Similar documents
Genet A tool for the synthesis and mining of Petri nets. Josep Carmona jcarmonalsi.upc.edu Software Department Universitat Politcnica de Catalunya


Modeling and Design of Asynchronous Circuits

Victims Compensation Claim Status of All Pending Claims and Claims Decided Within the Last Three Years

d e f i n i c j i p o s t a w y, z w i z a n e j e s t t o m. i n. z t y m, i p o jі c i e t o

Cascaded Counters. Page 1 BYU

Optimal Technology Mapping and Cell Merger for Asynchronous Threshold Networks

End-to-endDelayofVideoconferencingoverPacket

A Delay Efficient Robust Self-Timed Full Adder

Design Example: Counters. Design Example: Counters. 3-Bit Binary Counter. 3-Bit Binary Counter. Other useful counters:

SmartVFD Frame 4 Wiring Diagrams and Dimensional Drawings

Napier University. School of Engineering. Electronic Engineering A Module: SE42205 Digital Design

Interconnection Networks

Prof. Alex Yakovlev and Dr Fei Xia, School of EECE, Newcastle University

1. Find the length of BC in the following triangles. It will help to first find the length of the segment marked X.

Hardware Implementations of RSA Using Fast Montgomery Multiplications. ECE 645 Prof. Gaj Mike Koontz and Ryon Sumner

Supplementary Order Paper

Demystifying Data-Driven and Pausible Clocking Schemes

Set-Reset (SR) Latch


System on Chip Design. Michael Nydegger

A Tree Arbiter Cell for High Speed Resource Sharing in Asynchronous Environments

2015 PMB SEMESTER 2 Module timetable - PADM2B0 W2 (F) Introduction to Public Sector HR Management (Wk 30, 2015/07/19)

Low latency synchronization through speculation

PHILADELPHIA COUNTY LAND USE CODES

RAID5 Scaling. extremesan Performance 1

PHILADELPHIA COUNTY LAND USE CODES

ECE380 Digital Logic

ASYNCHRONOUS COUNTERS

a a Function, Area Timing, Power, Test b seq c b par c Tangram Program Performance Analyzer Fig. 2. Handshake components: sequencer (left) and paralle

Section D..General Auto Electrical Corporation

THE EFFECT OF SLOT SKEWING AND DUMMY SLOTS ON PULSATING TORQUE MINIMIZATION IN PERMANENT MAGNET BRUSHLESS DC MOTORS

TAC I/NETTM MR-AHU-HP. Application Specific Controller

Automation Unit TM 1703 ACP Flexible automation and telecontrol

Proposed Life Cycle Logistics Certification Training Requirements for FY14 and Beyond


Digital Fundamentals. Lab 8 Asynchronous Counter Applications

Acceptance Page 2. Revision History 3. Introduction 14. Control Categories 15. Scope 15. General Requirements 15

Elements from Another Universe: Understanding the Beauty of the Periodic Table

Process Mining Framework for Software Processes

BIG DATA IN TRANSPORT RESEARCH: LEGAL AND PRIVACY CHALLENGES

An Ultra-low low energy asynchronous processor for Wireless Sensor Networks

SCHOOLOFCOMPUTERSTUDIES RESEARCHREPORTSERIES UniversityofLeeds Report95.4

Developments toward a European Land Monitoring Framework. Geoff Smith. Seminar 2 nd December, 2015 Department of Geography, University of Cambridge

CHAPTER 11 LATCHES AND FLIP-FLOPS

Wikipedia Survey First Results

Outline. Clouds of Clouds lessons learned from n years of research Miguel Correia

Master/Slave Flip Flops

Opis przedmiotu zamówienia - zakres czynności Usługi sprzątania obiektów Gdyńskiego Centrum Sportu

DHL EXPRESS CANADA E-BILL STANDARD SPECIFICATIONS

Serial port interface for microcontroller embedded into integrated power meter

Data Transmission Control Line Intermodule Exchange Interface, Advantages and Disadvantages

路 論 Chapter 15 System-Level Physical Design

Sequential Circuits. Combinational Circuits Outputs depend on the current inputs

Rev 0 25-AUG ipro HVAC and Lighting Installation and Operation Manual

Flip-Flops and Sequential Circuit Design. ECE 152A Winter 2012

Flip-Flops and Sequential Circuit Design

recent)algorithmcalledbdm.bdmskipscharactersusinga\suxau-

STATE OF WASHINGTON DEPARTMENT OF FINANCIAL INSTITUTIONS DIVISION OF CONSUMER SERVICES INTRODUCTION I. FACTUAL ALLEGATIONS

IMPLEMENTING INTRANET/EXTRANET Estimate of cost Feasibility check

Theory and Practice of Using Models of Concurrency in Hardware Design

FINANCIAL SERVICES BOARD INSURANCE DEPARTMENT

Notes about Small Signal Model. for EE 40 Intro to Microelectronic Circuits

Process Mining Based on Regions of Languages

Child Care Resource Kit celebrate relationships!

Supporting Information for. Redox Gated Three-terminal Organic Memory Devices: Effect of Composition and Environment on Performance

Excel Invoice Format. SupplierWebsite - Excel Invoice Upload. Data Element Definition UCLA Supplier website (Rev. July 9, 2013)

DIGITAL ELECTRONICS. Counters. By: Electrical Engineering Department

Emcient Evaluation of Polynomial Forms*

Hazards associated with the gas system and how to mitigate them

UNIK4250 Security in Distributed Systems University of Oslo Spring Part 7 Wireless Network Security

H ig h L e v e l O v e r v iew. S te p h a n M a rt in. S e n io r S y s te m A rc h i te ct

MDM192 MULTI-DROPS DIGITAL MODEM FOR PRIVATE LINE. USER GUIDE Document reference :

What s the Difference? 2 Pipe vs 4 Pipe Fan Coil

Elementary Logic Gates

Power Reduction Techniques in the SoC Clock Network. Clock Power

Pitfalls in Degree Equivalency

Flash Solid State. Are we there yet?

CODES FOR PHARMACY ONLINE CLAIMS PROCESSING

Designing and Evaluating an Interpretable Predictive Modeling Technique for Business Processes

Chapter 4 AC to AC Converters ( AC Controllers and Frequency Converters )

FPGA Design of Reconfigurable Binary Processor Using VLSI

EXISTING MASONRY WALL TO REMAIN (TYP.). EXISTING PARTITION TO REMAIN PROVIDE 3'-3" W. X 8'-0"H. NEW PELLA WINDOWS AS INDICATED ON PLANS. (TYP.

Standard risks identified during payroll and payroll taxes review

Signaling Solutions. A Complete Portfolio for Optimized Monitoring

Welcome to Berkeley. Edward A. Lee Chair, Electrical Engineering and Computer Sciences (EECS) University of California, Berkeley.

Slide 1. Slide 2. Slide 3. Cable Properties. Passive flow of current. Voltage Decreases With Distance

BURST-MODE communication relies on very fast acquisition

Latest Power Plant Control System

COMP 303 MIPS Processor Design Project 4: MIPS Processor Due Date: 11 December :59

DM54LS260 DM74LS260 Dual 5-Input NOR Gate

PLC Support Software at Jefferson Lab

Rain Sensor "AWS" TYPE CHART and INSTALLATION INSTRUCTION

Internet Scale Storage Microsoft Storage Community

CUSCINETTI MONTANTE MAST ROLLERS

Zlinx Wireless I/O. Peer-to-Peer and Modbus I/O B&B ELECTRONICS PRODUCT INFORMATION

Question 6 -6-[+13)= A-7 87 cts'(i)g Question 7 5 x -4= A -1 B 1. Question 8. 1n.1_ -LL7L- A 11 Bt c-20 D 20. QuestioX9 (-+), =

DATA SHEET. HEF4508B MSI Dual 4-bit latch. For a complete data sheet, please also download: INTEGRATED CIRCUITS

Lecture 11: Sequential Circuit Design

Transcription:

VericationofAsynchronousCircuits usingtimedautomata MariusBozga,HouJianmin,OdedMalerandSergioYovine InthisworkweapplythetimingvericationtoolOpenKronos,whichis Abstract basedontimedautomata,toverifycorrectnessofnumerousasynchronouscircuits. Thedesiredbehaviorofthesecircuitsisspeciedintermsofsignal correctlyundertheassumptionthattheinputssatisfythestgconventions transitiongraphs(stg)andwecheckwhetherthesynthesizedcircuitsbehave andthatthegatedelaysareboundedbetweentwogivennumbers.ourresults demonstratetheviabilityofthetimedautomatonapproachfortiminganalysis ofcertainclassesofcircuits. 1 Introduction Todaymostofcircuitvericationandanalysisisdonewhilemaintainingaseparationbetweenthelogicalfunctionalitiesofacircuitandthedelaypropertiesofits components.forclockedsynchronouscircuits,thesizeoftheclockcyclecanbedeterminedbycomputingtheaccumulateddelaysalongthelongestpathfrominputs tolatches.assumingthatthecycletimeissucientlylarge,thefunctionalvericationofthecircuitcanproceedbyignoringgateandwiredelaysandbytreatingthe divisionoflabormakescircuitdesignandvericationamoretractableprocess,it wholecircuitattheabstractionlevelofanuntimedsequentialmachine.whilethis Thereasonisthatinrealitylogicandtiminghavecomplexmutualinteractions, makesitmorediculttosatisfytheever-growingdemandsformoreperformance. pathlengthcandiersignicantlyintheirmaximalstabilizationtimes.thepath andtwodierentrealizationsofthesamecombinationalfunction,havingthesame lengthonlygivesanupper-approximationofthepropagationdelay,takingintoaccountworst-caseswhichare,moreoftenthannot,impossiblewhenlogicistaken intoaccount(\falsepaths"). thespeed-independentparadigm.thedesiredbehaviorofacircuitisspeciedasa Alotofasynchronouscircuits[U69,KKTV93,BS94]designhasbeendonewithin kindof\protocol"betweenthecircuitanditsenvironment. notassumetwodistinctphasesineveryoperationcycle(arrivalofinputsandcomputationofnext-stateandoutput)andhencethecircuitspecicationcannotbe decomposednaturallyintoacombinationalfunctionandamemory.1 Verimag,CentreEquation,2,av.deVignate,38610Gieres,France,@imag.fr Themajor Thisprotocoldoes 1Thisisnotthecaseinburst-modecircuitswhichareoutofthescopeofthispaper. 1

burdeninasynchronousdesignistodetectoccurrencesofcertainsubsetsofevents inthecircuit.thisapproachrequiresalargesiliconinvestmentinevent-detection (whichmayappearinvariousorders)whicharesucientfortriggeringfurtherevents mechanismsandithasbeenobserved[ckk+98]thatbytakingdelayinformation actuallyhappenandthesizeofthecircuitcanbereducedsignicantlybyputting intoaccount,manybehaviorsanticipatedbythespeed-independentdesigncannot suchbehaviorsinthe\don't-care"category. betweenlogicanddelayscanbeexpressednaturally,andwhichcanserveasabasis Theseandotherobservationscallforaformalmodelinwhichtheinteraction fordesignandvalidationtoolsthattakeadvantageofthisexpressivepower.timed automata[ad94]constitutesuchamodel.theseareautomataaugmentedwithctitiousclockvariableswhoseroleinthemodelistomeasurethetimeelapsedsince theoccurrenceofcertainevents.usingtheseclocks,thephenomenonofuncertain manner.ofcourse,timedautomata(henceforthta)inheritfromautomatathecapabilitytomodelanycomplexdiscretedynamicsandhencetheyaremoreexpressive thanmodelsbasedontimedmarkedgraphsandthemax-plusalgebra.indeed,it wasshown[d89,l89,mp95]thatcircuitswithbi-boundedgateorwiredelayscan betransformedintonetworksoftimedautomatawhichcanserveasabasisforsimu- butboundeddelaybetweentwoormoreeventscanbeexpressedinaverynatural implemented[lpy97,doty96]andappliedtovariousproblems,includingtiming lation,vericationandautomaticdesign.severaltoolsfortavericationhavebeen tivemodelswhichareusedtoaddressthesameclassofproblemarebasedonsome analysisofcircuits[my96,bmpy97,tb97,tkb97,tky+98,bmt99].alterna- variantsoftimedpetrinets[bd91,hb95,bm98,sy95,yr99,kb99,zm00]and itwillbeinterestingtocomparethemwiththeta-basedapproachbothinterms ofmodelingandexpressivityandintermsofunderlyingcomputationaldiculty. andthetoolopenkronos[bdm+98]tothevericationofasynchronouscircuits.we ThisworkdescribestheapplicationoftheTA-basedvericationmethodology taketwodozensoftypicalasynchronouscircuitsrealizedbygateshavingbi-bounded circuitsbehaveaccordingtotheirspecications.ourperformanceresultsindicate delays. UsingstandardTAreachabilitymethodsweattempttoverifythatthese wereabletoverifycircuitswithupto17gates)andfromwhereyouneedtoaugment howfaronecangobyapplyingbrute-forcevericationtotherichtamodel(we takeadvantageofthespecialstructureofthesub-classoftathatcorrespondto vericationwithacompositionalmethodologyandwithspecializedtechniquesthat circuits. wemodelbi-boundeddelaysusingtimedautomataandhowtimingvericationis Therestofthepaperisorganizedasfollows: insection2wedescribehow appliedtothesemodels. jointbehaviorofthecircuitandofitsstgspecicationareconvertedintoatimed InSection3weillustrate,usinganexample,howthe automataandanalyzedbyopenkronos. benchmarkexamplesarereportedinsection4. Finally,thevericationresultsforthe 2

f1 f2 f3 [l1;u1] y1 x1 [l2;u2] y2 x2 [l3;u3] y3 x3 Figure1:Acircuitwithdelays. 2 ModelingDelayswithTimeAutomata boundeddelaysusingtimedautomata[mp95,my96,bmt99].weviewacircuit Inthissectionwesketchinformallyourapproachformodelingcircuitswithbi- asanetworkconsistingofbooleangatesand(non-deterministic)delayelementsas tosignals. infigure1.abooleangatecanbeviewedasamemorylessfunctionfromsignals upper-boundsonthepropagationtimesofeventsfromtheinputtotheoutput(wire Eachdelayelementischaracterizedbyaninterval[l;u]oflower-and Weassumethatthedelaysareinertial:changesthatdonotpersistforltimeare delayscanbemodeledasaspecialcasewherethebooleanfunctionistheidentity). lteredaway.morereneddelaymodelscanbedenedatthepriceofmorecomplex analysis. uncountably-manydierentoutputsignals,asdemonstratedinfigure2,andhence Duetouncertaintyadelayelementcantransformaninputsignalinto thecorrespondingoperatord[l;u]isnon-deterministic,i.e.set-valued.thesemantics ofthecircuitisthesetofallsolutionsofasystemofequationsandinclusionson signalsoftheform: Wetranslateeveryequationintoatimedautomatonwhosesetofbehaviors yi=fi(x1;:::;xn) xi2d[li;ui](yi) automatageneratesexactlyallthepossiblebehaviorsofthecircuitunderallpossible coincideswiththesetofsolutionsoftheequationandthecompositionofallthese aone-stateautomatonwhichgeneratesallthetuplessatisfyingtheequation.each choicesofdelays.theautomatonforabooleangateyi=fi(x1;:::;xn)issimply delayelementoftheformx2d[l;u](y)ismodeledbyonetimedautomatonwith theinputyandtheoutputxareboth0. 4statesandoneclockasdepictedinFigure3.State(0;0)isastablestatewhere atransitiontotheexcitedstate(1;0)ismadeandaclockcisresettozeroand Assoonastheinputychangesto1, signiesa\regret"oftheinputbeforethepropagationoftheeventtotheoutput. startsmeasuringthetimesincetheevent.thetransitionfrom(1;0)backto(0;0) inputbehavesaccordingtosomeprotocol,orbereplacedbyan\error"transition Suchregrettransitionscanbeavoidedincertainmodelswhichassumethatthe ifthedesignmethodologydisallowssuchphenomena.whenatstate(1;0),ifthe clockvaluecrossesthelowerboundl,theoutputcanchangeto1andtheautomaton movestothestablestate(1;1).however,aslongastheupperbounduhasnotbeen reached,theautomatonmaystayin(1;0).theabilitytoexpressandanalyzethis 3

1 2 3 4 5 6 7 Figure2:Aninputsignalandasamplef1;:::;7gofthesetD[1;3]()ofits delayedoutputs. temporaluncertaintyisthemainfeatureofta.unlikedeterministicmodelsused inspicesimulation,acircuitmodeledusingsuchbi-boundeddelayelementsand theircorrespondingtawillhavemanybehaviors,eveninthepresenceofasingle basedonthepossiblerangesofthevaluesofclockvariables.thegeneratorsofinput inputsignal.howeverallthesebehaviorscanbecapturedusinggeometricmethods inputssuchastimingboundsontheirfrequencyorsomeprotocolsofinteraction signalscanalsobemodeledastimedautomata,expressingvariousrestrictionsonthe withthecircuitthattheyfollow. modelthecircuit,itispossible,inprinciple,tosimulateallthepossiblebehaviorsof Bycombiningtheseautomatawiththosethat thecircuit,inthepresenceofalladmissibleinputsandchoicesofdelaysandhence liftformalvericationmethodologyfromuntimedtotimedcircuitmodels. Figure4.Supposethatinitiallytheyarebothinstate0andhencethereachability Asanillustrativeexampleconsiderthetwoindependentoscillatorsappearingin maystayat(0;0)aslongasnoneoftheclockshascrosseditscorrespondingupperbound.inthisexample,whereu1<u2,thesetofclockvaluesreachableviatime analysisstartsatglobalstate(0;0)withclocksat(0;0).theproductautomaton passageatstate(0;0)isf(x1;x2):x1=x2u1g.byintersectingthissetwith whichdenotesalltheclockvaluationsinwhichthetransitionfrom(0;0)to(1;0)is thetransitionguardc1l1weobtainthesetf(x1;x2):l1x1=x2u1g enabled.sincethistransitionresetsc1wemayreach(1;0)atanypointintheclock reachthesetf(x1;x2):l1x2u2^l1x2?x1u1g,andthisset,inturn,can spacebelongingtof(0;x2):l1x2u1g.fromthere,bytimepassage,wemay beintersectedwiththeconditionc2l2formovingto(1;1)etc.thereadercan ndformaldenitionsoftareachabilityanalysisin[a99,y98]. FromatheoreticalstandpointalltheinterestingproblemsconcerningTA(and 4

y=0 (0;0) y=1=c:=0 y=0^c<u C<u y=1^ (1;0) Cu lc^ y=1^ Cu lc^ y=0^ y=0^ y=1^c<u C<u (0;1) y=0=c:=0 y=1 (1;1) Figure3:Thetimedautomatonforadelayelement.Therunsoftheautomatonare exactlythosesatisfyingy2d[l;u](x). C1<u1 0 C1l1=C1:=0 C1<u1 1 C1l1=C1:=0 C2<u2 0 C 2l2=C2:=0 C 2<u2 1 C2l2=C2:=0 u2 l2 u2 l2 (0;0) l1(0;1) u1 u2 (1;0) l2 l1 u1 u2 (1;1) l2 l1 u1 l1 u1 Figure4:(a)TwoTArepresentingtwoindependentoscillators.(b)Therststeps (a) (b) incomputingalltheirpossiblebehaviors.dashedlinesindicatediscretetransitions. 5

circuitsmodeledbythem)canbesolvedalgorithmically.theseproblemsinclude absenceofhazards,boundedresponseproperties,absenceofshortcutsintransistor rentlyclassiedunderdierentsub-topicsincircuitdesign.otherproblemswhich models,conformancewithcommunicationprotocolsandmanyotherpropertiescur- automaticderivationofdelayparametersandtransitionconditionsinordertoguaranteesatisfactionofcertainproperties)andthetime-optimalcontrollersynthesis canbeformulatedandtheoreticallysolvedarethecontrollersynthesisproblem(the problem(choosingparametersandconditionsthatwillleadtheautomatonintoa tionalcircuit).however,duetothecomplexityoftaanalysis,manyresearchers setofstatesassoonaspossible,e.g.intothesetofstablestatesinacombina- inthelongrunitisbettertoseparateconsiderationsofmodelingadequacyfrom andpractitionerspreferlessexpressivebutmoretractablemodels.webelievethat morepragmaticconsiderationsrelatedtotoolperformance. bettertohaverstageneralmodelwhichdescribesthephenomenoninquestionin Inotherwords,itis vericationcomplexity.ourstrategyisthustousethefulltamodelandseewhat afaithfulmannerandonlylatertodevisevarioustechniquesinordertoovercome isthelargestchunkofcircuitrythatcanbewhollyanalyzedusingtatechnology, beforeresortingtoabstractionandapproximationtechniques. 3 ModelingandVericationofAsynchronousCircuits WehaveappliedOpenKronostoseveralbenchmarkexamplesofasynchronouscircuitstakenfrom[PCKP00].Theintendedbehaviorsofthesecircuitswerespecied usingsignaltransitiongraphs(stgs),whichareakindofpetrinetlabeledbyevents correspondingtorisingandfallingofsignals.anstgrepresentsa\protocol"of interactionbetweenacomponentanditsenvironment. thecircuithalfwhichrealizesahalfhandshakebetweentwoadjacentstagesina Asanexample,consider andao.thebehaviorisspeciedbythestgoffigure5-(b).thisspecication pipeline. ThecircuithastwoinputsignalsRiandAiandtwooutputsignalsRo denesonlyapartial-orderamongeventsandisindierent,forexample,totheorder Figure5-(c)whichacceptsallthelinearizationsofthepartial-order.Itisassumed betweenao+andai+.themarkinggraphofthisspecicationistheautomatonof up).wewanttoverifywhetherthecircuitimplementationbehavesproperly,that thattheenvironmentrespectsthespecication(e.g.aiwillnotrisebeforerogoes is,theaoandroeventstakeplacewhentheyareallowedbythestg. thestgswherefedintothesynthesistoolpetrify[ckk+97]whichproducesspeed- Thecircuitsrealizingthespecicationsweresynthesizedasfollows. Initially independentcircuitsusinggateswitharbitraryfan-in.whilesuchcircuitsarespeed- independentbyconstruction(andhencedonotneedverication)theirrealizations, usinggatestakenfromastandardcelllibrary,isnot. specicationisdepictedinfigure5-(d)andithasveinternalvariablesinaddition Thecircuitforthehalf toinputsandoutputs.thegatedelaysareassumedtobeintheinterval[27;33]. eledasaproductoftimedautomatawithaclockforeachgate{inthiscase7clocks. Accordingtotheprinciplesdescribedintheprevioussectionthecircuitismod- Thistimedautomatondescriptionisgeneratedautomaticallyfromthecircuits.The 6

Ri Ao Ro Ai INPUTS: Ai,Ri OUTPUTS: Ao,Ro Ro+ Ao+ Ai+ Ri- Ro- Ao- Ri+ Ai- (a) (b) 0 1 Ro+ 2 Ao+ 3 Ai+ 4 Ri- 5 Ai+ Ao+ 6 Ai+ Ri- 7 Ro- 8 Ro- Ri- 9 Ai- 10 Ao- 11 Ai- Ri- 12 Ri+ 13 Ai- Ao- Ai- Ri+ Ai Ro Ao Ri 3 1 4 5 2 (c) (d) Figure5:Thehalfcircuit:(a)Theblockdiagram. (b)thestgspecication circuit.theboxesarepntransitionslabeledbyrisingandfallingofsignals.all thepnplaces,exceptthosewithtokensattheinitialcongurations,areomitted. (c)theequivalentautomatonforthespecication.(d)thesynthesizedcircuit. 7

STGspecicationistranslatedautomaticallyintoanuntimedautomatonisomorphictothemarkinggraph,witherrortransitionsaddedforeveryoutputeventand state3intheautomatonoffigure5-(c)). astateinwhichitisnotenabled(e.g.eventr0-inducesanerrortransitionfrom inter-arrivaltimesoftheinputeventsaremodeledusinganadditionalautomaton Additionaltimingconstraintsonthe andaclockforeachinputsignal. behaviorsofthecircuitcontainsabehaviornotincludedinthesemanticsofthestg. Thevericationproblemthatweposeiswhetherthesetofallthetime-constrained Technicallythisquestionisequivalenttowhetheranerrortransitionisreachable inthecompositionofalltheabovementionedautomata.forthehalfcircuit,ifwe assumenotimingrestrictionsontheinputs,wendthefollowingerrortrace: Ro-Ai-272-1-27Ao-Ri+Ro+Ai+2+27Ro- 27Ro+Ai+273-2+Ao+Ri-273+274+ risingofai.thenaftermore27timetheoutputofgate3fallsandthatofgate2 Inthistrace,Rogoesupafter27timeunitsandthisisfollowedimmediatelyby rises,andsoon,untilnallyro-occursbeforebeingenabledbya0+.ontheother sometimein[900;1111],thecircuitisprovedcorrect(similarresultsunderthislast hand,ifweassumethattheanytwochangesofaninputvariableareseparatedby assumptionwereobtainedin[pckp00]). 4 ExperimentalResults Wehaveappliedtheproceduredescribedaboveto21asynchronouscircuitswhose withnvariableshasnclocksandupto2ndiscretestates(notallwhichmightbe sizesrangebetween6to24gates.atimedautomatoncorrespondingtoacircuit reachable).theanalysisisperformedontheproductofthistawiththeautomata forthestgspecicationandtheautomatathatmodelthetime-constrainedinputs tocomputethe\simulationgraph"(see[y98])whosestatesarepairsoftheform (OpenKronosgeneratestheproduct\on-the-y").Foreachcircuitwehavetried Dependingonthetemporalcomplexityoftheautomaton,thesizeofthisgraphmight (q;f)whereqisadiscretestateandfisapolyhedralsubsetoftheclockspace. besignicantlylargerthanthenumberofdiscretestates.computingthesimulation graphamountstocomputingallthereachablestatesoftheta,andthiscomputation isneededtoprovethatthecircuitiscorrect.forincorrectcircuitsbugscanusually befoundmuchbeforethecompletionofthiscomputation.astable1shows,wewere 6,wewereabletocomputearound500000symbolicstatesinabout10minutes abletoperformthisexhaustiveanalysisto15circuitsoutof21.fortheremaining withtheavailablememory(alltheresultswereobtainedonasunultrasparc10 with2gbofmemory).amongthesewefound,nevertheless,bugsintwo,namely analysisalgorithmfortimedautomata,unliketheapproachof[pckp00],which tsend-bmandmr1. Theseresultswereobtainedusingthestandardreachability untimedanalysisisapplied. inspiredourwork,whereaspecialheuristicwhichalternatesbetweentimedand asynchronouscircuitsisasourceofoptimismconcerningthefutureapplicability TheabilityofOpenKronostotreatsuchnon-trivial 8

no. 1 name allocoutbound gates 11 states 313 transitions 366 time(sec) 0.09 correct 2 chu133 2580 3390 0.63 3 converta 12 891 1129 4 d 6 753 1160 0.19 N 56 ebergen half 97 1990 661 3041 846 0.14 0.41 7 mpforwardpkt 807 1076 0.24 89 nowick rcvsetup 10 6 1213 208 1469 245 0.22 0.05 10 rpdft 8 10934 13554 2.93 11 sbuframwrite 17 50510 83313 31.77 12 13 sbufreadctl sbufsendctl 10 1741 451 2300 572 0.13 0.49 14 sbufsendpkt2 13 115 138 0.07 15 vme 12 2209 2519 0.39 16 mr1 16 490938 638558 607.43 Y 17 18 tsendbm mmu 12 22 503406 475228 765214 710353 589.56 595.09 N 19 mr0 20 545022 662768 593.24 20 ramreadsbuf 17 647890 911249 678.48 Table1:Theperformanceresultsforthebenchmarkasynchronouscircuits. 21 trimossend 24 516149 693547 580.33? numberofstatesandtransitionarethoseofthesimulationgraphandthetime The gurescorrespondtothedurationofcomputingthisgraph. oftaanalysistotimingverication. achievedwithoutanyheuristic,muchlargercircuitscouldbeveriedbycombining Webelievethatiftheseresultscouldbe thevericationengineofopenkronoswithgeneralandcircuit-specicabstraction andapproximationtechniques[b96,aiky95,wd94,takb96,zm00],combination ordermethods[bm98]andothertechniquesreportedintheliterature. oftimedanduntimedverication[pckp00],relativetiming[sgr99,kb99],partial- Acknowledgment: uswiththebenchmarksandformanyrelateddiscussions. WethankJordiCortadellaandMarcoPenaforproviding KishinevskiandLucianoLavagnoansweredvariousquestionsconcerningasynchronous KenStevens,Mike circuits. References [A99] R.Alur,TimedAutomata,Proc.CAV'99LNCS1633,8-22,Springer, [AD94] 1999. R.AlurandD.L.Dill,ATheoryofTimedAutomata,TheoreticalComputerScience126,183{235,1994. 9

[AIKY95] SuccessiveApproximation,InformationandComputation118,142-157, R.Alur,A.Itai,R.P.KurshanandM.Yanakakis,TimingVericationby [AMP98] 1995. E.Asarin,O.MalerandA.Pnueli,OntheDiscretizationofDelaysin TimedAutomataandDigitalCircuits,inR.deSimoneandD.Sangiorgi [B96] F.Balarin,ApproximateReachabilityAnalysisofTimedAutomata, (Eds),Proc.Concur'98,LNCS1466,470-484,Springer,1998. [BD91] Proc.RTSS'96,52-61,IEEE,1996. B.BerthomieuandM.Diaz,ModelingandVericationofTimeDependentSystemsusingTimePetriNets,IEEETrans.onSoftwareEngineering17,259-273,1991. [BM98] W.BelluominiandC.J.Myers,VericationofTimedSystemsUsing POSETs,inA.J.HuandM.Y.Vardi(Eds.),Proc.CAV'98,403-415, [BDM+98] M.Bozga,C.Daws,O.Maler,A.Olivero,S.Tripakis,andS.Yovine, LNCS1427,Springer,1997. LNCS1427,Springer,1998. Kronos:aModel-CheckingToolforReal-TimeSystems,Proc.CAV'98, [BMPY97] M.Bozga,O.Maler,A.Pnueli,S.Yovine,SomeProgressintheSymbolicVericationofTimedAutomata,inO.Grumberg(Ed.)Proc. [BMT99] CAV'97,179-190,LNCS1254,Springer,1997. AutomatausingDenseandDiscreteTimeSemantics,inL.Pierreand M.Bozga,O.MalerandS.Tripakis,EcientVericationofTimed 1999. T.Kropf(Eds.),Proc.CHARME'99,125-141,LNCS1703,Springer, [BS94] 1994. J.A.BrzozowskiandC-J.H.Seger,AsynchronousCircuits,Springer, [CKK+97] J. A.Yakovlev,Petrify:atoolformanipulatingconcurrentspecications Cortadella, M. Kishinevsky, Kondratyev, L. Lavagno and andsynthesisofasynchronouscontrollers,ieicetransactionsoninformationandsystems,vol.e80-d,no.3,march1997,pages315-325. [CKK+98] J.Cortadella,M.Kishinevsky,A.Kondratyev,L.Lavagno,A.Taubin timizationofasynchronouscircuits,inproc.iccad'98,324-331,1998. anda.yakovlev,lazytransitionsystems:applicationtotimingop- [D89] D.L.Dill,TimingAssumptionsandVericationofFinite-StateConcurrentSystems,inJ.Sifakis(Ed.),AutomaticVericationMethodsfor [DOTY96] FiniteStateSystems,LNCS407,197-212,Springer,1989. "HybridSystemsIII,VericationandControl",LNCS1066,Springer, C.Daws,A.Olivero,S.Tripakis,andS.Yovine,ThetoolKronos,in 1996. 10

[HB95] H.HulgaardandS.M.Burns,EcientTimingAnalysisofaClassof [KB99] H.KimandP.A.Beerel,RelativeTimingBasedVericationofTimed PetriNets,Proc.CAV'95,1995. [KKTV93] CircuitsandSystems,Proc.IWLS'99,June1999. M.Kishinevsky,A.Kondratyev,A.TaubinandV.Varshavsky,ConcurrentHardware:TheTheoryandPracticeofSelf-TimedDesign,Wiley, [LPY97] 1993. K.G.Larsen,P.PetterssonandW.Yi,UPPAALinaNutshell,Software [L89] H.R. ToolsforTechnologyTransfer1/2,1997. BoundedTemporalUncertainty,TR15-89,HarvardUniversity,1989. Lewis, Finite-state Analysis of Asynchronous Circuits with [MP95] O.MalerandA.Pnueli,TimingAnalysisofAsynchronousCircuits CHARME'95,LNCS987,189-205,Springer,1995. usingtimedautomata,inp.e.camurati,h.eveking(eds.),proc. [MY96] O.MalerandS.Yovine,HardwareTimingVericationusingKRONOS, InProc.7thIsraeliConferenceonComputerSystemsandSoftwareEngineering,Herzliya,Israel,June1996. [PCKP00] M.A.Pena,J.Cortadella,A.KondratyevandE.Pastor,FormalVericationofSafetyPropertiesinTimedCircuits,Proc.Async'00,2-11, IEEEPress,2000. [RM94] T.G.RokickiandC.J.Myers,AutomaticVericationofTimedCircuits, [SY95] A.SemenovandA.Yakovlev,VericationofAsynchronousCircuits Proc.CAV'94,June,1994. [SGR99] basedontimedpetrinetunfolding,proc.tau'95,199-210,1995. Async'99,1999. K.S.Stevens, R.Ginosar, ands.rotem, RelativeTiming, Proc. [TAKB96] tionsoftimedsystems,inproc.concur'96,546-562,springer,1996. S.TasiranR.Alur,R.P.KurshanandR.Brayton,VerifyingAbstrac- [TB97] tionalandhierarchicaltimingverication,ino.grumberg(ed.)proc. S.TasiranandR.K.Brayton, STARI:ACaseStudyinComposi- [TKB97] S.Tasiran,Y.KukimotoandR.K.Brayton,ComputingDelaywith CAV'97,191-201,LNCS1254,Springer,1997. [TKY+98] CouplingusingTimedAutomata,Proc.TAU'97,1997. S.Tasiran,S.P.Khatri,S.Yovine,R.K.BraytonandA.SangiovannitationofCircuitDelayinthePresenceofCross-Talk,FMCAD'98,1998. Vincentelli,ATimedAutomaton-BasedMethodforAccurateCompu- 11

[WD94] [U69] H.Wong-ToiandD.L.Dill,ApproximationsforVerifyingTimingProperties,inT.RusandC.Rattray(Eds.),TheoriesandExperiencesfor S.H.Unger,AsynchronousSequentialSwitchingCircuits,Wiley,1969. [YR99] T.YonedaandH.Ryu,TimedTraceTheoreticVericationusingPartial Real-TimeSystemDevelopment,WorldScienticPublishing,1994. [Y98] S.Yovine, OrderReduction,Proc.Async'99,108-121,1999. F.Vaandrager(Eds.),LecturesonEmbeddedSystems,LNCS1494, Model-checkingtimedautomata, ing.rozenbergand [ZM00] Springer,1998. H.ZhengandC.J.Myers,AutomaticAbstractionforSynthesisandVericationofDeterministicTimedSystems,Proc.TAU'2000,December, 2000. 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information