good circuit clauses - mcgillzzilic/atpg05p3.pdfbenchmark networks mcnc test generation benchmarks...
TRANSCRIPT
Good Circuit Clauses
[OR]: (b) (x1+a+b’)(b+x’1)(b+a’) [NAND]: (c) (x’3+a’+c’)(a+c)(x3+c)[AND]: (d) (b’+c’+d)(b+d’)(c+d’)[XOR]: (a) (x2+x3+a’)(x2+x3’+a)(x2’+x3+a)(x2’+x3’+a’)
a
b
c
d
x1
x2x3
f
Faulty Circuit Clauses
Fan-out cone (all downstream nodes): [AND]: (bf’+c’+d)(bf+d’)(c+d’)
a
b
c
d
x1
x2x3
f
Active Clauses
1. Difference between good and faulty circuit:(b’a+b+ bf) (b’a+b’+ b’f)
2. Observability implication (ba => da):(b’a+ da)
a
b
c
d
x1
x2x3
f
Fault Location and Goal Clauses
Fault Location (node b is s-a-0): babb’f
Goal: da
a
b
c
d
x1
x2x3
f
Example SAT Formula
Good circuit (32 literals):(a + x)(b + x)(~x + ~a ~b)(~a + g)(~x + g)(~g + a + x)(x + z)(~x + ~z)(~z + h)(~y + h)(~h + z +y)(b + ~y)(c + ~y)(y +~b + ~c)
Faulty circuit (18 literals):(~a + gf)(~xf + gf)(~gf + a + xf)(xf + zf)(~xf + ~zf)(~zf + hf)(~yf + hf)(~hf + zf +yf)
Active clause (29 literals):(~xa + x +xf)(~xa + ~x + ~xf)(~za + z + zf)(~za + ~z + ~zf)(~ga + g + gf)(~ga + ~g + ~gf)(~ha + h + hf)(~ha + ~h + ~hf)(~xa + za + ga)(~za + ha)
Fault site (3 literals) & Goal (2 literals)(x)(~xf)(xa)(ga + ha)
aa
bb
cc hh
ggzz
yy
ss--aa--00xx
Search Strategies
Use a basic branch-and-bound approach
four basic parameters
solution areassolution areas
unidentified nonunidentified non--solution areassolution areas
identified nonidentified non--solution areassolution areas
1. initial assignment1. initial assignment
2. variable order2. variable order
3. Dynamic processing 3. Dynamic processing at each branch pointat each branch point
4. How long to search?4. How long to search?
Orthogonal Strategies
In theory, any complete algorithm will find a test for every fault, if one exists.In practice, we cannot afford to wait for the worst case.
Compromise: try several strategies in succession for a short time (backtrack limit)
improves average performanceincreases robustnesshas difficulty with “hard” redundancies
Two strategies which complement each other are called orthogonal
Static Variable Ordering
Larrabee’s heuristics (LSAT)Add clauses for structural heuristics (dominators, critical paths, etc.)static variable orderingthree search strategiesstatic non-local implications (after all faults have been tried without them)
No results reported without random patterns
Benchmark Networks
MCNC Test Generation BenchmarksFull scan assumed for sequential networks
Combinational networks
Network PI PO Gates FaultsC432 36 7 159 413C499 41 32 370 850C880 60 26 320 703C1355 41 32 506 1058C1908 33 25 441 1102C2670 233 140 734 1678C3540 50 22 961 2177C5315 178 123 1473 3798C6288 32 32 2384 4835C7552 207 108 2164 4901S1494 14 25 577 1220S5378 214 213 1149 2850S9234 247 250 2264 465S13207 700 790 3287 7068S15850 611 684 4057 8340S35932 1763 2048 12236 28222S38417 1664 1742 10232 21113S38584 1464 1730 11774 26008Total 121029
Larrabee’s Heurictics
With random tests (seconds | # aborts)
Without random tests(seconds | # aborts)
Ckt. LSAT SocratesC499 72 0 4.9 0C880 49 0 5.2 0C1355 99 0 13.9 0C1908 184 0 33.8 0C2670 479 0 57.5 0C3540 607 0 56.6 0C5315 464 0 31.3 0C6288 227 0 87.0 0C7552 2052 0 248.0 0
Ckt. LSAT SocratesC499 5240 3 29 0C880 1730 0 10 0C1355 9540 1 44 0C1908 31000 53 81 0C2670 8600 3 80 0C3540 110000 64 159 0C5315 56000 145 102 0C6288 980000 4506 139 0C7552 270000 197 418 0
Greedy Heuristics
Heuristics must be evaluated without using random testsStatic variable ordering is not effectiveDynamic ordering can require too much computation at each branch of the search
Solution: greedy, dynamic orderings. At each branch point, select:
1st literal in 1st unsatisfied clauselast literal in 1st unsatisfied clause1st literal in last unsatisfied clauselast literal in last unsatisfied clause
Results: improved performance and robustness
AlgorithmFor each uncaught fault:
extract CNF formulatry 4 greedy strategiesif all fail then
find static NLI (non local implications)repeat 4 strategies
endifif satisfied then
fault simulate test (to see what other faults are caught)else
flag possible redundant faultendif
Simple algorithm:no testability measuresno 5,9-valued algebrasno multiple backtracking
Standalone program TEGUS (also in sis 1.1, but slower)
Experiments
Theoretical worst case performance is same for all complete ATPG algorithmsHeuristics must be evaluated by experimentTo compare heuristics:
use the 10 ISCAS’85 benchmark networks and 8 larger ISCAS’89 networks (assuming full scan)Run on same model computer as other reported results with same optionsCompare CPU time (not backtracks)Try with and without random tests
TEGUS Base Results
Robust: 0 aborted faults in ISCAS’85/’89 networks without fault simulationEfficient: for 18 ISCAS networks
no fault simulation: 10 min. total CPU*75% extract, 25% SATwith random: 1 min. total CPU*55% extract, 20% fault sim, 15% SAT, 10% I/O10 MB peak memory
Simple: 3k lines of code300 to extract CNF formula800 for SAT package
**(DEC 3000/500)(DEC 3000/500)
Robustness
Available results with no fault simulation for ISCAS’85/’89 networks
Algorithms with backtrack limits are incompleteHeuristics which abort on fewer faults are more robust
Algorithm# of Circuits
Aborted Faults
Normalized CPU Time
CHE88 7 798 1.6CHN89 9 1208 2.2JAC89 8 693 6.6GIR90 10 0 16.0ABR90 6 408 30.0RAJ90 10 1268 24.0GIR91 10 0 12.0TEGUS 18 0 1.0
EfficiencyResults with random tests for ISCAS’85/’89 networks
See Tech Report UCB/ERL M92/112 or TCAD Sept. 96, Vol15, N0.9, 1167-1175Random tests mask effectiveness of deterministic algorithm
Algorithm# of Circuits
Aborted Faults
Normalized CPU Time
SIM89 6 0 30.0SCH89 10 0 1.7MIN89 9 16 22.0LAR89 10 0 31.0JAC89 10 0 6.8SCH90 18 0 36.0WAI90 18 0 1.0MAH90 15 0 9.4CHK91 1 0 2900.0GIR91 10 0 25.0MAT92 18 0 0.9TEGUS 18 0 1.0
SAT Conclusions
Hybrid test generation algorithm extracts CNF formula for structural faults, and applies generic SAT algorithm to generate a testGreedy, dynamic ordering heuristics are as efficient as best published results for structural algorithmsHeuristics must be carefully compared using real implementations and without random testsOther fault models and test restrictions can be accommodated without modifying the generic SAT solver
COEN 6521 VLSI TestingRedundant Faults
Zeljko Zilic
(Still in Ottawa)McGill University
Overview
Goal: test vector generationAlgorithmic BackgroundFault Injection Calculus – D CalculusATPG Algorithms
D-AlgorithmPODEMFANSOCRATES
Satisfiability-based test generationComparison and other alternatives
Irredundant Hardware and Test Patterns
Combinational ATPG suitable for finding redundant (unnecessary) hardware
Example: Fault Testa sa1, b sa0 A = 1a sa0, b sa1 A = 0
Test exist - above faults not redundant, hardware not redundant from testing standpoint
Redundancies and synthesisTransparent (helpful for synthesis in circuit minimization)
Redundancies in testingHarmful as causing redundant errors
Desirable to identify such errors in fault lists prior to running testing algorithms
Redundant Hardware and Simplification
Circuit simplification by removal of redundant hardware identified by ATPGExample: d s-a-0 redundant
Excitation condition d = 1 -> A = 1, B = 1Propagation condition B = 0 -contradiction with excitation condition
Redundant Fault q s-a-1
If redundant q: s-a-1 not present then f: s-a-0 tested by pattern: (A,B,C) = (1,0,0)When redundant q:s-a-1 present then f:s-a-0 becoming untestable
Propagation of f:s-a-0 blocked
Multiple Fault MaskingRedundant faults and fault masking
For multiple s-a-v faults if one of s-a-v faults redundant then can mask presence of other, otherwise testable faults
Example: f s-a-0 tested when fault q s-a-1 not there
Multiple Fault Masking, cont.
f s-a-0 masked when fault q s-a-1 also present
Hazard Elimination
Boolean function:OUT0 = A*B + A’*C
Non overlapping implicants:
A*B and A’*C
Redundant implicant B*C covering transition A: 0->1 (B,C = 1)
used to eliminate hazard at OUT0 Redundant fault e: s-a-0No impact on Boolean function
Masking of any testable fault using propagation path through e
Fault Cone and D-frontierFault Cone -- Set of hardware affected by faultD-frontier – Set of gates closest to POs with fault effect(s) at input(s)
Fault Cone
D-frontier
Algorithm 7.1Redundancy Removal
Repeat until there are no more redundant faults:{
Use ATPG to find all redundant faults;Remove all redundant faults with non-
overlapping fault cone areas;}
Redundancy Removal Algorithms
Moderate size circuitsRedundant hardware efficiently removed by standard synthesis tools like SYNOPSYS
Large circuitsToo complex for redundancy removal tools -need to be partitioned into sub-circuits of size feasible to handle by CAD
Redundant Hardware and Synthesis
Elimination of redundant hardware helpful in reducing of chip area, delay and power consumptionIn some cases redundancies unavoidable
Mapping of irredundant circuit to standard cell library
Example: reversible logic synthesis
Detecting Redundant GateReplacements in Verification by
Error Modeling
Katarzyna Radecka and Zeljko Zilic
McGill UniversityMontreal, Canada
10/04/01 V1.2
Our Goal
• Verification by testing methods
– Simulating test vectors
– Finding design errors
• Test vector generation
– Universal Test approach [VTS2000]
• Crucial issue: redundant faults
– Undetectable by simulation
Outline
• Verification by Error Modeling
• Error Model using Arithmetic Transform
• Redundancy removal – Approximate DCs
• Redundancy identification - Exact SAT
• Experiments, method comparison
Implementation Verification
• Formal Methods –equivalence and model check
– Binary Decision Diagrams (BDDs)• Exponential size for multipliers
– Word-level decision diagrams: BMDs, WLDDs…• Based on Arithmetic Transform (AT)
– SAT-based assertion checking
• Simulation-based verification
– Code coverage
– Testing for design errorrs – error modeling
Error Modeling
• Explicit Error Models: [Campenhout et al., 1998]
– Bus order, source and drive
– Gate and module replacement
– Stuck-at extensions: buses
• Implicit Error model
– Error: addition to correct circuit
– Reusable test vector generation scheme• Universal Testing (UTS) by Arithmetic Transform
Error Detection by Universal Test Set
• UTS – detecting all faults in class
– Class considered – small error addition
• Arithmetic Transform AT
– Linear: AT(f)=Tf
• Theorem: For t term error, at most
log t Boolean lattice of vectors needed to
uniquely reconstruct its AT
−=
−−
−
11
1 0
nn
nn TT
TT
Fault List Generation
• Many faults among gate replacements
• Problem: redundant faults– Accuracy of test vector coverage– Extensive simulation time
• Known solutions– Describing gate replacements by multiple
s-a-v [Al-Asaad and Hayes 1995]– Use of single s-a-v in representing a
subset of gate replacements [Abadir et al.1988]
Our Redundancy Identifications
• Redundant errors caused by don’t cares
• Continuum of approximate methods– Using don’t cares for proximity information
CODC Subset Approximation
Approx. by 1-Minterm Distance
Approx. by 1-CubeDistance
Exact
Using Don’t Cares
• Don’t care (DC) conditions:
– Controllability (CDC)
– Observability (ODC)
• Redundant Replacement of g with h:
• Problem: exact DC sets large, hard to obtain
– Use approximate DCs (subsets)
locallocal CarehCareg ∩=∩
DC Subsets – Use of CODCs
• DCs: large sets, represented by BDDs
– CDCs: image calculation of careset• Forward network traversal
– Satisfiability (SDC): dependencies at node
– ODC: Boolean difference between downstreamODCs, SDCs
• Backward network traversal
• Need for approximations - ODCs most demanding
– Compatible ODCs (CODCs): intersection ofdownstream ODCs only
Detection by DC Subsets
• Fault redundant if:
• Safe Approximation
– Some redundant faults undetected
– No redundant fault declared irredundant
approxapprox CarehCareg ∩=∩
DCs and Distance
hON ∩ Care
gON ∩ Care
DC
hON ∩ Care
gON ∩ Care
DC
hON
gON
Irredundant Error Redundant Error
Using DC – possible outcomes
Closer Approximations
• Proximity information between original and
replacement gate
– Already known from DC calculation
• Distance function:
• Example: Replacing OR with XOR
Point (1,1) in Care -> Irredundant
Point (1,1) in DC -> Redundant
))()((),( CarehCaregwhgd Care ∩⊕∩=
Testing by 3-SAT
• Conjunctive Normal Form (CNF) – prod. of clauses
– Example 3-CNF:
(x+y+z’)(w+x’+z)(y’+w’+z)
Solution: (x,*,*,z), (x’,y,z,*), (x,y’,w,*), (*,y,w,z),(*,y’,w,z’), (x’,*,w’,z’)
• Clauses for fault detection [Larrabee, 1992]
– Good Circuit: All nodes - correct operation
– Faulty Circuit: Fault fan-out cone
– Active: Fault activation conditions
– Goal: Observation conditions
Good Circuit Clauses
[OR]: (b) (x1+a+b’)(b+x’1)(b+a’)
[NAND]: (c) (x’3+a’+c’)(a+c)(x3+c)
[AND]: (d) (b’+c’+d)(b+d’)(c+d’)
[XOR]: (a) (x2+x3+a’)(x2+x3’+a)(x2’+x3+a)(x2’+x3’+a’)
a
b
c
d
x1x2x3
f
Faulty Circuit Clauses
Fan-out cone (all downstream nodes):
[AND]: (bf’+c’+d)(bf+d’)(c+d’)
a
b
c
x1x2x3
fd
Active, Location and Goal Clauses
1. Difference between good and faulty circuit:
(b’a+b+ bf) (b’a+b’+ b’f)
2. Observability implication (ba => da):
(b’a+ da)
3. Fault Location (node b is s-a-0): babb’f4. Goal: da
x1x2x3
a
b
cfd
Redundant Gate Detection by SAT
• Good, faulty and active clauses:unchanged
• Fault location clauses: different than s-a-v
• Focused on s-a-v extensions
– Well known redundancy identifications
• Additional clauses: approximations
– Based on distance, provided by DCs
– 1-Minterm approximation: faults of singlepolarity only
1-Cube Distance Approximation
• S-a-v identification conditions– 1-cube distance and monotonous
replacement
• Closer approximation than 1-Minterm
Algorithm:
1. Apply approximate DC identification
2. Investigate 1-distance replacements by
s-a-v restricted to differentiating single-cubeinputs
1-Cube SAT Clauses
• Added 1-clauses (single-cube fault location):
[OR->XOR Replacement]: x1a
• Other clauses unchanged
a
b
c
x1x2x3
fd
Exact SAT Identification
• Exact SAT Formulation feasible
• Identification of all redundant replacements
• Observation: Need to exercise inputs thatdifferentiate original vs. replaced gates
• Addition of clauses for gate/wirereplacement
– Forcing inputs differentiating gates
• Omission of clauses for s-a-v fault value
Exact SAT Clauses
• Replacing OR with XOR gate– Added Clause: OR ⊕ XOR = AND (x1’+a’+b)(x1+b’)(a+b’)
– Removed Clauses: (babb’f)
a
b
c
x1x2x3
fd
Experiments: Coverage Comparison
• Verification: single gate replacements (AND, OR, XOR, …)
• Test vectors: 4 top lattice layers
• Compared: All cases vs. worst-case replacements• Note: All redundancies detected by 1-Cube Approximation
Look-Ahead Adder
ALU
CLA Divider
Array Divider
Array Multiplier
CIRCUIT
24x24 96.889.098.38795.886.194.1
12x12 94.794.299.392.799.390.299.2
13x7 10010010096.398.690.285.8
13x7 10010010094.997.664.375.5
12x12 10010010010010092.094.8
SIZE No Red. Id. CODC-SDC CODC 1-CubeAll All AllM.d. M.d. M.d. M.d.
Experiments: Time vs. Coverage
• DC BDDs: Space-limited
• Approximations: 1-Cube close to exact
• SAT: Quick, preprocessing (with AT)– Failed test results reused for redundancy id.
C499
C1355
C1908
C6288
C880
CIRCUIT
01001.961001.814.464k
4.821005.61000.653381.2177k
4.3191.25.291.20.544541.544k
114.1100138.6--∞∞
0.2997.61.1797.60.85713.1730k
0.54
4.98
4.92
114.13
0.9
DC BDD 1-Cube Exact Pre-sim ExactSize Time Time TimeCov. Cov. Red. Total
Conclusions
• Verification by Error Modeling
• Techniques for redundant error removal
• Exact SAT formulation
• Combination of SAT and DC Approximations
– High coverage (> 95%)
– Small numbers of vectors
Simulations vs. Formal
• Simulations - Advantages
– Easy to understand and automate• Similar to s-a-v testing under fault model assumption
– Reuse of fast fault detection algorithms
– Saving space for (easily parallelizable) time• Graceful degradation
• Simulations - Disadvantages
– Less definite answers (without fault model) thanwith formal methods
Arithmetic Transform (AT)
• Boolean input, word-level output polynomials– Linear Transform: AT(f)=Tf
• Davio expansion:
to:
• Related to Reed-Muller (RM)– Polynomial (AT) vs. exponential (RM) for arithmetic
circuits
−=
−−
−
11
1 0
nn
nn TT
TT
f c x x xi i ii
iii
ini
nn
n= ∑∑∑−
−
−
===−L LL0 1 1
0
110
1 10
0
1
0
1
0
1
1 1
f = f | x = 0 + x * ( f | x = 1 – f | x = 0 )
Lattice Representation: Adder
AT(f) = (a0 +b0) + (a1 + b1) * 2
1000 0100 0010 0001
1010
0000
0110 0101
C1000=2 C0100=1 C0010=2 C0001=1
a1 a0 b1 b0
Layer 0
Layer 1
1100 1001 0011
101111011110 0111
1111
• Theorem: For t term error, at most
top layers of Boolean lattice of vectors
needed to uniquely reconstruct its
polynomial
• Sketch of Proof: Unique interpolation of t
term polynomial possible by
independent rows of sub-matrix of Tn
Error Size vs. Test Set Size in AT
1log2 +t
2t
Experimental Set-up
• Experiments– Assumption: fixed-
size error• Vectors: 4 top
lattice layers
– MCNC andarithmetic circuits