Fault Equivalence in Combinational Logic Networks

IEEE TRANSACIONS ON COMPUTERS, VOL. C-20, NO. 11, NOVEMBER 1971

Fault Equivalence in Combinational Logic Networks

EDWARD J. McCLUSKEY, FELLOW, IEEE, ANDFREDERICK W. CLEGG, MEMBER, IEEE

Abstract-This paper is a study of the effects of faults on the logicaloperation of combinational (acyclic) logic circuits. In particular, the con-ditions whereby two different faults can produce the same alteration inthei circuit behavior are investigated. This relationship between two faultsis shown to be an equivalence relation, and three different types ofequivalence relations are specified. Necessary and sufficient conditions forthe existence of these equivalence relations are proved. An algorithm fordetermining the equivalence classes for one of the types of equivalenceis presented. Other types of algebraic properties of faults are discussed.

Index Terms-Combinational fault-equivalence classes, error detectionand diagnosis, faults in combinational circuits, fault-tolerant computing,reliability.

I. INTRODUCTION

T HAS BEEN observed by several researchers [1], [2] inrecent years that certain failures in logic networks are tosome extent indistinguishable. This paper summarizes

the results of an investigation of this phenomenon and pre-sents indications of how knowledge of such indistinguish-ability phenomena can be obtained and put to practical use.Those failures or faults to be considered are "stuck-at"

faults'-permanent failures which have the effect of causingthe logical signal level on one or more lines in a logic circuitto become stuck at a constant value, i.e., 0 or 1. Only gate-type combinational (acyclic) logic circuits are considered.

Consider the NAND gate network for implementing theEXCLUSIVE-OR function of two variables shown in Fig. 1. Letus restrict attention for the moment to single faults, i.e.,failures affecting only a single line in the network.The network of Fig. 1 contains nine lines. If we assume

that the only faults which can occur are single faults, then 18different failure conditions can occur; each line may bestuck-at-0 or stuck-at-1. If this count is increased by one toaccount for the failure-free condition, then our considerationmust range over the network in any one of 19 different con-ditions.

It may be determined that some of these 19 conditions are

Manuscript received March 1, 1971; revised June 1, 1971. This re-search was supported by NSF Grant GJ-165, and by JSEP ContractNonr 225(83).

E. J. McCluskey is with the Digital Systems Laboratory, Depart-ments of Electrical Engineering and Computer Science, StanfordUniversity, Stanford, Calif.

F. W. Clegg was with the Digital Systems Laboratory, Depart-ments of Electrical Engineering and Computer Science, StanfordUniversity, Stanford, Calif. He is now with the Department of Elec-trical Engineering, University of Santa Clara, Santa Clara, Calif.

I The relative advantages and limitations of the stuck-at faultconcept have been explored by the present authors [1] and many othersand will not be discussed further here. It should be noted, however, thatwork is currently underway at Stanford University to develop tech-niques similar to those reported here which will be applicable to failurescomprising shorted signal lines in certain families of logic circuits.

Fig. 1. NAND gate network for the EXCLUSIVE-OR function.

indistinguishable from certain others by various criteria. Forexample, without some disassembly of the circuit, it wouldusually not be possible to distinguish between the presence ofa failure consisting of line c stuck-at-0 and one consisting ofline d stuck-at-0. These and similar phenomena may becharacterized mathematically as equivalence relations. Threesuch equivalence relations are defined in this paper-two interms of a given fault's effect on the structure of the networkin which it occurs and one in terms of the fault's effect on thenetwork's output function. The latter relation may be de-fined quite simply as follows. Two faults F1 and F2 in a logicnetwork are said to be functionally equivalent if and only ifthe output function realized by the network in the presenceof F1 is identically the same function as that realized by thenetwork in the presence of F2.Any equivalence relation partitions the set on which it is

defined into disjoint equivalence classes. The partitions in-duced by the three fault equivalence relations to be intro-duced in this paper upon the set of the 19 possible conditionsof the network of Fig. 1 as discussed above are shown inTable I. The notation x/l denotes the condition line x stuck-at-l; the symbol X denotes the failure-free condition. It will beobserved that the partitions, going from bottom to top, aresuccessive refinements, each of the one below it.Knowledge of the equivalence classes into which the faults

that may occur in a network are partitioned by the variousequivalence relations leads to deeper insights into themechanisms by which faults affect logic circuits and hasimmediate application in such areas as fault testing anddiagnosis. For example, any testing procedure which hasaccess to a network only through its input and output ter-minals and which is capable of detecting the presence of afault F1 in the network can be guaranteed to also detect thepresence of any other fault which is functionally equivalentto F1. More generally, knowledge of the classes into whichfaults are partitioned by our equivalence relations permitsone to treat all stuck-at faults in a given network by consider-ing a single representative of each class rather than bytreating explicitly every possible fault which can occur.

1286

MC CLUSKEY AND CLEGG: FAULT EQUIVALENCE IN COMBINATIONAL NETWORKS

TABLE IEQUIVALENCE CLASSES FOR NETWORK OF FIG. 1

csl= tX}C82= la/O; b/O}Cg3= ta/ltC84= tb/lC85= tc/O; d/O}

Cal= tXIC&.2= ta/OC(R3= ta/lCn4= tb/lCc,s= tc/OCcR6 = tc/l

8 Structural Equivalence Classes

C86 = {c/CI} Cs,, = IgIO; hIO}IC87 = td/l} Cs12 = I g/lIC88 = Ie/O;f/Ot Cs13= th/l}Css ={e/l} Cs14= {k/°OCsio=I f/i I Cs,5 = { k/l}

(R Structural Equivalence Classes

CN7 = I d/l I;b/O} C(R.8 = Ie/O; f/O; h/lI

C(n9 = {e/l}Cciot=If/lI

); d/O; gll } Call= tg/O; h/O; k/lIC(12 = tk/O I

Functional Equivalence ClassesCF1= tX}CF2=ta/O; bIO; dll; e/lICF3 = ta/i; e/O; f/O; h/l }CF4= Ib/l; cIO; d/O; g/ltCP5 = tc/1; f/i ICF6= Ig/O; h/O; k/lICF7= {k/O}

B

D}

- STUCK-AT-ZERO FAULT ON THIS LINE(a)

AB

(b)AB

C

STUCK-AT-ZERO FAULT ON THIS LINE(c)

Fig. 2. Three different networks which have thesame logical behavior.

II. NETWORK GRAPHS AND TRANSFORMATIONSThe presence of a fault in a logic network may2 alter the

behavior of that network so as to be the same logical be-havior as that of a network with a quite different physicalstructure. Fig. 2 shows three different networks all of whichhave the same logical behavior. Two of these networks,those of Fig. 2(a) and (c) differ only in having differentfaults present in the same network structure. The centralconcern of this paper is the investigation of situations such

2 Only faults whose effect can be represented as a change in thelogical behavior of the affected network are considered here. Networksfor which it is possible to have a fault occur without affecting thenetwork's logical behavior are called redundant networks.

as that illustrated in Fig. 2(a) and (c). In order to facilitatethis study we introduce a network representation, the logicgraph, which is used to model directly the logical behavior ofthe network. This representation is useful because we havebeen able to define graph transformations which reducelogical graphs such as those of Fig. 2(a) -and (c) to the samegraph. It turns out to be useful in some situations to dis-tinguish between the networks of Fig. 2(a) and (b). Thus oneof the transformations (the 8 transformation) yields differentlogical graphs for these networks. In other situations it ismore useful to rely on the other transformation (the (R trans-formation) which allows all three networks of Fig. 2 to beconsidered equivalent.

The Logic Graph G ofa NetworkNThe networks discussed in this paper are assumed to be

combinational logic networks constructed of single-outputlogic gates. An example of a network and its logic graph areshown in Fig. 3(a) and (b).

Definition: The logic graph G corresponding to a givennetwork N is formed as follows:

1) Corresponding to each input or output terminal of Nthere is a node of G with the same label as the terminal ofN[nodes u, v, w, x, Y, Z in Fig. 3(b)].

2) Corresponding to each gate (or implied gate)3 of Nthere is a node of G labeled with the same identifying label asthe gate of N and also with an operator describing the func-tion performed by the gate of N [nodes Al, A2, A3, A4, A5in Fig. 3(b)].

3) Corresponding to each lead ofN there is an edge of G.This edge connects the nodes of G corresponding to the gatesor terminals it is connected to in N. Each edge is labeledwith the same identifying label as in N and is assigned adirection corresponding to the direction of signal flow in N.Fan-out in N is represented in G by having more than oneedge directed outward from the node corresponding to thefan-out gate in N. This is illustrated by edges h and i andnode A2 of Fig. 3(b).

Since the logic graph G is clearly isomorphic to the orig-inal network diagram, the same analysis procedures whichare used to determine the output functions for N can bedirectly extended to the graph G and will determine the sameoutput functions.The types of faults considered here are those which can be

described by specifying that certain of the leads of the logicnetwork have constant logical signals fixed on them. Thenotation adopted to denote a fault is

F = ai/l1, a2/12 . . . ak/lk

where each ai is the label of one of the leads of the networkand each 1i is equal to either 0 or 1. Each term of the formai/li specifies that lead ai is stuck-at-value 1i and is called acomponent of the fault F. It is convenient to use the samefault notation in connection with the logic graph for the net-,

I A wired-OR, for example.

1287

IEEE TRANSACTIONS ON COMPUTERS, NOVEMBER 1971

work to specify a logical model of the network in the presenceof faults.

(a)

,~~~~

(b)

(c)

(d)

(e)

Fig. 3. (a) Network N. (b) Graph G for N. (c) Result of splittingprocess applied to G for F=b/O, e/l. (d) SF[G] for F=b/O, e/1.(e) (RF[G] for F==b/O, e/l.

The 8 TransformationThe S transformation is defined to operate on a logic

graph G for a fault F to yield another logic graph G whichhas the same logical behavior as the original graph with thefault F present. Thus the S transformation introduces theeffects of F into the graph G to yield a new graph G whichincludes directly the effects ofF on G. Moreover, the S trans-formation removes from G those edges and only those edgeswhose values cannot affect the logical values at the outputnodes.

Definition: Given a logic graph G and a fault F, the graphSF[G] is defined as that graph which results from applyingthe following transformation, called the 8 transformation, toG. This transformation has two parts to it, splitting andpruning, which must be carried out in the order given.

Splitting: Assume that Ai is a node of G, that edgesa1, a2, am are incident into Ai, and that the logic functionrealized by Ai is a(yi, Y2, - * ym) where yi represents thelogic signal present on edge ai. If none of the edges a1, amcorrespond to a component of the fault F, then Ai occurs inSF[G] with the same labels and incident edges as in G. Nextassume, without loss of generality, that edges a,, a2, akcorrespond to fault components ai/ll, a2/12, * ak/lk of F.In this case, node Ai in SF[G] has associated with it a logicfunction:

/(Yk+l, Yk+2, , yp)

=aCY(l =11, Y2 = 12, * * Y,k = lk, YJk+l) ' ,ym)-

Figs. 4 and 5 illustrate this process of forming the nodes ofSF[G]. The special situation in which the 3 function reducesto a constant function is shown in Fig. 4(c). Fig. 5 illustratestwo special situations: the d function is the identity function13(y3)=y3 and also edge a2 is missing in SF[G] even though itdoes not correspond to one of the components of F.Any edge ai which corresponds to a yi which appears in

O(yko, Yk+2, * * * y,) is incident into node Ai. Any edge whichdoes not correspond to a yi appearing in 3(ykh, Yk+2, * * * yp)is not incident into node Ai and does not appear in SF[G].The graph which results from applying this splitting processto the graph of Fig. 3(b) is shown in Fig. 3(c).

Pruning: After the splitting process has been applied to allnodes of G, the resulting graph is then pruned. This consistsof the removal of all edges and nodes which are not includedin some path from a constant node or an input node (corre-sponding to a network input terminal) to an output node(corresponding to a network output terminal). The resultinggraph is SF[G]. Fig. 3(d) shows the SF.[G] corresponding tothe graph of Fig. 3(b) with F= b/O, el 1.

The cq TransformationThe graph SF[G] includes directly in the graph the effects

of the fault F on the original graph G and moreover has some

1288


Theorem 1: The output functions calculated from SF[G] or(RF [G] are the same as those realized when the fault F is pres-ent in the network N for which G is the logic graph.

Fig. 4. (a) Ai node with a(yl, Y2, Y3)=Y1Y2Y3=1+Y2+Y3 (NAND gate

node). (b) Result of applying 8 transformation splitting to A,i of(a) for F=a3 /1, i3(yI, )2)=y1Y2. (c) Result of applying S transforma-tion splitting to Ai of(a) for F= a3/O, ,B = 1.

0l

02 _---- )a3

(a)

03 A(

(b)

Fig. 5. (a) Ai node with a(yl, y2, )3)=YI)2+Y3. (b) Result of apply-ing 8 transformation splitting to Ai of (a) for F=al/O, (y3) =Y3.

of the nodes and edges which cannot possibly affect the out-put functions removed from it. It is possible that SF[G] may

contain one or more constant nodes, nodes whose output is

held at a fixed logical ZERO or a fixed logical ONE.4 It is thepurpose of the 6R transformation to remove from SF[G] any

constant nodes as well as any other nodes or edges whichcannot affect the circuit outputs.

Definition: Given a logic graph G and a fault F, the graph(RF[G] is defined as that graph which results from applyingthe following transformation, called the R transformation,to G.

First the 8 transformation is applied to form SF[G]. Ifthere are no constant nodes in SF[G], then (RF[G]=SF[G]. Ifconstant nodes are present then let G=SF[G] and form a

pseudofault F which has one component for each outputedge of each constant node. If node Bi is a constant node ofvalue 1i with edges b1, b2, bq leaving it, then billi,b21/,, bq/li are among the fault components of F. Nowform G =,S[Gj. Continue this process until a graph resultshaving no constant nodes which are not output nodes. Ifthere are present any S nodes, nodes whose logic functionis the identity function, each such node is removed alongwith the single edge directed into it. The edge which was

directed out from the S node is connected instead to thepredecessor of the S node. The resulting graph is (RF[G]. Anexample of this is shown in Fig. 3(e) which is MF[G] for the Gof Fig. 3(b).The S transformation is introduced because: 1) it is a

convenient vehicle for describing the 61 transformation: and2) SF[G] preserves the same vulnerability to subsequentfaults as the original network N.The foregoing discussion assumes that a stuck-at fault is

modeled logically by removing each edge having such a faultand replacing the edge with a constant node whose output isconnected into the same node as the lead removed. Underthis assumption the following theorem follows directly fromthe definitions of the transformations.

4These nodes may have been present in the original graph G or may

have been introduced by the S transformation.

III. FAULT EQUIVALENCE RELATIONS

The equivalence relations which are defined in terms of theeffects of faults on the structural characteristics of a networkare presented most conveniently in terms of the logic graphsand the 8 and R transformations introduced above.

8 Structural Equivalence

Definition 1: Two faults F1 and F2 in a logic network are

said to be 8 structurally equivalent (written F1 = F2) if and onlyif

SF1[G] SFo [G]

where G is the logic graph of the original network.Consider, as an example, the network of Fig. 3(a). If F,

=b10, ejl and F2= g0, el 1, then F1=F2 since SFJ[G] and

SFJ[G] are identically the same graph, viz. that of Fig. 3(d).The mechanism whereby this occurs is obvious. The com-

ponent b/0 and the component g/0 both cause A3 to bemapped into a constant node of value 1 under the S trans-formation. In essence, this is the only type of mechanismgiving rise to S structural equivalence. This observation leadsto a formulation of necessary and sufficient conditions for S

structural equivalence which, for single faults in networksbuilt of the most common gate types, may be simply statedas follows.Theorem 2: Two distinct single faults F1 and F2 in an

irredundant network composed exclusively of AND, OR, NOT,NAND, and NGR gates are S structurally equivalent (F1=F2)if and only if one of the following conditions holds: 1)F1=ai/0 and F2=aj/0 where ai and aj are inputs to the

same AND gate or the same NAND gate; or 2) F1=bil andF2= bill where bi and bj are inputs to the same OR gate or

the same NOR gate.Based upon Theorem 2, one may deduce a simple algo-

rithm for the determination of the classes into which thefaults are partitioned by 8 structural equivalence. Such an

algorithm is flow charted in Fig. 6.Theorem 2 need not be proved for it may be subsumed

under a more general result applying to multiple as well as

single faults in networks employing any gate type. Thismore general result relies, however, upon some additionalconcepts which will be defined here.

Definition 2: Let FA and F1, be two stuck-at faults. Theconcatenation of F[ and F,, is defined by

F Fj,- Fc

where F0, is the union of the sets of components comprisingFA and F1, whenever the union of these sets is a set of com-ponents constituting a stuck-at fault. Otherwise, FA,FB is

undefined.Thus if F,1=a/0, d/l and F,,=kO0, in the network of

_P, -40K

(a) (b) (c)

1289


Pick any vertex V in network's logical model

which corresponds to a gate and which has not

yet been considered. Let al .2. a. . .,an be

the edges incident into V.

Fig. 6. Flow chart for determining S structural equivalence classes.

Fig. 3(a), then FAFB= a/O, d/l, k/O. If Fc= a/ , c/0, e/I inthe same network, then FAFC is undefined since no stuck-atfault can have both a/O and a/I as components.

Definition 3: The fault F1 is said to 8 structurally coverthe fault F2 (written F1 AF2) if and only if

SF1F2[G] = SF1[G]where G is the logic graph of the network in the absence offaults.Thus in the network of Fig. 3(a), F1 AF2 where F1 = b/0,

e/l and F2= a/O, h/1.Other covering relations between faults are of interest

[1] but shall not be defined here. S structural covering isintroduced here to facilitate the definition of another veryuseful concept, that of fault kernels.

Definition 4: Let F= a1/1j, a2/12, * * , an/l,n be a fault ina logic network. Let F and P be two faults in the same net-work such that: 1) F=FP; 2) F AP; and 3) there exists nofaults cF* and F* in the network for which F=F*P* andF* AF* where F* has fewer components than F.Then the fault F is said to be a kernel of the fault F. The

set of all such kernels of F is denoted symbolically as K(F).Note that a fault may have more than one kernel. In the

network of Fig. 3(a), for example, the fault F= e/l, f/l,k/O, 1/0 has two kernels, viz., FK1 = k/O and FK2= 1/0. HenceK(F)= I FK1, FK, } in this case.

Using the concept of fault kernels, general necessary andsufficient conditions for 8 structural equivalence may nowbe given.Theorem 3: Let F1= a1u/l1, a12//12, , aj,/ll and

F2=a21/l21, a22/122, * *, a2m/I2m(F1, F2EF) be two faults inan irredundant network whose logic graph is G. Then F1 andF2 are 8 structurally equivalent (F1=F2) if and only if thereexist two kernels:

FK1 = alK1/llK, alK2/llK2, . , alK,/118eK(F1) (s < n)

and

FK2 = a2Kl/l2K,, a2K2/12K2, ... , a2Kt/12Kt

EK(F2) (t < n)

such that, for every vertex VEG into which one or moreedges alKi( <i<s) or a2Kj(1.j1 t) are incident, either oneor the other of the following conditions holds.

1) For every alKi[a2Kj] incident into V, there exists

1290


an a2Kp(l .p. t)[alKq(l <q<s)] such that alKi anda2K, [a2Kj and alKj] are identically the same edge and11Ki=12K, [12Kj = 1lKql]

2) The fault conditions on those alKi incident into V andthe fault conditions on those a2Kj incident into V each pro-vide inputs to the gate corresponding to V such that theoutput of that gate is fixed at a logical ONE (logical ZERO)-i.e., such that all the literals of at least one prime implicant(prime implicate) of the Boolean function realized by thegate corresponding to V are held at a logical ONE (logicalZERO)-SO that under either of the transformations SFK1 orSFK2, V is mapped into a constant vertex of value 1 (value 0).Theorem 3 is proved in [1, Theorem 6.5G].

(R Structural EquivalenceAs 8 structural equivalence is defined in terms of the 8

transformation, so may a second -equivalence relation bedefined in terms of the CR transformation.

Definition 5: Two faults F1 and F2 in a logic network are

said to be 6R structurally equivalent (written Fl-F2) if andonly if

RF1F[G] = (RF2 [G]

(with edge labels removed) where G is the logic graph ofthe original network.As an example, consider F1 =a/I and F2= k/O in the net-

work whose logic graph is Fig. 7(a). It should be clear thatF1, F2 in this case. By Definition 5, however, it is true thatF1-F2 since 6RF, [G] and (RF2[G] are identically the same

graph, viz. shown in Fig. 7(b).Necessary and sufficient conditions have also been es-

tablished for (R structural equivalence.Theorem 4: Let F1= al/lll, a12/712, , aj1/l1, and

F2= a2l/121, a22/122, * *, a2m/12,,,(Fj, F2CF) be two faults inan irredundant logic network whose logic graph is G. ThenF1 and F2 are CR structurally equivalent (F1_F2) if and onlyif there exists two kernels:

FK1 = alKl/llK1, a1K2/l11K, .. , alK8/l1K8CK(F1) (s < n)

and

FK2 = a2Kl/l2K,, a2K2/l2K2, . , a2Kt/l2Kt

eK(F2) (t < m)

such that, for every vertex VEG into which one or more

edges alKi(l<i<s) or a2Kj(l<j<t) are incident, either one

or the other of the following conditions holds.1) For every alKja2Kj] incident into V, there exists a path

from an a2Kl.<p< t)[alKq(l <q<s)] to the edge alKia2Kj]such that the component a2Kp/12Kp[alKq/lKp[alKq/12Kq] causes

the signal on the line corresponding to edge alKjja2Kj] toalways be held at the logical value l1Ki[l2Kj] regardless ofthe inputs to the network.

2) The presence of the logical signal l1Ki[l2Kj] on the linecorresponding to edge alKija2Kj] provides an input to thegate corresponding to V such that the output of that gate isfixed at a logical ONE (logical ZERO) regardless of the valuesof the other inputs to that gate, and there exists a

(b)

Fig. 7. (a) Graph G. (b) (RF[G] for F=a/l or F=k/O.

path from an edge a2Kp[alKq] to V such that the componenta2Kp/12Kp[alKq/12Kq] causes the signal on the line correspond-ing to the edge in that path which is incident into V to bealways held at that logical value which will cause the outputof the gate corresponding to V to be held at a logical ONE(logical ZERO) regardless of the values of the other inputsto that gate.

Algorithms based on Theorems 3 and 4 have been imple-mented in a list-processing language and are describedin [3].

CR structural equivalence is not so strong, a relation as

8 structural equivalence. The perceptive reader will havenoticed that F1=F2 implies F1-F2. As a consequence, thepartition induced on the set of faults for a network by 8structural equivalence is a refinement of that induced byCR structural equivalence, as was observed in the introduc-tion. There are other important differences between theserelations as well. For 8 structural equivalence, it is possibleto prove the following theorem [1].Theorem 5: If FA=-FB and FC=-FD, then FAFC=FBFD for

any FA, FB, FC, FD for any network. In short, 8 structuralequivalence is a congruence relation.

Consider F1=e/O, F2= c/l, d/l, and F3=f/l in the net-work whose logic graph G is shown in Fig. 8(a). CRF1[G]= (RF2[G] = CRF1F,[G], the graph of Fig. 8(b); clearly then,F1-F2. (RF2FjG], however, is the different graph shown inFig. 8(c); hence F1F3XF2F3 and we see that CR structuralequivalence is not a congruence relation.

Functional Equivalence

In a sense, the most fundamental type of equivalenceamongst faults depends on two faults producing the same

change in the network output function. This is called func-tional equivalence and is defined formally as follows.

Definition: Let Z,F[G] denote the ith output function ofthe logic graph G in the presence of fault F. Then two faults,F1 and F2, arefunctionally equivalent, written F1--F2, if andonly if Z,FL[G] =Z,F2[G] for all outputs Zi.

In many situations it is functional equivalence rather than

(a)

1291


(a)

0(b)

a

b '

(c)Fig. 8. (a) Graph G. (b) (RF1[G] =(RF2G] = (RF1F,[GI with Fl = e/O,

F2=c/1l, d/l, F3=f/1l. (c) (RF2F,[G] with F2=c/1l, d/l, F3=f/1.

one of the structural equivalences which is of interest. Thereis no difficulty in principle in determining all of the func-tional equivalences by calculating the network output func-tions for each fault of interest. In practice this approach isnot too useful because of the large amount of calculationinvolved, thus more efficient techniques for determiningfunctional equivalence are of interest. While it is true thatany pair of faults which are structually equivalent are alwaysfunctionally equivalent, the converse is not true: it is possibleto have functionally equivalent faults which are not struc-turally equivalent. For example, with respect of the graphof Fig. 3(b) the faults F1 =j/O, k/O and F2= d/l are func-tionally equivalent but not structurally equivalent. Thegraphs GRF1[G] and (RF,[G] for these faults are shown inFig. 9. Since these two graphs differ it is clear that the faultsare not structurally equivalent. They are functionally equiv-alent since the output functions Y= 1 and Z= vwx result forboth graphs of Fig. 9.

It has not been possible to obtain as simple a characteriza-tion for functional equivalence as is given by Theorems 3and 4 for structural equivalence. However, the existence offunctionally equivalent faults which are not also structurallyequivalent has been shown to depend directly on the pres-ence of reconvergent fan-out paths in the network. Withrespect to the faults just discussed, the relevant fan-outpaths are those composed of edge b and edges c and h inFig. 3(b).Theorem 6: Let G be the logic graph of an irredundant

network. Then at least two stuck-at faults of G which arefunctionally equivalent but not structurally equivalent existif and only if G contains at least two nodes Va and Vb suchthat there are at least two distinct paths from Va to Vb.

Proof: First we will assume that G contains nodes Vaand Vb and will show that the pair of faults satisfying thetheorem must exist. The details of the proof will be carriedout for the situation where node Vb represents an AND gate.The extension to NAND, NOR, and OR gates is straightforward.

(a)

(b)

Fig. 9. (a) (RF1[G] for F1 =j/l, k/l in G of Fig. 3(b).(b) cRFJ[G] for F2=d/l in G of Fig. 3(b).

(a)

3<

hm +,

F. F,

(b)

h3 <i(

h2/1

F, h2/ I

hih A

hmh2

j/O

F2hi /I

(c)Fig. 10. Situation illustrating faults which are functionally

but not structurally equivalent.

The proof for arbitrary gates is given in [1]. A representationof that part of G which contains the two nodes of interestand the paths between them is shown in Fig. 10(a). The sig-nal on the output edges from node Va is denoted by I.Consider node B1 in Fig. 10(a). One of its inputs containsthe signal T. There is some fault whose components involveonly the other inputs to B1 and which is such that the outputof B1 in the presence of this fault will be a function only ofT. That is, the output will equal I or ST. With this fault

1292


present there is one input to B2 which is equal to T or T. Inturn there is a fault involving the other inputs to B1 whichwill make its output equal to T or T. By continuing thisprocess until node Vb is reached a fault is constructed whichinvolves the inputs to the Bi nodes and which causes thesignal on the hi input to Vb to be equal to T or T. This signalon the hi edge will be denoted by T*, and the correspondingfault will be called F1. A similar construction for the otherpath between node Va and Vb yields a fault F2 which forcesthe signal 'v (equal to T or T) on edge h2. Two situationsare possible; either T*I=T=+ or T*= 4t+. The first possibilityis illustrated in Fig. 10(b). In this case the fault F1F2 pro-duces a situation where there are two complementary inputsto the AND node Vb causing the output of the node to beforced to 0. The fault j/O on the output of the node willproduce the same effect on the graph outputs. ThusFiF2'-j/0. The two faults F1F2 and j/O are not structurallyequivalent since cR/O[G] will have the Vb node missing while(RF1F2[G] will not.Figure 10(c) is relevant to the other possibility where

V = -f. If we let the symbols H2, . , H,,m denote the func-tions present on edges h2, . * , h,,,, the other inputs to nodeVb, then the function on the output of node Vb isJ-H2-H3 . Hm in the presence of either fault Fih2/l orF2h1/l. Thus the faults F1h2/1 and F2h/l1 are functionallyequivalent. They are not structurally equivalent sinceRFjh2/1[G] will contain edge hi but not h2 and fRF2hl/l[G]will contain h2 but not hi.Having proved sufficiency we now proceed to prove neces-

sity by assuming that between any two nodes of G there isexactly one path. Next we assume that there are two faultsFA and FB such that FA-FB and FAWFB. Since (RFA[G]O RFB[G] there must be at least one edge, say a, which ispresent in (RBA [G] but not in (RFB [G] . (The choice of (RFA [G]rather than (RFB[G] is arbitrary and does not affect theproof.) The edge a must occur in one path between an inputnode and an output node. Thus this input variable mustappear in the function corresponding to that output nodefor graph GIFA[G] and must be absent ili that output func-tion for graph (RFB[G]. Since there is only one path betweenthe input and the output, the input variable must be essentialfor the output function and thus the output functions cal-culated for the two graphs are different and FA,*AFB.

IV. CONCLUSIONSThe basic motivation for the work reported on in this

paper was to develop insight into the phenomena that occurin logic networks when faults are present. Most of the re-search on networks with faulty components-either ontesting and diagnosis, or on redundancy techniques-has

made use of the theories developed under the assumption ofperfect components. With the increasing importance ofreliability in digital systems it seems worthwhile to developa theory that explicitly accounts for the possibility of com-ponent malfunction.While the work described here is mainly theoretical, it

does have some direct application both to testing and diag-nosis, and to redundancy techniques. Most procedures fordeveloping tests for combinational circuits start with a listof the faults to be tested for. It follows directly from thedefinition of functional equivalence that any test whichdetects a given fault will automatically detect any faults inthe same functional equivalence class. Thus the list of faultsneed contain only one representative from each such equiva-lence class rather than each individual fault. For the circuitof Fig. 1, there are 18 individual single faults, 7 functionalequivalence classes, 19 682 individual multiple faults, and13 functional equivalence classes of multiple faults. Clearlythere is substantial advantage in considering classes ratherthan individual faults. Fault equivalence is also relevant todiagnosis since it is not possible to distinguish the faults ofan equivalence class by observing only the network outputs.When evaluating redundancy schemes it is sometimes neces-sary to enumerate possible failure situations. Use of faultequivalence can reduce the enumeration required [5].At present it is not always possible to realize all the bene-

fits of treating classes of faults rather than individual faults.For networks with reconvergent fan-out an efficient proce-dure for calculating functional equivalence classes is notknown, and it may be possible to achieve only the savingsdue to R structural equivalence. Work is underway which isaimed at developing an efficient procedure for determiningfunctional equivalence for networks with fan-out. This workis based on proof of the theorem which shows that recon-vergent fan-out must be present when there are functionallyequivalent faults which are not structurally equivalent.Bounds on the number of fault equivalence classes have

been obtained and will be presented in a subsequent paper.

REFERENCES[1] F. W. Clegg and E. J. McCluskey, "Algebraic properties of faults in

logic networks," Digital Syst. Lab., Stanford Univ., Stanford,Calif., Tech. Rep. 4, SU-SEL-69-078, 1970.

[21 D. R. Schertz, "On the representation of faults," Coordinated Sci.Lab., Univ. Illinois, Urbana, Ill., Rep. R-418, 1969.

[3] R. Boute, "Algorithms for combinational fault equivalence usingLISP," Digital Syst. Lab., Stanford Univ., Stanford, Calif., Tech.Note 9, 1971.

[4] F. W. Clegg, "The SPOOF-A new technique for analyzing theeffects of faults on logic networks," Digital Syst. Lab., StanfordUniv., Stanford, Calif., Tech. Rep. 1 1, SU-SEL-70-073, 1970.

[5] D. P. Siewiorek, "A re-evaluation of the classical model for NMRreliability," Digital Syst. Lab., Stanford Univ., Stanford, Calif.,Tech. Note 8, 1971.

1293

Documents

Fault Equivalence in Combinational Logic Networks