à ÊÇÅÍÆ ËÀǼ Universität Augsburg Output-Determincy nd Asynchronous Circuit Synthesis Victor Khomenko Mrk Schefer Wlter Vogler Report 2007-02 Jnury 2007 Institut für Informtik D-86135 Augsburg
Copyright c Victor Khomenko, Mrk Schefer nd Wlter Vogler Institut für Informtik Universität Augsburg D 86135 Augsburg, Germny http://www.informtik.uni-augsburg.de ll rights reserved
Output-Determincy nd Asynchronous Circuit Synthesis Victor Khomenko 1, Mrk Schefer 2 nd Wlter Vogler 2 1 School of Computing Science, Newcstle University, UK victor.khomenko@ncl.c.uk 2 Institute of Computer Science, University of Augsburg, Germny mrk.schefer@informtik.uni-ugsburg.de wlter.vogler@informtik.uni-ugsburg.de Abstrct Signl Trnsition Grphs (STG) re formlism for the description of synchronous circuit behviour. In this pper we propose (nd justify) forml semntics of non-deterministic STGs with dummies nd ORcuslity. For this, we introduce the concept of output-determincy, which is relxtion of determinism, nd rgue tht it is resonble nd useful in the speed-independent context. We pply the developed theory to improve n STG decomposition lgorithm used to tckle the stte explosion problem during circuit synthesis, nd pplied this improved lgorithm to some benchmrk exmples. Keywords: output-determincy, decomposition, STG, synchronous circuits, OR-cuslity. 1 Introduction Asynchronous circuits re promising type of digitl circuits. They hve lower power consumption nd electromgnetic emission, no problems with clock skew nd relted subtle issues, nd re fundmentlly more tolernt of voltge, temperture nd mnufcturing process vritions. The Interntionl Technology Rodmp for Semiconductors report on Design [ITR05] predicts tht 22% of the designs will be driven by hndshke clocking (i.e., synchronous) in 2013, nd this percentge will rise up to 40% in 2020. In this pper we re concerned with n importnt subclss of synchronous circuits, clled speed-independent circuits, i.e., circuits which work correctly regrdless of their gtes delys (the wires re ssumed to hve no delys). Signl Trnsition Grphs (STGs) [Chu87] re formlism for the specifiction of such circuits. They re clss of interpreted Petri nets in which trnsitions re lbelled with the rising nd flling edges of circuit signls. When circuit is synthesised from n STG, it is often ssumed tht the specifiction is deterministic (in the sense of utomt theory), nd its semntics is the set of its possible trces, i.e., its lnguge. As the finl implementtion must be deterministic, it my seem resonble to confine oneself to deterministic specifictions only. However, sometimes this turns out to be too restrictive in prctice. There re severl situtions which nturlly give rise to non-deterministic specifictions which still cn be synthesised: Dummy trnsitions For convenience of modelling, the designers often use dummy trnsitions in STGs, which re silent trnsitions not corresponding to ny signl chnge. Such trnsitions mke the STG nondeterministic. OR-cuslity When modelling sitution with sfe Petri net, where the system hs to respond to ny of severl possible stimuli in the sme wy, non-determinism nturlly rises, 1 s shown in Fig. 1. ORcuslity hs been studied in [YKKL94,YKK + 96]. Hiding of signls Non-determinism nturlly rises when in deterministic specifiction some of the signls re hidden, s illustrted in Fig. 2. In fct, hiding of signls is n essentil prt of the decomposition lgorithm of [VW02,VK05], which we will improve in the present pper. 1 OR-cuslity cn lso be modelled s n non-sfe Petri net without non-determinism [YKKL94,YKK + 96], but in prctice sfe Petri nets re preferble s they re much esier to nlyse. 1
b + x + c + b x c + x + c + inputs:, b, c; outputs: x Figure 1: OR-cuslity (the interesting prt of the STG is highlighted): + nd b + re concurrent inputs, nd the output x + cn be produced upon rrivl of either of them. Note tht the two trnsitions lbelled x + re in dynmic uto-conflict, i.e., the specifiction is non-deterministic. However, it still cn be implemented by the deterministic circuit [x] = b. b c d x c x inputs:, b, c, d; outputs: x Figure 2: Non-determinism due to hiding. After hiding signls nd b, the STG becomes non-deterministic, but it cn be implemented (the system cn simply wit for c, nd produce x upon receiving it; input d cn be ignored). Note tht the two brnches fter the non-deterministic choice re not entirely symmetric, s the upper one hs n input d which is not present in the lower one. To the best of our knowledge, no stisfctory forml semntics of non-deterministic STGs nd in prticulr for dummy trnsitions 2 hs been given so fr (we will show below tht the lnguge is not stisfctory semntics in the non-deterministic cse). In this pper we propose (nd justify) forml semntics of non-deterministic STGs. For this, we introduce the concept of output-determincy, which is relxtion of determinism, nd rgue tht it is resonble nd useful in the speed-independent context; c.f. for exmple [Mil89] for the concept of determincy. As n importnt ppliction of the developed theory of output-determincy, we will generlise the decomposition lgorithm from [VW02, VK05] nd prove its correctness with our theory. We will now discuss how decomposition fits into the design flow for synthesising synchronous circuits from STGs. Petrify [CKK + 97,CKK + 02] is one of the commonly used tools for synthesis of synchronous circuits from STGs. For synthesis, it employs the stte spce of the STG, nd so suffers from the combintoril stte spce explosion problem. Tht is, even reltively smll STG my (nd often does) yield very lrge stte spce. This puts prcticl bounds on the size of control circuits tht cn be synthesised using such techniques, which re often restrictive, especilly if the specifiction is not constructed mnully by designer but rther generted utomticlly from high-level hrdwre descriptions. (For exmple, designing control circuit with more thn 20 30 signls with Petrify is often impossible.) Hence, this pproch does not scle. To cope with the stte spce explosion problem, Chu suggested nondeterministic method for decomposing n STG into severl smller ones [Chu87], see lso [KKT93]. The ide is tht ll components together cn be synthesised fster thn the originl STG while the corresponding circuits perform together in the sme wy s the circuit directly synthesised from the specifiction. While there re strong restrictions on the structure nd lbelling of STGs in [Chu87], the improved decomposition lgorithm of Vogler, Wollowski nd Kngsh [VW02, VK05] works under comprtively moderte restrictions on the lbelling only. In these previous ppers, the specifictions hd to be deterministic; here, we generlise this to output-determinte specifictions. 2 In prcticl STGs, the designers intuitively void using dummy trnsitions in situtions where their semntics would be mbiguous. However, such situtions do exist, in prticulr when firing dummy trnsition cn disble other trnsitions. 2
Our pproch lso llows to mke the decomposition lgorithm more efficient. Ech component is obtined from the originl STG by hiding some of the signls in it, nd then contrcting the corresponding trnsitions. The success of this lgorithm depends on the bility to securely (i.e., in behviour-preserving wy) contrct ll such trnsitions. If this is not possible, the lgorithm of [VK05] hs to bcktrck nd re-introduce some of the signls into the component, even if they re not relly needed for implementtion. In our new version of the lgorithm, one cn leve such non-contrcted hidden trnsitions in the component nd proceed with synthesis for component with fewer signls, which ws obtined in shorter time. While previously the components were deterministic nd correct by construction, our components cn be non-deterministic; to gurntee correctness, they hve to be checked for output-determincy in the end. The correctness proof for our version is essentilly just lnguge-bsed, nd might be esier to grsp thn the proofs in [VW02, VK05]. Furthermore, it is esier now to prove the vlidity of the STG-trnsformtions (like trnsition contrction) forming the hert of the decomposition lgorithm; it should now lso be esier to find further vlid trnsformtions. Another wy to cope with the stte spce explosion problem is to use syntx-directed trnsltion of the specifiction to circuit, thus voiding to build the stte spce. This is essentilly the ide behind Bls [EB02] nd Tngrm [Ber93]. This technique, lthough computtionlly efficient, often yields circuits with lrge re nd performnce overheds compred with synchronous counterprts. This is becuse the resulting circuits re highly over-encoded, i.e., they contin mny unnecessry stte-holding elements. For synchronous circuits to be competitive, one hs somehow to combine the dvntges of logic synthesis (high qulity of circuits) nd syntx-directed trnsltion (gurntee of solution, efficiency) while compensting for their disdvntges. A nturl wy of doing this is to pply logic synthesis to the control pth extrcted from Bls specifiction. This control pth cn be prtitioned into smller lumps which cn be hndled by logic synthesis, nd the lumps on which it fils (becuse of either inbility to find solution in the given gte librry or exceeding memory or time constrints) re implemented using the syntx-directed trnsltion. The initil experiments conducted in [CC06] showed tht this combined pproch cn hlf the re devoted to control flow nd improve its ltency, compred with the trditionl syntx-directed trnsltion, s long s the size of lumps which cn be confidently hndled by logic syntx is sufficiently lrge. The design flow dvocted in [CC06] is s follows. Given (potentilly lrge) specifiction STG, the encoding conflicts re resolved using n integer liner progrmming (ILP) technique to pproximte the stte spce of n STG. Then the resulting STG (free from encoding conflicts) is decomposed into smller components in such wy tht they re lso free from encoding conflicts, s described in [CC03]. (Typiclly, ech component is responsible for producing single signl.) Then these components re synthesised one-by-one using Petrify. This pproch cn hndle much lrger specifictions thn Petrify lone, but its sclbility is still limited since ILP is n NP-complete problem. With our decomposition lgorithm, we follow more sclble pproch, which tries to void performing expensive opertions (such s resolving encoding conflicts) on the originl specifiction. Observe tht our check for output-determincy is lso computtionlly hrd, but it is performed on smll components; in contrst, in [CC06] the NP-complete ILP-problems re solved for the full specifiction. The resulting components in our pproch, unlike those in the technique described bove, re generlly not free from encoding conflicts. If component hs n encoding conflict, it cn hppen due to one of the following two resons: (i) this conflict ws present lredy in the originl STG; or (ii) this conflict ws introduced becuse some of the signls preventing it in the originl STG re not present in the component. The technique described in [Sch06] llows one to check which of these two resons pplies, nd in cse (ii) to find signls which need to be dded to the component to prevent such encoding conflicts. Finlly, the remining encoding conflicts re resolved in ech component, nd they re synthesised. The pper is orgnised s follows: in the next section we introduce the bsic concepts of Petri nets nd STGs. In Section 3, the new notion of output-determincy is introduced nd justified; we give list of semnticspreserving trnsformtions, nd we nlyse the complexity of checking output-determincy. In the following section, we present our STG-decomposition lgorithm nd prove its correctness. We close with some first experimentl results nd conclusion. 2 Bsic Definitions This section provides the bsic notions for Petri nets nd STGs, for more detiled explntion cf. e.g. [CKK + 02]. 3
2.1 Petri Nets nd STGs A Petri net is 4-tuple N = (P, T, W, M N ) where P is finite set of plces nd T finite set of trnsitions with P T =. W : P T T P N 0 is the weight function nd M N the initil mrking, where mrking is function P N 0 which ssigns number of tokens to ech plce. A Petri net cn be considered s biprtite grph with weighted nd directed edges between plces nd trnsitions. If necessry, we write P N etc. for the components of N or P (P i ) etc. for the net N (N i ) etc. Anlogous conventions pply lter on. The preset of plce or trnsition x is denoted s x nd defined by x = {y P T W(y, x) > 0}, the postset of x is denoted s x nd defined by x = {y P T W(x, y) > 0}. These notions re extended to sets s usul. We sy tht there is n rc from ech y x to x. A trnsition t is enbled under mrking M if p t : M(p) W(p, t), which is denoted by M[t. An enbled trnsition cn fire or occur yielding new mrking M, written s M[t M, if M[t nd for ll p P M (p) = M(p) W(p, t) + W(t, p). A trnsition sequence v = t 1... t n is enbled under mrking M (yielding M ) if M[t 1 M 1 [t 2...M n 1 [t n M n = M, nd we write M[v, M[v M resp.; v is clled firing sequence if M N [v. The empty trnsition sequence λ is enbled under every mrking. M is clled rechble if trnsition sequence v with M N [v M exists. N is clled bounded if for every rechble mrking M nd every plce p M(p) k for some constnt k N; if k = 1, N is clled sfe. N is bounded if nd only if the set [M N of rechble mrkings is finite. In this pper we only consider bounded Petri nets, STGs resp. 00100 dtck dsr+ 00000 10000 ldtck ldtck ldtck lds+ dtck- dsr+ lds+ 01100 dtck dsr+ 01000 11000 10010 lds lds lds ldtck+ d- lds- ldtck- ldtck+ 01110 dtck dsr+ 01010 11010 M M 11010 d d+ dsr- dtck+ ds+ () inputs: dsr, ldtck; outputs: dtck, lds, d dsr dtck+ 01111 11111 11011 (b) Figure 3: An STG modelling simplified VME bus controller () nd its stte grph with CSC conflict between the underlined sttes (b). The order of signls in the binry encodings is: dsr,ldtck,dtck,lds,d. An STG is tuple N = (P, T, W, M N, In, Out, l) where (P, T, W, M N ) is Petri net nd In nd Out re disjoint sets of input nd output signls. For Sig := In Out being the set of ll signls, l : T Sig {+, } {λ} is the lbelling function. Sig {+, } or short Sig ± is the set of signl edges or signl trnsitions; its elements re denoted s s +, s resp. insted of (s, +), (s, ) resp. A plus sign denotes tht signl vlue chnges from logicl low (written s 0) to logicl high (written s 1), nd minus sign denotes the other direction. We write s ± if it is not importnt or unknown which direction tkes plce; if such term ppers more thn once in the sme context, it lwys denotes the sme direction. To keep the nottion short, input/output signl edges re just clled input/output edges. An STG my initilly contin trnsitions lbelled with λ, which do not correspond to ny signl chnge. An exmple of n STG is shown in Figure 3() (cf. [CKK + 02]). Plces re drwn s circles contining number of tokens corresponding to their mrking. Unmrked plces which hve only one trnsition in their preset, postset resp. re not drwn if the corresponding rcs re weighted with 1; they re implicitly given by n rc between these two trnsitions. Trnsitions re drwn s rectngles together with their lbelling, the weight function s directed rcs xy (lbelled with W(x, y) if W(x, y) > 1). We lift the notion of enbledness to trnsition lbels: we write M[l(t) M if M[t M. This is extended to sequences s usul deleting λ-lbels utomticlly since λ is the empty word; i.e. M[s ± M mens tht sequence of trnsitions fires, where one of them is lbelled s ± while the others (if ny) re λ-lbelled. A sequence v (Sig ± ) is clled trce of mrking M if M[v, nd trce of N if M = M N. The lnguge of N is the set of ll trces of N nd denoted by L(N). 4
An STG is clled consistent if for ech signl s the edges s + nd s lternte in ll trces, lwys beginning with the sme signl edge. Only from consistent STGs circuit cn be synthesised. An STG hs dynmic conflict if there re different trnsitions t 1 nd t 2 such tht for some rechble mrking M: M[t 1 nd M[t 2, but p P : M(p) < W(p, t 1 ) + W(p, t 2 ). A dynmic conflict implies structurl conflict, i.e. t 1 t 2. The conflict is clled n uto-conflict if l(t 1 ) = l(t 2 ) λ. Simultions re well-known importnt device for proving lnguge inclusion or equivlence. A simultion from N 1 to N 2 is reltion S between mrkings of N 1 nd N 2 such tht (M N1, M N2 ) S nd for ll (M 1, M 2 ) S nd M 1 [t M 1 there is some M 2 with M 2[l 1 (t) M 2 nd (M 1, M 2 ) S. If such simultion exists, then N 2 cn go on simulting ll signls of N 1 forever. Often, nets re considered to hve the sme behviour if they re lnguge equivlent. Another, more detiled behviour equivlence is bisimultion. A reltion B is bisimultion between N 1 nd N 2 if it is simultion from N 1 to N 2 nd B 1 is simultion from N 2 to N 1. If such bisimultion exists, we cll the STGs bisimilr; intuitively, the STGs cn work side by side such tht in ech stge ech STG cn simulte the signls of the other. For deterministic STGs, lnguge equivlence nd bisimultion coincide. The rechbility grph RG N of n STG N is n edge-lbelled directed grph on the rechble mrkings with M N s root; there is n edge from M to M lbelled l(t) whenever M[t M. RG N cn be seen s finite utomton (where ll sttes re ccepting), nd L(N) is the lnguge of this utomton. For n exmple consider Figure 3(b). N is deterministic if its rechbility grph is deterministic utomton, i.e. if it contins no λ-lbelled trnsitions nd if for ech rechble mrking M nd ech signl edge s ± there is t most one M with M[s ± M. If RG N is not deterministic, one cn turn it into deterministic utomton with ccepting sttes only by well-known methods. (Note: this version of deterministic utomton is in generl not complete.) Thus, the λ- edges of the rechbility grph resulting from the λ-trnsitions re removed by utomt-theoretic methods. We cll this opertion deterministion nd denote the resulting deterministic finite utomton by DA(N). Observe tht utomt with ccepting sttes only cn be regrded s STGs (with the sttes s plces, the initil stte being the only mrked plce etc.); hence, ll definitions for STGs lso pply to utomt. In the following definition of prllel composition, we will hve to consider the distinction between input nd output signls. The ide of prllel composition is tht the composed systems run in prllel nd synchronise on common signls corresponding to circuits tht re connected on signls with the sme nme. Since system controls its outputs, we cnnot llow signl to be n output of more thn one component; input signls, on the other hnd, cn be shred. An output signl of one component cn be n input of one or severl others, nd in ny cse it is n output of the composition. A composition cn lso be ill-defined due to wht e.g. Ebergen [Ebe92] clls computtion interference; this is semntic problem, nd we will not consider it here, but lter in the definition of correctness. The prllel composition of STGs N 1 nd N 2 is defined if Out 1 Out 2 =. If we drop this requirement, the definition gives the synchronous product N 1 N 2, which will be techniclly useful. Let A = (In 1 Out 1 ) (In 2 Out 2 ) be the set of common signls. If e.g. s is n output of N 1 nd n input of N 2, then n occurrence of n edge s ± in N 1 is seen by N 2, i.e. it must be ccompnied by n occurrence of s ± in N 2. Since we do not know priori which s ± -lbelled trnsition of N 2 will occur together with some s ± -lbelled trnsition of N 1, we hve to llow for ech possible piring. Thus, the prllel composition N = N 1 N 2 is obtined from the disjoint union of N 1 nd N 2 by combining ech s ± -lbelled trnsition t 1 of N 1 with ech s ± -lbelled trnsition t 2 from N 2 if s A. In the forml definition of prllel composition, is used s dummy element, which is formlly combined e.g. with those trnsitions tht do not hve their lbel in the synchronistion set A. (We ssume tht is not trnsition or plce of ny net.) Thus, N is defined by 5
P = P 1 { } { } P 2 T = {(t 1, t 2 ) t 1 T 1, t 2 T 2, l 1 (t 1 ) = l 2 (t 2 ) A{+, }} {(t 1, ) t 1 T 1, l 1 (t 1 ) / A{+, }} {(, t 2 ) t 2 T 2, l 2 (t 2 ) / A{+, }} W 1 (p 1, t 1 ) if p 1 P 1, t 1 T 1 W((p 1, p 2 ), (t 1, t 2 )) = or W 2 (p 2, t 2 ) if p 2 P 2, t 2 T 2 W 1 (t 1, p 1 ) if p 1 P 1, t 1 T 1 W((t 1, t 2 ), (p 1, p 2 )) = or W 2 (t 2, p 2 ) if p 2 P 2, t 2 T 2 l((t 1, t 2 )) = { l1 (t 1 ) if t 1 T 1 l 2 (t 2 ) if t 2 T 2 { MN1 (p M N = M N1 M N2, i.e. M N ((p 1, p 2 )) = 1 ) if p 1 P 1 M N2 (p 2 ) if p 2 P 2 In = (In 1 In 2 ) (Out 1 Out 2 ) Out = Out 1 Out 2 Clerly, one cn consider the plce set of the composition s the disjoint union of the plce sets of the components. Therefore, we cn consider mrkings of the composition (regrded s multisets) s the disjoint union of mrkings of the components s exemplified bove for M N, nd we will lso write mrking M 1 M 2 of the composition s (M 1, M 2 ). Figure 4 shows n exmple of prllel composition. For simplicity, plce of the composition is denoted s p insted of (p, ) or (, p), nd the sme pplies to unsynchronised trnsitions. For synchronised trnsitions, we write t i j insted of (t i, t j ). To keep the exmple smll, we use only signls s lbels insted of signl edges. p3 [ t31] [ t32] p7 p3 [ t31_32] p7 [ t 01_32] p2 w [ t2 ] p4 x [ t4 ] p2 w [ t2 ] p4 x [ t4 ] p0 p5 p0 p5 [ t 01] [ t02] [ t 01_02] [ t31_02] p1 p1 p6 p6 y [ t1 ] N 1 z [ t5 ] y [ t1 ] N 2 N 1 N 2 z [ t5 ] Figure 4: Prllel composition exmple In the exmple, there re two trnsitions with lbel in N 1 t 31 nd t 01 nd two in N 2 t 32 nd t 02. Ech trnsition with lbel in N 1 should be synchronised with ech trnsition with lbel in N 2. Therefore, in N 1 N 2, there re four trnsitions with lbel. Note tht though there is synchronistion between t 01 nd t 32 (nd between t 31 nd t 02 ), the synchronised trnsition t 01 32 (nd t 31 02 ) in N 1 N 2 will never fire. By definition of, the firing (M 1, M 2 )[(t 1, t 2 ) (M 1, M 2 ) of N corresponds to the firings M i[t i M i in N i, i = 1, 2; here, the firing of mens tht the empty trnsition sequence fires. Therefore, ll rechble mrkings of N hve the form (M 1, M 2 ), where M i is rechble mrking of N i, i = 1, 2. This cn esily be checked for the exmple in Figure 4. 6
If the components do not hve internl trnsitions, then lso their composition hs none; it is esy to see tht N is deterministic if N 1 nd N 2 re. But note tht N might hve structurl uto-conflicts even if none of the N i hs; cf. Figure 4. It should be cler tht, up to isomorphism, composition is ssocitive nd commuttive. Therefore, we cn define the prllel composition of finite fmily (or collection) (C i ) i I of STGs s i I C i, provided tht no signl is n output signl of more thn one of the C i. We will lso denote the mrkings of such composition by (M 1,...,M n ) if M i is mrking of C i for i I = {1,..., n}. We now introduce trnsition contrction (see e.g. [And83] for n erly reference), which will be most importnt in our decomposition procedure. We essentilly repet from [VK05], where further discussions cn be found. Definition 2.1 (Trnsition Contrction) Let N be n STG nd t T with l(t) = λ, t t = nd W(p, t), W(t, p) 1 for ll p P. We define the t-contrction N of N by P = {(p, ) p P ( t t )} {(p, p ) p t, p t } T = T {t} W((p, p ), t 1 ) = W(p, t 1 ) + W(p, t 1 ) W(t 1, (p, p )) = W(t 1, p) + W(t 1, p ) l = l T M N ((p, p )) = M N (p) + M N (p ) In = In Out = Out In this definition, P T is dummy element; we ssume W(, t 1 ) = W(t 1, ) = M N ( ) = 0. We sy tht the mrkings M of N nd M of N stisfy the mrking equlity if for ll (p, p ) P M((p, p )) = M(p) + M(p ). For two different trnsitions t 1, t 2 with t 1 t t 2, we cll the unordered pir {t 1, t 2 } new conflict pir whenever t t 1 nd t t 2 in N (or vice vers); if l(t 1 ) = l(t 2 ) λ, we spek of new structurl uto-conflict. A trnsition contrction is clled secure if either ( t) {t} (type-1 secure) or (t ) = {t} nd M 0 (p) = 0 for some p t (type-2 secure). Note tht, in generl, N might fil to be consistent (see below), even if N is; but secure contrctions preserve consistency [VK05]. Figure 5 () shows prt of net nd the result when the λ-trnsition is contrcted. In mny cses, the preset or the postset of the contrcted trnsition hs only one element, nd then the result of the contrction looks much esier s e.g. in Figure 5 (b). Here, the b + - nd the c + -lbelled trnsition form new conflict pir; note tht this is lso true, if they lredy hd common plce (not drwn) in their presets in N they now hve new such plce. The following theorem of [VK05] nd the succeeding corollry of its second prt re relevnt in the following: Theorem 2.2 Let N be secure contrction of N. 1. If the contrction is of type 1, then N nd N re bisimilr. 2. If the contrction is of type 2, then there is simultion S from N to N such tht S 1 is contined in the simultion B = {(M, M) M nd M stisfy the mrking equlity} from N to N. 3. N nd N re lnguge equivlent, hence consistency-preserving. Corollry 2.3 If N is type-2 secure contrction of N, then the simultion of S in Theorem 2.2.2 is redy simultion from N to N, i.e. simultion where (M, M) S implies M[s ± if nd only if M[s ± for ll signls s. We conclude this section by defining redundnt trnsitions nd plces; the deletion of such trnsition, plce resp., (including the incident rcs) is nother opertion tht cn be used in our decomposition lgorithm. A redundnt trnsition is λ-trnsition t, where either ech plce p t t forms loop with t with two rcs of the sme weight (t is loop-only trnsition) or some other λ-trnsition hs rcs to nd from the sme 7
+ 1 2 b+ + b+ N c+ 3 t 4 5 e+ t-contrction c+ 1,3 1,4 1,5 2,3 2,4 2,5 e+ N d+ d+ () + 1 + N b+ t 2 3 t-contrction b+ 1,2 1,3 N c+ x+ c+ x+ (b) Figure 5: plces with the sme weight s t (which is duplicte trnsition). In this pper, we lso spek of duplicte nd redundnt trnsition if the two trnsitions in question re lbelled with the sme signl edge. A plce p of n STG N is (structurlly) redundnt (see e.g. [Ber87]) if there is set of plces Q with p Q, vlution V : Q {p} N nd some c N 0 which stisfy the following properties for ll trnsitions t: V (p)m N (p) q Q V (q)m N(q) = c V (p)(w(t, p) W(p, t)) q Q V (q)(w(t, q) W(q, t)) 0 V (p)w(p, t) q Q V (q)w(q, t) c The first two items ensure tht p is something like liner combintion of the plces in Q with fctors V (q)/v (p). Indeed, for the cse c = 0, the first item sys tht p is such combintion initilly; the second item, in the cse of equlity, sys tht this reltionship is preserved when firing ny trnsition. The proof tht p is indeed redundnt rgues tht the vluted token number of p is t lest c lrger thn the vluted token sum on Q for ll rechble mrkings, while the third item sys tht ech trnsition or t lest ech output trnsition needs t most c vluted tokens more from p thn from the plces in Q; this shows tht for the enbling of trnsition the presence or bsence of p does not mtter. Proposition 2.4 If N is obtined from n STG N by deleting redundnt trnsition or plce, then N nd N re bisimilr. 2.2 STGs nd Asynchronous Circuits STGs re widely used for specifying the behviour of synchronous circuits. Such circuit hs input signls, which re controlled by the environment, nd output signls, whose vlues re chnged by the circuit. The STG describes which output signls should be performed. We now explin the importnt concept of complete stte coding (CSC). For n STG N, stte vector is function sv : Sig {0, 1} where 0 mens logicl low nd 1 logicl high. A stte ssignment ssigns stte vector to ech mrking M of RG N denoted by sv M. 8
A stte ssignment must stisfy for every signl x Sig nd every pir of mrkings M, M [M N : M[x+ M implies sv M (x) = 0, sv M (x) = 1 M[x M implies sv M (x) = 1, sv M (x) = 0 M[y ± M for y x implies sv M (x) = sv M (x) M[λ M implies sv M = sv M If such n ssignment exists, it is uniquely defined by these properties 3, nd the rechbility grph nd the underlying STG re consistent. From n inconsistent STG, one cnnot synthesise circuit. Figure 3(b) shows the rechbility grph of the STG in Figure 3(); every mrking is nnotted with its stte vector. If there is stte ssignment, N hs Complete Stte Coding (CSC) if ny two rechble mrkings M 1 nd M 2 with the sme stte vector (i.e. sv M1 = sv M2,) enble the sme output signls. Otherwise, N hs CSC conflict, cf. e.g. Figure 3(b), nd no circuit cn be synthesised directly. If CSC is violted, one tries to chieve it by the insertion of internl signls, i.e. outputs which re considered to be unknown to the environment, without chnging the externl behviour of the STG. 3 Output-Determincy In this section, we define in nturl wy when deterministic STG cn be regrded s correct implementtion of specifiction STG N; we only consider deterministic implementtions here, since the finl implementtion of N will be circuit, which is deterministic by nture. Considering the cse tht N is non-deterministic, we introduce the concept of output-determincy, which is relxtion of determinism. It turns out tht outputdeterminte STGs re exctly the STGs which hve correct implementtions ccording to our notion. Hence, non-output-determinte STGs re ill-formed (in prticulr, they cnnot be correctly implemented by circuit). This shows tht the lnguge is not stisfctory semntics of non-deterministic STGs in generl; in prticulr, synthesising the determinised stte grph of non-output-determinte STG my either fil or result in n incorrect circuit. For the clss of output-determinte STGs we show tht their lnguge is n dequte semntics, nd re-formulte the notion of correct implementtion purely in terms of the lnguge; this notion will ply n importnt role s prt of the invrint in the proof of correctness of our STG decomposition lgorithm described in Section 4, which we view s n importnt ppliction of the developed theory. Moreover, we introduce set of semntics-preserving STG trnsformtions, which re, in prticulr, used in our decomposition lgorithm. This set cn esily be extended since the definition of semntics-preserving is simple. Finlly, we nlyse the computtionl complexity of checking whether given STG is output-determinte for severl clsses of STGs, nd describe prcticl wy of checking it in the cse of divergence-free sfe or bounded STG. 3.1 Correct implementtions An STG N specifies the behviour of system in the sense tht the system must provide ll nd only the specified outputs nd tht it must llow t lest the specified inputs. As consequence, the system must be ble to perform t lest ll trces of N. In fct, N lso describes ssumptions bout the environment the system will interct with; nmely, the environment will only produce the inputs specified by N. A correct implementtion of N my llow dditionl inputs, but these inputs nd subsequent behviour will never occur in the envisged environment. In other words, when the system is running in proper environment, only trces of N cn occur. The implementtion my ctully hve fewer input signls thn N, keeping only those tht re relevnt for producing the required outputs. In this cse, the environment my provide irrelevnt inputs, but the implementtion simply ignores them nd in this sense, they re lwys llowed (e.g., in the STG in Fig. 2, inputs, b nd d re irrelevnt for producing x nd cn be ignored). The following definition ssumes deterministic implementtion (s it is the cse in circuit design), but the specifiction cn be non-deterministic. The projection of trce w of N onto the signls of C, obtined by deleting ll signl edges where the signl belongs to In N \ In C, is denoted by w C. Definition 3.1 (Correct Implementtion) A deterministic STG C is correct implementtion of n STG N if In C In N, Out C = Out N, nd for ll w nd ll M such tht M N [w M the following hold: 3 At lest for every signl s Sig which ctully occurs, i.e. M[s ± for some rechble mrking M. 9
y y x x () (b) inputs: ; outputs: x, y Figure 6: Non-semi-modulrity due to deterministion. A semi-modulr but not output-determinte STG () nd the non-semi-modulr STG (due to the choice between the outputs x nd y) obtined from it by deterministion (b). Note tht deterministion cn lso result in choice between n input nd n output (this would be the cse if y were n input). (C1) w C is trce of C, i.e., M C [w C M for some mrking M of C (note tht M is unique s C is deterministic); (C2) If In N nd M[ ±, then either M [ ± or In C ; (C3) If x Out N, then M[x ± iff M [x ±. This definition is formlistion of the considertions bove: the implementtion must be ble to perform ll trces of the specifiction, mybe dropping some irrelevnt input signls (C1); ll the inputs llowed by the specifiction must be llowed (or ignored) by the implementtion (C2); nd the implementtion must produce exctly the specified outputs (C3). In prticulr, every deterministic STG N is correct implementtion of itself. 3.2 The notion of output-determincy A non-deterministic specifiction cn perform the sme trce in two different wys, reching different sttes M 1 nd M 2. In the speed-independent context the only informtion vilble to the circuit is the execution history, i.e., the trce performed, 4 nd so n implementtion cnnot know whether its current stte corresponds to M 1 or M 2. Hence, deterministic implementtion must behve consistently with the specifiction no mtter in which of these mrkings it is. Our definition of correctness requires tht the implementtion must provide exctly the outputs enbled by M 1 nd exctly the outputs enbled by M 2. This is only possible if M 1 nd M 2 enble the sme outputs. In contrst, the implementtion must llow t lest the inputs enbled under M 1 nd the inputs enbled under M 2 ; this is very well possible, even if these sets of inputs differ i.e. the implementtion my llow the union of these sets or ny of its supersets. This observtion leds to our centrl notion of output-determincy. Definition 3.2 (Output-Determincy) An STG N is clled output-determinte if M N [w M 1 nd M N [w M 2 implies for every x Out N tht M 1 [x ± iff M 2 [x ±. For exmple, the STG in Fig. 2 is output-determinte fter hiding nd b. Clerly, deterministic STG is lso output-determinte; note lso tht in contrst to deterministic STG n output-determinte STG my contin λ-trnsitions. 3.3 Semntics of non-deterministic specifictions Now we demonstrte tht the notion of output-determincy is useful for defining semntics of non-deterministic specifictions (in prticulr, llowing λ-trnsitions), nd we lso justify this semntics. First of ll, the nïve pproch consisting in deterministion of non-deterministic specifiction using the usul procedure for finite stte utomt nd then proceeding with the synthesis is not lwys correct. In the context of STGs nd circuit synthesis, the result of deterministion cn mnifest some problems, e.g., non-semimodulrity, s illustrted in Fig. 6; Fig. 7 illustrtes much more dngerous scenrio, where the determinised STG contins no pprent problems but the resulting circuit is incorrect ccording to Definition 3.1. In both 4 In non-speed-independent context some dditionl informtion such s timing of events my help to resolve non-determinism. 10
x x () (b) inputs: ; outputs: x Figure 7: Incorrect deterministion: non-output-determinte STG before () nd fter (b) deterministion. The ltter STG, though implementble, is not correct implementtion of the originl specifiction, since it cn cuse filure in the environment by producing x when the environment does not expect it. cses, it is wiser to inform the designer of n error thn to determinise nd synthesise such specifiction. Below we show tht deterministion cn be sfe only for output-determinte specifictions. Semntic Rule 1. A non-output-determinte specifiction of speed-independent system cnnot be implemented deterministiclly nd thus is ill-formed. This rule cn be justified by the following result. Proposition 3.3 Let C be correct implementtion of N; in prticulr, C is deterministic. Then N is output-determinte. Proof. For the ske of contrdiction, suppose tht N hs trce w nd two rechble mrkings, M 1 nd M 2, such tht for some x Out N, M N [w M 1 [x ±, nd M N [w M 2 nd M 2 [x ±. Then, by (C1) of Definition 3.1, w C is trce of C; moreover, since C is deterministic, it hs unique rechble mrking M such tht M C [w C M. Now, by (C3) of Definition 3.1, M [x ± due to M 1 [x ±, nd, on the other hnd, M [x ± due to M 2 [x ±, contrdiction. Observe tht non-output-determinte STG lwys hs CSC conflicts, s, ccording to Definition 3.2, ny violtion of output-determincy implies the presence of two sttes which cn be reched by the sme trce (nd thus hve the sme encoding) nd enble different sets of outputs. It cn be shown tht such CSC conflict is irreducible, i.e. it cnnot be resolved by the insertion of internl signls into the STG (s performed e.g., by Petrify or Mpst) in such wy tht its externl behviour does not chnge. These new internl signls cn be treted s outputs which re ignored by the environment. The STG resulting from such n insertion will lwys hve violtion of output-determincy (nd thus CSC conflicts) gin. Further explntions nd proof cn be found in Appendix A. On the other hnd, output-determinte specifictions cn sfely be determinised, nd so there is no reson to distinguish between the specifiction itself nd its determinised form: Semntic Rule 2. The semntics of n output-determinte specifiction of speedindependent system is its (prefix-closed) lnguge. This rule cn be justified by the following result. Proposition 3.4 Let N be output-determinte nd C be the deterministic utomton DA(N) obtined by deterministion of the rechbility grph of N. Then C is correct implementtion of N. Proof. The deterministion does not chnge the lnguge; hence, M N [w M[s ± (w (Sig ± N ), s Sig N ) implies directly M C [w M [s ±. This proves (C1), (C2) nd the prt of (C3). To show the prt, ssume M [x ± (x Out N ). This implies M N [w M [x ± for some mrking M, otherwise the lnguge is not preserved. Since N is output-determinte, lso M[x ±. The proposed semntics hs interesting consequences, in prticulr, dedlock-free specifiction cn be equivlent to one with dedlocks, s illustrted in Fig. 8. Hence, rbitrry lnguge-preserving trnsformtions of output-determinte specifictions re llowed, s long s the resulting STG is still output-determinte. Tht is, there is no need to preserve stronger equivlences such s bisimultion. We discuss vlid trnsformtions in Section 3.4. 11
+ x + + x + x + x + x () (b) inputs: ; outputs: x Figure 8: Deterministion: n output-determinte STG N with dedlock () nd the dedlock-free STG obtined from N by deterministion (b). The ltter STG is correct implementtion of N; intuitively, the execution of x is correct, since it only occurs when the environment signlled with tht the system is in the lower brnch of N. The circuit [x] = implements either of these two STGs. In view of Semntic Rule 2, one would expect tht the notion of correct implementtion given in Definition 3.1 cn be re-formulted purely in terms of the lnguge if the specifiction nd the implementtion re known to be output-determinte. In fct, we generlise the definition to llow non-deterministic implementtion, s long s it is output-determinte. Definition 3.5 (Trce-Correct Implementtion) An output-determinte STG C is trce-correct implementtion of n output-determinte STG N if In C In N, Out C = Out N, nd for every trce w of N the following hold: (TC1) w C is trce of C; (TC2) If w C x ± is trce of C for some x Out C, then wx ± is trce of N. This definition cn be viewed s denottionl notion of correctness, s opposed to the opertionl one given in Definition 3.1. However, it should be emphsised tht this notion explicitly requires the specifiction to be output-determinte (i.e., this purely trce-bsed view is unble to distinguish between output-determinte nd non-output-determinte specifictions). The result below shows tht this notion is equivlent to Definition 3.1 if the implementtion is deterministic nd the specifiction is output-determinte. Proposition 3.6 (Justifiction of the notion of trce-correct implementtion) Let N be n output-determinte STG nd C be deterministic STG such tht In C In N nd Out C = Out N. Then C is correct implementtion of N iff it is trce-correct implementtion of N. We postpone the proof of this result until the next section, where it is formulted nd proven for the more generl cse of distributed implementtion C = i I C i. (Note tht C in the bove result cn be seen s being distributed implementtion comprised of single component.) 3.4 Vlid STG trnsformtions Due to Semntic Rule 2, ny lnguge-preserving STG trnsformtion of n output-determinte specifiction is vlid, s long s the resulting STG is output-determinte. However, it is desirble for trnsformtion to preserve non-output-determincy s well, so tht n ill-formed STG does not become well-formed fter its ppliction; tht is, trnsformtion should propgte errors rther thn eliminte them, so tht they cn eventully be detected. This motivtes the following notion. Definition 3.7 (LOD-equivlence nd LOD-trnsformtions) Two STGs N nd N re LOD-equivlent, denoted N lod N, if N nd N re both non-output-determinte, or N nd N re lnguge-equivlent nd both output-determinte. An STG trnsformtion is n LOD-trnsformtion if the originl nd the trnsformed STG re LOD-equivlent. One cn observe tht ny trnsformtion yielding bisimilr STG is LOD-trnsformtion, but there re LOD-trnsformtions which yield non-bisimilr STG, e.g., deterministion of n output-determinte STG, s illustrted in Fig. 9. Moreover, ny trnsformtion preserving the lnguge nd output-determincy cn be 12
+ c + + c + + b + b + inputs:, b, c Figure 9: Two LOD-equivlent STGs which re not bisimilr. mde into n LOD-trnsformtion if its domin is restricted to output-determinte systems. Below we list some LOD-trnsformtions which will be useful for our decomposition lgorithm. For one of the trnsformtions nd for further use, we first introduce some notions. Definition 3.8 For trnsitions t, t of some STG, t is (syntctic) trigger of t or triggers t if t t. A λ-trnsition t is wek trigger of t, if it triggers t or nother wek trigger of t. A trnsition t with l(t) λ is signl trigger of t, if it triggers t or wek trigger of t. A trnsition t is in wek syntctic conflict with t, if it is in syntctic conflict with t or with wek trigger of t. List of LOD-trnsformtions RedPD Deletion of redundnt plce. RedTD Deletion of redundnt trnsition. SecTC1 Type-1 secure contrction of λ-trnsition. LOD-SecTC2 Type-2 secure contrctions of λ-trnsitions restricted to output-determinte STGs. SecTC2 Type-2 secure contrctions of λ-trnsitions which re not in wek syntctic conflict with n output trnsition. The first three trnsformtions in this list lwys yield bisimilr STG nd thus re LOD-trnsformtions. Below we prove tht the remining two trnsformtions re lso LOD-trnsformtions. Theorem 3.9 If N is obtined from some STG N by LOD-SecTC2 or SecTC2, then N nd N re LOD-equivlent. Proof. A secure contrction gives lnguge-equivlent result in ny cse by Proposition 2.2. Now we consider n output-determinte N nd show tht N is lso output-determinte. If M N [w M 1 [x ± nd M N [w M 2 (w (Sig ± ), x Out), then M N [w M 1 nd M N [w M 2 with (M 1, M 1 ), (M 2, M 2 ) S for the redy simultion S of Corollry 2.3. Furthermore, M 1 [x ± due to simultion, M 2 [x ± due to outputdetermincy, nd M 2 [x ± due to redy simultion. This settles the cse of LOD-SecTC2, nd for SecTC2 (pplied to trnsition t) it only remins to show tht N is output-determinte if N is; so ssume the ltter. Consider firing sequences u, v of N such tht l(u) = l(v), M N [u [x ± nd M N [v M 1. We will now pply the simultion B of Theorem 2.2.2; to get result on the level of trnsitions, observe tht this reltion lso is simultion if the lbelling of N is λ for t nd the identity otherwise. This considertion implies tht e.g. u is simulted by u t, obtined by deleting ll occurrences of t in u. Thus, we get M N [u t [x ± nd M N [v t M 1. Since N is output-determinte nd l(u t ) = l(v t ), we hve M 1 [x ±. Therefore, we cn tke some t T nd miniml w T such tht M 1 [wt M 2, l(t ) = x ± nd l(w) = λ. By minimlity, ech trnsition in w triggers trnsition in wt ; hence ech trnsition in w is wek trigger of the output trnsition t nd ( ) does not shre preset-plce with t by ssumption of SectTC2 ; neither does t. We conclude the proof by showing inductively tht M 1 [w M 2 with w t = wt for some suitble M 2. As induction bse, we hve M 1 [λ M 1 nd M 1 [λ M 1. So ssume M 1 [w M nd M 1 [w t M for some prefix w t of wt, nd let t 1 be the next trnsition of wt. If M[t 1 M for some M, then M[t 1 M due to the simultion B. It remins to consider the cse tht M[t 1. We observe tht M[t 1 (i.e. in prticulr M((p, p )) W((p, p ), t 1 ) for ll p t nd p t ), tht M nd M coincide on the plces not djcent to t, nd tht 13
t 1 nd t do not shre preset-plce by ( ). Thus, the only reson for M[t 1 is tht for some p 0 t we hve W(p 0, t 1 ) > M(p 0 ). We choose p 1 t such tht m 1 = W(p 1, t 1 ) M(p 1 ) is mximl; m 1 is not negtive due to p 0. We check tht t cn fire m 1 times under M: for ll p t, we hve M(p) + M(p 1 ) = M((p, p 1 )) W((p, p 1 ), t 1 ) = W(p, t 1 ) + W(p 1, t 1 ), nd thus M(p) W(p 1, t 1 ) M(p 1 ) + W(p, t 1 ) m 1 ; recll tht t hs only rcs of weight 1. Firing t under M m 1 times gives mrking M, which stisfies the mrking equlity with M by Theorem 2.2.2. By our bove considertions nd choice of p 1, M enbles t 1 ; recll tht t 1 is only disbled becuse of some missing tokens in t nd even the lrgest of these deficits hs been compensted in M. Thus, M[t m1 t 1 M nd gin M[t 1 M due to the simultion B. Finlly, we note tht lso the deterministion of n output-determinte STG N cn be seen s n LODtrnsformtion. If N is output-determinte, then constructing DA(N) gives lnguge equivlent STG, which is not only output-determinte, but even deterministic. The sme is true if one dditionlly minimises the deterministic utomton. 3.5 Checking output-determincy In this section, we nlyse the complexity of checking output-determincy for severl clsses of STGs nd propose prcticl test for the cses of sfe or bounded divergence-free STGs. The coverbility problem is the problem of deciding whether given Petri net hs rechble mrking M covering given mrking M (i.e., M M ). The complementry problem will be clled the uncoverbility problem. A specil cse of the (un)coverbility problem is the single-plce (un)coverbility, where M = 1. The computtionl complexity of these problems for vrious Petri net clsses is well-understood [Esp98]. The following reduction from the single-plce uncoverbility problem to checking output-determincy forms the bsis of our lower complexity bounds nlysis. Proposition 3.10 Let N be sfe/bounded/unbounded Petri net nd p be one of its plces. Then one cn build, respectively, sfe/bounded/unbounded nd consistent STG N whose size is liner in the size of N nd which is outputdeterminte iff p is uncoverble. Proof. The STG N is obtined from N by treting ll its trnsitions s λ-lbelled nd ttching the following net frgment to p, where is new input nd x is new output: q p? x Note tht the obtined STG is consistent (since the new plce q prevents the new trnsitions from firing more thn once) nd belongs to the sme clss (sfe/bounded/unbounded) s N. Moreover, N is output-determinte iff p is uncoverble. Corollry 3.11 The problem of checking output-determincy is PSPACE-hrd for sfe nd bounded consistent STGs nd EX PSPACEhrd for unbounded consistent STGs. Proof. Follows from Proposition 3.10, the corresponding complexity results for the single-plce coverbility problem in [Esp98] nd the fct tht the spce clsses re closed w.r.t. complementtion. We complete our nlysis by giving tight upper bounds for the problem of checking the output-determincy for the cses of sfe nd bounded STGs. The bsis for this is the following non-deterministic lgorithm for checking whether the net is non-output-determinte. /* execute sequence σ of trnsitions without remembering it, */ /* non-deterministiclly choosing ech of its steps */ choose σ such tht M N N [σ (M 1, M 2 ) /* non-deterministiclly choose n output trnsition */ if t T N N : l(t) / Out then loop forever choose t T N N such tht l(t) Out /* check the non-output-determincy enbledness condition */ if M 1 [t then loop forever if M 2 [l(t) then ccept else loop forever 14
Given n STG N, the lgorithm builds the synchronous product N N nd nlyses its rechble mrkings. One cn observe tht in order to show tht N is non-output-determinte it is enough to demonstrte the existence of rechble mrking (M 1, M 2 ) of N N such tht M 1 [x ± M 2 [x ±, for some output x. In fct, this condition cn be simplified, without loss of generlity, replcing M 1 [x ± by t : M 1 [t l(t) = x ±. Using this observtion, one cn esily show the correctness of the bove lgorithm. Indeed, if it ccepts N then N is non-output-determinte; moreover, every non-output-determinte STG N cn be ccepted if the lgorithm mkes the proper sequence of choices (exploiting the power of non-determinism). Note tht for sfe nd bounded STGs, the memory requirement of this lgorithm is only polynomil in the size of N; in prticulr, one cn decide whether M 2 [l(t) t the lst step of the lgorithm by performing number of mrking coverbility tests liner in the size of N (one for ech l(t)-lbelled trnsition), where ech test cn be decided in PSPACE for sfe nd bounded STGs [Esp98]). Since the deterministic nd non-deterministic versions of PSPACE coincide nd the spce clsses re closed w.r.t. complementtion, the following holds. Proposition 3.12 Output-determincy cn be decided in PSPACE for sfe nd bounded STGs. Combined with Corollry 3.11, this result mens tht the problem of checking output-determincy is PSPACE-complete for sfe nd bounded STGs, nd the complexity remins the sme if the STG is known to be consistent. However, the lgorithm bove cnnot be used to clim tht output-determincy cn be decided in EX PSPACE for unbounded STGs, even though the property M 2 [l(t) t the lst step of the lgorithm cn be decided in EX PSPACE in this cse. The reson is tht the mount of memory consumed by the lgorithm cn become rbitrrily lrge due to the need to keep the current mrking of N N, whose size is unbounded. Hence, in this pper we leve the question bout the upper complexity bound for the cse of unbounded STGs open. (This cse is not very interesting from the prcticl point of view nywy.) Though the bove lgorithm is dequte for proving the theoreticl upper complexity bounds, it my be nontrivil to efficiently implement it in prctice. Therefore, we propose much simpler pproch for the prcticlly importnt cse of divergence-free STG, i.e., n STG which cnnot execute n infinite sequence of λ-trnsitions from ny of its rechble mrkings. 5 One cn observe tht in such cse the condition M 1 [x ± M 2 [x ± cn be simplified further to ( t : M 1 [t l(t) = x ± ) ( t : M 2 [t l(t) {x ±, λ}). The ltter cn be reduced to number of coverbility tests (by introducing complimentry plces) tht is polynomil in the size of N, or checked directly using, e.g., the unfoldings-bsed theory developed in [Kho03,Mel98]. 4 Decomposition into Output-Determinte Components In this section, we describe how the developed theory of output-determincy cn be pplied to derive n lgorithm for decomposition of STGs into smller components. First, we consider distributed implementtions, i.e., implementtions which cn be represented s prllel composition of STGs, nd derive correctness condition for such implementtions, which is consistent with the ones developed in the previous section. Then we describe our decomposition lgorithm nd formlly prove its correctness. 4.1 Correct Decompositions In this section, implementtions consisting of fmily of components (C i ) i I re considered. Recll tht we ssume ll STGs to be bounded; this is preserved by ll LOD-trnsformtions described in this pper. For ech of the C i, synthesis is performed seprtely nd the resulting circuits re simply connected with wires for their common signls. Clerly, n output must be produced by only one component. On the other hnd, severl components cn listen to the sme signl, produced by the environment or nother component. On the level of STGs, this is cptured by the prllel composition of the (C i ) i I. We first specilise Definition 3.1 to fmilies of components, dditionlly tking cre of computtion interference s explined below. Definition 4.1 (Correct Decomposition) Let N be n STG nd C = df i I C i be prllel composition of deterministic components. Then (C i ) i I is correct distributed implementtion of N, if C is correct implementtion of N (cf. Definition 3.1) nd the following holds: (C4) If w is trce of N, M C [w C (M i ) i I for some mrking (M i ) i I of C, nd M j [x ± for some j I nd x Out j, then (M i ) i I [x ± (no computtion interference). Here, nd whenever we hve collection (C i ) i I in the following, Out i stnds for Out Ci etc. 5 A prcticl sufficient condition for divergence-freeness cn be obtined using T-invrints [Mur89]. 15