Unfaithful Glitch Propagation in Existing Binary Circuit Models
aa r X i v : . [ c s . OH ] N ov Unfaithful Glitch Propagation in Existing Binary Circuit Models
Matthias F¨ugger Thomas Nowak Ulrich Schmid ECS Group, TU Wien, Austria LIX, ´Ecole polytechnique, France
Abstract
We show that no existing continuous-time, binary value-domain model for digital circuits is ableto correctly capture glitch propagation. Prominent examples of such models are based on pure delaychannels (P), inertial delay channels (I), or the elaborate PID channels proposed by Bellido-D´ıaz et al.We accomplish our goal by considering the solvability/non-solvability border of a simple problem calledShort-Pulse Filtration (SPF), which is closely related to arbitration and synchronization. On one hand,we prove that SPF is solvable in bounded time in any such model that provides channels with non-constant delay, like I and PID. This is in opposition to the impossibility of solving bounded SPF in real(physical) circuit models. On the other hand, for binary circuit models with constant-delay channels, weprove that SPF cannot be solved even in unbounded time; again in opposition to physical circuit models.Consequently, indeed none of the binary value-domain models proposed so far (and that we are aware of)faithfully captures glitch propagation of real circuits. We finally show that these modeling mismatchesdo not hold for the weaker eventual SPF problem.
Binary value-domain models that allow to model glitch propagation have always been of interest, especiallyin asynchronous design [22]: Pure delay channels and inertial delay channels, which propagate input pulseswith some constant delay only when they exceed some minimal duration, are still the basis of most digitaltiming analysis approaches and tools. The tremendous advances in digital circuit technology, in particularincreased speeds and reduced voltage swings, raised concerns about the accuracy of these models [3]. Forexample, neither pure nor inertial delay models can express the well-known phenomenon of propagatingglitches that decay from stage to stage, which is particularly important for analyzing high-frequency pulsetrains or oscillatory metastability [16].At the same time, the steadily increasing complexity of contemporary digital circuits fuels the need forfast digital timing analysis techniques: Although accurate Spice models, which facilitate very precise analog-level simulations, are usually available for those circuits, the achievable simulation times are prohibitive.Refined digital timing analysis models like the PID model proposed by Bellido-D´ıaz et al. [3], which is bothfast and more accurate, are hence very important from a practical perspective [4].The interest in binary models that faithfully model glitch propagation and even metastability has alsobeen stimulated recently by the increasing importance of incorporating fault-tolerance in circuit design [7]:Reduced voltage swings and smaller critical charges make circuits more susceptible to particle hits, crosstalk,and electromagnetic interference [13, 17]. Since single-event transients, caused by an ionized particle hittinga reverse-biased transistor, just manifest themselves as short glitches, accurate propagation models areimportant for assessing soft error rates, in particular, for asynchronous circuits. After all, if system-levelfault-tolerance techniques like triple modular redundancy are used for transparently masking value failures,the only remaining issue are timing failures, among which glitches are the most problematic ones.For example, the DARTS Byzantine fault-tolerant distributed clock generation approach [12] employsstandard asynchronous circuit components, like micropipelines [21], which store clock ticks received fromother nodes; a new clock tick is generated when sufficiently many micropipelines are non-empty. Clearly,1ince any “wait-for-all” mechanism may deadlock in the presence of faulty components, handshaking had tobe replaced by threshold logic in conjunction with some bounded delay assumptions. This way, DARTS cantolerate arbitrary behavior of Byzantine faulty nodes, except for the generation of pulses with a durationthat drive the Muller C-elements of a pipeline into metastability. Analyzing the propagation of such pulsesalong a pipeline is thus important in order to assess the achievable resilience against such threats [11].The situation is even worse in case of self-stabilizing algorithms [9], which must be able to recover froman arbitrary initial/error state: Neither handshaking nor any bounded delay condition can be resorted toduring stabilization in an algorithm like the one presented by Dolev et al. [8]. Consequently, glitches andthe possibility of metastability cannot be avoided.As a consequence, discrete-value circuit models, analysis techniques and supporting tools for a fast butnevertheless accurate glitch and metastability propagation analysis will be a key issue in the design of futureVLSI circuits. In this paper, we rigorously prove that none of the existing binary-value candidate modelsproposed in the past captures glitch propagation adequately. Searching for alternative models is hence animportant challenge for future research on asynchronous circuits.
Detailed contributions.
In Section 2, we define the Short-Pulse Filtration (SPF) problem in the physicalcircuit model of Marino and recall the behavior of physical circuits with respect to SPF. That is, we showthat unbounded SPF is solvable with physical circuits while bounded SPF is not. The SPF problem is closelyrelated to glitch propagation, as it is essentially the problem of building a one-shot inertial channel.In Section 3, we present a generic binary value-domain model for digital clocked and clockless circuits,and introduce the SPF problem. Our generic model comprises zero-time logical gates interconnected bychannels that encapsulate model-specific propagation delays and related decay effects. Non-zero time logicalgates can be expressed by appending channels with delay at the gate’s inputs and outputs. The simplestchannel is a pure delay channel, which propagates its input signal with a fixed delay and without any decay,i.e., a pulse has the same duration at the channel’s input and output.In Section 4, we prove that even unbounded SPF is unsolvable when only pure, i.e., constant-delaychannels are available. This is in contrast with the solvability result with physical circuits of Section 2.In Section 5, we turn our attention to a generalization of constant-delay channels, termed bounded single-history channels , which are FIFO channels with a generalized delay function that also takes into considerationthe last output transition. We distinguish between forgetful and non-forgetful single-history channels, de-pending on their behavior when a pulse disappears at the output due to decay effects. All existing binarymodels we are aware of can be expressed as single-history channels with specific delay functions: A pure delaychannel (P) as either a forgetful or non-forgetful single-history channel, a classical inertial delay channel (I)as a forgetful single-history channel, and the channel model proposed by Bellido-D´ıaz et al. [3] (PID), whichadditionally has a decay component, as a non-forgetful single-history channel.In Section 6, we prove that bounded SPF is solvable if just a single forgetful or non-forgetful single-history channel with non-constant delay is available. However, this is again in contradiction with the resultof Section 2 showing impossibility of bounded SPF with physical circuits.In Section 7, we prove that weakening SPF to eventual SPF fails to witness the above modeling mismatch:Eventual SPF can by solved both with single-history and physical channels.Fig. 1 summarizes our (im)possibility results.bounded SPFSPFeventual SPF constant forgetful non-forgetful physical XX X XXX XXX X XX Figure 1: Possibility ( X ) and Impossibility (X) Results for constant, non-constant forgetful, non-const.non-forgetful, and physical physical channels. Arrows mark implications.2 elated Work. Unger [22] proposed a general technique for deriving asynchronous sequential switchingcircuits that can cope with unrelated input signals. It assumes signals to be binary valued, and requires theavailability of combinational circuit elements, as well as pure and inertial delay channels.Bellido-D´ıaz et al. [3] proposed the PID model, and justified its appropriateness both analytically and bycomparing the model predictions against Spice simulation results. The results confirm very good accuracyeven for such challenging scenarios as long chains of gates and ring oscillators.Marino [15] showed that the problem of building a synchronizer can be reduced to the problem of buildingan inertial delay channel. The reduction circuit only makes use of combinational gates and pure delaychannels in addition to inertial delay channels. Marino further shows, in a continuous value signal model,that for a set of standard designs of inertial delay channels, input pulses exist that produce outputs violatingthe requirements of inertial delay channels. Barros and Johnson [2] extended this work, by showing theequivalence of arbiter, synchronizer, latch, and inertial delay channels.Marino [16] developed a general theory of metastable operation, and provided impossibility proofs formetastability-free synchronizers and arbiter circuits for several continuous-value circuit models. Branicky [5]proved the impossibility of time-unbounded deterministic and time-invariant arbiters modeled as ordinarydifferential equations. Mendler and Stroup [18] considered the same problem in the context of continuous au-tomata.Brzozowski and Ebergen [6] formally proved that, in a model that uses only binary values, it is im-possible to implement Muller C-Elements (among other basic state-holding components used in (quasi)delay-insensitive designs) using only zero-time logical gates interconnected by wires without timing restric-tions.
In this section, we will introduce the SPF problem in the model of Marino [16] and use the classic resultsobtained for bistable elements to determine the solvability/impossibility border of the SPF problem for real(physical) circuits.The model of Marino considers circuits which process signals with both continuous value domain andcontinuous time domain. Accordingly, we assume (normalized) signal voltages to be within [0 , L = [0 , l ] resp. L = [ l , < l < l <
1, the signal ranges that are interpreted as logical 0 resp.logical 1 by a circuit.A physical circuit with a single input and a single output solves Short-Pulse Filtration (SPF) , if it fulfillsthe following requirements:(i) If the input signal is constantly logical 0, then so is the output signal.(ii) There exists an input signal such that the output signal attains logical 1 at some point in time.(iii) There exists some fixed ε > t and t ′ with t ′ − t < ε , then it is not logical 1 at any time in between t and t ′ . Informally, thiscondition prohibits output signals that may be interpreted as pulses (see Section 3.5) with a durationless than ε .A physical circuit solves bounded SPF if additionally:(iv) There exists a time T such that, if the input signal switches to logical 1 by time t , then the outputsignal value is either logical 0 or logical 1 at time t + T and remains logical 0 respectively logical 1thereafter.We will next argue why there is no physical circuit that solves bounded SPF, but that there are physicalcircuits solving unbounded SPF. 3 .1 Impossibility of Bounded SPF The proof is by reduction to the non-existence of a physical bistable storage element that stabilizes withinbounded time in the model of Marino. A single-input bistable element is a physical circuit with a singleinput and a single output that fulfills properties (i) and (ii) of SPF as well as:(iii’) If the output is logical 1 at some time t , it also remains logical 1 at all times larger than t .For a single-input bistable element stabilizing within bounded time , additionally (iv) has to hold.The following Corollary 1, which proves the non-existence of a single-input bistable element that stabilizeswithin bounded time, follows immediately from Theorem 3 in [16]. Corollary 1.
There is no single-input bistable element stabilizing within bounded time.
Now assume, for the sake of a contradiction, that there existed a physical circuit solving bounded SPFand consider the circuit shown in Fig. 2, with the NOR’s initial output equal to 1 and the inverter’s initialoutput equal to 0 at time t = 0. NORSPF io Figure 2: Building a bistable storage element from a circuit solving SPFIt is not difficult to prove that this circuit implements a single-input bistable element stabilizing withinbounded time: In case the input signal i is always logical 0, the SPF’s output signal will always be logical 0due to property (i) of the SPF. Thus the circuit shown in Fig. 2 will always drive a logical 0 at its output,which confirms property (i) for the bistable element.Now let u be an input pulse that makes the SPF circuit produce a logical 1 at its output. Letting t ′ be the first time the SPF circuit drives a logical 1 at its output, its output must remain logical 1 within[ t ′ , t ′ + ε ] for some ε > t ′ + ε ,the NOR gate will subsequently drive a logical 0 on its output forever, irrespective of the output of the SPFcircuit. The circuit’s output signal o will hence continuously remain logical 1 once it switched to logical 1,which also confirms properties (ii) and (iii’) of the bistable element.Due to the use of a circuit solving bounded SPF in the compound circuit, we further obtain that thereexists some T > u ′ that switches to logical 1 by time t , the circuit shownin Fig. 2 produces a logical 1 by time t + T , a contradiction to the non-existence of a single-input bistableelement stabilizing in bounded time. We hence obtain: Theorem 1.
No physical circuit solves bounded SPF.
To show the existence of a circuit solving unbounded SPF, we make use of a circuit known as a metastabilityfilter (see, e.g., [14, p. 40]). According to Marino [16], pulses of arbitrary length may drive the internal stateof every storage loop (including the one shown in Fig. 2) into a metastable region for an unbounded time. Acircuit may hence produce an output signal within some region of metastable output values [ v − M , v + M ] ⊂ [0 , v − M , and v + M depend on technology parameters. However, sinceit is possible to compute safe bounds V − M , and V + M such that [ v − M , v + M ] ⊂ [ V − M , V + M ] ⊂ [0 , o of Fig. 2, ignoring the SPF block, to the input of a (high-threshold) buffer, which maps input signalvalues within [0 , B − M ] to output signal values that are logical 0, and input values within [ B + M ,
1] to outputvalues that are logical 1, where V + M < B − M , we obtain a physical circuit that solves (unbounded) SPF. Hence:4 heorem 2. There is a physical circuit that solves SPF.
We consider a binary valued signal model with continuous time, i.e., signal values are from B = { , } andthey evolve over time T = [0 , ∞ ).A signal is a function T → B that does not change an infinite number of times during a finite timeinterval and that already has its new value at a time instant of a value transition. A signal transition is modeled by an event . Formally an event is a pair e = ( t, x ) in ( T ∪ {−∞} ) × B .We call t the event’s time and x the event’s value . We use “virtual events” at t = −∞ to simplify notationwhen specifying initial values of channels. An event list is a (finite or infinite) sequence of events.To every signal, there corresponds an event list ( e n ) = ( t n , x n ) with the following properties:S1) There is always an initial event at time −∞ .S2) The sequence ( t n ) of event times is strictly increasing and discrete.S3) Values are alternating: x n = x n +1 Conversely, every such event list corresponds to a unique signal. A channel c is a function mapping an input signal s to an output signal c ( s ).The simplest class of channels is the class of (positive) constant-delay channels. A constant-delay channel c with delay parameter δ > x ∈ B produces at its output the input signal delayed by δ , i.e., c ( s )( t ) = ( x if t < δs ( t − δ ) if t ≥ δ . (1)Note that a physical realization of a constant-delay channel with initial value x requires a multiplexer,which supplies the constant-delay channel’s input with the initial value x during ( −∞ ,
0) and switches tothe actual input s at reset time 0. Circuits are obtained by interconnecting a set of input ports and a set of output ports, forming the externalinterface of a circuit, and a set of combinational gates via channels. We constrain the way components areinterconnected in a natural way, by requiring that input ports are attached to one or more channel inputsonly (C4), and that both output ports and gate inputs are attached to just one channel’s output (C5, C6);the latter prevents channel outputs driving against each other.Formally, a circuit is a tuple C = ( G, I, O, c, n ), whereC1) G is a directed graph whose vertex set can be partitioned as I ∪ O ∪ B .C2) Every vertex b in B ( (Boolean) gate ) is assigned a Boolean function B d b → B , where d b is the in-degree,i.e., the number of incoming neighbors, of b . By a slight abuse of notation, b also denotes the Booleanfunction assigned to b . The requirement that a signal already has its new value when changing values is merely a convention. On the other hand,the requirement that it only changes a finite number of times during a finite time interval is fundamental to our model and,thus, our results. c is a function that maps every edge ( u, v ) in G to its corresponding channel c u,v .C4) Every vertex v ∈ I ( input ports ) has in-degree d v = 0.C5) Every vertex v ∈ O ( output ports ) has in-degree d v = 1.C6) n is a function that maps every vertex v in G to a linearly ordered subset n v = { v , . . . , v d v } of itsin-neighbor vertices in G , i.e., where edge ( v i , v ) for i = 1 up to v ’s in-degree d v is in G .Note that there are also zero-input Boolean gates 0 and 1 that represent constant signal values 0 and 1. An execution of circuit C is an assignment of signals to vertices that respects the channel functions andBoolean gate functions.Formally, an execution of circuit C is a collection of signals s v for all vertices v of C such that thefollowing properties hold: If i is an input port, then there are no restrictions on s i . If o is an output port,then s o = c v,o ( s v ) where v is the unique incoming neighbor of o and c v,o the channel representing edge ( v, o ).Let now b be a Boolean gate with d incoming neighbors v , v , . . . , v d , ordered according to n b . We then apply,for each incoming edge ( v k , b ), the channel c v k ,b to signal s v k and check that the signal value s b ( t ) is the gate’sBoolean combination of these incoming signals at time t . That is, s b ( t ) = b (cid:0) c v ,b ( s v )( t ) , . . . , c v d ,b ( s v d )( t ) (cid:1) for all t ∈ T .Not all circuits necessarily do have executions. For example, the circuit comprising a single inverter gatewhose output is fed back to its input via the “mirror channel” c with c ( s ) = s for all signals s does not havean execution. Whenever we introduce a circuit for a possibility result, we will thus make sure that it allowsfor a unique execution once the input signals are fixed. In case of constant-delay channels, this is always thecase (see Lemma 2). A pulse p of length ∆ > T is a signal of the form p ( t ) = ( t < T or t ≥ T + ∆1 if T ≤ t < T + ∆ . (2)A signal contains a pulse of length ∆ > T if its event list contains the two consecutive events( T,
1) and ( T + ∆ , solves Short-Pulse Filtration (SPF) if it fulfills the following conditions:F1) It has exactly one input port i and exactly one output port o .F2) For every pulse p , there exists an execution that has p as the input signal (i.e., s i = p ). (Well-formedness) F3) In all executions, if the input signal is constant zero, then so is the output signal. (No generation)
F4) There exist a pulse p such that, in all executions with p as the input signal, the output signal is not theconstant zero signal. (Nontriviality) F5) There exists an ε > ε . (No short pulses) A circuit solves bounded SPF if additionally the following condition holds:F6) There exists a
K > T , the output signal does not change anymore after time T + K . (Bounded stabilization time) solves eventual SPF if conditions (F1)–(F4) and the following condition hold:F5e) There exists an ε > K > T as the inputsignal, the output signal does not contain a pulse of length less than ε after time T + K . (Eventuallyno short pulses) In this section, we show that no circuit whose channels are all positive constant-delay channels solves SPF.The idea of the proof is to exploit the fact that the value of the output signal of the circuit at each time t only depends on a finite number of values of the input signal at times t ′ between 0 and t .Calling each such time t ′ a measure point for time t , we show that indeed only a finite number of measurepoints exists for time t , i.e., the circuit cannot distinguish two different input signals that do not differ inthe input signal values at the measure points for time t : For both such input signals, the output signal musthave the same value at time t . Combining that indistinguishability result with a shifting argument of theinput signal allows us to construct an arbitrary short pulse at the output of the circuit, a contradiction toproperty (F5) of Short-Pulse Filtration. For each constant-delay circuit with a single input port and a single output port, we introduce its dependencegraph , which describes the way the output signals may depend on the input signals.Let C = ( G, I, O, c, m ) be a circuit with constant-delay channels, a single input port i , and a singleoutput port o . For every channel c u,v of C , denote by δ ( u, v ) its delay parameter δ and by x ( u, v ) its initialvalue. The dependence graph DG ( t ) of C at time t is a directed graph with vertices ( v, τ ), where v is avertex in G and τ a time. It is defined as follows: • The pair ( o,
0) is a vertex of DG ( t ). • If ( v, τ ) is a vertex of DG ( t ) and ( u, v ) is an edge in G such that τ + δ ( u, v ) ≤ t , then the pair (cid:0) u, τ + δ ( u, v ) (cid:1) is also a vertex of DG ( t ) and there is an edge in DG ( t ) from (cid:0) u, τ + δ ( u, v ) (cid:1) to ( v, τ ). • If ( v, τ ) is a vertex of DG ( t ) and ( u, v ) is an edge in G such that τ + δ ( u, v ) > t , then c u,v ’s initialvalue x ( u, v ) is a vertex of DG ( t ) and there is an edge in DG ( t ) from x ( u, v ) to ( v, τ ).Because all δ ( u, v ) are strictly positive, the dependence graphs are finite and acyclic. A vertex of DG ( t )without incoming neighbors is a leaf , all others intermediate vertices . A vertex of the form ( i, τ ), with i ∈ I ,is an input leaf and we call the time t − τ the corresponding measure point for time t . If DG ( t ) = DG (˜ t ),then the measure points for t are exactly the measure points for ˜ t shifted by the difference t − ˜ t . All leavesof DG ( t ) are either input leaves or elements of B (initial values of channels).OR δ = 1 x = 0 i δ = 2 x = 0 δ = 1 x = 0 o Figure 3: Example circuit ( o, , , i, , i, i, DG (6)As an example, consider the circuit shown in Fig. 3. The dependence graph DG (6) is shown in Fig. 4.Leaves are depicted as filled nodes, while intermediate nodes are empty. From the construction of the graph,7e immediately see that in each execution the output signal value s o (6) only depends on the (input) signalvalues s i (4), s i (2), and s i (0). Thus, in particular, s o (6) is the same for both input signals depicted in Fig. 5. s i ( t ) t i,
6) ( i,
4) ( i, s i ( t ) t i,
6) ( i,
4) ( i, × ), labeled with the corresponding input leaf names.Generalizing the observations from the example, we thus observe: Lemma 1.
The value of the output signal at time t only depends on the values of the input signal at themeasure points for time t , according to DG ( t ) .Furthermore, if DG ( t ) = DG (˜ t ) and the values of input signals s i and ˜ s i coincide at the respectivemeasure points for t and ˜ t , then the respective output signals fulfill s o ( t ) = ˜ s o (˜ t ) .Proof. For a path π in G , denote by δ ( π ) the sum of delays δ ( u, v ) over all edges ( u, v ) of π . For everyvertex v of G and every time t ∈ T , let P ( → y, t ) be the set of maximum length paths π ending in v suchthat δ ( π ) ≤ t .It is clear, by iterating Eq. (1), that the value of s v ( t ) is uniquely determined by the collection ofvalues s u (cid:0) t − δ ( π ) (cid:1) where u is the start vertex of π ∈ P ( → v, t ). Moreover, by maximality of π , if u = i , then s u (cid:0) t − δ ( π ) (cid:1) only depends on the initial values of channels of incoming edges to u . Hence s v ( t ) is uniquelydetermined by the collection of values s i (cid:0) t − δ ( π ) (cid:1) where π ∈ P ( → y, t ) starts at i . This holds in particularfor v = o .This lemma has as an immediate conseqeuence our remark at the end of Section 3.4: Lemma 2. If C is a circuit with only constant-delay channels, then for all assignments of input signals ( s i ) i ∈ I there exists a unique execution of C extending this assignment. Due to the fact that there are only finitely many measure points for a given time t , they are discrete andhence there is always a small margin until a new measure point appears: Lemma 3.
For every t ∈ T , there exists an ε > such that DG ( t ) = DG ( t + ε ′ ) for all ≤ ε ′ ≤ ε .Proof. Let ε > δ ( u, v ) + τ − t where ( v, τ ) is anintermediate vertex of DG ( t ) and ( u, v ) is an edge in G . If no such intermediate vertex or edge exists,choose ε > v, τ ) be an intermediate vertex of DG ( t ) and ( u, v ) be an edge in G . If t + ε − τ < δ ( u, v ), thenclearly t − τ < δ ( u, v ), because ε >
0. On the other hand, if t − τ < δ ( u, v ), then δ ( u, v ) + τ − t is positiveand hence δ ( u, v ) > t + ε − τ by choice of ε . Thus, the conditions t − τ < δ ( u, v ) and t + ε − τ < δ ( u, v )are equivalent. This shows that the two dependence graphs DG ( t ) and DG ( t + ε ) and hence all dependencegraphs in between are equal. Assume by contradiction that C solves SPF. By the nontriviality property (F4), there exists an input pulsesuch that the corresponding output signal is non-zero, i.e., there exists an input pulse of some length and atime t such that the corresponding output signal’s value at time t is 1.By Lemma 3, there exists an ε > DG ( t ) = DG ( t + ε ). We may choose ε arbitrarily small, inparticular strictly smaller than all differences of distinct measure points for time t .Clearly, DG (˜ t ) = DG ( t ) for all times ˜ t between t and t + ε , in particular, for ˜ t = t + ε/
2. Denote by ∆the infimum of input pulse lengths (where all pulses start at the same time) such that the corresponding8 ( t ) tS T pp + ˜ p + ε ε Figure 6: Input pulse p , together with its derived pulses p + and ˜ p + , and measure points for time ˜ t .output signal’s value at time ˜ t is 1. This infimum is finite by the choice of t and ˜ t . There hence exists aninput pulse p with the above property of length at most ∆ + ε/
4. We show that its corresponding outputsignal s p contains a pulse of length strictly less than ε , in contradiction to the no short pulses property (F5).Denote by S the time of p ’s upwards and by T the time of p ’s downwards transition. Now let p + bethe pulse whose upwards transition is at time S and whose downwards transition is at time T − ε/
2. If S ≥ T − ε/
2, then let p + be the zero signal instead. The length of p + is either strictly less than ∆ or it is thezero signal. Hence, by the definition of the no-generation property (F3), its corresponding output signal’svalue at time ˜ t is 0. This implies that there exists a measure point for time ˜ t within [ T − ε/ , T ), because p and p + coincide everywhere else (see marked measure point on the right in Fig. 6).Because we chose ε to be smaller than all differences of distinct measure points for time t (and hence alsofor time ˜ t ), we see that there is no measure point for ˜ t in the interval [ T, T + ε/ p − as the pulse with upwards transition at time S + ε/ T , we infer that there is one measure point for time ˜ t in the interval [ S, S + ε/
2) and there is nomeasure point for ˜ t in the interval [ S − ε/ , S ) (see Fig. 6).Now consider the pulse ˜ p + generated by shifting pulse p into the past by ε/
2, i.e., ˜ p + ’s upwards transitionis at time S − ε/ T − ε/
2. Because ˜ p + coincides with p + at all measurepoints for ˜ t , the output signal s ˜ p + corresponding to ˜ p + has value 0 at time ˜ t . Because DG (˜ t ) = DG (˜ t + ε/ s ˜ p + (˜ t + ε/
2) = 0.Likewise, by considering p shifted into the future by ε/
2, we see that also s ˜ p + (˜ t − ε/
2) = 0. But because s p (˜ t ) = 1, this shows that the output signal s p contains a pulse of length strictly less than ε . Since ε can bechosen arbitrarily small, this concludes the proof. This section formally introduces the notion of bounded single-history channels in the binary circuit model.They are a generalization of constant-delay channels that cover all existing channel models for binary circuitmodels we are aware of.Intuitively, a bounded single-history channel propagates each event, occurring at time t , of the inputsignal to an event at the output happening after some bounded output-to-input delay δ ( T ), which dependson the input-to-previous-output delay T = t − t ′ . Note that T is positive if the channel delay is short comparedto the input signal transition times, and negative otherwise. Fig. 7 illustrates this relation and the involveddelays. In case FIFO order would be invalidated, i.e., t + δ ( T ) ≤ t ′ , such that the next output event wouldnot occur after the previous one, both events annihilate.There exist two variants of bounded single-history channels in the literature, depending on whether thetime of an annihilated event is remembered or not. We dub these two variants forgetful and non-forgetful bounded single-history channels, which we both formally define below. At the end of this section, we give alist of channel models that are special cases of our definition of bounded single-history channels.Formally, a bounded single-history channel c is characterized by an initial value x ∈ B , a nondecreasing delay function δ : R → R such that δ ( ∞ ) = lim T →∞ δ ( T ) is finite and positive, and the fact whether it isforgetful or not. In the rest of the paper, we will drop the qualifier “bounded” when referring to boundedsingle-history channels. We detail the channel behavior in the next two subsections.9 ( t ) ttc ( s )( t ) tt ′ t + δ ( T ) δ ( T ) − T Figure 7: Input/output signal of a bounded single-history channel, involving the input-to-previous-outputdelay T and the resulting output-to-input delay δ ( T ). This class of channels includes the classical inertial delay channels as used, for example, in VHDL simula-tors [1].Their behavior is defined by the following algorithm: Let s be a signal. In case the channel’s initialvalue x is equal to the initial value of s , or there is an event at time 0 in the event list of s , let the channel’s input list (cid:0) ( t n , x n ) (cid:1) n be the event list of s . Otherwise, let the channel’s input list be the event list of s withan additional event at time 0 and value equal to the initial value of s . The algorithm iterates the input listand updates the output list , which will define the channel’s output signal c ( s ).Initially, let ( −∞ , x ) be the sole element of the output list. In its n th iteration the algorithm considersinput event ( t n , x n ) and modifies the output list accordingly:1. Denote by ( t ′ n , x ′ n ) the last event in the output list. If x n = x ′ n , then input event ( t n , x n ) has no effect:Proceed to the ( n + 1)th iteration.2. Otherwise, let T n = t n − t ′ n be the difference of input and previous-output event times. If t n + δ ( T n ) > t ′ n , then add the event (cid:0) t n + δ ( T n ) , x n (cid:1) to the output list.If t n + δ ( T n ) ≤ t ′ n , then delete the event ( t ′ n , x ′ n ) from the output list.Note that the output sequence’s first event is always ( −∞ , x ), all other events have positive times (since δ ( ∞ ) > t , there exists some N such that all iterations with n ≥ N make no changes tothe output sequence at times ≤ t . The next lemma (Lemma 4) proves this property and makes the limitoutput list as n tends to infinity well-defined. So, even if the input list is infinite, there exists a well-defined(infinite) output list S that is the result of the described algorithm. The channel’s output signal c ( s ) is thendefined by event list S : Definition 1.
For input signal s , the output signal c ( s ) of the forgetful single-history channel c is the signalwhose event list is the list S as defined by the above algorithm. Lemma 4.
Denote by S n the output list after the n th iteration of the forgetful channel algorithm, and by S n | t its restriction to the events at times at most t . For all t there exists an N such that S n | t is constantfor all n ≥ N .Proof. The lemma is trivial if the input list is finite, so we assume it to be infinite.Because the sequence of input event times ( t n ) tends to infinity, there exists an N such that t N ≥ max (cid:0) t , t − δ ( − δ ( ∞ )) (cid:1) . (3)We show by induction that S n | t = S N | t for all n ≥ N . This is trivial for n = N , so let n > N . Then t n > t N . Note that T n = ∞ is possible. In this case δ ( T n ) = δ ( ∞ ) = lim T →∞ δ ( T ), which is finite by assumption. t ′ n , x ′ n ) be the last element in S n − , and T n = t n − t ′ n . The case x n = x ′ n is trivial, so let x n = x ′ n .We distinguish two cases, depending on whether δ ( T n ) > − T n or not:Case 1: δ ( T n ) > − T n . Because δ is nondecreasing, δ ( T n ) ≤ δ ( ∞ ), and hence T n > − δ ( ∞ ) and also δ ( T n ) ≥ δ ( − δ ( ∞ )). This implies t n + δ ( T n ) > t N + δ ( − δ ( ∞ )) ≥ t by using (3). Hence S n | t = S n − | t = S N | t by the induction hypothesis.Case 2: δ ( T n ) ≤ − T n . We show that t ′ n > t by contradiction: Let t ′ n ≤ t . Then T n = t n − t ′ n > t N − t ≥ δ ( ∞ ) >
0, we thus obtain T n > − δ ( ∞ ). Hence δ ( T n ) ≥ δ ( − δ ( ∞ )) by monotonicityof δ . By assumption, δ ( − δ ( ∞ )) ≤ δ ( T n ) ≤ − T n = t ′ n − t n , which implies t n ≤ t ′ n − δ ( − δ ( ∞ )), i.e., t N < t − δ ( − δ ( ∞ )). This is a contradiction to (3), which shows that t ′ n > t . Hence S n | t = S n − | t = S N | t bythe induction hypothesis. The PID channel introduced by Bellido-D´ıaz et al. [3] is not covered by the above forgetful single-historychannels, since it has been designed to reasonably match analog RC waveforms: Analog signals like expo-nential functions do not “forget” sub-threshold pulses. Hence, they cannot be modeled via delay functions δ ( T ) that depend on the input-to-previous output delay T . To also cover the PID model, we hence introducenon-forgetful single-history channels, the delay function of which may also depend on the last annihilatedevent.The output-eventlist generation algorithm for non-forgetful channels thus maintains an additional vari-able r , which, in each iteration, contains the time of the potential output event considered in the last iteration.Note that this approach was already used in the PID-channel-model by Bellido-D´ıaz et al. [3, Fig. 13]. Simi-lar to the forgetful case, it determines the output signal c ( s ) of a non-forgetful single-history channel c , giveninput signal s with input event list (cid:0) ( t n , x n ) (cid:1) n as follows:Initially, the output list contains the sole element ( −∞ , x ) and r = r − = −∞ . In its n th iteration, thealgorithm considers input event ( t n , x n ) and modifies the output list accordingly:1. Denote by ( t ′ n , x ′ n ) the last event in the output list. If x n = x ′ n , then input event ( t n , x n ) has no effect:Proceed to the ( n + 1)th iteration.2. Otherwise, let T n = t n − r n − be the difference of input and most recent potential output event timesand set r n = t n + δ ( T n ).If t n + δ ( T n ) > r n − , then add the event (cid:0) t n + δ ( T n ) , x n (cid:1) to the output list.If t n + δ ( T n ) ≤ r n − , then delete the event ( t ′ n , x ′ n ) from the output list.We first show that if event ( t ′ n , x ′ n ) is deleted in the n th iteration, then r n − = t ′ n . Proof.
Assume by contradiction that this is not the case, and let n be the first iteration where the statementis violated. Then it must hold that n ≥
2, as in iteration n − τ, x n − ) must have been addedto the output list that was deleted in iteration n −
1, due to τ ′ = t n − + δ ( T n − ) ≤ r n − = τ . Furthermore,in iteration n , our assumption of deleting some event with a time different from r n − = τ ′ implies τ ′′ = t n + δ ( T n ) ≤ τ ′ . However, from t n − < t n , τ ≥ τ ′ and monotonicity of δ , t n − + δ ( t n − − τ ) < t + δ ( t − τ ′ ),i.e., τ ′ < τ ′′ , which provides the required contradiction.Thus, an event is either deleted in the next iteration, or never deleted. The output sequence’s firstevent ( −∞ , x ) is obviously never deleted.By analogous arguments, one can show that the sequence of event times is strictly increasing, with analternating sequence of values. Unlike in the case of forgetful channels, however, the eventlist generationalgorithm may produce events with finite negative times that will be removed from the final output. In casethe input list is finite, the algorithm clearly halts. If not, we again have the same stabilization property asfor forgetful single-history channels, which we will provide in Lemma 5 below. Thus the algorithm’s finaloutput list S is again well-defined and we can define:11 efinition 2. For input signal s , the output signal c ( s ) of the forgetful single-history channel c is the signalwhose event list is the list S as defined by the above algorithm. after deleting all events with finite negativetimes and the first non-negative time event if its value is equal to the channel’s initial value x . Lemma 5.
Denote by S n the output list after the n -th iteration of the forgetful channel algorithm, and by S n | t its restriction to the events at times at most t . For all t , there exists an N such that S n | t is constantfor all n ≥ N .Proof. The lemma follows from the fact that an event can only be deleted one iteration after it was addedto the output list, and the fact that in each iteration n , T n > − δ ( ∞ ) and thus t n + δ ( T n ) is lower boundedby t n + lim t → + δ ( − δ ( ∞ ) + t ). Below, we summarize how the existing binary-value models are mapped to our single-history channels:1) A classic pure-delay channel is a single-history channel whose delay function δ is constant and positive.The behavior of a pure-delay channel does not depend on whether it is forgetful or not.2) An inertial channel is a forgetful single-history channel whose delay function δ is of the form δ ( T ) = ( δ if T > T − T if T ≤ T for parameters δ > T > − δ . An inertial channel filters an incoming pulse if and only if its pulselength is less or equal to T + δ ; otherwise, it is forwarded with delay δ .3) The PID-channels of Bellido-D´ıaz et al. [3] are non-forgetful with delay function δ ( T ) = t p · (cid:16) − e − ( T − T ) /τ (cid:17) (4)for certain (measured) positive parameters t p , τ , and T . Note that δ ( T ) = 0, lim t →∞ δ ( T ) = t p , and dδ ( T ) dT | T =0 = t p /τ here. In this section we prove that bounded SPF is solvable as soon as there is a single non-constant-delay single-history channel available. More specifically, we show that, given a single-history channel with non-constantdelay, there exists a circuit that uses only constant-delay channels apart from the given non-constant channelthat solves bounded SPF. Different circuits, and hence proofs, are used in for different types of channels.For a single-history channel with delay function δ , let δ ∞ = δ ( ∞ ) = lim t →∞ δ ( t ) with 0 < δ ∞ < ∞ . Theright limit of δ at − δ ∞ is denoted by δ inf = lim t → + δ ( − δ ∞ + t ); note that δ inf = −∞ is allowed here.In the rest of this section, let c ∗ be a single-history channel that is not a constant-delay channel as definedin Section 3.2. This is equivalent to saying that its delay function δ is non-constant for T > − δ ∞ , because T n > − δ ∞ in every step of the channel algorithm: Lemma 6.
A single-history channel with delay function δ is a constant-delay channel if and only if δ isconstant in the open interval ( − δ ∞ , ∞ ) . Note that δ inf < δ ∞ in case of a non-constant delay channel. From the fact that − δ ∞ < T n ≤ ∞ in everystep of the channel algorithm, we also obtain: Lemma 7.
All events in the event list of a single-history channel’s input signal are delayed by times within [ δ inf , δ ∞ ] . δ = 1 x = 0 i δ = εx = 0 c ∗ o Figure 8: Circuit C ff . In this subsection, assume that c ∗ is forgetful. Consider circuit C ff depicted in Fig. 8, which containschannel c ∗ as well as two constant-delay channels. For the moment assume that the initial value of c ∗ is 0.We will show at the end of this subsection that bounded SPF is also solvable with c ∗ if its initial value is 1.It remains to describe how to choose delay parameter ε >
0. We will show in the following that for eachnon-constant-delay forgetful single-history channel c there exists a γ ( c ) > c ( s ) is the zero signalwhenever s is a pulse of length less than γ ( c ). More generally we will show that, if signal s does not containpulses of length greater or equal to γ ( c ), then c ( s ) is the zero signal. We then choose 0 < ε < γ ( c ∗ ) for thedelay parameter ε in circuit C ff .If the input signal of circuit C ff is a pulse of length at least ε , then the signal s OR at the OR gate iseventually stable 1 because of the ε -delay feedback loop, and hence the circuit’s output signal is eventuallystable 1. If the circuit’s input signal is a pulse of length ∆ < ε , then s OR only contains pulses of length ∆ <γ ( c ∗ ), from which it follows that the circuit’s output signal is zero.Let δ be the delay function of a single-history channel c . We define: γ ( c ) = inf (cid:8) ∆ > | ∆ − δ ∞ + δ (cid:0) ∆ − δ ∞ (cid:1) > (cid:9) (5)We will prove γ ( c ∗ ) > c with γ ( c ) >
0, we need a preliminary lemma on pulse-filtration properties of non-constant-delay channels.
Lemma 8.
Let c be a non-constant-delay single-history channel with initial value . If s is a pulse of lengthless than γ ( c ) , then c ( s ) is zero.Proof. The event list of s consists of two events ( S,
1) and ( T, , S = 0 or S >
0. Because the initial value of c is 0, we may assumewithout loss of generality that the sequence consists of only these two events.After iteration n = 0 of the channel-defining algorithm, the output list is equal to (cid:0) ( −∞ , , ( S + δ ∞ , (cid:1) .Hence, in iteration n = 1, T = T − S − δ ∞ < γ ( c ) − δ ∞ , i.e., T + δ ∞ < γ ( c ). By definition of γ ( c ), this implies( T + δ ∞ ) − δ ∞ + δ (( T + δ ∞ ) − δ ∞ ) ≤ , and thus T + δ ( T ) ≤
0. Thus, the event ( S + δ ∞ ,
1) gets removed from the output list and the outputsignal is the constant-zero signal.
Lemma 9.
Let c be a single-history channel with initial value . The following statements are equivalent:1. c is not a constant-delay channel.2. There exist a pulse s such that c ( s ) is the zero signal.3. γ ( c ) > roof. Let δ be the delay function of c . If s is a pulse of length ∆, then c ( s ) is zero if and only if∆ − δ ∞ + δ (cid:0) ∆ − δ ∞ (cid:1) ≤ . This implies γ ( c ) ≥ ∆ and hence establishes the equivalence of (2) and (3). If we can show that c is not aconstant-delay channel if and only if ∃ ε > δ ( − δ ∞ + ε ) ≤ δ ∞ − ε , (6)then we can choose ∆ = ε , concluding the proof.The sufficiency of Eq. (6) for c not being a constant-delay channel is immediate. To prove the necessityof Eq. (6), assume that c is not a constant-delay channel. Then there exist β, β ′ > δ ( β − δ ∞ ) <δ ( β ′ − δ ∞ ) and since δ is nondecreasing, δ ( β − δ ∞ ) < δ ∞ . Thus, there exists a z >
0, such that, δ ( β − δ ∞ ) ≤ δ ∞ − z . (7)There are two cases for z : If β ≤ z , we obtain from Eq. (7) that δ ( β − δ ∞ ) ≤ δ ∞ − β . Choosing ε = β shows that Eq. (6) holds. Otherwise, i.e., if β > z , we obtain from Eq. (7) and the fact that δ is nondecreasing δ ( z − δ ∞ ) ≤ δ ( β − δ ∞ ) ≤ δ ∞ − z . Choosing ε = z shows that Eq. (6) holds.Note that, while Lemmas 8 and 9 hold for both forgetful and non-forgetful single-history channels, thefollowing lemma does fundamentally not hold for arbitrary non-forgetful channels. Lemma 10.
Let c be a non-constant-delay forgetful single-history channel with initial value . Let s be asignal that does not contain pulses of length greater or equal to γ ( c ) and that is not eventually equal to .Then c ( s ) is the zero signal.Proof. The lemma is proved by inductively repeating the proof of Lemma 8 for all pulses contained in s . Lemma 11.
Circuit C ff solves bounded SPF.Proof. We first note that, given an input signal, there is a unique execution for circuit C ff according toLemma 2, because the sole non-constant channel c ∗ is not part of a feedback loop.The well-formedness properties (F1) and (F2) of SPF are hence fulfilled. The non-generation property(F3) is also obvious.If the input signal is a pulse of length at least ε , then s OR ( t ) = 1 for all t ≥ S + 1, and hence s o ( t ) = 1for all t ≥ S + 1 + δ ∗ ( ∞ ). In particular, this shows the nontriviality property (F4).If the input signal is a pulse of length less than ε , then s OR ( t ) only contains pulses of lengths less than ε ,hence less than γ ( c ∗ ) by the choice of ε . By Lemma 10, the output signal is zero in this case. This, togetherwith the above, shows (F5) and (F6).It remains to show that assuming c ∗ to have initial value 0 is is not restricting: If its initial value is 1we modify circuit C ff by adding an inverter before and after channel c ∗ . A proof analogous to Lemma 11’syields: Theorem 3.
Let c ∗ be a non-constant-delay forgetful single-history channel. Then there exists a circuitsolving bounded SPF whose channels are either constant-delay channels or c ∗ . .2 Non-Forgetful Channels Theorem 4 reveals that a single non-constant-delay non-forgetful single-history channel c ∗ (with initial value0) also allows to solve bounded SPF: Theorem 4.
Let c ∗ be a non-constant-delay non-forgetful single history channel with initial value . Thenthere exists a circuit solving SPF whose channels are all either constant-delay channels or c ∗ . Let δ be the delay function of c ∗ . Recall from Lemma 6 that δ inf < δ ∞ , since δ is non-decreasing and notconstant. We distinguish three cases for function δ with respect to its behavior at − δ inf .1. There exists a t > − δ inf such that δ ( t ) < δ ∞ .2. δ ( t ) = δ ∞ for all t > − δ inf , and2.1 δ is continuous at − δ inf , i.e., at − δ inf its left limit lim t → − δ ( − δ inf + t ) equals its right limit δ ∞ .2.2 δ is non-continuous at − δ inf , i.e., δ − = lim t → − δ ( − δ inf + t ) < δ ∞ .For Cases 1 and 2.1, we show that circuit C NF depicted in Fig. 11 solves bounded SPF. All its clocks CLK
A/C/F produce a signal with period A + B + C + D , where parameters A to D are chosen later on in accordancewith δ . Let τ k = k ( A + B + C + D ) denote the beginning of the k -th round , for k ≥
0. Clock
CLK C is designed such that its output signal is 0 during [ τ k , τ k + A + B ) ∪ [ τ k + A + B + C, τ k +1 ) and 1 during[ τ k + A + B, τ k + A + B + C ). Such a clock can easily be built from constant-delay channels and invertersonly. Clock CLK A ’s output signal is 1 during [ τ k , τ k + A ) and 0 during [ τ k + A, τ k +1 ). The output signalof CLK F is 0 during [ τ k , τ k + E ) ∪ [ τ k + E + F, τ k +1 ) and 1 during [ τ k + E, τ k + E + F ). Again, E and F are chosen later on in accordance with δ .Abbreviating t k = τ k + 2, we observe that circuit C NF generates a signal s OR at the input of channel c ∗ ,which is the OR of two subsignals that consist of four phases within time [ t k , t k +1 ), k ≥ A (of round k ) denotes the interval of times [ t k , t k + A ), phase B the interval [ t k + A, t k + A + B ), phase C the interval [ t k + A + B, t k + A + B + C ) and phase D the interval [ t k + A + B + C, t k + A + B + C + D ).The value of s OR is 1 during phase A , and 0 during phases B and D . During phase C it is either 0 orcontains a pulse, depending on signal i . Analogously, we define output phase F (of round k ) as the intervalof times [ t k + E, t k + E + F ). Note that phase E and F of round k follow phase D of round k , and overlapwith phase A of round k + 1.Informally, for Cases 1 and 2.1, circuit C NF solves bounded SPF according to the following reasoning:Properties (F1) and (F2) trivially hold for circuit C NF . Clearly, if the circuit’s input signal is 0, then thechannel’s input signal s OR is 0 during phase C of all rounds k ≥
0. Subsequently, we will prove that if thisis the case, then the channel’s output signal c ∗ ( s OR ) during phase F is 0 for all rounds k ≥
0. Since phase F is the only phase where o could possibly produce a non-0 output due to the AND gate, both (F3) and (F5)follow. Property (F4) is implied by the fact that there exists an input signal i such that s OR contains apulse during phase C of some round k ≥
0. We will prove below that if this is the case, then the channel’soutput signal is 1 during phase F of round k + 1. Essentially, this follows from a reduced delay of the risingtransition at the end of phase D, caused by not forgetting the (cancelled) pulse in phase C. From this andthe fact that all delays are bounded, (F6) follows. Case 1.
In this case, we choose(i)
C > D > < ∆ < δ ∞ such that δ ( C + D − δ inf ) ≤ δ ∞ − ∆. Such values for C , D and ∆exist, because of the assumption of Case 1.(ii) ε > ε ′ > C > δ ∞ − ε ′ ≥ δ inf + ε + C and ε ′ < ∆ / C > ε ′ > δ ( C + ε ′ − δ ∞ ) ≤ δ inf + ε .(iv) A = B > max( ε ′ , ∆ , δ ∞ − δ inf ) and large enough such that δ ( A − δ ∞ ) ≥ δ ∞ − ε ′ .15v) E = δ ∞ − ∆ and F = ∆ / s OR in absence and presence of a pulse. We will first show that thechannel’s output signal c ∗ ( s OR ) has value 0 during output phase F of round 0. Proof.
The signal is depicted in Fig. 9: Signal s OR ’s transition to value 1 at time t is delayed by c ∗ by δ = δ ∞ >
0. Its next transition back to value 0 at time t + A is delayed by, say, δ . Because ofLemma 7, δ ≥ δ inf . From this and Assumption (iv) on A , A + δ > ( δ ∞ − δ inf ) + δ inf = δ . It follows that output c ∗ ( s OR )’s transition to 0 does not cancel c ∗ ( s OR )’s transition to 1 from before. All of s OR ’s following transitions occur at times at least t + A + B , and by (iv), at times greater than t + δ ∞ − δ inf .Since all these transitions are delayed by at least δ inf time, none of them can cancel c ∗ ( s OR )’s transition to 1at time t + δ ∞ either. Since channel c ∗ has initial value 0, it follows that its output has value 0 during[0 , t + δ ∞ ). Since t + δ ∞ > t + δ ∞ − ∆ / t + E + F , the channel’s output indeed has value 0 during output phase F of round 0.We next show, for k ≥
0, that if signal s OR does not contain a pulse within phase C of round k ,signal c ∗ ( s OR ) has value 0 during output phase F of round k + 1. s OR ( t ) tt k A B C D Ac ∗ ( s OR )( t ) tt k A + B + C + D + E Fδ δ δ Figure 9: Case 1: Input and Output of channel c ∗ in circuit C NF if phase C does not contain a pulse. Proof.
Assume the input signal s OR of channel c ∗ does not contain a pulse within phase C of round k . Thesignal is depicted in Fig. 9.Signal s OR ’s transition to value 1 at time t k is delayed by c ∗ by δ ≤ δ ∞ .There is no transition of s OR before s OR ’s transition back to value 0 at time t k + A . Let δ be its delay.Because of (iv), and δ being non-decreasing, A + δ > ( δ ∞ − δ inf ) + δ inf . Thus, and because transitions aredelayed by at least δ inf , none of the transitions from time t k + A on may cancel c ∗ ( s OR )’s transition to 1 attime t k + δ .The transition of s OR to value 1 at time t k +1 = t k + A + B + C + D is delayed by δ , where δ = δ ( B + C + D − δ ) ≥ δ ( B − δ ∞ ) ≥ δ ∞ − ε ′ , (8)because of Assumption (iv). Together with (ii) this yields δ > δ ∞ − ∆ / . (9)It will thus not occur at output c ∗ ( s OR ) before time t k +1 + δ ∞ − ∆ /
4, and thus, by (v), not before the endof output phase F of round k + 1 at time t k +1 + δ ∞ − ∆ / B + C + D + δ > δ ∞ ≥ δ , because (iv) in particular implies B > ε ′ . It follows that output c ∗ ( s OR )’s transition to 1 does not can-cel c ∗ ( s OR )’s transition to 0 at time t k + A + δ . All s OR ’s subsequent transitions occur at earliest at time t k +1 + A > t k +1 + δ ∞ − δ inf , by (iv) and the fact that they are delayed by at least δ inf , hence cannot cancel c ∗ ( s OR )’s transition to 1 at time t k +1 + δ . Thus, c ∗ ( s OR ) has value 0 during [ t k + A + δ , t k +1 + δ ). Togetherwith (9), this implies that c ∗ ( s OR )’s value is 0 during phase F of round k + 1.We now show, for k ≥
0, that if signal s OR contains a pulse within phase C of round k , signal c ∗ ( s OR )has value 1 during output phase F of round k + 1. Proof.
Assume the input signal s OR of channel c ∗ contains a pulse within phase C of round k . The signal isdepicted in Fig. 10.Signal s OR ’s transition to value 1 at time t k is delayed by δ ≤ δ ∞ . By the same arguments as in theproof before, it is not canceled by any following transition.Signal s OR ’s transition to 0 at time t k + A is delayed by δ . Since no further transition of s OR occurs beforetime t k + A + B , and since B > δ ∞ − δ inf , it follows that s OR ’s transition to 0 is not canceled by any followingtransition. The transition of s OR to 1 at time t k + A + u is delayed by δ , where δ = δ ( u − δ ) ≥ δ ( B − δ ∞ ),since u ≥ B , δ ≤ δ ∞ and δ is non-decreasing. Thus, by (iv), δ ≥ δ ∞ − ε ′ . (10)The transition of s OR back to value 0 at time t k + A + u + x is delayed by δ , where δ = δ ( x − δ ) ≤ δ ( C + ε ′ − δ ∞ ) , (11)since x ≤ C , δ is non-decreasing, and by (10). By (iii), δ ≤ δ inf + ε . (12)The pulse occurring during phase C is filtered out at the output c ∗ ( s OR ) of channel c ∗ , since δ ≥ x + δ :The latter follows from (10), (ii) and (12), as δ ≥ δ ∞ − ε ′ ≥ δ inf + ε + C ≥ δ .The transition of s OR to value 1 at time t k +1 = t k + A + u + x + y is delayed by δ , where δ = δ ( y − δ ) ≤ δ ( C + D − δ inf ), since δ is non-decreasing and y ≤ C + D , δ ( t ) ≥ δ inf for all t > − δ ∞ such that δ = δ ( x − δ ) ≥ δ inf . By Assumption (i), we may thus deduce δ ≤ δ ∞ − ∆. Since no further transition of s OR occurs before time t k +1 + A , and A > δ ∞ − δ inf by Assumption (iv), c ∗ ( s OR )’s transition at time t k +1 + δ is not canceled by any later transition. Since A > δ ∞ − δ inf > E + F − δ inf , by Assumptions (iv) and (v),and the fact that a transition is delayed by at least time δ inf , no other transition of c ∗ ( s OR ) occurs during( t k +1 + δ , t k +1 + E + F ]. It follows that c ∗ ( s OR )’s value is 1 during phase F of round k + 1. s OR ( t ) tt k A B C D Au x yc ∗ ( s OR )( t ) tt k A + B + C + D + E Fδ δ δ δ δ Figure 10: Case 1: Input and Output of channel c ∗ in circuit C NF if phase C contains a pulse. Case 2.1.
In this case, we choose 17 LK A ORAND AND
CLK C CLK F c ∗ δ = 1 x = 0 oδ = 2 x = 0 δ = 2 x = 0 δ = 1 x = 0 i δ = 1 x = 0 δ = 1 x = 0 Figure 11: Circuit C NF used in Cases 1 and 2.1. AND OR δ = 1 x = 0 δ = εx = 0 δ = 1 x = 0 oδ = 1 x = 0 δ =1+ ε ′ x = 0 c ∗ i ε ′ = max(0 , δ − − δ inf ) 0 < ε < δ ∞ − δ inf − ε ′ Figure 12: Circuit C NC used in Case 2.2.(i) A = D > max(0 , δ ∞ − δ inf ) and large enough such that δ ( A − δ ∞ ) = δ ∞ . Such an A must exist, becauseof the assumption of Case 2.1.(ii) B, C, ε > B + C + ε + δ inf ≤ δ ∞ .(iii) 0 < ε ′ < B + C (iv) ε > δ ( − δ inf − ε ) ≥ δ ∞ − ε ′ . Such a value exists, since δ is continuous at − δ inf by the assumption of Case 2.1.(v) B + C > δ ( B + C − δ ∞ ) ≤ δ inf + ε .(vi) E = A + δ ∞ and F = B + C − ε ′ .Again, it is easy to verify that Assumptions (i)-(vi) are compatible with each other.Figures 13 and 14 depict signal s OR in absence and presence of a pulse.We next show by induction on k ≥ s OR ’s transition at time t k is delayed by δ ∞ , and thatthe channel’s output c ∗ ( s OR ) has value 0 during phase F of round k in the absence of a pulse within phase C of round k , and value 1 in the presence of a pulse. s OR ( t ) tt k A B C D Ac ∗ ( s OR )( t ) tt k E Fδ = δ ∞ δ = δ ∞ δ = δ ∞ Figure 13: Case 2.1: Input and Output of channel c ∗ in circuit C NF if phase C does not contain a pulse. Proof.
Assume the input signal s OR of channel c ∗ contains no pulse within phase C of round k . The signalis depicted in Fig. 13.Signal s OR ’s transition to value 1 at time t k is delayed by some δ . Clearly, if k = 0 (i.e., in round 0), δ = δ ∞ . As induction hypothesis assume in the following that signal s OR ’s transition at time t k is delayedby δ ∞ . We will show that this implies that signal s OR ’s transition at time t k +1 is delayed by δ ∞ .Obviously, the next transition of s OR back to value 0 at time t k + A is delayed by δ , where δ = δ ( A − δ ) = δ ( A − δ ∞ ) = δ ∞ , (13)by the choice of A according to Assumption (i). Further, by Assumption (i), A > δ ∞ − δ inf , implying thatno transition of s OR after time t k can cancel the transition of c ∗ ( s OR ) to 1 at time t k + δ .The transition of s OR to value 1 at time t k +1 = t k + A + B + C + D is delayed by δ , where δ = δ ( B + C + D − δ ) = δ ( B + C + D − δ ∞ ) = δ ∞ , k + 1 at time t k +1 will be delayed by δ ∞ ,which completes the inductive step. Since D > δ ∞ − δ inf >
0, by Assumption (i), it follows that c ∗ ( s OR )’stransition to 0 at time t k + A + δ is not canceled by any transition. By analogous arguments, the transitionto 1 at time t k +1 + δ is not canceled by any transition. Our choice of E and F in (vi) thus implies that thechannel output’s value is 0 during phase F of round k , see Fig. 13. Proof.
Now assume that there is a pulse within phase C of round k . The channel’s input and output signalsare depicted in Fig. 14.Signal s OR ’s initial transition to value 1 at time t k clearly is delayed by δ = δ ∞ if k = 0. As inductionhypothesis assume in the following that s OR ’s transition at time t k is delayed by δ ∞ . We will show that thisimplies that s OR ’s transition at time t k +1 is delayed by δ ∞ .By the same reasoning as in the proof before, c ∗ ( s OR )’s transition to 1 at time t k + δ is not canceled byany following transition. Further, s OR ’s transition back to value 0 at time t k + A is delayed by δ = δ ∞ .The transition of s OR to value 1 at time t k + A + u is delayed by δ , where δ = δ ( u − δ ) ≤ δ ( B + C − δ ∞ ) ≤ δ inf + ε , by Assumption (v). From (ii), we further obtain u + δ ≤ B + C + δ inf + ε ≤ δ ∞ . It follows thatthis output transition cancels the last output transition to 0.The transition of s OR back to value 0 at time t k + A + u + x is delayed by δ , where δ = δ ( x − δ ) ≥ δ ( − δ inf − ε ) ≥ δ ∞ − ε ′ , holds because of Assumption (iv).The transition of s OR to value 1 at time t k +1 is delayed by δ , where δ = δ ( y − δ ) ≥ δ ( D − δ ∞ ) = δ ∞ ,by Assumption (i), which completes the inductive step.Moreover, since D > δ ∞ − δ inf >
0, it follows that c ∗ ( s OR )’s transition to 0 at time t k + A + u + x + δ is not canceled by any transition. By similar arguments, c ∗ ( s OR )’s transition to 1 at time t k +1 + δ is notcanceled by any following transition.Assumption (vi) hence implies that c ∗ ( s OR )’s value is 1 during phase F of round k + 1, see Fig. 14. s OR ( t ) tt k A B C D Au x yc ∗ ( s OR )( t ) tt k E Fδ = δ ∞ = δ δ δ δ = δ ∞ Figure 14: Case 2.1: Input and Output of channel c ∗ in circuit C NF if phase C contains a pulse. Case 2.2.
For this case, circuit C NC depicted in Fig. 12 solves bounded SPF. The algorithm and its proofrest on the following idea: We first show in Lemma 12 that every channel c ∗ whose δ is in accordance withCase 2.2 does not produce pulses of length within the non-zero interval [max(0 , δ − − δ inf ) , δ ∞ − δ inf ). Theremaining part of circuit C NC thus just has to filter out all pulses with duration less than max(0 , δ − − δ inf )(ensured by the AND gate) and continuously hold all pulses of length δ ∞ − δ inf (done by the OR gate). Lemma 12.
Let c ∗ be a non-constant-delay non-forgetful channel chosen in accordance to Case 2.2. If thechannel’s input signal is a pulse, then its output signal is either or a pulse whose length is not within thenon-zero interval [max(0 , δ − − δ inf ) , δ ∞ − δ inf ] .Proof. Assume that δ ( − δ inf ) = δ ∞ ; the proof for the case δ ( − δ inf ) = δ − < δ ∞ is almost the same. Withoutloss of generality, assume that the input pulse starts at time 0 and let x > δ ∞ , the transition back to 0 is scheduled attime x + δ ( x − δ ∞ ). We distinguish two cases for the input pulse length x :In case x < δ ∞ − δ inf , we have δ ( x − δ ∞ ) ≤ δ − and the following two sub-cases: If additionally x ≤ δ ∞ − δ − ,then x + δ ( x − δ ∞ ) ≤ x + δ − ≤ δ ∞ , so the output events cancel. If δ ∞ − δ inf > x > δ ∞ − δ − , the length19 OR δ = 1 x = 0 δ = 1 x = 0 δ = αx = 0 δ = 1 x = 0 o Figure 15: Circuit C ev solving eventual SPF.of the output pulse is x + δ ( x − δ ∞ ) − δ ∞ < δ − − δ inf . This confirms the lower boundary of the “forbiddenpulse length interval” given in our lemma. In case of x ≥ δ ∞ − δ inf , on the other hand, δ ( x − δ ∞ ) = δ ∞ apulse with length x + δ ( x − δ ∞ ) − δ ∞ ≥ δ ∞ − δ inf is generated at the output of c ∗ , which also confirms theupper boundary of the interval.If we choose the circuit parameters in Fig. 12 according to ε ′ = max(0 , δ − − δ inf ) and 0 < ε < δ ∞ − δ inf − ε ′ ,it is not difficult to show that the resulting circuit C NC solves bounded SPF in Case 2.2: Properties (F1)to (F3) trivially hold for circuit C NC . To prove (F4), consider that if the input signal i is a pulse oflength 2 δ ∞ , the output signal s c ∗ ( i ) of c ∗ is a pulse of length at least δ ∞ . Thus, the output of the AND gate s AND is a pulse of length at least δ ∞ − ε ′ > ε , resulting in the circuit’s output o making a transition to 1and remaining 1 from there on.Property (F5) directly follows from Lemma 12: If s c ∗ ( i ) is a pulse of length smaller than max(0 , δ − − δ inf ) = ε ′ , then it is completely filtered out; s AND and hence o are hence permanently 0. Otherwise, by Lemma 12, s c ∗ ( i ) must be a pulse of length at least δ ∞ − δ inf . Thus, s AND is a pulse of length at least δ ∞ − δ inf − ε ′ > ε ,which is sufficiently long to be permanently captured in the storage looped formed by the OR gate. Thecircuit’s output o hence makes a transition to 1 and remains 1 from there on.Finally, (F6) is due to bounded channel delays. We proved that SPF is not solvable with constant-delay channels. In this section, we consider the weakereventual SPF problem, which drops the “no short pulses” requirement (F5) and replaces it with its eventualanalogon (F5e). We show that eventual SPF is solvable using only constant-delay channels. More specifically,we prove that circuit C ev in Fig. 15 solves eventual SPF. The circuit contains a delay parameter α , whichwe will choose to be a positive irrational like α = √ / ∆: It is in the order of O (∆ − − ε ) for all ε > C ev for time t are of the form t − ( αk + ℓ ) −
2, where k and ℓ are nonnegativeintegers. We can hence characterize the circuit’s behavior with the following obvious lemma. Lemma 13.
In every execution ( s v ) of circuit C ev , the following are equivalent: (i) s o ( t ) = 1 , and (ii) thereexist nonnegative integers k and ℓ such that s i (cid:0) t − ( αk + ℓ ) − (cid:1) = 1 . We may restrict our considerations to input pulses starting at time 0. In the following, let the inputsignal s i be a pulse of length ∆ >
0. We are looking for the stabilization time , which is the minimal time T = T (∆) such that, for all t ≥ T , we have s o ( t ) = 1.To prove finiteness and effective bounds on the stabilization time, we relate it to the number-theoreticconcept of discrepancy of the sequence ( αn ) modulo 1 (see, e.g., [10]). The discrepancy compares thenumber of sequence elements in a given interval with their expected number if the elements were uniformlydistributed.For a given nonempty subinterval ( x, y ] of (0 ,
1] and a given positive integer N , let A ( x, y ; N ) denote thenumber of αn ’s with n ≤ N that lie in the interval modulo 1: αn ∈ ( x, y ] + Z . The expected number of such20 n ’s is ( y − x ) N . The discrepancy D N ( α ) is then defined as the maximum difference between A ( x, y ; N )and ( y − x ) N , formed over all nonempty subintervals ( x, y ] of (0 , D N ( α ) /N → α is irrational. Also, if α has a bounded continuedfraction expansion, then D N ( α ) = O (log N ) and the constant can be computed [20]. This is, in particular,true for α = √ Lemma 14.
Let K = K (∆) be the least integer K such that for all real t there exists an integer k , ≤ k ≤ K ,with αk ∈ ( t − ∆ , t ] + Z . Then, T (∆) ≤ α · K (∆) + ∆ + 2 .Proof. The lemma is trivial if K = ∞ , so assume the contrary.Let t ≥ αK + ∆ + 2. By the definition of K , there exists a k with 0 ≤ k ≤ K and an ℓ such that t − ∆ − ℓ − < αk ≤ t − ℓ −
2, which is equivalent to 0 ≤ t − ( αk + ℓ ) − < ∆.By Lemma 13, it remains to prove that ℓ is nonnegative. The inequality t − ( αk + ℓ ) − < ∆ is equivalentto ℓ > t − ∆ − αk −
2. Noting − αk ≥ − αK and t ≥ αK + ∆ + 2 shows ℓ > Lemma 15.
Let < ∆ ≤ . If D N ( α ) /N < ∆ / , then K (∆) ≤ N .Proof. Suppose the contrary, i.e., that there exists a real t such that, for all n ≤ N , we have αn ( t − ∆ , t ]+ Z .Let 0 < x < y ≤ z < u ≤ t − ∆ , t ] + Z = (cid:0) ( x, y ] + Z (cid:1) ∪ (cid:0) ( z, u ] + Z (cid:1) modulo 1. None of the two intervals ( x, y ] and ( z, u ] contains an αn modulo 1 with n ≤ N . Hence A ( x, y ; N ) = A ( u, z ; N ) = 0, which implies 2 D N ( α ) ≥ ( y − x ) N + ( u − z ) N = ∆ N , a contradiction. Theorem 5.
Circuit C ev solves eventual SPF if α is irrational. If α = √ , the stabilization time satisfies T (∆) = O (∆ − − ε ) as ∆ → for all ε > .Proof. (F1) and (F2) are obviously fulfilled. Because all initial values of channels are 0, also (F3) holds.Because D N ( α ) /N → α is irrational, for all ∆ >
0, there exists some N such that D N ( α ) /N < ∆ /
2. Hence Lemma 15 and Lemma 14 show that T (∆) is finite, which shows (F4) and (F5e).We now prove the bound on the stabilization time. Let γ = − − ε < −
1. There exists a C > D N ( α ) ≤ C log N . Because 1 + 1 /γ >
0, there exists a C > N < C N /γ . Thus if N ≥ (cid:18) ∆2 C C (cid:19) γ then D N ( α ) N ≤ C log NN < C C N /γ ≤ ∆2 , which, by Lemma 15, implies K (∆) ≤ (cid:18) ∆2 C C (cid:19) γ + 1for all 0 < ∆ ≤
1. That is, K (∆) = O (∆ γ ) as ∆ → K (∆) → ∞ as ∆ →
0. Hence Lemma 14 implies T (∆) = O ( K (∆)) as ∆ → We showed that binary circuit models using bounded single-history channels, hence all binary models knownto date, fail to faithfully model glitch propagation: In case of constant-delay channels, SPF turned out tobe unsolvable, which is in contradiction to physical reality. In case of non-constant-delay channels, evenbounded SPF is solvable, again in contradiction to physical reality. Future binary models aiming at faithfulglitch propagation modeling hence cannot have the bounded single-history property.We hope that our results provide a signpost for future research on adequate binary circuit models:As confirmed by the fact that the weaker eventual SPF problem is already solvable with constant-delay21hannels, SPF is well suited for capturing the peculiarities of glitch propagation while not being overlyrestrictive. Moreover, in the proofs of our core results, we actually used weaker properties than actuallyguaranteed by single-history channels. It may hence be possible to re-use part of those for alternative weakerchannel models.
References [1] P.J. Ashenden,
The Designer’s Guide to VHDL , 3rd ed., Morgan Kaufmann, 2008.[2] J.C. Barros and B.W. Johnson, “Equivalence of the Arbiter, the Synchronizer, the Latch, and theInertial Delay,”
IEEE Trans. Computers , vol. 32, no. 7, pp. 603–614, July 1983.[3] M.J. Bellido-D´ıaz et al., “Logical Modelling of Delay Degradation Effect in Static CMOS Gates,”
IEEProc. Circuits, Devices, and Systems , vol. 147, no. 2, pp. 107–117, Apr. 2000.[4] M.J. Bellido-D´ıaz, J. Juan-Chico, and M. Valencia,
Logic-Timing Simulation and the Degradation DelayModel . London: Imperial College Press, 2006.[5] M.S. Branicky, “Universal Computation and Other Capabilities of Hybrid and Continuous DynamicalSystems,”
Theoretical Computer Science , vol. 138, no. 1, pp. 67–100, Feb. 1995.[6] J.A. Brzozowski and J.C. Ebergen, “On the Delay-Sensitivity of Gate Networks,”
IEEE Trans. Com-puters , vol. 41, no. 11, pp. 1349–1360, Nov. 1992.[7] C. Constantinescu, “Trends and Challenges in VLSI Circuit Reliability,”
IEEE Micro , vol. 23, no. 4,pp. 14–19, July 2003.[8] D. Dolev et al., “Fault-Tolerant Algorithms for Tick-Generation in Asynchronous Logic: Robust PulseGeneration (Extended Abstract),”
Proc. 13th Int’l Symp. Stabilization, Safety, and Security of Dis-tributed Systems (SSS’11) , LNCS 6976, Springer, pp. 163–177, Oct. 2011.[9] S. Dolev,
Self-Stabilization , MIT Press, 2000.[10] M. Drmota and R.F. Tichy,
Sequences, Discrepancies, and Applications , Springer, 1997.[11] G. Fuchs, M. F¨ugger, and A. Steininger, “On the Threat of Metastability in an Asynchronous Fault-Tolerant Clock Generation Scheme,”
Proc. 15th IEEE Int’l Symp. Asynchronous Circuits and Systems(ASYNC’09) , pp. 127–136, May 2009.[12] M. F¨ugger and U. Schmid, “Reconciling Fault-Tolerant Distributed Computing and Systems-on-Chip”,
Distributed Computing
IEEE Trans.Nuclear Science , vol. 53, no. 6, pp. 3466–3471, Dec. 2006.[14] D.J. Kinniment,
Synchronization and Arbitration in Digital Systems , Wiley, 2007.[15] L.R. Marino, “The Effect of Asynchronous Inputs on Sequential Network Reliability,”
IEEE Trans.Computers , vol. 26, no. 11, pp. 1082–1090, Nov. 1977.[16] L.R. Marino, “General Theory of Metastable Operation,”
IEEE Trans. Computers , vol. 30, no. 2,pp. 107–115, Feb. 1981.[17] M.S. Maza and M.L. Aranda, “Analysis of Clock Distribution Networks in the Presence of Crosstalk andGroundbounce,”
Proc. 8th Int’l IEEE Conf. Electronics, Circuits, and Systems (ICECS’01) , pp. 773–776, Sep. 2001. 2218] M. Mendler and T. Stroup, “Newtonian Arbiters Cannot Be Proven Correct,”
Formal Methods in SystemDesign , vol. 3, no. 3, pp. 233–257, Dec. 1993.[19] F.U. Rosenberger et al., “Q-Modules: Internally Clocked Delay-Insensitive Modules,”
IEEE Trans.Computers , vol. 37, no. 9, pp. 1005–1018, Sep. 1988.[20] J. Schoissengeier, “The Discrepancy of ( nα ) n ≥ ,” Mathematische Annalen , vol. 296, no. 1, pp. 529–545,Dec. 1993.[21] I.E. Sutherland, “Micropipelines,”
Comm. ACM , vol. 32, no. 6, pp. 720–738, June 1989.[22] S.H. Unger, “Asynchronous Sequential Switching Circuits with Unrestricted Input Changes,”