Derivation of Set and Reset Covers for gC Elements and Standard C Implementation Using STG Unfoldings by Khomenko V
School of Computing Science,
University of Newcastle upon Tyne
Derivation of Set and Reset Covers for
gC Elements and Standard C
Implementation Using STG Unfoldings
Victor Khomenko
Technical Report Series
CS-TR-930
September 2005
Copyright c©2005 University of Newcastle upon Tyne
Published by the University of Newcastle upon Tyne,
School of Computing Science, Claremont Tower, Claremont Road,
Newcastle upon Tyne, NE1 7RU, UK.
TECH. REP. CS-TR-930, SCHOOL OF COMPUTING SCIENCE, UNIVERSITY OF NEWCASTLE 1
Derivation of Set and Reset Covers for gC
Elements and Standard C Implementation
Using STG Unfoldings
Victor Khomenko
Abstract—The behaviour of asynchronous circuits is often described by
Signal Transition Graphs (STGs), which are Petri nets whose transitions
are interpreted as rising and falling edges of signals. One of the crucial
problems in the synthesis of such circuits is deriving the set and reset cov-
ers for the state-holding elements implementing each output signal of the
circuit. The derived covers must satisfy certain correctness constraints, in
particular the Monotonic Cover condition [1–3] must hold for the standard
C implementation.
The covers are usually derived using state graphs. In this paper, we
avoid constructing the state graph of an STG, which can lead to state space
explosion, and instead use only the information about causality and struc-
tural conflicts between the events involved in a finite and complete prefix
of its unfolding. We propose an efficient algorithm for deriving the set and
reset covers of gC elements and standard C implementation based on the
Incremental Boolean Satisfiability (SAT) approach.
Experimental results show that this technique leads not only to huge
memory savings when compared with the methods based on state graphs,
but also to significant speedups in many cases, without affecting the quality
of the solution.
Index Terms—logic synthesis, gC element, standard C implementation,
asynchronous circuits, signal transition graph, STG, incremental SAT,
Petri net unfolding.
I. INTRODUCTION
SPEED-INDEPENDENT circuits [4] are an attractive sub-class of asynchronous circuits because they work correctly
regardless of the delays of individual gates (while assuming zero
wire delays), which allows for high modularity and toleration of
significant delay variations due to manufacturing process, tem-
perature and voltage changes, as well as other advantages.
Various architectures are used to implement speed-indepen-
dent circuits. This paper focuses on three of them (see Fig. 1):
(i) the complex-gate (CG) implementation, where every out-
put or internal signal in the circuit is implemented as a single
(possibly very complicated) atomic gate [5]; (ii) gC implemen-
tation [6], where each signal is implemented using a pseudo-
static gate called generalised C element (gC element); and (iii)
standard C (stdC) implementation [1, 2], where each signal is
implemented using a C-latch controlled by set and reset signals,
which we assume are implemented as complex-gates. The latter
two architectures are superficially similar, but one should bear
in mind that a gC element is assumed to be atomic, while in
the stdC implementation the gates controlling a C-latch have
delays. Hence a naı¨ve transformation of a gC implementation
into an stdC one can result in a hazardous circuit (see below).
Signal Transition Graphs (STGs) are a formalism widely used
for describing the behaviour of asynchronous control circuits.
V. Khomenko is a Royal Academy of Engineering/EPSRC Post-Doctoral Re-
search Fellow. He is affiliated with School of Computing Science, University
of Newcastle upon Tyne, UK. This research was supported by Royal Academy
of Engineering/EPSRC grant EP/C53400X/1 (DAVAC).
E-mail: Victor.Khomenko@ncl.ac.uk
Fz z
z1
.
.
.
zk
(a)
+Sz
z1
.
.
.zk
–
Rz
z1
.
.
.zk
C z
(b)
Sz
z1
.
.
.zk
Rz
z1
.
.
.zk
C z
(c)
Fig. 1. CG (a), gC (b) and stdC (c) implementations of a signal.
Typically, they are used as a specification language for the syn-
thesis of such circuits [3, 5, 7]. STGs are a class of interpreted
Petri nets, in which transitions are labelled with the names of
rising and falling edges of circuit signals. Circuit synthesis
based on STGs involves: (i) checking the necessary and suf-
ficient conditions for the STG’s implementability as a logic cir-
cuit; (ii) modifying, if necessary, the initial STG to make it
implementable; and (iii) finding an appropriate Boolean cover
for the next-state function of each output and internal signals
(for CG implementation) or the set and reset functions control-
ling the latch (for gC and stdC implementations), and obtaining
them in the form of Boolean equations for the logic gates of the
circuit. One of the commonly used STG-based synthesis tools,
PETRIFY [3, 8], performs all of these steps automatically, after
first constructing the state graph (in the form of a BDD [9, 10])
of the initial STG specification. Since popularity of this tool is
steadily growing, it is likely that STGs and Petri nets will in-
creasingly be seen as an intermediate (back-end) notation for
the design of large controllers.
While the state-based approach is relatively simple and well-
studied, the issue of computational complexity for highly con-
current STGs is quite serious due to the state space explosion
problem. This puts practical bounds on the size of control
circuits that can be synthesised using such techniques, which
are often restrictive, especially if the STG models are not con-
structed manually by a designer but rather generated automati-
cally from high-level hardware descriptions.
In order to alleviate this problem, Petri net analysis tech-
niques based on causal partial order semantics, in the form of
Petri net unfoldings, were applied to circuit synthesis. In [11]
we proposed a method for CG logic synthesis based on Petri
2 TECH. REP. CS-TR-930, SCHOOL OF COMPUTING SCIENCE, UNIVERSITY OF NEWCASTLE
net unfoldings and incremental SAT, completely avoiding the
generation of the state graph. This paper is an extension of
that method to gC and stdC logic syntheses. While gC synthe-
sis is a relatively straightforward generalisation of the approach
of [11], the stdC synthesis is more complicated, since the de-
rived covers must satisfy the Monotonic Cover condition [1–3].
Another contribution of this paper is a better algorithm for com-
putation of the supports (see Section IV.C).
The conducted experiments have shown that the proposed
method has significant advantage both in memory consumption
and in execution time compared with the existing state space
based methods, without affecting the quality of the solutions.
II. BASIC DEFINITIONS
In this section, we first present basic definitions concerning
Petri nets and STGs, and then recall notions related to net un-
foldings (see also [3, 7, 8, 10, 12–17]) and Boolean satisfiability
(see also [18, 19]).
A. Petri nets
A net is a triple N df= (P,T,F) such that P and T are disjoint
sets of respectively places and transitions (collectively referred
to as nodes), and F ⊆ (P× T ) ∪ (T × P) is a flow relation.
A marking of N is a multiset M of places, i.e., M : P → N df=
{0, 1, 2, . . .}. We adopt the standard rules about representing
nets as directed graphs, viz. places are represented as circles,
transitions as rectangles, the flow relation by arcs, and mark-
ings are shown by placing tokens within circles. In addition,
the following short-hand notation is used: a transition can be
connected directly to another transition if the place ‘in the mid-
dle of the arc’ has exactly one incoming and one outgoing arc
(see, e.g., Fig. 2(a)). If this hidden place contained a token, it is
drawn directly on the arc. As usual, •u df= {v | (v,u) ∈ F} and
u•
df
= {v | (u,v) ∈ F} denote the pre- and postset of u ∈ P∪ T ,
and •U df=
S
u∈U
•u and U• df=
S
u∈U u
•
, for all U ⊆ P∪ T . We
will assume that •t 6=∅, for every t ∈ T .
A net system is a pair Σ df= (N, M0) comprising a finite net
N = (P,T,F) and an (initial) marking M0. A transition t ∈ T
is enabled at a marking M, denoted M[t〉, if for every p ∈ •t,
M(p) ≥ 1. Such a transition can be executed or fired, leading
to a marking M′ given by M′ df= M − •t + t•, where ‘−’ and
‘+’ stand for the multiset difference and sum, respectively. We
denote this by M[t〉M′. The set of reachable markings of Σ is
the smallest (w.r.t. ⊂) set [M0〉 containing M0 and such that if
M ∈ [M0〉 and M[t〉M′ for some t ∈ T then M′ ∈ [M0〉. For a
finite sequence of transitions σ = t1 . . . tk, we denote M[σ〉M′ if
there are markings M0, . . . ,Mk such that M0 = M, Mk = M′ and
Mi−1[ti〉Mi, for i = 1, . . . ,k.
A marking is deadlocked if it does not enable any transitions.
A net system Σ is deadlock-free if none of its reachable marking
is deadlocked. A net system Σ is k-bounded if, for every reach-
able marking M and every place p ∈ P, M(p) ≤ k, and safe if
it is 1-bounded. Moreover, Σ is bounded if it is k-bounded for
some k ∈ N. One can show that the set [M0〉 is finite iff Σ is
bounded.
B. Signal Transition Graphs
A Signal Transition Graph (STG) is a triple Γ df= (Σ,Z,λ) such
that Σ = (N,M0) is a net system, Z is a finite set of signals, gen-
erating the finite alphabet Z± df= Z×{+,−} of signal transition
labels, and λ : T → Z± is a labelling function. The signal tran-
sition labels are of the form z+ or z−, and denote a transition of
a signal z ∈ Z from 0 to 1 (rising edge), or from 1 to 0 (falling
edge), respectively. Signal transitions are associated with the
actions which change the value of a particular signal. We will
use the notation z± to denote a transition of signal z if we are not
particularly interested in its direction. Γ inherits the operational
semantics of its underlying net system Σ, including the notions
of transition enabling and execution, reachable markings and
firing sequences.
We associate with the initial marking of Γ a binary vector
v0
df
= (v01, . . . , v
0
|Z|) ∈ {0, 1}
|Z|
, where each v0i corresponds to
the signal zi ∈ Z. Moreover, with any finite sequence of tran-
sitions σ we associate an integer signal change vector vσ df=
(vσ1 ,v
σ
2 , . . . ,v
σ
|Z|) ∈ Z
|Z|
, so that each vσi is the difference between
the number of the occurrences of z+i –labelled and z
−
i –labelled
transitions in σ.
Γ is consistent1 if, for every reachable marking M, all
firing sequences σ from M0 to M have the same encoding
vector Code(M) equal to v0 + vσ, and this vector is binary,
i.e., Code(M) ∈ {0,1}|Z|. Such a property guarantees that, for
every signal z ∈ Z, the STG satisfies the following two condi-
tions: (i) the first occurrence of z in the labelling of any firing se-
quence of Γ starting from M0 has the same sign (either rising of
falling); and (ii) the transitions corresponding to the rising and
falling edges of z alternate in any firing sequence of Γ. We will
denote by Codez(M) the component of Code(M) corresponding
to a signal z ∈ Z.
The following well-known construction allows one to incor-
porate the current encoding of each signal into the current mark-
ing. For each signal z ∈ Z, a pair of complementary places, p0z
and p1z , tracing the value of z is added to the STG. Each z+–
labelled transition has p0z in its preset and p1z in its postset, and
each z−–labelled transition has p1z in its preset and p0z in its post-
set. Exactly one of these two places is marked at the initial state,
accordingly to the initial value of signal z. One can show that
at any reachable state of an STG augmented with such places,
p0z (respectively, p1z ) is marked iff the value of z is 0 (respec-
tively, 1). Thus, if a transition labelled by z+ (respectively, z−)
is enabled then the value of z is 0 (respectively, 1), which in turn
guarantees the consistency. Such a transformation can be done
completely automatically. For a consistent STG, it does not re-
strict the behaviour and yields an STG with an isomorphic state
graph (see below); for a non-consistent STG, this transforma-
tion restricts the behaviour and may lead to (new) deadlocks. In
what follows, we assume such tracing places in the STG, and
denote P0Z
df
= {p0z | z ∈ Z}, P1Z
df
= {p1z | z ∈ Z} and PZ
df
= P0Z ∪P1Z .
The state graph of Γ is a tuple SGΓ
df
= (S,A,M0,Code) such
1 This is a somewhat simplified notion of consistency; see [17] for a more
elaborated one, dealing also with certain pathological cases, which are not inter-
esting in practice. The described approach works also for the notion presented
there.
V. Khomenko: DERIVATION OF COVERS FOR gC ELEMENTS AND stdC IMPLEMENTATION USING UNFOLDINGS 3
b+
c+
a−
c−
b−
d−
a+
b+
d+
c+
(a)
0100
0000
1000
0110
0010
1100
1110
1111 1101
b+ a+
c+ c− b+
b−
a− d+
d− c+ (b)
inputs: a,b; outputs: c,d
Fig. 2. An STG from [1] (a) and its state graph (b). The order of signals in the
binary encodings is: a,b,c,d.
that: S df= [M0〉 is the set of states; A
df
= {M
λ(t)
−→M′ |M ∈ [M0〉∧
M[t〉M′} is the set of state transitions; M0 is the initial state; and
Code : S→ {0,1}|Z| is the state assignment function, as defined
above for markings.
The signals in Z are partitioned into input signals, ZI , and
output signals, ZO (the latter may also include internal signals).
Input signals are assumed to be generated by the environment,
while output signals are produced by the circuit. For each sig-
nal z ∈ ZO we define the functions Outz+ , Outz− and Outz as
follows:
Outz+/z−/z(M)
df
=
{
1 if ∃t ∈ T : M[t〉 ∧λ(t) = z+/z−/z±
0 otherwise.
An STG Γ is deterministic if no its reachable marking en-
ables two distinct transitions labelled with the same signal. Γ
is non-autoconcurrent if no its reachable marking M is such
that M ≥ •t + •t, for any t ∈ T . Γ is output-persistent if for
every pair of distinct transitions t ′,t ′′ and every reachable mark-
ing M such that M[t ′〉 and M[t ′′〉, if firing of t ′ disables t ′′ then
λ(t ′) ∈ ZI and λ(t ′′) ∈ ZI (i.e., a choice is allowed only be-
tween inputs). Hence, circuits with arbitration are not output-
persistent, but can be made output-persistent by ‘factoring out’
the arbiter to the environment (see Fig. 9(b)). In what fol-
lows, we assume that the STG is safe, deadlock-free, determi-
nate, non-auto-concurrent, consistent and output-persistent. All
these properties can be efficiently checked using Petri net un-
foldings [14, 17], without building the state graph at any stage.
CG logic synthesis derives for each output signal z ∈ ZO a
Boolean next-state function Nxtz defined for every reachable
state M of Γ as Nxtz(M)
df
= Codez(M)⊕Outz(M), where ⊕ is
the ‘exclusive or’ operation.
Logic synthesis for gC or stdC implementation derives the
set and reset functions Setz and Resetz driving the signal z up or
down. They are defined as follows:
Setz(M)
df
=


1 if Outz+(M) = 1
0 if Nxtz(M) = 0
− otherwise
and
Resetz(M)
df
=


1 if Outz−(M) = 1
0 if Nxtz(M) = 1
− otherwise,
where ‘−’ denotes the ‘don’t care’ value (i.e., the value of the
function can be chosen arbitrarily, with the view of simplify-
ing the resulting implementation). Note that while any Boolean
a¯b∨cb∨d c
a
b
c
d
(a)
+a¯b∨d
a
b
d
–
¯bb
C c
(b)
a¯b∨d
a
b
d
¯bb
C c
(c)
a¯bc¯∨d
a
b
c
d
¯bb
C c
(d)
Fig. 3. Implementation of signal c of the STG in Fig. 2 as a complex-gate (a),
gC element (b), the result of a naı¨ve transformation of the gC implementation
to stdC implementation (c) and a correct stdC implementation (d).
functions Setz and Resetz satisfying the above conditions are
correct for gC implementation, they must satisfy additional
entrance constraints, called also the Monotonic Cover condi-
tions [1–3], in order to provide a hazard-free stdC implementa-
tion. This condition states that a cover must be entered only via
the states enabling the output z.
To illustrate the importance of this condition, consider the
implementation shown in Fig. 3(c), which does not satisfy it,
since the state 0110 (which is covered by the set function and
does not enable c) can be reached from the state 1110 (which is
not covered by the set function and does not enable c). Consider
the sequence of states 1111 d
−
−→ 1110 a
−
−→ 0110 b
−
−→ 0010. The
gate computing the set function is high at 1111. Firing of d−
drives its output low, but before it reaches 0, a− can fire, driving
its output high; similarly, before it reaches 1, b− can fire, driving
it low. Hence, the gate can exhibit runt non-digital pulses, which
may cause the circuit to malfunction.
To address this issue, we introduce the strict versions of the
set and reset functions as Setsz(M)/Resetsz(M)
df
= Outz+/z−(M).
Note that though these functions are guaranteed to satisfy the
Monotonic Cover condition and thus yield a correct stdC imple-
mentation of z, it is often not optimal due to the reduced number
of ‘don’t cares’ in the truth table, which can be exploited by the
Boolean minimiser to simplify the resulting expression. There-
fore, the method discussed in this paper will only use Setsz and
Resetsz to overapproximate the supports of Setz and Resetz satis-
fying the Monotonic Cover condition, and will derive an stdC
implementation using a different technique, often yielding bet-
ter solutions.
For the circuit to be implementable, the values of Nxtz, Setz,
Resetz, Setsz and Resetsz must be consistently determined by the
encoding of each reachable state, i.e., they should be func-
tions of Code(M) rather than M: Nxtz / Setz / Resetz / Setsz /
Resetsz(M) = Fz / Sz / Rz / Ssz / Rsz(Code(M)) for some Boolean
functions Fz,Sz,Rz,Ssz,Rsz : {0,1}Z → {0,1} (either Fz or Sz and
Rz will eventually be implemented as logic gates, depending on
the architecture used; as it was already explained, Ssz and Rsz will
4 TECH. REP. CS-TR-930, SCHOOL OF COMPUTING SCIENCE, UNIVERSITY OF NEWCASTLE
never be implemented, and will be used only for computation
of supports). Note that in general these functions are incom-
pletely specified because not all the possible encodings occur
in the state graph and because the definitions of set and reset
functions have explicit ‘don’t cares’. An incompletely specified
Boolean function can be characterised by its ON, OFF and DC
(‘don’t care’) sets of inputs on which it evaluates to 1, 0 and
‘−’ respectively. These sets must be pairwise disjoint, and their
union should contain every possible input.
It can happen that two semantically different states have
the same encoding, which means that the circuit is not imple-
mentable. To capture this, we define several kinds of Complete
State Code (CSC) conflicts. Suppose X ⊆ Z, z ∈ ZO and M′
and M′′ are two distinct states of SGΓ such that Codex(M′) =
Codex(M′′) for all x ∈ X . Then
CG synthesis: M′ and M′′ are in CSCzX conflict if Nxtz(M′) 6=
Nxtz(M′′). Γ satisfies the CSCz property if no two states of
SGΓ are in CSCzZ conflict. Intuitively, this means that z is
CG implementable.
gC synthesis: M′ and M′′ are in CSCz+X / CSCz
−
X conflict if
Outz+/z−(M′) = 1 and Nxtz(M′′) = 0/1. Γ satisfies the
CSCz+ / CSCz− property if no two states of SGΓ are in
CSCz+Z / CSC
z−
Z conflict. Intuitively, this means that the
set/reset function of z is CG implementable, and z is gC
implementable iff both CSCz+ and CSCz− properties hold.
stdC synthesis: M′ and M′′ are in sCSCz+X / sCSCz
−
X conflict
if Outz+/z−(M′) 6= Outz+/z−(M′′). Γ satisfies the sCSCz
+ /
sCSCz− property if no two states of SGΓ are in sCSCz+Z
/ sCSCz−Z conflict. Intuitively, this means that the strict
set/reset function of z is CG implementable. Proposition 1
below implies that the (not necessarily strict) set and re-
set functions satisfying the Monotonic Cover condition can
be derived (i.e., z is stdC implementable) iff sCSCz+ and
sCSCz− properties hold.
The proposition below shows that the notion of implementa-
bility of a signal based on CSC conflicts is quite robust: it turns
out that it is invariant in the CG, gC and stdC architectures.
Proposition 1: Let Γ be a consistent STG. The following
three statements are equivalent:
• Γ satisfies the CSCz property;
• Γ satisfies the CSCz+ and CSCz− properties;
• Γ satisfies the sCSCz+ and sCSCz− properties.
Proof: The scheme of the proof is as follows: CSCz ⇒
sCSCz+&sCSCz− ⇒ CSCz+&CSCz− ⇒ CSCz.
First, we show that if Γ satisfies the the CSCz property then
it satisfies the sCSCz+ and sCSCz− properties. To the contrary,
assume that Γ satisfies the the CSCz property but contains, with-
out loss of generality, an sCSCz+ conflict, i.e., for some reach-
able states M′ and M′′, Code(M′) = Code(M′′) and, without
loss of generality, Outz+(M′) = 1 and Outz+(M′′) = 0. Due
to consistency, Code(M′) = Code(M′′) and Outz+(M′) = 1 im-
ply Codez(M′) = Codez(M′′) = 0. Since Outz+(M′) = 1 and
Outz+(M′′) = 0, Nxtz(M′) = 1 6= Nxtz(M′′) = 0, i.e., M′ and
M′′ are in CSCz conflict, a contradiction.
Second, we show that if Γ satisfies the sCSCz+ and sCSCz−
the properties then it satisfies the CSCz+ and CSCz− proper-
ties. To the contrary, suppose Γ satisfies, e.g., the sCSCz+ prop-
erty but there exists a CSCz+ conflict, i.e., for some reachable
states M′ and M′′, Code(M′) = Code(M′′), Outz+(M′) = 1 and
Nxtz(M′′) = 0. Nxtz(M′′) = 0 implies that Outz+(M′′) = 0 6=
Outz+(M′) = 1, i.e., M′ and M′′ are in sCSCz
+
conflict, a con-
tradiction. Similarly, the sCSCz− property implies the CSCz−
property.
Third, we show that if Γ satisfies the CSCz+ and CSCz−
properties then it satisfies the CSCz property. To the con-
trary, suppose Γ satisfies the CSCz+ and CSCz− properties but
there exists a CSCz conflict, i.e., for some reachable states M′
and M′′, Code(M′) = Code(M′′) and Nxtz(M′) 6= Nxtz(M′′).
Hence Outz(M′) 6= Outz(M′′), and, without loss of generality,
Outz(M′) = 1 and Outz(M′′) = 0. Hence either Outz+(M′) = 1
or Outz−(M′) = 1. Suppose Outz+(M′) = 1. Then Codez(M′) =
0 = Codez(M′′), and so Nxtz(M′′) = 0, i.e., M′ and M′′ are in
CSCz+ conflict, a contradiction. Similarly, if Outz−(M′) = 1
then M′ and M′′ are in CSCz− conflict, which also results in a
contradiction.
Γ satisfies the CSC property if it satisfies the CSCz property
for each z ∈ ZO.2 Note that Γ satisfies the CSC property iff it sat-
isfies the CSCz+ and CSCz− properties for each z ∈ ZO. More-
over, Γ satisfies the CSC property iff it satisfies the sCSCz+ and
sCSCz− properties for each z ∈ ZO. CSC conflicts can be de-
tected [20, 21] and resolved [22] on unfoldings, without build-
ing the state graph, and in what follows, we assume that the
STG satisfies the CSC property.
One can see that if no two states of Γ are in CSCzX / CSC
z+
X /
CSCz
−
X / sCSC
z+
X / sCSC
z−
X conflict then Nxtz / Setz / Resetz / Setsz
/ Resetsz can be consistently defined at each state M of SGΓ as a
function of the encoding of M restricted to X , i.e., X is a support
of respectively Fz/Sz/Rz/sSz/sRz. A support X is minimal if no
set Y ⊂ X is a support. In general, these functions can have sev-
eral distinct minimal supports, since they are incompletely spec-
ified. A set X ⊆ Z which is not a support of a function is called a
non-support. Note that X is a non-support of Fz/Sz/Rz/Ssz/Rsz iff
the STG has a CSCzX/CSC
z+
X /CSC
z−
X /sCSC
z+
X /sCSC
z−
X conflict,
respectively.
An example of an STG is shown in Fig. 2(a). It satisfies the
CSC property and hence can be implemented using either of
the three target architectures considered in this paper. CG, gC
and stdC implementations can be obtained by applying Boolean
minimisation to the truth table shown in Fig. 4(a). The first col-
umn of this table lists the encodings of all the states of SGΓ,
while the other columns give the corresponding values of the
next-state, set and reset functions for all the output signals. Note
that not all possible encodings are present in the first column
because the number of reachable states (9) is smaller than the
number of possible encodings (24 = 16). This means that the
missing encodings belong to the DC sets of the functions be-
ing derived, i.e., the values of the functions at these encodings
are not important and can be chosen arbitrarily (Boolean min-
2 This definition, though different in form from the conventional one (see,
e.g., [20,21]), is equivalent to it due to the fact that Nxtz(M′) = Nxtz(M′′) for all
z ∈ ZO iff the sets of output signals enabled at M′ and M′′ are the same, provided
that Code(M′) = Code(M′′).
V. Khomenko: DERIVATION OF COVERS FOR gC ELEMENTS AND stdC IMPLEMENTATION USING UNFOLDINGS 5
Code(M)
abcd
Fc(M) Sc(M) Rc(M) Fd(M) Sd (M) Rd(M)
0100 1 1 0 0 0 −
0000 0 0 − 0 0 −
1000 0 0 − 0 0 −
0110 1 − 0 0 0 −
0010 0 0 1 0 0 −
1100 0 0 − 1 1 0
1110 1 − 0 0 0 −
1111 1 − 0 0 0 1
1101 1 1 0 1 − 0
Expression a¯b∨cb∨d a¯b∨d ¯b abc¯ abc¯ c
(a)
Sc Rc Sd Rd
Entrance constraints Sc(0110)⇒ Sc(1110)
Sc(1110)⇒ Sc(1111)
∅ ∅
Sd (0110)⇒ Sd(1110)
Sd (0110)⇒ Sd(0100)
Sd (0010)⇒ Sd(0110)
Sd (0100)⇒ Sd(0000)
Sd (0000)⇒ Sd(0010)
Sd (1000)⇒ Sd(0000)
Monotonic cover a¯bc¯∨d ¯b abc¯ cd
(b)
Fig. 4. The truth table for the next-state, set and reset functions of output signals
of the STG in Fig. 2(a) and the entrance constraints for the stdC implementa-
tion.
imisation procedures can exploit this to reduce the complexity
of the resulting Boolean expressions). The last row of the table
gives for each output signal of the circuit the result of Boolean
minimisation, viz. the expressions for the next-state function
(for CG implementation) and the set and reset functions (for
gC implementation). The table in Fig. 4(b) gives the entrance
constraints and the resulting expressions for the set and reset
functions satisfying the Monotonic Cover condition and thus
suitable for the stdC implementation. In this case, the set and
reset functions are obtained as the result of conditional Boolean
minimisation, i.e., the procedure has to take into account the en-
trance constraints. The problem is reducible to the binate cov-
ering problem [23].
Note that in this example the set function of d happens to
coincide with next-state function of d. Both gC and stdC syn-
theses allow CG implementation of a signal in such cases. The
precise condition is that if Sz evaluates to 1 in all states M such
that Nxtz(M) = 1 (respectively, Rz evaluates to 1 in all states M
such that Nxtz(M) = 0) then Sz (respectively, Rz) can be used as
a CG implementation of z.
This essentially completes the CG synthesis procedure based
on state graphs. However, it often leads to state space explosion,
and in the proposed approach we follow another way of repre-
senting the behaviour of STGs, viz. STG unfoldings [12,13,16].
C. STG unfoldings
A finite and complete unfolding prefix pi of an STG Γ is a
finite acyclic net which implicitly represents all the reachable
states of Γ together with transitions enabled at those states. In-
tuitively, it can be obtained through unfolding Γ, by successive
firings of transitions, under the following assumptions: (a) for
each new firing a fresh transition (called an event) is generated;
(b) for each newly produced token a fresh place (called a con-
dition) is generated. The unfolding is infinite whenever Γ has
an infinite run; however, if Γ has finitely many reachable states
p1 p2
p3 p4 p5
p6 p7
t1 t2 t3
t6 t7
t4 t5
(a)
b1 p1 b2 p2
e1 t1 e2 t2 e3 t3
b3 p3 b4 p4 b5 p5
e4t4 e5 t5
b6 p6 b7 p7 b8 p6 b9 p7
e6 t6 e7 t7 e8 t6 e9 t7
b10 p1 b11 p2 b12 p1 b13 p2
(b)
b1 p1 b2 p2
e1 t1 e2 t2 e3 t3
b3 p3 b4 p4 b5 p5
e4t4 e5t5
b6 p6 b7 p7 b8 p6 b9 p7
e6 t6 e7 t7 e8 t6 e9 t7
b10 p1 b11 p2 b12 p1 b13 p2
e10 t1 e11 t2 e12 t3 e13 t1 e14 t2 e15 t3
b14 p3 b15 p4 b16 p5 b17 p3 b18 p4 b19 p5
e16t4 e17 t5 e18t4 e19 t5
b20 p6 b21 p7 b22 p6 b23 p7 b24 p6 b25 p7 b26 p6 b27 p7
(c)
Fig. 5. A net system (a) and two of its branching processes (b,c).
then the unfolding eventually starts to repeat itself and can be
truncated (by identifying a set of cut-off events beyond which
it is not generated) without loss of information, yielding a finite
and complete prefix.
Formally, an occurrence net is a net ON df= (B,E,G) where
B is the set of conditions (places), E is the set of events (transi-
tions) and G is a flow relation. Two nodes of ON, y and y′, are
in structural conflict, denoted y#y′, if there are distinct events
e,e′ ∈ E such that •e∩ •e′ 6= ∅ and (e,y) and (e′,y′) are in the
reflexive transitive closure of the flow relation G, denoted by
. A node y is in structural self-conflict if y#y. It is assumed
that: ON is acyclic (i.e.,  is a partial order); for every b ∈ B,
|•b| ≤ 1; for every y ∈ B∪E , ¬(y#y) and there are finitely many
y′ such that y′ ≺ y, where ≺ denotes the irreflexive transitive
closure of G. Min(ON) will denote the minimal w.r.t.  ele-
ments of B∪ E . The relation ≺ is the causality relation. Two
nodes are concurrent, denoted y co y′, if neither y#y′ nor y  y′
6 TECH. REP. CS-TR-930, SCHOOL OF COMPUTING SCIENCE, UNIVERSITY OF NEWCASTLE
nor y′  y. Fig. 5(b,c) shows occurrence nets where, e.g., the
following relationships hold: e1 ≺ e6, e7#e8 (due to the choice
at b5 ∈ •e4 ∩ •e5) and e6 co e7.
A homomorphism from an occurrence net ON to a net sys-
tem Σ is a mapping h : B∪E → P∪ T such that: h(B)⊆ P and
h(E) ⊆ T (conditions are mapped to places, and events to tran-
sitions); for all e ∈ E , the restriction of h to •e is a bijection
between •e and •h(e) and the restriction of h to e• is a bijection
between e• and h(e)• (transition environments are preserved;
note that place environments are, in general, not preserved); the
restriction of h to Min(ON) is a bijection between Min(ON) and
M0 (minimal conditions correspond to the initial marking); and
for all e, f ∈ E , if •e = • f and h(e) = h( f ) then e = f (there is
no redundancy). In Fig. 5(b,c) the homomorphisms are shown
as labels of the nodes.
A branching process of Σ is a quadruple pi df= (B,E,G,h) such
that (B, E, G) is an occurrence net and h is a homomorphism
from it to Σ. A branching process pi′ = (B′,E ′,G′,h′) of Σ is a
prefix of a branching process pi = (B,E,G,h) of Σ, denoted pi′ ⊑
pi, if (B′,E ′,G′) is a subnet of (B,E,G) such that: B′ contains
the minimal (w.r.t. ≺) conditions of pi; if e ∈ E ′ and (b,e) ∈ G
or (e, b) ∈ G then b ∈ B′; if b ∈ B′ and (e, b) ∈ G then e ∈
E ′; and h′ is the restriction of h to B′ ∪ E ′. For example, the
branching process in Fig. 5(b) is a prefix of that in Fig. 5(c). For
each Σ there exists a unique (up to isomorphism) maximal (w.r.t.
⊑) branching process, called the unfolding of Σ (it is infinite
whenever Σ has an infinite execution).
A configuration of an occurrence net is a set of events C ⊆ E
such that for all e, f ∈ C, ¬(e# f ) and, for every e ∈ C, f ≺ e
implies f ∈C. For example, in the branching processes shown
in Fig. 5(b,c) {e1,e3,e4} is a configuration whereas {e1,e2,e3}
and {e4, e7} are not (the former includes events in conflict,
e1#e2, while the latter does not include e1 ≺ e4). Intuitively,
a configuration is a partial-order execution, i.e., an execution
where the order of firing of some of its transitions is not impor-
tant; e.g., the configuration {e1, e3, e4} corresponds to two to-
tally ordered executions: e1e3e4 and e3e1e4. For an event e ∈ E ,
the configuration [e] df= { f | f  e} is called the local configura-
tion of e.
A cut is a maximal (w.r.t. ⊂) set of conditions B′ such that
b co b′, for all distinct b,b′ ∈ B′. Every marking reachable from
Min(ON) is a cut. Let C be a finite configuration of a branching
process pi. Then Cut(C) df= (Min(ON)∪C•) \•C is a cut; more-
over, the multiset Mark(C) df= h(Cut(C)) of places is a reachable
marking of Σ. A marking M of Σ is represented in pi if the lat-
ter contains a finite configuration C such that M = Mark(C).
Every marking represented in pi is reachable, and every reach-
able marking is represented in the unfolding of Σ. For ex-
ample, the cut corresponding to the configuration {e1, e3, e4}
is {b6, b7}, and the corresponding reachable marking of Σ is
{p6, p7}.
A branching process pi = (B,E,G,h) of Σ is complete if there
is a set Ecut ⊆ E of cut-off events such that, for every reachable
marking M of Σ, there exists a finite configuration C of pi such
that C ∩Ecut = ∅ and M = Mark(C), and for each such C and
every transition t enabled by M, there is an event e 6∈C in pi such
that h(e) = t and C ∪ {e} is a configuration (e may be in Ecut).
For example, the branching process shown in Fig. 5(b) is not
complete since, e.g., the marking {p3, p7} reachable by firing
the sequence of transitions t1t3t4t6t1 is not represented in it. In
contrast, the branching process in Fig. 5(c) is complete w.r.t. the
set Ecut = {e5,e16,e17}. (This choice of Ecut is not unique: one
could have chosen, e.g., Ecut = {e4,e18,e19}.) Notice that the
events e8, e9, e13–e15, e18, and e19 can be removed from the
prefix without affecting its completeness.
Although, in general, an unfolding can be infinite, for every
bounded net system Σ one can construct a finite complete prefix
of its unfolding, by choosing an appropriate set Ecut of cut-off
events, beyond which the unfolding is not generated. Such a
complete prefix, in spite of being finite, contains enough in-
formation to re-construct the full (potentially infinite) unfold-
ing. The size of a finite branching process pi is defined as
|pi|
df
= |B|+ |E|+ |G|.
A branching process of an STG Γ = (Σ, Z, λ) is a branch-
ing process of Σ augmented with an additional labelling of its
events, λ◦h : E → Z±. A complete unfolding prefix of the STG
shown in Fig. 2(a) is shown in Fig. 7.
Efficient algorithms exist for building finite and complete
prefixes [13, 14], which ensure that the number of non-cut-off
events in the resulting prefix never exceeds the number of reach-
able states of Γ. However, complete prefixes are often expo-
nentially smaller than the corresponding state graphs, especially
for highly concurrent Petri nets, because they represent concur-
rency directly rather than by multidimensional ‘diamonds’ as it
is done in state graphs. For example, if the original Petri net
consists of 100 transitions which can fire once in parallel, the
state graph will be a 100-dimensional hypercube with 2100 ver-
tices, whereas the complete prefix will coincide with the net
itself.
Below we extend the functions Code, Codez, Nxtz and
Outz/z+/z− to configurations of pi as follows: Code / Codez / Nxtz
/ Outz/z+/z−(C)
df
= Code / Codez / Nxtz / Outz/z+/z−(Mark(C)).
III. BOOLEAN SATISFIABILITY
The Boolean satisfiability (SAT) problem consists in finding
a satisfying assignment, i.e., a mapping A : Var → {0, 1} de-
fined on the set of variables Var occurring in a given Boolean
expression ϕ such that ϕ evaluates to 1. This expression is of-
ten assumed to be given in the conjunctive normal form (CNF)
Vn
i=1
W
l∈Li l, i.e., it is represented as a conjunction of clauses,
which are disjunctions of literals, each literal l being either a
variable or the negation of a variable. It is assumed that no two
literals in the same clause correspond to the same variable.
Some of the leading SAT solvers, e.g., ZCHAFF [18], can
be used in the incremental mode, i.e., after solving a particu-
lar SAT instance the user can slightly modify it (e.g., by adding
and/or removing a small number of clauses) and execute the
solver again. This is often much more efficient than solving
these related instances as independent problems, because on the
subsequent runs the solver can use some of the useful informa-
tion (e.g., learnt clauses, see [19]) collected so far. In particular,
such an approach can be used to compute projections of assign-
ments satisfying a given formula, as described in sequel.
V. Khomenko: DERIVATION OF COVERS FOR gC ELEMENTS AND stdC IMPLEMENTATION USING UNFOLDINGS 7
A. Projecting satisfying assignments
Let V ⊆ Var be a non-empty set of variables occurring in a
formula ϕ, and ProjϕV be the set of all restricted assignments
(or projections) A|V such that A is a satisfying assignment of ϕ.
Using the incremental SAT approach it is possible to compute
ProjϕV as follows.
Step 0: A :=∅.
Step 1: Run the SAT solver for ϕ.
Step 2: If ϕ is unsatisfiable then return A and terminate.
Step 3: Add A|V to A , where A is the satisfying assign-
ment found in Step 1.
Step 4: Append to ϕ the clause
_
v∈V
A(v)=1
¬v∨
_
v∈V
A(v)=0
v .
Step 5: Go back to Step 1.
Note that the procedure is correct since it terminates (as Step 4
eliminates at least one satisfying assignment, viz. the A found in
Step 1) and returns ProjϕV (as Step 4 eliminates only those sat-
isfying assignments A′ which have the same restriction A′|V =
A|V ).
Suppose now that we are interested in finding only the mini-
mal elements of ProjϕV , assuming that A|V ≤ A′|V if (A|V )(v) ≤
(A′|V )(v), for all v ∈ V . The above procedure can then be mod-
ified by changing Step 4 to:
Step 4’: Append to ϕ the clause
_
v∈V
A(v)=1
¬v .
Moreover, before terminating, an additional pass over the ele-
ments stored in A is made in order to eliminate any non-minimal
projections. The modified procedure works since Step 4’ elim-
inates at least one satisfying assignment, viz. the A found in
Step 1 (notice that if the all-zeros is the minimal element of
ProjϕV then Step 4’ produces an unsatisfiable formula). More-
over, Step 4’ never eliminates any minimal element of ProjϕV
other than A|V which has already been stored in A .
Similarly, if we were interested in finding all the maximal
elements of ProjϕV then one could change Step 4 to:
Step 4”: Append to ϕ the clause
_
v∈V
A(v)=0
v .
And, before terminating, an additional pass over the elements
stored in A would be made in order to eliminate any non-
maximal projections. Fig. 6 illustrates the notion of a projec-
tion and the algorithms for computing ProjϕV , min⊂ ProjϕV and
max⊂ProjϕV .
It is worth noting that the iterative procedure is usually fast
on the initial iterations as the formula ϕ is typically easily satis-
fiable, but it may become harder towards the end of its run.
Note that a similar computation could be implemented us-
ing Binary Decision Diagrams (BDDs) [9, 10], by eliminating
quantifiers from ∃(Var\V )ϕ and then computing all the satisfy-
ing assignments of the resulting formula. However, in practice,
V is a small set (it corresponds to the inputs of a logic gate com-
puting an output signal), and so such an approach would have
to eliminate too many quantifiers, while the approach based on
the incremental SAT benefits from this.
IV. LOGIC SYNTHESIS BASED ON UNFOLDING PREFIXES
Although the process of logic synthesis described in Sec-
tion II is straightforward, it suffers from the state space ex-
Sat. assignments of ϕ Added clauses
abcde Step 4 Step 4’ Step 4”
01001
01010
01011
a∨¬b∨ c ¬b a∨ c
01100
01101
01110
01111
a∨¬b∨¬c ¬b∨¬c a
10001
10010
10011
¬a∨ b∨ c ¬a b∨ c
10100
10101
10110
10111
¬a∨ b∨¬c ¬a∨¬c b
Proj{a,b,c}ϕ = {010,011,100,101}
min⊂ Proj{a,b,c}ϕ = {010,100}
max⊂ Proj{a,b,c}ϕ = {011,101}
Fig. 6. The satisfying assignments of the Boolean expression ϕ = (a⊕ b)(c∨
d ∨ e) = (a ∨ b)(¬a∨¬b)(c ∨ d ∨ e) together with the corresponding clauses
added in Steps 4,4’ and 4” of the algorithms, and the computed projections.
plosion problem due to the necessity of constructing the entire
state graph of the STG. In this section, we describe an approach
based on unfolding prefixes rather than state graphs. It has been
noted in [11,20,21] that in practice such prefixes are often much
smaller than the corresponding state spaces. This can be ex-
plained by the fact that practical STGs usually contain a lot of
concurrency but relatively few choices, and thus the prefixes are
in many cases not much bigger then the STGs themselves. As
a result, unfolding-based methods had clear advantage over the
BDD-based techniques both in terms of memory usage and run-
ning time.
A. Outline of the proposed method
In [21], the CSC conflict detection problem was solved by
reducing it to SAT. More precisely, given a finite and complete
prefix of an STG’s unfolding, one can build a formula C SC
which is satisfiable iff there is a CSC conflict. In this paper, we
modify that construction in the way described below. We as-
sume a given consistent STG satisfying the CSC property, and
consider in turn each output signal z ∈ ZO. Depending on the
type of logic synthesis (CG, gC or stdC) one has to derive ei-
ther Fz or Sz and Rz (in the case of stdC synthesis, the derived
set and reset functions must satisfy the Monotonic Cover condi-
tion).
Let F be one of Fz/Sz/Rz/Ssz/Rsz, and ΞX be the correspond-
ing type of the CSC conflict: CSCzX / CSC
z+
X / CSC
z−
X / sCSC
z+
X
/ sCSCz−X . The starting point of the proposed approach is to
consider the set N SUP P F of all non-supports of F . (Re-
call that a set X ⊆ Z is a non-support of F iff the STG has
a ΞX conflict.) Within the Boolean formula C SC F which we
are going to construct, non-supports are represented by vari-
ables nsupp df= {nsuppx | x ∈ Z}. The key property of C SC F
is that if one fixes the values of the variables nsupp then the
resulting formula is satisfiable iff there is a ΞX conflict, where
X df= {x | nsuppx = 1}. That is, if for a given satisfying assign-
ment A of C SC F the set of signals {x | A(nsuppx) = 1} is iden-
tified with the projection A|nsupp (note that there are other vari-
ables besides nsupp in C SC F ) then N SUP P F = ProjC SCF
nsupp
.
Hence one can use the incremental SAT approach described in
8 TECH. REP. CS-TR-930, SCHOOL OF COMPUTING SCIENCE, UNIVERSITY OF NEWCASTLE
Section III to compute N SUP P F . In fact, it is sufficient for the
proposed approach to compute the set of maximal non-supports
N SUP P
F
max
df
= max⊂ N SUP P
F
which can then be used for
computing the set
SUP P Fmin
df
= min⊂{X⊆Z | X 6⊆X ′, for all X ′∈N SUP P Fmax}
of all the minimal supports of F .
SUP P Fmin captures the set of all possible supports of F , in
the sense that any support is an extension of some minimal sup-
port, and vice versa, any extension of any minimal support is
a support. However, the simplest equation is usually obtained
for some minimal support, and this approach was adopted. Yet,
this is not a limitation of the proposed method, as one can also
explore some or all of the non-minimal supports, which can be
advantageous, e.g., for small circuits and/or when the synthe-
sis time is not of paramount importance (this would sometimes
allow one to find a simpler equation). And vice versa, not all
minimal supports have to be explored: if some minimal support
has many more signals compared with another one, the corre-
sponding expression is likely to be more complicated, and so too
large supports can safely be discarded. Thus, as usual, there is
a trade-off between the execution time and the degree of design
space exploration, and the proposed method allows one to reach
an acceptable compromise. Typically, several ‘most promising’
supports are selected, the equations expressing F as a function
of signals in these supports are obtained (as described below),
and the simplest among them is chosen.
Suppose now that X is one of the chosen supports of F . In
order to derive an equation expressing F as a function of the
signals in X , we build a Boolean formula EQ N FX which has a
variable codex for each signal x ∈ X and is satisfiable iff these
variables can be assigned values in such a way that there is a
configuration C′ such that Codex(C′) = codex, for all x ∈ X .
Now, for CG synthesis, using the incremental SAT approach
one can compute the projection of the set of reachable encod-
ings onto X (differentiating the stored solutions according to
the value of Nxtz(C′)), which gives a truth table for F . For gC
synthesis separate formulae EQ N FX for the ON and OFF sets
of F are generated, but otherwise the approach is similar. For
the stdC synthesis, in addition to the truth table, a set of en-
trance constraints of the form Sz(v)⇒ Sz(v′) or Rz(v)⇒ Rz(v′)
is generated, in order to express the Monotonic Cover condition.
The computed truth table (together with the set of implications
in the case of stdC synthesis) is fed to a Boolean minimiser,
which completes the synthesis.
In the case of stdC synthesis, the minimisation is performed
under the supplied constraints, and the problem is known as the
binate covering problem [23]. Note that instead of deriving the
functions Ssz and Rsz we derive the functions Sz and Rz subject
to the entrance constraints. This often results in a better imple-
mentation, since the corresponding truth table has more ‘don’t-
cares’. However, the support X used in this case was computed
for the functions Ssz and Rsz, and hence can contain more signals
than necessary. This does not result in an inferior implementa-
tion, since the Boolean minimisation will remove the redundant
signals if it helps to simplify the resulting expression. Note also
that the binate covering problem in this case is guaranteed to
have a solution, since Ssz/Rsz is always a possible solution (how-
ever, better solutions can be found by the Boolean minimiser).
To summarise, the proposed method is executed separately
for each signal z ∈ ZO and has three main stages: (i) computing
the set N SUP P Fmax of maximal non-supports of F ; (ii) com-
puting the set SUP P Fmin of minimal supports of F ; and (iii)
deriving an equation for a chosen support X of F . In the se-
quel, we describe each of these three stages in more detail.
It should be noted that the size of the truth table for Boolean
minimisation and the number of times a SAT solver is executed
in the proposed method can be exponential in the number of
signals in the support. Thus, it is crucial for the performance of
the proposed algorithm that the support of each function is rel-
atively small. However, in practice it is anyway difficult to im-
plement as an atomic logic gate a Boolean expression depending
on more than, say, eight variables. (Atomic behaviour of logic
gates is essential for the speed-independence of the circuit, and
a violation of this requirement can lead to hazards [3, 5].) This
means that if some function has only ‘large’ supports then the
specification must be changed (e.g., by adding new internal sig-
nals) to introduce ‘smaller’ supports. Such transformations are
related to the technology mapping step in the design cycle for
asynchronous circuits (see, e.g., [3]); we do not consider them
in this paper.
B. Computing maximal non-supports
Suppose that we want to compute the set N SUP P Fmax of
all maximal non-supports of F . At the level of a branching
process, a ΞX conflict can be represented as an unordered con-
flict pair of configurations 〈C′,C′′〉 whose final states are in ΞX
conflict, as shown in Fig. 7.
We adopt the following naming conventions. The variable
names are in the lower case and names of formulae are in the up-
per case. Names with a single prime (e.g., conf′e and C ON F ′)
are related to C′, and ones with a double prime (e.g., conf ′′e ) are
related to C′′. If there is no prime then the name is related to
both C′ and C′′. If a formula name has a single prime then the
formula does not contain occurrences of variables with double
primes, and the counterpart double prime formula can be ob-
tained from it by adding another prime to every variable with a
single prime. The subscript of a variable points to which ele-
ment of the STG or the prefix the variable is related, e.g., conf′e
and conf′′e are both related to the event e of the prefix. By a vari-
able without a subscript we denote the list of all variables for all
possible values of the subscript, e.g., conf′ will denote the list
of variables conf′e, where e runs over the set E \Ecut.
Below we describe the Boolean variables which will be used
in the proposed translation. Some of them can be expressed via
others, and in such case an appropriate defining expression is
provided, and it is assumed that whenever such a variable is used
in some formula, the corresponding defining expression is also
added to this formula. (And if this defining expression, in turn,
depends on some other variables with defining expressions, they
are also added, and so on.)
• For each event e ∈ E \ Ecut, we create two Boolean vari-
ables, conf′e and conf ′′e , tracing whether e ∈C′ and e ∈C′′,
respectively. These variables have no defining expressions.
V. Khomenko: DERIVATION OF COVERS FOR gC ELEMENTS AND stdC IMPLEMENTATION USING UNFOLDINGS 9
e1
a+
e2
b+
e3
b+
e4
c+
e5
d+
e6
b−
e7
c+
e8
c−
cut-off
e9
d−
e10
a−
cut-off
C′′
C′ (a)
nsupp = 0101
code′ = 0100 code′′ = 1100
out′
c/c+/c− = 1/1/0 out
′′
c/c+/c− = 0/0/0
conf ′ = 01000000 conf ′′ = 10100000
en′ = 0001000000 en′′ = 0000100000
e1
a+
e2
b+
e3
b+
e4
c+
e5
d+
e6
b−
e7
c+
e8
c−
cut-off
e9
d−
e10
a−
cut-off
C′ C′′
(b)
nsupp = 1101
code′ = 1101 code′′ = 1111
out′
c/c+/c− = 1/1/0 out
′′
c/c+/c− = 0/0/0
conf ′ = 10101000 conf ′′ = 10101010
en′ = 0000001000 en′′ = 0000000010
Fig. 7. An unfolding prefix of the STG shown in Fig. 2(a) illustrating a
CSCc{b,d} conflict between configurations C
′ and C′′, which is also a CSCc+{b,d}
and sCSCc+{b,d} conflict (a) and a sCSCc
+
{a,b,d} conflict which is not a CSC
c+
{a,b,d}
conflict (b). The order of signals in the binary encodings is: a, b, c, d.
• For each signal x ∈ Z, we create a variable nsuppx indicat-
ing whether x belongs to a non-support. These variables
have no defining expressions.
• For each condition b ∈ B\E•cut, we create two Boolean vari-
ables, cut′b and cut′′b , tracing whether b ∈ Cut(C′) and b ∈
Cut(C′′) respectively. The defining expression for cut′b is
cut′b ⇐⇒
^
e∈•b
conf ′e∧
^
e∈b•\Ecut
¬conf ′e ,
which conveys that b ∈ Cut(C′) iff the event ‘producing’ b
has fired, but no event ‘consuming’ b has fired. (Note that
since |•b| ≤ 1,
V
e∈•b conf
′
e in this formula is either the con-
stant 1 or a single variable.) The CNF of this expression
is
^
e∈•b
(¬cut′b∨ conf
′
e)∧
^
e∈b•\Ecut
(¬cut′b∨¬conf
′
e)∧
(cut′b∨
_
e∈•b
¬conf ′e∨
_
e∈b•\Ecut
conf ′e) .
The defining expression for cut′′b and the corresponding
CNF are built similarly.
• For each signal x ∈ Z, we create two Boolean variables,
code′x and code′′x , tracing the values of Codex(C′) and
Codex(C′′) respectively. We observe that Code′x(C′) = 1 iff
p1x ∈ Mark(C′), i.e., iff b ∈ Cut(C′) for some p1x–labelled
condition b (note that the places in PZ cannot contain more
than one token). This is captured by the defining expres-
sion code′x ⇐⇒
W
b∈Bx cut
′
b, where Bx
df
= {B\E•cut | h(b) =
p1x}. (Note that p1x ∈Mark(C′) iff
W
b∈Bx cut
′
b is true.) The
CNF of this defining expression is
(¬code′x∨
_
b∈Bx
cut′b)∧
^
b∈Bx
(code′x∨¬cut
′
b) .
The defining expression for code′′x and the corresponding
CNF are built similarly.
• For each event e ∈ E , we create two Boolean variables,
en′e and en′′e , tracing whether e is ‘enabled’ by C′ and C′′
respectively. Note that unlike conf ′ and conf′′, such vari-
ables are also created for the cut-off events. The defining
expression for en′e is en′e ⇐⇒
V
b∈•e cut
′
b. Intuitively, it
states for each instance e of z that e is ‘enabled’ by C′ iff
all the conditions in •e are in Cut(C′). The CNF of this
defining expression is
^
b∈•e
(¬en′e∨ cut
′
b)∧ (en
′
e∨
_
b∈•e
¬cut′b) .
The defining expression for en′′e and the corresponding
CNF are built similarly.
• For each signal x ∈ Z, we create the Boolean variables
out′
x/x+/x− and out
′′
x/x+/x− , tracing whether x
±/x+/x− is
‘enabled’ by C′ and C′′ respectively. The defining expres-
sion for out′
x/x+/x− is out
′
x/x+/x− ⇐⇒
W
e∈Ex/x+/x−
en′e,
where Ex/x+/x−
df
= {e ∈ E | λ(h(e)) = x±/x+/x−}. In-
tuitively, it conveys that x±/x+/x− is ‘enabled’ by C′ iff
some x±/x+/x−-labelled event is enabled by C′. The CNF
of this defining expression is
(¬out′x/x+/x− ∨
_
e∈Ex/x+/x−
en′e)∧
^
e∈Ex/x+/x−
(out′x/x+/x− ∨¬en
′
e) .
The defining expression for out′′
x/x+/x− and the correspond-
ing CNF are built similarly.
As already mentioned, the aim is to build a Boolean formula
C SC F such that ProjC SCF
nsupp
= N SUP P
F
, i.e., after assigning
arbitrary values to the variables nsupp, the resulting formula is
satisfiable iff there is a ΞX conflict, where X
df
= {x | nsuppx =
1}. Fig. 7 shows satisfying assignments (except the variables
cut′ and cut′′) corresponding to CSCc{b,d}, CSCc
+
{b,d}, sCSC
c+
{b,d}
and sCSCc+{a,b,d} conflicts depicted there. The target formula
C SC F will be the conjunction of constraints described below.
Configuration constraints
The role of first two constraints, C ON F ′ and C ON F ′′, is
to ensure that C′ and C′′ are legal configurations of the prefix
(not just arbitrary sets of events). C ON F ′ is defined as the
conjunction of the formulae
^
e∈E\Ecut
^
f∈•(•e)
(conf ′e ⇒ conf
′
f ) and
^
e∈E\Ecut
^
f∈Ee
¬(conf ′e∧conf
′
f ) ,
10 TECH. REP. CS-TR-930, SCHOOL OF COMPUTING SCIENCE, UNIVERSITY OF NEWCASTLE
where Ee
df
= ((•e)• \ {e}) \ Ecut. The former formula ensures
that C′ is a causally closed set of events. The latter one ensures
that C′ contains no structural conflicts. (One should be careful
to avoid duplication of clauses when generating this formula.)
Note that one can shorten this formulae by replacing •(•e) by
max≺
•(•e) and Ee by min≺Ee. C ON F ′′ is defined similarly.
C ON F
′
and C ON F ′′ can be transformed into the CNF by
applying the rules x ⇒ y≡ ¬x∨ y and ¬(x∧ y)≡ ¬x∨¬y.
One can see that the size of the configuration constraints is
O(|E \ Ecut|2), but since STGs in practice usually contain just
a few choices, this upper bound is rather pessimistic. More-
over, it is possible to reduce it down to O(|pi|), at the expense
of introducing auxiliary variables. This linear in the size of the
prefix translation is not considered in this paper as it is quite
complicated, even though it was implemented in the actual tool.
Note that the configuration constraint depends neither on the
output signal z being synthesised nor on the target architecture,
and thus it can be re-used many times during the synthesis.
Encoding constraint
The role of this constraint is to ensure that Codex(C′) =
Codex(C′′) whenever nsuppx = 1. This can be expressed by
the constraint N SUP P defined as
^
x∈Z
(
nsuppx ⇒ (code
′
x ⇐⇒ code
′′
x )
)
,
with the CNF
^
x∈Z
(
(¬code′x∨ code
′′
x ∨¬nsuppx)∧
(code′x∨¬code
′′
x ∨¬nsuppx)
)
.
Now the encoding constraint can be expressed as N SUP P
with the appropriate defining expressions.
One can show that under the plausible assumption that for
each signal x ∈ Z, x+- and x−-labelled events occur in the prefix,
the size of the encoding constraint is O(|pi|).
Note that the encoding constraint depends neither on the out-
put signal z being synthesised nor on the target architecture, and
thus it can be re-used many times during the synthesis.
Next-state constraint
For the CG synthesis the role of the next-state constraint
N X T
F is to ensure that Nxtz(C′)6=Nxtz(C′′). Since all the other
constraints are symmetric w.r.t. C′ and C′′, one can rewrite it as
Nxtz(C′) = 0∧Nxtz(C′′) = 1. Moreover, it follows from the de-
finition of Nxtz that Nxtz(C) ≡ ¬Codez(C) ⇐⇒ Outz(C), and
so the next-state constraint can be rewritten as the conjunction
of Codez(C′) ⇐⇒ Outz(C′) and ¬Codez(C′′) ⇐⇒ Outz(C′′).
Hence the formula N X T 0′ conveying that Nxtz(C′) = 0 can be
defined as code′z ⇐⇒ out′z. Similarly, the formula N X T 1′′
conveying that Nxtz(C′′) = 1 is defined as ¬code′′z ⇐⇒ out′′z .
Now N X T F can be expressed as N X T 0′ ∧N X T 1′′ with the
appropriate defining expressions.
For the gC synthesis, the role of the next-state constraint for
Sz is to ensure that Outz+(C′) = 1 and Nxtz(C′′) = 0, and so
N X T
F
can be constructed as out′z+ ∧N X T 0
′′
, with the ap-
propriate defining expressions, where N X T 0′′ is obtained from
N X T 0′ by substituting variables with single prime by those
with double prime. For Rz, the role of the next-state constraint
N X T
F is to ensure that Outz−(C′) = 1 and Nxtz(C′′) = 1, and
so it can be constructed as out′z− ∧N X T 1
′′
, with the appropri-
ate defining expressions.
For the stdC synthesis, the role of the next-state N X T F con-
straint for Ssz/Rsz is to ensure that Outz+/z−(C′) 6= Outz+/z−(C′).
Since all the other constraints are symmetric w.r.t. C′ and C′′,
one can rewrite it as Outz+/z−(C′) = 1 ∧ Outz+/z−(C′) = 0,
which is conveyed by the formula out′z+/z− ∧ ¬out
′′
z+/z− , with
the appropriate defining expressions.
Unlike the configuration and encoding constraints, the next-
state constraint does depend on the output signal z being synthe-
sised and the implementation architecture. However, under the
plausible assumption that for each signal z ∈ ZO, z+- and z−-
labelled events occur in the prefix, one can ensure (by re-using
parts of formulae) that the total size of the generated formulae
for all z ∈ ZO is O(|pi|).
Translation to SAT
The problem of computing the set N SUP P Fmax of maximal
non-supports of F can now be formulated as a problem of find-
ing the maximal elements of the projection ProjC SCF
nsupp
for the
Boolean formula
C SC F
df
= C ON F
′
∧C ON F
′′
∧N SUP P ∧N X T
F
.
This can be done using the incremental SAT approach, as de-
scribed in Section III. The size of this formulae is linear in the
size of the prefix. (However, new clauses are added during the
incremental SAT run.)
C. Computing minimal supports
Let N SUP P Fmax be the set of maximal non-supports com-
puted in the first stage of the method. Now we need to compute
the set SUP P Fmin of the minimal supports of F . In [11] this
was achieved by computing the set of minimal satisfying as-
signments of the Boolean formula
^
X∈N SUP P Fmax
(
_
x∈Z\X
nsuppx
)
,
which is satisfied by an assignment A iff the set of signals
Y df= {x | A(x) = 1} is not a subset of any non-support, and hence
is a support. This can be done using the incremental SAT ap-
proach, as described in Section III. Note that this Boolean for-
mula is much smaller than that for the first stage of the method
(it contains at most |Z| variables), and thus the corresponding
incremental SAT problem is usually much simpler. Neverthe-
less, this method can become expensive if SUP P Fmin is large.
Below a better approach is described.
The characteristic function of the set N SUP P F of all non-
supports can be built as follows:
_
X∈N SUP P Fmax
(
^
x∈Z\X
¬nsuppx
)
.
V. Khomenko: DERIVATION OF COVERS FOR gC ELEMENTS AND stdC IMPLEMENTATION USING UNFOLDINGS 11
One can see that this expression is in the disjunctive normal
form (DNF), i.e., it is represented as a disjunction of monoms,
which are conjunction of literals, each literal being either a vari-
able or the negation of a variable. Moreover, this function is
negative unate in all its variables, i.e., every its literal is the
negation of a variable. It is well known that the minimal DNF
of a unate function is uniquely defined as the disjunction of all
its prime implicants, and since the sets in N SUP P Fmax are pair-
wise incomparable w.r.t.⊂, the expression above is this minimal
DNF.
The characteristic function of the set SUP P F of all supports
can be obtained as the negation of the above expression; since
the original function is negative unate in all its variables, the re-
sult will be positive unate in all its variables, i.e., in its minimal
DNF no literal is the negation of a variable. Each prime impli-
cant of the characteristic function of SUP P F defines a minimal
support of F , and so one can compute the set SUP P Fmin of the
minimal supports of F by building its (uniquely defined) mini-
mal DNF and considering the set of its monoms.
For example, the function Fc of the STG shown in Fig. 2 has
four maximal non-supports: {a, b, c}, {a, b, d}, {a, c, d} and
{b,c,d}. The characteristic function of its set of non-supports is
¯d∨ c¯∨ ¯b∨a¯, and the minimal DNF of the negation of this expres-
sion is abcd. Hence Fc has a single minimal support {a,b,c,d}.
Note that in general the DNF of the negation of a given DNF
expression can be exponentially larger than the original expres-
sion, even in the unate case. Nevertheless, in practice it is often
much easier to complement a unate function. In the actual im-
plementation we used the unate compl function provided by
ESPRESSO [24].
D. Derivation of an equation
Suppose that X is a (not necessarily minimal) support of F .
One has to express F as a Boolean function of signals in X .
This can be done by generating a truth table for F , similar to
that shown in Fig. 4 but with the first column restricted to signals
in X , and then applying Boolean minimisation.
For the CG synthesis, we define EQ N FX as the conjunction
of C ON F ′ and all the defining expressions for the variables
code′x, x ∈ X . The set of encodings appearing in the first col-
umn of the truth table coincides with the projections of EQ N FX
onto the set of variables {codex | x ∈ X}. It also can be com-
puted using the incremental SAT approach, as described in Sec-
tion III. Note that at each step of this computation, the SAT
solver returns information not only about the next element v of
the projection, but also the values of all the other variables in
the formula. That is, along with the restriction of some reach-
able encoding onto the set X we have an information about a
configuration C′ via which it can be reached. Thus, the value
of Fz(v) can be computed simply as Nxtz(C′). This essentially
completes the description of the CG synthesis.
For the gC synthesis, the values of the set and reset func-
tions are not completely specified even for the reachable states
of the STG. To reduce the number of incremental calls to the
SAT solver, we do not compute the DC set explicitly (it is im-
plicitly defined by the ON and OFF sets), and compute the ON
and OFF sets separately as follows.
Suppose F is Sz. The ON set of Sz can be computed as the
projection of EQ N FX , defined as the conjunction of C ON F ′,
the defining expressions for the variables code′x, x ∈ X , and
out′z+ (with the appropriate defining expressions) onto the set of
variables {codex | x ∈ X}. Intuitively, this projection will con-
tain the encodings of all reachable states enabling z+ restricted
to X . Similarly, the OFF set of Sz is computed as the projection
of EQ N FX defined as the conjunction of C ON F ′, the defining
expressions for the variables code′x, x ∈ X , and N X T 0′ (with
the appropriate defining expressions) onto the set of variables
{codex | x ∈ X}. Intuitively, this projection will contain the en-
codings of all reachable states at which Nxtz is 0 restricted to X .
The computation of the ON and OFF sets of Resetz is quite
similar, but the formulae EQ N FX is defined for the ON set as
the conjunction of C ON F ′, the defining expressions for the
variables code′x, x ∈ X , and out′z− (with the appropriate defining
expressions), and for the OFF set it is defined as the conjunction
of C ON F ′, the defining expressions for the variables code′x,
x ∈ X , and N X T 1′ (with the appropriate defining expressions),
where N X T 1′ can be obtained from N X T 1′′ by substituting
the variables with a double prime with those with single prime.
For the stdC synthesis the ON and OFF sets of the set and
reset functions are obtained in the same way as for the gC syn-
thesis. That is, we build the truth tables for Sz and Rz rather
than Ssz and Rsz, which often allows for a better implementation,
as was already explained. Even though Sz and Rz are being de-
rived, the (potentially larger) supports computed for Ssz and Rsz
are used. This, on the one hand, guarantees that it is possible
to derive Sz and Rz satisfying the Monotonic Cover condition
(i.e., the binate covering problem will always have a solution),
and, on the other hand, does not result in an inferior implemen-
tation since Boolean minimisation will remove the ‘redundant’
signals from the resulting expression if this leads to simplifica-
tion.
The Boolean minimisation procedure must now take into ac-
count the Monotonic Cover condition, i.e., ensure that the en-
trance constraints are satisfied by the solution. These are a set
of implications which can be computed as follows. Suppose F
is Sz. Let EQ N FX be the conjunction of C ON F ′, the defining
expressions for the variables code′x, x ∈ X , and the formula
code′z∧¬out
′
z− ∧

 _
x∈X\{z}
out′x

 ,
with the appropriate defining expressions. One can show that
under the plausible assumption that for each signal x ∈ Z, x+-
and x−-labelled events occur in the prefix, the size of this for-
mula is O(|pi|).
Intuitively, each satisfying assignment A of this formula de-
fines a configuration C′ such that Codez(C′) = 1, Outz−(C′) = 0
and enabling some event e labelled by some signal x ∈ X \ {z}.
Let v be the projection of A onto the set of variables {codex | x ∈
X}. The entrance constraint for the final state of C′ conveys that
if the final state of C′ ∪ {e} is in the cover than the final state
of C′ is also in the cover. That is, for each signal x ∈ X \ {z}
enabled by C′, the implication Sz(v′) ⇒ Sz(v) should be added
to the set of entrance constraints, where v′ is obtained from v by
12 TECH. REP. CS-TR-930, SCHOOL OF COMPUTING SCIENCE, UNIVERSITY OF NEWCASTLE
negating the bit corresponding to x. Then the clause
_
x∈X\{z}
vx=0
code′x∨
_
x∈X\{z}
vx=1
¬code′x ∨
_
x∈X\{z}
Outx(C)=0
out′x,
which is not satisfied by A, is appended to the formula (note that
all the necessary defining expressions are already in the formula
and hence should not be added), and the process is repeated
until the instance becomes unsatisfiable. Intuitively, this clause
eliminates all the satisfying assignments with the corresponding
configuration having the same projection v of the encoding of its
final state onto the set of variables {codex | x ∈ X} and enabling
the same or smaller set of signals from X \ {z}.
Eventually we end up with a set of implications of the form
Sz(v′) ⇒ Sz(v). It can happen that v or v′ is in the OFF set of
the function. In such a case the following simplifications are
possible. If v′ is in the OFF set then the clause can be deleted,
as it is trivially satisfied. If v is in the OFF set then the OFF set
is extended to include v′ as well (this, in turn, can trigger fur-
ther simplifications), and the clause can be deleted. The com-
puted earlier ON and OFF sets of the function together with the
entrance constraints are passed to the binate Boolean minimi-
sation algorithm [23], which in this case is guaranteed to have
solutions.
If F is Rz then the approach is quite similar, but EQ N FX is
defined as the conjunction of C ON F ′, the defining expressions
for the variables code′x, x ∈ X , and the formula
¬code′z∧¬out
′
z+ ∧

 _
x∈X\{z}
out′x

 ,
with the appropriate defining expressions.
E. Optimisations
In this section, we describe optimisations which can signifi-
cantly reduce the computation effort required by the proposed
method. First, we suggest a heuristic helping to compute a part
of a signal’s support without running the SAT solver, based on
the fact that any support for an output z must include all the
triggers of z, i.e., those signals whose firing can enable z. (The
information about triggers can be derived from the finite and
complete prefix.) Then we show how to speed up the computa-
tion in the case of prefixes without dynamic choices (i.e., struc-
tural conflicts).
Simplifying support computation
As it was already noted, the number of solver runs in the
proposed method can be exponential in the size of a support of
an output signal z. Thus it makes sense to find at least a part of
the support using suitable heuristics.
We define for a z±-labelled event e the set of its triggers as
Trig(e) df= max≺([e]\{e}). (Intuitively, Trig(e) comprises those
events whose firing can ‘trigger’ the firing of e.) We also define
the set Trig(z) (respectively, Trig(z+), Trig(z−)) as the set of
signals whose instances can trigger an instance of z± (respec-
tively, z+, z−) in the (full) unfolding.
One can show that Trig(z) is a subset of any support of Fz,
and Trig(z+) / Trig(z−) is a subset of any support of Sz/Rz (and
a
b
c
(a)
e1
a
e2
b
cut-off
e3
c
(b)
Fig. 8. An STG (a) and a finite and complete prefix of its unfolding (b). Note
that Trigpi(c) = {a} ⊂ Trig(c) = {a,b}.
hence Ssz/Rsz). Indeed, firing a trigger x can change the ‘enabled-
ness status’ of z, i.e., the states immediately before and immedi-
ately after firing of x (whose binary encodings differ only in the
position corresponding to x) are in ΞZ\{x} conflict, and so any
set of signals which does not contain x is a non-support.
Using this observation, one can simplify the first stage of the
method by pre-setting the values of nsuppx corresponding to
the triggers to 1 (and simplifying the formula accordingly) be-
fore running the solver. On the second stage of the method, the
variables corresponding to the triggers are added to every sup-
port.
It should be noted, however, that the set Trig(z) / Trig(z+)
/ Trig(z−) were defined on the whole unfolding rather than a
finite and complete prefix, i.e., they do not necessarily coin-
cide with the set of signals Trigpi(z) / Trigpi(z+) / Trigpi(z−)
whose instances can trigger an instance of z/z+/z− in such
a prefix pi, as illustrated in Fig. 8. Nevertheless, Trigpi(z) /
Trigpi(z+) / Trigpi(z−) is guaranteed to be an underapproxima-
tion of Trig(z) / Trig(z+) / Trig(z−) and can still be used with-
out affecting the correctness of the method (though using it al-
lows for fewer simplifications). Note also that applying the pro-
posed method, with or without this heuristic, guarantees that
Trig(z)/Trig(z+)/Trig(z−) is a subset of any computed support.
(As it was already mentioned, SUP P Fmin captures all the mini-
mal supports of F and thus exactly characterises all the possible
supports of F .)
The case of prefixes without dynamic choices
In many cases the performance of the proposed method can
be improved by exploiting specific properties of the Petri net Σ
underlying an STG. For instance, if Σ is free from dynamic
choices (in particular, this is the case for marked graphs) then
the union of any two configurations of its unfolding is also a
configuration. (Note that freeness from dynamic choices can
easily be detected: it is enough to check that |b•| ≤ 1, for all
conditions b of the prefix.) This observation can be used to
reduce the search space. Indeed, according to Proposition 2 be-
low, it is then enough to look only for those cases when the
configurations C′ and C′′ being tested are ordered in the set-
theoretical sense.
Proposition 2: Let 〈C′,C′′〉 be a CSCzX / CSC
z+
X / CSC
z−
X /
sCSCz+X / sCSC
z−
X conflict pair of configurations in the unfolding
of a consistent STG without dynamic choices such that C′ *C′′
and C′′ * C′. Then 〈C,C′〉 or 〈C,C′′〉 is respectively a CSCzX
/ CSCz+X / CSC
z−
X / sCSC
z+
X / sCSC
z−
X conflict pair, where C
df
=
C′ ∩C′′.
V. Khomenko: DERIVATION OF COVERS FOR gC ELEMENTS AND stdC IMPLEMENTATION USING UNFOLDINGS 13
Proof: Since C′ ∪ C′′ is a configuration, each event in
C′ \C′′ 6= ∅ is concurrent to each event in C′′ \C′ 6= ∅. Now,
due to the consistency of the STG, no two distinct concur-
rent events in its unfolding can have the same signal label.
Hence none of the events in C′ \C′′ can have the same sig-
nal label (even after ignoring the sign) as an event in C′′ \
C′. Consequently, since Codex(C′) = Codex(C′′) for each
x ∈ X , Codex(C′)− Codex(C) = Codex(C′′)− Codex(C) = 0,
i.e., Codex(C) = Codex(C′) = Codex(C′′) for each x ∈ X .
If 〈C′,C′′〉 is a CSCzX conflict pair then Nxtz(C′) 6= Nxtz(C′′),
and so Nxtz(C) differs from at least one of Nxtz(C′) and
Nxtz(C′′). Hence, 〈C,C′〉 or 〈C,C′′〉 is a CSCzX conflict pair.
Suppose 〈C′,C′′〉 is a CSCz+X conflict pair. If Nxtz(C) = 0
then 〈C,C′〉 is a CSCz+X conflict pair. Otherwise Nxtz(C) = 1.
If Outz+(C) = 1 then 〈C,C′′〉 is a CSCz
+
X conflict pair. We
now show that the remaining case, viz. Codez(C) = 1 and
Outz−(C) = 0, is impossible. Indeed, since Outz+(C′) = 1 there
must be a z−-labelled event e′ ∈C′\C. Thus, due to consistency
of the STG, there should be no z±-labelled events in C′′ \C.
Since Codez(C) = 1 and Nxtz(C′′) = 0, C′′ enables a z−-labelled
event e′′. Since the STG is without dynamic choices, ¬(e′#e′′),
and due to consistency of the STG, e′ and e′′ cannot be con-
current. Moreover, e′ cannot causally precede e′′, since C′′ \C
contains no z±-labelled events. Hence e′′ either causally pre-
cedes e′ or coincides with it. Therefore, [e′′] \ {e} is a subset of
both C′ and C′′, and thus a subset of C, and e′′ /∈C′′ implies that
e′′ /∈C, i.e., C enables e′′ — a contradiction with Outz−(C) = 0.
Hence, 〈C,C′〉 or 〈C,C′′〉 is a CSCz+X conflict pair. Similarly, one
can show that if 〈C′,C′′〉 is a CSCz
−
X conflict pair then 〈C,C′〉 or
〈C,C′′〉 is a CSCz
−
X conflict pair.
If 〈C′,C′′〉 is a sCSCz
+/z−
X conflict pair then Outz+/z−(C′) 6=
Outz+/z−(C′′), and so Outz+/z−(C) differs from at least one of
Outz+/z−(C′) and Outz+/z−(C′′). Hence, 〈C,C′〉 or 〈C,C′′〉 is a
sCSCz
+/z−
X conflict pair.
In order to consider only ordered pairs of configurations, it
is enough to add to the formula C SC F constructed in the first
stage of the method the constraint
^
e∈E\Ecut
(
(v⊆⇒ (conf
′
e ⇒ conf
′′
e ))∧ (¬v⊆ ⇒ (conf
′′
e ⇒ conf
′
e))
)
,
requiring that C′ ⊆ C′′ ∨C′′ ⊆ C′, where v⊆ is a new variable
which can be set arbitrarily by the solver. This constraint can
easily be transformed into the CNF by applying the rule x ⇒
y ≡ ¬x∨ y.
Note that because the next-state constraint is not symmetric
w.r.t. C′ and C′′, one cannot limit the search space by assuming
that, say, C′ ⊆C′′, and has to explore both possibilities.
V. EXPERIMENTAL RESULTS
We implemented the proposed method using the ZCHAFF
SAT solver [18] and ESPRESSO Boolean minimiser [24], and
the benchmarks from [11] were attempted. All the experiments
were conducted on a PC with a PentiumTM IV/2.8GHz proces-
sor and 512M RAM.
The first group of examples comes from real design practice.
They are as follows:
• LAZYRINGCSC and RINGCSC — Asynchronous Token
Ring Adapters described in [25, 26].
• DUP4PHCSC, DUP4PHMTRCSC and DUPMTRMODCSC
— control circuits for the Power-Efficient Duplex Com-
munication System described in [27].
• CFSYMCSCA, CFSYMCSCB, CFSYMCSCC, CFSYM-
CSCD, CFASYMCSCA and CFASYMCSCB — control
circuits for the Counterflow Pipeline Processor described
in [28].
Some of these STGs, although built by hand, are quite large in
size. The results for this group are summarised in the first part
of Table I.
Two other groups, PPWKCSC(m, n) and PPARBCSC(m, n),
contain scalable examples of STGs modelling m pipelines
weakly synchronised without arbitration (in PPWKCSC(m,n))
and with arbitration (in PPARBCSC(m,n)). Note that in these
two series of benchmarks all the signals except the arbiter’s
grants in PPARBCSC(m,n) are considered outputs, i.e., the con-
trol logic is designed as a closed circuit. The inputs are inserted
after the synthesis is completed, by breaking up some outputs
and inserting the environment into the breaks, thus forming a
handshake (sometimes with an inverter attached to the output if
the environment acts as an active port). Fig. 9 illustrates these
two types of STGs, and the results for these two groups are sum-
marised in the last two parts of Table I.
The meaning of the columns in Table I is as follows (from left
to right): the name of the problem; the number of places, tran-
sitions, and input and output signals in the STG; the number
of reachable states; the number of conditions, events and cut-
off events in the complete prefix; the total number of next-state
(for gC synthesis) or set and reset (for CG and stdC syntheses)
functions obtained by the proposed method (it gives a rough
idea of the explored design space); the time spent by the PET-
RIFY tool [8] for each of the three types of synthesis; and the
time spent by the method proposed in this paper for each of the
three types of synthesis. We use ‘mem’ if there was a memory
overflow and ‘time’ to indicate that the test had not stopped af-
ter 15 hours. We have not included in the table the time needed
to build complete prefixes, since it did not exceed 0.1sec for any
of the attempted STGs.
Note that in all cases the size of the complete prefix was rela-
tively small. This can be explained by the fact that STGs usually
contain a lot of concurrency but relatively few choices, and thus
the prefixes are in many cases not much bigger then the STGs
themselves. For the scalable benchmarks, one can observe that
the complete prefixes exhibited polynomial growth, whereas the
number of reachable states grew exponentially. As a result, the
unfolding-based method had a clear advantage over that based
on state graphs.
Although the performed testing was limited in scope, one can
draw some conclusions about the performance of the proposed
algorithm. In all the test cases the proposed method solved
the problem relatively easily, even when it was intractable for
PETRIFY. In some cases, it was faster by several orders of
magnitude. The time spent on all these benchmarks was quite
satisfactory — the most ‘difficult’ benchmark was CFASYM-
CSCA for all the three types of synthesis, and it took just
56/69/171 seconds for the CG/gC/stdC synthesis algorithm.
14 TECH. REP. CS-TR-930, SCHOOL OF COMPUTING SCIENCE, UNIVERSITY OF NEWCASTLE
x+1 x
+
2 x
+
3 x
+
4 z
+ y+1y
+
2y
+
3y
+
4
x−1 x
−
2 x
−
3 x
−
4 y
−
1y
−
2y
−
3y
−
4
z−
(a)
outputs: x1, . . . ,x4,y1, . . . ,y4,z
r+x g+x r−x g−x r
+
yg+yr−yg−y
x+1 x
+
2 x
+
3 x
+
4 z
+ x+5 y
+
1y
+
2y
+
3y
+
4z
+y+5
x−1 x
−
2 x
−
3 x
−
4 z
− y−1y
−
2y
−
3y
−
4z
−
x−5 y
−
5
(b)
inputs: gx,gy; outputs: x1, . . . ,x5,y1, . . . ,y5,z,rx,ry
Fig. 9. STGs modelling two weakly synchronised pipelines without arbitration (a) and with arbitration (b).
Such ‘difficult’ cases typically had many alternative implemen-
tations which were enumerated by the proposed method, and the
rates at which the equations were derived were quite high —
e.g., for CFASYMCSCA benchmark in average approximately
8/7/3 equations per second were derived by the CG/gC/stdC
synthesis algorithm.
It is important to note that these improvements in memory
and running time come without any reduction in quality of the
solutions. In fact, the proposed method is complete, i.e., it can
produce all the valid implementations in each of the three target
architectures (CG, gC and stdC). However, in the developed
tool we restricted the algorithm to only minimal supports. Nev-
ertheless, the explored design space was quite satisfactory: as
the ‘Derived expressions’ column in Table I shows, in many
cases the method proposed quite a few alternative implementa-
tions. Overall, the proposed approach turned out to be clearly
superior, especially for hard problem instances.
It is also worth to investigate the breakdown of the proposed
method’s execution time. It turns out that it spends a substan-
tial amount of time (8–10/16–18/9–15% for CG/gC/stdC syn-
thesis) generating SAT instances. This is because we have not
yet addressed the optimisation of generating the formulae, and
we expect this time can be significantly improved. Computing
maximal non-supports typically takes 40–75/30–60/13–40% of
time, and generating tables for boolean minimisation takes 20–
50/25–55/45–80% for CG/gC/stdC synthesis (note that in the
case of stdC synthesis the latter time includes building the en-
trance constraints). Computing minimal supports and Boolean
minimisation take negligible amount of time (less than 1%) in
all three types of synthesis.
In most cases the gC synthesis took more time than CG syn-
thesis, because more formulae are generated and more equa-
tions are usually produced; however, the difference in time is
not very significant. The stdC synthesis was 1.5–3 times more
expensive than gC synthesis, because the entrance constraints
had to be built. However, it did not matter much for timing that
the binate covering problem had to be solved, since in all cases
the Boolean minimisation was very fast compared with the other
tasks.
VI. CONCLUSIONS
According to the experimental results, the new method can
solve quite large problem instances in relatively short time. It
should also be emphasised that the unfolding approach is par-
ticularly well-suited for STGs, because STG unfolding prefixes
are much smaller than state graphs for practical STGs. There-
fore, in contrast to state-space based approaches, the proposed
method is not memory demanding.
We view these results as encouraging. Together with those
of [17,21,22] they form complete design flows for CG, gC and
stdC syntheses of asynchronous circuits based on STG unfold-
ing prefixes rather than state graphs. In future work we intend to
include also the technology mapping step into this framework.
An important observation one can make is that the combi-
nation ‘unfolder & solver’ is quite powerful. It has already
been used in a number of papers (see, e.g., [20, 29]). Most
of ‘interesting’ problems for safe Petri nets are P SPAC E-
complete [30], but the same problems for prefixes are often
in N P or even P . Though the size of a finite and complete
unfolding prefix can be exponential in the size of the original
Petri net, in practice it is often relatively small. In particular,
according to the conducted experiments, this is almost always
V. Khomenko: DERIVATION OF COVERS FOR gC ELEMENTS AND stdC IMPLEMENTATION USING UNFOLDINGS 15
Problem STG Prefix Derived expressions (SAT) PFY Time, [s] SAT Time, [s]
|P| |T | |ZI |/|ZO | |[M0〉| |B| |E| |Ecut | CG gC stdC CG gC stdC CG gC stdC
Real-Life STGs
LAZYRING 42 37 5/7 187 88 71 5 14 9/12 9/12 1 3 3 <1 <1 <1
RING 185 172 11/18 16320 650 484 55 63 69/39 69/39 850 849 898 3 5 8
DUP4PHCSC 135 123 12/15 171 146 123 11 48 85/45 85/45 20 27 38 <1 <1 1
DUP4PHMTRCSC 114 105 10/16 149 122 105 8 46 75/29 75/29 13 19 34 <1 <1 1
DUPMTRMODCSC 152 115 10/17 321 228 149 13 165 85/33 85/33 125 141 148 1 1 2
CFSYMCSCA 85 60 8/14 6672 1341 720 56 60 48/80 48/80 163 183 253 22 25 82
CFSYMCSCB 55 32 8/8 690 160 71 6 34 20/12 20/12 10 12 20 <1 <1 <1
CFSYMCSCC 59 36 8/10 2416 286 137 10 18 14/16 14/16 13 15 22 <1 <1 <1
CFSYMCSCD 45 28 4/10 414 120 54 6 16 14/10 14/10 3 7 5 <1 <1 <1
CFASYMCSCA 128 112 8/26 147684 1808 1234 62 450 252/259 252/259 1448 1565 1569 56 69 171
CFASYMCSCB 128 112 8/24 147684 1816 1238 62 93 78/65 78/65 2323 2481 2508 19 24 42
Marked Graphs
PPWKCSC (2,3) 24 14 0/7 27 = 128 38 20 1 7 7/7 7/7 <1 2 2 <1 <1 <1
PPWKCSC (2,6) 48 26 0/13 213 = 8192 110 56 1 13 13/13 13/13 4 6 6 <1 <1 <1
PPWKCSC (2,9) 72 38 0/19 219 > 5 · 105 218 110 1 19 19/19 19/19 44 44 44 <1 <1 <1
PPWKCSC (2,12) 96 50 0/25 225 > 3 · 107 362 182 1 25 25/25 25/25 2082 2055 2056 <1 <1 1
PPWKCSC (3,3) 36 20 0/10 210 = 1024 57 29 1 10 10/10 10/10 1 3 3 <1 <1 <1
PPWKCSC (3,6) 72 38 0/19 219 > 5 · 105 165 83 1 19 19/19 19/19 43 46 46 <1 <1 <1
PPWKCSC (3,9) 108 56 0/28 228 > 2 · 108 327 164 1 28 28/28 28/28 7380 7085 7080 <1 <1 1
PPWKCSC (3,12) 144 74 0/37 237 > 1011 543 272 1 37 37/37 37/37 time time time 1 1 2
STGs with Arbitration
PPARBCSC (2,3) 48 32 2/13 207 · 24 = 3312 110 66 2 18 13/18 13/18 4 6 6 <1 <1 <1
PPARBCSC (2,6) 72 44 2/19 207 · 210 > 2 · 105 218 120 2 24 19/24 19/24 42 43 44 <1 <1 <1
PPARBCSC (2,9) 96 56 2/25 207 · 216 > 107 362 192 2 30 25/30 25/30 315 316 317 <1 <1 1
PPARBCSC (2,12) 120 68 2/31 207 · 222 > 8 · 108 542 282 2 36 31/36 31/36 3840 3959 3976 1 1 2
PPARBCSC (3,3) 71 48 3/19 297 · 28 = 76032 118 114 3 29 19/29 19/29 45 47 47 <1 <1 <1
PPARBCSC (3,6) 107 66 3/28 297 · 217 > 3 · 107 368 204 3 38 28/38 28/38 1001 1176 1175 <1 <1 1
PPARBCSC (3,9) 143 84 3/37 297 · 226 > 1010 602 321 3 47 37/47 37/47 24941 25544 25753 1 2 3
PPARBCSC (3,12) 179 102 3/46 297 · 235 > 1013 890 465 3 56 46/56 46/56 mem mem mem 2 3 5
TABLE I
EXPERIMENTAL RESULTS.
the case for STGs. A problem formulated for a prefix can usu-
ally be translated into some canonical problem, e.g., an integer
programming one [20], a problem of finding a stable model of
a logic program [29], or a Boolean satisfiability problem as in
this paper. Then an appropriate solver can be used for efficiently
solving it. Thus it is often advantageous to re-state the problem
at hand in terms of SAT, and then apply an existing SAT solver,
rather than to develop a specialised algorithm from scratch. An
additional benefit of this strategy is that any improvement in
SAT techniques (which are an active area of research) is imme-
diately inherited.
REFERENCES
[1] P.A. Beerel, C.J. Myers, and T.H.-Y. Meng, “Covering Conditions and Al-
gorithms for the Synthesis of Speed-Independent Circuits,” IEEE Trans-
actions on Computer-Aided Design, 1998.
[2] P.A. Beerel and T.H.-Y. Meng, “Automatic Gate-Level Synthesis of
Speed-Independent Circuits,” in Proc. ICCAD’1992. 1992, pp. 581–587,
IEEE Computer Society Press.
[3] J. Cortadella, M. Kishinevsky, A. Kondratyev, L. Lavagno, and A. Ya-
kovlev, Logic Synthesis of Asynchronous Controllers and Interfaces,
Springer-Verlag, 2002.
[4] D.E. Muller and W.S. Bartky, “A Theory of Asynchronous Circuits,” in
Proc. International Symposium of the Theory of Switching, 1959, pp. 204–
243.
[5] T.-A. Chu, Synthesis of Self-Timed VLSI Circuits from Graph-Theoretic
Specifications, Ph.D. thesis, Laboratory for Computer Science, Massa-
chusetts Institute of Technology, 1987.
[6] A.J. Martin, “Programming in VLSI: From Communicating Processes to
Delay-Insensitive Circuits,” in Developments in Concurrency and Com-
munication, C.A.R. Hoare, Ed. 1990, UT Year of Programming Series,
pp. 1–64, Addison-Wesley.
[7] A. Yakovlev, L. Lavagno, and A. Sangiovanni-Vincentelli, “A Unified
Signal Transition Graph Model for Asynchronous Control Circuit Syn-
thesis,” Formal Methods in System Design, vol. 9, no. 3, pp. 139–188,
1996.
[8] J. Cortadella, M. Kishinevsky, A. Kondratyev, L. Lavagno, and A. Yakov-
lev, “PETRIFY: a Tool for Manipulating Concurrent Specifications and
Synthesis of Asynchronous Controllers,” IEICE Transactions on Infor-
mation and Systems, vol. E80-D, no. 3, pp. 315–325, 1997.
[9] R.E. Bryant, “Graph-Based Algorithms for Boolean Function Manipula-
tion,” IEEE Transactions on Computers, vol. C-35-8, pp. 677–691, 1986.
[10] A. Kondratyev, J. Cortadella, M. Kishinevsky, E. Pastor, O. Roig, and
A. Yakovlev, “Checking Signal Transition Graph Implementability by
Symbolic BDD Traversal,” in Proc. DATE’1995. 1995, pp. 325–332,
IEEE Computer Society Press.
[11] V. Khomenko, M. Koutny, and A. Yakovlev, “Logic Synthesis for Asyn-
chronous Circuits Based on Petri Net Unfoldings and Incremental SAT,”
in Proc. ICACSD’2004, M. Kishinevsky and Ph. Darondeau, Eds. 2004,
pp. 16–25, IEEE Computer Society Press, Full version: Fundamenta In-
formaticae, 2005, to appear.
[12] J. Engelfriet, “Branching Processes of Petri Nets,” Acta Informatica, vol.
28, pp. 575–591, 1991.
[13] J. Esparza, S. Ro¨mer, and W. Vogler, “An Improvement of McMillan’s
Unfolding Algorithm,” Formal Methods in System Design, vol. 20, no. 3,
pp. 285–310, 2002.
[14] V. Khomenko, Model Checking Based on Prefixes of Petri Net Unfoldings,
Ph.D. thesis, School of Computing Science, University of Newcastle upon
Tyne, 2003.
[15] A. Kondratyev, J. Cortadella, M. Kishinevsky, L. Lavagno, A. Taubin, and
A. Yakovlev, “Identifying State Coding Conflicts in Asynchronous Sys-
tem Specifications Using Petri Net Unfoldings,” in Proc. ICACSD’1998.
1998, pp. 152–163, IEEE Computer Society Press.
[16] K.L. McMillan, “Using Unfoldings to Avoid State Explosion Problem
in the Verification of Asynchronous Circuits,” in Proc. CAV’1992. 1992,
Lecture Notes in Computer Science 663, pp. 164–174, Springer-Verlag.
[17] A. Semenov, Verification and Synthesis of Asynchronous Control Circuits
Using Petri Net Unfolding, Ph.D. thesis, School of Computing Science,
University of Newcastle upon Tyne, 1997.
[18] S. Moskewicz, C. Madigan, Y. Zhao, L. Zhang, and S. Malik, “CHAFF:
Engineering an Efficient SAT Solver,” in Proc. DAC’2001. 2001, pp. 530–
535, ASME Technical Publishing.
[19] L. Zhang and S. Malik, “The Quest for Efficient Boolean Satisfiability
16 TECH. REP. CS-TR-930, SCHOOL OF COMPUTING SCIENCE, UNIVERSITY OF NEWCASTLE
Solvers,” in Proc. CAV’2002, E. Brinksma and K.G. Larsen, Eds. 2002,
Lecture Notes in Computer Science 2404, pp. 582–595, Springer-Verlag.
[20] V. Khomenko, M. Koutny, and A. Yakovlev, “Detecting State Coding
Conflicts in STGs Using Integer Programming,” in Proc. DATE’2002,
C.D. Kloos and J. Franca, Eds. 2002, pp. 338–345, IEEE Computer Soci-
ety Press.
[21] V. Khomenko, M. Koutny, and A. Yakovlev, “Detecting State Coding
Conflicts in STG Unfoldings Using SAT,” in Proc. ICACSD’2003, J. Lil-
ius, F. Balarin, and R.J. Machado, Eds. 2003, pp. 51–60, IEEE Computer
Society Press, Full version: IOS Press, Fundamenta Informaticae, 62(2),
2004, 1–21.
[22] A. Madalinski, A. Bystrov, V. Khomenko, and A. Yakovlev, “Visualiza-
tion and Resolution of Coding Conflicts in Asynchronous Circuit Design,”
in Proc. DATE’2003. 2003, pp. 926–931, IEEE Computer Society Press,
Full version: IEE Proceedings: Computers & Digital Techniques 150(5),
2003, 285–293.
[23] A. Grasselli and F. Luccio, “Some Covering Problems in Switching The-
ory,” in Network and Switching Theory, G. Biorci, Ed. 1968, pp. 536–557,
Academic Press.
[24] R. Brayton, G. Hachtel, C. McMullen, and A. Sangiovanni-Vincentelli,
Logic Minimisation Algorithms for VLSI Synthesis, Kluwer Academic
Publishers, 1984.
[25] C. Carrion and A. Yakovlev, “Design and Evaluation of Two Asynchro-
nous Token Ring Adapters,” Tech. Rep. CS-TR-562, School of Comput-
ing Science, University of Newcastle upon Tyne, 1996.
[26] K.S. Low and A. Yakovlev, “Token Ring Arbiters: an Exercise in Asyn-
chronous Logic Design with Petri Nets,” Tech. Rep. CS-TR-537, School
of Computing Science, University of Newcastle upon Tyne, 1995.
[27] S.B. Furber, A. Efthymiou, and M. Singh, “A Power-Efficient Duplex
Communication System,” in Proc. AINT’2000, A. Yakovlev and R. Nouta,
Eds. 2000, pp. 145–150, TU Delft, The Netherlands.
[28] A. Yakovlev, “Designing Control Logic for Counterflow Pipeline Proces-
sor Using Petri Nets,” Formal Methods in System Design, vol. 12, no. 1,
pp. 39–71, 1998.
[29] K. Heljanko, “Using Logic Programs with Stable Model Semantics to
Solve Deadlock and Reachability Problems for 1-Safe Petri Nets,” Fun-
damenta Informaticae, vol. 37, no. 3, pp. 247–268, 1999.
[30] J. Esparza, “Decidability and Complexity of Petri Net Problems — an
Introduction,” in Lectures on Petri Nets I: Basic Models, W. Reisig and
G. Rozenberg, Eds. 1998, Lecture Notes in Computer Science 1491, pp.
374–428, Springer-Verlag.
