A Discrete Event System Approach to Online Testing of Speed Independent Circuits

With the increase in soft failures in deep submicron ICs, online testing is becoming an integral part of design for testability. Some techniques for online testing of asynchronous circuits are proposed in the literature, which involves development of a checker that verifies the correctness of the protocol. This checker involves Mutex blocks making its area overhead quite high. In this paper, we have adapted theTheory of Fault Detection and Diagnosis available in the literature on Discrete Event Systems to online testing of speed independent asynchronous circuits. The scheme involves development of a state based model of the circuit, under normal and various stuck-at fault conditions, and finally designing state estimators termed as detectors. The detectors monitor the circuit online and determine whether it is functioning in normal/failure mode. The main advantages are nonintrusiveness and low area overheads compared to similar schemes reported in the literature.


Introduction
With the advancement of VLSI technology for circuit design, there is a need to monitor the operations of circuits for detecting faults [1].These needs have increased dramatically in recent times because, with the widespread use of deep submicron technology, there is a rise in the probability of development of faults during operation.Performing tests before operation of a circuit and assuming continued faultfree behaviour may decrease the reliability of operation.In other words, there is a need for online testing (OLT) of VLSI circuits, whereupon they are designed to verify, during normal operation, whether their output response conforms to the correct behaviour.
Most of the circuits used in VLSI designs are synchronous.Compared to synchronous circuits, asynchronous designs offer great advantages such as no clock skew problem, low power consumption, and average case performances rather than the worst case performances.Testing asynchronous circuits as compared to synchronous circuits is considered difficult due to the absence of the global clock [2].
OLT has been studied for the last two decades and can be broadly classified into the following main categories: (i) Self-checking design.
The approach of self-checking design consists of encoding the circuit outputs using some error detecting code and then checking some code invariant property (e.g., Parity) [3][4][5].Some examples are Parity codes [6], m-out-of-n codes [7], and so forth.The area overhead for making circuits self-checkable is usually not high.These techniques, termed as "intrusive OLT methodologies, " require some special properties in the circuit structure to limit the scope of fault propagation.These properties can be achieved by resynthesis and redesign of the original circuit, which may affect the critical paths in the circuit.
Signature monitoring techniques for OLT [8,9] work by studying the state sequences of the circuit FSM model 2 VLSI Design during its operation.These schemes detect faults that lead to illegal paths in the control flow graph, that is, paths having transitions which do not exist in the specified FSM.To make the runtime signature of the fault-free circuit FSM different from the one with fault, a signature invariant property is forced during FSM synthesis, making the technique intrusive.Further, the state explosion problem in FSM models makes the application of this scheme difficult for practical circuits.
Duplication based OLT technique works by simply replicating the original circuit and comparing the output responses [10]; a fault is detected if the outputs do not match.The major advantage of duplication based scheme is nonintrusivity; however, area overhead is more than double.To address this issue, partial duplication technique is applied [11,12].This scheme first generates a complete set of test vectors for all the faults possible, using Automatic Test Pattern Generation (ATPG) algorithms.After that, a subset of faults are selected (based on required coverage) and a subset of test vectors (based on tolerable latency) for the selected faults are taken and synthesized into a circuit which is used for OLT.It may be noted that ATPG algorithms are optimized to generate the minimum number of test vectors that detect all faults.As the scheme applies ATPG algorithms in a reverse philosophy, it becomes prohibitively complex for large circuits.
The technique of designing circuits with additional onchip logic, which can be used to test proper operation of the circuit before it starts, is called off-line BIST.Off-line BIST resources are now being used for online testing [13][14][15][16].This technique utilizes the idle time of various parts of the circuit to perform online BIST.Idle times are reducing in circuits because of pipelining and parallelism techniques and so online BIST scheme is of limited utility.

Motivation of the Work.
From the above discussion we may state that an efficient approach for OLT should have the following metrics: (i) The OLT scheme should be nonintrusive.This is the most important constraint as designers meet requirements, like frequency, area, power, and so forth, of the circuit to produce an efficient design and do not want the test engineers to change them.
(ii) The OLT technique should support well accepted fault models.
(iii) The scheme should be computationally efficient so that it can handle reasonably large circuits.
Most of the papers cited in the above discussion are for OLT of synchronous circuits and only a few of them [4,5,10] are applicable to asynchronous circuits.Now, we elaborate on these three works on OLT of asynchronous circuits and derive motivation of the present work.
Traditionally, double redundancy methods were used for OLT of asynchronous designs [10].In this scheme, two copies of the same circuit work in parallel and the online tester checks whether they generate the same output.This scheme results in more than 100% area and power overheads.Further, both being the same circuit, they are susceptible to similar nature of failures.The schemes reported in [4,5] basically work by checking whether the output of the asynchronous circuit maintains a predefined protocol (i.e., there is no premature or late occurrence of transitions).The checker circuit is implemented using David cells (DCs), Mutual Exclusion (Mutex) elements, C-elements, and logic gates.The checker circuit has two modes: operation-normal mode and self-test mode.In normal mode, the checker is used to detect whether there is any violation in the protocol being executed by the CUT.On the other hand, in self-test mode, the checker is used to detect faults that may occur within the checker itself.Mutex elements (component of asynchronous arbiter) were used to grant exclusive access to the shared DCs between different modes of operation.The area overhead of the Mutex blocks is high, even compared to the original circuit.So, area overhead of the online tester in this case would be much higher than that of the original circuit and even the redundancy based methods.Further, this tester only checks the protocol and so fault coverage or detection latency cannot be guaranteed.
Discrete event system (DES) model based methods are used for failure detection for a wide range of applications because of the simplicity of the model as well as the associated algorithms [17].A DES is characterized by a discrete state space and some event driven dynamics.Finite state machine (FSM) based model is a simple example of a DES.In the state based DES model, the model is partitioned according to the failure or normal condition.The failure detection problem consists in determining, in finite time after occurrence of the failure, whether the system is traversing through normal or failure subsystem.A fault is detectable by virtue of certain transitions (in the failure states) which are called fault detecting transitions (FD-transitions).FD-transition is a transition of the faulty subsystem, for which there is no corresponding equivalent transition in the normal subsystem.Using the FDtransitions, a DES fault detector is designed, which is a kind of state estimator of the system.For OLT of circuits, the detector is synthesized as a circuit which is executed concurrently with the circuit under test (CUT).Biswas et al. in [18,19] have developed an OLT scheme for synchronous circuits using the FSM based DES theory, which satisfies most of the metrics mentioned above for an efficient online tester design.In this paper, we aim at using the theory of failure detection of DES models for OLT of SI circuits.
Just like synchronous circuits, the basic FSM framework is also used to model asynchronous circuits with slight modification.In case of synchronous circuits, state changes in the FSM occur only at the active edge of the register clock, irrespective of the time of change of the inputs.On the other hand, in asynchronous circuits, state changes can occur immediately after transition in the inputs.FSM used to model asynchronous circuit is called AFSM [20].An alternative to AFSM is burst-mode (BM) state machines [20].AFSM and BM state machine are similar from the modeling perspective; however, in case of BM state machine transitions are labeled with signal changes rather than their explicit values, which is the case in AFSMs.AFSMs and BM state machines assume that first inputs change followed by outputs and finally new state is reached.Due to the strict sequence of signal changes, all asynchronous protocols cannot be modeled using AFSMs or BM state machines.Extended BM state machines address this modeling issue by allowing some inputs in a burst to change monotonically along a sequence of bursts rather than in a particular burst.Petri net (PN) is widely accepted modeling framework for highly concurrent systems [21].PN models a system using interface behaviors which are represented by allowed sequence of transitions or traces.The view of an asynchronous circuit as a concurrent system makes PN based models more appropriate than AFSMs and BM state machines for their analysis and synthesis.There are several variants of PNs among which signal transition graph (STG) is generally used to model asynchronous circuits.The major reason is that the STG interprets transitions as signal transitions and specifies circuit behavior by defining casual relations among these signal transitions [22].
In this paper, we aim at using the theory of failure detection of DES model for OLT of SI asynchronous circuits.Several modifications are made in the DES framework used for synchronous circuits [18,19] when applied for SI circuits.The modifications are as follows: (i) We first model SI circuits along with their faults as STGs and then translate them into state graphs.State graphs are similar to FSM based DES models from which FD-transitions can be determined.
(ii) In case of synchronous circuits, the fault detector is an FSM which detects the occurrence of FDtransitions.A synchronous circuit can be synthesized in a straightforward way from the FSM specification [18,19] that performs online testing.Why the same design cannot be synthesized as an asynchronous circuit will be discussed in this paper.As the use of synchronous circuit for OLT of asynchronous modules is not desirable, we propose a new technique for detector design which can be synthesized as a SI circuit.The detector is designed as state graph model which is live and has complete state coding (CSC); these properties ensures its synthesizability as a SI circuit.
The paper is organized as follows.In Section 2, we present some definitions and formalisms of the DES framework.Section 3 illustrates DES modeling for a speed independent circuit under normal and stuck-at faults.In Section 4, the DES detector for the SI asynchronous circuit is designed.Synthesizing the DES detector as online tester circuit is also discussed in the same section.Section 5 presents experimental results regarding area overhead and fault coverage of the DES detector based online tester.Also, comparison of area overhead of the proposed approach with other similar schemes is reported.Finally, we conclude in Section 6. Suppose that there is a transition in failure DES model for which there is no corresponding equivalent transition in normal DES model, then that transition is called failure detecting transition (FD-transition).The failure is detected when the system traverses through the FD-transition.Thus, we can define FD-transition as follows.

DES Modeling Framework: Definitions and Formalisms
Definition 7 (FD-transition).A   --transition of faulty DES model   = ⟨  ,   + ⟩ is an FD-transition, if there is no transition  = ⟨,  + ⟩ in the normal DES model such that   .
The motivation of failure detection using DES model is to find out such FD-transitions and design DES detector using these transitions.In the next section, we discuss how to model SI circuits using DES.

DES Model of a Speed Independent Circuit: Normal and Faulty
As already discussed, the first step to design a DES based online tester is to obtain the normal and faulty state based model of the CUT.However, the traditional state based DES paradigm cannot be directly used for modeling SI circuits.So in this case we will start with signal transition graph (STG), which is a type of Petri net based DES, to specify fault-free and faulty conditions.The STGs will be converted into state graphs (similar to FSMs) using the concept presented in [22].We first discuss fault modelling at the STG level using an example and concepts from [22].In addition to the models (i.e., faults in transistors of the C-elements) given in [22], we have also modeled stuck-at faults on all wires (i.e., input/output of gates).
3.1.Fault Modeling.The SI asynchronous CUT example being considered to illustrate the proposed scheme is shown in Figure 1 (taken from [22]).Traditionally, synchronous circuits consist of blocks of combinational logic connected with clocked latches or registers, while, in case of SI circuit designs, we basically have logic gates as building blocks with C-elements, which act as storage elements.Transistor level diagram of C-element is shown in Figure 2; logic function of the C-element can be described by the Boolean equation  = +  +  , where  is the next state and   is the old state value [22,23].The output of C-element becomes logically high (low) when both the inputs are logically high (low); otherwise it keeps its previous logic value.There are two types of C-elements used in SI circuits: static C-element and dynamic C-element.The static version of C-element promises that the information inside it can be stored for unbounded periods.However, dynamic versions of C-element provide gains in terms of area, power, and delay [23][24][25][26].Since the circuits having high operating speed, low area, and power consumption are preferred in modern days, we have chosen SI circuits with dynamic C-elements instead of static ones.
Figure 3 shows the STG for the CUT being considered.Rising (falling) transitions on signals, indicated by + (−), are shown in the STG.The dark circles along the arcs are called tokens.The token indicates one of possibly a set of signals that enable transition to fire.If all input arcs for a signal transition have tokens then that signal transition is said to be enabled.For example, when signal  in goes high (denoted by  in +) and  out goes high (denoted by  out +), only then  out + transition can take place.Upon firing  out +, a token is placed on each of its outgoing arcs, thus enabling  in −.Note that  out − is enabled after  out + and  in +.
In this paper, we have considered SI circuits that contain C-elements (we assumed dynamic version) and logic gates.For the logic gates, the most popular fault model is the stuck-at fault model, which is at the gate level.However, for the C-elements stuck-on and stuck-off faults for each transistor are an accepted fault model [22].So we have chosen a mixed gate/transistor level description for modeling the faults.To illustrate fault modeling at both C-elements and basic gates, we consider the circuit example from [22] which is shown in Figure 1.

STG Based Modeling.
In this work, we model single stuck-at faults in the gates and transistors (for the Celements) and map them to STGs of the circuit.For the analysis, the signals attached to the inputs  and  of the Celements are also indicated in the gate level circuit diagram of Figure 1.Now, we consider some of these faults (one at a time), analyze their effects, and finally modify the STG to model the faults.Consider the C-element C2 of Figure 1 and refer to transistor level circuit of Figure 2. The C-element C2 has  out and  in as inputs and  out as output.If the transistor 1 has a stuck-on fault, this leads to error in the circuit that it needs to wait for only 2 to be enabled to generate output.When 2 turns on, then a path to ground via 1 and 2 gets established, which makes 3 on and 3 off, making C high.So C2 has to wait only for 2 (i.e.,  in + which corresponds to input  of C2 to become 1) to turn on and change the output.In other words, it has to wait for only  in + (and not also for  out +, which is the requirement under normal condition) before it can generate  out +. Thus, the fault in 1 leads to premature firing of the  out + transition.We represent this by including a token on the arc connecting  out + to  out +. Availability of this token will enable  out + to fire as soon as  in + arrives, without waiting for  out +.This token is denoted by a "1" shown on the arc in Figure 4. Now, consider C-element C1 producing output  out , with transistor 1 having stuck-on fault.As 1 is on, the gate has to wait for 2 to turn on before it can change the output.When 2 turns on (by virtue of  = 0) then there is no path to ground as 2 is off, which makes 3 off and 3 on, making C low.Here, C1 has to wait for the input  = 0 to generate  out −. Referring to Figure 1, for  to become 0, we need either  out to become 1 (the same as  in becoming 0) or  in to become 1.Thus, as soon as we have either  out + or  in +,  out − would fire.It may be noted that, under normal condition, for  out − to fire, we also require  = 0, which mandates both  out + and  in +.This failure condition is indicated in the STG by adding a "1" to the input arcs of  out −, which is shown in Figure 5.To elaborate, Figure 5(a) (Figure 5(b)) shows that  out − can be fired as soon as  in + ( out +) fires and does not wait for  out + ( in +).
As the third fault, let C1 have stuck-on fault at 2.The stuck-on fault at 2 enforces the circuit to wait only for 1 to be enabled for generating output  out +.As 1 is connected to input , which is logical ORing of  out − and  in −, transition  out + can fire after  out − or  in − (without requiring to wait for  in +).This premature firing of transition  out + is indicated in the STG by adding a "1" to  in +, which is shown in Figure 6.
For the gates, stuck-at-0 and stuck-at-1 faults are considered at their inputs and output nets.Let Line 2 of the AND gate from Figure 1 have a stuck-at-0 fault.This makes Line 6 stuck-at-0 fault.As Line 6 is connected to the  input of the C-element C1, we have transistor 2 on and transistor 2 off.Note that as 2 is always off, there is no path to the ground.So the output  out can never become 1 because 3 can never turn on.In other words, we will never have the  out + transition.This is indicated by adding a "0" on the output arcs of  out + in Figure 7.
If Line 9 gets stuck at 1, this will lead to Lines 3 and 5 being stuck at 0, further leading to Line 6 being stuck at 0. As Line 6 is connected to the  input of the C-element, we will have the fault manifestation similar to the case of Line 2 stuck at 0. Now, we consider a stuck-at-0 fault at Line 13.As this line is connected to the  input of the C-element C2, it will lead to output  out never becoming 1.The effect is shown by adding a "0" to the output arcs of  out + in Figure 8. Now, we consider an example of a redundant fault; that is, no logical difference is observed in the operation of the circuit after fault.An instance of such a fault is 1 stuck-on fault in C1.This fault enforces the circuit to wait only for 2 to be enabled (i.e.,  to be 1) for generating output  out +.As 2 is connected to input , which is logical ANDing of  in +,  out −, and  in −,  out + can fire only after three transitions, namely,  in + and  out − and  in − fire.It may be noted that  out − and  in − also imply that input  (connected to 1) of C1 is 1, which in turn implies condition for 1.As fault and normal condition both imply 1 to be on, stuck-on fault at 1 Figure 5: STG level model of stuck-on fault in 1 of C1 [22].
Figure 6: STG level model of stuck-on fault 2 of C1 [22]. of C1 does not generate any behavioral difference.Obviously, such faults cannot be detected and under the single stuck-at fault assumption do not cause significant reliability issues.
For the fault model considered, the total number of faults in a SI circuit having dynamic C-elements is equal to 12 times the number of C-elements (each C-element consists of 6 transistors and each transistor can have stuck-on and stuck-off faults) plus twice the number of I/O lines of the gates (each line has either stuck-at-0 or stuck-at-1 fault).So the number of faults in case of the circuit considered in Figure 1 is not too small and listing them all would make a tabular representation long.So a partial list of faults and their effects on the STG is given in Table 1.

State Graph Based Fault Modeling and FD-Transitions.
As already discussed, the first step of DES based OLT design is to generate the normal and faulty models.For SI circuits, first the STGs under normal and faulty conditions are obtained and then converted into state based models.In this subsection, we explain the concept using the example circuit of Figure 1 under normal condition and two faults, namely, stuck-on fault in 1 of C2 and stuck-on fault in 1 of C1.
The state based DES model for the normal circuit is shown in Figure 9.It may be noted that in the circuit there are 4 I/O signals, namely,  in ,  out ,  in , and  out .In the DES model corresponding to each signal, there is a discrete variable: which assumes values from the set {0, 1}.The set of states are 0 to 13 and 0 is the initial state.State mappings and transitions are shown in Figure 9; for example, state 0 maps variables ⟨ in ,  out ,  in ,  out ⟩ to ⟨1, 1, 0, 0⟩.In states 0 and 1 mappings are ⟨1, 1, 0, 0⟩ and ⟨1, 1, 0, 1⟩, respectively.So transition from 0 to 1 changes  out from 0 to 1; this is indicated by transition  out +. Now, if we look at the STG for the normal circuit in Figure 3 we note that  out + can fire if  in + and  out + have a token (i.e.,  in = 1 and  out = 1).In state 0 as  in = 1 and  out = 1,  out + can fire.Similarly, the whole DES can be constructed.
The state based DES model for the circuit under 1 stuckon fault in C2 is shown in Figure 10.The set of states are   0 to   13 and   0 is the initial state.The transitions and state mapping are shown in the figure.As discussed in the previous subsection, 1 stuck-on fault in C2 results in premature firing of  out + (i.e., it need not wait for  out + and can fire only if  in + holds).If we observe the failure DES model in Figure 10, we note that there are two dotted transitions, which correspond to the failure condition, that is, premature firing of  out +.One dotted transition is between   11 and   6.It may be noted that in   11 we have  in = 1,  out = 0,  in = 1, and  out = 0, where even though  out + is not enabled, because  in + is enabled,  out + fires.A similar premature firing of  out + occurs between   13 and Figure 10: DES model for circuit with 1 stuck-on fault in C2 (STG of Figure 4).enabled and the transition ⟨  1,   8⟩ represents firing of  out − by  out + in spite of  in + not being enabled.Thus, for this fault there are two FD-transitions, namely, ⟨  2,   11⟩ and ⟨  1,   8⟩.
The set of FD-transitions is shown in Table 2.In the next section, we will discuss the procedure for design of the DES detector from FD-transitions and its synthesis as a SI circuit.

DES Detector Based Online Tester
A DES detector is basically a state estimator which predicts whether the Circuit Under Test (CUT) traverses through normal or faulty states/transitions.Broadly speaking, the detector is constructed using transitions which can manifest the fault effects.In other words, such a transition is a faulty transition for which there is no corresponding equivalent normal transition.As already mentioned, we call such transitions failure detecting transitions (i.e., FD-transitions).In the circuit under consideration, comparing the normal (Figure 9) and 1 stuck-on fault at C2 DES models (Figure 10), we may note that there are two transitions (dotted) ⟨  11,   6⟩ and ⟨  13,   8⟩ which manifest the fault effect.Corresponding to these transitions, there are no equivalent transitions in the normal model.These two transitions are FD-transitions for the fault and are used in DES detector construction.
If the CUT is a synchronous circuit then obviously the online tester is also a synchronous circuit that can be designed from the FD-transitions using straightforward FSM synthesis philosophy [18,19].The detector FSM has three classes of states, namely, initial, intermediate, and final.The detector measures the I/O signals of the CUT (i.e., variables) to determine whether the following happens.
On startup the detector is in its initial state and it checks whether the CUT is in the initial state of any FDtransition.For example, if we consider only two faults in the circuit under consideration, stuck-on fault in 1 of C2 and stuck-on fault in 1 of C1, then the FD-transition set is {⟨  11,   6⟩, ⟨  13,   8⟩, ⟨  2,   11⟩}.So in the initial state the detector checks whether the signals  in ,  out ,  in , and  out are 1, 0, 1, and 0 or 1, 0, 0, and 0 or 1, 1, 1, and 0. If so, the detector moves to an intermediate state (in the next clock edge) corresponding to the value matched.For each of the FD-transitions, there is a corresponding intermediate state in the detector.For example, if  in ,  out ,  in , and  out are measured to be 1, 0, 1, and 0 in the initial state of the detector, the detector moves to the intermediate state corresponding to FD-transition ⟨  11,   6⟩.However, if the signals do not match initial state of any FD-transition the detector loops in the initial state.In the intermediate state whether the values of the signals of the CUT match with the final state of the corresponding FD-transition is checked; if so, the fault is detected and the detector moves to the final state and is deadlocked there.Otherwise, it moves to the initial state.Continuing with the example, if the values of  in ,  out ,  in , and  out are 1, 0, 1, and 1 from the intermediate state, FDtransition ⟨  11,   6⟩ is detected (i.e., stuck-on fault in 1 of C2) and detector moves to final state in the next clock edge.Otherwise, if  in ,  out ,  in , and  out are 1, 0, 0, and 0 then CUT is normal and the detector moves to the initial state.
The above mentioned philosophy of constructing the detector and then synthesizing it into a synchronous system is widely used in the DES theory [17] and has been applied for OLT of synchronous circuits [18,19].Obviously, if the CUT is an asynchronous circuit and so must be the detector circuit.However, it may be noted that the same philosophy cannot be directly used in the case of SI circuits.The reason is that the FSM of the detector designed above has liveness issue in the final state and has complete state coding (CSC) violations in the intermediate states.
Now we propose a new technique for detector design which can be synthesized as a SI circuit.The detector is designed as state graph model which is live and has complete state encoding, that ensures its synthesizability as a SI circuit.Before formalizing the algorithm for the design of the state graph of the detector, we first introduce the basic philosophy of its working using the examples from the previous section.
An FD-transition in SI circuit design paradigm can be stated as, "under failure, a signal  can change in the presence of signals 1, 2, . . ., , (1 ≤ ) which is not possible under normal condition." For example, in the case of 1 of C2 stuck-on fault, ⟨  11,   6⟩ is an FD-transition which changes signal  out from 0 to 1 (i.e.,  out +) and the other signals are  in = 1,  out = 0, and  in = 1 (Figure 10).It may be noted that in normal condition for changing  out from 0 to 1 we need  in = 1,  out = 1, and  in = 0 (Figure 9).Comparing with the faulty condition we may state that, "under 1 of C2 stuck-on fault, signal  out can change from 0 to 1 in presence of signals  in = 1,  out = 0, and  in = 1 which is not possible under normal condition." So, to detect whether FD-transition ⟨  11,   6⟩ has occurred, the detector needs to tap lines  out ,  in , and  out ( in is not required to be monitored as its value is same under normal and faulty case) of the CUT and determine whether  out + has fired and at that time whether  out = 0 or  in = 1 or both; if so, a status output line is made 1.For optimization of the detector in terms of number of states, tap lines, and so forth, without loss of fault detection capability, we may consider checking  out + in presence of either  out = 0 or  in = 1 but not both.If we consider the other FD-transition ⟨  13,   8⟩ for the fault, it can be detected by checking whether  out + has fired and at that time whether  out = 0;  in and  in are not required to be monitored as their values are the same under normal and faulty case.So, it may be stated that to detect the fault by FD-transitions ⟨  11,   6⟩ and ⟨  13,   8⟩ we need to check whether  out + has fired and at that time whether  out = 0.The design and flow of the detector for these two FD-transitions are as follows: (1) The state encoding tuple is ⟨ out ,  out , ⟩.The initial state of the detector  0 is encoded as 100.The first two bits represent the complement of  out = 0 and  out = 1, that is, complement of value of  out in state   11 and complement of change of  out by the FD-transition.The third bit represents  output of the detector which is 0 until FD-transition is detected.
(2) The detector waits for signal  out to become 0 and if so it moves to state  1 say, which is encoded as ⟨000⟩.However, from state  0 , if  out becomes 1, FDtransition cannot be detected because this is normal situation (state 0 in Figure 9) where  out + fires when  out = 1; detector moves to state  5 having encoding ⟨110⟩.When  out becomes 0 in state  5 , the detector moves back to  0 from where it again waits to detect whether the FD-transition occurs.
(3) From state  1 the following may happen: (a) If  out becomes 1, then FD-transition cannot be detected and so the detector moves back to  0 .(b) If  out becomes 1, then FD-transition and hence fault are detected.The detector moves to state  2 having encoding ⟨010⟩.Following that detector makes  output high and moves to state  3 with encoding ⟨011⟩.
Once  line is 1, that is, fault is detected online, the system should switch to an alternative backup circuit, as under the single stuck-at fault model faults are assumed to be permanent [22].By that logic, the detector should stop or loop in  3 indefinitely; however, it would lead to deadlock and is nonsynthesizable as a SI circuit.In similar way we can design detectors for the other FDtransitions shown in Table 2.However, it may be noted that different circuits may be required for the other FD-transitions because merging all FD-transitions in a single detector state graph will lead to CSC problems.As shown in the example above, some FD-transitions can be merged into a single state graph maintaining CSC.Figures 13-16 illustrate the SGs for all the FD-transitions shown in Table 2. Also, the FD-transitions which could be merged are mentioned in the figures.
Before discussing the algorithm for generating the detector for a set of FD-transitions we introduce the notion of compatible FD-transitions.
Definition 8 (compatible FD-transitions).Two FD-transitions   1 = ⟨  1,   1 + ⟩ and   2 = ⟨  2,   2 + ⟩ are compatible if the following holds: (i) If 1 is the signal change by   1 and 2 is the signal change by   2, then 1 is the same as 2.In other words, signal change by both FD-transitions is the same.
(ii) Let   1 ⊆  (for FD-transition   1 = ⟨  1,   1 + ⟩) be the set of variables whose values at   1 are different compared to state(s) , where  is any state under normal condition (normal DES) from which 1 is the signal change.Similarly, the set   2 ⊆  is calculated for FD-transition   2 = ⟨  2,   2 + ⟩.Then,   1 ∩   2 ̸ = 0.In other words, there exists at least one signal (i.e., a variable) whose value is the same in initial state of both FD-transitions and that is different compared to the initial state(s) of the corresponding transition(s) under normal condition.
Output.Detectors for determining occurrence of FD-transitions are as follows: (1) Partition I FD into equivalence classes.Let I1 FD , I2 FD , . . ., I FD be the sets generated.
(3)  is the signal changed by   ∈ I FD and  is any signal whose value is the same in initial states of all   ∈ I FD .Further, signal  is different in the initial state of the corresponding normal transition which also makes the same change in .
(4) Let state encoding of the detector be the tuple ⟨, , ⟩.
(5) Create the initial state  0 .The values of the variables in  0 are as follows: (i)  in the tuple for  0 is complement of the value of the variable  in (  ),   ∈ I FD , (ii)  in the tuple for  0 is complement of the value of the variable  after its change by   ∈ I FD , and (iii)  in  0 is 0.
(6) Create state  1 , with transition from  0 to  1 labeled as + (−) if value of  in  0 is 0 (1).Also, create a transition from  1 to  0 labeled with inverse of the signal change as in transition from  0 to  1 .Accordingly, encode state  1 .
(  [27,28] and are live.So they can be synthesized as SI circuits using C-elements and logic gates by applying standard asynchronous circuit synthesis procedures [29,30].Figure 17 illustrates some snapshots regarding the steps of synthesizing the state graph of the detector shown in Figure 14 using CAD tool Petrify [31]; Figure 17(a) is the description of the state graph that is input to Petrify, Figure 17 In similar way, all state graphs for the FD-transitions have been synthesized into different circuits.Then, the final DES detector circuit for CUT is constructed by simply ORing the outputs of these circuits.The output of the detector circuit becomes high when output of at least one individual detector becomes high, thereby detecting the fault.

Experimental Evaluation
To validate the efficacy of the scheme, we analyze the area overhead ratio of the online tester circuit to that of the circuit under test.Further, we also compare the overhead with other techniques reported in the literature.In our experiments, we have considered some standard SI benchmark circuits [32].Further, for comparison, we have also implemented our scheme on the circuits used in [5].
The algorithm discussed in previous section is used to design a CAD tool OLT-ASYN which generates detectors for OLT given an asynchronous circuit specification.The design procedure includes the following steps.Area overhead ratio of the online tester circuit to that of the circuit under test is computed using the formula Area overhead ratio

=
Combined area of the Detector circuits Area of the CUT . ( Area of gates and C-elements are considered in terms of number of transistors used in their CMOS implementation.For example, a two-input NAND gate has four transistors (two PMOS and two NMOS).Fault coverage is calculated as ratio of number of faults detected by the tester to the total number of faults.Table 3 shows the number of gates, number of faults, fault coverage, area overhead ratio, and execution time of the proposed approach for the different SI circuits being considered.
The first three circuits in the table are simple examples whose gate level designs are shown in Figures 19, 20, and 21.The fourth and fifth circuits have been used in [5].The others are standard asynchronous benchmarks [32] which are complex in terms of area, states, and signal compared to first five circuits in the table.
Broadly speaking, it can be observed from Table 3 that area overhead decreases with the increase of the size of the circuit.In [12], Drineas and Makris have identified that the area overhead ratio for partial replication based OLT for stuck-at faults is approximately +1/, where  is the fraction of test patterns incorporated in detector design ( = 1 when all FD-transitions are incorporated in detector design) and  is the number of state bits required for circuit representation (i.e., proportion to circuit size).In this work, we have taken all possible FD-transitions and the obtained area overhead ratio acts (approximately) in accordance with the fact mentioned above.
From the discussion in the last section regarding design of the detector from the FD-transitions, it may appear that a large number of such detectors may be required for complex circuits.In the worst case, the number of detectors may be equal to the number of FD-transitions.Further, in case of large circuits as the number of nets and C-elements are high the number of FD-transitions may be proportionally large.However, interestingly, the experiments illustrated reverse trends.Large circuits have larger number of possible stuck-at faults; however, many of them are mapped to similar effects and hence the same FD-transitions; this can be observed from Table 1 for the running example.Further, using the principle of compatible of FD-transitions, it was found that multiple FD-transitions fall in the same clusters thereby resulting in the fact that a single detector suffices for more than one FDtransition.To conclude, it was observed that a few detectors are actually required to cover all the faults.To the best of our knowledge, such facts regarding OLT of asynchronous circuits were not reported in the literature.
It may be noted that percentage of fault coverage is more than 95% in average.The number of faults that could not be detected was found to be redundant.

Mutex Approach to
Testing.Now, we will discuss, in brief, the Mutex approach for online testing proposed in [5] and compare its area overhead ratio with our scheme.In [5], the scheme is demonstrated on the following specification of a handshaking protocol: Online testing is performed using checkers which verify that sequencing of the signals as per the protocol is maintained; that is, there is no premature or late firing of signals, no signal is stuck-at-0/stuck-at-1 fault, and so forth.All the protocol signals are used as the input for the checker.The checker has two functionalities, namely, self-checking and online testing of the handshaking protocol.The signal "mode" decides this selection.The block diagram of the checker is given in Figure 22.A part of the checker circuit is shown in Figure 23 which will be used to present the basic working of the checker.The full circuit diagram and functionality can be found in [5].As shown in Figure 23, there are two Mutex components; one is used for the arbitration between − and −, while the other is used to arbitrate between +, 11+, and 11+; the details of the signals 11+ and 11+ are given below.The initial state is 11 (both req and ack are high).This is guaranteed by the previous state.In the previous cycle of operation, + occurs before +, which sets 11 = 1, thus providing the appropriate initial condition for the given cycle.The next signal change should be − (as per the handshaking protocol).So, once − occurs, 11 signal is set to 1 (left Mutex), as  signal is still high.As a result, the checker goes to next state 01 indicating no errors.If there is an error in the protocol under test, then − precedes −, and 11 is set to 1.This moves the checker along the fault branch.
When the mode signal is set to logic 1, the three-input arbiter (right Mutex in Figure 23) is used to arbitrate +, 11+, and 11+.This Mutex is used for self-testing of the checker.
The asynchronous circuit under test (which realizes the above handshaking protocol) is implemented using David cells [5].The partial checker circuit illustrated in Figure 23 basically tests the handshake protocol between a pair of David cells and performs self-checking.Along with the partial circuit shown in Figure 23, there are four David cells (not shown), which together test the handshaking protocol (between a pair of David cells) and self-testing of the checker.Among the two Mutex blocks and four David cells, half of them are used for handshaking protocol and the other half is used for self-testing.The logic gates are shared resources for both types of testing.In [5], both the circuit under test and the checker circuity are implemented using David cells, using the flow of converting a Petri net model to asynchronous circuits based on David cells [33].

Comparison with the Mutex Approach.
The proposed DES based approach for online testing does not involve selftesting of the detector.So, for comparison of area overhead of the proposed scheme with [5], we require only half of the resources used in [5].Table 4 shows area overhead ratio of the checker (for online testing only) for two circuits implementing handshaking protocols involving two and four David cells, respectively.The table also reports the number of David cells, Mutex elements, and logic gates involved in the checker (for online testing).From Tables 4 and 3 (fourth and fifth circuit), we can deduce that the area overhead requirement for the Mutex method is higher compared to that of the purposed scheme.The advantages of the proposed method over the Mutex approach are as follows: (1) The area overhead for the online tester circuit is less as compared to that of the Mutex approach by about 50%.
(2) There is flexibility to trade off area overhead, by reducing fault coverage depending upon the testability requirements.Such flexibility is not easy to be achieved by the Mutex approach.It may be noted that the proposed scheme verifies that there are no stuckat faults while the Mutex approach verifies a protocol.In particular, it checks for the correct sequencing of the outputs.Fault coverage can be easily traded off with area overhead in our approach, while it is difficult to achieve something like "partial verification of protocol, " avoiding checking certain incomplete output sequences.(3) In the detector of the proposed scheme, there is no dependency on Mutex elements.The Mutex element itself can undergo a metastable state which needs to be handled by the metastability detector, adding to area overhead.
In this work, we could not compare fault coverage of our approach with the Mutex approach.The Mutex approach verifies online whether the output of the CUT follows the specified handshaking protocol.So, the Mutex approach basically follows functional testing.The scheme proposed in our paper works on structural testing and hence fault coverage can be given, while it is not possible for functional testing.
It may be noted that the circuits considered in the Mutexbased OLT scheme [5] were simple.For comparison with our scheme, we have done manual implementation of Mutexbased tester design on those circuits.

Conclusion
In the present paper, a method for the online testing of SI circuits has been proposed.We start by obtaining the STG of the SI circuit under test using the tool Petrify.After that, effects of stuck-at faults were modeled in the STGs.The normal and faulty STGs were transformed into state graphs and a DES detector was designed.The detector is capable of determining, online, whether any of the modeled stuckat faults have occurred in the circuit.Finally, the detector is synthesized as a SI circuit with C-elements which is to be placed on chip.Several circuits were considered as case study and area overhead ratio of the detector was studied for these circuits.Results illustrated that area requirement of the detector of the proposed scheme is less than that of the Mutex approach [5] by about 50% on the average.Apart from this, there are several other advantages of the proposed approach, namely, independence of circuit functionality, nonintrusiveness, liveness, and CSC of the detector to ensure synthesizability and so forth.
The present scheme is applicable only for SI circuits with dynamic implementation of C-elements.As a further direction of research, this technique can be extended for other types of asynchronous circuits like Delay Insensitive (DI) circuits.It is required to verify whether this proposed DES based OLT scheme can be directly applied for DI circuits or some modifications would be needed.Also, in case of SI circuits, the present scheme can be extended for static C-elements.OLT of static C-elements may be comparatively more complex than that of dynamic C-element because the dynamic C-element comprises less number of transistors than that of static C-element.Additionally, in the present work, it is found that transistor stuckoff or stuck-on faults lead to premature/nonoccurrence of a transition in the STG.Whether similar fault manifestation remains for static C-elements or there is a change needs to be verified.Clearly further research is required to solve these issues.

Figure 3 :
Figure 3: Signal transition graph of sample circuit.

Algorithm 9 .
Algorithm for construction of detectors given the set of FD-transitions.
(b) illustrates the output of Petrify showing CSC and no liveness issues, and Figure 17(c) shows the equations obtained from Petrify.The circuit schematic (of the DES detector) that is synthesized for this state is shown in Figure 18.Now, we explain some details of the Petrify equations. is a keyword of Petrify to represent all I/O signals of the corresponding state graph. is the keyword to represent the output signals of the state graph.Each subsequent line (denoted by [0, 1] . ..) represents a gate of the circuit in terms of the function it implements.In case of the circuit of Figure 18,  =  out ,  out ,  and  = .The equations [0] =   out   out and [1] = 0 represent the logic expressions of the internal Gate 4 and Gate 3, respectively.The equation [] = [1]  ([0] + ) + [0] represents the output of the circuit.

Figure 17 :Figure 18 :
Figure 17: Screenshot showing the synthesis of DES detector from state graph using Petrify.
(i) First, the behavior description of the SI circuit is represented using STG.(ii) The STG representation of the SI circuit is converted into its corresponding state graph using Petrify.(iii) Using Petrify, the state graphs are implemented as SI circuits using generalized C-element.(iv) s-a-0 and s-a-1 faults are inserted in all the nets of the gates and stuck-on and stuck-off faults are inserted in the transistors of the C-elements of the circuit (one at a time) and the corresponding faulty state graphs are generated.(v) FD-transitions are generated for all the faults using the DES theory.(vi) Using Algorithm 9 state graphs of the detector(s) are generated.(vii) The state graphs are implemented as SI circuits using generalized C-element implementation using Petrify.

first occurrence of some failure in the system. Since failures are assumed to be permanent, there
0⟩ where  = {V 1 , V 2 , . . .., V  } (In case of modeling SI circuits as DES, the state variables are values of the I/O signals.So, in this work, we will interchangeably use the terms signal and variable.) is a finite set of discrete variables assuming values from the set {0, 1}, called the domains of the variables,  is a finite set of states, I is a finite set of transitions, and 0 ⊆  is the set of initial states.A state  is a mapping of each variable to one of the elements of the domain of the variable.A transition  ∈ I from a state  to another state  + is an ordered pair ⟨,  + ⟩, where  is denoted by () and  + is denoted as ().The set of all normal states is denoted by   .Definition 2 (  --state).A -state  is failure state or synonymously an   -state, if   ∈ ().The set of all   -states is denoted by    .Definition 3 (normal -transition).A -transition ⟨,  + ⟩ is called a normal -transition if ,  + ∈   . is no transition from any state in    to any state in   or from any state in    to any state in    .

Table 1 :
A partial list of faults and their effects on STG. out + can only be fired after  in +,  out −, and  in − (the same as

Table 1 :
Continued.All arcs from  out − are always 0 and all arcs from  out − are always 0 Stuck-at-0 at Line 11 All arcs from  out − are always 0 and all arcs from  out + are always 0 Stuck-at-1 fault at Line 11 All arcs from  out + are always 0 and all arcs from  out − are always 0 Stuck-at-0 fault at Line 12 or Line 13All arcs from  out + are always 0
out − before  in + (by  out +) To avoid this deadlock, a simple modification is made in the detector state graph without affecting the fault detection performance.We wait at state  3 for any signal to change (i.e.,  out from 0 to 1 or  out from 1 to 0) and we move to state  4 ; let us select  out for this purpose.State encoding of  4 is ⟨111⟩.From state  4 we have a transition to state  3 on change of  out from 1 to 0.Figure12illustrates the state graph for detecting 1 stuckon fault at C2 by FD-transitions ⟨  11,   6⟩ and ⟨  13,   8⟩.State encoding tuple ⟨R out , A out , status⟩ Figure 12: State graph for detecting FD-transitions ⟨  11,   6⟩ and ⟨  13,   8⟩.

Table 2 .
Create state  2 , with transition from  1 to  2 labeled as + (−) if value of  in  1 is 0 (1).Accordingly, encode state  2 .(8) Create state  3 , with transition from  2 to  3 labeled as +.Accordingly, encode state  3 .(9) Create state  4 , with transition from  3 to  4 labeled as + (−) if transition from  0 to  1 is − (+).Add a transition from  4 to  3 with inverse of the signal change as in transition from  3 to  4 .Accordingly, encode state  4 .(10) Create state  5 , with transition from  0 to  5 labeled as + (−) if transition from  1 to  2 is + (−).Add a transition from  5 to  0 with inverse of the signal change as in transition from  0 to  5 .Accordingly, encode state  4 .

Table 3 :
Fault coverage, area overhead ratio, and execution time for the online detector designed using the proposed approach.Executed in AMD Phenom IIX3 710 Processor with 4 GB RAM in Linux OS. *

Table 4 :
Area ratio for the Mutex approach.