A Necessary and Sufficient Timing Assumption for Speed-Independent Circuits by Keller, Sean et al.
A Necessary and Sufficient Timing Assumption for Speed-Independent Circuits
Sean Keller∗, Michael Katelman†, Alain J. Martin∗
∗Department of Computer Science
California Institute of Technology
Pasadena, CA 91125, USA
{sean,alain}@async.caltech.edu
†Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL 61801, USA
katelman@uiuc.edu
Abstract
This paper presents a proof that the adversary path timing
assumption is both necessary and sufficient for correct SI
circuit operation. This assumption requires that the delay
of a wire on one branch of a fork be less than the delay
through a gate sequence beginning at another branch in the
same fork. Both the definition of the timing assumption and
the proof build on a general, formal notion of computation
given with respect to production rule sets. This underlying
framework can be used for a variety of proof efforts or
as a basis for defining other useful notions involving asyn-
chronous computation.
1. Introduction
Asynchronous logic can be effectively engineered within
a variety of different frameworks, e.g. via quasi-delay insen-
sitive (QDI) [1], [2], [3] or speed-independent (SI) circuits
[4], [5]. Across the various frameworks there are clearly
many important differences, but these frameworks also share
certain issues that seem to be inherent to asynchronous
circuit design; in particular, the notion of forks. For example,
the class of SI circuits is characterized as the set of circuits
that are functionally correct regardless of gate and wire
delays, except at forks; similarly, forks play a crucial role in
the context of QDI circuits. In fact, if no delay assumptions
are made about forks, then the resulting delay-insensitive
(DI) circuits are extremely limited in functionality [6].
Moreover, for many asynchronous logic frameworks, the
relative delays through fork branches form the basis of all
timing assumptions and the corresponding timing closure.
This suggests that in order to gain insight into the exact
similarities and differences between these frameworks, it
may be fruitful to compare their timing assumptions.
Making such comparisons can be difficult because dif-
ferent frameworks use different terms and mathematical
constructions; a mathematical setting in which common
terms are used to describe all of the timing assumptions
is required. Therefore, towards clarifying the nature of forks
across multiple asynchronous circuit frameworks, this paper
first formally defines a notion of asynchronous computation
and then upon that defines a set of well-known fork-related
timing assumptions. Using this foundation, the paper then
proves that one such assumption, the adversary path timing
assumption [3], is necessary and sufficient for proper SI
circuit operation. Moreover, this proof suggests that the
adversary path is the longest such path and hence leads to
the weakest SI timing constraint.
The foundation starts with the structure given by produc-
tion rule sets (PRS). This is not crucial: any number of
systems can be used instead. However, PRS are structured in
such a way that clearly exposes how forks and hazards [5],
[7] interact. Moreover, PRS can be used to model arbitrary
switching networks, and therefore can be used to examine
important properties of circuits generated within a wide
range of asynchronous design methodologies. In addition,
the proof is just one example of how the formalization
can be used. It can also serve as a foundation for other
proofs or definitions, and it can even be used as a basis for
computerized proofs.
Each of the following technical sections contains both an
informal overview of main concepts, with examples derived
from the circuit depicted in Figure 1 (a closed variant of
a circuit used in [6]), as well as thoroughly developed
mathematical details. The details add rigor and some subtle
insights, but the main ideas and notation are presented at
a higher level. The organization of the paper is as follows.
Section 2 reviews production rule sets and defines a set of
structural constraints that are assumed throughout. Section 3
formally defines a notion of computation with respect to
PRS. Then, upon this notion of computation, Section 4
defines the relevant timing assumptions for DI, QDI, and
SI circuits. The proof and a discussion of its implications
are given in Section 5. Section 6 reviews related work, and
Section 7 concludes with a summary and a discussion of
several assumptions and limitations of this work.
 
 


  
  


 
 


  
  


  
  


  
  


  
  


C
a
b
d
x
c
c′
Figure 1. Closed simple buffer.
2. PRS Structural Constraints
Section 2.1 begins by reviewing the traditional definition
of PRS [1]. Section 2.2 adds a set of structural con-
straints that facilitate the definition of a formal notion of
computation and timing assumptions in Sections 3 and 4,
respectively. These structural constraints ultimately result in
a set of “legal” production rule sets, which are called proper.
2.1. PRS
This section reviews a few of the basic terms from [1].
The mapping from PRS to CMOS transistor networks, used
in a number of figures throughout this paper, also comes
from [1]. Additionally, in order to simplify the exposition,
this paper assumes a fixed set V of variables from which the
PRS draw node names; TB(V ) denotes the set of Boolean
expressions over variables V .
Definition 2.1. A production rule is any triple
(g, x, d) ∈ TB(V )× V × {↑, ↓}
and is typically denoted g 7→ xd.
Definition 2.2. A production rule set (PRS) is any finite set
of production rules.
The basic intuition for a production rule g 7→ x ↑ is that
g is a sufficient condition to enable the pull-up network
in the gate associated with x. This means that the entire
condition for the pull-up network can be spread out across
multiple production rules gi 7→ x ↑. For example, one of the
structural constraints that this paper enforces, without loss
of generality, is that each variable x is defined by exactly
two production rules, g+ 7→ x ↑ and g− 7→ x ↓.
2.2. “Proper” PRS
The definitions in this section serve to impose extra
structure on PRS. This added structure facilitates a straight-
forward definition of computation in Section 3 and the map-
ping of computation to physical circuits; furthermore these
constraints simplify the definition of timing assumptions in
Section 4 and the proof in Section 5.
Definition 2.3. Let P be a PRS and x ∈ V , the x operator
on P , denoted Ox, is defined such that for all g 7→ x′d ∈ P
g 7→ x′d ∈ Ox ⇔ x′ = x
Definition 2.4. Let P be a PRS. P has simple operators if
and only if all Ox are such that
Ox = {g+ 7→ x ↑, g− 7→ x ↓}
and g+ and g− are in disjunctive normal form.
Definition 2.5. Let P be a PRS with simple operators. Oy
is called a wire if and only if
Oy = {x 7→ y ↑,¬x 7→ y ↓}
for some y ∈ V . An operator Ox is called a gate if it is not
a wire.
The majority of structural constraints for a proper PRS
simply enforce a regular forking structure. These require-
ments essentially guarantee a one-to-one correspondence
between the branches of a fork and wire operators. In order
to define and force these and other structural requirements,
it is necessary to have a clean way of expressing variable
sharing within and between the operators, as such sharing
can imply forking. This is formalized beginning with the
function pi, which counts the number of occurrences of a
specified variable in the guard of a production rule.
Definition 2.6. pi : V × TB(V ) −→ N:
pi(x, x) = 1
pi(x, x′) = 0 if x′ 6= x
pi(x, g1 ∧ g2) = pi(x, g1) + pi(x, g2)
pi(x, g1 ∨ g2) = pi(x, g1) + pi(x, g2)
pi(x,¬g1) = pi(x, g1)
Using Definition 2.6, PRS variables are related to each
other by constructing a directed multi-graph with a node for
every variable and a directed weighted-edge between pairs
of variables.
Definition 2.7. Let P be a PRS. Associate to P a directed
multi-graph (V,E : V × V −→ N) where
E(x, x′) =
∑
g 7→x′d∈Ox′
pi(x, g)
The most important information encoded by this graph is
a matching of input variables to the output variable of each
gate. This is expressed via the following −→ relation.
Definition 2.8. Let P be a PRS. With respect to P ,
−→ ⊆ V × V is a binary relation defined such that
for all x, x′
x −→ x′ ⇔ E(x, x′) > 0
Figure 2 expands the NAND gate from Figure 1 and adds
two wires, Oa′ and Oa′′ . This expansion illustrates several
definitions, e.g. E(a′′, x) = E(a, x) = 1, E(b, x) = 2,
a −→ a′, and a′ −→ a′′. The −→ relation is employed ex-
tensively, and in many cases the following notational conven-
tions are used: · −→ x′, which means the set {x | x −→ x′},
and x′ −→ ·, which means the set {x | x′ −→ x}. With
respect to Figure 2, · −→ x = {a, a′′, b}, and b −→ · = {x}.
This notion usefully extends to multiple arrows and multiple
dots; e.g. x −→ · −→ x′ or · −→ · ≡−→.
   
x
b
a′′a′
a
a
b

¬a′′ ∨ ¬b 7→ x ↑,
a ∧ b 7→ x ↓,
a 7→ a′ ↑,
¬a 7→ a′ ↓,
a′ 7→ a′′ ↑,
¬a′ 7→ a′′ ↓

Figure 2. CMOS NAND gate and wires.
The existence of composed wires is equivalent to the
statement that there exists wires Oy and Oy′ , y 6= y′, such
that y −→ y′, e.g. in Figure 2, a′ −→ a′′. This sort of
composition is not allowed in a proper PRS; and, similarly,
gate-to-gate connections are also disallowed, e.g. in Figure 1,
the variable a acts as both the output of the inverter and an
input of the NAND gate. Therefore, between gates, a signal
must go through exactly one wire.
Definition 2.9. Let P be a PRS. P has no wire-to-wire
connections if and only if for all pairs of wires Oy,Oy′ ,
(y, y′) /∈−→.
Definition 2.10. Let P be a PRS. P has no gate-to-gate
connections if and only if for all pairs of gates Ox,Ox′ ,
(x, x′) /∈−→.
This leaves the possibility of implicit forking through
sharing of wire variables across different gates; which can
be removed by enforcing that P has explicit inter-operator
forks.
Definition 2.11. Let P be a PRS satisfying the conditions
of Definitions 2.9 – 2.10. P has explicit inter-operator forks
if and only if for all wires Oy , |y −→ ·| = 1.
Figure 3 transforms an implicit inter-operator fork from
Figure 1 into an explicit inter-operator fork by connecting
inverter Oa to two new wires Oa1 and Oa2 . Nevertheless,
variable sharing can occur within a gate, e.g. this happens in
Figure 2, where E(b, x) = 2. This leads to the final structural
constraint on forks.
Definition 2.12. Let P be a PRS satisfying the conditions
of Definitions 2.9 – 2.10. P has explicit intra-operator forks
  
  


  
  


  
   C
b
a
a2
a1
d
c
x
Figure 3. Explicit inter-operator fork.
if and only if for all wires Oy , if y −→ x then E(y, x) = 1.
Figure 4 further expands Figure 3 by making explicit
the NAND gate intra-operator forks. This necessitates the
addition of another new wire, Oa3 , to inverter Oa and two
new wires Ob1 and Ob2 to C-element Ob. Definitions 2.9
– 2.12 ensure that at the switch level, there is a one-to-one
correspondence between gate interconnections and wires.
  
  

  
  
 
 


 
  
  


 
 

   C
d
c b1
a3
b2
a
a1
x
a2
b
Figure 4. Explicit intra-operator fork.
Making inter-operator forks explicit is commonplace and
essential for a discussion of asynchronous circuits. Making
intra-operator forks explicit is less typical but not unprece-
dented (see [8]); they are exposed for completeness in
Section 4 on timing assumptions. In what follows, a properly
structured PRS is closed and is considered to have all of the
above properties.
Definition 2.13. Let P be a PRS. P is closed if and only
if for all x ∈ V ; · −→ x 6= ∅ and x −→ · 6= ∅.
Definition 2.14. Let P be a PRS. P proper if and only if
P satisfies the conditions of Definition 2.4 and Definitions
2.9–2.13.
3. PRS Semantics
This section defines a mapping from PRS to legal com-
putations, where computations are legal if they fall within
the set of dynamic behaviors defined by a circuit. The
formalization treats PRS as a set of concurrent processes
with each gate and wire acting individually. The main ideas
as well as several examples are presented in Section 3.1,
followed by further details in Section 3.2.
3.1. Overview
Conceptually, the definition of computation given in this
section treats gates and wires as independent processes.
These processes are continuously sensitive to the current
state of all nodes named in the guards of the corresponding
pair of production rules. For example, the expanded NAND
gate shown in Figure 4 is treated as a process that is sensitive
to the state of four nodes: a2, a3, b1, b2. At any given “step”
in the computation, each process can either (a) act on the
current state of its inputs by transitioning its target node
appropriately, or (b) delay a pending transition to a future
step. There is also a third possibility, (c): a gate can express
a pending hazard.
Ignoring hazards for the moment, the state of the circuit
nodes is encoded as a function, χ : V −→ {F, T}, which
maps nodes to logical values. For example, χ(a2) = T means
that the current state of node a2 acts as logical true. Now,
consider again the NAND gate and a state
χ(a2) = T, χ(a3) = T, χ(b1) = T, χ(b2) = T, χ(x) = T.
A computation “step” takes the current state, χ, to a new
state, χ′. Corresponding to cases (a) and (b) above, there are
two alternatives for x in χ′. Either (a) the pending transition
gets expressed and χ′(x) = F, or (b) the transition is delayed
and χ′(x) = χ(x) = T.
For every gate, there is also a specific set of undesirable
states that expose its non-digital and non-atomic nature.
These hazardous states generate uncertainty in the logic
value of the gate output. As such, subsequent gates may
individually interpret the value as either T, F, or undefined.
These possibilities necessitate further enrichment of state
beyond χ : V −→ {F, T}. First, for hazards to be explicitly
manifested, the co-domain of χ is expanded to the set
{F, X, T}, so that χ becomes a function χ : X −→ {F, X, T}.
Second, the state is enriched so that it becomes a pair (χ, I)
with χ as above and I ⊆ V , where I is a set containing
all nodes with pending hazards. That is, x ∈ I implies that
case (c) is a valid option, so χ′(x) = X is possible in some
future computation step.
3.2. Formalization
The definition of computation is given as a binary relation
on execution states. From this point onward, denote by B
the structure with elements {F, X, T} and functions ¬,∧,∨.
Definition 3.1. An execution state is any pair
(χ : V −→ B, I ⊆ V ).
In order to define inference rules for generating the next
system state χ′ from the current state χ, it is useful to
have formal notions describing the current “state” of a gate.
Intuitively, if χ is such that a gate is being pulled up, then
the gate is allowed to transition to T. Similarly, if the gate is
being pulled down, then it is allowed to transition to F and
if there is a pending hazard, it is allowed to transition to X.
The following definitions formalize the various sensitivities
of a gate.
Definition 3.2. Let χ : V −→ B and g ∈ TB(V ). χ(g)
denotes the extension of χ to Boolean expressions.
Definition 3.3. Let χ : V −→ B and let Ox be a gate
defined such that
Ox = {g+ 7→ x ↑, g− 7→ x ↓}.
• A↑χ is a predicate on gates denoting that Ox is currently
being pulled up with respect to χ, i.e.
A↑χ(Ox)⇔ χ(g+) = T and χ(g−) = F.
• A↓χ is a predicate on gates denoting that Ox is currently
being pulled down with respect to χ, i.e.
A↓χ(Ox)⇔ χ(g+) = F and χ(g−) = T.
• Alχ(Ox) is a predicate on gates denoting that Ox is
interfering, or shorted, with respect to χ, i.e.
Alχ(Ox)⇔ χ(g+) = T and χ(g−) = T.
• A•(Ox) is a predicate on gates, denoting that Ox is
being invalidated with respect to χ, i.e.
A•χ(Ox)⇔ χ(g+) = X or χ(g−) = X.
For the moment let us ignore how the I set is computed
and just assume that any pending hazard is contained in I .
The semantics allows for the state of any operator output to
either change or to stay the same. A state change from χ to
a state χ′ must satisfy the following property: for all x ∈ V
such that χ(x) 6= χ′(x):
χ′(x) = T⇒ A↑χ(Ox)
χ′(x) = F⇒ A↓χ(Ox)
χ′(x) = X⇒ x ∈ I.
As there are many such χ′ in general, there are many
possible next states; this is a reflection of the natural, per-
gate concurrency that is expressed in the above constraints
whenever χ′(x) 6= χ(x).
There are two varieties of hazards that can occur in
asynchronous circuits: interferences and instabilities. The
first type of hazard, interference, occurs when a gate is
being shorted; e.g. the NAND gate of Figure 4, defined by
production rules
{¬a2 ∨ ¬b2 7→ x ↑, a3 ∧ b1 7→ x ↓},
exhibits an interference when both guards evaluate to true,
such as in a state where
χ(a2) = F, χ(a3) = T, χ(b1) = T, χ(b2) = F.
Definition 3.4. Let χ : V −→ B and Ox a gate. Ox is
interfering w.r.t. χ if and only if Alχ(Ox).
The second type of hazard is unstable behavior. This
occurs when, at some state (χ, I), a gate Ox is enabled
to transition (i.e. there exists a legal execution step to a
state (χ′, I ′) where χ(x) 6= χ′(x)) but does not transition
in the actual step to (χ′, I ′) (i.e. χ(x) = χ′(x)), and the
inputs to Ox change when going from (χ, I) to (χ′, I ′) in
such a way that Ox is disabled from transitioning in the
following step. This unstable behavior captures some of the
non-atomic properties of gates in real circuits. If a gate
begins to transition towards one rail, but is cut-off before
completing this transition, the output of the gate may be
interpreted individually by subsequent transistors as either
T, F, or as a non-Boolean value.
Taking the NAND again as an example, it is enabled in
the state (χ, ∅) with
χ(a2) = T, χ(a3) = T, χ(b1) = T, χ(b2) = T, χ(x) = T
in that there exists a legal step χ′(x) 6= χ(x), χ′(x) = F.
However, suppose that instead of this transition happening,
only the gate’s inputs change, so that χ′ is given by
χ′(a2) = F, χ′(a3) = F, χ′(b1) = T, χ′(b2) = T, χ′(x) = T.
This gate is no longer enabled in the sense that during the
next step, say to (χ′′, I ′′), x cannot transition to the other
stable value, i.e. χ′′(x) = F is impossible.
Definition 3.5. Let χ, χ′ : V −→ B and Ox a gate. Ox is
unstable w.r.t. χ, χ′ if and only if
A↑χ(Ox), χ′(x) 6= T, and ¬A↑χ′(Ox); or
A↓χ(Ox), χ′(x) 6= F, and ¬A↓χ′(Ox).
The I set tracks all pending hazards, so that in a “step”
from (χ, I) to (χ′, I ′), it must be ensured that I ′ contains
(a) all interferences with respect to χ′, as well as (b) all
instabilities with respect to χ, χ′. In addition to these two
hazard origination events, X values must also be allowed
to propagate. This is formalized by creating two auxiliary
sets I+ and I−. The I+ set simply accumulates all of the
new interferences and instabilities generated in going from
χ to χ′, and the I− set includes all variables that have
transitioned. The set I \I− is then used to allow unresolved
hazards to persist from I to I ′.
Definition 3.6. Let χ, χ′ : V −→ B; the set of new potential
hazards with respect to χ, χ′, denoted I+χ,χ′ is defined such
that
u ∈ I+χ,χ′ ⇔ Ou is unstable w.r.t. χ, χ′,
Ou is interfering w.r.t. χ′, or A•χ′(Ou).
Similarly, the set of non-persisting potential hazards, de-
noted I−χ,χ′ , is defined such that
u ∈ I−χ,χ′ ⇔ χ′(u) 6= χ(u).
Definition 3.7. Let P be a proper PRS. The computation
step relation, ⇒, is a binary relation on execution states
defined such that (χ, I) ⇒ (χ′, I ′) if and only if for all
x ∈ V with χ(x) 6= χ′(x):
χ′(x) = T⇒ A↑χ(Ox)
χ′(x) = F⇒ A↓χ(Ox)
χ′(x) = X⇒ x ∈ I,
and I ′ = I+χ,χ′ ∪ I \ I−χ,χ′ .
Definition 3.8. Let P be a proper PRS and ~σ = 〈σ1, σ2, . . . 〉
be an infinite sequence of states. ~σ is a legal execution
sequence, if and only if for all i ≥ 1, σi ⇒ σi+1.
In what follows, computations are restricted so as to
satisfy a few important sensibility requirements. Such a
computation assumes (a) that the reset state is free of
interferences, instabilities, and X values, and (b) that the
reset state initializes forks with the same value on every
branch. The restriction on fork branches simplifies several
timing assumptions given in Section 4.
Definition 3.9. Let P be a proper PRS and ~σ = 〈σ1, σ2, . . . 〉
an execution sequence. σ1 is called the reset state.
Definition 3.10. Let P be a proper PRS and ~σ an execution
sequence with reset state σ1 = (χ1, I1). ~σ is proper if:
• for all x, χ1(x) 6= X; and I1 = ∅; and
• for all gates Ox, for all y, y′ ∈ x −→ ·,
χ1(y) = χ1(y′).
Lastly, it is useful to extend the notions of stability and
non-interference beyond a single sequence.
Definition 3.11. Let P be a proper PRS and σ1 a reset
state. P, σ1 is stable and non-interfering if and only if all
proper executions σ with reset state σ1 are stable and non-
interfering.
4. Timing
Reaching a timing closure for an asynchronous system
tends to be considerably easier to achieve than for a similar
synchronous design. Even so, as CMOS evolves and be-
comes ever more varied, and as entirely new paradigms are
targeted, certain assumptions about timing become harder
to satisfy [3]. This section gives formal meaning to the
terms used to discuss common timing assumptions made for
asynchronous circuits and then uses these terms to provide
concrete definitions for DI, QDI, and SI systems.
4.1. Transition Causality
An important concept used to reason about the sequencing
of transitions is the notion of acknowledgment. Acknowledg-
ment embodies the causal relationship between the current
inputs of an operator, say Ox, and a transition in the state
of x, e.g. from χ(x) = T to χ′(x) = F. This paper leverages
the fact that all guard expressions of a proper PRS are in
disjunctive normal form in order to say that each guard
variable in a true-valued conjunctive clause is acknowledged
when the target variable transitions.
Definition 4.1. Let ~σ be a proper execution sequence.
Associate to ~σ an acknowledgment relation,
⊆ V × N× V,
and write x i x′ when (x, i, x′) ∈. The relation is
defined inductively such that
(a) xi x′ if, letting
Ox′ = {c1 ∨ · · · ∨ cm 7→ x′ ↑, d1 ∨ · · · ∨ dn 7→ x′ ↓}
either
– χi(x′) 6= T, χi+1(x′) = T, and pi(x, cj) > 0 for
some cj such that χi(cj) = T; or
– χi(x′) 6= F, χi+1(x′) = F, and pi(x, dj) > 0 for
some dj such that χi(dj) = T;
(b) xi x′ if Ox′ is a wire with x −→ x′, and for some
x′′ ∈ x −→ ·, xi x′′; χi+1(x′) = χi(x); and letting
j be the largest index less than i such that y j x for
some y, x/kx′ for all j < k < i.
Condition (a) formalizes the well-known definition of
acknowledgment as a causal relationship between transitions
[6], and it extends the definition by allowing wires to ac-
knowledge gates and gates to acknowledge wires. Condition
(b) further extends acknowledgment to handle inconsisten-
cies that can occur at certain forks. As an example, consider
Figure 5. This figure completely exposes all forks from a
segment of the circuit from Figure 1. Notice that gates and
wires inherently “hold” state, so b is automatically staticized.
Now, consider a proper execution sequence ~σ, where σi is
specified by Figure 5. In this state, the inverter Oa is enabled
to transition, as are the wires Oa2 , Oa3 , Ob1 , and Ob2 . If
the inverter output transitions but the wires do not, then
χi+1 = χi[a 7→ T], and by condition (a) of acknowledgment,
d1 i a. Continuing with this example, suppose that the
Oa1 wire transitions next, yielding χi+2 = χi+1[a1 7→ T].
By condition (a) of acknowledgment, a i+1 a1, and by
condition (b) a i+1 a2 and a i+1 a3. In some sense
Oa2 and Oa3 skipped a transition (legally), and condition
(b) maintains a consistent notion of acknowledgment. Fur-
thermore, acknowledgment “chains” give rise to a transitive
version of acknowledgment.
  
  

  
  
 
 


 
 
 


  
  


  
  
  


b2, F
x, T
a1, F
a, F
d1, F
c1, F
c2, F
a4, F
a3, T
a2, T
b1, F
b, T
d2, F
Figure 5. Simple buffer segment; at state σi = (χi, ∅).
Definition 4.2. Let ~σ be a proper execution sequence.
Associate to ~σ a relation
+⊆ V × N× N× V,
and write x +[m,n] x′ when (x,m, n, x′) ∈+. The
relation is defined inductively such that
• if xi x′ then x+[i,i+1] x′;
• if x +[m,n] x′ and χn+1(x′) = χn(x′), then
x+[m,n+1] x′;
• if x+[m,n] x′ and x′ n x′′, then x
+
[m,n+1] x
′′.
4.2. Timing Assumptions
All of the timing assumptions presented in this paper
involve forks. Furthermore, these assumptions are defined
and applied in terms of general n-way forks, as opposed
to simply binary forks. The first such timing assumption
is frequently overlooked because it places restrictions on
forks internal to gates. These intra-operator forks are usually
concealed by sharing variables across distinct conjunctive
clauses within operator guard expressions, but they are made
explicit by disallowing shared variables in every proper
PRS. These forks are intentionally exposed, because they
exist in real circuits, and they accurately account for a
number of analog circuit constraints [9], [8].
The strong intra-operator fork assumption states that if
any branch of a fork emanating from gate Ox has been
acknowledged by a wire leading to another gate, say Ox′ ,
then all branches of the fork leading to Ox′ have been
acknowledged. This assumption is part of the standard gate-
based digital circuit abstraction; e.g. in CMOS circuits,
it abstracts away details such as switching slew rates and
relative transistor strengths. Additionally, it greatly simplifies
the execution model, as hazard-free execution sequences are
entirely within the digital realm; i.e. at every step each
variable can be interpreted as either T or F.
Definition 4.3. Let ~σ be a proper execution sequence. ~σ
satisfies the strong intra-operator fork timing assumption if
and only if for all pairs of gates Ox,Ox′ and every index i;
if xi y for some y ∈ x −→ · −→ x′, then
xi y′ for all y′ ∈ x −→ · −→ x′.
Consider a proper execution sequence ~σ, where σi
is specified by Figure 5, and the execution step where
χi+1 = χi[a2 7→ F]. This execution step does not satisfy
the strong intra-operator fork timing assumption as ai a2
but not ai a3.
The next assumption is nearly identical but constrains
forks branching out to distinct operators.
Definition 4.4. Let ~σ be a proper execution sequence. ~σ
satisfies the strong inter-operator fork timing assumption if
and only if for every gate Ox and index i
if xi y, then for all x′ such that x −→ · −→ x′ 6= ∅
xi y′ for some y′ ∈ x −→ · −→ x′.
Consider a proper execution sequence ~σ, where σi is
specified by Figure 5; since χi(a1) 6= χi(a2), ~σ does not
satisfy the strong inter-operator fork timing assumption.
Taken together, the strong intra-operator fork and inter-
operator fork timing assumptions are equivalent to the
standard isochronicity assumption.
Definition 4.5. Let ~σ be a proper execution sequence. ~σ
satisfies the strong fork timing assumption (SFTA) if and
only if it satisfies the properties of Definitions 4.3–4.4.
Defined next is the notion of an adversary path [2],
[3], a specific type of acknowledgment path beginning at
one branch of a fork and looping around to the target of
another branch of the same fork. Due to space limitations,
the definition given next is considerably simplified from the
version given in the extended version of this paper [10].
This allows for a much more compact proof in Section 5,
while still maintaining the key ideas. The implications of this
simplification are discussed in Section 5.7; for full details,
see [10].
Definition 4.6. Let Ox,Ou,Ov be distinct gates such that
x −→ · −→ u 6= ∅ and x −→ · −→ v 6= ∅. In
addition, let y i x for some y ∈ · −→ x. With respect
to y i x, an adversary is any acknowledgment path
x+[i,j] v 
+
[j,k] x
′, with x′ −→ · −→ u 6= ∅, and where for
all y′′ ∈ x −→ · −→ u and i < l ≤ k, χl(y′′) 6= χi(x).
Figure 6 completely exposes all inter-operator forks from
Figure 1. For clarity, since the strong intra-operator fork
timing assumption is assumed, intra-operator forks are not
drawn. Consider a proper execution sequence ~σ, where σi
is specified by Figure 6. Now imagine that Oa1 , the wire
between the inverter and the C-element, transitions; i.e.
χi+1 = χi[a1 7→ F]. Next, the C-element transitions and
χi+2 = χi+1[b 7→ T]; there is now an acknowledgment
path a +[i,i+1] a1 
+
[i+1,i+2] b. This acknowledgment
path is an adversary. Intuitively, this adversary path creates
a potential instability at Ox. For example, suppose that
χi+3 = χi+2[b1 7→ T]. This enables the NAND gate, Ox,
but the F at the output of the inverter, Oa, can propagate to
the a2 input of the NAND gate at any step, disabling the
NAND gate and generating an instability.
 
 


  
  


 
 


  
  


  
  


  
  


  
  


  
  
  
  


  
C
unacknowledged
adversary
a, F
d, T
c, F
x, T
c1, F
c3, F
a2, T
b, F
b1, F
b3, F
Ov
Ox
Ou
a1, T
Figure 6. Adversary path; at state σi = (χi, ∅).
Definition 4.7. Let ~σ be a proper execution sequence. ~σ
satisfies the weak inter-operator fork timing assumption if
and only if ~σ contains no adversaries.
The weak inter-operator fork timing assumption yields a
weaker assumption than SFTA. This weaker assumption is
the adversary path timing assumption (APTA). Section 5
proves that the SFTA and APTA assumptions are equivalent
with respect to the existence of hazards.
Definition 4.8. Let ~σ be a proper execution sequence. ~σ
satisfies the adversary path timing assumption (APTA) if
and only if it satisfies the properties of Definition 4.3 and
Definition 4.7.
Next, following the classic definition [6], a circuit is
defined as delay-insensitive if it is hazard-free under the
assumption that wires, gates, and forks have arbitrary but
finite delays.
Definition 4.9. Let P be a proper PRS. P is delay-
insensitive (DI) with respect to reset state σ1 if and only
if for all proper execution sequences ~σ with reset state σ1
and satisfying the properties of Definition 4.3, ~σ is stable
and non-interfering.
Finally, this paper provides a definition for quasi-delay-
insensitive and speed-independent circuits. In agreement
with [11], a circuit is SI if it is hazard-free under the
assumption that gates and wires can have arbitrary delays,
as long as these delays are positive and finite, but all wire
forks must transition at the same time, i.e. all sequences obey
the strong intra-operator fork and strong inter-operator fork
timing assumptions. Similarly, a circuit is QDI if it is hazard-
free (stable and non-interfering) under the assumption that
gates and wires can have arbitrary (positive and finite)
delays with all sequences obeying the strong-intra operator
fork timing assumption, and with a subset of the forks,
called isochronic forks, additionally obeying the strong inter-
operator fork timing assumptions.
Definition 4.10. Let P be a proper PRS. F denotes the
subset of operators of P that are wires.
Definition 4.11. Let P be a proper PRS, let F1,F2 partition
F , and assume that the constraints of Definitions 4.3 and
4.4 are satisfied by all forks in F1, i.e. they are isochronic,
but that the forks in F2 are only required to satisfy the
constraints of Definition 4.3.
(a) P is speed-independent (SI) w.r.t. to reset state σ1
if and only if the set of proper execution sequences
beginning with σ1 are stable and non-interfering and
F2 = ∅.
(b) P is quasi-delay-insensitive (QDI) w.r.t. to reset state
σ1 if and only if the set of proper execution sequences
beginning with σ1 are stable and non-interfering.
5. Equivalence of SFTA and APTA
Consider again Figure 5 and the operational definition of
PRS computation from Section 3; there are a number of
legal execution sequences from σi = (χi, ∅) that exhibit
hazards. For example, there is an interference hazard when
χi+1 = χi[b1 7→ T]. The goal of timing assumptions,
such as the strong intra-operator fork timing assumption
(Definition 4.3), is to restrict the set of execution sequences
so that hazards are excluded. Indeed, under the strong intra-
operator fork timing assumption, the above execution step
is impossible. Of course, different timing assumptions may
exclude different execution sequences. Moreover, they may
do so at different costs; i.e. some timing assumptions may be
weaker (easier to satisfy with physical circuits) than others.
This section primarily addresses the set of execution
sequences that are excluded under (a) the strong fork timing
assumption (SFTA, Definition 4.5), and (b) the adversary
path timing assumption (APTA, Definition 4.8). The goal
is to show that whenever the strong fork timing assumption
excludes all execution sequences exhibiting a hazard, then so
does the adversary path timing assumption; and vice versa.
Formally, the aim is to prove the following theorem:
Theorem 5.1. Let P be a proper PRS and σ1 a reset state.
P, σ1 is stable and non-interfering with respect to the strong
fork timing assumption (SFTA) if and only if P, σ1 is stable
and non-interfering with respect to the adversary path timing
assumption (APTA).
With respect to the interference hazard from Figure 5
when χi+1 = χi[b1 7→ T], both SFTA and APTA exclude
the execution sequence, because both entail the strong intra-
operator fork timing assumption. (It is worth noting that the
strong intra-operator fork assumption may not be strictly
necessary for proper SI circuit operation, but relaxing it falls
clearly in the realm of analog constraints and is orthogonal to
the equivalence of SFTA and APTA.) As a second example,
modify the initial state of Figure 5 so that σi = (χi[a1, a4 7→
T, b 7→ F], ∅). Consider the instability hazard exposed
through the execution sequence χi+1 = χi[a1, a4 7→ F],
χi+2 = χi+1[b 7→ T], χi+3 = χi+2[b1, b2 7→ T], and
χi+4 = χi+3[a2, a3 7→ F]. Ox is enabled at index i+3, but
no longer enabled at index i + 4 so that Ii+4 = {x}. Both
timing assumptions again reject this sequence, but this time
for different reasons. The execution step from i to i + 1 is
rejected under SFTA because χi+1(a1) 6= χi+1(a2). Under
APTA this execution step is allowed, but what is not allowed
is the sequence of acknowledgments a i a1 i+1 b.
The (⇐) direction of Theorem 5.1 is straightforward, and
is given in Section 5.1. The (⇒) direction is substantially
harder. Section 5.2 sketches the main idea of the proof of
Theorem 5.1 (⇒) at a high level. Sections 5.3 – 5.6 develop
the details, and Section 5.7 discusses several implications of
the proof.
5.1. Theorem 5.1 (⇐)
Proof: Every SFTA execution sequence is also an
APTA execution sequence. Toward a contradiction, as-
sume there exists an execution sequence ~σ which is SFTA
but not APTA. ~σ must contain an adversary path. Let
x +[i,j] v 
+
[j,k] y
′ be as in Definition 4.6. By the
definition, for some index l, i < l < j, and all z, z′
with z ∈ x −→ · −→ v and z′ ∈ x −→ · −→ u,
χl(z) 6= χl(z′). This contradicts the strong inter-operator
fork timing assumption.
5.2. Theorem 5.1 (⇒) Overview
The proof of Theorem 5.1 follows by contradiction:
assuming that SFTA is stable and non-interfering, it is shown
that the existence of a hazardous APTA sequence implies
also a hazardous SFTA execution sequence, an obvious
contradiction. The proof given in the following sections is
constructive, and so given an APTA execution sequence
~σ with a hazard, it is shown how to construct an SFTA
execution sequence that also has a hazard.
The construction crucially relies on the notions of re-
laxation (Definition 5.2) and variant execution sequence
(Definition 5.4). Given an APTA execution sequence, ~σ, a
variant is a modified execution sequence, say ~σ′, in which
certain transitions on wires are either forced or suppressed.
In Figure 5, assuming again a modified initial state σi =
(χi[a1, a4 7→ T, b 7→ F], ∅), consider going from σi = (χi, ∅)
to χi+1 = χi[a1, a4 7→ F]. This execution step is APTA
but not SFTA because χi+1(a1) 6= χi+1(a2). The condition
where the branches of the Oa fork differ between gates
Ox and Ob is called a relaxation, and the modifications
that are made in a variant sequence are with respect to
relaxations. One possible variant of the above execution
step is to force a2, a3 to acknowledge a along with a1, a4,
so that χ′i+1 = χi[a1, a2, a3, a4 7→ F]; the second type
of variant suppresses the acknowledgment of a on a1, a4,
so that χ′i+1 = χi. Note that in both cases the modified
execution sequence is SFTA.
A main insight of the proof is the identification of a
gate, say Ou, that is the inherent origin of a hazard.
Moreover, the proof makes concrete the forced/suppressed
transitions needed to manifest this hazard at Ou. The gate
is identified by considering the variant of ~σ in which all
relaxations are forced, call this variant ~σ+, and is found at
the smallest index, say j, where there is a gate, Ou, such
that χj(u) 6= χ+j (u).
The details of Theorem 5.1 (⇒) are broken down as
follows. Due to space limitations, certain details are given in
[10]. Section 5.3 formally defines the notions of relaxation
and variant. Section 5.3 also establishes (see Lemma 5.7)
that all variants are SFTA. Section 5.4 isolates the hazard
to a specific index and gate. Section 5.5 characterizes
exactly how certain specific variants differ from the original
APTA sequence. Finally, Section 5.6 demonstrates that the
differences proved in the previous section are minor enough
to yield a hazard in the SFTA variant when the APTA
sequence has a hazard, which is finally proved in Section 5.6.
5.3. Relaxations and Variant Execution Sequences
The notion of relaxation encapsulates the idea that the first
difference between the two timing assumptions manifests
itself on the branches of a fork between two different gate
operators. More specifically, using the weak inter-operator
fork timing assumption, a signal may propagate to one gate
at the end of a fork branch and not to another gate at the end
of a different branch; while by definition, this is impossible
under the strong inter-operator fork timing assumption.
Definition 5.2. Let ~σ be an APTA execution sequence.
Associated to ~σ is a set of relaxations, R~σ , with
R~σ ⊆ V × V × N× N ∪ {∞}
such that (x, u,m, n) ∈ R~σ if and only if
• Ox,Ou are gates, m < n, and x −→ · −→ u 6= ∅.
• For some y ∈ x −→ ·; xm y.
• For some y ∈ x −→ ·, xn y; or n =∞.
• For all y ∈ x −→ · and i such that m < i < n; x/ iy.
• For all y′ ∈ x −→ · −→ u, χm+1(y′) 6= χm(x).
When ~σ is clear from context, R is used in place of R~σ .
The essential idea behind constructing a variant execution
sequence is to modify an APTA execution sequence at
relaxed forks. There are two types of local modifications
when a fork has a relaxation: the relaxed branches can be
made to mimic the non-relaxed branches by forcing tran-
sitions; alternatively the non-relaxed branches can be made
to mimic the relaxed branches by suppressing transitions.
Conceptually, it is simpler to consider such modifications
over a set of related relaxation points, a “relaxation span”,
rather than at every individual relaxation.
Definition 5.3. Let ~σ be an APTA execution sequence. The
relaxation span set,
S~σ ⊆ V × N× N ∪ {∞}
is defined such that for every maximal sequence of relax-
ations
(x, u1,m, i1) (x, u2, i1, i2) · · · (x, uk, ik−1, n)
with χi(x) = χm−1(x) for all m ≤ i ≤ ik−1;
(x,m, n) ∈ S~σ .
In the above definition, “maximal” means that there is
no longer sequence which includes the given one. Consider
an (APTA) execution sequence ~σ. The formal definition of
variant attempts to mimic ~σ as closely as possible except
with the relaxation spans. For a span (x,m, n) ∈ S, the
branches y ∈ x −→ · of the fork from Ox are either all
forced, or all suppressed. Since every relaxation is part of
a span, and across a span all branches of a fork are treated
equally, a variant will always be SFTA. This is proved
formally in Lemma 5.7.
The set S+ in the definition of variant corresponds to
spans which are forced. The set S− corresponds to spans
which are suppressed. The definition is broken up into pieces
to facilitate explanation of the construction.
Definition 5.4. Let ~σ be an APTA execution sequence and
let S+,S− partition S. The variant of ~σ with respect to
S+,S− is the execution sequence, say ~σ′, such that σ′1 = σ1,
and . . . (continued below)
For gates, ~σ′ should always mimic ~σ if it can, and
otherwise a default action should be taken. The default
action forces the previous value of x to persist across the
execution step.
Definition 5.5. Let P be a proper PRS and χ, χ′ : V −→ B.
For any operator Ox, χ, χ′ agree on Ox, χ(Ox)⇔ χ′(Ox),
if and only if they give the same interpretation with respect
to the predicates of Definition 3.3.
(Definition 5.4 Cont., Gates). . . . for i+1 > 1 and x such
that Ox is a gate:
χ′i+1(x) = χi+1(x) if χ
′
i(Ox)⇔ χi(Ox) and (1a)
y i x for some y
χ′i+1(x) = χ
′
i(x) otherwise (1b)
The same basic strategy employed for gates is also used
for wires, except across a span.
(Definition 5.4 Cont., Wires). . . . for i+1 > 1 and y such
that Oy is a gate with y ∈ x −→ ·:
χ′i+1(y) = χm(x) if χ
′
m(Oy)⇔ χm(Oy) and (2a)
there exists a (x,m, n) ∈ S+
with m ≤ i < n
χ′i+1(y) = χ
′
m(y) if χ
′
m(Oy)⇔ χm(Oy) and (2b)
there exists a (x,m, n) ∈ S−
with m ≤ i < n
χ′i+1(y) = χi(x) if χ
′
i(Oy)⇔ χi(Oy), there is (2c)
no (x,m, n) ∈ S+ ∪ S− with
m ≤ i < n, and xi y′ for
some y′ ∈ x −→ ·
χ′i+1(y) = χ
′
i(y) otherwise (2d)
It is straightforward to show that Definition 5.4 yields
a well-defined execution sequence. Finally, Lemma 5.7
demonstrates that all variant execution sequences are SFTA.
Lemma 5.6. Let ~σ be an APTA execution sequence and
~σ ′ a variant of ~σ . ~σ ′ is a proper execution sequence with
the same reset state as ~σ .
Proof: Straightforward; see [10].
Lemma 5.7. Let ~σ be an APTA execution sequence and
~σ ′ a variant of ~σ . ~σ ′ is SFTA.
Proof: By induction. It is sufficient to show that for all
gates Ox and every index i, if y, y′ ∈ x −→ ·, then χ′i(y) =
χ′i(y
′). At i = 1, σ′1 = σ1 and the result follows from the
definition of a proper execution sequence reset state. Assume
the result up to i; it must be shown to extend to i+ 1.
Toward a contradiction, suppose χ′i+1(y) 6= χ′i+1(y′) for
some such y, y′ as above. It is easy to show that for any
of the cases, if χ′i+1(y) is defined by that case, then so is
χ′i+1(y
′). Clearly, both χ′i+1(y) and χ
′
i+1(y
′) cannot be de-
fined by case (2a) or case (2c) (this would force χ′i+1(y) =
χ′i+1(y
′) = χm(x) or χ′i+1(y) = χ
′
i+1(y
′) = χi(x),
respectively); similarly, χ′i+1(y), χ
′
i+1(y
′) cannot both be
defined by case (2b) or both be defined by case (2d) (by
the induction hypothesis).
5.4. Isolating the Hazard
Let ~ω be some unstable or interfering APTA execution
sequence. This execution sequence is carried through the
remainder of the proof of Theorem 5.1 (⇒), and is used to
distinguish from ~σ, which is used more generally. From ~ω a
“refined” APTA sequence is generated, ~ω′, and it is proved
that a specific variant of ~ω′, ~ω′−, also contains a hazard.
This implies a contradiction because all variants are SFTA.
~ω′ is constructed so as to isolate the hazard to an index
j and specific gate Ou. The construction is notable because
the differences between ~ω′ and ~ω′− are extremely limited.
The exact differences are given by Lemma 5.11. This allows
for a relatively straightforward comparison of ~ω′ and ~ω′−
showing that the variant sequence contains a hazard. Index
j and gate Ou are found by comparing ~ω′ with ~ω′+, the
variant of ~ω′ where all relaxation spans are forced.
Definition 5.8. Let ~σ be an APTA execution sequence. ~σ+
denotes the variant of ~σ with respect to S, ∅.
Refinement. Consider ~ω and ~ω+. Let j be the smallest index
such that either Ij 6= ∅ or for some gate Ou, χj+1(u) 6=
χ+j+1(u). Refine ~ω to the execution sequence ~ω
′ as follows
. . . (continued below)
The refinement branches based on the two conditions, i.e.
Ij 6= ∅ or not. The details of the first case are omitted
for space (see [10]) but are quite similar to when Ij = ∅.
The second case is the key idea developed for the proof.
χj+1(u) 6= χ+j+1(u) indicates the potential for an instability
hazard at Ou. It will be shown that, essentially, if all of
the relaxed forks leading to Ou at index j are forced to
transition, then Ou becomes disabled. The remainder of
the Refinement and proofs below deal with the details of
demonstrating this result formally.
(Refinement Cont., (Ij = ∅)). Let Z ⊆ S be such that
for all (x,m, n) ∈ S, (x,m, n) ∈ Z if and only if there is
a (x, u, k, l) ∈ R with m ≤ k < j ≤ l ≤ n. For all i ≤ j
and x ∈ V
χ′i(x) = χm(x) if there exists a (x,m, n) ∈ Z
with m < i ≤ n.
χ′i(x) = χi(x) otherwise
for i = j + 1
χ′j+1(x) = χm(z) if there exists a (z,m, n) ∈ Z
with z −→ x.
χ′j+1(x) = χ
′
j(x) otherwise
and for all i > j + 1, ω′i = ω
′
j+1.
Lemma 5.9. Let ~ω and ~ω′ be as in the refinement; ~ω′ is an
APTA execution sequence with the same reset state as w.
The main intuition as to why Lemma 5.9 is true comes
from the fact that for i ≤ j, ~ω and ~ω′ differ at some gate
Ox if and only if (x,m, n) ∈ Z , where m < j ≤ n. By
Definitions 5.2 and 5.3, for all y ∈ x −→ ·, m < k < n,
x/ky. That is, even if Ox transitions at some state, say ωk,
m < k < n, no wire could have observed this transition
prior to ωn. As such, x can clearly be held at its initial state
in ωm until ωn.
Proof: See [10].
5.5. Constructing the Hazardous SFTA Sequence
The SFTA variant of ~ω′ that will be shown to contain a
hazard is defined so that every relaxation span (x,m, n) ∈ Z
is suppressed, while every other relaxation span is forced.
This execution sequence is denoted ~ω′−. Every difference
between χ′i(x) and χ
′−
i (x) gets accounted for in Lemma
5.11 below. Unless x is the relaxed branch of a fork from a
span (x′,m, n) ∈ S \ Z , then the lemma essentially shows
that χ′i(x) is on an acknowledgment path from a suppressed
(x′,m, n) ∈ Z .
Definition 5.10. Let ~σ be an APTA execution sequence
and Z ⊆ S. ~σ− denotes the variant of ~σ with respect to
S \ Z, Z .
Lemma 5.11. Let ~ω′, j, Ou, and Z be as in the Refinement.
With respect to ~ω′−, for all i ≤ j and x, if χ′i(x) 6= χ′−i (x)
then either
(a) there is a (x′,m, n) ∈ S \ Z with x ∈ x′ −→ · and
relaxed at m < i ≤ n,
(b) there is a (x′,m, n) ∈ Z such that x′ +[m,i] x in ~ω′.
Proof: see [10].
5.6. Theorem 5.1 (⇒)
Proof:
(Ij = ∅). Let y ∈ · −→ u be such that χ′−j (y) 6= χ′j(y).
By Lemma 5.11, either (a) there is a (x,m, n) ∈ S \Z and
x −→ · −→ u is relaxed at m < j ≤ n, or (b) there is a
(x,m, n) ∈ Z and x+[m,j] y in ~ω′. Case (a) is impossible
by the construction of the Z set, and case (b) is impossible
by the definition of adversary path (x −→ · −→ u is relaxed
at m < j ≤ n, yet there is an acknowledgment from x at
m that leads back to Ou at index j). Therefore, for all y ∈
· −→ u, χ′−j (y) = χ′j(y). By similar reasoning, χ′−j (u) =
χ′j(u) = χj(u). It remains to be shown that χ
′
j+1(y) =
χ+j (y) for all y ∈ · −→ u (this implies an instability in
~ω′−). A simple corollary to Lemma 5.11 establishes that
χ+j (y) 6= χ′j(y) exactly on those y ∈ x −→ · −→ u that are
relaxed at j. By the construction of the refinement and case
(2c) of the definition of variant, these are exactly the y that
change in the execution step from χ′−j to χ
′−
j+1. Therefore,
for all y ∈ · −→ u, χ′−j+1(y) = χ+j (y) and Ou gets disabled,
an instability and a contradiction that SFTA is stable and
non-interfering.
(Ij 6= ∅). see [10].
5.7. Discussion
From the proof of Theorem 5.1, it is clear that for certain
forks, the adversary path timing assumption is in some sense
the weakest timing assumption equivalent to the strong fork
timing assumption; no path longer than an adversary path
can yield a timing assumption that is equivalent to APTA
or SFTA with respect to the existence of hazards. However,
suppose that the forks within a proper PRS are partitioned
into isochronic and non-isochronic forks, i.e. into the sets
F1 and F2 respectively (from Definitions 4.10 and 4.11).
Since no timing assumption whatsoever need be applied to
the forks in F2, the assumption of APTA (as defined in
this paper) may disallow the final gate in an F2 adversary
path from transitioning even though the resulting transition
would never generate a hazard.
Partitioning the forks as described, and applying APTA
exclusively to the forks in the F1 set can also unnecessarily
prevent the final gate in an adversary path from transitioning.
Moreover, this can occur for a number of reasons, e.g. some
fork in F1 is isochronic for up-going transitions but not for
down-going transitions or vice versa. To properly address
this issue, [10] defines an extended version of adversary
path; however, the extended definition is considerably more
complicated both intuitively and technically, and the corre-
sponding equivalence proof is therefore more involved.
6. Related Work
The importance of understanding timing assumptions in
asynchronous circuits is well-known [6], [12]. Furthermore,
it is recognized that strict isochronicity (SFTA) is both
difficult to satisfy [13] and unnecessary for hazard-free
operation. The adversary path is described directly in [3],
and similar timing assumptions are described in [14], [15].
These works provide important intuition as to why relaxing
the strong fork timing assumption to the adversary path
assumption is sufficient for ensuring hazard-free operation.
However, they do so without a formal framework, and hence
without proof of correctness. Moreover, they do not provide
any intuition as to why the adversary path timing assumption
is the weakest timing assumption that is both necessary and
sufficient for correct operation of SI circuits.
Other works have generated useful extensions of SI cir-
cuits that relax isochronic forks, e.g. the extended isochronic
fork from [16]. The extended isochronic fork allows for
additional gates to be placed on the unacknowledged branch
of a fork and can yield more compact circuits. It seems clear
that the adversary path assumption naturally extends to this
assumption; although a formal proof establishing this is not
given. Similarly, the timing constraint on orphans in NULL
convention logic is almost certainly a specific variant of an
adversary path; but, again, this is not formally established in
this paper. However, by providing a formalization at the level
of switching networks, the current work could be extended
to investigate such issues further.
7. Conclusion
This paper presents a complete formalization of the no-
tion of production rule sets, a well-known asynchronous
computation system. Using this system, a number of fork-
related timing assumptions are also formalized, including
the adversary path assumption, and these formalizations
are employed in order to characterize several important
asynchronous logic frameworks. Finally, it is proved that
the adversary path timing assumption is both a necessary
and a sufficient condition for correct operation of speed-
independent circuits and various extensions of SI circuits.
However, the model of computation presented, like all
models, has limitations. First, it does not provide syntactic
or semantic support for pass-transistors. Second, it does not
directly include the transistors required to physically reset
a PRS. Third, wires are assumed to be perfect. Finally,
the model does not support interfering state-holding circuits
such as cross-coupled inverters. The first two limitations are
relatively minor; they have been excluded for clarity. The last
two limitations require considerable effort to remedy without
excessively encumbering the specification of the system, and
are therefore left as future work.
Acknowledgment
Acknowledgment is due to Chris J. Myers, Piyush
Prakash, and to the members of our research groups for their
excellent comments and insights. The research described in
this paper is in part supported by a grant from the National
Science Foundation.
References
[1] A. J. Martin, “Compiling communicating processes into
delay-insensitive VLSI circuits,” Distributed Computing,
vol. 1, no. 4, 1986.
[2] A. Martin and M. Nystrom, “Asynchronous techniques for
system-on-chip design,” Proceedings of the IEEE, vol. 94,
no. 6, 2006.
[3] A. J. Martin and P. Prakash, “Asynchronous nano-electronics:
Preliminary investigation,” in Asynchronous Circuits and Sys-
tems, 2008. ASYNC ’08. 14th IEEE International Symposium
on, 2008.
[4] D. E. Muller, W. Bartky, and S, “A theory of asynchronous
circuits,” in Laboratory of Harvard University, Vole 29, Part
I, Harvard University Press, 1959.
[5] R. E. Miller, Switching Theory, Volume II: Sequentical Cir-
cuits and Machines. John Wiley & Sons, Inc., 1965.
[6] A. J. Martin, “The limitations to delay-insensitivity in asyn-
chronous circuits,” in AUSCRYPT ’90: Proceedings of the
sixth MIT conference on Advanced research in VLSI. MIT
Press, 1990.
[7] D. B. Armstrong, A. D. Friedman, and P. R. Menon, “Design
of asynchronous circuits assuming unbounded gate delays,”
IEEE Trans. Comput., vol. 18, no. 12, 1969.
[8] K. Papadantonakis, “Design rules for non-atomic implemen-
tation of PRS,” California Institute of Technology, Tech. Rep.
CaltechCSTR:2005.001, 2005.
[9] A. De Gloria, P. Faraboschi, and M. Olivieri, “Design and
characterization of a standard cell set for delay insensitive
VLSI design,” Circuits and Systems II: Analog and Digital
Signal Processing, IEEE Transactions on, vol. 41, no. 6, 1994.
[10] S. Keller, M. Katelman, and A. J. Martin, “A necessary and
sufficient timing assumption for speed-independent circuits
(extended version),” California Institute of Technology, Tech.
Rep. CaltechCSTR:2009.001, 2009. [Online]. Available:
http://resolver.caltech.edu/CaltechCSTR:2009.001
[11] P. Beerel, J. Burch, and T.-Y. Meng, “Sufficient conditions for
correct gate-level speed-independent circuits,” in Advanced
Research in Asynchronous Circuits and Systems, 1994., Pro-
ceedings of the International Symposium on, 1994.
[12] K. Stevens, R. Ginosar, and S. Rotem, “Relative timing
[asynchronous design],” Very Large Scale Integration (VLSI)
Systems, IEEE Transactions on, vol. 11, no. 1, 2003.
[13] K. van Berkel, “Beware the isochronic fork,” Integr. VLSI J.,
vol. 13, no. 2, 1992.
[14] K. Fant, Logically Determined Design. John Wiley & Sons,
Inc., 2005.
[15] N. Sretasereekul and T. Nanya, “Eliminating isochronic-
fork constraints in quasi-delay-insensitive circuits,” in Design
Automation Conference, 2001. Proceedings of the ASP-DAC
2001. Asia and South Pacific, 2001.
[16] K. van Berkel, F. Huberts, and A. Peeters, “Stretching quasi
delay insensitivity by means of extended isochronic forks,”
Asynchronous Design Methodologies, 1995. Proceedings.,
Second Working Conference on, 1995.
