Beruflich Dokumente
Kultur Dokumente
Paper 15.3
208
I I i
I fringe 1 I ~ll <"
Data Operator Decider Write Cell
]-> I PC+I page
I I...I I...I
ceU-> I l arrayt1-> I J~ay[l <-I I J i I
I I <8> I I
I I i t
p- i i i
<11.9>
Read Cell Read Memory Write Memory
i i i i i i i i
and tad dea itm imp lot
r
L___L___ L___I .... I.... I..... I___J__.
i
Junction Data Flow Gates i
Imtrucdma Execution
Paper 15.3
209
double-path model is useful for detecting interference Each stage is further subdivided into test generation routines
between two dat~2 paths. The number of tests required is that work on one primitive at a time. These routines are
proportional to n , where n is the number of paths in the called recursively until success. If a step fails, the state of
description. One can go even further and allow any number the graph is rolled back to the point where a choice was last
of paths to be faulty at the same time. The number of tests made and the next choice is attempted. Localized heuristics
to be generated then becomes o(2n). A graph level fault which only consider a primitive's immediate neighbors in
model can specify any combination of paths and nodes - the making a decision are used whenever possible, so the
possibilities are endless. number of primitives considered at each step is not affected
by the size of the graph, although the number of steps
The more parameters and results to propagate, the higher the
probability that a test either does not exist or cannot be
generated by the heuristics. Practical experience in other , , , l.,rapn-Level
fields of testing has shown that multiple faults which cannot , Graph Description , ,
, , , Fault Models ,
be detected by tests generated for single faults occur ._I I_ . . . . . . . . . . . . . -J
infrequently. With costs much higher than the single-fault
models, the potential benefit of multiple-fault models is
probably marginal.
n i] Parameter Introduction II
2.3 Primitive Level Fault Models
Primitive level fault models model faults at the level of
'
I t
individual graph primitives. At this level, assumptions about ' _ ! Backward Propagation I
', 1 I
the implementation are inevitable unless exhaustive or
random testing is to be used. For each likely implementation :
of t h e same functional primitive, a different model may be
developed and entered into the test pattern database. A user PrG r aitive
ph :i I Forward Propagation II
can choose a suitable fault model or simply use all available Database
,
models to cover as wide a range of implementations as
possible. This is a tradeoff between cost and generality. " -! Justification [
If a model assumes a specific circuit realization, traditional
!
circuit testing methods can be called upon to generate test
..J
patterns based on that realization. If the graph primitive is in Parameterized Tests
turn defined in terms of lower-level primitives, the
functional test generation system can be called upon
recursively to generate'tests for the higher-level primitive. Figure 5. Operation of the Functional Analyzer
This is made possible by the extensible graph language. In
each case, patterns generated are entered into the test pattern needed in each stage may grow proportionally with the
database under the name of the primitive along with the number of paths in a graph. At present, only loop-free graph
implementations assumed and the number of test vectors descriptions can be handled by the functional analyzer.
required.
A constraint is a predicate function associated with a path.
Example : The single-path model makes no assumption about A path can only carry tokens that satisfy the constraint. A
what the actual fault in the data path may be. The task of path can have any number of constraints as long as they are
selecting test data from the 2w possibilities (where w is the mutually consistent. Non-overlapping bit fields within a path
width of the data path) is left to the primitive level fault each can have its own set of constraints. Cells in the
model. To test for single-bit stuck-at faults in the data path, machine state and symbols created during test generation
for example, it is only necessary to use a pair of test vectors may also have constraints. Symbols are used to represent test
that turn each bit on and off at least once e.g data, test results, bit fields, and a number of other things.
00..00 & 11..11, 01..01 & 10..10. To test for shorts between Constraints involving symbols and their manipulation play a
adjacent bits, however, would require more than two test central role in the test generation process. During test
vectors generation, constraints are added to paths, cells, and symbols
to create the conditions needed to generate a successful test.
2.4 Functional Analyzer Constraint resolution is the process of determining whether
a set of constraints is consistent and then possibly simplifying
The functional analyzer first consults the graph level fault the set. Constraints are usually added one at a time to a set
model chosen to select a set of primitives. For each case, of constraints that has already been determined to be
test generation is performed in four sequential stages (Figure consistent. Constraint resolution can be an extremely
5): parameter introduction, backward propagation, forward involved problem if arbitrary predicate functions are to be
propagation, and justification. Each stage has its own considered. Fortunately, the descriptions of most computers
objective and conditions are imposed on the graph as require only simple predicate functions such as = , ~ , < , ~<,
necessary to meet that objective. By successively > , >/. As a result, most constraints that arise in practice are
constraining the graph, a parameterized test which detects very simple and can be resolved using relatively simple
the fault is generated at the end. algorithms.
Paper 15.3
210
Definition: A constant vector
Parameter Introduction - this phase introduces symbols
representing test data parameters and test results into the graph (c0,c I ..... Ci.l,Ci+ 1 ..... Cn.1)
and sets the stage for subsequent phases. The graph level fault is a forward p r o p a p t l o n vector for the ith input of the n-
model selected is consulted to identify the next set of primitives
input function F iff
for which a test is to be generated. Symbols representing the
required parameters and results are then added to the graph. F(c0,c 1..... Ci.l, x, ci+ 1 ..... Cn.1) = g(x)
Implication - each time a path receives a new constraint, it may for all x in the ith input domain of F and iff g ' l exists. The
have implications on other paths connected to the same nodes. function g is called the transformation function of the
At each test generation step, paths that have received new vector.
constraints are noted and the implication routine is called at the Propagation is successful if the value is passed along to the
end of the step to check if any of the changes results in a output with no loss of information. For a multiple-output node
contradiction, indicating failure of that step.
represented by the set of functions {F0., F.I,, ..., F -1} where m
is the number of our0uts, the above deftmtio.nthcan~e extended -
2.4.1 Backward Propagation a vector is a propagationtl~ector for the i input if it can
For test data to be applied to the required places, the machine propagate the value at the i input to any one of the m outputs.
state prior to the test cycle must contain the test data or some
transformation of them. The objective of the backward
propagation phase is to set up the conditions necessary for the get names of all
application of test data parameters to required places. This is nodes connected to path
done by backward propagating each parameter to a read node in
the graph. Then by initializing the machine state accordingly no
)
Propagation
prior to the test cycle, it is guaranteed that the parameters Failed
any node left? ~..
would be applied to the correct spots.
Each step within the backward propagation phase considers
only one path at a time. It tries to impose the necessary select n i ~ node ~
conditions on the inputs of the path's source node so that the
current value of the path is assured. Since the value to be
backward propagated is almost always a symbolic parameter or obtain propagation vectors ]
a symbolic expression, a one to one mapping of that value must for node from database /
appear somewhere on the inputs of the source code. This
concept is formalized in the following definition. no/
Definition: A constant vector
nod.
any vector left? . ~ , , , ,
(Co,C1 ..... ci.l,ci+ 1 .... Cn.1) yes
is a backward propagation vector of the n-input function F select next vector
iff
F(c0 ..... ci.1, g(x), ci+ 1..... Cn.1) = x
-1 propagate symbol thru
for all x in the output domain of F and iff g exists. The
function g is called the transformation function of the
vector. implication ok? no /
By imposing a backward propagation vector on the inputs of the yes
source node, the objective of the current backward propagation
step is satisfied. The backward propagation r[]~tine is then Propagation Successful
recursively called for the path connected to the i input of the
node F. The process is successful if a read node is eventually
reached. Figure 6. Flow Chart for Forward Propagation
Paper 15.3
211
The test case synthesizer brings together parameterized tests 3. Experiment
produced by the functional analyzer and test patterns that have A fault simulation experiment utilizing ISPS[4], a register-
been developed through primitive-level fault models. It transfer level hardware description language, was conducted to
substitutes the formal parameters by actual test data and evaluate the effectiveness of our methodology. Tests were
expected results obtained from the test pattern database. T h e generated for the DEC PDP-8 minicomputer and compared
user can specify the characteristics and cost constraints he wants against test programs supplied by the computer's manufacturer.
to impose. Only patterns meeting the requirements will be An ISPS description of the PDP-8 was simulated with single
chosen from the database. stuck-at faults in all the data paths represented in the
Test Program Synthesizer - If the system being tested is a description, for a total of 1,438 faults. Design faults were not
computer, its instructions can usually be grouped by their chosen because of their much larger fault space and it
operand fetching modes and members of the same set can impossible to select a subset without using considerable
usually be tested with similar sequence of instructions. Test subjective judgment.
program templates can be developed for each group. For each On the other hand, single stuck-at faults have long been
actual test case given, the synthesizer selects the applicable accepted as the starting point of many testing strategies at both
templates and tries to fill in the necessary "blanks" whenever
possible, producing ready-to-run program segments and ISPS Description
automating the test programming process.
Paper 15.3
212
being tested was required at all. The same translation could References
have been performed automatically by simple test program
synthesis techniques.
The test programs supplied by DEC exerdse the machine at a
functional level and halts whenever an error is discovered, 1. S.B.Akers, "Functional Testing with Binary Decision
pinpointing the instruction at fault. Our functional tests Diagrams", in Prec. 8th Int'l Conference on Fault-Tolerant
actually provide better diagnostic resolution since each test is Computing (FTCS-8), pp 75-82, IEEE Computer Society,
designed to detect faults in a functional primitive. June 1978.
Results of the experiment are summarized in Table I. Our 2. M.A. Breuer and A.D. Friedman, "Functional Level
tests outperformed the manufacturer's programs by a Primitives in Test Generation", IEEE Transactions on
substantial margin - we detected 98.5% of the stuck-at faults Computers C-29(3),pp 223-235, March 1980.
compared to 95.5%. Most surprisingly, tests produced by our
methodology achieve the higher fault detection rate with far 3. S.M.Thatte and J.A. Abraham, "Test Generation for
fewer instructions. Microprocessors", IEEE Transactions on Computers C-
29(6), June 1980.
Test Program Instructions Executed Faults Detected 4. M.R.Barbacd, G.E.Barnes, R.O.Cattell, and
D.P.Siewiorek, "Symbolic Manipulation of Computer
Descriptions: The ISPS Computer Description Language",
Manufacturer's > 10,000 95.5% CS Dept. TR CMU-CS-79-137, Carnegie-Mellon U.,
August 1979.
First version of the test generation system had over 5,000 lines
of LISP code and required 600K bytes to run. Only the graph
description language and the functional analyzer were fully
implemented in the first version. Test generation for the PDP-8
took only 21 minutes of CPU llme running with interpreted
LISP code on a DEC-2060. Compilation of the LISP code alone
can speed things up about five times.
4. Condml~a
We have taken a practical approach towards the problem of
functional testing at the system level. We laid down the
groundwork for a systematic assault on the problem and also
provided a framework for dividing the overall problem into
smaller, more manageable problems. An ambitious functional
testing methodology which generates tests directly from the
functional specification of a digital system has been designed,
implemented, and evaluated. Automatic generation of design
validation tests is now closer to reality. Test cases that would
have taken test programmers man-months and hard-earned
experience to develop can now be generated automatically in a
matter of minutes.
Although the scope of the evaluation experiment is limited, its
results are very promising. The quality and the efficiency of
the tests generated further underscore the promise of functional
testing. On the other hand, there are still many things that we
cannot begin to understand until more practical experience is
gained. Large scale experiments are currently being planned.
Improvement of the system will continue as w¢ continue to
learn. I
1. The interested reader will find a m ~ e detailed discus~rm c~ our
results in my thesis [5].
Paper 15.3
213