Hardware and Petri nets: application to asynchronous circuit design Jordi CortadellaUniversitat Politècnica de Catalunya, Spain Michael KishinevskyIntel Corporation, USA Alex KondratyevTheseus Logic, USA Luciano LavagnoUniversità di Udine, Italy Alexander YakovlevUniversity of Newcastle upon Tyne, UK

STATESTATE Combinational Logic Clock Inputs Outputs Current state Next state f -1

STATESTATE Combinational Logic Inputs Outputs Current state Next state

Combinational Logic Inputs Outputs Current state Next state

X

1 1 0 X

X

1 1 X

X

X

X 1

X 0 1 1

X 1 1

A circuit is a concurrent system Gates  Processes Delays  Computation times Signal transitions  Events

y- a+b+ x+y+ c+ c- a- b- x- x+y- y+x- a b x y c Specification (environment) Implementation (circuit)

Outline Synthesis flow –Specification –State graph and next-state functions –State encoding –Implementability conditions –Logic decomposition Backannotation (theory of regions) Formal verification

x y z Signal Transition Graph (STG) x y z x+ x- y+ y- z+ z-

x y z x+ x- y+ y- z+ z-

x+ x- y+ y- z+ z- xyz 000 x+ 100 y+ z+ y x y+ z- 010 y-

xyz 000 x+ 100 y+ z+ y x y+ z- 010 y- Next-state functions

x z y

Specification (STG) State Graph SG with CSC Next-state functions Decomposed functions Gate netlist Reachability analysis State encoding Boolean minimization Logic decomposition Technology mapping Designflow

VME bus Device LDS LDTACK D DSr DSw DTACK VME Bus Controller Data Transceiver Bus DSr LDS LDTACK D DTACK Read Cycle

STG for the READ cycle LDS+LDTACK+D+DTACK+DSr-D- DTACK- LDS-LDTACK- DSr+ LDS LDTACK D DSr DTACK VME Bus Controller

Specification (STG) State Graph SG with CSC Next-state functions Decomposed functions Gate netlist Reachability analysis State encoding Boolean minimization Logic decomposition Technology mapping Designflow

Binary encoding of signals DSr+ DTACK- LDS- LDTACK- D- DSr-DTACK+ D+ LDTACK+ LDS+

Binary encoding of signals DSr+ DTACK- LDS- LDTACK- D- DSr-DTACK+ D+ LDTACK+ LDS (DSr, DTACK, LDTACK, LDS, D)

QR (LDS+) QR (LDS-) Excitation / Quiescent Regions ER (LDS+) ER (LDS-) LDS- LDS+ LDS-

Next-state function 0  1 LDS- LDS+ LDS- 1  0 0  0 1 

Karnaugh map for LDS DTACK DSr D LDTACK DTACK DSr D LDTACK LDS = 0 LDS = /1?

Specification (STG) State Graph SG with CSC Next-state functions Decomposed functions Gate netlist Reachability analysis State encoding Boolean minimization Logic decomposition Technology mapping Designflow

Concurrency reduction LDS- LDS+ LDS DSr+

Concurrency reduction LDS+LDTACK+D+DTACK+DSr-D- DTACK- LDS-LDTACK- DSr+

State encoding conflicts LDS- LDTACK- LDTACK+ LDS

Signal Insertion LDS- LDTACK- D- DSr- LDTACK+ LDS+ CSC- CSC

Specification (STG) State Graph SG with CSC Next-state functions Decomposed functions Gate netlist Reachability analysis State encoding Boolean minimization Logic decomposition Technology mapping Designflow

Complex-gate implementation

Implementability conditions Consistency + CSC + persistency There exists a speed-independent circuit that implements the behavior of the STG (under the assumption that ay Boolean function can be implemented with one complex gate)

Persistency a- c+ b+b+ b+b+ a c b a c b is this a pulse ? Speed independence  glitch-free output behavior under any delay

a+ b+ c+ d+ a- b- d- a+ c-a a+ b+ c+ a- b- c- a+ c- a- d- d+

a+ b+ c+ a- b- c- a+ c- a- d- d+ ab cd ER(d+) ER(d-)

ab cd a+ b+ c+ a- b- c- a+ c- a- d- d+ a c d

Specification (STG) State Graph SG with CSC Next-state functions Decomposed functions Gate netlist Reachability analysis State encoding Boolean minimization Logic decomposition Technology mapping Designflow

No Hazards a b c x 0 abcx b a c

Decomposition May Lead to Hazards abcx b a c+ a b z c x

y- z-w- y+x+ z+ x- w y- y+ x- x+ w+ w- z+ z- w- z- y+ x+ Decomposition example

yz=1 yz= y- y+ x- x+ w+ w- z+ z- w- z- y+ x y- y+ x- x+ w+ w- z+ z- w- z- y+ x+ C C x y x y w z x y z y z w z w z y

s- s+ s- s=1 s= y+ x- w+ z+ z x+ w- z- y+ x y+ z C C x y x y w z x y z w z w z y s y-

z-w- y+x+ z+ x- w+ s- s+ s- s+ s- s=1 s= y+ x- w+ z+ z x+ w- z- y+ x y+ z y-

Event insertion a b c

a b ER(x) c

Event insertion a b ER(x) c x x x x b SR(x)

Event insertion b ER(x) c x x x x b SR(x) a

Properties to preserve a a b b a a b b a a b b x a a b b a a b b b a a b b x x a is persistent a is disabled by b = hazards

Interactive design flow Petri Net (STG) Transition System Transition System Reachability analysis Transformations + Synthesis

Synthesis of Petri Nets a a b b b c c c a bc Theory of regions (Ehrenfeucht, Rozenberg, 90) a b b c c

b b b b Label splitting a cc d d d d a b b c d

Formal verification Implementability properties –Consistency, persistency, state coding … Behavioral properties (safeness, liveness) –Mutual exclusion, “ack” after “req”, … Equivalence checking –Circuit  Specification –Circuit < Specification

Property verification: consistency d+ a+ b+ c-a- b-d- c+ Specification a+ a- Property Failure if a+ enabled in specification and a- enabled in property (or viceversa)

Correctness: environment  circuit d+ a+ b+ c-a- b-d- c+ a b c d Environment Circuit Failure: circuit produces an event unexpected (not enabled) by the environment

Fighting the state explosion Symbolic methods (BDDs) Partial order reductions Petri net unfoldings Structural theory (invariants)

Fighting with state explosion p1 p2 p3 p1 p2 p3 p1 p2 p

Representing Markings p1p1 p2p2 p3p3 p4p4 p5p5 p0p0 p 2 + p 3 + p 5 = 1 p 0 + p 1 + p 4 + p 5 = 1 { p 0, p 3 }  v 0 v 1 v 2 v 3 p 2  v 0 v 1 p 3  v 0 v 1 p 5  v 0 p 0  v 2 v 3 p 1  v 2 v 3 p 4  v 2 Place encoding

Conclusions The synthesis and formal verification of asynchronous control circuits can be totally automated Existing tools at academia ( An asynchronous circuit is a concurrent system with processes (gates) and communication (wires) The theory of concurrency is crucial to formalize automatic synthesis and verification methods

Food for theoreticians How to insert events (and signals) while preserving some properties (persistency, obs. equiv.) ? How to transform specifications and do incremental analysis ?. For example, recalculate –covers of S-components and T-components –symbolic representations of the state space Can we go beyond Free-Choice PNs for structural derivation of the (approximate) state space ? How to transform an unbounded partial specification into a bounded (and highly concurrent) implementable specification ? How to verify huge timed systems ?