Self-Checking Synchronous FSM Network Design with

VLSI DESIGN2000, Vol. 11, No. 1, pp. 47-58Reprints available directly from the publisherPhotocopying permitted by license only

(C) 2000 OPA (Overseas Publishers Association) N.V.Published by license under

the Gordon and Breach SciencePublishers imprint.

Printed in Malaysia.

Self-checking Synchronous FSM Network Designwith Low Overhead

A. Yu. MATROSOVAa’*, I. LEVINb’t and S. A. OSTANINa’*

Tomsk State University, Russia; b Tel Aviv University, Israel

(Received April 1999; In finalform 5 October 1999)

A method of a self-checking synchronous Finite State Machine (FSM) network designwith low overhead is developed. Checkers are used only for FSMs, which output linesare at the same time output lines of the network. The checkers observe output lines ofthese FSMs. The method is based on reducing the problem to a self-checking synchron-ous FSM design. The latter is provided by applying a special description of FSMnamely, so-called unate Programmable Logic Array (PLAu) description. Single stuck-atfault on the FSM poles and gate poles are considered. PLA realization of FSM allows afactorized or multilevel logic synthesis. They both provide a unidirectional manifesta-tion of the above mentioned faults on the output lines of the corresponding FSMs. Thisrealization also gives rise to a transparency of each component FSM of the network forthe faults. PLA realization is derived from the State Transition Graph (STG) des-cription of FSMs with using the m-out-of-n encoding of its states and insignificantexpanding the products of STG. The problem of replacing an arbitrary synchronousFSM network for the self-checking one with low overhead is discussed.

Keywords." Finite State Machine, self-checking, FSM network

1. INTRODUCTION

A self-checking circuit usually consists of afunctional block that generates encoded outputs,and a checker that checks the validity of the

outputs [1-3]. In the case when the functionalblock is a Finite State Machine (FSM), concurrentchecking is usually based not only on outputschecking but also on checking of the FSMtransitions. For example, the approach proposed

*e-mail: [email protected] for correspondence: Tel Aviv University, School of Education, Ramat-Aviv 69978, Israel. Tel.: 972-3-6407799, Fax:

03-5026733, e-mail: ilia @post.tau.ac.ile-mail: [email protected]

47

48 A. Yu. MATROSOVA et al.

in paper [4] is based on a specific decompositionarchitecture where state transitions checking onlyguarantees both totally self-checking (TSC) prop-erty of the FSM, and error detection latencyof one clock cycle. In paper [5] not only stateand output variables, but also input variables arechecked. The paper [5] suggests the use of pre-designed code-disjoined flip-flops to receive highfault coverage, particularly including state registerand clock errors detection.

Paper [6] shows a possibility of observing onlyoutput lines of a self-checking synchronous se-quential circuit, without its state lines. Detectionof single stuck-at faults of the PLA realization ofsynchronous sequential circuits (SSC), except forsingle stuck-at faults on the input lines of theSSC, has been assumed there.Our intention here is to design a self-checking

synchronous FSM network so that checkers areused only for FSMs which output lines are atthe same time the network output lines. Moreover,each checker observes the values of the FSM out-put lines but not both state and output lines asit was done in paper [7].

In this paper, the self-checking FSM networkdesign reduces to its self-checking component de-sign that is the specific self-checking synchro-nous FSM design. Realizing FSM as a sequentialcircuit, we use m-out-of-n codes for the FSMstates assignment and insignificantly increase thenumber of FSM input variables. We assume thatany FSM is preliminarily described by State Transi-tion Graph (STG) and derive a special Program-mable Logic Array (PLA) description from STG,namely a so-called "unate PLA" description(PLAU). The PLAu is a standard PLA description,where all "0" values are replaced with "don’t care"symbols. The PLAu represents the system ofunate Boolean functions. Having applied eitherfactorizing or multilevel logic synthesis to thissystem, we obtain the synchronous sequentialcircuit (SSC) that is a structural description ofthe self-checking FSM.

It is shown in paper [7] that for a specific faultmodel, which will be discussed below, the faults

manifest themselves as unidirectional errors onthe SSC combinational part output lines. Theycan be undetectable on these output lines in theworking area of a separate FSM. The authors of[7] proposed the m-out-of-n encoding of stateand output variables of FSM separately, and theobserving of all these variables by a checker. Toprovide the self-checking synchronous FSMnetwork design, they insignificantly increase thenumber of input variables of each FSM of thenetwork. Each FSM has its own checker.The present paper is an attempt to combine the

extended class of single stuck-at faults consideredin [7] with observing only output lines of SSCconsidered in [6]. It turned out in [8] that eitherfactorizing or multilevel logic synthesis can beapplied to the unate PLA (PLAu) descriptionwithout loss of manifesting the above faults asunidirectional errors. As a result we obtain SSCwith the following properties:

Any above fault is either unidirectional or un-detectable on the SSC output lines.The accumulating of undetectable faults in SSCis not dangerous for next faults from the above-mentioned class.SSC is transparent for unidirectional errors onits inputs. It means that SSC manifests theseerrors on the own output lines either as unidi-rectional or undetectable faults in the FSMworking area.SSC preserves the transparency property in thepresence of own undetectable faults.

Methods of decomposition of a large FSMinto the FSM network were discussed in [9, 10].We recommend during decomposition to reducethe number of the additional input variables ofeach FSM and decrease the number of outputcodewords of FSM which output lines are atthe same time the network output lines. The latterallows reducing the overhead through usingSum-of-Minterms based (SOM-based)checkers[6]. We also propose a method of replacing thegiven arbitrary synchronous FSM network by theself-checking synchronous FSM network with

FSM NETWORK DESIGN 49

low overhead. The price must be paid in changingthe STG description of a separate FSM for theunate PLA description (PLAU).

First (Section 2), we consider the problem ofderiving PLAu from STG. Then (Section 3), we in-vestigate the properties of SSC faults on the as-sumption that SSC realizes PLAu. In Section 4the problem of replacing an arbitrary syn-chronous FSM network by the self-checking syn-chronous FSM network with low overhead isconsidered.

2. FAULT MODEL

Any gate pole single stuck-at fault or input linesingle stuck-at fault of the combinational part of asynchronous sequential circuit (SSC) leads to aunidirectional error on output lines of the com-binational part. It is also possible that the faultwill be undetectable on these lines.A single stuck-at fault on a delay flip-flop pole

of a synchronous sequential circuit manifests itselfas a single stuck-at fault of the correspondinginput line of the combinational part. This linecorrelates with the state variable of the synchro-nous sequential circuit.A single stuck-at fault of an input pole of the

certain FSM also manifests itself as a single stuck-at fault of the corresponding input line of thecombinational part of the SSC. A single stuck-atfault of an output pole of the certain FSM mani-fests itself as a single stuck-at fault of the corre-sponding input lines of the FSMs (SSCs) connectedwith the FSM considered.A fault considered can manifest itself as

unidirectional error on the FSM network outputlines in the network working area. A fault isundetectable if it does not manifest itself on thenetwork output lines in the network working area.The above mentioned faults can be either unidi-rectional or undetectable. We assume that thenext fault of this kind may appear after theFSM network’s working area with a foregoingfault is exhausted. The foregoing fault, being

unidirectional, has to manifest itself on the net-work output lines within the working area.

3. DERIVING UNATE PLADESCRIPTION FROM STG

Divide FSMs of an arbitrary network into twogroups. The first group comprises FSMs so thatsome of their output lines are at the same time theoutput lines of a network. Call them externalFSMs. The second group comprises the rest FSMsof a network. Call them internal FSMs.

Let the states of any FSM of the network beencoded with codewords of the same weight. Thenthe STG description of FSM converts into thePLA description.We propose to implement the self-checking

design of an external FSM using the basic schemeshown in Figure 1.According to this scheme, SSC to be checked

consists of three portions" the output functionsportion (its outputs are Yl,...,Ym), the redun-dancy portion (its outputs are Ym+ 1,...,Ys) thatprovides encoding SSC outputs and the transitionfunctions portion (its outputs are zl,...,zp). Thetransition functions portion represents the nextstates of FSM that are encoded by the constant

x1

Xn

FIGUREFSM.

Yl Ym

; 17.1ym+l "..I tr- c Its 71IZl ’1

The basic scheme of a self-checking external

50 A. YtJ. MATROSOVA et al.

weight codes. The output functions portion andthe redundancy portion together form codewordsthat are Berger Codes.SSC (FSM) of the second group consists of two

portions: the output functions portion and the tran-sition functions portion. We believe that outputcodewords of FSM of the second group is free ofthe codeword consisting of only 0 components.

Products ui, uj from PLA are bidirectional ifthere is the component taking the 1 value for uiand the 0 value for uj, and the component r takingthe 0 value for ui and the value for uj. Forexample, 10- 0, 00-1 are bidirectional.

Let U be the set of products of PLA. Anyproduct depends on the input and the state vari-ables. The state variables represent the encodedstate of FSM. Divide U into subsets U1,..., UIQin accordance with the different states of FSM.Here, QI is the number of states.

Let STG for the internal FSM be describedby Table I.

After encoding states we obtain the PLAdescription (Tab. II).

Xl X2 X3

TABLE STG description of FSM

q q Y Y2 Y3 Y4 Y5

0 0 0 00 0 0 0

2 0 0 02 2 0 0 02 3 0 03 3 0 0 0 03 4 0 0 03 4 0 0 04 4 0 0 04 0 0

TABLE II PLA description of FSM

Xl X2 X3 Z1Z2Z3Z4 Z1Z2Z3Z4 YY2Y3Y4Y5

0 1000 1000 000100 1000 1000 00010

1000 0100 100100 0100 0100 00110

0100 0010 101100 0010 0010 01000

0 0010 0001 110000010 0001 11000

0 0001 0001 010010001 1000 11001

The PLA products are divided into the sub-sets in accordance with different states of FSM.

TIaEOREM Products ui, uj are bidirectional foru E Ui, uj E Uj, =/=j.

Any product of PLA has the correspondingfull codeword representing the values of the nextstate and output variables.For example, product x1x2x3 z1z2z3z4 from the se--0- 1000

cond line of the Table II has the full codewordZ1Z2Z3Z4 Yl Y2Y3Y4Y5

1000 00010Execute the following steps.

1. Divide the set Ui into subset Uil,..., Ui inaccordance with their different full codewords,i {1,..., [O[}.

2. Correlate the different input codewordsof the same weight to the different Ui.,{1,..

3. Represent any input codeword with the properBoolean vector a* of the length k in additionalinput variables.

4. Add the same a* to each product ui, ui Ui..5. Execute Steps 2-4 for every Ui,

minimizing the number k as much as possible.

For the example considered we have Table III.

THEORnM 2 Products ug, us, u Ui=, us Uis arebidirectional.

Change each 0-value component from theproducts of PLA for symbol "-" (don’t care).We obtain the unate products of PLA that is theunate PLA description. Notice it as PLAu.

TABLE III Introduction of additional input variables intoPLA description

Xl X2 X3 X4 X5 Z1Z2Z3Z4 Z1Z2Z3Z4 YlYzY3Y4Y5

0 0 1000 1000 000100 0 1000 1000 00010

0 1000 0100 100100 0 0100 0100 00110

0 0100 0010 101100 0 0010 0010 01000

0 0 0010 0001 110000 0010 0001 11000

0 0 0001 0001 010010 0001 1000 11001


THEOREM 3 PLA preserves the FSM behavior inits working area.

Proof The PLA description derived from STGrepresents the FSM behavior. Any minterm of theinput and state variables from the FSM workingarea activates the products of PLA with the samefull codeword. This minterm lengthened withthe proper additional input variables activates thecorresponding products of PLAu with this fullcodeword. Consequently, the minterm gives riseto the same full codeword both for PLA andPLAu. Q.E.D.

The unate PLA description allows applyingboth the factorizing and the multilevel logicsynthesis [8]. We obtain minimized description ofthe PLAu products with the same full codeword.Namely for any such product there exists aminterm from PLA that is covered only by thisproduct. Hereafter we will use the minimizedPLAu description of FSM.For the above-mentioned example, we have

minimized PLAu description represented by aTable IV.Having obtained the PLAu description (Tab.

IV) we need to correct the input sequences builtfrom the given STG. The correction reduces toadding the proper values of the additional inputvariables, using Table III.

Illustrate it by the following example. Let bean initial state of the STG description (Tab. I)and we have the input sequence 000, 001, 111, 111,101,000. It gives rise to the sequence of the state:

2 3 3 4. The input sequence has to be cor-rected (Tab. III) as follows: 00001, 00101, 11110,

TABLE IV PLA description

XlX2X3X4X5 Z1Z2Z3Z4 Z1Z2Z3Z4 YlY5

1000 000100100 10010

-1 0100 001100010 10110

1- 0010 010001- 0001 11000

0001 010011000 11001

11110, 10101, 00010. This sequence arrives at theSSC that realizes the PLAu description given inTable IV.

It is possible to minimize the number k of addi-tional input variables, applying different sophis-ticated algorithms.

4. PROPERTIES OF THE SSC FAULTS

We believe that SSC is derived from PLAu

either factorized or multilevel logical synthesis.According to the basic scheme (Fig. 1), we cannotobserve the values of state variables. We considergate pole single stuck-at faults and input linesingle stuck-at faults of the combinational partof SSC. Call them as T.Any fault from T either appears [8] as unidirec-

tional error on the combinational part output lines(state lines and output lines of SSC), or remainsundetectable on these output lines.A fault is detectable (for SSC), if there exist the

input sequence (in the working area of FSM) forwhich the fault manifests itself as error on the SSCoutput lines. We restrict the sequence to the firstmanifestation. Otherwise the fault is undetectable.

If a fault manifests itself as a unidirectional er-ror on the SSC output lines, it is unidirectional.We will distinguish unidirectional manifestationsas follows. If a unidirectional manifestation of afault (for the certain minterm of the input andstate variables) reduces to changing the certain 1-values for the 0-values on the SSC output lines, itis a 0-unidirectional manifestation. If it is reducesto changing the certain 0-values for the 1-values,it is a 1-unidirectional manifestation.A certain fault can manifest itself on the state

lines ofSSC as a unidirectional error and remain un-detectable on the SSC output lines in the work-ing area of FSM. It is also possible that a certainfault appears as unidirectional error on the statelines of SSC several steps before than on its out-put lines.What will happen, when a next fault from T

appears in SSC but a foregoing fault from T is


undetectable? In this case we simultaneously dealwith two faults from T. It is also possible thatthere exist several undetectable faults from T anda next fault from T appears.We have to investigate the problem of accumu-

lating undetectable faults. First, we have to studythe manifestations of single stuck-at faults fromT, taking into consideration that the state linesare not observable. A fault from T gives rise tothe following:

(a) disappearance of the certain products fromPLAu, or

(b) disappearance of the certain literals from thecertain products of PLAu, or

(c) conversion of the certain functions of theunate system of Boolean functions of PLAu

into a constant 1(0).The following Theorems 4-6 will prove that

a fault is either undetectable on SSC output linesor unidirectional. The proof will be based ondetermining different manifestations of a singleconstant fault on a specific gate (i, ii, iii) for anymethod of synthesis preserving the PLAu.

Keeping in mind the same manifestations wefurther prove that accumulation of undetectedfaults is harmless (Theorems 7-10). Specific fea-tures of the PLAu (both properly and improp-erly working) can explain such properties andthese features have been used when proving thetheorems. In other words any fault or multiplefault will not cause appearance of negation inthe PLAu. Every next single fault occurs onlyafter it is determined that the previous fault isundetectable.

THEOREM 4 A fault that gives rise to disappear-ance of the certain products from PLAu is O-unidirectional.

Proof In fact, there exists the minterm from theFSM working area that activates the only pro-duct of PLAu. (We use the minimized PLAu de-scription.) It takes place for each product fromPLAu. If the activated product disappears, we ob-tain the none-code state vector that immediately

results in the output vector of SSC, which consistsof only 0-values. Q.E.D.

If we don’t minimize a portion of PLAu with thesame full codeword, the fault can be undetectable.

THEOREM 5 A fault that gives rise to disappear-ance of the certain literalsfrom the certain productsof PLAu is either 1-unidirectional or undetectable.

Proof This fault is undetectable when anyminterm c of the state and input variables fromthe FSM working area is among products ofPLAu with the same full codeword. Assume that,the certain minterm c activates simultaneouslythe products with the different full codewords. Thefault is 1-unidirectional when the parts of thesecodewords corresponding to the output variablesof SSC are different. If these parts are the same,we obtain the wrong next state vector /3 thatcontains more the 1-values than the correspond-ing truth state vector. It is possible that /3 doesnot result in any errors on the SSC output lines inthe FSM working area. Then the fault is undetect-able. The fault can be 1-unidirectional, when /3results in the error on the SSC output lines in theFSM working area. Since the PLAu products con-sist of only uncomplemented variables and/3 hasthe additional 1-values (in comparison with thetruth state vector), then the number of the PLAu

products activated by a minterm resulted from/3 inthe FSM working area can only increase. It meansthat the error is a 1-unidirectional one. Q.E.D.

THEOREM 6 If a fault converts the certain transi-

tion functions into constant 1(0) it is either l(0)-unidirectional or undetectable.

Proof When the fault converts the certain transi-tion functions into the constant 0 it can give riseto the none-code state vectors. Let the none-codestate vector/3 be derived from the correspondingtruth state vector c by changing the certain 1-values for the 0-values. The vector c activatesthe only PLAu product ki of the state variables (bythe construction of PLAu from PLA). The vectorc is orthogonal to all other products of the state


variables from PLAu. The product ki is derivedfrom a by changing all 0-values for symbol-when we obtain PLAu from PLA. Consequently,/3 is orthogonal to ki and all the more to otherproducts of the state variables. It means that /3gives rise to the none-code vector of the statevariables with only 0-value components. The none-code state vector immediately forms the 0-uni-directional error on the SSC output lines.

In the case of conversion of the certaintransition functions into the constant we alsocan obtain the none-code state vectors. Let none-code state vector /3 be derived from the corre-sponding truth state vector a by changing thecertain 0 values for the values:/3 and c activate

ki. But/3 can also activate the other products ofstate variables. Consequently, the minterm result-ed from /3 in the FSM working area can simul-taneously activate the products from PLAu withthe different full codewords. It means the fault iseither 1-unidirectional or undetectable. Q.E.D.

If the fault converts the certain output functionsinto the constant 1 (0), it is (0)-unidirectional.

Manifestation of single stuck-at faults at inputlines of SSC is of primary importance for the self-checking FSM network design. Even a repeatedduplication of the sequential circuit does not ensuremanifestation of single stuck-at faults on the com-mon input lines of the sequential duplicates as aunidirectional error.

Taking into consideration the Theorems 4-6we conclude that an undetectable fault is possiblewhen any none-code state vector resulted from thefault does not manifest itself directly on the SSCoutput lines in the FSM working area. Any none-code state vector is obtained from the correspondingtruth state vector by changing the certain 0 valuesfor the 1 values. A fault is also undetectable whenit does not manifest itself on the SSC both state andoutput lines in the FSM working area. In this casenone-code state vectors are absent.An individual none-code state vector (or a

truth state vector) with the corresponding inputminterm from the FSM working area call an

undetectable portion of a fault, and notice ast. Consider as the first fault of any pair of faultsand check a second fault impact on the next stepof the behavior in the working area. A secondfault appears just after arrives on the SSC com-binational part input lines.

Let a indicate disappearance of the certain pro-ducts from PLAu.THEOREM 7 The pair (t, a) is either O-unidirec-tional or undetectable during a next state in theFSM working area.

Proof Disappearance of the certain productsfrom PLAu can (for t) results in appearance ofthe none-code state vector containing only 0-components. Then the pair is 0-unidirectional onthe SSC output lines during a next state in theFSM working area. It is possible that the pair re-mains undetectable on the minterm t. In fact if

activates simultaneously several products fromPLAu and some of them disappeared then therest products have the same full codeword. Afirst undetectable fault considering as a wholecan only increase the number of 1-value for thenext states followed by t. In this case the pair (t, a)also results in the undetectable fault during anext state in the FSM working area. Q.E.D.

Let b indicate disappearance of the certainliterals from the certain products of PLAu.THEOREM 8 The pair (t,tb) is either 1-unidirec-tional or undetectable during a next state in theFSM working area.

Proof The fault b can effect the additional val-ues among the corresponding next state vectors re-sulted from in the FSM working area. A firstundetectable fault considering as a whole canonly increase the number of 1-value for the nextstates followed by t. Consequently, (t, b) is eitherunidirectional or undetectable during a next statein the FSM working area. Q.E.D.

Let tcl indicate conversion of the certain statevariables into the constant 1.

54 A. Yu. MATROSOVA et al.

THEOREM 9 The pair t, cl is either 1-unidirec-tional or undetectable during a next state in theFSM working area.

Proof The fault cl can effect the additionalvalues in the corresponding next state vectors re-sulted from in the FSM working area. A first un-detectable fault considering as a whole can onlyincrease the number of 1-values for the next statesfollowed by t. Consequently, (t, tcl is either uni-directional or undetectable during a next statein the FSM working area. Q.E.D.

Let co be a conversion of the certain state vari-ables into the constant 0.

THEOREM 10 The pair t, c is either O-unidirec-tional or undetectable during a next state in theFSM working area.

Proof The fault co can cut the number ofvalues in the corresponding next state vectorresulted from in the FSM working area. Thisvector can become the none-code state vector thatis orthogonal to any state product of PLAu andthen (t,tc) is 0-unidirectional. This vector canactivate the products with the same full code-word. A first undetectable fault considering as awhole can only increase the number of 1-valuesfor the next states followed by t. In this case thefault is undetectable during a next state in theFSM working area. Q.E.D.

We have shown that if a first fault from T isundetectable, then appearance of a next fault fromT is either unidirectional or undetectable. We be-lieve that any next fault from T appears in the SSCafter exhausting the FSM working area in the pre-sence of a foregoing fault from T. The foregoingfault being detectable has to manifest itself as uni-directional error on the SSC output lines. It meansthat accumulating undetectable faults from T inSSC is not dangerous.

It is a very important property of SSC.Moreover, any unidirectional fault preserves

the unidirectional property. It is impossible that afault from T for the minterm manifests itself

as a 1-unidirectional error but for the minterm

t2-as a 0-unidirectional error in the FSM workingarea.

Consider a fault fon, which results in 0-unidi-rectional errors on the certain SSC input vec-tors (minterms) from the FSM working area.This fault is out of T, and SSC is functioningproperly.

THEOREM A fault tn is either O-unidirectional,or undetectable.

Proof The fault changes some 1-value input com-ponents of the truth minterm a in the FSMworking area for the 0-values. The truth minterma activates several products from PLAu with thesame full codeword. The additional 0-values canresult in the situation when only the certain ofthese products are activated. Then the fault is un-detectable. If there are no the activated productsthe fault is 0-unidirectional during the next statein the FSM working area. Q.E.D.

Consider a fault tn, which results in 1-unidirec-tional errors on the certain SSC input vectors

(minterms) in the FSM working area. This faultis out of T; an SSC is functioning properly.

THEOREM 12 A fault t]n is either 1-unidirectional,or undetectable.

Proof The fault changes some 0-value input com-ponents of the truth minterm a in the FSMworking area for the 1-values. Then the number ofactivated products from PLAu can increase andconsequently, the fault is either 1-unidirectionalor undetectable during the next state in the FSMworking area. Q.E.D.

We will call the SSC property described by theTheorems 11, 12 a transparency property.Show that SSC preserves the transparency pro-

perty in the presence of an undetectable faultfrom T.

THEOREM 13 The pair t, tn) is either O-unidirec-tional or undetectable during a next state in theFSM working area.


Proof The minterm activates one or severalproducts from PLAu with the same output code-word. The fault tion can change some 1-valueinput components of for the 0-values. As a re-sult, only the certain of these products can beactivated. Then the fault (t, tion) is undetectable.If there is no activated products, the fault is 0-unidirectional during the next state in the FSMworking area.

THEOREM 14 The pair (t, t]n) is either 1-unidirec-tional or undetectable.

Proof The fault tn can change some 0-values ofinput components of for the 1-values. It canincrease the number of activated products fromPLAu and consequently, the fault (t, tn) is either1-unidirectional or undetectable during the nextstate in the FSM working area. Q.E.D.

Stand out the basic properties of SSC on assum-ing that only SSC output lines are observable.

Any fault from T is either unidirectional orundetectable on SSC output lines and preservesthe unidirectional property.The accumulating undetectable faults fromT in SSC is not dangerous for a next faultfrom T.SSC is transparent to unidirectional errors on itsinput lines. Namely, l(0)-unidirectional errorson the input lines give rise to l(0)-unidirec-tional errors on the output lines of SSC.SSC preserves the transparency property in thepresence of undetectable faults from T.

It is important to note that generally, error de-tection latency of the proposed PLA based self-checking SSC is equal of one clock cycle. Onlyin a very rare case of a faulty transition of theFSM into two different states having the same out-put codeword (which case is caused by a fault inthe next state portion) will lead to increase of thelatency. In most cases the latency of the proposedarchitecture is equal to the latency of the classicalarchitecture where both output and state variableare checked.

Let’s try to use above-mentioned properties ofSSC for designing a self-checking FSM networkwith low overhead.

5. SELF-CHECKING FSM NETWORKDESIGN

We have an arbitrary FSM network N on theassumption that any FSM is described with STG.The object is obtaining the following self-checkingsynchronous FSM network NS:

Checkers are used only for external FSMs.Any checker observes only the output lines ofthe external FSM that are at the same timeoutput lines of Ns.The only unidirectional fault from T is availablefor the only component of Ns at the samemoment of time. If all components are fault freethe only FSM pole can be stuck-at fault.The STG description of any FSM from N ischanged for the PLAu description.

Let us show that Ns preserves the behavior of N.

THEOREM 15 The network Ns preserves the beha-vior of a network N.

Proof Consider a portion of the working area ofa network N. The portion is represented by thenetwork input minterm consisting of the corre-sponding FSMs input minterms and the networkstate minterm consisting of the correspondingFSMs state minterms and the state minterm ofthe global loops. Call it a. The minterms a giverise to the full code words of FSMs that formfull codeword -1, of a network N. Changing PLAfor PLAu we only lengthen a through the properadditional input variables of the separate FSMs.It does not change corresponding full codewordsof FSMs and consequently the full codeword ",/

of a network. It means Ns preserves the behaviorof N. Q.E.D.

Figure 2 illustrates the network Ns. The dottedlines point to the additional inputs and checkers.


output output 2

FSM5

add_inp5

FSM3 FSM4

Cr. 2

_inp4

FSM1 FSM2

add_inp2

FIGURE 2 Self-checking synchronous FSM network.

TABLE V Experimental results

IIp E1 Y]2 nd

III IVP Y]I -2 md

BBARABBSSEBBTASBEECOUNTCSEDK14DK15DK16DK27DK512DONFILEKEYBLIONLION9MODULO12$8

SANDSHIFTREGSSESTYRTAV.KISTBK.KISTRAIN11 .KISTRAIN4.KIS

4 2 10 607 7 16 562 2 6 243 4 7 287 7 16 913 5 7 563 5 4 322 3 27 108

2 7 143 15 30

2 24 967 2 19 1702 4 112 9 25

12 244 5 2011 9 32 184

8 167 7 16 569 10 30 1664 4 4 496 3 32 15692 11 252 4 14

4 410 89 4 5 270 128 3 2404 350 174 4 6 317 219 4 3303 120 35 2 4 90 52 3 783 152 79 3 5 106 112 3 1684 631 132 5 6 576 309 4 4633 336 154 3 5 245 213 3 3422 160 80 3 4 108 88 3 1625 756 305 2 7 513 412 3 6603 56 24 5 42 34 3 564 150 65 6 90 73 3 1505 672 304 2 7 456 384 3 4805 1344 130 7 6 1136 524 3 7122 40 17 2 4 28 18 3 374 150 55 2 5 89 67 3 1094 120 40 6 72 48 3 963 140 38 0 4 60 60 2 805 1623 675 7 7 1031 891 4 13343 64 32 5 48 40 3 644 350 129 4 6 317 219 4 3305 1390 489 6 7 1090 696 4 10172 258 85 6 4 243 85 3 2045 16107 2235 8 7 13707 5006 3 94184 150 52 2 6 83 68 3 942 56 26 2 4 34 24 3 51


A next fault appears in Ns after exhausting theworking area of this network with a foregoingfault, and the foregoing fault being unidirectionalhas to manifest itself in the network working areaon the Ns output lines.

In conclusion, we illustrate the overhead re-quired to change STG for PLAu (Tab. IV).The Table V is divided into 4 portions. The first

portion describes STG. Here n is the number ofinput variables, m-output variables, /-the

number of products and S- the number of statesof FSM. The second portion describes PLA onassumption that we use encoding states with theminimal number of state variables. Here, p is thenumber of the state variables, E the number ofliterals in PLA, Ea-the number of 1-valuesamong the full codewords. The third portiondescribes PLAu. Here, n- the additional numberof the input variables. Finally, the fourth portionrepresents the additional output lines for theexternal FSM. Here, ma-the number of theadditional output variables. We see that 1 +-Y]2for PLAu is, as a rule, less than for PLA butnamely, this sum represents the complexity ofSSC.

6. CONCLUSION

A method of designing a synchronous totallyself-checking FSM network has been suggested.The network comprises a plurality of internalFSMs and a plurality of external FSMs. Theproposed method is based (1) on the checkingof the output codewords of the external FSMsonly, and (2) on using a so called unate PLAdescription of the FSM, which is a standard PLAdescription where all of "0" values is changedfor "don’t care".

It has been proven that, in the frame of thediscussed fault model, the whole network can beconsidered checked upon checking the output linesof the external FSMs only.

It has been proposed to use a SOM-basedchecker [6] as a low-overhead checker of thenetwork.

The obtained benchmark results show thatthe proposed method allows receiving the pro-mising results from the point of the requiredoverhead.The obtained results clearly demonstrate that

any arbitrary FSM, if decomposed into a FSMnetwork, can be easily checked with a low over-head using the above method.

Based on the proposed approach, the follow-ing recommendations for decomposition of anarbitrary FSM into the FSM network can beformulated:

The number of the external FSMs of the net-work should be minimized.The external FSMs having a small number ofdifferent output codewords are preferable. Itallows using the SOM-based checker [6] withlow overhead.The number of additional input variables ofany FSM of the network should be minimized.

References

[10]

[1] Smith, J. and Metze, G., "The Design of Totally Self-Checking Combinational Circuit", Proc. Int. Symp. Fault-Tolerant Computing, Los Angeles, CA, pp. 130-134,June, 1977.

[2] Diaz, M., "Design of Totally Self-Checking and Fail SafeSequential Machines", Proc. Int. Symp. Fault-TolerantComputing, Urbana, IL, pp. 9-24, June, 1974.

[3] Smith, J. and Lam, P., "A Theory of Totally Self-Checking Design", IEEE Trans. on Computers, C32,831-844, September, 1983.

[4] Hellebrand, S., Wunderlich, H. and Hertwig, A. (1998)."Synthesizing Fast, Online-Testable Control Units",IEEE Design and Test of Computers, 15(4), 36-41.

[5] Kia, S. M. and Parameswaren, S., "Self-Checking Syn-chronous Controller Design", lEE Pro.-Comput. Digit.Tech., 146(1), January, 1999.

[6] Levin, I. and Karpovsky, M., "On-Line Self-Checkingof Microprogram Control Unit", 4th IEEE Int. On-LineTesting Workshop, Capri, Italy, pp. 152-156, July, 1998.

[7] Matrosova, A. Yu. and Ostanin, S. A., "Self-CheckingSynchronous FSM Network Design", 4th IEEE Int.On-Line Testing Workshop, Capri, Italy, pp. 162-166,July, 1998.

[8] Busaba, F. Y. and Lala, P. K. (1994). "Self-CheckingCombinational Circuit Design for Single and Unidirec-tional Multibit Error", JETTA, 5, 19-28.

[9] Levin, I. (1987). "Hierarchical Model of the Interactionof Microprogrammed Automata", Automatic Control andComputer Sciences, 21(3), 67-73.Levin, I. (1986). "Decompositional Design of AutomataBased on PLA with Memory", Automatic Control andComputer Sciences, 20(2), 61-68.

58 A. Yt. MATROSOVA et al.

Authors’ Biographies

Professor A. Yu. Matrosova has served at theTomsk State University (Russia) since 1964 tillnow. Currently she is a Professor of the Depart-ment of Computer Science, Applied Mathema-tics and Cybernetics of the Tomsk State Universityand a Chairman of the Software EngineeringProgram. Her research interests include Determi-nate and Random Testing, Design for Testability,Self-checking Design. She is an author of morethan 70 papers in the field of Fault Tolerant Com-puting and Logical Design.

Dr. Ilya Levin received the Ph.D. degree inComputer Science from Latvian Academy ofScience. During 1993-1996 years he was the

Chairman of the Computer Systems Depart-ment of the Holon Center of Technological Edu-cation, Israel. Being presently a Senior Lecturerof the Tel Aviv University, he is a supervisor ofthe Technology Education program. His researchinterests include Design Automation, Fault-Toler-ant Computing, Formal Methods in VLSI de-sign and Technological Education. He is a memberof the IEEE and an author of more than 50 pa-pers both in the Design Automation and in theTechnology Education fields.

Sergey Ostanin is a Ph.D. student of the Ap-plied Mathematics and Cybernetics Departmentof the Tomsk State University. His research in-terests include Design for Testability and Self-checking Design.

Submit your manuscripts athttp://www.hindawi.com

VLSI Design

Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014

International Journal of

RotatingMachinery


Hindawi Publishing Corporation http://www.hindawi.com

Journal ofEngineeringVolume 2014


Shock and Vibration


Mechanical Engineering

Advances in


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of


Distributed Sensor Networks


The Scientific World JournalHindawi Publishing Corporation http://www.hindawi.com Volume 2014

SensorsJournal of


Modelling & Simulation in EngineeringHindawi Publishing Corporation http://www.hindawi.com Volume 2014


Active and Passive Electronic Components


Chemical EngineeringInternational Journal of

Control Scienceand Engineering

Journal of


Antennas andPropagation




Navigation and Observation


Advances inOptoElectronics

Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

RoboticsJournal of


Self-Checking Synchronous FSM Network Design with

Documents

Transcript of Self-Checking Synchronous FSM Network Design with