Checking signal transition graph implementability by symbolic bdd traversal by Kondratyev, Alex et al.
Checking Signal Transition Graph Implementability by Symbolic 
BDD Traversal 
Alex Kondratyev Jordi Cortadella' Michael Kishinevskyt 
The University of Aizu The University of Aizu Universitat PolitBcnica de Catalunya 
Aizu-Wakamatsu, 965 Japan 08071 - Barcelona, Spain Aizu-Wakamatsu, 965 Japan 
Enric Pastor' Oriol Roig' Alex Yakovlev 
Universitat Politkcnica de Catalunya 
08071 - Barcelona, Spain 
Universitat Politkcnica de Catalunya 
08071 - Barcelona, Spain 
University of Newcastle upon 
Tyne, NE1 7RU England 
Abstract 
This paper defines conditions for a Signal l h n s i -  
tion Graph to be implemented by an asynchronous cir- 
cuit. A hierarchy of the implementability classes is 
presented. Our main concern is the implementability 
of the specification under the restricted input-output 
interface between the design and the environment, i.e., 
when no additional interface signals are allowed to 
be added to the design. We develop algorithms and 
present experimental results of using BDD-traversal 
for  checking STG implementability. These results 
demonstrate eficiency of the symbolic approach and 
show a way of improving ezisting tools for STG-based 
asynchronous circuit design. 
1 Introduction 
Synthesis frameworks for asynchronous circuits 
based on STGs (see, e.g., [2, 61) involve methods for 
STG analysis and verification. The main problem 
here is to check if a given STG is implementable by 
an asynchronous circuit. Although the existing lit- 
erature defines such conditions (namely, Consistency 
and Complete State Coding [2, 6, lo]), they do not 
reflect requirements to the interface between the cir- 
cuit and its environment. Another shortcoming of the 
existing analysis methods is that they are based on 
explicit representation of the State Graph.Recent de- 
velopements in using symbolic techniques for reach- 
able state space traversal, based on Binary Decision 
Diagrams(BDDs) [ l ,  91, can be applied to avoid state 
space explosion. 
*This work has been partially supported by CICYT TIC 91- 
1036, Dept. d'Ensenyament de la Generalitat de Catalunya and 
ACID-WG (Esprit 7225). 
tThis work has been partly supported by The Danish Tech- 
nical Research Council and by the U.K. SERC GRJJ52327. 
$This work has been partly supported by the U.K. SERC 
GRJJ52327. 
This paper tackles both these problems. First, we 
define STG implementability classes and the prop- 
erties that must be checked in order to ensure that 
a speed-independent circuit is derivable from the 
STG (Sections 2 and 3). Secondly, we develop algo- 
rithms and present experimental results of using BDD- 
traversal approach for STG implementability verifica- 
tion (Sections 4 to 6). These results demonstrate effi- 
ciency of the symbolic approach. 
2 STG implementability 
Let N = (P,T,F,mo) be a Petri net (PN) [7], 
where P is the set of places, T is the set of transitions, 
F g (P x T )  U (T x P )  is the flow relation, and mo 
is the initial marking. A transition t E T is enabled 
at  marking ml if all its input places are marked. An 
enabled transition t may fire, producing a new mark- 
ing m2 with one less token in each input place and one 
more token in each output place (ml -+ m2). The sets 
of input and output places of transition t are denoted 
by ot and t o .  Similar, op and po stand for the sets 
of input and output transitions of place p. The set of 
all markings reachable in N from the initial marking 
mo is called Reachability Set. Its graphical represen- 
tation is called Reachability Graph. An example of 
P N  is shown in Figure 1,a. 
Signal Transition Graphs (STGs) are PNs whose 
transitions are interpreted as signal transitions. A sig- 
nal transition can be represented by ai+ (or a j - )  for 
the j-th transition of signal a from 0 to 1 (or from 1 
to 0), while aj* is a generic name for either a rising or 
falling transition of a. 
Definition 2.1 [2] An STG D is a triple ( N ,  SA,  A), 
where N is a PN, SA is the set of signals that is a 
union of three non-intersecting subsets: SI, SO and 
SH of input,. output and intemal (hidden) signals re- 
spectively, and X : T + SA x { 1,2, .  . .} x { +, -} is the 
labelling function. 
1066-1409/95 $4.00 Q 1995 IEEE 
325 
~- 
f P8 
t8 
Figure 1: A two-user mutual exclusion element. 
An STG example, which is the interpretation of 
P N  from Figure l,a, is shown in Figure 1,b. STGs are 
often shown in their shorthand form, where transitions 
are denoted by their labels (instead of bars) and places 
with only one input and output transition are omitted. 
The behavior of an STG and a circuit can be com- 
pared on the basis of the languages they realize. 
Definition 2.2 (Strong Equivalence) Circuit C 
with a set of signals A is strongly equivalent to STG 
D if: (1) there is one-to-one correspondence between 
signals A of C and SA of D ,  and (2) for  each trace of 
signal transitions in C there i s  an equivalent trace of 
transitions in D and vice versa. 
If we somehow manage to check that the STG can 
have a strongly equivalent circuit, then the logic equa- 
tions for all gates of the circuit can be derived by the 
STG in a conventional way [2, 3, 101. This is why 
the STG that has a strongly equivalent implementa- 
tion will be called gate implementable. If there is no 
circuit that is strongly equivalent to the STG specifi- 
cation, it might be that an equivalent circuit can be 
derived with some additional signals. 
Definition 2.3 (Projection) For a trace q over the 
set of signals SA the projection of q on the set of sig- 
nals SB, SB c SA, is a sequence q 1 SB which is 
obtained from q b y  deleting all transitions whose sig- 
nals are not in S e .  
A projection of a set of traces of D ( L ( D ) )  on the 
set of signals SB is the set of projections of all traces 
from L ( D )  on SB (denoted b y  L ( D )  J. SB). 
Definition 2.4 (Trace equivalence) Two STGs 
D1 and 0 2  with signal sets S A 1  and S A 2  are trace 
equivalent by the set of signals SB, SB C S A 1  n  SA^, 
if L ( D 1 )  1 SB E L ( D 2 )  1 SB. 
Both STG and circuit behavior can be character- 
ized by their trace sets. Thus, one can compare in 
this way two different STGs, or two circuits, or an 
STG and a circuit. 
Definition 2.4 restricts the behavior of observable 
signals (set SB); no change in their ordering is al- 
lowed. For specifications (circuits) with external in- 
puts and outputs an equivalence that preserves the 
input-output (I/O) interface is needed. 
Definition 2.5 (I/O equivalence) Two STGs D1 
and 0 2  with sets of signals S A 1  and S A 2  are I/o eqUaV- 
alent b y  the set of signals SB, SB C S A 1  n  SA^, if (1) 
they are trace equivalent by SB and (2) for  the input 
and output signals of D1 and 0 2 :  S I 1  = S r 2  G SB 
and Sol = S o 2  C SB. 
Trace equivalence and 1/0 equivalence address dif- 
ferent design tasks and conditions. If the task is to 
implement a module, then typically the 1/0 interface 
is fixed for the module and it is necessary to use the 
1/0 equivalence between the implementation and the 
original specification. However, it is often up to  the 
designer to decide how to decompose the module into 
smaller blocks and what kind of interface to choose 
for these blocks. For the module decomposition, only 
trace equivalence may need to be ensured. In this pa- 
per we are primarily interested in the conditions of 
implementability when it is not allowed to change the 
interface. 
We have therefore distinguished the following (in 
the descending order of hierarchy) levels in the STG 
implementability: 
Definition 2.6 A n  STG D is called: (1) SI -  
implementable i f  there is a logic circuit C trace equiv- 
alent to D ;  (2) Input/Output SI-implementable (we 
will simply denote it I/O-implementable) if there is 
a logic circuit C 1/0 equivalent to D ;  (3) Gate- 
implementable i f  there is a logic circuit C strongly 
equivalent to D .  
3 Properties of STGs 
Our check of STG implementability will be based 
on the BDD-based symbolic traversal of the reachable 
set of states [l, 91. This helps to avoid or to mitigate 
state explosion. 
SG is a directed graph whose vertices correspond to  
the markings of the Reachability Graph. An SG ver- 
tex is labeled with a boolean vector s = (sl, . . . , sn), 
representing the value of the STG signals (n is the 
number of signals in the STG). This vector is called a 
state. Two states s 1  and s 2  corresponding to markings 
ml and m 2  are connected with an edge in the SG if 
m 2  is reachable from ml by the firing of some event 
a* of the STG (sl s2). This transition ai* is called 
enabled in state 5 1 .  Signal a is called enabled in state 
s if some transition a;* is enabled in s, otherwise a is 
called stable or disabled. 
In general, several states in the SG may corre- 
spond to one marking. Therefore, first the full state 
326 
graph [ll] is build. Each vertex in such a graph is la- 
belled by a pair (marking, state). The SG is then ob- 
tained by retaining only the state component in each 
vertex label. Figure 2,a-c illustrates the three types of 
state models: the reachability graph, the state graph 
and the full state graph for the mutual exclusion ele- 
ment. 
3.1 Boundedness and consistency 
The behavior of the circuit must be finite. This 
is guaranteed by boundedness of the underlying Petri 
net. A PN (STG) is called k-bounded if for every reach- 
able marking the number of tokens in any place is not 
greater than k.  A P N  (STG) is called bounded if there 
is such a finite k for which it is k-bounded, and if 
k = 1, then the PN (STG) is called safe. The STG 
shown in Figure l ,b  is safe. 
Not every STG can be associated with a process 
of switching the circuit gates. Let us assume, for ex- 
ample, that the following sequence is feasible in an 
STG: bl+, a+, b2+, . . .. After firing bl+ signal b must 
be at logical 1, and no correct interpretation can be 
suggested to the following transition b2+. Such incor- 
rectness can be formalized in the SG terms by state 
assignment consistency. 
Definition 3.1 A n  SG has a consistent state assign- 
ment (we call such an SG consistent) for each pair 
of states s1 and s2 connected with the edge (91 + s2) 
the following conditions are met: (1) if the edge is la- 
beled b y  a+ transition, then signal a is equal to 0 in 
s1 and to 1 in s2; (2) i f  the edge is labeled by  a- tran- 
sition, then signal a is equal to 1 in s1 and to 0 in 5 2 ;  
(3) in all other cases the value of signal a in s1 and 
s2 is the same. 
An STG D is SI-implementable only if it is bounded 
and its SG is consistent[2, 51. The specific feature 
of speed-independent implemectation is captured by 
persistency. 
3.2 Persistency 
Persistency means that if a circuit signal is enabled 
it has to fire independently from the firing of other 
signals. However, one should distinguish between in- 
put and non-input signals. For inputs, which are con- 
trolled by the environment, it is possible to have a 
non-deterministic choice, which is represented in STG 
and SG models by conflicts, i.e., disabling of one input 
signal by another input signal. Such conflicts are al- 
ways interpreted as choice and therefore do not lead to 
hazardous behavior. For non-input signals, which are 
produced by circuit gates, signal transition disabling 
may lead to  a hazardous spike at the output of the 
gate, making the circuit behavior dependent on the 
gate delays. In the case phrased as "input is disabled 
by the output", we assume that these two signals are 
controlled independently, one by the environment and 
the other by the circuit. If the environment is ready to 
change the input while the circuit is ready to change 
the output of a gate, then these two processes, un- 
der a speed-independent interaction, cannot influence 
each other. Therefore this is also a potential source of 
hazards and delay-dependence. 
Definition 3.2 SG G is persistent if: (1) any non- 
input signal cannot be disabled b y  another signal' and 
(2) any input signal cannot be disabled b y  a non-input 
signal. 
The following proposition (similar to the one proved 
in [4]) shows that persistency is a necessary condition 
for the SI-implementability of STGs. 
Proposition 3.1 A n  STG is I/O-implementable only 
i f  the corresponding SG is persistent. 
Let us refine the potential sources of persistency vio- 
lation. 
Definition 3.3 (1) Transition t;  is non-persistent in 
a PN N i f  ti enabled in some reachable marking m 
becomes disabled after the firing of another transition 
t j  enabled in m. Non-persistency of ti with respect to 
t j  is also called a direct conflict between ti and t j .  (2) 
Signal a is non-persistent in an STG D i f  a is enabled 
in some reachable state s of the corresponding SG and 
it becomes disabled after the firing of another signal b 
also enabled in s. 
Signal persistency and transition persistency are 
closely related. Clearly, the only source of non- 
persistency of a signal a is the non-persistency of 
some transition labelled with ai*. Yet not any non- 
persistency of a;* leads to the violation of persistency 
by signal a. In Figure 3,a transitions labelled with al+ 
'To deal with non-deterministic circuits (like arbiters) we 
can soften the requirement and allow the disabling of non-input 
signals in arbitration points. 
327 
and bz+ are both non-persistent. However, signals a 
and b are persistent in the corresponding SG in Figure 
3,c. Although the firing of, e.g., al+ disables bz+ it 
also enables transition bl+. So, both before and after 
the firing of al+, signal b remains enabled. By the 
trace equivalence (Definition 2.4) such a behavior of 
signals a and b is equivalent to the concurrent firing of 
a+ and b+[6]. Therefore, both STG D1 and 0 2  have 
the same SG (Figure 3,c). One can conclude that for 
signal b the conflict of the transition bz+ is "fake". 
Fake conflicts are discussed further in Section 3.5. 
i" 1"' 
bL<2+ I 
4 
C+ 
D2: t I 
a+\/b 
C+ 
a b  
O*O'O 
I IO* 
IC+ 
(C) 
Figure 3: Transition and signal non-persistency 
3.3 Complete state coding 
SG descriptions are convenient for the derivation of 
the logic functions of signals. 
Unfortunately, this procedure is not always immedi- 
ately possible even for finite, consistent and persistent 
SGs. The problem is with the state encoding, which 
may sometimes define the on- and off-sets of the logic 
functions [2, 3, 61 not uniquely. 
Definition 3.4 A state graph is said to satisfy the 
Complete State Coding requirement i f  and only i f  (1) 
each state has a unique binary code, or (2) for pairs 
of states that have identical binary codes, the set of 
enabled non-input signals is identical. 
The CSC requirement is the necessary condition 
for the gate implementabilty. It is also the sufficient 
condition for the implementation on complex gates[2]. 
Given an STG specification that does not obey the 
CSC requirement, the following question arises: Is it 
possible to equivalently transform this specification to 
another STG for which the CSC requirement is met 
and therefore it is gate implementable? For the SI- 
implementability when it is allowed to change the in- 
terface of the design the answer to the question is pos- 
itive, and any of the known methods can be employed 
to insert additional signals into the STG [3, 10, 61. 
However, for I/O-implementability with the fixed in- 
terface of the design CSC-violations can be classi- 
fied into reducible and irreducible. Reducible CSC- 
violations can be solved by adding new non-input sig- 
nals, irreducible violations require changes in the in- 
terface between the circuit and the environment. 
3.4 CSC reducibility 
With every sequence q feasible in SG we will as- 
sociate the unbalanced set of q that contains all the 
signals for which the numbers of their + and - tran- 
sitions in q are not equal. 
Definition 3.5 (1) A n  SG is called deterministic 
with respect to signal transition a* i f  for any state 
s there is at most one state s l  such that s 2 sl. 
The SG is deterministic i f  it is deterministic for all 
signal transitions. (2) A n  SG is called commutative 
with respect to signal transitions a* and b* i f  for any 
states s ,s l ,s2,s3,s4 such that s 2 sl 3 93 and 
s 3 92 5 94, 93 is equal to 94. The SG is com- 
mutative if it is commutative for all pairs of signal 
transitions. (3) A n  SG has mutually complementary 
input sequences if there is a state s which gives rise to 
two distinct finite sequences of input transitions which 
have the same unbalanced sets and which lead to two 
different states. 
It might be shown that a consistent and persistent 
SG of a bounded STG is CSC-reducible if it is deter- 
ministic, commutative and free from mutually comple- 
mentary input sequences. The following proposition 
shows the list of properties necessary and sufficient 
for the I/O-implementability of STGs. 
Proposition 3.2 A n  STG is I/O-implementable iff 
it is bounded and its SG is consistent, persistent and 
CSC-reducible. 
Obviously, if an STG has a SG that obeys CSC 
requirement, then the STG is gate-implementable. 
3.5 Fake conflicts 
In this section we demonstrate another property of 
STG, of a well-formedness type, which can be helpful 
in two ways. Firstly, it will provide a useful mechanism 
for performing efficient verification of commutativity 
and persistency within the BDD-framework, where the 
SG is not available in its explicit form. Secondly, it 
can assist the designer in optimising the initial STG 
description. 
Definition 3.6 (Fake conflict) [5] A direct conflict 
between two signal transitions a,* and bj* is called 
fake if the firing of one of them does not disable the 
signal of the other. 
Figure 4 shows two types of fake conflicts: asym- 
metric and symmetric. Obviously, if the STG has 
a commutative SG, then each symmetric fake con- 
flict must correspond to the commutative subgraphs 
of the STG and the SG, and can therefore be always 
transformed to the equivalent parallel subgraphs of the 
328 
m m 
*"I/ Ybj *"I/ VJ 
Figure 4: Fake conflicts 
STG and SG as exemplified in Figure 3.  Asymmet- 
ric fake conflicts involving at least one non-input sig- 
nal always contradict one of the persistency conditions 
in Definition 3.2 and therefore lead to  the violations 
of SI-implementabdity. Asymmetric fake conflicts be- 
tween two input signals are not dangerous, since they 
are interpreted as a choice between two alternative 
traces. 
An STG is called fake-free STG if there are no sym- 
metric fake conflicts and there are no asymmetric fake 
conflicts involving a non-input signal. The following 
properties [5] illustrate use of fake conflicts: ( 1 )  If an 
STG has the persistent and commutative SG, then it 
can always be transformed to the equivalent fake-free 
STG. ( 2 )  A fake-free STG is commutative. (3) A fake- 
free STG has a persistent SG iff all transitions labelled 
with non-input signals are persistent. 
Therefore, one can either exclude fake conflicts by 
an equivalent transformation of the STG or the STG 
(and its SG) is not persistent and hence not I/O- 
implementable. Therefore, in the analysis of imple- 
mentability we always reject STG specifications with 
symmetric fake conflicts and non-input asymmetric 
fake conflicts. Fake conflicts can be analyzed by the 
structure of the STG and that is much simpler than 
the check for commutativity. 
4 Modeling Petri nets and STGs with 
logic functions 
Given an n-variable logic function f : B" -+ B, the 
functions f i E i  = f ( x 1 , .  . . , x i - l , l , s i + l , .  . . , x n )  and 
f,: = f ( x 1 ,  ..., x;-1,O,x;+1, ..., s,) are called the 
positive and negative cofactors of f with respect to 
x i .  The definition of cofactor can be extended to cubes 
(sets of literals). The existential abstraction o f f  with 
respect to zi is defined as: 3,. f = f i i  + f,!. 
Let N = (P,T,  F, mo) be a safe Petri ndt and Mp 
the set of all markings of N (n = IP(,IMpI = 2"). 
A marking can be represented by a boolean vec- 
tor m = (p1, ... ,pn), where p i  = l ( p i  = 0) d e- 
notes that p i  is marked (not marked) ' .  Each set of 
'Unsafe k-bounded places can be represented by several 
boolean variables [9]. 
markings M E 2Mp has a characteristic logic func- 
tion X M  : Bn + B, that equals 1 for those ver- 
tices that correspond to  markings in M. For exam- 
ple, given the Petri net depicted in Figure 1,a , the 
characteristic function of the set of markings M = 
{(~,~,~,~,~,O,O,O,O), (0,1,1,0,~,~,0,0,0), (1,~,0,0,1,~,~,0,0), 
(1,1,1,0,1,0,0,0,0), ( I , ~ , ~ , ~ , ~ , ~ , ~ , ~ , ~ )  } is calculated as 
the disjunction of boolean vectors m E M. The re- 
sulting function is X M  = plp4p5p6p7p,(pop2 + p i ) .  
The transition function of a Petri net is a function 
6~ : 2MP x T - 2Mp, that transforms, for each 
transition, a set of markings MI into a new set of 
markings M2 as follows: M2 = bN(M1, t )  = (m2 E 
M p  : 3ml E M1,ml  5 mz}. Computation of the 
transition function can be efficiently implemented by 
using the topological information of the PN.  Let us 
present the characteristic function of some important 
sets related to  a transition t E T: 
1 1 1 1  
E(t) = A pi  ( t  enabled), 
P 1 E . t  
ASM(t )  = A pi (all successors marked), 
pi E t .  
NPM( t )  = A pi (no predecessor marked), 
P i E * t  
NSM(t)  = A pi (no successor marked). 
P i E t .  
Given these characteristic functions, the transition 
function can be computed as follows: 
6N(M, t>  = (ME(,) 'NPM(t) )NSM(t)  ' ASM(t ) -  
Assume that in the example of Figure 1,we calcu- 
late MI = 6p, (M, t l )  given the set M = poplpL(p5pk + 
pbp6) + p:p3p5pkp:. First,  ME(^,) (cofactor of M 
with respect to E(tl) = p l )  selects those markings 
in which t l  is enabled and removes its predecessor 
places from the characteristic function  ME(,^, = 
popa(p5p&+pkp6)). Then the product with NPM(t1) = 
p i  eliminates the tokens from the predecessor places 
Next, 
the cofactor with respect to NSM(t1) = p i  re- 
moves all the successor places, obtaining   ME(,^, * 
NPM(t l ) )NSM(t , )  = pOP:(pSPk -k PkP6). Finally, the 
product with ASM(t l )  = p2 adds a token in all the 
successor places of tl  (MI = pop:p2(p5pk + p:p6)). 
Let D = (N, SA, A) be an STG with N as underly- 
ing Petri net. Let G be the SG corresponding to the 
STG D, and C the set of labels (state codes) of the 
states of G. Since there is a correspondence between 
markings of N and states of G, we represent the full 
state of the STG by the vector y = ( m , ~ ) ,  where m 
is a marking of N and s the state code of the corre- 
sponding state in G, respectively. 
The transition function can now be extended for 
STGs as a function 60  : 2 ( M p X C )  x T + 2(MPxc) .  
NPM(t1) = pOp:p~(P5Pk + P' ,P6) ) .  
329 
For a set of full states M F ,  SD is defined as follows: 
( 6 ~ ( M ~ , t ) ) ~ i  * a if X ( t )  = a,+ 
S N ( M F ,  t ) )a  a’ if X ( t )  = ai- s D ( M F , ~ )  = { ( 
5 Verification of implementability con- 
dit ions 
STG implement ability properties can be verified by 
calculating all reachable markings (states) of the STG. 
Given the initial marking mo of N and the initial val- 
ues of the signals SO, the set of states of an STG can 
be calculated by using symbolic traversal techniques, 
similar to those used for the verification of finite state 
machines. 
Figure 5 describes an algorithm for symbolic traver- 
sal. It starts from an initial full state (mo,so). For 
each outermost iteration, all transitions of the Petri 
net are visited and fired from all the new states found 
so far. The algorithm halts when a fixed point is 
reached (no new states are generated). 
tmuerse-STG (D) { 
Reached = From = {(mol so)}; 
repeat 
for each t E T do 
To = 60( From, t); 
From = From U To; 
New = From - Reached; 
Reached = Reached U New; 
From= New; 
endfor 
until ( New = 8) ;  
return Reached; /* The set of reachable states of D */ 
1 
Figure 5: Algorithm for symbolic traversal of an STG 
5.1 Boundedness and consistency 
The check that an STG (PN) is k-bounded or safe 
can be done within the BDD-framework by means of 
the technique described in [9]. 
Verifying that the STG is consistent can be done 
during the traversal, by checking the consistency of 
the new generated states. We first define the following 
characteristic function: 
E(a*) = v E ( t )  (a* is enabled) 
The characteristic function of the states with in- 
consistent assignment is derived according to Defini- 
tion 3.1: 
Inconsistent(a+) = E(a+) . a(a + enabled and a = 1) 
t:X(t)=a* 
Inconsistent(a-) = E(a- )  . a’(a - enabled and a = 0) 
Inconsistent(a) = Inconsistent(a+) + Inconsistent(a-) 
Inconsistent(D) = v Inconsistent(a) 
a€Sa 
Let us call R ( D )  the set of reachable states (markings 
and binary codes) of the STG D. D is inconsistent if 
R( D ) n  Inconsistent( D) # 0. 
An additional problem may appear in case the state 
assignment of the initial marking is unknown. A simple 
solution for that is to initially assign a “don’t care” value 
for all signals (or equivalently, to not encode signals in the 
initial marking). As soon as a marking with some a;+ 
enabled is generated, all reachable markings obtained so 
far are encoded with a = 0 (similarly for ai-).  
5.2 Persistency 
A transition can only be non-persistent if some of its in- 
put places is a conflict place (more than one predecessor). 
For some classes of Petri nets persistency is guaranteed by 
the structure of the net, e.g. marked graphs are always 
persistent since all places have only one successor transi- 
tion [7]. 
An algorithm to check transition persistency is shown 
in Figure 6(a). Only pairs ( & , t i )  of transitions with some 
common predecessor place are analyzed. Let R ( N )  be the 
set of reachable markings of N .  The set of markings with t; 
enabled are calculated. Next, the set of markings reachable 
in one step by firing some transition tj # t; are obtained. 
If ti is not enabled in any of those markings, then t; is 
not persistent. A similar algorithm to check the signal 
persistency is given in Fig. 6(b). 
5.3 Complete State Coding 
The CSC requirement can be checked for each non- 
input signal by defining the following characteristic func- 
tions: 
ER(a+) = 3 p  ( R ( D )  . E(a+))  
ER(a-) = 3 p  ( R ( D ) .  E(u- ) )  
QR(a+) = 3 p  ( R ( D ) .  U - E ( u - ) )  
QR(a-) = 3 p  ( R ( D )  * U’ - E(u+)) 
ER(a*) is the set of binary codes that correspond to 
states in which some a;* is enabled (a set of ezcitation 
regions). It is obtained by abstracting the places ( 3 ~ )  
from the states of the excitation region. QR(a+) (a set of 
quiescent regions) is the set of binary codes that correspond 
to states in which a = 1 but a- is not enabled (similarly 
for QR(a-)). 
The CSC requirement for non-input signal a can now 
be checked as follows [8]: 
CSC(a) = (ER(a+)nQR(a-) = 0)A(ER(a-)nQR(a+) = 0) 
330 
transition-persistency ( N )  { 
for each p E P ,  lp*l > 1 do 
for each ti E p* do 
Enabled = R ( N )  . E(t ; ) ;  
for each tj E p * ,  ti # tj do 
if (a,( Enabled, t i )  n E(ti)’ # 8) 
error (“ti disabled by t j ” ) ;  
end for 
end for 
end for 
1 
( 4  
signal-persistency ( N )  { 
for each p E P ,  Ip*I > 1 do 
for each ti E p* do 
Enabled = R ( N )  . E(&);  
for each t ,  E p*,  ti # tj do 
/* Let X(t;) = a;* and X(tj) = bj* */ 
if ( 6 ~ (  Enabled, t i )  n E(a*)‘ # 8) 
error (“a* disabled by b*”); 
end for 
end for 
end for 
1 
(b) 
Figure 6: Algorithms to verify persistency 
CSC(D)= A CSC(a) 
a E S o U S H  
The CSC-irreducibility check can draw upon the results 
of the above CSC analysis. To check the existence of mu- 
tually complementary input sequences, we can proceed for 
each non-input in the following way: 
Let CONT(a) be the set of contradictory states for non- 
input a, defined by CONT(a) = (ER(a+) n QR(a- ) )  U 
(ER(a-)  n QR(a+)).  We first take all the states in 
(QR(a+)UQR(a-))nCONT(a), and then traverse the net 
backward with “frozen” non-inputs (i.e., firing only input 
signals) until the fixed point is reached. Then the for- 
ward traversal with frozen non-input signals is performed 
from the set of states obtained by the backward traver- 
sal. As a result, the set ReachedFroten is obtained. If 
ReachedFroten n (ER(a- )  U ER(a+)) n CONT(a) # 0, 
then there is a CSC problem for a with a mutually com- 
plementary input sequences. 
The set of states violating nondeterminism for signal 
change a* is trivially defined by: 
Uti.tiET, X(t; )=X(t j )=a*  E ( t i )  n E ( t j ) .  
Instead of the relatively complex commutativity check, 
which must be performed individually for each state with 
more than one enabled signal, we check the freedom from 
the fake conflicts. 
5.4 Fake conflicts 
One can simplify the check of both SG commutativity 
(another case for CSC-irreducibility) and persistency by 
checking for fake-freedom and transition persistency. An 
outline of the procedure which determines if there is any 
fake conflict in an STG D (N is the underlying PN)  with 
respect to a signal transition t;  is as follows: 
We start with the set of reachable states in which ti is 
enabled: Enabled = R ( N )  n E(t i ) .  Then for each t j ,  tk E 
T such that 3p E P : t i , t j  E p*,ti # tj ,tk # ti,tk # 
t i ,  X(tk) = A(ti) = a*, we check if the set of states reached 
from Enabled by firing tj contains at least one such state 
that enables tk, which is labelled with a* as t;  (formally, 
if 6N(Enabled,tj) flE(tk) # 8). If all these checks return 
false, the STG is fake-free with respect to t i .  The check 
for symmetric and asymmetric fake conflicts is a simple 
modification of this basic technique. 
6 Experimental results 
Several examples have been used to evaluate the ef- 
ficiency of the proposed algorithms. Most examples are 
scalable, in such a way that the number of states of the 
system can be exponentially increased by iteratively re- 
peating a basic pattern. Despite the regularity of these 
scalable examples, we have found that BDDs may have 
an exponential size if appropriate heuristics for variable 
ordering are not used. 
Table 1 shows the obtained results. CPU time for 
each algorithm is presented. First, STG traversal and 
consistent state assignment are executed simultaneously 
(T+C). Next, non-input persistence (NI-p) and commu- 
tativity (Com) are verified by using the set of reachable 
states. Finally, CSC is verified. Since the master-read and 
Muller’s pipeline examples are marked graphs (no conflict 
places), the CPU time to check persistency and commu- 
tativity is negligible. The BDD sizes reported in Table 1 
correspond to the size of the Reached set in the traversal 
algorithm. The number of variables of the BDD is the 
number of places plus the number of signals. The results 
show how STGs with a high degree of parallelism and an 
extremely vast state space can be verified in moderate CPU 
times. 
7 Conclusion 
We have presented formal conditions for an STG to be 
implemented by a speed-independent circuit under three 
different notions of behavioral equivalence. The most prac- 
tical one is Input-Output implementability, which takes 
into account specific requirements about the interface be- 
tween the circuit and its environment. This is reflected in 
the notions of persistency and CSC-reducibility. Consis- 
tency is also defined in a more general form than before 
- for a full state graph, thus covering the case when one 
marking of an STG may correspond to several different 
states. 
We have developed and implemented algorithms for 
checking these properties using symbolic rather than tradi- 
331 
# of BDD size # of # of 
Example n places signals states peak I final 
Table 1: Experimental results 
CPU (seconds) 
T+C I NI-p 1 CSC I Total 
tional explicit state-enumeration techniques. Such an ap- 
proach generates and explores the set of reachable states 
in the form of their boolean characteristic functions rep- 
resented by BDDs. Experimental results show that this 
method greatly reduces time spent on STG verification, 
thus improving the overall performance of the STG-based 
synthesis process. 
Acknowledgements 
We are grateful to Alexander Taubin for many useful 
discussions. 
References 
[l] Randal Bryant. Symbolic boolean manipulation with 
ordered binary-decision diagrams. A CM Computing 
Surveys, 24(3):293-318, September 1992. 
[2] T.-A. Chu. Synthesis of Self-timed VLSI Circuits from 
Graph-theoretic Specifications. PhD thesis, MIT, June 
1987. 
[3] M. Kishinevsky, A. Kondratyev, A. Taubin, and 
V. Varshavsky. Concurrent Hardware: The Theory 
and Practice of Self-Timed Design. John Wiley and 
Sons, London, 1993. 
[4] M. Kishinevsky and J. Staunstrup. Checking speed- 
independence of high-level designs. In International 
Symposium on Advanced Research in Asynchronous 
Circuits and Systems, pages 44 - 53, Salt Lake City, 
Utah, USA, November 1994. 
[5] A. Kondratyev and A. Taubin. On verification of 
the speed-independent circuits by STG unfoldings. 
In International Symposium on Advanced Research in 
Asynchronous Circuits and Systems, pages 64 - 75, 
Salt Lake City, Utah, USA, November 1994. 
[6] L. Lavagno and A. Sangiovanni-Vincentelli. Algo- 
rithms for synthesis and testing of asynchronous cir- 
cuits. Kluwer Academic Publishers, 1993. 
[7] T. Murata. Petri nets: Properties, analysis and ap- 
plications. Proceedings of IEEE, 77(4):541-580, April 
1989. 
(81 E. Pastor and J. Cortadella. Polynomial algorithms 
for the synthesis of hazard-free circuits from signal 
transition graphs. In Proceedings of the International 
Conference on Computer-Aided Design, pages 250- 
254, November 1993. 
[9] E. Pastor, 0. Roig, J. Cortadella, and R. Badia. Petri 
net analysis using boolean manipulation. In 15th In- 
ternational Conference on Application and Theory of 
Petri Nets, pages 416 - 435, Zaragoza, Spain, June 
1994. 
[lo] P. Vanbekbergen, F. Catthoor, G. Goossens, and 
H. De Man. Optimized synthesis of asynchronous con- 
trol circuits from graph-theoretic specifications. ZEEE 
Ransactions on Computer-Aided Design, pages 1426- 
1438, November 1992. 
Synthesis of hazard-free asyn- 
chronous circuits from generalised Signal-Transition 
Graphs. Technical Report Series 377, University 
of Newcastle upon Tyne, Computing Science, April 
1992. 
[ll] A. V. Yakovlev. 
332 
