MIL- STD-883F 2004 TEST METHOD STANDARD MICROCIRCUITS - 第695页

MIL-STD-883F METHOD 5012.1 27 July 199 0 1 METHOD 5012.1 FAULT COVERAG E MEASUREMENT FOR DI GITAL MICROCI RCUITS 1. PURPOSE . This test pr ocedure s pecif ies the met hods by whi ch faul t coverage i s repor ted for a te…

MIL-STD-883F

METHOD 5011.4

31 October 1995

This page intentionally left blank

MIL-STD-883F

METHOD 5012.1

27 July 1990

METHOD 5012.1

FAULT COVERAGE MEASUREMENT FOR DIGITAL MICROCIRCUITS

1. PURPOSE

. This test procedure specifies the methods by which fault coverage is reported for a test program applied

to a microcircuit herein referred to as the device under test (DUT). This procedure describes requirements governing the

development of the logic model of the DUT, the assumed fault model and fault universe, fault classing, fault simulation, and

fault coverage reporting. This procedure provides a consistent means of reporting fault coverage regardless of the specific

logic and fault simulator used. Three procedures for fault simulation are described in this procedure: Full fault simulation

and two fault sampling procedures. The applicable acquisition document shall specify a minimum required level of fault

coverage and, optionally, specify the procedure to be used to determine the fault coverage. A fault simulation report shall be

provided that states the fault coverage obtained, as well as documenting assumptions, approximations, and procedures

used. Where any technique detailed in this procedure is inapplicable to some aspect of the logic model, or inconsistent with

the functionality of the available fault simulator and simulation postprocessing tools, it is sufficient that the user of this

procedure employ an equivalent or comparable technique and note the discrepancy in the fault simulation report.

Microcircuits may be tested by nontraditional methods of control or observation, such as power supply current monitoring or

the addition of test points that are available by means of special test modes. Fault coverage based on such techniques shall

be considered valid if substantiating analysis or references are provided in the fault simulation report.

1.1 Terms

. Terms and abbreviations not defined elsewhere in the text of this test procedure are defined in this section.

a. Automatic test equipment (ATE)

. The apparatus with which the actual DUT will be tested. ATE includes the

ability to apply a test vector sequence (see 1.1l).

b. Broadside application

. A method of applying a test vector sequence where input stimuli change only at the

beginning of a simulation cycle or ATE cycle and all changes on primary inputs of the DUT are assumed to be

simultaneous. Nonbroadside application occurs when test vectors are conditioned by additional timing information

such as delay (with respect to other primary inputs), return-to-zero, return-to-one, and surround-by- complement.

c. Detection

. An error at an observable primary output of a logic model caused by the existence of a logic fault. A

hard detection is where an observable output value in the fault-free logic model is distinctly different from the

corresponding output value in the faulty logic model. An example of a hard detection is where the fault-free logic

model's output value is 0 and the faulty logic model's output value is 1, or where the fault-free logic model's output

value is 1 and the faulty logic model's output value is 0. If the high-impedance state (Z) can be sensed by the

ATE, then a hard detection can involve the Z state as well. A potential detection is an error where the fault-free

output is 0 or 1 and the faulty output value is unknown (X), or Z if Z cannot be sensed by the ATE.

d. Established test algorithm

. An algorithm, procedure, or test vector sequence, that when applied to a logic

component or logic partition has a known fault coverage or test effectiveness. This fault coverage or test

effectiveness is denoted herein as the established fault coverage or established test effectiveness for the

established test algorithm. For example, an established test algorithm for a RAM may be a published memory

test algorithm, such as GALPAT, that has been shown by experience to detect essentially all RAM failures and

therefore is assessed an established test effectiveness of 100 percent. An ALU may be tested by means of a

precomputed test vector sequence for which fault coverage has been previously determined. More than one

established test algorithm may exist for a logic component or logic partition, each with a different established fault

coverage or test effectiveness.

MIL-STD-883F

METHOD 5012.1

27 July 1990

e. Failure hierarchy: Failure mechanism, physical failure, logical fault, error. The failure hierarchy relates physical

defects and their causes to fault simulators and observable effects. A failure mechanism is the actual cause of

physical failure; an example is electromigration of aluminum in a microcircuit. A physical failure (or simply failure)

is the actual physical defect caused by a failure mechanism; an example is an open metal line. A logical fault (or

simply fault) is a logical abstraction of the immediate effect of a failure; an example is "stuck- at-one" behavior of a

logic gate input in the presence of an open metal line. An error is a difference between the behavior of a fault-free

and faulty DUT at one or more observable primary outputs of the DUT.

f. Fault coverage

. For a logic model of a DUT, a fault universe for the logic model of the DUT, and a given test

vector sequence, fault coverage is the fraction obtained by dividing the number of faults contained in the fault

universe that are detected by the test vector sequence by the total number of faults contained in the fault

universe. Fault coverage is also stated as a percentage. In this test procedure, fault coverage is understood to be

based on the detectable fault equivalence classes (see 3.3). Rounding of fault coverage fractions or percentages

shall be "toward zero," not "to nearest." For example, if 9,499 faults are detected out of 10,000 faults simulated,

the fault coverage is 94.99 percent; if this value is to be rounded to two significant digits, the result shall be

reported as 94 percent, not 95 percent.

g. Logic line, node

. Logic lines are the connections between components in a logic model, through which logic

signals flow. Logic lines are the idealized "wires" in a logic model. A set of connected logic lines is a node.

h. Logic: Combinational and sequential

. Combinational digital logic contains only components that do not possess

memory, and in which there are no feedback paths. Sequential digital logic contains at least one component that

contains memory, or at least one feedback path, or both. For example, a flip-flop is a component that contains

memory, and cross-coupled logic gates introduce feedback paths.

i. Macro

. A logic modeling convention representing a model contained within another model. A macro boundary

does not necessarily imply the existence of a physical boundary in the logic model. A main model is a logic model

that is not contained within a larger model. Macros may be nested (that is, a macro may contain submacros).

j. Primary inputs, primary outputs

. Primary inputs to a logic model represent the logic lines of a DUT that are driven

by the ATE's drivers and thus are directly controllable test points. Primary outputs from a logic model represent

the logic lines of the DUT that are sensed by the ATE's comparators and thus are directly observable test points.

The inputs to the "main model" of the logic model of the DUT are the primary inputs, and the outputs from the

main model are the primary outputs. Internal nodes that can be driven or sensed by means of special test modes

shall be considered to be control or observation test points.

k. Test effectiveness

. A measure similar to fault coverage, but used in lieu of fault coverage in cases where physical

failures cannot be modeled accurately as logical faults. For example, many RAM and PLA failures cannot be

idealized conveniently in the same way as gate-level failures. However, established test algorithms may be used

to detect essentially all likely physical failures in such structures.

l. Test vector sequence

. The (ordered) sequence of stimuli (applied to a logic model of a DUT) or

stimulus/response values (applied to, and compared for, the actual DUT by the ATE).

m. Undetectable and detectable faults

. An undetectable fault is defined herein as a logical fault for which no test

vector sequence exists that can cause at least one hard detection or potential detection (see 1.1c). Otherwise

(that is, some test vector sequence exists that causes at least one hard detection, or potential detection, or both),

the fault is defined herein to be a detectable fault (see 3.3.3).