Automatic IP (Intellectual Property) matching is a key to reuse of IP cores. This paper presents a new tabled logic programming-based IP matching algorithm that can check whether a given programmable IP can be adapted to match a given specification. When such adaptation is possible, the algorithm also generates a device driver (an interface) to adapt the IP. Though simulation, refinement and bisimulation based algorithms exist, they cannot be used to check the adaptability of an IP, which is the essence of reuse. The IP matching algorithm is based on a formal verification technique called forced simulation. A forced simulation based matching algorithm is implemented using a tabled logic programming environment, which provides distinct advantages for encoding such an algorithm. The tool has been used to match several specifications to programmable IPs, achieving on an average 12 times speedup and 64 % reduction in code size in comparison to previously published algorithms.
Introduction

Motivation
Design reuse has been the focus of recent research [8, 12] mainly driven by the increasing complexities of modern systems. Other major factors influencing this revolution are immense competition from vendors and consequently less time to market, the need for more open (generic) solutions of the Internet era, and most importantly the need for developing solutions that can be easily verified, often referred to as design for verifiability [3] . The advantages of design reuse are improved productivity, better performance and, more significantly, better quality products.
In a recent survey on digital design reuse [8] several key factors for successful reuse of Intellectual Property (IP) cores have been identified. These include, among others, the need for synthesis techniques to support the reuse of predesigned IP blocks. The authors also identify a need for enabling reuse of a set of prevalidated IPs from a library. These features are not appropriately addressed in current synthesis tools.
To automatically reuse IPs during synthesis, a subset of IPs is normally indexed from a database.
Subsequent to indexing, matching is essential to identify the exact IP (a device ¤ ) that is functionally equivalent to the design function ( ). Martin et al. [2001] have proposed a fuzzy logic based scoring and aggregation technique for indexing IPs from a distributed database that may possibly match a given . After indexing, precise functionality matching is not proposed as part of this work and the authors suggest simulation as a means for precise IP matching.
Simulation can be a tedious and time consuming activity. In addition, exhaustive simulation may not guarantee that the selected IP is the desired one. This problem is even more severe with programmable or parameterisable IPs which may not exactly match but can be programmed via a device driver (an interface) to match . This paper proposes an algorithmic technique suitable for fast logic programming-based implementation, for automatically deciding whether a given ¤ matches . The algorithm, when successful, automatically generates an interface that can adapt ¤ to match
. The basis of this algorithm is a formal verification technique called forced simulation [16] and hence is guaranteed to produce correct matches. This paper recasts forced simulation into the logic 4 programming framework for the following reasons:
1. Ease of implementation: the resulting code is extremely compact and readable. In contrast to about 1200 lines of Java code spanning 5 classes to compute forced simulation using partitionrefinement based approach [16] , logic programming based encoding could be done in just 82
lines within the XSB tabled logic programming framework [17] .
2. Efficiency: the complexity of the logic programming based algorithm is less by a factor of
¢ ¡ £
, the size of the function specification. As a result the proposed approach achieves an average speed up of about 12 compared to the earlier implementation.
3. Interface generation as a side effect: XSB justifier was used to obtain an interface without a second pass over the constructed forced simulation relation.
4. Reasons for Failure: When the matching fails, the justifier can be used to discover the reasons for failure. Justification takes no more time than the original query evaluation. This additional feature is expensive to build into other implementations.
Related Work
The task of IP matching is similar to simulation/refinement based verification in the sense that both need to establish whether a given IP (an implementation) meets all requirements of a specification.
Several simulation/refinement techniques [1, 9] have been proposed in literature. During IP matching, however, a generic implementation often needs to be matched to a given specification. This is the essence of reuse. None of the existing simulation techniques can be used to adapt a generic implementation for a given specification. Forced simulation overcomes these limitations and has been reported in [16] .
Forced simulation is a bisimulation variant and hence standard partition-refinement based bisimulation algorithms [4] may be modified for computing forced simulation [16] . This paper demonstrates the advantages of a tabled logic programming system such as XSB to implement a formal IP matching tool. XSB has already been used for building efficient model checkers and bisimulation checkers [14] . Features of XSB such as tabling and constraint propagation can be exploited to build an efficient matching tool, with the additional facility of explaining failed matches whenever they occur.
This paper is organised as follows: section 2 presents the formal framework for IP matching using forced simulation. The model and most definitions are identical to those presented in [16] and are reproduced for completeness. In addition, Definition 5, which recasts forced simulation to better fit the logic programming framework, is new but equivalent to the definition in [16] . Section 3 shows how the matching algorithm can be encoded in the XSB logic programming environment. This section also shows how the XSB justifier is used to automatically generate the interface after successful matching and also to explain failed matches. Section 4 presents some results of using the matching tool-kit developed in XSB and compares this to a conventional partition-refinement based implementation in Java. Section 5 presents a design flow to illustrate where an IP matching tool fits and section 6 is devoted to concluding remarks.
Forced Simulation: Formal Framework for Matching
This section presents the formal framework of forced simulation as the basis of the matching algorithm. Because of the advantages of encoding the rules for computing the forced simulation relation as a logic program, the rules are redefined in an equivalent form to facilitate such an encoding. Hence, the theory of forced simulation as presented here is equivalent though different from [16] .
At the outset, an example of a programmable port (Intel 8255) is presented to illustrate the idea.
This illustrates how this IP may be programmed to be used as a port for a lathe controller.
Reusing a general purpose port, Intel 8255
Intel 8255 [7] is a general purpose 8-bit parallel port. It can be used to interface I/O devices to a CPU.
It has three 8-bit ports called PORT-A, PORT-B, and PORT-C, of which PORT-A and PORT-B are I/O ports, whereas PORT-C can be used as both an I/O port and control lines, depending on the mode of operation.
Intel 8255 may be programmed to be in one of the following modes ( Figure 1 shows the abstract behaviour of the three modes and Figure 2 is the detailed behaviour in mode 2, which is the mode of interest to this example):
1. mode 0 (basic input-output mode): CPU may read contents of a port or write some data to it.
2. mode 1 (strobed input-output mode): This is mainly for reading or writing from a port using handshake protocol.
3. mode 2 (bidirectional bus): This mode is like mode 1 except that it can be used for bidirectional data transfer, while mode 1 is unidirectional.
Consider the specification of a lathe controller, where Figure 3 provides an abstract description of a typical port used in such a controller. The function of this port is to read instructions written in a tape reader and then transfer these to the CPU in a handshaking fashion. The CPU interprets these instructions and writes appropriate lathe instructions to the port, which are read by the lathe to perform the appropriate lathe action. Figure 3 gives the abstract description of each transition of the handshaking sequence as comments. The interface must perform such forcing and matching steps until the desired behaviour is realised.
Such an interface is shown in Figure 4 .
This example raises the following additional questions:
1. Given arbitrary pairs of and ¤ , how to decide whether an interface exists or not? To address these issues, a formalisation of the above problem is provided in the next section. 
Formalisation
In the previous section, the reuse of Intel 8255 was illustrated via an interface process that adapts the IP for reuse. Hence, given a pair ( , ¤ ), the main idea is to build an interface such that the composition of and ¤ exhibits the same behaviour as . First , ¤ and are formalised by modelling them as labelled transition systems [11] which are standard models of reactive processes. In this paper, it is assumed that all processes are deterministic. Let LTSs
Definition 1 A process is described by a labelled transition system (LTS) which is a tuple of the form
stand for the function and device processes respectively. 
Definition 2 An interface process, , is a process whose set of events is
The IP Matching Problem
Before the IP matching problem can be defined, the interaction between and ¤ must be clarified. 
operator is defined as follows:
is defined to be a process described by the LTS 
is defined by the following rules:
makes an unobservable move, when forces a transition in
makes an observable move, with both ¤ and simultaneously responding to the same external signal.
operator is quite different from synchronous parallel ( 8 8 ) operator of CCS [11] . The IP matching problem is now formalised as follows:
where W is Milner's weak bisimulation [11] .
In the following section, a relation between the states of and ¤ , called forced simulation, is defined. It is then established that the existence of such a forced simulation relation is a necessary and sufficient condition for successful IP matching.
Condition for Matching: Forced Simulation
For an IP ¤ to match a specification , an appropriate must be constructed such that
To achieve this, a new simulation relation, called forced simulation between the states of and Consider the example of (in Figure 3) and Figure 2 ) from section 2. ).
Forced simulation, as originally proposed [16] , required a forcing sequence 
Results
The following two theorems state that forced simulation is a necessary and sufficient condition for IP matching (where and ¤ are represented as LTSs).
Theorem 1 Given
¦ £ £ ¢& ¥ ¤ ¤ there exists such that W $ ¡ £ ¡ ¥ ¤ ' .
Theorem 2 If there exists a well-formed and deterministic interface such that
The proof of both these theorems are constructive and appear in [16] . Theorem 1 and 2 form the formal basis (necessary and sufficient condition) for IP matching. As is obvious, a key to IP matching is the identification of an appropriate interface to adapt the IP. This is achieved by identifying a forced simulation relation first, and then constructing an interface from it. The next section demonstrates how and why logic programming is employed for these tasks.
Logic Programming Based IP Matching
Forced simulation is an extension of a standard verification technique called bisimulation [11] . Normally, bisimulation algorithms are implemented using bottom-up partition refinement [4] . A similar bottom-up algorithm for forced simulation has been already developed in [16] . This algorithm starts by constructing a global relation which is initialised to 
¡£
. XSB based encoding is very small, simple and hence readable. This is because, unlike bottom-up implementations which require code to be written for creation, manipulation and traversal of graph data structures, XSB uses a set of logical facts to represent the graphs corresponding to and ¤ , and forced simulation is encoded as a set of rules. Additionally, the XSB justifier can be used to generate the interface, and to generate evidence for the matching, taking no more time than the original query evaluation.
Encoding of forced simulation in XSB
Rather than encoding the forced simulation relation directly, it is more convenient to encode the dual of forced simulation as a tabled logic program within XSB. This is because XSB is a least fixed point engine whereas forced simulation computation is based on a greatest fixed point (the greatest forced simulation relation between and ¤ is computed when it exists).
The rules for a pair of states to be not-forced-similar are directly encoded as XSB clauses. Input trans(f(1), 'IBF=1', f(2)).
trans(f(2), 'INTR=1', f(3)).
trans(f(3), 'RD=0', f(4)).
trans(f(4), 'DB=[PORT-A]', f(5)). trans(f(5), 'INTR=0', f(6)).
trans(f(6), 'WR=0', f(7)).
trans(f(7), 'PORT-A=[DB]', f(8)).
trans(f(8), 'WR=1', f(9)).
trans(f(9), 'OBF=0', f(10)).
trans(f(10), 'ACK=0', f(11)).
trans(f(11), 'OBF=1', f(12)).
trans(f(12), 'INTR=1', f(0)).
In the above, trans encodes a given transition where the first and the last parameters indicate the source and destination states and the second parameter indicates the input that triggers this transition. In the above, nfsim/2, a tabled predicate, denotes the dual relation , and nfsim e/2 the relation 
Query and Its Justification
Query The XSB system provides an efficient justifier [5] for giving evidence, in terms of proof, for the truth value of the result generated by query evaluation of a tabled logic program. For example, if a query is evaluated to true, the justifier will present the details of a successful computation path, suppressing any unsuccessful paths traversed. Similarly, when a query is evaluated to false, it will show the false literal, leading to falsehood of the query, in each of its computation paths.
Justification succinctly conveys to the user only those parts of the proof search which are relevant to the proof/disproof of the goal. The naturalness of using a tabled LP system for justification is that the answer memo tables created represent the lemmas that were tried and possibly proved during query evaluation. By using these lemmas stored in the tables, the justifier presents only relevant parts of the derivation to the user.
The justification result is in the form of a tree structure [5] , constructed based on a collection of partial structures. The partial structures, e.g., as shown in Figure 6 , show the proof dependencies, which are actually determined by the coding rules defined in section 3.1. Figure 6 (a) and (b) correspond to the coding of all nfsim e/2 and nfsim/2 respectively, where findall/3 and trans/3 are defined as the fact nodes in the structure since the evidence for those predicates are not interesting. Each node is associated with a truth value to indicate whether it is satisfiable or not. In Figure 6 (b), nfsim(F,D) is true, which means that there is no forced simulation relation between and ¤ , and its children in the tree explain why this is so. An interface process, as in Figure 4 , can be described by a collection of matching actions and forcing actions. The rewriting rules are thus defined from certain justification structures to actions.
Justification of
TRUE
They determine the meaning of a justification tree by determining the meanings of its substructures and combining them into a complete interface process.
Two types of moves, matching action and forced action, must be explicitly shown in a generated interface process. Matching actions can be defined as follows: All those actions and states can be generated by locating the corresponding evidence patterns from the justification tree.
Complexity
The complexity of the XSB implementation is¨$ This is¨$
¢ ¡ £'
times faster than the previously published implementation of forced simulation.
Experiments with the Matching Tool
Several examples were developed to test the IP matching algorithm. Certain general purpose programmable devices such as Intel 8254 and Intel 8255 were selected to demonstrate IP matching.
These devices are normally reused by human designers by writing device drivers which supply appropriate mode and command words to select the desired mode. Automatic reuse of such programmable chips entails automation of tasks previously performed by expert human designers.
A number of reactive controllers including vending machines, coffee brewers and automobile cruise controllers were also selected to illustrate the reusability of such controllers. All the examples were encoded using labelled transition system specifications as and ¤ pairs. They were then tested using the XSB based matching tool as well as a published Java based implementation based on partition-refinement [16] .
The XSB based implementation has a total of 82 lines of XSB Prolog code for forced simulation computation. In contrast, the Java implementation had a total of about 1200 lines of Java code for forced simulation computation (excluding the code required for interface generation) using the bottom-up partition-refinement based approach [16] . Since XSB is Prolog based, no extra code needed to be written for setting up the graph data structure and for traversal (which is required in Java). This led to considerable time saving in building the tool.
The performance comparison of the XSB implementation and the Java implementation is summarised in Table 1 . Both the implementations were tested on a Pentium III 800 MHz workstation. On the average, the XSB implementation was 12 times faster than the Java implementation. In addition to the speedup, the generated code was very compact and extremely readable since it is devoid of all graph traversal and computation intensive routines present in the Java code, as these are automatically performed by the logic programming engine. Finally, interface generation was achieved as a side effect through a built-in justifier in XSB, where justification takes no more time than the original query evaluation. 
A Framework For IP Matching
A framework for matching IPs represented in a hardware description language (HDL) such as VHDL [6] or Verilog [18] is depicted in Figure 8 .
The steps to be followed are:
1. The user provides a description of a new specification using an HDL. An FSM model is then extracted automatically using standard tools. This FSM model is subsequently converted to an Using keywords in the specification, the design database may be indexed to produce a subset of programs which may match the new specification. These steps have been applied successfully to reuse an opensource IP from [13] . Since the proposed approach is designed for control-dominated IPs, the VHDL description of HDLC controller was obtained from [13] . HDLC is a communications controller mainly used in the datalink layer of the TCP/IP stack. The VHDL model was subsequently mapped to an FSM model ( ¤ ) automatically using the Active-HDL tools from Aldec [2] . We could then easily reuse the transmitter part of the HDLC controller to develop a general frame transmitter. During this reuse, some handshaking signals used by the HDLC transmitter for handshaking with the backend were automatically forced (since they were missing in the specification).
Conclusion
This paper presents a new logic programming based formulation of a formal verification technique called forced simulation, which is the basis for matching a design function to a IP ¤ . Whenever a forced simulation relation exists between a pair ¡ ¤ , an interface can be constructed to adapt ¤ to match . Forced simulation forms the formal basis for automatic IP matching, which is a key task in automated IP reuse and integration. The proposed algorithm being a formal verification based technique for IP matching provides an alternative to exhaustive simulation based matching as suggested in [10] . If the IP library consists of pre-validated components then the proposed approach leads to a considerable saving of verification effort.
An IP matching tool was built using the XSB system and the tool was tested by reusing several
IPs from the domain of embedded systems. To achieve this, forced simulation has been reformulated for efficient encoding in logic programming systems such as XSB. The XSB tool performs better than conventional implementation of forced simulation [16] in terms of code size (XSB implementation was 64 % smaller, measured as LoC) and efficiency (complexity reduction by a factor of size of and about 12 times average speedup).
Though the proposed approach is a novel technique for IP matching at the functional level, it has 24 several limitations. Firstly, it is entirely non real-time being LTS based and has no mechanism for matching real-time constraints. Secondly, while it is well suited to matching control units, data path
matching is yet to be solved. Finally, it would be advantageous to integrate the matching tool with existing IP reuse environments such as JAVA CAD.
