# Exact Two-Level Minimization of Hazard-Free Logic with Multiple-Input Changes Steven M. Nowick and David L. Dill, Member, IEEE Abstract—This paper describes a new method for exact hazard-free logic minimization of Boolean functions. Given an incompletely-specified Boolean function, the method produces a minimum-cost sum-of-products implementation which is hazard-free for a given set of multiple-input changes, if such a solution exists. The method is a constrained version of the Quine-McCluskey algorithm. It has been automated and applied to a number of examples. Results are compared with results of a comparable non-hazard-free method (espresso-exact [33]). Overhead due to hazard elimination is shown to be negligible. #### I. INTRODUCTION THERE HAS BEEN renewed interest in asynchronous design because of the potential benefits of improved system performance, modular design, and avoidance of clock skew [28], [15], [22], [38], [16], [23], [10], [8], [3], [24], [37], [2]. However, a major obstacle to correct asynchronous design is the problem of *hazards*, or undesired glitches in a circuit [35]. The elimination of all hazards from asynchronous designs is an important and difficult problem. Many existing design methods do not guarantee freedom from all hazards; other methods are limited by harsh restrictions on input behavior (single-input changes only) or implementation style (the use of large, slow inertial delays) to insure correct operation. The focus in this paper is on a particular class of hazards: hazards in combinational logic. The design of hazard-free combinational logic is critical to the correctness of most asynchronous designs. Our goal is the synthesis of combinational logic which avoids all combinational hazards for a given set of multiple-input changes. In the following presentation, our focus is on combinational circuits which function correctly assuming arbitrary gate and wire delays. We do not consider circuits which depend on bounded delay assumptions for correct operation or which make use of added delay elements to fix or filter out glitches. The contribution of this paper is a solution to an open problem in logic synthesis: Given an incompletely-specified Boolean function and a set of multiple-input changes, produce an exactly minimized two-level implementation which is hazard-free for every specified multiple-input change, if such Manuscript received December 18, 1992; revised January 25, 1995. This work was supported by the Semiconductor Research Corporation, Contract 92-DJ-205, and by the Stanford Center for Integrated Systems, Research Thrust in Synthesis and Verification of Multi-Module Systems. This paper was recommended by Associate Editor L. H. Trevillyan. S. M. Nowick is with the Department of Computer Science, Columbia University, New York, NY 10027 USA. D. L. Dill is with the Department of Computer Science, Stanford University, Stanford, CA 94305 USA. IEEE Log Number 9412312. a solution exists. The method is a constrained version of the Quine–McCluskey algorithm [19]. It has been automated and applied to a number of examples. Results are compared with results of a comparable non-hazard-free method (espressoexact [33]). Overhead due to hazard elimination is shown to be negligible. The method solves a general combinational synthesis problem which arises in many asynchronous design methods. Indeed, it has already been incorporated into synthesis programs for three distinct asynchronous design styles: *locally-clocked* [25], [29], [28], [31], 3D [38], and *UCLOCK* [26] methods. #### A. Previous Work Much of the original work on combinational hazards was limited to the case of *single-input change (SIC)* transitions. Methods for detecting and eliminating combinational hazards for single-input changes were developed by Huffman, McCluskey, and Unger and are described in [35]. Eichelberger [11] extended this work to a particular class of *multiple-input change (MIC)* transitions: *static transitions*. There are two types of static hazards: *function* and *logic* hazards (see Section III below for definitions). Static function hazards cannot be removed; static logic hazards can be eliminated using a sum-of-products implementation containing every prime implicant. Other methods have been developed for selective static hazard elimination. Combinational function and logic hazards for MIC dynamic transitions were identified in [35], [7], and [4]. Unger [35], Bredeson and Hulina [7], [6], Beister [4], and Frackowiak [12] presented conditions to avoid dynamic logic hazards in two-level and multilevel circuits during multiple-input changes. They also indicate that these conditions cannot always be satisfied. No general two-level hazard-free logic minimization method has been proposed for incompletely-specified functions allowing multiple-input changes. McCluskey [18] presented an exact hazard-free two-level minimization algorithm restricted to SIC transitions. Several hazard-free minimization methods have been proposed allowing MIC transitions, but each has limitations. Bredeson and Hulina [7] introduced an algorithm which produces hazard-free sum-of-products implementations for multiple-input changes. However, the algorithm uses sequential storage elements to implement combinational functions, where storage elements must satisfy special timing constraints. Bredeson [6] presented an algorithm for hazard-free multilevel implementation of combinational functions with MIC transitions, using no storage elements. However, the algorithm does not demonstrate optimality, assumes a fully-specified function, and attempts to eliminate hazards even for unspecified transitions; in practice, results may be far from optimal. The algorithm also cannot generate certain minimal two-level implementations (if they include nonprime implicants; to be discussed later). Closer to our work, Frackowiak [12] presented two exact hazard-free minimization algorithms for sum-of-products implementations allowing multiple-input changes, assuming a fully-specified function. Both algorithms eliminate dynamic hazards for specified transitions. However, the first ignores static hazards; the second attempts to eliminate static hazards even for unspecified transitions. Therefore, results may be either hazardous or suboptimal. ### B. Organization of the Paper The paper is organized as follows. Section II gives basic definitions. Section III gives background on circuit and delay models, as well as hazards. Section IV presents conditions to eliminate hazards for a given MIC transition. Section V presents conditions to eliminate hazards for a set of MIC transitions. Section VI describes a new exact hazard-free minimization algorithm, and Section VII illustrates the algorithm on an example. Section VIII discusses the existence of a hazard-free solution, and Section IX compares the algorithm with two algorithms of Frackowiak. Section X describes a program implementation, Section XII presents results, and Section XII describes conclusions. # II. DEFINITIONS The following definitions are taken from [32] and [33] with minor modifications (see also [5] and [19]). Only single-output functions having binary input and output variables are considered. Define sets $P = \{0,1\}$ and $B = \{0,1,*\}$ . A Boolean function, f, of n variables, $x_1, x_2, \dots, x_n$ , is defined as a mapping: $f: P^n \to B$ . The value "\*" in B represents a don't-care value of the function. Each element in the domain $P^n$ of function f is called a *minterm* of the function. A minterm is also called an *input state* of the function. The ON-set of a function is the set of minterms for which the function has value 1. The OFF-set is the set of minterms for which the function has value 0. The DC-set (don't-care set) is the set of minterms for which the function has value "\*". : A literal is a Boolean function of n variables, $x_1, x_2, \cdots, x_n$ , defined as follows. Each variable, $x_i$ , has three corresponding literals: $\mathbf{x}_i, \overline{\mathbf{x}_i}$ and $\mathbf{x}_i^*$ . Literal $\mathbf{x}_i = 1$ for a minterm if and only if variable $x_i$ in the minterm has value 1; literal $\overline{\mathbf{x}_i} = 1$ if and only if $x_i$ has value 0; and $\mathbf{x}_i^* = 1$ if $x_i$ has value 0 or 1 (don't-care literal). A *product* term is a Boolean product (AND) of literals. If a product term evaluates to 1 for a given minterm, the product term is said to *contain* the minterm. A *cube* is a set of minterms which can be described by a product term. A sum-of-products represents a set of products; it is denoted by Boolean sum of product terms. A sum-of-products is said to contain a minterm if some product in the set contains the minterm. A product Y contains a product X ( $X \subseteq Y$ ) if the cube for X is a subset of the cube for Y. The intersection of products X and Y is the set of minterms contained in the intersection of the corresponding cubes. An *implicant* of a function is a product term which contains no minterm in the function's OFF-set. A *prime implicant* of a function is an implicant contained in no other implicant of the function. An *essential prime implicant* is a prime implicant containing an ON-set minterm contained in no other prime implicant. A cover of a Boolean function is a sum-of-products which contains all of the minterms of the ON-set of the function and none of the minterms of the OFF-set. A cover may also include minterms from DC-set. A standard cost function for covers is assumed where each implicant has the same cost.<sup>1</sup> The two-level logic minimization problem is to find a minimum-cost cover of a function. #### III. BACKGROUND AND PROBLEM STATEMENT #### A. Circuit and Delay Model This paper considers combinational circuits which have arbitrary finite gate and wire delays [21], [18]. In this model, each wire is described as a connection with an attached delay element, modeling the total wire delay. Each gate is described by an instantaneous Boolean operator with a delay element attached to its output, modeling the total gate delay. These delays may have arbitrary finite values. Since delay elements are attached only to wires, this model has been called the unbounded wire delay model. A pure delay model is assumed as well [4]. A pure delay can delay the propagation of a waveform, but does not otherwise alter it. That is, unlike the *inertial delay* model [35], this model conservatively assumes that glitches are not filtered out by delays on gates and wires. A delay assignment is an assignment of fixed, finite delay values to every gate and wire in a circuit. # B. Multiple-Input Changes A transition cube [4], [6] is a cube with a start point and an end point. Given input states A and B, the transition cube [A,B] from A to B has start point A and end point B and contains all minterms that can be reached during a transition from A to B. More formally, if A and B are described by products, with ith literals $A_i$ and $B_i$ , respectively, then the ith literal for the product of [A,B] is the Boolean function $A_i + B_i$ . (Note that the sum of complementary literals x and $\overline{x}$ is the don't-care literal, $x^*$ .) The open transition cube [A, B) from A to B is defined as: $[A, B] - \{B\}$ . <sup>&</sup>lt;sup>1</sup>The cost function can be generalized for single-output functions to include literal-count as a secondary cost (see discussion in [32], p. 14). A multiple-input change, or input transition, from input state A to B is described by the transition cube [A,B]. There are three properties which characterize a multiple-input change. First, inputs change concurrently, in any order and at any time. (Equivalently, a simultaneous input change can be assumed, since the inputs may be skewed arbitrarily by wire delays.) Second, inputs change monotonically: each input changes value at most once. And, finally, the input change occurs in $fundamental\ mode$ : once a multiple-input change occurs, no further input changes may occur until the circuit has stabilized. An input transition occurs during a transition interval, $t_I \le t \le t_F$ , where inputs change at time $t_I$ and the circuit returns to a steady state at time $t_F$ [4]. An input transition from input state A to B for a Boolean function f is a static transition if f(A) = f(B); it is a dynamic transition if $f(A) \neq f(B)$ . In this paper, only static and dynamic transitions are considered where f is fully defined; that is, for every $X \in [A, B], f(X) \in \{0, 1\}$ . #### C. Function Hazards A function f which does not change monotonically during an input transition is said to have a *function hazard* in the transition. The following definitions are from Bredeson and Hulina [7] (see also [11], [6], [4], [20]). **Definition:** A Boolean function f contains a *static function hazard* for the input transition from A to C if and only if: - 1) f(A) = f(C); and - 2) there exists some input state $B \in [A, C]$ such that $f(A) \neq f(B)$ . **Definition:** A Boolean function f contains a *dynamic* function hazard for the input transition from A to D if and only if: - 1) $f(A) \neq f(D)$ . - 2) There exist a pair of input states B and C such that - a) $B \in [A, D]$ and $C \in [B, D]$ ; and - b) f(B) = f(D) and f(A) = f(C). If a transition has a function hazard, *no* implementation of the function is guaranteed to avoid glitches during the transition, assuming arbitrary gate and wire delays [11], [7]. Therefore, we consider only transitions which are free of function hazards (cf. [11], [6], and [4]). Example: The function f of Fig. 1 has a static function hazard for the multiple-input change from i to k, since f(i) = f(k) = 1, f(j) = 0, and $j \in [i,k]$ . The function has a dynamic function hazard for the transition from g to j, since f(g) = 1, f(j) = 0, $h \in [g,j]$ , $i \in [h,j]$ , f(g) = f(i) = 1 and f(h) = f(j) = 0. The input transition from k to m is free of static function hazards, and the input transition from n to p is free of dynamic function hazards. $\square$ # D. Logic Hazards ١ If f is free of function hazards for a transition from input A to B, it may still have hazards due to possible delays in the actual logic realization [35], [7], [4]. In the following discussion, a signal is called "monotonic" during a transition interval if it changes at most once. Fig. 1. Boolean function with function hazards. **Definition:** A combinational circuit for a function f contains a *static logic hazard* for the input transition from minterm A to minterm B if and only if: - 1) f is function-hazard-free for the input transition. - 2) f(A) = f(B). - For some delay assignment, the circuit's output is not monotonic during the transition interval. **Definition:** A combinational circuit for a function f contains a *dynamic logic hazard* for the input transition from minterm A to minterm B if and only if: - 1) f is function-hazard-free for the input transition. - 2) $f(A) \neq f(B)$ . - For some delay assignment, the circuit's output is not monotonic during the transition interval. # E. Two-Level Hazard-Free Logic Minimization Problem The two-level hazard-free logic minimization problem can now be stated as follows: Given: A Boolean function f, and a set, T, of specified function-hazard-free (static and dynamic) input transitions of f. Find. A minimum-cost cover of f whose AND-OR implementation is free of logic hazards for every input transition $t \in T$ . # IV. CONDITIONS FOR A HAZARD-FREE TRANSITION This section presents conditions to insure that a sumof-products implementation is hazard-free for a given input transition. The next section will consider the problem of eliminating hazards for a *set* of input transitions. Assume that [A, B] is the transition cube corresponding to a function-hazard-free transition from input state A to B for a combinational function f. In the following discussion, it is assumed that C is any cover of f implemented in AND-OR logic. (It is further assumed that no product contains a pair of complementary literals, otherwise additional hazards are possible [35].) The following lemmas present necessary and sufficient conditions to insure that the AND-OR implementation of f has no logic hazards for the given specified transition: **Lemma 1:** If f has a $0 \to 0$ transition in cube [A, B], then the implementation is free of logic hazards for the input change from A to B. Fig. 2. Hazardous and hazard-free covers for a $1 \rightarrow 1$ input transition. **Lemma 2:** If f has a $1 \to 1$ transition in cube [A, B], then the implementation is free of logic hazards for the input change from A to B if and only if [A, B] is contained in some cube of cover C. The conditions for the $0 \to 1$ and $1 \to 0$ cases are symmetric. Without loss of generality, we can consider only a dynamic $1 \to 0$ transition, where f(A) = 1 and f(B) = 0. (A $0 \to 1$ transition from A to B has the same hazards as a $1 \to 0$ transition from B to A.) **Lemma 3:** If f has a $1 \to 0$ transition in cube [A, B], then the implementation is free of logic hazards for the input change from A to B if and only if every cube $c \in C$ intersecting [A, B] also contains A. *Proof:* These results follow immediately from pp. 128–129 in [35] and Theorem 3.4 in [12]. See also, Theorem 4 in [7], Lemmas 2 and 3 in [6], Theorem 4.5 in [35], and [4]. Lemma 2 requires that in a $1 \to 1$ transition, *some* product holds its value at 1 throughout the transition. Lemma 3 insures that no product will glitch *in the middle* of a $1 \to 0$ transition: all products change value monotonically during the transition. In each case, the implementation will be free of hazards for the given transition. : An immediate consequence of Lemma 3 is that, if a dynamic transition is free of logic hazards, then every static subtransition will be free of logic hazards as well: **Corollary 1:** If f has a $1 \to 0$ transition from input state A to B which is hazard-free in the implementation, then, for every input state $X \in [A, B)$ where f(X) = 1, the transition subcube [A, X] is contained in some cube of cover C. *Proof:* Since C is a cover of function f, there exists some cube $c \in C$ which contains X. Since f is hazard-free in the transition from A to B, then, by Lemma 3, cube c contains A as well; therefore c contains [A, X]. Fig. 3. Hazardous and hazard-free covers for a $1 \rightarrow 0$ input transition. **Corollary 2:** If f has a $1 \to 0$ transition from input state A to B which is hazard-free in the implementation then for every input state $X \in [A,B)$ , where f(X)=1, the static $1 \to 1$ transition from input state A to X is free of logic hazards. *Proof:* Immediate from Lemma 2 and Corollary 1. $\square$ Lemma 2 and Corollary 1 define the covering requirement for a hazard-free transition. The cube [A,B] in Lemma 2 and the *maximal* subcubes [A,X] in Corollary 1 are called **required cubes.** These cubes define the ON-set of the function in a transition. Each required cube *must* be contained in some cube of cover C to insure a hazard-free implementation. Lemma 3 constrains the implicants which may be included in a cover C. Each $1 \to 0$ transition cube is called a **privileged cube**, since no cube c in the cover may intersect it unless c contains its *start point*. If a cube intersects a privileged cube but does not contain its start point, it *illegally intersects* the privileged cube and may not be included in the cover. # Hazard Example Figs. 2 and 3 illustrate the conditions of Lemmas 2 and 3 and the two Corollaries. Each figure shows a multiple-input change where inputs a and b change from 0 to 1. The transition is described by a state graph, which represents a portion of a Karnaugh map for the given transition. A state graph can be used to describe transitions within a Karnaugh map. For example, if the top vertex in the state graph of Fig. 2(a) corresponds to abcd=0000 in the Karnaugh map of Fig. 1, then the left, right and bottom vertices of the state graph would correspond to abcd=1000,0100, and 1100, respectively, in the Karnaugh map. In this case, the state graph indicates an input transition from abcd=0000 to 1100. Fig. 2 shows a $1 \rightarrow 1$ transition and two covers. The cover in Fig. 2(a) is hazardous. The cubes in the cover, M and N, correspond to AND-gates in the final AND-OR implementation. Initially, the M AND-gate is high and the N AND-gate is low. During the transition, the M AND-gate goes low and the N AND-gate goes high. For certain delays, however, the M AND-gate may go low before the N AND-gate goes high, and the circuit output will glitch (see timing diagram). The cover in Fig. 2(b) is hazard-free. As required by Lemma 2, the cover contains a product, P, which completely contains the transition cube. This product corresponds to an AND-gate in the implementation which holds its value at l throughout the transition. Therefore, the circuit output is glitch-free (see timing diagram). Fig. 3 shows a $1 \to 0$ transition and two covers. The cover in Fig. 3(a) is hazardous: cubes R and S both illegally intersect the transition. First, consider the subtransition where only input a changes; the output must remain at 1. Therefore, this subtransition is a $1 \to 1$ transition. However, no single product in the cover contains this subtransition cube, so Corollary 1 is violated and the subtransition has a static hazard. Alternatively, consider the case where input b changes first. This subtransition is free of static hazards, since product Q covers the subtransition. However, a problem remains for the entire dynamic transition: product R intersects the transition cube illegally, and so Lemma 3 is violated. This stray product corresponds to an AND-gate in the implementation. Initially, this AND-gate is low; it may then go high and then eventually it will go low. During a $1 \rightarrow 0$ transition, such a glitch on an AND-gate can propagate as a glitch to the AND-OR circuit output, so the transition has a dynamic hazard (see timing diagram). The cover in Fig. 3(b) is hazard-free. Each $1 \rightarrow 1$ subtransition is completely contained in a product of the cover and there are no illegal intersections (see timing diagram). #### V. HAZARD-FREE COVERS The previous section described conditions to eliminate hazards in a given input transition. This section describes conditions to eliminate hazards for a *set* of input transitions. A hazard-free cover of function f is a cover of f whose AND-OR implementation is hazard-free for a given set of specified input transitions. It is assumed below that this set of input transitions completely defines the function: the circuit must be hazard-free for each specified transition, and for all other input states the function is undefined (i.e., don't-care value). The following new theorem describes all hazard-free covers for function f for a set of multiple-input transitions. **Theorem 1: Hazard-Free Covering Theorem:** A sumof-products C is a hazard-free cover for function f for a set of specified input transitions if and only if: - a) No cube of C intersects the OFF-set of f; - b) Each required cube of f is contained in some cube of C: and - c) No cube of C intersects any privileged cube illegally. *Proof:* The result follows immediately from Lemmas 1-3, Corollary 1, and the definitions of hazard-free cover, required cubes and privileged cubes. Conditions a)-c) insure that the function is covered correctly and hazard-free covering requirements are met for each specified input transition. Conditions a) and c) in Theorem 1 determine the implicants which may appear in a hazard-free cover of a Boolean function f. Condition b) determines the covering requirement for these implicants in a hazard-free cover. Therefore, Theorem 1 precisely characterizes the unate covering problem for hazard-free two-level logic. In general, the covering conditions of Theorem 1 may not be satisfiable, given an arbitrary Boolean function and set of transitions (cf. [35], [4], [12]). This case occurs if conditions b) and c) cannot be satisfied simultaneously. It is discussed further in Section VIII. #### VI. EXACT HAZARD-FREE LOGIC MINIMIZATION Many exact logic minimization algorithms are based on the Quine–McCluskey algorithm [32], [33], [19]. The Quine–McCluskey algorithm solves the two-level logic minimization problem. It has three steps: - 1) Generate the prime implicants of a function; - 2) Construct a prime implicant table; and - 3) Generate a minimum cover of this table. This section describes a two-level *hazard-free* logic minimization algorithm based on a constrained version of the Quine–McCluskey algorithm. Only certain implicants may be included in a hazard-free cover, and covering requirements are more restrictive. We base our approach on the Quine–McCluskey algorithm to demonstrate a simple solution to the hazard-free minimization problem. There now exist much more efficient algorithms than Quine–McCluskey [32], [33]; the hazard-elimination techniques described here can be applied to these methods as well. In the presentation below, we consider only binary-valued single-output functions. The algorithm can be extended to multivalued and multioutput functions. Theorem 1a) and c) define which implicants may appear in a hazard-free cover of a Boolean function f. A dynamic-hazard-free implicant, or dhf-implicant, is an implicant which does not intersect any privileged cube of f illegally (cf. DHA-Implikant [12]). Only dhf-implicants may appear in a hazard-free cover. A dhf-prime implicant is a dhf-implicant contained in no other dhf-implicant which contains a required cube contained in no other dhf-prime implicant which contains a required cube contained in no other dhf-prime implicant. Interestingly, a prime implicant is not dhf-prime if it intersects a privileged cube illegally. A dhf-prime implicant may be a proper subcube of a prime implicant for the same reason. Theorem 1b) defines the covering requirement for a hazard-free cover of f: every required cube of f must be covered, that is, contained in some cube of the cover. The two-level hazard-free logic minimization problem, therefore, is to find a minimum-cost cover of a function using only dhf-prime implicants where every required cube is covered. #### TABLE I STEP 0: ALGORITHM MAKE-SETS Algorithm Make-Sets (set T of input transitions): req-set = {}; off-set = {}; priv-set = {}; for each transition t of T A = start point of t; B = end point of t; t-cube = [A,B]; case (t) 0 → 0 transition: add t-cube to off-set; 1 → 1 transition: add t-cube to req-set; 1 → 0 (or 0 → 1) transition: add each maximal ON-set subcube to req-set; add each maximal OFF-set subcube to off-set; add t-cube and its start-point A to priv-set; return (req-set, off-set, priv-set). Our hazard-free minimization algorithm has the following steps: - 1) Generate the dhf-prime implicants of a function; - 2) Construct a dhf-prime implicant table; and - 3) Generate a minimum cover of this table. **Step 0: Make Sets:** Before generating dhf-prime implicants, three sets must be constructed: the *req-set*, the *off-set*, and the *priv-set*. The req-set contains the required cubes for function f; it also defines the ON-set of the function. The off-set contains cubes precisely covering the OFF-set minterms. The priv-set is the set of privileged cubes along with their start points. These sets are generated by a simple iteration through every specified transition of the given function, using Algorithm **Make-Sets** (see Table I). If the function has a $0 \to 0$ change for a transition, the corresponding transition cube is added to the off-set. If the function has a $1 \to 1$ change, the transition cube is added to the req-set. If the function has a $1 \to 0$ transition (or symmetrically, a $0 \to 1$ transition), then the maximal ON-set cubes are added to req-set and the maximal OFF-set cubes are added to off-set. In addition, the transition cube and its start point are added to the priv-set, since this transition cube cannot be illegally intersected. (A $0 \to 1$ transition from input state x to y is considered to be a $1 \to 0$ transition from input state y to x, so it has "start point" y.) Step 1. Generate DHF-Prime Implicants: The dhf-prime implicants for function f are generated in two steps. The first step generates the prime implicants of f from the reqset (which defines the on-set) and the off-set, using existing techniques [32], [33]. The second step transforms these prime implicants into dhf-prime implicants using algorithm PI-to-DHF-PI. This algorithm is a simpler version of Algorithm B in [12]. The algorithm iteratively refines the set of prime implicants into the set of dhf-prime implicants. In practice, many prime implicants are also dhf-prime implicants (see Section XI). Also, there are fast existing algorithms to generate the prime implicants of a function [33], [17]. Pseudo-code for the algorithm is given in Table II. Variable tmp-set is initialized to the set of prime implicants. The algorithm iteratively removes each implicant, p, from tmp-set. If p has no illegal intersections with any cube of priv-set, it is a dhf-implicant; it is placed in dhf-pi-set. # TABLE II STEP 1: ALGORITHM PI-TO-DHF-PI Algorithm PI-to-DHF-PI (pi-set, priv-set) tmp-set = pi-set; dhf-pi-set = {}; while (not empty (tmp-set)) remove a cube p from tmp-set; if (p has no illegal intersections with any cube of priv-set) add p to dhf-pi-set; else /\* p illegally intersects a priv-set cube; \*/ /\* reduce p to avoid intersection \*/ c = any cube of priv-set which p intersects illegally; for (each input variable v which appears as a don't-care literal in p and as literal v or v' in c) p-red = the maximal subcube of p where v is set to the complement of its value in c; add p-red to tmp-set; delete all cubes in dhf-pi-set contained in other cubes; return (dhf-pi-set). If p illegally intersects some privileged cube c in priv-set, then cube p is split, or reduced, in every possible way by a single variable to avoid intersecting c. The reduced cubes are returned to tmp-set. In general, these reduced cubes may have new illegal intersections: a reduced cube, p-red, may illegally intersect a priv-set cube, c, even if p legally intersects c. The algorithm terminates when *tmp-set* is empty. The resulting cubes in *dhf-pi-set* are all dhf-implicants. In addition, it is easily proved that the algorithm generates all dhf-prime implicants. Subcubes of other cubes in dhf-pi-set are removed by single-cube containment; the result is the set of dhf-prime implicants. As an optimization, implicants can be eliminated that *contain no required cubes*. If a dhf-implicant contains no required cubes, it can always be removed from a cover to yield a lowercost solution. (Note that a dhf-prime implicant may intersect the ON-set and yet contain no required cube; see Experimental Results, Section XI.) Step 2. Generate DHF-Prime Implicant Table: A dhf-prime implicant table is constructed for the given function. The rows of the table are labeled with the dhf-prime implicants used to cover the columns. The columns are labeled with the required cubes which must be covered. The table sets up the two-level hazard-free logic minimization problem as a unate convering problem. Step 3. Generate a Minimum Cover: The dhf-prime implicant table is solved in three steps, using simple standard techniques. More sophisticated techniques can also be applied [32], [33], [5], [19]. First, essential dhf-prime implicants are extracted using standard techniques. Second, the flow table is iteratively reduced. Rows and columns of the table may be removed using *row-dominance* and *column-dominance* operations, respectively. These operations may lead to further opportunities for (*secondary*) essential dhf-prime implicant removal. The operations are iterated until there is no further change. Finally, if the table is still non-empty, a covering problem remains (cyclic covering problem). It is solved using an exhaustive algorithm called Petrick's method [19] (mincov [33] can be used as well). Each column lists implicants which cover a required cube. The column is translated into a Boolean sum Fig. 4. Hazard-free minimization example: **Step 0**. (a) Karnaugh map with input transitions. (b) req-set cubes. (c) off-set cubes. (d) priv-set cubes. of rows; the covering problem for the table can be stated as a Boolean product of these sums. This product is multiplied out to generate all possible solutions. A minimal solution is then selected. # VII. HAZARD-FREE MINIMIZATION EXAMPLE The Karnaugh map from Fig. 1 is reproduced in Fig. 4 (the function is slightly modified from Example 3.4 of [12]). Set $T = \{t_1, t_2, t_3, t_4\}$ contains four *specified* function-hazard-free input transitions. Each transition $t_i$ is described by a transition cube $C_i$ with start point $m_i$ : $$\begin{array}{lll} t_1 \colon & m_1 = ab'c'd & & C_1 = ac' \\ t_2 \colon & m_2 = ab'cd' & & C_2 = ab'c \\ t_3 \colon & m_3 = a'bc'd' & & C_3 = a'c' \\ t_4 \colon & m_4 = a'bcd & & C_4 = c \end{array}$$ The input transitions are shown in Fig. 4(a). The start point of each transition is described by a dot, and the transition cube is described by a dotted circle. **Step 0. Make Sets:** The req-set, off-set and priv-set are generated using Algorithm *Make-Sets*, as illustrated in Fig. 4(b). $$\begin{array}{llll} t_1 \colon & req\text{-}cube\text{-}1 = ac' & t_4 \colon & req\text{-}cube\text{-}4 = a'c \\ t_2 \colon & off\text{-}cube\text{-}1 = ab'c & req\text{-}cube\text{-}5 = bcd \\ t_3 \colon & req\text{-}cube\text{-}2 = a'c'd' & off\text{-}cube\text{-}3 = acd' \\ & req\text{-}cube\text{-}3 = a'bc' & off\text{-}cube\text{-}4 = ab'c \\ & off\text{-}cube\text{-}2 = a'b'c'd & priv\text{-}cube\text{-}2 = c \\ & priv\text{-}cube\text{-}1 = a'c' & priv\text{-}start\text{-}2 = a'bcd \\ & priv\text{-}start\text{-}1 = a'bc'd' & \\ \end{array}$$ Fig. 5. Hazard-free minimization example: **Step 1**. (a) Prime implicants with no illegal intersections. (b) Prime implicant p6 has illegal intersection. (c) First reduction of p6 (with new illegal intersection). (d) Final reduction of p6 (no illegal intersections). (e) Prime implicant p7 has illegal intersection. (f) Final reduction of p7 (no illegal intersections). The final three sets produced by the algorithm are: $$req\text{-}set = \{ac', a'e'd', a'bc', a'c, bcd\},$$ $$off\text{-}set = \{ab'c, a'b'c'd, acd', ab'c\},$$ $$priv\text{-}set = \{\langle a'bc'd', a'c' \rangle, \langle a'bcd, c \rangle\}.$$ **Step 1. Generate DHF-Prime Implicants:** First, prime implicants are generated from the req-set and off-set: $$p_1 = c'd'$$ $p_5 = a'c$ $p_2 = a'b$ $p_6 = bd$ $p_3 = bc'$ $p_7 = a'd'$ Prime implicants are transformed into dhf-prime implicants using Algorithm Pl-to-DHF-Pl. The steps of the algorithm are illustrated in Fig. 5. Prime implicants $p_1$ through $p_5$ do not illegally intersect priv-set cubes priv-cube-l or priv-cube-l. As shown in Fig. 5(a), prime implicant $p_1$ intersects priv-cube-l and contains its start point. Prime implicants $p_2$ intersects both priv-cube-l and priv-cube-l and priv-cube-l and contains both start points. Prime implicants $p_4$ intersects neither priv-set cube. Similarly, TABLE III HAZARD-FREE MINIMIZATION EXAMPLE: Step 2 | | required cubes | | | | | | | |----------------------|----------------|--------|-------|-----|-----|--|--| | dhf-prime implicants | ac' | a'c'd' | a'bc' | a'c | bcd | | | | $p_1=c'd'$ | | X | | | | | | | $p_2=a'b$ | | | X | | | | | | $p_3=bc'$ | | | X | | | | | | $p_4=ac'$ | X | | | | | | | | $p_5=a'c$ | | | | X | | | | | $p_{61} = bcd$ | | | | | X | | | Fig. 6. Hazard-free minimization example: **Step 3**. (a) Minimum hazard-free cover (5 products). (b) Minimum non-hazard-free cover (4 products). $p_3$ and $p_5$ have no illegal intersections. These prime implicants are therefore dhf-prime implicants. However, prime implicant $p_6$ illegally intersects priv-cube-1, since it intersects the cube $(bd \cap a'c' \neq \phi)$ but does not contain its start point $(a'bc'd' \notin bd)$ ; see Fig. 5(b)). The algorithm splits $p_6$ into two subcubes: $p_{61} = bcd$ and $p_{62} = abd$ (see Fig. 5(c)). Cube $p_{61}$ has no illegal intersections. However, $p_{62}$ illegally intersects priv-cube-2 (even though $p_6$ legally intersects priv-cube-2; see Fig. 5(b)). Cube $p_{62}$ is again reduced to $p_{621} = abc'd$ , which has no illegal intersections (see Fig. 5(d)). Similarly, prime implicant $p_7$ illegally intersects *priv-cube*-2, since $a'd' \cap c \neq \phi$ and $a'bcd \notin a'd'$ (see Fig. 5(e)). Cube $p_7$ is reduced to $p_{71} = a'c'd'$ , which has no illegal intersections (Fig. 5(f)). The resulting set of dhf-implicants is: $${p_1, p_2, p_3, p_4, p_5, p_{61}, p_{621}, p_{71}}.$$ After deleting cubes contained in other cubes, the resulting set of dhf-prime implicants is: $${p_1, p_2, p_3, p_4, p_5, p_{61}}.$$ **Step 2. Generate DHF-Prime Implicant Table:** The dhf-prime implicant table for the example is shown in Table III. The columns correspond to the required cubes generated in Step 0; the rows correspond to the dhf-prime implicants generated in Step 1. **Step 3. Generate a Minimum Cover:** A minimum cover is generated for the dhf-prime implicant table. The essential dhf-prime implicants are: $p_1, p_4, p_5$ , and $p_{61}$ . Either $p_2$ or $p_3$ can be selected to cover the remaining uncovered required cube, a'bc'. The function therefore has two minimum hazard-free covers, each containing 5 products: $\{p_1, p_4, p_5, p_{61}, p_2\}$ and $\{p_1, p_4, p_5, p_{61}, p_3\}$ . The latter cover is shown in Fig. 6(a). This cover is irredundant but *non-prime*, since it contains dhf-prime implicant $p_{61}$ which is a proper subcube of prime implicant $p_{6}$ . Fig. 7. Boolean function with no hazard-free cover. (a) Karnaugh map with new input transition, t5. (b) To avoid hazards, req-cube-6 must be covered. (c) and (d) Every implicant which covers req-cube-6 has an illegal intersection. A minimal *non-hazard-free* cover is shown in Fig. 6(b). The cover contains fewer products than the hazard-free cover, but has a logic hazard: prime implicant $p_6$ illegally intersects priv-cube-1. As a result, $p_6$ causes a dynamic hazard in the corresponding input transition, t3. # VIII. EXISTENCE OF A SOLUTION For certain Boolean functions and sets of transitions, the hazard-free covering problem has no solution [35], [4]. In this case, the dhf-prime implicant table will include at least one required cube which is not covered by any dhf-prime implicant. *Example:* Consider the function used in the previous section, but augment its set $T = \{t_1, t_2, t_3, t_4\}$ of specified input transitions with a new transition: $$t_5$$ : $m_5 = abc'd$ $C_5 = abd$ . The input transitions are indicated in the Karnaugh map of Fig. 7(a). The req-set now has an additional required cube: req-cube-6 = abd. The off-set and priv-set are unchanged from the example of Section VII, and the function has the same dhf-prime implicants as well. Fig. 7(b)–(d) illustrates the covering problem. To insure no static hazard for transition t5, the required cube req-cube-6 must be contained in some product. However, every product which contains req-cube-6 also illegally intersects a privileged cube, priv-cube-1 or priv-cube-2. That is, any attempt to eliminate the static hazard in transition $t_5$ will produce a dynamic hazard in one of the transitions, $t_3$ or $t_4$ . Table IV shows the resulting dhf-prime implicant table. This table has no solution: no dhf-prime implicant contains required cube $\,abd.$ TABLE IV DHF-PRIME IMPLICANT TABLE HAVING NO SOLUTION | | required cubes | | | | | | |-------------------------|----------------|--------|-------|-----|-----|-----| | dhf-prime implicants | ac' | a'c'd' | a'bc' | a'c | bcd | abd | | $p_1 = c'd'$ | <u> </u> | X | | T | | | | $p_2 = a'b$ | | | X | | | | | $p_2 = a'b$ $p_3 = bc'$ | | | X | | | | | $p_4=ac'$ | Х | | | | | | | $p_5 = a'c$ | | | | X | | | | $p_{61} = bcd$ | | | | | X | | Fig. 8. Comparison with Frackowiak's method. (a) Karnaugh map with input transitions. (b) Cover using Frackowiak's Algorithm A (4 products). (c) Minimum hazard-free cover (5 products). (d) Cover using Frackowiak's Algorithm A' (6 products). (c) : # IX. COMPARISON WITH FRACKOWIAK'S WORK It is useful to compare our approach with the related work of Frackowiak [12]. Frackowiak presents two hazardfree minimization algorithms for two-level implementations allowing multiple-input changes. The algorithms assume that functions are fully-specified. Both algorithms eliminate dynamic hazards for a set of specified transitions. However, the first method (Algorithm A) ignores static hazards. The second method (unnamed, but here called Algorithm A') attempts to eliminate static hazards for every static transition, even if unspecified. Therefore results may be either hazardous (Algorithm A) or suboptimal (Algorithm A'). In more detail, Algorithm A first generates all dhf-prime implicants, then attempts to cover every ON-set *minterm* (not required cube) using a dhf-prime implicant. The algorithm finds a minimum cover which is hazard-free for a given set of dynamic transitions, if a solution exists. Since required cubes are not covered, no attempt is made to eliminate static hazards. Algorithm A' attempts to eliminate both dynamic and static hazards. The algorithm extends an earlier result by Eichelberger [11]. Eichelberger proved that, to eliminate all static logic hazards for a fully-specified function, a cover must Fig. 9. Hazard-free minimization of an incompletely-specified Boolean function. (a) Karnaugh map with input transitions. (b) Minimum hazard-free cover (4 products). include all prime implicants. In constrast, Frackowiak's goal is, first, to eliminate hazards for a given set of dynamic transitions and, second, to eliminate as many static hazards as possible. His solution is to include all dhf-prime implicants in the cover. Since only dhf-primes are used, every specified dynamic transition will be hazard-free (if a solution exists). Furthermore, by using all dhf-prime implicants, as many remaining static hazards as possible are eliminated. Algorithm A' and our algorithm are both guaranteed to find a hazard-free cover, if one exists. However, since Algorithm A' includes all dhf-prime implicants in the solution, the resulting cover may be far from minimal. In fact, judging from the non-hazard-free case [32], the number of primes for even small examples may be huge; in this case, Algorithm A' is not practical. In contrast, our algorithm finds a minimum-cost hazard-free solution. *Example:* The Karnaugh map of Fig. 8(a) describes a fully-specified Boolean function. The function has four specified input transitions. Each transition $t_i$ is described by its transition cube $C_i$ and start point $m_i$ : $$t_1$$ : $m_1 = a'bc'd'$ $C_1 = a'c'$ $t_2$ : $m_2 = a'b'cd'$ $C_2 = c$ $t_3$ : $m_3 = a'b'cd'$ $C_3 = a'd'$ $t_4$ : $m_4 = ab'c'd'$ $C_4 = ac'$ . A minimal cover using Frackowiak's Algorithm A has 4 products (see Fig. 8(b)). It is hazard-free for dynamic transitions $t_2$ and $t_4$ , but has a static logic hazard for transition $t_3$ . A minimum hazard-free cover, using our method, is shown in Fig. 8(c). The cover has 5 products and is hazard-free for every specified transition.<sup>2</sup> Finally, a minimal cover using Frackowiak's Algorithm A' is shown in Fig. 8(d). The cover is hazard-free for every specified transition but has 6 products; it is therefore suboptimal. A final distinction between our work and Frackowiak's, is that we allow incompletely-specified functions: Example: The Karnaugh map of Fig. 9(a) describes an incompletely-specified Boolean function. The function has six <sup>&</sup>lt;sup>2</sup> Interestingly, this solution is prime but redundant, since it contains prime implicant a'd'. In contrast, the solution for the previous example (Fig. 6(a)) was non-prime but irredundant. TABLE V RESULTS OF ALGORITHM PI-TO-DHF-PI | | | | | _ | | | |--------------|--------|------------|---------|------------|-----------|--| | } | | | | dhf- | | | | Ì | | prime | | prime | | | | - | | implicants | | implicants | | | | | | % | | | % | | | name | in/out | total | illegal | total | non-prime | | | dean-ctrl | 20/19 | 1676 | 4 | 997 | 7 | | | oscaci-ctrl | 14/5 | 192 | 3 | 140 | 2 | | | scsi-ctrl | 12/5 | 280 | 1 | 190 | 2 | | | pe-send-ifc | 7/3 | 22 | 5 | 20 | 5 | | | chu-ad-opt | 4/3 | 6 | 0 | 4 | 0 | | | vanbek-opt | 4/3 | 7 | 0 | 6 | 0 | | | dme | 5/3 | 9 | 0 | 6 | 0 | | | dme-opt | 5/3 | 7 | 0 | 6 | 0 | | | dme-fast | 5/3 | 10 | 0 | 7 | 0 | | | dme-fast-opt | 5/3 | 15 | 0 | 14 | 0 | | specified input transitions: $$\begin{array}{llll} t_1 \colon & m_1 = a'b'c'd & C_1 = a'c' \\ t_2 \colon & m_2 = a'b'c'd & C_2 = b'c'd \\ t_3 \colon & m_3 = a'b'cd & C_3 = a'c \\ t_4 \colon & m_4 = abcd' & C_4 = abd' \\ t_5 \colon & m_5 = abcd & C_5 = abc \\ t_6 \colon & m_6 = abcd' & C_6 = acd'. \end{array}$$ A minimum cover, using our method, is shown in Fig. 9(b). The cover has 4 products and is hazard-free for every specified input transition. #### X. PROGRAM IMPLEMENTATION We have implemented the logic minimization algorithms of Section VI. Our program is written in Lucid Common Lisp and is run on a DECStation 3100. However, it makes use of *espresso* [5], [33] to perform part of its computation: prime implicant generation. The advantage of this approach is that we can benefit from highly optimized existing tools. The program generates sets for a function (Step 0) and writes the ON-set and OFF-set into a file in PLA format. We then use espresso-Dprimes to generate all prime implicants. The resulting PLA file is read in by the program, which computes the sets of dhf-prime implicants (Step 1). The program then constructs a dhf-prime implicant table and solves it (Steps 2 and 3). The logic minimization program has been used as the the final component in an existing synthesis program for asynchronous controllers [25], [28]. It has recently been incorporated into two other asynchronous synthesis programs as well [38], [26]. These synthesis methods produce combinational functions which are guaranteed to have hazard-free two-level implementations. In particular, each method imposes constraints during state minimization to insure that a hazard-free solution will exist for the resulting Boolean functions (for a detailed discussion, see [25]). # XI. EXPERIMENTAL RESULTS Our hazard-free logic minimization program was run on a set of examples. The largest example is a cache controller having 20 inputs and 19 outputs (dean-ctrl) [27]. The program was also run on two SCSI controller designs (oscsi-ctrl and TABLE VI COMPARISON OF HAZARD-FREE LOGIC MINIMIZATION WITH espresso-exact | | | To | otal | | | |--------------|--------|---------|-----------|-------|---------| | | | Pro | ducts | | | | | | | | | Hazard- | | | | Hazard- | | % | free | | | | free | espresso- | Over- | Run- | | name | in/out | Method | exact | head | time(s) | | dean-ctrl | 20/19 | 215 | 202 | 6 | 83 | | oscsci-ctrl | 14/5 | 59 | 58 | 2 | 9 | | scsi-ctrl | 12/5 | 60 | 59 | 2 | 11 | | pe-send-ifc | 7/3 | 15 | 15 | 0 | 1 | | chu-ad-opt | 4/3 | 4 | 4 | 0 | 1 | | vanbek-opt | 4/3 | 6 | 6 | 0 | 1 | | dme | 5/3 | 4 | 4 | 0 | 1 | | dme-opt | 5/3 | 4 | 4 | 0 | 1 | | dme-fast | 5/3 | 5 | 5 | 0 | 1 | | dme-fast-opt | 5/3 | 8 | 8 | 0 | 1 | scsi-ctrl) [31]. The examples were generated from state machine specifications using the locally-clocked synthesis method [25]. Specifications were given in "burst-mode" [29], [25], a notation to describe asynchronous Mealy machines allowing multiple-input changes. Several examples have appeared previously in the literature using other concurrent description languages (STG's [10], [36], CSP [9]). Table V describes the results of Algorithm *PI-to-DHF-PI*. The algorithm transforms prime implicants into dhf-prime implicants. Prime implicants which contain only don't-care minterms are not included, since these implicants will never appear in an exact solution. *Illegal* prime implicants are those which are illegally intersect some privileged cube, and therefore are not dhf-prime implicants. In every case, no more than 5% of the original prime implicants are illegal and must be further reduced. After reduction, at most 7% of the dhf-prime implicants are not prime. It is also interesting that a number of prime implicants are discarded by the algorithm (see *dean-ctrl*). These implicants contain ON-set minterms but contain no required cubes. Since these implicants do not contribute to the hazard-free covering solution, they can be removed. Table VI presents the exact hazard-free solutions for the examples. It also gives an indication of the penalty associated with hazard elimination in our algorithms. In every case, the overhead for hazard-elimination is no more than a 6% increase in the number of products as compared with outputs synthesized using *espresso-exact* [33]. Runtimes were quite reasonable for all examples tested. Even for the cache controller example, with 20 inputs and 19 outputs, total runtime was 83 s. #### XII. CONCLUSIONS This paper considers the two-level hazard-free minimization problem for several reasons: the general problem has not previously been solved; minimal two-level solutions are important for optimal PLA implementations; and solutions serve as a good starting point for hazard-non-increasing multilevel logic transformations. In particular, multilevel transformations which introduce no hazards are discussed in [35]. This set of transformations has been significantly extended by Kung [14]. Finally, hazard-free technology mapping algorithms have been developed by Siegel *et al.* [34]. : The problem of implementing hazard-free two-level logic was described as a constrained covering problem on Karnaugh maps. We presented an automated algorithm for solving the two-level hazard-free logic minimization problem and showed its effectiveness on a set of examples. An important feature of the algorithm is that it involves only localized changes to existing algorithms. As a result, we can use existing algorithms for prime implicant generation (Step 1) and for table reduction and solution (Step 3). Our algorithm has implications for testability, since it may introduce redundant and non-prime implicants. As a result, the combinational circuits may have non-testable faults. However, recent methods have been proposed which insure complete testability of hazard-free logic, for both stuck-at and robust path delay faults, in the presence of both redundant [13], [30] and non-prime [30] implicants. Therefore, testability need not be adversely affected when synthesizing hazard-free logic. With the automation of these exact algorithms, the basic automated synthesis system of [28] is complete. The algorithms have been incorporated into two other synthesis systems as well [38], [26] and can be used in a number of other asynchronous synthesis methods. The algorithms have recently been applied to several substantial asynchronous designs, including a second-level cache controller [27] and state machines for an infrared communications chip [1]. #### ACKNOWLEDGMENT The authors would like to thank Prof. G. De Micheli for suggesting that we consider reducing prime implicants to dhfprime implicants. We thank R. Rudell for clarifications about espresso-exact and K. Yun for interesting discussions and examples. # REFERENCES - [1] B. Coates, A. Marshall, and P. Siegel, "The design of an asynchronous communications chip," Design and Test, June 1994, vol. 11, no. 2, pp. - [2] V. Akella and G. Gopalakrishnan, "SHILPA: A high-level synthesis system for self-timed circuits," in IEEE/ACM Int. Conf. Computer-Aided Design, Nov. 1992, pp. 587-591. [3] P. A. Beerel and T. Meng, "Automatic gate-level synthesis of speed- - independent circuits," in IEEE/ACM Int. Conf. Computer-Aided Design, Nov. 1992, pp. 581–586. J. Beister, "A unified approach to combinational hazards," *IEEE Trans.* - Comput., vol. C-23, no. 6, pp. 566-575, 1974. R. K. Brayton, G. D. Hachtel, C. T. McMullen, and A. L. Sangiovanni-Vincentelli, Logic Minimization Algorithms for VLSI Synthesis. Boston, MA: Kluwer, 1984. - [6] J. G. Bredeson, "Synthesis of multiple input-change hazard-free combinational switching circuits without feedback," Int. J. Electron., vol. 39, no. 6, pp. 615-624, 1975. - J. G. Bredeson and P. T. Hulina, "Elimination of static and dynamic hazards for multiple input changes in combinational switching circuits,' - Inform. Contr., vol. 20, pp. 114–224, 1972. E. Brunvand and R. F. Sproull, "Translating concurrent programs into delay-insensitive circuits," in IEEE Int. Conf. Computer-Aided Design, - Nov. 1989, pp. 262-265. [9] S. M. Burns, "Automated compilation of concurrent programs into selftimed circuits," M.S. thesis, Dep. Com. Sci., California Inst. of Technol., Pasedena, CA, 1987. (Also available as Tech. Rep. Caltech-CS-TR-88- - [10] T.-A. Chu, "Synthesis of self-timed VLSI circuits from graph-theoretic specifications," Ph.D. dissertation, Dep. Elect. Eng. and Com. Sci., Massachusetts Inst. Technol., Cambridge, 1987. (Also available as Tech. Rep. MIT-LCS-TR-393.) - [11] E. B. Eichelberger, "Hazard detection in combinational and sequential switching circuits," IBM J. Res. Develop., vol. 9, no. 2, pp. 90-99, 1965. - J. Frackowiak, "Methoden der analyse und synthese von hasardarmen schaltnetzen mit minimalen kosten I," Elektronische Informationsverarbeitung und Kyberneitik, vol. 10, no. 2/3, pp. 149-187, 1974. - [13] K. Keutzer, L. Lavagno, and A. Sangiovanni-Vincentelli, "Synthesis for testability techniques for asynchronous circuits," in IEEE Int. Conf. Computer-Aided Design, Nov. 1991, pp. 326-329. - [14] D. S. Kung, "Hazard-non-increasing gate-level optimization algorithms," in IEEE/ACM Int. Conf. Computer-Aided Design, Nov. 1992, pp. 631-634. - [15] L. Lavagno, K. Keutzer, and A. Sangiovanni-Vincentelli, "Algorithms for synthesis of hazard-free asynchronous circuits," in ACM/IEEE Design Automation Conf., June 1991, pp. 302-308. - [16] A. J. Martin, "Compiling communicating processes into delayinsensitive VLSI circuits," Distrib. Comput., vol. 1, pp. 226-234, 1986. - [17] H. J. Mathony, "A universal logic design algorithm and its application to the synthesis of two-level switching circuits," IEE Proc., vol. 136, no. 3, pp. 171-177, May 1989. - [18] E. J. McCluskey, Introduction to the Theory of Switching Circuits. New York: McGraw-Hill, 1965. - \_, Logic Design Principles: With Emphasis on Testable Semicustom Circuits. Englewood Cliffs, NJ: Prentice-Hall, 1986. - [20] P. C. McGeer and R. K. Brayton, "Hazard prevention in combinational circuits," in Hawaii Int. Conf. Syst. Sci., Jan. 1990, vol. I, pp. 111-120. - [21] R. B. McGliee, "Some aids to the detection of hazards in combinational switching circuits," IEEE Trans. Comput. (Short Notes), vol. C-18, pp. 561-565, June 1969. - [22] T. H.-Y. Meng, R. W. Brodersen, and D. G. Messerschmitt, "Automatic synthesis of asynchronous circuits from high-level specifications," IEEE Trans. Computer-Aided Design, vol. 8, no. 11, pp. 1185-1205, Nov. - [23] C. W. Moon, P. R. Stephan, and R. K. Brayton, "Synthesis of hazardfree asynchronous circuits from graphical specifications," in IEEE Int. Conf. Computer-Aided Design, Nov. 1991, pp. 322-325. - C. Myers and T. Meng, "Synthesis of timed asynchronous circuits," in IEEE Int. Conf. Computer Design, Oct. 1992, pp. 279-284. - [25] S. M. Nowick, "Automatic synthesis of burst-mode asynchronous controllers," Ph.D. dissertation, Dep. Com. Sci., Stanford Univ., Stanford, - [26] S. M. Nowick and B. Coates, "UCLOCK: Automatic design of highperformance unclocked state machines," in IEEE Int. Conf. Comput. Design, Oct. 1994, pp. 434-441. - [27] S. M. Nowick, M. E. Dean, D. L. Dill, and M. Horowitz, "The design of a high-performance cache controller: A case study in asynchronous synthesis," INTEGRATION, the VLSI Journal, vol. 15, no. 3, pp. 241-262, Oct. 1993. - [28] S. M. Nowick and D. L. Dill, "Automatic synthesis of locally-clocked asynchronous state machines," in IEEE Int. Conf. Computer-Aided Design, Nov. 1991, pp. 318-321. - "Synthesis of asynchronous state machines using a local clock," in IEEE Int. Conf. Computer Design, Oct. 1991, pp. 192-197. - [30] S. M. Nowick, N. K. Jha, and F.-C. Cheng, "Synthesis of asynchronous circuits for stuck-at and robust path delay fault testability," in Eighth - Int. Conf. VLSI Design, Jan. 1995, pp. 171-176. [31] S. M. Nowick, K. Y. Yun, and D. L. Dill, "Practical asynchronous controller design," in IEEE Int. Conf. Computer Design, Oct. 1992, pp. - [32] R. Rudell, "Logic synthesis for VLSI design," Ph.D. dissertation, Dep. Elect. Eng. and Com. Sci., Univ. of California, Berkeley, 1989. (Also - available as Tech. Rep. UCB/ERL M89/49.) R. Rudell and A. Sangiovanni-Vincentelli, "Multiple-valued minimization for PLA optimization," IEEE Trans. Computer-Aided Design, vol. - 6, no. 5, pp. 727-750, Sept. 1987. [34] P. Siegel, G. De Micheli, and D. Dill, "Technology mapping for generalized fundamental-mode asynchronous designs," in ACM/IEEE Design Automation Conf., June 1993, pp. 61-67. - [35] S. H. Unger, Asynchronous Sequential Switching Circuits. New York: - Wiley-Interscience, 1969. P. Vanbekbergen, F. Catthoor, G. Goossens, and H. De Man, "Optimized synthesis of asynchronous control circuits from graph-theoretic specifications," in IEEE Int. Conf. Computer-Aided Design, Nov. 1990, p. 184-187. - [37] M. L. Yu and P. A. Subrahmanyam, "A path-oriented approach for reducing hazards in asynchronous design," in IEEE/ACM Design Au- - tomation Conf., June 1992, pp. 239–244. K. Y. Yun, D. L. Dill, and S. M. Nowick, "Synthesis of 3D asynchronous state machines," in IEEE Int. Conf. Computer Design, Oct. 1992, pp. Steven M. Nowick received the B.A. degree from Yale University, New Haven, CT, in 1976 and the Ph.D. degree in computer science from Stanford University, Stanford, CA, in 1993. His Ph.D. dissertation describes an automated synthesis method for locally-clocked asynchronous state machines. He is currently with Columbia University, New York, NY, as an Assistant Professor of Computer Science. His research interests include computer-aided design, asynchronous circuits, logic synthesis, and formal verification of finite-state concurrent systems. Dr. Nowick received an NSF Research Initiation Award (1993), an Alfred P. Sloan Research Fellowship (1995), and an NSF Faculty Early Career (CAREER) Award (1995). He was a recipient of a Best Paper Award at the 1991 International Conference on Computer Design (ICCD). He was Co-Chair of the Technical Program Committee for the 1994 International Symposium on Advanced Research in Asynchronous Circuits and Systems (Async94). He is on the program committee for ICCD and is Guest Co-Editor of an upcoming issue of the journal Formal Methods in System Design. David L. Dill (M'90) received the S.B. in computer science and engineering from the Massachusetts Institute of Technology, Cambridge, in 1979 and the Ph.D. degree in computer science from Carnegie Mellon University, Pittsburgh, PA, in 1987. His Ph.D. dissertation, on automatic verification of speed-independent circuits, has been published by the M.I.T. Press as an ACM Distinguished Dissertation. He is currently with Stanford University, Stanford, CA, as an Associate Professor of Computer Science. He is a member of the Computer Systems Laboratory at Stanford. His research interests include formal verification of finite-state systems (including digital control circuits, protocols, and hard real-time systems) and the design and automatic synthesis of asynchronous circuits. Dr. Dill received a Presidential Young Investigator award from the National Science Foundation in 1988 and was named a Young Investigator by the Office of Naval Research in 1991.