Scholars' Mine
Doctoral Dissertations

Student Theses and Dissertations

1972

Secondary techniques for increasing fault coverage of fault
detection test sequences for asynchronous sequential networks
Lewis Ronald Hoover

Follow this and additional works at: https://scholarsmine.mst.edu/doctoral_dissertations
Part of the Electrical and Computer Engineering Commons

Department: Electrical and Computer Engineering
Recommended Citation
Hoover, Lewis Ronald, "Secondary techniques for increasing fault coverage of fault detection test
sequences for asynchronous sequential networks" (1972). Doctoral Dissertations. 2078.
https://scholarsmine.mst.edu/doctoral_dissertations/2078

This thesis is brought to you by Scholars' Mine, a service of the Missouri S&T Library and Learning Resources. This
work is protected by U. S. Copyright Law. Unauthorized use including reproduction for redistribution requires the
permission of the copyright holder. For more information, please contact scholarsmine@mst.edu.

SECONDARY TECHNIQUES FOR INCREASING FAULT COVERAGE
OF FAULT DETECTION TEST SEQUENCES FOR
ASYNCHRONOUS SEQUENTIAL NETWORKS
by
Lewis Ronald Hoover

A DISSERTATION
Presented to the Faculty of the Graduate School of the
UNIVERSITY OF MISSOURI - ROLLA

In Partial Fulfillment of the Requirements for the Degree

DOCTOR OF PHILOSOPHY

in
ELECTRICAL ENGINEERING
1972

T2744
76 pages
c. I

ii

ABSTRACT
The generation of fault detection sequences for asynchronous sequential networks is considered here.

Several

techniques exist for the generation of fault detection
sequences on combinational and clocked sequential networks.
Although these techniques provide closed solutions for
combinational and clocked networks, they meet with much
less success when used as strategies on asynchronous networks.
It is presently assumed that the general asynchronous
problem defies closed solution.

For this reason, a

secondary procedure is presented here to facilitate increased fault coverage by a given fault detection test
sequence.

This procedure is successful on all types of

logic networks but is, perhaps, most useful in the asynchronous case since this is the problem on which other
techniques fail.
The secondary procedure has been designed to improve
the fault coverage accomplished by any fault detection
sequence regardless of the origin of the sequence.

The

increased coverage is accomplished by a minimum amount
of additional internal hardware and/or a minimum of additional package outputs.
The procedure presented here will function as part
of an overall digital fault detection system, which will be

iii

composed of:

1) a compatible digital logic simulator,

2) a set of fault detection sequence generators, 3)
secondary procedures for increasing fault coverage, 4)
procedures to allow for diagnosis to a variable level.
This research is directed at presenting a complete
solution to the problems involved with developing
secondary procedures for increasing the fault coverage
of fault detection sequences.

iv

ACKNOWLEDGEMENTS
I would like to express my appreciation to Dr. Tracey,
not only for his helpful suggestions, constant supervision,
and critical analysis of this work, but also for personal
concern shown me during pursuit of my degree.
I would like to acknowledge Dr. David Rouse of Bell
Telephone Laboratories , Columbus, Ohio, for supplying the
TEGAS digital simulator and modification s to facilitate
its use during this research.
Most of all, I wish to thank Bonnie for the understanding, encouragemen t and sacrifice, freely given, while
obtaining my degrees.
Appreciation is also extended to the National Science
Foundation for the support given my studies under a NSF
Traineeship.

v

TABLE OF CONTENTS
Page
ABSTRACT ••••••••••••••••••••••••••••••••••••••••••••••••• i i
ACKNOWLEDGEMENT • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • .

iv

LIST OF ILLUSTRATIONS ••••••••••••••••••.•••.•••••••••.•• vii
LIST OF TABLES . . • . . . . . • . . . . . . . . . . . . • . . . . . • • . . • • . . . . . . . . viii
I .

INTRODUCTION • •.••••.•••.•••.•••••.•.••••••••.•... 1

A.

Objectives of This Research •••••••••••••••••• 1

B.

General Philosophies Governing Fault
Detection Tests •••••••••••••••••••••••••••••• 3

c.

Review of Existing Techniques for Fault
Detection Test Generation ••••••••••••.••••••• 6

D.

Detection Problems Unique to Asynchronous
Networks..· . •.•••.•.•.•...••..••..•..•.......•• 8

E.

II.

Design Considerations for Development of
Secondary Techniques ••.••••.•.•••.•••••••••• l2

SELECTIVE MONITORING OF SIGNAL LINES .••••••••••• l6
A.

Summary of Signal Line Monitoring
Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

B.

Solution by Cover Analysis •••••••••••••••••• l8

c.

A Method Using Minimization of Additional
External Contacts •••••••••••••.••••.•.••••.• 25

D.

Trade Offs Involved in Using These Two
Methods . . . . . • . . . . • • . . . . . . • . . . . . . . . . • . . • . . . . . 32

III.

THE BACKWARD DRIVE METHOD FOR SETTING SIGNAL
LINES . . . . . . . . . . . • . . . . . . . . . . • • . . . • . . . . . . . . . . . • . . . 3 5

A.

Summary of the Method ••.•.•••••••••.•••••••• 35

B.

Theoretical Discussion of the Backward
Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

vi

TABLE OF CONTENTS (Continued)
Page
IV.

RESULTS AND CONCLUSIONS ........................ 45
A.

Data Acquisition ........................... 45

B.

Analysis of Data ........................... 48

C.

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

v.

APPENDIX- Sample Networks ..........••......... 57

VI.

BIBLIOGRAPHY . . . . . . . . . . . . • . . . . . . . . . . . . • • . . . . . . . . 6 5

VII.

VITA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

vii

LIST OF ILLUSTRATIONS
Page

Figures
1.

Example Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.

Networks Leading to Additional Outputs ............ 31

3.

General Space Domain Model ...•.•.•.......•. ....•.. 37

4.

Singular Cover for an AND Gate ...••...••.•..... ... 38

5.

Space Domain Model of Figure 1 ..••...•......•.. ... 42

APPENDIX
A.l.

Sample Network A • ••••••••••••••••• •••••••••••••••• 58

A. 2.

Sample Network B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

A. 3.

Sample Network

A. 4.

Sample Network D . • . . . . . . • . • • . • . . • . • • . . . . . . . . . . . • . . 61

A. 5.

Sample Network E (Master-Slave FF) • • . • • . . . • . . . . . . . 6 2

A. 6.

Sample Network F •••••..•••••.•.•. •••.•••...•.•••.• 6 3

c

(Latched Adder) .••••.•••••••••••• 6 0

viii

LIST OF TABLES
Page

Table
lo

Faulty Machine List.o.ooooooooooo oooooooooo•••oooo 22

2.

Simulator Output Tableooooooo•ooooo ooooooooooooooo24

3.

Cover Analysis .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

4.

Fault Coverage Tableooooo••o•o•oo ooooooooooooooooo 30

5o

Singular Cover for Gate b(k) o o o o o o o o o o o o o o o o o o o o o o4l

6.

Singular Covers for the Gates of Figure 5oooo•o•oo43

7o

Intersection Tableoooooooooo•• ooo•••oooooooo•o•• oo43

8.

Results for the Sample Networksooooooooo ••o•••oooo52

9.

Sequence Modifications for Table 8o•o••···········5 3

APPENDIX
A.l.

Input Sequences for Sample Networks.ooo••oooo ooooo64

1

Chapter I
Introduction
A.

Objectives of This Research
This paper will first treat the general area of fault

detection.

Fault detection methods will be discussed for

both combinational and sequential networks.
The following definition for a fault detection test
(fdt) will be used throughout this paper:
An input sequence X (of length one or more} for a
given network

M is

a fault detection test for fault fi

located in M if the output response to X for M with no
faults, and the output response to X for M with fi present,
differ.
It can be seen that if M is a combinational network,
i
the length of X for any f will be one; whereas, for an

M of

sequential structure, the length of the input sequence

X may be greater than one.
As will be seen in section I.e., the problem of fault
detection for combinational networks is solved by several
methods 1 ' 2 •

Many of the same methods which experience

great success with combinational networks are also very
3 4 ~
successful when dealing with synchronous networks ' '~.
This success can be accomplished readily when the synchronous
network is considered in the space domain 6 (as compared to
the time domain).

In the space domain, the synchronous

2

network obeys all the restrictions placed upon a combinational network.
With the asynchronous problem, however, success is
more limited.

Although some methods attempt to use space

domain analysis on asynchronous networks 3 ' 5 , the results
are less acceptable.

The reason being that due to the

inequality of total delays within closed paths of an asynchronous network, the space domain model fails.
It is the problem of fault detection test generation
for asynchronous networks to which this research is
addressed.

Although most of the techniques developed here-

in are applicable to general networks, the major objective
will be to make improvements upon the results which currently exist for the asynchronous case.

When considering

the sequential problem, the asynchronous case is of most
interest since it is more general.

Faults within a syn-

chronous network may yield a network which does not obey
the restrictions placed upon the general synchronous model.
Throughout this paper the abbreviation fdt will be
used when referring to a fault detection test for a single
fault; whereas, FDT will be used when referring to the
collection of fdt's or sequence of fdt's which attempt to
cover all faults in a network.
Further notation conventions, which will be followed
where possible, will now be discussed.

Lower case letters

will be used when referring to elements of sets, vector

3

components, and signal lines.

Upper case letters will be

used to represent sets and vectors.
asS,

Script notation, such

M etc., will be used when referring to sequences of

vectors, sets of sets and also when naming a general network.

M will

represent any arbitrary logic network in any

of its faulty or fault free configurations.
Every attempt will be made to adhere to these conventions.

As each new notation symbol is introduced, ex-

planation of its function will be given.
B.

General Philosophies Governing Fault Detection Tests
When considering the packaging techniques being used

to produce MSI and LSI networks, it can be seen that the
generation of an efficient FDT sequence for the network is
an important production step when the reliability requirements on the packages are high.

In addition to aiding in

the detection of fabrication errors and burn-in faults, the
FDT sequence designed for a packaged network will certainly
become an important part of the much larger FDT system for
the entire digital system.
It is critical that an efficient FDT sequence cover
nearly all of the possible faults within a system.

Another

approach may be to require only that the FDT sequence cover
the most probable faults.

If near one hundred percent

coverage is not easily attainable, then the selective
coverage of the most probable faults is certainly a sound

4

approach.

The assigning of meaningful probabilities of

failure to all faults is an extremely difficult task.
this reason we will consider q/0 (where q

=

For

the number of

single faults covered by an FDT sequence and Q

=

the total

number of single faults contained in the network) as the
evaluation factor for any FDT sequence.
The methods considered within this paper will be based
upon the validity of the single fault assumption (sfa).
This is to say that we will be applying the FDT sequence
to the network with sufficient frequency so that the
probability of the system containing two or more faults is
very small.

There is certainly good reason to believe

that the single fault assumption is not valid when searching for fabrication errors in MSI and LSI packages or when
detecting total systems structured from these packages.
Fabrication errors caused by a bad layer within the chip
or structural damage to the chip will cause the package
to exhibit gross errors.

It has long been accepted that

FDTs designed under the sfa, which give good coverage of
all single faults, will also detect the major portion of
possible multiple fault patterns.

A good FDT sequence

would surely then detect multiple errors of the gross type
discussed above.

5

When considering the design of FDT sequences, there
are several cost factors that the engineer has available
for trade off.

Some of these are:

1)

The cost of generating the FDT sequence

2)

The cost of extra hardware within the package
to facilitate easier generation and application
of FDT sequence

3)

The cost of each application of the FDT sequence

4)

The cost of manual detection of uncovered
faults

The cost incurred in design of the FDT sequence is a
one-shot cost that can be quite high.

The generation of

the FDT is usually done by computer, and if the network has
a large number of possible faults, the time required for
FDT generation may be very high.

Time may also be spent in

minimizing the FDT sequence, and this procedure can become
a significant portion of the design cost.
When the packaged elements are used in a total system
design, costs which occur under 3) and 4) will require
payment many times; thus, the cost of 1) may not seem so
unbearable.
An alternate solution to this trade off problem is
provided by 2).

In present technology the cost of adding

a few more elements within the package while keeping the
number of external contacts (pins) nearly constant is a

6

small expense.

With this idea in mind, it would be inter-

esting to investigate techniques for adding internal elements which result in some of the following:
1)

Easier generation of FDT sequences

2)

Greater fault coverage for the FDT sequences

3)

Shorter FDT sequences-thus less cost for each
application

4)

Small increase in the total cost of the
packaged network

c.

Review of Existing Techniques for Fault Detection
Test Generation
The techniques employed for generating fdts are greatly

dependent upon the type of network under consideration.
If the network is entirely combinational in structure, there
exist algorithms for generating fdts of length one for any
fault within the network for which an fdt exists.

Perhaps

the most usable and useful algorithm for this purpose is
the d-algorithrn.

For a particular faulty line, the d-algor-

ithrn sensitizes all possible paths between the fault and
outputs so that the value on the faulty line alone will control the value of the output vector.

The gate inputs which

had to be fixed to provide for the path sensitization are
then driven back to primary inputs to obtain the test
input vector.

7

The d-algorithm suffers from one weakness which is
characteris tic of most all fdt generation methods-it
cannot detect faults in redundant elements.

Redundancy

may exist in a network for one or more of the following
reasons:
l)

Complete functional minimization of the
network not undertaken

2)

Redundancy used as a design tool to control erratic behaviour (such as hazards in
a sequential network)

3)

To assure greater system reliability

The fact that faults cannot be detected in the redundant networks can, as Friedman 7 points out, be very
serious.

Unless the redundancy is of the Eichelberger

type, a failure within the redundant portion may conceal
an otherwise detectable fault in the nonredundan t portion.
With the exception of this one shortcoming, the d-algorithm
has solved the problem of generation of fdts for combinational networks.
The method of boolean difference 2 ' 8 is also very successful when dealing with combination al networks.
depends upon an equation solving technique.

This method
The function,

realized by the fault free network, is compared with the
function realized by the faulty network.

This comparison

is done by a pseudo-diff erentiation operation based upon the
logical XOR operation.

8

There are numerous other methods for generation of
fdts for combinational networks; however, the d-algorithrn
and boolean difference appear to be the most useful when
working with networks which contain more than a few elements.
At present there is no acceptable algorithmic technique
for generating fdts for all faults within general sequential
networks.

The methods of Kime9 and HennielO will generate

fdts for sequential networks, but the length of the test
sequence will in general be unacceptable.

In addition to

the production of unacceptably long sequences, these methods
require the transition table for the network.

These tech-

niques are only applicable to machines which have distinguishing sequences.

Kohavi and Lavelle 11 , 12 have demo-

strated a method for imbedding a machine with no distinguishing sequence within a new machine which has a distinguishing sequence and thereby making the faults within the
original machine detectable.
If the initial constraints are met, these methods are
algorithmic; however, they require the transition table
description of the network and result in unacceptably long
FDT sequences.
D.

Detection Problems Unique to Asynchronous Networks
As was mentioned in I.C., the problems which arise con-

cerning the generation of fdts for sequential networks are

9

much more formidable than those encountered when working
with combinational networks.

Furthermore, the problems en-

countered when considering asynchronous netvmrks are more
formidable than those encountered with synchronous networks.
The methods of Kime9 and Hennie 10 provide a solution to the
problem of FDT generation for synchronous sequential networks.
Ashkinazy 1 3 has presented a method, whereby, an asynchronous network can be represented by its Augumented
Differential Equivalent.

This allows the methods of Kirne9,

HennielO, and Kohavi and Lavelle 11 , 12 to be applied to the
asynchronous problem.
Although these methods offer a solution, it is generally
considered to be unacceptable for several reasons.

First

of all, the FDT sequences resulting from these techniques
are unacceptably lengthy and thus increase the cost of each
FDT

~pplication.

Furthermore, these techniques develop

the FDT sequence based upon investigation of the transition
table for the network.

In general most networks are des-

cribed in some way other than transition table form, thus,
the production of the transition table is an additional
design step.

Since the transition table is not ordinarily

required in the design process, it seems that obtaining a
transition table to facilitate fault detection is an unacceptable requirement.

The FDT sequences obtained in

these methods are unacceptably lengthy, thus, the additional
design step does not yield sufficient reward.

10

An approach to asynchronous sequential fault detection which does not require transition tables has been
described by Seshu and Freeman 1 4.

Here the good and all

faulty machines are simulated in parallel.

At each step

of the testing sequence all possible single input changes
are simulated, and the one is selected which covers the
most undetected faults.

This technique is based upon

local optimization and therefore guarantees no global
Putzola and Roth 3 suggest that after

optimization.

initially detecting many faults, this method wanders aimlessly, providing no further fault coverage.
Hsiao and Chia4 have proposed a modification of the
combinational boolean difference technique for use in
generating fdts for asynchronous networks-the major problem here being that the method does not guarantee maximum
fault coverage.

The authors suggest that for most net-

works tested the fault coverage was 65 to 75 percent.

This

percentage does not appear to be high enough to be totally
acceptable.

Since the number of possible paths to outputs

increase with each level of feedback, it appears that this
method will be most successful when dealing with a limited
number of feedback lines, all of which have shallow feedback: that is, no global feedbacks.
Putzola and Roth 3 have recently presented a method
for asynchronous fdt generation based upon a modified
d-algorithm.

This technique functions by first breaking

11

the feedback lines of the sequential network and then cascading copies of this machine in a combinational fashion.
Space domain analysis is being used in place of time domain analysis.

The combinational d-algorithm is then used

to generate a test for a particular fault in the machine.
When the test is driven back to inputs, the result is an
input vector at each spacial copy of the machine.

The

sequence of these input vectors is the fdt sequence for
the fault under consideration.

Due to the unequal total

delays within closed paths of an asynchronous network, the
space domain model is not an accurate model for the asynchronous case.

For this reason, this method must be con-

sidered heuristic and feedback loops must then be closed
and the fdt sequence simulated to see if the test does
indeed detect the fault under consideration.

Since the

path which is sensitized is not necessarily the same path
through all copies of the machine, and since the space
domain model is not accurate, it cannot be assumed that if
a given fdt for a particular fault is successful, all
faults along the sensitized path are covered by this fdt.
In contrast, this assumption is guaranteed in the combinational case.
It is found that this method also results in 65 to
75 percent coverage of faults.

If the sequential network

being considered is at all complex, cascading copies of
this network will result in a very complex combinational

12

network and will thus require a great amount of time for
each fdt generation.

An FDT sequence, generated in this

fashion to cover all faults in a given network, could become very lengthy.
When considering those methods for generation of fdt
sequences which do not need a transition table, it is
apparent that the best that can be expected is 65 to 75
percent fault coverage for a general network.

Since re-

dundancies are often used in asynchronous networks and,
as was mentioned in I.e., detection of faults within these
redundancies is important, it must be considered a shortcoming that none of these techniques can handle redundancies.
It then appears critical to consider some secondary
techniques which would improve the percentage of fault
coverage and also facilitate fault detection within the
redundant elements.
E.

Design Consideratio ns for Development of Secondary
Techniques
If secondary techniques are to be useful 1n conjunc-

tion with the methods discussed in I.D., they must provide a significant increase in the total fault coverage
realized by the resulting FDT sequence, without forcing a
disproportio nate increase in any of the cost areas
associated with generation and application of the FDT
sequence.

13

If secondary techniques can be developed, it would be
essential that they work with the circuit description and
information used by the primary technique and with data
provided by the primary technique.

All the techniques men-

tioned in I.D., which do not require transition tables,
have as an integral part of their procedure, simulation of
the generated FDT sequence on the good machine and all
faulty machines.

If the secondary techniques can be

designed to use as input the circuit description and the
output of the simulation provided by the primary technique,
the additional cost caused by the secondary technique
would be reduced.

The output from the simulation may re-

quire modification; however, the actual simulation procedure would remain unchanged.
In light of the cost discussions presented in I.B.,
it may be cost effective to add some internal package elements to facilitate a more efficient and cheaper FDT sequence.

If additional hardware is added, it must not

significantly increase the cost of the package and it must
also lend itself to fault detection.

Faults within the

added elements must be detectable without destroying the
cost efficiency of the FDT sequence.
While the secondary techniques may be very tolerant
of the addition of internal elements, the addition of
external communication paths (pins) must be rigidly controlled.

If the secondary technique results in a large

14

increase in the number of pins from the package, then the
cost struggle has been lost.

Therefore, if extra pins

are required, these must be kept to a minimum.

If the cost

effectiveness of the package is determined by:

1)

Cost to design and fabricate

2)

Cost to utilize (wire in) the package

3)

Cost to design the FDT

4)

Cost of application of the FDT package

5)

Cost to manually detect uncovered faults

s~quence

for the package

the designer may find that a small increase in the cost of
1) and 2) may yield a greater savings in areas of 3), 4),
and 5).

This suggests that the addition of selected in-

ternal elements and a minimum of external pins will not
necessarily cause large overall cost increase.

It would

be hoped that the additional elements and pins would result
in an FDT sequence with much greater fault coverage.
It would also be very beneficial if the secondary
techniques could be structured so as to cover faults within
the redundant circuits without jeopardizing the other design
objectives.
A good secondary technique would be one which greatly
increases the coverage of an FDT sequence without a disproportionate increase in total package and FDT cost.
Since all existing techniques fall short of the total
fault coverage

goa~

for the asynchronous case, it will be

the objective of this paper to present a secondary technique
to increase the fault coverage.

15

Generally it is felt that the asynchronous case will
not have a network independent closed solution as is provided by d-algorithm and boolean difference in the combinational case.

For this reason, it seems critical to

develop secondary techniques which can increase the fault
coverage of FDTs for asynchronous networks.
Since the generation of FDT sequences for the asynchronous case requires a major effort, and since the
resulting sequence does not usually give satisfactory
fault coverage, perhaps a more acceptable solution would
be to use, as an FDT for an asynchronous network, a sequence which merely exercises the machine through its
stable states or along some other transition paths.

This

sequence could then be backed by a good secondary technique-the result being greater fault coverage, shorter
FDT sequences, less FDT generation time, with a small added
cost to the package being tested.

16

Chapter II
Selective Monitoring of Signal Lines
A.

Summary of Signal Line Monitoring Techniques
In Chapter II, two techniques, which will facilitate

coverage of faults that are undetectable by monitoring
primary outputs under application of a given FDT sequence

X, will be discussed.
Consider M to represent the set of machines which can
result from a given asynchronous network

M being

subjected

to any of its possible internal single logical faults.
That is, ifF= (f 1 , f 2 , ..•.•.• fn) is the set of all possible single logical faults of

n
M, then M = (m 0 ,m1 ,m 2 , .•..• m)

is the set which corresponds to the configurations of the
network

M in

the presence of the elements of F.

v fiE F there exists a unique miEM.
used to represent the network

M in

That is,

The element m0 will be
the fault free configu-

ration.
It is assumed throughout this paper that an FDT sequence

X is available for application to M.

This FDT may

have been generated by modified d-algorithm, boolean difference, or some other technique.

However, since

M may

be

asynchronous and observation is limited to primary outputs,
in the general case X will not detect all of the single

M.

Allow Md {d for detected) to
0
.
.
represent the set of machines such that V m1 EMd Z1 1 Z
logical faults within

17

(where zk represents the output sequence of mk under the
application of

X).

(u for undetected).

A parallel definition exists for Mu
Thus, the application of X toM par-

titions M into two disjoint subsets, Md and Mu.

Since the

mapping from the set (M - m0 ) to the set F is one-to-one
and onto, there exists a similar partitioning on F.

That

is, Fd will represent detected faults and Fu undetected
faults.

The sets Mu and Fu will be of concern here.

A method will first be discussed which performs a
cover analysis on all lines within the network.

The result

of this analysis will be a set of signal lines, Ss, which
can give maximum coverage to the faults of Fu under application
of

X to M.

All signal lines are considered as possible out-

puts, and analysis is done to decide which set of signal
lines can detect the most undetected faults under application
of

X.

The method will lead to a set, Ss, which is minimal

in number but not necessarily unique.

The shortcoming of

this method is that, in general, V sk£Ss' a new external
contact must be added.

Although a significant amount of

external contact minimization can be achieved in conjunction with this method, it is found to be very network
dependent, and in general, places no upper bound on the
number of external contacts which must be added.
In the second method, the set of lines which must be
monitored is considered to be the set of all lines which
correspond to the faults of Fu.

For example, if Fu has as

18

elements single faults [a(saO), a(sal), c(saO), e(saO),
q(sal)], then the set of signal lines to be monitored will
be Ss

= (a,c,e,q).

Note: As will be seen later, line a

must be considered in two different ways.

The major advan-

tage of this method is that the maximum number of new external contacts, which must be added to the network, is
four

(4).

That is, a method is presented which allows all

the elements of Ss to be tied to a minimum number of external pins.

The disadvantage being that additional hard-

ware is required internally to facilitate this minimization.
Faults within this added hardware are also considered.
The trade offs between these two techniques are discussed in section II.D.
B.

Solution by Cover Analysis
The cover approach to the problem of selective signal

line monitoring will be considered in this section.

As

mentioned in section II.A., this technique places no absolute upper bound on the number of external contacts which
must be added to the network.
Consider the set of all signal lines contained in
to be S

= s 1 , s 2 , s 3 , ....... sm).

M

S contains all primary

inputs, primary outputs, feedback lines, and all internal
connection lines.

For each s.t:S two logical faults can be
l

associated; that is, si (saO) and si(sal).

The total number

of faults can be collapsed across each network element,

19

but since this in no way influences the method of solutions, it will be ignored.

For each s.£S there exists
~

fi£F and fj£F and mi£M and mj£M.

It has been shown that

observation of the output sequence Z

=

z 1 z 2 z3 ..•••.. zw for

the application of X= x 1 x 2 x3 •...••. xw toM performed a
partitioning of M and F.

This partitioning can be applied

Consider the set Su (undetected) to repre-

to the set S.

sent the set of signal lines such that V s.£Su there exists
~

at least one fj£Fu corresponding to a logical fault on s .•
~

Sd will be the subset such that V s.£Sd there exists exactly
J

2 faults, fk and f 1 , £Fd which are associated with faults
on signal line s ..
J

It can be seen that Sd and Su are dis-

joint although Su may contain signal lines which have only
one undetected fault associated with each line.
Since it is entirely possible that by monitoring a
particular line, faults on other signal lines can be
detected, all elements of the set S must be considered as
candidates for monitoring.
The value on signal line si after the application of
Xk, in the X sequence, to machine mJ, will be represented
by v(i,j,k).

For the application of each input vector Xk'

in the X sequence, first a comparison of v(i,O,k) with
v(i,j,k) is made for all j to determine which elements of M
can be detected by si under application of Xk.
be done V s.£8.
~

for xk+l"

This must

This entire process must then be repeated

This continues until the entire sequence X has

20

The result from this operation will be a set

been applied.

of fault coverage lists of the form si,Xk,mP,ml, ... rnr, where
this list represents the fact that by observing line s.]. ,
while Xk' in the X sequence, is applied to M, faulty machines

P m1 , ..... mr can be detected.
m,

It is upon these fault

coverage lists that the cover analysis must be performed to
determine which signal lines must be monitored.
The rules for performing the cover analysis will now
be considered.

All signal lines which are primary outputs

are, by definition, going to be monitored.

Consider the set

of all primary output lines to be sz, V sissz) s, si is a
primary output of M.

before
Thus, the removal of all s.ss
]. z

the analysis starts is necessary.

V s.sS
]. z , there is

associated a set of fault coverage lists of the form
r
1
p
si,Xk,m ,m ... m.

By combining all machines which are

listed in the fault coverage lists for signal lines s.,
].
mj can be detected
the set Mz.]. is formed, where V mjsHz.,
].
by monitoring si.
skssz.

Similar sets Mzk are formed V k such that

It can be seen that the set Md = U (Mzi) for all i

In
operation).
such that s.ss
]. z (where U is the set union
S)
a similar fashion, sets Ms.]. for all i, such that, s.s(Sz
].
are formed.

the elements which
From each such set Ms.,
].

are common to Msi and Md are then removed.

* J. =Ms.]. Ms.

(Ms.~Md)
].

tion operation) .

is formed (where

~

That is,

is a set intersec-

There now exists a set of the sets of

mjsMu and mj can be detected by
where V mjsM:.,
form M:.,
].
].

21

monitoring s ..
~

To decide which signal lines of the set

(S - Sz) must be monitored, first a search for critical
signal lines is performed.

That is, V mi£Mu, for which

* monitoring of
mi is contained in one and only one Msj,
s. 1s required. All machines which are covered by any such
J
* for all remaining
line sj must now be removed from the Msk
The cover analysis then proceeds using

lines in (S- Sz).

the following two rules:

1)

The signal line with the highest value is
the next line entered into the set Ss.
The value for any line is equal to the number of previously undetected faults which
are covered by monitoring this line.

2)

If several lines have equal value, the
choice will be arbitrary with the only priority
being assigned to state variable lines.

The results of this analysis will be two sets of signal lines Sz and S 5

,

where V si£Sz, si is a primary output

and V sk£Ss' sk is not a primary output.
(where~

Thus, SzASs

=

~

represents the null set).

The members of Ss are the signal lines which will require additional primary outputs from the package to facilitate monitoring.
If M represents a general network, then V sk£Ss' it
is necessary to add an additional primary output.

As was

mentioned earlier, some minimization can usually be accomplished; however, it is usually very network dependent.

In

22

general, this method places no upperbound on the number of
new primary outputs which must be added.
This method will be illustrated with the example
shown in Figure 1.
Table 1 associates with each machine m~ of the above
network a single logical fault.

mi

Specific Fault

1
m

x 1 (sal)

m2

x 1 (saO)

m3

x 2 (sal)

m4

x 2 (saO)

mS

x 3 (sal)

m6

x 3 (saO)

m7

a (saO)

rna

a (sal)

m9

b(saO)

mlO

b (sal)

mll

c (saO)

ml2

c(sal)

Table 1:

Faulty Machine List

23

+

a

c

+

.

b

I
Figure 1:

Example Network

For the input sequence X

= x1 x2 x3 x4 =

(111) (101) (001)

(011), Table 2 shows the values of all signal lines of the
network shown in Figure 1.

The table includes data for

the fault free and all single fault machines.
c

=

1 at start.

From Table 2, it can be seen that since
Md

=

9 , mll]

[m 6 , m
1

Mx*

= [m , m2]
1
* 2 = [m3, m4]
Mx
*3 = ~
Mx
3
1
2
Ma* = [m , m, m ,
*
Mb

then

= 13

7
4
m , m , m8 l

Note:

Line

24

i=machi ne number (mi)
0 1 2 3 4 5 6 7 8 9 10 11 12

Fault Coverag e
Lists

xl

1 1 0 1 1 1 1 1 1 1 1

1

1

x2

1 1 1 1 0 1 1 1 1 1 1

1

1

x3

1 .1 ,1 1 1 1 0 1 1 1 1

1

1

a

1 1 1 1 1 1 1 0 1 1 1

1

1

b

1 1 1 1 1 1 0 1 1 0 1

0

1

c

1 1 1 1 1 1 1 1 1 1 1

0

1

xl

1 1 0 1 1 1 1 1 1 1 1

1

1

x2

0 0 0 1 0 0 0 0 0 0 0

0

0

x3

1 1 1 1 1 1 0 1 1 1 1

1

1

a

1 1 0 1 1 1 1 0 1 1 1

1

1

b

1 1 1 1 1 1 0 1 1 0 1

0

1

c

1 1 1 1 1 1 1 1 1 1 1

0

1

2
x 1 ,x 1 ,rn
x 2 ,x 1 ,m 4
6
x 3 ,x 1 ,m
a,x 1 ,m 7
11
b,x 1 ,m 6 ,m 9 ,rn
c,x 1 ,m11
x 1 ,x 2 ,m 2
3
x 2 ,x 2 ,rn
6
x 3 ,x 2 ,rn
a,x 2 ,rn 2 ,m 7
6 9 11
b,x 2 ,rr. ,m ,m
c,x 2 ,rn11

xl

0 1 0 0 0 0 0 0 0 0 0

0

0

xl, X3'rn

x2

0 0 0 1 0 0 0 0 0 0 0

0

0

x 2 ,x 3 ,m 3

x3

1 1 1 1 1 1 0 1 1 1 1

1

1

x 3 ,x 3 ,m 6

a

0 1 0 1 0 0 0 0 1 0 0

0

0

a,x 3 ,m1 ,rn 3 ,m 8

b

1 1 1 1 1 1 0 1 1 0 1

0

1

6 9 11
b,x 3 ,m ,m ,rn

c

1 1 1 1 1 1 0 1 1 0 1

0

1

6 9 11
c,x 3 ,m ,rn ,rn

xl

0 1 0 0 0 0 0 0 0 0 0

0

0

x 1 ,x 4 ,rn1

x2

1 1 1 1 0 1 1 1 1 1 1

1

1

x 2 ,x 4 ,m

x3

1 1 1 1 1 1 0 1 1 1 1

1

1

x 3 ,x 4 ,m 6

a

1 1 1 1 0 1 1 0 1 1 1

1

1

a,x 4 ,m 4 ,m 7

b

1 1 1 1 1 1 0 1 1 0 1

0

1

b,x 4 ,m 6 ,m 9 ,m11

c

1 1 1 1 1 1 1 1 1 1 1

0

1

c,X4,ml l

Signal
Lines

Table 2:

Simulat or Output 'l'able

1

4

25

The cover analysi s is shown in Table

-.

.J •

Element s of Mu
ml m2 m3 m4 ms m7 m8 mlO m12
Signal
Lines

X

xl

X

x2
a

X

X

Table 3:

X

X

X

X

X

X

Cover Analysi s

From Table 3, it can be seen that by monitor ing signal line a, all faults coverab le by this method are detecte d.
By monitor ing line a along with the primary output c, all
faults except m5 , m1 0, and m12 can be detecte d.
C.

A Method Using Minimiz ation of Additio nal Externa l
Contact s
In this section a method will be describ ed which will

allow for selectiv e monitor ing of signal lines while minimizing the number of additio nal externa l contact s require d.
The set M will again be partitio ned into Md and Mu by
the applica tion of

X

to

M.

The element s of each Mu and Fu

are then further partitio ned into two disjoin t subsets ,
J.
.
Fu 0 , Mu 0 and Fu 1 and Mu 1 , where V mJ.€Mu 0 , the f €Fu 0 is a
saO type logical fault, and V rnj€Mu 1 the fjEFu 1 is a sal
type logical fault.
signal line sk.

s0

i
Y fault f EFu 0 there is an associa ted
will be the set of signal lines associ-

ated with the faults of Fu 0 and similar ly

s1

and Fu 1 .

26

Since, in general, we may have both logical faults fi and
fj associated with a given line as elements of Fu, in
general, s 1 As 0

~ ~.

The signal lines si, such that,
However,

siE(S 1 U s 0 ) are the lines which must be monitored.

if under the input vector Xk from X, the signal line si
(where s.ES 0 ) = 1 in rn°, then s. can be monitored to detect
1
1
fi (where fiEFu 0 is one of the faults associated with si)
during xk.

Since there may be many such s. 's for a given
1

Xk' there will be associated with each input vector two sets
of signal lines, SXk(O) and SXk(l) where V siESXk(O) the
fault fi

(where fisFu 0 is a fault associated with si) can

be detected by monitoring si during xk.
sjESXk(l), the fault fj

Likewise, V

(where fjEFu 1 is one of the faults

associated with line s.) can be detected by monitoring line
J

sj during Xk.

After the entire sequence has been applied to

M and all of the sets of the type SXk(a) have been formed,
a set S(O)

=

(SXk(O),SXk+j(O) ..••• ) is formed.

S(O) is

formed by including sufficient elements SXk(O) so that V
siEs 0 , for which there exists at least one SXk(O) such that
siESXk(O), there exists at least one SXk(O}ES(O}.
fi£Fu 0 can be detected by monitoring si during xk.

Thus,
Similarly

S(l) = (sx 1 (1), sxl+r(l) ••••. ).
The following notation is now defined.
set R

=

(r 1 ,r 2 ,r 3 , •.••.•• rk)' then II(R)

=

If we have a

II(r 1 ,r 2 , ..•• rk)

(r 1 • r 2 • r 3 • •.•• rk), where (·) represents the logical

=

27

AND operation.

Similarly,

I (R) = I (rl ,r2----~) =

(rl + r2 + r3 + --- r ) where (+) is the logical OR
k
operation.
Utilizing the above notation, the functions
cp ( 0) =

I [II (sx . { 0 ) , I 0 ]

s (0)

l.

cp(l) = II [I (SX.
S(l)
J

(1) ,

Il]

are formed.

The I signals are conditioning signals which will be defined later.

The cp's express the logic function which

must be realized on the additional network outputs so as
to cover the faults of Fu which are detectable by this
method.
In realizing cp(Q), it can be seen that each element
of S(O) will define the input list to an AND gate.

That

is, V SXk(O)ES(O) there will be defined an AND gate AXk(O).
Each such AXk(O) will have as inputs all elements of the
set SXk(O) plus an additional conditioning signal I 0 •

The

outputs of all such AXk(O) gates will completely define the
input set for an OR gate cp(Q).

The output of cp(Q) will re-

present one of the additional required primary outputs.
Note:

This discussion has been based, for simplicity,

upon two level AND-OR logic.

Certainly, the type logic

elements actually utilized and the method of interconnection
is unrestricted so long as the function realized is unaltered.
A similar two level OR-AND structure can be described
for the cp(l) function.

Due to the parallelism between these

28

two functions, the verbal description of ¢(1) is omitted.
The I 0 and r 1 signal lines are used to facilitate fault
detection of the added hardware.

I 0 = 1 during the appli-

cation of every Xk toM, for which SXk(O)sS(O).

I1 = 0

during the application of every Xk toM, for which SXk(l)sS(l).
It must be mentioned that if the network is such that every
Xi of X has associated with it an SXi(a)sS(a)

(for a= 0 or

a = 1), then an additional input vector must be added to X
to facilitate the detection of the gates in the ¢(a) network.
That is, if line I

a

must be used to condition the gates of

network ¢(a) during the entire X sequence, then an additional
input vector must be added to X so that I a can be used to
detect faults in the ¢(a) network.
From the above discussion it can be seen that if the
machine is fault free, then ¢(0) = 1 VXi for which there
exists an SXi(O)sS(O).

Likewise, if we have the fault

fJsFu 0 on the signal line siss 0 , then ¢(0)

= 0 for all Xk,

such that sisSXk(O).
A saO fault on the output of gate AXk(O) of the ¢(0)
network will result in ¢(0)
will be detected by ¢(0)
sS(O).

=

=

0 during Xk.

Also, ¢(0) saO

0 during an Xk for which SXk(O)

If there exists an Xr such that SXr(0)¢$(0), then

setting Io = 0 during xr yields .0 ( 0)

=

0 for mo; but

¢ ( 0)

will equal 1 if any gate in the .0 ( 0) network is sal.
A similar argument can be given for the output values
and the faults within the

¢

(1) network.

29

The procedure for realizing the ¢(a) function will
be demonstrated by Figure 2.
Refering to the network of Figure 1, the following
sets are enumerated to further clarify the theoretical
discussion.
Md = [m6 ,m9 ,roll]
Mu = [ml' m21 m3 1 m41 mS' m7, m8' mlO, ml2]
Mu 0 = [m 2 , m4 1 m7]
Mu 1 = Im1 1 m31 mS, m8, mlO, ml2]

J

Fu 0

=

[x 1 (saO), x 2 (sa0), a (saO)

Fu 1

=

[x 1 (sal), x 2 (sal), x 3 (sal), a (sal),

s0 =

[x 1 , x 2 , a]

s1 =

[x 1 , x 2 , x 3 , a, b, c)

b (sal), c (sal)]

From Table 4, it can be seen that:
S(O)

=

(SX 1 (0))

s (0) = (SX 2 ( 0)
s (1 ) = ( sx 3 ( 1 ) )
I

or

sx 4

( 0) )

The networks which lead to outputs %(0) and %(1) are
shown in Figure 2.

S(O)

=

[sx 2 (0), sx 4 (0)]

give an example of a two level result.

is used to

30

Signal
Lines

rno

xl

1

x2

1

x3

1

a

1

b

1

c

1

xl

1

x2

0

X2 --

x3

1

(101)

a

1

b

1

c

1

xl

0

x2

0

x3

1

a

0

b

1

c

1

xl

0

x2

1

x3

1

a

1

b

1

c

1

X

1

=

(111)

x3

=

(001)

X

4

=

{011)

so
xl x2

a

sl

xl x2 x3 a b c

X
X

sx 1 (O)=[x 1 ,x 2 ,a]
sx1 (1)=,0

X

X

Table 4:

sx 2 (0)=[x1 ,a]

X

SX 2 (l)=[x 2 ]
X

X

sx 3 {0)=,0
sx 3 (l)=(x 1 ,x 2 ,a)

X

X

X
X

SX 4 (0)=(x 2 )
SX 4 {l)=(x 1 )

Fault Coverage Table

31

I
a

.
AX 1 (O)

+

cp ( 0)

AX 2 (0)

X

.
2

xl
Il X

------------------------------=-----~~~
2

:

cp ( 1)

a

Figure 2:

Net\vorks Leading to Additiona l Outputs

Consideri ng the example above, assume that while

r0

= 1,

X is applied to m0 .

With X=

x1

or

x2 ,

then ~(0) = 1.

However, if any of the signal lines which constitut e the
sets contained in S(O) are saO, then during either
¢(0) will equal 0.

x1

or

x2

To check for any gate within the ¢(0)

network sal, r 0 is set to 0 and this should yield ¢(0) = 0.
Any gate contained in the
cause ¢(0) = 0 during

x1

~(0)

and/or

network which is saO will

x2 .

32

Assume that while I 1 = 0, X is' applied to mO.
X=

x3 ,

~(1)

should equal 0.

If any of the signal lines

which constitute the sets contained in S(l) are sal,
With I 1 = 1,

will equal 1.

~(1)

D.

~

( 1) net'i.vork is saO,

~(1)

~

( 1)

With I 1 = 0, any gate within the

network which is sal will yield

Xk for which

~(1)

should equal 1 for all X.

~(1)

However, if any gate within the
will equal 0 for I 1 = 1.

With

~(1)

=

1 during some

should= 0 under fault free conditions.

Trade Offs Involved in Using These Two Methods
Both methods presented above are attempts to yield

increased fault coverage for any general asynchronous network

M.

These methods will also be effective on combina-

tional or synchronous sequential networks for which the
associated X does not give total coverage.
purpose

It will be the

of this section to discuss the relative value of

these methods.
The obvious trade offs are very evident.

The method

of section II. B., to be referred to as method 1, required
no additional hardware elements within the package.

There

are networks where the maximum number of new outputs, which
must be added for method 1, will be less than the four contacts which method 2 (the method of section II.C.) yields
as an upper bound.

Certainly, on networks of this type,

method 1 should be used.

Since no upper bound can be placed

on the number of new contacts required by method 1, it is
felt that a technique similar to method 2 is critical.

It

33

seems necessary to establish an upper bound on new contacts
required from any package since the actual interconnection
of external contacts is a major portion of the cost.

In

light of present fabrication techniques, the costs associated
with addition of internal package elements is very minor.
Most networks, which have been analyzed by method 2, have
required a relatively small percentage of additional internal elements.

For these reasons, method 2 appears to pre-

sent the most satisfactory solution to the general problem.
Since method 1 and method 2 require the same type of
data for analysis, it seems likely that an attempted solution by method 1, which does not yield success, could be
followed by method 2 without an additional major analysis
cost.
It would certainly be hard to argue that a method 2
solution with four new network contacts and additional
internal hardware is better than a method 1 solution which
requires five new network contacts.

The decision mecha-

nisms would have to consider such variables as:
additional internal elements, cost to

11

cost of

wire in" each new

network contact, cost of analysis of test sequence outputs.
On some problems, it has proven beneficial to monitor
several lines by method 1 and then switch to method 2 to
guarantee a realistic upper bound on the number of new
contacts required.
It should be mentioned that either method allows faults
within redundant logic sections to be detected.

Inability

34

to detect faults in the redunda ncies is one of the major
shortcom ings of the most popular FDT sequenc e generat ion
schemes for all network s - combina tional and sequent ial.
One trade off for method 2 can yield an upper bound
on the number of new network contact s of three.
be done by elimina ting one of the I lines.

This can

If the sequenc e

X is applied twice, a single I line can serve as I 0 during
the first applica tion of
second applica tion.
~(0)

X and serve as I 1 during the

During the first applica tion, output

would be observe d; while during the second applica tion,

attentio n would be on

~(1).

The only restrict ion, which

must be met, is that all state requirem ents, which must be
fulfille d by M before

X is applied , must also be satisfie d

before the second applica tion.

The implica tions of this

restric tion are outside the scope of this paper.
Since it has been assumed that the generat ion of the

X sequenc e was accompl ished by one of the many existing
methods , it can be seen that given an FDT sequenc e X for M
the percent age of faults covered by
selectiv e signal line monitor ing.

X can be increase d by
Since for the asynchro nous

case, percent age of fault coverag e has been general ly much
less than one hundred , it appears that the additio nal costs
involve d in adding a minimum of new package contact s is
a cost which might be willing ly paid.

35

Chapter III
The Backward Drive Method for Setting Signal Lines
A.

Summary of the Method
It was shown in section II.A., that when an FDT

sequence X was applied to M, observation of the output
sequence peformed a partitioning of M into two disjoint
subsets, Md and Mu, where V mi€Md, zi f

z 0 (where zk is

the output sequence for mk under the application of X)
and V mj€MU, Zj f

z0 .

By selective monitoring of various state variable
and internal signal lines, further partitioning of Mu
into two disjoint subsets, Mud and Muu was accomplished.

i
A similar partition exists on Fu; that is, Y m €Mud,
then fi€Fud and V mj€Muu, then fi€Fuu.

If the external

contacts, which have been added to facilitate this partitian are considered to be the r components of an output
vector P, then for the application of X on

M the results

are:

1)

i
i
V m €Mud' p f

p

. the output
0 (where p k 1s

sequence of P vectors from mk under application of X).
2)

V mj€MUU, Pj = pO.

Application of the FDT sequence X to

M has been

successful in detecting all single faults except those
which result in the set Muu.

Since these faults could

not be detected by direct monitoring of the signal line,

36

it is apparent that under the application of X to M, the
signal line associated with fault fi, v fi£Fu , did not
u
assume the proper value to allow for detection of fi. As
an example, to facilitate detection of the fault, line a
(sal), the FDT sequence must force line a in m0 to assume
the value 0 at least once.

The problem is to develop a

heuristic which will allow modification of X so as to enable detection of the faults fi£Fu u • The heuristic technique presented here borrows on the theory which has
developed around the use of Roth's d-algorithm 1 •

A simi-

larity will be seen between this method and the consistency
test or backward drive segment of the d-algorithm.
B.

Theoretical Discussion of the Backward Drive
Following Breuer 6 it is suggested that the time domain

analysis of the system M be mapped into its correspondin g
spacial equivalent.

This mapping can be accomplished if,

for each new input vector, a new copy of M is allowed.
Since it is the goal to force a given value on a particular
line in m0 , the multiple copies of m0 will be labeled C{k),

c 0 (k-l) ,----c 0 (k-L+l).

The length L of the new sequence

X mi is generated in this manner can be dynamically determined within reasonable restraints.

The space domain analy-

sis can be understood by observing Figure 3.
The copies of the machine are interconnect ed in such
a way that in addition to the original input vector, c 0 (k-d}
has as inputs on its Y(k-d) lines the state variable vector

Z(k-L+1)

X(k-1)

X(k)

z (k-1)
z (k)

X(k-L+1)

I--

c 0 (k-L+1)
Y (k-L+1)

1--

L....-

1...---

c 0 ck-1)
y (k-L+1)

1---

Fiaure 3:

Y ( k-1)

c 0 (k)
y(k-1)
Y(k}

y(k}

General Space Domain Model
w
-...]

38

0

Y(k-d-l) from copy C (k-d-1).
Assume that it is necessary to generate an input sequence X mi of length L to aid in detecting fiEFu u , a sal
fault on line a. First, assign line~ in c 0 (k) the value
0 and attempt to drive this signal from
all copies to

c 0 (k)

back through

c 0 (k-L+l).

The method for accomplis hing the backward drive will
now be discussed .

For all gates along the signal paths

which control line a of c 0 (k), the singular covers 15 must
be formed.

An example of the singular cover for a 3 input

AND gate is given in Figure 4.
The singular cover for
and signal line a.

c 0 (k)

is formed between inputs

The required value on line a is then

driven backward to the inputs of

c 0 (k)

by performin g inter-

sections on the singular covers of the gates along the
path.

All parallel paths must be intersect ed simultane ously.

However, intersect ions need not be made with singular cover
vectors for gates whose outputs are unrestric ted.
for intersect ion are:

d

c

b=O

Figure 4:

singular cover
e

b

c

d

e

1

1

1

1

0

X

X

0

X

0

X

0

X

X

0

0

Singular Cover for an AND Gate

The rules

39

lAO

=

Jij

xAO

=

OAl

=

J3

xAl

= 1 = 1/\x

0

= OAx

If at any time during the backward drive a J3 results , then
an inconsi stency exists and a retrace is required beginnin g
with a new vector from the appropr iate singula r cover.
If

M is asynchro nous, care must be taken when picking

.vectors from the singula r cover for intersec tion.

It must

be assured that D[X(k-r )-X(k-r+ l)] ~ 1 (Where o is the
As an example , if X(k-2)

Hamming inter-ve ctor distanc e).
[Oxxl] and X(k-1) = [Olxl], D

= 1.

=

This, however , may force

the revalua tion of D[X(k-1 ) - X(k)].
When the backwar d drive to the inputs of c 0 (k) is completed, the values required on the input vectors X (k) , and
Y(k) must be investig ated.

If the state variable vector

Y(k) which is being input form the

c 0 (k-l) copy is Y(k) =

[xxx •••• x] (unrest ricted}, then the result is a sequence X
mi of length L

= 1.

However , if Y{k) f. [xxxx ..• x], the

backdri ve must continu e through

c 0 (k-l).

This procedu re

continu es until at some level (k-L+l), Y(k-L+l)

=

[xxx .•. x].

This strategy is required so that the sequence which is
generat ed is not state depende nt.

Therefo re, the sequence

X mi is forced to produce the desired result on line ~
regardl ess of the state of M when X mi is applied .

If,

due to network configu ration, informa tion concern ing machine
state is known, this requirem ent can be appropr iately
relaxed .

If at the (k-r) level the conditio n Y{k-r) =

[xx ••••• x] is not satisfie d, the procedu re must continu e

40

to the (k-r-1) level.

However, this process must not

be allowed to continue indefinitely .

One criteria for

stopping the process short of success would be to determine some cost effective constant R and require that L <
R+l.
If this technique yields a sequence

X mi and if M

is synchronous, X mi is certain to assign the proper
value to line a; that is, if X mi

=

X(k-L+l), X(k-L+2) , ....

X(k-1), X(k) is applied to rn° beginning at time t
line a will assume the desired value at t
(with L assigned time units).

If

=

t 0

+

= t 0,
L

M is asynchronous , the

space domain model fails; thus, the technique is heuristic,
and X mi must be simulated to check on its validity.

In

either case, if X mi is valid, the new FDT which covers the
If there are other

set of faults,

faults, fjEFu , which are not covered by XX mi then this
u

procedure would be repeated for fj.

There is no guarantee

that the X mi found in this manner is optimal.

The length

of X mi is dependent upon the choice of vectors from the
singular covers.
After all sequence modification s of the form X mj
have been produced, the total modification s are then simulated with X, to determine their success.

If the X mJ•s

are successful these results must be combined with either
method 1 or method 2.
To illustrate this method, an example follows b~sed
upon the network of Figure 1.

41

£

Assum e that signa l line

(saO) is a fault which has

It is neces sary to force a logic al 1

not been detec ted.

This proce dure begin s by turni ng to the space doma in

on b.

rk
analy sis and formi ng the singu lar cover of the netwo
from line b to the input s of copy

c 0 (k)

.

The space doma in

mode l is shown in Figur e 5.
c(k-1 )

x 3 (k)

b(k) label

1

1

1

A

1

X

0

B

X

1

0

c

Table 5:

Singu lar Cover for Gate b(k)

Table 5 shows the singu lar cover vecto rs for b(k)
in C 0 (k) .
Since the feedb ack line c(k-1 )

~

x when b(k) = 1,

the proce ss must proce ed to the (k-1} level .

c 0 (k-l)

Ther efore ,

is added to Figur e 5 and the singu lar cover s liste d

in Table 6 are forme d.
The singu lar cover vecto r A from b(k), label ed Ab(k ),
can be inter secte d with eithe r A or B of the singu lar
cover of c(k-1 ).

Since b is the gate which is influ enced

en
direc tly by the feedb ack line, the inter secti on betwe
Ab(k) and Bc(k -l) is perfo rmed .

This inter secti on will

input
place less restr ictio ns on the feedb ack line which is
to gate b(k).
in Table 7.

The resu lts of the inter secti ons are shown
A* need not be inter secte d with any of the

x 2 (k}
x (_k_)_.r~-+-

x 2 (k-l}

-___Jr

x 1 (k-1)

+

1

a(k-1}

+

Q:l

c(k-1)

+

l
I
I
I

b(k)

I
I

c (k-2)

x 3 (k-1)

b (k-1}

c 0 (k-l}

Figure 5;

c(k)

x3 (k} I

c 0 (k}

Space Domain Model of Figure 1

~

N

c 0 (k-1)

c 0 (k}
c(k-2}

a(k-1)

.)

c (k-1)

label

X

1

1

A

1

X

1

B

0

0

0

c

1

1

1

A

0

X

0

B

X

0

0

c

X

1

1

A

1

X

l

B

0

0

0

c

Table 6:

x 1 (k-1) x 2 (k-l) c(k-1}

X

x 3 (k-1}

gate na me

c(k-1)

b(k-1)

a(k-1)

Singular Covers for the Gates of Figure 5

x 3 (k-l) a(k-1) b(k-1) c(k-1) x 3 (k) b (k) label

1
Table 7:

I

description

l

X

l

1

l

A*

Ab (k)A Be (k-1)

1

X

1

1

1

B*

A*A Aa (k-1)

Intersection Table
.;::.

w

44

singular covers of b(k-1) since b(k-1) = [x].
intersected with either Aa(k-l) or Ba{k-l).
is shown for Aa(k-l)"
c{k-2)

=

[x].

A* is now
The result

This final vector has Y(k-1)

Therefore, the procedure stops with

The X mi sequence is

x1 x2 =

{xlx} (xxl).

=
L =

It can be verified

by hand simulation that this sequence does indeed force
line b to have a value 1.

2.

45

Chapter IV
Results and Conclusions
A.

Data Acquisition
In order to do fault detection analysis on any network,

it is necessary to simulate the behavior of the network in
all of its faulty configurations under the application of X.
This can be done most efficiently by utilizing a digital
logic simulator with a parallel simulation feature.
TEGAs 16 simulator is such a system.

The

This system simulates

32 different network configurations with each pass through
the network.
The sample networks, which were used in collecting
data, are shown in the appendix.

Networks were chosen

which exhibit features that generally complicate the problem of realizing total fault coverage.
Network A is an asynchronous sequential network which
is highly redundant.

By writing the output function for

this network, it can be seen that the x 1 input is unnecessary.
Network D is a well known 17 combinational network,
which contains reconvergent fan-out.

This network, with a

large section of added redundancies, appears in Table 8
as network D'.

D', in conjunction with network A, provides

a good test for the ability of the secondary techniques to
cover faults within redundancies.

46

Networks B, E, and F are asynchronous sequential networks.

These networks all contain several feedback lines,

and the feedbacks are to several levels within the networks.

This type problem is the most difficult type asyn-

chronous network to handle.

The inequality of the total

delays within closed feedback paths causes the analogy between time domain analysis and space domain analysis to
break down.

It was felt that these networks would provide

the most serious challenge for the secondary techniques.
Network C is a synchronous sequential network.

This

network, along with network D, was included to demonstrate
that the secondary techniques presented herein are applicable to all types of networks.
The input sequences which were applied to the sample
networks are listed in Table A.l of the appendix.

Although

several algorithms for generating FDT sequences were discussed in Chapter II, these methods were not applied here.
To generate sequences by any of these methods would require
a computerized implementati on of the algorithm.

Since

this was not readily available, the input sequences were
generated in other ways.

If a state table for the network

was available, one of the sequences was chosen to exercise
the network through its stable states.
sequences are random sequences.

Otherwise, the

In the asynchronous net-

works the sequences were designed so that only one input
variable was changing at a time.

The input vector was

47

applied as a constant input to the asynchronous networks
until the network stabilized (fundamental mode) .

It

would be interesting to observe the performance of the
secondary techniques when working in conjunction with an
FDT sequence of algorithmic origin.

However, since no

algorithmic technique for FDT generation can assure total
fault coverage, the structure of the FDT merely governs
the degree of dependence upon the secondary techniques.
The TEGAS simulator is now implemented on an IBM 360/50
system.

The actual time required to do the simulation for

the examples was very short.

There was no test run which

required more than 1 minute and 40 seconds of computer time.
On most of the test runs, 2/3 of the actual computer time
was spent preprocessing the data, while 1/3 was spent doing
the actual simulation.

This fraction is dependent upon

the network and the length of the sequence being simulated.
Assuming network structure independence, the actual time
for simulation increases linearly with the number of network
elements.
The simulator presents the network data in a form which
is readily usable by the secondary techniques. The signal
line values can be readily interrogated at any time to detect
fault coverage.

Although the actual data analysis for the

secondary techniques was done manually, this process will
be program implemented and interfaced with the simulator.

48

Based upon an analysis of the operations actually
performed by the simulator and the operations required by
the secondary techniques, it appears that an increase in
simulation time of less than 30% would be required by the
secondary techniques.

This increase would represent the

total cost associated with the secondary techniques since
the preprocessin g step would remain unchanged.

It is

believed that after the secondary techniques have been
program implemented and interfaced with TEGAS, the total
run times on networks similar to the ones tested will be
in the neighborhood of 2 minutes.

These techniques are

not intended for application to logical networks of entire
systems.

Based upon the above run times, it can be seen

that the computer cost associated with doing fault coverage
analysis, including application of secondary techniques,
would be very acceptable on modular networks.
B.

Analysis of Data
The results presented in this section do not totally

exhaust the data collected; however, they are considered
to be a representati ve sample.
Table 8 is a compilation of the results obtained from
analysis of the test run data.

The Network-Sequ ence row

label of Table 8 acts as a joint pointer to the network and
the correspondin g input sequence which gave rise to the data
in the associated row of the table.

This pointer can be

followed to the figures and tables of the appendix to find

49

the circuit diagram and the correspondin g input sequence.
The data columns within Table 8 are as follows:
I)
II)

The total number of faults considered
The number of faults which were detectable by
monitoring primary outputs only

III)

The number of additional signal lines which
require direct monitoring as suggested by
method l

IV)
V)

(Section II.B)

Additional fault coverage yield by method 1
Additional hardware required by method 2
(Section II.C)

VI)
VII)

Additional fault coverage yield by method 2
A pointer to Table 9 where the input sequences
generated by the backward drive are listed

VIII)

Additional fault coverage yield by the backward
drive technique

IX)

Total final fault coverage as a percentage of
column I

The total number of faults considered for each network
was the total of all possible single faults within the network after fault collapsing was performed across each gate.
That is, for an n input AND gate, n+2 single faults are
considered (as opposed to 2n+2): each input (sal) and the
output (sal) and (saO).

A (saO) fault on an input of an

AND gate is equivalent to the output (saO).

50

The data of columns III and IV is associated with
the method of selective signal line monitoring presented
in Section II.B.

This method places no upper bound on

the number of additional signal lines which must be directly
monitored; however, if it results in 4 or fewer signal
lines, it is to be preferred over the method of Section
II.C, which places an upper bound of 4 on the number of
additional network contacts which must be added, but requires additional internal hardware to assure this maximum.
Columns V and VI contain data associated with the
application of method 2.
Although it is entirely possible that a combination
of methods 1 and 2 could yield a joint solution on a
particular network which would be more acceptable than the
solution presented by either method independently, no
example of this type was encountered while running the
tests shown in Table 8.
Columns VII and VIII contain information associated
with the backward drive technique presented in Chapter III.
Column VII contains a pointer into Table 9.

By following

this pointer, the input sequence modifications, which were
generated by the backward drive technique, can be found in
Table 9.

This sequence was concatenated with the X se-

quence from Table A.l and resimulated to assertain if it is
successful in increasing fault coverage.

The success or

failure of this technique is reflected by value in column VIII.

51

Column IX lists the final fault coverage percentage.
This is calculated by finding the total of either columns

II, IV, and VIII or columns II, VI, and VIII and then
comparing this with column I.
The (--) symbols \-Jithin Table 8 indicate that for the
test run under consideration, the method indicated by the
(--) was not needed.
The backward drive technique was completely successful

in all cases except example E-2.

After the backward drive

was applied, the resulting sequence modifications were simulated to determine the success of the modified sequence.

In all cases, except E-2, the success was total.
has multiple feedback lines to varying levels.

Network E
On a net-

work of this structure, the space domain model for the
time domain system is a poor model.

In this situation,

the model failed, and the modified sequence was unable to
detect the remaining 3 faults.
On networks A and D', which are highly redundant networks, the secondary techniques handled the faults within
redundancies with no problem and resulted in total fault
coverage for all input sequences.
None of the example networks were exceedingly large.
However, as will be mentioned in Section IV.C, it appears
that the results on larger networks will be equally successful.

In fact, it is expected that there will be improver.-;ent

in the area of percentage of increased cost associated with

NetworkSequence

I

II

III

IV

v

VI

VII

VIII

IX

a

4

100%

---

--

100%

--

100%

A-2

I

11

10

1

1

---

---

A-3

I 11

8

2

3

---

--

---

B-1

24

7

4

13

---

--

b

4

100%

B-2

24

4

4

12

---

c

8

100%

B-3

24

9

4

13

---

---

d

2

100%

C-1

31

19

4

12

--

100%

I 31

16

4

12

---

---

C-2

-----

e

3

100%

D-1

25

7

7

3 gates

13

f

5

100%

25

11

7

13
12

3 gates

12

g

2

100%

D-3
D I -1

25

13

5

9

4 gates

h

3

100%

29

2

8

25

6 gates

9
25

i

2

100%

D'-2

29

6

8

23

6 gates

23

---

100%

E-1

20

19

1

1

--

---

---

E-2

I

6
18

4

11

--

j

F-1

20
28

6

10

10

---

--

85%
100%

F-2

I 28

21

3

7

--

---

--

100%

A-1

D-2

I

11

4

2

3

---

Table 8:

----4 gates

---

0

100%

Results for the Sample Networks

U1
I\.)

a

b

c

d

e

x10

xxxO

1111

xxxO

1xx

xxlO

1110

xxlO

Ollx

1010

Ollx

0000

f

1111

llOx

h

g

110x

lxOx

lx10

i

xllx

j

0

1

1110

0110

Table 9:

Sequenc e Modific ations for Table 8

lll

w

54

the extra contacts and hardware required by methods 1 and
2.

It is assumed that these secondary techniques would be

applied at the packaged component level rather than at the
total system level.

For this reason, the size of the net-

works would be limited.
By observing Table 8, in conjunction with Table A.l,
it can be seen that the success of fault detection is very
sequence dependent.

The dependency is upon both length of

the sequence and the order of the input changes.

The

secondary techniques presented herein had a high degree of
success, regardless of the input sequence.

In most cases,

when using these secondary techniques, the changing of an
input sequence affects the cost of realizing total single
fault coverage.

In contrast, existing methods have the

input sequence as the only variable which can be exercised
to yield increased fault coverage.
C.

Conclusion
Using the results presented in Section IV.B as a basis

upon which to draw conclusions, the secondary techniques
presented herein are extremely successful.

The goal of

total single fault coverage was realized on every example
except one.

Several of the example networks had multiple

feedbacks to various levels, and several contained redundant
sections of logic which would ordinarily introduce many
undetectable faults.

On these examples, the secondary

techniques were very successful in obtaining total single
fault coverage.

55

The amount of extra hardware required by method 2
was relatively high.

Method 2 never results in any fewer

than 3 or 4 additional gates; studies indicate it also
seldom requires more than 6 or 7 additional gates.

With

this in mind, it seems probable that on networks with
large number of gates, the percentage of required additional
gates will decrease.

The same argument is offered with

respect to the additional contacts required for methods
1 and 2.

The maximum of 4 will be more acceptable when

this number represents a smaller percentage increase.

This

will certainly be the case when the network has more elements and more external contacts.
Two design criteria can be suggested which would yield
easily detectable networks:

1) limiting the number of

feedback lines and the levels of logic over which the
feedback is passed and 2) designing the network so as to
keep the delay in all feedback loops nearly equal.

These

design criteria are attempts to strengthen the analogy
between time domain and space domain analysis for the
asynchronous case.

The goodness of this analogy is the

basis for the success of some of the FDT generation algorithms and for the backward drive secondary technique.

How-

ever, since these design rules are not and can not always
be followed, the need for a reliable set of secondary
techniques is critical.
The success of existing methods for doing fault detection on general networks is a direct function of the network

56

being considered.

Regardless of the effort spent in re-

fining the FDT sequence, the level of fault coverage will
be limited by the structure of the network.

Although

the additional cost required by the secondary techniques
presented herein is dependent upon the input sequence,
the level of fault coverage is much less dependent upon
network structure.
This study indicates that if these secondary techniques are utilized in conjunction with a reasonable FDT
sequence, total coverage of all single faults within a
network is generally realizable.

57

v
APPENDIX
Sample Networks
This section contains the circuit diagrams for the
networks which were used in collecting the data that is
presented in Section IV.B.

Table A.l lists the input

sequences which were applied to the networks of Figures
A.l-A.6 to obtain the data shown in Table 8.
The input sequences for the asynchronous networks
were structured within the constraints of the single input
change restriction.
Table A.l does not display the timing diagram for the
application of input sequences.

In all sample runs, except

E-2, the input variable vector has held level until the
network stabilized.
It was found that changing the input vector, before
the network stabilized, gave better fault coverage for
sequence 2 on network E.

This procedure was suggested by

the observation of an apparent.cyclic condition within
network E under the application of sequence 1.

I

0

+

r-l
:;><:

~
+

N

X

N

o,
0

(""')

:;><:

58

+

+

N

X

+

+

+

+

C(l
~

lo-1

:s

0

(J)

+.J

(J)

z

...-l

rO

f::

0.
U)

..-:;::

N

(J)

tyl

lo-1
;:1
~

·r-1

59

CI
g

co

Figure A.3:

Sample Network C

(Latched Adder)
0'1
0

N

---'\ r-------. r--..1.-----. .-..... l r - - - 1

!.---'

61

62

Lf)

63

l

-

xl

."'h

-~

x2

-~

./'

_:J

. ~,...

.)>
I

-

.I

.)
\...
·;

.--

r--

.)

. \..
\..

....-- ·...r
Figure A.6:

Sample Network F

z

64

Network
A

B

c

D

E

F

Sequence
000

0001

1100

0001

1

00

001

0011

1101

0000

0

01

101

0111

1110

0001

1

11

1111

1111

0011

1110

0000

1

10

0001
0000

2

000

0001

1100

0001

1

00

001

0011

1101

0000

0

10

101

0111

1110

0001

0

11

111

1111

0011

1

01

110

1110

1111

0

11

1

10
00

3

Table A.l:

000

0001

0001

100

0011

0100

101

0111

0101

111

1111

0111

110

1110

0000

010

1010

011

0010

Input Sequences for Sample Networks

65

BIBLIOGRAPHY
1.

J.P. Roth, "Diagnosis of Automata Failures: A Calculus
and A Method", IBM J. Res. Develop. , Vol. 10,
pp. 278-291, July, 1966.

2.

M.Y. Hsiao and D.K. Chia, "Fundamentals of Boolean
Difference for Test Pattern Generation", Proc.
4th Annual Pr1"nceton Cor1f • Inform •

s Cl.
·

,

March, 197 0.
3.

G.R. Putzola and J.P. Roth,

"A Heuristic Algorithm

For the Testing of Asynchronous Circuits", IEEE
Trans. on Elec. Comp., Vol. C-20, pp. 639-647,
June, 1971.
4.

M. Y. Hsiao and D. I<. Chia, "Boolean Difference for
Fault Detection in Asynchronous Sequential
Machines", IEEE Trans. on Elec. Comp., Vol. C-20,
pp. 1356-1361, Nov., 1971.

5.

W.G. Bouricius et al., "Algorithm for Detection of
Faults in Logic Circuits", IEEE Trans. on Elec.
Comp., Vol. C-20, pp. 1258-1264, Nov., 1971.

6.

H.A. Breuer, "A Random and an Algorithmic Technique
for Fault Detection Test Generation for Sequential
Circuits", IEEE 'l'rans. on Elec. Cornp., Vol. C-20,
pp. 1364·-1370, Nov., 1971.

66

7.

A.D. Friedma n, "Fault Detectio n in Redunda nt Circuit s .. ,
IEEE Trans. on Elec. Comp., Vol. EC-16, pp. 99-100,
1967.

8.

F.F. Sellers , M.Y. Hsiao and L.W. Bearnso n,

11

Analy-

zing Errors With The Boolean Differen ce .. , IEEE
Trans. on Elec. Comp., Vol. C-17, pp. 676-683 ,
1968.
9.

C.R. Kime,

11

An Organiz ation for Checkin g Experim ents

on Sequent ial Circuit s", IEEE Trans. on Elec.
Comp., Vol. EC-15, pp. 113-115 , 1966.
10.

F.C. Hennie, "Fault Detectin g Experim ents for Sequential Circuit s", Proceed ings of the 5th Annual
Switchi ng Theory and Logical Design Symposiu m,
S-164, pp. 95-110, 1964.

11.

z.

Kohavi and P. Lavalle e, "Design of Sequent ial
Machine s With Fault Detectio n Capabil ity .. ,
IEEE Trans. on Elec. Comp., Vol. EC-16, pp.
473-484 , 1967.

12.

z.

Kohavi and I. Kohavi,

11

Variabl e Length Disting uish-

ing Sequenc es and Their Applica tion to the Design
of Fault Detectio n Experim ents .. , IEEE Trans. on
Elec. Comp., Vol. C-17, pp. 792-795 , 1968.

67

13.

A. Ashkinazy, "Fault Detection Experiments for Asynchronous Sequential Machines", Conference Record
of the Eleventh Annual Symposium on Switching
and Automata Theory, pp. 88-93, October, 1970.

14.

S. Seshu and D.N. Freeman, "The Diagnosis of Asynchronous Sequential Switching Systems", IRE
Trans. on Elec. Comp., Vol. EC-11, No. 4, pp.
459-465, August, 1962.

15.

H.V. Chang, E. Manning, G. Metze, Fault Diagnosis of
Digital Systems, New York: John Wiley and Sons,
19 7 0 , pp. 2 9-4 7 .

16.

D.M. Rouse, "A Simulation and Diagnosis System Incorporating Various Time Delay Models and Functional
Elements", Ph.D. Dissertation, University of
Missouri - Rolla, Rolla, Missouri, 1970.

17.

P.R. Schneider, HOn the Necessity to Examine D-Chains
in Diagnostic Test Generation- An Example,"
IBM Journal of Research and Development, Vol. 11,
p. 14, 1967.

68

VITA
Lewis Ronald Hoover was born on July 23, 1940, in
Martinsburg, Pennsylvania .

He received the Bachelor of

Science degree in 1962 from Shippensburg State College.
Following graduation, he married Bonnie Lou Spealman, a
college classmate.
In August, 1963, he was awarded the M.A. degree from
Washington University, St. Louis, Missouri.
He was on the Physics Department faculty of Shippensburg
State College from 1964 to 1969.

During the summers of

1967, 1968, and 1969, he was a graduate student in the
Computer Science Department of the University of Missouri Rolla.

In 1970 he was on the staff of the same department.

Along with his duties as the father of three young
daughters, he is currently studying under a National Science
Foundation Fellowship in the Electrical Engineering Department of the University of Missouri - Rolla.
He is a member of Phi Sigma Pi and the Institute of
Electrical and Electronic Engineers.
Upon completion of his degree, he will begin duties
as a Professor of Mathematics and Computer Science at West
Chester State College, West Chester, Pennsylvania .

