been proposed, limiting the number of copies [5], in- .... condition is reached; if it appears on a flip-flop, ... number of flip-flops of the two machines MI and M2.
A Simulation-based approach to Test Pattern Generation for Synchronous Sequential Circuits P. Camurati
F. Corno
P. Prinetto
M. Sonza Reorda
Politecnico di Torino Dipartimento di Automatica e Inforrnatica Turin Italy
Abstract Particular design environments, e.g., those based on Partial Scan, may prevent Design for Testability techniques from reducing testing to a combinational problem: ATPG for sequential devices thus remains a challenge. Random and deterministic structure-oriented techniques are state-of-the-art, but there is a growing interest in methods that resort to the automaton of the circuit. This paper presents SETA, a sequential test generator based on automata, an ATPG applicable to synchronous circuits working in fundamental mode. SETA generates test patterns while trying to disprove the equivalence of two automata. SETA is simulation-based: within the theoretical framework of the product machine, state-of-the-art simulation techniques are used to yield satisfactory experimental results on the ISCAS’89 benchmark set [l].
1
Introduction
Despite the introduction of numerous design for testability techniques [2], test pattern generation for synchronous sequential circuits is still needed for some design environments, e.g., those based on partial scan. A major class of devices is represented by the synchronous sequential circuits known as Finite State Machines (FSM’s) that are in extensive use as building blocks in a variety of applications, ranging from VLSI devices to network controllers. Indeed, as reported in , many ASICs are “control-dominatecr‘, i.e., they are est modeled in terms of FSM’s, rather than in terms of d a t a path and control part. ATPG’s for synchronous sequential circuits are topology-based, simulation- based, or exploit the function of the circuit or its state transition graph (STG). The “iterative logic array’’ model that transforms sequential behavior over time frames into combinational behavior on iterated structures is the foundation beneath topological ATPG’s. The basic method extends the D-algorithm [4]. Many enhancements to it have been proposed, limiting the number of copies [5], introducing a 9-valued algebra [6], [7], searching for a path to be sensitized [8], [9], [IO],exploiting the benefits of techniques used in combinational ATPG [ll],
6”l
using a targeted D element technique to increase the number of mandatory assignments of PODEM [12]. Simulation-based ATPG’s heavily rely on fault simulation and appropriate cost functions to generate test sequences [ 131 , [ 141. There is an emerging roup of algorithms that are based on the STG. [lsfuses both the STG and the iterative array model. [16] decomposes test generation into a combinational part, fault-free state justification, and fault-free state differentiation. Selective enunieration of the STG is used and the functions are represented by covers. Binary Decision Diagrams (BDDs) [17] are increasingly popular as a means to represent functions [18]. By expressing through BDDs the 6 and X functions of the product machine [19], corresponding to the fault-free and faulty circuits, one can very efficiently compute the set of states reachable from the reset one, until a state is reached where the two circuits produce different outputs, or to the complete visit of the STG. Although symbolic traversal techniques can be very effective as they avoid explicit enumeration on inputs and states, they can deal only with one pair fault-free/faulty circuit a t a time, thus requiring the construction and traversal of the product machine for each not yet dropped fault [20]. Always within the theoretical framework of the product machine [19], a different approach to the extraction and visit of the STG for ATPG purposes is proposed in this paper and its performance discussed with respect to the previous methods. The approach is based on the siniultaneous exploration of the STG’s of the fault-free and all the faulty circuits through efficient simulation techniques. This allows one to overconie the problem of computing the circuit function for each fault, as in the case of BDD-based tools, whilst results show that the method compares quite well with the ones reported in the literature when real-size circuits are considered in terms of both CPU time and fault coverage. Section 2 presents the theoretical framework, Section 3 describes the test generation process of SETA, a sequential test generator based on automata, Section 4 shows experimental data on the ISCAS’89 benchmark set that allow a comparison with similar approaches
IEEE VLSl T E S T SYMPOSIUM 1992
0-7803-0623-6192 $3.00 1992 IEEE @
Paper
14.2 263
and justify this work. Section 5 eventually draws some conclusions.
Theoretical framework
2
A Finite State Machine M is defined by a 6-tuple [19]:
The Test Generation Process
3
The assumptions underlying SETA’S test generation strategy are: 0
M = ( I ,0,S, 6, A, so) where I is a finite, nonempty set of input values; 0 is a finite, nonempty set of output values; S is a finite, nonempty set of states; 6 : I x S ---* S is the state transition function; X : I x S -+ 0 is the output function; so is the initial state. For Mealy machines X : I x S + 0, whereas for for Moore machines X : S + 0. Two completely specified FSM’s MI and M 2 operating on the same input and output sets are equivalent iff, for all input sequences, all the elements of the output sequences are equal. The test generation problem for a FSM may be stated as follows: given a fault-free machine M 1 and a single stuck-at fault 7 ,generate a faulty machine Mz, operating on the same input, output, and state sets, where the fault T changes the 6 and/or X functions. If one can demonstrate that the two FSM’s are not equivalent, i.e., that there is a n input sequence such that the k-th elements ( k 2 1) of the two output sequences differ, then a test pattern has been found. If equivalence can be’proven, then fault 3 is undetectable. Given two FSM’s M1 = (I,O,S1,61, X1,s:) and M2 = (I,0 ,Sa, 62,X2,s!), the product machine M I 2 is defined as a 6-tuple: M 1 2
= (1,012,
S12,612,
A l a , s&)
where: 012
s12 612
= 0 x 0; = s1 x s,; :s 1 x Sg x I
---f
s1
x
s, :
= ( 6 1 ( S l , i), b a ( s 2 , i ) ) ; X12:S1 x s a x I + O x O : M S l , $ 2 , i) = ( X l ( S 1 , i), X2(s2,i)); 612(Sl, s 2 , q
where: SI so2
E S1;s? E &;i E I = (s!, s;).
Given two machines MI and M a , the state set S12 of their product machine M l 2 may be partitioned into two subsets Q12 and Z1:! such that S 1 2 = Q l 2 U 2 1 2 and Q12 n 2 1 2 = 0. The two subsets are defined as: 9 1 2 = (q12 = ( 4 1 , ~ E ) Si2 : vi E I Xl(41,t) = h ( q 3 , i)} 2-12 = ( 2 1 2 = ( Z l , Z 2 ) E s 1 2 : 3i E I Xl(z1, i) # Xa(z2, i)} An equivalence condition directly used by the algorithm is: two FSM’s MI and M 2 are equivalent iff in the product machine M l 2 the subset 2 1 2 is either unreachable from the initial state sya or empty. Paper 14.2
264
0
0
the circuit is described at the gate level and flipflops are treated as primitive elements, clocked by a single-phase clock; each flip-flop has a reset signal, so that the FSM may be forced at any time into the all-zero initial state, valid under both faulty and fault-free conditions; only single stuck-at faults are considered.
The test generation process works in three phases: during the first phase the algorithm considers all faults at the same time, trying to propagate a difference with respect to the fault-free machine on the primary outputs or on the flip-flops of one of the faulty machines. If a difference appears on a primary output, a successful termination condition is reached; if it appears on a flip-flop, the ATPG proceeds to phase 2. during phase 2, the ATPG looks for a sequence of input patterns that is able to propagate the difference that appeared on the flip-flops of the pair determined in the previous phase onto any primary output. If that goal is reached, the test pattern sequence is returned and the process continues resuming from phase 1 until all faults are tagged as aborted or detected; the third phase corresponds to the fault simulation of the pattern sequence possibly generated in the two previous steps, in order to drop other faults covered by the same sequence. The first phase visits in breadth-first the STG’s of the fault-free and of all not yet dropped faulty machines; this is done by means of a compile-driven patternparallel simulation of the fault-free machine, whereas the faulty ones are computed by difference with respect to it using the Single Fault Propagation technique [21], i.e., using an event-driven pattern-parallel method. A hash table is used to record the states which have already been reached. In this way all the product machines are implicitly extracted, while the memory requirements are limited to the set of states reached by the fault-free circuit. Explicit enumeration on the primary inputs is generally unaffordable for bigger circuits, thus inputs are in some cases sampled, rather than exhaustively enumerated. The number of samples varies, but it is orders of magnitude smaller than its upper bound, typically ranging froin 1,000 to 10,000 samples. During the second phase only a single fault is considered, and the breadth-first visit of the single product machine composed of the fault-free circuit and the
faulty one is continued using the mixed compile-driven and event-driven approach described before. To improve the efficiency of the algorithm several heuristics have been experimented, modifying the pure breadth-first method for visiting the STG. A best-first strategy is used in both the first and the second phase, based on the definition of a weight function evaluating the goodness of each state among the ones to be simulated. This function estimates a distance between the current state and the one where a difference appears on a primary output. It is defined in terms of the number of flip-flops of the two machines M I and M2 that are already set t o opposite values. The weight function is thus a measure of observability. Note that the set of states reached during the first phase is maintained throughout the whole process, thus avoiding unnecessary recomputation of the partial STG’s already visited. Moreover, using this method all untestable faults for which a difference never appears on any flip-flop are found a t the same time, i.e., when the whole STG of the fault-free niachine has been visited.
Experimental Results
4
This section presents the experimental results obtained by applying S E T A to the circuits of the ISCAS’89 benchmark set [ 11. Relevant structural features of these circuits are shown in Tab. 1, where: 0
PI is the number of primary inputs
0
PO is the number of primary outputs
0
dff is the number of D-type flip-flops
0
gates is the number of gates
0
faults is the number of faults according to [l].
In order to verify the applicability of SETA, statistics on the number of reachable states in the fault-free and in the faulty machines were gathered (Tab. 2): as easily seen, that number is considerably less than its upper bound 2#fiip-f10ps, e.g., 8868 states instead of 2’l for circuits s526 and s526n. For the faulty machines, the average nuniber of reachable states are of the same order of magnitude as the reachable states of the fault-free machine. The maximum number of reachable states is bigger, but still considerably less than the upper bound. In most cases faults are detected by constructing a small portion of the product machine. The complete product machine is visited only to prove that a fault is undetectable. Memory requirements are thus considerably relaxed. S E T A has been iiiipleniented in C-language, amounting to approximately 6000 lines of code and runs on a SUN Sparcstation- 1. Tab. 3 shows experimental data on fault coverage (FC) and CPU time. FC is defined as:
Table 1 - The ISCAS’89 benchmark set
# states 1 reachable
total
Table 2
-
# reachable states avg
I max I min
Reachable states statistics
Paper 14.2
265
n Circuit
I # faults I
Detected
I
FC 1 CPU time I1
From a conceptual point of view, two FSM’s are considered: the former one corresponds t o the fault-free machine, the latter to the faulty one. The fault detection condition is expressed in terms of the product machine of the two automata. An algorithm in breadth-first visits that part of the product machine that is necessary t o either tag a fault as undetectable or to construct a minimum-length test pattern for it. Experimental results show that SETA has good performances [22] and that some ISCAS’89 circuits are poorly testable per se, no matter the ATPG and that the bigger benchmarks are still an insurmountable difficulty.
References [l] F. Brglez, D. Bryan, K. Koiminski: “Combina-
tional profiles of sequential benchmark circuits,” ISCAS’89: IEEE International Symposium on Circuits And Systems, Portland, OR (USA), May 1989, pp. 1929-1934 [2] T.W. Williams, K.P. Parker: “Design for Testability - a survey,” IEEE Transactions on Computers, Vol. C-31, n. 1, January 1982, pp. 2-15 [3] W. Wolf: “The FSM network model for behavioral synthesis of control-dominated machines,” DAC-27: 27th IEEE/ACM Design Automation Conference, Orlando, FL (USA), June 1990
Table 3
-
Experimental results
[4] G.R. Putzolu, J.P. Roth: “A heuristic algorithm for the testing of asynchronous circuits,” IEEE Transactions on Computers, Vol. C-20, n. 6, June 1971, pp. 639-647 [5] H. Fujiwara: “Logic testing and design for testability,” The MIT Press, Cambridge, MA (USA), 1975
#of detected faults FC = #of faults
Some circuits (s420 and s838) are poorly testable, as confirmed by an experimental comparison with other algorithms [22]. Again, the bigger circuits, from s9234 t o ~38584,are difficult to test, no matter the algorithm [22]. Circuits s510, s953, and s5378 are poorly initializable. Circuit s35932 does not appear in the table, as the current implementation of the algorithm allows a t most 32 primary inputs. Experimental data shows that SETA performs well compared with results available in literature, as shown in the comparative analysis of [22].
5
Conclusions
SETA, a n approach to ATPG for synchronous circuits working in fundamental mode, has been presented. Resorting to FSM’s as models it is possible to deal in a uniform way with both Mealy and Moore machines. Paper 14.2
266
[6] P. Muth: “A nine-valued circuits model for test generation,” IEEE Transactions on Computers, Vol. C-25, n. 6, June 1976, pp. 630-636 [7] T. Hayashi, K. Hatayama, S. Ishiyania, M. Takakura: “Two test generation methods for sequential circuits,” ISCAS’89: IEEE International Symposium on Circuits And Systems, Portland, OR (USA), May 1989, pp. 1942-1945 [8] R. Marlett: “An effective test generation system for sequential circuits,” DAC-23: 23th IEEE/ACM Design Automation Conference, Las Vegas, NV (USA), June 1986, pp. 250-256
[9] W.T. Cheng, T.J. Chakraborty: “Gentest: an automatic test-generation system for sequential circuits,” IEEE Computer, April 1989, pp. 43-48 [lo] W.T. Cheng, S. Davidson:
“Sequential circuit test generator (STG) benchmark results,” ISCAS’89: IEEE International Syniposium on Circuits And Systems, Portland, O R (USA), May 1989, pp. 1939-1941
[ll] M.H. Schulz, E. Auth: “ESSENTIAL: a n efficient self-learning test pattern generation algorithm for sequential circuits,” ITC’89: International Test Conference 1989, Washington, DC (USA), September 1989, pp. 28-37
[12] T. Niermann, J.H. Patel: “HITEC: a test generation package for sequential circuits,” EDAC’91: IEEE European Design Automation Conference, Amsterdam (The Netherlands), February 1991, pp. 214-218 [13] V.D. Agrawal, K-T. Cheng, P. Agrawal: “A directed search method for test generation using a concurrent fault simulator,” IEEE Transactions on Computer-Aided Design, Vol. 8, n. 2, February 1989, pp. 131-138 [14] K-T. Cheng, V.D. Agrawal: “Concurrent test generation and design for testability,” ISCAS’89: IEEE International Symposium on Circuits And Systems, Portland, OR (USA), May 1989, pp. 19351938 [15] H.K.T. Ma, S. Devadas, A.R. Newton, A. Sangiovanni-Vincentelli: “Test generation for sequential circuits,” IEEE Transactions on ConiputerAided Design, Vol. 7, n. 10, October 1988, pp. 10811093 [16] A. Ghosh, S. Devadas, A.R. Newton: “Test generation for highly sequential circuits,” ICCAD-89: IEEE International Conference on Computer Aided Design, Santa Clara, CA (USA), November 1989, pp. 362-365 [17] R. E. Bryant: “Graph-based Algorithms for Boolean Function Manipulation,” IEEE Transactions on Computer, Vol. C-35, No. 8, August 1986, pp. 677-691 [18] H. Cho, G. Hachtel, S.-W. Jeong, B. Plessier, E. Schwarz, F. Somenzi: “ATPG aspects of FSM verification,” ICCAD-90: IEEE International Conference on Computer Aided Design, Santa Clara, CA (USA), November 1990, pp. 134-137 [19] Z. Kohavi: “Switching and Finite Automata Theory,” Computer Science Series, Mc Graw Hill, New York, NY (USA), 1970 [20] H. Cho, G. Hachtel, F. Somenzi: “Fast sequential ATPG based on implicit state enumeration,” ITC91: IEEE International Test conference, Nashville, T N (USA), October 1991, pp. 67-74 [21] D.Hare1, R.Sheng, J.Udell: “Efficient Single Fault Propagation in Combinational Circuits,” ICCAD’87: IEEE International Conference on CAD, Santa Clara, CA (USA), November, 1987, pp. 2-5 [22] P. Camurati, M. Gilli, A.R. Meo, P. Prinetto, M. Sonza Reorda: “Comparing ATPG’synchronous circuit working in fundamental mode ConipEuro’91: IEEE Conference on VLSI and Computers, Bologna (Italy), May 1991, pp. 224-228 Paper 14.2
267
T
