automatic synthesis and verification of asynchronous interface controllers jordi...
Post on 21-Dec-2015
226 views
TRANSCRIPT
Automatic synthesis and verification of asynchronous
interface controllers
Jordi Cortadella Universitat Politècnica de Catalunya, Spain
Michael Kishinevsky Intel Corporation, USA
Alex Kondratyev Theseus Logic, USA
Luciano Lavagno Università di Udine, Italy
Enric Pastor Universitat Politècnica de Catalunya, Spain
Marco A. Peña Universitat Politècnica de Catalunya, Spain
Alexander Yakovlev University of Newcastle upon Tyne, UK
y-
a+ b+
x+ y+
c+
c-
a-
b-
x-
x+ y-
y+x-
a
b
xy
c
Specification(environment)
Implementation(circuit)
Why and why not?
• Asynchronous circuits: robustness, modularity, less power consumption, low EMI, no clock skew and many other debatable advantages
• Designing correct async circuits is difficult(hazards, testing)
• Designing efficient async circuits is a nightmare (time comes into play)
• Design automation is crucial
Outline
• Synthesis flow with STGs– Specification– State graph and next-state functions– State encoding– Implementability conditions– Logic decomposition
• Synthesis with relative timing assumptions
• Formal verification of timed circuits
Specification(STG)
State Graph
SG withCSC
Next-state functions
Decomposed functions
Gate netlist
Reachability analysis
State encoding
Boolean minimization
Logic decomposition
Technology mapping
DesignDesignflowflow
VME bus
DeviceLDS
LDTACK
D
DSr
DSw
DTACK
VME BusController
DataTransceiver
BusDSr
LDS
LDTACK
D
DTACK
Read Cycle
STG for the READ cycle
LDS+ LDTACK+ D+ DTACK+ DSr- D-
DTACK-
LDS-LDTACK-
DSr+
LDS
LDTACK
D
DSr
DTACK
VME BusController
Specification(STG)
State Graph
SG withCSC
Next-state functions
Decomposed functions
Gate netlist
Reachability analysis
State encoding
Boolean minimization
Logic decomposition
Technology mapping
DesignDesignflowflow
Binary encoding of signals
DSr+
DSr+
DSr+
DTACK-
DTACK-
DTACK-
LDS-LDS-LDS-
LDTACK- LDTACK- LDTACK-
D-
DSr-DTACK+
D+
LDTACK+
LDS+
State graph
DSr+
DSr+
DSr+
DTACK-
DTACK-
DTACK-
LDS-LDS-LDS-
LDTACK- LDTACK- LDTACK-
D-
DSr-DTACK+
D+
LDTACK+
LDS+
10000
10010
10110 01110
01100
0011010110
(DSr , DTACK , LDTACK , LDS , D)
QR (LDS+)QR (LDS+)
QR (LDS-)QR (LDS-)
Excitation / Quiescent Regions
ER (LDS+)ER (LDS+)
ER (LDS-)ER (LDS-)
LDS-LDS-
LDS+
LDS-
Karnaugh map for LDS
DTACKDSrD
LDTACK 00 01 11 10
00
01
11
10
DTACKDSrD
LDTACK 00 01 11 10
00
01
11
10
LDS = 0 LDS = 1
0 1-0
0 0 0 0 0 0/1?
1
111
-
-
-
---
- - - -
-
- ---
- - -
Specification(STG)
State Graph
SG withCSC
Next-state functions
Decomposed functions
Gate netlist
Reachability analysis
State encoding
Boolean minimization
Logic decomposition
Technology mapping
DesignDesignflowflow
Specification(STG)
State Graph
SG withCSC
Next-state functions
Decomposed functions
Gate netlist
Reachability analysis
State encoding
Boolean minimization
Logic decomposition
Technology mapping
DesignDesignflowflow
Implementability conditions
• Consistency + CSC + persistency
• There exists a speed-independent circuit that implements the behavior of the STG
(under the assumption that ay Boolean function can be implemented with one complex gate)
Specification(STG)
State Graph
SG withCSC
Next-state functions
Decomposed functions
Gate netlist
Reachability analysis
State encoding
Boolean minimization
Logic decomposition
Technology mapping
DesignDesignflowflow
Decomposition May Lead to Hazards
abcx1000
1100
b+
0100
a-
0110
c+
a
bz
cx
1
0
0
0
0
1000
11001100
0100
0110
1
1
0
0
0
1
1
1
0
0
0
1
1
0
0
0
1
1
1
1
0
1
0
1
0
y-
z- w-
y+ x+
z+
x-
w+
1001 1011
1000
1010
0001
0000 0101
0010 0100
0110 0111
0011
y-
y+
x-
x+w+
w-
z+
z-
w-
w-
z-
z-y+
y+
x+
x+
Decomposition example
yz=1yz=0
1001 1011
1000
1010
0001
0000 0101
0010 0100
0110 0111
0011
y-
y+
x-
x+w+
w-
z+
z-
w-
w-
z-
z-y+
y+
x+
x+
1001 1011
1000
1010
0001
0000 0101
0010 0100
0110 0111
0011
y-
y+
x-
x+w+
w-
z+
z-
w-
w-
z-
z-y+
y+
x+
x+
C
C
x
y
x
y
w
z
xyz
y
zw
z
w
z
y
s-
s+
s-
s-
s=1
s=0
1001 1011
1000
1010
0111
0011y+
x-
w+
z+
z-
0001
0000 0101
0010 0100
0110
x+
w-
w-
w-
z-
z-y+
y+
x+
x+
1001
1000
1010
y+
z-
0111
C
C
x
y
x
y
w
z
x
y
z
w
z
w
z
y
sy-
y-
z- w-
y+ x+
z+
x-
w+
s-
s+
s-
s+
s-
s-
s=1
s=0
1001 1011
1000
1010
0111
0011y+
x-
w+
z+
z-
0001
0000 0101
0010 0100
0110
x+
w-
w-
w-
z-
z-y+
y+
x+
x+
1001
1000
1010
y+
z-
0111
y-
Adding timing assumptions
LDS+ LDTACK+ D+ DTACK+ DSr- D-
DTACK-
LDS-LDTACK-
DSr+
DTACKD
DSr
LDS
LDTACK
csc
map
Adding timing assumptions
LDS+ LDTACK+ D+ DTACK+ DSr- D-
DTACK-
LDS-LDTACK-
DSr+
DTACKD
DSr
LDS
LDTACK
csc
map
LDTACK- before DSr+
FAST
SLOW
Adding timing assumptions
DTACKD
DSr
LDS
LDTACK
csc
map
LDS+ LDTACK+ D+ DTACK+ DSr- D-
DTACK-
LDS-LDTACK-
DSr+
LDTACK- before DSr+
Boolean domain
DTACKDSrD
LDTACK 00 01 11 10
00
01
11
10
DTACKDSrD
LDTACK 00 01 11 10
00
01
11
10
LDS = 0 LDS = 1
0 1-0
0 0 0 0 0 0/1?
1
111
-
-
-
---
- - - -
-
- ---
- - -
Boolean domain
DTACKDSrD
LDTACK 00 01 11 10
00
01
11
10
DTACKDSrD
LDTACK 00 01 11 10
00
01
11
10
LDS = 0 LDS = 1
0 1-0
0 0 - 0 0 1
1
111
-
-
-
---
- - - -
-
- ---
- - -
One more DC vector for all signals One state conflict is removed
Netlist with one timing constraint
LDS+ LDTACK+ D+ DTACK+ DSr- D-
DTACK-
LDS-LDTACK-
DSr+
DTACKD
DSr
LDS
LDTACK
csc
map
Netlist with one timing constraint
LDS+ LDTACK+ D+ DTACK+ DSr- D-
DTACK-
LDS-LDTACK-
DSr+
DTACK D
DSr LDS
LDTACK
LDTACK- before DSr+
TIMING CONSTRAINT
Types of timing assumptions
• Environment slower (or faster) than the circuit
• Gate delay shorter than another gate delay
• Speculative enabling (events enabled beforethey must actually occur)
• Indistiguishable firing times of different events
• . . .
Formal verification
• Implementability properties– Consistency, persistency, state coding …
• Behavioral properties (safeness, liveness)– Mutual exclusion, “ack” after “req”, …
• Equivalence checking– Circuit Specification– Circuit < Specification
Verifying asynchronous circuits
• Internal signals cannot be abstracted out(many more state signals and states)
• If delays must be taken into account, each gate is a component with delay
• Verification with timed automata results unmanageable (BDDs do not work): Gate = counter + state signal
• We need clever strategies to do symbolic model checking
x
a
a
b
b
b
c
c
c
c
c
g
g
dy
Timed Transition System(Manna, Pnueli)
• Transition System• Min/Max Delays
(a) [1,2](b) [1,2](c) [2.5,3](g) [0.5,0.5]
d,x,y
x
a b
c
d
g
[1,2] [1,2]
[2.5,3][0.5,0.5]
[0,)
[0,)
Maximum Time Separation (McMillan & Dill, 1992)
max (g) - (d)
0 0
0
02.5
3.5
longestmin path
for d-2
0
0
0
0
-1.5slack
for maxpath of g
= -2
x
a b
c
d
g
Maximum Time Separation (McMillan & Dill, 1992)
max (g) - (d) = -2
From absolute torelative timing
circuit gates untimed fail constr correct CPUalloc-outbound 11 82 20 4 Y 2mp- forward-pkt 8 186 70 8 Y 5dff 6 225 164 6 N 3half 7 227 133 1 N 0chu133 9 288 204 2 N 1converta 12 408 244 9 N 18nowick 10 510 292 4 Y 3chu150 8 520 339 3 N 2sbuf-send-ctl 13 1592 1081 18 N 71rpdft 8 2612 1841 2 N 2tsend-bm 12 3880 299 3 N 46sbuf-send-pkt2 13 45544 4044 17 Y 155ram-read-sbuf 16 19328 17488 34 Y 667mr1 16 20912 11460 8 Y 417mr0 20 727304 642291 2 N 223trimos-send 24 2.1 E6 1.8 E6 1 N 127mmu 22 5.6 E6 5.2 E6 5 N 1046
Conclusions
• An asynchronous circuit is a concurrent system with processes (gates) and communication (wires)
• The synthesis and formal verification of asynchronous control circuits can be totally automated
• The theory of concurrency is crucial to formalize automatic synthesis and verification methods
• Existing tools at academia: petrify, 3D, ATACS, Kronos, versify, etc.
• Industry starting to try: Intel, Theseus, Cogency, IBM, ...