In this paper we investigate the behaviour of GALS (Globally Asynchronous Locally Synchronous) systems in the context of VLSI circuits. The specification of a system is given in the form of a Petri net. Our aim is to re-design the system to optimise signal management, by grouping together concurrent events. Looking at the concurrent reachability graph of the given Petri net, we are interested in discovering events that appear in "bundles", so that they all can be executed in one clock tick. The best candidates for bundles are sets of events that appear and re-appear over and over again in the same configurations, forming "persistent" sets of events. Persistence was considered so far only in the context of sequential semantics. Here we introduce a notion of persistent steps and discuss their basic properties. We then introduce a formal definition of a bundle and propose an algorithm to prune the behaviour of a system, so that only bundle steps remain. The pruned reachability graph represents the behaviour of a re-engineered system, which in turn can be implemented in a new Petri net using the standard techniques of net synthesis. The proposed algorithm prunes reachability graphs of persistent and safe nets leaving bundles that represent maximally concurrent steps. 
Introduction
Traditional circuit design styles have been following one of the two main strands, namely synchronous and asynchronous. In a nutshell, these two approaches differ in their techniques of synchronising interaction between circuit elements. Asynchronous designs adopt 'on request' synchronisation where interaction is regulated by means of handshake control signals. They are designed to be adaptive to delays of signal propagation. Synchronous designs, on the other hand, assume worst case delay between circuit elements and determine a global periodic control signal for synchronisation called the clock. The clock signal limits the many sequencing options considered in asynchronous control. Thus synchronous circuits are considered to be a proper subset of asynchronous circuits [6] .
Asynchronous logic was the dominant design style with most early computers. In particular, David Muller's speed-independent circuits, dating back to the late 1950s, have served many interesting applications such as the ILLIAC I and ILLIAC II computers [15] . However since 1960, an era when fabrication of integrated circuits (ICs) became a feasible business, synchronous design became the mainstream technique as it met the market needs with its shorter design cycle. Today, majority of designs are synchronous, well etched in the heart of semiconductor industry together with superior CAD tools and EDA flows. One of the main issues with the complexity of asynchronous circuits was the handling of hazards. Hazards are manifestations of undesirable switching activity called glitches. In the asynchronous style of synchronisation, the output of each circuit element is potentially sensitive to its inputs. This can give rise to non-monotonic pulses (or glitches) when transitioning between output states, as illustrated in the waveform of Figure 1 taking the case of an AND gate. Due to tight timing between the rising edge of input a and falling edge of input b, the output c produces a non-monotonic pulse before stabilising to a low. This behaviour is hazardous as it is uncertain how the fanout of the AND gate will interpret the glitch; the output c temporary switching to logical 1 or staying at logical 0 all the time.
As shown, for instance, in paper [19] , the phenomenon described in the above example can be conveniently interpreted in terms of formal models such as Keller's named transition systems [11] or Petri nets [6] . In particular, what we see in this circuit is the effect where a signal that is enabled (rising edge of c) in a certain state of the circuit may become disabled without firing after the occurrence of another signal (falling edge of b). Such an effect corresponds to the violation of persistence property at the level of signal transitions if the latter are used to label the corresponding named transition system. Furthermore, when such a circuit is modelled by a labelled Petri net following the technique of [19] , the Petri net would also be classified as a non-persistent one. Thus, it was shown in [19] that the modelling and analysis of an asynchronous circuit with respect to hazard-freedom is effectively reduced to the analysis of persistence of its corresponding Petri net model. Synchronous circuits, on the other hand, do not require persistence satisfaction as they are intrinsically immune to hazardous behaviour. The principle reason being that the clock, set at worst-case latency period, filters out undesirable circuit switching. This greatly simplifies circuit design compared to asynchronous methods wherein the same circuit had to be analysed for persistence and redesigned to ensure glitch-free operation. Clocked circuits are thus preferred over asynchronous circuits for designing functionally correct (hazardimmune) ICs efficiently. However with chip sizes scaling to deep sub-micron level, semiconductors are experiencing severe variability and it is becoming extremely complicated to design chips in the synchronous fashion. This is because designing for variability requires longer safety margins which in turn reduces the clock frequency and degrades circuit performance. To cope with these challenges, asynchronous design methodologies have re-emerged owing to their inherent adaptiveness. However, they still suffer significant challenges such as complicated design flow, high overhead costs from control and, lack of CAD support tools and legacy design reuse. Therefore attempts are being made to find a compromise.
An on-trend intermediate solution is mixed synchronous-asynchronous design, chiefly acting in the form of Globally Asynchronous Locally Synchronous (GALS) methodology; its benefits well known in literature [10, 9, 17] . GALS system design, introduced in [5] , can exploit the advantages of asynchrony and at the same time maximally reuse the products of synchronous design flow. This design technique divides a digital system into synchronous islands which communicate asynchronously by handshake mechanism. Each island has its own local clock which can be activated on demand by means of a handshake control signal. Such systems comprise a mixed temporal behaviour. Asynchronous handshakes handle switching between components where adaptability can significantly improve performance, while clocking is applied to components where worst case performance is tolerable. However, it is worthy of note that modelling GALS systems would involve detection of potential hazardous states due to presence of asynchronous components, making their design and verification a significant research challenge.
Being a recent trend, there is a lack of formal models that describe correctness of GALS designs. The complexity in modelling them begins with the investigation of persistence. It should be noted that the standard notion of persistence has been defined at the level of single actions, which is also known as interleaving semantics of concurrency. This notion has been adequate for representing the correctness of the behaviour of circuits that are fully asynchronous. In asynchronous circuits, there is concurrency between independent actions and sequential order between causally related actions. This notion is well represented by Keller's named transition systems [11] . Figure 2 (a) depicts such a model capturing the asynchronous behaviour of a system with four events A, B, X and Y . Now, in synchronous circuits, the clock signal would trigger a single action or several actions. These circuits exhibit parallelism between actions in the same clock cycle and sequential order between groups of actions in adjacent clock cycles. To represent this group execution of actions, we will use steps, and therefore we need step transition systems to represent such a behaviour. A step represents a single action or a group of actions that are triggered simultaneously from a particular state by the clock signal. Synchronous and asynchronous systems have distinct techniques to guarantee functionally correct behaviour. However, for GALS systems, it is not so straightforward as correctness should be accounted from both angles. We would like to find an adequate representation of the correct behaviour of GALS systems. Here, it would be natural to define such a behaviour in analogous way as it was done for asynchronous circuits, i.e. with the use of the notion of persistence. However, when modelling GALS systems we have to consider complex actions, namely steps, and corresponding transition systems. This paper is hence centred around extending the notion of persistence to steps.
The paper is organised as follows. Section 2 recalls the basic definitions and notations concerning step transition systems and PT-nets. Section 3 introduces the notion of persistent steps and discusses their basic properties. Section 4 presents the main result of the paper, an algorithm that prunes the concurrent reachability graph of a net, which serves as an initial system specification, to obtain a representation of a desired "GALS" behavior. Finally, section 5 contains conclusions and presents directions for future work.
Preliminaries
In this section we recall definitions and notations concerned with step transition systems and Petri nets used in the rest of this paper.
Step Transition Systems
Let T be a finite set of net transitions representing actions of a concurrent system. A set of transitions will be called a step, and we will use α, β, γ, . . . to range over all steps P(T ). Sometimes we will identify a step α with its characteristic function α : T → {0, 1}. We will also write α = t∈T α(t) · t. The size of α will be defined by the number of its elements and denoted by |α|.
Definition 1 (st-system). A step transition system (or st-system) over T is a triple STS = (Q, A, q 0 )
consisting of a set of states Q including the initial state q 0 ∈ Q, and a set of labelled arcs A ⊆ Q × P(T ) × Q. It is assumed that:
-the transition relation is deterministic, i.e., if (q, α, q ′ ) ∈ A and (q, α, q
-each state is reachable, i.e., if q ∈ Q then there are steps α 1 , . . . , α n (n ≥ 0) and states q 1 , . . . , q n = q such that
We introduce the following notations:
− →} is the set of all steps enabled at a state q.
-active STS (q) = {α | q α − →} is the set of all transitions active at a state q (the transitions that feature in the steps enabled at q).
-En STS = {α | ∃q ∈ Q : q α − →} is the set of all the enabled steps of STS .
-max(q) = {α ∈ En STS (q) | ∀β ∈ En STS (q) : α ⊂ β} is the set of all maximal steps enabled at a state q.
PT-nets
A PT-net is a tuple N = (P, T, W, M 0 ), where P and T are disjoint sets of respectively places and transitions, W : (P × T ) ∪ (T × P ) → N is an arc weight function, and M 0 : P → N is an initial marking (in general, any mapping M : P → N is a marking). We will use the standard conventions concerning the graphical representation of PT-nets, as illustrated in Figure 3 (a). For every element x ∈ P ∪ T , we denote If x ∈ T , we will call p ∈
• x a pre-place of x and p ∈ x • a post-place of x. The dot-notation extends in the usual way to sets of elements, for example,
Moreover, for every place p ∈ P and step α ∈ P(T ), we denote:
In other words, W (p, α) gives the number of tokens that the firing of α removes from p, and W (α, p) is the total number of tokens inserted into p after the execution of α.
Given a PT-net N = (P, T, W, M 0 ), a step α ∈ P(T ) is enabled and may be fired at a marking M if, for every place p ∈ P :
We denote this by M [α . (For a singleton step α = {t}, we will write M [t rather than M [{t} .) Firing such a step leads to the marking M ′ , for every place p ∈ P defined by:
We denote this by
is the set of reachable markings and Figure 3 (b) shows the concurrent reachability graph of the PT-net in Figure 3 (a). Furthermore, we will call α 1 . . . α n , as in the formula (3), a step sequence and write
Note that sequential conflict implies concurrent conflict, but not necessarily vice versa.
Definition 4 (safe net). A PT-net
In view of the above definition, the markings of safe nets can be treated as subsets of the set of places P , where a marking is a set of places for which M (p) = 1.
Step persistence in nets
Muller's speed independent theory provided a unique method for guaranteeing hazard-freeness of asynchronous circuits [14] . The semimodularity condition in this work required that an excitation of a circuit element must not be removed until absorbed by the system [18] . This condition was identified by Keller in [11] 1 to be the same as the property of persistence in his named transition system model for asynchronous parallel computation. Thus satisfying the property of persistence became one of the key requirements when designing hazard-free asynchronous circuits.
Later, the idea of persistence was investigated in many papers, for example, in [1-4, 7, 13, 19] . However, with the exception of [7] , it was only considered in the context of sequential executions of systems, and defined for transitions (rather than steps) as follows:
Definition 5 (persistent net, [13] ). A PT-net N = (P, T, W, M 0 ) is persistent if for all distinct transitions t, t ′ ∈ T and any reachable marking M ,
We can re-write this definition from the point of view of single transition as follows:
The following definition gives three versions (A, B and C) of a definition of a persistent step. In each case, we try to capture the fact that a persistent step, which is enabled at some reachable marking M , cannot be disabled by another enabled step. The difference in the versions lies either in the different understanding of what 'not to be disabled' means or what we mean by a 'different' step. Notice that the introduced notions of a persistent step are defined globally and the required conditions must be satisfied at all the markings, where a candidate for a persistent step is enabled.
2
Definition 7 (persistent step in a net). A step α ∈ P(T ) is A-persistent, B-persistent and C-persistent in a PT-net N = (P, T, W, M 0 ) if respectively the following hold:
As can be easily seen, each of the three versions is a conservative extension of the standard definition of a persistent transition (see Definition 6) . A-persistence requires that only unexecuted part of a step α should not be disabled, while Bpersistence and C-persistence insist on continued enabledness of the persistent step α. In B-persistence, two steps are considered different if their intersection is empty, while for A-persistence and C-persistence it is enough if different steps do not coincide (but they can have non-empty intersection). It turns out that A-persistence and B-persistence are equivalent, as is shown in the following proposition.
Proof. Suppose that α and β ∈ P(T ) are two different non-empty steps enabled at a marking M of N (notice that empty step is trivially persistent according to A, B or C-persistence defined in Definition 7). =⇒ Let α be A-persistent in N , and so
⇐= Let α be B-persistent in N , and so M [(β \ α)α as (β \ α) ∩ α = ∅. Hence, for every place p ∈ P :
which implies:
Hence we have
It is easy to see that C-persistence is stronger than the other two notions. Figure 4 ( [12] ) shows an example of a step, {t, t}, which is A-persistent, but not C-persistent. The step {t, t} there is only enabled at marking M 3 , where also {t} and {t} steps are enabled. After executing step {t}, step {t, t} is still enabled, but after executing step {t}, only unexecuted part of {t, t} (that means {t}) is enabled. Step {t, t} is A-persistent, but not C-persistent.
For a safe PT-net N , C-persistent non-singleton steps are built out of transitions lying on self-loops. To show this, we first prove an auxiliary result.
Proposition 2. Let α be a C-persistent step of a safe PT-net N = (P, T, W, M 0 ) enabled at a reachable marking M of N . Then
Proof. Suppose p ∈
• (α ∩ β) for some step β = α enabled at M in N . This and
and, by N being safe, all the arc weights in this formula are 0 or 1. We now consider two cases:
and N is safe, we have a contradiction, because t i , when fired, would deposit another token in p. 2. There is j ≤ n such that W (t j , p) = 0 and W (p, t j ) = 1. This means that there is i ≤ n, W (t i , p) = 1 and W (p, t i ) = 0. But this was already ruled out by the first case. So, contradiction again.
As a result, for each transition 
Let α be a non-singleton C-persistent step of a safe PT-net N = (P, T, W, M 0 ) which is enabled in at least one reachable marking. Then all the transitions of α lie on self-loops, i.e.,
Proof. Suppose that t ∈ α and M be a reachable marking enabling α. Since {t} = α and M [t for any marking M such that M [α , we have, from Proposition 2,
We now want to relate the persistence of a step with the persistence of its constituent transitions in safe nets. We first consider A-persistent steps, but as we already know the results will also hold for B-persistent steps.
First, we prove a simple, but important, fact concerning pre-sets and postsets of transitions in steps of safe nets.
Fact 1
If α is a step enabled in a reachable marking of a safe PT-net N , then
Proof. Let t, u ∈ α and M be a reachable marking such that M [α .
, a contradiction with N being safe. As a result,
. As t and u cannot share a pre-place, W (p, t) and W (p, u) cannot both be 1. If one of them has p as its preplace, then M (p) = 1, as otherwise one of the transitions would not be enabled at M , and both are enabled at M . So, the right hand side of the equation yields 2, but the left hand side cannot as the net is safe. We have a contradiction. As a result, t We now consider C-persistent steps. In this case the antecedent in the implication is stronger. Theorem 3. Let α be a step in a safe PT-net N = (P, T, W, M 0 ) which is enabled in at least one reachable marking. If all the transitions in α are persistent and lie on self-loops in N , then α is C-persistent in N .
Proof. Let M be a reachable marking and β = α be a step in N such that M [α and M [β . We need to show that M [βα .
Proceeding similarly as in the previous proof we can show that
Now, since all transitions in α lie on self-loops we further obtain
Hence we have M [βα .
⊓ ⊔
In both Theorem 2 and Theorem 3, the implications in the opposite direction do not hold. A counterexample is shown in the Figure 5 . Observe that step α = {t, t} in Figure 5 is both A-persistent and C-persistent, but t ∈ α is not persistent at M 0 = {p 1 , p 2 }, because there exists
Pruning reachability graphs
The main motivation for studying persistent steps in this paper is to discover which sets of transitions can be executed synchronously and therefore be treated as some kind of "atomic actions", giving rise to new "bigger" transitions, which would execute in a "hazard-free" way. We will call them bundles. Looking at our application area of asynchronous circuits, bundling actions would reduce signal management by merging concurrent signals into one event. This merging must be done in a consistent fashion. The best candidates for bundles are persistent steps, but if we want to form "bigger" transitions from them, we must make sure that one enabled persistent step does not include another enabled persistent step. All the transitions in a bundle must always appear together, in the same configurations. In the ideal situation (we say ideal, because it might be difficult to achieve), we do not want to allow, for example, three persistent steps {a, b}, {a} and {b} to be enabled in a given transition system. We need to choose: either to opt for {a, b} and delete {a} and {b}, or the other way round. Therefore, we need to develop an algorithm which, for a given net N = (P, T, W, M 0 ), would allow us to prune its reachability graph CRG(N ) in such a way that all persistent steps would satisfy an additional "non-inclusion" condition. The "pruned" transition system would represent the desired behaviour, which then we would like to implement in a form of a Petri net in a process of synthesis. First we define a sub-st-system, which will be obtained as a result of pruning a given reachability graph.
Definition 8 (sub-st-system). An st-system STS
= (Q, A, q 0 ) is a sub-st- system of an st-system STS ′ = (Q ′ , A ′ , q 0 ) if Q ⊆ Q ′ , A ⊆ A ′ and, for every q ∈ Q, active STS (q) = active STS ′ (
q). We denote this by STS STS
′ .
In the above definition, En STS of a "properly pruned" reachability graph STS ′ will be a set of bundles. What we mean by "properly pruned" will be described by conditions stated in Problem 1.
First, we need to re-define the three notions of step persistence, that were used for nets, in the context of transition systems. Once we start pruning an st-system, we need to decide whether the remaining steps that were previously persistent remain persistent. Checks for persistence will be done in a transition system (that might not be a reachability graph of any net).
Definition 9 (persistent step in a transition system). A step α ∈ En STS is A-persistent, B-persistent and C-persistent in an st-system STS = (Q, A, q 0 ) if respectively the following hold for all states q ∈ Q and steps β such that
Remark 1.
A step α is A-persistent in a net N iff α is A-persistent in a transition system CRG(N ). The same can be said in the case of B-and C-persistence.
We have the following relationships between the three step persistence notions defined for transition systems.
Proposition 3. Let STS = (Q, A, q 0 ) be a st-system. 1. If α ∈ En STS is A-persistent, then it is also B-persistent. 2. If α ∈ En STS is C-persistent, then it is also B-persistent. (2) Follows directly from Definition 9.
⊓ ⊔ Note that in the class of general step transition systems, B-persistence does not imply A-persistence of steps, as it was proved for nets. Indeed, let α ∈ En STS be B-persistent step in STS , and β = α and q ∈ Q be such that α ← − q β − →. We know that β ∩(α\β) = ∅. However, with such assumptions, we cannot in general guarantee that q α\β −−→. Though latter is true for concurrent reachability graphs of PT-nets, we must also consider step transition systems resulting from the pruning of such reachability graphs. We also refer to the condition described in (E) as global non-inclusion, and to the condition described in (F ) as local non-inclusion.
The difference between global pers and local pers is that the latter only requires non-inclusion of bundles locally for each state, whereas the former insists that non-inclusion holds globally. We therefore have In our first attempt to solve Problem 1, we will concentrate on PT-nets that are persistent according to Definition 5. We then have the following result. Proof. It suffices to take CRG(N ) and delete all non-singleton steps.
⊓ ⊔
As the above proof produces completely sequential solution, we will now search for a more concurrent one. We will also require that the original PT-net in not only persistent, but as well safe.
Proposition 5.
If N is persistent (according to Definition 5) and safe, then every step α ∈ En CRG(N ) is B-persistent in CRG(N ).
Proof. Let α ∈ En CRG(N ) . If N is persistent (according to Definition 5) , all transitions in α are persistent (according to Definition 6). Hence, from Theorem 2 and the fact that N is safe, we have that α is A-persistent in N , and also Bpersistent in N (see Proposition 1) . Following Remark 1, we conclude that α is B-persistent in CRG(N ).
⊓ ⊔
The above proposition guarantees B-persistence of steps in CRG(N ) of a persistent and safe net N , but the non-inclusion conditions ((E) or (F )) are, in general, not satisfied in CRG(N ), as for all its states q, q α − → implies q β − → for any step β ⊂ α. To satisfy the non-inclusion conditions, we need to prune CRG(N ) in such a way that B-persistence of steps is maintained. We will now explore what happens if we decide to prune all but the maximal steps at every reachable marking.
In what follows the st-system CRG max (N ) is obtained from CRG(N ), the concurrent reachability graph of a PT-net N , by deleting at every reachable marking M , all the arcs labelled by non-maximal non-empty 4 steps, and then removing the nodes that became unreachable from the initial marking by the removal of such steps. In general, pruning non-maximal steps may make some of the remaining steps non-B-persistent. Figure 10 shows that the initially enabled step {b} is not B-persistent after the pruning procedure. After executing step {a} it is not longer enabled. Instead step {b, c} is enabled, because it was the maximal step in the marking M . Having said that, we propose a weaker version of condition (B) which holds for safe and persistent PT-nets. 
Proof. From Proposition 5 we know that M βα − − → in CRG(N ). Moreover, there is a maximal step γ available (as it remained after pruning) after executing β at Hence, pruning non-maximal steps may result in the loss of persistence when α ⊂ γ in (B ′ ). In such a case we may, however, 'repair' N by making the step γ non-enabled. The mechanism for achieving this is simple, namely we select one transition from α, one transition from γ \ α, and make sure that they cannot be executed simultaneously.
Let N be a PT-net and t = u be two transitions. Then N t↔u is a PT-net obtained from N by adding a new place p marked initially with one token, and such that W (p, t) = W (t, p) = W (p, u) = W (u, p) = 1. This construction is illustrated in Figure 11 , where we try to fix the problem of the net N in Figure  10 . We added a new place p and chose b and c as our t and u (the only choice in this example) creating a new net N ′ = N b↔c . The new place disables the concurrent step {b, c} at M leaving the singleton steps {b} and {c} enabled at M , as they are now maximal steps at this marking. In fact, in this simple example, we have only non-singleton steps in the concurrent reachability graph, which makes it maximal without pruning. More involved example is shown in Figure 12 and 13, in the Appendix.
In the following propositions we show that after the proposed modification the net generates a reachability graph, which is the sub-st-system of the reachability graph of the initial net. Also, the modified net is still persistent (according to Definition 5) and safe. We can now propose a dynamic way of pruning embodied by the following algorithm:
while ¬(CRG max (N ) It follows from what we already demonstrated that the above algorithm always terminates and for the final PT-net N we have:
Since the algorithm is non-deterministic, we may try various strategies for choosing t and u.
Conclusions
In GALS, bundling is envisioned to reduce signal management, and could reduce the cost of scheduling and control, and improve system performance. The ideal way to model mixed synchronous-asynchronous systems is to start with a concurrent model that is persistent and fully asynchronous in behaviour. Then run several iterations that derive a combination of bundles that represents the temporal nature the designer requires. Careful selection of bundles is essential so that the pruned behaviour of the fully asynchronous model still exhibits some characteristics of its parent and is persistent.
Step persistence is hence an important characteristic that will guarantee true persistent behaviour for mixed synchronous-asynchronous models.
In this paper we developed a pruning procedure for reachability graphs of persistent and safe nets. This procedure constructs a step transition system that contains only bundles. The bundles in our algorithm represent maximally concurrent steps of the initial system. In future we intend to investigate other possible pruning algorithms, weakening our constraints and allowing the initial system's behaviour to be given by a net that is not necessarily persistent. Furthermore, we plan to allow in the algorithms the choice of non-maximal bundles in certain cases. For example, input signals are usually behaving in fully asynchronous way and should not be bundled. 
