

# Hybrid System Approach to On-Line Testing of Mixed Signal VLSI Circuits: A Case Study of DC-DC Buck Converters

S Biswas, S Samanta, D Sarkar, S Mukhopadhyay, A Patra

Advanced VLSI Design Lab., Indian Institute of Technology, Kharagpur, INDIA (Corresponding author e-mail:santoshbiswas402@yahoo.com)

**Abstract:** This work is concerned with the development of a method for the design of Mixed Signal VLSI circuits with on line testing capability. A novel theory of Fault Detection and Diagnosis of Hybrid Systems has been applied for the on-line detection of catastrophic stuck-at faults in mixed VLSI circuits. Based on this an FPGA based system has been developed to design a DC-DC buck converter with on-line testing capability. To the best of our knowledge the proposed methodology is one of the first attempts to provide a solution for On-Line Testing of mixed signal VLSI circuits using a formal theory, which is applicable to a very large class of low frequency analog circuits.

#### 1. INTRODUCTION

The current work is aimed at development of a method for the design of Mixed Signal VLSI circuits with On Line Testing (OLT) capability. OLT can be defined as the procedure to enable integrated circuits to verify the correctness of their functionality during normal operation by checking whether the response of the circuit conforms to its normal dynamic model.

While numerous methodologies have been developed for design of online test circuits in the digital domain [1,2], even with provision for automated recovery [3], only a limited set of approaches exists in the mixed signal domain [4,5]. Most of these methodologies have been demonstrated on a few "benchmark circuits", which are too simple compared to typical practical circuits. Moreover, these methodologies address particular classes of circuits such as linear circuits [6], filters [7,8], etc.

Fault detection and diagnosis (FDD) has been studied widely in the control system literature. For many applications Hybrid System based models, such as Hybrid Automata (HA) and Activity Transition Graphs (ATGs) are well suited [9,10,11,12]. The current work aims at developing a generic and formal methodology for on-line fault detection in Mixed Signal VLSI circuits based on the theory of Fault Detection and Diagnosis of Hybrid Systems (HS).

This paper is divided into five sections. Section 2 briefly covers the theoretical framework of the use of the theory of FDD of HS for on-line fault detection Section 3 discusses the design case study of DC-DC buck Converter with On-Line Testing Capability. Section 4 highlights silicon test results and Section 5 presents conclusions.

### 2. THEORY OF DISCRETE TIMED HS

#### 1.1 Discrete Timed Hybrid System Model

A Discrete Time Hybrid Systems (DTHS) model G is defined as  $G = \langle V, X, t, \Im, \theta \rangle$ , where  $V = \{v_1, v_1, \dots, v_n\}$  is a finite set of continuous and discrete data variables, X is a finite set of activity states, t is a clock variable,  $\Im$  is a finite set of transitions and  $\theta$  is an initial condition. A *data state*  $\sigma$  is an interpretation of all variables in V. The

A data state O is an interpretation of all variables in V. The set of all data states is termed as *data space* and is represented as  $\sum_{D}$ . The model has a clock variable t with  $type(t) = \aleph$ , the set of all natural numbers. The clock variable represents time on a global clock.

An activity state x is defined by a set of rate variables and a discrete data state. For a continuous variable  $v_c$  and the activity state x, the rate variable is defined as  $[v_c(t+\Delta t)-v(t)]/\Delta t$ . The set of rate variables in an activity state is denoted as  $\Delta_x$ . A timed state is a tuple  $\langle x, \sigma, t \rangle$ . The infinite set of all timed states is denoted as Q. A transition  $\tau \in \mathfrak{I}$  from an activity state x to another activity state  $x^+$  is an ordered six-tuple  $\tau = \langle x, x^+, h_{\tau,l_\tau}, u_{\tau} \rangle$  where, x is initial activity state of the transition, denoted as *initial*  $(\tau)$ ;  $x^+$  is the final activity state of the transition of  $\tau$ ;  $h_{\tau}$  is the transformation function that transforms the data variable during the transition  $\tau$ ;  $l_{\tau}, u_{\tau}$  are the lower and upper time bounds.

Some definitions are provided next that will be used for studying the conditions of diagnosability of failures in a hybrid system as defined above.

#### Definition 1: Target Set of a transition

A set  $V_{\tau} \subseteq V = \{v_i | v_i \in V \& h_{\tau,i}(\sigma) \neq \sigma(v_i)\}$ , for some  $\sigma \in \Sigma_D$  $\sigma(v_i)$ , for some  $\sigma \in \Sigma_D$  is said to be the target set (of variables) of a transition  $\tau$ . The set  $V - V_{\tau}$ , therefore, contains variables that are left unchanged by  $\tau$ . The *tick transition*, or simply *tick*, denoted as  $\eta$ , is a special transition defined as  $\eta = \langle x, x, true; h_{\eta, -, -} \rangle$ , where,

 $h_{\eta}$  changes the continuous variables by their respective rates, increments the clock t by 1 and leaves the discrete variables unchanged. *Tick occurs infinitely often and is not explicitly included in*  $\Im$ . The time bounds of tick are left undefined since it is presumed to occur at precise instances of time and there is no uncertainty regarding its time of occurrence. The time bounds of other transitions are defined in terms of tick.

A trace of a process model G (or, the model M) is a sequence of transitions of G denoted as  $s = \langle \tau_1, \tau_2, ..., \tau_f \rangle$ , where *initial*  $\langle \tau_{i+1} \rangle = final \langle \tau_i \rangle$ , for i = 1 to (f-1). We denote *initial*  $\langle \tau_1 \rangle$  as *initial* (s) and *final*  $\langle \tau_f \rangle$  as *final*(s). The set of all traces *generated* by G is the language of G, denoted as L(G). Since *tick* transition is not explicitly included in  $\mathfrak{I}$ , a trace of G does not contain any tick transition.

The post language of G after a trace s, denoted as L(G)/s, is defined as  $L(G)/s = \{t \in \mathfrak{I}^* st \in L(G)\}$ .

#### 2.1 Process model with measurement limitation

During modelling, some hypothetical and therefore unmeasurable status variables are used to distinguish between faulty and normal conditions of a process. Moreover, it may not be possible to measure all data variables due to inadequacy of sensors or due to physical limitations. Especially, in the case of analog circuits, measurement limitations arise due to restriction in tapping points due to factors such as loading, noise etc. The set of all data variables can be partitioned into two disjoint subsets,  $V_m$  and  $V_u$  of measurable and unmeasurable variables, respectively. Let  $\sigma_m$  and  $\sigma_\mu$  represent, respectively, the measurable and unmeasurable parts of the data state  $\sigma$ . Similarly the measurable and unmeasurable components of the discrete and the continuous parts of the data spaces are represented as  $\sigma_{md}, \sigma_{mc}(\sigma_{ud}, \sigma_{uc})$ . In the current work, transitions leading to failures are assumed to be unmeasurable, since they cause changes only in the unmeasurable variables. All other variables and transitions are assumed measurable.

### Definition 2: Exit data space of a transition

Let  $\tau = \langle x, x^+, h_r, l_\tau, u_\tau \rangle$  be a transition. The *exit data* of  $\tau$  is the set of data states (of the activity state x) where the transition is eligible to take place, that is,  $e_\tau = true$  and  $l_\tau$  has elapsed after the choice point of  $\tau$ . The exit data space is computed in terms of another entity called the *choice space*  $e_{\tau l}$  of  $\tau$ , which comprises the region of data space where  $\tau$  is enabled first. The exit data space  $\rho_\tau$  is given as  $\left[e_{l_\tau}, e_{u_\tau}\right]$  or  $\left[e_{u_\tau}, e_{l_\tau}\right]$  where, for each continuous variable v,  $\prod_{v} (e_{l_\tau})$  and  $\prod_{v} (e_{u_\tau})$  are obtained by solving the differential equation:  $dv/dt = \Delta_x^v, v(t_{cr}) = \prod_v (e_{\tau l})$ .

The measurable exit data space of a transition  $\tau$  is denoted as  $\rho_{mr}$ ;  $\rho_{m\tau} = \prod_{V_m} (\rho_{\tau})$ .

Under a given measurement limitation, the transitions are partitioned into *measurable* and *unmeasurable* transitions as defined in the subsequent sections.

Definition 3: Measurable Transitions A transition  $\tau = \langle x, x^+ \rangle$  is said to be measurable if  $(V\tau \cap Vm \neq \Phi) \lor (\Delta mx \neq \Delta mx^+)$  over the exit data space of  $\tau$ , where  $V_{\tau}$  is the set of target variables of  $\tau$  and  $\Delta_{mx}, \Delta_{mx}^+$ are the measurable rates in the activity states x and  $x^+$ , respectively. The set of measurable transitions is denoted as  $\Im_m$  and the set of unmeasurable transitions is denoted as  $\Im_u$ .

# Definition 4: Indistinguishability of measurable transitions

Two measurable transitions  $\tau_1 = \langle x_1, x_1^+ \rangle$  and  $\tau_2 = \langle x_2, x_2^+ \rangle$  are indistinguishable, is denoted as  $\tau_1 \varepsilon \tau_2$ , if all of the following conditions are satisfied.

1. 
$$\forall \sigma_m \in \sum_m, h_{m\tau_1}(\sigma_m) = h_{m\tau_2}(\sigma_m)$$
  
2  $(\Delta_{mx_1} = \Delta_{mx_2}) \land (\Delta_{mx_{1}^+} = \Delta_{mx_{2}^+})$   
3.  $(\sigma_{mdx_1} = \sigma_{mdx_2})$   
4.  $\rho_{m\tau_1} \cap \rho_{m\tau_2} \neq \phi$  /\* overlapping of data space \*/

5.  $(l\tau_2 < u\tau_1) \lor (l\tau_1 < u\tau_2)$  /\* overlapping of time space \*/

The measurement indistinguishability relation on the set  $\Im_m$  of measurable transitions is a *compatible relation* (that is, reflexive and symmetric but not transitive), which induces compatible classes on a given subset of transitions.

Definition 5: A projection operator

 $P: \mathfrak{I}^* \to \mathfrak{I}_m^*$  can now be defined in the following manner.

 $P(\varepsilon) = \varepsilon$ , the null string

$$P(\tau) = \tau, if \tau \in \mathfrak{S}_m$$
$$P(\tau) = \varepsilon, if \tau \in \mathfrak{S}_u$$

 $P(s\tau) = P(s)P(\tau)$  where  $s \in L(G), \tau \in \mathfrak{I}$ 

P(s) is termed as the *measurable trace* corresponding to trace *s*.

Definition 6: (Inverse Projection Operator)

The inverse projection operator  $P^{-1}: \mathfrak{Z}_m^* \to 2^{\mathfrak{Z}}$  is defined as  $P^{-1}(s) = \{s' \in L(G) \mid s\mathfrak{Z}s'\}$ .

Definition 7: (Measurement indistinguishability of traces) Two traces s and s' are measurement indistinguishable, denoted as  $s \varepsilon s'$ , if  $P(s) = \langle \tau_1, \tau_2, ..., \tau_f \rangle$ ,  $P(s') = \langle \tau'_1, \tau'_2, ..., \tau'_f \rangle$  and  $\forall i (1 \le i \le f) \Rightarrow \tau_i \varepsilon \tau'_i$ .

# 2.2 Fault Modelling and Failure Diagnosis

Each state of the system is assigned a fault label by an unmeasurable status variable *C* with its domain =  $\{N, F_1, F_2, ..., F_p\}$ , where  $F_i, 1 \le i \le p$ , stands for permanent

faults and *N* stands for normal status. The value of C for the activity state *x* is alternatively represented as  $\kappa(x)$ .

Let an activity state be  $x = \langle x_1, x_2, ..., x_n \rangle$ , where the *i*<sup>th</sup> element of *x* represents the activity state of the *i*<sup>th</sup> component. The fault label can be found as  $\mathcal{K}(x) = \{\bigcup \mathcal{K}(x_i)\}$ .

Faults are assumed to be permanent but may develop at arbitrary instants, where upon the HS, makes the corresponding unmeasurable fault transition.

### Definition 8: Normal activity state

An activity state is called normal, denoted as  $x_N$  if  $\kappa(x) = \{N\}$ . The set of all normal activity states is denoted as  $X_N$ .

# Definition 9: $F_i$ -activity state

An activity state is called an  $F_i$  -activity state, denoted as  $x_{F_i}$ 

if  $F_i \in \mathcal{K}(x)$ . The set of all  $F_i$ -activity states is denoted as  $X_{F_i}$ .

# Definition 10: $F_i$ -Diagnosability

An activity transition graph G is said to be  $F_i$ -diagnosable for a fault  $F_i$  under a measurement limitation if the following holds

$$(\exists n_j \in N) [\forall s \in \psi \left( X_{F_i} \right)] (\forall t \in L(G) / s) [|t| \ge n_j \Rightarrow D]$$
  
where the condition D is

$$\forall y \in P^{-1}[P(st)], final(y) \in X_{F}$$
.

### 2.3 Diagnoser

The diagnoser, denoted as O, is a di-graph  $O = \langle Z, A \rangle$ , where Z is the set of diagnoser nodes, called O - nodes and A is the set of diagnoser transitions. Each O - node $z \in Z$  is a set of activity states representing the uncertainty about the actual activity state and each transition  $a \in A$  of the form  $\langle z_i, z_f \rangle$  is a set of measurement indistinguishable transitions representing the uncertainty about the occurrence of the actual measurable transition. The details pertaining to the diagnoser construction can be found in [9,111,4].

# 3. SYNCHRONOUS DC-DC BUCK CONVERTER

The specification of the DC-DC buck converter, which we have considered as our test case is given below: *Target Specification* 

- 1. Maximum output current: 225mA
- 2.  $V_{supply}$ : Input Voltage in the range of 3V to 7V
- 3.  $V_{out}$ :Output Voltage in the range of 1.25V to input voltage
- 4. Inductor =  $30 \mu$ H
- 5. Output Capacitor = 150uF

- 6.  $V_{ripple}$ : Peak-to-Peak Ripple voltage < 2% of the output voltage.
- 7.  $V_{ref}$ : Band Gap Reference Voltage 1.235 V
- 8. "*E*" Expected output voltage. For a given application *E* is determined by selecting  $R_1$  and  $R_2$  i.e.,  $E = V_{ref} (1 + R_2 / R_1)$ . The output voltage obtained is given by  $V_{out} = E \pm V_{ripple} / 2$ .

Monoshot based design: Fig.1 shows the block diagram of the scheme, detailed in [13].

### Steps in the operation of the circuit:

- □ Pre-charge Mode
- During the initial start up of the circuit the Monoshot is used to turn the PMOS on for  $T_{ON}$  ( $T_{ON}$  = constant based on the maximum load current). The capacitor is charged raising the output voltage.
- After  $T_{ON}$  time the PMOS switch is turned off and the voltage of node  $V_{cx}$  goes negative. The zero crossing detector turns on the NMOS switch.
- When  $V_{cx} = 0$ , i.e., after the inductor current decays to zero, the NMOS is switched off.
- As V<sub>out</sub> ≤ E − V<sub>ripple</sub> / 2, the PMOS is switched on again. The Hysteresis comparator ensures this by keeping its input to the OR gate as 0.

This repeats till the out put voltage reaches the lower cut-off of the band i.e.,  $E - V_{ripple} / 2$ 

## Normal Mode

- The Monoshot is used to turn the PMOS on for  $T_{ON}$ .
- After  $T_{ON}$  time the PMOS switch is turned off and the voltage of node  $V_{cx}$  goes negative. The zero crossing detector turns on the NMOS switch.
- When  $V_{cx} = 0$ , i.e., after the inductor current decays to zero, the NMOS is switched off.
- As  $V_{out} \ge E V_{ripple} / 2$ , the PMOS is not switched on now. The Hysteresis comparator ensures this by keeping the OR gate output 1.
- The capacitance discharges to maintain a constant output current. The value of the output voltage drops as the capacitor discharges via the load.
- When,  $V_{out} \le E V_{ripple} / 2$ , the PMOS is switched on again.

This repeats as long the circuit is in power

# 3.1 Modelling of the DC-DC Converter

In this subsection HS modelling of the DC-DC buck converter is discussed. Fault diagnosis is demonstrated using a catastrophic fault in the hysteresis comparator. The Hysteresis Comparator Block is illustrated in Fig. 2. Under fault, the output of the zero pulse (ZP1) is stuck at logic one. The Variables, Activity States and the Transitions of the model are given in Tables 1, 2 and 3, respectively. The ATG of the System is shown in Fig 3.

## 3.2 Fault Diagnosability of the DCDC converter

A diagnoser is constructed from the system ATG that can be synthesized as a mixed signal circuit and placed on-chip for concurrent testing of the circuit.

Certain important definitions and facts regarding diagnosability are presented next, before construction of the diagnoser for the DCDC converter.

# Definition 11: $F_i$ – indeterminate cycle

A cycle in the diagnoser comprising only  $F_i$ -uncertain nodes

 $(F_i - \text{uncertain cycle})$  is called  $F_i - \text{indeterminate cycle if at}$ 

least one of the  $F_i$  cycles (of the system FSM) corresponding

to that diagnoser cycle also forms a cycle in the system. In simple words, if the system moves in a cycle where the measurable variables are "observed to be similar" in both normal and faulty conditions, then the system is said to move through an  $F_i$  – indeterminate cycle.

#### Definition 12: Fair Transitions

If there is a G-Trace that visits a state x infinitely often, then any fair transition  $\tau$ , from x is also traversed by the Gtrace infinitely often. The fairness property implies that if there is a cycle in G that has at least one transition from at least one of its states that moves out of the cycle and is fair, then the cycle can only be traversed a finite number of times at a stretch.

Using the above property some transitions may be determined to be fair. If a system has a start up phase and an operational phase, then the transitions involved in the start up phase may be unfair while all others corresponding to the operational phase are fair.

Now we propose a necessary and sufficient condition of diagnosability, taking into account the property of fairness.

We term this as  $F_i - F$  - Diagnosability. Before presenting

the condition, the definition of  $F_i - F$ -Indeterminate cycle is introduced.

# Definition 13: $F_i - F$ – Indeterminate cycle:

An  $F_i$ -Indeterminate cycle is said to be

 $F_i - F$  – Indeterminate if there exists at least a corresponding G-cycle that does not have any node with any fair outward (out of the  $F_i$ -Indeterminate cycle) transition from it.

The necessary and sufficient condition for  $F_i - F - :$ Diagnosability:

A Hybrid system is said to be  $F_i - F$  – Diagnosable iff there

is no  $F_i - F$  – Indeterminate cycle in the Diagnoser.

The formal proofs of the condition and the Diagnoser construction have not been discussed in detail for sake of brevity. For details the reader is referred to [9,11,14].

Intuitively the following can be conceived: Let there be no  $F_i$  – indeterminate cycle which does not have a fair outward

transition. Thus system can move in an  $F_i$  – indeterminate

cycle (cycle where the measurable variables are "observed to be similar" in both normal and faulty conditions), only a finite number of times. Thus, in case of failure, the measurable variables will show behavioural difference from the normal mode of operation within a finite time, leading to the detection of the fault.

The diagnoser for the DCDC converter is presented next which is capable of detecting (a single status bit is made high for indicating the fault) the s-a fault in the zero pulse of the Hysteresis Comparator Block.

The diagnoser for the current case comprises the following:

The initial node  $z_1$  consists of the initial node of the composed system  $x_1$  and its successor  $x'_1$  via unmeasurable transition  $\mathcal{T}\mathbf{1}_F$ . The set of non-distinguishable measurable transitions from  $z_0$  i.e., { $\mathcal{T}_1, \mathcal{T}'_1$ } constitute the arc  $a_1$  of the diagnoser. In the same way the complete diagnoser is constructed and illustrated in Fig. 4.

 $\begin{array}{ll} Transitions: & a_1 = \{\tau_1, \tau_1'\}, a_2 = \{\tau_2, \tau_2'\}, a_3 = \{\tau_3, \tau_3'\}, \\ a_4 = \{\tau_4, \tau_4'\}, a_5 = \{\tau_5, \tau_5'\}, a_6 = \{\tau_6, \tau_6'\}, a_7 = \{\tau_7\}, \\ a_8 = \{\tau_8\}, a_9 = \{\tau_7'\}, a_{10} = \{\tau_8'\} \text{ and } a_{11} = \{\tau_7'\}. \\ Nodes & :z_1 = \{x_1, x_1'\}, & z_2 = \{x_2, x_2'\}, & z_3 = \{x_3, x_3'\}, \\ z_4 = \{x_4, x_4'\}, & z_5 = \{x_5, x_5'\}, & z_6 = \{x_6, x_6'\}, & z_7 = \{x_7\}, \\ z_8 = \{x_7'\} \text{ and } z_9 = \{x_6'\}. \end{array}$ 

The figure illustrates the fact that the fault is diagnosable. After the occurrence of the fault it reaches an  $F_i$  – certain node  $z_8 = \{x'_7\}$  and the fault is detected. Also it can be observed that an  $F_i$  – indeterminate cycle exists in the diagnoser during the pre-charge period. Thus the fault is non-diagnosable during the pre-charge mode. But there is a fair outward transition from this loop, which takes place after the pre-charge mode is over and then the fault is diagnosed. Hence it can be observed that there is an  $F_i$  – indeterminate cycle but that is not an  $F_i - F$  – indeterminate cycle.

#### 4. RESULTS

For the proof of concept, the DC-DC converter discussed in Section 3, has been used as a case study. The circuit has been fabricated and packaged with additional pin outs for testability. This state estimator, termed as a diagnoser or an observer, has been synthesized and implemented in an FPGA. The observer in the current case is equipped to detect a fault without any diagnostic information and indicate this by changing the status a single bit line. Diagnostic information may be used for automated recovery, which requires a significant amount of switching arrangement leading to performance degradation. Thus, the proposed approach switches to a new chip/module on detection of any fault, without diagnosing for details. The diagnoser is also an HA and has been designed using two 4 bit ADCs (to convert the continuous variables i.e.,  $v_{cx}$ ,  $v_{out}$  to digital signals) and digital logic (used for reasoning as in FSMs). The digital logic is encoded as an FSM and is implemented in an FPGA. To illustrate OLT, provisions have been kept to introduce dummy faults in the circuit during normal operation using MUX based arrangement similar to the one used in [15].

Test results are illustrated below. Fig. 5 shows the snapshot of an oscilloscope screen illustrating  $V_{out}$  and  $V_{cx}$  when the fault described in Section 3 occurs **during pre-charge mode**. Fig. 5 also illustrates the output of the ADC used for encoding  $V_{out}$  and the status line in a logic analyzer snapshot.

#### 4. CONCLUSIONS

The method presented in this work is aimed towards the development of a formal and generic scheme for on-line testing of analog circuits. Presently it demonstrates the feasibility of the approach in an application example. For the development of a CAD tool for automated design of fault detectors a number of steps of the proposed scheme need optimization and automation; namely allocation of optimal tap points of the circuit by the observer, area and power trade-off with respect to fault coverage and detection latency etc. Further, parametric faults leading to substantial performance degradation comprise an important class of failures even from the perspective of OLT. Considering all parametric faults is computationally expensive and techniques need to be developed to alleviate state explosion. As the observer is designed using ADCs and digital logic, the current method may lead to prohibitive area overheads if applied to large analog circuits. However, this overhead may be acceptable for a mixed signal SoC with a limited analog content.

#### REFERENCES

[1] Nicolaidis M., And Zorian Y., (1998), "On-line Testing for VLSI – A compendium of approaches", Journal of Electronic Testing – Theory and Applications, Vol. 12, No. 1-2, pp. 7-20.

[2] M. Etzel and W. Jenkins, "Redundant residue number systems for error detection and correction in digital filters," IEEE Trans. Acoust., Speech, Signal Processing, vol. 28, pp. 538–545, Oct. 1980.

[3] W. Chan and A. Orailoglu, "High-level synthesis of gracefully degradable ASICS," in IEEE European Design Test Conf., 1996, pp. 50–54.

[4] A. Chatterjee, "Concurrent error detection and fault tolerance in linear analog circuits using continuous checksums," IEEE Trans. VLSI Syst., vol. 1, pp. 138–150, June 1993.

[5] E. Simeu, A. Peters, and I. Rayane, "Automatic design of optimal concurrent fault detector for linear analog systems," in IEEE Int. Symp. Fault Tolerant Computing, 1999, pp. 184–191.

[6] A. Chatterjee, "Checksum-based concurrent error detection in linear analog circuits with second and higher order stages," in *Proc. IEEE VLSI Test Symp.*, 1992, pp. 286–291.

[7] J. L. Huertas, D. Vazquez, and A. Rueda, "Concurrent testing of analog filters using a programmable biquad," in Proc. IEEE Int. Symp. Circuits Systems, 1992, pp. 423–426.

[8] J. L. Huertas, D. Vazquez, and A. Rueda, "Online testing of switched-capacitor filters," in IEEE VLSI Test Symp., 1992, pp. 102–106.

[9] Bhowal Prodip, "On Fault Diagnosis of Timed Discrete Event Systems and Hybrid Systems", PhD Dissertation, Indian Institute of Technology, Kharagpur, India, September 2002.

[10] Zad Hashtrudi S., Kwong R.H., and Wonham W.M., "Fault diagnosis in timed discrete event system", Proc. 38th IEEE Conference on Decision & Control, pp. 1756-1761, 1998.

[11] Sampath M., Sengupta R., Lafortune S., Sinnamohideen K., and Teneketzis D., "Diagnosability of discrete-event systems", IEEE Trans. Automat. Contr., vol. 40, pp. 1555–1575, 1995.

[12] M. Lawford, W.M. Wonham, and J.S. Ostroff, "Stateevent observers for labeled transition systems," in Proc. of the 33rd IEEE Conference on Decision and Control, Orlando, FL, Dec. 1994, pp. 3642-3648.

[13] Shailendra Kumar, Amit Patra, Barry Culpepper, "Self Oscillating Control of Synchronous dc-dc Converter", IEEE PESC 2004 Conference, Aachen Germany.

[14] S.Biswas, D.Sarkar, P.Bhowal, S.Mukhopadhyay, A. Patra, "A new Concept of Fair Diagnosability in Hybrid Dynamical Systems" IEEE INDICON 2004, IIT Kharagpur, India, pp. 214-219.

[15] S.Biswas, S.Mukhopadhyay, A.Patra, "A BIST Approach to On-Line Monitoring of Digital VLSI Circuits: A CAD Tool", Asian Test Conf. 2004 pp. 184-189.



Fig. 1. Block Diagram of the DC-DC buck converter



To Enable (OR Gate) of PMOS

# Fig. 2. Hysteresis Comparator Block (with fault)



Fig. 3. The ATG of the DC-DC buck converter System



Fig. 4. The Diagnoser



Fig. 5. Oscilloscope Snapshot and Logic Analyzer Snapshot illustrating on-line fault detection when fault develops during the pre-charge mode

| Variable Name                     | Variable<br>Type | Domain                                                                   |
|-----------------------------------|------------------|--------------------------------------------------------------------------|
| $C^P C^N$ : Controller Output     | Discrete         | $C_F^P C_F^N$ : PMOS OFF and NMOS OFF                                    |
|                                   |                  | $C_N^P C_F^N$ : PMOS ON and NMOS OFF                                     |
|                                   |                  | $C_F^P C_N^N$ : PMOS OFF and NMOS ON                                     |
|                                   |                  | $C_N^P C_N^N$ : PMOS ON and NMOS ON(Prohibited)                          |
| S : STATUS                        | Discrete         | Normal: $N$ , and Hysteresis Fault $F$                                   |
| $V_{cx}$ : PMOS Drain Voltage     | Continuous       | $V_k \leq V_{cx} \leq V_{supply}$                                        |
| V <sub>out</sub> : Output Voltage | Continuous       | $0 \le V_{out} \le E - V_{ripple} / 2$ (Pre-charge Mode)                 |
|                                   |                  | $E - V_{ripple} / 2 \le V_{out} \le E + V_{ripple} / 2$ (Operation Mode) |

| Table  | 1: | Data | Variables   | of | the | model |
|--------|----|------|-------------|----|-----|-------|
| 1 uoic | 1. | Dutu | ' un uo ico | O1 | unc | mouci |

| x                       | State Description             | Status<br>(Normal/Fault) | $\Delta_x$                                                                                   |
|-------------------------|-------------------------------|--------------------------|----------------------------------------------------------------------------------------------|
| $x_1$                   | $x_{P_N,N_F}, C_N^P C_F^N$    | Ν                        | $V_{cx} = V_{supply}, \Delta V_{out} / \Delta t = +1 \wedge \Delta V_{cx} / \Delta t = -1$   |
| <i>x</i> <sub>2</sub>   | $x_{P_N,N_F}, C_F^P C_N^N$    | Ν                        | $V_{cx} = V_{supply}, \Delta V_{out} / \Delta t = +1 \wedge \Delta V_{cx} / \Delta t = -1$   |
| <i>x</i> <sub>3</sub>   | $x_{P_F,N_N}, C_F^P C_N^N$    | Ν                        | $V_{cx} = V_k, \Delta V_{out} / \Delta t = -1 \wedge \Delta V_{cx} / \Delta t = +1$          |
| $x_4$                   | $x_{P_F,N_N}, C_N^P C_F^N$    | Ν                        | $V_{cx} = V_k, \Delta V_{out} / \Delta t = -1 \wedge \Delta V_{cx} / \Delta t = +1$          |
| <i>x</i> <sub>5</sub>   | $x_{P_F},_{N_N},C_F^P C_F^N$  | Ν                        | $V_{cx} = V_k, \Delta V_{out} / \Delta t = -1 \wedge \Delta V_{cx} / \Delta t = +1$          |
| $x_6$                   | $x_{P_F},_{N_F},C_F^P C_F^N$  | Ν                        | $\Delta V_{out}  /  \Delta t = -1 \wedge \Delta V_{cx}  /  \Delta t = 0$                     |
| <i>x</i> <sub>7</sub>   | $X_{P_F,N_F}, C_N^P C_F^N$    | Ν                        | $\Delta V_{out}  /  \Delta t = -1 \wedge \Delta V_{cx}  /  \Delta t = 0$                     |
| $x'_1$                  | $x_{P_N}, x_F, (C_N^P C_F^N)$ | F                        | $V_{cx} = V_{\sup ply}, \Delta V_{out} / \Delta t = +1 \wedge \Delta V_{cx} / \Delta t = -1$ |
| <i>x</i> ' <sub>2</sub> | $x_{P_N,N_F}, (C_F^P C_N^N)$  | F                        | $V_{cx} = V_{\sup ply}, \Delta V_{out} / \Delta t = +1 \wedge \Delta V_{cx} / \Delta t = -1$ |
| $x'_{3}$                | $x_{P_F,N_N}, (C_F^P C_N^N)$  | F                        | $V_{cx} = V_k, \Delta V_{out} / \Delta t = -1 \wedge \Delta V_{cx} / \Delta t = +1$          |
| $x'_4$                  | $x_{P_F,N_N}, (C_N^P C_F^N)$  | F                        | $V_{cx} = V_k, \Delta V_{out} / \Delta t = -1 \wedge \Delta V_{cx} / \Delta t = +1$          |
| $x'_5$                  | $x_{P_F,N_N}, (C_F^P C_F^N)$  | F                        | $V_{cx} = V_k, \Delta V_{out} / \Delta t = -1 \wedge \Delta V_{cx} / \Delta t = +1$          |
| $x'_{6}$                | $x_{P_F,N_F}, (C_F^P C_F^N)$  | F                        | $\Delta V_{out} / \Delta t = -1 \wedge \Delta V_{cx} / \Delta t = 0$                         |
| <i>x</i> ' <sub>7</sub> | $x_{P_F,N_F}, (C_F^P C_F^N)$  | F                        | $\Delta V_{out} / \Delta t = -1 \wedge \Delta V_{cx} / \Delta t = 0$                         |

Table 2. The Activity States of the model

| τ            | x                     | <i>x</i> <sup>+</sup>   | $e_{\tau}$                                        | $h_{	au}$                                                                                                   |
|--------------|-----------------------|-------------------------|---------------------------------------------------|-------------------------------------------------------------------------------------------------------------|
| $	au_1$      | $x_1$                 | <i>x</i> <sub>2</sub>   | $T \ge T_{on}$                                    | $C_N^P C_F^N$                                                                                               |
| $	au_2$      | <i>x</i> <sub>2</sub> | <i>x</i> <sub>3</sub>   | $C_N^P C_F^N$                                     | $V_{cx} = V_k, \Delta V_{out} / \Delta t = -1 \wedge \Delta V_{cx} / \Delta t = +1 \wedge P_F N_N$          |
| $	au_3$      | <i>x</i> <sub>3</sub> | $x_4$                   | $V_{cx} = 0 \land V_{out} \le E - V_{ripple} / 2$ | $C_N^P C_F^N$                                                                                               |
| $	au_4$      | $x_4$                 | $x_1$                   | $C_N^P C_F^N$                                     | $V_{cx} = V_{\sup ply}, \Delta V_{out} / \Delta t = +1 \wedge \Delta V_{cx} / \Delta t = -1 \wedge P_F N_N$ |
| $	au_5$      | <i>x</i> <sub>3</sub> | <i>x</i> <sub>5</sub>   | $V_{cx} = 0 \land V_{out} \ge E - V_{ripple} / 2$ | $C_F^P C_F^N$                                                                                               |
| $	au_6$      | <i>x</i> <sub>5</sub> | <i>x</i> <sub>6</sub>   | $C_F^P C_F^N$                                     | $\Delta V_{out} / \Delta t = -1 \wedge \Delta V_{cx} / \Delta t = 0 \wedge P_F N_F (V_{cx} = 0)$            |
| $	au_7$      | $x_6$                 | <i>x</i> <sub>7</sub>   | $V_{cx} = 0 \land V_{out} \le E - V_{ripple} / 2$ | $C_N^P C_F^N$                                                                                               |
| $	au_8$      | <i>x</i> <sub>7</sub> | <i>x</i> <sub>1</sub>   | $C_N^P C_F^N$                                     | $V_{cx} = V_{\sup ply}, \Delta V_{out} / \Delta t = +1 \wedge \Delta V_{cx} / \Delta t = -1 \wedge P_F N_N$ |
| $	au_1'$     | $x'_1$                | <i>x</i> ' <sub>2</sub> | $T \ge T_{on}$                                    | $C_N^P C_F^N$                                                                                               |
| $	au_2'$     | $x'_2$                | $x'_3$                  | $C_N^P C_F^N$                                     | $V_{cx} = V_k, \Delta V_{out} / \Delta t = -1 \wedge \Delta V_{cx} / \Delta t = +1 \wedge P_F N_N$          |
| $	au_3'$     | $x'_3$                | $x'_4$                  | $V_{cx} = 0 \land V_{out} \le E - V_{ripple} / 2$ | $C_N^P C_F^N$                                                                                               |
| $	au_4'$     | $x'_4$                | $x'_1$                  | $C_N^P C_F^N$                                     | $V_{cx} = V_{\sup ply}, \Delta V_{out} / \Delta t = +1 \wedge \Delta V_{cx} / \Delta t = -1 \wedge P_F N_N$ |
| $	au_5'$     | $x'_3$                | $x'_5$                  | $V_{cx} = 0 \land V_{out} \ge E - V_{ripple} / 2$ | $C_F^P C_F^N$                                                                                               |
| $	au_6'$     | $x'_5$                | $x'_{6}$                | $C_F^P C_F^N$                                     | $\Delta V_{out} / \Delta t = -1 \wedge \Delta V_{cx} / \Delta t = 0 \wedge P_F N_F (V_{cx} = 0)$            |
| $	au_7'$     | $x'_{6}$              | <i>x</i> ' <sub>7</sub> | $V_{cx} = 0 \land V_{out} \le E - V_{ripple} / 2$ | $C_F^P C_F^N$                                                                                               |
| $	au_8'$     | $x'_7$                | $x'_{6}$                | $C_F^P C_F^N$                                     | $\Delta V_{out} / \Delta t = -1 \wedge \Delta V_{cx} / \Delta t = 0 \wedge P_F N_F (V_{cx} = 0)$            |
| $\tau 1_F$   | $x_1$                 | $x_1$                   | Fault=True                                        | Status=Fault                                                                                                |
| $\tau 2_F$   | <i>x</i> <sub>2</sub> | $x'_2$                  | Fault=True                                        | Status=Fault                                                                                                |
| $\tau 3_F$   | <i>x</i> <sub>3</sub> | $x'_3$                  | Fault=True                                        | Status=Fault                                                                                                |
| $\tau 4_{F}$ | <i>x</i> <sub>4</sub> | $x'_4$                  | Fault=True                                        | Status=Fault                                                                                                |
| $\tau 5_{F}$ | <i>x</i> <sub>5</sub> | $x'_5$                  | Fault=True                                        | Status=Fault                                                                                                |
| $\tau 6_F$   | $x_6$                 | $x'_{6}$                | Fault=True                                        | Status=Fault                                                                                                |
| $\tau 7_{F}$ | <i>x</i> <sub>7</sub> | $x'_7$                  | Fault=True                                        | Status=Fault*                                                                                               |

Table 3: The model transitions