Efficient VLSI fault simulation

16 J.H. REIF to the inputs and so can be unraveled to form an acyclic network. (If required, the circuit can be made into a tree, by further cutting lines so all gates have fan-out _< 1.) The integrated circuit is thus modeled as an acyclic, Boolean circuit C. A Stuck-At (S-A) fault is a gate which is permanently set to a Boolean value b. In particular, a S-A-O (S-A-I) fault is where the gate is set to b = 0 (b = 1), respectively. The S-A is the most common fault type tested for, and of the most importance for currently used technologies such as nMOS. We will consider only the S-A fault type in this paper. Test generation is the problem of finding a set of test patterns, and (S-A) fault simulation is the problem of detecting those S-A faults which a given test pattern covers. Fault coverage is the problem of finding a set of test patterns which cover all possible S-A faults of the circuit. These problems--as our extensive references will indicate have been very thoroughly and extensively studied since the early 1960s up to the current time. In spite of considerable progress in the use of heuristic algorithms, many fundamental problems still remain, and become more difficult as the circuit size n of current VLSI continues to very quickly grow. 1.3. Previous Work in Test Generation In theory, finding a test vector which detects a given fault is NP complete [1]. S-A fault test generation is done in practice by a number of known heuristic methods including path sensitization [2-5], and the D-algorithm [6,7]. Goldberg & Leiberherr [8] have an ingenious algorithm for test pattern generation in the special case that the given Boolean circuit is a tree; in this case they reduce test pattern generation to a simple parity computation which can be done in linear time. Hence, their method for test pattern generation requires a total of O(n 2) time to generate test patterns for the 2n possible S-A faults. Another increasingly popular, and practically very efficient method for test generation is to simply generate a random set of test inputs using an efficient pseudorandom number generator. This was first suggested by Schnurmann etal. [9]. Various authors [9-14] have developed analytic methods for testing the effectiveness of random testing. In many cases, they show that a small number of random test patterns cover almost all 2n possible S-A faults, whereas the previously sighted deterministic methods may require a distinct test vector for each possible S-A fault. A large number of sufficiently random test patterns can be very easily generated by a feedback shift register circuit [15-17]. The response of the circuit tested can then be compressed by the signature methods of Carter [18,19]. I.$. Previous Work in Fault Simulation This paper is concerned with developing an efficient method for S-A fault simulation, i.e., to determine exactly all S-A faults which are covered by a given test pattern. All previously known methods [3,4,6,20-30] for S-A fault simulation of a general Boolean circuit of size n require cn ~ time for some constant c _> 1. This quadratic time bound is already very costly for moderate size LSI since if n >__104, then at least n 2 - 1010 steps required by these previous methods seems unfeasible even on the fastest known sequential machine. Recently, Abramovici etal. [30] give a linear time sequential algorithm for fault simulation of Boolean circuit trees. 1.5. Our Results In this paper, we restrict our attention primarily to the case where C is a circuit tree, i.e., it has fan-out 1. (However, in the last section, we describe how to extend our techniques to circuits with fan-out > 1.) We describe a method for constructing a circuit FS(C) (for "Fault Simulation") which simultaneously determines all detectable S-A faults for every gate of the circuit tree C. The circuit FS(C) has in the worst case _< ?n gates, (but in many cases, where C does not have a majority of v gates, FS(C) has only 6n gates). The VLSI area of FS(C) is only a small constant factor more than the VLSI area of C. The sequential execution time of our algorithm is just that used to evaluate FS(C), which is at most _< 7n steps. Even in applications such as VLSI with n = 105 gates, sequential execution of our algorithm takes only a fraction of a second on conventional machines. Furthermore, our algorithm is inherently parallel, since all that is required is evMuation Efficient VLSI fault dmulation 17 of the circuit FS(C). The parallel time for evaluation of C is its depth which is _< 3(d + 1), if C has depth d. The advantage of our method over that of Abramovici et al. [30] is that we explicitly construct a Boolean circuit for fault simulation, whereas theirs is a sequential method. Our method is also significantly different. The approach we use to solve the S-A fault simulation problem is to compute the Boolean differences (the mathematical theory of the Boolean difference is discussed in [31-33]) of the circuit output with respect to values computed by the circuit at each of its gates. This approach is discussed in [26,28,34-36], but was previously considered inefficient because of the apparently large amount of algebraic manipulation required. Baur and Strassen [37] gave an O(n) time straight line algorithm for all the partial derivatives of a polynomial over an infinite field computed by a straight line program of depth n, and Jerrum [38] gave a more combinatorial proof of this result. We use related techniques for the circuit construction of the Boolean differences over the field GF(2), to solve the S-A fault simulation problem. 1.6. A VLSI Chip for Fault Simulation and Coverage We show that if the original Boolean circuit tree C has VLSI area A, then the VLSI area required for our on-fault simulation circuits FS(C) is only a small constant factor more than A. (The constant factor depends on the VLSI technology used.) Note that because of the simplicity and locality properties of our rules for generating C' from C, this construction can easily be done automatically by known VLSI hardware designed layout tools (for example, those of Lieberherr et al. [39,40]) without any participation by the original designer of C. Our suggestion for the practical utilization of our results is as follows: Given an acyclic Boolean VLSI circuit C, we would construct "Fault Coverage" VLSI chip FC(C) which contains both our fault simulator FS(C) as well as a feedback shift register for generating pseudorandom test inputs. We do not need to output the S-A faults detected by FS(C) for each test pattern. Instead we keep two Boolean counters (initially 0) for each gate v of C, which indicates whether a S-A-0 or a S-A-1 fault at v has been covered by a previous test input. Given a new test input vector these counters can easily be updated by a single Boolean operation at the appropriate gate of FS(C). The new test pattern is output only if it covers at least one S-A fault not previously covered. We can then very quickly output from FC(C) a sequence of nonredundant test vectors until these test vectors cover all S-A faults. If it happens that not all S-A faults are covered after sampling a given number of psuedorandom test vectors, then FC(C) would indicate that C must be redesigned appropriately. However, as the above reference on the analysis of random testing indicates, a small number of random test vectors usually suffice to cover almost all S-A faults. 1.7. Fault Simulation of Circuits with Feedback Lines We generalize our results to a Boolean circuit S with feedback lines (i.e., S may have cycles). Suppose S has n gates and parallel computation time d. We can unravel S into an acyclic Boolean circuit tree C(S) with n(d + 1) gates and depth d. Thus, we can apply our previously described S-A fault simulation algorithm to C(S), yielding a fault simulation circuit FS(C(S)) of 7 n ( d + 1) gates and depth 3(d + 1). Suppose furthermore, S has VLSI area A using d layers. Then we can avoid actual construction of C(S) by repeatedly recomputing C when required. This idea yields a VLSI circuit (with feedback lines) for fault simulation with O(n) gates, O(A) area, O(t) degrees, and parallel time bound d 2. S is reversible if it can be made to run its computation both forward in time and in reverse (i.e., it can compute in constant time both its immediately previous state as well as its immediate suceeding state). Many common sequential circuits are naturally reversible in this sense, for example the Cooley-Tukey F F T circuit, and other convolution circuits, the Benes switching circuit, Batcher's sorting network, and the DES cryptographic standard. If S is reversible, we show how to construct a fault simulation circuit for detecting all S-A faults (with feedback lines) which has only small constant factors, more size, area, layers and parallel computation time than that of the original circuit S. 18 J.H. RglF 1.8. Organization of the Paper This paper is organized as follows. In Section 2 we formally define a Boolean circuit and the Boolean differences. In Section 3, we give our circuit construction for computing the Boolean differences and solving the S-A fault simulation problem for Boolean circuit trees. In Section 4, we prove the correctness of our Boolean differences circuit. In Section 5, we describe how we may extend these techniques to acyclic circuits with fan-out > 1. 2. P R E L I M I N A R Y D E F I N I T I O N S 2.1. The Boolean Difference Let f ( ~ ) be a Boolean function with indeterminates ~ = ( z l , . . . , Zr~). The Boolean difference of f ( ~ ) with respect to xi is df(~) - f ( x l , . . - , xi-1, O, x i , . . . , Xn) (~ f ( x l , - - - , xi-1, 1, X i + l , . . . , x , ) . dxi df(~) (That is, ~ is the exclusive of f ( ~ ) with xi set to 0, and of f ( ~ ) with xi set to 1.) We say f ( ~ ) is sensitive to xi if the value of f changes, depending on whether z~ is 0 or 1. Thus, df(~) _ 1 if and only if f(ff) is sensitive to z~. dxi 2.2. Boolean Circuits A Boolean circuit C is a triple (V, v0, E, L, ~, OP) where (i) V is a set of n gates (or nodes) with distinguished root Vo E V; (ii) E C_ V x V are directed edges which are assumed to contain no cycles; (iii) L is a vertex labeling from V to E U OP U {O, 1}; (iv) E = { x x , . . . , x,~} is the set of input variables; (v) OP = {-~, A, V, (~} are the usual Boolean operators. The fan-in (fan-out) of each v E V is the number of edges entering (departing from) v. For simplicity in our construction, we assume the maximum fan-in of any v E V is not more than 2. If L(v) E E U {0, 1}, then v is an input gate, and we require that v have in degree 0. We assume no two input gates are labelled with the same input variable. C is a tree if all its gates have fan-out at most 1. The depth d of circuit C is the length of the largest path in C. Since C is an acyclic digraph, C has a topological ordering < which is a total ordering such that V(u, v) E E, v < u. A topological ordering can be computed in linear sequential time on a unit cost RAM using a depth first search [41]. If C is a tree, then any postordering is a topological ordering. (See Figure 1 for an example of a Boolean circuit. Note that its gates are indexed in a topological order.) For each v E V, let C~ be the Boolean circuit identical to C except with root v. Given any input vector ~, let C~(~) be the Boolean function computed from gate v. Let C(ff) = C~o(ff) be the Boolean function computed by the circuit C from root v0. Note that C(~) can be sequentially evaluated in n steps using a traversal in reverse topological ordering of C. Alternately, C(~) can be evaluated in parallel in time d using n processors, where d is the depth of C. It will be frequently useful to modify the circuit C so that it computes a given Boolean function f(37) at a gate v E V rather than C~(~). This substitution operation C[v/f(~)] is formally defined as follows: (i) Let F be a Boolean circuit such that F ( y ) = f ( y ) ; (ii) Let (~ = C[v/f(y)] be the Boolean circuit derived by (a) taking the union of C and F, (b) deleting all edges of C entering v, and (c) merging the root of F with v, so the label of v is now the label of the root of F. Observe that Cv(x, Y) = f(37) as required. As a simple example, the substitution C = C[v/b], where b E {0, 1}, is the circuit derived from C by deleting all edges entering gate v and resetting the label of v to be b. If y is a variable, C[v/y] is similarly constructed, except the label of v is set to y. See Figure 2 for a simple example of the substitution operation. Efficient VLSI fault simulation 19 v0( Vl ( ^ ) v41 v 3 (x 2 ~ v2 v5 Figure 1. A Boolean circuittree C computing C(Xl,X2,x.~) -- (xl ^ x2)v-~x3. v01 v4 v1( ^ ) v2 v 3 fx2" ~ v5 Figure 2. Boolean circuit C = C[vs/l] derived from the circuit C of Figure 1 by introduction of a S-A-1 fault at gate us, so C (xl, x2, x3) = ((xl ^ x2) v -~1) = xl Ax2. ~.3. S-A Faults Let C be a Boolean circuit. Fix some gate v and Boolean value b E {0, i}. Observe t h a t by definition, C = C[v/b] is a circuit identical to C except it has a S-A- b fault at gate v. This S-A- b fau]t at gate v is detectable on input ~, if (~(~) ~ C(~). For each v E V, let z, be a new indeterminate variable distinct f r o m E. Observe t h a t - C[v/(z, ~ Cu)] is the circuit derived from C by substituting z~ ~ Cv in place of the subcirc u r Cu. T h e definition of Boolean difference implies dz, = z 20 J.H. RE1F if and only if (~(~,0)(~ C(~, 1) - 1 if and only if 0(~,z~) is sensitive to a change in z~. But clearly C(~, zu) is sensitive to a change in zv if and only if C(~) is sensitive to a change in C~ (~). Hence, we can let dC(~) denote dG'(~, z~) dz. dC(~) - - (~) = 1 if and only if C(~) is sensitive to a change in Cv (~). Hence, This definition implies dC~ (beC~(~))^ dC(~) dC~(~) 1 - if and only if b ¢ C~(:~) and C(~) is sensitive to a change in C~(~)) if and only if C(:~) ¢ C(~) where (~ - C[v/b]. Thus, we have dC( ) LEMMA 1. (b ~ C~(~)) A dC~(~-----)= 1 if and only if a S-A-b fault at gate v is detectable on input ~. 3. T H E C I R C U I T C O N S T R U C T I O N S 3.1. A Circuit for all Boolean Differences Fix a Boolean circuit tree C = (V, vo, E, L, E, OP). We construct a circuit C' = (V',v~, E', L', E, OP) from C as follows. C ~ contains C as a subcircuit. The vertex set V ~ of C ~ contains the original vertex set V, a distinguished new vertex s, and a distinguished new vertex v~ for each original vertex v E V, plus some additional nondistinguished new vertices. All these new vertices are distinct from those in V. The vertex s has constant label L(s) = 1 and an edge (s, v~) E E ~ from s to v~. The circuit construction now proceeds in topological order of C, using the rules R1-R5 given in Figure 3. The left portion of each rule is a subcircuit of C, and the right portion of each rule is the corresponding new subcircuit of C ~. See Figure 4 for an example of the construction using the rules R1-Rs. Note that the rules RI-R5 if applied to a gate v with fan-in 1, yields a new gate v~ with in degree 1 and label ~. In this case, the gate v ~ is to be collapsed into its unique predecessor. This operation is called a ~-gate collapse. (See Figure 5 for an example of a (~-gate collapse.) After applying ~-gate collapse wherever possible, the resulting circuit is denoted C ~. (See Figure 6.) It follows immediately from our construction that: LEMMA 2. C I has ~ 4n gates and depth <_ 3 d + 1, where n,d are the number of gates and depth of C, respectively. PROOF. The most costly rule in our construction is Rs, where 3 new gates are introduced and not collapsed. The additional depth is 2 for each original gate. This rule can he applied at most d times along each path, and a total of at most n times. | NOTE. In the case OP : {~,--,,A}, then, at most, 1 new Kate is introduced and not collapsed and the additional depth is only 1 for each original gate. In this case, the number of gates of C' is _ 2n, and the depth is <_ 2n + 1. (In practice, one can probably expect C' to have approximately 3n gates ff C has a significant proportion of gates that are not v-gates.) In Section 4, we prove: THEOREM I. For each gate v E V, C~,(:~) = dC(~) dC~(~) " Thus each gate v~ computes in C' the Boolean difference of C(ff) with respect to subcircuit Cv(~). (See Figures 6 and 8.) Efficient VLSI fault simulation 21 V t a2" Q V w. U I U > U U e W U W U I U W I W j w u U I W I W Figure 3. Rules for c o n s t r u c t i o n of C I f r o m C. 5.2. The VLSI Area of C' Let us assume a standard VLSI model such as described in [42]. A VLSI chip consists of a constant number of layers, where on each layer, the wires run along the edges of a square grid with unit length separation between grid points. Each grid point may contain a Boolean gate. Ullman [42] shows that any such VLSI chip with t layers can be redesigned to have only 2 layers, with only a factor of t 2 area increase. LEMMA 3. C' can be constructed within VLSI area ~_ 9A using _~ 2 (t -4- 1) layers, if C has a VLSI chip with area A using t layers. PROOF. We begin with the given VLSI chip for C and then add an additional t layers above the original ones. We also add an additional pair of horizontal and vertical grid lines between every previous pair of consecutive grid lines. In each application of the rules R1-P~, we place the new subcircuit associated with the distinguished new vertex v° on the l new layers immediately above the subcircuit associated with the original vertex v, using the new grid lines to do the required wiring and for placement of the additional circuit. It is easy to verify this wiring can be done within the required area. | J.H. R E w 22 ,% v4 , V1 v4 Figure 4. A circuit derived from circuit C of Figure 1 using rules R l - R s . .,. collapse " ,,, Q Figure 5. A collapse of gate v °, with fan-in 1 a n d label (~, into its predecessor u I. NOTE. The actual area increase for C' will depend somewhat on the VLSI technology utilized. However, it is clear that the area increase is a small constant, for the standard technologies such as nMOS and cMOS. 3.3. Construction of Our Fault Simulation Circuit Figure 7 gives a simple construction for building our fault simulation circuit FS(C) from the Boolean differences circuit C'. Note that thi~ construction is applied to each gate v E V, and results in 3n additional gates and an additional depth of 9. By Theorem 1, the resulting circuit Efficient VLSI fault simulation 23 | v0 vl~/ v, L~ v~ v~-~ v2 Figure 6. The circuit G' derived from circuit of Figure 4 after applying (]~-gate coltapscs. satisfies dC(~) and furthermore, FS(C)s.,.o(,)(~)= C~,(E) • C~,(E) = C.(~)• ddC(~) C.(~) - - " The following are then implied by Lemmas 1 and 2. V w V > S-A-1 (v) s - ~ - o (v) Figure 7. Construction d the fault simulation circuit FS(C) from C'. The gate S-A-b(v) indicates an S-A-b fault at sate v, for b E {0, I}. 24 J.H.R.mv vertex v computed value C~(~) Boolean difference C:,(~) = ~ S-A-1 fault S-A-O fault S-A-1 (v) S-A-O (v) =1 ^ =2 ^ =3 vl =1 ^ =2 =3 (-, (=1 ^ =2)) ^ =3 v2 =1 =2 A x 3 ( ' - , X l ) A =2 A x 3 X l A x2 A =3 v3 =1 A =3 =1 A ( - " = 3 ) A a:3 xj. ^ x2 A x3 V4 =2 "~X3 "~(Xl AX3) ('~(Xl A X2)) AX3 ( " ( = 1 AX2)) A'~X3 ,,~ =3 "~(=1 A=3) (-~(~i ^=2))^'~=3 (-,(=i A ~ ) ) ^=3 Figure 8. Boolean differences a n d S-A- b faults of circuit C given in Figure 1. THEOREM 2. Suppose we are given a Boolean circuit tree C with n gates, a depth of d, and VLSI area A using t layers. Then using the rules in Figures 3, 4 and 7, we can construct from C in linear time a Boolean circuit FS( C) consisting of< 7n gates and depth < 3(d+ 1), using VLSI area < 9A and 2 ( l + 1) layers. For each b G {0, 1}, gate v E V and input ~, FS(C)s.A_b(v)(~) = 1 (i.e., gate S-A-b(v) is evaluated to 1 by FS(C) on input ~) ff and only if a S-A-b fault in C at gate v is detectable on input ~. 3.4. Fault Simulation of VLS1 Circuits with Feedback We briefly describe here how our techniques for fault simulation can be extended to apply to some VLSI circuits S with feedback lines (i.e., S may have cycles). We note that S is input oblivious in the sense that the sequence of logical operations (but not necessarily the values computed by these operations) of its gates are independent of its given input ~. Let V be the set of gates of S. We assume the computation sequence of length d of S on input ~ can be modeled by a Boolean circuit tree C(S) of depth d such that the gates of C(S) are partitioned into disjoint levels Vo, V1,..., Vd. Intuitively, each level Vt corresponds to the logical operations executed at time t. More precisely, for each t = 0 , 1 , . . . ,d, we assume a 1-1 mapping rt from V to level Vt such that Vv G V, Cr,(v)(x) is the Boolean value computed at gate v by S at time t given an input vector :~. Thus, rt(v) evaluates to just the value computed by S at gate v of time t. We require that each edge entering a gate of level Vt depart only from a gate of level V~_1, and so the value of a gate at level Vt depends only on the values computed by gates at level Vt-1. We shall model faults in S simply by S-A-b faults in C(S). Suppose S has n gates. Then C(S) has n (d + 1) gates. A direct consequence of Theorem 2 is: COROLLARY 1. All S-A faults for S on input ~ can be determined by an acyclic Boolean circuit FS(C(S)) of___ 7 n ( d + 1) gates and depth < 3(d+ 1), and hence in < 7 n ( d + 1) sequential time. Note that the fault simulation circuit FS(C(S)) utilized just the values of gates at level Vt in reverse order t = d, d - 1 , . . . , 0. We can avoid construction of FS(C(S)) and instead construct a VLSI circuit with feedback lines which simulatively determines S-A faults of level Vt. To get the required values of the gates of level Vt we can simply reexecute S on the same input ~. Thus, (if we wish to avoid actually constructing FS(C(S)), we require by this method a total of d executions of S, each requiring parallel time d. Assuming S has VLSI area A using l layers, we get by this construction: COROLLARY 2. All S-A faults for S can be determined by a VLSI circuit (with feedback lines) of O(n) gates, O(A) area and O(t) layers, taking O(d 2) parallel time. We consider S to be reversible if after any execution of d parallel steps, a special reverse switch can be set so that on consecutive steps t = d + 1, d + 2 , . . . , 2d, the gates of S have the same value at time t as they previously did at time It - 2d - 11. As mentioned in the introduction, many switching, sorting and convolution circuits are both oblivious and reversible in this sense. Observe that if S is reversible, then S can compute the values of levels Vd, Va-1,. •., V0 in reverse order using d parallel steps. COROLLARY 3. If S is reversible, then all S-A faults can be determined by n VLSI circuit (with feedback lines) of O(n) gates, O(A) area, O(e) layers, and O(d) time. Efficient VLSIfault almulation 25 4. P R O O F OF T H E C O R R E C T N E S S OF O U R B O O L E A N D I F F E R E N C E S C I R C U I T In this section we prove Theorem 1. 4.1. Chain Rules for Boolean Differences We will use the following fundamental rules for manipulating Boolean differences. It can be easily proved from the definition of Boolean difference. PROPOSITION 1. (The Chain Rule) L<f(~,y) = fl(f~(x),Y), then df(~,y) dzi _ df~(f2(~),Y) A df2(~) df2 dzi The following propositions follow from the Chain Rule by use of elementary Boolean algebra identities and the definition of the Boolean difference. PROPOSITION 2. PROPOSITION 3. d(--,f(~)) dzi df(~) dxi d(ft(~) (B f2(x)) = dfl(~) ~ df2(~..~) dzi dzi dzi PROPOSITION 4. d(fl(~) ^ f,(~)) = f~(~) ^ df2(a) df~(~) ~h(~) df2(a) PROPOSITION 5. d(f~(~) V f2(,~)) = (_,f~(,~)) ^ df2(~) dry(a) af~(~) ^ df2(a) dzi ~ (B (-'f2(~)) A ~ (B dxi dzi 4.~. An Inductive Proof of Theorem 1 Fix a topological ordering < of the gates of circuit tree C. The proof of Theorem 1 will proceed by induction in this topological order < , beginning from the root gate v0. dC(~) = 1. Furthermore, For the basis of the induction, we observe that C~o(~) = C(~), so dC~o(~----~ the construction gives C~g(~) = 1, so we have C~g(~) = 1 dC(~) - dC~o(~)' as required. Now fix some gate u E V - {v0}. Let us make the inductive assumption that c ' , ( ~ ) = dC(~) dC~ ( ff) ' for all gates v E V strictly preceding u in the given topological order of C. Let (u, v) E E be the unique edge of C departing from gate u. By the induction hypothesis, c:,(~) = dC(,~) dC~(,~)" 26 J.H. P ~ w Define 1, C.(~), - 0,.(2), A.(~) = if L(v) E {",,(9}, if L(~) = V, if L(v) = A, where (u, v), (w, ~) e E are the edges entering gate v in C. By examining the rules Rx-Pqs, we observe that we have defined 0",(2) = 0:,(2) ^ ),.(2). We must now prove that dC(~) C.,(2) = dO.(9" Let us define H = C~[u/(zu (9 Cu)]. Recall by definition dCv(~___~)= dH(~, z.) = H(~, O) (9 H(~, 1) dC.(~) dz. gives the conditions where C.(~) (which is the subcircuit of C rooted at gate v) is sensitive to the value transmitted from gate u. LEMMA 4. dC.(~) A. (~) = dCu(2)" PROOF. This Lemma can he proved either by application of the Propositions 1-5, or directly by definition of the Boolean difference. We give here a complete direct proof. If L(v) = -% then C.(~) = --C.(~) and C.(2, z.) = --(zu (9 C.(~)) so H(~,0) (9 H(~, 1) = (-~C.(~)) (9 C.(x-')= 1 = A.(~), in this case. If L(v) = (9, then C.(~) = C.(~) (9 Cw(~) and H(2,zu) = (zu (9 Cu(~)) (9 C . ( ~ ) so H(~,0) (9 8(2, 1) = (C.(2) (9 C.(2)) (9 ((-~C.(~)) (9 C.(2)), = 1 - A,,(~), in this case. If L(v) - A, then Cv(2) - C.(2) A Cw(2) and H(2, zu) - (z. (9 C.(~)) A C w ( ~ so H(2,0) (9 H(2, 1) = (C.(~) A C,.(2)) (9 ((-,C.(~)) A C,,,(x-')), = c.(~) = ~,(~), in this case. If L(v) - V, then C~(2) - Cu(2) V Cw(2) and H(2, zu) - (zu (9 Cu(2)) V Cw(2) so H(2, 0) (9 H(2, 1) = (Cu(2) V Cw(2)) (9 ((-~Cu(2)) V C. (2)), = - c.(2) = A.(2), in this case. Thus, we have shown in each case dC,,(2) = 1-1(2, O) (9 H(2, 1) = Ae(~). dCu(2) | Efficient VLSI fault d m u l a t i o n 2T LEMMA 5. dC(~l) = 6,,,(2) A A, (~). dC~(2) PROOF. By the Chain Rule, dC(~) = ~d6'(~) ^ ~dO.(x-')= ~,(~) ^ ~.(~), _ _ dC,,(~) since by the induction hypothesis for v < u, dC(~ C',(2) = dCv(JY)' and by Lemrna 4, dC, (~) = A,,(~). dO,(2) | From Lemma 5, we immediately get dC(~) dC.(~) = C',(~) A A.(~) = C',(~), proving the induction step required for Theorem 1. 5. B O O L E A N D I F F E R E N C E S OF CIRCUITS W I T H F A N - O U T > 1 In this section, we describe how to extend our techniques to computing all the Boolean differences for a circuit C with fan-out > 1. Without loss of generality, we can assume C has fan-out _< 2 (since a transformation to fan-out < 2 requires only a size increase linear in the number of edges of C). We will fix C = (V, v0, E, L, E, OP) to be such a Boolean circuit. 5.1. Edge Sensitivity Let ~ be the circuit derived from C by replacing each edge (u, v) E E of C by a chain of two new edges (u, uv), (uv, v) where uv is a new (9 gate with fan-in 1 and fan-out 1 (see Figures 9 and 10). Note that e is logically equivalent to C since £uv(JY) - £~(JY) "- Cu(JY). Hence, by definition, d~.(~) dE[uv/(zuv~9eu,)] (~, zuv) d~(~) dz~ gives the conditions where C(~) is sensitive to the value computed across edge (u, v). (Observe dC(~) if u has fan-out > 1 in C.) that dgu¢(2---"~ d~(~Y) may differ from dCu(2) v0 vl C ) ) Figure 9. A Boolean circuit C computing C(ff) = (Zl A v-~) V -- z2. Note t h a t gate v4 has fan-out 2. J.H. REIF 28 v0 vI it V3Vl~ ~ v4vl v v3 Figure I0. The circuit£ derivedfrom C of Figure 9. 5.2. A Boolean Difference Circuit Construction for Fan-Out W e will construct our Boolean difference circuit C' as follows. C' will initiallycontain the circuit £. W e then apply in topological order of £ the rules RI-R5 of Figure 3 previously described in Section 3. W e also apply in this order a new rule Re, as given in Figure 11, to each gate u with fan-out 2. Let (u, vl), (u, v2) be the edges departing v. Before application of rule Re to gate u, since vl < u, we have already constructed a subcircuit of C' which computes dZ( ) / vl v2 \ ', - R6 U Figure 11. A rule Re for a gate u with departing edges (u,vl), ( u , ~ ) E E. Here vl' is the root o f a new s u b c i r c u i t / ~ computing "D(~) = ~ lde"', (~)j. The application of rule P~ to gate u requires that we recursively construct a subcircuit 7) that computes To complete the construction of C', we apply the (~-gate collapsing rule given in Figure 5 (see Figure 12). In the case there are many gates of fan-out 2, this constuction is obviously finite, but may be computationally inefficient (at least in comparison with our linear time construction in the case of fan-out 1), but it nevertheless is certainly much more efficient than the direct computation of Boolean differences by application of chain rules, which was the only previously known method. Efficient V L S I f a u l t s i m u l a t i o n 29 / I / v1 v3 F i g u r e 12. T h e B o o l e a n difference circuit C ' , w h i c h a t g a t e v4 c o m p u t e s CySt(:/) = dC(~) dc~, (~) = ( x l ^ " ( " (x2))) @ " ( z l ^ z2) ~ x l = "~ x l . T h e s u b s c r i p t / ) c o m p u t e s d [ dC( ) ] 5.3. Proof of our Boolean Difference Circuit with Fan-Out 2 We prove here the correctness of the Boolean difference circuit C' constructed in Section 5.2. THEOREM 3. For each gate v of C, = dC( ) PROOF BY INDUCTION. Fix a topological ordering < of the gates of C. As in Theorem 1, the proof of Theorem 3 will proceed by induction in this topological order <, beginning from the root gate v0. The basis of the induction is the same as in the proof of Theorem 1, where we have = 1 - dC( ) Now fix some gate u E V - {v0}. Let us make the inductive assumption that C~,(~) = dC(~) ' for all gates v E V strictly preceding u in the given topological order of C. Let (u, vl), (u, v2) E E be the edges of C departing from gate u. By the induction hypothesis, dC(~) C~l(ff)- dC,,(~)' for i - - 1,2. For i - 1, 2 define Av,(~)just as in the proof of Theorem 1. Av,(~) = 1, Cw(~Y), if L(vi) E {',,(9}, if L(vi) = V, "~Cw(~), if L(vi) = A, where (u, vi), (w, vi) E E are the edges entering gate vl in C. CA/4M 25:2-C J.H. RI~IF 30 By examining the rules R~-Re, we observe that where v(~) = d~..2(~) \d~.~,(~)}" We must now prove that C~,(~)-- dC(~) dCu(~)" For i = 1 , 2 let us define ~(') = ~,[u~/(z.~, (9 ~,)]. Recall by definition i -* gives the conditions where C~,(~) (which is the subcircuit of C rooted at gate vi) is sensitive to the value transmitted across the ith edge (u, vi) entering gate vi. LEMMA 6. For each i = 1,2, de.,(~) a ~ ' - dg.~,(~) " =~ PROOF. If L(vi) = -% then C~,(:~) = -~ C~(:~) and g( )(x, z,~,) = -~ (z~, (9 C~(g)) so £(i)(~,0 ) $ £(0(~, 1) = (-~C~(~)) (9 C.(~) = 1 = Av,(~), in this case. If L(vi) = (9, then Cv,(~) = Cu(:~) (9 Cw(~) and ~(0(:~, zuv,) = (zuv~ (9 C,,(~)) (9 C,.(~) so gC')(~,O) (9 gCO(~, 1) = (C~(~) (9 C~(g)) (9 ((--C~(~)) (9 C~(~)), = 1 = Av,(~), in this case. If L(vi) = A, Cv,(:~) = C.(:~) A Cw(~) and g(0(~, z,,v,) = (z,,v, (9 Ca(r)) A Cw(~) so c ( o ( g , o) (9 ~ ( o ( g , 1) = ( c . ( ~ ) ^ c ~ ( ~ ) ) (9 ((-~ c ~ ( ~ ) ) ^ c ~ (~)), = c ~ ( ~ ) = ~o,(~), in this case. If L(vi) = V, then C~,(ff) = Cu(ff)V Cw(ff) and £(i)(ff, z.v,) = (zuv, (9 Cu(~))V Cw(ff) so ~(,)(~. 0) (9 cc0(~. 1) = (c,(~) v = - c~(~) c~ (~)) (9 ((~ c~(~)) v c~(~)). = ~.,(~), in this case. Thus, we have shown in each case d~v,(:~) _ c(i)(:~,0) (9 C(i)(~, 1) = Av,(£) • de,~,(~) 1 Efficient VLSI fault dmulation 31 We will use a generalized chain rule for Boolean differences: PROPOSITION 6. //'f(:x)- fo(f1(:x),f2(:~)), then d/(~)d,, = [dY°(A . ~d_.. yy~(~)) l ( ~ )^ ld., - J ~ [[dY°(Yl(~)' Y"(~))dy~^ dY2(~) ld.,J (~ [ ( ~ 2 (d'f0('fi(x)"f2(x))~ d'fl Proposition 6 implies dC(~) d~(~) d~(~) ~ d (d£(~) ~.~,(~)) LEMMA 7. f o r i = 1,2. dCuv, (~) PROOF. By the Chain Rule and Lemma 6, since by the induction hypothesis for vi < u, C.': OZ) = d~'(,Z) dC.,(,~) Applying Lamina 7, we immediately get dC(~) d dgn (~) - (C~, (~) A )t,a (~)) (~ (C~, (~) A Zv, (~)) ~ ~ = (d£(~) ~,d~u,j, (~) ) ' c'.,(~), proving the induction step of Theorem 3. m REFERENCES 1. H. Fttjiwara and S. Toida, The complexity of fault detection problems for combinational logig circuits, IEEE Trans. Comput. C-31 (8), 555-560 (1982). 2. R.D. Eldred, Test routines based on symbolic logic statements, J. Ass. Compttt. Mack. 6 (1), 33--36 (1959). 3. D.B. Armstrong, On finding a nearly minimal set of fault detection tests for combinatorial nets, IEEE Trans. Electron. Comput.EC-15 (2), 63.-73 (1966). 4. H.Y. Chang, E.G. Manning and G. Metze, Fa,tlt Diagnosis of Digital Systems, Wiley Interacience, New York, (1970). 5. E.B. Eichelberger, Method of level sensitive testing a functional logic system, U.S. Patent 3761695, Sept. 25, 1973. 6. J.P. Roth, W.G. Bouricius and P.R. Schneider, Programmed algorithms to compute tests to detect and distinguish between failures in logic circuits, IEEE Trans. Electron. Comput. EC-16 (10), 567-580 (1967). 7. H. Fujiwara and T.S. Shimono, On the acceleration of test generation algorithms, IEEE Trans. Compst. C-32 (12), 1137-1143 (1983). 8. A.V. Goldberg and K.J. Lieberherr, Deterministic versus random pattern testability, Design Automation Comp. SCI. Lab., G.T.E. Labs., Walthaxn, MA (1985). 9. H.D. Schnurmann, E. Lindbloom and R.G. Carpenter, The weighted random test pattern generator, IEEE Trans. Comput. C-24,695-700 (1975). 10. J. Savin and P.H. Bondell, On random pattern test length, 1983 International Test Conference, pp. 95-106, (1983). II. J. Savin, G.S. Ditlow and P.H. Bondel], Random pattern testability, IEEE Trans. Comp~t. C-33 (I), 79-90 (1984). 32 J.H. REw 12. K.J. IAeberherr, Parameteri~d random testing, Dc*iln Astomation Comp. Sci. Lab., G.T.E. Labs., Waltham, MA, (1983). 13. G. Markowdty, Bounding signal probabllltes in combinational circuits, Technical Report, Dept. Comp. Sci., Univ. Maine, st Orono, 1984. 14. V.J. Lmq, Efficiency of random compact testing, IEEE Trans. Uomp*tt. O-2'? (6), 516-.525 (1978). 15. S.W. Gol0mb, Shift Re4ister Sequences, Holden-Day, San Francisco, CA, (1967). 16. Z. Barffiilai, D. Coppersmith and A.L. Rmenberg, Exhatmtion g-eneeation of bit patterns with &pplicntio~m to VLSI e~M-testing, IEEE Trans. Compst. C 4 2 (2), 190-194 (1983). i7. D.T. Tang, Logic test psttern generation using linear cycles, IEEE Tran,. Comp=t. 0 - 3 3 (9), 845-850 (1984). 18. J.L. Carter, The theory of signature testing for VLSI, IBM Wstmn R~earch Center, Yorktown Heights, NY, (1982). 19. W.C. Carter, Signature testing with guaranteed bounds for fault coverage, IEEE TeJt Comp., 75-82 (1982). 20. J.F. Poage, Derivation of optimum tests to detect fault- in combinational circuit-, In Mathematical Theory of A~tomation, Polytechnic Press, New York, (1963). 21. D.B. Armstrong, A deductive method for simulating faults in logic circuits, IEEE Trans. Compnt. C-21 (s), 404-471 (1972). 22. J.P. Roth, Diagno~s of automata failures: A calculus and s method, IBM J. Res. Develop. 10, 278-281 (1966). 23. E. Manning and H.Y. Chang, Functional technique for efficient digital fault dnndstion, IEEE Int. Gone. Digest 196 (1968). 24. H.Y.P. Chang, Comparison of parallel and deductive fault simulation, IEEE Trans. Comp~t. 0-23, 11321138 (1974). 25. M.A. Breuer, Functional partitioning and simulation of digital circuits, IEEE Trans. Compet. 0-19, 1038-1046 (1970). 26. A.D. Friedman and P.R. Menon, Fa=It Detection in Digital Cite=its, Prentice-Hall, Englewood Cliffs, N J, (1971). 27. E.G. Ulrich and T. Baker, Concurrent simulation of nearly identical digital networks, Computer 7 (4), 39-44 (1974). 28. E.I. Muelddoff and A.D. Savkar, LSI logic testing--An overview, IEEETC C-30, 1-17 (1981). 29. S.K. Jain and V.D. Agrawal, Stafan: An alternative to fault simulation, IEEE ~lst Design A*ttomation Conf., pp. 18-22, (1984). 30. M. Abramovici, P.R. Menon and D.T. Miller, Critical path tracing: An alternative to fault simulation, IEEE Desion end Test, 83--93, (February 1984). 31. A. Brown and H.W. Young, Algebraic logic network analysis, IBM Corp., Poughkeepsie, NY (NASA Contract NAS 12-689), IBM TR 0018 74, (1969). 32. A. Thayse and M. Davis, Boolean differential calculus and its application to switching theory, IEEE Trans. Comput. C-22, 409-420 (1973). 33. A. Thayse, Boolean C=Ic=l~s o/Di~crences, Monograph, Springer, Berlin, (1981). 34. E.I. Muelddorf, Theory of a switching calculus for the diagnosis of ninary logic, Elcktron. Rcchenanlagen 15,215-222 (1973). 35. E.F. Sellers, M.Y. Hsiao and L.W. Bearnson, Analyzing errors with the Boolean difference, IEEE Trans. Comp=t. 0-17,676--683 (1968). 36. C.T. Ku and G.M. Memon, The Boolean difference and multiple fanIt analysis, IEEE Trans. Compet. C-24, 691-695 (1975). 37. W. Baur and V. Strmmen, The complexity of partial derivations, Theoretical Computer Science 22,317-330 (1983). 38. V.M. Jerrum, personal communication, (1983). 39. K.J. Lieberherr, Standard hardware description language, Design Aetomation Comp. Sci. Lab., G.T.E. Labs., Waltham, MA, (1983). 40. S.M. German and K.J. Lieberherr, Zues: A language for expressing algorithms in hardware, Design A*ttomation Comp. Sci. Lab., G.T.E. Labs., Waltham, MA, (1984). 41. A.V. Aho, J.E. Hopcroft and J.D. Ullman, Design and Anallsis o/Computer Algorithms, Addison-Wealey, Reading, MA, (1974). 42. J.D. Ullman, CompvtationM Aspects of VLSI, Chapter 1, Computer Science Press, Rockville, MD, (1984).