Abstract. The ability to migrate tasks from one reconfigurable node to another improves the fault tolerance of distributed reconfigurable systems. The degree of fault tolerance is inherent to the system and can be optimized during system design. Therefore, an efficient way of calculating the degree of fault tolerance is needed. This paper presents an approach based on satisfiability testing (SAT) which regards the question: How many resources may fail in a distributed reconfigurable system without losing any functionality? We will show by experiment that our new approach can easily be applied to systems of reasonable size as we will find in the future in the field of body area networks and ambient intelligence.
Introduction
Distributed reconfigurable systems [1, 2] are becoming more and more important for applications in the area of automotive, body area networks, ambient intelligence, etc. The most outstanding property of these systems is the ability of reconfiguration. In terms of system synthesis, this means that the binding of tasks to resources is not static, i.e., the binding changes over time. Recent research was focused on the OS support for FPGAs [3] by dynamically assigning hardware tasks to an FPGA.
In a network of connected FPGAs it is possible to migrate hardware tasks from one node to another. Thus, resource faults can be compensated by rebinding tasks to fully functional nodes of the network. The process of rebinding is also called repartitioning. Distributed reconfigurable systems that support repartitioning possess an inherent fault tolerance. The degree of fault tolerance is a static property of the system and ,hence, can be optimized during system design. In order to evaluate the degree of fault tolerance, we define a new objective called k-bindability. A system is called k-bindable iff any set of k resources is redundant. Note, it may be possible that more than k resources are redundant but the k-bindability determines that k such that any set of k arbitrary resources can be removed from the system without losing any functionality. The main contribution of this paper is to provide an efficient way based on SAT techniques to determine the k-bindability during system design. This problem is twofold: In a first step, we will reduce the well known binding problem from system synthesis to the satisfiability problem for boolean formulas. Next, we show how to calculate the kbindability of a system using quantified boolean formulas (QBFs). Therefore, we focus on two particular system synthesis problems:
1. Does there exist a feasible binding for a given specification of a distributed reconfigurable system that supports repartitioning? 2. How many resources may fail in a distributed reconfigurable system that supports repartitioning without losing any functionality?
With this novel approach, we can optimize the fault tolerance of distributed reconfigurable system in an early design phase. In other words, we can maximize the k-bindability of such a system for a limited number of reconfigurable nodes and connections during design space exploration. The problem to decide the satisfiability of QBFs is an important research issue in Artificial Intelligence, since QBF is the prototypical PSPACE-complete problem. Other PSPACE-hard problems from, e.g., conditional planning [4], non monotonic reasoning [5] , and hardware verification [6] have been polynomially reduced to QBF. In the past several decision procedures for QBFs have been proposed in the literature [7] [8] [9] [10] .
This paper is structured as follows: In Section 2 we introduce the formal specification model of distributed reconfigurable systems used in this paper. The following section shows how to reduce the binding problem to the satisfiability problem of boolean formulas. In Section 4 a QBF-based approach to determine the k-bindability of a distributed reconfigurable systems that supports repartitioning is proposed. Finally, we will show by experiment (Section 5) that problem instances of reasonable size are easily solved by the Davis-Putnam based QBF solver Qsolve [9].
Preliminaries
In order to specify distributed reconfigurable systems, we use a graph-based approach. First, we model the behavior of a system using a directed graph, called task graph. The vertices of the task graph represent tasks t ∈ T where T is a finite set. The edges of the task graph model data dependencies d ∈ D between the tasks, i.e., D ⊆ T × T .
On the other hand, we model the architecture of our distributed reconfigurable system by a so-called architecture graph. An architecture graph is also a directed graph, where vertices correspond to reconfigurable nodes r ∈ R of the network. Edges of the architecture graph model directed connections c ∈ C ⊆ R × R between the nodes.
To relate tasks t ∈ T and reconfigurable nodes r ∈ R, mapping edges m ∈ M map tasks to nodes. A mapping edge m = (t, r) indicates that t may be executed on r. Note that more than one mapping edge could be associated with a task t or a reconfigurable node r, modeling possible bindings and resource sharing, respectively. Such graph-based models are also used in commercial systems like VCC [11] .
Example 1. Figure 1 shows a specification of a distributed reconfigurable system. The set of tasks T and data dependencies D are given by T = {t 0 , t 1 , t 2 } and D =
