Good Circuit Clauses

[OR]: (b) (x1+a+b’)(b+x’1)(b+a’) [NAND]: (c) (x’3+a’+c’)(a+c)(x3+c)[AND]: (d) (b’+c’+d)(b+d’)(c+d’)[XOR]: (a) (x2+x3+a’)(x2+x3’+a)(x2’+x3+a)(x2’+x3’+a’)

a

b

c

d

x1

x2x3

f

Faulty Circuit Clauses

Fan-out cone (all downstream nodes): [AND]: (bf’+c’+d)(bf+d’)(c+d’)

a

b

c

d

x1

x2x3

f

Active Clauses

1. Difference between good and faulty circuit:(b’a+b+ bf) (b’a+b’+ b’f)

2. Observability implication (ba => da):(b’a+ da)

a

b

c

d

x1

x2x3

f

Fault Location and Goal Clauses

Fault Location (node b is s-a-0): babb’f

Goal: da

a

b

c

d

x1

x2x3

f

Example SAT Formula

Good circuit (32 literals):(a + x)(b + x)(~x + ~a ~b)(~a + g)(~x + g)(~g + a + x)(x + z)(~x + ~z)(~z + h)(~y + h)(~h + z +y)(b + ~y)(c + ~y)(y +~b + ~c)

Faulty circuit (18 literals):(~a + gf)(~xf + gf)(~gf + a + xf)(xf + zf)(~xf + ~zf)(~zf + hf)(~yf + hf)(~hf + zf +yf)

Active clause (29 literals):(~xa + x +xf)(~xa + ~x + ~xf)(~za + z + zf)(~za + ~z + ~zf)(~ga + g + gf)(~ga + ~g + ~gf)(~ha + h + hf)(~ha + ~h + ~hf)(~xa + za + ga)(~za + ha)

Fault site (3 literals) & Goal (2 literals)(x)(~xf)(xa)(ga + ha)

aa

bb

cc hh

ggzz

yy

ss--aa--00xx

Search Strategies

Use a basic branch-and-bound approach

four basic parameters

solution areassolution areas

unidentified nonunidentified non--solution areassolution areas

identified nonidentified non--solution areassolution areas

1. initial assignment1. initial assignment

2. variable order2. variable order

3. Dynamic processing 3. Dynamic processing at each branch pointat each branch point

4. How long to search?4. How long to search?

Orthogonal Strategies

In theory, any complete algorithm will find a test for every fault, if one exists.In practice, we cannot afford to wait for the worst case.

Compromise: try several strategies in succession for a short time (backtrack limit)

improves average performanceincreases robustnesshas difficulty with “hard” redundancies

Two strategies which complement each other are called orthogonal

Static Variable Ordering

Larrabee’s heuristics (LSAT)Add clauses for structural heuristics (dominators, critical paths, etc.)static variable orderingthree search strategiesstatic non-local implications (after all faults have been tried without them)

No results reported without random patterns

Benchmark Networks

MCNC Test Generation BenchmarksFull scan assumed for sequential networks

Combinational networks

Network PI PO Gates FaultsC432 36 7 159 413C499 41 32 370 850C880 60 26 320 703C1355 41 32 506 1058C1908 33 25 441 1102C2670 233 140 734 1678C3540 50 22 961 2177C5315 178 123 1473 3798C6288 32 32 2384 4835C7552 207 108 2164 4901S1494 14 25 577 1220S5378 214 213 1149 2850S9234 247 250 2264 465S13207 700 790 3287 7068S15850 611 684 4057 8340S35932 1763 2048 12236 28222S38417 1664 1742 10232 21113S38584 1464 1730 11774 26008Total 121029

Larrabee’s Heurictics

With random tests (seconds | # aborts)

Without random tests(seconds | # aborts)

Ckt. LSAT SocratesC499 72 0 4.9 0C880 49 0 5.2 0C1355 99 0 13.9 0C1908 184 0 33.8 0C2670 479 0 57.5 0C3540 607 0 56.6 0C5315 464 0 31.3 0C6288 227 0 87.0 0C7552 2052 0 248.0 0

Ckt. LSAT SocratesC499 5240 3 29 0C880 1730 0 10 0C1355 9540 1 44 0C1908 31000 53 81 0C2670 8600 3 80 0C3540 110000 64 159 0C5315 56000 145 102 0C6288 980000 4506 139 0C7552 270000 197 418 0

Greedy Heuristics

Heuristics must be evaluated without using random testsStatic variable ordering is not effectiveDynamic ordering can require too much computation at each branch of the search

Solution: greedy, dynamic orderings. At each branch point, select:

1st literal in 1st unsatisfied clauselast literal in 1st unsatisfied clause1st literal in last unsatisfied clauselast literal in last unsatisfied clause

Results: improved performance and robustness

AlgorithmFor each uncaught fault:

extract CNF formulatry 4 greedy strategiesif all fail then

find static NLI (non local implications)repeat 4 strategies

endifif satisfied then

fault simulate test (to see what other faults are caught)else

flag possible redundant faultendif

Simple algorithm:no testability measuresno 5,9-valued algebrasno multiple backtracking

Standalone program TEGUS (also in sis 1.1, but slower)

Experiments

Theoretical worst case performance is same for all complete ATPG algorithmsHeuristics must be evaluated by experimentTo compare heuristics:

use the 10 ISCAS’85 benchmark networks and 8 larger ISCAS’89 networks (assuming full scan)Run on same model computer as other reported results with same optionsCompare CPU time (not backtracks)Try with and without random tests

TEGUS Base Results

Robust: 0 aborted faults in ISCAS’85/’89 networks without fault simulationEfficient: for 18 ISCAS networks

no fault simulation: 10 min. total CPU*75% extract, 25% SATwith random: 1 min. total CPU*55% extract, 20% fault sim, 15% SAT, 10% I/O10 MB peak memory

Simple: 3k lines of code300 to extract CNF formula800 for SAT package

**(DEC 3000/500)(DEC 3000/500)

Robustness

Available results with no fault simulation for ISCAS’85/’89 networks

Algorithms with backtrack limits are incompleteHeuristics which abort on fewer faults are more robust

Algorithm# of Circuits

Aborted Faults

Normalized CPU Time

CHE88 7 798 1.6CHN89 9 1208 2.2JAC89 8 693 6.6GIR90 10 0 16.0ABR90 6 408 30.0RAJ90 10 1268 24.0GIR91 10 0 12.0TEGUS 18 0 1.0

EfficiencyResults with random tests for ISCAS’85/’89 networks

See Tech Report UCB/ERL M92/112 or TCAD Sept. 96, Vol15, N0.9, 1167-1175Random tests mask effectiveness of deterministic algorithm

Algorithm# of Circuits

Aborted Faults

Normalized CPU Time

SIM89 6 0 30.0SCH89 10 0 1.7MIN89 9 16 22.0LAR89 10 0 31.0JAC89 10 0 6.8SCH90 18 0 36.0WAI90 18 0 1.0MAH90 15 0 9.4CHK91 1 0 2900.0GIR91 10 0 25.0MAT92 18 0 0.9TEGUS 18 0 1.0

SAT Conclusions

Hybrid test generation algorithm extracts CNF formula for structural faults, and applies generic SAT algorithm to generate a testGreedy, dynamic ordering heuristics are as efficient as best published results for structural algorithmsHeuristics must be carefully compared using real implementations and without random testsOther fault models and test restrictions can be accommodated without modifying the generic SAT solver

COEN 6521 VLSI TestingRedundant Faults

Zeljko Zilic

(Still in Ottawa)McGill University

zeljko@ece.mcgill.ca

Overview

Goal: test vector generationAlgorithmic BackgroundFault Injection Calculus – D CalculusATPG Algorithms

D-AlgorithmPODEMFANSOCRATES

Satisfiability-based test generationComparison and other alternatives

Irredundant Hardware and Test Patterns

Combinational ATPG suitable for finding redundant (unnecessary) hardware

Example: Fault Testa sa1, b sa0 A = 1a sa0, b sa1 A = 0

Test exist - above faults not redundant, hardware not redundant from testing standpoint

Redundancies and synthesisTransparent (helpful for synthesis in circuit minimization)

Redundancies in testingHarmful as causing redundant errors

Desirable to identify such errors in fault lists prior to running testing algorithms

Redundant Hardware and Simplification

Circuit simplification by removal of redundant hardware identified by ATPGExample: d s-a-0 redundant

Excitation condition d = 1 -> A = 1, B = 1Propagation condition B = 0 -contradiction with excitation condition

Redundant Fault q s-a-1

If redundant q: s-a-1 not present then f: s-a-0 tested by pattern: (A,B,C) = (1,0,0)When redundant q:s-a-1 present then f:s-a-0 becoming untestable

Propagation of f:s-a-0 blocked

Multiple Fault MaskingRedundant faults and fault masking

For multiple s-a-v faults if one of s-a-v faults redundant then can mask presence of other, otherwise testable faults

Example: f s-a-0 tested when fault q s-a-1 not there

Multiple Fault Masking, cont.

f s-a-0 masked when fault q s-a-1 also present

Hazard Elimination

Boolean function:OUT0 = A*B + A’*C

Non overlapping implicants:

A*B and A’*C

Redundant implicant B*C covering transition A: 0->1 (B,C = 1)

used to eliminate hazard at OUT0 Redundant fault e: s-a-0No impact on Boolean function

Masking of any testable fault using propagation path through e

Fault Cone and D-frontierFault Cone -- Set of hardware affected by faultD-frontier – Set of gates closest to POs with fault effect(s) at input(s)

Fault Cone

D-frontier

Algorithm 7.1Redundancy Removal

Repeat until there are no more redundant faults:{

Use ATPG to find all redundant faults;Remove all redundant faults with non-

overlapping fault cone areas;}

Redundancy Removal Algorithms

Moderate size circuitsRedundant hardware efficiently removed by standard synthesis tools like SYNOPSYS

Large circuitsToo complex for redundancy removal tools -need to be partitioned into sub-circuits of size feasible to handle by CAD

Redundant Hardware and Synthesis

Elimination of redundant hardware helpful in reducing of chip area, delay and power consumptionIn some cases redundancies unavoidable

Mapping of irredundant circuit to standard cell library

Example: reversible logic synthesis

Detecting Redundant GateReplacements in Verification by

Error Modeling

Katarzyna Radecka and Zeljko Zilic

McGill UniversityMontreal, Canada

10/04/01 V1.2

Our Goal

• Verification by testing methods

– Simulating test vectors

– Finding design errors

• Test vector generation

– Universal Test approach [VTS2000]

• Crucial issue: redundant faults

– Undetectable by simulation

Outline

• Verification by Error Modeling

• Error Model using Arithmetic Transform

• Redundancy removal – Approximate DCs

• Redundancy identification - Exact SAT

• Experiments, method comparison

Implementation Verification

• Formal Methods –equivalence and model check

– Binary Decision Diagrams (BDDs)• Exponential size for multipliers

– Word-level decision diagrams: BMDs, WLDDs…• Based on Arithmetic Transform (AT)

– SAT-based assertion checking

• Simulation-based verification

– Code coverage

– Testing for design errorrs – error modeling

Error Modeling

• Explicit Error Models: [Campenhout et al., 1998]

– Bus order, source and drive

– Gate and module replacement

– Stuck-at extensions: buses

• Implicit Error model

– Error: addition to correct circuit

– Reusable test vector generation scheme• Universal Testing (UTS) by Arithmetic Transform

Error Detection by Universal Test Set

• UTS – detecting all faults in class

– Class considered – small error addition

• Arithmetic Transform AT

– Linear: AT(f)=Tf

• Theorem: For t term error, at most

log t Boolean lattice of vectors needed to

uniquely reconstruct its AT

−=

−−

−

11

1 0

nn

nn TT

TT

Fault List Generation

• Many faults among gate replacements

• Problem: redundant faults– Accuracy of test vector coverage– Extensive simulation time

• Known solutions– Describing gate replacements by multiple

s-a-v [Al-Asaad and Hayes 1995]– Use of single s-a-v in representing a

subset of gate replacements [Abadir et al.1988]

Our Redundancy Identifications

• Redundant errors caused by don’t cares

• Continuum of approximate methods– Using don’t cares for proximity information

CODC Subset Approximation

Approx. by 1-Minterm Distance

Approx. by 1-CubeDistance

Exact

Using Don’t Cares

• Don’t care (DC) conditions:

– Controllability (CDC)

– Observability (ODC)

• Redundant Replacement of g with h:

• Problem: exact DC sets large, hard to obtain

– Use approximate DCs (subsets)

locallocal CarehCareg ∩=∩

DC Subsets – Use of CODCs

• DCs: large sets, represented by BDDs

– CDCs: image calculation of careset• Forward network traversal

– Satisfiability (SDC): dependencies at node

– ODC: Boolean difference between downstreamODCs, SDCs

• Backward network traversal

• Need for approximations - ODCs most demanding

– Compatible ODCs (CODCs): intersection ofdownstream ODCs only

Detection by DC Subsets

• Fault redundant if:

• Safe Approximation

– Some redundant faults undetected

– No redundant fault declared irredundant

approxapprox CarehCareg ∩=∩

DCs and Distance

hON ∩ Care

gON ∩ Care

DC

hON ∩ Care

gON ∩ Care

DC

hON

gON

Irredundant Error Redundant Error

Using DC – possible outcomes

Closer Approximations

• Proximity information between original and

replacement gate

– Already known from DC calculation

• Distance function:

• Example: Replacing OR with XOR

Point (1,1) in Care -> Irredundant

Point (1,1) in DC -> Redundant

))()((),( CarehCaregwhgd Care ∩⊕∩=

Testing by 3-SAT

• Conjunctive Normal Form (CNF) – prod. of clauses

– Example 3-CNF:

(x+y+z’)(w+x’+z)(y’+w’+z)

Solution: (x,*,*,z), (x’,y,z,*), (x,y’,w,*), (*,y,w,z),(*,y’,w,z’), (x’,*,w’,z’)

• Clauses for fault detection [Larrabee, 1992]

– Good Circuit: All nodes - correct operation

– Faulty Circuit: Fault fan-out cone

– Active: Fault activation conditions

– Goal: Observation conditions

Good Circuit Clauses

[OR]: (b) (x1+a+b’)(b+x’1)(b+a’)

[NAND]: (c) (x’3+a’+c’)(a+c)(x3+c)

[AND]: (d) (b’+c’+d)(b+d’)(c+d’)

[XOR]: (a) (x2+x3+a’)(x2+x3’+a)(x2’+x3+a)(x2’+x3’+a’)

a

b

c

d

x1x2x3

f

Faulty Circuit Clauses

Fan-out cone (all downstream nodes):

[AND]: (bf’+c’+d)(bf+d’)(c+d’)

a

b

c

x1x2x3

fd

Active, Location and Goal Clauses

1. Difference between good and faulty circuit:

(b’a+b+ bf) (b’a+b’+ b’f)

2. Observability implication (ba => da):

(b’a+ da)

3. Fault Location (node b is s-a-0): babb’f4. Goal: da

x1x2x3

a

b

cfd

Redundant Gate Detection by SAT

• Good, faulty and active clauses:unchanged

• Fault location clauses: different than s-a-v

• Focused on s-a-v extensions

– Well known redundancy identifications

• Additional clauses: approximations

– Based on distance, provided by DCs

– 1-Minterm approximation: faults of singlepolarity only

1-Cube Distance Approximation

• S-a-v identification conditions– 1-cube distance and monotonous

replacement

• Closer approximation than 1-Minterm

Algorithm:

1. Apply approximate DC identification

2. Investigate 1-distance replacements by

s-a-v restricted to differentiating single-cubeinputs

1-Cube SAT Clauses

• Added 1-clauses (single-cube fault location):

[OR->XOR Replacement]: x1a

• Other clauses unchanged

a

b

c

x1x2x3

fd

Exact SAT Identification

• Exact SAT Formulation feasible

• Identification of all redundant replacements

• Observation: Need to exercise inputs thatdifferentiate original vs. replaced gates

• Addition of clauses for gate/wirereplacement

– Forcing inputs differentiating gates

• Omission of clauses for s-a-v fault value

Exact SAT Clauses

• Replacing OR with XOR gate– Added Clause: OR ⊕ XOR = AND (x1’+a’+b)(x1+b’)(a+b’)

– Removed Clauses: (babb’f)

a

b

c

x1x2x3

fd

Experiments: Coverage Comparison

• Verification: single gate replacements (AND, OR, XOR, …)

• Test vectors: 4 top lattice layers

• Compared: All cases vs. worst-case replacements• Note: All redundancies detected by 1-Cube Approximation

Look-Ahead Adder

ALU

CLA Divider

Array Divider

Array Multiplier

CIRCUIT

24x24 96.889.098.38795.886.194.1

12x12 94.794.299.392.799.390.299.2

13x7 10010010096.398.690.285.8

13x7 10010010094.997.664.375.5

12x12 10010010010010092.094.8

SIZE No Red. Id. CODC-SDC CODC 1-CubeAll All AllM.d. M.d. M.d. M.d.

Experiments: Time vs. Coverage

• DC BDDs: Space-limited

• Approximations: 1-Cube close to exact

• SAT: Quick, preprocessing (with AT)– Failed test results reused for redundancy id.

C499

C1355

C1908

C6288

C880

CIRCUIT

01001.961001.814.464k

4.821005.61000.653381.2177k

4.3191.25.291.20.544541.544k

114.1100138.6--∞∞

0.2997.61.1797.60.85713.1730k

0.54

4.98

4.92

114.13

0.9

DC BDD 1-Cube Exact Pre-sim ExactSize Time Time TimeCov. Cov. Red. Total

Conclusions

• Verification by Error Modeling

• Techniques for redundant error removal

• Exact SAT formulation

• Combination of SAT and DC Approximations

– High coverage (> 95%)

– Small numbers of vectors

Simulations vs. Formal

• Simulations - Advantages

– Easy to understand and automate• Similar to s-a-v testing under fault model assumption

– Reuse of fast fault detection algorithms

– Saving space for (easily parallelizable) time• Graceful degradation

• Simulations - Disadvantages

– Less definite answers (without fault model) thanwith formal methods

Arithmetic Transform (AT)

• Boolean input, word-level output polynomials– Linear Transform: AT(f)=Tf

• Davio expansion:

to:

• Related to Reed-Muller (RM)– Polynomial (AT) vs. exponential (RM) for arithmetic

circuits

−=

−−

−

11

1 0

nn

nn TT

TT

f c x x xi i ii

iii

ini

nn

n= ∑∑∑−

−

−

===−L LL0 1 1

0

110

1 10

0

1

0

1

0

1

1 1

f = f | x = 0 + x * ( f | x = 1 – f | x = 0 )

Lattice Representation: Adder

AT(f) = (a0 +b0) + (a1 + b1) * 2

1000 0100 0010 0001

1010

0000

0110 0101

C1000=2 C0100=1 C0010=2 C0001=1

a1 a0 b1 b0

Layer 0

Layer 1

1100 1001 0011

101111011110 0111

1111

• Theorem: For t term error, at most

top layers of Boolean lattice of vectors

needed to uniquely reconstruct its

polynomial

• Sketch of Proof: Unique interpolation of t

term polynomial possible by

independent rows of sub-matrix of Tn

Error Size vs. Test Set Size in AT

1log2 +t

2t

Experimental Set-up

• Experiments– Assumption: fixed-

size error• Vectors: 4 top

lattice layers

– MCNC andarithmetic circuits