design of divergence-free protocol converters using ... - ResearchGate

is usually unnecessary and can be resolved to obtain adeterministic converter using various heuristics.In addition, X has several states, which indicateviolations. One trap state, 4, is reached by the tracesincluding illegal inputs, e.g., (d0cx, d0cx). On the otherhand, illegal outputs lead to the escape states: 11, 5, and15. These states are reached by traces like (d0cx, a0xc,a0xc). However, the successors of these states are notall escape states. After reaching an escape state, inputsmight lead to state 4, and outputs lead to other escapestates. This means that the automaton is not safetyhealthybecause the escape set (of traces) produced isnot suffix-closed [3].equivalent. Hence they are merged into one escapestate. On the other hand, the upgrade algorithm allowsus to detect the absence of a solution to the supervisorycontrol problem. This is indicated by yielding an emptysolution, which consists of a single escape state.a1csd0sc0Acc1 a1cs 25d1sca0cs4Figure 5: The modified specification of PS.Acc3a0csAcc, d0sc, d1sc,a0cs, a1cs6Acc, d0sc, d1sc,a0cs, a1cs7To illustrate, we use the automaton of Figure 5 toreplace the specification of the sender PS in Figure 2 a.With the new specification, the sender rejects twoconsecutive Acc signals even if they are interleavedwith DEL, which is an acceptable behavior for the user.The solution obtained is not safety-healthy, and it isreduced to a single escape state by the upgradealgorithm.Figure 4: The process automaton X.The solutions obtained by our method are alwaysprocess automata that convey safety information.However, in some cases as is for our converter, theautomata obtained can not be directly used toimplement the corresponding circuits. In other cases,though not present in this example, illegal inputs maylead to escapes (escape-inputs) and illegal outputs torejects (reject-outputs) [3].In the following, we describe an algorithm thatrefines process automata to safety-healthy processautomata; i.e., it yields a process automaton, whichrefines the original automaton. This is a generalalgorithm that can be applied independently fromasynchronous equations. We call it the “upgradealgorithm”, and it includes the following three steps [3]:1. Trace back all the executions that end with anescape-input until an output is reached. Then, markas escapes all states that are reachable by issuing thelatter output.2. Mark as escapes all states that are reachable byissuing a reject-output.3. Mark as escapes all the successors of any escapestate.In the case of the converter X in Figure 4, we onlyneed to apply step 3 to close the escape set. This willcause the three escape states (11, 5, and 15) to become5. DIVERGENCE FREEDOMIn the previous section, we described how to obtain asolution for the protocol conversion problemconstrained only by the service specification. Thissolution, however, does not restrict internalcommunications, which might lead to divergence. Forexample, sequences like d0cx a1xc, (see Figure 4)might be executed infinitely many times before thecommunication system can respond to its environment.In this section, we describe how to design adivergence-free protocol converter. Such a converteravoids unbounded communications with other parts inthe system while satisfying the service specification.We aim to avoid both “catastrophic” divergence whichleads to unfair behavior and “non catastrophic”divergence which leads to undue power consumption.We use the same procedure from the previous section.However, we augment the service specification bycombining SS with an auxiliary process automaton,limit n , where n is a positive integer [3].Acc, Del,A, D2d1cxAcc, Del,A, Da1xc, d0cx, d1cxAcc, Del,A, Dd0sc0 1a0xc, d0cx, d1cxFigure 6: The process automaton limit 1 .The automaton limit n monitors the actions on theboundaries of the converter, and prevents them fromcausing divergence. For example, when limit n observesthe sequence d0cx a1xc, it signals a violation and enters3Acc, Del,A, D, d1cx, a0xc,d0cx, a1xc707

a trap state. Figure 6 shows the process automatonlimit 1 , which forbids the converter from issuingnegative acknowledgments to the messages it receivesbecause they might lead to cycles. Notice that state 3 isan escape state from which the process cannot resumenormal behavior.As a result only Step 2 of the original algorithmneeds to be modified. It becomes as follows:2. Determine the product of Known with thereflection of the modified specification SS n obtained asthe product of SS with limit n .The divergence-free converter X 1 is shown, afterupgrade, in Figure 7. The execution (d0cx, a1xc), forexample, does not cause a cycle anymore. It leads to theescape state 33.Figure 7: The automaton of the divergence-freesolution.Finally, we derive an asynchronous implementationof our converter using Petrify [4]. For this, we use adeterministic refinement of the automaton shown inFigure 7. In fact, it executes only the sequence d0cx,a0xc, D, A, d1cx, a1xc, D, A. The resultingimplementation consists of 2 wires and one XOR gate,and can be represented by the following logic functions:[D] = d0cx d1cx' + d0cx' d1cx.[a0xc] = A' d1cx + A d0cx.[a1xc] = A' a0xc + A a1xc.6. CONCLUSIONIn this paper, we have described how to solveasynchronous equations to obtain specifications forprotocol converters that can then be synthesized usingautomated methods. We illustrated our technique usingan example from [5]. A typical application is thesynthesis of low power asynchronous converters fromstate graphs, using techniques from [2, 4]. A state graphcan be obtained by producing a safety-healthy processautomaton. In contrast to [5], our approach deals withdivergence freedom and can indicate the absence of asolution for some specifications.In contrast to previous attempts to computedivergence-free solutions to the asynchronous equationproblem [9, 10], we insert a limiting process in thespecification itself. In other words, we apply a generaltechnique for deriving supervisory control on an alteredspecification that includes a divergence-freedomrequirement in the form of a distinct process. A benefitentailed is uniformity, which means that both thetheoretical underpinnings and the tools can be reusedfor other problems. The algorithms from Section 4 and5 have already been implemented, with the exception ofthe upgrade algorithm of Section 4, which is left forfuture work.7. ACKNOWLEDGMENTSWe are grateful for the financial support from CRIMand NSERC grants OGP0194381 and RGPIN217338.8. REFERENCES[1] J. Drissi and G. Bochmann. SubmoduleConstruction for Systems of I/O Automata.Technical Report no. 1133, Departmentd’Informatique et de Recherche Operationelle,University of Montreal, 1999.[2] R-D. Chen, J-M. Jou and Y-H. Shiau. “AnEfficient Method for the Decomposition andResynthesis of Speed-Independence Circuits”. Inproc. International Conference on Electronics,Circuits, and Systems, Cyprus, 1999, pp.339-342.[3] H. Hallal, R Negulescu, and A. Petrenko.Supervisory Control with Divergence Freedom inTwo Safety Models. Internal Report CRIM-00-01-02 Centre de Recherche Informatique de Montreal.Montreal, Canada.[4] A. Kondratyev, J. Cortadella, M. Kishinevsky, L.Lavagno, and A. Yakovlev. “Technology Mappingfor speed-independent circuits: Decomposition andResynthesis”. In proc. Symposium on AdvancedResearch in Asynchronous Circuits and Systems,1997, pp. 240-253.[5] R. Kumar, S. Nelvagal, and S. Marcus. “ProtocolConversion Using Supervisory ControlTechniques”. In Proc. of the 1996 IEEEInternational Symposium on Computer-AidedControl System Design, 1996, pp. 32-37[6] N. Lynch and M. Tuttle. An Introduction toInput/Output Automata. Laboratory for ComputerScience. Massachusetts Institute of Technology,November 1988.[7] R. Negulescu. “Process Spaces”. In Proc. of the11 th International Conference on ConcurrencyTheory (CONCUR 2000). Pennsylvania, USA.Aug, 2000.[8] R. Negulescu. Process Spaces and FormalVerification of Asynchronous Circuits. Ph.D.Thesis, Department of Computer Science,University of Waterloo, August 1998.[9] A. Overkamp. “Supervisory Control Using FailureSemantics and Partial Specifications”. IEEEtransactions on Automatic Control, Vol. 42, No. 4,April 1997.[10] A. Petrenko and N. Yevtushenko. “SolvingAsynchronous Equations”. In Proc. of FORTE-PSTV’98. Paris, France.[11] P. J. Ramadge and W. M. Wonham. “The Controlof Discrete Event Systems”. In Proc. IEEE, vol. 77,pp. 81-98, Jan. 1989.708