would represent the 
total cost associated with the secondary techniques since 
the preprocessing step would remain unchanged. It is 
believed that after the secondary techniques have been 
program implemented and interfaced with TEGAS, the total 
run times on networks similar to the ones tested will be 
in the neighborhood of 2 minutes. These techniques are 
not intended for application to logical networks of entire 
systems. Based upon the above run times, it can be seen 
that the computer cost associated with doing fault coverage 
analysis, including application of secondary techniques, 
would be very acceptable on modular networks. 
B. Analysis of Data 
The results presented in this section do not totally 
exhaust the data collected; however, they are considered 
to be a representative sample. 
48 
Table 8 is a compilation of the results obtained from 
analysis of the test run data. The Network-Sequence row 
label of Table 8 acts as a joint pointer to the network and 
the corresponding input sequence which gave rise to the data 
in the associated row of the table. This pointer can be 
followed to the figures and tables of the appendix to find 
the circuit diagram and the corresponding input sequence. 
The data columns within Table 8 are as follows: 
I) The total number of faults considered 
II) The number of faults which were detectable by 
monitoring primary outputs only 
III) The number of additional signal lines which 
require direct monitoring as suggested by 
method l (Section II.B) 
IV) Additional fault coverage yield by method 1 
V) Additional hardware required by method 2 
(Section II.C) 
VI) Additional fault coverage yield by method 2 
VII) A pointer to Table 9 where the input sequences 
generated by the backward drive are listed 
VIII) Additional fault coverage yield by the backward 
drive technique 
IX) Total final fault coverage as a percentage of 
column I 
The total number of faults considered for each network 
was the total of all possible single faults within the net-
work after fault collapsing was performed across each gate. 
That is, for an n input AND gate, n+2 single faults are 
considered (as opposed to 2n+2): each input (sal) and the 
output (sal) and (saO). A (saO) fault on an input of an 
AND gate is equivalent to the output (saO). 
49 
The data of columns III and IV is associated with 
the method of selective signal line monitoring presented 
in Section II.B. This method places no upper bound on 
50 
the number of additional signal lines which must be directly 
monitored; however, if it results in 4 or fewer signal 
lines, it is to be preferred over the method of Section 
II.C, which places an upper bound of 4 on the number of 
additional network contacts which must be added, but re-
quires additional internal hardware to assure this maximum. 
Columns V and VI contain data associated with the 
application of method 2. 
Although it is entirely possible that a combination 
of methods 1 and 2 could yield a joint solution on a 
particular network which would be more acceptable than the 
solution presented by either method independently, no 
example of this type was encountered while running the 
tests shown in Table 8. 
Columns VII and VIII contain information associated 
with the backward drive technique presented in Chapter III. 
Column VII contains a pointer into Table 9. By following 
this pointer, the input sequence modifications, which were 
generated by the backward drive technique, can be found in 
Table 9. This sequence was concatenated with the X se-
quence from Table A.l and resimulated to assertain if it is 
successful in increasing fault coverage. The success or 
failure of this technique is reflected by value in column VIII. 
Column IX lists the final fault coverage percentage. 
This is calculated by finding the total of either columns 
II, IV, and VIII or columns II, VI, and VIII and then 
comparing this with column I. 
The (--) symbols \-Jithin Table 8 indicate that for the 
test run under consideration, the method indicated by the 
(--) was not needed. 
51 
The backward drive technique was completely successful 
in all cases except example E-2. After the backward drive 
was applied, the resulting sequence modifications were simu-
lated to determine the success of the modified sequence. 
In all cases, except E-2, the success was total. Network E 
has multiple feedback lines to varying levels. On a net-
work of this structure, the space domain model for the 
time domain system is a poor model. In this situation, 
the model failed, and the modified sequence was unable to 
detect the remaining 3 faults. 
On networks A and D', which are highly redundant net-
works, the secondary techniques handled the faults within 
redundancies with no problem and resulted in total fault 
coverage for all input sequences. 
None of the example networks were exceedingly large. 
However, as will be mentioned in Section IV.C, it appears 
that the results on larger networks will be equally success-
ful. In fact, it is expected that there will be improver.-;ent 
in the area of percentage of increased cost associated with 
Network- I II Sequence 
A-1 11 4 
A-2 I 11 10 
A-3 I 11 8 
B-1 24 7 
B-2 24 4 
B-3 24 9 
C-1 31 19 
C-2 I 31 16 
D-1 I 25 7 D-2 25 11 
D-3 25 13 
D I -1 29 2 
D'-2 29 6 
E-1 20 19 
E-2 I 20 6 F-1 28 18 
F-2 I 28 21 
III IV v VI VII 
2 3 --- -- a 
1 1 --- -- ---
2 3 --- -- ---
4 13 --- -- b 
4 12 --- -- c 
4 13 --- -- d 
4 12 --- -- ---
4 12 --- -- e 
7 13 3 gates 13 f 
7 12 3 gates 12 g 
5 9 4 gates 9 h 
8 25 6 gates 25 i 
8 23 6 gates 23 ---
1 1 --- -- ---
4 11 --- -- j 
6 10 4 gates 10 ---
3 7 --- -- ---







































a b c d e f g 
x10 xxxO 1111 xxxO 0000 1111 110x 
1xx xxlO 1110 xxlO llOx 
Ollx 1010 Ollx 
1110 
0110 









the extra contacts and hardware required by methods 1 and 
2. It is assumed that these secondary techniques would be 
applied at the packaged component level rather than at the 
total system level. For this reason, the size of the net-
works would be limited. 
By observing Table 8, in conjunction with Table A.l, 
it can be seen that the success of fault detection is very 
sequence dependent. The dependency is upon both length of 
the sequence and the order of the input changes. The 
secondary techniques presented herein had a high degree of 
success, regardless of the input sequence. In most cases, 
when using these secondary techniques, the changing of an 
input sequence affects the cost of realizing total single 
fault coverage. In contrast, existing methods have the 
input sequence as the only variable which can be exercised 
to yield increased fault coverage. 
C. Conclusion 
54 
Using the results presented in Section IV.B as a basis 
upon which to draw conclusions, the secondary techniques 
presented herein are extremely successful. The goal of 
total single fault coverage was realized on every example 
except one. Several of the example networks had multiple 
feedbacks to various levels, and several contained redundant 
sections of logic which would ordinarily introduce many 
undetectable faults. On these examples, the secondary 
techniques were very successful in obtaining total single 
fault coverage. 
The amount of extra hardware required by method 2 
was relatively high. Method 2 never results in any fewer 
than 3 or 4 additional gates; studies indicate it also 
seldom requires more than 6 or 7 additional gates. With 
this in mind, it seems probable that on networks with 
55 
large number of gates, the percentage of required additional 
gates will decrease. The same argument is offered with 
respect to the additional contacts required for methods 
1 and 2. The maximum of 4 will be more acceptable when 
this number represents a smaller percentage increase. This 
will certainly be the case when the network has more ele-
ments and more external contacts. 
Two design criteria can be suggested which would yield 
easily detectable networks: 1) limiting the number of 
feedback lines and the levels of logic over which the 
feedback is passed and 2) designing the network so as to 
keep the delay in all feedback loops nearly equal. These 
design criteria are attempts to strengthen the analogy 
between time domain and space domain analysis for the 
asynchronous case. The goodness of this analogy is the 
basis for the success of some of the FDT generation algor-
ithms and for the backward drive secondary technique. How-
ever, since these design rules are not and can not always 
be followed, the need for a reliable set of secondary 
techniques is critical. 
The success of existing methods for doing fault detec-
tion on general networks is a direct function of the network 
being considered. Regardless of the effort spent in re-
fining the FDT sequence, the level of fault coverage will 
be limited by the structure of the network. Although 
the additional cost required by the secondary techniques 
presented herein is dependent upon the input sequence, 
the level of fault coverage is much less dependent upon 
network structure. 
This study indicates that if these secondary tech-
niques are utilized in conjunction with a reasonable FDT 
sequence, total coverage of all single faults within a 





This section contains the circuit diagrams for the 
networks which were used in collecting the data that is 
presented in Section IV.B. Table A.l lists the input 
sequences which were applied to the networks of Figures 
A.l-A.6 to obtain the data shown in Table 8. 
The input sequences for the asynchronous networks 
were structured within the constraints of the single input 
change restriction. 
57 
Table A.l does not display the timing diagram for the 
application of input sequences. In all sample runs, except 
E-2, the input variable vector has held level until the 
network stabilized. 
It was found that changing the input vector, before 
the network stabilized, gave better fault coverage for 
sequence 2 on network E. This procedure was suggested by 
the observation of an apparent.cyclic condition within 
network E under the application of sequence 1. 
58 
N





































f:: rO U) 
N
 ..-:;:: 


















































-~ x2 -~ ~ 

















Figure A.6: Sample Network F 
64 
Network 
A B c D E F 
Sequence 
000 0001 1100 0001 1 00 
001 0011 1101 0000 0 01 
101 0111 1110 0001 1 11 




000 0001 1100 0001 1 00 
001 0011 1101 0000 0 10 
101 0111 1110 0001 0 11 
2 111 1111 0011 1 01 
110 1110 1111 0 11 
1 10 
00 
000 0001 0001 
100 0011 0100 
101 0111 0101 
3 111 1111 0111 
110 1110 0000 
010 1010 
011 0010 
Table A.l: Input Sequences for Sample Networks 
BIBLIOGRAPHY 
1. J.P. Roth, "Diagnosis of Automata Failures: A Calculus 
and A Method", IBM J. Res. Develop. , Vol. 10, 
pp. 278-291, July, 1966. 
2. M.Y. Hsiao and D.K. Chia, "Fundamentals of Boolean 
Difference for Test Pattern Generation", Proc. 
4th Annual Pr1"nceton Cor1f Inform s · • • Cl. , 
March, 197 0. 
3. G.R. Putzola and J.P. Roth, "A Heuristic Algorithm 
For the Testing of Asynchronous Circuits", IEEE 
Trans. on Elec. Comp., Vol. C-20, pp. 639-647, 
June, 1971. 
4. M. Y. Hsiao and D. I<. Chia, "Boolean Difference for 
Fault Detection in Asynchronous Sequential 
Machines", IEEE Trans. on Elec. Comp., Vol. C-20, 
pp. 1356-1361, Nov., 1971. 
5. W.G. Bouricius et al., "Algorithm for Detection of 
Faults in Logic Circuits", IEEE Trans. on Elec. 
Comp., Vol. C-20, pp. 1258-1264, Nov., 1971. 
6. H.A. Breuer, "A Random and an Algorithmic Technique 
65 
for Fault Detection Test Generation for Sequential 
Circuits", IEEE 'l'rans. on Elec. Cornp., Vol. C-20, 
pp. 1364·-1370, Nov., 1971. 
66 
7. A.D. Friedman, "Fault Detection in Redundant Circuits .. , 
IEEE Trans. on Elec. Comp., Vol. EC-16, pp. 99-100, 
1967. 
8. F.F. Sellers, M.Y. Hsiao and L.W. Bearnson, 11 Analy-
zing Errors With The Boolean Difference .. , IEEE 
Trans. on Elec. Comp., Vol. C-17, pp. 676-683, 
1968. 
9. C.R. Kime, 11 An Organization for Checking Experiments 
on Sequential Circuits", IEEE Trans. on Elec. 
Comp., Vol. EC-15, pp. 113-115, 1966. 
10. F.C. Hennie, "Fault Detecting Experiments for Sequen-
tial Circuits", Proceedings of the 5th Annual 
Switching Theory and Logical Design Symposium, 
S-164, pp. 95-110, 1964. 
11. z. Kohavi and P. Lavallee, "Design of Sequential 
Machines With Fault Detection Capability .. , 
IEEE Trans. on Elec. Comp., Vol. EC-16, pp. 
473-484, 1967. 
12. z. Kohavi and I. Kohavi, 11 Variable Length Distinguish-
ing Sequences and Their Application to the Design 
of Fault Detection Experiments .. , IEEE Trans. on 
Elec. Comp., Vol. C-17, pp. 792-795, 1968. 
13. A. Ashkinazy, "Fault Detection Experiments for Asyn-
chronous Sequential Machines", Conference Record 
of the Eleventh Annual Symposium on Switching 
and Automata Theory, pp. 88-93, October, 1970. 
14. S. Seshu and D.N. Freeman, "The Diagnosis of Asyn-
chronous Sequential Switching Systems", IRE 
Trans. on Elec. Comp., Vol. EC-11, No. 4, pp. 
459-465, August, 1962. 
15. H.V. Chang, E. Manning, G. Metze, Fault Diagnosis of 
Digital Systems, New York: John Wiley and Sons, 
19 7 0 , pp. 2 9-4 7 . 
16. D.M. Rouse, "A Simulation and Diagnosis System Incor-
porating Various Time Delay Models and Functional 
Elements", Ph.D. Dissertation, University of 
Missouri - Rolla, Rolla, Missouri, 1970. 
17. P.R. Schneider, HOn the Necessity to Examine D-Chains 
in Diagnostic Test Generation- An Example," 
IBM Journal of Research and Development, Vol. 11, 
p. 14, 1967. 
67 
VITA 
Lewis Ronald Hoover was born on July 23, 1940, in 
Martinsburg, Pennsylvania. He received the Bachelor of 
Science degree in 1962 from Shippensburg State College. 
Following graduation, he married Bonnie Lou Spealman, a 
college classmate. 
In August, 1963, he was awarded the M.A. degree from 
Washington University, St. Louis, Missouri. 
68 
He was on the Physics Department faculty of Shippensburg 
State College from 1964 to 1969. During the summers of 
1967, 1968, and 1969, he was a graduate student in the 
Computer Science Department of the University of Missouri -
Rolla. In 1970 he was on the staff of the same department. 
Along with his duties as the father of three young 
daughters, he is currently studying under a National Science 
Foundation Fellowship in the Electrical Engineering Depart-
ment of the University of Missouri - Rolla. 
He is a member of Phi Sigma Pi and the Institute of 
Electrical and Electronic Engineers. 
Upon completion of his degree, he will begin duties 
as a Professor of Mathematics and Computer Science at West 
Chester State College, West Chester, Pennsylvania. 
