UFO’07 26 June 2007 Siedlce 1
Use of Partial Orders for Analysis and Synthesis of
Asynchronous Circuits
Alex Yakovlev
School of EECE
University of Newcastle upon Tyne
Collaboration with A. Semenov,W. Vogler, A. Kondratyev,V. Khomenko, M. Koutny, A. Madalinski, I. Poliakov
UFO’07 26 June 2007 Siedlce 2
Outline
Motivation A bit of history Circuit models in Petri nets Properties to be checked Problems with unfolding models State Coding analysis Visualisation using unfoldings Deriving logic from unfoldings What next?
UFO’07 26 June 2007 Siedlce 3
Motivation for asynchronous systems
Asynchronous (self-timed) systems help variability-tolerant design and optimize power-performance tradeoff for nanometer technology
Latest International Semiconductor Roadmap predicts 20% (40%) of designs will be asynchronous, and by 2012 (2020)
Active areas of asynchronous signalling and circuits: low power and low EMI processing (automotive, smart-card), networks on chip, GALS
UFO’07 26 June 2007 Siedlce 4
Motivation from circuit analysis
Self-timed circuits can be highly concurrent, e.g. use of pipeline data flow structures, use of parallel branches in control of CPUs, concurrent resource allocation schemes (multi-way arbiters, switches etc.) – state space can run into 1030 for 100s of signals.
Hence analysis and verification using explicit state space traversal is hard
UFO’07 26 June 2007 Siedlce 5
Motivation from circuit synthesis
In the synthesis domain, resolving state encoding problems and constructing next-state functions using state space models is limited to 30-40 signals (relatively small controllers)
Visualisation of state space is very hard, let alone examining groups of states about some properties
UFO’07 26 June 2007 Siedlce 6
Circuit specification
UFO’07 26 June 2007 Siedlce 7
State Graph
UFO’07 26 June 2007 Siedlce 8
Modified Specification
UFO’07 26 June 2007 Siedlce 9
The new State Graph…
UFO’07 26 June 2007 Siedlce 10
But how about this one?
UFO’07 26 June 2007 Siedlce 11
A bit of history
Early examples: Flow chart, change chart methods by Gilles,
Swartwout and Shelly – late 50s, early 60s Signal Graphs for handshake control structures by
Jump and Thiagarajan – mid 70s Circuit synthesis from Taxograms by Starodoubtsev –
mid 80s Circuit analysis and synthesis using Change
Diagrams and their unfoldings by Kishinevsky, Kondtayev, Taubin and Varshavsky – late 80s.
Relation-based approach to analysis of STG models by Rosenblum and Yakovlev – late 80s
UFO’07 26 June 2007 Siedlce 12
A bit of history
Petri net unfolding prefix by McMillan (1992) Unfolding prefix for STGs and circuits by Kondratyev et al. and
Semenov (1995) Unfolding-based analysis of Timed Circuits by Semenov and
Yakovlev (1996) Unfolding-based synthesis using cover approximations by
Semenov et al. (1997) Circuit analysis using contextual net unfoldings by Vogler et al.
– (1998) STG analysis using unfoldings and LP and SAT by Khomenko
et al. (2002-2003) Circuit Synthesis from STG using unfoldings and SAT by
Khomenko (2004) Visualization of STG-based Synthesis by unfoldings by
Madalinski et al. (2003-2005) Combining decomposition and unfolding for STG-based
Synthesis by Khomenko and Shaefer (2007)
UFO’07 26 June 2007 Siedlce 13
Circuit models in Petri nets
Event-based models: Petri net transitions represent signal events
Level-based models: Petri net places model the values of signals
UFO’07 26 June 2007 Siedlce 14
Logic Circuit Modelling
Event-driven elements Petri net equivalents
C
Muller C-element
Toggle
UFO’07 26 June 2007 Siedlce 15
Logic Circuit Modelling
Level-driven elements Petri net equivalents
NAND gate
x(=1)
y(=1)
z(=0)
NOT gate
x(=1) y(=0) x=0
x=1y=0
y=1
b
x=0
x=1z=0
z=1y=0
y=1
Read arcs
UFO’07 26 June 2007 Siedlce 16
Circuit Petri Nets
Level-driven elements Petri net equivalents
NAND gate
x(=1)
y(=1)
z(=0)
NOT gate
x(=1) y(=0) x=0
x=1y=0
y=1
b
x=0
x=1z=0
z=1y=0
y=1
Self-loops in ordinary P/T nets
UFO’07 26 June 2007 Siedlce 17
Logic Circuit Modelling: examples
Pipeline dataStage
Data In Data Out
Pipeline control Stage
Rin
Ain
Rout
Aout
DataEnable
Pipeline control must guarantee:
•Handshake protocols between the stages
•Safe propagation of the previous datum before the next one
UFO’07 26 June 2007 Siedlce 18
Event-driven circuit
CC
C1 XOR I1
I4
C2
Toggle
I3
I2
Rin
Aout
Aout Rout
AinRin
Rout
Ain
fast-fwdoption
Non-speed-independence can be detected via non-1-safeness check
UFO’07 26 June 2007 Siedlce 19
Level-driven circuit
I2-
C1+
I2+
C1-
C1=1 C1=0
n_Ain/Rin
y1
I2=1 C2- I1-
n_y2C2+
I2=0
Rout
I1+C2=1
I1=0
I1=1
C2=0
Rin
En
y1Rout
I2 C2
C1
I1
y2
n_Aout
n_Ain
C1: y1 = Rin {y2} + y1(Rin + n_Aout + y2)
C2: n_y2 = y1 (n_Aout + n_y2)
I1: n_Ain = y1'
I1: Rout = y2' or Rout = delay (n_y2)
UFO’07 26 June 2007 Siedlce 20
Level-driven circuit
I2-
C1+
I2+
C1-
C1=1 C1=0
n_Ain/Rin
y1
I2=1 C2- I1-
n_y2C2+
I2=0
Rout
I1+C2=1
I1=0
I1=1
C2=0
Rin
En
y1Rout
I2 C2
C1
I1
y2
n_Aout
n_Ain
C1: y1 = Rin {y2} + y1(Rin + n_Aout + y2)
C2: n_y2 = y1 (n_Aout + n_y2)
I1: n_Ain = y1'
I1: Rout = y2' or Rout = delay (n_y2)
Set-part
UFO’07 26 June 2007 Siedlce 21
Level-driven circuit
I2-
C1+
I2+
C1-
C1=1 C1=0
n_Ain/Rin
y1
I2=1 C2- I1-
n_y2C2+
I2=0
Rout
I1+C2=1
I1=0
I1=1
C2=0
Rin
En
y1Rout
I2 C2
C1
I1
y2
n_Aout
n_Ain
C1: y1 = Rin {y2} + y1(Rin + n_Aout + y2)
C2: n_y2 = y1 (n_Aout + n_y2)
I1: n_Ain = y1'
I1: Rout = y2' or Rout = delay (n_y2)
Reset-part
UFO’07 26 June 2007 Siedlce 22
Level-driven circuit
I2-
C1+
I2+
C1-
C1=1 C1=0
n_Ain/Rin
y1
I2=1 C2- I1-
n_y2C2+
I2=0
Rout
I1+C2=1
I1=0
I1=1
C2=0
Rin
En
y1Rout
I2 C2
C1
I1
y2
n_Aout
n_Ain
C1: y1 = Rin {y2} + y1(Rin + n_Aout + y2)
C2: n_y2 = y1 (n_Aout + n_y2)
I1: n_Ain = y1'
I1: Rout = y2' or Rout = delay (n_y2)
Without y2 in Set part of y1 this trace can happen:
I2+
C1+
I2-
C2+
I1+
C1-
I2+ C2-
C1+
This sort of structures (acyclic Change Diagrams) were built directly from logic eqn’s by Kishinevsky et al. – but only for distributive circuits
UFO’07 26 June 2007 Siedlce 23
Level-driven circuit
I2-
C1+
I2+
C1-
C1=1 C1=0
n_Ain/Rin
y1
I2=1 C2- I1-
n_y2C2+
I2=0
Rout
I1+C2=1
I1=0
I1=1
C2=0
Rin
En
y1Rout
I2 C2
C1
I1
y2
n_Aout
n_Ain
C1: y1 = Rin {y2} + y1(Rin + n_Aout + y2)
C2: n_y2 = y1 (n_Aout + n_y2)
I1: n_Ain = y1'
I1: Rout = y2' or Rout = delay (n_y2)
Without y2 in Set part of y1 this trace can happen:
I2+
C1+
I2-
C2+
I1+
C1-
I2+ C2-
disablingC1+
UFO’07 26 June 2007 Siedlce 24
Properties analysed
Functional correctness (need to model environment) Deadlocks Hazards:
– non-1-safeness for event-based– non-persistency for level-based
Timing constraints– Absolute (need Timed Petri nets)– Relative (compose with a PN model of order
conditions)
UFO’07 26 June 2007 Siedlce 25
Circuit Petri Nets
Level-driven elements Petri net equivalents
NAND gate
x(=1)
y(=1)
z(=0)
NOT gate
x(=1) y(=0) x=0
x=1y=0
y=1
b
x=0
x=1z=0
z=1y=0
y=1
Self-loops in ordinary P/T nets
UFO’07 26 June 2007 Siedlce 26
Unfolding Nets with Read Arcs
t1
p1 p2
p
t2
p4p3
...
...
PN with self-loops
p4’
...
p1’ p2’
p’
t2’t1’
p3’t2’’ t1’’
p4’’ p3’’
p’’ p’’’
...
......
Unfolding with self-loops
Combinatorial explosion due to splitting the self-loops
p1 p2
p
t2
p4p3
...
...
Unfolding with read arcs(work with W. Vogler, CONCUR 1998)
Works nicely for read-persistent nets only
UFO’07 26 June 2007 Siedlce 27
Petri Net mapping: an example
source gate-level model
corresponding Petri Net
Multiple read arcs exiting one place:
bad for unfolding!
Only one read arc per place:minimal impact on unfolding
UFO’07 26 June 2007 Siedlce 28
Unfolding and read arcs: statistics
Test caseNet size(places/
transitions)
Without place splitting With place splitting
N of events Unfolding
timeN of events
Unfolding time
Counterflow stage controller
24/28 1541 36 ms 821 25 ms
SDFS ARISC 90/90 >50000 >1 min (halted)
164 18 ms
SDFS fork/join 112/132 >50000 >1 min
(halted)
1055 134 ms
SDFS fork/join early prop.
112/134 >50000 >1 min (halted)
1790 277 ms
UFO’07 26 June 2007 Siedlce 29
STG Unfolding
Unfolding an interpreted Petri net, such as a Signal Transition Graph, requires keeping track of the interpretation – each transition is a change of state of a signal, hence each marking is associated with a binary state
The prefix of an STG must not only “cover” the STG in the Petri net (reachable markings) sense but must also be complete for analysing the implementability of the STG, namely: consistency, output-persistency and Complete State Coding
UFO’07 26 June 2007 Siedlce 30
STG Unfolding
a+ b+
c+ c+
d+
d-
p1
p2 p3
p4
p5
p1
p2 p3
p4
p5
STG UninterpretedPN Reachability Graph
Binary-codedSTG Reach. Graph(State Graph)
p1(0000)abcd
p2(1000)
a+p3(0100)
b+
c+ c+p4(1010) p4(0110)
p5(1011)
d+d+
p5(0111)
a+ b+
c+ c+
p1
p2 p3
d+
d-
p4
p5
STG unfold. prefix
d+
d-
p4
p5
UFO’07 26 June 2007 Siedlce 31
STG Unfolding
a+ b+
c+ c+
d+
d-
p1
p2 p3
p4
p5
p1
p2 p3
p4
p5
STG UninterpretedPN Reachability Graph
Binary-codedSTG Reach. Graph(State Graph)
p1(0000)abcd
p2(1000)
a+p3(0100)
b+
c+ c+p4(1010) p4(0110)
p5(1011)
d+d+
p5(0111)
a+ b+
c+ c+
p1
p2 p3
d+
d-
p4
p5
STG unfold. prefix
Not like that!
UFO’07 26 June 2007 Siedlce 32
Consistency and Signal Deadlock
p1
a+
a- b-
b+
b+ b-
p3p2
p4
p5
p6p2p4
p1p4
p2p5
p1p5p3p4
p3p5
a-
a+
b+
b+b+
b+ b+
b-
p1p6
p2p6 p3p6
a+ b+ b-
b-
b-
b-
STG PN Reach. Graph
STG State Graph
p1p6(00)
p2p6(10) p3p6(01)
a+ b+ b-
ab
a-
p1p4(00)a+
p2p4(10)
b+
p2p5(11)b-
p3p4(01)
b+b+
p1p5(01)
b-
Signal deadlock wrt b+ (coding consistency violation)
UFO’07 26 June 2007 Siedlce 33
Signal Deadlock and Autoconcurrency
p1
a+
a- b-
b+
b+ b-
p3p2
p4
p5
p6
STG STG State Graph
p1p6(00)
p2p6(10) p3p6(01)
a+ b+ b-
ab
a-
p1p4(00)a+
p2p4(10)
b+
p2p5(11)b-
p3p4(01)
b+b+
p1p5(01)
b-
Signal deadlock wrt b+ (coding consistency violation)
STG Prefix
p1
a+
a-
b+
b+
b-
b+
p3p2
p4
p5
p6
a+
p1
b-p2
p2
b-Autoconcurrency wrt b+
UFO’07 26 June 2007 Siedlce 34
Verifying STG implementability
Consistency – by detecting signal deadlock via autoconcurrency between transitions labelled with the same signal (a* || a*, where a* is a+ or a-)
Output persistency – by detecting conflict relation between output signal transition a* and another signal transition b*
Complete State Coding is less trivial – requires special theory of binary covers on unfolding segments
UFO’07 26 June 2007 Siedlce 35
Example: VME Bus Controller
lds-d- ldtack- ldtack+
dsr- dtack+ d+
dtack- dsr+ lds+
DeviceVME Bus
Controller
ldsldtack
d
Data TransceiverBus
dsrdtack
UFO’07 26 June 2007 Siedlce 36
Example: Encoding Conflictdtack- dsr+
dtack- dsr+
dtack- dsr+
00100
ldtack- ldtack- ldtack-
0000010000
lds- lds- lds-
01100 01000 11000
lds+
ldtack+
d+
dtack+dsr-d-
01110 01010 11010
01111 11111 11011
11010
10010
M’’ M’
UFO’07 26 June 2007 Siedlce 37
Example: Encoding Conflict
lds-
d-
ldtack-
ldtack+ dsr- dtack+d+
dtack-
dsr+ lds+ lds+
dsr+e1 e2 e3 e4 e5 e6 e7
e9 e11
e12
e10e8
Code(conf’)=10110 Code(conf’’)=10110
UFO’07 26 June 2007 Siedlce 38
Detection of encoding conflicts using SAT solvers
A special case of model checking! has the form CONF1CONF2VIOL VIOL is a constraint stating that the
two configurations have the same final encodings and enable different sets of output signals
UFO’07 26 June 2007 Siedlce 39
Beyond model checking
Problem: model checking just tells you whether some property holds, but it’s not enough for resolution of encoding conflicts and for deriving equations!
UFO’07 26 June 2007 Siedlce 40
Example: Resolving the conflictdtack- dsr+
dtack- dsr+
dtack- dsr+
001000
ldtack- ldtack- ldtack-
000000 100000
lds- lds- lds-
011000 010000 110000
lds+
ldtack+
d+
dtack+dsr-
d-
011100 010100 110100
011111 111111 110111
110101
100101
011110
csc+
csc-
100001
M’’ M’
UFO’07 26 June 2007 Siedlce 41
Example: Encoding Conflict
lds-
d-
ldtack-
ldtack+ dsr- dtack+d+
dtack-
dsr+ lds+ lds+
dsr+e1 e2 e3 e4 e5 e6 e7
e9 e11
e12
e10e8
Code(conf’)=10110 Code(conf’’)=10110
core
UFO’07 26 June 2007 Siedlce 42
Example: Resolving the conflict
lds-d- ldtack- ldtack+
dsr- dtack+ d+
dtack- dsr+ lds+csc+
csc-
UFO’07 26 June 2007 Siedlce 43
Visualising conflicts: Height map
Cores often overlap Highest ‘peaks’ are good candidates for signal
insertion Analogy with topographic maps
Core1
Core2 A1A2A3
Core3
UFO’07 26 June 2007 Siedlce 44
Height map: an example
Highestpeak
Core map Height map
csc+
UFO’07 26 June 2007 Siedlce 45
Logic synthesis: Next-state function
The next-state function of each output or internal signal will be implemented as a logic gate in the circuit
Defined for each such signal z at each reachable state M as
Nxtz(M) = Codez(M) Enabledz(M) The value is undefined (‘don’t care’) for
unreachable states
UFO’07 26 June 2007 Siedlce 46
Example: Deriving equationsdtack- dsr+
dtack- dsr+
dtack- dsr+
001000
ldtack- ldtack- ldtack-
000000 100000
lds- lds- lds-
011000 010000 110000
lds+
ldtack+
d+
dtack+dsr-
d-
011100 010100 110100
011111 111111 110111
110101
100101
011110
csc+
csc-
100001
UFO’07 26 June 2007 Siedlce 47
Example: Deriving EquationsCode Nxtdtack Nxtlds Nxtd Nxtcsc
001000000000100000100001011000010000110000100101011100010100110100110101011110011111111111110111
0000000000001111
0001000100011111
0000000000010111
0011000100010011
Eqn d d csc csc ldtack dsr(ldtackcsc)
UFO’07 26 June 2007 Siedlce 48
Example: Resulting Circuit
Device
d
Data TransceiverBus
dsr
dtacklds
ldtack
csc
UFO’07 26 June 2007 Siedlce 49
Logic synthesis on unfoldings
Challenge: how to do this without building the state graph, and using only the unfolding prefix?
UFO’07 26 June 2007 Siedlce 50
Logic synthesis on unfoldings
Need to know how to compute projections!
Problem: given a prefix and a set X of signals which are known to be a support of the given output or internal signal z, compute the truth table of Nxtz
Let = CONF CODEX where CODEX relates the values of all signals in X with the configuration
Compute the projection of onto X
UFO’07 26 June 2007 Siedlce 51
Example: computing projections
a b c d e0 1 0 0 10 1 0 1 00 1 0 1 10 1 1 0 00 1 1 0 10 1 1 1 00 1 1 1 11 0 0 0 11 0 0 1 01 0 0 1 11 0 1 0 01 0 1 0 11 0 1 1 01 0 1 1 1
Proj{a,b,c}
a b c0 1 00 1 11 0 01 0 1
a b
=(a b)(a b)(c d e)
UFO’07 26 June 2007 Siedlce 52
Computing projections
0 1 0 0 1
Proj{a,b,c} a b c d e
0 1 1 0 0
1 0 0 0 1
1 0 1 0 0UNSAT
(abc) (abc) (abc) (abc)
a b
=(ab)(ab)(cde)
Incremental SAT
UFO’07 26 June 2007 Siedlce 53
Further developments Unfoldings for PNs with read arcs, beyond
read-persistent nets Unfoldings for large circuit models (higher
levels) Unfoldings of circuits with timing constraints Unfoldings for synthesis and re-synthesis
driven by verification and optimization
UFO’07 26 June 2007 Siedlce 54
Circuit Petri nets
I2-
C1+
I2+
C1-
C1=1 C1=0
n_Ain/Rin
y1
I2=1 C2- I1-
n_y2C2+
I2=0
Rout
I1+C2=1
I1=0
I1=1
C2=0
Rin
En
y1Rout
I2 C2
C1
I1
y2
n_Aout
n_Ain
C1: y1 = Rin {y2} + y1(Rin + n_Aout + y2)
C2: n_y2 = y1 (n_Aout + n_y2)
I1: n_Ain = y1'
I1: Rout = y2' or Rout = delay (n_y2)
The meaning of these numerous self-loop arcs is however different from self-loops (which take a token and put it back)
These should be test or read arcs (without consuming a token)
From the viewpoint of analysis we can disregard this semantic discrepancy (it does not affect reachability graph properties!) and use ordinary PN unfolding prefix for analysis, BUT …
UFO’07 26 June 2007 Siedlce 55
Experimental results (from Semenov)
Name States Versify PUNTVerif.only Total Trans. Places Time
c-elem 64 0.01 0.11 7 12 0.07chu172 768 0.02 0.26 13 14 0.11espinalt-bad 15360 0.07 0.74 13 17 0.12espinalt-good 27648 0.1 0.83 25 30 0.17fair-arb-sg 1280 0.09 0.8 32 33 0.51josepm 45056 0.7 0.72 21 29 0.12master-read3.45E+07 0.39 7.4 51 78 0.37t1 618496 2.65 8.97 67 104 2.87irred.no1token 41472 0.19 0.93 6 10 0.07… … … … … … …TOTAL 4.37 26.98 6.13
Example with inconsistent STG: PUNT quickly detects a signal deadlock “on the fly” while Versify builds the state space and then detects inconsistent state coding
UFO’07 26 June 2007 Siedlce 56
General-purpose Petri Net mapping technique
• Signals are represented as elementary cycles
• Positive (negative) transitions of the cycles are built according to set (reset) logical function
• The logical functions are converted into DNF form and undergo boolean minimisation
• For each clause of the minimised DNF, a transition is added
• Transitions are connected to places corresponding to the literals of the DNF clause by means of read arcs
read arcs