Hardware and Petri nets: application to asynchronous circuit design Jordi CortadellaUniversitat...

Hardware and Petri nets:application to asynchronous

circuit design

Jordi Cortadella Universitat Politècnica de Catalunya, Spain

Michael Kishinevsky Intel Corporation, USA

Alex Kondratyev Theseus Logic, USA

Luciano Lavagno Università di Udine, Italy

Alexander Yakovlev University of Newcastle upon Tyne, UK

STATE

CombinationalLogic

Clock

Inputs Outputs

Current state Next state

f -1

STATE

CombinationalLogic

Inputs Outputs

Current state Next state

CombinationalLogic

Inputs Outputs

Current state Next state

1

1

000

00

1

1

0

0

0

0

0

0

0

0

1

1

000

00

1

1

0

0

X

0

0

0

0

0

1

1

000

00

1

1

0

0

1

0

0

0

0

0

1

1

0X0

00

1

1

0

0

1

0

0

0

0

0

1

1

010

00

1

1

0

0

1

0

0

0

0

0

1

1

010

0X

1

1

0

0

1

0

0

0

0

0

1

1

010

01

1

1

0

0

1

0

0

0

0

0

1

1

X10

01

1

1

0

0

1

0

0

0

0

0

1

1

110

01

1

1

0

0

1

0

0

0

0

0

1

1

110

01

1

1

0

1

1

0

0

0

0

0

1

1

110

01

1

1

0

1

1

0

0

0

0

X

1

1

110

01

1

1

0

1

1

0

0

0

0

1

1

1

110

01

1

1

0

1

1

X

0

0

0

1

1

1

110

01

1

1

0

1

1

1

0

0

0

1

1

1

110

01

1

1

0

1

1

1

0

0

X

1

1

1

110

01

1

1

0

1

1

1

0

0

1

1

1

1

110

01

1

1

0

1

1

1

X

0

1

1

1

1

110

01

1

1

0

1

1

1

1

0

1

1

1

1

110

01

1

1

0

1

1

1

1

X

1

1

1

1

110

01

1

1

0

1

1

1

1

1

1

1

A circuit is a concurrent system

Gates ProcessesDelays Computation timesSignal transitions Events

y-

a+ b+

x+ y+

c+

c-

a-

b-

x-

x+ y-

y+x-

a

b

xy

c

Specification(environment)

Implementation(circuit)

Outline

• Synthesis flow– Specification– State graph and next-state functions– State encoding– Implementability conditions– Logic decomposition

• Backannotation (theory of regions)

• Formal verification

x

y

z

Signal Transition Graph (STG)

xy

z

x+

x-

y+

y-

z+

z-

x

y

z

x+

x-

y+

y-

z+

z-

x+

x-

y+

y-

z+

z-

xyz000

x+

100y+z+

z+y+

101 110

111

x-

x-

001

011y+

z-

010

y-

xyz000

x+

100y+z+

z+y+

101 110

111

x-

x-

001

011y+

z-

010

y-

Next-state functions

x z x y ( )

y z x

z x y z

Next-state functions

x z x y ( )

y z x

z x y z

x

z

y

Specification(STG)

State Graph

SG withCSC

Next-state functions

Decomposed functions

Gate netlist

Reachability analysis

State encoding

Boolean minimization

Logic decomposition

Technology mapping

DesignDesignflowflow

VME bus

DeviceLDS

LDTACK

D

DSr

DSw

DTACK

VME BusController

DataTransceiver

BusDSr

LDS

LDTACK

D

DTACK

Read Cycle

STG for the READ cycle

LDS+ LDTACK+ D+ DTACK+ DSr- D-

DTACK-

LDS-LDTACK-

DSr+

LDS

LDTACK

D

DSr

DTACK

VME BusController

Specification(STG)

State Graph

SG withCSC

Next-state functions

Decomposed functions

Gate netlist

Reachability analysis

State encoding

Boolean minimization

Logic decomposition

Technology mapping

DesignDesignflowflow

Binary encoding of signals

DSr+

DSr+

DSr+

DTACK-

DTACK-

DTACK-

LDS-LDS-LDS-

LDTACK- LDTACK- LDTACK-

D-

DSr-DTACK+

D+

LDTACK+

LDS+

Binary encoding of signals

DSr+

DSr+

DSr+

DTACK-

DTACK-

DTACK-

LDS-LDS-LDS-

LDTACK- LDTACK- LDTACK-

D-

DSr-DTACK+

D+

LDTACK+

LDS+

10000

10010

10110 01110

01100

0011010110

(DSr , DTACK , LDTACK , LDS , D)

QR (LDS+)QR (LDS+)

QR (LDS-)QR (LDS-)

Excitation / Quiescent Regions

ER (LDS+)ER (LDS+)

ER (LDS-)ER (LDS-)

LDS-LDS-

LDS+

LDS-

Next-state function

0 1

LDS-LDS-

LDS+

LDS-

1 0

0 0

1 1

1011010110

Karnaugh map for LDS

DTACKDSrD

LDTACK 00 01 11 10

00

01

11

10

DTACKDSrD

LDTACK 00 01 11 10

00

01

11

10

LDS = 0 LDS = 1

0 1-0

0 0 0 0 0 0/1?

1

111

-

-

-

---

- - - -

-

- ---

- - -

Specification(STG)

State Graph

SG withCSC

Next-state functions

Decomposed functions

Gate netlist

Reachability analysis

State encoding

Boolean minimization

Logic decomposition

Technology mapping

DesignDesignflowflow

Concurrency reduction

LDS-LDS-

LDS+

LDS-

1011010110

DSr+

DSr+

DSr+

Concurrency reduction

LDS+ LDTACK+ D+ DTACK+ DSr- D-

DTACK-

LDS-LDTACK-

DSr+

State encoding conflicts

LDS-

LDTACK-

LDTACK+

LDS+

10110

10110

Signal Insertion

LDS-

LDTACK-

D-

DSr-

LDTACK+

LDS+

CSC-

CSC+

101101

101100

Specification(STG)

State Graph

SG withCSC

Next-state functions

Decomposed functions

Gate netlist

Reachability analysis

State encoding

Boolean minimization

Logic decomposition

Technology mapping

DesignDesignflowflow

Complex-gate implementation

)(csccsc

csc

csc

LDTACKDSr

LDTACKD

DDTACK

DLDS

Implementability conditions

• Consistency + CSC + persistency

• There exists a speed-independent circuit that implements the behavior of the STG

(under the assumption that ay Boolean function can be implemented with one complex gate)

Persistency

100 000 001a- c+

b+ b+

a

cb

a

c

b

is this a pulse ?

Speed independence glitch-free output behavior under any delay

a+

b+

c+

d+

a-

b-

d-

a+

c-a-

0000

1000

1100

0100

0110

0111

1111

1011

0011 1001

0001

a+

b+

c+

a-

b-

c-

a+

c-

a-

a-

d-d+

0000

1000

1100

0100

0110

0111

1111

1011

0011 1001

0001

a+

b+

c+

a-

b-

c-

a+

c-

a-

a-

d-d+

abcd 00 01 11 10

00

01

11

10 1

1 1 11

10

0 000

ER(d+)

ER(d-)

abcd 00 01 11 10

00

01

11

10 1

1 1 11

10

0 000

adcd

0000

1000

1100

0100

0110

0111

1111

1011

0011 1001

0001

a+

b+

c+

a-

b-

c-

a+

c-

a-

a-

d-d+

ac

d

Specification(STG)

State Graph

SG withCSC

Next-state functions

Decomposed functions

Gate netlist

Reachability analysis

State encoding

Boolean minimization

Logic decomposition

Technology mapping

DesignDesignflowflow

No Hazards

abc

x 0

abcx1000

1100

b+

0100

a-

0110

c+

1

1

0

0

1

1

0

1

0

1

0

0

Decomposition May Lead to Hazards

abcx1000

1100

b+

0100

a-

0110

c+

a

bz

cx

1

0

0

0

0

1000

11001100

0100

0110

1

1

0

0

0

1

1

1

0

0

0

1

1

0

0

0

1

1

1

1

0

1

0

1

0

y-

z- w-

y+ x+

z+

x-

w+

1001 1011

1000

1010

0001

0000 0101

0010 0100

0110 0111

0011

y-

y+

x-

x+w+

w-

z+

z-

w-

w-

z-

z-y+

y+

x+

x+

Decomposition example

yz=1yz=0

1001 1011

1000

1010

0001

0000 0101

0010 0100

0110 0111

0011

y-

y+

x-

x+w+

w-

z+

z-

w-

w-

z-

z-y+

y+

x+

x+

1001 1011

1000

1010

0001

0000 0101

0010 0100

0110 0111

0011

y-

y+

x-

x+w+

w-

z+

z-

w-

w-

z-

z-y+

y+

x+

x+

C

C

x

y

x

y

w

z

xyz

y

zw

z

w

z

y

s-

s+

s-

s-

s=1

s=0

1001 1011

1000

1010

0111

0011y+

x-

w+

z+

z-

0001

0000 0101

0010 0100

0110

x+

w-

w-

w-

z-

z-y+

y+

x+

x+

1001

1000

1010

y+

z-

0111

C

C

x

y

x

y

w

z

x

y

z

w

z

w

z

y

sy-

y-

z- w-

y+ x+

z+

x-

w+

s-

s+

s-

s+

s-

s-

s=1

s=0

1001 1011

1000

1010

0111

0011y+

x-

w+

z+

z-

0001

0000 0101

0010 0100

0110

x+

w-

w-

w-

z-

z-y+

y+

x+

x+

1001

1000

1010

y+

z-

0111

y-

Event insertion

a b c

Event insertion

a b

ER(x)

c

Event insertion

a b

ER(x)

cx x x x

b

SR(x)

Event insertion

b

ER(x)

cx x x x

b

SR(x)

a

Properties to preserve

a

a

b

b

a

a

b

b

a

a

b

b

xx

a

a

b

b

a

a

b

b

ba

a

b

b

xx

xx

a ispersistent

a is disabled by b

= hazards

Interactive design flow

Petri Net

(STG)

Transition

System

Transition

System

Reachability analysis

Transformations + Synthesis

Synthesis of Petri Nets

a

a

b

bb

c

c

c a

b c

Theory of regions (Ehrenfeucht, Rozenberg, 90)

a

b

bc

c

b

bb

b

Label splitting

a

c c

d

d

d

d

a

b

b

c

d

Formal verification

• Implementability properties– Consistency, persistency, state coding …

• Behavioral properties (safeness, liveness)– Mutual exclusion, “ack” after “req”, …

• Equivalence checking– Circuit Specification– Circuit < Specification

Property verification: consistency

d+

a+

b+

c- a-

b- d-

c+

Specification

a+ a-

Property

Failure if a+ enabled in specification anda- enabled in property (or viceversa)

Correctness: environment circuit

d+

a+

b+

c- a-

b- d-

c+a

b

c

d

Environment

Circuit

Failure: circuit produces anevent unexpected (not enabled)by the environment

Fighting the state explosion

• Symbolic methods (BDDs)

• Partial order reductions

• Petri net unfoldings

• Structural theory (invariants)

Fighting with state explosion

p1

p2

p3

p1 p2 p3

p1 p2 p3p1 p2 p3

p1

p2 p2

p3 p3

0 1

01

00

00

1

1

1 1

Representing Markings

p1p2

p3

p4

p5 p0

p2 + p3 + p5 = 1p0 + p1 + p4 + p5 = 1

{ p0, p3 } v0 v1 v2 v3

p2 v0 v1

p3 v0 v1

p5 v0

p0 v2 v3

p1 v2 v3

p4 v2

Place encoding

Conclusions

• The synthesis and formal verification of asynchronous control circuits can be totally automated

• Existing tools at academia(http://www.lsi.upc.es/~jordic/petrify)

• An asynchronous circuit is a concurrent system with processes (gates) and communication (wires)

• The theory of concurrency is crucial to formalize automatic synthesis and verification methods

Food for theoreticians

• How to insert events (and signals) while preserving some properties (persistency, obs. equiv.) ?

• How to transform specifications and do incremental analysis ?. For example, recalculate– covers of S-components and T-components

– symbolic representations of the state space

• Can we go beyond Free-Choice PNs for structural derivation of the (approximate) state space ?

• How to transform an unbounded partial specification into a bounded (and highly concurrent) implementable specification ?

• How to verify huge timed systems ?