Letters tothe Editor

Clarifying statistical fault analysisA recent article in your magazine

("Statistical Fault Analysis," Design &Test Feb. 1985, p.38) presented an algo-rithm used to obtain approximate faultdetection probabilities, using exact con-trollabilities and approximate observabil-ities. The authors claim that their calcula-tion of the observabilities is in fact exact,apart from an arbitrary factor ae, whoseintroduction was necessary because of thepresence of fanout. They present equalitiesthat link the observabilities on the inputs ofa gate to the observability on the output ofthat gate, the controllabilities on both theinputs and the output, and to a so-calledpath sensitization probability.We would like to point out that these

equalities are unproven and some of themare, in fact, wrong. Consider, for exam-ple, the circuit shown in Figure 1. Thecontrollabilities CO and Cl, the path sen-sitization probability S and the observ-abilities BO and Bi, as defined by theauthors, are presented in Table 1. In mostcases, STAFAN produces the correct an-swers. However, the fault detection prob-abilities DI(c) and Dl(e) are incorrect.These discrepancies cannot be correctedusing a different value of a, because bothline c and line e are after the only fanout inthe circuit.STAFAN produces these incorrect re-

sults because it assumes that the observ-ability on the output of a gate is indepen-dent of the controllabilities and pathsensitization probabilities on the inputs ofthat gate. This is in general not true, andthe equations for the 0-observability on theinput of an AND gate or the l-observabil-ity on the input of an OR gate are incor-rect, as shown by the example. (Theequations for Bl on the input of an ANDgate and for BOon the input of an OR gateare in fact correct, although the proof isincomplete.) Notice that STAFAN can

produce both too large and too small afault detection probability. This shows

Figure 1. Example circuit.

Table 1.

Comparison of STAFAN and actual results.

STAFAN ACTUALline CO Cl S BO BI D1 DO Dl DOa 1 0 - 1 1 OK OK 1 0b 3/4 1/4 1/2 2/3 0 OK OK 1/2 0C 1/2 1/2 1/2 1/3 0 %6 OK 0 0d 1/2 Y/2 1/4 1/2 0 OK OK 1/4 0d' 1/2 1/2 1 0 1/2 OK OK 0 '1e 1/2 1/2 1/2 1/3 0 1/6 OK 1/4 0f 1/2 1/2 - 1/3 1/2 1/6 1/4 0 0

that it is not possible to transform the in-correct equalities into correct inequalities.STAFAN also treats fanouts incor-

rectly because the bounds presented by theauthors on the observabilities before afanout point are, in fact, not bounds. Forexample, STAFAN predicts exact valuesfor both B l(f) and BO(f) because the lowerand upper bounds, as proposed in thearticle, are equal. The resulting faultdetection probabilities are both too high.Other examples that produce too low afault detection probability on a fanoutline can also be produced. The reason theproposed bounds are, in fact, not boundsis that the fault effects may propagatealong both branches and cancel each otherat the reconvergence point. A betterchoice of ca will not help here either,

because a places the observability betweenthe proposed bounds and not beyondthem.

In conclusion, in the calculation offault detection probabilities, STAFANuses observabilities that are obtainedunder the incorrect assumption thatsignals are independent. The problem ofcorrectly calculating observabilities orbounds on the observabilities in thepresence of reconvergent fanout is notsolved by STAFAN.

Leendert M. HuismanVijay IyengarIBM T.J. Watson Research CenterPO Box 218Yorktown Heights, NY 10598

IEEE DESIGN & TEST6

Authors' replyThe primary aim of statistical fault

analysis is to estimate the fault coverageand to predict the detection of faults. Inaddition, the computational complexity ismuch lower than that of conventionalfault simulators. STAFAN is not attempt-ing to solve the problem of exactly calcul-ating the observabilities in the presence ofreconvergent fanout. STAFAN makescertain assumptions to reduce the amountof computation time. We would agreethat the inequalities for calculation ofobservabilities at fanout signals, as pre-sented in the paper, can produce er-

roneous results under certain conditions.However, the conditions which produceerroneous results seldom occur in thepractical circuits. STAFAN produces cor-rect results in most of the cases as alsonoted by Huisman and Iyengar. However,the example presented in their letter is notpractical. In the example, the output isalways at the logic state of 0.STAFAN produces some incorrect re-

sults because it assumes that the observ-abilities on the output of a gate are inde-pendent of the controllabilities and pathsensitization probabilities on the inputs of

the gate. This assumption is not alwaystrue. However, if this assumption is re-moved, then the exact observabilities willhave to be obtained by a more detailedanalysis of the reconvergent fanouts. Ingeneral, this analysis can be quite complexand can greatly increase the amount ofcomputation time. Hence, this detailedanalysis is not done for practical reasons.In addition, the overall fault detectionresults are only mildly affected by the ap-proximation.

Further, we will show the effect of re-convergent fanouts on the fault coverage

Figure 1. Functional block diagram of four-bit arithmetic logic unit (TI 74181). Output signals of gates in black havereconvergent fanout. (Courtesy Texas Instruments, Inc. May not represent current Texas Instruments technology.)

7August 1985

estimates. We would consider the sensi-tivity of fault coverage results with respectto fanout factor a. We will also consider amore practical example of a four-bit arith-metic logic unit (ALU) for the purpose ofillustration. The functional block diagramof the ALU is shown in Figure 1. Thegate-level implementation of the ALU(74181) was obtained from the Texas In-struments data book. (YTL Data BookFor Design Engineers, 2nd ed., Texas In-struments, Inc., Dallas, Tex., 1976, p.7-280.) The ALU logic consists of 14 in-puts, eight outputs, and 79 logic gates (anexclusive-OR gate is implemented withthree logic gates). Hence, there are 93 (14inputs and 79 gates) signals associatedwith the ALU. Among these, 34 signals(36.5 percent of total signals) have re-convergent fanout.

We will compare the STAFAN faultcoverage estimates with actual fault cov-erages for two different sets of vectors.Further, 'we will consider two differentvalues of the fanout factor ae (0.5 and 1.0)in the computation of observability offanout signals. Figure 2 shows the faultcoverages for the vector set (24 vectors)obtained from a D-algorithm-based testgenerator. When the value of a is 1.0,then the average difference between theSTAFAN estimate and the exact faultcoverage is 1.34 percent. However, whenthe value of a is decreased to 0.5, then theaverage difference between the STAFANestimate and the exact fault coverage be-comes 3.25 percent. Figure 3 shows thefault coverage for the vector set (100 vec-tors) obtained from a random vector gen-erator. When the value of a is 1.0, thenthe average difference between theSTAFAN estimate and the exact faultcoverage is 1.15 percent. The average dif-ference between the STAFAN estimateand the exact fault coverage increases to1.24 percent when the value of a decreasesto 0.5. Hence, the changes in STAFANfault coverage estimates are minor, withvariation in value of the factor a.

In conclusion, even though the observ-abilities which are calculated are not ex-act, the STAFAN fault coverage estimatesare very close to exact fault coverage. Inaddition, the fault coverage estimates areonly mildly affected by variation in thefactor a. Even though the calculation ofobservabilities in the presence of recon-vergent fanouts is not exact, the resultspredicted by STAFAN are useful for prac-tical circuits.

100

Fault90 simulation

80STAFAN(a=1.0)

70

60

50

0 4 8 12 16

Number of vectors

Figure 2. Fault coverages with deterministic vectors.

100 STAFAN

(a=0.5)STAFAN(a= 1.0)

90 Fa.ulti_

0

CD

Cu

U.. 80

70

simulation

STAFAN(a=0.5)

20 24

Sunil K. JainVishwani D. AgrawalAT&T Bell Laboratories600 Mountain AvenueMurray Hill, NJ 07974

0 10 20 30 40 50 60 70 80 90 100

Number of vectors

Figure 3. Fault coverage with random vectors.

IEEE DESIGN &TEST8