Title: Automatic%20synthesis%20and%20verification%20of%20asynchronous%20interface%20controllers
1Automatic synthesis and verification of
asynchronous interface controllers
- Jordi Cortadella Universitat Politècnica de
Catalunya, Spain - Michael Kishinevsky Intel Corporation, USA
- Alex Kondratyev Theseus Logic, USA
- Luciano Lavagno Università di Udine, Italy
- Enric Pastor Universitat Politècnica de
Catalunya, Spain - Marco A. Peña Universitat Politècnica de
Catalunya, Spain - Alexander Yakovlev University of Newcastle upon
Tyne, UK
2Specification(environment)
Implementation (circuit)
3Why and why not?
- Asynchronous circuits robustness, modularity,
less power consumption, low EMI, no clock skew
and many other debatable advantages - Designing correct async circuits is
difficult(hazards, testing) - Designing efficient async circuits is a nightmare
(time comes into play) - Design automation is crucial
4How to make it asynchronous ?
5Outline
- Synthesis flow with STGs
- Specification
- State graph and next-state functions
- State encoding
- Implementability conditions
- Logic decomposition
- Synthesis with relative timing assumptions
- Formal verification of timed circuits
6Specification(STG)
Reachability analysis
State Graph
State encoding
SG withCSC
Design flow
Boolean minimization
Next-state functions
Logic decomposition
Decomposed functions
Technology mapping
Gate netlist
7VME bus
8STG for the READ cycle
DTACK-
DSr
LDS
LDTACK
D
DTACK
DSr-
D-
LDS-
LDTACK-
D
LDS
DSr
VME Bus Controller
LDTACK
DTACK
9Specification(STG)
Reachability analysis
State Graph
State encoding
SG withCSC
Design flow
Boolean minimization
Next-state functions
Logic decomposition
Decomposed functions
Technology mapping
Gate netlist
10Binary encoding of signals
DSr
DTACK-
LDS
LDTACK-
LDTACK-
LDTACK-
DSr
DTACK-
LDS-
LDS-
LDS-
LDTACK
DSr
DTACK-
D
D-
DSr-
DTACK
11State graph
DSr
DTACK-
10000
LDS
LDTACK-
LDTACK-
LDTACK-
DSr
DTACK-
10010
LDS-
LDS-
LDS-
LDTACK
DSr
DTACK-
10110
01110
10110
D
D-
DSr-
DTACK
(DSr , DTACK , LDTACK , LDS , D)
12Excitation / Quiescent Regions
13Next-state function
0 ? 1
0 ? 0
1 ? 1
1 ? 0
14Karnaugh map for LDS
LDS 1
LDS 0
-
-
-
0
1
-
0
1
-
-
-
-
-
-
-
-
1
1
1
-
-
-
-
-
0
0
0
0
0
0/1?
-
-
15Specification(STG)
Reachability analysis
State Graph
State encoding
SG withCSC
Design flow
Boolean minimization
Next-state functions
Logic decomposition
Decomposed functions
Technology mapping
Gate netlist
16Concurrency reduction
LDS
LDS-
LDS-
LDS-
10110
10110
17Concurrency reduction
DTACK-
DSr
LDS
LDTACK
D
DTACK
DSr-
D-
LDS-
LDTACK-
18State encoding conflicts
LDS
LDTACK-
LDS-
LDTACK
10110
10110
19Signal Insertion
LDTACK-
LDS
LDS-
LDTACK
101101
101100
D-
DSr-
20Specification(STG)
Reachability analysis
State Graph
State encoding
SG withCSC
Design flow
Boolean minimization
Next-state functions
Logic decomposition
Decomposed functions
Technology mapping
Gate netlist
21Complex-gate implementation
22Implementability conditions
- Consistency CSC persistency
- There exists a speed-independent circuit that
implements the behavior of the STG(under the
assumption that ay Boolean function can be
implemented with one complex gate)
23Specification(STG)
Reachability analysis
State Graph
State encoding
SG withCSC
Design flow
Boolean minimization
Next-state functions
Logic decomposition
Decomposed functions
Technology mapping
Gate netlist
24No Hazards
25Decomposition May Lead to Hazards
1000
1100
1100
0100
0110
26Decomposition example
27x
y-
w
y
1001
1011
z-
z
w-
y
1000
0001
w
y
z
x
w-
z-
x
w
1010
0000
0101
0011
w-
z-
y
x
w
y
z
0010
0100
x-
z
y
x
z
y
0110
0111
x
z
y
28s1
x
y-
w
s
1001
1011
y
z-
s-
z
w
1001
1000
z-
s-
y
w-
x
w
0011
0001
1000
1010
y
s-
x
w-
z-
w
x-
y
z
0000
0101
1010
z
w-
z-
y
x
0111
0010
0100
y
s
y
x
x
z
s0
z
0111
y
0110
29s1
y-
y-
1001
1011
z-
s-
s-
w
1001
1000
z-
s-
y
w-
z-
w-
w
0011
0001
1000
1010
y
s-
x
w-
z-
x-
0000
0101
1010
y
x
x-
w-
z-
y
x
0111
0010
0100
s
s
y
x
z
s0
z
0111
0110
30Adding timing assumptions
DTACK-
DSr
LDS
LDTACK
D
DTACK
DSr-
D-
LDS-
LDTACK-
D
DTACK
LDS
map
csc
DSr
LDTACK
31Bus
Data Transceiver
Device
D
LDS
DSr
VME Bus Controller
LDTACK
DTACK
D
DTACK
LDS
map
csc
DSr
LDTACK
32Adding timing assumptions
DTACK-
DSr
LDS
LDTACK
D
DTACK
DSr-
D-
LDS-
LDTACK-
D
DTACK
LDS
map
csc
DSr
LDTACK
33Adding timing assumptions
DTACK-
DSr
LDS
LDTACK
D
DTACK
DSr-
D-
LDS-
LDTACK-
D
DTACK
LDS
map
csc
DSr
LDTACK
34State space domain
DSr
LDTACK-
35State space domain
DSr
LDTACK-
36State space domain
DSr
LDTACK-
Two more unreachable states
37Boolean domain
LDS 1
LDS 0
-
-
-
0
1
-
0
1
-
-
-
-
-
-
-
-
1
1
1
-
-
-
-
-
0
0
0
0
0
0/1?
-
-
38Boolean domain
LDS 1
LDS 0
-
-
-
0
1
-
0
1
-
-
-
-
-
-
-
-
1
1
1
-
-
-
-
-
0
0
-
0
0
1
-
-
One more DC vector for all signals
One state conflict is removed
39Netlist with one timing constraint
DTACK-
DSr
LDS
LDTACK
D
DTACK
DSr-
D-
LDS-
LDTACK-
D
DTACK
LDS
map
csc
DSr
LDTACK
40Netlist with one timing constraint
DTACK-
DSr
LDS
LDTACK
D
DTACK
DSr-
D-
LDS-
LDTACK-
41Types of timing assumptions
- Environment slower (or faster) than the circuit
- Gate delay shorter than another gate delay
- Speculative enabling (events enabled beforethey
must actually occur) - Indistiguishable firing times of different
events - . . .
42Formal verification
- Implementability properties
- Consistency, persistency, state coding
- Behavioral properties (safeness, liveness)
- Mutual exclusion, ack after req,
- Equivalence checking
- Circuit ? Specification
- Circuit lt Specification
43x
- Property
- g must fire before d after having fired x
a
b
b
g
a
c
c
g
b
c
a
b
c
g
c
b
d
g
y
d
g
44Verifying asynchronous circuits
- Internal signals cannot be abstracted out(many
more state signals and states) - If delays must be taken into account, each gate
is a component with delay - Verification with timed automata results
unmanageable (BDDs do not work) Gate
counter state signal - We need clever strategies to do symbolic model
checking
45x
- Timed Transition System
- (Manna, Pnueli)
- Transition System
- Min/Max Delays
a
b
b
g
a
c
c
b
c
c
g
d(a) ? 1,2 d(b) ? 1,2 d(c) ? 2.5,3 d(g) ?
0.5,0.5 d(d,x,y) ? 0,?)
c
y
d
46x
a
b
b
g
a
c
c
g
b
c
a
b
c
g
c
b
d
g
y
d
g
47x
x
a
b
a
g
c
b
c
d
d
g
48Maximum Time Separation (McMillan Dill, 1992)
x
1,2
1,2
a
b
0.5,0.5
2.5,3
g
c
0,?)
0,?)
d
max t(g) - t(d)
-2
49Maximum Time Separation (McMillan Dill, 1992)
x
From absolute to relative timing
a
b
g
c
d
max t(g) - t(d)
-2
50x
x
a
b
a
b
b
g
a
c
c
g
g
c
b
c
a
b
c
g
d
c
b
d
g
y
d
g
51x
a
b
b
g
a
c
c
g
b
c
c
a
b
c
g
g
c
c
b
d
d
g
g
y
y
d
d
g
g
52x
x
a
a
b
b
g
c
g
g
c
b
c
b
c
g
d
c
b
d
g
d
g
53x
x
a
a
b
b
g
c
g
c
b
c
c
g
d
c
d
54x
a
b
b
g
a
c
b
c
a
g
g
c
c
d
g
y
y
d
d
g
55x
b
x
a
c
a
b
c
a
g
g
c
c
d
g
d
d
g
56x
b
x
a
c
a
b
c
g
g
c
c
d
d
57x
a
b
b
g
a
b
g
g
c
c
y
y
d
d
58x
a
b
b
g
a
b
g
g
c
c
y
y
d
d
59(No Transcript)
60(No Transcript)
61(No Transcript)
62(No Transcript)
63(No Transcript)
64(No Transcript)
65(No Transcript)
66(No Transcript)
67Border of failure states
68 69(No Transcript)
70(No Transcript)
71(No Transcript)
72(No Transcript)
73Backannotation (sufficient timing constraints)
74(No Transcript)
75Conclusions
- An asynchronous circuit is a concurrent system
with processes (gates) and communication (wires) - The synthesis and formal verification of
asynchronous control circuits can be totally
automated - The theory of concurrency is crucial to formalize
automatic synthesis and verification methods - Existing tools at academia petrify, 3D, ATACS,
Kronos, versify, etc. - Industry starting to try Intel, Theseus,
Cogency, IBM, ...