Test is undergoing a revolution in terms of how it is perceived, how it is performed and where it is done.
For years, test was something of an afterthought. It was a separate operation that was done after the design was finished, or it was a self-contained module that had to be characterized for power, heat and electrical effects, but not much else. As more chips find their way into markets such as automotive, and as security becomes a bigger concern, test is being looked at far differently than in the past.
Bassilios Petrakis, product management director at Cadence, said the concept of security can be broken down into four main areas: Internet security, software security, product security and hardware security. “And you can see how they all interact. You need ICs to build products with the software on top to provide services on the Internet in the cloud. You can see how all of these things are connected.”
There are efforts throughout the continuum too, he said. “In fact, some governments have already taken steps to make sure things are more secure. In Europe, for instance, there are laws now for communication security that companies have to adhere to. In the United States, one of the biggest issues now is requiring distributors to verify that the ICs they sell are not counterfeit.”
Interestingly, Petrakis said, there is an intercept between security and test and debug due to the TAP (test access port) — the JTAG, USB, I2C, or other method. Once in, then hypothetically the hacker can do data snooping, and instrument snooping to either to find out what the encryption is or what the pass codes are.
There is no single solution here. “It turns out that there are different levels of things you can do, some of which are basically either too complicated or require too much area overhead,” he explained. “Theoretically, say I can take a design and once I test it, I permanently disable JTAG by adding fuses that are then blown up. This is a great idea, but guess what? Once you put the chip on the board and it goes to a customer, if the customer experiences a problem and he has to return it, now the company that owns that board is not able to go in and do the board test to get inside the chip and start investigating or debug it. You could also do a partial disablement of the JTAG. That’s another method. Of course there are companies that create very sophisticated access mechanisms. A good example could be a large CPU company that requires you to functionally boot the device before you can actually do something with it, so the access is preceded by some other action before you can do something that is very complex.”
To complicate matters, there are no real standards here specifically related to security in test, but Petrakis noted there are discussions in the test community about creating something that is. “One such possibility is the idea of putting simple locks in the serial scan network, so that as you come in through the TAP and you want to access the particular instrument, part of enabling that instrument requires that you load up certain registers (called locks) with certain bits that are meaningful basically to the test designer—in other words to the hardware itself. And these can be cascaded. The overhead for these is very small. They are just registers that you load up with certain bits. So for somebody hacking, this idea that you could put some registers in there and every time he has to try a combination. It would take 18,000 years to unlock.”
Demand for higher quality
Another area where the automotive industry is putting more emphasis on test comes in increased demand for the ability to run in-line self testing, and power-on self test, according to Steve Pateras, product marketing director for test at Mentor Graphics.
Coupled with this, the automotive industry is focused on quality, and demands this from its suppliers, as well, he said.
To this point, one of the areas growing in importance is analog test. It is safe to say that the digital test problem is well managed, but many automotive engineering teams have shifted their focus to analog test time and test coverage. “Especially to meet requirements for the ISO 26262 standard, they need to be able to measure all of the defect coverage – not just digital — so the analog part is becoming more and more important,” Pateras said. “It is becoming a primary concern.”
Analog and test are not often discussed together. In fact, he believes the test industry is about 20 years behind where it is from a digital perspective. “This is because analog test is a much harder problem. Digital test is developed structurally. It’s a little harder to do that with analog. Analog design is more of an art than a science in many instances. Partly it is cultural. Analog engineers don’t like people mucking around with their designs. DFT becomes more difficult, and right now there aren’t any standardized ways of measuring defects or fault coverage in analog. That is a big issue.”
This has been one of the big selling points for digital over the years. “One of the first things we did in the digital world was define fault models 30 years ago, and this allowed us to standardize way of measuring what you were covering. We need to come up with something similar for analog.”
To this end, Mentor Graphics is now in the alpha stage of an analog fault simulation engine, and by doing this is essentially proposing certain approaches to measuring analog fault coverage, Pateras added.
ISO 26262 requires specific testing
Robert Ruiz, senior product marketing manager at Synopsys, agreed that automotive has become one of the biggest opportunities for test. But he notes that automotive standards add implications for testing tools that are unique.
The ISO 26262 standard describes functional safety requirements. From a high level, it requires looking at how safety-critical the design or the circuit with in the design itself is. “Is it controlling the stereo or is it controlling the braking control system? There it is sort of a measurement of how safety critical it i,s and if it meets certain thresholds, then there are additional requirements that apply,” he explained. “For example, the amount of defective parts per million (DPPM) have to be a certain number, especially if it is more safety-critical. Then, if it is very safety-critical, it has to do some type of monitoring of itself and take some appropriate safe action if there is some type of defect.”
This is an increasing concern for companies that seek to do business in the automotive space. The biggest requirements Synopsys is hearing about in regard specifically to test are as follows:
“First, when there are defective parts per million requirements, these are both a safety issue and a business issue,” Ruiz said. “If you realize all of a sudden there is a defect in your part and it is already installed in radios and all the cars are on container ships, it is a very expensive recall. They are ideally aiming for below one in 1 million parts defective.”
Second, there is a growing interest in smaller ‘big A, little D’ parts with fewer pins that need to reduce costs.
“Third,” Ruiz said, “if there is a safety-critical circuit in a design, then there are safety measures. Logic BiST can be used to do some real-time test. The interest that we are seeing with Logic BiST is not for trying to replace scan, but rather as an additional function like, ‘I need a USB control in my chip. I need some real time testing.'” This is an orthogonal capability, but a requirement especially in automtive.
Synopsys started discussing its logic BiST technology earlier this year, and here, what engineering team need is the capability, as required in the standard, to test critical parts.
Ruiz has observed a number of engineering teams have designed chips with five areas of critical processors inside the chip. For safety measurements, they duplicated those five cores. “There are five unique functionalities, but they are replicated so there’s a total of 10. What the part does when it is installed in the system is use one of the cores actively in the car, and when one of those cores goes off-line, the duplicated core will go online and the original core will undergo a logic BiST test.” If there is a problem, the driver can then be notified with a light on the dash board to take the vehicle to be serviced.
“This is where we think about the ISO standard implication on test — there is a very specific implication. There is this core, it’s been identified as safety-critical, so therefore there has to be some measure to address the safety critical aspect. This would be referred to as live in-system test. Another other application for automotive is the power on test before you even start moving the car,” he said.
Ruiz added that the automotive IC provider’s end goal is getting certification for these parts. “As they develop a chip and are ready to sell them to the automotive system integrator, they want to supply these parts and get a stamp saying these parts are ISO certified. The reason they want to do that is to avoid any issues regarding liability. For that reason, automotive chip makers started stressing that as they go through the certification process, they could clearly document their design, the verification steps, the regression suites, and so on, but the one issue they were having trouble with was the ATPG coverage number.”
He said this issue popped up simultaneously with multiple companies, and boiled down to this: “How can they present with confidence to the certification company that if a tool says it has 99% of the stuck-at faults covered, that it is indeed 99% of the faults? There’s no golden standard. What a number of customers asked was about documentation of the development flow, our regressions, our bug tracking — and a tremendous amount of extra effort for us, and for them, to integrate this into this big package they have to hand off and get audited on.” Based on those requests, Synopsys engaged with certification company SGS and has had certain tools and IP certified.
Petrakis likewise has seen more demand for logic BiST in the automotive space from a safety point of view. “Anytime you do that, there’s always going to be new enhancements or new ways that LBiST needs to be run and new considerations. It’s the same thing for memory BiST. In the past it used to be optional. The algorithms that people ran on their memory BiST were pretty well defined and understood, but there is not necessarily enough evidence yet in the advanced nodes what exactly are the new algorithms you have to run.” Still, Cadence has made its MBiST engine fully programmable so that if an engineering team anticipates they might have to run a more advanced algorithm, space can be reserved on the chip for the MBiST engine to accommodate that algorithm.
As the automotive electronics industry continues to pick up steam with demands for increased sophistication and complexity, other interesting uses for test technology will surely emerge.