MIL- STD-883F 2004 TEST METHOD STANDARD MICROCIRCUITS - 第696页

MIL-STD-883F METHOD 5012.1 27 July 199 0 2 e. Fail ure hier archy: Failur e mechanis m, phys ical failure, logic al fault , err or . The fail ure hier arc hy relates physic al defect s and thei r caus es to faul t simul …

MIL-STD-883F

METHOD 5012.1

27 July 1990

METHOD 5012.1

FAULT COVERAGE MEASUREMENT FOR DIGITAL MICROCIRCUITS

1. PURPOSE

. This test procedure specifies the methods by which fault coverage is reported for a test program applied

to a microcircuit herein referred to as the device under test (DUT). This procedure describes requirements governing the

development of the logic model of the DUT, the assumed fault model and fault universe, fault classing, fault simulation, and

fault coverage reporting. This procedure provides a consistent means of reporting fault coverage regardless of the specific

logic and fault simulator used. Three procedures for fault simulation are described in this procedure: Full fault simulation

and two fault sampling procedures. The applicable acquisition document shall specify a minimum required level of fault

coverage and, optionally, specify the procedure to be used to determine the fault coverage. A fault simulation report shall be

provided that states the fault coverage obtained, as well as documenting assumptions, approximations, and procedures

used. Where any technique detailed in this procedure is inapplicable to some aspect of the logic model, or inconsistent with

the functionality of the available fault simulator and simulation postprocessing tools, it is sufficient that the user of this

procedure employ an equivalent or comparable technique and note the discrepancy in the fault simulation report.

Microcircuits may be tested by nontraditional methods of control or observation, such as power supply current monitoring or

the addition of test points that are available by means of special test modes. Fault coverage based on such techniques shall

be considered valid if substantiating analysis or references are provided in the fault simulation report.

1.1 Terms

. Terms and abbreviations not defined elsewhere in the text of this test procedure are defined in this section.

a. Automatic test equipment (ATE)

. The apparatus with which the actual DUT will be tested. ATE includes the

ability to apply a test vector sequence (see 1.1l).

b. Broadside application

. A method of applying a test vector sequence where input stimuli change only at the

beginning of a simulation cycle or ATE cycle and all changes on primary inputs of the DUT are assumed to be

simultaneous. Nonbroadside application occurs when test vectors are conditioned by additional timing information

such as delay (with respect to other primary inputs), return-to-zero, return-to-one, and surround-by- complement.

c. Detection

. An error at an observable primary output of a logic model caused by the existence of a logic fault. A

hard detection is where an observable output value in the fault-free logic model is distinctly different from the

corresponding output value in the faulty logic model. An example of a hard detection is where the fault-free logic

model's output value is 0 and the faulty logic model's output value is 1, or where the fault-free logic model's output

value is 1 and the faulty logic model's output value is 0. If the high-impedance state (Z) can be sensed by the

ATE, then a hard detection can involve the Z state as well. A potential detection is an error where the fault-free

output is 0 or 1 and the faulty output value is unknown (X), or Z if Z cannot be sensed by the ATE.

d. Established test algorithm

. An algorithm, procedure, or test vector sequence, that when applied to a logic

component or logic partition has a known fault coverage or test effectiveness. This fault coverage or test

effectiveness is denoted herein as the established fault coverage or established test effectiveness for the

established test algorithm. For example, an established test algorithm for a RAM may be a published memory

test algorithm, such as GALPAT, that has been shown by experience to detect essentially all RAM failures and

therefore is assessed an established test effectiveness of 100 percent. An ALU may be tested by means of a

precomputed test vector sequence for which fault coverage has been previously determined. More than one

established test algorithm may exist for a logic component or logic partition, each with a different established fault

coverage or test effectiveness.

MIL-STD-883F

METHOD 5012.1

27 July 1990

e. Failure hierarchy: Failure mechanism, physical failure, logical fault, error. The failure hierarchy relates physical

defects and their causes to fault simulators and observable effects. A failure mechanism is the actual cause of

physical failure; an example is electromigration of aluminum in a microcircuit. A physical failure (or simply failure)

is the actual physical defect caused by a failure mechanism; an example is an open metal line. A logical fault (or

simply fault) is a logical abstraction of the immediate effect of a failure; an example is "stuck- at-one" behavior of a

logic gate input in the presence of an open metal line. An error is a difference between the behavior of a fault-free

and faulty DUT at one or more observable primary outputs of the DUT.

f. Fault coverage

. For a logic model of a DUT, a fault universe for the logic model of the DUT, and a given test

vector sequence, fault coverage is the fraction obtained by dividing the number of faults contained in the fault

universe that are detected by the test vector sequence by the total number of faults contained in the fault

universe. Fault coverage is also stated as a percentage. In this test procedure, fault coverage is understood to be

based on the detectable fault equivalence classes (see 3.3). Rounding of fault coverage fractions or percentages

shall be "toward zero," not "to nearest." For example, if 9,499 faults are detected out of 10,000 faults simulated,

the fault coverage is 94.99 percent; if this value is to be rounded to two significant digits, the result shall be

reported as 94 percent, not 95 percent.

g. Logic line, node

. Logic lines are the connections between components in a logic model, through which logic

signals flow. Logic lines are the idealized "wires" in a logic model. A set of connected logic lines is a node.

h. Logic: Combinational and sequential

. Combinational digital logic contains only components that do not possess

memory, and in which there are no feedback paths. Sequential digital logic contains at least one component that

contains memory, or at least one feedback path, or both. For example, a flip-flop is a component that contains

memory, and cross-coupled logic gates introduce feedback paths.

i. Macro

. A logic modeling convention representing a model contained within another model. A macro boundary

does not necessarily imply the existence of a physical boundary in the logic model. A main model is a logic model

that is not contained within a larger model. Macros may be nested (that is, a macro may contain submacros).

j. Primary inputs, primary outputs

. Primary inputs to a logic model represent the logic lines of a DUT that are driven

by the ATE's drivers and thus are directly controllable test points. Primary outputs from a logic model represent

the logic lines of the DUT that are sensed by the ATE's comparators and thus are directly observable test points.

The inputs to the "main model" of the logic model of the DUT are the primary inputs, and the outputs from the

main model are the primary outputs. Internal nodes that can be driven or sensed by means of special test modes

shall be considered to be control or observation test points.

k. Test effectiveness

. A measure similar to fault coverage, but used in lieu of fault coverage in cases where physical

failures cannot be modeled accurately as logical faults. For example, many RAM and PLA failures cannot be

idealized conveniently in the same way as gate-level failures. However, established test algorithms may be used

to detect essentially all likely physical failures in such structures.

l. Test vector sequence

. The (ordered) sequence of stimuli (applied to a logic model of a DUT) or

stimulus/response values (applied to, and compared for, the actual DUT by the ATE).

m. Undetectable and detectable faults

. An undetectable fault is defined herein as a logical fault for which no test

vector sequence exists that can cause at least one hard detection or potential detection (see 1.1c). Otherwise

(that is, some test vector sequence exists that causes at least one hard detection, or potential detection, or both),

the fault is defined herein to be a detectable fault (see 3.3.3).

MIL-STD-883F

METHOD 5012.1

27 July 1990

2. APPARATUS

2.1 Logic simulator

. Implementation of this test procedure requires the use of a facility capable of simulating the behavior

of fault-free digital logic in response to a test vector sequence; this capability is herein referred to as logic simulation.

In order to simulate sequential digital logic, the simulator must support simulation of a minimum of four logic states: zero (0),

one (1), high-impedance (Z), and unknown (X). In order to simulate combinational digital logic only, the simulator must

support simulation of a minimum of two logic states: 0 and 1.

At the start of logic simulation of a logic model of a DUT containing sequential logic, the state of every logic line and

component containing memory shall be X; any other initial condition, including explicit initialization of any line or memory

element to 0 or 1, shall be documented and justified in the fault simulation report.

In order to simulate wired connections or bus structures, the simulator must be capable of resolving signal conflicts

introduced by such structures. Otherwise, modeling workarounds shall be permitted to eliminate such structures from the

logic model (see 3.1.2).

In order to simulate sequential digital logic, the simulator must support event- directed simulation. As a minimum, unit-delay

logic components must be supported.

Simulation of combinational-only logic, or simulation of sequential logic in special cases (such as combinational logic

extracted from a scannable sequential logic model) can be based on nonevent-directed simulation, such as levelized,

zero-delay, or compiled-code methods. The fault simulation report shall describe why the selected method is equivalent to

the more general event-directed method.

2.2 Fault simulator

. In addition to the capability to simulate the fault-free digital logic, the capability is also required to

simulate the effect of single, permanent, stuck-at-zero and stuck-at-one faults on the behavior of the logic; this capability is

herein referred to as fault simulation. Fault simulation shall reflect the limitations of the target ATE (see 3.4.1). It is not

necessary that the fault simulator directly support the requirements of this test procedure in the areas of hard versus

potential detections, fault universe selection, and fault classing. However, the capability must exist, at least indirectly, to

report fault coverage in accordance with this procedure. Where approximations arise (for example, where fault classing

compensates for a different method of fault universe selection) such differences shall be documented in the fault simulation

report, and it shall be shown that the approximations do not increase the fault coverage obtained.

3. PROCEDURE

3.1 Logic model

3.1.1 Level of modeling

. The DUT shall be described in terms of a logic model composed of components and

connections between components. Primary inputs to the logic model are assumed to be outputs of an imaginary component

(representing the ATE's drivers), and primary outputs of the logic model are assumed to be inputs to an imaginary

component (representing the ATE's comparators). Some logic simulators require that the ATE drivers and comparators be

modeled explicitly; however, these components shall not be considered to be part of the logic model of the DUT.

3.1.2 Logic lines and nodes (see 1.1g)

. All fan-out from a node in a logic model is ideal, that is, fan-out branches

associated with a node emanate from a single point driven by a fan-out origin. All fan-in to a node in a logic model is ideal;

that is, multiple fan-in branches in a node drive a single line. Figure 1 shows a node that includes fan-in branches, a fan-out

origin, and fan-out branches. Because fan-in and fan-out generally are not ideal in actual circuit layout, the actual topology

of the circuit should be modeled, if it is known, by appropriately adding single-input noninverting buffers to the logic model.

Modeling workarounds may be used to eliminate fan-in to a node. This may be required if the simulator does not directly

model wired connections or bus structures. Some simulators may permit internal fan-in, but require that bidirectional pins to

a DUT be modeled as separate input and output functions.