

# **Testing**

Goal: make sure manufactured system behaves as intended.

- During/after fabrication: fabrication testing
- After delivery to customer: field testing

BF - ES - 2 -

## **Testing embedded systems**

- Embedded/cyber-physical systems integrated into a physical environment may be safety-critical. As a result, expectations for the product quality are higher than for non-safety critical systems.
- Testing embedded/cyber-physical systems in their real environment may be dangerous.

BF-ES - 3-

# **Testing: Scope**

#### **Testing** includes

- the application of test patterns to the inputs of the device under test (DUT) and
- the observation of the results.

More precisely, testing requires the following steps:

- 1. test pattern generation,
- 2. test pattern application,
- 3. response observation, and
- 4. result comparison (okay, not okay, inconclusive).

BF - ES - 4 -

### **Test pattern generation**

Test pattern generation typically

- considers certain fault models and
- generates patterns that enable a distinction between the faulty and the fault-free case.
- Coverage criteria shed light on the likeliness of instances of the fault type slipping through

BF - ES

#### **Hardware Fault models**

Hardware fault models include:

- stuck-at fault model (net permanently connected to ground or V<sub>dd</sub>)
- stuck-open faults: for CMOS, open transistors can behave like memories
- delay faults: circuit is functionally correct, but the delay is not.



- · Break above results in a "memory-effect" in the behavior of the circuit
- With AB=10, there is not path from either VDD or VSS to the output
   Fretains the previous value for some undetermined discharge time

www.cedcc.psu.edu/ee497f /rassp\_43/sld022.htm

- 5 -

BF - ES

- 6 -

# Simple example



- Could we check for a stuck at one error at a (s-a-1(a)) ?
- Solution:
  - f='1' if there is an error
  - $\Rightarrow$  a='0', b='0' in order to have f='0' if there is no error
  - g='1' in order to propagate error
  - c='1' in order to have g='1' (or set d='1')
  - e='1' in order to propagate error
  - i='1' if there is no error & i='0' if there is

BF - ES - 7 -

# **Two Copies of the Circuit** Good circuit Alternatively, use a multi-valued algebra of signal values for both good and faulty circuits. Same input Circuit Faulty circuit Χ Χ 0 0/1 1 Copyright Agrawal & Bushnell BF - ES - 8 -

# Roth's 5-valued algebra (1966)

| Symbol | Alternative<br>Representation | Fault-free circuit | Faulty<br>Circuit |
|--------|-------------------------------|--------------------|-------------------|
| D      | 1/0                           | 1                  | 0                 |
| D      | 0/1                           | 0                  | 1                 |
| 0      | 0/0                           | 0                  | 0                 |
| 1      | 1/1                           | 1                  | 1                 |
| X      | X/X                           | X                  | X                 |

BF - ES

Copyright Agrawal & Bushnell

# **Function of NAND Gate**



| С       |    | Input a |   |   |   |   |  |
|---------|----|---------|---|---|---|---|--|
|         |    | 0       | 1 | X | D | D |  |
| Input b | 0  | 1       | 1 | 1 | 1 | 1 |  |
|         | 1  | 1       | 0 | × | D | カ |  |
|         | Х  | 1       | × | X | × | X |  |
|         | D  | 1       | D | X | D | 7 |  |
|         | ID | 1       | D | Χ | Λ | Ð |  |

BF - ES

Copyright Agrawal & Bushnell

- 10 -

- 9 -

### **D-Algorithm**

- Activate fault
  - Place a D or D at fault site
  - Do justification, forward implication, and consistency check for all signals
- D-Drive
  - Propagate D/D toward outputs
  - Do justification, forward implication, and consistency check for all signals
- Backtrack if
  - · A conflict occurs, or
  - · D-frontier becomes empty
- Stop when
  - D or D at an output, i.e., test found, or
  - If search exhausted without a test, then no test possible

- 11 -

BF - ES Copyright Agrawal & Bushnell

## **D-Algorithm**

- Justification: Changing inputs of a gate if the present input values do not justify the output value.
- Forward implication: Determination of the gate output value (presently X) according to the input values.
- Consistency check: Verifying that the gate output is justifiable from the values of inputs, which may have changed since the output was determined.
- **D-frontier:** Set of gates whose inputs have a D or  $\overline{D}$ , and the output is X.

BF - ES Copyright Agrawal & Bushnell - 12 -

#### **Singular Cover**

- A singular cover defines the least restrictive inputs for a deterministic output value.
- Used for:
  - · Justification: determine gate inputs for specified output.
  - · Forward implication: determine gate output.



Examples:

 $XX0 \cap 110 = 110$  $0XX \cap 0X1 = 0X1$ 

| Singular<br>covers | а | b | С |
|--------------------|---|---|---|
| SC-1               | 0 | Х | 1 |
| SC-2               | Х | 0 | 1 |
| SC-3               | 1 | 1 | 0 |

BF - ES

Copyright Agrawal & Bushnell

- 13 -

#### **D-Cubes**

- D-cubes are singular covers with five-valued signals
- Used for D-drive (propagation of D/D̄ through gates)



Examples:

 $XDX \cap 1D\overline{D} = 1D\overline{D}$   $0DX \cap 0D1 = 0D1$  $D\overline{D}X \cap D\overline{D}1 = D\overline{D}1$  D-cube а b С D-1 D 1 D D D-2 1 D Б 1 D D-3 D D-4 1 D D D D-5 D D-6 D D D D-7 D 0 1 D-8 0 D 1 D-9 D D 1 D-10 D 1

Copyright Agrawal & Bushnell

BF - ES

- 14 -





=) 
$$\frac{STOP}{Tat}$$
 tent found  
 $Tat: (a_1b) = (o_1A), t=1$ 

## **Complexity of D-Algorithm**

- Signal values on all lines (inputs and internal lines) are manipulated using 5-valued algebra.
- Worst-case combinations of signals that may be tried is 5#lines
  - For XOR circuit,  $5^{12} = 244,140,625$ .
- Podem: A reduced-complexity ATPG algorithm
  - · Recognizes that internal signals depend on inputs.
  - Only inputs are independent variables and should be manipulated.
  - Because faults are internal, an input can assume only 3 values (0, 1, X).
  - Worst-case combinations =  $3^{\#Pl}$ ; for XOR circuit,  $3^2 = 8$ .

BF - ES - 19 -

## Fault coverage

A certain set of test patterns will not always detect all faults that are possible within a fault model

coverage = Number of detectable faults for a given test pattern set

Number of faults possible due to the fault model

For actual designs, the coverage should be at least in the order of 98 to 99%

BF - ES - 20 -

10

#### **Fault simulation**

- Coverage can be computed with fault simulation:
- ∀ faults ∈ fault model: check if distinction between faulty and the fault-free case can be made:

```
Simulate fault-free system;
  ∀ faults ∈ fault model DO
  ∀ test patterns DO
    Simulate faulty system;
    Can the fault be observed for ≥1 pattern?
Faults are called redundant if they do not affect the observable behavior of the system
```

 Fault simulation checks whether mechanisms for improving fault tolerance actually help.

BF - ES - 21 -





# **Vector Compaction**

- Objective: Reduce the size of test vector set without reducing fault coverage.
- Simulate faults with test vectors in reverse order of generation
  - · ATPG patterns go first
  - Randomly-generated patterns go last (because they may have less coverage)
  - When coverage reaches 100% (or the original maximum value), drop remaining patterns
- Significantly shortens test sequence ⇒ testing cost reduction.

BF - ES Copyright Agrawal & Bushnell

- 24 -

### Finding other detected faults by the generated test

- Determine good circuit signal values.
- For each fault
  - Place a D or  $\overline{D}$  at the fault site
  - Perform forward implication and D-drive
  - Fault is detected if any output assumes a D or D value

BF - ES - 25 -

# Example: Detect c2 sa0 with Test(0,1)?



BF - ES - 26 -





## **Static and Dynamic Compaction of Sequences**

#### Static compaction

- · ATPG should leave unassigned inputs as X
- Two patterns compatible if no conflicting values for any
- Combine two tests  $t_a$  and  $t_b$  into one test  $t_{ab} = t_a \cap t_b$  using
- Detects union of faults detected by t<sub>a</sub> and t<sub>b</sub>

#### Dynamic compaction

- · Process every partially-done ATPG vector immediately
- · Assign 0 or 1 to inputs to test additional faults

BF - ES

Copyright Agrawal & Bushnell

- 29 -

- 30 -

# **Example**

$$t_1 = 0.1 \text{ X}$$
  $t_2 = 0 \text{ X} 1$   
 $t_3 = 0 \text{ X} 0$   $t_4 = \text{ X} 0.1$ 

$$t_{3} = 0 \times 0$$

$$t_2 = 0 X 1$$

$$t_4 = X \ 0 \ 1$$

BF - ES

### **Fault Injection**

BF - ES

Fault injection

- Fault simulation may be too time-consuming
- If real systems are available, faults can be injected.
- Two types of fault injection:
- 1. local faults within the system, and
- faults in the environment (behaviors which do not correspond to the specification).
   For example, we can check how the system behaves if it is operated outside the specified temperature or radiation ranges.

BF - ES

- 32 -

- 31 -

#### **Fault injection**

- Intentional activation of faults by HW or/and SW means
  - Establish faults in a predictable and reproducible way
  - Trigger error-handling routines
- Two purposes:
  - Testing and Debugging
    - During normal operation faults are rare events
    - May be much too rare to achieve meaningful data from std. testing
  - Dependability Forecasting
    - Used for deriving data about the likely dependability of the system
    - Need to know the types and frequencies of different faults in the intended operational environment

BF - ES - 33 -

## **Software Fault Injection**

- Errors are seeded into memory by software
  - Mimic errors originating in hardware faults by software
  - Either randomly or in specific location to provoke specific faultmanagement routine
- Advantages over physical fault injection include
  - Predictability and reproducibility: fault injection is independent of uncontrollable or statistical effects
  - Reachability of inner registers in VLSI chips
  - Simplicity of experiments: can be carried out with software tools
- Coverage similar to physical fault injection, if well-done
  - Statistical data gathered from physical injection experiments can be used to trim software fault injection

BF - ES - 34 -

# Typical forms of SW fault injection

- Random bit flips in memory
  - Simulates adverse operational conditions corrupting memory
- Boolean masking of words written to (some) memory
- Discard some message(s)
  - Simulates imperfect communication media
- Adding messages
  - Simulates presence of a babbling idiot
  - Checks consequences of certain fault tolerance mechanisms (resend...) if used when transient fault condition was no longer present (very hard to test by HW fault injection)
- Delaying messages / result delivery
- ...and many more

BF - ES - 35 -

# **Model-based testing**

BF - ES - 36 -









# **Design for testability**

BF - ES

- 41 -

# **Testing finite state machines**

Difficult to check states and transitions.



For example, verifying the transition from state 2 to 3 requires

- Getting into state 2
- Application of A
- Check if output is f
- Check if we have actually reached 3

Can be simplified by "design for testability" → Scan design

BF - ES

- 42 -





# JTAG (Boundary scan)

■JTAG / IEEE 1149.1 defines a 4-5 wire serial interface to access complex ICs. Any compatible IC contains shift registers + an FSM to execute the JTAG functions.

**TDI:** test data in; goes into instruction register or into one of the data registers.

TDO: test data out

TCK: clock

TMS: controls the state of the test

access port (TAP).

Optional **TRST**\* is reset signal.



IEEE 1149.1 Device Architecture Source: http://www.jtag. com/brochure.php

BF - ES - 45 -

# Limitations of a single serial scan chain

- For chips with a large number of flip-flops, serial shifts can take a quite long time.
- Hence, it becomes necessary to provide several scan chains.
  - Trying to avoid serial shifts by generating test patterns internally and by also storing the results internally.
  - Compaction of circuit response in a signature. Shifting the entire result out becomes obsolete, we just shift out the signature.

BF - ES - 46 -

## Signature analysis

- Response of circuit to sequence of test patterns compacted in a signature. Only this signature is compared to the golden reference.
- In order to exploit an *n*-bit signature register as well as possible, we try to use all possible values.
- In practice, we use shift-registers with linear feedback:



Using proper feedback bits, all possible values for the register can be generated.

BF - ES

- 47 -

