Structural Decomposition of STGs by Benyamin Kangsah, Benedictus
Structural Decomposition of STGs
– an Approach for Modular
Asynchronous Circuit Design
Dissertation
by
Benedictus Benyamin Kangsah
1. Tutor : Prof. Dr.-Ing. Jochen Beister
2. Tutor : Prof. Dr. Walter Vogler
Chairman of examination board : Prof. Dr.-Ing. Wolfgang Kunz
Strukturelle Dekomposition von STGs
– ein modularer Ansatz zum Entwurf
ungetakteter Schaltwerke
vom
Fachbereich Elektrotechnik und Informationstechnik
der Technischen Universita¨t Kaiserslautern
zur Verleihung des akademischen Grades
Doktor der Ingenieurwissenschaften (Dr.-Ing.)
genehmigte Dissertation
von
Benedictus Benyamin Kangsah M.Sc.
geb. Jakarta (Indonesien)
D 386
1. Betreuer : Prof. Dr.-Ing. Jochen Beister
2. Betreuer : Prof. Dr. Walter Vogler
Vorsitzender der Pru¨fungskommission : Prof. Dr.-Ing. Wolfgang Kunz
Dekan des Fachbereichs : Prof. Dr.-Ing. Hans D. Schotten
Tag der mu¨ndlichen Pru¨fung : 07. November 2014
Kurze Zusammenfassung
Mit immer komplexeren asynchronen (ungetakteten) Schaltwerken – als Teilen
heutiger Systems-On-a-Chip – hat auch die Gro¨ße und Komplexita¨t ihrer Verhal-
tensspezifikationen mit Signalflankengraphen (”Signal Transition Graphs”, STGs)
zugenommen. Dieses erschwert und macht es manchmal unmo¨glich, die Schaltung
mit dem von Signalflankengraph spezifizierten Verhalten mit einem Werkzeug wie
petrify [CKK+96] oder CASCADE [BEW00] zu synthetisieren.
In der vorliegenden Arbeit wird daher ein Verfahren vorgeschlagen, welches
zuerst den STG zerlegt, was zu einer modularen Umsetzung [KWVB03] [KVWB05]
fu¨hrt. Damit kann der Syntheseaufwand verringert werden, da eine Explosion
des Zustandsraumes (”state explosion”) vermieden werden kann und Wiederver-
wendbarkeit von Bibliothekselementen gegeben ist. Ein Ansatz fu¨r die Zerlegung
eines Signalflankengraphen wird in [VW02] [KKT93] [Chu87a] vorgestellt. Der
Zerlegungsalgorithmus von Vogler und Wollowski [VW02] basiert auf dem Algo-
rithmus von Chu [Chu87a], ist aber allgemeiner anwendbar als die Algorithmen
in [KKT93] [Chu87a], deren formale Korrektheit in [VW02] bewiesen wurde.
Nach der Einfu¨hrung (Kapitel 1) werden in Kapitel 2 zuna¨chst die Platz/
Transitions-Netze (P/T-Netze) vorgestellt. Ihre zur Verhaltensbeschreibung ne-
benla¨ufiger dynamischer Systeme erforderlichen Eigenschaften, vor allem Leben-
digkeit und Beschra¨nktheit, werden ero¨rtert, ebenso die Besonderheiten der Sig-
nalflankengraphen als Unterklasse der P/T-Netze. Es folgen die Prinzipien der
Zerlegung in Komponenten und deren Parallelkomposition auf STG- und Schalt-
ungsebene.
Eine Motivation fu¨r die Zerlegung eines P/T-Netzes ergibt sich schon bei der
Analyse, wenn z.B. herausgefunden werden soll, ob es lebendig ist oder nicht.
Dazu mu¨sste man alle erreichbaren Markierungen ermitteln. Bei einem großen,
hoch nebenla¨ufigen Netz ko¨nnte deren Anzahl so groß werden (”state explosion”),
dass sie nicht mehr zu handhaben sind.
Aber auch wenn eine Schaltung ausgehend von ihrem Signalflankengraphen
synthetisiert werden soll, kann die notwendige Bestimmung aller erreichbaren
i
Markierungen zur nicht mehr handhabbaren ”state explosion” fu¨hren. Viele Syn-
thesealgorithmen haben exponentielle Komplexita¨t bei der Ableitung der erreich-
baren Zusta¨nde. Man kann zwar versuchen, dem ”state explosion”-Problem mit
einem heuristischen Algorithmus mit polynomialer Komplexita¨t beizukommen.
Aber wenn das Problem groß ist, erha¨lt man ein nichtoptimales Ergebnis. Daher
wird die Zerlegung des P/T-Netzes zum Lo¨sen der oben genannten Probleme ver-
wendet, in der Hoffnung, dass Gesamtaufwand und Kosten fu¨r die Synthese der
Komponenten deutlich kleiner werden als fu¨r die Behandlung des großen Netzes.
Eines dieser Verfahren ist das Signalflanken-Zerlegungsverfahren von [VW02]. Es
wird in Kapitel 3.2 beschrieben.
Das Zerlegungsverfahren aus [VW02] kann noch weiter verbessert werden, um
damit Signalflankengraphen fu¨r reale Anwendungen synthetisierbar zu machen
und bessere Zerlegungsergebnisse zu bekommen. Einige Verbesserungsvorschla¨ge
fu¨r [VW02] werden in Kapitel 4 behandelt. Diese Verbesserungen werden in
[KVWB04] vorgeschlagen, einige von ihnen werden formal in [VK04] bewiesen.
Mit diesen Verbesserungen ko¨nnen nicht nur Signalflankengraphen von realen
Anwendungen zerlegt werden, sondern es ko¨nnen auch bessere Zerlegungsergeb-
nisse erhalten werden. Dummy-Transitionen und strukturelle Auto-Konflikte sind
dabei erlaubt. Durch die U¨bersetzung von Hardware-Beschreibungssprachen in
Signalflankengraphen [BL00] werden oft Dummy-Transitionen eingefu¨hrt. Struk-
turelle Auto-Konflikte mit Steuerpla¨tzen treten in einer nicht deterministischen
Spezifikation (z.B. die Spezifiation eines VME-Bus-Controller) oder in einer Arbi-
ter-Spezifikation [Wol97] [YKKL94] ha¨ufig auf. Das Problem mit strukturellen
Auto-Konflikten wird durch Einfu¨hrung von Transition-Fusion gelo¨st. Probleme
mit nicht-sicheren Dummy-Transitionen werden durch die Umwandlung in sichere
Dummy-Transitionen gelo¨st. Diese und das Entfernen der schleifen-behafteten
Dummy-Transitionen verringern die Ha¨ufigkeit von Backtracking in dem Algo-
rithmus, wodurch man bessere Zerlegungsergebnisse bekommen kann. Die Ef-
fizienz des Algorithmus wird auch durch Kontraktion von global irrelevanten
Signalen vor der Zerlegung und durch die Neuordnung der zu kontrahierenden
Transitionen erho¨ht.
Die Zerlegungsverfahren aus [VW02] basieren auf Netzreduktion zum Finden
einer Ausgangsblock-Komponente. Es ist sehr arbeitsintensiv, eine initiale Spezi-
fikation zu reduzieren, bis die End-Komponente gefunden wird. Diese Reduktion
ist nicht immer mo¨glich, was dazu fu¨hrt, dass weitere irrelevante Eingangsvari-
ablen zu den relevanten Eingangsvariablen der Komponente hinzugefu¨gt wer-
den mu¨ssen. Dies fu¨hrt zu einer unno¨tig großen Spezifikationen, was auch zu
einer unno¨tig groß implementierten Schaltungen fu¨hrt. Statt dieser Reduktion
wird in Kapitel 5 dieser Dissertation ein neuer Ansatz pra¨sentiert, indem das ur-
spru¨ngliche Netz zuerst in strukturelle Komponenten – stark zusammenha¨ngende
Zustandsmaschinen (”strongly connected state machines”, SCSMs) – zerlegt wird.
Eine initiale Ausgangsblock-Komponente ist durch die Zusammensetzung der
strukturellen Komponenten herauszufinden. Danach bekommt man eine endgu¨lti-
ii
ge Ausgangsblock-Komponente durch Netz-Reduktion. Durch die Nutzung dieses
Ansatzes wird die Begrenzung der Netzreduktionsoperation u¨berwunden, was zu
kleineren End-Komponenten als in [VW02] fu¨hrt. Zusa¨tzlich ist diese Methode
in der Praxis einfach anzuwenden.
Da wir meistens mit der Struktur eines Netzes bescha¨ftigt sind, ist es sinn-
voll, eine strukturelle Abstraktion des Netzes vorzunehmen. In Kapitel 6 dieser
Arbeit wird ein struktureller Abstraktionsalgorithmus [Kan03] vorgestellt. Ein
SCSM Subnetz ist in den meisten Fa¨llen mit dem Strukturgraphen effizienter zu
finden, als das Platz-Transition- (P/T-) Netz direkt zu traversieren. Der Struktur-
graph eines gewo¨hnlichen P/T-Netzes kann nicht nur fu¨r die Suche nach SCSM-
Subnetzen oder zur Kontraktion von Transitionen in der Mitte des Knotens ver-
wendet werden, sondern auch fu¨r andere Algorithmen, welche die Knoten eines
P/T-Netzes traversieren. Daher wird vorgeschlagen, einen Strukturgraphen als
eine abstrakte graphische Datenstruktur fu¨r ein P/T-Netz bei der Umsetzung
solcher Algorithmen zu verwenden. Einige Anwendungen von Strukturgraphen
und deren experimentelle Ergebnisse ko¨nnen in [War05] und [Taw04] gefunden
werden.
Schließlich diskutiert Kapitel 7 die Anwendung des STG-Dekompositionsalgo-
rithmen im ungetakteten Schaltungsentwurf. ”Speed independent”- (SI-) Schalt-
ungen werden zuerst diskutiert. Danach werden 3D-Schaltungen, die aus einem
erweiterten Burst-Mode-Spezifikationen (”extended burst mode”, XBM) syntheti-
siert werden, diskutiert. Der [VW02]-Algorithmus ist gut fu¨r die Umsetzung in
SI-Schaltungen, da eine solche Umsetzung das Netz nicht zu stark reduziert. Eine
zu starke Reduktion ko¨nnte Eingangssignale entfernen, die wichtig sind, um ein
kompletten Zustandskodierung zu erreichen. Es kann also dazu fu¨hren, dass keine
komplette Zustandskodierung gefunden werden kann. Stattdessen ist der SCSM-
Subnetz-basierte Algorithmus gut fu¨r die Umsetzung in 3D-Schaltungen, da dieser
kleinere Komponenten liefert und weniger Probleme mit Schleifen-behafteten
Transitionen hat, die oft in XBM-Spezifikationen aufgrund von Pegel-Transitio-
nen vorhanden sind.
Ein Algorithmus zum U¨bersetzen einer Signalflankengraph-Spezifikation in
eine XBM-Spezifikation wurde zuerst in [BEW99] vorgeschlagen. Dieser Algorith-
mus leitet von der Signalflankengraph-Spezifikation einen endlichen Automaten
ab und u¨bersetzt dann die Automaten in eine XBM-Spezifikation. Obwohl die
XBM-Spezifikation einen Automaten darstellt, la¨sst sie gewisse Nebenla¨ufigkeiten
zu. Diese ko¨nnen direkt u¨bersetzt werden. Ein Algorithmus, der direkt eine
Signalflankengraph-Spezifikation in eine XBM-Spezifikation u¨bersetzt, wird in
Kapitel 7.3.1 vorgestellt. Dieser Algorithmus verbessert die Effizienz des in
[BEW99] vorgeschlagenen Verfahrens. Allerdings ko¨nnen nicht alle Signalflanken-
graph-Spezifikationen in eine XBM-Spezifikation u¨bersetzt werden, da die XBM-
Spezifikation nur eine Teilmenge der im Signalflankengraph mo¨glichen Nebenla¨ufig-
keiten erlaubt. Die Zerlegung des Signalflankengraphen kann verwendet werden,
um eine Signalflankengraph-Spezifikation in eine XBM-Spezifikation u¨bersetzbar
iii
zu machen. Zerlegung lo¨st aber nicht alle Probleme, da auch nach der Zerlegung
einige Komponenten nicht in XBM-u¨bersetzbar sind.
Am Ende werden mit DESI, ein Werkzeug zum Zerlegen von Signalflanken-
graphen und dessen Zerlegungsergebnisse vorgestellt. Es wird in Kapitel 7.4.1
gezeigt, dass mit DESI zerlegte Signalflankengraphen, welche eine große Anzahl
von erreichbaren Markierungen aufweisen, effektiv zerlegt werden ko¨nnen. Mit
Werkzeugen wie Petrify ist eine solche effektive Synthese nicht mo¨glich, wenn
die Anzahl der erreichbaren Markierung groß ist, da die Schaltung mehr Platz
auf dem Chip beno¨tigt wird. Es werden auch mehr Rechenressoucen und Zeit
beno¨tigt. Dies machte es unmo¨glich die Signalflankengraph-Spezifikation einen 7-
stufigen FIFO-Speichersteuerung zu synthetisieren. Solche Probleme mit Rechen-
ressourcen und Zeit gibt es bei der Zerlegung des Signalflankengraphen nicht.
Die daraus resultierende Fla¨che ist nicht nur kleiner, sondern fu¨r eine kleine An-
zahl von erreichbaren Markierungen, wie beispielsweise beim NEI-Arbiter kann
man auch von der Zerlegung des Signalflankengraphen profitieren, indem man
Bibliothekselemente wie z.B. ME-Elemente aus der Spezifikation extrahiert.
iv
to my parent
Johannes Sulaiman Kangsah and Maria Natalia Goretti
v

Acknowledgments
I would like to thanks Prof. Jochen Beister, my doctor father, who gives me ad-
vices, comments and corrections for my work, also he gives me the infrastructure
and financial support to do research in his chair. Ralf Wollowski and Prof. Walter
Vogler, who give me the chance to do research in the STG-decomposition project
with them. Roland Hecker, who gives me financial and spiritual support at the
hard time of my study. Prof. Wolfgang Kunz, who makes my promotion happen.
My colleague, Karsten Laux, Meinrad Fiedler and Peter Kosack, who give feed-
backs about my research. Peter Tawdross, Surya Warman, and Zhong Wei Li,
for testing and implementing part of the proposed algorithm in this dissertation.
Roland Hecker, Max Thalmeier and Stephan Herzog, who give me continuous
motivation and spiritual support until the end phase of this dissertation. Also
for Indonesian friends and neighbours, Ivan Solihin, Bahter and Maureen Bukit
who help me a lot during the end phase. Dekanat Mr Hauck and Guthail for the
promotion formalities. All the member of Stammtisch ”der Freunde des Entwurfs
programmierter Systeme” and the colleagues of Fa. Wipotec who cheering me up
until the end phase of my promotion. For my wife, Ninasari, and the children,
Hosea, Micha and Stella for their patience and support.
vii

Contents
Acknowledgments vii
1 Introduction 1
2 Petri Net Background 3
2.1 Place/Transition Nets . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2 Signal Transition Graphs . . . . . . . . . . . . . . . . . . . . . . . 13
3 Existing Decomposition Methods 23
3.1 P/T Net Decomposition: Analysis Purpose . . . . . . . . . . . . . 24
3.2 STG Decomposition: Synthesis Purpose . . . . . . . . . . . . . . 26
3.2.1 Vogler-Wollowski algorithm . . . . . . . . . . . . . . . . . 27
4 Improvements for [VW02] algorithm 35
4.1 Grouping and ordering divining transitions . . . . . . . . . . . . . 35
4.2 Reuse of intermediate components . . . . . . . . . . . . . . . . . . 37
4.3 Deleting loop-only dummy transitions . . . . . . . . . . . . . . . . 39
4.4 Deleting duplicate transitions . . . . . . . . . . . . . . . . . . . . 40
4.5 Transition fusion . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
4.6 Inserting internal signals . . . . . . . . . . . . . . . . . . . . . . . 48
4.7 Securing non-secure t-contractions . . . . . . . . . . . . . . . . . . 51
4.8 Vogler-Kangsah algorithm . . . . . . . . . . . . . . . . . . . . . . 52
5 STG Decomposition with SMD-subnets as Initial Components 59
5.1 The SMD-subnet method . . . . . . . . . . . . . . . . . . . . . . . 61
5.2 Free choice net extension . . . . . . . . . . . . . . . . . . . . . . . 71
5.2.1 Regulation circle path . . . . . . . . . . . . . . . . . . . . 71
5.2.2 Level SCSM . . . . . . . . . . . . . . . . . . . . . . . . . . 72
5.2.3 Release of non-FC nets . . . . . . . . . . . . . . . . . . . . 73
5.3 Finding an SCSM cover algorithm . . . . . . . . . . . . . . . . . . 74
ix
5.4 SMD subnet algorithm . . . . . . . . . . . . . . . . . . . . . . . . 77
6 P/T-net Abstraction into Structure Graphs 87
6.1 Structure Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
6.2 Contracting middle node transitions . . . . . . . . . . . . . . . . . 94
7 STG Decomposition in Asynchronous Circuit Design 103
7.1 Asynchronous Circuits . . . . . . . . . . . . . . . . . . . . . . . . 103
7.2 Speed Independent Circuits . . . . . . . . . . . . . . . . . . . . . 106
7.3 3D Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
7.3.1 From STG specification to XBM specification . . . . . . . 111
7.4 DESI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
7.4.1 Experimental Results for SI Circuits . . . . . . . . . . . . 120
8 Conclusion and Future Work 127
Bibliography 133
x
Chapter 1
Introduction
Specification of asynchronous circuit behaviour becomes more complex as the
complexity of today’s System-On-a-Chip (SOC) design increases. This also causes
the Signal Transition Graphs (STGs) – interpreted Petri nets for the specification
of asynchronous circuit behaviour – to become bigger and more complex, which
makes it more difficult, sometimes even impossible, to synthesize an asynchronous
circuit from an STG with a tool like petrify [CKK+96] or CASCADE [BEW00].
It has, therefore, been suggested to decompose the STG as a first step; this
leads to a modular implementation [KWVB03] [KVWB05], which can reduce syn-
thesis effort by possibly avoiding state explosion or by allowing the use of library
elements. A decomposition approach for STGs was presented in [VW02] [KKT93]
[Chu87a]. The decomposition algorithm by Vogler and Wollowski [VW02] is based
on that of Chu [Chu87a] but is much more generally applicable than the one in
[KKT93] [Chu87a], and its correctness has been proved formally in [VW02].
This dissertation begins with Petri net background described in chapter 2.
It starts with a class of Petri nets called a place/transition (P/T) nets. Then
STGs, the subclass of P/T nets, is viewed. Background in net decomposition
is presented in chapter 3. It begins with the structural decomposition of P/T
nets for analysis purposes – liveness and boundedness of the net. Then STG
decomposition for synthesis from [VW02] is described.
The decomposition method from [VW02] still could be improved to deal with
STGs from real applications and to give better decomposition results. Some
improvements for [VW02] to improve decomposition result and increase algorithm
efficiency are discussed in chapter 4. These improvement ideas are suggested in
[KVWB04] and some of them are have been proved formally in [VK04].
The decomposition method from [VW02] is based on net reduction to find
an output block component. A large amount of work has to be done to reduce
an initial specification until the final component is found. This reduction is not
always possible, which causes input initially classified as irrelevant to become
relevant input for the component. But under certain conditions (e.g. if structural
1
2 Chapter 1. Introduction
auto-conflicts turn out to be non-dynamic) some of them could be reclassified as
irrelevant. If this is not done, the specifications become unnecessarily large, which
intern leads to unnecessarily large implemented circuits. Instead of reduction, a
new approach, presented in chapter 5, decomposes the original net into structural
components first. An initial output block component is found by composing the
structural components. Then, a final output block component is obtained by net
reduction.
As we cope with the structure of a net most of the time, it would be useful
to have a structural abstraction of the net. A structural abstraction algorithm
[Kan03] is presented in chapter 6. It can improve the performance in finding an
output block component in most of the cases [War05] [Taw04]. Also, the structure
net is in most cases smaller than the net itself. This increases the efficiency of the
decomposition algorithm because it allows the transitions contained in a node of
the structure graph to be contracted at the same time if the structure graph is
used as internal representation of the net.
Chapter 7 discusses the application of STG decomposition in asynchronous
circuit design. Application to speed independent circuits is discussed first. Af-
ter that 3D circuits synthesized from extended burst mode (XBM) specifications
are discussed. An algorithm for translating STG specifications to XBM specifi-
cations was first suggested by [BEW99]. This algorithm first derives the state
machine from the STG specification, then translates the state machine to XBM
specification. An XBM specification, though it is a state machine, allows some
concurrency. These concurrencies can be translated directly, without deriving
all of the possible states. An algorithm which directly translates STG to XBM
specifications, is presented in chapter 7.3.1. Finally DESI, a tool to decompose
STGs and its decomposition results are presented.
Chapter 2
Petri Net Background
Petri nets have captured a large amount of interest since they were introduced by
C.A.Petri [Pet66]. Many researchers have spent their effort in the theoretical and
practical use of petri nets. Its graphical representation makes it easier for humans
to capture the information it represents than text based representations do; petri
nets are used in practice for modelling; e.g. to model the behaviour, especially
concurrent behaviour, of dynamic systems. Not only that, they are a precise for-
mal mathematical notation, which is a great advantage. Because of its formality,
the model can be analyzed to determine, whether it has the properties needed for
synthesis. If the model can be synthesized, then it can be implemented; e.g. as
a circuit. Being a precise and compact formal model of concurrent behaviour,
Petri nets have become a much used way of specifying the complex behaviour of
systems which consist of components that work concurrently.
A petri net is a bipartite directed graph. A bipartite graph is a graph with
two kinds of nodes, such that no arc connects two nodes of the same kind. In a
directed graph, the arc connecting two nodes has direction. In petri nets, a node is
either a place or a transition. In the graph representation, places are represented
as circles and transitions as boxes. The places can be marked by tokens.
2.1 Place/Transition Nets
In this dissertation, a class of petri nets called a place/transition (P/T) nets
is used. Unlike elementary nets, where places can only have Boolean markings
(token/no token), or coloured nets, where tokens are distinguished by their so-
called colours, the places of P/T nets can be marked by an integer number (∈ IN0)
of otherwise indistinguishable tokens [BC92]. The dynamics are modelled by the
flow of tokens along the directed arcs to and from firing transitions. The number
of token flowing over an arc will be called its weight.
3
4 Chapter 2. Petri Net Background
2.1.1. Definition. A place/transition net N is a tuple (P, T, F,M0,W ) where
P is the set of places,
T is the set of transitions, (P and T are disjoint)
F ⊆ P × T ∪ T × P is the set of flow relation represented by directed arcs,
M0 : P → IN0 is the initial marking,
C : P → IN is the place capacity,
and W : P × T ∪ T × P → IN0 assigns weight to every pair (p, t) and (t, p).
The weight denotes the number of tokens that must flow from p to t, repsectively
from t to p, whenever transition t is fired. If p and t are connected by a directed
arc, i.e. if (p, t) or (t, p) belong to F , a weight > 0 is assigned to the arc. If no
arc connects p and t, i.e. if neither (p, t) nor (t, p) belongs to F , then W assigns
weight 0 to both pairs.
Sometimes when applying a structural operation to N which only considers
its initial marking, M0 of N is shortly denoted as MN .
Because only P/T nets are discussed here, P/T nets will be referred to only
as nets later in this dissertation. If a net N or N ′, etc. is introduced, it
is assumed that implicitly this introduces its components (P, T, F,M0,W ) or
(P ′, T ′, F ′,M ′0,W
′), etc. For each node x ∈ P ∪ T the preset of x is •x =
{y | (y, x) ∈ F} and the postset of x is x• = {y | (x, y) ∈ F}.
By the weak firing rule, a transition t is enabled under a marking M(M :
P → IN0), denoted by M [t〉, if ∀p ∈ •t : W (p, t) ≤ M(p). If M [t〉M ′, then we
say t can be fired under M , yielding the follower marking M ′, in which ∀p ∈ P :
M ′(p) = M(p) +W (t, p)−W (p, t). In contrast to the strong firing rule, the post
places of t are not checked for, whether they have enough capacity to receive the
tokens. Because of this, there is no need to consider the capacity of the places in
the weak firing rule, and it is assumed that the capacity of the places is infinite.
Because only the weak firing rule is used in this dissertation, when a transition
is mentioned as firing, this will mean it fires under the weak rule.
If a finite sequence of firing transitions w ∈ T ∗ (T ∗ is a set of firing sequences) is
enabled under a marking M , denoted by M [w〉, and yields the follower marking
M ′ when occurring, this will be denoted by M [w〉M ′. A marking M is called
reachable if ∃w ∈ T ∗ such that M0[w〉M . The set of markings reachable from
M0 is denoted as RM0 . It is represented graphically by a reachability graph.
A step is a set consisting of a single transition or of several concurrent and
simultaneously firing transitions. If steps of more than one transition are to be
considered, the reachability graph must be extended to become a step graph
[Bei00]. A state graph with its reachable states is derived from the reachability
graph or step graph for synthesis purposes.
2.1.2. Definition. Let N be a P/T net.
• p ∈ P is n-bounded (n ∈ IN) iff for all reachable markings M ∈ RM0 ,
M(p) ≤ n.
2.1. Place/Transition Nets 5
• N is n-bounded iff for all places p ∈ P , p is n-bounded.
• N is safe iff N is 1-bounded.
2.1.3. Definition. Let N be a P/T net.
• t ∈ T is live in M0 iff ∀M ∈ RM0 ,∃M [w〉M ′ such that t is enabled under
M ′.
• N is live iff for all t ∈ T , t is live in M0.
[ t2 ]
[ t1 ]
(a)
[ t2 ][ t1 ]
(d)(b)
[ t2 ]
[ t3 ]
[ t1 ]
[ t4 ]
(c)
[ t2 ][ t1 ]
p1
p2
Figure 2.1. Basic relations in petri nets: (a) causal dependence (b) t1, t2 are
concurrent (c) t1, t2 are in a structural conflict which is also a dynamic conflict
(d) t1, t2 are in a structural conflict which is not dynamic
A transition is called a fork transition iff |t•| > 1 and it is called a join
transition iff |•t| > 1; e.g. t3 is a fork transition and t4 is a join transition in
Fig. 2.1b. A place is called a choice place iff |p•| > 1, and it is called a meeting
place iff |•p| > 1; e.g. p1 is a choice place and p2 is a meeting place in Fig. 2.1c.
The terms fork, join, choice, and meeting, characterize not only the structure
of the net. They also have a great influence on the dynamics of the net. A fork
transition places tokens on each of its post places after firing. A join transition,
instead, removes tokens from all of its pre places before firing. In contrast to
a transition that can produce or consume tokens, places are passive. They can
only distribute or gather tokens. A choice place distributes the tokens it has to
one of its post transitions. A meeting place, instead, gathers tokens from its pre
transitions.
Note that a transition (place) can be both a fork and a join transition (a choice
and a meeting place). Hence, a transition can be classified either as a simple
6 Chapter 2. Petri Net Background
transition or a fork transition or a join transition, or a fork and join transition.
The same with the place: a place can be classified either as a simple place or a
choice place or a meeting place or a choice and meeting place. This place and
transition classification is important later when net abstraction is discussed.
There are three kinds of basic relations that we can represent by petri nets,
namely:
1. The dependence relation: Transition t2 depends on transition t1 if t1
•∩•t2 6=
∅ (see Fig. 2.1a). Firing t1 will give concession to t2.
2. The independence (concurrency) relation: Transition t1 and t2 are concur-
rent or (mutually) independent if there are enough tokens to enable t1 and
t2 under a marking M (see Fig. 2.1b). Note that in Fig. 2.1c, if we add a
token to p1, we will have t1 concurrent to t2.
3. the exclusion (conflict) relation: Transitions t1 and t2 are in structural con-
flict if there is a choice place p ∈ P, p ∈ •t1 ∩ •t2. They could also be in
dynamic conflict if there is a reachable marking M which enables t1 and t2,
and firing t1 will disable t2 or vice versa (deconcession). In Fig. 2.1c, t1 and
t2 are in structural and dynamic conflict; but in Fig. 2.1d, t1 and t2 are in
structural but not dynamic conflict.
A net N is an ordinary net, if ∀(x, y) ∈ F : W ((x, y)) = 1, i.e. if all arc
weights are restricted to 1. The following are subclasses of ordinary nets.
• A net N is a state machine (SM) if each transition has exactly one input
place and one output place (∀t ∈ T, |t•| = |•t| = 1).
• A net N is a marked graph (MG) if each place has exactly one input tran-
sition and one output transition (∀p ∈ P, |p•| = |•p| = 1).
• A net N is a free choice (FC) net if ∀p ∈ P : if |p•| > 1 then •(p•) = {p}.
• A net N is an extended free choice (EFC) net if ∀p, p′ ∈ P : if p• ∩ p′• 6= ∅
then p• = p′•
An essential property of FC nets is that if t1 and t2 share a common input
place then it can never be the case that one of them is enabled while the other is
not. That is, every marking enables either both of them or none of them. Hence,
in a FC net, every structural conflict also is a dynamic conflict in a safe net. In
the case of a non free choice conflict, the dynamic behaviour of the net, i.e. its
reachable markings RM0 , have to be derived first, before it can be determined
whether the conflict is dynamic or not. This is the important difference between
free choice and non free choice conflicts.
An EFC net can be transformed into an FC net as suggested by [Bes87].
Therefore, only FC nets will be considered further on this dissertation. Fig. 2.2
shows an example of a transformation of an EFC net into an FC net.
2.1. Place/Transition Nets 7
[ t1 ] [ t2 ] [ t2 ][ t1 ]
[ t0 ]
p0 p1
p2
p1p0
(a) (b)
Figure 2.2. An EFC net (a), transformed into an FC net (b)
2.1.4. Definition. A (directed) path of a net N is an alternating sequence of
places and transitions (x1, ..., xi, xi+1, ..., xn), n > 1, in which xi ∈ P ∪ T for
1 ≤ i ≤ n, (xi, xi+1) ∈ F and all xis are distinct for 1 ≤ i < n. A path is called
circle path iff x1 = xn. A circle path is called a loop iff n = 3.
2.1.5. Definition. A net N is strongly connected iff ∀x, y ∈ P ∪ T in which
x 6= y, there is a directed path from x to y.
In a strongly connected net, there is always a path from one node to any other
node in the net.
2.1.6. Proposition. If there is a marking M0 such that an ordinary net N is
live and bounded, then N is strongly connected.
Proof: See Satz 14.5 in [Sta90]. 2
To be strongly connected is only a necessary condition for a net to be live
and bounded. Hence, there are strongly connected nets which are not live or not
bounded; see Fig. 2.3 for examples.
p0
[ t0 ]
[ t1 ]
p2
p1
[ t2 ] [ t3 ]
p3
p4
[ t5 ]
[ t4 ]
p5
(a) (b)
Figure 2.3. Strongly connected nets that are not (a) structurally live or (b)
structurally bounded
In practice, nets may occur that are not strongly connected. They follow the
pattern: start routine, process, stop routine (see Fig. 2.4a). But, such nets can
be made strongly connected by adding dummy transitions which are connected
8 Chapter 2. Petri Net Background
start
process
stop
clean-up
stop
process
start
(a) (b)
t
t
t
t
t
t
t
start
p startp
stopp stopp
Figure 2.4. (a) not strongly connected net (b) strongly connected net
with all the stop places as pre places and all the start places as post places (see
Fig. 2.4b). Clean-up transitions – e.g. the dummy transition in Fig. 2.4b – restore
the initial state of the net from a final state.
Sometimes, it is easier first to consider the underlying structure of N . Only
after the structural properties have been found, then the dynamic properties of
the net – starting from initial marking M0 – are considered. This approach is
used for example to find liveness and boundedness properties of N . The following
are the structural definitions of liveness and boundedness of N : N is structurally
bounded iff ∃k ∈ IN : ∀M0, N is k-bounded. N is structurally live iff ∃M0 such
that N is live.
2.1.7. Proposition. A marked graph has a live and safe initial marking iff it
is strongly connected.
Proof: See Satz 14.11. in [Sta90]. 2
2.1.8. Proposition. A state machine net is live and safe iff it is strongly con-
nected and has only one token.
Proof: see Folgerung 14.13. in [Sta90]. 2
The following definition is needed to find structural subnets of N .
2.1.9. Definition. N ′ is a partial subnet of an ordinary net N (N ′ ≤ N) iff
P ′ ⊆ P , T ′ ⊆ T and F ′ ⊆ F ∩ ((P ′ × T ′) ∪ (T ′ × P ′)).
N ′ is a subnet of an ordinary net N (N ′ ⊆ N) if P ′ ⊆ P , T ′ ⊆ T , and
F ′ = F ∩ ((P ′ × T ′) ∪ (T ′ × P ′)).
2.1. Place/Transition Nets 9
[ t3 ] [ t0 ] [ t1 ] [ t2 ]
p2
p0
p1
p3
p2
p3
[ t3 ] [ t0 ] [ t2 ]
p0
p1
p2
[ t2 ][ t1 ][ t0 ]
p2
p3
[ t0 ][ t3 ]
(a) (b) (c) (d)
Figure 2.5. (a) A net N , (b) an SCSM subnet of N , (c) a subnet of N , (d) a
partial subnet of N
Later, in decomposition of the net, a component which is responsible for pro-
ducing a specified output is derived from a subnet. Fig. 2.5 shows examples for
definition 2.1.9.
2.1.10. Definition. An ordinary net N is state machine decomposable (SMD)
iff there exists a collection of SCSM subnets Ni(1 ≤ i ≤ a) of N such that
P = ∪Pi, T = ∪Ti, F = ∪Fi. {N1, ..., Na} is called a cover of N , and it is said
that N is covered by {N1, ..., Na}. N ′ ⊆ N is the SMD-subnet of N if N ′ is an
SMD net.
In an SMD net, the interaction between SCSM subnets is established through
a subset of transitions which are called synchronization transitions.
2.1.11. Definition. Let N be an SMD net. A transition t ∈ T is a synchro-
nization transition iff |•t| > 1 or |t•| > 1.
2.1.12. Proposition. Let N be an SMD net. Every synchronization transition
t ∈ T belongs to at least two different SCSM subnets of any cover of N .
Proof: In an SCSM subnet, each transition has only one pre- and one post place.
Hence, if there is a synchronization transition in N , it should be owned by at least
two different SCSM subnets of any cover of N . 2
2.1.13. Definition. Let N1 be a partial subnet of an ordinary net N
A path H = (x1, ..., xr), r > 1 of N is a handle of N1 iff H ∩ (P1 ∪T1) = {x1, xr}.
Note that from Def. 2.1.4, x1, xr could be the same node.
The handle is classified according to its first and last node; hence, a handle
can be a PP-, PT-, TP-, or TT-handle.
Intuitively, a marked graph can be built from a single transition by successively
adding TT-handles. The resulting net is a strongly connected marked graph which
10 Chapter 2. Petri Net Background
has a live and safe initial marking according to proposition 2.1.7. Also, a state
machine can be built from a single place by successively adding PP-handles. The
resulting net is a strongly connected state machine which is live and safe if it has
only one token according to proposition 2.1.8. Therefore, PP- and TT-handles
are known as good handles.
In contrast, PT- and TP-handles could cause structurally non-live or non-
bounded nets. Therefore they are called bad handles. In Fig. 2.3a, adding the
PT-handle (p0, t0, p1, t2) to the circle path (t1, p2, t2, p0, t1) results in a structurally
non-live net. The net in Fig. 2.3b is structurally non-bounded because of the TP-
handle (t3, p4, t5, p5) of the circle path (p3, t4, p5, t3, p3).
The notions of siphons (formally called deadlocks) and traps, both introduced
by Commoner [Com72], have very interesting and useful properties concerning
the liveness of a net.
A siphon S is a set of places in N such that every transition which puts a
token on some place in S requires at least one token from some place in S. Hence,
a siphon loses tokens each time a transition which has a pre place but no post
place in S fires. This implies that if a siphon contains no tokens, it will receive
no tokens from any possible firing sequence. Every transition having a pre place
in the empty siphon will never be enabled.
A trap Θ is a set of places in N such that every transition which takes a token
from Θ puts at least one token back into Θ. Hence, a trap gains tokens each time
a transition which has a post place but no pre place in Θ fires. This implies, that
once a trap is marked (i.e. contains at least one token), it will remain marked.
The formal definitions of siphons and traps are as follows.
2.1.14. Definition. Let N be an ordinary net. S ⊆ P is a siphon iff S 6= ∅ and
•S ⊆ S•. A siphon S is minimal iff there exists no siphon S ′ such that S ′ ⊂ S.
Θ ⊆ P is a trap iff Θ 6= ∅ and Θ• ⊆ •Θ. ST ⊆ P is a siphon − trap iff ST 6= ∅
and ST is a siphon which is also a trap. Hence, •ST ⊆ ST • and ST • ⊆ •ST ;
i.e. •ST = ST •.
2.1.15. Definition. N ′ ⊆ N is the siphon(S)-subnet of N induced by siphon P ′
with T ′ = •P ′.
N ′ ⊆ N is the trap(T)-subnet of N induced by trap P ′ with T ′ = P ′•.
N ′ ⊆ N is the siphon-trap(ST)-subnet of N induced by siphon-trap P ′ with T ′ =
•P ′ ∪ P ′•.
The set {p0, p1, p2} in Fig. 2.6 is a siphon S, because the pre transitions of S,
{t0, t1, t2, t3}, are a subset of {t0, t1, t2, t3, t4}, which are the post transitions of S.
The S-subnet induced by S is the one in the box marked ”siphon” (see Fig. 2.6).
If t4 is fired, then all the transitions in the S-subnet cannot be fired anymore.
The set {p3, p4, p5} in Fig. 2.6 is a trap Θ, because the post transitions of Θ,
{t5, t6, t7, t8}, are a subset of {t4, t5, t6, t7, t8}, which are the pre transitions of Θ.
2.1. Place/Transition Nets 11
trap
[ t8 ]
[ t7 ]
[ t6 ]
[ t5 ]
[ t4 ]
[ t3 ]
[ t2 ]
[ t1 ]
[ t0 ]
p5
p4
p3p2
p1
p0
siphon
Figure 2.6. Siphon and trap example
The T-subnet induced by Θ is the one in the box marked ”trap” (see Fig. 2.6).
If t4 is fired, then all the transitions in the T-subnet could be fired forever.
If a transition t9 with arcs (p3, t9) and (t9, p2) are added to the net in Fig. 2.6,
then all the places in the net form a siphon-trap, and the ST-subnet of the siphon-
trap is the net itself. In a siphon-trap net, there is token flow neither out of nor
into the net.
2.1.16. Definition. Let N be a net and N ′ a partial subnet of N .
A path (t, p) in N is a meeting path of N ′ iff p ∈ P ′ and (t, p) /∈ F ′. A meeting
path (t, p) can be extended to a handle iff there exists a handle (x1, ..., xr) =
(x1, ..., t, p) of N
′; xr = p; if r = 2 then x1 = t.
2.1.17. Proposition. In a strongly connected net, a meeting path can always
be extended to a handle.
Proof:
From Def. 2.1.16, a meeting path (t, p) of N ′ has an arc (t, p) /∈ F ′. If t
/∈ T ′ then there is a directed path from x(x ∈ N ′) to t because N is strongly
connected (see Def. 2.1.5); i.e. we have a handle (x, ..., t, p). If t ∈ T ′ then we
have a TP-handle (t, p). 2
The following definition of a redundant place was introduced by [Ber87] and
is adapted for decomposition by [VW02].
2.1.18. Definition. A place p of a net N is (structurally) redundant if there is
a set of places Q ⊂ P with p /∈ Q, a valuation 1 V : Q ∪ {p} → IN and some
c ∈ IN0 with the following properties for all t ∈ T :
1. V (p)MN(p)−
∑
q∈Q V (q)MN(q) = c
(For the initial marking, the valuated number of tokens on p is greater
than or equal to the sum of the validated numbers of tokens on the places
belonging to Q.)
1The valuation V (r) of a place r ∈ Q ∪ {p} is given to every token on r, flowing into r, and
out of r
12 Chapter 2. Petri Net Background
2. V (p)(W (t, p)−W (p, t))−∑q∈Q V (q)(W (t, q)−W (q, t)) ≥ 0
(When transition t occurs, the growth of the valuated number of tokens on
p is greater than or equal to that of the places of Q.)
3. V (p)W (p, t)−∑q∈Q V (q)W (q, t) ≤ c
(The difference between the valuated number of tokens on p and those of
places belonging to Q necessary to give concession to t must be less than
or equal to this difference in the initial marking.)
2.1.19. Definition. Place p is a general duplicate of place q, if ∀t : W (p, t) −
W (q, t) = c,W (t, p)−W (t, q) ≥ c, and MN(p)−MN(q) ≥ c.
2.1.20. Proposition. General duplicate place is a redundant place.
Proof: Substitute equation 1 to equation 3 of Def. 2.1.18 gives the following
equation: V (p)(MN(p)−W (p, t))−
∑
q∈Q V (q)(MN(q)−W (q, t)) ≥ 0. We have
Q = {q} and for V (p) = V (q) = 1, the above equation become MN(p)−MN(q) ≥
W (p, t)) − W (q, t) which is fulfilled per Def. 2.1.19; equation 2 of Def. 2.1.18
become W (t, p)−W (t, q) ≥ W (p, t)−W (q, t) which is also fulfilled per Def. 2.1.19.
2
2.1.21. Definition. Place p is an extended duplicate of place q, if ∀t : W (t, p) =
W (t, q),W (p, t) = W (q, t) and MN(p) ≥MN(q).
2.1.22. Proposition. Extended duplicate place is a redundant place.
Proof: Extended duplicate place is a general duplicate place with c = 0. Hence
based on proposition 2.1.20, extended duplicate place is a redundant place. 2
2.1.23. Definition. In ordinary net, place p is a practical duplicate of place q,
if •p = •q, p• = q• and MN(p) ≥MN(q).
2.1.24. Proposition. Practical duplicate place is a redundant place.
Proof: Practical duplicate place is an extended duplicate place, i.e. if t ∈ •p then
t ∈ •q and W (t, p) = W (t, q) = 1; if t /∈ •p then t /∈ •q and W (t, p) = W (t, q) = 0;
if t ∈ p• then t ∈ q• and W (p, t) = W (q, t) = 1; if t /∈ p• then t /∈ q• and
W (p, t) = W (q, t) = 0. Hence based on proposition 2.1.22, practical duplicate
place is a redundant place. 2
2.2. Signal Transition Graphs 13
2.2 Signal Transition Graphs
As event-driven systems, asynchronous circuits respond immediately and in gen-
eral concurrently to rising and falling edges of their binary input signals x,
namely by generating edges of their output signals y. The interaction between
circuit and environment across their interface can be modeled from the causal
point of view by signal transition graphs (STGs). The first proposals were
made by [Wen77], [RY85], and [Chu86], with extensions and generalization by
[VYCLdM94], [Wol97], and [WB00]. In this dissertation, unless otherwise men-
tioned only STGs without extensions and generalizations are considered.
A controller is a circuit that synchronize the operations performed by an
operational unit – e.g. counter, ALU, etc. – through a protocol. Fig. 2.7 shows
part of the timing diagram of a VME bus controller from [CKK+02] (only for
the dsr+ case). The STG describing the complete timing diagram is shown in
Fig. 2.8.
dsr
dsw
dtack
lds
ldtack
ds
ds
lds
ldtack
dsr
dtack
Figure 2.7. Timing diagram example
Firing a transition in the STG means an occurrence of a signal edge; therefore,
transitions in an STG are labelled with signals from some alphabet Σ × {+,−}
or with the empty word λ. {+,−} denote the edges: s+ means a rising edge of
s and s− means a falling edge of s.
The types of transitions in this dissertation are:
• input transitions,
• output transitions,
• divining transitions – transitions that have been silenced,
• internal transitions – transitions of internal signals that are unobservable
at the system interface and required for synthesis,
14 Chapter 2. Petri Net Background
[t16]
lds-
[t15]
ldtack-
[t14]
dsw-[t13]
ds-
[t12]
ds+
[t11]
ldtack+
[t10]
lds+
[t9]
dtack+
[t8]
ds-[t7]
dtack+
[t6]
dsr-
[t5]
ldtack+
[t4]
ds+
[t3]
lds+
[t2]
dsw+
[t1]
dsr+
[t0]
dtack-
p16
p15
p14
p13
p12
p11
p10
p9
p8p7
p6
p5
p4
p3
p2
p1
p0
Figure 2.8. VME bus controller STG
2.2. Signal Transition Graphs 15
• dummy transitions do not represent signal changes and are labelled with
the empty word λ – used to simplify petri net structure and to make the
graph easier to understand.
In a graph, transitions are represented as a filled box (input), an empty box
(output), a gray box (internal), a line (dummy), or box with two lines (divining).
See Fig. 2.9 for illustration.
(a) (b) (c) (d) (e)
Figure 2.9. (a) An input transition, (b) an output transition, (c) an internal
transition, (d) a dummy transition, (e) a divining transition
2.2.1. Definition. An STG N is a tuple (P, T, F,M0,W, l, In,Out) where
P is the set of places,
T is the set of transitions, (P and T are disjoint)
F ⊆ P × T ∪ T × P is the flow relation, i.e. the set of directed arcs,
M0 : P → IN0 is the initial marking,
C : P → IN is the place capacity,
W : P × T ∪ T × P → IN0 assigns weights to the pairs (p, t) and (t, p). Pairs
belonging to F (the directed arcs) are assigned weights > 0; pairs /∈ F (non-
existent arcs) are assigned weight 0,
l : T → In× {+,−} ∪Out× {+,−} ∪ {λ} is the label of transitions, where
In ⊆ Σ is the set of input signals,
Out ⊆ Σ is the set of output signals,
and In and Out are disjoint.
The labelling of transition sequences can be extended as follows; l(t1...tn) =
l(t1)...l(tn), where the empty word is deleted automatically. A sequence v of signal
edges is enabled under a marking M , denoted by M [v〉〉, if there is some transition
sequence w with M [w〉 and l(w) = v; M [v〉〉M ′ if M [w〉〉M ′. If M = M0, then
v is called a trace. The language L(N) is the set of all traces. Two STGs are
language equivalent if they have the same traces.
Due to the physical nature of the signal, signal edges are required to alternate.
An STG is consistent if for all signals s ∈ l, in every trace of the STG, the edges
s+ and s– alternate, and there are no two traces where s+ comes first in the one
and s– in the other.
Two different transitions t1 and t2 are enabled concurrently under a marking
M if W (., t1) +W (., t2) ≤M , i.e. if there are enough tokens for both transitions
to be fired together. If both transitions have the same label sedge, then sedge
16 Chapter 2. Petri Net Background
is enabled auto-concurrently under M . An STG has no auto-concurrency, if no
sedge-transitions are enabled auto-concurrently under any reachable marking.
If two different transitions t1 and t2 are in structural conflict and are labelled
with the same sedge, then they are in structural auto-conflict, and the STG has
such a conflict. If t1 is an input and t2 an output transition, then they form a
structural input-output conflict and the STG has such a conflict. If both t1 and t2
are output transitions labelled with different signals, then they form a structural
output-output conflict, and the STG has such a conflict.
If two different transitions t1 and t2 are in dynamic conflict and are labelled
with the same sedge, then they are in dynamic auto-conflict, and the STG has
such a conflict.
Transitions in free choice conflict are transitions that have the same pre places:
•t1 = •t2. In a safe net, these transitions are in dynamic conflict: if one tran-
sition is enabled, then the others also are enabled. If there is another place in
pre place of t besides the choice places, then this place is called control place.
Another example of dynamic conflict are transitions in structural conflict where
the choice place(s) are the only pre places of at least one transition: •t1∩•t2 = •t1
or •t1 ∩ •t2 = •t2; i.e. there is a transition without control places. In contrast, if
each of the transitions in structural conflict has a control place in addition to the
conflict place(s), then these transitions would not be in dynamic conflict, unless
there is a reachable marking M that enables two or more of them.
p1
[t1]
b+
[t2]
b+
p2p2
[t2]
a+[t1]
a+
p1 p3
(a) (b)
Figure 2.10. Structural auto-conflict
Fig. 2.10 shows two STGs with a structural auto-conflict. The STG in Fig. 2.10a
has a structural auto-conflict between the transitions t1 and t2 (both labelled
a+); it also is a dynamic auto-conflict, because the choice place p1 is the only
pre place of t1 – t1 has no control place, so that when t2 is enabled, t1 is also
enabled. In contrast, the structural auto-conflict between t1 and t2 (both labelled
b+) in Fig. 2.10b is not necessarily dynamic because each transition in conflict
has a control place; perhaps there is no reachable marking under which both
transitions are enabled.
An STG is deterministic if it has no internal transitions and if for each of its
reachable markings and each sedge, there is at most one sedge-labelled transition en-
abled under the marking, i.e., no auto-concurrency and no dynamic auto-conflict.
2.2. Signal Transition Graphs 17
An STG is synthesizable 2 if it is deterministic and consistent. It is also required
that the synthesizable STG has no dynamic input-output conflict, because such
an STG cannot be synthesized into a reliable (i.e. hazard free) digital circuit;
except with some timing constraint. Most synthesis tools also require STGs to
be live and safe to be synthesizable.
The following backgrounds are needed for STG decomposition.
2.2.2. Definition. A secure t-contraction (based on [And83]) of STG N , re-
sulting in N , is done as follows:
(a) Merge each pre place of t with each post place of t:
P = {p | p ∈ P − •t ∪ t•} ∪ {(p, p′) | p ∈ •t, p′ ∈ t•}
MN((p, p
′)) = MN(p) +MN(p′)
W ((p, p′), t1) = W (p, t1) +W (p′, t1), ∀t1 ∈ T
W (t1, (p, p
′) = W (t1, p) +W (t1, p′), ∀t1 ∈ T
(b) Delete t and all its incident loop arcs:
T = T − t
W ((p, p′), t) = 0
W (t, (p, p′)) = 0
For simplicity, in the graph, the merge place of p1 and p2 is denoted as p1 2
instead of (p1, p2). Fig. 2.11 shows an example for step by step contraction.
Fig. 2.11a is the initial STG, upon which secure contraction of transition t will
be performed. Fig. 2.11b is the STG after merging each p ∈ •t = {p1} with each
p ∈ t• = {p2, p3}. Hence we have p1 2 with MN(p1 2) = MN(p1) + MN(p2) = 1
and p1 3 with MN(p1 3) = MN(p1)+MN(p3) = 1. Note that when merging places,
the incident arcs of the place are kept intact. Fig. 2.11c is the STG after deleting
loop-only transition t and all its incident loop arcs.
[t
4
]
b+
[t
3
]
c+
[t
2
]
b+
[t
1
]
a+
[t
1
]
a+
[t
2
]
b+
[t]
l
[t
3
]
c+
[t
4
]
b+
[t
4
]
b+
[t
3
]
c+
[t]
l
[t
2
]
b+
[t
1
]
a+
ppp
1_2
p
p
3
p
2
p
1
(a) (b) (c)
1_3 1_31_2
Figure 2.11. Secure t-contraction
2means ”synthesizable without hazards and timing constraints”, e.g. that a hazard-free asyn-
chronous circuit without timing constraints can be built
18 Chapter 2. Petri Net Background
Simulations are a well-known important device for proving language inclusion
or equivalence. A simulation from N1 to N2 is a relation S between markings of
N1 and N2 such that (MN1 ,MN2) ∈ S and for all (M1,M2) ∈ S and M1[t〉M ′1
there is some M ′2 with M2[l1(t)〉〉M ′2 and (M ′1,M ′2) ∈ S. If such a simulation
exists, then N2 can go on simulating all signals of N1 forever. If there exists a
simulation from N1 to N2, then L(N1) ⊆ L(N2).
A relation B is a bisimulation between N1 and N2 if it is a simulation from
N1 to N2 and B−1 is a simulation from N2 to N1. If such a bisimulation exists,
we call the STGs bisimilar; intuitively, the STGs can work side by side such that
in each stage each STG can simulate the signals of the other.
In the following definition of parallel composition ‖, the distinction between
input and output signals is important and will be considered. The idea of parallel
composition is that the composed systems run in parallel synchronizing on com-
mon signals. Since a system controls its outputs, it is not allowed that a signal
is an output of more than one component; input signals, on the other hand, can
be shared. An output signal of one component can be an input of one or several
others, and in any case it is an output of the composition (see Fig. 2.12).
The parallel composition ‖ of STGs N1 and N2 is defined if Out1 ∩Out2 = ∅.
Then, let A = (In1 ∪ Out1) ∩ (In2 ∪ Out2) be the set of common signals. In
Fig. 2.12b, these common signals are (X ′′′, Y ′′2 , Y
′′
1 ). In the parallel composition
N = N1 ‖ N2, each sedge-labelled transition t1 of N1 is combined with each sedge-
labelled transition t2 from N2 if sedge ∈ A. In the formal definition of parallel
composition, ∗ is used as a dummy element, which is formally combined e.g. with
those transitions that do not have their label in the synchronization set A. (∗ is
assumed not to be a transition or a place of any net.) Thus, N is defined by
P = P1 × {∗} ∪ {∗} × P2
T = {(t1, t2) | t1 ∈ T1, t2 ∈ T2, l1(t1) = l2(t2) ∈ A}
∪{(t1, ∗) | t1 ∈ T1, l1(t1) /∈ A}
∪{(∗, t2) | t2 ∈ T2, l2(t2) /∈ A}
W ((p1, p2), (t1, t2)) =
W1(p1, t1) if p1 ∈ P1, t1 ∈ T1or
W2(p2, t2) if p2 ∈ P2, t2 ∈ T2
W ((t1, t2), (p1, p2)) =
W1(t1, p1) if p1 ∈ P1, t1 ∈ T1or
W2(t2, p2) if p2 ∈ P2, t2 ∈ T2
2.2. Signal Transition Graphs 19
System
System Environment
component 1
component 2
n
X
m
Y
n2
X2
n1
X1
m1
Y1
m2
Y2
System
System Environment
component 1
component 2
n
X
m
Y
n2
X2
n1
X1
m1
Y1
m2
Y2
n'''
X'''
n'
X'
n''
X''
m1
Y1
m2
Y2
m'2
Y'2
m''2
Y''2
m''1
Y''1
m'1
Y'1
(a)
(b)
Figure 2.12. (a) parallel composition block diagramm and (b) its detail
20 Chapter 2. Petri Net Background
l((t1, t2)) =
{
l1(t1) if t1 ∈ T1
l2(t2) if t2 ∈ T2
MN = MN1∪˙MN2 , i.e. MN((p1, p2)) =
{
MN1(p1) if p1 ∈ P1
MN2(p2) if p2 ∈ P2
In = (In1 ∪ In2)− (Out1 ∪Out2)
Out = Out1 ∪Out2
For simplicity, in the graph, a place of the composition is denoted as p instead
of (p, ∗) or (∗, p); also transition is denoted as t instead of (t, ∗) or (∗, t), and
t1 2 instead of (t1, t2). Also, to keep the example small, the transitions are only
labelled with signals instead of signal edges. An example of parallel composition
follows.
[ t0y ]
a
[ t1 ]
y
[ t2 ]
w
[ t3w]
a
p0
p1
p2
p3
[ t0z ]
a
[ t3x ]
a
[ t4 ]
x
[ t5 ]
z
p4
p5
p6
p7
[ t2 ]
w
[ t1 ]
y
[ t5 ]
z
[ t4 ]
x
[ t _ ]
a
[ t _ ]
a
p3
p2
p1
p0
p7
p6
p5
p4
[ t0y_0z]
a
[ t3w_3x]
a
N1 N2 N1 || N2
3x0y
3w 0z
Figure 2.13. Parallel composition example
In the example, there are two transitions with label a in N1: t3w and t0y, and
two in N2: t3x and t0z. Each transition with label a in N1 should be synchronized
with each transition with label a in N2. Therefore, in N1 ‖ N2, there are four
transitions with label a: a synchronization of t3w with t3x (t3w 3x), t3w with t0z
(t3w 0z), t0y with t3x (t0y 3x) and t0y with t0z (t0y 0z). Note that though there is a
synchronization between t0y and t3x, and between t3w and t0z, the synchronized
transitions t0y 3x and t3w 0z in N1 ‖ N2 will never be fired. However, all these
possible pairings have to be done, because it is not known a priori which s-labelled
transition of N2 will occur together with which s-labelled transition of N1.
One can consider the place set of the composition as the disjoint union of the
place sets of the components. Therefore, markings of the composition (regarded as
multisets) can be considered as the disjoint union of markings of the components.
Sometimes – e.g. if a bisimulation-like correctness definition (see section 3.2.1) is
2.2. Signal Transition Graphs 21
used –, it is useful to look only at the restriction M Pi of a marking M of the
composition.
A marking M1∪˙M2 of the composition is also denoted by (M1,M2). By defi-
nition of ‖, the firing (M1,M2)[(t1, t2)〉(M ′1,M ′2) of N(N = N1 ‖ N2) corresponds
to the firings Mi[ti〉M ′i in Ni, i = 1, 2; here, the firing of ∗ means that the empty
transition sequence fires. Therefore, all reachable markings of N have the form
(M1,M2), where Mi is a reachable marking of Ni, i = 1, 2.
If the components do not have internal transitions, then their composition
has none. To see that N is deterministic if N1 and N2 are, consider different
transitions (t1, t2) and (t
′
1, t
′
2) with the same label that are enabled under the
reachable marking (M1,M2). The transitions should differ in at least one com-
ponent; suppose t1, t
′
1 are different transitions in N1. It cannot be the case that
t1 is a transition while t
′
1 = ∗, because we would have l((t1, t2)) ∈ In1 ∪ Out1
but l((t′1, t
′
2)) 6∈ In1 ∪ Out1; i.e. l((t′1, t′2)) /∈ A. Therefore, t1 and t′1 are different
transitions with the same label. Because (t1, t2) and (t
′
1, t
′
2) are enabled under the
reachable marking (M1,M2), t1 and t
′
1 are enabled under the reachable marking
M1, which contradicts that N1 is deterministic. But note that N might have
structural auto-conflicts even if none of the Ni has. The example in Fig. 2.13
shows this case.
Up to isomorphism, composition is associative and commutative. Therefore,
the parallel composition of a family (or collection) (Ci)i∈I of STGs can be denoted
as ‖i∈I Ci, provided that no signal is an output signal of more than one of the Ci.
The markings of such a composition will be denoted by (M1, . . . ,Mn) if Mi is a
marking of Ci for i ∈ I = {1, ..., n} where n is the number of an output block in
a partition.

Chapter 3
Existing Decomposition Methods
In the time of imperialism in this world, the strategy ’divide et impera’ is used
by a conqueror to conquer a large country with a small force. He first divides
the large country into two or more parts governed by opposing parties, and then
conquer them, one by one. The same strategy is used by many researchers to
conquer (to analyze and synthesize) a large net (with high concurrency degree)
by dividing it into two or more small nets. I.e. by decomposition, a net is divided
into subnets.
The first motivation for decomposing a P/T net is to analyze it. For example,
to find whether a net is live or not, one must first derive its reachable markings.
This task is difficult and sometimes impossible for a large, highly concurrent net
due to the state explosion problem; i.e. the number r of reachable markings is too
large to handle.
As P/T nets are used more and more to model systems, another problem is
encountered if a circuit is to be synthesized from the net. Because one should
derive the reachable markings of the net as the first synthesis step, the same
problem as when analyzing the net occurs, i.e. the state explosion problem. Not
only that, many of the synthesis algorithms that derive the implementation from
reachable states have exponential complexity. This task is difficult and sometimes
impossible for a large number of reachable states. One can try to alleviate this
problem by using a heuristic algorithm which has polynomial complexity. But
if the problem is large, sometimes one can find only a solution that represents
a local minimum in solution space, i.e. a non-optimal result. Therefore, the
decomposition of P/T nets is used to address the above problems, hoping that
the overall effort and cost of synthesizing the components will be significantly
smaller than for handling the large net.
This chapter begins with the structural decomposition of P/T nets for analysis
purposes – liveness and boundedness of the net. Then STG decomposition for
synthesis from [VW02] is described.
23
24 Chapter 3. Existing Decomposition Methods
3.1 P/T Net Decomposition: Analysis Purpose
The early P/T net decomposition is aimed at analyzing the liveness and bound-
edness of the net. The researchers first looked for the smallest structures of P/T
nets that can be used to characterize liveness and boundedness. This is the cause
for the birth of the siphon and trap definitions, which were first suggested by
[Com72]. [Com72] and [Hac72] used siphons and traps to prove liveness and
safeness of FC nets. Similar approach was also used by [BT87] and [EBS89].
A siphon S which contains a trap Θ which is marked at M0 will always contain
a token; hence the transitions of S• can always be fired. If all the siphons in the
net contain a trap which is marked at M0, then all the transitions in the net can
be fired. For an FC net, this also means that the net is live.
3.1.1. Proposition. An FC net N is live iff every minimal siphon of N contains
a trap which is marked at M0.
Proof: see [Hac72]. 2
3.1.2. Proposition. A live FC net N is safe iff it is covered by SCSM-subnets
which have exactly one token each at M0.
Proof: see Theorem 6.5. in [BT87]. 2
Note that proposition 3.1.2 implies strong connectedness of N .
3.1.3. Proposition. In a live and safe FC net N , if S is a minimal siphon of
N , then S is also a trap.
Proof: see Lemma 6.9. in [BT87]. 2
3.1.4. Proposition. In a live and safe FC net N , a subnet NS induced by a
minimal siphon PS is an SCSM-subnet of N .
Proof: see Lemma 6.10. in [BT87]. 2
3.1.5. Corollary. Let N be a live and safe FC net. Every SCSM-subnet of
N is marked at M0 and there exists an SCSM-cover of N , such that each Ni
belonging to the SCSM-cover has exactly one token at M0.
3.1. P/T Net Decomposition: Analysis Purpose 25
Proof: N is live. Therefore, every minimal siphon contains a trap which is
marked at M0 (proposition 3.1.1). N also is safe; therefore every subnet NS
induced by a minimal siphon PS is an SCSM-subnet of N (proposition 3.1.4).
Hence, being both live and safe, FC net N is covered by SCSM subnets which
have exactly one token each at M0 (proposition 3.1.2). 2
Using a graph theoretical approach, [BL89] characterize minimal siphons in
P/T nets. Based on this characterization, [EBS89] derive a minimal siphon char-
acterization for FC nets.
3.1.6. Proposition. Let N be an FC net, PS ⊆ P a siphon of N and NS the
subnet of N induced by PS ∪ •PS. PS is minimal iff PS is strongly connected and
we have |•t ∩ PS| = 1 for every transition t ∈ NS.
Proof: see [EBS89] 2
Based on proposition 3.1.6, [EBS89] propose an algorithm to find the subnet
NS induced by minimal siphon S. The algorithm concentrates on a specific part
of the net. Beginning with a seed node of the net, it gradually adds parts of the
net (handles) until the subnet is found.
Algorithm S-subnet
Input: A strongly connected FC net with a seed place p
Output: S-subnet induced by the minimal siphon PS
1. PS := {p}; TS := ∅; FS := ∅;
2. while ∃p ∈ PS and ∃t ∈ •p such that (t, p) /∈ FS do
3. get meeting path handle(NS, N, p, t, NH);
4. (∗ NH (which is a path in N but not a path in NS) is a handle of NS that
begins with a node in NS and ends with t, p ∗)
5. PS := PS ∪ PH ; TS := TS ∪ TH ; FS := FS ∪ FH ;
6. (∗ end of while there is still a meeting path of NS ∗)
The algorithm S-subnet begins with NS which has only one seed place p. The
S-subnet NS is found by iteratively adding a meeting path handle to the current
NS, so long as the resulting NS still has meeting paths.
The net in Fig. 2.6 is taken as an example. p2 is the seed place. After adding
p2 to NS, there is a meeting path (t1, p2) that should be extended to a handle.
The extension is the handle H1 = (p2, t0, p1, t3, p0, t1, p2). After adding H1 to NS,
there is still a meeting path (t2, p1) that should be extended to a handle. The
extension is the handle H2 = (p2, t2, p1). After adding H2 to NS, there is no more
meeting path to be found. Hence, NS (the net in the siphon box of the Fig. 2.6)
is an S-subnet and PS is a minimal siphon of N .
The algorithm S-subnet generates S-subnets with the following properties
[EBS89]:
26 Chapter 3. Existing Decomposition Methods
1. The resulting net is strongly connected, because at the beginning there is
only one place and the operation of adding a meeting handle (see defini-
tion 2.1.16 and proposition 2.1.17) preserves strong connectedness.
2. Every transition t in TS has exactly one incoming arc in NS. t has at
least one incoming arc due to strong connectedness, and t has at most one
incoming arc because the added meeting handle always ends in a place.
3. Because all the meeting paths of p ∈ PS are taken, we have TS = •PS; and
because not all choice paths of p ∈ PS are taken, we have TS ⊆ PS•. NS is
an S-subnet of N ; i.e. all the arcs f ∈ F between nodes in NS should also
be in FS. Assume this is not the case, which means there is an arc f ∈ F
between nodes in NS that is not in FS. It could be an arc from a place
p ∈ PS, |p• > 1| to a transition t ∈ TS, |•t > 1|, which cannot be the case in
an FC net; or it could be an arc from a transition t ∈ TS to a place p ∈ PS,
which cannot be the case because all the meeting paths have been taken.
From the above properties, it is obvious that the proposition 3.1.6 is true;
i.e. PS is a minimal siphon of N .
Using the rank theorem, [Esp90] improved the liveness and boundedness char-
acterization of an FC net. [KB92] used this improvement and proposed a polyno-
mial algorithm to decide liveness and boundedness of an FC net. It also decides
state machine decomposability by finding minimal siphons of the FC net using
the [EBS89] algorithm and checks whether the net induced by the minimal siphon
is a state machine.
An improved version of the [Esp90] algorithm proposed by [Kem93] yields a
linear-time algorithm for finding the minimal siphons of a strongly connected FC
net. The C++ implementation of the [Kem93] algorithm and experiment results
can be seen in [War05].
3.2 STG Decomposition: Synthesis Purpose
[Chu87a], [Chu87b], and [KKT93] suggest decomposition methods for STGs, but
these approaches can only deal with very restricted net classes. [Chu87a] only
decomposes live and safe FC nets, which cannot model controlled choices or arbi-
tration, and makes further restrictions; e.g. each transition label is allowed only
once (which makes the STG deterministic in the sense of language theory), and
conflicts can only occur between input signals. The conference version [Chu87b]
restricts attention even further to marked graphs, which have no conflicts at all.
The method in [Chu87a] and [Chu87b] constructs for each output signal s
a component Ci that generates this signal; Ci has as inputs all signals that –
according to the net structure – may directly cause s to change. The component
is obtained from the STG N by contracting all transitions belonging to the signals
3.2. STG Decomposition: Synthesis Purpose 27
that are neither input nor output signals for this component. This contraction is
required to be tr-preserving (as defined in [Chu87a]) , and it might be necessary
to add further signals to the inputs to ensure this.
In [Chu87a] [Chu87b], it is stated that the parallel composition of the Ci – i.e.
the (modular) implementation – has the same language as N ; in the restricted
setting of [Chu87a] [Chu87b], this is the same as having isomorphic reachability
graphs. Clearly, this isomorphism is very strict and not a necessary requirement
for an implementation to be correct (see section 3.2.1). On the other hand,
language equivalence is too weak in general, since it ignores which choices are
possible during a run, and in particular it ignores deadlocks as will be shown in
section 3.2.1.
A similar decomposition method is described in [KKT93]; only marked graphs
with only output signals are considered. In contrast to [Chu87a], a component can
generate several output signals, and different components can generate the same
signal; this gives more flexibility, but the latter feature necessitates additional
components for collecting occurrences of the same signal generated by different
components.
[BW93] and [Wol97] use a decomposition approach like [Chu87a] to imple-
ment a modular asynchronous controller. Also, [KGJ96] use a decomposition
approach for fork/join machines, which are a restricted form of FC STGs. After
decomposition, the results are implemented as distributed burst mode circuits.
3.2.1 Vogler-Wollowski algorithm
The decomposition method from Vogler-Wollowski [VW02] is based on [Chu87a].
In contrast to other methods, it can be applied without restriction to the graph
theoretic structure of the given STG. It can even deal with arc weights greater
than 1 and unsafe nets. It only restricts STG N to be deterministic and synthe-
sizable. Also, the main difference between the algorithm [VW02] and others is
the correctness proof. The algorithm [VW02] is proved to be correct and can be
applied to labelled P/T nets which are more general than STGs. The following
are the features of the algorithm [VW02]:
• The composition of the Ci is ensured to be free of what Ebergen calls com-
putation interference [Ebe92] (see Fig. 3.7 for a computation interference
example), where one component produces an output that is an unspecified
input for another.
• Only behaviour where the environment behaves as specified by the original
STG N is considered, i.e. the composition of the components might specify
additional inputs, but these and any subsequent behaviour is ignored since
they cannot occur if the implementation runs in an appropriate environ-
ment. The same is done e.g. in [Dil88] and [Ebe92], so both these features
are not new – but new in the context of STG decomposition.
28 Chapter 3. Existing Decomposition Methods
These features are achieved with a bisimulation-like correctness definition.
Bisimulation is chosen instead of language equivalence, because bisimulation
can distinguish between deterministic and non-deterministic STG. The STGs in
Fig. 3.1 are language equivalent, i.e. they have the same language {λ, send, send
receive}. But they are not bisimilar. N can simulate N ′ and N ′′. But N ′ cannot
simulate N (N ′ can deadlock after send), also N ′′ cannot simulate N (N ′′ can
deadlock after firing internal λ-transition).
send receive send
send
receive
l
send receive
N N' N''
Figure 3.1. Language equivalent STGs which are not bisimulation equivalent
For deterministic STGs, language equivalence and bisimulation coincide. N ′
and N ′′ in Fig. 3.1 are not deterministic STG; N ′ is not deterministic due to the
dynamic auto conflict and N ′′ is not deterministic due to the internal λ-transition.
The algorithm in [VW02] decomposes a deterministic STG N into component
STGs Ci based on a given partition of the set of output variables, such that each
Ci is responsible for one block of the partition. N should have no structural auto
conflicts to be deterministic and no structural input-output-conflicts to be syn-
thesizable. The partition is required to be feasible, i.e. the outputs in structural
output-output conflict should be in the same block. Each Ci is then extracted
from an initial STG Ni (a copy of STG N), care being taken to keep only the
relevant input signals, which may be global inputs or outputs of other compo-
nents. We say that a signal c is a relevant input signal for an output signal x, if
there is a c-labelled transition t which gives concession to an x-labelled transition
t′. This is the case if t• ∩ •t′ 6= ∅, c ∈ In ∪ Out , and x ∈ Out . Deconcession is
not considered because the output should be feasible and there is no structural
input-output conflict in N . The other signals are irrelevant for Ci, and their
corresponding transitions are silenced into divining transitions (l(t) = λ), which
are securely contracted from STG Ni. The procedure to extract Ci is as follows:
1. Before contracting a divining transition t, the preconditions should be checked
for: that the pre and post arcs of t have weight 1, and that t forms no loop
with any place. Fig. 3.2a shows an STG that violates the arc weight re-
quirement: W (p1, t) = 2; Fig. 3.2b shows an STG that violates the no
loop requirement: t forms a loop with p3. Hence, none of the two fulfil the
preconditions for t-contraction.
It should also be checked whether the secure t-contraction requirement is
fulfilled: either (•t)• ⊆ {t} (either t has no preplaces or every preplace of
3.2. STG Decomposition: Synthesis Purpose 29
[t]
l
[t]
l
p3
p1
p2p2
p1
(a) (b)
2
Figure 3.2. Violation of preconditions for t contraction
t has only t as its posttransition); or •(t•) = {t} and ∀p ∈ t• : MN(p) = 0
(every postplace of t has only t as its pretransition and has no token at
initial marking). A divining transition that violates this secure t-contraction
requirement is a non-secure transition. Fig. 3.3 shows STGs that violate
the no choice place in the pre place requirement: (•t)• = {t, t2} * {t}; the
one in Fig. 3.3a also violates the no meeting place in post place requirement:
•(t•) = {t1, t} 6= {t}. This violation can cause a backfiring if t is contracted;
after t is contracted, firing t1 will enable t2. The one in Fig. 3.3b violates the
post place requirement: @p ∈ t•. After firing t in Fig. 3.3b, the net is dead.
But, if t is contracted, the net is never dead. The one in Fig. 3.3c violates
the no marking in post place requirement: MN(p2) = 1. This violation
can cause a dead net to become alive. After contracting t in Fig. 3.3c, t2 is
enabled. Hence, none of the STGs in Fig. 3.3 fulfills the secure t-contraction
requirements.
[t]
l [t2]
b[t]l [t2]
b
[t1]
a
[t2]
b
[t]
l
p1
p2
p1
p2
p1
(a) (b) (c)
Figure 3.3. Violations of secure t-contraction requirements
If there is a precondition for t-contraction or a secure t-contraction re-
quirement that cannot be fulfilled, then backtracking is performed, i.e. the
sedge-label of t and every other t ∈ Ti labelled with s is restored; and s is
considered as a relevant signal for Ci.
2. If all the above requirements are fulfilled, then a secure transition contrac-
tion (see definition 2.2.2) can be performed.
3. After contraction, it should be checked whether the secure t-contraction has
30 Chapter 3. Existing Decomposition Methods
caused a dynamic auto conflict or not. If it caused a dynamic auto conflict,
then backtracking should be done. Fig. 2.11c shows a case where back-
tracking becomes necessary; because after secure t-contraction of t labelled
λ (Fig. 2.11b), we have t2 labelled with b+ and t4 labelled with b+ in a
structural auto conflict which is also a dynamic auto conflict.
4. If there is a redundant place (see definition 2.1.18) after contraction, it
should be removed together with its incident arcs.
Steps 1-4 are performed on all divining transitions in STG Ni. At the end, after
changing transitions with label a ∈ OutN , a /∈ Outi into input transitions, the
component Ci is obtained.
Secure transition contraction and redundant place deletion is the admissible
operations for [VW02] method.
As an example, the environment STG N for the wechselpuffer example from
Beister is taken (see Fig.3.4a). For the Aout-component, only transitions with
signal Rout are relevant – transitions with label Aout are t1 and t8; t7 gives con-
cession to t1, t9 to t8; t7 and t9 are labelled with Rout. After making a copy of N
as initial Aout-component, all transitions with irrelevant signal label are silenced
(see Fig.3.4b; the labels of the silenced transitions are kept for convenience). Note
that trying to contract t3 or t4 at the beginning will cause backtracking, because
they are non-secure transitions. After secure contraction of t6, t11, t10, and t0 (see
Fig.3.4c), the redundant place p2 14 13 0 1 is deleted. Now, t3 and t4 can be con-
tracted securely (see Fig.3.4d). Further contraction of t2 or t5 is not possible,
because they are non-secure transitions. Hence, backtracking should be done for
both of them; i.e. Rm is added as relevant input signal. After backtracking, the
end Aout-component is obtained (see Fig.3.4e).
The [VW02] algorithm has been proved to be correct according to the following
definition 3.2.1.
3.2.1. Definition. A collection of deterministic components (Ci)i∈I is a correct
decomposition or a correct implementation of a deterministic STG N , if the par-
allel composition C of the Ci is defined, InC ⊆ InN , OutC ⊆ OutN and there
is a relation B between the markings of N and those of C with the following
properties.
1. (MN ,MC) ∈ B
2. For all (M,M ′) ∈ B, we have:
(a) If a ∈ InN and M [a〉〉M1, then either a ∈ InC and M ′[a〉〉M ′1 and
(M1,M
′
1) ∈ B for some M ′1 or a 6∈ InC and (M1,M ′) ∈ B.
(b) If x ∈ OutN and M [x〉〉M1, then M ′[x〉〉M ′1 and (M1,M ′1) ∈ B for some
M ′1.
3.2. STG Decomposition: Synthesis Purpose 31
[ t11 ] Ain-
[ t10 ] Rin-
[ t9 ] Rout-
[ t8 ] Aout-
[ t7 ] Rout+[ t6 ] Ain+
[ t5 ]
Rm-
[ t4 ]
Rd+
[ t3 ]
Rd-
[ t2 ]
Rm+
[ t1 ] Aout+[ t0 ] Rin+
p14
p13
p12
p11
p10
p9p8
p7
p6p5 p4p3
p2
p1
p0
(a)
[ t11 ] Ain-
[ t10] Rin-
[ t9 ] Rout-
[ t8 ] Aout-
[ t7 ] Rout+[ t6 ] Ain+
[ t5 ]
Rm-
[ t4 ]
Rd+
[ t3 ]
Rd-
[ t2 ]
Rm+
[ t1 ] Aout+[ t0 ] Rin+
p14
p13
p12
p11
p10
p9p8
p7
p6p5 p4p3
p2
p1
p0
(b)
x
x
x
x
[ t9 ] Rout-
[ t8 ] Aout-
[ t7 ] Rout+
[ t5 ]
Rm-
[ t4 ]
Rd+
[ t3 ]
Rd-
[ t2 ]
Rm+
[ t1 ] Aout+
p12
p11
p10
p9p8
p7
p6p5 p4p3
p2_14_13_0_1
(c)
[ t9 ] Rout-
[ t8 ] Aout-
[ t7 ] Rout+
[ t5 ]
Rm-
[ t2 ]
Rm+
[ t1 ] Aout+
p12
p11
p10
p9p8
p7
p4_6
p5_3
(d)
[ t9 ] Rout-
[ t8 ] Aout-
[ t7 ] Rout+
[ t5 ]
Rm-
[ t2 ]
Rm+
[ t1 ] Aout+
p12
p11
p10
p9p8
p7
p4_6
p5_3
(e)
Figure 3.4. Finding Aout-component for wechselpuffer example
32 Chapter 3. Existing Decomposition Methods
(c) If x ∈ OutC and M ′[x〉〉M ′1, then M [x〉〉M1 and (M1,M ′1) ∈ B for some
M1.
(d) If x ∈ Out i for some i ∈ I and M ′ Pi [x〉〉, then M ′[x〉〉 (no computation
interference).
Here, and whenever a collection (Ci)i∈I is encountered in the following, Pi
stands for PCi , Out i for OutCi etc.
In the definition 3.2.1, C is allowed to have fewer input signals than N ; the
reasons are as follows: There might be some input signals that are not relevant
for producing the right outputs; whereas N makes some assumptions on the
environment regarding these inputs, C does not – hence, the environment might
produce these signals any time, but they are ignored. Such irrelevant input signals
are called globally irrelevant inputs.
a 54321 yxb
N
4_53 xb1_2
C1
54 yx1_2_3
C2
Figure 3.5. The globally irrelevant input a is not implemented in C1 and C2
Fig. 3.5 shows a very simple example of an STG N and a decomposition into
two components C1 and C2 that can be constructed by the [VW02] algorithm and
have B = {(1, (1 2, 1 2 3)), (2, (1 2, 1 2 3)), (3, (3, 1 2 3)), (4, (4 5, 4)), (5, (4 5, 5))}
– here a marking of N or a component is identified with its single marked place;
the marking of C is denoted by the marking of the components (M1,M2).
Clause 2a of definition 3.2.1 says that an input allowed by the specification is
also allowed by C (or ignored). In Fig. 3.5, b is an input of N and also an input
of C ; If (2)[b〉〉(3) in N , then (1 2, 1 2 3)[b〉〉(3, 1 2 3) in C and (3, (3, 1 2 3)) is
also in B.
In Fig. 3.5, a is only an input of N but not of any component, but still the
components are a correct implementation because (1, (1 2, 1 2 3)) ∈ B and after
(1)[a〉〉(2), (2, (1 2, 1 2 3)) is also in B.
Clause 2b of definition 3.2.1 says that the specified outputs can be generated
by C. In Fig. 3.5, for (3, (3, 1 2 3)) ∈ B and x ∈ OutN ; If (3)[x〉〉(4) in N , then
(3, 1 2 3)[x〉〉(4 5, 4) in C and (4, (4 5, 4)) is also in B.
Clause 2c of definition 3.2.1 says that C produces only the outputs which are
specified in N . In Fig. 3.5, for (3, (3, 1 2 3)) ∈ B and x ∈ OutC ; If (3, 1 2 3) [x〉〉
(4 5, 4) in C , then (3)[x〉〉(4) in N and (4, (4 5, 4)) is also in B.
3.2. STG Decomposition: Synthesis Purpose 33
Remarkably, there is no clause requiring a match for inputs of C. If M ′[a〉〉M ′1
for some input a, then either M [a〉〉M1, in which case the uniquely defined M ′1
and M1 match (in B after firing a), or the input is not specified; in the latter case,
the environment is not supposed to supply it, such that this potential behaviour
of C which will never occur in an appropriate environment can be ignored, i.e. one
that satisfies the assumption of the specification.
The usefulness of this feature is demonstrated by the simple example in Fig-
ure 3.6: C1 and C2 are an intuitively correct decomposition of N (obtained by
[VW02] algorithm), since together they answer an input a by x and a following
b by y, just as specified. But in C1 ‖ C2, which is just the disjoint union of C1
and C2, b is enabled initially in contrast to N . Note that this implies that N and
C1 ‖ C2 are not language equivalent, as e.g. required in [Chu87a] [Chu87b].
N
a 54321 ybx
3_4_52 xa1
C1
54 yb1_2_3
C2
Figure 3.6. Specification does not need to simulate input of C1 ‖ C2
The fourth clause, 2d of definition 3.2.1 is a requirement that could easily be
overlooked: if, in state M ′, Ci on its own could generate an output x that is an
input of some Cj, but not allowed there, then there simply exists no x-labelled
transition enabled under M ′ due to the definition of parallel composition; but x
is under the control of Ci, so it might certainly produce this output, and we must
make sure that it is present in C, i.e. does not lead to a failure of Cj for instance.
An example is shown in Figure 3.7. The parallel composition C of C1 and C2
looks very much the same as N , and they certainly have the same language - they
are even bisimilar. But putting circuits for C1 and C2 together, C1 will possibly
produce output x after receiving input a; firing x – which is an input transition
in C2 – after a has been fired is not allowed in C2 and can cause a failure in C2.
In C, x cannot occur after a alone; this occurrence is also not specified in N ,
and therefore C1 and C2 should not be a correct decomposition of N – and they
are indeed not one due to the fourth clause. The correct decomposition of N is
shown in Fig. 3.8.
34 Chapter 3. Existing Decomposition Methods
xa
C1
b
C2
yx
yb
xa
C
N
b
x
a
y
Figure 3.7. A computation interference example
Figure 3.8. Correct decomposition of N for example in the Fig. 3.7
Chapter 4
Improvements for [VW02] algorithm
The [VW02] algorithm requires the initial STG to have no auto-concurrency, no
dynamic auto-conflict and no dummy transitions. Auto-concurrency of a signal
is physically impossible. In [VW02], structural instead of dynamic conflict is
checked for. This can be over cautious because there may actually be no dynamic
conflict in spite of the structural one. The exclusion of dummy transitions also
is too restrictive in practice. For example, the dummy transitions normally used
for synchronization are deterministic and can be removed from the initial STG
by secure t-contraction before decomposition.
To increase algorithm efficiency and achieve better results, backtracking should
be avoided if possible. This can be achieved by changing the order of contraction,
deleting loop-only dummy transitions and transforming a non-secure t-contraction
into a secure one. Also efficiency of the algorithm can be increased by reuse of
intermediate component.
Following are improvements that will increase applicability of the algorithm,
give better decomposition results and increase algorithm efficiency.
4.1 Grouping and ordering divining transitions
The efficiency of the algorithms and the quality of their results depend on the
order in which the transitions are contracted. Good strategies are those where
all of the transition belonging to a group characterized by certain features are
contracted one by one before contraction of another group is started. There
are two useful groupings: grouping by the same signal label, and grouping of
transitions in conflict with one another.
Grouping transitions by signal label is important in the case of backtrack-
ing. Backtracking is done by adding transitions with the same signal label l(t)
as transition t whose removal caused backtracking. Therefore, contracting transi-
tions with the same signal label has an advantage that by backtracking – adding
back transitions with signal label s, the algorithm needs only to continue from
35
36 Chapter 4. Improvements for [VW02] algorithm
the intermediate component before the group with signal s is contracted. This
strategy can increase algorithm efficiency, because there is no need to begin from
the initial net or from any other intermediate component except the one from
which the first transition with signal label s was contracted. Another advantage
of grouping transitions by signal label: intermediate decomposition results can
also be reused for other components. For example, the intermediate component
after contracting globally irrelevant input signals can be reused as the initial com-
ponent for all the components; i.e. there is no need to begin with the initial net.
For more detail about reuse, see section 4.2.
Recall that backtracking should be done if a transition t cannot be contracted.
This is the case if:
1. t does not fulfill the preconditions for contraction due to an arc weight > 1
or a loop on a divining transition.
2. t is a non-secure transition, or
3. contracting t causes a new structural auto-conflict.
One can see that backtracking is mostly due to transitions in conflict. Hence, it
might also be useful, to begin by contracting transitions which are in conflict with
a group of transition with the same signal label. So, if backtracking is needed it
can be done directly, before other transitions in the group are contracted. With
this strategy, some contraction can be saved. This strategy however can lead to
unnecessary backtracking as shown below.
Grouping transitions with the same signal label can only increase algorithm
efficiency; but grouping transitions which are in conflict can also yield better
decomposition results. This grouping is imposed to find a loop-only divining
transition or a duplicate transition which can only be found with correct grouping
and ordering of divining transitions; i.e. the divining transitions which are not in
conflict should be contracted first. Without grouping, unnecessary backtracking
may have to be done, which results in a larger component than needed. For
example, see Fig. 4.12a: if t3 is contracted first, then backtracking should be
done because t3 is a non-secure transition. Also, in Fig. 4.12c: if t7 or t4 is
contracted first, then backtracking should be done because, t7 and t4 are non-
secure transitions. Therefore, transitions in conflict should be contracted last.
In some cases, after contracting other transitions, transitions which were non-
secure become secure. This case needs a reordering approach: if there is a secure
t-contraction requirement that cannot be fulfilled during contraction, then the
transition is reordered by attaching it to the end of the queue of transitions to be
contracted. The same t is reordered again, only if the queue has become shorter
since the last reordering of t, i.e. if at least one other divining transition has been
contracted; if not, backtracking should be done, because t cannot be securely
contracted. The example for this case is shown in the wechselpuffer example
4.2. Reuse of intermediate components 37
(Fig. 3.4). In the example, if t3 or t4 is contracted first, then backtracking should
be done, because t3 and t4 are non-secure transitions. But, after contracting other
transitions, t3 and t4 become secure; i.e. unnecessary backtracking are avoided.
From the above discussion, the general procedure to assure better decomposi-
tion results and good efficiency is as follows: First, group divining transitions that
have the same signal. From each group, divining transitions that are in conflict
are ordered so as to be contracted first. During contraction, if a transition t is
non-secure, then insert t and all the transitions that have the same signal label
at the end of the queue. When all divining transitions (except the newly inserted
ones in the queue) have been contracted, transitions in the queue which are in
conflict are grouped together and ordered so as to be contracted last. If there is a
secure t-contraction requirement that cannot be fulfilled during contraction, then
the transition is reordered (placed at the end of the queue of transitions to be
contracted). The same t is reordered again, only if the queue has become shorter
since the last time t was moved; if not, backtracking should be done, because t
cannot be securely contracted.
4.2 Reuse of intermediate components
Instead of beginning each output block from the initial STG, one can sometimes
reuse the intermediate component from an output block as the initial component
for other output blocks. This strategy will be called reuse of intermediate com-
ponents strategy. Reuse of intermediate components can increase the efficiency
of decomposition algorithm. It is suggested in [VW02] and [VK07], and proved
to be correct in [SV05]. The intermediate component from an output block can
be reused as initial component for other output blocks only if they have common
irrelevant signals. The intermediate component reached after removing dummy
transitions and globally irrelevant signals can be reused by all output blocks in a
partition; it will be called the global intermediate component.
If reuse of intermediate components is planned, then from the copy of the
initial STG, only transitions with common irrelevant signal labels are silenced.
As a consequence, if a transition cannot be contracted and backtracking should
be done, it does not mean that the signal l(t) should be added as relevant for
all output blocks. For example, in the case that t cannot be contracted due to a
new structural auto-conflict between t1 and t2, only output blocks where l(t1) is
relevant should add l(t) as relevant signal.
An example of a global intermediate component is locked2 in Fig. 4.13. Fig. 4.13a
shows the initial net with the dummy transitions t25 and t26 already silenced, and
its global intermediate component in Fig. 4.13b. But on inspection, input signals
a and D seem to be globally irrelevant. This is tested by extracting the rdy-
component (Fig. 4.13c,d,and Fig. 4.14a with removal of acka, ackd, and s). But
trying to contract t0 (a+) or t1 (D+) – see Fig. 4.14c and d – results in a new
38 Chapter 4. Improvements for [VW02] algorithm
structural auto-conflict between t3 and t14 (both labelled c+). Hence, a and D
are not globally irrelevant. As shown in Fig. 4.14b, they are relevant signals of
the rdy-component.
Figure 4.1. Reuse of intermediate component
Another example for the reuse of an intermediate component is shown in
Fig. 4.1. In the initial net (Fig. 4.1a), one finds the relevant signals c for the x-
and the y-component and a for the z-component. Hence, the potentially irrelevant
signals are a, b, z, y for the x-component, a, b, z, x for the y-component and b, c, x, y
for the z-component. The only potential globally irrelevant signal, then seems to
be b.
An apparently global intermediate component is obtained by deleting dummy
transition t12 and the apparently globally irrelevant signal b. But after contract-
4.3. Deleting loop-only dummy transitions 39
ing t4, t5 cannot be deleted because it has become a non-secure transition(see
Fig. 4.1b).
A good candidate for reuse is shown in Fig. 4.1d, obtained by contracting
z+, z−, and a− from Fig. 4.1b, and a+ and b+ from the resulting intermediate
component Fig. 4.1c. For further decomposition, the xy-component in Fig. 4.1d
can be used for extracting the y-component, and reused for obtaining the x-
component. Another possibility for reuse is between y- and z-component, which
has common irrelevant signals x, b. But this does not bring too much advantage,
because after contracting t4 and transitions t8 and t11 with signal label x, t5
cannot be contracted because it has become insecure , hence backtracking must
restore the b− transition t4, x+ transition t8 and x− transition t11 (see Fig. 4.1b).
The greatest advantage is got by reuse the intermediate component after con-
tracting transitions with signal label z, a, b. After contracting transitions with
signal label z (t1, t3), transitions with signal label a, b are placed at the end of a
queue because t0 and t5 are non-secure transitions. The transitions with signal la-
bel a, b are ordered such that transitions which are not in conflict, are contracted
first; i.e. (t2, t4, t0, t5). After contracting t2 and t4, t5 is found to be a duplicate
divining transition of t0 and vice versa (see Fig. 4.1c). t5 can be deleted and t0 can
be contracted securely. Hence, as a rule of thumb for reuse intermediate compo-
nent: choose output blocks which have the largest number of common irrelevant
signals. The result is shown in Fig. 4.1d.
Note that the causes of backtracking are the arc weight, the choice place, and
the meeting place. Hence in a marked graph (a subclass of ordinary nets), which
has no choice or meeting place, there will be no backtracking; i.e. the decompo-
sition result is deterministic; it depends only on the output block partition. This
has been proved formally in [SVJ05].
4.3 Deleting loop-only dummy transitions
If we securely contract a dummy transition t, not only may t become a loop-only
transition – a transition t such that •t = t•, and t forms a loop with every p ∈ •t
– but another dummy transition t′ might also become a loop-only transition.
Hence we can also delete t′ and all its incident loop arcs as we normally do during
secure contraction; for we don’t care whether the loop-only dummy transition
fires or not, or how many times it fires. Fig. 4.2b shows an STG with a dummy
transition t′ that became a loop-only transition when t was securely contracted
in the STG in Fig. 4.2a. We can safely delete t′, because we care only that c+ fires.
In an initial STG, there should be no loop-only transitions, except loop-only
dummy transitions that we can remove safely. If there is a loop-only input tran-
sition, then the STG is not consistent. If it is a loop-only output transition,
then the STG is not only inconsistent, but also not hazard free due to dynamic
40 Chapter 4. Improvements for [VW02] algorithm
p1,p2
[t1]
a+
[t3]
c+
[t']l[t']l
[t3]
c+
[t]
l
[t1]
a+
p2
p1
(a) (b)
Figure 4.2. STG (a) initial, (b) after contracting t
input-output conflicts if it is in conflict with input transition.
4.4 Deleting duplicate transitions
One of the improvements in [VK07], [VK05] over [VW02] is the deletion of du-
plicate divining transitions. But they may also be duplicate input transitions: a
transition t, and another transition t′ with the same label l(t′) = l(t) which has
arcs to and from the same places and with the same arc weight as t. Such dupli-
cate transition are redundant and can be removed. If they are not removed, then
there will be auto-conflicts which force the decomposition algorithm to backtrack.
Backtracking will result in a larger component, and this is avoided by deleting all
duplicate transitions with the same sedge label except one.
[ t2 ]b
[ t1 ]
b
[ t2 ]b[ t2 ]b
b
[ t0 ]
l
p2
p0_1p0_1
p2p2
p1
p0
(a) (b) (c)
[ t1 ]
Figure 4.3. (a) a net N (b) after contracting transition t0, (c) after deleting
duplicate transition t1
Fig. 4.3 shows an example of a duplicate input transition sedge label. Note
that there will be no duplicate output transitions unless they are already present
in the initial net.
4.4.1. Proposition. Deleting duplicate input transitions is an admissible oper-
ation.
4.5. Transition fusion 41
Proof: Having the same input places, t and t′ will be enabled together. Being
in dynamic auto-conflict, either t but not t′, or t′ but not t will be fired. Because
t and t′ have the same output places, the same marking will be reached regard-
less of whether t or t′ is fired. Obviously, then, removal of t, or alternatively
of t′ will make no difference; i.e. the removal of one of the two transitions will
introduce neither new conflicts nor cause new concessions to be given to output
transitions by divining concessions. In fact, deleting duplicate input transition t
of input transition t′ also transforms the intermediate component N into a bisim-
ilar intermediate component N ′; because M [l(t)〉〉M1 in N can be simulated by
M ′[l(t′)〉〉M ′1 in N ′; and M ′[l(t′)〉〉M ′1 in N ′ can be simulated by either M [l(t)〉〉M1
or M [l(t′)〉〉M1 in N . 2
Furthermore, the results after deleting duplicate input transitions are synthe-
sizable; i.e. it does not introduce new auto-concurrency, new auto-conflicts, or
new input-output conflicts and it preserves consistency.
4.5 Transition fusion
Only a deterministic STG is synthesizable. Therefore, it is the specifier’s respon-
sibility to ensure that there is no dynamic auto-conflict in his or her specification.
Therefore it is suggested to ask the specifier whether a specified auto-conflict is
dynamic or not. If it is dynamic, then the specifier must either change his or her
specification or allow internal transitions to be inserted.
If it is just a structural conflict, then the specifier can leave the specification
as it is, to be handled by the improved decomposition algorithm [VK07] or allow
the transition in structural conflict to be fused. Transition fusion [KVWB04]
yields a more straightforward specification by fusing pseudo auto-conflicts. Each
transition which is in structural auto-conflict should have so-called control places;
otherwise the conflict is dynamic. Transition fusion fuses transitions which are
in structural conflict, but have control places, into a new transition, and changes
the original transitions into dummy ones. Transition fusion can be applied to the
initial net or an intermediate component (if a new structural auto-conflict arises).
The following is the procedure to fuse two transitions in structural auto-
conflict, but with control places. Let N be an STG in which t1, t2 ∈ T are
labelled with the same sedge,
•t1 ∩ •t2 = S 6= ∅, •t1 − S 6= ∅, •t2 − S 6= ∅; and for
all conflict places pc ∈ S, let W (pc, t1) = 1, W (pc, t2) = 1. We will have Nfuse
after fusing t1 and t2 of N as follows:
1. Copy N , to obtain an initial Nfused.
2. Add new merge places from the control places, add a new place pnew:
Pfused = {p | p ∈ P} ∪ {(p1, p2) | p1 ∈ •t1 − S, p2 ∈ •t2 − S} ∪ {pnew}
MNfused((p1, p2)) = MN(p1) +MN(p2)
42 Chapter 4. Improvements for [VW02] algorithm
Wfused((p1, p2), t) = W (p1, t) +W (p2, t), ∀t ∈ T − {t1, t2}
Wfused(t, (p1, p2)) = W (t, p1) +W (t, p2), ∀t ∈ T − {t1, t2}
MNfused(pnew) = 0
3. Add new fuse transition tnew with the same label as t1, add an arc from tnew
to pnew; change the label of t1 and t2 to the empty label:
Tfused = T ∪ {tnew}
lfused(tnew) = lN(t1)
Wfused(tnew, pnew) = 1
lfused(t1) = λ
lfused(t2) = λ
4. Introduce causality to the new fuse transition by adding an arc from each
merge place to tnew:
Wfused((p1, p2), tnew) = 1
5. Add arcs from the choice places pc ∈ S to tnew, remove the arcs from the
choice places to t1 and t2; and add arcs from pnew to t1 and t2:
Wfused(pc, tnew) = 1
Wfused(pc, t1) = 0
Wfused(pc, t2) = 0
Wfused(pnew, t1) = 1
Wfused(pnew, t2) = 1
After transition fusion, t1 and t2 are securely contracted. If t1 or t2 must not
be contracted because contraction would not be secure, then we undo the fusion.
An example follows.
Fig. 4.4a is the VME bus controller STG (repeated again for convenience).
The STG has a structural auto-conflict between lds+-labelled transitions t3 and
t10 with control places p2 and p12. Hence we fuse the transitions as follows: First,
we add the merge place p2 12 (MNfused(p2 12) = MN(p2)+MN(p12) = 0), arcs from
t1 and t12 to p2 12, and the new place p17 (MNfused(p17) = 0). After that, we add
the new transition t17 with label lds+, add an arc from t17 to p17, and change the
labels of t3 and t10 to λ (see Fig. 4.5a). We also move the causality to the new
fuse transition by adding an arc from p2 12 to t17 (see Fig. 4.5b). Finally, we add
an arc from p16 to t17, remove the arcs from p16 to t3 and t10, and add arcs from
p17 to t3 and t10. Fig. 4.5c shows the STG after transition fusion. Fig. 4.4b shows
the STG after secure contraction of t3 and t10.
If contraction of t1 and t2 introduces another structural auto-conflict with
control places, then repeat transition fusion. If the pre transitions of the control
places are a subset of, or the same as the pre transitions of the merge place from
the previous fusion, and if the post transitions of the control places are only the
transitions in structural auto-conflict, then we don’t need to create another merge
place for the current fusion; because causality is already preserved by the merge
4.5. Transition fusion 43
[t16]
lds-
[t15]
ldtack-
[t14]
dsw-[t13]
ds-
[t12]
ds+
[t11]
ldtack+
[t9]
dtack+
[t8]
ds-[t7]
dtack+
[t6]
dsr-
[t5]
ldtack+
[t4]
ds+
[t2]
dsw+[t1]
dsr+
[t0]
dtack-
[t17]
lds+
[t16]
lds-
[t15]
ldtack-
[t14]
dsw-[t13]
ds-
[t12]
ds+
[t11]
ldtack+
[t10]
lds+
[t9]
dtack+
[t8]
ds-[t7]
dtack+
[t6]
dsr-
[t5]
ldtack+
[t4]
ds+
[t3]
lds+
[t2]
dsw+
[t1]
dsr+
[t0]
dtack-
p16
p15
p14
p13
p1 2_10
p11
p9
p8p7
p6
p5
p4
p 2_3
p1
p0
p17_3_10
p2_12
p16
p15
p14
p13
p12
p11
p10
p9
p8p7
p6
p5
p4
p3
p2
p1
p0
(a) (b)
Figure 4.4. VME STG (a) initial, (b) after fusing and then contracting t3 and t10
Figure 4.5. Steps of the fusion of t3 and t10
44 Chapter 4. Improvements for [VW02] algorithm
place from the previous fusion. Let N be an STG in which t3, t4 ∈ Tfused are
labelled with the same sedge,
•t3 ∩ •t4 = S 6= ∅, •t3 − S 6= ∅, •t4 − S 6= ∅; and for
all conflict places p′c ∈ S, let W (p′c, t3) = 1, W (p′c, t4) = 1. We need no new merge
place if p3 ∈ •t3−S, p4 ∈ •t4−S, •p3 ∪ •p4 ⊆ (p1, p2)•, p3• = t3, and p4• = t4 and
we fuse t3, t4 of Nfused as follows:
1. Copy Nfused to obtain an initial N
′
fused.
2. Add new place p′new:
P ′fused = P ∪ {p′new}
MN ′fused(p
′
new) = 0
3. Add new transition t′new with the same label as t3, add an arc from t
′
new to
p′new; change the label of t3 and t4 to λ:
T ′fused = T ∪ {t′new}
l′fused(t
′
new) = lN(t3)
W ′fused(t
′
new, p
′
new) = 1
l′fused(t3) = λ
l′fused(t4) = λ
4. Add arc from choice place to t′new, remove the arcs from choice places p
′
c ∈ S
to t3 and t4; and add arcs from p
′
new to t3 and t4:
W ′fused(p
′
c, t
′
new) = 1
W ′fused(p
′
c, t3) = 0
W ′fused(p
′
c, t4) = 0
W ′fused(p
′
new, t3) = 1
W ′fused(p
′
new, t4) = 1
The STG in Fig. 4.4b now has a new structural auto-conflict between the
ldtack+-labelled transitions t5 and t11 with control places p2 3 and p12 10. Hence
we can fuse these transitions, but this time we don’t need to create a new merge
place because •p2 3 ∪ •p12 10 = •p2 12 = {t1, t12}; and p2 3• ∪ p12 10• = {t5, t11}
which are the transitions in structural auto-conflict (causality is already preserved
by the merge place from the previous contraction). The transition fusion proce-
dure is easier. We need only to add a new place p18 (MN ′fused(p18) = 0), add the
new transition t18 with label ldtack+, add an arc from t18 to p18, and change the
labels of t5 and t11 to λ. Finally, we add an arc from p17 3 10 to t18, remove the
arcs from p17 3 10 to t5 and t11, and add arcs from p18 to t5 and t11. Fig. 4.6a shows
the STG after transition fusion. Fig. 4.6b shows it after secure contraction of t5
and t11. There is no other structural auto-conflict in the specification. Hence, no
more transition fusion is needed.
4.5. Transition fusion 45
[t16]
lds-
[t15]
ldtack-
[t14]
dsw-[t13]
ds-
[t12]
ds+
[t9]
dtack+
[t8]
ds-
[t7]
dtack+
[t6]
dsr-
[t4]
ds+
[t2]
dsw+[t1]
dsr+
[t0]
dtack-
[t17]
lds+
[t18]
ldtack+
[t18]
ldtack+
[t17]
lds+
[t0]
dtack-
[t1]
dsr+ [t2]
dsw+
[t4]
ds+
[t5]
l
[t6]
dsr-
[t7]
dtack+
[t8]
ds-
[t9]
dtack+
[t11]
l
[t12]
ds+
[t13]
ds- [t14]
dsw-
[t15]
ldtack-
[t16]
lds-
p16
p15
p14
p13
p9
p8p7
p6
p4
p1
p0
p1 8_5_11p18
p2_12
p0
p1
p 2_3
p4
p5
p6
p7 p8
p9
p11
p12_10
p13
p14
p15
p16
p17_3_10
(a) (b)
p2_12
p2_3_5
p1 2_10_11
p17_3_10
Figure 4.6. VME STG. (a) after fusing t5 and t11, (b) after contracting t5 and t11
46 Chapter 4. Improvements for [VW02] algorithm
In an intermediate component, there may be a new structural auto-conflict be-
tween transitions t1 and t2 such that t1 and t2 do not give concession or deconces-
sion to any output transition; such a conflict is called a new pseudo auto-conflict.
In a FC net, if there is a dynamic auto-conflict in the initial net, then the
specifier can change his or her specification by transition fusion; or if there is a
new pseudo auto-conflict in the intermediate component, then transition fusion
can help to obtain a better end component.
The procedure is almost the same as above: Let N be an STG in which
t1, t2 ∈ T are labelled with the same sedge, •t1 ∩ •t2 = {p}, •(p•) = {p}, t1, t2 of
N is fused as follows:
1. Copy N to obtain an initial N ′.
2. Add new place p′new:
P ′ = P ∪ {p′new}
MN ′(p
′
new) = 0
3. Add new transition t′new with the same label as t1, add an arc from t
′
new to
p′new; change the label of t1 and t2 to λ:
T ′ = T ∪ {t′new}
l′(t′new) = lN(t1)
W ′(t′new, p
′
new) = 1
l′(t1) = λ
l′(t2) = λ
4. Add arc from choice place p to t′new, remove the arcs from p to t1 and t2;
and add arcs from p′new to t1 and t2:
W ′(p, t′new) = 1
W ′(p, t1) = 0
W ′(p, t2) = 0
W ′(p′new, t1) = 1
W ′(p′new, t2) = 1
In Fig. 4.7a, a and b are globally irrelevant signals. To find the global in-
termediate component t0, t10, t1, and t12 should be contracted. But contracting
these transitions introduces a new structural auto-conflict between t3 and t2 (see
Fig. 4.7c). This conflict is a new pseudo auto-conflict because t3 and t2 do not
give concession or deconcession to any output transition. Hence, transition fusion
could be applied. The new place p15 and the new transition t16 with label c+
are added. Arcs from p0 1 2 to t16, from t16 to p15 and from p15 to t3 and t2 are
added. The arcs from p0 1 2 to t3 and t2 are removed, and t3 and t2 are silenced
(see Fig. 4.7d). The net after contracting t3 and t2 is shown in Fig. 4.7e, which
is smaller than if backtracking due to pseudo new auto-conflict were done.
4.5. Transition fusion 47
[ t15 ]
y-
[ t14 ]
c-
[ t13 ]
e-
[ t12 ]
b-
[ t11 ]y+
[ t10 ]
a-
[ t9 ]
d-
[ t8 ]
c-
[ t7 ]
x-
[ t6 ]x+
[ t5 ]
d+
[ t4 ]
e+
[ t3 ]
c+
[ t2 ]
c+
[ t1 ]
b+
[ t0 ]
a+
p14
p13
p12
p11p10
p9
p8
p7 p6 p5
p4 p3
p2p1
p0
[ t15 ]
y-
[ t14 ]
c-
[ t13 ]
e-
[ t11 ]y+
[ t9 ]
d-
[ t8 ]
c-
[ t7 ]
x-
[ t6 ]x+
[ t5 ]
d+
[ t4 ]
e+
[ t3 ]
c+
[ t2 ]
c+
p14_11
p13
p12p9
p8
p7_10
p6 p5
p4 p3
p0_1_2
[ t15 ]
y-
[ t14 ]
c-
[ t13 ]
e-
[ t11 ]y+
[ t9 ]
d-
[ t8 ]
c-
[ t7 ]
x-
[ t6 ]x+
[ t5 ]
d+
[ t4 ]
e+
[ t16 ]
c+
p14_11
p13
p12p9
p8
p7_10
p6 p5
p0_1_2
p15_4_3
[ t0 ]
a+
[ t1 ]
b+
[ t2 ]
c+
[ t3 ]
c+
[ t4 ]
e+
[ t5 ]
d+
[ t6 ]x+
[ t7 ]
x-
[ t8 ]
c-
[ t9 ]
d-
[ t10 ]
a-
[ t11 ]y+
[ t12 ]
b-
[ t13 ]
e-
[ t14 ]
c-
[ t15 ]
y-
p0
p1 p2
p3p4
p5p6
p7
p8
p9
p10 p11
p12
p13
p14
[ t16 ]
c+
[ t2 ]
c+
[ t3 ]
c+
[ t4 ]
e+
[ t5 ]
d+
[ t6 ]x+
[ t7 ]
x-
[ t8 ]
c-
[ t9 ]
d-
[ t11 ]y+
[ t13 ]
e-
[ t14 ]
c-
[ t15 ]
y-
p15
p0_1_2
p3p4
p5p6p7_10
p8
p9 p12
p13
p14_11
(a)
(b) (c)
(d) (e)
Figure 4.7. New pseudo auto-conflict example
48 Chapter 4. Improvements for [VW02] algorithm
4.6 Inserting internal signals
There are cases where an internal signal should be inserted into the specification
(see also [Wol97]). For example, if there is a dynamic auto-conflict between out-
put transitions, then the circuit should arbitrate between them. By arbitration,
the internal cicuit should first decide which of the simultaneous requests will be
granted. To find this arbitration component, an internal signal needs to be in-
serted into the specification; because it is not allowed to decompose a specification
with a dynamic auto-conflict.
Now, it is proposed that such a component could be further decomposed (even
if it is responsible for only a single output signal) into smaller subcomponents
that communicate, also using newly introduced signals that remain internal to
the larger component.
The internal transition inserted should not enable or disable an input tran-
sition because the environment cannot observe the internal transition and such
enabling or disabling can cause circuit malfunction. To have a safe insertion
without changing the interface of the system, transition refinement is introduced
for internal signal insertion. The output transition is refined into an internal
transition which gives concession to the output transition. The signal label for
the internal transition should be consistent. Therefore, toggle transitions are
introduced here for the internal signals. Toggle transitions were suggested by
[VYCLdM94]. Fig. 4.8 shows the refinement of a toggle transition into a pair of
edge transitions.
[ t2 ]
a-
[ t1 ]
a+
[ t0 ]
a~
p5
p4
p1
p0
p1
p0
(a) (b)
Figure 4.8. (a) toggle transition t0 (b) refinement of t0
The only constraint for inserting internal toggle transitions is that output
transitions should not be in structural input-output conflict with another transi-
tion. Formally: for output transitions t1, t2 in dynamic auto-conflict – t1, t2 not in
structural input-output conflict with another transition t –, t1 is refined into t1 int
with l(t1 int) =
′int1 ∼′ , p1 int withMN(p1 int) = 0 and t1 out with l(t1 out) = l(t1);
t2 is refined into t2 int with l(t2 int) =
′int2 ∼′, p2 int with MN(p2 int) = 0 and
t2 out with l(t2 out) = l(t2). Add arcs from t1 int to p1 int, from t2 int to p2 int, from
p1 int to t1 out, and from p2 int to t2 out.
4.6. Inserting internal signals 49
[ t4_int ]
int4~[ t1_int ]
int1~
[ t12 ] R- [ t7 ]R-
[ t4_out]
R+
[ t1_out]
R+
[ t15 ]
G1-
[ t14 ]
G2-
[ t13 ] R1-
[ t11 ] G-
[ t10 ]
G1+
[ t9 ]
G2+
[ t8 ]G-
[ t6 ]R2-[ t5 ]G+
[ t3 ]
R2+
[ t2 ] G+
[ t0 ]
R1+
p4_intp1_int
p16
p15
p14
p13
p12
p11
p10
p9
p8
p7
p6p5
p4
p3
p2
p1
p0
(a)
(b)
Figure 4.9. (a) NEI-arbiter [Wol97] (b) adding internal toggle transition to NEI-
arbiter
50 Chapter 4. Improvements for [VW02] algorithm
[ t4_int ]
int4~[ t1_int ] int1~
[ t12] R- [ t7 ]R-
[ t4_out]R+
[ t1_out]
R+
[ t15]
G1-
[ t14]
G2-
[ t13] R1-
[ t11 ] G-
[ t10]
G1+
[ t9 ]
G2+
[ t8 ]G-
[ t6 ]R2-[ t5 ]G+
[ t3 ]
R2+
[ t2 ] G+
[ t0 ]
R1+
p4_intp1_int
p16
p15
p14
p13
p12
p11
p10
p9
p8
p7
p6p5
p4
p3
p2
p1
p0
[ t4_int ]
int4~[ t1_int ] int1~
[ t15 ]
G1-
[ t14 ]
G2-
[ t13 ] R1-
[ t10 ]
G1+
[ t9 ]
G2+
[ t6 ]R2-
[ t3 ]
R2+
[ t0 ]
R1+
p4_int_4_5p1_int_1_2
p16
p15
p14
p11_12_13
p10
p7_8_9
p6
p3p0
NEI_Arbiter
output block
arbiter block
int1 int4
resource
req
ue
ste
r 1
req
ue
ste
r 2R1
G1
R2
G2
RG
Figure 4.10. Decomposed NEI arbiter from Fig. 4.9b into the arbitration net
(above) and the residual net (below)
4.7. Securing non-secure t-contractions 51
In the following example, the NEI arbiter from [Wol97] has a structural auto-
conflict between output transitions t1 and t4 (see Fig. 4.9a). t1 is refined into t1 int
and t1 out. t4 is refined into t4 int and t4 out (see Fig. 4.9b). After decomposition,
the circuit is divided into two blocks: the one that produces outputs R,G1,
and G2 for the environment, and the arbitration block (see Fig. 4.10). This
division is important, because the arbitration circuit needs special treatment for
implementation and it is normally available as a library element. With internal
signal insertion and decomposition, the designer does not need to reinvent the
arbiter; he or she just take the one from the library and connects it to the rest of
the circuit.
Inserting internal toggle transitions is easy and is permissible in most cases.
But the resulting circuit maybe more complex than if internal edge transitions
were inserted. The problem with inserting internal edge transition is where to
insert the opposite edge; because such insertion should preserve consistency and
the interface of the circuit – i.e. it should not give concession or deconcession to
an input transition. In the case of the NEI arbiter example, inserting the internal
edge transitions is possible ( see [Wol97] ).
4.7 Securing non-secure t-contractions
Before contracting a transition, we should check whether the contraction would
be secure; if it isn’t, we should backtrack. But in some cases, non-secure con-
tractions can be made secure by splitting places and duplicating transitions, so
that backtracking can be avoided (see also [Wol97]). The contraction of t is not
secure if a pre place of t is a choice place and a post place of t is a meeting place
– (•t)• 6= {t} and •(t•) 6= {t}. Such a non-secure contraction can be transformed
into a secure one by the following procedure (see Fig. 4.11 for an example):
1. Copy N to obtain an initial Nsec
2. Split the meeting place pmeet by adding p
′
meet, where pmeet ∈ t•, •pmeet−{t} =
R and R 6= ∅:
Psec = P ∪ {p′meet}
MNsec(p
′
meet) = MN(pmeet)
MN(pmeet) = 0
Wsec(t
′, p′meet) = W (t, pmeet), ∀t′ ∈ R
Wsec(t
′, pmeet) = 0, ∀t′ ∈ R
3. Duplicate the post transitions tdup of the meeting place where tdup ∈ pmeet•
and •tdup = {pmeet}, by adding copies t′dup:
Tsec = T ∪ {t′dup}
Wsec(p
′
meet, t
′
dup) = W (pmeet, tdup)
We only need to add post arcs for t′dup:
Wsec(t
′
dup, p) = W (tdup, p), ∀p ∈ P
52 Chapter 4. Improvements for [VW02] algorithm
If tdup is a fork transition, then transformation cannot be done because it
will cause a new structural auto-conflict.
Fig. 4.11a shows an STG that has a non-secure dummy transition t: the pre place
p1 of t is a conflict place and the post place p2 of t is a combination place. Besides,
there is a token on p2. Hence to make dummy transition t secure, p2 should no
longer be a combination place, and there should no longer be a token on it. First,
split the combination place p2 by adding a new place p
′
2. Remove the token from
p2 and place it on p
′
2 instead (see Fig. 4.11b). Then we can add the transition
t′3 which duplicates t3 (not a non-secure dummy transition), add an arc from the
new place p′2 to duplicate transition t
′
3, and an arc from t
′
3 to p3. Now the dummy
transition t can be securely contracted (see Fig. 4.11c).
[t'
3
]
c+
p
3
[t
3
]
c+
[t
1
]
a+
[t
2
]
b+
[t]
l
p
2
p
1
p'
2p'2
p
1
p
2
[t]
l
[t
2
]
b+
[t
1
]
a+
[t
3
]
c+
p
3
p
3
[t
3
]
c+
[t
1
]
a+
[t
2
]
b+
[t]
l
p
2
p
1
(a) (b) (c)
Figure 4.11. Securing a non-secure t-contraction
4.8 Vogler-Kangsah algorithm
The [VW02] method required the initial STG to be deterministic: no internal λ-
transition, no dynamic auto conflict. The no dynamic auto conflict requirement is
assured by not allowing structural auto conflict. This is sometimes over cautious,
because not every structural auto conflict is dynamic. A practical example like
the vme bus controller (see Fig. 2.8) cannot be handled by the [VW02] algorithm
– due to the structural auto conflict between t3 and t10. Also the no dynamic
input-output conflict requirement for synthesizability is assured by not allowing
structural input-output conflicts. Dummy transitions in [VW02] are treated as
internal transitions which further restrict the application of the method to STGs
without dummy transitions.
The [VW02] method can be applied not only to STGs but also to labelled
P/T nets. However, this generalization has some drawbacks. Instead of signal
edges, only signals are considered which cause structural auto conflicts between
transitions with labels a+ and a- to be considered as dynamic auto conflicts. If
4.8. Vogler-Kangsah algorithm 53
this structural auto conflicts occur in the initial STG, then the STG cannot be
handled by the [VW02] algorithm. If it occurs in the intermediate component,
then backtracking should be done, which will give a result larger than needed.
Also, signal consistency is not yet considered in [VW02].
All the above problems are solved in [VK07], improving the decomposition
results and broadening the applicability of the method. The improvements are:
• Structural auto conflicts and input-output conflicts are allowed in the initial
net if they are not dynamic. Because structural input-output conflicts are
allowed, not only an input transition which gives concession to an output
transition should be considered as relevant, but also the one which removes
concession (deconcession).
• Dummy transitions are allowed in the initial net if they could be contracted
securely.
• Instead of signals, signal edges are considered. Also, the end component is
proved to be consistent if the initial net is consistent.
• A new admissible operation is added in [VK07]: the deletion of redundant
divining transitions. There are two kinds of redundant divining transitions,
namely:
– loop-only divining transitions tl if each place p ∈ •tl ∪ tl• forms a loop
with tl and the arcs of the loop have the same weight. (Fig. 4.12a,b);
– duplicate divining transition td if there is another divining transitions
t′ which has arcs to and from the same places with the same weight as
td (Fig.4.12c,d).
Note that deleting loop-only divining transitions is also used by secure con-
traction.
• The correctness proof has been restructured by Vogler, making it easier to
add further possible admissible operations. The restructuring is based on
the following definition and preposition.
4.8.1. Definition. Let N be an STG that has the following properties:
1. There is no auto-concurrency in N .
2. There is no dynamic auto conflict in N .
3. There is no structural λ-output conflict.
4. If t2 is an output transition and t1
• ∩ •t2 6= ∅, then t1 is not a divining
transition.
54 Chapter 4. Improvements for [VW02] algorithm
[ t8 ]
b+
[ t7 ]
l
[ t6 ]
l
[ t5 ]a+
[ t4 ]
l
p4
p3
p2
(c) (d)
[ t3 ]
l
[ t2 ]
b+
[ t1 ]
l
[ t0 ]a+
p1
p0
(a)
[ t0 ]a+
[ t2 ]
b+
[ t3 ]
l
p0_1
(b)
[ t8 ]
b+
[ t7 ]
l
[ t5 ]a+
[ t4 ]
l
p 2_4
p3
Figure 4.12. (a) A net N , (b) net after contracting t1 from N , (c) a net N
′,
(d) net after contracting t6 from N
′
An operation is pre-admissible if, whenever applied to N , it results in an
STG N ′ that also has the above properties.
4.8.2. Proposition. Let a pre-admissible operation be given that, applied
to some member of a family (Ci)i∈I satisfying the third and fourth properties
of definition 4.8.1, transforms some Cj to a bisimilar Cj with the same input
and output signals. Then the operation is admissible.
Proof: [VK07] 2
Secure transition contraction, deletion of redundant places, and deletion of
redundant divining transitions are admissible operations. Applying only
admissible operations to find each output block component, assures decom-
position correctness according to definition 3.2.1.
• Vogler also proves that the algorithm is terminate, that it gives correct
decomposition results according to definition 3.2.1 and that the result is
synthesizable if the initial STG is synthesizable.
Structural auto conflicts could be found in the initial STG, and they could
occur if there are new conflict pairs – two transitions t1, t2 with t1 6= t 6= t2 are
a new conflict pair if •t ∩ t1• 6= ∅ and t• ∩ •t2 6= ∅ in N or vice versa – which
forms new structural auto conflicts in the intermediate component after secure
contraction of transition t. The following strategies are introduced that show
how to deal with the no dynamic auto conflict requirement in the initial STG
and in the intermediate component.
• Conservative strategy: This strategy is used in [VW02] which considers
structural auto conflicts as dynamic. It is easy to check for structural auto
4.8. Vogler-Kangsah algorithm 55
conflicts, since they can only appear in form of new conflict pairs. But, this
strategy is over cautious in some cases.
• Specifier-dependent strategy: This strategy (and also the following two strate-
gies) allows structural auto conflicts in the initial net if the specifier guar-
antees that they are not dynamic – it has been proved by Vogler that these
structural auto conflicts will not change into dynamic ones if admissible
operations are applied. However, if a new structural auto conflict appears
in an intermediate component, then backtracking should be done.
• Interactive strategy: This strategy (and the following strategy), try to avoid
unnecessary backtracking due to new structural auto conflicts in interme-
diate components, provided they are not dynamic. The user is asked for
confirmation whether the new structural auto conflict is dynamic or not. If
the user confirms that the auto conflict is not dynamic, then no backtracking
is needed; otherwise backtracking should be done.
• Risky strategy: Here, all the new structural auto conflicts are assumed to
be non-dynamic.
Vogler has proved that any structural auto-conflict which is dynamic in an in-
termediate component will survive up to the end component as a dynamic auto-
conflict or as auto-concurrency. Hence, any mistake – allowing dynamic auto-
conflict – made in the interactive or risky strategy can be found after generating
the reachability graph of the end component or by trying to synthesize the end
component.
The locked2 STG in Fig. 4.13a cannot be handled by the [VW02] method due
to dummy transitions t25 and t26. With the improved algorithm, dummy transi-
tions are allowed if they can be contracted securely. t25 and t26 can be contracted
securely (see Fig. 4.13b). Hence, they are all allowed, and the specification can
be handled by the [VK07] algorithm. To find the rdy-component of STG locked2,
the first step should be to find the transitions that give concession or deconcession
to t13 and t18. t8 labelled c, t11 labelled acka, and t12 labelled ackd give concession
to t13; t21 labelled c gives concession to t18. Hence, transitions with signal labels
c, acka, and ackd are relevant for the rdy-component. Transitions with signal la-
bels a,D, and S are irrelevant and are silenced (see Fig. 4.13c). After contracting
t4, t9, t5, t10, t22, (see Fig. 4.13d) and t2 the intermediate rdy-component is shown
in Fig. 4.14a. An attempt to contract t0 or t1 forces backtracking due to a new
structural auto-conflict between t3 and t14 (see Fig. 4.14c for the contraction of
t0). Hence, for the specifier-dependent and the interactive strategy, signals a,
and D must also be considered as relevant; the final rdy-component is shown in
Fig. 4.14b.
Using the risky strategy, the final rdy-component is shown in Fig. 4.14d.
Note that the mistake made when using the risky strategy – allowing the new
56 Chapter 4. Improvements for [VW02] algorithm
Figure 4.13. Locked2 example: (a) dummy transitions are marked for contrac-
tion, (b) dummy transitions are contracted, (c) irrelevant transitions for rdy-
component are silenced, (d) after contracting transitions without conflict place
4.8. Vogler-Kangsah algorithm 57
Figure 4.14. Locked2 example (continued): (a) after contracting transitions with
signal label reqa, reqd, s, (b) rdy-component after backtracking transitions with
signal label a,D, (c) net with structural auto-conflict after contracting transitions
with signal a, (d) risky rdy-component with dynamic auto-conflict between t3 and
t14 (both labelled c+)
58 Chapter 4. Improvements for [VW02] algorithm
structural auto-conflict between t3 and t14, which is dynamic – is preserved and
can be checked in the final rdy-component; i.e. the final rdy-component has a
structural and dynamic auto-conflict between t3 and t14.
Chapter 5
STG Decomposition with SMD-subnets
as Initial Components
To decompose an STG N by the [VW02] method, first a copy of N is taken
as initial component Ni; then Ni is reduced until the end component is found.
For a large net, this means that many operations must be performed to obtain
the final (smaller) component. Secure transition contraction takes an important
role in this reduction. If contraction cannot be done, then backtracking must be
performed. Backtracking due to a new structural auto conflict is unavoidable.
It must be done in order to make the component synthesizable. Backtracking
due to a non-secure transition that can change the property of the net is also
unavoidable. E.g. as shown in Fig. 3.3b and c, non-secure contraction can change
the liveness property of the net – a dead net may become live. But backtracking
due to a non-secure t-contraction could be avoided; e.g. non-secure transitions
t2, t5 in the wechselpuffer example (see Fig. 3.4d). Also structural preconditions of
secure contraction – e.g. no loop with any place – limit the use of secure contrac-
tion. These limitations of secure contractions increase the number of apparently
relevant signals – unnecessarily, as will be shown in later sections.
Another example is async99* in Fig. 5.1, a modification of the net in [BEW99].
The dynamic input-output conflict between t0 and t2, and between t1 and t9 is
a feature of extended burst mode specification which includes timing constraints
such that the dynamic input-output conflict will never happen. Also, input-
output concurrency has been added in Fig. 5.1. For the z-component, the relevant
input signals are a – t6 gives concession to t7 and t3 gives concession to t5 –
and phi – t12 gives concession to t7. Signals y, x, and c are irrelevant. Hence,
the corresponding transitions are silenced. But, contracting t0 or t1 – both of
them have signal label c – is not possible, because both of them are non-secure
transitions. Also, contracting t9 – with signal label y – is not possible because t9
forms a loop with p1. The same with t2 – which has signal label x and forms a
loop with p0. Hence, after backtracking is performed for signals c, y and x, the
resulting z-component is the same as in Fig. 5.1, but with signals x and y as input
59
60 Chapter 5. STG Decomposition with SMD-subnets as Initial Components
[ t12 ]
phi-
[ t11 ]
phi+
[ t10 ]
phi-
[ t9 ]
y+
[ t8 ]
y-
[ t7 ]
z-
[ t6 ]
a-
[ t5 ]
z+
[ t4 ]
x-
[ t3 ]
a+
[ t2 ]
x+
[ t1 ]
c-
[ t0 ]
c+
p12
p11
p10
p9
p8
p7p6
p5p4
p3
p2
p1
p0
Figure 5.1. Async99* [BEW99]
5.1. The SMD-subnet method 61
signals.
5.1 The SMD-subnet method
One way to overcome secure contraction limitation and to increase algorithm
efficiency is by directly taking a subnet of N as initial component. Taking the
subnet would reduce the number of transitions to be contracted and therefore the
number of falsely relevant signals due to secure contraction limitation.
In data-path-and-controller system design, the system is divided into opera-
tional unit – also called datapath by many authors – and controller unit. The
controller governs the interaction between agents in the operational unit and the
interaction between system and environment. The specification of this interaction
is also called the communication protocol, shortly protocol.
An agent of the operational unit and the environment normally operate se-
quentially. Concurrency is due to several agents operating autonomously. The
interaction between agents should be synchronized by the communication pro-
tocol. The protocol between two agents usually is a state machine, due to the
sequential nature of the agents themselves. If the same protocol is repeated, then
it will become a strongly connected state machine (SCSM). Hence, in practice a
controller specification is a synchronization of SCSMs; i.e. it is an state machine
decomposable (SMD) net.
5.1.1. Definition. Let N1 = (P1, T1, F1,MN1 , l1) and N2 = (P2, T2, F2,MN2 , l2)
be nets. N = (P, T, F,MN , l) is a union of N1 and N2 iff
P = P1 ∪ P2
T = T1 ∪ T2
F = F1 ∪ F2
∀p ∈ P : MN(p) =
{
MN1(p) if p ∈ P1
MN2(p) if p ∈ P2
∀t ∈ T : l(t) =
{
l1(t) if t ∈ T1
l2(t) if t ∈ T2
Note: If p ∈ P1 ∩ P2, then MN1(p) = MN2(p) = MN(p), and if t ∈ T1 ∩ T2,
then l1(t) = l2(t) = l(t).
5.1.2. Definition. A union of N1 and N2 yields a synchronization net N iff
∀p ∈ P , if p ∈ P1 then •p ∪ p• ⊆ T1; and if p ∈ P2 then •p ∪ p• ⊆ T2.
From definition 5.1.2, by synchronization, the places in N1 and N2 do not
change their type; e.g. a choice place in N1 (or N2) remains a choice place in N .
But a transition may change its type: in N1, let P
′
1 =
•t ∪ t• ⊂ P1 and in N2, let
P ′2 =
•t ∪ t• ⊂ P2. If there are places p ∈ P ′1∆P ′2, i.e. places belonging only to P ′1
62 Chapter 5. STG Decomposition with SMD-subnets as Initial Components
or only to P ′2, then a normal transition t becomes a fork or join transition in the
union of N1 and N2. As an example, the net N in Fig. 5.2 is a synchronization
of N1 and N2. Transitions t0, t1 and t2 are synchronization transitions.
Figure 5.2. A net N and its SCSM subnets
5.1.3. Definition. An SCSM subnet Ni of N is a safe SCSM iff Ni has only
one token at the initial marking.
5.1.4. Definition. A cover of N is a set χ of SCSM subnets of N such that
their synchronization results in N . χ is a safe cover of N iff each SCSM subnet
in χ is safe.
5.1. The SMD-subnet method 63
The cover χ1 = {N3, N4, N5} of N in Fig. 5.2 is a safe cover. But the cover
χ2 = {N1, N2} of N in Fig. 5.2 is not safe; because the SCSM N2 in Fig. 5.2 is
not safe.
As will be shown later, the safe cover condition is imposed to ensure synthe-
sizability of the component.
5.1.5. Definition. An SCSM subnet Ni of N is redundant in the cover χ iff the
synchronization of all the SCSM subnets in χ results in the same net N as the
synchronization of all SCSM subnets except Ni.
A cover without redundant SCSM subnets is irredundant.
The cover χ3 = {N1, N3, N4, N5} of N in Fig. 5.2 is a safe cover. N1 is
redundant in χ3, because synchronizing N1, N3, N4, N5 results in the same net
N as synchronizing N3, N4, N5. One can also see that each part of N1 (in
this case, each TT-handle of N1) is also covered by either N3 or N4 or N5 –
t0, p6, t3, p7, t4, p8, t5, p4, t2 in N1 is also covered by N3, t1, p0, t0 by N4 and t2, p2, t1
by N5.
In Fig. 5.3, there are two safe covers of N without redundant SCSM subnets:
χ1 = {N1, N2} and χ2 = {N3, N4}. However, the cover χ3 = {N1, N2, N3} has
a redundant SCSM subnet N3. This shows that whether an SCSM subnet is
redundant or not depends on in which cover it is contained.
Because the SMD-subnet method operates only with the structure of the net,
it is necessary to have explicit consistency for each signal s ∈ (In∪Out) in order
that the resulting component is synthesizable.
5.1.6. Definition. A safe SCSM subnet Nm of N is a consistent SCSM for
signal s, if ∀t ∈ T | l(t) = s, t ∈ Tm.
A signal s ∈ (In∪Out) has explicit consistency if for all safe covers χ of N , signal
s is consistent in N ′, where N ′ is the synchronization net of SCSMs that include
s-transitions (transitions with signal label s); Observe that this implies that a
consistent SCSM for s is covered by N ′.
The only safe cover for the net N in Fig. 5.4 is χ = {N1, N2}. Signal a has
explicit consistency for χ; because a is consistent in the synchronization net N
of N1 and N2 (both N1 and N2 include a-transitions). However, signals x and
b have no explicit consistency for χ; because, signal x and b are not consistent
in N1 which has x-transitions and b-transitions. Note that N has no consistent
SCSM subnets for signals x and b.
Although the synchronization of the (safe) subnet N1 and the unsafe subnet
N2 results in the safe net N , the restriction to safe cover is necessary because an
unsafe SCSM cannot be safely contracted. On the other hand, a live and safe
free-choice net N can always be covered by a safe cover.
In the net N (see Fig. 5.5), signal a has no explicit consistency for χ1 =
{N1, N2, N3, N4, N5, N6, N7} because a is consistent only if the consistent SCSM
64 Chapter 5. STG Decomposition with SMD-subnets as Initial Components
Figure 5.3. A net N and its SCSM subnets
p5
p6
[ t0 ]
a+
[ t1 ]
a-
p0
p1
p2
p3 p4
[ t0 ]
a+
[ t1 ]
a-
[ t2 ]
b+
[ t3 ]
b-
[ t4 ]
x+
[ t5 ]
x-
[ t5 ]
x-
[ t4 ]
x+
[ t3 ]
b-
[ t2 ]
b+
[ t1 ]
a-
[ t0 ]
a+
p6
p5
p4p3
p2
p1
p0
N1
N2
N
Figure 5.4. A net N and its SCSM subnets
5.1. The SMD-subnet method 65
Figure 5.5. A net N , its SCSM subnets N1 to N9 and SMD subnets N
′ and N ′′
66 Chapter 5. STG Decomposition with SMD-subnets as Initial Components
N9 for a is covered by the synchronization net of SCSMs that include a-transitions.
This is not the case for N ′′, which is a synchronization of SCSM N4 and SCSMs
N1, N2, N3, N5, N6 and N7, which include every a-transition.
p0
p3
p4
p6
[ t0 ]
a-[ t1 ]
c-
[ t2 ]
c+
[ t3 ]
a+
p6p7
[ t1 ]
c-
[ t3 ]
a+
p2
p3
[ t0 ]
a-[ t1 ]
c-
p0 p1
[ t0 ]
a-
[ t2 ]
c+
p4
p5
[ t2 ]
c+
[ t3 ]
a+
[ t3 ]
a+
[ t2 ]
c+
[ t1 ]
c-
[ t0 ]
a-
p7 p6
p5
p4
p3
p2
p1p0
N N1
N2
N3
N4
N5
Figure 5.6. A net N with its safe SCSM subnets
The net in Fig. 5.6 has a safe cover χ without redundant SCSMs: χ =
{N2, N3, N4, N5}. Signals a and c respectively are consistent only if N1 is covered
by a synchronization net of SCSMs that include a and c transitions. This is the
case for N , which is the synchronization net of SCSMs N2, N3, N4 and N5, which
include every a- and every c-transition.
The net in Fig. 5.3 has safe covers without redundant SCSMs: χ1 = {N1, N2}
and χ2 = {N3, N4}. Obviously, signal a has explicit consistency – N1, N2, N3 and
N4 are consistent SCSMs for a. This also shows that a consistent SCSM for a
signal is not necessarily unique. Signal b also has explicit consistency for χ1 –
N1 is the only SCSM with b-transitions which is consistent for signal b –, and for
χ2 – signal b is consistent in N , which is a synchronization net of SCSMs with
b-transitions: N3 and N4.
For synthesis-purpose decomposition it is not necessary to have a live initial
specification that preserves the behaviour of the initial net and the synthesizabil-
ity of the components. Figure 5.7a shows an example of a net which is not live
with its cover (Figure 5.7b,c). The SCSMs of the cover also are a correct decom-
position – that preserves behaviour – into a w, x- and a y, z-component. Both
components are live and therefore synthesizable, but the composition behaviour
has a deadlock.
Though in principle it is not necessary to have a live initial specification,
the SMD-subnet method being based on SCSMs, requires the initial net to be
live. Non-live specifications are not synthesizable, therefore most synthesis tools
require live initial specifications; they test a given specification for liveness and
5.1. The SMD-subnet method 67
p5 p4
p3 p2 p1 p0
[ t5 ] [ t4 ] [ t3 ] [ t2 ]
[ t1 ] [ t0 ]
p0p1
p4
[ t3 ] [ t2 ]
[ t1 ] [ t0 ]
p2p3
p5
[ t0 ][ t1 ]
[ t5 ] [ t4 ]
(a) (b) (c)
w x y z
a b
w x
a b
y z
a b
Figure 5.7. (a) A net which is not live; (b) w, x-component; (c) y, z-component
reject if it is non-live. Meaningful specifications for controllers are live; liveness
can be tested for before decomposition and synthesis. The decomposer receives
the specification that has been proven to be live, and decomposes the specification
in a way such that the behaviour is preserved and the components are live. Hence,
there is no need to waste effort by allowing a non-live specification.
The safeness requirement is imposed because the STG is used to model con-
troller behaviour. The argument for non-safeness is to allow counter behaviour.
Counting should not be modelled by an STG. Instead, it ought to be delegated to
an operational unit (counter); the control of the counting process is what should
be specified by an STG.
5.1.7. Definition. An STG N is well specified iff N is a live and safe net which
is synthesizable and N has explicit consistency for every input and output signal.
The net N in Fig. 5.4 is a live and safe SMD net, but it is not well speci-
fied, because signals b and x have no explicit consistency for any cover. Also,
the net in Fig. 5.5 is a live and safe SMD net, but it is not well specified, be-
cause signal a has no explicit consistency(and even is in concession) for χ1 =
{N1, N2, N3, N4, N5, N6, N7}. The nets N in Fig. 5.6 and Fig. 5.3 are well speci-
fied.
As in [VW02], relevant signals for an output block B are relevant input sig-
nals for all output signals b ∈ B and the output signals in B. NB, the initial
specification for an output block B, is a synchronization of SCSM subnets in the
safe cover of N which has transitions labelled with signals relevant for B.
5.1.8. Definition. An SCSM subnet Ni of N is a relevant SCSM for an output
block B iff ∃t ∈ Ti such that t is labelled with a signal relevant for B. Let an
SMD-subnet NB be a synchronization net χc of relevant SCSM subnets for B
(χc ⊆ χ of a well specified net N). NB is a correct initial component for an
output block B iff:
1. NB is a live and safe net,
68 Chapter 5. STG Decomposition with SMD-subnets as Initial Components
2. NB is synthesizable after contracting all transitions in NB with irrelevant
signal labels.
For an output block B, χc could also be found by removing the set χnc of non-
relevant SCSMs from the safe cover χ of N . NB is obtained by synchronizing all
SCSM subnets in χc. Removing SCSM subnets from χ will increase concurrency
in NB, because there is a transition t in the component which is a synchronization
transition in N , that does not need to wait for synchronization anymore; i.e. t
becomes a normal transition. t cannot be a transition labelled with a relevant
signal; because if it is, then all the SCSM subnets containing t are taken; i.e. t
would still be a synchronization transition, which is not the case.
This increase of concurrency will affect only the firing of transitions with
relevant input signals, but not the firing of transitions labelled with output signals
from B. For the output transition is enabled only if the concession transition with
relevant signal label is fired. The increase of concurrency which affects only the
firing of transitions with relevant input signals is not a problem because correct
decomposition, by definition, does not require input transitions of the component
to be simulated by N .
Note that if the environment behave as per specification N then there will be
no increment of concurrency.
Instead of obtaining N by synchronizing the SCSM subnets of a safe, life and
relevant cover χ of N , N or an equivalent net can also be obtained by parallel
composition of correct initial components.
5.1.9. Proposition. Parallel composition C of correct initial components of N
will result in N or an equivalent net – a correct decomposition of N as per defi-
nition 3.2.1.
Proof: In this proof, the marking of parallel composition is considered as disjoint
union of the marking of components. The proof of each item in definition 3.2.1
is as follow:
1. (MN ,MC) ∈ B ; this is because the components are obtained by removing
SCSMs from the safe cover of N .
2. For each (M,M ′) ∈ B:
(a) If M [a〉〉M1 and a ∈ InN , then there are two possibilities: If a ∈ InC
then M ′[a〉〉M ′1 and (M1,M ′1) ∈ B for some M ′1; the components which
have a can simulate a of N , because each component is derived from N
and live; if a is fired in N , then a could also be fired in each component
which has a. If a 6∈ InC then (M1,M ′) ∈ B.
(b) If M [x〉〉M1 and x ∈ OutN , then M ′[x〉〉M ′1 and (M1,M ′1) ∈ B for
some M ′1; the component which has x can simulate x of N , because
5.1. The SMD-subnet method 69
each component is derived from N and live; if x is fired in N , then x
could also be fired in the component which produces x.
(c) If x ∈ OutC and M ′[x〉〉M ′1, then M [x〉〉M1 and (M1,M ′1) ∈ B for some
M1; N can simulate x which is produced by a component, because the
component which produces x is built of SCSM subnets which have
relevant input signals for x; i.e. x is enabled in the live and safe x-
component, only if all the concession transitions of x have been fired
– which is also the case for N .
(d) If x ∈ Out i for some i ∈ I and M ′ Pi [x〉〉, then M ′[x〉〉; there will be
no computation interference, because an output x is produced only if
all the concession transitions of x have been fired in the x-component
which is live and safe; i.e. all the other components also are ready to
fire x.
2
In the following proofs, let an SMD-subnet N ′ be obtained by synchronizing
all the SCSMs in χ′ where χ′ is a safe cover of N ′ after removing an SCSM subnet
Ni from the cover χ of N .
5.1.10. Lemma. There will be no new conflict in the SMD-subnet N ′
Proof: Assume there is a new conflict in N ′ between transitions t1, t2 with choice
place p. Then there is already a choice place p among the pre places of conflict
transitions t1, t2 in N . But this is not possible because synchronizing Ni with N
′
will not change the choice place p into a normal place (see definition 5.1.2). 2
5.1.11. Proposition. There will be no new auto-conflict or new input/output
conflict in SMD-subnet N ′
Proof: Direct by lemma 5.1.10: Because there will be no new conflict , then
there will be no new auto-conflict or new input/output conflict in SMD-subnet
N ′. 2
As mentioned before, the SMD-subnet method tends to increase concurrency
and therefore may cause auto-concurrency and non-consistency. This is shown
by the following example: The non-safe SCSM subnet N2 in Fig. 5.2 is also the
initial y-component of N with the non-safe cover χ1 = {N1, N2} – the e- and
y-transitions occur only in N2; N2 is the only relevant SCSM for y. This non-
safeness introduces a new auto-concurrency(between t6 and t8). Hence, N2 is not
synthesizable.
Signal a in the net N (see Fig. 5.5) has no explicit consistency for χ1 =
{N1, N2, N3, N4, N5, N6, N7}. The initial component for the output signal x is
70 Chapter 5. STG Decomposition with SMD-subnets as Initial Components
N ′′ which is a synchronization of the nets in χ1 without the non-relevant SCSM
N9. Lack of explicit consistency for signal a introduces auto-concurrency and
non-consistency; e.g. it is possible to fire a+ [t6] and a- [t0] at the same time
(not consistent); it is also possible to fire a+ [t6] and a+ [t1] at the same time
(auto-concurrency and non-consistency). Hence, N ′′ is not synthesizable.
Therefore, safeness and explicit consistency is imposed to assure that the
resulting net N ′ after deleting an SCSM subnet Ni from N has consistency and
no new auto-concurrency.
5.1.12. Proposition. Consistent STGs are non-auto-concurrent.
Proof: see Lemma 3.1. [Esp03] 2
5.1.13. Proposition. There will be no new auto-concurrency, and consistency
is preserved in SMD-subnets of N ′.
Proof: For a well specified net, consistency is preserved by the SMD-subnet
method because of explicit consistency and safeness. This also ensures that no
new auto-concurrency is introduced by the SMD-subnet method due to proposi-
tion 5.1.12. 2
Propositions 5.1.11 and 5.1.13 assure that an initial component NB of a well
specified net is synthesizable. The only thing left to show is that NB is also live
and safe, which unfortunately cannot be fulfilled by the class of SMD nets. An
example for this is shown in Fig. 5.8; after deleting circle path (p0, t0, p1, t1, p0)
the resulting net is not live. The class of P/T nets that can be handled by the
SMD-subnet method, i.e. result in a live and safe initial component, is the class
of live and safe FC nets. Note that this includes live and safe marked graphs.
Following is the proof that applying the SMD-subnet method to a live and
safe FC net N results in a live and safe initial component.
5.1.14. Lemma. Every SCSM subnet of N ′ also is an SCSM subnet of N
Proof: Assume there is a new SCSM subnet of N ′ which is not in the set of SCSM
subnets of N ; i.e. there is a partial subnet of N ′ that is not in N . This is not
possible because N ′ is obtained by synchronizing all the SCSMs in χ′, where χ′
is the cover of N ′ after removing an SCSM subnet from the cover χ of N . Hence,
there is no new SCSM subnet, and it might be equal if the removed SCSM subnet
is redundant in χ; i.e. Every SCSM subnet of N ′ also is an SCSM subnet of N .
2
5.1.15. Proposition. Let N be a live and safe FC net with a safe cover χ. The
SMD-subnet N ′ is also a live and safe FC net.
5.2. Free choice net extension 71
[ t3 ] [ t2 ]
[ t1 ][ t0 ]
p6
p5
p4
p3
p1
p0
p2
Figure 5.8. Regulating net [ES89]
Proof: N is a live and safe FC net. From corollary 3.1.5, every SCSM subnet of
N is marked at M0 and each Nj ∈ χ has exactly one token at M0. N ′ is also live
and safe because of lemma 5.1.14. Therefore every SCSM subnet of N ′ is also
marked at M0; and due to χ
′ ⊂ χ, every Nk ∈ χ′ also has exactly one token at
M0. N
′ is FC, because if not then there is a transition t in conflict with choice
place p and control place p′ in N ′, and adding Ni will not change this; i.e. t, p, p′
would also be in N . But this cannot be the case, because N is an FC net. 2
5.1.16. Theorem. Applying the SMD-subnet method to a well specified FC net
results in a correct initial component as per definition 5.1.8
Proof: Liveness and safeness is assured by proposition 5.1.15. Synthesizability
is assured by proposition 5.1.11 and 5.1.13. 2
5.2 Free choice net extension
Free choice (FC) net extension is suggested to decide liveness and safeness of
non-FC nets with polynomial complexity. The principle is to introduce an oper-
ation that transforms a non-FC net N ′ into an FC net N and to prove that the
transformation would preserve liveness and safeness. This extension can be used
to extend the class of nets that can be handled by the SMD-subnet method.
5.2.1 Regulation circle path
[DE95] suggests to extend an FC net into a non-FC net with alternating choice
by adding a regulation circle path.
72 Chapter 5. STG Decomposition with SMD-subnets as Initial Components
5.2.1. Definition. Let TU = {t1, ..., tm} be a subset of transition set T of a net
N with identical pre places, i.e. •TU = •t for every t ∈ TU . For every transition ti
of TU , we define a new place pi.
The net NU : PU = {p1, ..., pm}, TU , FU = {(p1, t1), (t1, p2), ..., (pm, tm), (tm, p1)}
is called a regulation circle path of N . For the circle path to be live, exactly one
place pi must be marked with a token: ∃pi : MNU (pi) = 1
This regulation circle path is easily recognized in a non-FC net N : First, find
transitions in conflict where each transition has only one control place, then check
whether the control places and the transitions in conflict form a circle path. As an
example, t2, t5 in Fig. 3.4e are transitions in conflict where p5 3 is the single control
place of t2 and p4 6 the single control place of t5. t2, p4 6, t5, p5 3 form a circle path
(p5 3, t2, p4 6, t5, p5 3), and only p5 3 is marked. Hence, (p5 3, t2, p4 6, t5, p5 3) is a
regulation circle path.
5.2.2. Proposition. Let N be a net with a live and bounded marking, and N ′
be obtained from N by synchronization with a regulation circle path. Then N ′
also has a live and bounded marking.
Proof: see [DE95] 2
Proposition 5.2.2 can be used to extend the SMD-subnet method if a net
becomes a live and safe FC net N after removing regulation circle paths. For N ′
has a live and safe marking, and after removing an SCSM from a safe cover of
N ′, a live and safe FC net N is obtained (fulfilled definition 5.1.8.1).
As an example, consider the net in Fig. 3.4e. Without the regulation circle
path (p5 3, t2, p4 6, t5, p5 3), the resulting net is an FC net which is live and safe;
therefore, it can be handled by the SMD-subnet method.
The example in Fig. 5.8 cannot be handled by the SMD-subnet method; be-
cause without the regulation circle path (p0, t0, p1, t1, p0) the resulting net is an
FC net which is not live.
5.2.2 Level SCSM
In the async99* example (see Fig. 5.1), the path (t0, p1, t1, p0, t0) is a circle path
with loop arcs between p1 and t9, and between p0 and t2. The transitions t0 and
t1 have the same signal label c with different signal edges. A token in one of
the places p0 and p1 represents the current level of signal c (whether it is 0 or 1)
because the circle path with the loop arcs is the only consistent SCSM for c.
5.2.3. Definition. A safe SCSM Ni is a level SCSM for signal s iff Ni is the
only consistent SCSM for signal s and there is a level circle path (t0, p0, t1, p1, t0)
with loop arcs formed by some sample transitions Ts(t0, t1 /∈ Ts) with p1 and p0,
where the transitions t0 and t1 have the same signal label s with different signal
5.2. Free choice net extension 73
edges. The places p0 and p1 which represent the level of the signal are called level
places.
A level circle path can be found easily in a non-FC net by deleting all loop
arcs; the level circle path which is disjoint from the rest of the net with its loop
arcs is a level SCSM if it is a safe SCSM. In the async99* example (see Fig. 5.1),
after removing the loop arcs (p1, t9), (t9, p1), (p0, t2), and (t2, p0) the level circle
path (t0, p0, t1, p1, t0) is found. After adding loop arcs (p1, t9) (t9, p1), (p0, t2), and
(t2, p0) the resulting SCSM is a level SCSM for signal c, because it is a safe SCSM
and it is the only consistent SCSM for signal c.
5.2.4. Proposition. Synchronizing a level SCSM to a live and safe net N re-
sults in a net N ′ which is also live and safe.
Proof: A level SCSM is live because a level SCSM is a safe SCSM which, ac-
cording to proposition 2.1.8, is also live. N interacts with a level SCSM through
sample transitions Ts. When a transition t ∈ Ts is fired, it removes and then
replaces a token on a level place p. Because of this, the token never leaves the
level SCSM, which assures that there always will be a token on the level places
(the level SCSM itself is live). Therefore, a transition t ∈ Ts is live in N ′ if it is
also live in N .
N ′ is safe because firing a t ∈ Ts does not increase the number of tokens in the
level SCSM and N . 2
Proposition 5.2.4 can be used to extend SMD-subnet method if a net becomes
a live and safe FC net N after removing the level SCSM. This is because N ′ is
a live and safe net, and after removing an SCSM from a safe cover of N ′, a live
and safe FC net N is obtained (fulfilled definition 5.1.8.1).
After removing the level SCSM from the net in Fig. 5.1, the resulting net is a
live and safe FC net. Hence, the net can be handled by the SMD-subnet method.
5.2.3 Release of non-FC nets
Hack [Hac74] suggests an extension of the FC net into an SMD net by means of
a net release method. A similar FC net extension to a so-called state machine
allocatable (SMA) net is suggested by [JV80] and [Sta90]. Also, Esparza [ES91]
has suggested a similar FC extension of live and safe nets based on handles.
5.2.5. Definition. Let N be an ordinary net with p ∈ P, t ∈ T such that
|p•| > 1, |•t| > 1 and t ∈ p•. The arc (p, t) becomes released iff we modify the
net in the following way:
P ′ = P ∪ {p′}; M0(p′) = 0
T ′ = T ∪ {t′}; l(t′) = λ
F ′ = F − {(p, t)} ∪ {(p, t′), (t′, p′), (p′, t)}
74 Chapter 5. STG Decomposition with SMD-subnets as Initial Components
A net is in released form when all arcs from a place to a transition satisfying the
conditions above have been released.
[ t17 ]
l
[ t16 ]
l
[ t15 ]
G1-
[ t14 ]
G2-
[ t13 ] R1-
[ t12 ] R-
[ t11 ] G-
[ t10 ]
G1+
[ t9 ]
G2+
[ t8 ]G-
[ t7 ]R-
[ t6 ]R2-[ t5 ]G+
[ t4 ]
R+
[ t3 ]
R2+
[ t2 ] G+
[ t1 ]
R+
[ t0 ]
R1+
p18p17
p16
p15
p14
p13
p12
p11
p10
p9
p8
p7
p6p5
p4
p3
p2
p1
p0
Figure 5.9. The released net of the NEI Arbiter example in Fig. 4.9a
As an example, the NEI Arbiter net in Fig. 4.9a has the released form shown
in Fig. 5.9 – (p14, t1) is released into (p14, t16, p17, t1); (p14, t4) is released into
(p14, t17, p18, t4).
5.2.6. Proposition. Let N ′ be the released form of a net N , then N ′ is an FC
net. Further, if N ′ has a live and safe marking, so has N .
Proof: see [Hac74]. 2
After releasing the NEI Arbiter net, the resulting net is a live and safe FC
net. Hence, the net can be handled by the SMD-subnet method.
5.3 Finding an SCSM cover algorithm
From proposition 3.1.4, in a live and safe FC net N , a subnet NS induced by
a minimal siphon PS is an SCSM subnet of N . Therefore, the algorithm to
find a minimal siphon could be used to find a safe SCSM subnet from a live
and safe FC net. The algorithm find safe scsm subnet is derived from the algo-
rithm S-subnet [EBS89] with certain additions for safe SCSMs: If there already
is a token in the partial subnet NS, then there should be no token in any place of
5.3. Finding an SCSM cover algorithm 75
the meeting path handle NH given by the subroutine get meeting path handle;
otherwise, there should be no more than one token in NH (line 5 - line 6 of the
algorithm find safe scsm subnet).
Algorithm find safe scsm subnet
Input: a live and safe FC net N which is strongly connected, with a seed place
p
Output: a safe SCSM subnet NS
1. PS := {p}; TS := ∅; FS := ∅;
2. while ∃p ∈ PS and ∃t ∈ •p such that (t, p) /∈ FS do
3. get meeting path handle(NS, N, p, t, NH);
4. (∗ NH is a handle that begin with a node x in NS and ends with t, p ∗)
5. (∗ if ∃p′ ∈ PS and M0(p′) 6= 0 then ∀p′′ ∈ PH ,M0(p′′) = 0 ∗)
6. (∗ otherwise, ∑|PH |i=1 M0(pi) ≤ 1 ∗)
7. PS := PS ∪ PH ; TS := TS ∪ TH ; FS := FS ∪ FH ;
8. (∗ end of while there is a meeting path of NS ∗)
The SCSM subnet Ni of the live and safe FC net N found by the algo-
rithm find safe scsm subnet is synchronizable, because Pi is a minimal siphon
which is also a trap (see proposition 3.1.3); therefore, the SCSM subnet Ni has
the property of an ST-subnet (see definition 2.1.15): Ti =
•Pi ∪ Pi•. This fulfils
the requirement for synchronization in Definition 5.1.2.
Algorithm find scsm cover
Input: a live and safe FC net N which is strongly connected
Output: a safe cover χ
1. Ptaken = ∅;
2. for every place p ∈ P that has a token do
3. find safe scsm subnet(N, p,NS);
4. add the safe SCSM NS to χ; Ptaken = Ptaken ∪ PS;
5. (∗ end of for all places p ∈ P that have a token ∗)
6. while (P − Ptaken) 6= ∅ do
7. take a place p ∈ (P − Ptaken);
8. find safe scsm subnet(N, p,NS);
9. add the safe SCSM NS to χ; Ptaken = Ptaken ∪ PS;
10. (∗ end of while (P − Ptaken) 6= ∅ ∗)
In a live and safe FC net, a safe cover exists (see proposition 3.1.2). This also
means, that the algorithm find safe scsm subnet can always find a safe SCSM
from the given seed place.
The algorithm find scsm cover begin with places in N that contain a token.
For each place with a token, the corresponding safe SCSM subnet is found (line 2
- line 5). After that, for each place not yet covered, the corresponding safe SCSM
subnet is found (line 6 - line 10). When all the places of N are covered, then χ
is the safe cover of N .
76 Chapter 5. STG Decomposition with SMD-subnets as Initial Components
5.3.1. Proposition. The cover χ found by the algorithm find scsm cover is a
safe cover of N
Proof: As argued above, each Ni ∈ χ is an ST-subnet with Ti = •Pi ∪ Pi•. N
itself is also an ST-subnet, because P = ∪|χ|i=1Pi is the union of minimal siphons
which also are traps; i.e. P is also a siphon which is a trap and has the property
T = •P ∪P •. Hence we have •P ∪P • = •(∪|χ|i=1Pi)∪ (∪|χ|i=1Pi)
•
= ∪|χ|i=1(•Pi∪Pi•) =
∪|χ|i=1Ti = T . Because each Ni ∈ χ is a subnet, we have F = ∪|χ|i=1Fi. 2
As an example for the algorithm find scsm cover , the net in Fig. 5.2 is taken.
The places p1,p3, and p8 each have a token. First, the algorithm find safe scsm subnet
is called, with p1 taken as seed place (line 3 of the algorithm find scsm cover).
PS of the partial subnet NS has only one element, p1. There is a meeting
path (t0, p1) that is not in FS. Hence, the meeting path handle NH of NS
should be found (line 3 of the algorithm find safe scsm subnet). Because a place
p1 ∈ PS has a token, all the places in PH should be empty (line 5 of the al-
gorithm find safe scsm subnet). The meeting path handle (p1, t1, p0, t0, p1) is
found, resulting in N4 after addition to NS. N4 has no other meeting path.
Hence, the algorithm find safe scsm subnet terminates. N4 is a safe SCSM.
Next, the algorithm find safe scsm subnet is called with p3 as seed place. The
meeting path handle (p3, t2, p2, t1, p3) is found resulting in N5. Then, the algo-
rithm find safe scsm subnet is called for the third time, with p8 as seed place.
The possible meeting path handles are NH1 which results in N1, and NH3 , which
yields N3. Choosing N3 the algorithm find scsm cover terminates because every
p ∈ P is already covered; it has found the safe cover χ1 = {N3, N4, N5}.
Taking N1 (via NH1) instead of N3 leaves the places p5, p10, p9 and p11 un-
covered. This means, the algorithm find safe scsm subnet must be called again,
this time with p5 as the seed place (line 8 of the algorithm find scsm cover). In
this case, the meeting path handle must contain one token, because p5 has no
token (line 6 of the algorithm find safe scsm subnet). The meeting path handle
is NH3 yielding N3. The algorithm find scsm cover terminates with the safe cover
χ2 = {N1, N3, N4, N5}. This example shows that it is possible to have redundant
SCSMs in a safe cover by the algorithm find scsm cover . It also shows that which
of several possible safe covers is found by the algorithm depends on the seed place
given as input to the find scsm cover algorithm.
The [EBS89] algorithm is a linear time implementation algorithm, suggested
by [Kem93]. The C++ implementation of net covering with minimal siphons
based on the [Kem93] algorithm and some experimental results can be found in
[War05]
5.4. SMD subnet algorithm 77
5.4 SMD subnet algorithm
Combining the fragments discussed in the previous section, the algorithm for
decomposing an STG with SMD-subnets as initial components is described as
follows.
Algorithm SMD-Subnet
Input: a net N , a feasible partition Π (a set of output blocks B)
Output: a set of N(B) (components of N based on output blocks B)
1. χ := ∅;
2. if N is not an FC net then
3. find regulation circle paths; add to χ;
4. find level SCSMs; add to χ;
5. release the net N into N ′;
6. (∗ end of if N is not an FC net ∗)
7. if N ′ is not a well specified FC net then
8. report(N is not a well specified FC net); exit;
9. find scsm cover(N ′, χ);
10. for every output signal o in Out do
11. Σc(o) = find concessioner(N, o);
12. for every output block B in Π do
13. Σc(B) = ∅;
14. for every output signal o in B do Σc(B) = Σc(B) ∪ Σc(o);
15. Σnc(B) = {In ∪Out} − {Σc(B) ∪B};
16. (∗ end of for every output block B in Π ∗)
17. for every output block B in Π do
18. χnc(B) := ∅; χc(B) := ∅;
19. for every Ns ∈ χ do
20. if ∃t ∈ Ts and signal label of t ∈ Σc(B) then χc(B) := χc(B) ∪Ns;
21. (∗ end of for all Ns ∈ χ ∗)
22. N(B) is a synchronization of all SCSM subnets in χc(B);
23. N ′(B) = N(B); χnc(B) := χ− χc(B);
24. repeat
25. backtracking = false; Tl = ∅;
26. for every non-concessioner signal σ in Σnc(B) do
27. (∗ change irrelevant transition into λ-transition ∗)
28. for every transition t ∈ TN(B) labelled σ do
29. l(t) = λ; Tl = Tl ∪ {t};
30. (∗ end of for every non-concessioner signal σ in Σnc(B) ∗)
31. for every non-concessioner signal σ in Σnc(B) do
32. for every transition t ∈ TN(B) labelled σ do
33. if !net reduction(N(B), t, Tl) then backtracking = true; break;
34. (∗ end of for every transition t ∈ TN(B) labelled σ ∗)
78 Chapter 5. STG Decomposition with SMD-subnets as Initial Components
35. if backtracking then
36. Σnc(B) = Σnc(B)− {σ}; Σc(B) = Σc(B) ∪ {σ};
37. for every Ns ∈ χnc(B) do
38. if ∃t′ ∈ TS labelled σ then
39. synchronize N ′(B) with Ns; χc(B) := χc(B) ∪Ns;
40. (∗ end of for every all Ns ∈ χnc(B) ∗)
41. χnc(B) := χ− χc(B); N(B) = N ′(B); break;
42. (∗ end of if backtracking ∗)
43. (∗ end of for every non-concessioner signal σ in Σnc(B) ∗)
44. until !backtracking
45. (∗ end of for every output block B in Π ∗)
The algorithm SMD-Subnet begins with the transformation into an FC net, if
N is non-FC net (line 2 - line 6). If by transformation, a safe SCSM (a regulation
circle path or a level SCSM) is found, then this is added to a safe cover χ. The net
N ′ resulting from transformation is an FC net. Then, N ′ is checked whether it is
well specified or not (line 7 - line 8). If N ′ is not well specified then the algorithm
terminates without a cover; otherwise a safe cover of N ′ is found. After that,
the set of concessioner signals Σc(o) of each output signal o in Out is determined
(line 10 - line 11). From that, the set of concessioner, Σc(B), and non-concessioner
signals Σnc(B) is found for each output block B in the feasible partition (line 12
- line 16). Subsequently, the component for each output block B in the feasible
partition Π is obtained as follows (line 17 - line 45):
1. After adding relevant SCSMs to χc(B) (line 19 - line 21), the initial com-
ponent N(B) is found by synchronizing all the relevant SCSMs in χc(B).
χnc(B) is the safe cover χ without χc(B). N(B) is copied to N
′(B) for
backtracking purposes.
2. After irrelevant transitions are silenced (line 26 - line 30), the net reduction
algorithm is called for each divining transition in N(B) (line 31 - line 43).
The net reduction algorithm does secure t-contractions and deletes redun-
dant places and divining transitions if any exist in the net N(B) resulting
from secure t-contraction. If a t cannot be contracted, then backtracking
should be done. Backtracking can be done in the SMD-subnet method by
synchronizing the SCSMs that have transitions labelled l(t) in χnc(B), with
N ′(B) (line 37 - line 40). Then, N ′(B) is copied to N(B).
3. Repeat step 2, while backtracking is needed.
First, the FIFO net in Fig. 5.10 is taken as an example. Because the FIFO net
is a marked graph, lines 2 to 6 are skipped. It is also well specified. Hence, a safe
cover can be found. Fig. 5.11 shows a possible safe cover. For the Ain-component,
relevant signals are A1 and Ain. Hence, N2, N3, N4 are the relevant SCSMs for the
5.4. SMD subnet algorithm 79
[ t23 ]
Rin-
[ t22 ]
Aout-
[ t21 ]
Aout+
[ t20 ]
Rout+
[ t19 ]
Rout-
[ t18 ]
AY-
[ t17 ]
RY-
[ t16 ]A3-
[ t15 ]
R3-
[ t14 ]
AY+
[ t13 ]
RY+
[ t12 ]
A3+
[ t11 ]
R3+
[ t10 ]A2-
[ t9 ]
R2-
[ t8 ]A2+
[ t7 ]
R2+
[ t6 ]Ain-
[ t5 ]
A1-
[ t4 ]
R1-
[ t3 ]
Ain+
[ t2 ]
A1+
[ t1 ]
R1+
[ t0 ]Rin+
p37
p36
p35
p34
p33
p32
p31
p30
p29
p28
p27
p26
p25
p24
p23 p22
p21
p20
p19
p18
p17
p16
p15
p14
p13
p12
p11
p10
p9
p8
p7
p6
p5p4
p3
p2
p1
p0
Figure 5.10. FIFO example [BW93]
80 Chapter 5. STG Decomposition with SMD-subnets as Initial Components
Figure 5.11. A safe cover of the FIFO example
5.4. SMD subnet algorithm 81
[ t23]
Rin-
[ t10 ]A2-
[ t9 ]
R2-
[ t8 ]A2+
[ t7 ]
R2+
[ t6 ]Ain-
[ t5 ]
A1-
[ t4 ]
R1-
[ t3 ]
Ain+
[ t2 ]
A1+
[ t1 ]
R1+
[ t0 ]Rin+
p36
p35
p34
p30
p28
p27
p10
p8
p7
p6
p4
p3
p2
p1
[ t6 ]Ain-
[ t5 ]
A1-
[ t3 ]
Ain+
[ t2 ]
A1+
p35_10_36_6
p4_8_34_2
p30_1_2
p27_28_6
p7
p3
[ t6 ]Ain-
[ t5 ]
A1-
[ t3 ]
Ain+
[ t2 ]
A1+
p30_1_2
p27_28_6
p7
p3
(a) (b) (c)
Figure 5.12. (a) Initial Ain-component, (b) intermediate Ain-component after
contracting all irrelevant transitions, (c) final Ain-component after deleting re-
dundant places p4 8 34 2 and p35 10 36 6
82 Chapter 5. STG Decomposition with SMD-subnets as Initial Components
Ain-component. The SMD-subnet for the Ain-component after N2, N3 and N4
have been synchronized and irrelevant transitions silenced, is shown in Fig. 5.12a.
After contracting transitions with labels R1 (t1, t4), R2 (t7, t9), A2 (t8, t10), and
Rin (t0, t23), the result is shown in Fig. 5.12b. The final Ain-component is shown
in Fig. 5.12c after deleting the redundant places p4 8 34 2 and p35 10 36 6. Com-
pared with the [VW02] method (where the initial Ain-component is the complete
FIFO net with all transitions except the A1- and Ain-transitions silenced; step
by step examples for the Ain-component are shown in the AG-Beister website)
and the silenced transitions in the SMD component can be contracted more easily
than those of the complete FIFO-net.
[ t0 ]
c+
[ t1 ]
c-
[ t2 ]
x+
[ t9 ]
y+
p0
p1
[ t11 ]
phi+
[ t10]
phi-
[ t9 ]
y+
[ t8 ]
y-
[ t7 ]
z-
[ t6 ]
a-
[ t4 ]
x-
[ t3 ]
a+
[ t2 ]
x+
p11
p10
p9 p8
p6
p4
p3
p2
[ t12]
phi-
[ t11 ]
phi+
[ t10]
phi-
[ t9 ]
y+
[ t8 ]
y-
[ t7 ]
z-
[ t5 ]
z+
[ t3 ]
a+
[ t2 ]
x+
p12
p11
p10
p9
p7
p5
p3
p2
N1 N2 N3
Figure 5.13. A safe cover of the async99* example (in Fig. 5.1)
Another example is async99* shown in Fig. 5.1. Without its level SCSM(N1
in Fig. 5.13), the async99* net becomes a live and safe FC net. Hence, the
SMD-subnet method can be applied. A safe cover χ = {N1, N2, N3} of async99*
is shown in Fig. 5.13. Relevant signals for the z-component are a, phi, and z.
Hence, the relevant SCSMs for the z-component are N2 and N3. The SMD-subnet
for z-component after N2 and N3 are synchronized and irrelevant transitions are
silenced is shown in Fig. 5.14a. After contracting transitions with labels y (t9, t8)
and x (t2, t4), the result is shown in Fig. 5.14b. Compared with the [VW02] result
5.4. SMD subnet algorithm 83
[ t12]
phi-
[ t11 ]
phi+
[ t10]
phi-
[ t9 ]
y+
[ t8 ]
y-
[ t7 ]
z-
[ t6 ]
a-
[ t5 ]
z+
[ t4 ]
x-
[ t3 ]
a+
[ t2 ]
x+
p12
p11
p10
p9 p8
p7p6
p5p4
p3
p2
[ t12]
phi-
[ t11 ]
phi+
[ t10]
phi-
[ t7 ]
z-
[ t6 ]
a-
[ t5 ]
z+
[ t3 ]
a+
p12
p9_10 p8
p7p6_4
p5
p2_11_3
(a) (b)
Figure 5.14. The async99* example, (a) SMD-subnet for the z-component, (b)
final z-component
84 Chapter 5. STG Decomposition with SMD-subnets as Initial Components
for the z-component (the net in Fig. 5.1 with signals x, y as input signals), the
SMD-subnet method produces a much smaller result.
[ t1 ] Aout+
[ t2 ]
Rm+
[ t5 ]
Rm-
[ t7 ] Rout+
[ t1 ] Aout+
[ t7 ] Rout+
[ t8 ] Aout-
[ t9 ] Rout-
[ t2 ]
Rm+
[ t5 ]
Rm-
p7
p8
p12
p9
p10
p11
p12
p5_3
p4_6
N1
N2 N3
Figure 5.15. A safe cover of the net in Fig. 3.4
Without the regulation net, the net in Fig. 3.4e is a live and safe FC net.
Hence, the SMD-subnet method can be applied. A safe cover χ = {N1, N2, N3}
of the net is shown in Fig. 5.15. Relevant signals for the Aout-component are
Rout and Aout. Hence, the relevant SCSMs for this component are N2 and N3.
The initial SMD-subnet for the Aout-component is the net in Fig. 5.16a (N2 and
N3 have been synchronized, and irrelevant transitions were silenced). Transition
t2 becomes a duplicate of t5 and can be deleted. After deletion (Fig. 5.16b), t5
can be securely contracted, resulting in the final Aout-component (Fig. 5.16c)
without Rm as relevant input signal. Compared with [VW02] result for the
Aout-component (the same net in Fig. 3.4e), the SMD-subnet method produces
a significantly smaller result.
5.4. SMD subnet algorithm 85
Figure 5.16. (a) Initial SMD-subnet for Aout-component, (b) after deleting du-
plicate transition t2, (c) after contracting t5

Chapter 6
P/T-net Abstraction into Structure
Graphs
When searching for SCSM subnets (see section 5.3), place and transition nodes
in a P/T-net should be traversed to find the meeting path handle. Clearly,
the algorithm’s complexity depends on the number of nodes in the net. For
example, to find the meeting path handle for place p8 in Fig. 5.2, the nodes
p8, t5, p4, t2, p2, t1, p0, t0, p6, t3, p7, t4 should be traversed first.
Only nodes with a branch play a role in deciding how the graph will be
traversed; Nodes without branching have no role in this case. A sequence of
nodes without branch – for example, in Fig. 5.2 the sequence of nodes p6, t3, p7,
t4, p8, t5, p4 of N1 could be grouped together into a super node ω1 as shown in
Fig. 6.1a.
ω
ω
ω ω
ωω
ω
ω
ω
Figure 6.1. (a) a net N from Fig. 5.2 (b) structure graph SN of N
87
88 Chapter 6. P/T-net Abstraction into Structure Graphs
6.1 Structure Graphs
A graph which abstracts nodes in an ordinary P/T-net will be called a structure
graph. There are no places or transitions in the structure graph. Instead, super
node will be introduced.
6.1.1. Definition. A node (place or transition) of the P/T-net which has more
than one pre arc or post arc is a branch node. Nodes with a single pre and a
single post arc are called non-branch nodes.
Merge places, conflict places, fork transitions, and join transitions are branch
nodes according to this definition.
Non-branch nodes are a place or a transition with only one pre- and one post
arc (Fig. 6.2).
Figure 6.2. Non-branch node types
6.1.2. Definition. A super node ω is the abstraction of a maximal-length al-
ternating sequence of P/T-transitions and places without internal branches. The
length of the sequence is denoted by |ω|, with |ω| ≥ 1. The maximal-length con-
dition ensures that the structure graph of a P/T-net is unique.
Branching is confined to the pre arcs of the first or head node and to the post
arcs of the last or tail node of the sequence. Middle nodes, i.e. nodes between
head and tail node, are non-branch nodes.
The first or head node of a super node can be a branch node with more than
one pre arc (Fig. 6.3a-b), or a node with a single pre arc which is one of several
post arcs of the preceding node (Fig. 6.3c-d).
Figure 6.3. Head node types
The last or tail node of a super node can be a branch node with more than
one post arc (Fig. 6.4a-b), or a node with a single post arc which is one of two or
more pre arcs of the successor node (Fig. 6.4c-d).
6.1. Structure Graphs 89
Figure 6.4. Tail node types
|ω| is even,
|ω| ≥ 2 
|ω| is odd,
|ω| ≥ 3 
Figure 6.5. The 16 types of possible super nodes
90 Chapter 6. P/T-net Abstraction into Structure Graphs
The middle node types are the two non-branch node types shown in Fig. 6.2.
Each head node type can be paired with each tail node type, resulting in the
complete set of 16 basic super node types. In Fig. 6.5 they have been arranged in
4 groups (rows) of 4 types each. Subtypes can be distinguished by their length,
|ω|, the main distinction being that between odd and even lengths (upper and
lower half of Fig. 6.5).
e f g h
Figure 6.6. Super nodes ω with |ω| = 1
Head and tail node can be one and the same node: no middle nodes, |ω| = 1,
odd. There are eight such super node types, see Fig. 6.6, obtained from the upper
(odd length) half of Fig. 6.5 by merging the head and tail transitions respectively
places.
For |ω| = 2, (even head node, tail node, no middle node) there also are eight
super node types, obtainable by joining head and tail node by an arc in the lower
half of Fig. 6.5.
Figure 6.7. (a) and (b) Super nodes ω with |ω| ≥ 3, odd; (c) and (d) Super nodes
ω with |ω| ≥ 4, even.
6.1. Structure Graphs 91
Finally, Fig. 6.7 shows one type from each of the four groups of Fig. 6.5 for
|ω| ≥ 3 (both odd and even).
The most general characterization of super nodes is by their possible intercon-
nections with predecessor and successor super nodes. Inspection of Fig. 6.5 reveals
that only four such interconnection structures are possible. All four appear in
every row of Fig. 6.5. They are (see Fig. 6.8):
• several pre arcs to the head end of the super node in question from pre-
ceding super nodes (predecessors) and several post arcs from its tail end to
successor super nodes (successors) (Fig. 6.8a);
• only one pre arc to the head end from a predecessor with several post arcs
and several post arcs from its tail end to successors (Fig. 6.8b);
• several pre arcs to its head from predecessors and only one post arc from
its tail to a successor with several pre arcs (Fig.6.8c), and
• only one pre arc to its head from a predecessor with several post arcs, and
only one post arc from its tail to a successor with several pre arcs (Fig. 6.8d).
(a) (b) (c) (d)
Figure 6.8. Possible interconnection structures of super nodes.
6.1.3. Definition. The structure graph SN of an ordinary P/T net N is a tuple
(Ω, F ) where
Ω is the set of super nodes according to Def. 6.1.2, and
F ⊆ Ω× Ω is the flow relation.
A super node ω is represented as a rectangle in the structure graph.
As an example, the structure graph for the net in Fig. 5.2 is shown in Fig. 6.1b.
The meeting path handle for place p8 in the sequence N1 associated with super
node ω1 can be found more quickly now: Only super nodes N1, N2, N9, N7, N5, N4
need to be traversed. This is only half the number of nodes that have to be
traversed without abstraction.
Algorithm CreateStructureGraph
92 Chapter 6. P/T-net Abstraction into Structure Graphs
Input: a strongly connected P/T-net N = (P, T, F ) with branch nodes
Output: structure graph SN = (Ω, F )
1. The status of all nodes (places and transitions) of N is set to not visited;
2. find a node n which has more than one pre arc;
3. status(n) := visited;
4. create a new super node ω (as yet incomplete) with element n as head node;
5. insert ω into the set Ω;
6. push ω onto stack;
7. while stack is not empty do
8. pop a super node ω from stack;
9. take a node from ω as current node n;
10. if n has only one post arc then
11. while ∃n′ ∈ n•, n′ is a non-branch node do
12. add n to ω; n := n′;
13. (∗ end of while ∃n′ ∈ n•, n′ is not a branch node ∗)
14. if n′ has only one pre arc then add n to ω; n := n′;
15. else
16. (∗ ω is complete ∗)
17. (∗ end of if n has only one post arc ∗)
18. for all node n∗ ∈ post nodes of n do
19. if status(n∗) is visited then
20. find an ω′ in Ω with head(ω′) = n∗;
21. else (∗ n∗ is not visited ∗)
22. status(n∗) := visited;
23. create a new super node ω′ with element n∗ as head node;
24. insert ω′ into the set Ω;
25. push new ω′ into stack;
26. (∗ end of if status(n∗) is visited ∗)
27. insert an arc from ω to ω′ into F ;
28. (∗ end of for all node n∗ ∈ post nodes of n ∗)
29. (∗ end of while stack is not empty ∗)
The algorithm CreateStructureGraph begins with a branch node n which has
more than one pre arc (see Fig. 6.9a); because the net is strongly connected and
there is a branch in the P/T net, such a node can always be found. n is visited
and inserted into a super node ω. Then, the super node ω is inserted into Ω and
placed in the stack. While there is a super node ω in the stack, the following is
done (line 7 - line 29):
• (line 8 - line 17) Take a super node ω from the stack. ω has only one node n.
If n has more than one post arc, then ω has only this node (see Fig. 6.9e);
otherwise n is a head node with one post arc and all the sequential nodes of
n which are not a branch nodes, are added to ω (see Fig. 6.9b) until there
6.1. Structure Graphs 93
(a) (b) (c) (d) (e)
n
n nn
n
n'
w
w w
w
w
Figure 6.9. Illustration for the algorithm CreateStructureGraph
is a sequential node n′ of n which is a branch node. If n′ has only one pre
arc then n′ is a tail node and is added to ω (see Fig. 6.9c); otherwise the
pre node of n′ is the tail node (see Fig. 6.9d).
• (line 18 - line 28) For each post node n∗ of tail node of ω, add an arc from
the super node ω to another super node ω′ which has n∗ as head node. If
n∗ has not been visited, then n∗ is visited and inserted into a super node
ω′. Subsequently, the super node ω′ is inserted into Ω and placed in the
stack.
Note that, though the algorithm CreateStructureGraph could begin with a differ-
ent initial node, it always creates the same structure graph for the P/T net.
Consider the net N in Fig. 6.10a as an example for the algorithm CreateStruc-
tureGraph. First, t9 which has more than one pre arc is visited and is inserted
into a super node ω1. ω1 is placed in the stack. As the only node in stack, ω1
is taken and is inserted into Ω. Because t9 has only one post arc (t9 is the head
node), the next node of t9, p0, which is not a branch node, is added to ω1.
The only post node of p0 is the branch node t0. It is inserted into ω1 because
it has only one pre arc, and becomes the tail node of ω1 because of it two post
arcs.
Then each of the two post nodes of t0, p1 and p2, both unvisited are connected
to ω1 as the head nodes of new super nodes ω3 and ω2, respectively. ω2 and ω3
then are placed on the stack.
Next, ω3 with head node p1 is removed from the stack and inserted into Ω.
The construction of ω3 is then continued by adding the sequence t1, p3, t2, p4,
t3, p5, t4, p6 is added node by node to ω3. p6 is the last node that can be added
because it is connected to the branch node t9, which has more than one pre arc
and is the head node of ω1.
Finally, the last super node in the stack, ω2 with head node p2, is taken from
the stack and inserted into Ω. Because p2 has only one post arc (p2 is the head
node), the sequence of non-branch nodes t5, p7, t6, p8, t7, p9, t8, p10 is added to ω2.
p10 is the last node that can be added to ω2 because the only next node of p10, t9,
94 Chapter 6. P/T-net Abstraction into Structure Graphs
ω ω
ω
Figure 6.10. (a) a net N (b) its structure graph SN
is a branch node with more than one pre arc. Then, ω2 is connected to ω1 which
has a visited node t9. The structure graph is shown in Fig. 6.10b.
Fig. 6.11 depicts the wechselpuffer example from the Fig. 3.4a. The corre-
sponding structure graph is shown in Fig. 6.12.
6.2 Contracting middle node transitions
The structure graph is not only useful for finding SCSM subnets, but also for
contracting middle node transitions. Before contracting a middle node transition
t, it needs to be ensured that t can be securely contracted.
6.2.1. Proposition. A middle node transition t in a super node fulfills precon-
ditions for contraction and the requirement for secure t-contraction.
Proof: According to definition 6.1.2, t is not a branch node; hence, t has only one
pre place p and one post place p′. p and p′ are different places because as a middle
node, the t forms no loop with any place. The arc weight requirement is fulfilled
because the structure graph is obtained from an ordinary P/T net. p could be
either another middle node or a head node; in both cases, p has only one post
transition. Also, p′ could be either another middle node or a tail node; in both
6.2. Contracting middle node transitions 95
N1
N11
N4 N12
N9
N10
N0
N7
N2
N3
N6
N8
N5
Figure 6.11. Wechselpuffer example
ω
ω
ωωωωωωω
ω
ω
ω
ω
Figure 6.12. Wechselpuffer structure graph
96 Chapter 6. P/T-net Abstraction into Structure Graphs
cases, p′ has only one pre transition. Therefore, t fulfills the secure t-contraction
requirement. 2
From proposition 6.2.1, a middle node transition t can be securely contracted
according to definition 2.2.2. Because t has only one pre place p and one post
place p′, the contraction is trivial; i.e. by adding a merged place p′′ which has
as its pre transitions the pre transitions of p, and as post transitions the post
transitions of p′, and an initial marking equal to the sum of the tokens in p and
p′; and then removing t, p, p′ and all their incident arcs.
The above concept for contracting a middle node transition can be extended
to contracting a sequence of middle node transitions T = (t, ..., t′), which has
the only pre place of t as its pre place and the only post place of t′ as its post
place. Instead of contracting each transition successively, all the transitions in
T are contracted in one step; i.e. by adding a merged place p′′ which has as pre
transitions the pre transitions of p, as post transitions the post transitions of p′
and an initial marking equal to the sum of tokens in the place nodes P = (p, ..., p′);
and by then removing all the transition in T , all the places in P , and all their
incident arcs.
An example is the net in Fig. 3.4b, which has the same super nodes as the net
in Fig. 3.4a. The super node N1 (see Fig. 6.11) has a sequence of middle node
divining transitions t6, t10, t11, t0, the pre place p2 and the post place p1. Contract-
ing all the divining transitions in one step results in the net in Fig. 3.4c, which is
obtained by adding a merged place p2 14 13 0 1 with pre transitions t4, t3, post tran-
sitions t4, t3, and the initial marking equal to the sum of tokens in p2, p14, p13, p0
and p1, which is one. t6, t10, t11, t0, p2, p14, p13, p0, p1 and their incident arcs are
removed from the net.
Before the above approach is applied to the structure graph, another possible
structure of a super node all of whose transition nodes are divining transitions
should be considered:
1. A super node ω with nodes p, ..., p′ will become a super node ω′ with a
merged place p′′ (see Fig. 6.13a); M0(p′′) is equal to sum of tokens in all the
places from p to p′, inclusively.
2. A super node ω with nodes p, ..., t will become a super node ω′ with nodes
p and t (see Fig. 6.13b); M0(p) is the sum of tokens in the places in ω.
3. A super node ω with nodes t, ..., p will become a super node ω′ with nodes
t and p (see Fig. 6.13c); M0(p
′′) is the sum of tokens in the places in ω.
4. A super node ω with nodes t, ..., t′ will become a super node ω′ with nodes
t, p, and t′ (see Fig. 6.13d); M0(p′′) is the sum of tokens in the places in ω.
Only in the case of a super node ω with nodes p, ..., p′ (see Fig. 6.13a), the
head node and the tail node will be removed and replaced by merge place p′′. One
6.2. Contracting middle node transitions 97
p
p'
w
p''
w'
p
t
w
p
t
w'
p
t
w
p
t
w'
t'
t
w
p
t
w'
t'
(a) (b) (c) (d)
Figure 6.13. Possible structures of super nodes with divining transitions only
might think that in this case, an arc should be added from each transition in •p
to p′′ and from p′′ to each transition in p′•; the existing arc from each transition in
•p to p and from p′ to each transition in p′• should be removed. But this should
be done only for the P/T net N , not for its structure graph SN . This is because
pre arcs of p′′ are the pre arcs of head node p, and the post arcs of p′′ are the post
arcs of tail node p′, so these arcs can simply be left in place. Only the internal
arcs of ω need to be removed.
In the other three cases (see Fig. 6.13b,c,d) the head and tail nodes of ω are the
same as those of ω′ (after contraction of the middle node transition). The pre arcs
of the head node and the post arcs of the tail node would not be removed in the
first place. This is another advantage of the structure graph which encapsulates
nodes inside a super node.
In the case where there are non-divining transitions in the super node, the
super node is traversed piecewise, i.e. from head node to the first relevant transi-
tion, between successive relevant transitions, and from the last relevant transition
to the tail node. This procedure is implemented by the following algorithm.
Algorithm TrivialContraction
Input: A structure graph SN
Output: A structure graph S ′N
1. S ′N = SN ;
2. while ∃ω ∈ Ω′ with divining transitions and |ω| > 2 do
3. n is the head node of ω;
4. while ∃n′ ∈ n• do
5. M0(pmid) = 0;
6. while n′ is not a relevant transition or a tail node of ω do
7. if n′ is a place then M0(pmid) = M0(pmid) +M0(n′);
8. n′ = n′•;
9. (∗ end of while n′ is not a relevant transition or a tail node of ω ∗)
10. if n is a place and n′ is a place then
11. add a place node n′′ into ω′;
12. M0(n
′′) = M0(n) +M0(pmid) +M0(n′);
98 Chapter 6. P/T-net Abstraction into Structure Graphs
13. elseif n is a place and n′ is a transition then
14. M0(n) = M0(n) +M0(pmid);
15. add the node n, n′ into ω′;
16. elseif n is a transition and n′ is a place then
17. M0(n
′) = M0(pmid) +M0(n′);
18. add the node n, n′ into ω′;
19. else (∗ n is a transition and n′ is a transition ∗)
20. add the node n, pmid, n
′ into ω′;
21. (∗ end of if n is a place and n′ is a place ∗)
22. n = n′;
23. (∗ end of while ∃n′ ∈ n• ∗)
24. ω = ω′;
25. (∗ end of while ∃ω with divining transition and |ω| > 2 ∗)
Applied to the net in Fig. 3.4a and Fig. 6.11), this algorithm describes the
transformation from Fig. 3.4b to Fig. 3.4c, where both nets have the same struc-
ture graph (see Fig. 6.12); only the sequences within the super nodes are affected.
The algorithm TrivialContraction begins with a super node ω containing one
or more middle divining transition nodes; n is the head node of ω. While there
is a node to the post node of n, proceed as follows (line 4 - line 23): Traverse the
sequence of nodes until a node n′ which is a relevant transition node or the tail
node is reached (line 6 - line 9). While traversing, count the number of tokens in
the place nodes (line 7). The possible n and n′ are the following.
• (line 10 - line 12) Both nodes are places. In this case, a place node n′′ is
added to ω′ and marked with a number of tokens equal to the sum of the
tokens found from n to n′.
• (line 13 - line 15) In case n is a place and n′ is a transition, n and n′ are
inserted into the super node ω′; the number of tokens in n is the sum of
tokens in the traversed place nodes including n.
• (line 16 - line 18) In case n is a transition and n′ is a place, n and n′ are
inserted into the new super node ω′; the number of tokens in n′ is the sum
of tokens in the traversed place nodes including n′.
• (line 19 - line 21) Both nodes are transitions. In this case, n, n′ and a new
place node pmid is inserted into the new super node ω
′ (line 20); the number
of tokens in pmid is the sum of tokens in the traversed place nodes.
After processing a part of the super node ω, n is replaced by n′ and the above
is done until the tail node is reached. When the tail node is reached, then ω is
replaced by ω′ and another super node which has a middle divining transition
node is taken until no super node with a middle divining transition node is left.
6.2. Contracting middle node transitions 99
N3 N2
N1
N3 N2
N1
[ t9 ]
x1-
[ t8 ]
y2-
[ t7 ]
x3-
[ t6 ]
y2+
[ t5 ]
x3+
[ t4 ]
y1-
[ t3 ]
x2-
[ t2 ]
y1+
[ t1 ]
x2+
[ t0 ]
x1+
p10
p9
p8
p7
p6
p5
p4
p3
p2
p1
p0
[ t9 ] x1-
[ t4 ]
y1-
[ t3 ]
x2-
[ t2 ]
y1+
[ t1 ]
x2+
[ t0 ]
x1+
p6
p5
p4
p3
p2_7_8_9_10p1
p0
(a) (b)
Figure 6.14. (a) Initial net for the y1-component, (b) after contracting middle
node divining transitions
100 Chapter 6. P/T-net Abstraction into Structure Graphs
As an example, the net in Fig. 6.10a is taken. The initial net for the y1-
component is shown in Fig. 6.14a. For N3, nothing has to be done because it
contains no divining transition. For N2, place p2 is the head node, place p10
is the tail node, and all the middle transitions are divining transitions. Hence,
p2 7 8 9 10 replaces all the nodes in N2 and has no initial marking because the
sum of tokens in the places p2, p7, p8, p9, p10 is zero. For N1, there is no middle
divining transition. Hence, there is no change made to the node N1. The net
after contracting middle node transitions is shown in Fig. 6.14b.
N3 N2
N1
N3 N2
N1
N3 N2
N1
[ t9 ] x1-
[ t8 ]
y2-
[ t7 ]
x3-
[ t6 ]
y2+
[ t5 ]
x3+
[ t4 ]
y1-
[ t3 ]
x2-
[ t2 ]
y1+
[ t1 ]
x2+
[ t0 ]
x1+
p10
p9
p8
p7
p6
p5
p4
p3
p2
p1
p0
[ t9 ] x1-
[ t8 ]
y2-
[ t7 ]
x3-
[ t6 ]
y2+
[ t5 ]
x3+
[ t4 ]
y1-
[ t3 ]
x2-
[ t2 ]
y1+
[ t1 ]
x2+
[ t0 ]
x1+
p10
p9
p8
p7
p6
p5
p4
p3
p2
p1
p0
[ t9 ] x1-
[ t8 ]
y2-
[ t6 ]
y2+
[ t4 ]
y1-
[ t2 ]
y1+
[ t0 ]
x1+
p10
p8_9
p6
p4_5
p2
p1
p0
(a) (b) (c)
Figure 6.15. (a) A net N , (b) initial net for x1-component, (c) net after contract-
ing middle node divining transitions
Another example is the net in Fig. 6.15a which is the environment version of
the net in Fig. 6.10a. The initial net for the x1-component is shown in Fig. 6.15b.
For N1, nothing has to be done because it contains no divining transitions. But
N2 and N3 are interesting. Because the structure of N3 is the same as N2, only
N2 will be discussed. N2 contains divining as well as relevant middle-node tran-
sitions. Hence, the nodes is processed piecewise as follows: (p2, t5, p7, t6), then
(t6, p8, t7, p9, t8) and lastly (t8, p10). The first part contains the head node p2, the
end node t6 and the middle divining transition t5. Therefore, p2 and t6 are added
to N ′2 with M0(p2) := M0(p2)+M0(p7) = 0. The second part begins with t6, ends
with t8 and containsthe middle divining transition t7. Therefore, p8 9, t8 is added
to N ′2 with M0(p8 9) = M0(p8) + M0(p9) = 0. The third part has the first node
6.2. Contracting middle node transitions 101
t8, the end node p10 and no middle nodes. Therefore, no change is made, t8 and
p10 are added to N
′
2 with M0(p10) := M0(p10) = 0. The net N after contracting
middle node transitions in N2 and N3 is the final x1-component and is shown in
Fig. 6.15c.

Chapter 7
STG Decomposition in Asynchronous
Circuit Design
7.1 Asynchronous Circuits
There are two types of digital circuits: combinational and sequential circuits. In
combinational circuits, outputs depend only on inputs. In sequential circuits, the
outputs also depend on the internal state.
In designing a sequential digital circuit, one can choose to design
• a synchronous circuit: a circuit with a global synchronization signal,
e.g. clock; or
• an asynchronous circuit: a circuit with
– dedicated synchronization signals generated by communicating compo-
nent circuits in accordance with a protocol (e.g. request/acknowledge,
completion signals) or
– no dedicated synchronization signals at all within the circuit or within
one of its component circuits.
The synchronous circuit clock signal usually pulses at regular intervals and is
distributed throughout the circuit, thus serving to keep all of the components
synchronized with the clock in each step of processing. All processing in each
step must complete within the clock period; otherwise the circuit will fail to
function properly.
Nowadays, the use of a global clock presents difficult problems [FN01] [DN95]
[CKK+02] [SF01], namely:
1. Clock skew: Due to different delays along the clock signal propagation
paths, the clock signal will not reach all components simultaneously. If the
difference is too great, a ”late” component may already be ”seeing” the
103
104 Chapter 7. STG Decomposition in Asynchronous Circuit Design
internal state change of an ”early” component when the clock pulse reaches
it, and as a consequence the circuit will enter a wrong next state. In today’s
chip technology where interconnection delay dominates propagation delay
and decreasing clock period, it needs a large effort to assure that the clock
reaches every component with a tolerable skew.
2. Power consumption: In synchronous CMOS circuits, the clock signal
causes many CMOS components to consume power even when they are not
performing any useful work. In mobile equipment like hand phone, a low
power consumption is needed. This is difficult to achieve with a synchronous
circuit.
3. Electromagnetic interference and noise: In a synchronous circuit, the
clock signal triggers periodic bursts of activity. These bursts induce elec-
tromagnetic interference and noise. This can be particularly problematic
for nearby sensitive analog components. Therefore, a synchronous system
is not applicable to safety equipment which does not allow any electromag-
netic interference to another system; or to equipment which does not allow
any electromagnetic emission for security reasons.
4. Worst-case timing: In order to use a single clock signal, all components
in the circuit must operate within the same period of time. As a result, the
clock period must be equal to the processing time needed by the slowest
component. This reduces circuit efficiency because all the other component
must always wait for the slowest component.
Traditionally, sequential digital circuit designers partition the specification
into two main parts:
1. the data path which includes units that perform data transformation and
data storage.
2. the controller which synchronizes the operations performed by data path
units with a communication protocol.
In this dissertation only asynchronous controller design is considered.
An asynchronous circuit design is generally modeled using the standard dis-
tinction between functionality and timing. The functionality of a controller is
modelled by the communication protocol. The timing is modelled by a delay
model and an operating mode.
The delay model assumed for synthesis is important for an asynchronous cir-
cuit. It involves the following aspects:
• Model delay is associated with physical elements.
7.1. Asynchronous Circuits 105
– Gate delay model: ideal (delay-free) gate followed by a delay on its
output, delay-free wires; i.e. real wire delays included in the delay of
the preceding gate.
– Wire delay model: ideal gates; real gate delays included in the model
wire delays of the gate’s fanout.
• Delay value: The delay may be assumed to be either unbounded, i.e. an
arbitrary finite delay, or bounded, i.e. lying within given min/max bounds.
The unbounded delay model is pessimistic, because in practice, the delay
value is known and could be used for circuit minimization.
• Physical delay behaviour (see Fig. 7.1): A pure delay model does not alter
the input signal, it is only delayed by ∆. An inertial delay model filters
out pulses that have a width less than a threshold value δ, wider pulses are
delayed by ∆ (=δ Fig. 7.1). Inertial delay is more realistic for modelling
a gate, because a gate cannot absorb and react directly for a small input
change.
Figure 7.1. Example of a gate with delay ∆, with ∆ modelled as pure delay
and as inertial delay with threshold value δ = ∆.
An operating mode describe interaction between an asynchronous controller
and its environment. The following are types of operating mode:
• fundamental mode (FM): in FM, communication protocol is done in two
time intervals: communication and computation that are strictly separated
and alternated. First communication occurs, when the environment sends
new inputs within a time interval δ1 to the circuit. Then computation occurs,
when the circuit reacts to the new inputs by providing new outputs. In this
time interval δ2, the environment must not send any new input until the
circuit has stabilized after a computation which is signaled by the produced
outputs (see Fig. 7.2a). If there is only a single input change (SIC) during
communication δ1 then it is called SIC-FM; otherwise if there are multiple
input changes (MIC) during communication δ1, then it is called MIC-FM.
FM forces to use the bounded delay model, because the time interval should
be computed to fulfill the time constraint.
106 Chapter 7. STG Decomposition in Asynchronous Circuit Design
• burst mode (BM): BM is based on the MIC-FM. The difference is, in BM the
outputs can be produced while the circuit is still in computation phase, as
long as it is known that the environment will be slow enough not to change
the inputs while computation is still in progress (see Fig. 7.2b). This is
possible, because the environment also needs time to compute its output
(input for the circuit).
d
2
inputs
outputsstate change
d
1
d
2
inputs
outputs
state change
d
1
(a)
(b)
Figure 7.2. (a) FM and BM (b) BM
• input/output (I/O) mode: in I/O mode, the environment responds to circuit
outputs without timing constraints; i.e. there is no communication or com-
putation time interval. The only constraint is the communication protocol
between the circuit and its environment.
7.2 Speed Independent Circuits
Speed independent (SI) circuits are based on the Muller circuits [MB59] which
are designed under the unbounded gate delay model and I/O mode. Hence, SI
circuits function correctly regardless of gate delay. Wire delay is assumed to be
negligible. This assumption is optimistic, because in today’s chip technology, wire
delay is larger than gate delay. This assumption also requires the circuit designer
to ensure the wire delay between implemented gates either to be negligible or
cause no externally observable spurious behaviour.
To synthesize a Muller circuit, the high-level specification (e.g. STG) should
be translated into a reachability graph first. Next, the reachability graph is
examined to determine if a circuit can be generated using only the specified input
and output signals.
Two markings in a reachability graph have unique state coding (USC) if they
have different values of input and output signals. An STG has USC if all marking
pairs in the reachability graph have USC. Two markings in a reachability graph
have complete state coding (CSC) if they either have USC or do not have USC
7.2. Speed Independent Circuits 107
but do have the same output signals excited in both markings. An STG has CSC
if all marking pairs in the reachability graph have CSC.
When an STG does not have CSC, the implied value for some output signals
cannot be determined by simply considering the values of the input and output
signals. This ambiguity leads to a state of confusion for the circuit. Therefore
this CSC problem should be solved by adding an internal signal. The inserted
internal signal should not change the interface of the circuit; i.e. it should not
give concession to any input transition.
An irreducible CSC problem occurs if there is no way to insert an internal
signal to obtain CSC, without changing the interface of the circuit. This happens
if there is a complementary set of input signal changes – e.g. a+, a− or a−, a+
– which have not been acknowledged by the circuit by an internal signal change,
i.e. there is no output change in between. In the case of an irreducible CSC
problem, either the specification must be modified or the environment must be
constrained.
[t9 ]
dtack+
[ t13 ]
ds-
[ t12 ]
ds+
[ t14 ]
dsw-
[ t8 ]
ds-
[ t7 ]
dtack+
[ t4 ]
ds+
[ t2 ]
dsw+
[ t0 ]
dtack-
p8
p16_15_14_3_5_10_11
p13
p12_10_11
p9
p7_6
p4
p1_2_3_5
p0
Figure 7.3. dtack component for vmecon example in Fig. 2.8
For example, the STG in Fig. 7.3 has no CSC and USC, because after firing
108 Chapter 7. STG Decomposition in Asynchronous Circuit Design
transitions M0[dsw+〉M1[ds+〉M2[ds−〉M3, M1 and M3 are found to have the
same value of input and output signals – both markings have dsw = 1 and
ds = dtack = 0; and at M1 there is no output is excited, but at M3, dtack is
excited. The STG also has irreducible CSC at marking M1 and M3, because
there is no way to insert an internal state signal in between without changing the
interface.
Note that the speed independent circuit design from [CKK+02] uses more
restrictions than the one from Muller; i.e. that the output should be persistent
in all possible behaviours of the protocol under a given environment. An STG is
said to be output persistent if for any pair of output signals x∗ and y∗ (′∗′ could
be either ′+′ or ′−′), @M ∈ RM0 ,M [x∗〉 and M [y∗〉 such that M [x∗〉M ′ and y∗
is not enabled in M ′. An SI circuit synthesized from an STG which is output
persistent is guaranteed to have no hazard under the pure delay model.
7.3 3D Circuits
The extended burst mode (XBM) specification [YD99] is an extension of the burst
mode (BM ) specification [Now93]. From an XBM specification, the synthesized
3D circuit is based on the Huffman circuit [Huf64] which is designed under the
bounded wire delay model and fundamental mode. However, the 3D circuit oper-
ates in burst mode. Also, the XBM circuit is guaranteed to work properly under
the pure and the inertial delay model.
An XBM specification is a labelled directed graph which is defined as follows:
7.3.1. Definition. An extended burst-mode (XBM) specification is a tuple
(S, F, I, O,C, sin, sout, fcond, s0, In,Out, Cond) where
S is the set of states,
F ⊆ S × S is the set of state transitions,
Condi is the set and Cond the tuple of conditional input signals,
Inp is the set and In the tuple of triggering input signals (Inp ∩ Condi = ∅),
Inpall = Inp ∪ Condi,
Outp is the set and Out the tuple of triggering output signals (Inpall∩Outp = ∅),
I ⊆ {0, 1, ∗}|In| is the set of In tuples,
O ⊆ {0, 1, ∗}|Out| is the set of Out tuples,
C ⊆ {0, 1, ∗}|Cond| is the set of Cond tuples,
sin : S → I associates to each state the unique In tuple under which it is reached,
sout : S → O a unique Out tuple to each state,
fcond : F → C assigns to each state transition the conditions (the Cond tuple)
under which it occurs,
s0 ∈ S is the initial state,
an ′∗′ is a don’t care which can have a value of either ′0′ or ′1′.
7.3. 3D Circuits 109
According to the above definition, every state is assigned the unique input
under which it is entered and the output value it generates. This requires every
state in the XBM specification to be entered at a single unique entry point. For
example, the set of valid entry points to state 1 from state 0 in Fig. 7.4a is
{01011, 01111}, but from state 3 to state 1 is {01011}. Thus the unique entry
point condition is not met in this specification. A specification satisfying the
unique entry point condition is shown in Fig.7.4b.
abcxy = 00001 abcxy = 00001
a+c+ / y-
c- / x-
1100011110
a+c+ / y-
c- / x-
1100011110
a- / x+y+
01x11
(a) no unique entry (b) unique entry
b+c* / x+ b+c* / x+
a-c* / x+y+
2
1
0
3 3
0
1
2
Figure 7.4. Unique entry point example [Yun94]
For convenience, normally the arc is labelled with an input burst function lin :
F → ℘(In×{+,−, ∗}) and an output burst function lout : F → ℘(Out×{+,−}),
where ℘(P ) is the set of all subsets of P . They are derived from sin and sout
as follows: for any arc (u, v) ∈ F , an i-th input ini ∈ In is in the lin((u, v)) if
sin(u) 6= sin(v) in the i-th position or sin(v) = ∗ in the i-th position. A ′+′ is
concatenated to ini if the i-th input value of sin(u) = 0 and sin(v) = 1 or the i-th
input value of sin(u) = ∗ and sin(v) = 1, else a ′−′ is concatenated to ini if the i-th
input value of sin(u) = ∗ and sin(v) = 0 or the i-th input value of sin(u) = 1 and
sin(v) = 0, otherwise a
′∗′ is concatenated to ini (directed don’t care transition of
ini). Directed don’t care transitions allow one to specify that an input change may
or may not happen in a given input burst. The idea is that some inputs in a burst
may be allowed to change once monotonically along a sequence of bursts rather
than having to change in a particular burst. The same (without don’t care) is
done for the output. Also for any arc (u, v) ∈ F , an i-th input condi ∈ Cond is
in the lin((u, v)) if fcond((u, v)) 6= ∗ in the i-th position. A ′+′ is concatenated to
condi if the i-th input value of fin((u, v)) = 1, otherwise a
′−′ is concatenated to
condi. Conditional signal transition is placed in the bracket to differ from other
transition. If ∃lin((u, v)) = ∅, then the specification is not correct; because a state
transition can only happen if there is an input value change (input transition).
One can see in Fig. 7.5a the XBM specification as per definition 7.3.1 and its
more convenient representation in Fig. 7.5b.
An edge transition which is not immediately preceded by a directed don’t care
transition for the same signal is called compulsory transition. An input burst
should have at least one compulsory transition; i.e. lcomp : F → ℘(In× {+,−}),
an i-th input ini ∈ In, ini ∈ lin((u, v)) is in lcomp((u, v)) iff sin(u) and sin(v) in
110 Chapter 7. STG Decomposition in Asynchronous Circuit Design
(a,phi,x,y,z)
(0,0,0,0,0)
(1) (0)
(0,1,0,1,0)
(0,1,1,0,0)
(1,1,0,0,1)
(*)
(*) (*)
s0
s1 s2
s3
phi-/y-
a-phi-/z-
a+/x-z+
<c->phi+/y+<c+>phi+/x+ s0
s1 s2
s3
(a) (b)
Figure 7.5. (a) an XBM specification, (b) a more convenient XBM specification
the i-th position are not equal to ′∗′. If ∃lcomp((u, v)) = ∅ then the specification
is not correct; because there should be at least one compulsory transition in an
input burst. Without dackn+ in transition from state 3 to 4, the specification
in Fig. 7.6 would not be correct because fain− in transition from state 3 to 4 is
not a compulsory transition: it is immediately preceded by a directed don’t care
fain∗ in transition from state 2 to 3.
0
1
23
4
5
ok+ /
frout+
fain+ /
dreq+ frout
<cntgt1+>
fain* dackn /
dreq
fain dackn+ /
frout+
fain+ /
dreq+ frout
<cntgt1>
fain* dackn /
dreq
ok fain dackn+ /
Figure 7.6. Compulsory transition example [YD99]
Input bursts of every pair of state transitions emanating from the same state
must satisfy the distinguishability constraint such that for every pair of input
bursts i and j emanating from the same state, either the conditions are mutually
exclusive or the set of compulsory transitions in i is not a subset of the set of all
possible input transitions in j.
In Fig. 7.7a, the input burst from state 0 to 1 and the input burst from state
0 to 2 fulfill the distinguishability constraint, because their conditions < c+ >
and < c− > are mutually exclusive. In Fig. 7.7b, input i = {b+} causes the
transition from state 0 to state 2. Input burst j (leading from state 0 to 1)
contains the compulsory transition a+ and may also contain the occurrence b+
of don’t care transition b∗ : j ∈ {{a+}, {a+, b+}}. i = {b+} is a subset of
{a+, b+}. The indistinguishability constraint is violated. If a+ occurs after b+,
the XBM machine will end up in state 2 instead of state 1. In Fig. 7.7c, b+ is the
7.3. 3D Circuits 111
1 2 1 2
b+ /
y+
abxy = 0000abxy = 0000
0 0
1 2
abxy = 0000
0
(a) (b) (c)
<c+>
a+b+ /
x+
<c->
b+ /
y+
a+b* /
x+
<c+>
a+b+ /
x+
<c+>
b+ /
y+
Figure 7.7. Distinguishability constraint example [YD99]
only compulsory transition of input burst k = {b+} from state 0 to 2. {a+, b+}
is a possible input change of input burst l from 0 to 1. k = {b+} is a subset of
l = {a+, b+}. Also, the conditions of input burst k and l are the same. Hence
input bursts k and l do not fulfill the distinguishability constraint.
A 3D circuit works as follows: in a given state, when all the specified condi-
tional signals have stabilized and all the specified edge signals in the input burst
have appeared, the circuit asserts the specified output changes, moves to a new
state, and then is ready for the next input burst. Specified edges in the input
burst may appear in arbitrary temporal order. Each signal transition which is
specified as a directed don’t care transition may change its value monotonically
at any time, even while outputs are changing. Output changes may be generated
in any order.
The conditional signals must stabilize to correct levels before any compulsory
edge in the input burst appears and must hold their values until after all of the
input edges appear. The minimum delay from the conditional stabilizing to the
first compulsory edge is called the setup time. Similarly, the minimum delay from
the last input edge to the conditional change is called the hold time. Actual
values of setup and hold times of conditional signals with respect to the first
compulsory edge and the last input edge depend on the implementation. The
period starting at the specified setup time before the first compulsary edge and
ending at the specified hold time after the last input edge is called the sampling
period. Conditional signal values need not be stable outside of the specified
sampling periods.
7.3.1 From STG specification to XBM specification
There are methods [Wol97] – based on an elementary method [Bei00] – and
[LSV93], which try to use an STG as specification due to its expressiveness for cir-
cuits with bounded wire delays. This is because STGs can specify a wider range
of problems than can be solved by an XBM circuit and every XBM specification
has an STG specification. In this chapter, another way is described to obtain
circuits with bounded wire delay from an STG specification; i.e. by translating
an STG specification into an XBM specification.
The idea to translate an STG specification into an XBM specification was first
112 Chapter 7. STG Decomposition in Asynchronous Circuit Design
suggested by [BEW99]. Not like [BEW99] where the translation was performed
after deriving the state machine from the STG specification, the algorithm pre-
sented in this chapter translates directly from the STG. An XBM specification,
though it is a state machine, allows some concurrency, namely: input and output
burst, don’t care transitions and conditional signals. These concurrencies can
be translated directly, without explicitly deriving all of the possible states, and
therefore the method is more efficient than [BEW99].
(a)
[ t0 ]
a+
[ t1 ]
b+
(b)
a+
b+
0
1
2
p2
p0
p1
Figure 7.8. Sequence of input transitions: (a) STG, (b) its XBM translation
(a)
[ t1 ]
c+
[ t0 ]
a+
[ t2 ]
b+
[ t3 ]
c-
0
c-
1
2
3
a+b+
c+
(b)
p0
p1 p2
p3 p4
p5
Figure 7.9. Concurrent input transitions: (a) STG, (b) its XBM translation
Let’s see first, what is allowed in an STG that can be translated to XBM:
• Sequence of input transitions – see Fig. 7.8.
• Concurrent input(output) transitions – see Fig. 7.9(Fig. 7.10). Note: a
sequence of transitions that are concurrent with each other is not allowed.
7.3. 3D Circuits 113
(a)
[ t1 ]
c+
[ t3 ]
c-
0
c-
1
2
x+y+
c+/
(b)
[ t0 ]
x+
[ t2 ]
y+
p0
p1 p2
p3 p4
p5
Figure 7.10. Concurrent output transitions: (a) STG, (b) its XBM translation
[ t4 ]
e+
[ t3 ]
a+
[ t2 ]
d+
[ t1 ]
c+
[ t0 ]
b+
p5
p4
p3
p2p1
p0
(a)
0
b+d+
1
2
3
(b)
b*c+
a+
e+
4
Figure 7.11. Input only don’t care transition t0: (a) STG, (b) its XBM translation
114 Chapter 7. STG Decomposition in Asynchronous Circuit Design
(a)
0
b+d+
1
2
3
(b)
b*c+/
a+
e+
4
[ t4 ]
e+
[ t3 ]
a+
[ t2 ]
x+
[ t1 ]
c+
[ t0 ]
b+
p5
p4
p3
p2p1
p0
[ t5 ]
p6
d+
x+
Figure 7.12. Don’t care transition t0 with output: (a) STG, (b) its XBM trans-
lation
(a)
0
b+
1
2
3
(b)
b*c+/
a+
e+
4
[ t4 ]
e+
[ t3 ]
a+
[ t2 ]
x+
[ t1 ]
c+
[ t0 ]
b+
p5
p4
p3
p2p1
p0
x+
Figure 7.13. Don’t care transition t0 with output in the tail (a) STG, (b) its
XBM translation without compulsory transition
7.3. 3D Circuits 115
• Don’t care concurrent transitions with a transition sequence – see Fig. 7.11
for input only don’t care transition;see Fig. 7.12 for don’t care with out-
put. Note: the output transition must be in the middle of the transition
sequence. If the output transition is in the head of the transition sequence,
then there will be an input-output conflict in the XBM translation so that
the specification cannot be synthesized. If the output transition is in the tail
of transition sequence, then the resulting XBM transition will have no com-
pulsory transition. For example, after translating the STG in Fig. 7.13a, the
resulting XBM in Fig. 7.13b has the transition 2 → 3 without compulsory
transition.
(a)
[ t0 ]
a+
(b)
a+/
0
1
2
[ t1 ]
x+
p3
p2
p0
p1
[ t2 ]
y+
x+
y+
?/
Figure 7.14. Sequence of output transitions: (a) STG, (b) its XBM translation
without compulsory transition
(a)
0
1 2
4 63
(b)
c+b* b+ a+ a*d+
a+b* a*b+
Figure 7.15. Sequence of input transitions that are concurrent with each other:
(a) STG, (b) part of its XBM translation without compulsory transition
The following are not allowed in STGs that are to be translated to XBM
116 Chapter 7. STG Decomposition in Asynchronous Circuit Design
(a)
0
a+b*/
1 2
b+/
4
(b)
x+
y+
b+a*/
y+
a+/
x+
Figure 7.16. Sequence of input and output transitions that are concurrent with
each other: (a) STG, (b) its XBM translation without compulsory transition
• Input-output conflict (concurrency) because the resulting XBM after trans-
lation is not synthesizable. Note: dynamic input-output conflicts (concur-
rency) are found first by ”playing the token game”. Don’t care transitions
concurrent with a transition sequence are an exception of input-output con-
currency that is allowed.
• Output-output conflicts: The XBM resulting by translation has transitions
without compulsory transitions.
• Sequences of output transitions (SOT): The resulting XBM has transitions
without compulsory transitions. For example, after translating the STG in
Fig. 7.14a, the resulting XBM in Fig. 7.14b has transition 1 → 2 without
any compulsory transition.
• Sequences of transitions that are concurrent with each other. Because the
resulting XBM after translation either has transitions without compulsory
transitions or has input-output concurrency. For example, after translating
the STG in Fig. 7.15a, the resulting XBM in Fig. 7.15b has transitions
1 → 4 and 2 → 6 without compulsory transitions. For another example
with output transitions, see the STG in Fig. 7.16a. The resulting XBM in
Fig. 7.16b has transitions 1→ 4 and 2→ 4 without compulsory transitions.
The algorithm STG2XBM needs a bounded STG as input. This is because
only a bounded net has a finite set of reachable markings, and only an STG with a
finite set of reachable markings can be synthesized into a circuit. The STG is also
required to be consistent because only consistent STG have unique entry points 1.
Since an XBM specification does not have an equivalent for a λ input transition,
λ input transitions are used for synchronization in STGs; λ output transitions
are also allowed because they represent state transitions without output in the
XBM specification.
1Consistency of the STG is necessary but not sufficient, the resulting XBM still needs to be
checked whether it has unique entry points.
7.3. 3D Circuits 117
A conditional signal only needs to be stable while its value is being sampled
by the input burst, otherwise it can change its value by alternating ′+′ and ′−′
transitions. Therefore, this behaviour can be modelled in the STG as a level
SCSM (see section 5.2.2). For example, the async∗ STG in Fig. 5.1 has a level
SCSM for conditional signal c. To increase algorithm efficiency, level SCSMs are
removed from the STG and the conditions are placed in the sample transitions.
This way, the number of reachable markings is reduced by half.
Firing an output transition at an initial marking is not possible, because the
input burst would be empty, which is not allowed in XBM specifications 2. This
problem is treated in line 2 to line 3 of the algorithm STG2XBM .
Algorithm STG2XBM
Input: an ordinary STG N which is bounded and consistent
Output: an extended burst mode machine
1. Replace all level SCSM with conditional signal;
2. if there is an output transition which is enabled by M0 then
3. report and exit algorithm;
4. map the marking M0 into XBM initial state S;
5. put M0 into stack;
6. while there is still a marking M in the stack do
7. find S from M in the map;
8. if there is a choice of input transitions which are enabled by M then
9. for each choice FireAndTranslate2XBM ;
10. else
11. FireAndTranslate2XBM ;
12. (∗ end of if there is a choice of input transition which are enabled by M ∗)
13. (∗ end of while there is still a marking M in the stack ∗)
14. merge XBM state with a λ input transition; (∗ see Fig. 7.17 ∗)
Algorithm FireAndTranslate2XBM
Input: an ordinary STG N which is bounded and consistent
1. if there are input and output transitions which are enabled by M then
2. report and exit algorithm; (∗ input-output concurrency ∗)
3. D = all don’t care input transition enabled in M ;
4. I = all the input transition enabled in M - D;
5. fire all the input transitions in I, resulting in M ′;
6. if |I| > 1 and there are transitions which are enabled by M ′ then
7. report and exit algorithm; (∗ concurrent sequence of transitions ∗)
8. O = ∅
9. if there is an output transition which is enabled by M ′ then
2This goes for every type of asynchronous circuit specification. The circuit remains in its
inital stable state (including the initial output) until it is started by the first input change.
118 Chapter 7. STG Decomposition in Asynchronous Circuit Design
(a)
λ
[ t4 ]
p4 p5
0
1
2
a+b+
 / x+y+
0
1
a+b+ / x+y+
(b) (c)
Figure 7.17. Input and output burst: (a) STG, (b) its XBM translation before
and (c) after merger
10. if there is input transitions other than in D which are enabled by M ′
then
11. report and exit algorithm; (∗ input-output concurrency ∗)
12. if output transitions in conflict then report and exit algorithm;
13. O = all the output transition enabled in M ′;
14. fire all the output transitions in O resulting in M ′′;
15. Mnext = M
′′;
16. if there is an output transition which is enabled by M ′′ then
17. report and exit algorithm; (∗ SOT ∗)
18. if |O| > 1 and there are transitions enabled by M ′′ then
19. report and exit algorithm; (∗ concurrent sequence of transitions ∗)
20. else (∗ there is no output transition which is enabled by M ′ ∗)
21. Mnext = M
′;
22. (∗ end of if there is an output transition which is enabled by M ′ ∗)
23. if there is no mapping of Mnext in the map then
24. map the marking Mnext into XBM state S
′;
25. put Mnext into stack;
26. (∗ end of if there is no mapping of Mnext in the map ∗)
27. label the transition S → S ′ with the label of transition in D, I and O;
Because XBM specification allows only specific concurrency which is a subset
of the concurrencies possible in STG specifications, not all STGs can be trans-
lated directly to XBM specifications. Sometimes, decomposition is needed to
make it translatable as suggested by [BEW99]. [BEW99] suggest a state ma-
chine decomposition approach by trying to reduce the state machine vertically
(and horizontally if needed). This vertical reduction assume that the irrelevant
input signal as don’t care. The vertical reduction is done with the method sug-
gested by Graselli and Luccio [GF66]. The implementation of this state machine
decomposition based on [BEW99] and [GF66] can be seen in [Kan02].
7.4. DESI 119
Also, STG decomposition can be used to make an STG specification translat-
able to an XBM specification. For example, the wechselpuffer STG in Fig. 3.4a
cannot be translated directly into an XBM specification. Because after Rin+,
Rd+, Rm+ are fired in sequence, Ain+ and Rout+ are concurrently enabled
and give concession concurrently to Rin− and Aout+. This is the case of not
allowed output-output concurrency. After decomposition, the Aout− component
(see Fig. 5.15c) can be translated to the XBM specification.
But decomposition does not always solve the problem, because even after
decomposition some components may not be XBM translatable. For example,
the z-component of the async99* STG in Fig. 5.14b cannot be translated into
a valid XBM specification due to input-output concurrency between z+ and a−
after firing a+.
7.4 DESI
DESI (DEcomposer of SIgnal Transition Graphs) is implemented based on the
algorithm [VK07] [VW02] which starts with a given partition of the set of out-
put variables: each Ci is responsible for one block of the partition. The Cis are
then extracted from the STG by transition contraction and deletion of redun-
dant places [VW02], as well as deletion of loop-only and duplicate λ-transitions
[VK07], care being taken to keep only the relevant input signals, which may be
global inputs or outputs of other components. Step by step examples of STG
decomposition can be seen in AG-Beister website.
Deleting redundant places can increase efficiency of the algorithm by contract-
ing a transition. But to find a redundant place as per definition 2.1.18 takes much
more effort than the gain in efficiency. Hence, DESI removes only special cases
of redundant places: loop-only and (extended) duplicate places.
• A loop-only place is a marked place p, such that p and t form a loop with
arcs of weight 1 for all t ∈ •p∪p•. The example STG in Fig. 7.18a will have
a loop-only place (p1, p2) after secure t-contraction.
• Place p is an (extended) duplicate of place q if ∀t : W (t, p) = W (t, q),W (p, t) =
W (q, t) and MN(p) ≥ MN(q). After secure t-contraction, the example
STG in Fig. 7.18b will have a place (p1, p2) in which MN((p1, p2)) = 1
and MN(p3) = 0. Hence (p1, p2) is a duplicate of p3 and will be removed.
DESI is suggested to be applied in modular 3 design [KWVB03]. The modular
design starts from an STG as specification. The STG is decomposed into compo-
nents based on the output partition. Each component is synthesized separately,
3A Module is a self-contained component of a system, which has a well-defined interface to
the other components
120 Chapter 7. STG Decomposition in Asynchronous Circuit Design
[t
2
]
b+
[t
1
]
a+
[t]
λ p
3
p
1
p
2
(b)
[t
2
]
b+
[t
1
]
a+
p
3
[t]
[t
2
]
b+
p
4
p
2
p
1
p
3
(a)
λ
Figure 7.18. After contracting t, the STG has (a) a loop-only place, (b) a
duplicate place
then the resulting modules are interconnected to form a modular circuit. The
overall design flow is shown in Fig. 7.19.
DESI is designed as part of CASCADE, which can forward results to other
synthesis tools such as petrify [CKK+96] for SI circuit and 3D [YDN92] for 3D
circuit. Based on the modular design flow, DESI together with other tools com-
pletes the tool chain for a modular design (see Fig. 7.20).
DESI is an academic tool which may be downloaded from AG-Beister web-
site. Version 2 uses the algorithm from [VW02]. This version was presented in
[KWVB03]. An option for a risky strategy is also included in version 3.
7.4.1 Experimental Results for SI Circuits
The examples in the benchmark table are taken from a collection of benchmark
examples that circulate in the STG community. In the experiment, petrify was
used to synthesize the components. A plausible output partition 4 is given as
input for DESI. For each example in the table, we have the number r of reachable
states, the area a resulting from synthesis and the computation time t(in second)
needed for an Intel Xeon 2.2 GHz with 1 GB memory. The lower-case literals
are used for the original specification, the upper-case literals for the sum of all
components resulting from decomposition. Td is the time taken by DESI for
decomposition, Tp is the time taken by petrify for synthesizing all the components.
In the arbiter example, the ME-element found by DESI could not be synthesized
by petrify (neither could the original specification) due to the output persistency
requirement for SI circuits.
From the table, one can see that DESI produces the best results if r is large.
We obtained fewer reachable states, less area, and less computation time. Even
for small examples, we mostly need less computation time. DESI overhead is
small in most cases compared to the computation time needed for synthesis. Less
computation time for synthesis is achieved because of fewer reachable states and
4more about finding effective output partition [WVW11]
7.4. DESI 121
Overall STG N
(Output set: O)
output
partitioning
p(o) = {B1, ..., Bi, ..., Bn}
C1
RG1 / SpG1
module 1
interconnection
modular circuit
overall
RG / SpG
"en bloc"
circuit
Ci
RGi / SpGi
module i
Cn
RGn / SpGn
module n
synthesis
extraction of
component STGs
...
...
...
...
...
...
derive
reachability (RG) or
step graphs (SpG)
Figure 7.19. Modular design flow
Unified design entry:
generalized STG
if convertible
STG
SpG
PFT
DESI
if XBM-feasible
g2datSTG(.g file)
XBMM
run 3D
3D circuit
CASCADE
(.dat file)
STGi
run petrify
SI circuit
... ...
Figure 7.20. Modular design tool chain
122 Chapter 7. STG Decomposition in Asynchronous Circuit Design
r a t R A T Td Tp R/r A/a T/t Td/Tp
1 mread 8932 67 231.18 409 59* 6.31 0.15 6.16 4.57 88.06 2.73 2.44
2 stg-blunno' 1241 54 401.35 248 36* 2.95 1.27 1.68 19.98 66.67 0.74 75.6
3 FIFO 832 49 140.88 126 41* 3.12 0.45 2.67 15.14 83.67 0.32 16.85
locked2' 168 23* 6.91 82 29* 2.36 0.39 1.97 48.81 126.09 34.15 19.8
(risky) 44 -- -- 0.35 -- 26.19 -- -- --
5 pe-send-ifc' 117 50 2.07 100 62* 4.82 0.43 4.39 85.47 124 232.85 9.79
6 mux2' 101 68* 255.42 93 109* 50.26 0.47 49.75 92.08 160 19.68 0.94
7 LL Arbiter' 64 -- -- 82 ^ -- 0.1 -- 128.13 -- -- --
post-office' 62 28 22.3 72 32* 17.72 0.49 17.23 116.13114.29 79.46 2.84
(risky) 67 -- -- 0.43 -- 108.06 -- -- --
9 nak-pa 58 18 0.19 54 18 0.38 0.26 0.12 93.1 100 216.67
10 adfast 44 17 1,34 38 15* 0.91 0.15 0.76 86.36 88.24 67.91 19.74
11 adc-yak 44 15 1.29 39 16* 0.64 0.14 0.50 88.64 106.67 49.61 28
12 NEI Arbiter' 42 -- -- 33 ^ -- 0.09 -- 78.57 -- -- --
13 tsend-csm' 36 38 9.43 41 35* 1.4 0.24 1.16 113.89 92.11 14.85 20.69
14 vmecon' 24 19 1.72 27 22* 0.57 0.13 0.44 112.5 115.79 33.14 29.55
' could be handled only by improved algorithm; i.e. DESI version 3 or above
Example 2,4,6,8 and 13 have dummy transition
Example 2,5,7,12 and 14 have structural auto conflicts
Example 2 has an io-conflict
* there is module which is not speed independent (petrify synthesis with "slow environment")
^ ME-element plus synthesizable component(s)
4
8
ratio (%)
name
original all components together
200
Figure 7.21. Benchmark table. The times are given in seconds [VK07].
Figure 7.22. Detail of some example described in table Fig. 7.21
7.4. DESI 123
fewer output signals which cause less time needed to find complete state coding
(CSC). The decomposition equation results are small in most of the cases that
can be implemented with only simple gate instead of complex gate. With the
risky strategy, we obtained smaller numbers of R, but with the penalty that the
components could not be synthesized by petrify if they involve dynamic auto
conflicts. In the arbiter example, the ME-element found by DESI could not be
synthesized by petrify (neither could the original specification) due to the output
persistency requirement for SI circuits.
[t18 ]
csc0+
[ t17 ]
csc0-
[ t9 ]
dtack+
[ t13 ]
ds-
[ t14 ]
dsw-
[ t8 ]
ds-
[ t7 ]
dtack+
[ t4 ]
ds+
[ t2 ]
dsw+
[ t0 ]
dtack-
p18
p17
p16_15_14_3_5_10_11
p8
p12_10_11
p9
p7_6
p4
p1_2_3_5
p0
Figure 7.23. dtack component from Fig. 7.3 after CSC solving
Due to decomposition, each circuit should have its internal state signals. The
insertion of these internal signals into the specification without changing the
interface is sometimes impossible, because the specification after decomposition
has fewer output signals. Therefore, sometimes it is needed to ensure that some
internal event has happened before some input event. If this cannot be achieved,
then it is needed to slow the environment.
An example is the VME controller vmecon (last line in table Fig. 7.21). It is
decomposed into 2 components {lds, ds} and {dtack} (see table in Fig. 7.22). Its
124 Chapter 7. STG Decomposition in Asynchronous Circuit Design
STG is shown in Fig. 2.8, that of its dtack-component in Fig. 7.3. This component
has an irreducible CSC. Therefore, the circuit derived from the dtack-component
after inserting the internal signal csc0 (see Fig. 7.23), requires the event csc0+ to
happen before ds−. Only if this is fulfilled, can the derived circuit be guaranteed
to work correctly. More about solving CSC for STG decomposition can be found
in [SV07].
Comparison of area estimates after petrify synthesis with and without decomposition
(example FIFOs controllers)
0
20
40
60
80
100
120
140
3 4 5 6
number of FIFO stages
a
re
a total area with desi
total area without desi
Figure 7.24. Area comparison for FIFO example with and without decomposition
Decomposition is especially effective for iterative specifications. An example
for this is the FIFO controller specification in Fig. 5.10. It has 3 stages in the
specification and can be enlarged to any finite number of stages. Experimental
results for FIFO specifications with 3 to 6 stages are shown in Fig. 7.24 and
Fig. 7.25. From Fig. 7.24, one can see that with increasing number of stages,
the decomposed approach yields less implementation area. This is because the
synthesis tool cannot give an optimal result if the number of reachable mark-
ings is large, as in the case of FIFO specification with 5 and 6 stages, without
decomposition. Also without decomposition, the time needed to synthesize the
specification exponentially increases as shown in Fig. 7.25. Without decomposi-
tion, the FIFO specification with 7 stages could not be synthesized due to lack of
memory resources.
7.4. DESI 125
Comparison between petrify synthesis with decomposition and without decomposition
(example FIFOs controllers)
0,10
1,00
10,00
100,00
1000,00
10000,00
100000,00
3 4 5 6
number of FIFO stages
ti
m
e
(s
) petrify
desi&petrify
desi
Figure 7.25. Time comparison for FIFO example with and without decomposition
(the desi graph is for decomposition time only).

Chapter 8
Conclusion and Future Work
Improvements of the [VW02] STG decomposition algorithm are in chapter 4 pre-
sented. With this improvements not only STGs from real applications can be
decomposed, but also better decomposition results can be obtained. Dummy
transitions and structural auto-conflicts are allowed. Dummy transitions are often
introduced by translating from hardware description language into STG [BL00].
Structural auto-conflicts with control places often occur in an indeterministic
specification (e.g for an VME bus controller) or an arbiter specification [Wol97]
[YKKL94]. The problem with structural auto-conflict is solved by introducing
transition fusion. Problems with non-secure dummy transitions are solved by
transforming them into secures ones. This securing transformations and the dele-
tion of loop-only dummy transitions reduce the frequency of backtracking in the
algorithm, thereby yielding better decomposition results. Algorithm efficiency is
also increased by contracting globally irrelevant signals before decomposition and
by reordering the transitions to be contracted.
In chapter 5 the new structural approach of STG decomposition is suggested.
A component for an output block is found by synchronizing SCSMs that is needed
to produce the output for current component and preserving the synthesizeable
property of the initial net. By using this approach, the limitation of net reduction
operation is overcomed resulting in smaller end component than [VW02]; also the
method is easier to be applied in practice. Comparing it to the [VW02] method,
one may think that the SMD-subnet method has an overhead for finding the
initial SMD-subnets. But, it is not the case. Finding the SCSMs should be done
anyway to decide liveness and safeness of FC nets [KB92] before synthesis. The
same argument applies to finding extended structures of the FC net (line 2 - line 6
of algorithm SMD-Subnet).
The only overhead of the SMD-subnet method is for synchronizing relevant
SCSMs, but this is just a net union. This small overhead pays off by fewer
transitions to be contracted, which may yield smaller results than the [VW02]
method, as shown by the previous examples.
127
128 Chapter 8. Conclusion and Future Work
Hence, the conclusions are as follows. The SMD-subnet method is in most
cases more efficient than the [VW02] method. In the case of nets with level SCSMs
or regulation circle paths, the SMD-subnet method yields smaller components.
Also, it is easier to preserve the layout of the net by the SMD-subnet. The only
drawback is that SMD-subnet can only be applied to a restricted class of P/T
nets. Despite its current limitations, in most cases, the SMD-subnet method can
be applied to practical STG benchmarks. It should be possible to remove this
restriction in the future – i.e. by using [VW02] [VK07] method to find SCSMs.
This can be done by contracting all the transitions in the net(total contraction)
and taking loop-only places as SCSMs.
The explicit consistency requirement is too strict and needs to be improved
in the future. A possible improvement could be by finding a consistent SCSM (or
even a consistent SMD), such that the net in Fig. 5.4 and 5.5 could be handled by
the SMD-subnet method. This could be done e.g. when checking consistency for
FC STGs, there already is a polynomial algorithm to check consistency suggested
by [Esp03].
Using implicitly consistent SCSMs in addition to explicitly consistent could
not only extend the class of nets that be handled by the SMD-subnet method, but
could also increase algorithm efficiency. An example is the FIFO net in Fig. 5.10.
From the safe cover in Fig. 5.11, the initial Ain-component is shown in Fig. 5.12a.
N2 is the relevant SCSM for the Ain-component which is also a consistent SCSM
for Ain. Contracting t0 and t23 is trivial, because both divining transitions have
only one pre and one post place. If the FIFO net is covered by N ′1, N
′
2, instead of
N1, N2 (see Fig. 8.1), then contracting t0, t23 is no longer trivial.
In addition to consistent SCSMs, the SMD-subnet method still could be ex-
tended by finding another SCSM structure that, when removed, leaves a live and
safe net.For example, generalize the regulation circle path such that the net in
Fig. 3.4a also could be handled by SMD-subnet method.
In the future, using the SMD-subnet method, decomposition could be better
embedded in a synthesis process. As in synthesis, some conditions for a net to
be synthesizable such as liveness, safeness and consistency should be checked.
The SMD-subnet method could use parts of the result of this test such as: an
SCSM-cover found by liveness and safeness test of FC nets [KB92], an consistent
SCSMs (or even consistent SMDs) found by a consistency check. Also, using the
so-called correct SCSM-cover [PCKR98], decomposition could be done such that
the transition with the signal needed for solving coding conflicts is preserved.
As there are many possible safe covers for a net N due to many possible SCSM
subnets of N , finding a good cover should be considered in the future. For, the
efficiency of the SMD-subnet method may be decreased if the cover is not good,
as described above with the Ain-component of the FIFO net as the example.
Another example of bad covers are the covers with redundant SCSMs. The safe
cover χ3 = {N1, N3, N4, N5} of N in Fig. 5.2 includes the redundant SCSM N1.
N1 and N3 are relevant SCSM for the x-component. Without the redundant
129
[ t0 ]Rin+
[ t4 ]
R1-
[ t5 ]
A1-
[ t6 ]Ain-
[ t23 ]
Rin-
[ t0 ]Rin+
[ t1 ]
R1+
[ t2 ]
A1+
[ t3 ]
Ain+
[ t23 ]
Rin-
p6
p7
p28
p29
p30
p0
p1
p2
p3
p27
N1'
N2'
Figure 8.1. Non-consistent SCSM subnets of FIFO example in Fig. 5.10
130 Chapter 8. Conclusion and Future Work
SCSM N1, only N3 is relevant. The redundant SCSM N1 in this example cause
more transitions to be contracted (t1), and non-trivial contraction. Note that, this
does not mean that all redundant SCSMs should be avoided. Because, there are
redundant SCSM that are needed in the component; e.g. redundant but consistent
SCSM that are needed to ensure consistency as in the case of consistent SCSM
N9 in Fig. 5.5.
Furthermore, relevant SCSMs in the χc for an output block component could
be more restricted to increase efficiency; e.g. a relevant SCSM that will become
a loop only place like N3 or N4 for the Aout-component of the FIFO example
(Fig. 5.12) could be removed directly from χc.
Using the structure graph described in chapter 6 to find an SCSM subnet
is more efficient in most cases than traversing the P/T net directly. Also, by
contracting middle node transitions in one step, transitions contraction is done
more efficiently than by successively contracting each transition.
The structure graph of an ordinary P/T net can be used not only for finding
SCSM subnets or contracting middle node transitions; but also for other algo-
rithms which traverse nodes in the P/T net. Therefore, it is suggested to use the
structure graph as an abstract data structure for a P/T net when implementing
such algorithms. Some applications of structure graphs in finding subnets of P/T
nets and the experimental results can be found in [War05] [Taw04].
A super node with only divining transitions as middle node transitions can
become a redundant place. In the future, this kind of super node can be deleted
directly from the net without first contracting all the middle-node divining tran-
sitions. For example, the super node N2 in Fig. 6.14 can be deleted directly from
the net because it will become a redundant place.
As for asynchronous circuit, [VW02] algorithm is good for speed independent
circuit implementation, because such implementation should not reduce the net
too much. Too much reduction could remove input signal which is also has a role
to achieve complete state coding. Thus, too much reduction could cause that
complete state coding could not be found. SMD-subnet base algorithm instead is
good for XBMMs implementation, because it could give smaller component and
has less problem with loop on transition, which could be found often in XBM
specification due to level transition.
The suggested direct translation from STG specification to XBM specification
in chapter 7.3.1 improves efficiency of the translation suggested in [BEW99]. This
efficiency is achieved by directly translate the specified concurrency instead of
deriving the state machine from STG specification. However, not all STGs can
be translated directly to XBM specifications because XBM specification allows
only specific concurrency which is a subset of the concurrencies possible in STG
specifications. The STG decomposition can be used to make an STG specification
translatable to an XBM specification. But decomposition does not always solve
the problem, because even after decomposition some components may not be
XBM translatable.
131
As shown in DESI experimental results (chapter 7.4.1), decomposition is ef-
fective for specifications with a large number of reachable marking. For synthesis
tool like petrify cannot synthesize effectively if the number of reachable marking
is large, i.e. need more area. It also require plenty computing resources and time.
This make it not feasible for that e.g. 7 stage of FIFO specification. However
with decomposition there is no problem with computing resources and time. Not
only that, the resulting area is smaller with decomposition. For a small number
of reachable marking like NEI-arbiter one still can benefit from decomposition
which extract module like ME-element from specification.

Bibliography
[And83] C. Andre´. Structural transformations giving B-equivalent PT-nets.
In Pagnoni and Rozenberg, editors, Applications and Theory of
Petri Nets, Informatik-Fachber. 66, 14–28. Springer, 1983.
[BC92] L. Bernardinello and F. Cindio. A Survey of Basic Net Models
and Modular Net Classes. Lecture Notes in Computer Science;
Advances in Petri Nets 1992, 609:304–351, 1992.
[Bei00] J. Beister. Vorlesung ”Entwurf ungetakter Schaltwerke”. Technical
report, Universita¨t Kaiserslautern, 2000.
[Ber87] G. Berthelot. Transformations and decompositions of nets. In
W. Brauer et al., editors, Petri Nets: Central Models and Their
Properties, Lect. Notes Comp. Sci. 254, 359–376. Springer, 1987.
[Bes87] E. Best. Structure Theory of Petri Nets: the Free Choice Hiatus.
In Brauer, W., Reisig, W., and Rozenberg, G., editors, Lecture
Notes in Computer Science: Petri Nets: Central Models and Their
Properties, Advances in Petri Nets 1986, Part I, Proceedings of an
Advanced Course, Bad Honnef, September 1986, volume 254, pages
168–205. Springer, 1987.
[BEW99] J. Beister, G. Eckstein, and R. Wollowski. From STG to Extended-
Burst-Mode Machines. In Proc. 5th International Symposium on
Advanced Research in Asynchronous Circuits and Systems. IEEE
Computer Society Press, 1999.
[BEW00] J. Beister, G. Eckstein, and R. Wollowski. CASCADE: a tool ker-
nel supporting a comprehensive design method for asynchronous
controllers. In M. Nielsen, editor, Applications and Theory of Petri
Nets 2000, Lect. Notes Comp. Sci. 1825, 445–454. Springer, 2000.
133
134 Bibliography
[BL89] K. Barkaoui and B. Lemaire. An Effective Characterization of Min-
imal Deadlocks and Traps in Petri Nets Based on Graph Theory.
In Proceedings of the 10th International Conference on Applica-
tion and Theory of Petri Nets, 1989, Bonn, Germany, pages 1–21,
1989.
[BL00] I. Blunno and L. Lavagno. Automated synthesis of micro-pipelines
from behavioral Verilog HDL. In Proc. International Sympo-
sium on Advanced Research in Asynchronous Circuits and Systems,
pages 84–92. IEEE Computer Society Press, April 2000.
[BT87] E. Best and P. S. Thiagarajan. Some Classes of Live and Save
Petri Nets. Concurrency and Nets - Advances in Petri Nets, pages
71–94, 1987. NewsletterInfo: 27.
[BW93] J. Beister and R. Wollowski. Controller implementation by com-
municating asynchronous sequential circuits generated from a Petri
net specification of required behaviour. In G. Caucier and J. Trilhe,
editors, Synthesis for Control Dominated Circuits, 103–115. Else-
vier Sci. Pub. 1993.
[Chu86] T.-A. Chu. On the models for designing VLSI asynchronous digital
systems. Integration: the VLSI Journal, 4:99–113, 1986.
[Chu87a] T.-A. Chu. Synthesis of Self-Timed VLSI Circuits from Graph-
Theoretic Specifications. PhD thesis, MIT, 1987.
[Chu87b] T.-A. Chu. Synthesis of self-timed VLSI circuits from Graph-
Theoretic Specifications. In IEEE Int. Conf. Computer Design
ICCD ’87, pages 220–223, 1987.
[CKK+96] J. Cortadella, M. Kishinevsky, A. Kondratyev, L. Lavagno, and
A. Yakovlev. Petrify: a tool for manipulating concurrent specifica-
tions and synthesis of asynchronous controllers. Technical report,
Universitat Polite`cnica de Catalunya, 1996.
[CKK+02] J. Cortadella, M. Kishinevsky, A. Kondratyev, L. Lavagno, and
A. Yakovlev. Logic Synthesis of Asynchronous Controllers and
Interfaces. Springer, 2002.
[Com72] F. Commoner. Deadlocks in Petri Nets. Wakefield: Applied Data
Research, Inc., CA-7206–2311, 1972.
[DE95] J. Desel and J. Esparza. Free Choice Petri nets. Cambridge Uni-
versity Press Cambridge Tracts in Theoretical Computer Science,
1995.
Bibliography 135
[Dil88] D. Dill. Trace Theory for Automatic Hierarchical Verification of
Speed-Independent circuits. MIT Press, Cambridge, 1988.
[DN95] A. Davis and S. Nowick. Asynchronous Circuit Design: Motivation,
Background, and Methods. In Graham Birtwistle and Al Davis,
editors, Asynchronous Digital Circuit Design, Workshops in Com-
puting, pages 1–49. Springer, 1995.
[Ebe92] J. Ebergen. Arbiters: an exercise in specifying and decompos-
ing asynchronously communicating components. Sci. of Computer
Programming, 18:223–245, 1992.
[EBS89] J. Esparza, E. Best, and M. Silva. Minimal Deadlocks in Free
Choice Nets. Universita¨t Hildesheim (Germany), Institut fu¨r In-
formatik Hildesheimer Informatik-Berichte 1/89, July 1989.
[ES89] J. Esparza and M. Silva. Circuits, Handles, Bridges and Nets. In
Proceedings of the 10th International Conference on Application
and Theory of Petri Nets, 1989, Bonn, Germany, pages 134–153,
1989.
[ES91] J. Esparza and M. Silva. Handles in Petri Nets. Univer-
sita¨t Hildesheim (Germany), Institut fu¨r Informatik Hildesheimer
Informatik-Berichte 3/91, April 1991.
[Esp90] J. Esparza. Synthesis Rules for Petri Nets, and How they Lead
to New Results. In Baeten, J.C.M. et al., editors, Lecture Notes
in Computer Science; CONCUR’90, Theories of Concurrency:
Unification and Extension. (Conference, 1990, Amsterdam, The
Netherlands), volume 458, pages 182–198, Berlin, Germany, 1990.
Springer.
[Esp03] J. Esparza. A Polynomial-Time Algorithm for Checking Consis-
tency of Free-Choice Signal Transition Graphs. In Third Interna-
tional Conference on Application of Concurrency to System Design
(ACSD’03), Guimares, Portugal, pages 61–70. IEEE, June 2003.
InternalNote: Submitted by: hr.
[FN01] R. Fuhrer and S. Nowick. Sequential Optimization of Asynchronous
and Synchronous Finite-State Machines: Algorithms and Tools.
Kluwer Academic Publishers, 2001.
[GF66] A. Grasselli and F.Luccio. A Method for the Combined Row Col-
umn Reduction of Flow Tables. In Proceedings of the 7th Ann.
Symp. Switching Theory, 1966.
136 Bibliography
[Hac72] M. Hack. Analysis of Production Schemata by Petri Nets. Cam-
bridge, Mass.: MIT, Dept. Electrical Engineering, MS Thesis.,
1972.
[Hac74] M. Hack. Extended State-Machine Allocatable Nets (ESMA), an
Extension of Free Choice Petri Net Results. MIT, Project MAC,
Computation Structures Group, Memo 78–1, 1974.
[Huf64] D. A. Huffman. The Synthesis of Sequential Switching Circuits.
In E. F. Moore, editor, Sequential Machines: Selected Papers. Ad-
dison Wesley, 1964.
[JV80] M. Jantzen and R. Valk. Formal Properties of Place/Transition
Nets. In Brauer, W., editor, Lecture Notes in Computer Science:
Net Theory and Applications, Proc. of the Advanced Course on
General Net Theory of Processes and Systems, Hamburg, 1979,
volume 84, pages 165–212, Berlin, Heidelberg, New York, 1980.
Springer.
[Kan02] B. Kangsah. Entwicklung und Implementierung eines Algorithmus
zur parallelen Dekomposition von Automaten unter Entfernung ir-
relevanter Eingangsvariablen. Master thesis, Technische Univer-
sita¨t Kaiserslautern, FB Elektrotechnik und Informationstechnik.,
2002.
[Kan03] B. Kangsah. Finding STG component with concessioner path.
Technical report, Universita¨t Kaiserslautern, 2003.
[KB92] P. Kemper and F. Bause. An Efficient Polynomial-Time Algo-
rithm to Decide Liveness and Boundedness of Free Choice Nets.
In Jensen, K., editor, Lecture Notes in Computer Science; 13th
International Conference on Application and Theory of Petri Nets
1992, Sheffield, UK, volume 616, pages 263–278. Springer, June
1992.
[Kem93] P. Kemper. Linear Time Algorithm to Find a Minimal Deadlock
in a Strongly Connected Free-Choice Net. In Ajmone Marsan, M.,
editor, Lecture Notes in Computer Science; Application and The-
ory of Petri Nets 1993, Proceedings 14th International Conference,
Chicago, Illinois, USA, volume 691, pages 319–338. Springer, 1993.
[KGJ96] P. Kudva, G. Gopalakrishnan, and H. Jacobson. A technique for
synthesizing distributed burst-mode circuits. In 33rd ACM/IEEE
Design Automation Conf., pages 67–70, 1996.
Bibliography 137
[KKT93] A. Kondratyev, M. Kishinevsky, and A. Taubin. Synthesis Method
in self-timed design. Decompositional approach. In IEEE Int.
Conf. VLSI and CAD, pages 324–327, 1993.
[KVWB04] B. Kangsah, W. Vogler, R. Wollowski, and J. Beister. Improving
STG decomposition. Technical report, Universita¨t Kaiserslautern,
2004.
[KVWB05] B. Kangsah, W. Vogler, R. Wollowski, and J. Beister. DESI: A Tool
for Decomposing Signal Transition Graphs. In Tool demonstration
on Application of Concurrency to System Design (ACSD’05), 2005.
[KWVB03] B. Kangsah, R. Wollowski, W. Vogler, and J. Beister. DESI: A
Tool for Decomposing Signal Transition Graphs. In 3rd ACiD-WG
Workshop, 2003.
[LSV93] L. Lavagno and A. Sangiovanni-Vincentelli. Algorithms for Syn-
thesis and Testing of Asynchronous Circuits. Kluwer Academic
Publishers, 1993.
[MB59] D. Muller and W. S. Bartky. A Theory of Asynchronous Circuits.
In Proceedings of an International Symposium on the Theory of
Switching, pages 204–243. Harvard University Press, April 1959.
[Now93] S. Nowick. Automatic Synthesis of Burst-Mode Asynchronous Con-
trollers. PhD thesis, Stanford University, Department of Computer
Science, 1993.
[PCKR98] E. Pastor, J. Cortadella, A. Kondratyev, and O. Roig. Struc-
tural Methods for the Synthesis of Speed-Independent Circuits.
IEEE Transactions on Computer-Aided Design, 17(11):1108–1129,
November 1998.
[Pet66] C.A. Petri. Kommunikation mit Automaten. New York: Griffiss
Air Force Base, Technical Report RADC-TR-65–377, 1:1–Suppl.
1, 1966. English translation.
[RY85] L. Rosenblum and A. Yakovlev. Signal graphs: from self-timed to
timed ones. In Proc. Int. Work. Timed Petri Nets, Torino, Italy,
1985.
[SF01] Jens Sparsø and Steve Furber, editors. Principles of Asynchronous
Circuit Design: A Systems Perspective. Kluwer Academic Publish-
ers, 2001.
[Sta90] P. Starke. Analyse von Petri-Netz-Modellen. Stuttgart, Germany:
Teubner, 1990.
138 Bibliography
[SV05] M. Scha¨fer and W. Vogler. Component Refinement and CSC Solv-
ing for STG Decomposition. In Lecture Notes in Computer Sci-
ence: Foundations of Software Science and Computational Struc-
tures: 8th International Conference, FOSSACS 2005, Held as Part
of the Joint European Conferences on Theory and Practice of Soft-
ware, ETAPS 2005, Edinburgh, UK, April 4-8, 2005 / Vladimiro
Sassone (Ed.), volume 3441, pages 348–363. Springer, 2005.
[SV07] Mark Scha¨fer and Walter Vogler. Component refinement and
CSC-solving for STG decomposition. Theor. Comput. Sci., 388(1-
3):243–266, 2007.
[SVJ05] M. Scha¨fer, W. Vogler, and P. Janc´ar. Determinate STG Decompo-
sition of Marked Graphs. In G. Ciardo and P. Darondeau, editors,
Applications and Theory of Petri Nets 2005, Lect. Notes Comp.
Sci. 3536, pages 365–384. Springer, 2005.
[Taw04] P. Tawdross. Structural decomposition of STGs and transformation
into XBM machines. Master thesis, Technische Universita¨t Kaiser-
slautern, FB Elektrotechnik und Informationstechnik., 2004.
[VK04] W. Vogler and B. Kangsah. Improved Decomposition of Signal
Transition Graphs. Technical report, Universita¨t Augsburg, 2004.
[VK05] W. Vogler and B. Kangsah. Improved Decomposition of Signal
Transition Graphs. In Jo¨rg Desel and Yosinori Watanabe, editors,
Proceedings of the Fifth International Conference on Application of
Concurrency to System Design (ACSD’05), pages 244–253. IEEE
Computer Society Press, 2005.
[VK07] Walter Vogler and Ben Kangsah. Improved Decomposition of Sig-
nal Transition Graphs. Fundam. Inform., 78(1):161–197, 2007.
[VW02] W. Vogler and R. Wollowski. Decomposition in Asynchronous Cir-
cuit Design. In J. Cortadella, A. Yakovlev, and G. Rozenberg, ed-
itors, Concurrency and Hardware Design, Lect. Notes Comp. Sci.
2549, pages 152–190. Springer, 2002.
[VYCLdM94] P. Vanbekbergen, C. Ykman-Couvreur, B. Lin, and Hugo de Man.
A generalized signal transition graph model for specification of
complex interfaces. In Proc. European Design and Test Conference,
pages 378–384. IEEE Computer Society Press, 1994.
[War05] S. Warman. Decomposition of the Structure Graph of a P/T net
into siphon-trap Subnets. Master thesis, Technische Universita¨t
Kaiserslautern, FB Elektrotechnik und Informationstechnik., 2005.
Bibliography 139
[WB00] R. Wollowski and J. Beister. Comprehensive Causal Specifi-
cation of Asynchronous Controller and Arbiter Behaviour. In
A. Yakovlev, L. Gomes, and L. Lavagno, editors, Hardware Design
and Petri Nets, pages 3–32. Kluwer Academic Publishers, March
2000.
[Wen77] S. Wendt. Using Petri nets in the design process for interacting
asynchronous sequential circuits. In Proc. IFAC-Symp. on Discrete
Systems, Vol.2, Dresden, 130–138. 1977.
[Wol97] R. Wollowski. Entwurfsorientierte Petrinetz-Modellierung des
Schnittstellen-Sollverhaltens asynchroner Schaltwerksverbu¨nde.
PhD thesis, Universita¨t Kaiserslautern, FB Elektrotechnik, 1997.
[WVW11] Dominic Wist, Walter Vogler, and Ralf Wollowski. STG Decompo-
sition: Partitioning Heuristics. In Benoˆıt Caillaud, Josep Carmona,
and Kunihiko Hiraishi, editors, ACSD, pages 141–150. IEEE, 2011.
[YD99] K. Yun and D. Dill. Automatic Synthesis of Extended Burst-
Mode Circuits: Part I (Specification and Hazard-Free Implementa-
tion). IEEE Transactions on Computer-Aided Design, 18(2):101–
117, February 1999.
[YDN92] K. Yun, D. Dill, and S. Nowick. Synthesis of 3D Asynchronous
State Machines. In Proc. International Conf. Computer Design
(ICCD), pages 346–350. IEEE Computer Society Press, October
1992.
[YKKL94] A. Yakovlev, M. Kishinevsky, A. Kondratyev, and L. Lavagno.
OR Causality: Modelling and Hardware Implementation. In
R. Valette, editor, Applications and Theory of Petri Nets 1994,
Lect. Notes Comp. Sci. 815, 568–587. Springer, 1994.
[Yun94] K. Y. Yun. Synthesis of Asynchronous Controllers for Heteroge-
neous Systems. PhD thesis, Stanford University, August 1994.

Lebenslauf
Akademische Laufbahn
September 2001 - April 2006
Wissenschaftliche Mitarbeiter
Lehrstuhl Digitaltechnik
Prof. Dr.-Ing. J. Beister
August 1999 - August 2001
Technische Universita¨t Kaiserslautern
Fachbereich Elektro- und Informationstechnik
Abschluss: Master
August 1992 - August 1996
Trisakti University, Jakarta
Fachbereich Elektrotechnik
Abschluss: Bachelor
141
