Optimal testing input sets for reduced diagnosis

IEEE TRANSACTIONSON NUCLEAR SCIENCE, VOL.41, NO. 1, FEBRUARY 1994

307

Optimal Testing Input Sets for Reduced Diagnosis Time of Nuclear Power Plant Digital Electronic Circuits Dae Sik Kim and Poong Hyun Seong Abstmct-This paper describes the optimal testing input sets required for the fault diagnosis of the nuclear power plant digital electronic circuits. With the complicated systems such as very large scale integration (VLSI), nuclear power plant (NPP), and aircraft, testing is the major factor of the maintenance of the system. Particularly, diagnosis time grows quickly with the complexity of the component. In this research, for reduced diagnosis time we derived the optimal testing sets that are the minimal testing sets required for detecting the failure and for locating of the faiied component. For reduced diagnosis time, the technique presented by Hayes fits best for our approach to testing sets generation among many conventional methods. However, this method has the following disadvantages; a) it considers only the simple network b) it concerns only whether the system is in failed state or not and does not provide the way to locate the failed component. Therefore we have derived the optimal testing input sets that resolve these problems by Hayes while presening its advantages. When we applied the optimal testing sets to the automatic fault diagnosis system 0 s ) which incorporates the advanced fault diagnosis method of artificial intelligence technique, we found that the fault diagnosis using the optimal testing sets makes testing the digital electronic circuits much faster than that using exhaustive testing input sets; when we applied them to test the Universal (W) Card which is a nuclear power plant digital input / output solid state protection system card, we reduced the testing time up to about 100 times.

I. INTRODUCTION I T H the complicated systems such as very large scale integration (VLSI), nuclear power plant, and aircraft, testing is the major factor of the maintenance of the system. Particularly, the diagnosis time grows quickly with the complexity of the component. For example, there are about 20,000 electronic circuit boards in one unit of nuclear power plant (NPP). The physical components form which these devices are built are subject to failure, and given design practices of many existing NPPs, the failure of even a single component can lead to a reactor trip of the NPP. On the other hand, it takes large amounts of time and effort to test the electronic circuits of a NPP system because present testing practice is done manually. For example, it takes about 20 min to test a UV Card. Manuscript received April 23,1993;revised September 29, 1993. The authors are with Korea Advanced Institute of Science and Technology, Department of Nuclear Engineering, 373-1 Kusong-dong, Yusong-gu, Taejon, Korea 305-701. IEEE Log Number 9214120.

Since 1970s, the fault diagnosis methods of electronic circuits by artificial intelligence (AI) technique have been researched and some of them have been implemented. The early fault diagnosis methods, MYCIN [201 and dalgorithm [17], which use the AI technique have some disadvantages; their specificity-the problem to put the experimental knowledge into database, Therefore, in our previous work, we developed an advanced fault diagnosis method which incorporates the combination of the DART system [7] and Corroboration [41. We also developed an automatic testing system of electronic circuits by implementing this fault diagnosis method into a microprocessor. This system tests the circuits off-line and it was named Automatic Fault Diagnosis System (AFDS) [131. However, the fault diagnosis methods using AI consider mainly the method to detect the failed component and do not consider the method to reduce the time required for the diagnosis of the system (circuits, network). Although the process has been shown to be, in general, NP complete, Goel’s experience is that computation time is close to an N 2 curve, where N is the number of gates in the circuit 181. The term, NP complete, is to symbolize the abyss of inherent intractability that algorithm designers increasingly face as they seek to solve larger and more complex problems [6]. In [12] the test pattern generation process for a combinational logic structure is theoretically NP complete. Because of this, large efforts have been devoted to develop methods for the reduced diagnosis time. Some methods such as exhaustive testing, random pattern testing [19], syndrome testing [18], pseudoexhaustive testing [15], biased random testing [21] and deterministic input set testing [21, 131, [lo], ill], [161 have been suggested. Despite these efforts, a number of problems remain unsolved with the best current testing strategies. In this research, we suggest a new approach for reducing the diagnosis time. We first restrict ourselves to the class of permanent single stuck at fault; stuck at fault is that a faulty line appears logically as if it is either stuck at a constant 0, or at a constant 1. A fault consisting of single stuck line is called a single fault, and one involving one or more stuck lines is called a multiple faults. One of the reasons why we used “single fault” assumption in our work is that the circuits in NPPs are usually very reliable and the probability that the circuits will have multiple faults is believed to be low. The longtime standing as-

0018-9499/94$04.00 @ 1994 IEEE

308

IEEE TRANSACTIONS ON NUCLEAR SCIENCE, VOL. 41, NO. 1,FEBRUARY 1994

sumption of “acyclic circuits” and “stuck fault” is also followed in our work. In order to reduce the diagnosis time we have developed optimal testing sets, i.e., the minimal testing sets needed for input sets to determine whether or not the circuit if fault-free and to locate the faulty gate. By using the deterministic testing pattern generation we have derived the minimal testing sets. It was mentioned above that, in our previous work, an advanced fault diagnosis method [13] which incorporates the combination of the DART system and Corroboration was generated and an automatic testing system of the electronic circuits by implementing this fault diagnosis method into a microprocessor was developed. In this research we have developed the optimal testing sets and then implemented them into the AFDS. By actually applying the system to test a UV card [14], which is a NPP digital input/output solid state protection system card, we have confirmed that the fault diagnosis system with the optimal input sets works fast and efficiently. In Section 11, we briefly describe the AFDS which was developed in our previous work. In Section 111, the optimal testing sets developed are explained with the description of the other historical methods. The optimal testing sets are applied to test the UV Card by using the AFDS and the results are shown in the following section.

Since the supply voltage of the microprocessor is about 5 V whereas the supply voltage of the UV Card is about 15 V, the input/output ports of a UV Card cannot be directly connected to those of the microprocessor. To solve this problem we use a medium-voltage transformer -to match the values of the supply and the threshold voltages. We construct the voltage transfer by using the OP amps.

B. Sofhyare of the AFDS The fault diagnosis algorithm written in Arity Prolog [l], an AI language, is based on model based reasoning method among AI techniques. The flowchart of this algorithm is shown in Fig. Nd). In our former paper [13], we presented the advanced fault diagnosis method incorporating the combination of DART system and Corroboration in detail. We briefly describe the advanced fault diagnosis method as follows: The basic paradigm of model based reasoning for diagnosis can be understood as in the interaction of observation and prediction; Observation indicates what the device is actually doing whereas prediction indicates what it is supposed to do. The interesting event is any difference between the two, a difference termed as a discrepancy. Simply put, if the model is right, the device must be broken, and the discrepancies are the clues to the charac11. CONFIGURATION OF AN AFDS ter and to the location of the faults [41. In this section, we briefly describe the functions of each We briefly describe the notations in model based reacomponent of the AFDS. We divide the AFDS into the soning method as follows. hardware and the software. Discrepancy: the situation in which a measured value A. Hardware of the AFDS does not match the prediction at that point (primary output line). The A F D S is composed of a personal computer (PC), a microprocessor and a device (circuit, system) under test. Corroboration:the situation in which a measured value The configuration of the AFDS is shown in Fig. l(a). We matches the prediction at that point (primary output describe the functions of each component. line). A microprocessor [9], the Intel 8086 microprocessor, DList: the set of the point (primary output line) which applies the testing sets to the circuit and receives the produces a discrepancy for each testing input set. response of each testing set; The microprocessor observes SList: the set of the point (primary output line) which the states of the circuit input and output under test and produces a corroboration for each testing input set. transfers the results to the PC. A microprocessor perSuspect: the component which might have misbehaved forms the data acquisition function of the AFDS. in a way that can produce the observed discrepancy. A PC, the IBM compatible AT (386 DX/33), receives To be a suspect, a component must have been conthe states of the circuit input and output from the micronected to a discrepancy. When there are more than processor, executes the fault diagnosis algorithm, and one discrepancy, we can generate the suspects for displays the results of the fault diagnosis of the circuit each discrepancy, and then intersect them. Thus, we under test. The PC performs the fault diagnosis and can determine the suspect list, S,. control functions of the AFDS. A PC is connected to a Corroboration list: the component which is involved in microprocessor over the serial port. corroboration. To be a corroboration list, a compoConsider the interface between the microprocessor and nent must have been connected to a corroboration. the device under test (UV Card). There are some cases When there is more than one corroboration, we can the input/output ports of the microprocessor cannot be generate the corroboration components for each cordirectly connected to those of the device under test beroboration, and then intersect them. Thus, we can cause the values of the supply and the threshold voltages determine the corroboration list, C,. of the microprocessor are not always identical to those of Candidate: a component which is diagnosed to be a the device. It is the case for the AFDS when testing the failed component by A F D S . UV Card. Consider the interface between the UV Card [141 shown in Fig. l(b) and (c) and the microprocessor. The procedure of the fault diagnosis algorithm shown

309

KIM AND SEONG: NUCLEAR POWER PLANT DIGITAL ELECTRONIC CIRCUITS

II

n I1 14

27

2s

A2

El 111 A6

I

E8

Ma

(C)

(dl

Fig. 1. (a) The configuration of the automatic fault diagnosis system. (b) A 4-input circuit of the W card used for fault diagnosis. (c) The first 3-input circuit of the UV card used for fault diagnosis. (d) Flowchart for the fault diagnosis algorithm.

in Fig. l(d) is as follows: Step 0: Initialize ' D e 9' D' e= ' where 'D, c,, and represent the suspect list, corroboration list, and all the gates in the circuits under test, respectively. Step 1: If there are testing input set and observed output set, go to step 2. Otherwise, go to step 6. Step 2: If there exists any discrepancy, go to step 3. Otherwise, go to step 1. Step 3: Determine Slist and Dlist. Step 4: Determine Sb and Cb from the results obtained in step 3. Step 5: Determine S, C= S, n Sb and C, * C, n Cb. And go to step 1. Step 6: Determine candidate list C, c= S, - C,. Step 7: Print candidate list as failed gate. And the diagnosis algorithm ends.

The reasons why this algorithm is written in prolog language are as follows; a) it is easier to learn and to use than Lisp, b) it uses less memory and is easily movaae from one computer to another, c) and it is easy to treat the pattern match and list.

111. OPTIMAL TESTING SSET A. Survey of the Testing Methods Testing is now recognized as a major cost factor in manufacture and use of digital integrated circuits. With the advent of the complicated systems such as VLSI, NPP, and aircraft, testing became one of the most costly, complicated and time consuming problems; Particularly, the diagnosis time that is the time required for diagnosis of the circuits (systems, device) grows quickly with the complexity of the component. Although the process has been shown to be, in general, NP complete, Goel's experience

310

IEEE TRANSACTIONSON NUCLEAR SCIENCE, VOL. 41,NO. 1, FEBRUARY 1994

is that computation time is close to an N 2curve, where N is the number of gates in the circuits [8]. Some methods such as exhaustive testing, random pattern testing [191, syndrome testing [18], pseudoexhaustive testing [15], biased random testing [21] and deterministic input set testing [21, [31, [lo], [lll, [161 have been suggested. These techniques are mainly used in self testing and in design for testing. These techniques do not use the AI technique. In order to apply some of these techniques the design of the system has to be changed. But the design of the system that we test is not changeable for the testing. We simply spell out the demerits and merits of each technique, respectively, and put the merits of these techniques in the aspect of reduced diagnosis time. Exhaustive Testing: An n-input system can be tested thoroughly by applying all 2" input combinations and by verifying that the correct output is obtained for each input combination. This technique is called an exhaustive testing. An exhaustive testing is recommended for those networks for which the corresponding test time is not excessive. This can guarantee that all single faults be covered. Also, this technique does not require time for generation of testing pattern generation. It provides a through test but requires too much diagnosis time for components with many inputs. Random Pattem Testing [19]: The random pattern testing can be spelled out simply as the following: Given a combinational circuit that has to be tested with N random patterns, either prove that 100 - E percent of the populations single stuck-faults would be detected with probability 1 - S or modify the logic to satisfy this (Typically E < 2, 6 < 0.001). The class of random test uses random input stimuli rather than an exhaustive set. The number of random inputs applied during the test is closely related to the affordable test time and can be roughly ten million for high performance circuits. Although the random test removes the partitioning burden, it has introduced the problem of test quality verification. The application of random pattern testing, however, which is far from being exhaustive, may require a quality verification especially when high fault coverages are required. Syndrome Testing [18]: The syndrome testing is a testing technique based on the permanent stuck fault model. The methods such as random testing, exhaustive testing, and deterministic testing to test combinational circuits are to detect all faults from prescribed testing sets and to store both the testing sets and the fault-free output sets of individual test vectors. Therefore the storage required for these methods to test the large circuits is considerably large. However, the storage requirement for the syndrome testing is low. The procedure for the syndrome testing shown in Fig. 2(a) is as follows: Step 1: Apply the exhaustive testing set to the circuit. Step 2: Count the number of 1's appeared at the output line of the circuit. That is, count the number of minterms of the circuit-syndrome of circuit.

Step 3: The circuit is fault-free if the observed syndrome of the circuit is the same as the fault-free syndrome. Otherwise, the circuit is faulty. Therefore the storage requirement for implementing the test procedure will be only one number, called the syndrome of the circuit, which is based on the number of minterms realized by the switching function. Since a fault-free and faulty circuit do not necessarily have different syndromes, special design of the combinational circuit is a circuit syndrome-testable. A circuit is syndrome testable if the syndrome of any faulty version of a circuit induced by a single stuck-at fault does not equal the syndrome of the fault-free circuit. In order to test the circuits which have a large number of the input lines, the combinational circuits is partitioned into subcircuits and designed so that each subcircuit is syndrome-testable. In this way, each subcircuit can be tested separately in no more than 1s. Pseudoexhaustwe Testing-Veri$cation Testing [15]: We simply describe the pseudoexhaustive testing: Tracking back from each output yields a subset of input, respectively. By applying all possible combination of subset of input to input line, each output can be tested exhaustively. In pseudoexhaustive testing, fault coverage is calculated only for single stuck faults. It is known that other types of faults such as multiple stuck at faults or bridging faults are important, but the assumption is made that tests for single stuck faults will detect a sufficiently large fraction of these other faults. Pseudoexhaustive testing does not rely on an explicit fault model and is thus not limited to any specific class of faults such as stuck faults. However, with pseudoexhaustive testing, 100% for single stuck faults is guaranteed without any fault simulation using the single stuck fault model. With pseudoexhaustive testing it is necessary to do a computation to determine the test set but computation time depends only on the number of network inputs and outputs. The time required appears to be much less than that for test pattern generation. Most combinational networks have more than one output. In many cases each of the outputs depends on only subset of the inputs. A circuit in which any output is not dependent on all of the inputs is called a partial dependence circuit (PD circuit). For example, pseudoexhaustive testing technique is described in Fig. 2(b). In Fig. 2(b) the dependence is simply calculated by tracing path from output to inputs. Each of the output depends on two inputs; four input patterns are therefore required to exhaustively test an individual output. Biased-Random Test Pattem Generation [21]: Almost regardless of the method used in generating test patterns, it is easy to achieve coverage of at least 70% of the faults in a combinational circuit. However, considerable price and effort must be given in generating the test patterns required for achieving high quality of fault coverages. To reduce the price and effort an approach was proposed to the generation of test patterns for a combinational circuit

311

KIM AND SEONG NUCLEAR POWER PLANT DIGITAL ELECTRONIC CIRCUITS

tl

T

1100

a-- 1010 REFERENCE SYNDROME

-1

EQUALITY CHECKER1

1

FAULT INDICATION

'1

x r l

1110

9

x'm=D-' I

W

x3

x4

L

5

n

w

12

(e)

(f)

Fig. 2. (a) The procedure for the syndrome testing. (b) A simple example illustrating the derivation of the verification test inputs. (c) Flowchart for the test generation strategy by using the biased random testing. (d) The drawing illustrating for the derivation of the number of minimal input set. (e) A simple example illustrating the derivation of the complete test set for single fault on line 12. (0A simple example illustrating the derivation of the optimal testing sets.

1001

IEEE TRANSACTIONS ON NUCLEAR SCIENCE, VOL. 41, NO. 1, FEBRUARY 1994

312

consisting of three phases, as illustrated in Fig. 2(c) [21]. Phase I is for the generation of uniformly distributed random test patterns, because a large portion of faults are easily covered with these test patterns. Phase I1 deals with the production of biased random test patterns, i.e., nonuniformly distributed random test patterns. Faults which remain undetected after simulating the biased-random test patterns are the inputs to phase 111. In phase 111, these remaining faults can be processed, after the design is expressed at the gate level, by more deterministic test pattern generator. The approach to biased-random pattern generation presented in [211 uses the difference fault model, a formal abstraction of the faults at the implementation level, as the basis for fault simulation. The function simulation results provide guidance for the generation of biased random test pattern. Deterministic Input Set Testing: In this section, we describe the techniques of the deterministic input set testing. We divide the techniques of the deterministic input set testing into two techniques: one technique based on the expert experience and the other technique based on the mathematical concepts. First we describe the techniques based on the expert experience, which was presented by Hayes [lo], ill]. This technique is based on the systematic labeling of the line of a network to determine the number of the minimal testing sets required for fault detection. We simply describe this technique as follows: A network N has only one primary output. For such a circuit it suffices to consider only 0’s and 1’s when defining labels, since all fault signals must be propagated to the observable output. In this technique, we associate with L, of each line N a label of the form below: ( z , ,U,),

where zi is the number of 0’s and U, is the number of 1’s placed on L, by a minimal set of testing for q.,the subnetwork with Lias a primary output. In this technique, first label a network, and then determine the number of a minimal testing sets based on the labeling of each line. The procedure to label a network N is as follows (see Fig. 2(d)): 1) Assign (1,l) to every primary input of N . 2) Let { ( z i , u i ) }be the set of labels assigned to all inputs {L,}of gate G,. Assign to the output L, of G, the label ( z , ,U,) defined as follows:

z,

=

m?{u,}

(1)

I

E.,.

subnetwork efficiently with output 15,.For example, Fig. 3(d) shows a device made from two nand gates. Using this technique we label each line and can determine five testing sets. These testing sets can detect the stuck fault occurred in device. Using this technique the number of testing sets is much smaller than that of testing sets when tested exhaustively. While this technique makes diagnosis time short, it has the following disadvantages: 1) It takes a large time and efforts to generate the testing sets. 2) This technique considers the simple network. 3) This method considers only the determination on whether the system is fault-free or not and does not provide the way to locate the faulty component. Secondly, various approaches to the generation of the testing set of the combinational circuit based on the mathematical concepts were proposed [21, [31, [161. By using the concept of Pseudo Boolean function we describe the technique of testing set generation presented in [31. Technique proposed has various advantages compared with the approach presented in [21, [16]. The procedure to generation of the complete test set for combinational circuit is as follows: Step 1: Find the logical function, f ( x l , xz,--*,xn), in terms of the primary input lines. - ,i p ) , Step 2: Derive the logical function, f ( X , , , X i 2 , - *X in terms of different internal nodes, i.e., the variables X i l ,Xiz,---, Xipassociated with the p lines i,, i 2 , - - *i,,, respectively, assumed to be faulty. x i 2 , * * * X!p), , Step 3: Derive the logical function, obtained from f(XiLXiw-**, Xi,>replacing Xi,, X i z , - - -Xip , by Xil, Xi2,--*, X i p , respectively. Step 4: Derive the real transforms, T ( f ( X , , , X i 2 , - * * , Xip))and T(f(Fi1,giz,*xip))2l, of f(Xil, X i 2 , . - -X , i p ) and f ( X i l ,XiZ;.-, Xi,), respectively. And then, determine the Pseudo-Boolean function,- F = T ( f ( X j l ,Xi2,***, Xi,>) + T ( f ( X i l ,Xi2;.*, which is the arithmetic sum of these two real transforms. Step 5: Get the set A with the primary input combinations which minimize the Pseudo-Boolean function F have its value equal to 0 and maximize the Pseudo-Boolean function F to have its value equal to 2. Thus, determine the required complete test set A’.

f(zil,

zip)),

In the above procedure, we restrict ourselves to consider the generation of the complete test set for the case of the single fault and the multiple fault only. Similarly, Equation (1) indicates the fact that 1’s on different we could get the complete test set for the bridging fault. inputs of G, can be propagated simultaneously through For example, we derive the complete test set for a the gate, while 0’s on the inputs, as implied by (21, must be single fault on line 12 of the circuit shown in Fig. 2(e) [31. propagated separately. The labels generated by the above Step 1: Derive the function f(xl, x 2 , x3, x4) = X1x2+ procedure are unique. Furthermore, z j + U, is the mini+ x l z z x , + xz53x4. mum number of tests required to detect all faults in the U, =

i

(2)

KIM AND SEONG NUCLEAR POWER PLANT DIGITAL ELECTRONIC CIRCUITS

Step 2: Derive the logical function f(X,,) = Z,x, ~ 1 Z 4 X 1 ,+ ~ 1 ~ 3 X + 1 2x Z X ~ X ~ . Step 3: Derive the logical function =Rlx,

+

+

f(xl,)

+ +

~1~4Z1z~1~3X12~ 2 ~ 3 . ~ 4 .

Step 4: Derive the Pseudo-Boolean function F = T(f(X1,)) + T ( f ( x 1 , ) )= 2 - (1 - R1xJ (1 - x , + ~ X ~ - x1~3(X’+ x4)) (1 - X,X,((X, + x4)) - (1 - x,x,) (1 - xzZ3x4X1 - xlxZx3xq). Step 5: We determine the primary input combinations which minimize and maximize the PseudoBoolean function F to be (4,5,6,7,13} and (0, 1,2,3,9}, respectively. And we form the set A = (0, 1,2,3,4,5,6,7,9,13}. Thus, we generate the complete test set A’ required for the single fault on the line 12 as A’ = @,lo,11,12,14,15}. This method has the following advantages: a) it covers various types of faults such as single fault, multiple fault and bridging fault b) the real transforms of Boolean function is directly obtained and c) testing input sets are generated automatically and the computation time required for testing input sets is reduced. In spite of above advantages, a large effort must be paid for deriving logical functions for all primary outputs of a large combinational network, expressing them in terms of different internal nodes assumed to be a faulty, and fmding real transforms of so many logical functions.

Optimal Testing Set A new improved method to reduce the diagnosis time is suggested in this work. Because the UV Card is used in the protection system in NPP, the testing method requires the high fault coverage. And the UV Card is composed of only nand gates. Because of these, using deterministic testing pattern generation is the best fit to reduce diagnosis time in the UV Card testing. Our approach to reduce diagnosis time is to reduce the number of testing sets. When the optimal testing sets are applied to the UV Card, we can determine whether or not the circuit is fault-free and can locate the faulty gate. The optimal testing input sets, therefore, mean the minimal testing sets that can determine whether or not the circuit is fault-free and can locate the faulty gate. Our approach to generate the optimal testing input sets is similar to that of Hayes [lo], [ll]. However, our approach considers the network that contains multi-outputs and considers not only the detection of the faultiness of the circuit but also the location of the faulty component. For convenience, only the acyclic circuits will be considered. Definition I: Detection is the procedure for determining whether or not the circuit is fault-free. Definition 2: Location is, after the detection of a fault, the procedure for determining of a failed component in a electronic circuit. Definition 3: A circuit is an acyclic circuit if it can contain no closed loops or feedback. It is proper that we

313

ourselves concentrate on the class of acyclic circuits, because the fault diagnosis methods using the AI techniques developed till now are based on acyclic circuits. Definition 4: A circuit is fault-diagnosable only if it has multi-inputs and multi-outputs. Only the circuit that has multi-inputs and multi-outputs is testable by the fault diagnosis method using the DART system and Corroboration. Definition 5: An input signal of a gate, regardless of the other input signals, that determines the output of the gate is an active signal, otherwise it is an inactive signal. In a nand gate, for example, if an input of a nand gate is 0 the output of the nand gate is 1 regardless of the other inputs. However, if an input of a nand gate is 1 the output of the nand gate is determined by the other inputs. Therefore, in case of a nand gate the input signal whose logic value is 0 is called an active signal and the input signal whose logic value 1 is called an inactive signal. Definition 6: The stuck-fault line is the line on which the stuck-fault occurs. Definition 7: The stuck-fault path are all the possible paths through which the fault can be propagated to every output line, and the remaining paths are called the faultfree paths. Lemma I: We determine the optimal testing sets as the collection of each testing set that makes each stuck-fault signal occurred in a fault-diagnosable circuit propagated to the outputs on the stuck-fault paths. Proofi If a single stuck-fault occurs in the fault-diagnosable circuit we determine the testing sets that make the faulty signal propagated to every output on the stuck-fault paths. The procedure of the method that the faulty signal is propagate to every output line on the stuck-fault paths is as follows: 1) By tracking back from every output line of the circuits to the stuck-fault line we find the stuck-fault paths. 2) We determine each testing set to make the signals on fault-free paths an inactive signal and make the signal on the stuck-fault paths an active signal. 3) In regard to all the possible stuck-faults in the fault-diagnosable circuits, we repeat the procedures 1 and 2 determine the testing set.

Therefore, we can generate the optimal testing sets that contain each testing set to make a faulty signal propagated to every output line on the stuck-fault paths. Lemma 2: Using the optimal testing sets, we protect the incorrect fault diagnosis resulting from fault masking and diagnose the circuits correctly. Proofi The most basic reason why the fault masking occurs is that the component receives the incorrect input, yet produces the output that would have been expected with the correct input [4]. Therefore, in order to protect the fault masking, the optimal testing sets need to contain at least one testing set that makes the possible faulty signal propagated to every output on the stuck-fault line. That is, using the DART system the set of suspect lists,

IEEE TRANSACTIONS ON NUCLEAR SCIENCE, VOL. 41, NO. 1, FEBRUARY 1994

314

TABLE I

S D , is given by n

SD =

n si,

i= 1

where n is the number of the optimal testing sets and Si is the suspect lislfyielded by tracking back from the discrepancy when the circuits are applied with the ith testing set to. Also using Corroboration [4] the set of the corroboration lists, C,, is given by n

cD=

n cj,

i= 1

where n is the number of the optimal testing sets and Ci is the suspect lists yielded by tracking back from the corroboration when the circuits are applied with the ith testing set to. Here, to overcome the problem of fault masking we determine the optimal testing sets that contain at least one testing set which makes, when the stuckfault occufs, a faulty signal propagated to very output on the stuck-fault paths. Because the faulty signal is propagated to every output on the stuck-fault paths, we solve the problem of fault masking and diagnose the circuits correctly. At last we determine the candidate lists, C K , given by CK = S D - CD. That is, the candidate lists are determined by rejecting the set of the corroboration lists from the set of the suspect lists. As an example, the procedure to generate the optimal testing sets is as follows: Consider a simple network, N (see Fig. 2f) Determine a testing set that tests the first input x of the G1 gate. Determine a testing set that tests the second input y of the G1 gate. Determine a testing set that tests the other input w that feeds the G2 gate to which the output of G1 is fed. Determine a testing set that tests the other input z that feeds the G3 gate to which the output of G1 is fed.

THE INPUT VECTORS OF THE OPTIMAL INPUT SETS FOR THE

4 - h CIRCUIT ~ ~ Input lead

Input vector

Input lead

Input vector

I1 I2 I3 T3 I4

011111001 101110101 110101101 110101101 101010100

T4 I8 I9 A1 A2

oooo11101 111111111 111111101 111111111 OOOOOOOO1

TABLE I1 THE INPUT VECTORS OF THE OPTIMAL INPUT SETS FOR THE

3 - 1 CIRCUIT ~ ~ Input lead

Input vector ~~

I12 I13 I14 I15

Input lead

Input vector

I16

111111 OOOOO1 111111

~

011100 101010 o00111 111110

A5 A6

y, of G1. When G2 is tested, the output of G1 that is the output of the testing input set (x’ = 101 and y’= 110) required for detection of the stuck fault of G1, must be propagated to the output of G2. If the output of G1 is propagated to the output of G2, the other input vector w’ is 111.Because the output vector of G1 is 011, the testing for stuck fault at the first input lead of G2 is performed only by the output of G1. To detect the stuck fault at the first input lead of G2, therefore, the other input vector G must be 1110. Similarly, we determine the input vector Z’ for testing the gate G3 to be 1110. Thus, we finally determine the optimal testing sets in which the input vectors G, x’, y, and z’are 1110, 1010, 1100, and 1110, respectively. With the similar method, we have derived the optimal testing sets for detection of stuck fault occurred in UV Card. The input vectors of the optimal input sets for the 4-input circuit and for the 3-input circuit are shown in Tables I and 11, respectively.

IV. RESULTS The results of the experiment show that the testing system locates the failed gate successfully. A result output of the fault diagnosis of the UV Card is shown in Fig. 3. We obtained a set of results which compares the testing The network is composed of three 2-input nand gates. times taken using the exhaustive testing sets and using the When the first input lead x is tested for stuck at 0, input optimal testing sets derived in this research (Tables I11 vectors x’,,y’ that are 1,1, respectively, are applied to G1. and IV). Tables I11 and IV shows the testing times of the Also, when the first input lead x is tested for stuck at 1, 4-input circuit and the 3-input circuit of UV Card, respecinput vectors 2,y’ that are 0,1, respectively, are applied to tively. For the fault types in Tables I11 and IV, we denote G1. That is, when input vectors x’ = 10, ,y’ = 11 are ap- the stuck-at-0 of the output line of gate gl by g1/0 and plied to G1, the stuck fault occurred at the first input lead the stuck-at-1 of the output line of gate 1 by gl/l. Each two testing times in Tables I11 and IV except for the case x is detected. Similarly, we determine the input vectors required for of fault-free are the testing times for the faults of the testing stuck fault at the second input lead y to be stuck-at-1 and stuck-at-0, respectively. From Tables I11 x’ = 11, = 10. Therefore, we can determine the minimal and IV, we confrimed the testing using optimal testing input sets in which input vectors x’, y’are 101,110, respec- input sets makes testing of the failed UV Card much tively. When these three testing sets are applied to G1, faster than that using the exhaustive testing sets. When G1 can be tested for stuck fault at the input leads, x and the 3-input circuit and the 4-input circuit are tested,

KIM AND SEONG NUCLEAR POWER PLANT DIGITAL ELECTRONIC CIRCUITS

315

TABLE I11 RESULTSOF THE DIAGNOSIS OF THE INPUT CIRCUIT IN THE uv CARD, USING THE OPTIMAL TESTING SETS AND THE EXHAUSTIVE TESTING SETS

Fault type Fault-free gl/l

g1/0

g2/1

@/O

g3/1

g3/0

g4/1

g4/0

g5/1 g6/1 g7/1 g8/1 g9/1

g10/1 gll/l g12/1 g13/1 g14/1 g15/1 g16/1

g5/0 g6/0 g7/0 g8/0 g9/0 g10/0 g11/0 g12/0 g13/0 g14/0 g15/0 g16/0

Optimal testing set output Testing times 6 [nand-l,nand-2, nanh3,nand-41 [nanhl,nand-2, n a n h 3 , nand-41 [nanhl,nand-2, n a n h 3 , nand-41 [nand-l,nand-2, nanh3,nand-4] [nanh5,nand-61 [nand-s, n a n h 6 1 [nanb-7,nand-11] hand-81 [nanh9,nand-l2] [nanhlO] [nand-7,nand-ll] [nanh9,nand-12] [nanh13] [nanh14] [nand-151 [nand-161

6.8

8.4

6.8

8.6

7.5

8.4

6.8

7.6

8.2 8.6 8.0 7.0 7.6 6.8 7.9 7.1 6.6 6.7 7.5 6.3

8.6 8.3 7.9 7.9 7.2 9.2 8.4 7.4 6.7 75 6.6 6.6

Exhaustive testing set output Testing times 698 [nand-1, nand-2, nand-3, nand-41 [ n a n h1, nand-2, nand-3,nand-4] [ n a n h l , nand-2, nand-3, n a n h 4 1 [nand-1, n a n h 2 , nanh3, nanh41 [nand-s, nand-61 [nand-s, nand-61 [nand-7, nand-111 [nanhB] [nand-9,nand-12] [nanhlO] [nanh7,nanh11] [nand-g, nand-121 [nanh13] [nand-14] [nand-IS] [nand-16]

702

821

717

823

732

823

703

823

859 859 683 725 737 606 613 613 606 607 606 607

859 701 751 941 770 628 662 612 606 606 606 606

TABLE IV

RESULTS OF THE DIAGNOSIS OF THE

FIRST3-INPm CIRCUIT IN THE w CARD, USING THE OPrIMAL TESTING SETS AND THE ~ U S T I V TESTING E SETS

(Time:sec) output Fault-free

Optimal testing set Testing times 2.4

-

[nand-21, nand-22, nand-231 [nanh21,nand-22, nand-231 [nand-21, n a n h 2 2 , nand-231 [nanh24] [nand-25, nanh301 [nand-26, nand-311 [nand-271 [nand-28] [nand-29] [nand-25, nand-301 [ n a n h f l , nanh261 [nanh32]

3.2

3.3

3.3

3.3

3.2

3.3

2.6 3.2 3.3 2.6 2.5 2.5 3.3 3.4 2.5

2.8 3.4 3.4 2.8 2.4 2.5 3.3 3.3 3.3

Tables I11 and IV shows that testing time using the optimal testing sets is shorter than that using exhaustive testing sets up to about 100 times. As the number of inputs of the system becomes larger, the benefit of using the optimal testing sets becomes larger. That is, the deterministic testing pattern generation approach becomes more powerful as the number of inputs of the system becomes larger. A disadvantage of using the optimal testing sets is that it takes a large time to generate the optimal input set. For testing many circuits of a kind, however, this disadvantage may be obscured. As shown in Tables I11 and IV we sometimes could not narrow down to a single candidate in some cases. Distinguishing among competing candidate lists needs gathering new information about the behavior of the device-prob-

Exhaustive testing set Output Testing times 50 [ n a n h 2 l , n a n h 22, nand231 [nand-21, n a n h 2 2 , n a n h 231 [nanh21,nand-22, nand-231 [nanh24] [ n a n h z , nand-301 [nanh26, nand-311 [nand-27] [nand-281 [nanh291 [nand-z, nand-301 [nanh31,nanh261 [nand-32]

59

52

50

52

59

52

49 51 51 52 52 52 58 60 55

63 55 59 56 56 56 62 62 64

ing. There are issues on determining the optimal probe point required for distinguishing among competing candidate lists. In order to select optimal probe point various approaches have been suggested [5], [11I. The approach suggested in [5] is the minimum entropy method, i.e., picking the optimal probe point to make next yield, on average, the minimum entropy. And the approach presented in [ll]is the labeling technique, i.e., selected the probe point that will yield the minimum testing sets required for diagnosis of the circuit. V. CONCLUSIONS AND FURTHERSTUDY We have derived the optimal testing sets to reduce the diagnosis time and have applied this optimal testing sets in the AFDS to test the UV Card of nuclear power plants.

IEEE TRANSACTIONS ON NUCLEAR SCIENCE, VOL. 41, NO. 1, FEBRUARY 1994

316

REFERENCES

7-run. DList : SList : [out-l,m-l,m-2,m-3, m-4,m-5,m-6] DList : 1 SList : [outl,m-l,m2,m-3, m-4.m-5.m-61 DList : 1 SList : [out-l,m-l,m-2,m-3, m-4,m-S,m-6] DList : U SList : [outl,m-l,m-2,m-3, m-4.m-5.m-61 DList : 1 SList : [outl,m-l,m-2,m-3, m-4,m-5,m-6] DList : 0 SList : [outl,m-l,m2,m-3, m-4~n-5m-61 DList : 1 SList : [out-l,m-l,m-2,m-3, m_4,m-S,m-6] DList : 1SList : [out-l,m-l,m-2,m-3, m-4,m-5,m-6] The 4-input circuit is fault-free +++++e

&&B

Ye

+I+++

Fig. 3. An example of the result of the fault diagnosis of the 4-input circuit of the UV card.

From the results of the experiment using the optimal testing sets and the exhaustive testing sets, we obtained the following conclusions: We first reconfirmed the AFDS with exhaustive testing input sets worked more efficiently and faster than the current testing practice used in existing NPPs. Both of the AFDS and the current testing practice are for off-line diagnosis. To reduce the diagnosis time further, our approach is to reduce the number of testing sets. We derived the optimal testing sets and applied the optimal testing sets in the AFDS to test the UV Card. The AFDS using the optimal testing sets enables one to test the failed UV Card even faster than that using the AFDS with the exhaustive testing sets. The deterministic testing pattern generation approach is very powerful when the number of inputs of the system is large. Since it takes a large time to generate the optimal input sets, however, we should devise a scheme that makes generation of the optimal testing sets easier. We, however, could not narrow down to a single candidate in some cases, although the failed component is always in the final candidate lists. We need to investigate these cases further.

[l] Arity Corporation, The Arity/Prolog Language Reference Manual, 1988. [2] S . K. Basu, J. C. Paul, and P. R. Bhattachajee, Complete Test-Set Generation for Bridging Faults in Combinational-Logic Circuits, Information Sciences, vol. 38, 257-269, 1986. [3] P. R. Bhattacharjee, S . K. Basu, and J. C. Paul, Translation of the Problem of Complete Test Set Generation to Pseudo-Boolean Programming, IEEE Trans. Comput., vol. 40, no. 7, pp. 66-79 July, 1991. [4] R. Davis and W. C. Hamscher, “Model-based reasoning: troubleshooting,” in. H. E. Shrobe, ed., Exploring Artificial Intelligence: Survey Talks from the National Conferences on Artificial Intelligence, San Mateo, CA. Morgan Kaufmann, 297-346, 1988. [SI J. de Kleer and B. C. Williams, Diagnosis with Behavioral Modes, Proc. IJCAI-89, Detroit, MI 1324-1440, 1989. [6] M. R. Garey and D. S . Johnson, Computers and Intractability guide to the Thzory of NP-Completeness,W. H. Freeman, 1979. [7] M. R. Genesereth, The Use of Design Descriptions in Automated Diagnosis, Artificial Intelligence, vol. 24, pp. 411-436, 1984. [8] P. Goel, Test Generation Costs Analysis and Projections, in Proc., 17th Design Automat. Conf., 79-84 June, 1980. [9] HongRoung Academic Corporation, 16 bit microprocessor, 1990. [lo] J. P. Hayes, On realization of Boolean functions requiring a minimal of near-minimal number of tests, IEEE Trans. Comput., vol. c-20, no. 12, pp. 1506-1513 Dec., 1971. [ll] J. P. Hayes, and D. A. Friedman, Test point Placement to Simplify Fault Detection, IEEE Trans. Comput., vol. c-23, no.7, pp. 727-735 July, 1974. [12] 0. H. Ibarra and S . K. Sahni, Polynomially complete fault detection problems, IEEE Trans. Comput., vol. c-24, no. 3, pp. 242-249 Mar., 1975. [13] D. S. Kim and P. H. Seong, A study on the development of an automatic fault diagnosis system for testing nuclear power plant digital electronic circuits, Annuls Nucl. Energy, vol. 20, no. 6, pp. 433-442, 1993. [14] Korea Electric Power Corporation Research Center, Tentbook of Nuclear Reactor Protection System, 1988. [15] J. E. McCluskey, Verification Testing-A Test Technique, IEEE Trans. Comput., vol. c-33, no. 6, pp. 541-546 June, 1984. [16] S . G. Papaioannou, “Optimal Test Generation in combinational Networks by Pseudo-booleanprogramming,” IEEE Trans. Comput., vol. c-26, no. 6, pp. 553-560 June, 1977. [17] J. P. Roth, W. G. Bouricius, and P. R. Schneider, “Programmed algorithm to compute tests to detect and distinguish faults in logic circuits,” IEEE Trans. Electr. Comp., vol. 16, 1987. [18] J. Savir, “Syndrome-Testable Design of Combinational Circuits,” IEEE Trans. Comput., vol. c-29, no. 6, pp. 442-451 June, 1980. [19] J. Savir, S . G. Ditlow, and H. P. Bardell, “Random pattem Testability,” IEEE Trans. Comput., vol. c-33, no. 1, pp. 79-90 Jan., 1984. [20] E. Shortliffe, Computer-Based Medical Consultation: MYCIN New York: American Elsevier, 1976. [21] G. M. Silberman and I. Spillinger, “Functional fault simulation as guide for biased-random test pattem generation,” IEEE Tram. Comput., vol. 40, no. 1, pp, 66-79, Jan., 1991.