Equipment hardware that must perform system operations without interruption is continuously monitored by system diagnostic software. The diagnostic software monitors the equipment hardware for detection of fault conditions, and switches the system operations to run on redundant circuitry that would avoid the fault condition. The system diagnostic software itself needs to be tested. Fault injection is a procedure involving the injection of fault conditions directly on equipment hardware to test the systems diagnostic software for response to the injected fault conditions. However, the equipment hardware would lack input and output connection points for injection of fault conditions, because of crowded micro-processors, FPGAs and ASICs on typical circuit boards, and due to imbedding of interconnection points in interior layers of the typical circuit boards.
Boundary scan (B-S) is a structured test technique that was developed to test integrated circuit (IC) interconnects on printed wire boards (PWBs) when physical access is impossible, difficult, or impractical. Implementation of the boundary scan test technique requires that a shift register and latch be placed at the functional inputs and outputs (I/Os) of an IC. Each I/O pin can be driven to a known state or the current logic level can be captured and scanned out via a four-wire serial bus.
The test bus and protocol as well as the behavior of the boundary cells are defined in IEEE Std. 1149.1. This standard defines a standard test logic architecture for implementing boundary scan functions which can be included in an integrated circuit for the purpose of testing the interconnects to the integrated circuit, the integrated circuit itself, or other integrated circuits. The test architecture is defined to include a test access port (TAP) having connections for a test clock pin (TCK), a test mode select pin (TMS), a test data input pin (TDI) and a test data output pin (TDO). The test architecture also includes a TAP controller (boundary-scan state machine). Thus, as IC pin counts increase, pin spacing decreases, and direct pin accessibility becomes increasingly difficult, boundary scan (B-S) is playing an increasing role in design verification, manufacturing, and the testing of new products.
At present boundary scan allows all pins of a B-S chip to be controlled uniformly by either system or B-S logic. The requirement that all pins are controlled by the same logic (that is, for the same chip, some pins cannot be controlled by system logic while others are controlled by B-S registers), however, limits B-S usage for many applications, for example, those applications requiring fault injection.
Fault injection, also known as fault insertion, is a widely used method to develop high quality test for complex systems. Not only has it been used to verify fault tolerant capabilities and system-level built-in self test (BIST) hardware designs, but also used to develop and verify diagnostic software for highly reliable systems. It is very difficult and sometimes impossible to perform these system verification tasks via simulations at the board or system level. The most common fault injection method is the physical pin-level fault injection, where a stuck-at or open fault is injected to a pin of a chip via a switch or jumper. Usually only a handful pins are selected to be modified for fault injection due to a number of problems, such as restriction of physically accessible pins of highly dense package devices on a board, possible damage to the devices, lengthy labor intensive process to set up the physical fault injection, and so on. Hence, not only the resulting fault coverage is low but also the test process is very expensive.
Previously, a number of fault injection methods and systems have been proposed for ASICs. In these methods and systems, the standard B-S cells and test access port (TAP) controllers are modified, and the instruction set is enhanced to provide a mechanism for ‘virtual’ fault injection compared to the traditional physical methods. Such an application is beyond the well-known B-S application for testing interconnects in manufacturing testing. And the application can not be implemented in previously installed operating systems, because they have previously existing IEEE 1149.1 boundary scan standard compliant architecture, which do not have modified BS cells, and which can not be tested with modified TAP controllers.
A number of fault injection methods and systems have been proposed. The first proposed method uses the SAMPLE/PRELOAD instruction to preload fault values, followed by another instruction to expose the fault values to the corresponding output pins. However, neither the implementation of the fault injection instruction nor the enhancement of the B-S cell to support fault injection have been given.
The second proposed method is to use the standard B-S instruction (HIGHZ or CLAMP) to alter the output values for all the output pins of a B-S device. Although no modification of the TAP and B-S register is required at all to use this method, it is not sufficient in most of system verification.
Another method and system has been proposed by Savio Chau in “Fault Injection Boundary Scan Design for Verification of Fault Tolerant Systems”, Proc. of International Test Conference, October, 1994, pp. 677-681. Chau proposes to modify B-S circuitry to inject faults at individual pins, in which the value of the B-S register is used to determine if a fault is injected or not.
Chau describes three B-S designs, each of which requires modification of IEEE 1149.1 Boundary Scan standard compliant architecture to support fault injection. However, in the first design, the faulty value to be injected must be identical on all selected pins. Furthermore, the B-S data register is constrained from being shifted to update status during fault injection. The second design modifies the IEEE 1149.1 Boundary Scan standard compliant architecture with a tri-state buffer for stuck-open fault injection. In the third design, the pin selection data, determining which pins will be injected with faults, is loaded into the update flip-flop (FF) of a modified B-S register. Once the fault injection enable FF is set in the instruction register of the modified B-S architecture, the fault injection values are injected on the selected pins. However, there are two main drawbacks of this design: (i) the fault injection selection data, which were previously shifted into the update FF of the B-S register, are corrupted when entering the update state of the TAP controller while the fault injection values are shifted in; (ii) the logic values of the fault injection pins are rippling when the fault injection values are shifting into the capture FF of the B-S register.
In another reference, Nadeau-Dostie, B. et al., “A New Hardware Fault Insertion Scheme for System Diagnostics Verification”, Proc. of International Test Conference, October, 1995, pp. 994-1002, an alternate fault injection method is proposed for system diagnostics verification. It achieves several improvements over the designs in Chau, but the area overhead can be as high as 50 to 100% depending on the pad type. There are also some compliance issues with the IEEE 1149.1 Boundary Scan standard.
The system described by Nadeau-Dostie et al. requires modification of the B-S register so that the update state of TAP controller is suppressed to avoid the corruption of the data that was previously shifted in. To prevent the rippling effect on the output of a fault injection pin, two separate B-S cells are used, one for storing the fault injection selection data and the other for the fault injection value, instead of two FFs within a B-S cell, as proposed by Chau.
The methods and systems proposed by both Chau and Nadeau-Dostie et al. can not be implemented unless IEEE 1149.1 Boundary Scan standard compliant architecture is modified as proposed by Chau and Nadeau-Dostie et al.
The previously proposed systems and methods do not fulfill a present need for a fault injection system and method that uses existing IEEE 1149.1 Boundary Scan standard compliant resources without modification, and which can be implemented by existing installed operating systems. Further, the previously proposed systems and methods do not fulfill a present need for a fault injection system and method that is operative in system mode.