Case Study of Self-Checking Circuits...

VLSI DESIGN1998, Vol. 5, No. 4, pp. 373-383Reprints available directly from the publisherPhotocopying permitted by license only

(C) 1998 OPA (Overseas Publishers Association)Amsterdam B.V. Published under license

under the Gordon and Breach SciencePublishers imprint.

Printed in India.

A Case Study of Self-Checking Circuits ReliabilityJIEN-CHUNG LO

Department ofElectrical and Computer Engineering, The University ofRhode lsland, Kingston, RI 02881-0805

In this paper, we analyze the reliability of self-checking circuits. A case study is presentedin which a fault-tolerant system with duplicated self-checking modules is comparedto the TMR version. It is shown that a duplicated self-checking system has a much higherreliability than that ofthe TMR counterpart. More importantly, the reliability of the self-checking system does not drop as sharply as that of the TMR version. We alsodemonstrate the trade-offs between hardware complexity and error handling capabilityof self-checking circuits. Alternative self-checking designs where some hardwareredundancies are removed with the lost of fault-secure and/or self-testing propertiesare also studied.

Keywords: Alternative self-checking designs, Duplicated self-checking systems, Reliability analysis,Self-checking circuits, Triple modulo redundancy, Totally self-checking goal

1 INTRODUCTION

The need for self-checking circuits increases as thedevelopment of VLSI pushes for lower circuitdimension and higher packaging density. It is wellknown that these features will make VLSI chipseven more vulnerable to transient and soft errors.Concurrent error detecting mechanism is requiredfor a reliable operation.The self-checking circuits have been widely

studied[1-3]. They are designed to perform concur-rent error detection in safety critical applications.However, the designers of self-checking circuitsand/or systems are more concentrate on the satis-faction of a given set of definitions than the desiredapplication environment and the nature of themission. In other words, all existing self-checkingcircuits or checkers have been designed to guaranteethe extreme case error handling capability.

373

There is no one single rule for fault-tolerant com-puting system design. The main reason is that afault-tolerant system must be built to fit the targetedapplications. For example, FTMP[4] and SIFTIs]

are designed for avionics systems. The requirementis to achieve an ultra-reliability, 1-10-9 within ashort flight time (about 10 hours on average). Theelectronic switching system (ESS)[61, on the otherhand, is designed to achieve a high availability. It isno surprise that the design techniques of the abovementioned three systems differ significantly.

Obviously, many possible self-checking circuitdesigns have yet to be explored. Take totally self-checking (TSC) circuits [2] for example, aTSC circuitmust guarantee that no error propagation before afault detection and that all modeled faults can bedetected eventually. The TSC definitions set a verystrict standard for high degree of error handlingcapability. This supreme error handling capability

374 JIEN-CHUNG LO

has been termed TSC goal[3]. However, this level oferror protection comes with a cost of high redun-dancy. One may easily see that the redundancy levelof a TSC design can be reduced at a cost of losingthe level of error protection, in[7’8], we proposed tocalculate the probability that a circuit achieves theTSC goal. This probability can then be used todetermine the worthiness of a modification thatattempts to reduce the redundancy.When we use a measurement rather than a set

ofrestricted definitions to evaluate self-checkingdesigns, we may freely explore a wide spectrumof design possibilities. Moreover, a self-checkingdesign that is optimally (or near optimally) tunedfor the given application environment can beobtained. In this paper, we present a case studyof reliability analysis of self-checking circuits. Wewill present the evaluation ofa self-checking systemconsists of dual self-checking modules. The dupli-cation of self-checking module provides the con-current error correction capability and can ensurethe continuous operations. This is similar to thestepwise negotiating voting[9]. We compare thereliability of this design to the triple modulo redun-dancy (TMR) version that can provide the samecapability. Moreover, we demonstrate the impactof a design alternative that trades some errorhandling capability for a lower hardware redun-dancy level.

2 BACKGROUND

2.1 Definitions

In this paper, we define defects as the abnormalityin physical layer, e.g. bridges and breaks. Thefaultsare the abstract view of classifiable defects, e.g.stuck-at, stuck-open and stuck-on faults. The errorsare the erroneous pattern shown at the output ofthe circuit in the presence of physical abnormality.A failure is defined here as the situation whereerrors are propagated beyond the boundary of thecircuit. This is in accordance with the conventionalTSC definitions.

TSC circuits and checkers have been formallydefined as follows[2]:

D 1: A circuit isfault-secure with respect to fault setF, if and only if for every single fault and forall code word input the circuit will neverproduce an incorrect code word.

D2" A circuit is self-testing with respect to fault set17, if and only if each fault in 17 can be detectedby at least one code word input.

D3" A circuit is totally self-checking if it satisfiesD1 and D2.

The TSC goal is stated as follows[3]" "Given thefault assumption, a self-checking circuit alwaysproduces a noncode word as the first erroneousoutput due to a fault." The TSC circuits achieveTSC goal given the following two assumptions[3]:

Al: Each failure can be modeled as a member ofthe predefined fault set.

A2: Faults occur one at a time, and the timeinterval between the occurrences of any twofaults is sufficiently long so that all input codewords are applied to the circuit input.

To satisfy A1, the design must have a 100% faultcoverage with respect to the predefined fault set.However, this predefined fault set may not neces-sarily include all the possible faults. As for A2, wecan see that a 100% guarantee of TSC goal isvirtually impossible. The time interval between theoccurrences of any two faults is a random variablegoverned by the component failure rate. Since it isa random variable, there is no guarantee that A2can always be satisfied. The problem is even worsefor embedded TSC circuits when some crucialinput vectors are not available. These drawbacksare well-known for the TSC circuits.

Strictly speaking, a TSC circuit is no longer TSCwhen it uses an error control code that is incapableof correcting or detecting all possible error types.Also, a TSC circuit is no longer TSC when it isplaced in an embedded environment where thepossible code word combinations are insufficient todetect all modeled faults. In such cases, we simplycall the circuits self-checking (SC).

SELF CHECKING CIRCUITS RELIABILITY 375

2.2 Previous Works

In[1], the reliability of a duplicated self-checkingsystem is compared to that of a triple moduloredundancy (TMR) system. This analysis assumesa perfect coverage, i.e. no violation of the TSCassumptions may occur. In this paper, we study thereliability comparison using similar configurations.The difference is that, in this paper, the coveragewill be included in the reliability evaluations. Thecoverage is estimated based on the error handlingcapability of the self-checking circuit.

In most self-checking studies, the size of theminimum test set has been used to compare the self-checking designs. This can be justified from theclose examination of the TSC assumptions. How-ever, we need something more concrete to ascertainthe dynamic fault and/or error handling perform-ance of the TSC circuits. Only a handful of relatedworks regarding the performance of TSC circuitshave been reported in the literature[11-14’7]. Thestudy by Courtois[11] formulates the performanceof partially self-checking systems. The TSC circuitsare assumed to be governed by a simple failuremechanism.The studies of Lu and McCluskey[12] and

Fujiwara eta/. [13’14] are aimed at the static behaviorrather than run-time behavior of self-checkingcircuits. Ref. [12] presents two quantitative meas-ures: TIF (test input fraction) and SIF (secureinput fraction) to describe the figure of merit forTSC circuits. Ref. [13,14] suggested a measurecalled checker fault coverage (CFC) to describethe fault detection capability of a TSC circuit.These measurements are inadequate to describe therun-time behavior of a self-checking circuit.

Recently, Lo and Fujiwara[7] present a proba-bilistic measurement for TSC circuits. This mea-surement provides a steady-state probability, i.e.this measurement is not a function of time, of therun-time behavior. In[8], the formula to derive thesimilar measurement as a function of time is pre-sented. Although some of the derivations in[8] areuseful for the reliability analysis, the emphasis of [8]

is mainly in the probability to achieve the TSC goalitself. There is no further elaboration on theapplication of such probability to the reliabilityanalysis of self-checking circuits.

RELIABILITY MODELING OFSELF-CHECKING CIRCUITS

Figure shows self-checking system model studiedin this paper. Since a self-checking system providesonly the concurrent error detecting capability, weneed two self-checking system for concurrent errorcorrection. The correct output is selected basedon the error indication signals from the two self-checking checkers.

3.1 Notations

The TSC goal[3] has been proposed as a measureof all self-checking circuits given the two faultassumptions[3]. Conventionally, a self-checking cir-cuit must achieve the TSC goal. However, in thispaper, we shall use a more relaxed definition andname any circuit that is designed with inherentconcurrent error detection capability a self-check-ing circuit.The followings are the notations to be used in the

derivations.

N: Total number of faults in the circuit. F={fl,..., fN}.

M: The circuit is fault-secure with respect to FS-{fl,..., fM}, O

376 JIEN-CHUNG LO

self-checkingfunction circuit

function circuit

duplicate system

’self-checking

code checker

self-checkingcode checker

MUX

FIGURE The architecture of the reliability case study.

3.2 Reliability Derivation

Conventionally, reliability ofa self-checking shouldbe defined as the probability that no fault occurbefore or on the th cycle, and thus

R(t) e-Nat. (1)

Using the terminology of[15]:, we shall call thisthe real reliability. The apparent reliability of a self-checking circuit is defined as the probability thatthe self-checking circuit is still operational at the th

cycle. When a single fault occurs in a self-checkingcircuits, the circuit will remain operational until thefault detection occurs if the circuit is fault-securewith respect to that fault.

Figure 2 depicts the possible scenarios of a self-checking circuit at the th cycle. We define twofunctions: SC(t) and UN(t) to represent theprobability of the two cases where a fault occursand the TSC goal is secured. The derivations ofthese two functions will be addressed later.

The TSC goal is said lost when either (1) asecond fault occurs before the first fault is detected;or (2) the circuit is not fault-secure with respect tothe first fault. In the former case, the TSC goal islost as soon as the second fault occurs. For the latercase, the TSC goal is lost as soon as the first faultoccurs.

In a duplicated system, such as the one shown inFigure 1, we also need to calculate the probabilityof a successful error correction. The system isconsidered reliable if the error is correctly identi-fied and the correction is also correctly performed.Conventionally, the reliability of a duplicated sys-tem may be formulated as

Rd(t) R2(t)+ 2CR(t)(1 R(t)). (2)[1The coverage 6] C, is defined in this case the

probability of a successful error correction. Notethat C may be a ffnction of time also. For thesystem shown in Figure 1, we may see that UN(t)represents a counterpart of the term C(1-R(t)) in a

2See example 3.25, pp. 164 oft151.


fault-free: R(t)

TSC goal is secured

faulty

TSC goal is lost

fault has not been detected: SC(t)

fault has been detected: UN(O

FIGURE 2 The four possible states of a self-checking circuit at the th cycle.

conventional duplicated system. Therefore, thereliability of the duplicated self-checking system is

Raup(t) R2a(t) + 2UN(t)Ra(t).

However, since a self-checking functional circuitmust always be accompanied by a self-checkingchecker, we need to adjust the above formula. Firstthe apparent reliability of the combinational of aself-checking circuit and a self-checking checker is

Ra-sc(t) Ra-f (t)Ra-c(t), (3)

where Ra_f is the apparent reliability of the self-checking functional circuit and R,_c is that of theself-checking checker. As for the probability ofa successful error correction given that a singlefault occurs for the combination of a self-checkingfunctional circuit and a self-checking checker, wefind

UNsc(t) UNf(t)Ra-c(t) + UNc(t)Ra-f(t)

+ UNf(t) UNc(t). (4)

Therefore, the reliability of the duplicated self-checking system shown in Figure is

Rdup-sc(t) R 2 (t) + 2UNsc(t)Ra-c(t)a-scFor a even more detailed analysis, the reliability

of the multiplexer in Figure is also taken intoaccount. Therefore,

Rdul -sc(t) Rmux(t)(R2a_sc(t) + 2UNsc(t)Ra-sc (t))(5)

gives a more accurate reliability measurement.

3.3 Derivation of Ra(t)

The following equations have also been presentedin[8]. However, since the measurement of interestin[81 is the probability to achieve the TSC goal, theformula is provided for S(t)= SC(t)+ UN(t). TheSC(t) and UN(t) have never been separatelyderived.The apparent reliability of a self-checking circuit

can be computed as follows.

Ra(t) R(t) + SC(t)M

e-NAt -k E Ae-NAtiot-j+li=1 j=l

M t+le_NAt _[_ Ae_NAt (ai Oi (6)

i=l Ti

We assume that all faults have equal arrival rateand are governed by exponential distribution law.

378 JIEN-CHUNG LO

We note that,

SC(t) P(achieve TSC goal without a detection)

P(the first fault occurs at the jth cycle)j=l

x P(no other fault occurs between the jthand the th cycles)

x P(the first fault is not yet detected atthe th cycle) (7)

In the above equation, the assumption is that theTSC goal is lost whenever a second fault occurs.This is not suitable for circuits designed as stronglyfault-secure (SFS)[3] or strongly code disjoint(SCD)[17]. The reliability analysis of SFS andSCD designs will require the explicit study of thefault sequences instead of faults.

Since

P(the first fault occurs at the jth cycle)P(a fault occurs at the jth cycle)x P(this fault does not occur in any other

cycle before the jth cycle)x P(the rest of the faults do not occur

before or on the jth cycle)Ae-A x e-A(t-1) X e-(N-1)Aj

Ae-’(t-j) x e-Naj,

P(no other fault occurs between the jth andthe th cycles)

e-(N-1)A(t-j)

(8)

(9)

and

Ti =0. We may easily see that this fault will notcontribute to the SC(t) at all. In other words, wealso assume that the TSC goal is lost whenever anon-self-testing fault occurs. We should remarkhere that this is a worst case assumption.

3.4 Derivation of UN(t)

The UN(t) of a self-checking circuit can be formu-lated as follows.

M

UN(t) Z P(fi occurs at the jth cycle)i=1 j=l

P(no other fault occurs before oron the jth cycle)

(-- P( J5 is detected at the kth cycle)k=j

P(no other fault occurs between the

jth cycle and the kth cycle)). (1 1)We assume here that at each cycle each input has

the same probability of occurrence. Therefore, theprobability that f. occurs at the jth cycle and isdetected at the kth cycle, k < j, is (1-Ti)k-JTi T isthe probability thatfi can be detected at each cycle.In other words, Ti is the sum of arrival rates ofall code word inputs that test fi. Since the faultdetection occurs at the k th cycle, there are k-jcycles the circuit receives inputs that cannot detectjS. In other words, the detection of a fault is ageometric distribution.

e(y5 is detected at the k th cycle) Q JTi. (12)The discussions given above and in the previous

section shows that

P(the first fault is not yet detected atthe th cycle)= Ol-j+l, (10)

we may easily verify Equation (6).The non-fault-secure faults are excluded from the

derivation of SC(t). This implies that we considerthe TSCG goal is lost whenever a non-fault-securefault appears. If the circuit is not self-testing withrespect to a particular fault, say j, that fault has a

UN(t) Ae-(t-j e-Nji=lj=l \k=j

e-A(k-J)

M

Z "{ e-A(t+l)e-NATi --e-Ae-NA(t+l)i=l

x +

[(e-a-e-aQi)(e- e-a)] }. (13)


4 A CALCULATION EXAMPLE

In this section, we shall use the formulas presentedearlier to evaluate self-checking circuit designs. Weshall use the well-known parity encoded adder[18’9]

as an example.

4.1 A TSC Parity Encoded Adder

The parity encoded adders in[81 require duplicatedcarry units to generate the redundant carry bits forthe calculation of the output parity bit. This is be-cause some faults in the adder may induce multipleunidirectional errors on the carry bits, which resultin arithmetic errors on the output bits. These errorsare undetectable by the parity code unless theduplicated carry bits are provided. Figure 3 showsa 4-bit parity encoded adder as in[18’9]. We assumea single stuck-at fault model such that the fault set

consists of all possible single stuck-at faults. Table Ilists all the possible faults sorted by the number oftheir test inputs. In this case, N 202, and M 202.The Ti’s are computed assuming that each inputhas equal probability of occurrence.

In order to clearly demonstrate the calculation ofTi, we show in Table II the tests for each fault in afull adder. The logic diagram with correspondingnode names of a full adder is shown in Figure 4.

TABLE Numbers of faults grouped by T;for circuit in Figure 3

Tnon-fault-secure 064/512 105128/512 4192/512 4256/512 89Total 202

fault X

TABLE II Complete tests for stuck-at faults of full adder in Figure 4

Y C; no. of tests fault X Y Ci no. of tests

a s-a-0b s-a-0 Xc s-a-0 0

d s-a-0 Xe s-a-0 0

0

fs-a-0g s-a-0h s-a-0s-a-0

j s-a-0 0k s-a-0 0s-a-0

m s-a-0

n s-a-0 0

o s-a-0

X X 4 a s-a-1 0 XX 4 b s-a-1 X 0X 4 c s-a-1 0 0

0 XX 4 d s-a-1 X X0 4 e s-a-1 0 0

0 00 0 0

0 fs-a-1 0 00 g s-a-1 0

0 h s-a-1 00 s-a-1 0

j s-a-1 0 0k s-a-1 0

0 s-a-1 0 X0 0

00 m s-a-1 0 0

00

n s-a-1 X 00 00

4 o s-a-1 0 00 0

X 0

XXXX00

0

000

00

0X000

0X00

380 JIEN-CHUNG LO

X3Y3 X2Y2 XIYI XOYO XpYpX2Y2 XIYI XOYOCi

$3 $2 Sl S0 Sp

FIGURE 3 The classical implementation of TSC parityencoded adder with duplicated carry unit.

XY Ci

f

Co S

FIGURE 4 A gate level logic diagram of a full adder withmarked stuck-at faults.

X3Y3 X2Y2 X1Y1 XOYO Ci XpYp

$3 $2 S1 SO Sp

FIGURE 5 An alternative self-checking parity encoded adderimplementation without the duplicated carry unit.

TABLE III Numbers of faults grouped by Tifor circuit in Figure 5

T,.

non-fault-secure 8064/512 0128/512 4192/512 4256/512 54

Total 142

4.2 A Self-Checking Parity Encoded Adder

The parity encoded adder in Figure 3 uses a dupli-cated carry unit. This design is necessary to avoidmiss detection due to error propagation on the carrychain[19]. A possible design alternative here is toreduce the complexity by removing the duplicatedcarry unit. The internal carry bits are used insteadto generate the output (sum) parity bit. This designis no longer TSC and thus we will refer to it as self-checking only. This self-checking adder is shown inFigure 5.

Table III summaries all the possible stuck-atfaults in Figure 5. For this circuit, we find N 142and M 62, because there are 80 non-fault-securefaults. Obviously that this alternate design haspoorer error handling capability. However, we alsoknow that this alternate design has a reducedhardware complexity or a smaller N. It should benoted here that there is no direct relationshipbetween the degree of lost error handling capabilityand the amount of hardware redundancy reduced.

4.3 Comparison

In this section, we compare the reliability of thestructure shown in Figure and its TMR counter-part. The TSC parity adder and the self-checkingadder discussed previously will be used here. Thereliability of a TMR adder is

RTMR Rv(3R 2 2R 3) (14)

where R is the reliability of the voter.Figure 6 shows the reliability plots of the dupli-

cated self-checking system with TSC parity adderand the self-checking parity adder, respectively,and that of a TMR adder. Note that the paritychecker associated with the parity encoded adder isalso taken into account.

First, we observe that the duplicated system withTSC parity adder gives the highest reliability. Ofcourse, in this example, the TMR version uses thehighest level of hardware redundancy. The TSCadder version uses 178 additional hardware unit


(per fault), the self-checking adder uses 58 addi-tional hardware unit, and the TMR version uses anextra of 320 units. The above numbers include thecheckers, voters, and the multiplexers. We mayexpect that the TSC duplicated system with TSCcomponents to always perform better than theTMR version when the hardware redundancy levelis comparable. This can be observe from Figure 6that the curve of the TMR version drops muchmore rapidly.As for the alternate self-checking design, we

know that the inherent reliability of the circuit isincreased due to the reduction of hardware com-plexity. This is at a cost of losing a significant levelof error handling capability. We see from Table IIIthat 80 out of a total of 142 faults, or about 56%,are non-fault-secure.

From Figure 6, we see the effect ofthis significantlost of error handling capability. The reliability ofthe self-checking alternative is clearly much lowerthat that of the TSC. Nonetheless, we also see thatthis self-checking alternative is not totally useless.When NAt < 0.07, the reliability of the self-check-ing version is only slightly lower than that of theTMR version. When NAt > 0.07, the self-checkingversion has a higher reliability than the TMR ver-sion. More importantly, the gap between the tworeliabilities increases as NAt increases.A fault-tolerant system is application oriented. A

good fault-tolerant design is a design that is opti-mized for its application. If the application requiresthat the system to have a reliability greater than 0.9for NAt < 0.1, then obviously the self-checkingversion is the best choice.

0.95

0.9

0.85

0.8-

O.750

-

1: reliability of duplicated T$C adder

:: reliability of duplicated self-checking adder3: reliability ofTMR adder

0.05 0.1 0.15 0.2N,t (N=202)

0.25

FIGURE 6 The reliability of a duplicated system with TSC parity encoded adders, a duplicated system with self-checking parityencoded adders, and a TMR system with triplicated adders and voter.

382 JIEN-CHUNG LO

5 CONCLUSIONS

We have presented in this paper the reliabilityanalysis of self-checking systems. We also showthat alternate design method can be justified basedon the reliability modeling rather than the theo-retical soundness. The evaluations shown in thispaper give the worst case numbers. The reason isthat we assume the fault-secure property is lostwhenever: (1) a non-fault-secure fault occurs or(2) a second fault occurs before the first fault isdetected. Obviously, the reliability derived basedon these assumptions is lower than the realisticreliability. Even if a non-fault-secure fault occursas the first fault, the fault-secure property is lostonly when the appropriate code word input is alsopresented. Further, a self-checking circuit mayexhibit SFS and/or SCD properties for some faultsequences. A circuit is SFS or SCD if and only ifall fault sequence is SFS or SCD. In this case, thepresented derivation under estimates the proba-bility that the fault-secure property is still intact.For a more accurate estimation of self-checking

reliability, we must handle these two cases explic-itly. The first case can be easily incorporated bycounting the probability of losing fault-secureproperty for each non-fault-secure fault and use itin the equation. This probability can be derived asa ratio of the number of code word inputs that thecircuit will not lost the fault-secure property. Tocope with the second case, one must analyze indetail all possible fault sequences for their fault-secureness implications, as we have pointed out inSection 3.3. These will be the subjects of futurestudies.

Finally, we point out an important implicationof this work is that a self-checking design that doesnot guarantee to be fault-secure and/or self-testingcan still be used in some applications. After all, theoptimal fault-tolerant design is the one that hasbeen optimized for the given application. This is animportant consideration that should be included inthe self-checking circuits research.

Acknowledgments

This work is supported by the National ScienceFoundation under grant MIP-9308085.

References

[1] W. C. Carter and P. R. Schneider, "Design of dynamicallychecked computers," in Proc. IFIP-68, pp. 878-883,August 1968.

[2] D. A. Anderson and G. Metze, "Design of totally self-checking check circuits for m-out-of-n codes," IEEE Trans.Comput., vol. C-22, plS. 263-269, March 1973.

[3] J. E. Smith and G. Metze, "Strongly fault secure logicnetworks," IEEE Trans. Comput., vol. C-27, pp. 491-499,June 1978.

[4] A. L. Hopkins, Jr., T. B. Smith III and J. H. Lala,"FTMP--A highly reliable fault-tolerant multiprocessor foraircraft," Proc. IEEE, vol. 66, pp. 1221-1239, October 1978.

[5] J. H. Wensley, L. Lamport, J. Goldberg, M. W. Green,K. N. Levitt, P. M. Melliarsmith, R. E. Shostak and C. B.Weinstock, "SIFT: Design and analysis of a fault-tolerantcomputer for aircraft control," Proc. IEEE, vol. 66,pp. 1240-1255, October 1978.

[6] W. N. Toy, "Fault-tolerant design of local ESS processors,"Proc. IEEE, vol. 66, pp. 1126-1145, October 1978.

[7] J. C. Lo and E. Fujiwara, "A probabilistic measurement fortotally self-checking circuits," in Proc. IEEE Workshop onDefect and Fault Tolerance in VLSI, pp. 263-270, October1993.

[8] J. C. Lo and E. Fujiwara, "Probability to achieve TSCgoal," submitted to 1EEE Trans. Comput.

[9] T. Takano, T. Yamada, K. Shutoh and N. Kanekawa,"Fault-tolerant experiments of the "Hiten" onboard spacecomputer," in Proc. 21st Int’l Syrnp. Fault-TolerantComput., pp. 26-33, June 1991.

[10] M. Lubaszewski and B. Courtois, "Reliable fail-safesystems," in Proc. 2nd Asian Test Symp., pp. 32-37,November 1993.

[11] B. Courtois, "Performance modeling of partially self-checking systems," in Proc. 12th Syrnp. Fault-TolerantComput., pp. 140-146, June 1982.

[12] D. J. Lu and E. J. McCluskey, "Quantitative evaluation ofself-checking circuits," IEEE Trans. Computer-AidedDesigns, vol. CAD-3, pp. 150-155, April 1984.

[13] E. Fujiwara, N. Mutoh and K. Matsuoka, "A self-testinggroup-parity prediction checker and its use for built-intesting," IEEE Trans. Comput., vol. C-33, pp. 578-583,June 1984.

[14] E. Fujiwara and K. Matsuoka, "A self-checking general-ized prediction checker and its use for built-in testing,"IEEE Trans. Comput., vol. C-36, pp. 86-93, January 1987.

[15] K. S. Trivedi, Probability & Statistics with Reliability,Queuing, and Computer Science Applications. Prentice-Hall,Inc., Englewood Cliffs, NJ (1982).

[16] D. P. Siewiorek and R. S. Swarz, Reliable ComputerSystems: Design and Evaluation. 2nd edition, Digital Press(1992).

[17] M. Nicolaidis and B. Courtois, "Strongly code disjointcheckers," IEEE Trans. Cornput., vol. 37, pp. 751-756,June 1988.


[18] F. F. Sellers, M. Y. Hsiao and L. W. Bearnson, ErrorDetecting Logicfor Digital Computers. McGraw-Hill, NewYork (1968).

[19] T. R. N. Rao and E. Fujiwara, Error-Control Coding forComputer Systems. Prentice Hall, Englewood Cliffs, NewJersey (1989).

Author’s Biography

Jien-Chung Lo received his M.S. and Ph.D., both inComputer Engineering, from University of South-

western Louisiana in 1987 and 1989, respectively.He is currently an Associate Professor at theUniversity of Rhode Island. He served on theProgram Committees of 1994 IEEE InternationalWorkshop on Defect and Fault Tolerance in VLSISystems and the 1st IEEE International On-LineTesting Workshop. His research interests include:designs and evaluations of self-checking circuitsand systems, dependable distributed computingsystems, and VLSI defect modeling and testing.

International Journal of

AerospaceEngineeringHindawi Publishing Corporationhttp://www.hindawi.com Volume 2010

RoboticsJournal of

Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of



RotatingMachinery


Hindawi Publishing Corporation http://www.hindawi.com

Journal ofEngineeringVolume 2014

Submit your manuscripts athttp://www.hindawi.com

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

The Scientific World JournalHindawi Publishing Corporation http://www.hindawi.com Volume 2014

SensorsJournal of


Modelling & Simulation in EngineeringHindawi Publishing Corporation http://www.hindawi.com Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks


Case Study of Self-Checking Circuits...

Documents

Transcript of Case Study of Self-Checking Circuits...