Temporal constraint reasoning in microprocessor systems diagnosis. by Yuen, Siu Ming. & Chinese University of Hong Kong Graduate School. Division of Systems Engineering and Engineering Management.
Temporal Constraint Reasoning in 
Microprocessor Systems Diagnosis 
B Y 
YUEN SIU MING 
A THESIS 
SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS 
FOR THE DEGREE OF MASTER OF PHILOSOPHY 
DIVISION OF SYSTEMS ENGINEERING & ENGINEERING MANAGEMENT 
THE CHINESE UNIVERSITY OF HONG KONQ . • 







• ‘ / ‘ 
统系馆書蘭 
M11腦而)|| 
\$八 UNIVERSITY 揭jj 
LIBRARY SY3Tavl/>^ -^ / 
V 、 f ^ • .,；••• 
吻::卜;)少. 
Acknowledgement 
First and foremost, I thank m y supervisor Dr. K. P. Lam for his guidance and support 
in this research project. In particular, for his encouragement when I ran into emotional 
frustration. Indeed, I appreciate that very much. I also thank m y family for their support 
in all possible ways through these years. Finally, I thank all those who have been giving 
m e advices and keep standing behind me. That's what friends are for. Without all these 
people, this thesis would not be made possible. 
11 
Abstract 
In microprocessor system diagnosis, the temporal reasoning of a sequence of causally-
related events which occur at imprecisely known time instants is an important issue. 
Time and temporal relations are important knowledge elements in the diagnostic pro-
cess. In order to perform effective temporal reasoning for systems diagnosis, a knowledge 
representation scheme with a well-defined time structure and temporal reasoning tech-
niques becomes necessary. The concept of time range and the reasoning mechanisms for 
constraint propagation and satisfaction were proposed as such a scheme. This scheme 
captures the notion of time imprecision in event occurrence and performs timing anal-
ysis for microprocessor systems. Unfortunately, this scheme has a shortcoming. The 
possibility measures implicitly embedded within time ranges are not quantified. Hence, 
another representation scheme, the fuzzy time point model, was proposed to resolve that 
shortcoming. This latter scheme not only has the same reasoning capabilities of the for-
mer one, but it also constructs a possibility model for each time range quantity. This 
extension enhances the diagnostic and deductive capability of the existing time range 
constraint models for temporal reasoning. In many problem domains which require tem-
poral reasoning, the two primitive reasoning mechanisms mentioned above would be 
sufficient to perform effective temporal constraint reasoning. In the domain of micropro-
cessor systems, however, this is not the case. Hence, a supplemental mechanism which 
' • • • 
111 
ensures temporal constraint compatibility was proposed to further enhance the tempo-
ral constraint reasoning capability for diagnosis. A deep-level modeled knowledge-based 
diagnostic system, which adopts the proposed representation schemes, was developed. 
It consists of two sets of rules, the reasoning control rules and the component specifica-
tion rules. The reasoning control rules form a domain independent temporal reasoning 
toolbox, whereas the component specification rules encode the functional specification 
of different system components. This kind of system structure provides the flexibility in 
verifying different system configurations with different components. Besides, the system 




1 Introduction 1 
2 Background 4 
2.1 Approaches in Formal Hardware Verification 4 
2.1.1 Theorem Proving 5 
2.1.2 Symbolic Simulation 5 
2.1.3 Model Checking 6 
2.2 Temporal Theories 7 
2.3 Related Works 8 
2.3.1 Consistency and Satisfiability of Timing Specifications 8 
2.3.2 Symbolic Constraint Satisfaction . . 9 
3 Problem Domain 11 
3.1 Basics of MC68000 Read Cycle 11 
4 Knowledge-based System Structure 13 
4.1 Diagnostic Reasoning Mechanisms 14 
4.2 Occurring Event Sequence 16 
4.3 Equivalent Goals 17 
V 
4.4 C P U Databus Setup Time 17 
4.5 Assertion of C P U A ? Signal 19 
5 Time Range Approach 21 
5.1 Time Range Representation 21 
5.2 Time Ranges Reasoning Techniques 22 
5.2.1 Constraint Satisfaction of Time Ranges 22 
5.2.2 Constraint Propagation of Time Ranges 25 
5.3 Worst-Case Timing Analysis 28 
5.4 System Implementation 29 
5.4.1 C P U Databus Setup Time 30 
5.4.2 Assertion of C P U AS Signal 36 
5.5 Implementation Results 40 
5.5.1 C P U Databus Setup Time 40 
5.5.2 Assertion of C P U AS Signal 40 
5.6 Conclusion 41 
6 Fuzzy Time Point Approach 43 
6.1 Fuzzy Time Point Models 44 
6.1.1 Concept of Fuzzy Numbers 44 
6.1.2 Definition of Fuzzy Time Points 45 
6.1.3 Semi-bounded Fuzzy Time Points 47 
6.2 Fuzzy Time Point Reasoning Techniques 48 
6.2.1 Constraint Propagation of Fuzzy Time Points 50 
6.2.2 Constraint Satisfaction of Fuzzy Time Points 52 
6.3 System Implementation 55 
ix 
6.3.1 Representation of Fuzzy Time Point 55 
6.3.2 Fuzzy Time Point Satisfaction 56 
6.3.3 Fuzzy Time Point Propagation 58 
6.4 Implementation Results 64 
6.4.1 C P U Databus Setup Time 64 
6.4.2 Assertion of C P U AS Signal 65 
6.5 Fuzzy Time Point Model Parameters 66 
6.5.1 Variation of Semi-bounded ftps' Membership Function 66 
6.5.2 Variation of fiftp 67 
6.5.3 Variation of K 69 -
6.6 Conclusion 69 
7 Constraint Compatibility Reasoning 72 
7.1 Abstract Timing Parameters 73 
7.2 MC68000 Read Cycle: Wait States Insertion 75 
7.3 Constraint Compatibility of Fuzzy Time Point 75 
7.3.1 Crisp Threshold Value 77 
7.3.2 Possibility Quantification for the Number of Wait States 78 
7.3.3 Threshold Beyond Fuzzy Time Point 80 
7.3.4 Fuzzy Time Point Beyond Threshold 80 
7.3.5 Threshold Within Fuzzy Time Point 82 
7.4 Determine W h e n C P U Clock State is S5 83 
7.5 System Implementation 84 
7.5.1 Expert's Heuristic Rule 84 
7.5.2 Constraint Compatibility 85 
Vll 
7.5.3 Wait States Insertion 87 
7.6 Implementation Results 91 
7.7 Conclusion 93 
8 Conclusion 95 
8.1 Applications in Other Domains 97 
8.2 Future Directions and Recommendations 98 
A Constraint Compatibility Reasoning Output 99 
A.l No Wait Cycle Insertion 99 
A.2 Single Wait Cycle Insertion 100 
A.3 Two Wait Cycle Insertions 100 
B MC68020 Read Cycle Problem 101 
B.l Basics of MC68020 Read Cycle 101 
B.2 MC68020 Databus Setup Time 102 




List of Figures 
3.1 A Simplified MC68000 Read-cycle Timing Diagram 12 
4.1 Knowledge-based System Architecture 14 
4.2 Diagnostic Reasoning Tree 15 
4.3 Determination of C P U Databus Setup Time 18 
4.4 Determination of C P U AS Assertion Time 20 
5.1 Time Range Representation 21 
5.2 Constraint Satisfaction of Time Ranges 24 
5.3 Constraint Propagation of Time Ranges 26 
5.4 An Example Expert's Heuristic Rule: cpu-1 30 
5.5 The CLIPS Coding of cpu-1 31 
5.6 An Example Timing Specification Rule: cpu-5 32 
5.7 The CLIPS Coding of cpu-5 33 
5.8 The Time Range Constraint Propagation Rule: time-5 33 
5.9 The CLIPS Coding of time-5 34 
5.10 The Equivalent Goals Rule: time-2 35 
I 5.11 The CLIPS Coding of time-2 35 
5.12 An Example Expert's Heuristic Rule: cpu-2 . 36 
ix 
5.13 The CLIPS Coding of cpu-2 37 
5.14 The Time Range Constraint Satisfaction Rule: time-6 37 
5.15 The CLIPS Coding of time-6 38 
5.16 The C o m m o n Reference Rule: time-7 38 
5.17 The CLIPS Coding of time-7 39 
6.1 Definition of a Fuzzy Number 45 
6.2 Definition of the Timing Parameter tcyc 46 
6.3 Trapezoidal Pl-type Membership Function 46 
6.4 The Three Fundamental Membership Functions 47 
6.5 Trapezoidal S-type Membership Function 48 
6.6 Event Causal Paths 49 
6.7 Fuzzy Time Point Propagation 52 
6.8 Ideal Fuzzy Time Point Satisfaction 54 
6.9 Actual Fuzzy Time Point Satisfaction 54 
6.10 Conjunctive Fuzzy Time Point Constraints 57 
6.11 Result of Fuzzy Time Point Satisfaction 57 
6.12 The ftp Satisfaction Rule: time-6 59 
6.13 The CLIPS Coding of time-6 59 
6.14 Fuzzy Time Point Propagation of tCLAV and tAA 61 
6.15 Fuzzy Time Point Propagation of tCLAV, tAA and tDICL 61 
6.16 The ftp Propagation Rule: time-5 62 
6.17 The CLIPS Coding of time-5 63 
6.18 Variation of Membership Function for Semi-bounded ftp 67 
6.19 Variation of Membership Function in PI-PI-PI Cases . 68 
6.20 Variation of Membership Function in PI-PI-S Cases 68 
X 
6.21 Variation of K in PI-PI-PI Cases 70 
6.22 Variation of K in PI-PI-S Cases 70 
7.1 MC68000 Read Cycle with Wait States Insertion 76 
7.2 Three Possible Cases in Constraint Compatibility 77 
7.3 Division of a Fuzzy Time Point 79 
7.4 Fuzzy Time Point Beyond Threshold 81 
7.5 Threshold Within Fuzzy Time Point 82 
7.6 Determine W h e n C P U Clock State is S5 84 
7.7 An Example Expert's Heuristic Rule: mc68000-9 85 
7.8 The CLIPS Coding of mc68000-9 86 
7.9 The Constraint Compatibility Rule: time-8 86 
7.10 The CLIPS Coding of time-8 87 
7.11 The Constraint Compatibility Rule: time-9 88 
7.12 The CLIPS Coding of time-9 88 
7.13 The CLIPS Coding of get-number-of-wc 89 
7.14 The Wait States Insertion Rule: accum-ws-la 90 
7.15 The CLIPS Coding of accum-ws-la 90 
7.16 Wait States Insertion Example 92 




In recent years, formal hardware verification has attracted considerable interest due to 
the need for correct designs in safety-critical applications and the major cost associated 
with products manufactured with defects. With formal verification of functional correct-
ness, the implementation of a hardware design can be proven to satisfy its functional 
specification. Complex microprocessor systems often consist of a large number of com-
ponents and a large set of functional specification constraints. With the consideration 
of the global compatibility among interconnected components, diagnosis of such systems 
becomes a burden. Presently, conventional simulation is the principal tool used to detect 
functional design errors at an early stage of the design process [56]. However, as the 
complexity of the designs increase, a smaller percentage of the possible behaviours of 
the designs will be simulated. Simulation may then leave many errors undetected. Be-
sides, the capability of explanation about the causes of functional faults is often missing. 
Hence, a diagnostic system with explanatory capability is desired for the design process. 
In model-based reasoning [15, 16, 21], particularly in the domain of fault diagnosis [17, 
48] and digital design verification [20], the importance of deep-level models has received 
1 
Chapter 1 Introduction 
much attention. Most of the relevant reported works, however, consider fairly simple 
devices or logic circuits. More practical and complex devices, such as microprocessors 
and various interface peripherals, are rarely discussed. This is probably due to the lack of 
causal models and proper understanding of their functional behaviors. The construction 
of a deep-level model for microprocessor system designs requires a critical look at some 
of the fundamental issues concerning knowledge representation in the domain [32, 33]. 
In the domain of microprocessor systems diagnosis, the temporal reasoning of a se-
quence of causally-related events which occur at imprecisely known time instants is an 
important issue. Time and temporal relations are important knowledge elements. Signals 
within a microprocessor system change over time and these changes must satisfy certain 
temporal constraints in order to meet the functional specification of the system. These 
temporal constraints are inexact. They are only specified as time range minimums and 
maximums relative to different reference time points. 
In order to perform effective temporal reasoning for microprocessor systems, a frame-
work with a well-defined time structure and knowledge representation scheme of temporal 
reasoning techniques becomes necessary. Two time representations and a set of temporal 
reasoning mechanisms are proposed and developed to perform timing analysis for micro-
processor systems and quantify the possibility measures embedded within time ranges. 
After the development of the two representation schemes, it is realized that a supple-
mental constraint reasoning mechanism is necessary to achieve effective reasoning in the 
domain of microprocessor systems. 
In the following chapters, we will first look into some background theories and related 
works, and briefly examine our problem domain. Then we will look into the structure of 
our knowledge-based system and some issues related to the reasoning mechanism. After 
the discussion of the system structure, we will proceed to a detailed discussion in the 
2 
Chapter 1 Introduction 
knowledge representation schemes of the two proposed time structures and the temporal 
reasoning techniques, as well as the supplemental reasoning mechanism. To conclude the 
reported works, we will look into some other possible domains in which the developed 




2.1 Approaches in Formal Hardware Verification 
Conventional simulation is often used as the principle tool for design verification. Un-
fortunately, due to the vast set of possible behaviours, it is very common that a final 
design may take several months of C P U time to perform the simulation [39]. Despite of 
the prolong period of verification, simulation is still incapable to achieve an exhaustive 
verification. As the VLSI technology progresses, system designs become more complex. 
Even a basic system component may have enormous possible combinations of input [7 . 
Moreover, through the introduction of aggressive pipelining and concurrently-operating 
subsystems, it becomes even more difficult to anticipate the large number of subtle in-
teractions between logically unrelated system activities [49]. This makes exhaustive sim-
ulation infeasible. With serious design errors possibly remain undetected, simulation is 
inefficient and unreliable. In this section, we will look into the three main approaches in 
formal hardware verification: theorem proving, symbolic simulation, and model checking. 
- 4 
Chapter 2 Background 
2.1.1 Theorem Proving 
Theorem proving is one of the main and earliest approaches in formal hardware verifi-
cation [24, 25, 38]. In terms of formal logic, verification result is obtained by proving if 
the implementation and the specification are suitably related. Many successful theorem-
provers have been built. The Boyer-Moore Theorem Prover [5] was used to generate 
a multi-level proof of correctness for a complete computer system including both hard-
ware and software levels [4]. The H O L System [24] was used to verify aspects of the 
commercially-available Viper microprocessor designed by the British Ministry of Defense 
for safety-critical applications [14]. This approach has the strength of being capable to 
describe and relate circuit behaviours at many different levels of abstraction. The capa-
bilities of reasoning at different algebraic levels and relating behaviours between different 
levels allow a designer to convert his informal intuitive specification into a formal low-
level specification. Unfortunately, theorem-proving based verification requires the user 
a large amount of effort in developing specifications of each component and in guiding 
the theorem prover through all the lemmas. Also, in order to make the proofs tractable, 
most attempts in using this approach have been forced to use highly simplified circuit 
models. All these make the verification of complex systems, such as microprocessor sys-
tems, very difficult and tedious, which in turns increase the difficulty in tracing proofs of 
such designs. 
2.1.2 Symbolic Simulation 
Symbolic simulation, which uses symbols rather than actual values for simulation, is 
an offspring of conventional simulation [3, 8, 10]. It uses a hardware behaviour model 
and a simulation engine to derive the behaviour of a design with some given inputs. 
5 
Chapter 2 Background 
With this approach, the response to the entire classes of values can be obtained with 
only one simulation run. Symbolic simulation was first proposed in 1970,s [10]. Later 
when sufficiently efficient symbolic manipulation methods were developed, the symbolic 
approach became capable to perform exhaustive simulation [6]. However, simply passing 
an exhaustive simulation does not prove the correctness of a design. All the possible 
inputs as well as the possible initial states should be considered in order to prove the 
correctness. Bryant and Seger [8] developed a symbolic simulator based verifier which 
handled this case. That verifier worked well for circuits that are normally viewed as 
state transformation systems, such as memories and processors. Symbolic simulation 
has the strength that it does not require a hierarchy of behavioural specifications to 
be formulated to match the structural hierarchy of the design. This makes the same 
specification and verification program reusable for different implementations. Also, the 
simulator computes all the details of the circuit behaviours. Unfortunately, this approach 
is infeasible for larger circuits due to the limitation of the symbol manipulation methods. 
Moreover, the semantic gap between the designer's informal intuitive specification and 
the specification used in symbolic simulation is often very large. Thus, the designer might 
use an incorrect assumption in deriving the specification as well as designing the circuit. 
2.1.3 Model Checking 
Unlike theorem-proving, model checking takes the behavioural rather than structural 
view of the verification process. With this approach, only the behaviour of some systems 
is verified to satisfy some properties. In general, model checking is an algorithm that can 
be used to determine the validity of formulas written in some temporal logic with respect 
to a behaviour model of a system. As the dynamic behaviour of a hardware system is 
usually very difficult to design and verify, temporal logics is a very precise and convenient 
6 
Chapter 2 Background 
formalism for expressing desired properties of a system. The main strength of temporal 
logics is that the decision procedure is completely automated. A n user can simply interact 
with the model checker to verify the dynamic behaviour of a design with respect to the 
corresponding specification. Due to the nature of the domain of microprocessor systems, 
we have adopted this approach to develop a knowledge-based diagnostic tool based on a 
deep level model for our problem. Although it might be more labour intensive to develop 
such a tool, that approach has several advantages. First, a deep level model has the 
capability to handle all the possible input designs. As microprocessor system designs 
are simply descriptions of the interconnections of system components, and the limited 
components available in the industry are commonly used, the knowledge-based modules 
become applicable to many different designs. Second, the use of this approach can lead to 
a clear and well defined description of the dynamic behaviour of a system. This provides 
a better explanation of any design fault to support the users on design modification. 
2.2 Temporal Theories 
In the domain of microprocessor systems diagnosis, the representation of temporal in-
formation is a very important issue. As temporal values are essential in the process of 
diagnostic reasoning for such systems, a general time point representation is desired for 
the determination of event occurrence as well as temporal constraint violation. Various 
representation schemes have been proposed for temporal values and concepts. The two 
major classes of formalism are called the McDermott formalism and the Allen formal-
ism [50, 51]. In McDermott formalism [37], the primitive temporal objects are the time 
points. A time interval is represented by the two end points of the interval. The building 
‘ 7 
Chapter 2 Background 
blocks of the temporal concepts are divided into facts and events types. In Allen formal-
ism [1], the primitive temporal objects are the intervals. Allen classified the temporal 
elements into properties that hold true over a time interval, events that occur over a time 
interval, and processes that are occurring over a time interval. According to Shoham [50 
and M a [35], however, there are weaknesses in both of these formalism. To overcome 
these weaknesses, Shoham proposed a compromised logical representation that requires 
the primitive time elements to be time points. This proposed scheme bears a strong 
resemblance to McDermott's representation, as time point is more concise and intuitive 
than intervals. 
For microprocessor systems diagnosis, we have chosen Shoham's scheme as the basis 
of the temporal representation framework. The time point in that scheme is further 
expanded to incorporate a time range and a fuzzy time point representation, respectively, 
for imprecise event occurrence. This temporal framework is domain independent and may 
be applied to other domains dealing with temporal concepts. 
2.3 Related Works 
Although there has not been much reported work related to microprocessor systems 
diagnosis, researchers are getting increasing interest in this domain. In this section, we 
will look into some of the related works in this area. 
2.3.1 Consistency and Satisfiability of Timing Specifications 
Brzozowski et al. have developed a microprocessor systems diagnostic tool with a nu-
merical approach [9]. The numerical model is based on the waveform timing specification 
‘ 8 
Chapter 2 Background 
of the system components. It verifies that the timing information contained in a wave-
form is consistent, and that the produced timings of one component satisfy the required 
timings of another component. A numerical model based on the timing information con-
veyed by the waveform convention has been constructed. All the timing specification 
are converted into linear inequalities. The consistency and satisfiability are formulated 
as linear programming problems in terms of the constraints represented by these in-
equalities. Unfortunately, optimization using the simplex algorithm, as pointed out by 
Brzozowski, has an exponential worst-case complexity. Due to the restricted nature of 
the problem domain, instead of using the general-purpose polynominally bounded linear 
programming algorithms, Brzozowski suggested a method for much faster optimizations. 
He made an analogy between the domain problem and the shortest path problem. The 
timing constraints are mapped into the distances between cities. Hence, various conve-
nient methods for computing shortest paths can be adopted for the problem of design 
verification. However, these methods are only applicable to the waveform specifications 
that can be formulated as conjunction of linear inequalities, which is not the cases when 
the timing of an output event depends on several inputs. For example, consider the 
MC68000 CPU-memory read cycle. The timing of valid output data depends on both 
the address and the output-enable signals and cannot be formulated solely as a conjunc-
tion of inequalities. This severely restricts the scope of applications. On the top of that, 
the explanatory capability is also missing, which would otherwise be obtainable by other 
approaches. 
2.3.2 Symbolic Constraint Satisfaction 
Another related work is V. Li's development of an intelligent tutoring system for micro-
processor systems design [34]. The system adopted the approach of symbolic constraint 
9 
Chapter 2 Background 
satisfaction and was implemented in Prolog. During the verification of a design, the 
system determines if any timing constraint imposed by the system component specifica-
tions is violated. Li proposed a set of knowledge representation frameworks to represent 
the domain knowledge. In particular, a general temporal representation scheme was de-
veloped to facilitate temporal concept deductions and explanation capabilities vital in 
an intelligent tutoring system. The proposed scheme is capable to capture the notion 
of microprocessor system events as well as to construct an explanation of the temporal 
relations. However, the system only determines if constraint violation exists. The occur-
rence time of a particular event is not explicitly derived. Moreover, the handling of the 
uncertainty information regarding to the microprocessor system event occurrence time 
is not covered. Most important, the temporal reasoning mechanisms provided in Li's 
scheme did not consider an important issue in the domain: constraint compatibility. 
In our present work, we have developed the temporal constraint reasoning mechanisms 
for the domain based on Li's time range representation to perform worst case timing 
analysis for microprocessor systems. In addition, we extended the time range into the 
fuzzy time point in order to quantify the temporal uncertainty information in our domain, 
and developed a reasoning mechanism to handle the constraint compatibility problem. 
With the knowledge-based approach, our system works well with both the read and write 
cycles of a microprocessor, and provides a detailed description in the reasoning process. 




Our problem domain is chosen as the MC68000 CPU-memory interface problem. This 
problem is chosen because the communications or interactions between the microproces-
sor and the memory of a microprocessor system are extremely practical and frequently 
demanded. To simplify our knowledge base, our interest will be focused on the MC68000 
read cycle. It is desired to determine if any timing constraints of the C P U , the R A M s , 
or any other logical devices have been violated in a microprocessor system configuration. 
As the research interest is concentrated on the temporal reasoning process in the de-
termination of any timing constraint violation, the immediate interest is reduced to the 
subgoal "Will there be a successful read from the random-access memory?" 
3.1 Basics of MC68000 Read Cycle 
Assume that a R A M which is fast enough to avoid the insertion of wait states is being 
used. A basic MC68000 read cycle [12, 41] is typically executed in four clock cycles, 
defined by the eight clock states SQ, S i , S 7 as in Figure 3.1. The cycle period of the 
‘ 11 
Chapter 3 Problem Domain 
CLK SO SI S2 S3 S4 S5 S6 S7 
2.5 * tCYC 
q * tCHSL 
^ \ 「 
�s \ / 
^ * tDELAY 
\ / 
CS/OE \ j 
tACS tDICL 
= OO! 
Figure 3.1: A Simplified MC68000 Read-cycle Timing Diagram 
system clock is tcyc. The system clock is used to provide a precise timing reference for 
many causal events scheduled to happen. 
During a read cycle, the MC68000 microprocessor first initiates a sequence of event 
changes in some of its output signal lines. These output signals activate the R A M chips, 
which are connected to the microprocessor, to output valid data and a feedback signal 
to the MC68000. Acknowledged by this feedback signal, the MC68000 goes through 
another sequence of event changes to read-in the valid data from the R A M and complete 
the read cycle. With the timing parameters of the MC68000, the R A M , and the other 
logical devices, various constraints are put on the occurrence of most events in a read 
cycle. Hence, an intrinsic problem of time imprecision in temporal reasoning is created. 
12 
Chapter 4 
Knowledge-based System Structure 
Our knowledge-based diagnostic system is a deep-level model which consists of two sets 
of rules, the reasoning control rules and the component specification rules. The reasoning 
control rules, which forms a domain independent temporal reasoning toolbox, perform 
constraint propagation and satisfaction, reference determination, uncertainty handling, 
and other reasoning control mechanisms. These temporal issues will be further discussed 
in the following chapters. The set of component specification rules consists of a number 
of component modules. Each of these component modules contains the rules which 
encode the knowledge of the functional specification of a specific component. This kind 
of modularity provides the flexibility for diagnosis of different microprocessor system 
configurations, by importing the necessary component modules. 
The rules within a component module can be further divided into two subsets, the 
expert's heuristic rules and the timing rules. The expert's heuristic rules break a goal 
down into subgoals and trace the desired event sequence out. These high level rules 
relate the relevant component timing parameters to each other. The timing rules encode 
the knowledge of the component functional specification. Each timing parameter of a 
13 
Chapter \ Knowledge-based System Structure 
component is encoded into a timing rule. 
In addition to the rule base, the knowledge of the verifying design is also imported 
into the knowledge base as input facts. The system architecture is shown in Figure 4.1. 
In this chapter, we will first look into the system reasoning mechanism and some related 
issues. Then we will go through two specific examples. 
I Inference Engine 
Knowledge Base 
Reasoning 广- �^^^ -
U.I. — Control Rules Circuit Design 
Component Specification Rules 
Comp. Module 1 Comp. Module n 
Heuristic Rules Heuristic Rules 
Timing Rules " “ " " " Timing Rules 
k 
, ； > 
Figure 4.1: Knowledge-based System Architecture 
4.1 Diagnostic Reasoning Mechanisms 
The diagnostic reasoning mechanism has two stages. The first stage is to determine the 
complete occurring event sequence to achieve the top level goal. The second stage is to 
accumulate the occurrence time of each event in the event sequence to determine the 
occurrence time of the top level goal with respect to a reference event, which is always 
purposely chosen as a clock event, a well-defined reference. 
‘ 14 
Chapter 4 Knowledge-based System Structure 
During the first stage, by the technique of divide-and-conquer, the heuristic rules 
break down a goal into sub-goals in the subsequent lower levels, until all the sub-goals 
can be solved by the timing rules. The backward reasoning manner is adopted. The 
members in the sequence of occurring events to complete the top level goal are traced 
out one by one, starting from the last member in the sequence back to the initial event, 
which is the reference event. 
The forward reasoning mechanism is then proceeded in the second stage to accumulate 
and determine the occurrence time range of the top-level goal with respect to the reference 
event. Starting from the event immediately after the reference event, the time range 
between every two consecutive events is accumulated until the last event in the occurring 
events sequence is readied. 
「 ‘ \ 
TOP LEVEL GOAL 
M D THE OCCURRENCE 
SUBGOALl SUBG0AL2 TIMEOFTOP LEVEL 
G0ALDUET01&2 
FIND THE OCCURRENCE 
SUBGOALU FIND THE OCCURRENCE SUBG0AL2.1 SUBGOAL2.2 m i E 0 F 2 D U E T 0 2 1 
卜 — 肌 1 L _ Z _ J AND2.2 . 
Figure 4.2: Diagnostic Reasoning Tree 
The reasoning mechanism of the system is shown in the tree diagram in Figure 4.2. 
The top level goal is broken down into two subgoals, namely SG\ and 302- SG\ and SG2 
are then further broken down into subgoals SG2.1 and 5^2.2 as in the diagram. 
The subgoals represented by the leaf nodes are being broken down until all the leaf nodes 
15 
Chapter 4 Knowledge-based System Structure 
of the tree can be solved by the timing rules which encode the component functional 
specification. At the lowest level of the above tree, assume the three lowest level subgoals 
are solved by the timing rules. The occurrence time of SGi,i is then propagated upward 
by one level to determine the occurrence time of SGi • Similarly, the occurrence time of 
5^2.1 and SG2.2 are propagated upward to determine the occurrence time of SG2' After 
the occurrence times of SGi and SG2 are derived, the occurrence time of the top level 
goal is determined by further propagate these two time values up to the root of the tree. 
Hence, the diagnostic reasoning process completes. 
4.2 Occurring Event Sequence 
During the first stage of the diagnostic reasoning, the complete occurring event sequence 
is determined by the expert's heuristic rules. These heuristic rules are in fact higher level 
logical rules which break down goals that cannot be solved by the timing rules which 
encode the component timing parameters. The derived subgoals are further broken down 
if necessary, until all the leaf-node goals can be solved by the timing rules. 
For instance, to determine the setup time of the C P U databus, there is not any 
single timing parameter in the MC68000 functional specification can be used. No such 
timing parameter relates the event that the C P U databus becomes valid to a well defined 
clock event. Hence, the goal "Check setup time of C P U databus" is broken down into 
"Determine when C P U databus valid" and "Determine relative time of clock state S7 
from C P U databus valid". The former subgoal cannot be solved by any of the timing 
rules and thus is further broken down into smaller subgoals. The later subgoal can be 
solved directly by the tDICL timing rule. This kind of backward reasoning manner traces 
out the complete sequence until a well defined C P U clock reference event is derived. 
16 
Chapter \ Knowledge-based System Structure 
4.3 Equivalent Goals 
In some cases, due to the inter-dependency among components, no heuristic rule or timing 
rule can be applied directly to solve a given goal. A control mechanism is then necessary 
to handle this situation. According to the properties of component connections, two 
nodes have equal logical states at a time instance if they are connected. This property 
implies the functional inter-dependency between any two connected nodes. Hence, when 
the inter-dependency problem arises, an equivalent goal, which can be solved by either 
type of rules, can be derived according to the common node connection. 
For example, the goal to determine when the C P U databus becomes valid cannot 
be solved directly by any rule or timing parameter. The time when the C P U databus 
becomes valid strictly depends on the time when the R A M databus becomes valid. That 
later event can be determined by the R A M timing parameters, such as tAA. Hence, the 
original goal can be solved by converting it into its equivalence, "Determine when the 
R A M databus becomes valid". 
4.4 CPU Databus Setup Time 
For the case to verify the functional correctness of a MC68000 read cycle, our top level 
goal is (1) "Check setup time of C P U databus". A microprocessor systems expert realizes 
that the MC68000 C P U read cycle completes when the C P U clock reaches the state of 5V, 
assuming that no wait states will be inserted. He also realizes that the concerned event 
immediately precedes Sj is the event that the C P U databus becomes valid. So, he breaks 
the top level goal down into two subgoals, (2) "Determine when C P U databus valid" and 
(3) "Determine relative time of clock state Sj from C P U databus valid". Subgoal (2) is to 
be further broken down into smaller subgoals in order to determine its occurrence time. 
‘ 17 
Chapter \ Knowledge-based System Structure 
Subgoal (3) is the last member in the occurring event sequence. It can be solved by the 
tDICL timing rule, which encodes a timing parameter of the C P U databus. The occur-
rence time of the top level goal can then be derived by using the constraint propagation 
technique to combine the occurrence times of the two subgoals. 
Since the time when the C P U databus becomes valid depends on and equivalent to 
the time when the R A M databus becomes valid, another subgoal (5) "Determine when 
R A M databus valid" is derived from (2) "Determine when C P U databus valid". The 
occurrence time of (2) can be derived straightly from that of (5). 
(1) check setup time of 
CPU data bus 
(2) determine when CPU (3) determine relative time (4) find the occurrence time 
data bus valid of clock state 7 from for (1) in terms of (2) 
J i CPU data bus valid J [ (3) • 
(5) determine when RAM (6) find the occurrence time (7) find the time range for (8) find the occurrence time 
data bus valid of ⑵ in term sof (5) tDICL of ⑶ in terais of (7) 
(9) determine when RAM (10) determine relative dme (11) find the occurrence time 
address bus valid RAM data bus valid of (5) in terms of (9) 
j 1 from address bus valid J I and ( 1 0 ) 
(12) determine when CPU (13) find the occurrence time (14) find the time range fe (15) find the occurrence time 
address bus valid of (9) in terms of (12) tAA of (10) in terms of (14) 
(16) find the time range for (17) find the occurrence time 
tCLAV of (12) in terms of (16) 
Figure 4.3: Determination of C P U Databus Setup Time 
In a similar manner, other subgoals are derived as in Figure 4.3. Note that the initial 
event of the sequence is purposely chosen as a C P U clock event, as the reference event 
‘ 18 
Chapter 4 Knowledge-based System Structure 
is desired to be a well defined signal. The reasoning process for the determination of the 
C P U databus setup time is shown in Figure 4.3. The complete occurring event sequence 
derived, starting from the initial reference event, is as follows: 
(1) C P U clock state S2 
(2) C P U address bus becomes valid 
(3) R A M address bus becomes valid 
(4) R A M databus becomes valid 
(5) C P U databus becomes valid 
(6) C P U clock state S7 
4.5 Assertion of CPU AS Signal 
Consider another example. The event (1)"A5' becomes asserted" must satisfy the con-
straint due to the timing parameter tCHSL as well as the constraint due to the timing 
parameters tCLAV and tAVSL simultaneously. Hence, the first step here is to break the 
top level goal down into two subgoals (2) and (3) as in Figure 4.4 to check these two 
constraints. This reformulates the original problem into two smaller problems which are 
very similar to the problem to check the C P U databus setup time. (2) and (3) can be 
solved exactly by the same reasoning mechanism in Section 4.4 to determine the corre-
sponding event sequences. By the technique of constraint satisfaction, the top level goal 
19 
Chapter 4 Knowledge-based System Structure 
occurrence time can be determined in terms of the subgoals (2) and (3). 
From the two constraints of (2) and (3), two possible time ranges are derived as the 
occurrence time of event (1) with different reference events. Recall that the two reference 
events would be purposely chosen as well defined C P U clock events. Thus, the two time 
ranges can be manipulated and re-written as two time ranges with a common reference. 
After deriving the common reference event for the two constraints, the time ranges are 
combined by the technique of constraint satisfaction to determine the occurrence time 
for the top level goal {l)"AS becomes asserted". The reasoning process to determine 
when the C P U AS becomes asserted is shown in Figure 4.4. 
(1) determine when AS-
asserted 
(2) check constraint due to (3)checkconstrMtdueto ⑷ find the occurrence time of 
tCHSL tCLAVandtAVSL (1) due to (2) and (3) 
(5) determine relative time of (6) find the occurrence time of (7) determine when CPU (8) determine relative time of (9) find the occurrence time of 
AS-asserted fifom clock ⑵ due to ⑶ address bus valid AS-asserted from CPU (3) due to (7) and (8) 
state! I [ address bus valid ‘ 
(10) find the time (11) find the occur- (12) find the time (13) find the occur- (14) find the time (15)findtheoccur-
rangefor rencetimeof(5) range for rencetimeof(7) range for rencetimeof(8) 
tCHSL in terms of (10) tCLAV in terms of (12) tAVSL in terms of (14) 
V J V, / v J \ J \ / V ) 
Figure 4.4: Determination of C P U AS Assertion Time 
20 
Chapter 5 
Time Range Approach 
5.1 Time Range Representation 
In microprocessor system diagnosis and design, temporal reasoning [51] of event changes 
occurring at imprecisely known time instants is an important issue. The concept of time 
range [33, 57, 61], which combines the change-based [1] and time-based [37] approaches 
of temporal logic, is proposed as a new time structure to capture the notion of time 
imprecision in event occurrence. In the case that the occurrence time of an event is to 
be stated, if T is a time range representation, the occurrence time is stated as T from a 
reference event as in Figure 5.1. 
Reference 
: 
Time Range T 
> Time 
t—min t—max 
Figure 5.1: Time Range Representation 
21 
Chapter 5 Time Range Approach 
Consider an intrinsic problem of time imprecision. The occurrence of the event {E) 
^'AS becomes asserted" is causally related to three other events: 
(El) clock state S2 changes from low to high 
(E2) clock state SO changes from high to low 
(丑3) address bus becomes valid 
The MC68000 user's manual specifies that E will occur not earlier than tcusiJjn/ki�and 
not later than tcHSL{rnax) after Ei, and E will also occur not later than tAVSLirnax) 
after 五 3， w h e r e E3 cannot occur earlier than tcLAvijrdn) after E2. It is apparent that 
we never know exactly when the event E will occur. To capture such time imprecision 
in event occurrence, it is natural to use a time range representation. 
For example, consider the temporal relationship between E and Ei. The occurrence 
time of the event E is expressed as a time range of [tcHSLimin), tcHSL{mcix)], where Ei 
is the reference event. 
5.2 Time Ranges Reasoning Techniques 
5.2.1 Constraint Satisfaction of Time Ranges 
For many practical cases, the occurrence of an event E can be constrained simultaneously 
by more than one time range. Consider the intrinsic problem of time imprecision again. 
According to the tcHSL parameter, if Ei occurs at the time instant 力1, then E must occur 
at an instant within the time range 
Ri = [tcHSL(jnin),tcHSL(jnax)\ with respect to ti (5.1) 
22 
Chapter 5 Time Range Approach 
Similarly, according to the parameters tcLAV and Iavsl^ if E^ occurs at 力2, then E3 and 
E must occur in the time range 
R2 = [tcLAvi'^i'fT'), 00] with respect to 力2 (5.2) 
To satisfy all the constraints due to Ei, E2 and E3, E must occur simultaneously in Ri 
and R2. If Ri and R2 do not overlap each other, then E will violate either of the two 
constraints and the operation fails. Otherwise, the resulting time range for E to occur 
can be derived by the techniques of constraint satisfaction of time ranges. In general, 
the resulting time range for E is R, which is the intersection of Ri and R2 as shown in 
Figure 5.2. R is given by = [Rmin^ Rmax] where 
Rmin 二 maccmin{Ri, R2} 
=max{min{Ri}^ min{R2}} (5.3) 
Rmax = minmax{Ri, R2} 
=min{max{Ri}^ max{R2}} (5.4) 
According to the component specification, it is known that the parameters tcHSL, 
tcLAV^ and Iavsl are defined as 
tcHSL 二 [3,60] ns with respect to clock state S2 
tcLAV = {undefined, 62] ns with respect to clock state Si 
tAVSL = [30, undefined] ns with respect to address bus becomes valid 
Thus, equation 5.1 may be re-written as 
Ri = [3,60] ns with respect to clock state S2 (5.5) 
23 
Chapter 5 Time Range Approach 
R1 
； w Time 
" 1 ^ : 
0 Rl -min 丨 R—ax 
R2 
j yTime 




® R i m i n R l - m a x 
Figure 5.2: Constraint Satisfaction of Time Ranges 
For the parameter tcLAV, the minimum value is undefined. As the implication of the 
implicit causal dependency has been assumed, the corresponding time range can be re-
written as 
tcLAV — [0,62] ns with respect to clock state Si 
However, such kind of implication does not apply to undefined maximum value of a time 
range. Thus, the parameter Iavsl becomes 
IAVSL = [30, oo] ns with respect to address bus becomes valid 
By constraint propagation, the parameters tcLAV and Iavsl are accumulated together. 
The details of the propagation will be discussed in the following section. According to 
the accumulation, equation 5.2 is re-written as 
R2 = [30，00] ns with respect to dock state Si (5.6) 
Before equations 5.5 and 5.6 are substituted into 5.3 and 5.4 for constraint satisfaction, 
the precondition that the two input time ranges 5.5 and 5.6 have equal reference must 
‘ 24 
Chapter 5 Time Range Approach 
be satisfied. Thus, a clock state with time range thalf-eye = [62.5,125] is accumulated 
into 5.5. Equation 5.5 now becomes 
Ri = [65.5,185] ns with respect to clock state Si (5.7) 
Now, Ri and R2 have equal reference as in equations 5.7 and 5.6, respectively. By 
substitutions into 5.3 and 5.4, the constraint satisfaction result is derived as 
Rmin = max{min{Ri}, min{R2}} 
=ma:r{65.5,30} 
= 3 0 
Rmax = min{max{Ri}, max{R2}} 
— m m { 1 8 5 , 0 0 } 
= 1 8 5 
Hence, 
R = [30,185] ns with respect to clock state Si 
5.2.2 Constraint Propagation of Time Ranges 
The concept of constraint satisfaction is important to resolve conflicts among multiple 
time ranges related to the occurrence of a single event. However, a single event change 
is useless unless it can propagate and trigger the occurrence of other events. In the 
above problem, it is clear that E has imprecision in the determination of its time of 
occurrence. E must occur in the time range [0, tAVSLi'f^ cLx)] after E3. However, the 
exact occurrence time of E3 is unknown. E3 also has such imprecision that it must occur 
at least tcLAvij^in) after E2. The imprecision in Es due to E2 contributes to certain 
25 
Chapter 5 Time Range Approach 
degree of uncertainty to E, the succeeding event of E3. Hence, the resulting time range 
for E has its overall uncertainty increased which in turn expands the time range for E 
from [(MAV^见(maa;)] after E3 to [tcLAv{mi'^)^ CXD] after E2. 
Rx 
Time 
0 Rx-min Rx-max 
I ^ I q , 
； ^ p i ^ 
_ ： ； > Time 
0 Rx-min tx Rx-max t x + p t x + q 
Ry 
>.Time 
0 Ry-min Ry-max 
Figure 5.3: Constraint Propagation of Time Ranges 
Assume E^ and Ey are two consecutive events in series involved in a microprocessor 
system operation where Ey is the succeeding event of E^；. As in Figure 5.3, if E^ and Ey 
occur in the time ranges 
R工—[Rx-min^ Rx-max] with rcspect to a standard reference (5.8) 
Ry 二 [Ry—min, Ry-max] with rcspect to E^ (5.9) 
and Ey must occur at least p but not more than q time units after E^, then the time 
range for Ey can be derived as 
Ry = [Ry-min, Ry-max] with rCSpect to E^ 
= Rx-min + P, Rx-max + q] with rcspect to the standard reference (5.10) 
Note that simply deriving the occurrence time of Ry by the above scheme does not capture 
the causal dependence. According to the techniques of constraint propagation of time 
26 
Chapter 5 Time Range Approach 
ranges [33], the casual dependence between E工 and Ey can be captured simply by using 
the relation M、R, [p, q]) to map any time point t in R to a time range R^ = [tp,tq . 
In other words, Ry can be derived by Ry = M { R x , [p, q])-
In the example for constraint satisfaction in the previous section, two constraint 
propagations were involved: the accumulation of tcLAV and Iavsl, and the accumulation 
of a clock state to derive a common reference for two time ranges. In this section, as an 
example of constraint propagation, we will look into the details of the former case. Let's 
restate the parameters here. 
tcLAV = [0,62] ns with respect to clock state Si (5.11) 
tAVSL = [30, oo] ns with respect to address bus becomes valid (5.12) 
Since tcLAV and Iavsl are two consecutive events, according to these two parameters, 
R.-min = 0 (5.13) 
R.-ma. = 62 (5.14) 
p 二 30 (5.15) 
q = oo (5.16) 
By substituting equations 5.14 to 5.16 into equation 5.10, the constraint propagation 
result is derived as 
R'^ = [30, oo] ns with respect to address bus becomes valid 
二 (0 + 30), (62 + oo)] ns with respect to clock state Si 
Hence, 
R'^ = [30, oo] ns with respect to clock state Si 
• 27 
Chapter 5 Time Range Approach 
5.3 Worst-Case Timing Analysis 
Worst-case timing analysis is the end points analysis of time ranges. During the diagnostic 
reasoning process, an event sequence is derived to determine the occurrence time range 
of a specific event E. Assume that all the intermediate events in the sequence satisfy the 
corresponding timing specification. Each of these events occurs within a specific time 
range corresponded to a component timing parameter. The parameters specify the end 
points of the intermediate time ranges. Each of these intermediate time ranges derived 
from the specification is called a regular time range. The accumulation of all the regular 
time ranges in the event sequence leads to the occurrence time range of the event E with 
respect to a reference event. The accumulated time range is called the worst-case time 
range. The end points of the worst-case time range specify the earliest and the latest 
possible occurrence time instances of an event with respect to a reference. 
Assume that the complete event sequence of a top level goal is derived. The worst-
case time range of the goal can be determined by accumulating the time ranges of the 
intermediate events through the execution of the timing rules. Each timing rule encodes 
a single timing parameter of a component. Each timing parameter is represented by a 
time range which covers all the possible values of that parameter. In most cases, an event 
occurs at a time instance located around the central part of the time range. This event, 
though possibly, rarely occurs at a time instance near the boundary of either end of the 
time range. Most of the time a timing parameter has its value lies within the central 
part of a time range. This kind of inexact time representation does capture uncertainty 
information as well. Hence, in addition to the occurrence time information, the worst-
case time range also implicitly accumulates the uncertain information embedded within 
each of the accumulated timing parameters. The time range accumulation is performed 
‘ 28 
Chapter 5 Time Range Approach 
by the timing control rules which handle constraint propagation and satisfaction. 
5.4 System Implementation 
The diagnostic system for worst-case timing analysis has been implemented in the CLIPS 
expert system shell [22, 23]. The system is actually a rule-based program which consists 
of rules that encode the expert's domain knowledge and the microprocessor system com-
ponent specification. At this stage, the knowledge base consists of twenty-one rules. 
Five of the rules encode the C P U knowledge. Two encode the RAM's. The remaining 
rules are for control purposes; they handle the time range reasoning, the derivation of 
equivalent goals, the subgoal-solving sequence control, as well as the user interface. The 
reasoning process adopts the backward chaining mechanism, deriving the event sequence 
by extracting individual events one by one, from the terminating goal event back to the 
initial reference event. 
During the initial setup of the system, all the domain knowledge, which includes the 
component functional specification, the system design configuration, the queries, and 
any other relevant information, are converted into fact statements in the memory. An 
element tag and an element index are attached to the beginning of each fact asserted. 
Each of the element statement is coupled with a reason statement, which indicates 
the corresponding element statements, if any, that support the assertion of the current 
element statement. These element and reason tags keep track of the sequences of fact 
assertion as well as rule execution. The tags equip the system with the capability of 
explanation. 
Two test cases have been used to verify the diagnostic system functionality in handling 
problems of time imprecision. One is to check the setup time of the MC68000 C P U 
29 
Chapter 5 Time Range Approach 
databus in a read cycle. The other is to determine when the AS signal of the MC68000 
C P U becomes asserted during a read cycle. The performance of the system is impressive. 
The worst-case time ranges for both cases have been successfully derived in a very short 
period, less than one second. In the following parts of this section, some of the underlying 
rules in the knowledge base as well as the test case results would be further discussed. 
5.4.1 CPU Databus Setup Time 
Expert's Heuristic Rule 
Consider the case to check the C P U databus setup time again. The top level goal 
is (1)"Check setup time of C P U databus". The worst-case occurrence time range for 
successfully setting up the databus is to be determined. The expert's heuristic rule 
cpu-1 as described in Figure 5.4 has been developed to handle this situation. 
RULE: cpu-1 
IF the goal is to check the C P U databus setup time, 
THEN determine when the C P U databus valid AND determine the 
relative time from C P U databus becoming valid to clock 
state S7 AND determine the occurrence time of the goal 
in terms of these two subgoals' occurrence times. 
Figure 5.4: An Example Expert's Heuristic Rule: cpu-1 
30 
Chapter 5 Time Range Approach 
(defrule cpu-1 
(declare (salience 5000)) 
(node ？nid cpu ？n databus $?dblines) 
(element ？kl objective active check-setup-time-of ？nid) 
(not (solved-goal ？kl $?sgs)) 
(node ？clkid cpu ？n elk) 
？eid <- (elementid ？id) 
=> 
(assert (element ？id rule cpu-1)) 
(assert (reason ？id elements ？kl)) 
(assert (element =(+ 1 ？id) objective active determine-when ？nid valid)) 
(assert (reason =(+ 1 ？id) element ？id)) 
(assert (element =(+ 2 ？id) objective active determine-relative-time-of ？clkid s7 ？nid valid)) 
(assert (reason =(+ 2 ？id) element ？id)) 
(assert (solved-goal ？kl =(+ 1 ？id) =(+ 2 ？id))) 
(assert (element =(+ 3 ？id) objective active sum-goal-time ？kl =(+ 1 ？id) =(+ 2 ？id))) 
(assert (reason =(+ 3 ？id> element ？id)) 
(assert (elementid =(+ 4 ？id))) 
(retract ？eid〉) 
Figure 5.5: The CLIPS Coding of cpu-1 
Similar to many other heuristic rules, cpu-1 will fire to break the top level goal down 
into several subgoals in the subsequent level as in Figure 4.3, if the top level goal has 
not been solved or broken down into subgoals. The CLIPS coding of cpu-1 is shown in 
Figure 5.5. cpu-1 breaks the top level goal (1) down into the subgoals (2) "Determine 
when C P U databus valid" and (3) "Determine relative time of clock state 5V from C P U 
databus valid". Also, the rule asserts the dependency between the goal and its subgoals 
with the solved-goal statement for the purpose to accumulate the worst-case time range. 
The objective of sum-goal-time indicates that the occurrence time of the goal indexed 
？kl would be determined by accumulating the occurrence times of the objectives indexed 
= ( + 1 ？id) and = ( + 2 ？id), which are to be determined in the following stages of the 
reasoning process. In other words, sum-goal-time initiates the mechanism of time range 
constraint propagation. 
Note that there are some auxiliary statements in the rule. The statement (declare 
(salience 5000) ) simply defines the priority level of the rule. As every pin of a specific 
31 
Chapter 5 Time Range Approach 
component in a design is assigned an unique node ID, the representation (node ？nid 
cpu ？n databus $?dblines) retrieves the unique node ID of the C P U databus. The 
(solved-goal ？kl $?sgs) statement indicates if a goal has been broken down into 
subgoals. The (element id ？id) is used for fact indexing. For simplicity, in the following 
discussion, some of these auxiliary statements and the assertion of reason statements in 
the rules discussed below are removed. 
Timing Specification Rule 
Since the event that the clock becomes S7 and the event that the C P U databus becomes 
valid can be related by the C P U timing parameter tDICL, subgoal (3) can be solved by 
finding the time range for tDICL. The timing specification rule cpu-5 has been developed 
to determine the limit values of tDICL. If the limits have been properly encoded and 
are accessible by the system, then the limits can be used for constraint propagation or 
satisfaction. 
RULE: cpu-5 
IF the goal is to determine the limits of tDICL AND the 
limits are accessible, 
THEN the limits of the parameter can be used for constraint 
propagation or satisfaction. 
Figure 5.6: A n Example Timing Specification Rule: cpu-5 
The CLIPS coding for cpu-5 is shown in Figure 5.7. The time range of tDICL 
obtained for subgoal (7) is then propagated upward as the goal time of subgoal (3) 
through the execution of the time range reasoning rules. 
32 
Chapter 5 Time Range Approach 
(defrule cpu-5 
(node ？cdbid cpu ？n databus $?dblines) 
？ele <- (element ？kl objective active determine-value-of tDICL ？cdbid valid) 
(element ？k2 value ？tmin ？tmax tDICL ？cdbid valid) 
=> 
(assert (element ？id rule cpu-5)) 
(assert (element ？kl objective solved determine-value-of tDICL ？cdbid valid)) 
(retract ？ e l e ) ) 
Figure 5.7: The CLIPS Coding of cpu-5 
Constraint Propagation Rule 
Subgoal (2) is broken down into smaller subgoals in a similar manner as to breaks the 
top level goal (1) down into subgoals (2) and (3), until all the subgoals under (2) are 
solved and the corresponding accumulated time range is propagated upward to (2). The 
rule time-5 which propagates the constraint of an event to a succeeding event has been 
developed for time range accumulation. 
RULE: time-5 
IF the occurrence time of a triggering event w.r.t. to well 
defined reference is known AND the occurrence time of an 
event w.r.t. that triggering event is also known, 
THEN determine the occurrence time of that latter event w.r.t. 
the well defined reference by constraint propagation. 
Figure 5.8: The Time Range Constraint Propagation Rule: time-5 
W h e n the occurrence time ranges of (2) and (3) are derived, this rule accumulates 
these time ranges to derive the occurrence time of (1). The CLIPS coding for time-5 is 
shown in Figure 5.9. time-5 accumulates the occurrence time ranges of two consecutive 
events. It handles all the possible situations that whether only one or both of the limits 
33 
Chapter 5 Time Range Approach 
(defrule time-5 
？ele <- (element ？kl objective active sum-goal-time ？g ？sgl ？sg2) 
(not (goal-time ？g $?x)) 
(goal-time ？sgl ？tminl ？tmaxl ？nPARAl ？sPARAl) 
(goal-time ？sg2 ？tmin2 ？tmax2 ？nPARA2 ？sPARA2) 
=> 
(assert (element ？id rule time-5)) 
(assert (element ？kl objective solved sum-goal-time ？g ？sgl ？sg2)) 
(if (eq ？tminl undefined) then (bind ？tminl 0)) 
(if (eq ？tmin2 undefined) then (bind ？tmin2 0)) 
(if (or (eq ？tmaxl undefined) (eq ？tmax2 undefined)) then 
(assert (goal-time ？g =(+ ？tminl ？tmin2) undefined ？nPARAl ？sPARAl)) 
else (assert (goal-time ？g =(+ ？tminl ？tmin2) =(+ ？tmaxl ？tmax2) ？nPARAl ？sPARAl)))) 
Figure 5.9: The CLIPS Coding of time-5 
of a time range are defined. The statement (goal-time ？sgl ？tminl ？tmaxl ？nPARAl 
？sPARAl) indicates that the subgoal with index ？sgl has its occurrence time derived as 
the time range [？tminl,?tmax 1] with respect to the event that the node ？nPARAl gets 
into the state ？sPARAl. 
Note that there is a dependency between the two events. The terminating sub-event of 
the earlier event must be the initial sub-event of the later event. The resulting time range 
derived from subgoals (2) and (3) is propagated upward as the worst-case occurrence time 
range for the top level goal (1). 
Equivalent Goals 
As the components in a microprocessor system are interconnected, the connected nodes 
certainly have identical logical states at any time instance. Thus, equivalent goals can 
be generated for more efficient diagnostic reasoning. Consider the event when the C P U 
databus becomes valid. There is no timing parameter relates this event with another. 
This event solely depends on the time when the connected R A M databus becomes valid. 
Timing parameters which relates the time when the R A M databus becomes valid with 
34 
Chapter 5 Time Range Approach 
the time when the R A M addressbus becomes valid exist. Hence, to handle the connected 
buses, the expert's heuristic rule time-2 will derive the corresponding equivalent goal 
for the diagnosis to be proceeded. W h e n the equivalent goal is solved, the result can be 
propagated to resolve the corresponding equivalent goals. The CLIPS coding for time-2 
is shown in Figure 5.11. 
RULE: time-2 
IF no parameter exists to solve the current goal AND the 
involved component pin in the current goal is connected 
to other pins, 
THEN generate a new goal which is equivalent to the current 
objective in terms of the properties of interconnected 
nodes. 
Figure 5.10: The Equivalent Goals Rule: time-2 
(defrule time-2 
(node ？cdbid cpu ？n databus $?dblines) 
(node ？cabid cpu ？n addressbus $?ablines) 
(element ？fcl objective active determine-relative-time-of ？cdbid ？si ？cabid ？s2) 
(not (solved-goal ？kl $?sgs)) 
(node ？rdbid ram ？n2 databus $?dblines2) 
(node ？rabid ram ？n2 addressbus $?ablines2) 
(or (element ？k2 connect ？cdbid ？rdbid) (element ？k2 connect ？rdbid ？cdbid)) 
(or (element ？k3 connect ？cabid ？rabid) (element ？k3 connect ？rabid ？cabid)) 
(element ？k4 event ？rdbid ？si ？tPARA ？rabid ？s2) 
= > 
(assert (element ？id rule time-2)) 
(assert (element =(+ 1 ？id) objective active determine-relative-time-of ？rdbid ？si ？rabid ？s2)) 
(assert (solved-goal ？kl =(+ 1 ？id))) 
(assert (element =(+ 2 ？id) objective active find-eq-goal-time ？kl =(+ 1 ？id)))) 
Figure 5.11: The CLIPS Coding of time-2 
In a similar manner, a general rule for handling equivalent goals finds an unsolved 
goal, determines the concerned connected nodes, and asserts a new equivalent goal for 
35 
Chapter 5 Time Range Approach 
further diagnostic reasoning. Note that the rules to derive equivalent goals have a lower 
priority level than the other heuristic rules. Equivalent goals are undesired when the 
knowledge base is sufficient to solve the current goals. Generating undesired equivalent 
goals simply increase the system load and degrade the performance. 
5.4.2 Assertion of CPU AS Signal 
Constraint Satisfaction Rule 
The other test case is to determine the time when the ~AS pin becomes asserted. Similar 
to the previous case, the expert's heuristic rule cpu-2 breaks the top level goal (1) "De-
termine when ~AS asserted” into the subgoals (2) "Check constraint due to tCHSL" and 
(3) "Check constraint due to tCLAV and tAVSL，,. Subgoal (2) is to determine the relative 
occurrence time of the event "A? becomes asserted" with respect to “CPU clock becomes 
5V，. Subgoal (3) is to determine the relative occurrence time of the event ''AS becomes 
asserted" with respect to " C P U addressbus becomes valid". 
RULE: cpu-2 
IF the goal is to determine when AS asserted, 
THEN check the constraint due to the parameter tCHSL AND 
check the constraint due to the parameters tCLAV and 
tAVSL AND determine the occurrence time of the goal 
in terms of the subgoals' occurrence times. 
Figure 5.12: A n Example Expert's Heuristic Rule: cpu-2 
36 
Chapter 5 Time Range Approach 
(defrule cpu-2 
(node ？asid cpu ？cid as-) 
(element ？kl objective active determine-when ？asid asserted) 
(not (solved-goal ？kl $?sgs)) 
(node ？clkid cpu ？n elk) 
(node ？cabid cpu ？n addressbus $?abuslines) 
= > 
(assert (element ？id rule cpu-2)) 
(assert (element =(+ 1 ？id) objective active determine-relative-time-of ？asid asserted ？clkid 2)) 
(assert (element =(+ 2 ？id) objective active determine-when ？cabid valid)) 
(assert (element =(+ 3 ？id) objective active determine-relative-time-of ？asid asserted ？cabid valid)) 
(assert (element =(+ 4 ？id) objective active sum-goal-time =(+ 4 ？id) =(+ 2 ？id) =(+ 3 ？id))) 
(assert (element =(+ 5 ？id) objective active and-goal-time ？kl =(+ 1 ？id) =(+ 4 ？id))) 
(assert (solved-goal ？kl =(+ 5 ？id)))) 
I 
Figure 5.13: The CLIPS Coding of cpu-2 
Subgoals (2) and (3) can be solved as the top level goal in the previous case. The only 
difference in this second case is the usage of constraint satisfaction technique in deriving 
the worst-case time range for the top level goal. The and-goal-time objective initiates 
the execution of the time range constraint satisfaction rules. Two constraint satisfaction 
rules, time-6 and time-7, have been implemented. 
RULE: time-6 
IF the occurrence time of a goal due to one constraint is 
known AND the occurrence time of the same goal due to 
another constraint is also known AND these two occurrence 
time ranges have common reference event, 
THEN determine the occurrence time of that event by constraint 
satisfaction. 
Figure 5.14: The Time Range Constraint Satisfaction Rule: time-6 
time-6 actually determines the union of the time ranges of two events with common 
reference. It also handles the cases when only one of the two limits for a time range is 
37 
Chapter 5 Time Range Approach 
(defrule time-6 
？ele <- (element ？kl objective active and-goal-time ？k2 ？k3 ？k4) 
(goal-time ？k3 ？tminl ？tmaxl ？n ？s) 
(goal-time ？k4 ？tmin2 ？tinax2 ？n ？s) 
=> 
(assert (element ？id rule time-6)) 
(assert (element ？kl objective solved and-goal-time ？k2 ？k3 ？k4)) 
(if « ？tminl ？tmin2) then (bind ？train ？tmin2) 
else (bind ？tmin ？tminl)〉 
(if (or (eq ？tmaxl undefined) (eq ？tmax2 undefined)) then (bind ？tmax undefined) 
else (if (< ？tmaxl ？tmax2) then (bind ？tmax ？tmaxl) else (bind ？tmax ？tmax2))) 
(assert (goal-time ？k2 ？tmin ？tmax ？n ？s)) 
(retract ？ e l e ) ) 
Figure 5.15: The CLIPS Coding of time-6 
defined. 
Common Reference 
time-7, an extension of time-6, determines the union of two time ranges with different 
references. Recall that the reference of a event sequence is always purposly chosen as 
a clock event. Thus, as the clock generates well defined signals, deriving a common 
reference becomes the manipulation of clock cycles. 
RULE: time-7 
IF the occurrence time of a goal due to one constraint is 
known AND the occurrence time of the same goal due to 
another constraint is also known AND these two occurrence 
time ranges have different clock events as references, 
THEN determine common reference event for both of the constraints 
by clock state manipulation AND determine the occurrence 
time of that event by constraint satisfaction 
Figure 5.16: The C o m m o n Reference Rule: time-7 
38 
Chapter 5 Time Range Approach 
(defrule time-7 
？ele <- (element ？kl objective active and-goal-time ？k2 ？k3 ？k4) 
(node ？n cpu ？cid elk) 
？rml <- (goal-time ？k3 ？tminl ？tmaxl ？n ？si) 
？rm2 <- (goal-time ？k4 ？tmin2 ？tmax2 ？n ？s2&~?sl) 
(element ？k5 value ？cycmin ？cycmax tHalfCYC ？n ？X) 
=> 
(assert (element ？id rule time-7)) 
(assert (element ？kl objective solved and-goal-time ？k2 ？k3 ？k4)) 
(bind ？Tmin (abs (• ？cycmin (- ？s2 ？si)))) 
(bind ？Tmax (abs (• ？cycmax (- ？s2 ？si)))) 
；；；Use the earlier reference event as the common reference event 
(if « ？si ？s2) then 
(bind ？tmin2 (+ ？tmin2 ？Tmin)) (bind ？tinax2 (+ ？tmax2 ？Tmax) ) (bind ？s ？si) 
(retract ？rm2) 
(assert (goal-time ？k4 ？tmin2 ？tmax2 ?n ？s)) 
else 
(bind ？tminl (+ ？tminl ？Tmin)) (bind ？tmaxl (+ ？tmaxl ？Tmax)) (bind ？s ？s2) 
(retract ？rml) 
(assert (goal-time ？k3 ？tminl ？tmaxl ？n ？s)) 
) 
(if (< ？tminl ？tmin2) then (bind ？tmin ？tmin2) else (bind ？tmin ？tminl)) 
(if (and (neq ？tmaxl undefined) (neq ？tmax2 undefined)) then 
(if (< ？tmaxl ？tmax2) then (bind ？tmax ？tmaxl) else (bind ？tmax ？tmax2)) 
else (if (eq ？tmaxl undefined) then (bind ？tmax ？tmax2) else (bind ？tmax ？tmaxl))) 
(assert (goal-time ？k2 ？tmin ？tmax ？n ？s)) 
(retract ？ e l e ) ) 
Figure 5.17: The CLIPS Coding of time-7 
39 
Chapter 5 Time Range Approach 
5.5 Implementation Results 
5.5.1 CPU Databus Setup Time 
After the query of checking the C P U databus setup time has been entered, the following 
response is returned: 
Query : (check-setup-time-of 108) 
Answer : The event occurs within 10 to infinity ns after 110 becomes 1. 
The number 108 in the query (check-setup-time-of 108) is the unique node ID 
assigned to the C P U databus. The response states that the C P U databus would finish 
setup at a time instant within the time range [10,oo] ns after the C P U clock, with node 
ID 110，becomes clock state 
The diagnostic result is consistent with the theoretical result. The expected worst-
case time range is the accumulation of the time ranges for the timing parameters tCLAV, 
tAA and tDICL, where the corresponding time ranges are [undefined,62], [undefined, 100 
and [10,undefined], respectively. Through constraint propagation, it is obvious that there 
is no upper bound for the worst-case time range. This implicitly implies the possibility 
of wait states insertion, though the assumption that no wait states will be necessary has 
been made. 
Twenty-six rules have been executed during the diagnostic process. These rules derive 
the subgoals from the top goal, and perform the time range reasoning to determine the 
worst-case time range as in Figure 4.3. Ten trials have been performed, and the average 
execution time for the diagnosis is 0.400 s. 
5.5.2 Assertion of CPU AS Signal 
After the query to determine when the AS becomes asserted has been entered, the 
following response is returned: 
40 
Chapter 5 Time Range Approach 
Query : (determine-when 101 asserted) 
Answer : The event occurs within 65.5 to 185 ns after 110 becomes 1. 
Similary, the number 101 in the query (determine-when 101 asserted) is the 
unique node ID assigned to the C P U AS pin. The response states that the AS pin 
would become asserted at a time instant within the time range [65.5,185] ns after the 
C P U clock 110 becomes clock state S^ i. 
The diagnostic result for this case is also consistent with the theoretical result. The 
expected worst-case time range is the intersection of the time range for the timing pa-
rameter tCHSL and the accumulated time range for tCLAV and tAVSL. The time range 
for tCHSL is [3,60] ns with respect to the event that the C P U clock becomes S2. The ac-
cumulated time range for tCLAV and tAVSL is [30,00] ns with respect to the C P U clock 
becomes Si. To find a common reference event for these two constraints, a clock state 
is accumulated to the time range for the former constraint, such that the event "CPU 
clock becomes 5V，becomes the reference. Knowing that the length of a clock state, or 
half a clock cycle, is [62.5,125] ns, the accumulated time range for the former constraint 
becomes [65.5,185] ns. By constraint satisfaction of time ranges, the worst-case time 
range for this case becomes the intersection of [30,00] and [65.5,185] ns, or [65.5,185] ns, 
with respect to "CPU clock becomes 5V，. 
For this case, thirteen rules have been executed during the diagnostic process. These 
rules derive the subgoals from the top goal, and perform the time range reasoning to 
determine the worst-case time range as in Figure 4.4. Ten trials have been performed, 
and the average execution time for the diagnosis is 0.354 s. 
5.6 Conclusion 
A knowledge-based system which adopts the time range reasoning approach [33] has been 
implemented to handle the problem of microprocessor systems diagnosis. A deep-level 
model which consists of expert's problem solving rules as well as timing rules has been 
developed. The expert's problem solving rules divide a high level goal into subgoals 
41 
Chapter 5 Time Range Approach 
which can be solved by the timing rules and determine the complete occurring event 
sequence of that goal. The timing rules actually encode the functional specifications 
of various microprocessor systems components. Other control rules which handle the 
time range reasoning and reference event determination techniques are coupled to the 
domain knowledge base. These control rules accumulate and determine the worst-case 
time range of the top level goal. The implementation results of the two test cases have 
shown satisfactory performance of the system in worst-case timing analysis. 
The system has the capability to handle diagnosis of different system configurations 
simply by the insertion of the knowledge base modules of the necessary components. It 
can be also used as the basic framework of an expert module, to be integrated into an 
intelligent tutoring system for microprocessor systems design. 
At this stage, the system performs well in worst-case timing analysis, without con-
siderations of handling the uncertainty embedded within time ranges. To extend the 
capability of time range reasoning, quantification of possibility measures within time 
ranges are necessary to be incorporated with the existing temporal constraint reasoning 
techniques. A fuzzy time point representation is proposed to capture this information. 
The crisp time range for each event occurrence is fuzzified. The time range representation 
is treated as a fuzzy time point. The incorporation of this fuzzy temporal representa-




Fuzzy Time Point Approach 
In the domain of microprocessor systems diagnosis, the temporal reasoning of a sequence 
of causally-related events which occur at imprecisely known time instants is an important 
issue. The concept of time range has been proposed and implemented to capture the 
important notion of time imprecision in event occurrence. Various techniques for time 
referencing, time-range constraint satisfaction and propagation have also been developed, 
with reference to a MC68000 read cycle constraint violation problem. The quantification 
of possibility measure, which is implicitly embedded in the time range representation, is 
also an important issue related to the domain. The use of a probability model has been 
proposed [32] to quantify this possibility measure. To reduce the computational load, the 
fuzzy time point model [59, 60], which is simple and efficient in terms of computation, 
is proposed to quantify the possibility measure. In this chapter, we will discuss how this 
possibility model can be used to enhance the diagnostic and deductive capability of the 
existing time-range constraint models for temporal reasoning. This extension has been 
successfully embedded into the existing time range reasoning diagnosis system. Promising 
results in the quantification of possibility measures have been obtained. 
43 
Chapter 6 Fuzzy Time Point Approach 
6.1 Fuzzy Time Point Models 
In microprocessor systems, microprocessors, random access memories, and various log-
ical devices are the main system components. Although the component manufacturers 
provide relevant data sheets, the data sheets only give information on time ranges in 
terms of m a x i m u m and minimum specifications. Adequate component data to construct 
a proper uncertainty model for such systems, however, is unavailable. Actually, the exact 
timing for the occurrence of an event often has dependencies on many complicated and 
highly unpredictable factors, such as temperature and humidity. In other words, the 
exact occurrence time of an event is never known, and it is very difficult to determine 
the likelihood of occurrence of an event at a specific time instance t within the time 
range R=[tmin,tmax], as given in the component specification. However, it is reasonable 
to use the time-range implication to define a fuzzy time point as a possibility model for 
an event, on the basis of the fuzzy number theory. 
6.1.1 Concept of Fuzzy Numbers 
The concept of fuzzy numbers is defined as the coupling of two other concepts, the interval 
of confidence and the level of presumption [31, 40，45]. The interval of confidence specifies 
the domain over which a fuzzy number is defined. It is in the form of two limit values, 
the end points of the interval which represents the domain. The level of presumption 
provides the possibility measure of each instance within the domain of the fuzzy number. 
Every fuzzy number is associated with a membership function which specifies the levels 
of presumption of the instances within the interval of confidence. 
For example, x is a fuzzy number defined over the range from 0 to 10. If the value 
of X is said to be medium, it is most likely that x is 5. However, the values close to 5， 
such as 4 or 6, also have certain degree of likelihood. Thus, we may represent the fuzzy 
number x as in Figure 6.1. 
44 
Chapter 6 Fuzzy Time Point Approach 
'tZM 
0 5 10 
Figure 6.1: Definition of a Fuzzy Number 
6.1.2 Definition of Fuzzy Time Points 
In time range reasoning, every timing parameter obtained from the component specifi-
cation or timing quantity accumulated from timing parameters is represented as a time 
range representation The time range R only provides the interval of con-
fidence. The levels of presumption of the instances within R is missing. For instance, the 
parameter 力。％=[125,250] specifies that the MC68000 clock cycle must have a period of 
125 to 250 ns, as in Figure 6.2. The embedded possibility measure within 艺亭=[125,250 
is not quantified. Assume that tcyc is a time point represented by a fuzzy number, and all 
the instances within R have equal possibility measures. Figure 6.2 then simply represents 
the definition of the fuzzy number tcyc, with membership function ficyc defined as 
fJ'cyc — fu{t — tmin) — fu(t — tmax) + ^{t — tmax) 
where fu is a step function and 5 is an impulse function. The purpose of the delta function 
in the equation is to show that the upper limit has a possibility measure of one. Hence, to 
capture the notion of time imprecision in event occurrence, the time range representation 
R二[力而•几,f爪ao：] for the occurrence of an event is simply replaced by the fuzzy time point 
representation ftp, associated with an appropriate membership function representing the 
levels of presumption. 
An ftp is a time value that is represented by a fuzzy number. The degree of fuzziness 
of an ftp depends on the width of the corresponding time range R=[tmin,tmax]' However, 
an ftp with a rectangular membership function as in Figure 6.2 does not mean more 
than a time range representation. A more meaningful membership function must be 
45 
Chapter 6 Fuzzy Time Point Approach 




Figure 6.2: Definition of the Timing Parameter tcyc 
chosen to quantify the possibility measure appropriately. In Figure 6.3, an ftp has its 
membership function defined over the range R二[‘in,力謎:J. The membership function 
is chosen as a trapezoidal Pl-type function. There are two reasons for the use of a 
trapezoidal function. The first reason is to reduce the biases due to the dependencies on 
the various complicated and unpredictable external factors which would alter the exact 
event occurrence times. The second reason is for simple and efficient computation. With 
the time range implication, several properties of the fuzzy time point model have been 
defined: 
1. There should exist a finite nonzero possibility within the range ^ —[tmin.tmax,. 
2. The value of the possibility measure must be within 0 and 1. 
3. The possibility of occurrence is zero if the value of ftp is outside R. 
4. The most probable occurrence should happen at around (Zrm_n+玄maa;)/2. 
tMIN t M A X 
Figure 6.3: Trapezoidal Pl-type Membership Function 
46 
Chapter 6 Fuzzy Time Point Approach 
6.1.3 Semi-bounded Fuzzy Time Points 
The construction of an ftp relies on the minimum and maximum specifications of the 
corresponding component parameter. In the component data sheets, however, many 
parameters have only one of the two time range limits defined. This situation leads to 
two special cases: the lower limit of R is undefined; the upper limit of R is undefined. Due 
to the causal dependency between events occur in microprocessor systems, the former 
case has an implicit implication that the lower limit has a value of zero. The case to 
model the uncertainty in an ftp with undefined lower limit can simply be treated as the 
original intrinsic case with both limits defined. In the second case, however, the upper 
limit is unbound. The upper limit is causally independent from the preceding reference 
event, though the parameter is causally dependent on the reference event. The causal 
dependency property only constrains the lower limit of an ftp with the reference event. 
Thus, the problem in modeling the uncertainty in an ftp with an undefined upper limit 
arises. 
Figure 6.4: The Three Fundamental Membership Functions 
To overcome the problem with such a semi-bounded ftp, an assumption of the max-
imum possible practical value of the upper limit is made. Although the upper limit is 
not provided in the component data sheet, it is reasonable to assume that the possibility 
measure, in reality, converges to zero as the upper limit grows to infinity or a relatively 
large value. Thus, a constant K may be assigned to the ftp as the maximum possible 
practical value of its upper limit, according to the characteristics and behaviour patterns 
of the concerned component. 
After the upper limit is defined, the issue in choosing the type of membership func-
tion should be considered. There are basically three fundamental types of membership 
- 47 
Chapter 6 Fuzzy Time Point Approach 
functions, namely Z-type, Pl-type and S-type，as in Figure 6.4. As the ftp has an un-
bounded upper limit, it is reasonable to assume that all the time instances beyond a 
threshold time instance within R have equal possibility for the event occurrence. Then, 
should we use an S-typed membership function as in Figure 6.5? However, the value 
of the upper limit has been assumed as K. Should we simply treat it as the intrinsic 
case? The appropriation of the choice of membership function has dependency on the 
confidence level of K. If the confidence level of K is very high, we may simply treated 
the ftp as the intrinsic case because the value of the ftp is rarely close to or beyond K. 
O n the other hand, if K is underestimated, it would be appropriate to use an S-typed 
membership function as the values around K has equal likelihood to be the ftp value. In 
this case, the accumulated ftp will have a tighter range, which gives a better precision 
in one sense, but certain degree of uncertainty information will be lost. There is a trade 
off between the precision in the accumulated time range and the completeness of the 
quantified uncertainty information embedded, with respect to the choice of K. 
tMIN t M A X 
Figure 6.5: Trapezoidal S-type Membership Function 
6.2 Fuzzy Time Point Reasoning Techniques 
In our study of worst-case timing analysis of microprocessor systems, it has been observed 
that the satisfaction of a goal such as 
G=“Will there be a successful read from the R A M ? " 
requires temporal reasoning of a sequence of causal events, in particular on the imprecise 
timings for their successive occurrence. To solve G requires the determination of the time 
48 
Chapter 6 Fuzzy Time Point Approach 
ranges for the events 
Gl = "When will the falling edge of clock state SQ occur?" 
and 
G2=“When will R A M data become valid?" 
The occurrence time of the SQ falling edge in G1 involves the issue of wait state insertion. 
The details in solving G1 will be discussed in Chapter 7. To satisfy G2, we have to apply 
time-range satisfaction and propagation for events in several causal paths: 
^ N C N 
When will AS* be _ ^ When will CS*，OE*， 
asserted? WE* be asserted? 
V / V 
f \ r 
When will R/W* be When will WE* be 
asserted? asserted for READ? 
� J V J 
f — \ r N 
When will AS* be When will address 
asserted? become valid? 
^ / V / 
Figure 6.6: Event Causal Paths 
This kind of analysis only leads to the worst-case occurrence time range of the top 
level goal without quantified possibility measure. To achieve more informative temporal 
reasoning, the possibility model defined in the previous section is incorporated in the 
temporal reasoning techniques which have been developed for time range analysis, in 
this chapter, the incorporation of the possibility model into the time range constraint 
propagation and satisfaction are discussed in details. 
49 
Chapter 6 Fuzzy Time Point Approach 
6.2.1 Constraint Propagation of Fuzzy Time Points 
Possibility measure propagation is desired because most events in a causal path are 
dependent. For a reference event or the first event in an event sequence, it is possible to 
unify the event occurrence time to a time instance. For other events which depend on this 
initiating event, however, their possibility measures should be affected by event causality, 
such as circuit connections or device behaviours. This dependency imposes complicated 
constraints on the propagation of the associated time range possibility measures. 
Consider the case for the propagation of possibility measures due to a device delay. 
Assume that the event Ea occurs within the time range Ra with respect to a well defined 
reference event E” The possibility measure fia is associated with Ra. Then the input 
event can be written as 
(丑a, Ra, "a,丑r) 
From the device specification, it is also realized that the output event Eh must occur 
within Rh after Ea, where fib is the possibility measure associated with Rb. Similarly, the 
output event is written as 
{Eb, Rb, fJ'h^ Ea) 
To determine the occurrence time range of Eb with respect to the well defined reference 
E” we may convert the time ranges into fuzzy time points as the first step. The input 
and output events become 
(EaJtpa.Er) a n d {EbJtpb.Ea) 
where ftpi is the representation that associates Ri and jii together. 
As time ranges are replaced by fuzzy time points to quantify the embedded un-
certainty, the techniques in fuzzy arithmetic are adopted to determine the propagated 
possibility measure. Fuzzy time points propagation can be achieved by fuzzy number 
addition, a simple and efficient method. According to the delay problem above, ftpa for 
Ea is defined over 二 [《a-/隱tapper] with the membership function ^  Similarly, ftpb 
50 
Chapter 6 Fuzzy Time Point Approach 
for Eb is defined over Rb=[tb-iower .h-upper] with "6. The accumulated time value ftpc： 
obtained through the propagation of ftpa and ftpb, is simply {ftpa + ftpb)- Assume that 
i^ a二[0,7] and Rb=[0,7]. fia and /i^  are given as in the tables below. Rc is derived as 
0,14] according to the original time range propagation technique, whereas fic is derived 
by using the fuzzy number addition formula: 
fia+b{z) = MAX,=,^y{MIN{fia{x),fib{y))) (6.1) 
ftpa 0 1 2 3 4 5 6 7 
fXa 0.0 0.1 0.3 0.8 1.0 0.7 0.3 0.0 
Jtpb 0 1 2 3 4 5 6 7 
fib 0.0 0.3 0.6 1.0 0.7 0.2 0.1 0.0 
ftpc II 1 I 2 3 4 __5 6 7 8 9 10 11 12 13 
f^ ^ 0.0 0.1 0.3 0.3 0.6 0.8 1.0 0.7 0.7 0.3 0.2 0.1 0.0 
Note that the fuzzy time points in the above table are discretized into sub-intervals by a 
constant change of one unit. By this way, better precision in the accumulated possibilty 
measures can be obtained. For simpler and faster computation, we may discretize fuzzy 
time points into a constant number of sub-intervals instead. The choice of discretization 
scheme depends on the nature of the application concerned. 
Figure 6.7 illustrates the two fuzzy numbers and their sum. The accumulated time 
range Rc should be [0,14]. However, note that the fuzzy sum has possibility measures of 
zero at the end points of the accumulated range. Thus, the range Rc can be tightened 
into 凡=[1,13] for better precision. The accumulated ftp。is derived as 丑。=[1,13], with 
respect to the reference event E " and have the possibility measures quantified as fic in 
the above tables. 
51 
Chapter 6 Fuzzy Time Point Approach 
T • /\/\ • /\ • “ ‘ n 
0.9 - ftp t> / V \ ftp a / \ftp a + ftp b _ 
O。 2 4 6 8 -lO 14 
"Tim© 
Figure 6.7: Fuzzy Time Point Propagation 
6.2.2 Constraint Satisfaction of Fuzzy Time Points 
Recall that the occurrence of an event E can be constrained simultaneously by more 
than one time range. Constraint satisfaction technique has been developed to handle 
this kind of situation in time range reasoning. To extend this technique to fuzzy time 
points satisfaction, the methodology to combine the possibility measures of these time 
range constraints into a single resulting measure is developed. This can be achieved by 
the MIN{fj.a,l^b) operation. 
Assume that the event E is constrained by two component parameters simultaneously. 
E must occur at ftpa after a reference event Er. At the same time, E must also occur 
at ftpb after Er. fia and /i^  are the membership functions of ftpa and ftpb, respectively. 
Let ftpc be the resulting occurrence time of E with respect to Er in the tightest form, 
and "c be the membership function of ftpc. Then ftp�can be derived simply by the 
AND{ftpa,ftpb) operation. Note that not only the AND operation does take the min-
imum of the membership functions, but also the intersection of the domains of the two 
ftps. The equivalence of the A N D { f t p a j t p b ) operation is shown in Equations 6.2 to 6.4. 
fic = M 释 (6-2) 
tmin = MAXMIN{Ra,Rb) 
52 
Chapter 6 Fuzzy Time Point Approach 
=MAX(ta-min,tb-min) (6.3) 
tma. = MINMAX(Ra,Rb) 
=MIN(ta —max^ h-max) (6.4) 
For instance, let ftpa and ftpb be defined over the ranges [2,10] and [0,8], respectively. 
fjia and fib are the corresponding membership functions, ftpc may be derived, according 
to the above equations, as in the following tables. Figure 6.8 shows the fuzzy time points 
ftpa and ftpb. The intersection of these two ftps in Figure 6.8 is the fuzzy time point 
ftpc obtained from the ftp satisfaction operation, AND[ftpa, ftpb). 
ftpa 0 1 2 3 4 5 6 7 8 9 10 
/xa 0.0 0.1 0.3 0.8 1.0 0.7 0.3 0.0 0.0 0.0 0.0 
ftpf, 0 1 2 3 4 5 6 7 8 9 10 
叫 0.0 0.0 0.0 0.3 0.6 1.0 0.7 0.2 0.1 0.0 0.0 
ftpc 0 1 2 3 4 5 6 7 8 9 10 
He 0.0 0.0 0.0 0.3 0.6 0.7 0.3 0.0 0.0 0.0 0.0 
However, there is a practical limitation in computational precision. In the ideal case, 
ftpc is the intersection of ftpa and ftpb. Unfortunately, due to the discretization of 
membership functions before the computation in ftp propagation or satisfaction, certain 
parts of the membership function fXc associated with ftpc are underestimated. The fic in 
the above example derived from the actual case is shown in Figure 6.9. This shortcoming 
can be improved by increasing the sampling rate of those membership functions. In other 
words, decreasing the discretizational time step within the interval of confidence would 
improve the precision. 
53 
Chapter 6 Fuzzy Time Point Approach 
4 / V \ i 
0.8 - ftp a ^ A. \ ftp b -
I J7\、 
0.1 - / rnin{ftp a, ftp b} \ ^^^ ~ 
。。 1 2 3 4 5 6 7 8 9 1 0 
Time 
Figure 6.8: Ideal Fuzzy Time Point Satisfaction 
1 , . 1 1 1— 1 ‘“ ‘ ‘ 
0 . 9 - 一 
0 . 8 -
f : -
• O 5 _ Z \ min{ftp a. ftp b} -
1 2 3 4 i e 7 6 9 1 O 
"Tim© 
Figure 6.9: Actual Fuzzy Time Point Satisfaction 
54 
Chapter 6 Fuzzy Time Point Approach 
6.3 System Implementation 
With the fuzzy time point model, the uncertainty information in microprocessor systems 
can be captured as well. The fuzzy time point model has been successfully embedded 
into the existing time range reasoning diagnostic system as discussed in the previous 
chapter. Most of the rules are inherited from the system for worst-case timing analysis, 
with the modifications to fit the ftp representation. Extensive studies in fuzzy time 
point reasoning have been performed. Promising results were obtained. The possibility 
measures within the time range representations are quantified, and the diagnostic and 
deductive capability of the existing time range constraint model is enhanced. The same 
test cases as in the previous chapter were used to illustrate the enhancement provided 
by the fuzzy time point models. The determination of the MC68000 databus setup time 
and the occurrence time of the 'AS assertion have been examined. The diagnostic results 
obtained from the ftp reasoning are consistent with that from the worst-case timing 
analysis, with the enhancement of quantification of uncertainty information. In this 
section, we will look into the knowledge representation of ftp reasoning, the application 
of the techniques of ftp satisfaction and propagation in a practical implementation, as 
well as the effects of the variations of the ftp membership model ///tp, the maximum 
possible practical upper limit K and the membership function for semi-bounded ftp. 
6.3.1 Representation of Fuzzy Time Point 
In the context of temporal uncertainty reasoning for microprocessor systems, a fuzzy time 
point captures the information of a time-range and the possibility measure associated with 
the time-range, with respect to a microprocessor system event. The time-range and the 
possibility measure are specified by two limit values, tmin and imax-, and a membership 
function /i, respectively. The reference event is specified by a component node and the 
functional state of that node. Thus, a well-defined ftp representation should consist of 
all these necessary elements as the template below. 
55 
Chapter 6 Fuzzy Time Point Approach 
(deftemplate ftp "fuzzy time point data structure" 
(slot ftp-id) (slot ref-node (default none)) (slot ref-state (default none)) 
(slot t-min (default 0)) (slot t-max (default 0)) (slot dt (default 0)) 
(slot uO (default 0)) (slot ul (default 0)) (slot u2 (default 0)) 
(slot u3 (default 0)) (slot u4 (default 0)) (slot u5 (default 0)) 
(slot u6 (default 0)) (slot u7 (default 0)) (slot u8 (default 0 ) ) ) 
ftp-id is an unique ID of an ftp. ref-node and ref-state specifies the reference 
event, t-min and t-max are the limit values of the time-range. The time-range is divided 
into eight equal sub-ranges, with nine samples of possibility measures, dt indicates the 
time step between these sub-ranges. uO to u8 are the possibility measures corresponding 
to the nine samples. 
6.3.2 Fuzzy Time Point Satisfaction 
In fuzzy time point satisfaction, two timing constraints that must be satisfied simulta-
neously are combined and resolved into a more compact and concise constraint. With 
two ftps corresponding to two such constraints, the intersection of these two ftps inter-
vals of confidence is considered as the interval of confidence of the resulting ftp. The 
level of presumption, or the degree of membership, of that two ftps are compared at 
every time instance throughout the resulting interval of confidence. The minimum of the 
two membership values being compared is computed as the level of presumption of the 
corresponding time instance. 
Consider the case to determine the occurrence time of the event that the C P U AS 
pin becomes asserted. There are two timing constraints apply to this event. The event 
must occur at {tcHSi) as well as (tcLAV + tAVSh) after C P U clock state 1，as in Figure 
56 
Chapter 6 Fuzzy Time Point Approach 
6.10, where the occurrence time of clock state 1 is assumed to be at t = 0. Note that 
the single membership function of {tcLAV + tAVSh) is obtained through ftp propagation. 
The details of ftp propagation is to be discussed in the next section. At the moment, 
simply by taking the minimum values of the membership functions of the two ftps at 
every time instance within the interval of confidence, the resulting membership function 
derived from ftp satisfaction is obtained as in Figure 6.11. 
r V ‘ ‘ ~ V ‘ 
0.9 - / A Constraint 2： \ “ 
/ / \ tCLAV 十 tAVSL \ _ / 
o -I - / / \ Constraint 1 : tCHSL \ “ 
/ I • \ . .___ A _ 
〇〇 1 oo 200 300 400 500 GOO 
Xim© 
Figure 6.10: Conjunctive Fuzzy Time Point Constraints 
-I • • • 
t。.6_ / \ _ 
^ O 5 - / \ min(tCHSl_. tCLAV-HtAVSL) -
1 / \ ； 
oj- 」 300 400 500 ^ O 
" Time 
Figure 6.11: Result of Fuzzy Time Point Satisfaction 
57 
Chapter 6 Fuzzy Time Point Approach 
The rule t ime-6 which performs ftp satisfaction is shown in Figure 6.12. With the 
knowledge of the ftps corresponding to two conjunctive constraints, which have common 
reference event, the resulting ftp is derived as in the consequence part of the rule. Note 
that the rule t ime -6 has the pre-conditions that the two input ftps must be valid for 
the constraint satisfaction operation and have their common reference already derived. 
In other words, the two ftps must have their membership functions overlapped with 
each other. In this case, we can ensure that the situations, where a negative time step 
appears or the minimum of a time interval is greater than the maximum, will not occur. 
The CLIPS coding for t ime-6 is shown in Figure 6.13. It is basically the same as the 
corresponding rule used in the time range approach. The only difference due to the 
usage of the fuzzy time point model leads to the quantification of possibility measures, as 
computed by the function compute_Ui_Sat. compute_Ui_Sat is a C function embedded 
into the CLIPS expert system shell. It combines two ftps into a single ftp and returns the 
possibility measure corresponding to a specific value within the range of that accumulated 
ftp. Recall that an ftp is discretized into eight equal subranges. Including the end points 
of the range of an interval, there are nine sampling values for each ftp. Each of these 
sampling values is coupled with a possibility measure to reflect the complete membership 
function of the ftp. The function computes the possibility measure of the i-th sample 
within the resulting time-range, where the index i is the first argument of the function. 
Other necessary arguments to be passed into the function include the limit values and 
the associated membership functions of the two ftps. 
6.3.3 Fuzzy Time Point Propagation 
The case to check the MC68000 C P U databus setup time is adopted to examine the fuzzy 
time point propagation. The event sequence has been traced and derived in the previous 
58 
Chapter 6 Fuzzy Time Point Approach 
RULE: time-6 
IF the occurrence ftp of a goal due to one constraint is 
known AND the occurrence ftp of the same goal due to 
another constraint is also known AND these two occurrence 
ftp's have common reference event, 
THEN determine the occurrence ftp of that event by constraint 
satisfaction. 
Figure 6.12: The ftp Satisfaction Rule: time-6 
(defrule time-6 "<CONSTRAIHT SATISFACTIOH>" 
？ele <- (element ？kl objective active and-goal-time ？k2 ？k3 ？k4) 
(element ？cr objective solved find-conunon-ref ？k3 ？k4) 
(ftp (ftp-id ？k3) (ref-node ？n) (ref-state ？s) (t-min ？ftminl) (t-max ？ftmaxl) 
(dt ？dtl) (uO ？ulO) (ul ？ull) (u2 ？ul2) (u8 ？ul8)) 
(ftp (ftp-id ？k4) (ref-node ？n) (ref-state ？s〉 (t-min ？ftmin2) (t-max ？ftmax2) 
(dt ？dt2) (uO ？u20) (ul ？u21) (u2 ？u22) (u8 ？u28)) 
=> 
(assert (element ？id rule time-6)) 
(assert (element ？kl objective solved and-goal-time ？k2 ？k3 ？k4)) 
(if (< ？:ftminl ？ftmin2) then (bind ？new-ftmin ？ftmin2) else (bind ？new-ftmin ？ftminl)) 
(if (< ？ftmaxl ？ftmax2) then (bind ？new-ftmax ？ftmaxl) else (bind ？new-ftmax ？ftmax2)) 
(bind ？new-dt (/ (- ？new-ftmax ？new-ftmin) 8)) 
(assert (ftp (ftp-id ？k2) (ref-node ？n) (ref-state ？s) 
(t-min ？new-ftmin) (t_max ？new-ftmax) (dt ？new-dt) 
(uO =(compute_Ui_Sat 0 ？ftminl ？ftmaxl ？ulO ？ull ？ul2 ？ul8 
？ftmin2 ？ftmax2 ？u20 ？u21 ？u22 ？u28)) 
(ul =(compute_Ui_Sat 1 )) 
(u8 =(compute_Ui_Sat 8 ) ) ) ) 
(retract ？ele ？ e i d ) ) 
Figure 6.13: The CLIPS Coding of time-6 
59 
Chapter 6 Fuzzy Time Point Approach 
section as: 
1. The C P U address bus becomes valid at tcLAV after C P U clock state 1. 
2. The R A M address bus becomes valid when the C P U address bus becomes valid. 
3. The R A M data bus becomes valid at Iaa after the R A M address bus becomes valid. 
4. The C P U data bus becomes valid when the R A M data bus becomes valid. 
5. The C P U data bus is setup at IDICL after the C P U data bus becomes valid. 
Through this event sequence, the ftp associated with each of the intermediate events is 
propagated and accumulated. In the first event of the sequence, the C P U clock state is 
the reference event. The C P U address bus becomes valid at the ftp tcLAV with respect 
to clock state 1. Due to the property of connected nodes, the R A M address bus in 
the second event becomes valid at the same time as the C P U address bus. Thus, the 
R A M address bus becomes valid at tcLAV after clock state 1. In the third event, it is 
stated that the R A M data bus becomes valid at the ftp Iaa after the R A M address bus 
becomes valid. In order to reference the occurrence time of the event that the R A M 
data bus becoming valid with respect to a well defined clock event, the ftp tcLAV is 
propagated and accumulated with the ftp tAA- The R A M data bus becomes valid at the 
ftp {tcLAV + tAA) with respect to clock state 1. Again, due to the property of connected 
nodes, the C P U data bus becomes valid at {tcLAV + tAA) with respect to clock state 
1. For the fifth event, similar to the third event, the ftp {tcLAV + W ) is propagated 
and accumulated with toicL- The C P U data bus is setup at {tcLAV + UA + toiCL) 
with respect to clock state 1. The membership functions of the ftps involved in the ftp 
propagation are shown in Figure 6.14 and Figure 6.15. 
60 
Chapter 6 Fuzzy Time Point Approach 
m\\\ 
0 . 2 - / t C L A V \ t A A \ t C L A V + t A A \ " 
\ . \ . _ _ _ _ : 
Oq 20 40 60 80 too 120 140 1 60 1 80 
"Tim© 
Figure 6.14: Fuzzy Time Point Propagation of tCLAV and tAA 
0.9 - X / \ t C L A V + t X ^ + tD丨CL 一 
0 . 2 - / \ t C L A V + t A A t D I C L \ \ _ 
. _ _\ , \ -
Too ioo 3 0 0 4 0 0 5 0 0 eoo 700 
"Tim© 
Figure 6.15: Fuzzy Time Point Propagation of tCLAV, tAA and tDICL 
61 
Chapter 6 Fuzzy Time Point Approach 
After deriving the accumulated ftp, a crisp value corresponding to that fuzzy time 
value may be obtained through defuzzification. Defuzzification is performed simply by 
locating the centroid of the area under the resulting membership function. The crisp 
time value corresponding to this centroid is the crisp occurrence time of the concerned 
event. If there are more than one time instance with equal maximum possibility, the 
mean of all these equally-most-likely time instances is returned. 
time-5 in Figure 6.16 is the rule which performs ftp propagation. The corresponding 
CLIPS coding is in Figure 6.17. With the knowledge of two ftps ？sgl and ？sg2, the 
resulting ftp ？g is derived as in the consequence part of the rule. Similar to the function 
compute_Ui_Sat for constraint satisfaction, coiripute_Ui_Pro is also a C function embed-
ded into the CLIPS expert system shell. It computes the possibility measure of the i-th 
sample within the accumulated time-range, where the index i is the first argument of 
the function. Other necessary arguments to be passed into the function include the limit 
values and the associated membership functions of the two ftps. 
RULE: time-5 
IF the occurrence ftp of a triggering event w.r.t. to well 
defined reference is known AND the occurrence ftp of an 
event w.r.t. that triggering event is also known, 
THEN determine the occurrence ftp of that latter event w.r.t. 
the well defined reference by constraint propagation. 
Figure 6.16: The ftp Propagation Rule: time-5 
62 
Chapter 6 Fuzzy Time Point Approach 
(defrule time-5 "<CDIISTRAIHT PROPAGATION>" 
？ele <- (element ？kl objective active sum-goal-time ？g ？sgl ？sg2) 
(ftp (ftp-id ？sgl) (ref-node ？nPARAl) (ref-state ？sPARAl) 
(t-min ？ftminl) (t-max ？ftmaxl) (dt ？dtl) 
(uO ？ulO〉 (ul ？ull) (u2 ？ul2) (u8 ？ u l 8 ) ) 
(ftp (ftp-id ？sg2) (ref-node ？nPARA2) (ref-state ？sPARA2) 
(t-min ？ftinin2) (t-max ？ftmax2) (dt ？dt2) 
(uO ？u20) (ul ？u21) (u2 ？u22) (u8 ？ u 2 8 ) ) 
=> 
(assert (element ？id rule time-5)) 
(assert (element ？kl objective solved sum-goal-time ？g ？sgl ？sg2)) 
(bind ？new-tmin (+ ？ftminl ？ftmin2)) 
(bind ?ne^?-tmax (+ ？ftmaxl ？ftmax2)) 
(bind ？new-dt (/ (- ？new_tmax ？new-tmin) 8)) 
(assert (ftp (ftp-id ？g) (ref-node ？nPARAl) (ref-state ？sPARAl) 
(t-min ？new-tmin) (t-max ？new-tmax) (dt ？new-dt) 
(uO =(compute_Ui_Pro 0 
？ftminl ？ftmaxl ？ulO ？ull ？ul2 ？ul8 
？ftmin2 ？ftmax2 ？u20 ？u21 ？u22 ？u28)) 
(ul =(compute_Ui_Pro 1 )) 
(u8 =(compute_Ui_Pro 8 ) ) ) ) 
(retract ？ele ？ e i d ) ) 
Figure 6.17: The CLIPS Coding of time-5 
63 
Chapter 6 Fuzzy Time Point Approach 
6.4 Implementation Results 
The test cases to check the C P U databaus setup time and to determine the occurrence 
time of the AS assertion have been examined again. The diagnostic results obtained 
through fuzzy time point reasoning are consistent with the theoretical as well as the 
empirical results obtained previously in the worst-case timing analysis, with some as-
sumptions in fuzzy time point modeling. The enhancement in uncertainty handling leads 
to the quantification of possibility measures embedded within time ranges and provides 
more informative systems diagnosis. 
6.4.1 CPU Databus Setup Time 
After the query of checking the C P U databus setup time has been entered, the following 
response is returned: 
Query : (check-setup-time-of 108) 
Answer : The event occurs within 10 to 662 ns after 110 becomes 1. 
Time Instance : 10.000 91.500 173.00 254.50 336.00 417.50 499.00 580.50 662.00 
Possibility : 0.0000 0.4929 0.9798 1.0000 1.0000 1.0000 1.0000 1.0000 0.0000 
The number 108 in the query (check-setup-time-of 108) is the unique node ID 
assigned to the C P U databus. The response states that the C P U databus would finish 
setup at a time instant within the time range [10,662] ns after the C P U clock, with node 
ID 110, becomes clock state Si. The upper limit 662 is derived in terms of the assumption 
of K=500. 
The diagnostic result is consistent with the practical as well as the time range rea-
soning results. The expected worst-case time range is the accumulation of the timing 
parameters tCLAV, tAA and tDICL, which are the time ranges [undefined,62], [unde-
fined,100] and [10,undefined], respectively. Through ftp constraint propagation, with K 
assumed to be 500, the upper limit is derived as 662 for the worst-case time range. This 
64 
Chapter 6 Fuzzy Time Point Approach 
implicitly implies the possibility of wait states insertion, though the assumption that no 
wait states will be necessary has been made. 
6.4.2 Assertion of CPU AS Signal 
After the query to determine when the AS becomes asserted has been entered, the 
following response is returned: 
Query : (determine-when 101 asserted) 
Ansner : The event occurs within 65.5 to 185 ns after 110 becomes 1. 
Time Instance : 65.500 80.438 95.375 110.31 125.25 140.19 155.12 170.06 185.00 
Possibility : 0.0000 0.3792 0.4915 0.6039 0.7162 0.8285 0.9408 0.4780 0.0000 
Similarly, the number 101 in the query (determine-when 101 asserted) is the 
unique node ID assigned to the C P U ~AS pin. The response states that the AS pin 
would become asserted at a time instant within the time range [65.5,185] ns after the 
C P U clock 110 becomes clock state Si. 
The diagnostic result for this case is also consistent with the practical and the-time 
range reasoning results. The expected worst-case time range is the intersection of the 
time range for the timing parameter tCHSL and the accumulated time range for tCLAV 
and tAVSL. The time range for tCHSL is [3,60] ns with respect to the event that the 
C P U clock becomes S'2. The accumulated time range for tCLAV and tAVSL is [30,00] ns 
with respect to the C P U clock becomes Si. To find a common reference event for these 
two constraints, a clock state is accumulated to the time range for the former constraint, 
such that the event "the C P U clock becomes 5V，becomes the reference. Knowing that 
the length of a clock state, or half a clock cycle, is [62.5,125] ns, the accumulated time 
range for the former constraint becomes [65.5,185] ns. By constraint satisfaction of time 
ranges, the worst-case time range for this case becomes the intersection of [30,00] and 
65.5，185] ns, or [65.5,185] ns, with respect to "CPU clock becomes SV，. The possibility 
65 
Chapter 6 Fuzzy Time Point Approach 
measures associated with the resulting time range [65.5,185] is simply the M I N operation 
results of the time ranges [30,oo] and [65.5,185] ns. 
6.5 Fuzzy Time Point Model Parameters 
6.5.1 Variation of Semi-bounded ftps' Membership Function 
For the test cases discussed in the previous sections, the membership functions of the 
semi-bounded ftps are assumed to be the Pl-typed functions. It may also be possible, 
however, to use the S-typed functions for certain cases, especially in the cases when the 
confidence level of K is not high. In this section, we will look into how the choice of 
using Pl-typed or S-typed function for the semi-bounded ftps will affect the accumulated 
ftp. In Figure 6.14, you may see the membership function of the accumulated ftps with 
the use of the Pl-typed and S-typed functions, respectively. PI-PI-PI corresponds to 
the accumulated ftp using the Pl-typed function for all the three types of ftp: ftp with 
undefined lower limit, ftp with both limits defined, and ftp with undefined upper limit. 
Similarly, PI-PI-S use the S-typed function for ftp with undefined upper limit and Pl-
typed function for the remaining types. 
It is obvious that the PI-PI-S case has a tendency to shift the ftp value to the right. 
The crisp value for the resulting time point derived from defuzzification will shift to the 
right in the PI-PI-S case. The resulting event will occur with respect to the reference 
at some time instance later than that in the PI-PI-PI case. This is simply due to the 
increased possibility measures of the time instances approach to the upper limit. 
66 
Chapter 6 Fuzzy Time Point Approach 
1 1 1_ 1 1 nr r~1 
0.9 - / Ri_Ri_Ri \ \ Ri-Ri-S -
I Z 1 1 
OQ 1 OO 200 300 400 500 600 700 
"Tim© 
Figure 6.18: Variation of Membership Function for Semi-bounded ftp 
6.5.2 Variation of jiftp 
The simple trapezoidal function is adopted as the ftp membership function. The purpose 
of this choice is to reduce the biasing due to various unpredictable and complicated 
factors, such as humidity and temperature. Basically, the trapezoidal function can be 
divided into three parts: left, central and right. The left part is a straight line with 
positive slope climbing up from /i = 0 to ^  = 1. The central part is simply a horizontal 
line with p 二 1. The right part is a straight line with negative slope climbing down from 
"二 1 to // 二 0. As the interval of confidence of an ftp is constant, the width of the 
central part directly affects the degree of tolerance in biasing. 
In Figure 6.19, we will see the accumulated ftps derived from using various trape-
zoidal membership functions. Assume that every ftps interval is divided into eight equal 
portions. The label of x-y-x indicates the ratio of the widths of the left, central and right 
parts of a trapezoidal function. It is noted that when the ratio 0-8-0 is used, i.e. all 
the instances within the interval have equal possibility of 1, the fuzzy time point repre-
sentation is reverted to the original crisp time range representation. It is also obvious 
67 
Chapter 6 Fuzzy Time Point Approach 
OQ 1 OO 200 300 400 500 GOO 700 
"Tim© 
Figure 6.19: Variation of Membership Function in PI-PI-PI Cases 
300 400 500 600 ^ O 
Time 
Figure 6.20: Variation of Membership Function in PI-PI-S Cases 
68 
Chapter 6 Fuzzy Time Point Approach 
that the wider the central part, the greater the number of time instances with maximum 
possibility measures. In other words, the increased width of the central part increases 
the degree of biasing tolerance. 
Figure 6.20 provides the accumulated ftps derived from using various trapezoidal 
membership functions, where the semi-unbounded ftp uses the S-typed membership func-
tion instead of the Pl-typed. This figure gives the same information as in Figure 6.19, 
except it also implies that the defuzzified crisp time value of each ftp is shifted to the 
right. 
6.5.3 Variation of K 
The maximum possible practical value K for the upper limit of a semi-bounded ftp can 
be varied according to the degree of precision desired. The effect of the variation of K in 
PI-PI-PI as well as PI-PI-S cases have been studied. As in Figures 6.21 and 6.22, it is 
shown that the change in K affects the width of the interval of confidence of the resulting 
ftp. The larger the value of K , the wider the resulting interval of confidence. There is not 
any clear guideline for choosing the appropriate K. The choice depends on the system 
engineer's experience and knowledge of the system components. With a large K, certain 
degree of precision is lost but the degree of tolerance in biasing factors is increased. 
6.6 Conclusion 
The fuzzy time point reasoning approach which enhances the deductive capability of 
time-range based temporal reasoning for microprocessor systems has been discussed. The 
approach is simple and efficient in terms of computational load. It has been implemented 
and embedded into a diagnostic system for handling the time imprecision associated with 
69 
Chapter 6 Fuzzy Time Point Approach 
I Z B 
•O 1 oo 200 300 400 500 600 700 800 900 
Time 
Figure 6.21: Variation of K in PI-PI-PI Cases 
C M 
^ ^ Soo 400 500 600 700 800 900 
u "Tim© 
Figure 6.22: Variation of K in PI-PI-S Cases 
70 
Chapter 6 Fuzzy Time Point Approach 
asynchronism in digital systems. Although adequate component data are not available 
for the construction of accurate uncertainty models, the fuzzy time point representation 
reduces the biases due to the dependencies on the various complicated and unpredictable 
external factors which would alter the exact event occurrence times. The implementation 
of fuzzy time point reasoning has shown promising results. These temporal reasoning 
techniques would also be appropriate for various other domains, such as discrete event 
system design and project planning. 
To further enhance the precision of the possibility measures, we may extend the 
fuzzy time point approach to the hybrid time point approach. The fuzzy time point 
representation as discussed in this chapter will be replaced by hybrid numbers. A hybrid 
number is an integrated value of possibility and probability measures. Although there 
exists the inadequacy of component data for the construction of accurate uncertainty 
model, probability models for certain component parameters, such as C P U clocks, which 
has no dependency on other parameters may be constructed. (Other parameters with 
dependency may also be considered if the system designs are for specific applications 
under controlled environments.) These probability measures, after being normalized, 




Constraint Compatibility Reasoning 
In the previous sections, the approaches of time range reasoning and fuzzy time point 
reasoning have been discussed in details. In these approaches, the temporal constraint 
reasoning is based on two primitive mechanisms, the constraint satisfaction and the 
constraint propagation techniques. Through the reasoning process, a microprocessor 
system event sequence is traced out. This sequence is used as a means to perform timing 
analysis and determine the occurrence time of a microprocessor system event with respect 
to a reference event. The reference event is always a previously occurred event, which 
may be a well defined C P U clock signal or any other signal that can be transitively 
referred to a clock signal through the relationships of timing parameters. In this case, 
the two primitive mechanisms would be sufficient to perform effective temporal constraint 
reasoning. 
In the domain of microprocessor systems, however, this is not always the case. In 
some situations, a timing parameter of a component imposes a temporal constraint on 
an event with respect to a future event, such as an upcoming clock signal. However, 
this reference event has not occurred yet. Its exact occurrence time is still undefined at 
72 
Chapter 1 Constraint Compatibility Reasoning 
that instance. How can a time range or a fuzzy time point make reference to it? For 
instance, in the read cycle of the MC68000 microprocessor, the DTACK signal must be 
asserted at least Iasi before the falling edge of the C P U clock state S^. One may argue 
that the DTACK signal may be used as the reference of S^ in order to maintain the 
same temporal relationship between the two events. Recall that the C P U clock is a well 
defined periodical signal, however, simply swapping the roles of the two events does not 
solve the problem. The parameter with respect to a reference event does not directly 
affect the occurrence time of a clock signal. If the constraint is not satisfied, another 
event or a sequence of events might be initiated to satisfy the constraint. Otherwise, the 
operation fails. In this case, wait states are inserted. The event “DTACK asserted" is 
referenced to an abstract time value tAsi. Unlike other timing parameters, which restrict 
the occurrence time of an event with respect to an occurred event that can be transitively 
referred to a well defined signal, t^si restricts the occurrence time of a future event that 
is a well defined reference signal. Hence, a technique to ensure this kind of temporal 
constraint compatibility is desired to be established. 
7.1 Abstract Timing Parameters 
In the previous sections, many timing parameters which are obtained from the component 
specification have been used for discussion. At that stage, all these parameters are 
considered as regular timing parameters. A regular timing parameter tpara imposes a 
temporal constraint on two events Ei and 丑2, where E2 occurs after the reference event 
El. The occurrence time of E2 can be determined by accumulating the regular timing 
parameter into the occurrence time of 丑1. In other words, the occurrence time of a 
target event depends directly on the regular timing parameter and the reference event 
73 
Chapter 1 Constraint Compatibility Reasoning 
occurrence time. If Freg{Eref,tcon) is the function to determine the occurrence time of 
an event with temporal constraint of icon with respect to the reference event Eref, then 
the occurrence time of E2 is Freg(^ Ei,tpara). 
There is one characteristic of the target events for the regular timing parameters. 
The reference event can be of any type of signal, but the target event must not be a 
well defined clock signal. If the target event is a clock signal, the parameter is called an 
abstract timing parameter. The clock signal itself already has a temporal constraint of 
periodicity. A n abstract timing parameter tabs which imposes a temporal constraint on 
the clock signal with respect to a reference Ei only applies a secondary constraint on the 
clock signal. It does not directly affect the occurrence time of the clock signal. It only 
tightens the temporal constraint of periodicity on the clock signal. Thus, the occurrence 
time of a target clock signal can be derived from a function of special factor F—lg), 
where the special factor g is derived from Freg{Ei,tabs)-
For the test case to determine the C P U databus setup time, the parameter toiCL was 
assumed to be a regular timing parameter in the previous sections. However, it is in fact 
an abstract timing parameter. It imposes the constraint that the clock state Sq must be 
at least toiCL after the C P U databus becomes valid in order to ensure the data in the 
databus is stable for a successful read operation. 
There are two possible situations in the case that an abstract timing parameter is 
violated. The system either generates a sequence of event in order to resolve the violation, 
or the operation fails. As mentioned before, in the case of a MC68000 read cycle, if the 
tAsi constraint is not satisfied, the microprocessor will generate a sequence of wait states 
between Sa and in order to resolve the violation. On the other hand, if the toicL 
constraint is not satisfied, the read operation is failed. No special sequence of events 
will be generated to resolve the violation of toicL- In this chapter, we will focus on the 
74 
Chapter 1 Constraint Compatibility Reasoning 
determination of abstract timing compactability and the accumulation the ftp models of 
wait states. In general, unlike regular timing parameters, an abstract timing parameter 
cannot be used to determine the occurrence time of an event. Its purpose is to verify the 
success of a system operation. In some situations, it is used as a threshold for triggering 
special events to resolve constraint violation, if any. 
f 
7.2 MC68000 Read Cycle: Wait States Insertion 
One of the very common situations which encounters abstract timing parameter violation 
and initiates the generation of event sequence to resolve constraint violation, as mentioned 
before, is the insertion of wait states in a MC68000 read cycle. Assume that DTACK is 
asserted at the time instance h and the falling edge of C P U clock state S^ is at t。. The 
MC68000 specification has imposed the constraint that 力2 must be at least Iasi after h. 
If {t2-ti) < tASh then wait states will be inserted between clock state S4 and S^ in order 
to satisfy the abstract Iasi constraint. The factor which directly affects the occurrence 
time of is the number of wait states inserted. The number of wait states depends on 
the abstract timing parameter tAsi. Thus, the occurrence time of can be derived as 
Fabs{Freg{Ei,tAsi))- Figuic 7.1 shows a simplified timing diagram of the MC68000 read 
cycle with wait states insertion. 
7.3 Constraint Compatibility of Fuzzy Time Point 
Consider the abstract time is a crisp threshold value on the time line. If the occurrence 
time of an event is less than that threshold, then no wait state is needed. If the occurrence 
time of the event is beyond the threshold, however, then wait states insertion is necessary. 
75 
Chapter 1 Constraint Compatibility Reasoning 
I* One bus cycle with 4 wait states — ^ 
CLK SO SI S2 S3 S4 W W W W y S5 S6 S7 SO 
AS* \ / 
UDS* \ / 
LDS* \ / 
i \ : 
R/W* \ 
0 \ 
DTACK* \ / 
from memory A / 
D。_15 、—— 
Figure 7.1: MC68000 Read Cycle with Wait States Insertion 
The number of necessary wait states depends on how far the occurrence time of the 
triggering event is beyond the threshold. The further the occurrence time of the event 
is beyond the threshold, the greater the number of wait states is needed in order to 
maintain the constraint compatibility with an abstract timing parameter. 
As component specification states temporal constraints in terms of minimum and 
maximum values, uncertainties embedded within time ranges and it is impossible to 
determine the exact occurrence time of an event. This makes the determination of the 
number of necessary wait states, or simply the necessity of wait states, becomes difficult. 
With the fuzzy time point model, in order to handle constraint compatibility, not only we 
may need to consider the quantification of the possibility measures for an event occurrence 
time, but also that for the possible numbers of wait states. As in Figure 7.2, there are 
three possible cases in constraint compatibility checking: the threshold is beyond the ftp; 76 
Chapter 1 Constraint Compatibility Reasoning 
the ftp is completely beyond the ftp; the threshold lies within the ftp. 
Before looking into the details of constraint compatibility with the fuzzy time point 
model, let's define some properties and assumptions. 
• The abstract time is converted into a threshold value on the time line. 
• The threshold is assumed to be a crisp time value. 
• The occurrence time of the event for constraint compatibility checking is an ftp. 
• The wait state to be inserted is also an ftp. 
Threshold 
Figure 7.2: Three Possible Cases in Constraint Compatibility 
7.3.1 Crisp Threshold Value 
As the abstract timing parameters in the component specifications are also specified by 
minimum and maximum values, abstract timing parameters should also be modeled as 
fuzzy time points. For the constraint compactability checking, however, the comparison 
77 
Chapter 1 Constraint Compatibility Reasoning 
between two ftp's is very complicated. Moreover, the comparison result may cover a wide 
range of possibilities, which may lead to information that is vague and non-informative. 
Hence, a crisp threshold value referring to an abstract timing parameter is desired. 
A possible way to derive a crisp threshold is to defuzzify the fuzzy time point model 
of the corresponding abstract timing parameter. Unfortunately, due to the high degree 
of fuzziness of the ftp models in the domain of microprocessor systems and the possible 
wide ranges of component timing parameters, the defuzzified value will possibly be biased. 
Thus, defuzzification is inappropriate for this domain. For simplicity and tolerance, the 
worst-case value of an abstract timing parameter will be chosen as the threshold. 
7.3.2 Possibility Quantification for the Number of Wait States 
After the threshold value is derived, the next step is to determine the number of wait 
states needed. The number of wait states depends on the occurrence time of the triggering 
event with respect to the threshold. Consider the case that an ftp is completely beyond 
the threshold. The range of the ftp is divided into sub-ranges with the width equals to 
the duration of a clock state. As in Figure 7.3, each time unit represents the duration 
of a clock state. Each sub-range corresponds to a specific number of necessary wait 
states. Some sub-ranges may give the same value, the others give different values. The 
possibility measure of the number of wait states depends on the relative significance of 
the sub-ranges which give that number with respect to the complete range of the ftp. 
Two methods are proposed to evaluate the possibility of the number of wait states in 
terms of the relative significance of sub-ranges. One is to quantify the possibility measure 
in terms of the area of the sub-ranges corresponding to a specific number, the other is in 
terms of the total width of the corresponding sub-ranges. 
78 
Chapter 1 Constraint Compatibility Reasoning 
Threshold 
——I 1 1 1~丨\ \ ""“I 1 
0 ‘ 1 2 3 4 5 6 7 8 
Figure 7.3: Division of a Fuzzy Time Point 
Possibility Quantification by Area Approach 
The possibility measure of a specific number of wait states can be determined in terms 
of the area of the sub-ranges corresponding to that number. Assume the total area of 
the membership function of an ftp is x. If the area of the sub-ranges corresponding to 
a specific number of wait states is y. The possibility of that number of wait states is 
{y/x). This method is more appropriate in the case when there is a large number of ftp 
accumulation or lots of semi-bounded ftp involved. 
Possibility Quantification by Width Approach 
Another method to determine the possibility measure of a specific number of wait states 
is in terms of the total width of the sub-ranges corresponding to that number. Let x be 
the total width of an ftp. If the total width of the sub-ranges corresponding to a specific 
number is y, the possibility of that number of wait states is (y/x). Since the wait state 
has a relatively small width and a symmetric trapezoidal membership function for its ftp 
model, the quantification of the possibility measure of the number of wait states has no 
much difference with either method. For simplicity, our implementation is based on this 
latter method. 
79 
Chapter 1 Constraint Compatibility Reasoning 
W h e n we consider the possibility of the number of wait states, we evaluate the signifi-
cance of the corresponding sub-ranges. Assume that the ftp in Figure 7.3 has the range of 
3.5,6.5], where each time unit equals the duration of a wait state Ujs. If the occurrence 
time t of the event lies within the sub-range [3.5,4], then two wait cycles will be needed 
to be inserted in order to move the threshold beyond the sub-range [3.5,4]. Similarly, if 
t lies in [4，6] or [6,6.5], then three or four wait cycles will be needed, respectively. Hence 
the possibility measures are (0.5/3), (2/3) and (0.5/3) for the number of wait cycles to be 
2, 3 and 4, respectively. These possibility measures are obtained by dividing the width 
of the corresponding sub-range by the total width of the ftp. 
7.3.3 Threshold Beyond Fuzzy Time Point 
For the simplest case, the threshold is beyond the ftp. The maximum possible value of 
the ftp does not exceed the threshold. The temporal constraint is satisfied. No wait state 
is necessary. The abstract timing parameter is completely compatible. 
7.3.4 Fuzzy Time Point Beyond Threshold 
For the second case, the ftp is completely beyond the threshold values, as in Figure 7.4. 
The ftp is within a range of [^ 2,力3] from h. Thus, the minimum and maximum necessary 
numbers of wait states are 
{h - + tws) div t^s] (7.1) 
and 
\ts - + tws) div t^ s] (7.2) 
respectively. Note that in MC680x0 family, wait states are inserted in couples. Thus, if 
the number of necessary wait states is an odd number, we will round it up to an even 
80 
Chapter 1 Constraint Compatibility Reasoning 
number. Assume that tj = 0, = 3 * t肌 and 二 6.5 * Uus. Then the minimum 
and maximum numbers of wait states are 4 and 7, respectively. Since wait states are 
inserted in couples, the minimum and maximum numbers become 4 and 8. Specifically, 
the possible numbers of necessary wait states are 4，6, and 8. 
Threshold 
^ I , , / • I 乂 . 
tl=0 t2=3*tws t3=6.5*tws 
Figure 7.4: Fuzzy Time Point Beyond Threshold 
The possibility measure corresponding to each of these possible numbers can be de-
termined in terms of the duration of a wait state Us and the range [^ 2,^ 3]- In the above 
case, the width of the range [力2, h] is 
ts — t2 二 (6.5 — 3) * tujs 
— 3 . 5 氺 t^s 
It is obvious that if we divide the range into 3.5 portions of width equals to t剩 each 
portion will give a possible number of wait state. Four wait states will be needed for 
the event occurrence time t lies within the sub-range [3 * 力奶,4 * t j , which takes a 
single portion. Six wait states will be needed for the sub-range [4 “似，6 * t肌]，which 
is another two portions. Finally, eight wait states will be needed for the sub-range 
6 * t肌,6.5 * t^s], the remaining half portion. Hence, it can be derived straightly from 
the number of portions corresponding to each possible number of wait states that the 
81 
Chapter 1 Constraint Compatibility Reasoning 
possibility measures corresponding to 4, 6 and 8 wait states are (1/3.5), (2/3.5) and 
(0.5/3.5), respectively. 
7.3-5 Threshold Within Fuzzy Time Point 
For the case that the threshold is enclosed within the ftp, as in Figure 7.5, the possibility 
quantification for the number of wait states is performed in the same way as in the 
previous case. Let = 0,力2 = 3 * t肌 and h = 6.5 * t書 Then the total width of the ftp 
is 
——ti = 6.5 * tws 
If the occurrence time t of the event is before the threshold or within [^ 1,^ 2], then no 
wait state is needed. Otherwise, if t is within [^ 2,^ 3], wait states will be inserted. Similar 
to the case where the ftp is beyond the threshold, the sub-ranges [“，力2 + 2 * Us] and 
力3] corresponds to 1 and 2 wait cycles, respectively, in this case. The possibility 
measures corresponding to 1 and 2 wait cycles are (2/6.5) and (1.5/6.5)，respectively. 
I Threshold 
/ - , I 丨 I I \ I — — 
tl=0 t2=3*tws t3=6.5*tws 
Figure 7.5: Threshold Within Fuzzy Time Point 
82 
Chapter 7 Constraint Compatibility Reasoning 
7.4 Determine When CPU Clock State is S5 
To examine the constraint compatibility technique, we will look into the determination of 
the occurrence time of the clock state Ss- W e are interested in S^ because its occurrence 
time is directly affected by wait states insertion, and it affects the occurrence time of 
Se- Recall that the success of a MC68000 read cycle depends on the abstract timing 
parameter Idicl, which makes reference to the clock state Se- The occurrence time of 
is significant in the read cycle. 
According to Figure 4.2, a top level query will be broken down into subgoals in the 
subsequent levels throughout the reasoning process. To determine the occurrence time 
of 6^ 5, we will look into the issue of wait states insertion in the MC68000 read cycle. In 
the read cycle, the time when the DTACK is asserted is compared to the abstract time 
tASi- If the compatibility constraint is not satisfied, then wait states will be inserted. 
Thus, our immediate concerns become 
1. Determine when DTACK asserted 
2. Determine the value of the abstract time Iasi 
3. Determine the number of wait states needed to be inserted 
The top level query for this case can be broken down into subgoals as in Figure 7.6. 
Note that the occurrence time of the DTACK assertion and the value of the abstract 
time tASi are time values relative to different reference events. To determine the number 
of wait states needed to be inserted, a common reference has to be determined first. 
The issue of the determination of common reference event has been discussed earlier in 
a previous section. 
- 83 
Chapter 7 Constraint Compatibility Reasoning 
Determine the occurrence 
time of clock state S5 
Determine when DTACK* Check compatability of Determine the occurrence time 
asserted DTACK* assertion with of S5 after compactability 
abstract time t—ASI checking 
Determine the value of t_ASI Insert appropriate number of 
wrt the same reference of wait states if necessary 
DTACK* assertion 
Figure 7.6: Determine W h e n C P U Clock State is S5 
7.5 System Implementation 
The constraint compatibility checking mechanism has been implemented and integrated 
into the existing diagnostic system with the fuzzy time point model. The test case to 
determine the occurrence time of the clock state S5 is used to illustrate the enhancement 
in effective temporal constraint reasoning in the domain of microprocessor systems. In 
the following parts of this section, the underlying rules in the knowledge base and the 
test case result are discussed in details. 
7.5.1 Expert's Heuristic Rule 
For the case to determine the occurrence time of the clock state S5, the top level query is 
broken down into subgoals to determine the occurrence time when DTACK is asserted 
and whether the constraint compatibility property is satisfied. If the compatibility prop-
erty is not satisfied, wait states will be inserted. 
- 84 
Chapter 1 Constraint Compatibility Reasoning 
RULE: mc68000-9 
IF the goal is to determine the occurrence time of clock 
state S5, 
THEN determine when the DTACK is asserted AND check the 
compatibility property with the abstract time tASi-
Figure 7.7: An Example Expert's Heuristic Rule: mc68000-9 
The rule mc68000-9 in Figure 7.7 breaks the top level query down into two subgoals: 
(1) "Determine when DTACK is asserted" and (2) "Check the compatibility of subgoal 
with the abstract timing parameter Iasi'. The first subgoal is simply accumulating the 
signal delaying time due to the DTACK generator to the occurrence time of the AS 
assertion. The problem to determine the occurrence time of the AS assertion is just one 
of the test cases discussed in the previous sections, and the accumulation of the delay can 
be achieved simply by constraint propagation. After subgoal (1) is solved, its occurrence 
time is compared to the abstract time Iasi to check if wait states are necessary. If so, 
then the necessary wait states will be accumulated to determine the occurrence time for 
5^ 5. The CLIPS coding is shown in Figure 7.8. 
7.5.2 Constraint Compatibility 
The rules time-8 and tiine-9 are implemented to verify constraint compatibility. If an 
event is completely compatible to an abstract timing parameter, then no wait state will 
be inserted and the rule time-8 will return the default occurrence time of S^. On the 
other hand, if an event is incompatible to an abstract timing parameter, then wait states 
insertion is needed and the rule time-9 will accumulate the necessary wait states into 
85 
Chapter 1 Constraint Compatibility Reasoning 
(defrule mc68000-9 
(node ？nid cpu ？n elk) 
(element ？kl objective active determine-when ？nid 5) 
(not (solved-goal ？kl $?sgs)) 
(node ？dtid cpu ？n dtack-) 
=> 
(assert (element ？id rule mc68000-9>) 
(assert (element =(+ 1 ？id) objective active determine-when ？dtid asserted)) 
(assert (element =(+ 2 ？id) objective active check-compatibility-of =(+ 1 ？id) tASI)) 
(assert (element =(+ 3 ？id) objective active find-eq-goal-time ？kl =(+ 2 ？id))) 
(assert (solved-goal ？kl =(+ 1 ？id) =(+ 2 ？id)))) 
Figure 7.8: The CLIPS Coding of mc68000-9 
the event's occurrence time by constraint propagation. The rules time-8 and time-9 
and the corresponding CLIPS coding are shown in Figures 7.9 to 7.12. 
Since an abstract timing parameter makes reference to an upcoming clock state, 
to convert the reference event into an already occured clock signal, time-8 chooses the 
clock state immediately preceeds that upcoming clock state as the reference in the default 
returned ftp. 
RULE: time-8 
IF the occurrence time of the concerned event is known AND 
it is compatible with the corresponding abstract timing 
parameter, 
THEN the compatibility property is satisfied and the default 
occurrence time of clock state S5 is returned. 
Figure 7.9: The Constraint Compatibility Rule: time-8 
In fact, t i m e - 9 does not directly accumulate the wait states by itself. It initiates wait 
states insertion simply by calling the function get-number-of-wc, which determines the 
possible numbers of necessary wait states and asserts the flags to invoke the accumulation 
86 
Chapter 1 Constraint Compatibility Reasoning 
(defrule time-8 
？el <- (element ？kl objective active check-compatibility-of ？gl ？tPARA) 
？e2 <- (element ？gl objective solved $?OBJS) 
(node ？clkid cpu ？n elk) 
(element ？k2 value ？tmin ？tmax ？tPARA ？clkid ？clk-s) 
(element ？k3 value ？csmin ？csmax tHalfCYC ？clkid 0) 
(goal-time ？gl ？tmin-gl ？tmax-gl ？n-gl ？s-gl) 
(ftp (ftp-id ？gl) (ref-node ？clkid) (ref-state ？ref-s) (t-min ？ftminl) (t-max ？ftmaxl) 
(dt ？dtl) (uO ？ulO) (ul ？ull) (u2 ？ul2) (u8 ？ul8)) 
= > 
(bind ？threshold-max (+ (• (- ？clk-s ？ref-s) ？csmax) ？tmax)) 
(if (<= ？ftmaxl ？threshold-max) then 
(assert (element ？id rule time-8)) 
(assert (element ？kl objective solved check-compatibility-of ？gl ？tPARA)) 
(assert (element =(+ 1 ？id) constraint-compatible ？gl ？tPARA)) 
；；；Constraint compatibility satisfied 
(assert (goal-time ？kl ？csmin ？csmax ？clkid =(- ？clk-s 1))) 
(assert (ftp (ftp-id ？kl) (ref-node ？clkid) (ref-state (- ？clk-s 1)) 
(t-min ？csmin) (t-max ？csmax) (dt (/ (- ？csmax ？csmin) 8)) 
(uO 0) (ul 0.5) (u2 1) (u3 1) (u4 1) (u5 1) (u6 1) (u7 0.5) (u8 0 ) ) ) 
(retract ？el ？ e i d ) ) ) 
Figure 7.10: The CLIPS Coding of time-8 
of wait states. 
The function get-number-of-wc in Figure 7.13 determines the possible numbers of 
necessary wait states for the ftp with limits ？ftminl and ？ftmaxl. For each possible 
number of wait states, including the case when no wait state is needed, the possibility 
measure of that number is evaluated. For the purpose of diagnosis and computer aided 
design, rather than only accumulating the maximum possible number of wait states, the 
function display all the possible numbers with the corresponding possibilites to the user. 
The user may interactively select any possible number of wait states for the insertion. 
7.5.3 Wait States Insertion 
After the user has selected the number of wait states to be inserted, the rule accum-ws-la 
in Figure 7.14 simply performs constraint propagation to accumulate a wait state into 
an ftp. This rule is activated by the accumulate-ws flag. The ftp model for a wait state 
87 
Chapter 1 Constraint Compatibility Reasoning 
RULE: time-9 
IF the occurrence time of the concerned event is known AND 
it is incompatible with the corresponding abstract timing 
parameter, 
THEN the compatibility property is not satisfied and the wait 
states insertion is initiated. 
Figure 7.11: The Constraint Compatibility Rule: time-9 
(defrule time-9 
？el <_ (element ？kl objective active check-compatibility-of ？gl ？tPARA) 
？e2 <- (element ？gl objective solved $?OBJS) 
(node ？clkid cpu ？n elk) 
(element ？ v a l u e ？tmin ？tmax ？tPARA ？clkid ？cllc_s) 
(element ？k3 value ？csmin ？csmax tHalfCYC ？clkid 0) 
(goal-time ？gl ？tmin-gl ？tmax-gl ？n-gl ？s-gl) 
？ftpl <_ (ftp (ftp-id ？gl) (ref-node ？clkid) (ref-state ？ref-s) (t-min ？ftminl) (t-max ？ftmax1) 
(dt ？dtl) (uO ？ulO) (ul ？ull) (u2 ？1112) (u8 ？ u l 8 ) ) 
=> 
(bind ？threshold-max (+ (* (_ ？clk-s ？ref-s) ？csmax) ？tmax)) 
(if (> ？ftmaxl ？threshold-max) then 
(assert (element ？id rule time-9)) 
(assert (element ？kl objective solved check-compatibility-of ？gl ？tPARA)) 
(assert (element =(+ 1 ？id) constraint-incompatible ？gl ？tPARA)) 
(retract ？el) 
；；；Create a reference ftp of width = 1 
(assert (goal-time ？kl ？csmin ？csmax ？clkid =(- ？clk-s 1))) 
(assert (ftp (ftp-id ？kl) (ref-node ？clkid) (ref-state (- ？clk-s D ) 
(t-min ？csmin) (t-max ？csmax) (dt (/ (_ ？csmax ？csmin) 8)) 
(uO 0) (ul 0.5) (u2 1) (u3 1) (u4 1) (u5 1) (u6 1) (u7 0.5) (u8 0 ) ) ) 
(bind ？Range (- ？ftmaxl ？ftminl)) 
(get-number-of-HC ？ftminl ？ftmaxl ？threshold-max ？Range ？csmax ？ k l ) ) ) 
Figure 7.12: The CLIPS Coding of time-9 
- 88 
Chapter 1 Constraint Compatibility Reasoning 
(deffunction get-number-of-wc 
(?tl ？t2 ？T ？Range ？clk-s ？kl) 
(bind ？Hc-idx 0) 
(while « ？T ？tl) do 
(bind ？T (+ ？T (• ？clk-s 2))) 
(bind ？wc-idx (+ ？wc-idx 1))) ；end while loop 
(if (< (- ？t2 ？tl) (• ？clk-s 2)) then 
(printout t "Absolutely “ ？wc-idx “ wait cycle(s) needed" crlf) 
(assert (accumulate-ws (• 2 ？wc-idx) 1 ？kl)) 
else 
(bind ？tt ？tl) 
(bind ？factor (/ (- ？T ？tt) ？Range)) 
(while (<= ？T ？t2) do 
(printout t ？wc-idx “ wait cycle(s) needed with possibility “ ？factor crlf) 
(assert (tmp-accumulate-wc ？wc-idx ？factor ？kl)) 
(bind ？tt ？T) 
(bind ？T (+ ？T (* ？clk-s 2))) 
(bind ？factor (/ (- ？T ？tt) ？Range)) 
(bind ？wc-idx (+ ？wc-idx 1)) )；end while 
(if (> ？T ？t2) then 
(bind ？factor (/ (- ？t2 ？tt) ？Range)) 
(printout t ？wc-idx “ wait cycle(s) needed with possibility “ ？factor crlf) 
(assert (tmp-accumulate-wc ？wc-idx ？factor ？kl)) )；endif 
(printout t "Please enter the number of wait cycle(s) to be inserted: •_) 
(bind ？wc (read t)) 
(assert (keep-accu-wc ？kl ？wc)) 
)；endif 
) 
Figure 7.13: The CLIPS Coding of get-number-of-wc 
89 
Chapter 1 Constraint Compatibility Reasoning 
is actually the same as that for a regular clock state. From the CLIPS coding in Figure 
7.15, it is obvious that the corresponding membership function may be scaled by a factor 
？factorl. 
RULE: cpu-1 
IF the flag to insert wait states is on, 
THEN accumulate a wait state into the ftp of the corresponding 
event AND update the status of the flag. 
Figure 7.14: The Wait States Insertion Rule: accum-ws-la 
(defrule accum-ws-la "“ 
？rml <- (accumulate-Hs ？ws&:(> ？hs 0) ？factor ？kl) 
？rm2 <- (goal-time ？kl $?ts ？n ？s) 
(ftp (ftp-id tHalfCYC) (t-min ？fHCYCmin) (t-max ？fHCYCmax) (uO ？uHCO) (ul ？uHCl) (u8 ？uHC8)) 
？ftpl <- (ftp (ftp-id ？kl) (ref-node ？n) (ref-state ？s) (t-min ？ftmin2) (t-max ？ftmax2) 
(dt ？dt2) (uO ？u20) (ul ？u21) (u2 ？u22) (u8 ？u28)) 
=> 
(assert (element ？id rule accum-ws-la)) 
(bind ？XXX ( + ？ftmin2 ？fHCYCmin)) (bind ？yyy (+ ？ftmax2 ？fHCYCmax)) 
(assert (goal-time ？kl ？xxx ？yyy ？n ？s)) 
(assert (ftp (ftp-id ？kl) (ref-node ？n) (ref-state ？s) 
(t-min ？XXX) (t-max ？yyy) (dt (/ (- (+ ？ftmax2 ？fHCYCmax) (+ ？ftmin2 ？fHCYCmin)) 8)) 
(uO =(compute_Ui_Pro 0 ？fHCYCmin ？fHCYCmax ？uHCO ？uHCl ？uHC8 
？ftmin2 ？ftinax2 ？u20 ？u21 ？u28)) 
(u8 =(compute_Ui_Pro 8 ) ) ) ) 
(if (>= ？ws 2) then (assert (ac cumulate-ws =(- ？ws 1) ？fact or ？kl)) );endif 
(retract ？eid ？rml ？rm2 ？ftpl)) 
Figure 7.15: The CLIPS Coding of accum-ws-la 
90 
Chapter 1 Constraint Compatibility Reasoning 
7.6 Implementation Results 
The case to determine the occurrence time of clock state S5 is adopted to show the 
mechanism of constraint compatibility checking. Note that the necessity of wait states 
insertion depends on the time when DTACK is asserted. At the same time, the occur-
rence time of the DTACK assertion solely depends on the delay iuTACKdeiay due to the 
DTACK generator. Hence, the value of tor AC K delay may be varied in order to verify the 
constraint compatibility mechanism. 
The occurrence time of the DTACK assertion can be determined by accumulating 
t DTACK delay into the occurrence time when A ? is asserted. The event of AS assertion 
has been discussed in the previous sections. Its occurrence time is already known to be 
65.5，185]ns after the clock state Si. The threshold value, derived from the abstract 
timing parameter tAsi, is known to be 440ns after Let toTACKdeiay be [100, x\ns with 
respect to the 'AS assertion, where x is the upper bound of tDTACKdelay This assignment 
of t DTACK delay has the lowei bound before the threshold and thus allows different number 
of wait states to be inserted by varying x. The value of a; will be varied to illustrate how 
the number of wait states inserted affects the occurrence time of the clock state S^ - By 
accumulating tor AC K delay into the occurrence time of ~AS assertion, the time of DTACK 
assertion is determined as 
[(65.5 + 100), (185 + = [165.5, (185 + 
with respect to clock state Si. Again, the accumulation of wait states is performed by 
constraint propagation. 
For instance, assume a: = 605ns. Then the time when DTACK is asserted becomes 
165.5, 790]n5. Let t be the occurrence time of the DTACK assertion. The width of a 
91 
Chapter 1 Constraint Compatibility Reasoning 
Threshold 
SI I 
• 1 ：—— 
|< 
I 2 * t_ws : 
I j ^ time 
0 165.5 440 690 790 
Figure 7.16: Wait States Insertion Example 
wait state is known to be 125^5. From Figure 7.7, it is clear that the total range of the 
ftp is 
(790 - 165.5) 二 624.5 
Since the subrange [165.5,440] is before the threshold at t 二 440, no wait state is needed 
for (t < 440). Thus the possibility that no wait state insertion is needed becomes 
[(440 - 165.5)/624.5] = 0.44 
Assume that the portion of the ftp beyond the threshold at t 二 440 is further divided into 
smaller sub-ranges of width equals the duration of a wait cycle. If t is within [440,690], 
the subrange immediately after the threshold with width equals one wait cycle, then only 
a single wait cycle will be inserted. The possibility that one wait cycle is inserted is the 
ratio of the width of these corresponding sub-ranges to the width of the total range of 
the ftp, which is 
；(690 - 440)/624.5] = 0.40 
Similarly, if t is within [690,790], the second subrange immediately after the threshold, 
then two wait cycles will be inserted. The possibility that two wait cycle are inserted is 
[(790 - 690)/624.5] = 0.16 
92 
Chapter 1 Constraint Compatibility Reasoning 
The resulting ftp after a single wait cycle insertion is shown as follows. For a detailed 
description of the sample run, please refer to Appendix A. 
CLIPS> Objective 65 is incompatible with tASI 
0 wait cycle(s) needed with possibility 0.4395516413130505 
1 wait cycle(s) needed with possibility 0.400320256204964 
2 wait cycle(s) needed with possibility 0.1601281024819856 
Please enter the number of wait cycle(s) to be inserted: 1 
Query : (determine-when 110 5) 
Answer : The event occurs within 245.0 to 375 ns after 110 becomes 4. 
Time Instance : 245.00 261.25 277.50 293.75 310.00 326.25 342.50 358.75 375.00 
Possibility : 0.0000 0.4815 0.4815 0.9630 1.0000 1.0000 1.0000 0.9630 0.0000 
The number 110 in the query (determine-when 110 5) is the unique node ID of 
the C P U clock. The query determines the occurrence time of the clock state S^. For 
the DATCK delay being [185,605—, the worst-case occurrence time of S^ will be 
370,625]n5 with respect to 5^ 4. Since we know that the clock state has a duration 
of [62.5,125]n5, it is realized that four extra clock states have been inserted between 
and S^. In other words, two wait cycles have been inserted, which leads to the response 
as shown above. 
7.7 Conclusion 
The constraint compatibility mechanism has been implemented and integrated into the 
existing diagnostic system. This mechanism enhances the capability of the system in 
effective temporal reasoning techniques. Rather than treating the abstract timing pa-
rameters as regular timing parameters, this mechanism handles the abstract timing pa-
rameters appropriately. It allows the determination of the successfulness of an operation. 
93 
Chapter 1 Constraint Compatibility Reasoning 
In the case of failure, if special events may be invoked to resolve any constraint viola-
tion, the mechanism initiates these special events. Moreover, the mechanism allows the 
examinations of various possible consequences due to those special events. This kind 
of capability provides very useful information for diagnosis as well as computer aided 
instruction. Constraint compatibility makes the reasoning power of the system more 




A prototype diagnostic tool for microprocessor systems has been developed. The tool 
was implemented as a goal-oriented knowledge-based system, according to the proposed 
frameworks of knowledge representation for the problem domain. Two general time point 
representations using a multiple-referenced time line and imprecise time range values have 
been developed to facilitate temporal concept deductions and explanations. The first 
scheme adopts the time range representation. Temporal constraint reasoning mechanisms 
based on this representation, which handle constraint propagation and satisfaction, have 
been developed to achieve effective temporal constraint reasoning. The second scheme, 
the fuzzy time point approach, captures the uncertainty within time ranges and quantifies 
the corresponding possibility measures of microprocessor systems event occurrence time. 
The existing constraint reasoning mechanisms have been extended to incorporate with 
this scheme. In order to achieve effective temporal reasoning in our domain, however, the 
issue of constraint compatibility should also be considered. A new temporal constraint 
reasoning mechanism has been developed to handle this problem. 
Compared to other approaches in microprocessor systems diagnosis, our work has 
95 
Chapter 8 Conclusion 
achieved some significant enhancements. In Brzozowski's work [9], his numerical ap-
proach is only applicable to component waveform specifications that can be formulated 
as conjunction of linear inequalities, which is not the cases when the timing of an output 
event depends on several inputs, such as a read cycle. Moreover, the explanatory capa-
bility is not available. In Li's work [34], his symbolic constraint satisfaction approach 
only determines if constraint violation exists. The occurrence time and the temporal 
uncertainty information of a particular event is not explicitly derived. Most important, 
the temporal reasoning mechanisms provided in Li's scheme did not consider the impor-
tant issue of constraint compatibility in the problem domain. In our present work, with 
the use of a knowledge-based approach, our system works well with both the read and 
write cycles of a microprocessor, and provides a detailed description in the reasoning 
process as diagnosis explanations. Our system provides the temporal constraint reason-
ing mechanisms to perform worst case timing analysis. In addition, based on the fuzzy 
time point representation, our system quantifies the uncertainty information embedded 
within time ranges. It also provides a new reasoning mechanism to handle the constraint 
compatibility problem. All these features overcome the shortages arisen in Brzozowski's 
and Li's approaches. 
The developed knowledge representation schemes and reasoning mechanisms form 
a domain independent temporal constraint reasoning toolbox. It is applicable to vari-
ous different domains by importing appropriate knowledge-base modules of the domain 
knowledge. This kind of flexibility has been tested with system designs using different 
m i c r o p r o c e s s o r s . The toolbox, in particular, is appropriate for domains require temporal 
constraint reasoning, such as discrete event systems design, project planning, manufac-
turing scheduling, or other operational research domains. 
96 
Chapter 8 Conclusion 
8.1 Applications in Other Domains 
The diagnostic tool has been extensively tested with cases regarding to the domain of the 
Motorola MC68000 microprocessor systems. Recall that the structure of the tool provides 
the flexibility of importing and exporting component modules within its knowledge-base. 
A design which consists of any other types of components should also be verifiable to our 
tool. 
Our problem domain has been switched to the Motorola MC68020 microprocessor 
systems. Test cases in this new domain have been verified. Specifically, as a comparison 
to the previous domain, the determination of the C P U databus setup time was tested. 
Although using a different microprocessor, which has different specification, the reasoning 
process and the diagnostic result were correct and consistent as in the previous domain. 
For details about the timing diagram of the MC68020 read cycle and the test result, 
please refer to Appendix B. 
In facts, the temporal representation scheme as well as the reasoning mechanisms 
developed form a domain independent toolbox for temporal constraint reasoning. This 
toolbox is applicable to the domains which require temporal constraint reasoning. Some 
example domains include discrete event system design, project planning, and manufactur-
ing scheduling. Specifically, in the manufacturing industry, there always exist temporal 
constraints in the form of deadlines. For instance, certain number of parts must be fin-
ished before a specific deadline. In order to have enough time to deliver the finished parts 
to another plant for further process, that deadline is usually set at least a number of days 
before the actual solid date when the parts must be ready for processing. Hence, the 
same toolbox is indeed applicable to various other domains which involve tasks related 
to timing, planning or scheduling. 
97 
Appendix Conclusion 
8.2 Future Directions and Recommendations 
At the moment, the diagnostic tool does not have a sophisticated user interface. Its 
interface is based on the CLIPS X-windows interface. A good and user friendly user 
interface would be very beneficial in giving explanations about the reasoning process 
and supports to design modification. Hypermedia provides an excellent environment 
for human-machine interaction [27, 52]. The World Wide W e b hypermedia environment 
has been studied to be used as the user interface for the diagnostic tool [26]. Rapid 
prototyping of a hypermedia interface is possible. The development of such an interface 
would be one of the next major steps in this project. 
In fact, the diagnostic tool itself already forms the expert module in an intelligent 
tutoring system. Another possible future direction is to develop the other necessary 
modules and integrate them with the diagnostic tool to form an intelligent tutoring 
system in microprocessor systems design. The concerned issues may include the structure 
of such systems, the student module, as well as the tutor module [2, 13, 46，47. 
U p to now, the diagnostic tool has been tested with cases in a restricted domain 
of microprocessor systems design. The reasoning mechanisms seem to be sufficient to 
achieve effective temporal constraint reasoning in the domain. Without verification with 
test cases, however, we cannot prove the completeness of the set of temporal constraint 
reasoning techniques for our domain. Further effort in expanding the knowledge-base of 






The case to determine the occurrence time of the C P U clock state S^ was used to illustrate 
the mechanism of constraint compatibility reasoning as discussed in Chapter 7. The 
occurrence time of S5 is affected by the necessity of wait cycle insertion and the number 
of wait cycles to be inserted, if necessary. For this case, as discussed before, there are three 
possible situations arise as checking the compatibility with the abstract timing parameter 
t^ sj： zero, one and two wait cycles insertion. The user may make his preference of the 
situations according to the information provided by the system interactively. Here in this 
Appendix, the results of all the three possible situations are provided. 
A. l No Wait Cycle Insertion 
CLIPS> Objective 65 is incompatible with tASI 
0 wait cycle(s) needed with possibility 0.4395516413130505 
1 wait cycle(s) needed with possibility 0.400320256204964 
2 wait cycle(s) needed with possibility 0.1601281024819856 
99 
Appendix A Constraint Compatibility Reasoning Output 
Please enter the number of wait cycle(s) to be inserted: 0 
Query : (determine-when 110 5) 
Answer : The event occurs within 120 to 125 ns after 110 becomes 4. 
Time Instance : 120.00 120.62 121.25 121.87 122.50 123.12 123.75 124.37 125.00 
Possibility : 0.0000 0.5000 1.0000 1.0000 1.0000 1.0000 1.0000 0.5000 0.0000 
A.2 Single Wait Cycle Insertion 
CLIPS> Objective 65 is incompatible with tASI 
0 wait cycle(s) needed with possibility 0.4395516413130505 
1 wait cycle(s) needed with possibility 0.400320256204964 
2 wait cycle(s) needed with possibility 0.1601281024819856 
Please enter the number of wait cycle(s) to be inserted: 1 
query : (determine-when 110 5) 
Answer : The event occurs within 245.0 to 375 ns after 110 becomes 4. 
Time Instance : 245.00 261.25 277.50 293.75 310.00 326.25 342.50 358.75 375.00 
Possibility : 0.0000 0.4815 0.4815 0.9630 1.0000 1.0000 1.0000 0.9630 0.0000 
A.3 Two Wait Cycle Insertions 
CLIPS> Objective 65 is incompatible with tASI 
0 wait cycle(s) needed with possibility 0.4395516413130505 
1 wait cycle(s) needed with possibility 0.400320256204964 
2 wait cycle(s) needed with possibility 0.1601281024819856 
Please enter the number of wait cycle(s) to be inserted: 2 
Query : (determine-when 110 5) 
Answer : The event occurs within 370.0 to 625 ns after 110 becomes 4. 
Time Instance : 370.00 401.88 433.75 465.62 497.50 529.38 561.25 593.12 625.00 
Possibility : 0.0000 0.4427 0.8912 1.0000 1.0000 1.0000 0.8912 0.4427 0.0000 
100 
Appendix B 
MC68020 Read Cycle Problem 
The MC68020 [42, 12] CPU-memory interface problem has been examined and tested 
as a different problem domain for our diagnostic tool. This domain is chosen to test 
the flexibility of our tool and the compatibility among different component modules. 
Consistent results were obtained. In this appendix, we will briefly discuss some basics 
of the MC68020 read cycle, the test case to check the C P U databus setup time, and the 
test results. 
B.l Basics of MC68020 Read Cycle 
The basics of MC68000 read cycle have been briefly discussed in Chapter 3. The timing 
diagram of MC68000 read cycle is shown in Figure B.l. In Figure A2.1, the timing 
diagram of MC68020 read cycle is shown as well. The two diagrams look very similar, 
but the MC68000 has an eight-state bus cycle whereas the MC68020 has a six-state bus 
cycle. Besides, even at the same clock rate, the MC68020 is faster than the MC68000 
because of its improved internal design. For a more detailed discussion of the MC68020 
101 
Appendix B MC68020 Read Cycle Problem 
read cycle, please refer to [42, 12]. 
i Read Cycle — six clock states ^ 
SO SI S2 S3 S4 S5 
CLK 
： j ^ t_cyc ^ 
r ^ T Y l i ； I r 
A31 i / \ ： : i i / \ 
： i t_CHSI^ ； ； yCLS想 
R A V * 「 、 j j j ！ j ‘ 
DSACK* j I j i I J 
j i I ： t_DICL I i 
Doo i ； j A i i \ 
t。 ； i t_acc (memor^ access time) \ i / 
D31 H ： H\ j \J 
Figure B.l: Simplified MC68020 Read Cycle 
B.2 MC68020 Databus Setup Time 
Xhe reasoning process in this case is very similar to that of the case to check the MC68000 
C P U databus setup time as in Figure 4.3. The only difference is that MC68020 uses the 
parameter icHAV to determine when the C P U address bus becomes valid with respect 
to the clock state ^ o, whereas MC68000 uses the parameter tcLAV with respect to the 
102 
Chapter 2 MC68020 Read Cycle Problem 
clock state This is simply due to the different relationships among the parameters 
of the two different microprocessors. Besides, the minimum and maximum values of the 
parameter toiCL are different for the two microprocessors too. 
B.3 Implementation Results 
After the query of checking the MC68020 C P U databus setup time has been entered, the 
following response is returned: 
Query : (check-setup-time-of 108) 
Answer : The event occurs within 10 to 640 ns after 110 becomes 0. 
Time Instance : 10.000 88.750 167.50 246.25 325.00 403.75 482.50 561.25 640.00 
Possibility : 0.0000 0.4821 0.8750 1.0000 1.0000 1.0000 1.0000 1.0000 0.0000 
The number 108 in the query (check-setup-time-of 108) is the unique node ID 
assigned to the C P U databus. The response states that the MC68020 C P U databus 
would finish setup at a time instant within the time range [10,640] ns after the C P U 
clock, with node ID 110, becomes clock state SQ. The upper limit 640 is derived in terms 
of the assumption of K二500. 
The diagnostic result is consistent with the expected results. The expected worst-case 
time range is the accumulation of the timing parameters tCHAV, tAA and tDICL, which 
are the time ranges [0,40], [undefined, 100] and [10,undefined], respectively. Through ftp 
constraint propagation, with K assumed to be 500, the upper limit is derived as 640 for 
the worst-case time range. This implicitly implies the possibility of wait states insertion, 
though the assumption that no wait states will be necessary has been made. 
103 
Bibliography 
1] J. F. Allen. “Towards a General Theory of Action and Time". Artificial Intelligence, 
23(2):123-154, 1984. 
2] J. R. Anderson. "Intelligent Tutoring Systems". Science, 228:456-462, 1985. 
3] D. Beatty, R. E. Bryant, and C. J. Seger. “Formal Hardware Verification by Symbolic 
Ternary Trajectory Evaluation". 1991 IEEE/ACM Design Automation Conference, 
1991. 
4] W . Bevier, W . Hunt, J. Moore, and W . Young. “An Approach to Systems Verifica-
tion" .Journal of Automated Reasoning, 5(4), 1989. 
5] R. S. Boyer and J. S. Moore. A Computational Logic Handbook. Academic Press, 
1988. 
6] R. E. Bryant. "Graph-Based Algorithms for Boolean Function Manipulation". IEEE 
Transactions on Computers, C-35(8), 1986. 
7] R. E. Bryant. "Tutorial on Formal Verification of Hardware，，. 28th Design Automa-
tion Conference, 1991. 
8] R. E. Bryant and C. J. Seger. "Formal Verification of Digital Circuits Using Symbolic 
Ternary System Models". DIM AC Workshop on Computer-Aided Verification, 1990. 
104 
9] J. A. Brzozowski, T. Gahlinger, and F. Mavaddat. "Consistency and Satisfiability 
of Waveform Timing Specifications". Networks, 21:91-107, 1991. 
10] W . C. Carter, W . H. Joyner, and D. Brand. "Symbolic Simulation for Correct 
Machine Design". 16th ACM/IEEEDesign Automation Conference, pages 280-286, 
1979. 
11] F. Choobineh and H. Li. “A New Index for Ranking Fuzzy Numbers". IEEE Articles 
CD-ROM Collections. 
12] A . Clements. Microprocessor Systems Design: 68000 Hardware, Software，and In-
terfacing. P W S , Boston, 1992. 
13] W . J. Clencey. "Tutoring Rules for Guiding a Case Method Dialogue". In D. Sleeman 
and J. S. Brown, editors, Intelligent Tutoring Systems, pages 201-225, 1982. 
14] A. Colin. "The Notion of Proof in Hardware Verification". Journal of Automated 
Reasoning, 5:127-139, 1989. 
15] R. Davis. “Diagnostic Reasoning Based on Structure and Behaviour". Artificial 
Intelligence, 24(3):347-410, 1984. 
16] J. De Kleer and J. S. Brown. “A Qualitative Physics Based on Confluence". In 
D Bobrow, editor, Qualitative Reasoning About Physical Systems. M I T , 1986. 
171 J. De Kleer and B. C. Williams. “Diagnosing Multiple Faults". Artificial Intelligence, 
32:97-130, 1987. 
[181 A. Di Nola. “MV Algebras in the Treatment of Uncertainty". In Fuzzy Logic: State 
of the Art. Kluwer Academic, 1993. 
19] D. Dubois, H. Prade, and S. Sandri. “On Possibility/Probability Transformations，，. 
In Fuzzy Logic: State of the Art. Kluwer Academic, 1993. 
20] H . Eveking, editor. Special Issue on Digital Design Verification. lEE Proceedings, 
September 1986. 
21] K. D. Forbus. "Qualitative Process Theory". Artificial Intelligence, 24:85-168, 1984. 
22] J. C. Giarratano. CLIPS User's Guide (Version 6.0). N A S A Lyndon B. Johnson 
Space Center, Information Systems Directorate, Software Technology Branch, 1993. 
23] J. C. Giarratano and G . Riley. Expert Systems: Principles and Programming. PWS， 
Boston, Mass., 1993. 
24] M . Gordon. The HOL System Description. Cambridge Research Centre, SRI Inter-
national, Suite 23, Miller's Yard, Cambridge, England. 
25] M . Gordon. HOL: A Machine Oriented Formulation of Higher Order Logic. Cam-
bridge University, Computer Laboratory Technical Report No. 68, Cambridge, Eng-
land, 1985. 
26] I. S. Graham. HTML Documentation and Style Guide. Instructional and Research 
Computing, Computing and Communications, University of Toronto, 4 Bancroft 
Ave., Toronto, Ontario, Canada, 1994. 
271 F. G. Halasz. “Reflictions of Notecards: Seven Issues for the Next Generation of 
Hypermedia System". Communications of the ACM, 31(7):836-852, 1988. 
28] H. M . Hersh, A. Caramazza, and H. H. Brownell. “Effects of Context on Fuzzy 
Membership Functions". In Advances in Fuzzy Set Theory and Applications. North-
Holland, 1979. 
29] K . Hirota. "Extended Fuzzy Expression of Probabilistic Sets". In Advances in Fuzzy 
Set Theory and Applications. North-Holland, 1979. 
30] J. Jacas and J. Recasens. "Fuzzy Numbers and Equality Relations". IEEE Articles 
CD-ROM Collections. 
31] A . Kaufmann and M . M . Gupta. Introduction to Fuzzy Arithmetic: Theory and 
Applications. Van Nostrand Reinhold, New York, 1985. 
32] K . P. Lam. "Time-range Reasoning for Microprocessor Systems Diagnosis: a Prob-
abilistic Extension". lEE Proceedings, 139(4):308-310, 1992. 
33] K . P. Lam. “Microprocessor Systems Diagnosis Using a Time-range Approach". lEE 
Proceedings, 140(l):l-9, 1993. 
34] V . Li. "Knowledge Representation and Problem Solving for an Intelligent Tutoring 
System". Master's thesis, The University of British Columbia, 1990. 
35] J. M a and B. Knight. “A General Temporal Theory". The Computer Journal, 
37(2):114-123, 1994. 
36] K . G. Manton, M . A. Woodbury, and H. D. Tolley. Statistical Applications Using 
Fuzzy Sets. John Wiley and Sons, 1994. 
37] D. V . McDermott. “A Temporal Logic for Reasoning About Processes and Plans，，. 
Cognitive Science, 6:101-155, 1982. 
38] E. Mendelson. Introduction to Mathematical Logic. D. Van Nostrand, Princeton, 
N.J.，1964. 
39] S. Mirapuri, M . Woodacre, and N. Vasseghi. "The Mips R4000 Processor". IBFF 
Micro, pages 10-22, 1992. 
40] M . Mizumoto and K. Tanaka. "Some Properties of Fuzzy Numbers". In Advances 
in Fuzzy Set Theory and Applications. North-Holland, 1979. 
41] Motorola. M68000 User's Manual Prentice Hall, Englewood Cliffs, N. J. 
42] Motorola. M68020 32-Bit Microprocessor User's Manual Prentice Hall, Englewood 
Cliffs, N. J. 
43] S. H. Nasution. "Fuzzy Durations in Critical Path Method". IEEE Articles CD-
ROM Collections. 
44] S. H. Nasution. "Fuzzy Critical Path Method". IEEE Transactions on Systems, 
Man, and Cybernetics, 24(1), 1994. 
45] M . Nowakowska. "Fuzzy Concepts: Their Structure and Problems of Measurement". 
In Advances in Fuzzy Set Theory and Applications. North-Holland, 1979. 
[46] B. J. Reiser, J. R. Anderson, and R. G. Farrell. Dynamic Student Modelling in an 
Intelligent Tutor for Lisp Programming. In Proceedings of the Ninth International 
Joint Conference on Artificial Intelligence, Los Angeles, C A , 1985. 
[47] B. J. Reiser and et al. Facilitating Students' Reasoning with Causal Explanations 
and Visual Representations. In PmccaUngs of the Fourth International Conference 
on AI and Education, 1989. 
48] S. J. Sangwine. "Deductive Fault Diagnosis in Digital Circuits: a Survey". lEE 
Proceedings, 136:496—504, 1989. 
49] C.J. Seger. "An Introduction to Formal Hardware Verification". Technical report, 
The University of British Columbia, 1992. 
50] Y. Shoham. "Temporal Logics in AI: Semantical and Ontological Considerations". 
Artificial Intelligence, 33(1):89-104, 1987. 
51] Y. Shoham. Reasoning About Change. M I T Press, Cambridge, Mass., 1988. 
52] J. B. Smith and S. F. Weiss. "Hypertext". Communications of the ACM, 31(7):816-
819, 1988. 
53] N. Tamura and K. Horiuchi. “VSOP Fuzzy Numbers and Fuzzy Comparison Rela-
tions". IEEE Articles CD-ROM Collections. 
54] R. M . Tong. "The Construction and Evaluation of Fuzzy Models”. In Advances in 
Fuzzy Set Theory and Applications. North-Holland, 1979. 
55] Y. X u and H. Cheng. "An Approach to Integrated Diagnosis Using Deep Model and 
Causal Model". 1993. 
56] M . Yoeli. Formal Verification of Hardware Design. IEEE Computer Society Press, 
California, 1990. 
[57] S. M . Yuen and K. P. Lam. “A Knowledge-based Approach for Worst-case Timing 
Analysis of Microprocessor Systems”. To appear in IEEE Proc. of the Nineteenth 
Annual International Computer Software and Applications Conference, 1995. 
58] S. M . Yuen and K. P. Lam. "Fuzzy Time Point Compatibility Reasoning for Micro-
processor Systems". Submitted to Real-Time Systems, 1995. 
59] S. M . Yuen and K . P. Lam. "Implementation of Fuzzy Time-point Reasoning for Mi-
croprocessor Systems". To appear in Proc. of the Seventh International Conference 
on Artificial intelligence and Expert Systems Applications, 1995. 
60] S. M . Yuen and K . P. Lam. “Modeling Temporal Uncertainty in Microprocessor 
Systems，，. To appear in IEEE Proc. of the Third International Symposium on Un-
certainty Modeling and Analysis, 1995. 
61] S. M . Yuen and K. P. Lam. "Temporal Constraint Reasoning Mechanisms for Micro-
processor Systems Diagnosis". To appear in Knowledge-Based Systems, Butterworth 
/ 
Scientific, Guildford, Surrey, 1995. 
62] X. Zhang and L. Duckstein. “Combination of Radiologists' Diagnosis by a Fuzzy 


























 r  f  .  J  -
I











































































 :  -  .  .
.









：  /  ir、  -
•
-
























































 ：  •:-  .....  . 

















































-  I  •  • 
















 -.  . 
.
.



























 .  .































 -  -





.-v.-  「•  .  -  -  -  .  .
、  .  , 
-—-::..-.........
 •  .  .  ；  -
广-S  .  -  V  ‘
、
v-
 T-  二
-










 -..  . 








 .  . ‘
^ f












 .：  ,  .  .  ....... 
: 二
〜！








: “雲V「二,  -  ，  )  ： 
EhSEEiDDO 
醒_11111111 saLJBjqLH >iHn：) 
t 
