Structural methods for synthesis of large specifications Thanks to Josep Carmona and Victor Khomenko
Outline Structural theory of Petri nets Marking equation Invariants ILP methods based on the marking equation Detection of state encoding conflicts Synthesis Methods based on unfoldings
State space explosion problem Even in bounded nets, the state space can be exponential on the size of the net Concurrency (explosion of interleavings)
Event-based vs. State-based model State Graph Petri Net
Marking equation Incidence matrix a+ a- b- b+ c+ c- p1 a+ a- b+ b+ b- c+ c- p1 -1 0 0 0 1 -1 0 p2 1 0 -1 0 0 0 0 p3 1 -1 0 0 0 0 0 p4 0 0 0 0 0 1 -1 p5 0 0 0 -1 0 1 0 p6 0 0 1 0 -1 0 1 p7 0 1 0 1 -1 0 0 p2 p3 p4 p5 p6 p7
Marking equation M’ = M + Ax = + 1 1 a+ a- b+ b+ b- c+ c- 1 1 a+ a- b+ b+ b- c+ c- -1 0 0 0 1 -1 0 1 0 -1 0 0 0 0 1 -1 0 0 0 0 0 0 0 0 0 0 1 -1 0 0 0 -1 0 1 0 0 0 1 0 -1 0 1 0 1 0 1 -1 0 0 1 p1 p2 p3 p4 p5 p6 p7 = + Necessary reachability condition, but not sufficient.
Spurious markings
Checking Unique State Coding z = {a+ b+ a- b-} x M0 M1 M2 M1 and M2 have the same binary code (z must be a complementary set of transitions) M1 and M2 must be different markings (they must differ in at least one place)
Checking Unique State Coding z = {a+ b+ a- b-} x M0 M1 M2 ILP formulation: M1 = M0 + Ax M2 = M1 + Az bal(z) M1 M2 x, z, M1, M2 0 bal(z) a: #(a+) - #(a-) = 0
Some experiments (USC)
Checking Complete State Coding ER(a+) ER(a-) QR(a+) QR(a-) a=1 a=0 a- a+ ILP formulation: M1 = M0 + Ax M2 = M1 + Az bal(z) M1 ER(a*) M2 ER(a*) x, z, M1, M2 0 n ILP problems must be solved (n is the number of transitions with label a*)
Enabling conditions in ILP M ER(a+): M(p1)+M(p2) 2 M(p3)+M(p4)+M(p5) 3 M ER(a+): M(p1)+M(p2) 1 M(p3)+M(p4)+M(p5) 2 (*formulation for safe nets only)
Some experiments (CSC)
Synthesis Each signal can be implemented with a subset of the STG signals in the support (typically less than 10) Synthesis of a signal: Project the STG onto the support signals (hide the rest) After projection, the STG still has CSC for the signal Use state-based methods on each projection
Synthesis example
Checking the support for a signal Let be the set of signals and ’ a potential support for a. Let z’ be the projection of z onto ’. ’ is a valid support for a if the following model has no solution: ER(a+) ER(a-) QR(a+) QR(a-) a=1 a=0 a- a+ ILP formulation: M1 = M0 + Ax M2 = M1 + Az bal(z’) M1 ER(a*) M2 ER(a*) x, z, M1, M2 0
Algorithm to find the support z’ := {a} {trigger signals of a}; forever z” := ILP_check_support (STG, a, z’); if z” = 0 then return z’; z’ := z’ {unbalanced signals in z”}; end_forever
Experiments (Support + Synthesis) Literals CPU Petrify ILP Petrify ILP Petrify (Cortadella et al ): State-based & technology mapping BDD
Design flow . . . STG STG with CSC optimized STG support for a structural encoding remove internal signals and check CSC STG with CSC structural transformations optimized STG . . . support for a support for b support for z projection STG for a STG for b STG for z logic synthesis (petrify) circuit for a circuit for b circuit for z
Synthesis example
x3 x1 x2
z x4 x5
State encoding
Detection of conflicting states DTACK- DSr+ LDS+ LDTACK+ D+ DTACK+ DSr- D- LDS- LDTACK- DSw+ DSw- LDS+ LDTACK- LDTACK+ LDS- DSr+ DTACK- D+ D- DTACK+ DSr- ILP [Carmona & Cortadella, ICCAD’03] SAT-UNFOLD [Khomenko et al., Fund. Informaticae]
Disambiguation by consistent signal insertion Disambiguate the conflicting states by introducing a new signal s: STG Insertion of signal s must: Solve conflict Preserve consistency Preserve persistency 10000 s- LDS+ LDTACK- (CSC + consistency + persistency = SI-circuit) 10100 DTACK- DSr+ LDS+ LDTACK+ D+ DTACK+ DSr- D- LDS- LDTACK- DSw+ DSw- 10010 LDTACK+ LDS- 01110 DSr+ DTACK- 10110 10110 s+ D+ 11111 D- 10111 DTACK+ DSr- 01111
Implicit place DEF1 (Behavior): The behavior of the net does not depend on the place. DEF2 (Petri net): it never disables the firing of a transition. y+ a+ b+ a- b- x+ y- x- x- b- y- a- a+ x+ x+ y+ b+ y-
Consecutive firings of a signal must alternate Consistency Consecutive firings of a signal must alternate y- b+ y+ x- y- b+ x- x+ b- y+ ... y+ x- y- b+ x- x+ b- y+ ... ? y+ x- y- b+ x- x+ b- y+ ... x+ x- x- b- y+
Implicit Places & Consistency b+ x+ x- x- b- y=1 y+ Theorem (Colom et al.) Places y=0 and y=1 are implicit if and only if signal y is consistent
Disambiguation by consistent signal insertion Disambiguate the conflicting states by introducing a new signal s: Insertion of s into the STG: s- will precede LDS+ s+ will precede DTACK- s- LDS+ LDTACK- s- ; LDS+ LDS+ LDTACK+ LDS- DSr+ DTACK- s+ D+ D- DTACK+ DSr-
read cycle write cycle DSr+ DSw+ s+;DTACK- DTACK- s-;LDS+ LDS+ D+ LDTACK+ LDS+ s=1 s=0 D+ LDTACK- LDTACK+ DTACK+ D- LDS- DSr- DTACK+ D- DSw-
read cycle write cycle DSr+ DSw+ s+;DTACK- s-;LDS+ D+ LDTACK+ LDS+ s=1 s=0 D+ LDTACK- LDTACK+ DTACK+ D- LDS- DSr- DTACK+ D- DSw-
read cycle write cycle DSr+ DSw+ s+;DTACK- s-;LDS+ D+ LDTACK+ LDS+ s=1 s=0 D+ LDTACK- LDTACK+ DTACK+ D- LDS- DSr- DTACK+ D- DSw-
read cycle write cycle DSr+ DSw+ s+;DTACK- s-;LDS+ D+ LDTACK+ LDS+ s=1 s=0 D+ LDTACK- LDTACK+ DTACK+ D- LDS- DSr- DTACK+ D- DSw-
read cycle write cycle DSr+ DSw+ s+;DTACK- s-;LDS+ D+ LDTACK+ LDS+ s=1 s=0 D+ LDTACK- LDTACK+ DTACK+ D- LDS- DSr- DTACK+ D- DSw-
read cycle write cycle DSr+ DSw+ s+;DTACK- s-;LDS+ D+ LDTACK+ LDS+ s=1 s=0 D+ LDTACK- LDTACK+ DTACK+ D- LDS- DSr- DTACK+ D- DSw-
read cycle write cycle DSr+ DSw+ s+;DTACK- s-;LDS+ D+ LDTACK+ LDS+ s=1 s=0 D+ LDTACK- LDTACK+ DTACK+ D- LDS- DSr- DTACK+ D- DSw-
read cycle write cycle DSr+ DSw+ s+;DTACK- s-;LDS+ D+ s=0 is not implicit!! LDTACK+ LDS+ s=1 s=0 s is not consistent!! D+ LDTACK- LDTACK+ DTACK+ D- LDS- DSr- DTACK+ D- DSw-
read cycle write cycle DSr+ DSw+ s+;DTACK- s-;LDS+ D+ s=0 is implicit s=1 is implicit LDTACK+ LDS+ s=1 s=0 D+ LDTACK- LDTACK+ s is consistent DTACK+ s-;D- D- LDS- DSr- DTACK+ D- DSw-
read cycle write cycle DSr+ DSw+ s+;DTACK- s=0 s=1 s-;LDS+ D+ LDTACK+ LDS+ D+ LDTACK- LDTACK+ DTACK+ s-;D- LDS- DSr- DTACK+ D- DSw-
read cycle write cycle DSr+ s+ DSw+ DTACK- s- LDS+ D+ LDTACK+ LDS+ D+ LDTACK- LDTACK+ s- DTACK+ D- LDS- DSr- DTACK+ D- DSw-
Main algorithm for solving CSC conflicts while CSC conflits exist do (σ1,σ2):= Find traces connecting conflict (s=0,s=1):= Find implicit places to break conflict Insert s+/s- transitions connected to (s=0) or (s=1) endwhile
State space explosion problem Goal: avoid state enumeration to check implicitness of a place. Classical methods to avoid the explicit state space enumeration: Linear Algebra (LP/MILP) Graph Theory Symbolic representation (BDDs) Partiar order (Unfoldings) Structural methods
LP model to check place implicitness A place p is implicit if the following LP model is infeasible, where P’ = P – {p}: x M0 M LP formulation: M0 + Ax = M M[P’] – F[P’,p•]·s 0 M[p] – F[p,p•]·s < 0 s·1 = 1 x, M, s 0 P – {p}: p M : . . . [Silva et al.]
LP model to check place implicitness A place p is implicit if the following LP model is infeasible, where P’ = P – {p}: A place p is implicit if M0[p] is greater than or equal to the optimal value of the following LP, where P’ = P – {p}: DUAL LP formulation: M0 + Ax = M M[P’] – F[P’,p•]·s 0 M[p] – F[p,p•]·s < 0 s·1 = 1 x, M, s 0 LP formulation: min y· M0 y·A[P’.T] ≤ A[p,T] y· F[P’, p•] ≥ F[p, p•] y≥ 0 [Silva et al.]
MILP model to insert a implicit place MILP formulation: min y· M0 y·A’[P’.T] ≤ A’[p,T] y· F’[P’, p•] ≥ F[p, p•] y≥ 0 A A’ p MILP variables: y, p
MILP model to find insertion points that disambiguate the conflict MILP formulation: MILP “s=0 implicit” MILP “s=1 implicit” #(σ1,s+) = #(σ1,s-) + 1 #(σ2,s-) = #(σ2,s+) + 1 M0[s=0] + M0[s=1] = 1 LDS+ LDTACK- σ1 σ2 LDTACK+ LDS- DSr+ DTACK- D+ D- If there is a solution, rows in A’ for s=0 and s=1 describe the insertion points (arcs in the net) DTACK+ DSr-
Number of inserted encoding signals petrify (state-based) MILP (structural) Benchmarks from [Cortadella et al., IEEE TCAD’97]
Number of literals (area) petrify (state-based) MILP (structural) Benchmarks from [Cortadella et al., IEEE TCAD’97]
Experimental results: large controllers Synthesis with structural methods from [Carmona & Cortadella, ICCAD’03]
It doesn’t always work ... Behaviorally equivalent
SYNTHESIS USING unfoldings Work by Khomenko, Koutny and Yakovlev
Occurrence nets Min-place Occurrence net … p1 p5 p3 t2 t5 t6 t1 t4 t3 Petri net
Occurrence nets The occurrence net of a PN N is a labelled (with names of the places and transitions of N) net (possibly infinite!) which is: Acyclic Contains no backward conflicts (1) No transition is in self-conflict (2) No twin transitions (3) Finitely preceded (4) NO! NO! NO! NO! t1 t p1 t2 (2) t p1 p2 infinite set (4) t7 p6 p7 (3) p6 t5 t3 (1)
Relations in occurrence nets p1 conflict t1 t2 p2 p3 p4 p5 precedence t3 t4 t5 t6 p6 p7 p6 p7 concurrency t7 t7 p1 p1 t1 t2 t1 t2 p2 p2 p3 p4 p5 p3 p4 p5 t3 t4 t5 t4 t5 t6 t3 t6 p6 p6 p7 p7 p7 p7
Unfolding of a PN The unfolding of Petri net N is a maximal labelled occurrence net (up to isomorphism) that preserves: one-to-one correspondence (bijection) between the predecessors and successors of transitions with those in the original net bijection between min places and the initial marking elements (which is multi-set) p p’ p’’ p6 p7 p6’ p7’ t7 t7’ net N unfolding N’ net N unfolding N’
Unfolding construction p1 t1 p3 p2 p1 p5 t2 p4 p5 t2 p4 t1 p2 p3 t3 p6 t4 p7 t5 p6 t6 p7 t3 t4 t5 t6 p6 p7 t7 p1 t7 p1 t7 and so on …
Unfolding construction p1 p5 p3 t2 t5 t6 t1 t4 t3 p2 p4 p6 t7 p7 … Petri net p1 t1 t2 p2 p3 p4 p5 t3 t4 t5 t6 p7 p6 t7
Petri net and its unfolding marking cut t1 p3 p2 p1 p5 t2 p4 p5 t2 p4 t1 p2 p3 t3 p6 t4 p7 t5 p6 t6 p7 t3 t4 t5 t6 p6 p7 t7 p1 t7 p1 t7
Petri net and its unfolding marking cut t1 p3 p2 p1 p5 t2 p4 p5 t2 p4 t1 p2 p3 t3 p6 t4 p7 t5 p6 t6 p7 t3 t4 t5 t6 p6 p7 t7 p1 t7 p1 t7
Petri net and its unfolding marking cut t1 p3 p2 p1 p5 t2 p4 p5 t2 p4 t1 p2 p3 t3 p6 t4 p7 t5 p6 t6 p7 t3 t4 t5 t6 p6 p7 t7 p1 t7 p1 t7
Petri net and its unfolding PN transition and its instance in unfolding p1
Petri net and its unfolding Prehistory (local configuration) of the transition instance p1 p1 p5 t2 p4 p5 t2 p4 t1 t1 p3 p2 p2 p3 t5 p6 t6 p7 t3 t4 t3 t4 t5 t6 p6 p7 p6 p7 t7 p1 t7 t7 p1 Final cut of prehistory and its marking (final state)
Petri net and its unfolding Prehistory (local configuration of the transition instance) p1 p1 p5 t2 p4 p5 t2 p4 t1 t1 p3 p2 p2 p3 t5 p6 t6 p7 t3 t4 t3 t4 t5 t6 p6 p7 p6 p7 t7 p1 t7 t7 p1 Final cut of prehistory and its marking (final state)
Truncation of unfolding At some point of unfolding the process begins to repeat parts of the net that have already been instantiated In many cases this also repeats the markings in the form of cuts The process can be stopped in every such situation Transitions which generate repeated cuts are called cut-off points or simply cut-offs The unfolding truncated by cut-off is called prefix
Cutoff transitions p1 t1 p3 p2 p1 p5 t2 p4 p5 t2 p4 t1 p2 p3 t3 p6 t5 Cut-offs t7 p1 p1
Cutoff transitions p1 p1 p5 t2 p4 p5 t2 p4 pre-history of t7’ t1 t1 p3 Cut-offs t7 p1 p1
Example: CSC Conflict dtack- dsr+ 01000 ldtack- 00000 10000 lds- 01010 00010 10010 lds+ ldtack+ d+ dtack+ dsr- d- 01110 00110 10110 01111 11111 10111 10100 M’’ M’
Example: enforcing CSC dtack- dsr+ csc+ 010000 000000 100000 100001 lds+ ldtack- ldtack- ldtack- dtack- dsr+ 010100 101001 000100 100100 ldtack+ lds- lds- lds- dtack- dsr+ M’’ M’ 011100 101101 001100 101100 d+ d- csc- dsr- dtack+ 011110 011111 111111 101111
Unfoldings Alleviate the state space explosion problem More visual than state graphs Proven efficient for model checking Quite complicated theory Not sufficiently investigated Relatively few algorithms
Translation Into a SAT Problem lds- d- ldtack- ldtack+ dsr- dtack+ d+ dtack- dsr+ lds+ e1 e2 e3 e4 e5 e6 e7 e9 e11 e12 e10 e8 conf’=111000000000 conf’’=111111110100 Code(conf’)=10110 Code(conf’’)=10110 Configuration constraint: conf’ and conf’’ are configurations Encoding constraint: Code(conf’) = Code(conf’’) Separating constraint: Out(conf’) Out(conf’’)
Translation Into a SAT Problem Conf(conf ') Conf(conf '') Code(conf ',…, val) Code(conf '',…, val) Out(conf ',…, out') Out(conf '',…, out'') out' out''
Configuration constraint Conf(conf ') Conf(conf '') Code(conf ',…, val) Code(conf '',…, val) Out(conf ',…, out') Out(conf '',…, out'') out' out''
Configuration constraint 1 causality e 1 no conflicts e
Encoding constraint Conf(conf ') Conf(conf '') Code(conf ',…, val) Code(conf '',…, val) Out(conf ',…, out') Out(conf '',…, out'') out' out''
Tracing the value of a signal b+ c+ a- c- a=0 a=1
Computing the signals’ values e 1 b
Separating constraint Conf(conf ') Conf(conf '') Code(conf ',…, val) Code(conf '',…, val) Out(conf ',…, out') Out(conf '',…, out'') out' out''
Computing the enabled outputs 1 e
Translation Into a SAT Problem Conf(conf ') Conf(conf '') Code(conf ',…, val) Code(conf '',…, val) Out(conf ',…, out') Out(conf '',…, out'') out' out''
Analysis of the Method A lot of clauses of length 2 – good for BCP The method can be generalized to other coding properties, e.g. USC and normalcy The method can be generalized to nets with dummy transitions Further optimization is possible for certain net subclasses, e.g. unique-choice nets
Synthesis using unfoldings for each output signal z compute (minimal) supports of z for each ‘promising’ support X compute the projection of the set of reachable encodings onto X sorting them according to the corresponding values of Nxtz apply Boolean minimization to the obtained ON- and OFF-sets choose the best implementation of z
Experimental Results Unfoldings of STGs are almost always small in practice and thus well-suited for synthesis Huge memory savings Dramatic speedups Every valid speed-independent solution can be obtained using this method, so no loss of quality We can trade off quality for speed (e.g. consider only minimal supports): in our experiments, the solutions are the same as Petrify’s (up to Boolean minimization) Multiple implementations produced
ILP vs. Unfoldings ILP: Unfoldings: Efficient in runtime Incomplete (spurious markings) Unfoldings: Efficient in runtime (but slower than ILP) Complete Both methods give synthesis results similar to state-based methods
Direct synthesis (Varshavsky’s Approach) Controlled p1 Operation p2 p1 p2 (0) (1) (1) (0) (1) 1* To Operation
Direct synthesis p1 p2 p1 p2 0->1 1->0 (1) (0) (1) 1->0
Direct synthesis p1 p2 p1 p2 1->0 0->1 1->0 0->1 1* 1->0->1