**4. Synthesis of rule-based logical model**

Combining FPGA [18] as a target hardware platform with hardware description language VHDL ensures high reliability, speed and safety. Additionally, it is possible to modify anytime the already running system, what has a practical sense. Direct implementation of concurrent logic controllers in FPGA is similar to rule-based realization based on classical sequence diagrams. Transition firings are synchronized with clock rising edge.

Control Interpreted Petri Net, which is the core for logical model, is a safe net. Places can be then implemented using simple flip-flops, as their marking is expressed by a binary value. Flip-flops amount (for places) using one-hot encoding is equal to the amount of places (and so to the amount of local states).

Logical model can be easy synthesized as reconfigurable logic controller. Logical model, derived from Control Interpreted Petri Net, is transformed into VHDL language according to some strictly defined rules [13]:


Model in VHDL is oriented on places and transitions. It can be simulated and synthesized. Synthesis is performed in form of rapid prototyping [5], what in modern methodology for digital circuits design allows for frequent verification (simulation, analysis) of developed system. Its main goal is to check, whether designed system works at all, but the circuit might be not optimized. Circuit optimization and minimization of resources usage are here out of scope, however they may be important in some fields [9, 18].

Logical model into VHDL model translation is done automatically using implemented software application. Generated VHDL file for considered drink production process is fully synthesizable.

Model for synthesis starts with input and output signals definition. Petri net places are defined as internal signals. By clock rising edge and active reset signal, some initial values are assigned to places, which correspond to initial marking of a Control Interpreted Petri Net. Additionally, by each clock rising edge places hold their heretofore marking.

For places the one-hot encoding was used (called also *isomorphic places encoding*), which is the most accurate (and the simplest) representation of logical model, however it can cause bigger resources usage. For each place one flip-flop is generated, which label corresponds to particular place etiquette. Flip-flop sets the *1* value, if a place contains token, otherwise it holds the *0* value. Additionally, one-hot encoding is recommended by implementation in FPGA circuits, and even seen as the most effective method for states encoding [23], i.e. in FPGA circuits of Xilinx [21], especially for small automata. It is also possible to extend the work to any other encoding.

Places marking can change after transitions firing. Conditions connected with transitions correspond to values of input signals and active marking of particular places. If a condition is satisfied, Petri net transition is realized, and thereby its input and output places change their marking (Figure 14).

```
if p1 = '1' and x1 = '1' and x4 = '0' then 
 p1 <= '0'; 
 p2 <= '1'; 
 p3 <= '1'; 
 p4 <= '1'; 
end if;
```
**Figure 14.** The *t1* transition firing in VHDL model

188 Petri Nets – Manufacturing and Computer Science

FPGA for a reconfigurable logic controller.

so to the amount of local states).

to some strictly defined rules [13]:

edge and active reset signal,

a. Each place is an internal signal of *std*\_*logic* type, b. Each input signal is an input port of *std*\_*logic* type, c. Each output signal is an output port of *std*\_*logic* type,

marking of its input and output places,

active by active marking of corresponding places.

**4. Synthesis of rule-based logical model** 

By introducing a subtle modification into Control Interpreted Petri Net, which regards initial marking removing from place *p14* (initial marking involves then only the *p1* place), the corresponding part of logical model and NuSMV model description is also changed. However, such a subtle change dramatically changes net behavior, and thereby designed logic controller behavior. Model checking of the same properties shows now another results. User receives multiple generated counterexamples indicating unsatisfied requirements. Places *p1* to *p12* are reachable, but it is not possible to reach active marking of further places. Next to last requirement is also not satisfied (*CTLSPEC AG (x13 -> AF !y12)*). Summarizing the report – an error occurs starting from transitions *t7* and t*13*, what confirms the fact, that it is indeed correlated with

When model checking process does not indicate any errors, it is then possible and advisable to focus on synthesizable code. Basing on logical model, model in hardware description language VHDL is built. The model is fully synthesizable and may be then implemented in

Combining FPGA [18] as a target hardware platform with hardware description language VHDL ensures high reliability, speed and safety. Additionally, it is possible to modify anytime the already running system, what has a practical sense. Direct implementation of concurrent logic controllers in FPGA is similar to rule-based realization based on classical

Control Interpreted Petri Net, which is the core for logical model, is a safe net. Places can be then implemented using simple flip-flops, as their marking is expressed by a binary value. Flip-flops amount (for places) using one-hot encoding is equal to the amount of places (and

Logical model can be easy synthesized as reconfigurable logic controller. Logical model, derived from Control Interpreted Petri Net, is transformed into VHDL language according

d. Each defined internal signal (Petri net place) takes an initial value, set by clock rising

e. Each place changes its marking according to defined rules; fired transition changes

g. Each output signal changes its value according to active places; output signals are

Model in VHDL is oriented on places and transitions. It can be simulated and synthesized. Synthesis is performed in form of rapid prototyping [5], what in modern methodology for

f. Input signals are not considered, as they are inputs to the logic controller,

additional initial marking (and actually the lack of it) of Control Interpreted Petri Net.

sequence diagrams. Transition firings are synchronized with clock rising edge.

Output signals are active by active marking of appropriate places, what is denoted as shown in Figure 15.

```
y1 <= p5; 
y2 <= p6; 
y3 <= p4; 
...
```
**Figure 15.** Outputs assignment in VHDL model

Input signals value changes come from outside and are not modified inside VHDL model file. Their values are just read out by conditions related to transition firings.

Control Interpreted Petri Nets – Model Checking and Synthesis 191

Proposed novel approach to verification of reconfigurable logic controller programs and specification by means of Control Interpreted Petri Nets allows to detect even subtle errors on an early stage of system development. Rule-based representation of Control Interpreted Petri Nets in temporal logic is presented at RTL-level and is easy to formally verify using

Results of the work include the assurance that verified behavioural specification in temporal logic will be an abstract program of matrix reconfigurable logic controller. Hence, logic controller program (its implementation) will be valid according to its primary specification. This may shorten the duration time of logic controllers development process (as early discovered errors are faster corrected) and, consequently, save money (as project budgets

Furthermore, formal verification can improve the quality of final products, making them work more reliable. And even if a logic controller, already delivered to customer, will not work properly (it can always happen that some subtle error was overseen or that the specification was incomplete), it is possible to find error source using available techniques (verification, simulation, etc.). Then, some part of corrected system (or the whole system) may be one more

Future research directions include i.e. (but are not limited to) model checking of other forms of logic controllers specification and mechanisms for behavioural properties specification.

The author is a scholar within Sub-measure 8.2.2 Regional Innovation Strategies, Measure 8.2 Transfer of knowledge, Priority VIII Regional human resources for the economy Human Capital Operational Programme co-financed by European Social Fund and state budget.

[1] Adamski, M & Monteiro, J. L., From Interpreted Petri net specification to Reprogrammable Logic Controller Design, In: *Proceedings of the IEEE International* 

*Symposium on Industrial Electronics*, 2000, Vol. 1, pp. 13 – 19.

time formally verified using extended requirements list and modified logical model.

model checking technique and to synthesize using hardware description languages.

**5. Summary and conclusions** 

will not be exceeded).

**Author details** 

*University of Zielona Góra, Poland* 

**6. Acknowledgement** 

Iwona Grobelna

**7. References** 

VHDL file can also be simulated i.e. in *Active-HDL* environment [4]. Simulation confirms the proper functionality of designed logic controller (simulation results are presented in Figure 16).

It is then possible to perform logic synthesis and implementation, i.e. in *Xilinx PlanAhead* environment, in version *13.1* [21]. Sample resources usage for the *xa6slx4csg225-2* circuit from *Spartan6* family of *XILINX* [22] is listed in Table 3.


**Table 3.** Resources usage

**Figure 16.** Simulation results in *Active-HDL* 

It is also possible to transform logical model into synthesizable code in Verilog language [9, 17], this aspect is however not discussed further in this chapter.
