hopCP: A concurrent hardware description language by Gopalakrishnan, Ganesh & Akella, Venkatesh





Department of Computer Science 
University of Utah 
Salt Lake City, UT 84112, USA
Ganesh Gopalakrishan 
Department o f Computer Science 
University of Utah 
Salt Lake City, UT 84112, USA
November 25, 1991
A b s tr a c t
hopCP is a language for the specification, simulation, and synthesis o f hardware systems. hopCP captures 
the behavior o f a hardware system by specifying the causal relationships between actions that the system  
can perform. No specific tim ing discipline is implied by a hopCP specification. Hence, hopCP specifica­
tions can be implemented as synchronous, asynchronous, or mixed synchronous and synchronous circuits. 
Salient features o f hopCP include nonatomic actions, synchronous and asynchronous styles o f  value com­
munication, broadcast channels, a purely functional sublanguage to express the computational aspects o f  
hardware behavior, and an efficient tool (called parComp) to infer the composite behavior o f a collection o f  
hopCP modules. Operational Semantics o f hopCP in terms o f labeled transition system s is presented. A  
few examples are described to illustrate the expressive power o f  hopCP. A  sum m ary o f the implementation  
is also presented.
Formal Aspects o f  VLSI Research Group 
University o f Utah, Department o f Computer Science
hopCP: A Concurrent Hardware D escrip tion  Language
VENKATESH AKELLA* (akella@cs.utah.edu)
GANESH GOPALAKRISHNANt (ganesh@bliss.utah.edu)
D ep t,  o f  C o m p u te r  S c ience  
U n iv ers i ty  o f  Utah
S alt  Lake C ity ,  Utah 84 1 1 2  ,
A b s tr a c t . h o p C P  is a language f o r  the specification, s im u la tio n ,  an d  sy n th es is  o f  h ardw are  s y s te m s .  h o p C P  
captures the behavior o f  a hardw are  s y s te m  by specify ing  the causal re la t io n sh ips  between  actions that the 
s y s te m  can p e r fo rm . N o specific t im in g  d isc ip l ine  is im p lied  by a h o p C P  specification. Hence, h o p C P  specifi­
ca tion s  can be im p le m e n te d  as synchronous, asynchronous, o r  mixed syn ch ro n ou s  a n d  asynch ron o u s  circuits .  
S a lien t  f e a tu re s  o f  h o p C P  include n o n a to m ic  ac tions ,  syn ch ro n ou s  and asyn ch ron o u s  s ty le s  o f  value co m ­
m u n ica tion ,  broadcast channels , a pu re ly  fu n c t io n a l  sublanguage to  express  the c o m p u ta t io n a l  aspects  o f  
h ardw are  behavior, an d  an eff ic ien t too l  (ca l led  parComp^ to  in fer  the com p o s ite  behav ior  o f  a collec tion  o f  
h o p C P  m odules .  O pe ra t io n a l  S e m a n t ic s  o f  h o p C P  in t e r m s  o f  labeled t r a n s i t io n  s y s t e m s  is  presen ted .  A  fe w  
exam p les  are descr ibed  to  i l lu s tra te  the express ive  p o w e r  o f  h o p C P . A  s u m m a r y  o f  the  im p le m e n ta t io n  is  also  
presen ted .
‘ Supported in part by a University of Utah Graduate Research Fellowship 
tSupported in part by NSF Award MIP-8902558
2 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
1 Introduction
W ith the ability to integrate many thousands of transistors on a single VLSI chip, the 
task of producing error-free and high-performance circuits is an increasingly challenging 
one. Today, entire VLSI chips are seldom specified in terms of circuit diagrams or truth 
tables: they are specified using Hardware description languages (HDLs). HDL descriptions 
are increasingly being used to document the intended behavior of the system , capture design 
refinements, support formal verification, and are the main input for provably correct high- 
level synthesis algorithms.
No consensus has been reached on the constructs that an HDL should include. This is 
despite ongoing standardization efforts [VHD85, SST90]. There are also notable omissions in 
the HDLs in use today. These include lack of a well specified and simple semantic definition 
for the HDL, inadequate notations for specifying concurrency, and inadequate support for 
system design issues. We now elaborate on these points, and present our HDL hopCP that 
is designed to rectify some of these omissions.
Most VLSI circuits are implemented as synchronously clocked sequential circuits. In fact, 
synchronous design is so widespread that many HDLs as well as high-level synthesis algo­
rithms based on these HDLs heavily rely on the synchronously clocking assumption.
It is widely recognized that it is not very practical to design system s beyond a certain 
size as synchronous systems. The problem of reliable (skew free) clock distribution is the 
most widely cited reason for not building large synchronous system s. There are, however, 
many more reasons. Most large digital systems behave less like slaves that help implement 
operations such as add or factorial; they behave more like concurrent processes that syn­
chronize, communicate, and coordinate their computations with similar units, to achieve a 
common computational goal. Therefore, whether a system  is built using synchronous circuits 
or asynchronous circuits, from the point of view of conceptual modeling it is often important 
to be able to specify the system  as a collection of concurrent processes. Doing so allows 
design requirements to be clearly specified, and ad hoc design decisions to be avoided early 
in the design. After all, the decision to synchronously clock is only an implementation deci­
sion , whereby synchronization between concurrent processes is implicitly  achieved (i.e., not 
explicitly, using hand-shaking signals.)
Virtually all the popular HDLs available today either omit concurrent process modeling 
primitives altogether, or provide only very low level primitives. W ithout the support of 
high-level concurrency primitives, specifying concurrent behavior can be a nightmare. This 
is clearly evident from the experience of researchers in Operating Systems in the 60’s and 
early 70’s, who faced difficulties such as the ease of introducing deadlocks, the difficulty of
HOPCP: LANGUAGE AND SEMANTICS 3
analyzing concurrent programs, etc. In the same vein, descriptions of complex VLSI chips 
written HDLs that provide only low level concurrency primitives are unreadable, and overall 
very unreliable.
The communicating process paradigm pioneered by Milner [RM89] and Hoare [Hoa85], 
among other researchers, has become one of the most popular ways of organizing concurrent 
programs. This view is also gaining in popularity as an HDL primitive [Mar89, BS89, May90]. 
We also adopt this view in hopCP. Our work provides convenient extensions in the form of 
multiway rendezvous [Cha87] wherein a collection of processes can include one sender and 
more than one receiver, and they all rendezvous on a channel.
As an alternative to synchronous design, many researchers have proposed a fully asyn­
chronous  design approach [Mar89, Sut89, BS89, GJ90, Ebe89]. Though highly promising, 
asynchronous design will, in all likelihood, not entirely supercede synchronous design. In the 
near future, we can also expect mixed synchronous/asynchronous  designs [MC80, Cha84] to 
be built.
Thus, concurrent processes that communicate through rendezvous can either be compiled 
directly into asynchronous circuits [Mar89, BS89, May90, AG91a] in a fully synchronously 
clocked style [Ku91, PL91], or in a mixed style. Whichever way concurrent processes are 
implemented in circuits, it involves the refinement  of high level actions into partial orders of 
simpler actions. For example, the rendezvous communication action is refined into a partial 
order of signal transitions on wires. As another example, in the design of instruction pro­
cessors, high level operations ( multiply) get refined into partial orders of simpler operations 
(a shift-add loop). Hierarchical refinement o f  time is one o f  the crucial aspects o f  VLSI  
design. Thus, in addition to including high level concurrency primitives, the HDL of choice 
for designing large system s must be a language that also permits actions to be hierarchically 
refined. hopCP is such an HDL.
It is very constraining to adhere to just the rendezvous style of communication: the hard­
ware designer may prefer to write specifications directly using other forms of communication 
and synchronization such as spin waits on “status signals”, etc. In order to support such 
styles of specification, hopCP offers the feature of asynchronous ports. Another use of asyn­
chronous ports is the following. HDL descriptions using rendezvous communications are 
eventually compiled into circuits whose components support signal assignments (=  signal 
transitions). A natural organization of such a compiler, especially with a view to facilitate 
proving its correctness, is to present the compilation algorithm as a collection of hierarchical 
action refinement  rules whose correctness can be established separately. Since these rules 
effect source-to-source transformations, the HDL used has to include both rendezvous ac­
tions and signal assignment actions. An example of an asynchronous port is a status signal,
4 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
such as the “buffer em ptif signal for a buffer. This signal is raised by the sender when the 
buffer actually becomes empty. Once set, the sender can proceed in its computation without 
waiting for the receiver to sample the signal. Also notice that the receiver can sample buffer 
empty several times; each tim e it samples the signal, it does not involve the sender. Modeling 
this behavior using rendezvous is awkward because rendezvous is a higher level communica­
tion primitive where the sender and the receiver have to wait for each other before they can 
proceed. .
One assumption we make of asynchronous ports is that the value written onto the port 
by a writer is “instantaneously” seen by all the readers of this port. In an asynchronous 
hardware implementation, the notion of “instantaneous” translates into some form of data 
bundling constraint [Sut89]. In a synchronously clocked implementation, on the other hand, 
“instantaneous” may mean ‘all readers see the data within the cycle in which the write 
occurs’.
In the hopCP compilation system, we can often determine through static analysis that the 
receiver will begin sampling an asynchronous port only after the sender has finished writing 
on the port. In this case, asynchronous ports can be realized very cheaply, using just a 
register to hold the data. If we cannot rule out that the receive will be concurrent with the 
send, then suitable circuits (e.g. an arbiter-based circuit such as an A T S module described 
in [Kel74]) can be employed. (If the inputs to the A T S module are signaled concurrently, 
the module effectively serializes the inputs and then takes action based on the result of 
serialization.)
The above is just one of the static analysis techniques that we have developed for synthe­
sizing efficient/sim ple circuits from hopCP specifications. We use a very similar same static 
analysis technique to derive efficient circuits for the choice construct of hopCP, and also to 
permit concurrent, and speculative guard evaluation. These details are reported in [AG91d].
To summarize, a system-design oriented HDL must include the following features.
• T em p o ra l a b str a c t io n  m ech a n ism s: By temporal abstraction, we mean “lack of 
commitment to any specific timing discipline” . As actions are temporally refined, 
specific timing details (e.g. two-phase clocking, mixed synchronous/asynchronous) can 
be incorporated.
•  F le x ib le  S ty le s  o f  C o m m u n ica tio n : Much diversity in VLSI circuits arises due to 
the communication mechanisms that they use, such as explicit synchronization (via 
handshake signals), implicit synchronization (via clocks), polling, broadc.isf. etc. It 
is important that we do not rule out some of these useful styles of communication in 
hardware by com m itting to any one of them in the HDL itself.
•  F u n ctio n a l V ie w  o f  C o m p u ta tio n : There are several styles for specifying compu­
tation, such as procedural (e.g. C), functional (e.g. Pure Lisp), relational (e.g. Pure 
Prolog), etc. Functional languages are particularly appealing for describing computa­
tional aspects of hardware because their referential transparency (the ease of replacing 
equals by equals). The implicit parallelism in a functional description helps specify 
concurrency in computations naturally. This can reduce the expense of data flow 
analysis. .
•  F orm al S e m a n tic  D e sc r ip tio n : Having a simple and well specified formal semantics 
helps in the following ways: ,
— P r o v id e  la n g u a g e  referen ce: One of the primary objectives of specification- 
driven design is to establish correctness of the design before indulging in the 
expensive activity of actually building the circuit. Verification becomes very dif­
ficult, if not impossible, if the specification language does not have a clear formal 
definition.
— A ss is t  in  F orm al V erifica tion : Hardware verification using theorem proving 
tools is wasteful to apply to circuit descriptions that contain errors that can be 
detected more cheaply and automatically through other means; for example, pro­
cess composition tools have been shown to be very useful in detecting many errors 
automatically [CPS89, GFAM89, GF91]. If no errors are detected, process com­
position returns an abstracted version of the design which can, then, be subjected  
to more rigorous verification.
— H e lp  S y n th e s iz e  E ffic ien t C ircu its: Process composition is also employed 
in hopCP to help synthesize area-efficient circuits. We first obtain an abstracted 
process. We then analyze it to determine whether its asynchronous ports are used 
in an exclusive read/write mode, whether its alternative commands are determin­
istic, etc. This information helps us select more efficient circuits as reported in 
[AG91d],
— A ss is t  in  T estin g : In addition to establishing correctness, formal reasoning may 
reveal useful information in the form of invariants which can be exploited for test 
case generation during simulation, incorporation of self-diagnostic features during 
synthesis, etc.
O r g a n iza tio n  o f  th e  p a p er
In section 2, we briefly examine related work. In section 3, we briefly describe the hopCP 
design environment. In section 4, we provide an informal introduction to the language,
HOPCP: LANGUAGE AND SEMANTICS  - 5
6 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
with examples. In section 5, we informally describe the structural operators of hopCP. In 
section 6 and 7, we present the formal semantics of hopCP. In section 8, we discuss the 
hopCP implementation and in section 9 we provide concluding remarks.
Salient F eatures and P rim ary  A p p lica tion  D om ain
hopCP can be best characterized as a functional language augmented with constructs to 
specify concurrency and communication explicitly. One of the significant features of hopCP 
is its lack of adherence to any specific timing discipline. hopCP retains the fundamental 
state-transition system  view of hardware, but is equipped with features to specify computa­
tion in a purely functional style, specify concurrency without interleaving, and offer flexible 
communication schemes.
In hopCP, only the causal relationships between a set of actions which capture the behavior 
of the hardware are specified. Clocking and absolute tim ing relationships are delayed till the 
synthesis phase. This makes hopCP eminently applicable for the specification of systems that 
are comprised of loosely coupled communicating modules, each obeying non-trivial timing 
protocols. At present, it may not be quite natural to use hopCP for the specification of 
systolic designs or designs that decompose into regular array structures; this may, however, 
be a possible future extension, if we incorporate the results of [Joh84] and [She85].
2 R elated  Work
We have a wide spectrum of HDLs with different objectives and emphasis. The following 
are some of the successful hardware description formalisms currently in use: trace theory 
[Ebe89],CSP+probe [Mar89], Occam [BS89] used for the synthesis of pure asynchronous 
circuits, trace theory [Dil89] for verification of asynchronous circuits, HardwareC [KM90] and 
ISPS (with variations) [TLW+90] for synthesis of synchronous circuits, functional calculus 
[Joh84] for synthesis and verification of synchronous circuits, and Verilog HDL [SST90] and 
VHDL for modeling and simulation of synchronous and asynchronous circuits. It is difficult 
to place hopCP in this spectrum because it is more like an amalgamation of the essential 
ideas from the above formalisms. In hopCP the emphasis is in accurate modeling of hardware 
phenomenon and providing facilities for functional simulation and high-level debugging of 
specifications. We also support synthesis from hopCP specifications [AG91a], In this paper 
we focus on the language design criteria and the formal semantics.
In fe r red parComp /
Behavior 4  \
Static
Analysis
In fe r red parComp |
benavior
Simulation 








C ir c u i t Circuit
Figure 1: Flow Diagram of the hopCP Design Environment
3 hopC P D esign  Environm ent
Figure 1 outlines the VLSI design environment planned around hopCP. The hopCP spec­
ifications are parsed and compiled into an intermediate representation called H F G  (hopCP 
Flow Graph) which will be discussed in detail in this paper. Using a compiled-code con­
current functional  s imulator generator  called CFSIM, we derive a simulation model for the 
H F G  (currently CFSIM generates a Concurrent ML program module). pa r C o m p  is a tool 
which operates on H F G s  to infer  the composite behavior of a collection of hardware modules 
specified in hopCP. Act ion R e f i n e m e n t  is a procedure by which H F G s  are translated into 
hardware. This procedure handles the familiar synthesis tasks of control/data decomposition  
and resource-allocation. hopCP specifications can be refined into purely asynchronous cir­
cuits (similar to [BS89]), purely synchronous circuits, or a mixture of both. Static Analysis 
techniques can be used for performance optimization, at different levels of hierarchy. In this 
paper we will focus on the specification language hopCP, and its formal semantics.
4 W hat is hopCP?
hopCP is a notation to describe a concurrent state-transition system  called hopCP Flow 
Graphs (henceforth referred to as a H F G s  ), augmented with features to model computation  
in a purely functional style, and mechanisms to support synchronous and asynchronous
8 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
communication. In hopCP, hardware is modeled by a structural entity called a module 
which contains two parts (i) a behavioral entity called a HFG (hopCP Flow Graph) which 
captures the state-transition system describing the hardware in question, and (ii) a set of 
communication  ports with which the hardware interacts with its environment. A hopCP 
specification has six sections described below out of which only the MODULE and the 
BEHAVIOR section are mandatory.
(i) The MODULE section introduces the name of the module being described.
(ii) The TYPES section introduces the datatypes of the communication ports used in the 
module. Currently we support two primitive types namely bit and bitvector.  More 
complex types can be built using the primitive types. For example, we could define a 
byte as follows: byte : vector  8 o f  bit.
(iii) The SYNCPORT section declares all the synchronous  communication ports used in 
the specification. A synchronous  port allows rendezvous style communication as in 
CSP. Rendezvous  style of communication is characterized by the sender and receiver 
synchronizing (waiting for each other) before exchanging the information. Synchronous 
ports could be inputs or outputs which are distinguished by the last character of the 
portname. For example, p? denotes a port p being used in the input sense while p! 
denotes the same port being used in output sense. All ports in hopCP are unidirectional
i.e. they are either input or output.
(iv) The ASYNCPORT section declares all the asynchronous ports  used in the specification. 
An asynchronous port is a shared variable which provides value communication without 
synchronization. Asynchronous ports can be used either as input or output and this 
can be distinguished syntactically.
(v) The FUNCTION section contains the user-defined functions used in the specification. 
The functions are written in a first-order  functional language. The syntax of Standard 
ML of New Jersey is used.
(vi) The BEHAVIOR section describes the state-transition system  which captures the be­
havior of the hardware system  being specified. The state-transition system  being de­
scribed is called H F G  and is discussed in detail in the following section.
Inform al Sem an tics o f H FG
First, we define S ta te ,  which models the state of one thread of control flow, and T rans i t ion ,  
which defines a triple: (i) a collection of Sta tes  (analogous to the input phiccs to a transition
HOPCP: LANGUAGE AND SEMANTICS 9
of a Petri net), (ii) a “transition” (analogous to a Petri net transition), and (iii) a collection 
of post S ta tes  (analogous to the output places of a Petri net transition).
S ta t e  = P r o c N a m e  x  LocalStore  
T r a n s i t i o n  = V + (S ta te)  x  CompoundAct ion  ® Guard  x  V +(Sta te)
where Guard,  C  ompound Act ion  are syntactic objects which will be defined later and V  and  ® 
denotes power set and disjoint sum operations on sets respectively. •
A hopCP flow graph is formally defined as a record with two fields:
H F G  = (is tate  C V ( S t a t e ) ,  trel  C T r a n s i t io n )
A record is represented as a 2-tuple. Each component of the record is denoted by a field 
name and its associated type. For example, is ta te  is one field name, and its type (set of 
allowed values) is any subset of V (S ta te ) .
is ta te  denotes the set of initial states of the specification, and trel  denotes the set of 
transitions  in the H F G  . A transition t r  €  T r a n s i t i o n  is a triple (pre(tr) ,  act ( t r ) ,pos t( tr ) )  
where pre( tr )  denotes a set of states called precondition of the transition, post( tr)  denotes 
a set of states called postcondition  of the transition, and act( tr)  denotes the action of the 
transition.
The execution semantics  of a H F G  are similar to that of a Petri  net. Let t r  £  T ransi t ion;  
if t r  is enabled (i.e. execution reaches pre(tr ))  then the system performs actions act( tr)  and 
the execution reaches post( t r) .  Note that no notion of clocks or tim e is being associated with 
the performance of the actions act(tr).  Also note that if more than one t r  £  T r a n s i t i o n  is 
enabled, they can perform their respective actions concurrently, subject to synchronization 
rules to be discussed later.
E xam p le  1
We illustrate the features of hopCP using a example of a pipeline stage. Figure 2 shows 
a com plete hopCP specification of the pipeline stage. It does not have a ASYNCPORT  
section. It declares an input synchronous channel a and and output synchronous channel b 
of type byte. Figure 3 denotes the H F G  corresponding to the hopCP specification shown in 
Figure 2 and is textually described as follows:
h f9 i  = { is ta te  = {(P , [a:])}, trel  = {((P , [x]), a ly ,  (Q, [x, y])), ((Q, [x, y]), b \ ( f  x  y) , (P, [y]))}}
The above is the syntax of a record literal. Listed within braces (“{ ,> ’) are f i e l d j n a m e ,• 
and f i e ld -va lue ;  (separated by = ) , for every applicable i.
10 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
MODULE exi 
TYPES




fun f a b = if (index(a,0)=i) then update(b,2,0) else b; 
BEHAVIOR
P [x] <= a?y - >  b ! ( f  x y) - >  P [y] )
Figure 2: hopCP Specification of a Simple Pipeline Stage
Figure 3: hopC P Flow G raph (H FG ) of hopC P Specification in E xam ple 1
a?y b!(f x y)
HOPCP: LANGUAGE AND SEMANTICS 11
It is more convenient to draw pictures to denote H F G s  where circles denote the control 
state names (P r o c N a m e ) and horizontal lines denote the actions. The H F G  is interpreted 
(read) as follows: Module e x l  is initially in a state (P, [a;]) where P  is the control state 
(known as P r o c N a m e )  which is analogous to •program, counter  in a conventional computer 
while x is the datapath state (also known as LocalStore)  which is a snapshot of its relevant 
internal state. In the state (P, [x]) the system  can engage in a communication action a?y 
which will be henceforth referred to as a data query and go to a state denoted by {.Q, [x,y]). 
Data query a?y denotes a rendezvous on channel a.
Note that by performing the action a?y the internal state of the system  is modified to 
include the value received on channel a which is reflected by the presence of the variable y 
in the state (Q ,[x ,y ]). We could have a synchronous communication action without value 
communication, i.e. merely a? which is referred to as input control action.
We have just described the execution of the system via the transition ((P, [x]), a?y, (Q , [x, y])). 
As a consequence of this execution we find that the transition ((Q, [x, y]), b \ ( f  x  y), (P, [y])) is 
enabled. In the state (Q , [x, y]), the module can perform the communication action &!(/ x y) 
and proceed to the state denoted by (P, [y]). blexpr where expr  £ E X P R  is said to be 
a data assertion and represents the synchronous  communication action of outputting  the 
value denoted by the expression expr  on the channel b. A data assertion without value 
communication, for example just 6! is called an output control action.
In the example, expr  is the application of user-defined function /  on arguments x (original 
internal state) and y (received as a consequence of the action a ly ) .  The function /  could 
involve arbitrary computation and is expressed in a purely first-order functional language. 
hopCP has a wide repertoire of bit-level manipulation routines commonly used in hardware 
system s like I s h i f t ,  r s h i f t ,  exor , subvector , index-vector , update-vector , par ity  etc. 
(P, [y]) denotes the fact that the system goes back to the same control state P  (as the initial 
state) but the datapath state is now y instead of x. In a programming language sense, 
this could be viewed as invoking a function P  with an actual parameter y for the fo rmal  
parameter x.
E xam p le  2
The specification in Figure 4 illustrates some more features of hopCP. Figure 4 describes a 
module ex2 which declares T x R D Y  as an output asynchronous  port (shared variable) of bit 
type. It uses the same function definition /  as in the previous example. Informally, module 
ex2 starts in a state (Q , [x]), engages in an data query a?y, and depending on whether the 
input value y is even or odd it proceeds to perform the data assertion b l ( f  x  y)  and an 
asynchronous output action T x R D Y  := 1 and goes back to its initial control state Q with








fun f a b = if (index(a,0)=l) then update(b,2,0) else b; ■
BEHAVIOR
Q [x] <= a?y -> ((even y) -> ( b !(f x y ) , TxRDY := 1) -> Q Cy+i])
l((odd y) -> c! (subvector(y,0,4)) -> Q [y]) ■
END
Figure 4: Illustrating Alternate Behavior and Assignment Actions
its datapath state modified to the value denoted by y +  1 or performs c\(subvector(y, 0 ,4)) 
and returns to the initial control state Q with y as its datapath state. The behavior has the 
following new features
1 . Assignment apo := expr  where apo 6  A s y n c P o r t s  is an assignment action. In module 
ex2, T x R D Y  := 1 is an assignment action which denotes the evaluation of the expres­
sion expr  (which is 1 in our example) and transmitting  the value on the asynchronous 
channel T x R D Y . An assignment action does not have to synchronize  with a receiver 
before transmitting the value. In this sense, it is asynchronous.  Applications of this 
style of communication include outputting status  information and modeling system ini­
tialization (reset). Misuse of asynchronous communication via shared variables could 
lead to undesired behavior like m etastability and proclivity to deadlock. The details 
of asynchronous communications and syntactic restrictions to avoid these problems is 
discussed in section 6.
2 . Compound Actions  A tuple of actions ( a i , a 2, . . . ,  am) constitutes a compound action
and is characterized by the following features:
(i) a i , a 2, . . . , a m could denote data queries, data assertions, input control actions, 
output control actions or assignment actions with the restriction that all a, and
a.j should be non-interfering , i.e. no two a,- and aj should use the same channel or 
try to update the same variable. For example the compound actions (a l x , a l y , . . . )  
and (a?x, 6?x, . . . )  are not permitted.
HOPCP: LANGUAGE AND SEMANTICS 13
MODULE ex3 
SYNCPORTS
a?,b! : byte; 
b ? ,c ! : byte
FUNCTION
fun f a b = if (index(a,0)=l) then update(b,2,0) else b; 
fun g a b = if (index(a,0)=0) then update(b,2,0) else a;
BEHAVIOR
(P [xl] <= a?yl -> b !(f xl yl) -> P Cyl])
I I
(q Cx2] <= b?y2 -> c !(g x2 y2) -> Q Cy2])
END
Figure 5: hopCP Specification Illustrating Parallel Behavior
(ii) Let (5 , (ai ,  a2, . . . ,  am), s') (E T r a n s i t i o n , the execution of the system  in a state s 
corresponds to performing actions (a i, a2, . . . ,  am) concurrently and going to state 
s ' . The execution of the system  via a compound action is analogous to that of 
the cobegin/coend statem ent of concurrent programming languages.
In ex2, (&!(/ x  y ) , T x R D Y  1) denotes a compound action.
In hopCP conditional behavior is captured by guards  and choice construct 
(represented by ‘|’ in the textual syntax of hopCP). Guards are either boolean expres­
sions, data queries (or input control actions) or both. We do not allow data assertions, 
output control actions, or assignment actions in guards. The informal semantics of the 
choice construct is as follows: all the guards are evaluated in parallel; the guard which 
succeeds (a guards succeeds if its boolean expression evaluates to true and if the input 
communication action succeeds) is picked and the execution moves to the correspond­
ing state. If none of the guards succeeds, it denotes a error in the specification, and, 
the system  halts. If more than one guard succeeds, any one of them  can be picked. 
This introduces nondeterminism  in hopCP.
In exam ple ex2, (even y ) and (odd y) are the guards which control the system  behav­
ior. Expression guards can be specified with the help of user-defined functions in the 
F U N C T I O N  section of the specification.
3. Choice
E xam p le  3
14 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
Figure 6: HFG of hopCP Specification in Example 3
The last two examples were basically sequential in nature except for the restricted form of 
concurrency introduced by compound actions. Figure 5 is a hopCP specification of a con­
current system  with synchronization and value communication. It captures two independent  
threads of activities corresponding to two stages of a pipeline coupled by a rendezvous on the 
synchronous communication channel b. The stage described by P  is capable of performing 
an data query a l y l  and a data assertion b \ ( f  x l  y l)  while the stage described by Q can first 
engage in a data query b?y2 and then perform a data assertion on channel c. The actions 
a?yl and c\(g x2 y 2) can be performed independently (hence concurrently) while the actions 
b ly 2 and b \ ( f  x l  y l)  have to be performed synchronously. This is captured in the H F G  
shown in figure 6.
The initial states (P, [xl]) and (Q , [x2]) are marked by arrows. Initially, a?yl can be per­
formed by stage P  while Q waits on action 6?y2. Once a?yl is completed, both stages P  
and Q can engage in 6?y2 and b \ ( f  x l  y l)  which results in the datapath variable y2 in stage 
Q getting a value denoted by the expression ( /  x l  y l)  (referred to as value communication). 
This is depicted by the annotation on the arc leading to control state 52. Once this syn­
chronous activity is complete, stage Q can engage in c\(g x2 y2) and stage P  can engage in 
a ly 2 concurrently.
This illustrates synchronization and value communication between two agents and is known 
as two-way rendezvous. In this example, the no compound actions are involved. If the actions 
involved are compound actions, things become slightly more complicated and we ascribe a 
semantics to it in the later part of this paper.
HOPCP: LANGUAGE AND SEMANTICS 15
BEHAVIOR
(P [xl] <= a?yl -> b!(f xl yl) -> P [yl])
I I
((Q [x2] <= b?y2 -> c ! x2 y2) -> q [y2]) 
I I
(R [x3] <= b?y3 -> d ! x 3  y3) -> R [y3])
)
END
Figure 7: hopCP Specification Illustrating Multiway Rendezvous
E xam p le  4
Finally we present an example which illustrates the notion of multiway rendezvous  in 
hopCP. Synchronization and value communication shown in the previous example involved 
two agents (one performing a data query, and one capable of the corresponding data as­
sertion). Multiway rendezvous is said to occur when there is more than one agent willing 
to perform a data query corresponding to a data assertion, (note that the converse of the 
situation that of more than one agent asserting a value on the same channel does not make 
much sense) Multiway rendezvous is a powerful notion which facilitates the specification of 
a wide variety of concurrent algorithms very naturally [Cha87]. It subsumes broadcast style 
of communication (point to multipoint communication) which is very natural in hardware, 
but not supported by many popular HDLs currently being used for synthesis. It does not 
mean that these things are impossible to specify without multiway rendezvous; but, it be­
comes awkward to model them in terms of two-way rendezvous. Figure 7 shows a hopCP 
specification (just the behavior section is shown for convenience). It illustrates multiway 
rendezvous on channel b.
Initially, only the stage P  can make any progress by engaging in a l y l .  Once this is 
com plete, a multiway rendezvous on channel b is possible. This involves agents P , Q and R  
waiting for each other and once all the of them arrive, agent P  transmits the value denoted 
by the expression ( /  x l  j/1) on channel b which is received by agents Q and R  and bound to 
their internal variable y 2 and y 3 respectively and then P , Q and R  proceed to perform their 
next actions.
The multiway rendezvous advocated in hopCP is simpler than that in the protocol spec­
ification language L O T O S  [LOJF88], in the sense that the multiway rendezvous and its 
participants can be statically determined by a simple analysis. This is because we do not
16 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
have dynamic process creation in hopCP.
5 Structural D escriptions in hopC P
In the previous section we said that the basic entity being modeled in hopCP is a module 
which consists of a set of channel names and a concurrent state-transition system  (H F G  ). 
In this section, we will describe ways to specify an interconnection  of such modules and a 
mechanism for abstraction in hopCP. Interconnection of two modules Mi and M 2 is specified 
by a renaming  function on the channel names and is expressed by the rename  operator. 
Abstraction in the sense of controlling the visibility of actions is achieved by the export 
operator, connect operator puts  together modules (whose interconnection is specified by 
the rename operator). After performing basic safety and realizability checks it infers the 
composite behavior of the whole system. The behavioral inference is done by composing the 
H F G s  of the constituent modules by appealing to a procedure called parComp.  Details of 
p a r C o m p  will be described shortly.
6 Formal Sem antics of hopCP
In this section we will present the operational semantics  of hopCP in the style advocated 
in [Hen90], The semantics presented below serves two objectives: (i) defines an interpreter 
for the language, by defining all possible labeled-moves of the underlying state-transition  
system , and (ii) defines a compiler  for the language, by constructing the underlying H F G  
which is the intermediate representation for the hopCP design framework.
The semantics of each major feature of the language is presented separately by specifying 
the constituent syntactic categories, abstract syntax and the underlying transition relation. 
The organization of the semantic definition is as follows: We use three transition relations
^CA'i  ^proc? *beh and two expression evaluation functions = ^ e, and = H e ,  in the dis­
cussions below. The type signatures and formal definition will also be given shortly. — >\,eh 
is the top-level transition relation which takes an abstract syntax tree denoting a hopCP 
behavioral expression and the associated process and function declarations and returns a 
H F G  . In doing so, it invokes ■^ ->pr0c,  which incrementally  constructs the H F G  by enu­
merating all possible moves in the H F G  . ■— >proc, in turn, appeals to ^— >ca transition 
relation to reduce the compound actions. Compound actions in hopCP contain expressions, 
which are evaluated by = ^ e and  = H e. The semantics will be presented in a bottom-up  
fashion. To facilitate reading, we present the entire abstract syntax, list of syntactic cate­
gories, type signatures of the various transition relations and helping-functions used in the
HOPCP: LANGUAGE AND SEMANTICS 17
semantic definition in the appendix.
6.1 E xpression  L anguage
The expression language underlying hopCP is a first-order functional language with integer 
(treated as bitvector) and boolean as the primitive types. Notable omissions with respect to 
a standard functional languages are user-defined datatypes and higher-order functions. The 
expression language is now defined. •
P rim itiv e  S yn tactic  C ategories
In the following, V A L  is the category of values, V A R  of non-boolean variables (e.g. in­
teger), B V A R  of Boolean variables, A s y n c P o r t s  of asynchronous ports, and d of data path 
state variables, which are part of V A R .  All other categories are explained in the BNF  
abstract syntax.
V 6 V A L e <E E X P R
x <E V A R bx <E B V A R
be <E B E X P R F D <E F u n D e c l
vop <E V  ectorOp op <E A r i th O p
bop <E BooleanOp F <E F u n N a m e
ap <E A s y n c P o r t s d <E D P S V A R  C V A R
A b stract S yn tax  o f E xpressions
The (abstract) syntax of function declarations is given by the production rules for F D ,  
and that for expressions is given by the rules for e. Expressions (e) can be values, variables, 
expressions using a binary operator op, let expressions, primitive function applications, if, 
user-defined function applications (F ), and an asynchronous port identifier (ap) standing 







F ( X 1,X 2 , . . .  , x k) = e I F ( x i , x i , . . .  , x k) = e , F D '
I , , // - _ , / . t n  m .x  \ e op e | let x  =  e m e  | vop[e , e , e )
| if_ be then  e else e | F[e\ ,  e 2 , . .  . ,  e^ ] {where a r i t y ( F )  =  k) \ ap 
bx | T r u e  \ F a l se  \ be op be \ N o t  be \ equalise, e )
+  | — | * | /  | r s h i f t  | I s h i f t  \ index  
and  | or \ nand  \ nor \ exor  
update  | subvector
18 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
S e m a n tic  D o m a in s
Using the above syntactic objects, we will present the semantics of expression evalua­
tion in hopCP. Note that we have augmented a standard first-order functional language 
with primitive operators to manipulate bitvectors. LocalS tore  provides the environment for 
the evaluation of expressions involving datapath variables (denoted by D P S V A R ) ,  while 
GlobalStore  gives the binding of the asynchronous channels (which are treated as variables). 
Asynchronous channels can be used in expressions with the restriction that they are used 
strictly in the read-only sense. They cannot be bound inside an expression.
cr/ 6 LocalStore  =  D P S V A R  i—► V A L  
o'g £ GlobalStore  =  A s y n c P o r t s  i—► V A L
E v a u la tio n  S em a n tic s  o f  E x p ress io n s
==>e and = H e  take an expression and its environment, and return a integer (bitvector) 
or a boolean, respectively, corresponding to the value of the expression. Their definition is 
fairly routine and is om itted to conserve space.
= ^ e: (F u n D e c l  x LocalS tore  x GlobalStore  x E X P R )  i—► V A L  
==>be' (F u n D e c l  x LocalS tore  x GlobalStore  x B E X P R )  i—* Boolean
6 .2  A c t io n s  and  C o m p o u n d  A c tio n s
In this section we will present the syntax and semantics of the various actions  used in 
hopCP.
A d d it io n a l S y n ta c t ic  C a teg o r ie s
Synchronous output ports, synchronous input ports, and compound actions have the fol­
lowing syntactic categories:
spo £  S y n c O u tp u t  Por t s  spi  £  S y n c l n p u t  Por t s  
ca €  Com pound  Action
A b str a c t  S y n ta x  o f  A c tio n s  an d  C o m p o u n d  A c tio n s
The syntax of actions and compound actions is presented below. A compound action ca is 
interpreted as a set of actions, each action being of type a. For example, the compound action
HOPCP: LANGUAGE AND SEMANTICS 19
written syntactically as (p?,g!) denotes the set of actions {p?,g!}, and the compound action 
written syntactically as a? denotes the set of actions {a?}, dq denotes receiving a value on 
synchronous input port spi, da denotes asserting the value denoted by the expression e on 
the synchronous output port spo, and aa denotes asserting the value denoted by expression 
e on asynchronous output port ap.
a ::= dq \ da
ca ::= a \ a ,ca
dq ::= s p i l x
da ::= spo\e
aa ap := e
S em an tics o f A ction s and C om pou nd  A ction s
The semantics of actions and compound actions is captured through the transition relation
>CA (F u n D e c l  x LocalS tore  x GlobalStore  x C om poundAct ion)  
i—* (LocalS tore  X GlobalStore )
Here, 
Also define
ca+ = ca U {e}.
fl+ =  aU  {e}
which will be used later.
Next we present the inductive definition of ■— >ca for each action category.
6.2 .1  Syn ch ron ous C om m u n ication  A ction s
There are two types of synchronous communication actions in hopCP: actions with value 
communication and synchronization and those with only synchronization (no value commu­
nication). For each action, we have both the input (query) and output (assertion) counter­
parts and we will present separate rules for both. The following are rules for synchronous 
communication action without  value communication:
(i) Synchronous Input without value communication
(F D ,  ai, ug, a p i t ) ^ CA(ai, ag)
20 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
(ii) Synchronous O u tp u t w ithout value com m unication
{F D ,  <Ti, <Tg, s p o \ ) ^ c A ( < n ,V g )
Note that these actions do not affect the environment (cri,ag). We retain the labels sprt and 
spol to record the fact that these communications were engaged in.
Next we present rules for actions which reflect value communication. Note that only a / is 
modified. The effect of a data query sp ilx is to undergo a synchronization with an agent 
producing a value v on the channel spi, and modify the localstore oi to reflect this value. 
On the other hand, a data assertion spile involves first evaluating the expression e, and then 
undergoing a rendezvous with an agent willing to accept a value on the channel spi.
(i) Rule for synchronous value input:
(F D ,  (ji, (Tg, sp i?x)a- ^ c A ( v i [ v / x \ , ( T a)
(ii) Rule for synchronous value output:
(F D , o i , o g, e ) = > e v 
(FD,ah<Tg,spo\e)a-^cA(vi,vg)
The synchronous communication actions outlined in this section need the cooperation of 
other agents to succeed.
6 .2 .2  A syn ch ron ous C om m u nication  A ctio n s .
M o tiv a t io n  and D efin it io n : An output asynchronous action in hopCP is written as 
aa e. The complementary (i.e. input) action is indicated by the use of the asynchronous 
port identifier (e.g. aa in the above example) in hopCP expressions. It denotes the fact that 
an asynchronous input is first done through the asynchronous channel, and the value thus 
obtained is used in place of the channel name. Assignment actions provide communication 
without explicit synchronization. (Synchronization must be indirectly guaranteed.) Asyn­
chronous communication in hopCP is characterized by nonblocking senders and nonblocking 
receivers. The sending party deposits the value denoted by the expression e on port ap 
whenever called upon to do so, and the receiver picks up the value whenever it is asked to. 
A sender can also write two values in succession without the receiver reading in between. 
The receiver can read the same value twice, without the sender writing in between.
HOPCP: LANGUAGE AND SEMANTICS 21
Naive implementations of the asynchronous communication mechanism can lead to well- 
known synchronization problems. For example, since the sender and receiver are not syn­
chronized, it is possible to attempt a read while the asynchronous port is being written. In a 
naive hardware implementation, this can result in the sampling of a voltage in between that 
for logic 0 and that for logic 1, which can lead to metastability. Similarly, since the read and 
write may happen in any order, it is possible to read the “old value” from the port, which 
could possibly lead to deadlock. .
An asynchronous action (read/write) is said to be safe if all accesses i.e. (read/writes) 
to the asynchronous port are serial. Usages of asynchronous communication actions are 
checked for safety by the hopCP analyzer. This is done by performing a reachability analysis 
on the inferred behavior of the constituent hopCP modules [AG91d]. The inferred behavior 
is obtained very efficiently via a tool called parComp which will be discussed in detail later 
in this section. In the graph of reachable markings, it is then seen whether the asynchronous 
actions can be enabled simultaneously, or not. Basically, asynchronous actions are employed 
in hopCP specifications that use synchronous communication actions also. It is these syn­
chronous communication actions that help define causal orderings among all the actions in 
the specification, and, indirectly, make certain asynchronous actions serial. For example, in 
the following specification fragment,
P[x] = (asyncport:=E) -> p! -> ...
I I
Q[y] = p? -> ( <guardl using asyncport> -> ...
I <guard2 using asyncport> -> ... )
(* Here, guardl said guard2 must be mutually exclusive said exhaustive. *)
the use of the synchronous communication actions p ! and p? help order the write and read 
on asyn cp ort.
If we cannot rule out that the receive will be concurrent with the send , then suitable 
circuits (e.g. an arbiter-based circuit such as an A T S module described in [Kel74]) can be 
employed. If the inputs to the A T S module are signaled concurrently, the module effectively 
serializes the inputs and then takes action based on the result of serialization. Another 
precaution to be obeyed is in connection with guards. If an asynchronous port is employed 
in guard 0 <  i <  N  — 1 of a choice construct, then the collection of guards g0 through 
gN-i  must together account for all possible values on the asynchronous port; in other words, 
the guards must be exhaustive with respect to the values. Usually this situation arises when 
spin-waits are implemented, as shown in the boxed specification fragment that comes next.
22 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
U se s  o f  A sy n c h r o n o u s  C o m m u n ica tio n : Asynchronous communication is useful in sit­
uation where explicit synchronization (sender and receiver waiting for each other) is either 
awkward or unnecessary. Asynchronous communication can be used in the following scenar­
ios which are quite common in hardware description:
• Status Signals: Status signals are typically set once and optionally read many times by 
different modules. It is awkward to enforce synchronization on status signals. They 
are best modeled as asynchronous actions.
•  Busy  Waiting:  Busy waiting is characterized by a nonblocking sender and a blocking 
receiver ( waiting fo r  a condition). Busy waiting can be implemented in hopCP using 




P n <= (IsTrue TxRDY) -> Q [] '
K n o t  (IsTrue TxRDY)) -> P []
END
In state P,  the system  waits for TxRDY input to become high. Busy waiting inherently 
violates safety  since there is a possibility of the writer accessing the asynchronous port 
while the read is in progress. (Unless this is permitted, the spin-wait condition, once 
found to be true, will remain true forever. While one process is spin-waiting, the other 
process performs an asynchronous port output, thus causing the spin-wait to exit.) As 
mentioned before, the guards must be exhaustive.
R e str ic t io n s :  We impose the following restrictions on asynchronous communication in 
hopCP, mainly to tune the construct to hardware applications and facilitate a direct circuit 
implementation.
1. Only one agent can own an asynchronous channel; i.e., only one agent is allowed to 
perform an assignment  action (use it in the output sense) on a given asynchronous 
channel. However, there could be several agents using the channel in an input  sense,
i.e., willing to read the asynchronous port. Just as in the synchronous communication 
scenario, the agent which is the sender (assignment) and the agents which are receivers 
(input) are statically determined.
HOPCP: LANGUAGE AND SEMANTICS 23
2. The usage of asynchronous actions in choice constructs will be made only under the 
condition that the guards are exhaustive, as mentioned above.
3. An asynchronous channel is assumed to have a capacity of one which means that an 
asynchronous channel is modeled as a assignable location. Every assignment overwrites 
the existing value (much like the assignment in an imperative language).
S em a n tics: The dynamic semantics of the assignment action are given by the following 
transition rule
__________( F D , o i , o g,e)  = > e v__________ 
( F D ,  a x, ag, (ap :=  e) ) - U CA(<rh a9\v l aP\) '
The global store (ag) is being explicitly carried around precisely to capture the asynchronous 
value communication via assignment actions. An assignment action merely updates the 
corresponding location. Since, crg is shared by the whole system, anyone interested can read 
it without undergoing a synchronization (hence the asynchrony). Notice that the “label” of 
this transition is e, meaning that there are no observable effects (other than the modification 
of ag, of course).
Im p le m e n ta t io n  H in ts: If safety is guaranteed, an asynchronous port can be implemented 
by a conventional latch. Otherwise it can be implemented using an A T S module (fully 
described in [Kel74]). One possible implementation of an A T S module supports the following 
operations: write.zero, write.one, and test. It has the property that if more than one of its 
commands are requested simultaneously, the module serializes the requests using an internal 
arbiter.
6 .2 .3  C o m p o u n d  A c tio n
Compound actions introduce a restricted form of parallelism in the form of local fork- 
join activity. Synchronization or value communication among the constituent actions of the 
compound action is not permitted. The components of a compound action are restricted to 
be primitive actions.
The chief motivation for introducing compound actions in hopCP was to have something 
analogous to synchronous parallelism which is common in clocked systems. Also, we find 
that granularity of a primitive action (data query, data assertion) was too fine to make high- 
level modeling too cumbersome. Since a compound action is merely a collection of primitive 
which can all be done concurrently, its semantics is captured by by the ^ —*ca relation with 
the following additional rules.
( F D ,  ai, crg, a)-^>cA(cr'i, <?'),
(FD, ai, og, c a ) ^ c A ( v " ,  ^")
/ j-i r> /  \ \  red u ce (o + ,co + ) , , „ ,(F D , a u ag, (a ,ca )) — >Ca (°i U a , ,  ag U ag)
: Side conditions:
1. The variable assigned by a is not assigned by any other a G ca.
2. The intersection of the domains of a[ and <r” is equal to the 0. Therefore the union of 
the mappings a\ and a" is a well-defined operation th a t yields a new mapping.
3. The intersection of the domains of a'g and ag is equal to the 0.
Here, reduce(a+,ca+) computes the resultant label of the transition as follows: if there 
are non-e actions in either a+, or ca+ , then form a compound action out of the actions in 
a+ and ca+, after elim inating all the es; else, return  an e. Note, th a t the same environment 
(<Ti,<rg) is being distributed to all the components of a compound action which means the 
components of the compound action should all be non-interfering; i.e., they should not share 
any channels and should do not access (read/w rite) the same asynchronous channels.
6.3 Sequentia l and A ltern ate  B ehavior
In this section, the semantics of sequential (~») and alternate (|]) constructs of hopCP will 
be presented, (in the textual syntax they are -> and I respectively).
A dd itional S yn tactic  C ategories
P D  € ProcDecl P  6 ProcNam e  
g 6 Guard cproc € ChoiceProc 
proc € Proc
The following is the abstract syntax of the alternate and sequential behavior in hopCP.
A bstract Syn tax
One process declaration consist of the process name P  followed by formal param eters, the 
«*= symbol, and the process body, proc. P D  consists of several process declarations. Process 
body, proc, is a sequential process consisting of ca, the symbol which denotes sequencing, 
and proc, or it is a process call, w ritten P[ej, e2, . . . ,  em]. A choice process, cproc, is a guard 
followed by proc, or several cprocs separated by |. Finally, guards, g, are describ 'd .
24  VENKATESH AKELLA, GANESH GOPALAKRISHNAN





=  (P (d 1, d 2, . . .  , d m) «= proc) \ P ( d i , d 2, . . .  , d m) = p r o c ,P D  
=  ca proc | P [e i, e2, . . . ,  em\(where a r i t y (P )  =  m) | cproc
=  g proc | cproc |] cproc 
=  be | dq \ spi \ be, dq \ be, spi
A d d ition a l Sem an tic  D om ain s
The domains of T r a n s i t i o n  and S ta t e  are now introduced.
T r a n s i t i o n  =  V +(Sta te)  x (C ompound Act ion  ® Guard)  x V +(Sta te)
S ta t e  =  P r o c N a m e  x LocalStore
A hopCP flow graph is formally defined as a record with two fields:
H F G  =  (is ta te  C V ( S t a t e ) ,  trel  C V (T r a n s i t i o n ) )
Given h €  H F G ,  h . is ta te  denotes the initial states of h and h. trel  its set of transitions.
The semantics of proc is given in terms of the transition relation 
functions c s N a m e  and add tr2h fg ,  whose type signatures are:
rproc and helping
(ProcDecl  x F u n D e c l  x S ta te  x Proc  x GlobalStore  x H F G )  i— 
(ProcDecl  x F u n D e c l  x S ta t e  x Proc  x GlobalStore  x H F G )  
c s N a m e  : Proc  i—► P r o c N a m e  
a d d t r 2 h fg  : H F G  i—► ( V +(S ta te)  x  Com pound  Act ion  x  V +(Sta te ) )  i—► H F G
(add tr2h fg  h f g  tr)  = h f g [ ( h f g . t r e l l i { t r } ) / h f g . t r e l \
Function c s N a m e  is any one-to-one mapping from the domain of abstract syntax trees of 
hopCP to P r o c N a m e .  It is used to merely assign a unique name to each abstract syntax 
tree. In our implementation, c s N a m e  extracts the “control state name” of the root node of 
the abstract syntax tree given to it as an argument. Function a d d tr 2 h fg  adds a transition 
to a given HFG, returning the resulting HFG.
26 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
6.3.1 R u les  for Sequentia l B ehavior
(i) This rule defines the semantics of a process call. It says th a t a process call is processed 
similar to how a procedure call is processed in conventional programming languages. 
The actual param eters e i , e2, . . . , e m are evaluated (using the evaluation relation for 
expressions) and substituted for the formal param eters d\, d2, . . . ,  dm and the body 
of the process declaration proc is invoked. The notation x[newi/o ldi , . . .] says tha t x 
m ust be subject to the substitutions indicated in [newi/oldi, . . .] and the 'resu lt must 
be returned. Substitution lists always have oldi ^  oldj for i ^  j .
________ (FD, crt, crg, e.) = > e V j ,  1 <  i < m ________
(.P D , F D ,  (P“,tri),P[ei, e j , . . . .  e j ,  <r„ h f g ) - ^ pr,JC 
(.P D , F D ,  (P, a',),proc, <7„ hfg[P/P"])
where
(P[di ,d2, . . .  ,dm\ <= proc) e  P D
a'i = ai[v i /d i ,v2/d 2, . . .  , v m/ d m]
Notice tha t addtr2hfg  adds one transition to hfg .  This shows how we use the opera­
tional rules to capture the compilation of hopCP descriptions into HFGs. In addition 
to defining a labeled move, this rule is also showing how HFGs (the result of compiling 
hopCP programs) are incrementally built. All uses of addtr2hfg  in the rest of the 
paper will be to support the compilation.
(ii) This rule captures the sequential progress of the system by the execution of an com­
pound action ca.
________ (FD, <T), <7g, ca)-^cA(cr' i,v'g)________
{PD, F D ,  (P, at), (ca proc), ag, h f g ) - ^ proc
(PD, F D ,  (P' ,a\) ,proc,  a'g, (addtr2hfg  h f g  tr))
where
P  =  (csN am e proc)
tr = ({(/>, <r,)}. ca, {(/> ',c',)})
HOPCP: LANGUAGE AND SEMANTICS 27
6.3 .2  R u les for Alternate B eh avior
Alternate behavior is expressed in hopCP using guards. It is clear from the abstract syntax 
(shown above) that guards could be Boolean expressions, data query (with or without value 
communication) or a combination of both. Multiple data queries are not allowed in guards. 
Output actions (assertions and assignments) are not allowed in guards, in the current version 
of hopCP, either, because of their propensity to induce deadlocks if used carelessly. However, 
input asynchronous actions can be used in guards. The semantic rules for alternate behavior 
are straightforward: the antecedent of the rule evaluates the guard; if the zth guard succeeds, 
the program coming after the zth guard is (which is a proc £  P R O C ) is chosen for execution.
The following rules capture the semantics of alternate behavior for the various cases that 
arise. Note that evaluation of guards does not change ag global store. Local store a; changes 
only if there is a data query involving value communication.
(i) This rule explains how a guard containing only a Boolean expression is handled.
___________(FD,eri,crg,be) = » 6 T ___________
(.P D , F D ,  (P , a t ), (be proc), ag, h f g ) *PTOC
( P D , F D , ( P  ,a i ) ,p r o c ,a g, (a d d t r 2 h fg  h f g  tr))
where
P  = (c s N a m e  proc)
t r  =  ( { ( P , a , ) } > , { ( P > ; ) } )
(ii) This rule shows how a single input communication action in a guard is handled. Note 
that after the communication, the local store is updated.
( P D ,  F D ,  (P , a t), (spr tx  proc) ,ag, h f g ) s- ^ X pT0C 
( P D ,  F D ,  (P  , ai[v/x]),proc,  ag, (add tr2h fg  h f g  tr))
where
P  = (c s N a m e  proc)
t r  =  ({(P,(T,)},3pz?a;,{(P',CTJ')})
(iii) This rule shows how a single input synchronization action is handled. Notice that 
the stores are not updated. The communication action is recorded as a label of the 
transition.
28 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
apt:
( P D ,  F D ,  (P, at),  {spit  proc), ag, h fg ) -— *pT0C 
(P D ,  FD ,(P ' ,cr i ) ,proc ,  ag, (a d d t r 2 h fg  h f g  tr))
where
P  =  ( c s N a m e  proc)
t r  =  ( { ( p , ° i ) } , s P i 7 , { ( p ' '
(iv) This rule specifies how guards containing one Boolean expression followed by an input 
communication action are handled. The guard is first checked, and only if found true 
will the communication action be tried.
(FD,a i ,(Tg,he) = > t  T
( P D ,  F D ,  (P, cri), ((be, s p i l x )  proc), crg, h f g ) — vproc
(P D ,  F D ,  (P  , oi[v/x]),proc,  crg, (add tr2h fg  h f g  tr))
where
P'  = ( c s N a m e  proc)
tr =  ({(P,CT,)},(&e,sp*‘? x ) ,{(P ',C T , ') } )
(v) This rule is similar to the previous, except that value communication does not occur; 
only synchronization occurs.
_________  ( F D ,  ai, crg, be) = r - i T
(P D ,  F D ,  (P, ai), ((be, sp i?) proc) ,ag, h f g ) s p i :Tproc
( P D , F D , ( P  ,a i) ,proc, ( jg, (a d d t r 2 h fg  h f g  tr))
where
P  =  ( c s N a m e  proc)
tr  = ° i ) ) ,  {be, s p i l ) , { ( P ' ,&[)})
(vi) This shows that if the alternate command has two guarded cprocs, then they can be 
tried in any order.
P D ,  F D ,  s, cproc, ag, h f g ) - ^ proc(P D ,  F D ,  s ' , proc, ag, h fg ' )
( P D , F D , s ,  (cproc [ cproc),  ag, h f g ) ^ proc( P D ,  F D ,  s ' , proc, ag, h f g ' )
(P£>, F D ,  s, cproc , (jg, h f g ) ^ pTOC( P P ,  F D ,  s ' , proc, ag, h f g ' )
( P D , F D , s , ( c p r o c  [| cproc),  ag, h f g ) - ^ pT0C( P D ,  F D ,  s ' , proc, agJi  f  g')
HOPCP: LANGUAGE AND SEMANTICS 29
6.4 Parallel C om position
T he “ ||” operato r specifies concurrent behavior in hopCP. It defines the  in teraction  of inde­
pendently  specified hopC P specifications. In this section we will define in teraction  of hopC P 
specifications by describing a  tool called pa r C o m p .  p a r C o m p  helps inferring  th e  com posite 
behavior of a collection hopC P modules. We will conclude this section by describing some 
uses of pa r C o m p .
6.4.1 Synchronization and Behavioral Interaction
hopC P m odules in terac t v ia com m unication actions. T he in teraction  could be synchronous 
(via handshake or rendezvous) or asynchronous (via global store). As s ta ted  earlier, th e  la tte r 
in teraction  is po ten tia lly  hazardous and its safety is guaranteed  by checking for the  serial 
usage of all asynchronous channels. Synchronous in teraction  is possible when m odules are 
willing to  perform  com plem entary  actions (query /assertion) on the  sam e channel. W hen the 
num ber of m odules willing to  perform  a query  is equal to one, for a given assertion, we have 
a two-way rendezvous  (sim ilar to  synchronous com m unication in CSP or CCS, for exam ple). 
W hen th e  num ber of m odules willing to perform  a query is more than one for a  given 
assertion, we have a  mult iway rendezvous.  M ultiway rendezvous is a powerful construct. It 
helps express several hardw are-oriented algorithm s very naturally .
Parallel com position is com plicated in hopC P due to the  presence of com pound actions. 
This is because a  proper subset of  the compound action set  can synchronize. We call this 
partial synchronizat ion.  In th e  next section we will provide the  form al definition of p a r C o m p  
and illu s tra te  it w ith  an exam ple.
6.4.2 Formal D efinition of parComp
F irs t we define an auxiliary  function con juga te  which checks if two p rim itive action 
can synchronize or not. Two p rim itive actions synchronize when they  are com plem entary  
and bo th  use th e  sam e channel. For exam ple, con juga te (a?x ,  a\(p  +  1)) yields t ru e  while 
conjugate(a '!x,  b\(p +  1)) or co n ju g a te ( a ? x ,a ? y )  or con juga te (a \x ,  a\(p  +  1)) yields f a l s e .
c o n j u g a te ( x , y)  =  (i s D q u e r y  x)  A (i s D a s s e r t  y)  A
(channel(x)  =  c h a n n e l ( y ))
V
( i s D q u e r y  y)  A ( i s D a s s e r t  x)  A 
(channe l(x )  =  c h a n n e l ( y ))
30 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
where ( i s D q u e r y  x) and ( i s D a s s e r t  x) are predicates which check if th e  action x is a 
d a ta  query or a d a ta  assertion respectively and channe l (z )  ex trac ts  th e  synchronous port 
associated w ith  the  action z.
In hopC P, parallel com position is com plicated by th e  presence of com pound actions. To 
assist in th e  definition of parallel com position, we define th e  following relations, which de­
term ine w hether a pair of compound actions a and b are “sy n c h r o n o u s” (a and b com pletely 
synchronize) or “a s y n c h r o n o u s ” (a and b do not synchronize a t all): •
s y n c h r o n o u s ( a ,b ) =  x £. a =$> (By £  b . c o n ju g a te (x , y ) )
A
x £  b =$■ (By £  a . c o n j u g a t e ( x , y ))
as y n c h r o n o u s ( a ,b ) =  ->(3x £ a A By £  b . c o n j u g a t e ( x , y ))
p a r C o m p  is a function which composes two concurrent s ta te -tran sitio n  system s (H F G s  ). 
I t uses auxiliary  functions V a l u e c o m m  to  perform  value com m unication, and R e t a i n A s O u t p u t  
to  fac ilita te  m ultiw ay rendezvous. T he auxiliary  functions are defined as follows:
R e t a i n A s O u t p u t  (a, b) =  { x |  ((x £  a A ( i s D q u e r y  x) A (By £  b .c o n ju g a te ( x , y ) ) )
\ f  (x £  b A ( i s D q u e r y  x)  A (By £  b . c o n j u g a t e ( x , y )))) }
V a l u e C o m m  takes a pair of s ta tes  denoting preconditions of th e  transitions being com­
posed ( s i , s 2)j a pair of c o n ju g a te  actions (a, b) and a pair of s ta tes  denoting th e  postcondi­
tions of transitions being com posed ( s i , s 2) and updates  th e  local stores of Sj or s 2 depending 
on th e  actions a and b. I t is defined recursively as follows:
V a l u e C o m m  (s j, s 2, a, b, s 2) =
let
a — { a i , . . . , a n} b — {b\ ,  . . . ,&„}
•Sl =  (Pi ,°  i) S2 =  (^ 2, 0-2)/
5i =  ( A 'X )
f
s 2 =  (Pi *2)
a,- — Ct?Xt a:
JU11
bi =  Cf!ef h =  dj  ? xj
HOPCP: LANGUAGE AND SEMANTICS 31
in
if ((a,- 6 a) A (i s D q u e r y  a,) A (36,- 6  b.conjugate(a{ ,bi))  A ( F D 2, cr2, cr52, e,) = > e u,) 
then  V a l u e C o m m  (si, s2, a \  a,-, 6 \  (-P^ , a'-^Vij X{\), s2)
else if ((aj 6 a) A (i s D a s s e r t  aj)  A (36j 6 b .conjugate (a j ,  bj)) A (FD i, cri, cr5l, ej) ==*> 
th en  V a l u e C o m m  (s1? s2, a \  aj ,  b \  bj, s l5 (Pj, 
else (5i ,52) •
end if 
end
Basically, function V a l u e C o m m  exam ines th e  constituen t actions of a and  b. I t picks one 
action from  a and one from  b such th a t they  are conjugates. It removes them  from  a and 
b, and perform s the  in tended com m unication between them  symbolically, and updates the 
stores appropriately . Function V a l u e C o m m  te rm inates when one of th e  sets a or b becomes 
em pty, or when they cease to  have conjugate actions.
Using th e  auxiliary functions defined above, (p a r C o m p  h f g i  h f g 2) =  h f g 3 where
hfg-y =  { i s t a t e  — i s i , t r e l  — t r i }  
h f g 2 =  { i s t a t e  =  i s 2, t r e l  =  t r 2) 
h f g z  — { i s t a t e  =  i s i  \J i s 2, t re l  — t r 3}
and t r 3 is inductively  defined by the  following rules. In defining t r 3, we shall build  two 
“tem p o rary ” sets of transitions t r x and t r 2 also. Rules for building tr[  and t r 2 are also given. 
All th ree  sets (tr^, t r 2, and t r 3) are inductively defined by the  following rules.
(i) : One ru le  for building tr[
t 6  tr i  
t €  tr \
(ii) : A nother rule for build ing t r '2
t €  t r 2 
t €  t r '2
(iii) : One rule for building t r 3: Case “Total Synchronization”
(si, a,  Sj) €  irj A (s2, b, s 2) 6 t r 2 A synchronous(a ,  b)
(si U s2, R e t a i n A s O u t p u t ( a ,b ) ,  V a l u e C o m m  ( s \ , s 2, a, 6, s i , s 2)) €  t r 3
VENKATESH AKELLA, GANESH GOPALAKRISHNAN
This ru le is applied when th e  com pound actions a and b synchronize com pletely. 
V a l u e C o m m  perform s th e  value com m unication across the  H F G s  . Function R e t a in A s O u t p u t  
re ta ins th e  o u tp u t coun terparts  of the  synchronized actions, thus facilita ting  m ultiw ay 
rendezvous. In o ther words, if pie and p l x  synchronize, R e t a i n A s O u t p u t  re ta ins pie, 
which can thereafter synchronize w ith  ano ther p?y, if there  happens to  be one. (T hat 
is, it does not tu rn  the  com m unication betw een pie and p l x  in to  an e, as in CCS, which 
supports only po in t-to-poin t rendezvous.) .
: T he o ther rule for building t r 3: Case “No Synchronization”
( s i ,  a , s i )  £  t r [  A ($2, b, Sj)  G t r 2 A a s y n c h r o n o u s ( a , b)
{ ( s i ,  a,  s i ) ,  ( 3 2 , 6 , 4 ) }  £  t r 3
This rule is applied when none of th e  constituen ts of a and  b can synchronize. It 
reflects th e  fact th a t bo th  th e  transitions can be done concurrently. N ote th a t we are 
not interleaving th e  transitions. This rule plays a very key role in keeping th e  space 
and  tim e com plexity  of parallel com position linear in te rm s of th e  num ber of states.
To give an exam ple of its significance, if H F G  hi  has m  s ta tes  and H F G  h2 has n 
sta tes , and if all th e  actions of hi  and h2 are different, th en  th e  to ta l num ber of sta tes 
in p a r C o m p ( h \ , h2) is 0 ( m  +  n) as opposed to  0 (m  x n) which a interleaved rule would 
give.
: T he last ru le for building t r \  and t r '2: Case “P artia l Synchronization”
L e t  a = ai  U a 2 and  b = bi U b2 
T hen,
( ( s i ,  a , Sj )  €  t r x) A ( (^ 2, b, s2) G t r 2) A s y n c h r o n o u s ( a i , bi)  A a s y n c h r o n o u s ( a 2, b2) 
p r e f i n e ( s i , a ,  a i ,  a 2, s i )  C  tr[  A p r e f i n e ( s 2, b, bu  b2, s'2) C  tr'2
where
p r e f i n e ( s i , a , a i , a 2, s \ )  =  { (sj, a \  K , , s ^ } ) ,  (s ‘0l, a u s ca i),
( sa2>a 2 , ^ 2) , ( { 5 ^ , 5 ^ 2} , a c, s i ) }
p r e f i n e ( s i ,  a, 0 , a2, s i)  =  { ( s i ,a ,s i ) }  
p r e f i n e ( s i , a , a i , % , s \ )  =  { (5 i,a ,5 i)}
This rule handles th e  rem aining case which is not handled by (iii) and (iv), i.e., when 
com pound actions a and b synchronize partially. T he definition is based on th e  in ter­
p re ta tio n  of com pound actions as sets  of prim itive actions.
HOPCP: LANGUAGE AND SEMANTICS 33
s1
Figure 8 : HFG Illu stra ting  p r e f i n e
We p a tte rn -m a tch  on th e  s tru c tu re  of th e  com pound actions. This p a tte rn  m atching 
process p artitions a and b to  ex trac t com ponents 01,61,02, and 62 which are, th em ­
selves, com pound actions. T he com ponents th a t synchronize are ai and 61, while the 
com ponents th a t do not synchronize are a2 and b2.
T he transitions added to  tr [  and t r '2 have the  crucial p roperty  th a t they  have one of 
th e  com pound action sets a^,b\,a2, or b2 labeling them . This way we are in troducing 
transitions th a t com pletely synchronize, or do not synchronize. This m akes it possible 
for rules (iii) and (iv) to  be applicable.
Also notice th a t transitions bearing th e  actions o’ and ac are added to  tr[  and t r 2. 
This is to  fac ilita te  th e  partition ing  of a and b sets, by appealing to  the  fact th a t a 
com pound action can be refined into its corresponding H F G  th a t describes its fork-join  
structure,  as shown in figure 8 . We in troduce in term ed iate  sta tes sj, , , s ’ , and 
actions a ' , a c These sta tes and actions help detail th e  execution following th e  partia l 
synchronizations, They also have significance in th e  synthesis of circuits from  hopC P 
specifications [AG91a]. A dditional details are illu stra ted  in figure 8 .
To facilita te  th e  understand ing  of the  definition of p a r C o m p  we present tho following 
exam ple: Let, s 1 =  (P, erf), s' =  (P ' , a f  ) , s 2 =  ( Q , a f ) , s '2 =  (Q ' ,a f  ),
34 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
Total Synchronizat ion  will occur, if for exam ple a =  (c l x , d \ z ) and b =  (c \ y , d l u ) where 
(x ,ii)  € V A R ,  ( z , y )  € E X  P R ,  ( c l ,  d l )  €  S y n c I n p u t P o r t s , ( c \ , d \ ) 6 S y n c O u tp u t P o r t s .  
T he resu ltan t transition  will be ({51, 62}, (c \ y , d \ z ), { ( P  , E f ) ,(Q  , £ /  )}) where
R e t a in  A s O u tp u t ( a ,b )  =  (c \ y , d \ z )
( ( P ' , E f ), (Q', £ /  )) =  V a l u e C o m m ( s i , S 2, a , b , s 1 , s 2)
No Synchronizat ion  will occur, if for exam ple a =  (c l x , d \ z ) and b =  (f \ y , g l u ) where 
( x ,u )  € V A R , ( z , y )  €  E X P R ,  ( c l , g l )  €  S y n c I n p u t P o r t s , ( f \ , d \) € S y n c O u tp u t P o r t s .  
T he resu ltan t transitions will be ( s i , a , 4 )  and {s 2, b , s 2) •
Part ia l  Synchronizat ion  will occur, if for exam ple a =  ( c l x , d \ z )  and b =  ( c \ y ,g lu )  where 
(.x , u ) € V  A R , ( z , y )  £  E X  P R ,  (cl ,  g l )  €  S y n c I n p u t P o r t s , ( c \ , d \ )  £  S y n c O u tp u t P o r t s .  
It is a sim ple exercise to  rew rite each transition  into th e  set of four transitions using the 
definition of p r e f i n e  above.
6.4.3 U ses of parComp
A tool like p a r C o m p  which infers com posite behavior, is extrem ely  im p o rtan t in a specifi­
cation  driven design environm ent. It can be used in th e  following ways: We will not go into 
th e ir details because they  have been published elsewhere.
1 . Verification: It can be used in form al verification w herein th e  im plem entation  is com ­
pared  against th e  inferred behavior (after algebraic sim plification). An exam ple of such 
verification effort can be found in [GF91].
2. Realizabili ty Checks: T he absence of deadlock, safe usage of asynchronous com m uni­
cation action, and liveness are form ulated  on th e  H F G  corresponding to  th e  inferred 
behavior. M ost of these checks involve doing a reachability  analysis on the  inferred 
behavior [AG91d,].
3. Simulat ion:  Inferred behavior can be used to  derive a behavioral sim ulator for high- 
level specifications as shown in [Man89].
4. High-Level Test Generat ion:  In th e  past we have shown [AG90] how a behavioral 
inference tool can be used in high-level test generation.
6.5 Behavior
Finally, we present the  sem antics of the  top level syn tactic  ob ject in hopC P nam ely 
B e h a v i o r .
HOPCP: LANGUAGE AND SEMANTICS 35
beh €  B e h a v i o r  
A bstract Syntax
T he ab strac t syn tax  th a t specifies the  behavior of a single hopC P m odule involves the 
following BN F rule:
beh ::=  P  [] | P [ v i , v 2, . . .  , v m\ \ beh || beh'
T he sem antics of beh is given by the  transition  relation — >beh whose type signatures are 
as follows.
——>beh: (P r o c D e c l  x  F u n D e c l  x  B e h a v i o r ) i—> (G loba lS to re  x  H F G )
This s ta tes  th a t — ybeh takes th e  set of process and function declarations in a hopC P spec­
ification, and the  behavioral descrip tion beh (in the  form  of a process call or a  parallel 
com position of several process calls), and re tu rns an H F G  and a global store. The HFG 
retu rned  represents th e  resu lt of compiling proc  into an HFG. T he global store re tu rned  
represents final global store a tta in ed  after running all the  process calls, beginning w ith  an 
em pty  global store (i.e. com pletely undefined global store, denoted by 0).
— *bch is defined inductively  by th e  following rules:
(i) This ru le captures the  sem antics of sequential  hopC P specifications w ith  in itia l d a ta p ­
a th  s ta te  being em pty. In o ther words, we are defining the  behavior of P  [].
(P D , F D , ( P , a i ) , p r o c , a ° ,  h f g ) ^ - > proc( P D ,  F D ,  ( P ' , a' ,) ,proc , a g, h fg ' )  
( P D , F D , P [ ] ) ^ beh (ag, h f g )
where
=  0
(P\ \  proc)  € P D  
u\  =  0
h f g  =  { i s t a t e  =  {(P, a /)} , t r e l  =  0}
This rule first appeals to  the  — >Proc relation and obtains the  final global store a g and 
final H FG  hfg '  ob tained  by “running” P  []. T he final H FG  is bu ilt up, action by 
action, from  th e  in itia l H FG , h f g ,  given to  th e  rule.
A d d ition a l S yn tactic  C ategories
(ii) This ru le cap tures th e  sem antics of sequential  hopC P specifications w ith  non-em pty 
in itia l d a ta p a th  sta te .
( P D ,  F D ,  (P , <7/), proc,  <7°, h f g ) ^ + proc( P D ,  F D ,  ( P ' , crj), proc , crg, h fg ' )  
( P D , F D , P [ v beh ( v g, h f g ' )
where
<Tfl° =  0
( P [ d 1 , d 2, . . .  , d m\ <= proc)  € P D  ,
ai — {c/i i-» v i , d 2 v 2, . . . , d m i-» vm}
h f g  =  {*s/a<e =  {(P , <7/)}, <reJ =  0}
(iii) This rule cap tures th e  sem antics of concurrent  hopC P specifications by appealing to 
p a r C o m p  to  im plem ent parallel com position. T he HFGs obta ined  by com piling beh 
and beh' are first ob ta ined  ( h f g  and hfg'  respectively). T he global stores obtained  by 
“runn ing” beh and beh' are also obtained. T hen, the  global stores are un ited , banking 
on th e  assurance th a t there  will be no dom ain conflicts (only one process owns every
. global p o rt). Finally, th e  HFGs are sub ject to p a r C o m p  to ob ta in  the  resu ltan t HFG.
( ( P D ,  F D ,  beh) ^ beh (ag, h f g ) ) ,  ( ( P D ,  F D ,  beh') ^ beh (a'g, h fg ') )
( P D ,  F D ,  (beh || beh')) ^*beh, (&g U cr'g, ( p a r C o m p  h f g  h fg ' ) )
7 Sem antics o f Structural O perators
r e n a m e ,  connect,  and export  are the  s tru c tu ra l operators in hopCP. S tru c tu ra l operators 
help specify an interconnection  of hopC P modules. P O R T  and M O D U L E  are defined as 
follows and denote th e  dom ain of all com m unication channels in hopC P and m odules in 
hopC P
P O R T  =  S y n c O u t p u t P o r t s  ® S y n c l n p u t P o r t s  ® A s y n c P o r t s  
M O D U L E  =  {behavior  C H F G , p o r t s  C V + ( P O R T ) }
Let m  be a hopC P m odule, i.e. m  £  M O D U L E .  We define selectors m .p  and m.b  to 
denote the  set of ports used in m ,  and the  H F G  denoting the  behavior of m ,  respectively.
r e n a m e  does alpha conversion of channel nam es (specified by / )  to  facilita te  in terconnec­
tion i.e. channels w ith  sam e nam es and com plem entary  direction are assum ed to  be
3 6  VENKATESH AKELLA, GANESH GOPALAKRISHNAN
electrically  connected. Let m i £ M O D U L E  and  /  : P O R T  •—> P O R T  denote a bi- 
jection , then  r e n a m e  : M O D U L E  •—> P O R T  •—> P O R T  •—> M O D U L E  is defined as 
follows:
r e n a m e  m i /  =  {&e/iamor =  m \ .b ,p o r t s  — (m ap  /  m i.p)}
Let m i , m 2 £ M O D U L E ,  connect  : M O D U L E  1—> M O D U L E  •—> M O D U L E , re tu rn s the 
com posite hopC P m odule denoted by interconnection of separately  specified modules 
m i and m 2 a fte r perform ing s ta tic  checks like unconnected ports, and illegal connec­
tions etc.
connect  m x m 2 =  {beh av ior  — (p a r C o m p  m x.b m 2.&),por ts  =  m \ . p  U m 2.p} 
N ote, th a t connect  sim ply invokes p a r C o m p  to  infer th e  composite  behavior.
expor t  : M O D U L E  1—> P O R T  •—> M O D U L E ,  removes a set of po rts  p  6  P O R T  f rom  
th e  sort of a m odule m i £ M O D U L E ,  so th a t th e  actions on those ports  cannot be 
shared by other modules  when assem bled together by connect  operator. T he m odule 
m i though can still engage in actions involving ports in p.
expor t  m i p =  {behav ior  =  m \ .b ,p o r t s  =  [m \ .p )  \  p ]
8 Im plem entation
T he design environm ent centered around hopC P (and shown in figure 1) is being im ­
p lem ented in S tandard  ML of New Jersey. T he im plem entation  has been partitioned  into 
four independent tasks which are linked by H F G  which is th e  com m on in term ed iate  form 
for hopC P specifications. F irs t, hopC P tex tua l syntax is parsed using SML yacc/lex  and 
com piled in to  a SML d a ta  s tru c tu re  denoting H F G  . This is a d irect im plem entation  of 
th e  transition  rules described in the  previous section. T he algorithm  p a r C o m p  has been 
im plem ented which composes H F G s  and re tu rns a new H F G  . We have also im plem ented a 
compiled-code concurrent  functional  s imulator  called CFSIM  for hopC P specifications which 
involves translat ing H F G s  in to  CML  source code in such way th a t th e  sem antics of hopCP 
outlined in th e  previous sections are preserved. T he details of th e  sim ulato r will be described 
in [AG91b]. CML is an extension to  SML to  support synchronous m essage passing and is 
described in [Rep91].
Several realistic exam ples including Intel 8251 program m able com m unication interface 
chip have been specified in hopC P and sim ulated  for functional correctness. We specified 
th e  In tel 8251 has a collection of four concurrent processes and inferred its behavior using 
p a r C o m p  qu ite  efficiently. T he details are presented in [AG91c].
HOPCP: LANGUAGE AND SEMANTICS 37
38 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
9 C onclusions and Future Work
hopC P was developed based on w hat we felt were some of th e  im po rtan t features to  be 
present in an HDL and its support system . T he com bination of features th a t hopC P and its 
im plem entation  curren tly  offer are:
•  a sim ple HDL, a com plete operational sem antics th a t describes th e  hopC P in terp re te r 
and th e  com piler th a t generates hopC P flow graphs; •
•  addition of asynchronous ports to  a message passing language, and a  sem antic charac­
te rization  of asynchronous ports; a catalogue of uses of asynchronous ports;
•  com pound actions, and form al characterization  of partial synchronizat ion ;
•  functional no ta tion  to  m inim ize the  effort of d a ta  flow analysis and also for clearly 
specifying com putations;
•  an im plem entation  using S tandard  ML, following a com piled-code approach; this ap­
proach enforces M L’s strong type-checking on hopC P descriptions also, thereby helping 
avoid m any bothersom e errors;
•  concurrency sim ulator using C oncurrent ML, th a t supports strong type-checking, and 
th e  sim ulation of concurrency;
•  th e  ability  to  sim ulate asynchronous descriptions using asynchronous “te s te r” pro­
cesses, instead  of forcing the  designer to  pore over waveforms (which are of even lesser 
value for asynchronous designs);
•  parC om p, th a t infers succinct behavioral descriptions, re ta in ing  concurrency (i.e.,  not 
in terleaving), thereby not suffering from com binatorial explosion of possible in terleav­
ings;
•  s ta tic  analysis procedures th a t help detect w hether a pair of actions are serial or not, 
thereby  supporting  efficient com pilation of asynchronous ports  and also the  choice 
construct.
P relim inary  results indicate th a t the  above com bination of features are quite  useful in devel­
oping and debugging th e  design specification as well as design refinem ents of large applica­
tion specific ICs. Of course, we are aware of the  omission of m any o ther useful features from 
hopC P; for exam ple: param eterized  m odules, proper exception handling, and the incorpo­
ration  of real-tim e constrain ts. (We are working on some of these omissions, bu t clearly it 
is im possible to  have every construct im aginable and have a sem antically  trac tab le  HDL.)
HOPCP: LANGUAGE AND SEMANTICS 39
T he next m ajo r task  we shall undertake will be hierarchical action refinement , described 
in [AG92, AG91a]. One of th e  problem s w ith  m ost existing high level synthesis system s 
is th a t they  give very little  clues on how they  operate. This m akes it nearly  im possible to 
understand , evaluate, and prove correct  the  optim izations they  m ake to  u ser’s source descrip­
tions. We plan to  rectify some of these problem s by developing a ru le based com pilation 
system , where th e  rules encapsulate  how t ime  is hierarchically  refined, and how resources 
are incremental ly  allocated. ,
F u tu re  m odifications of parC om p will help it detect sim ple errors (e.g.  dead sta tes, and 
loops of infinite cha tte rs). It is a  very easy m a tte r  to  m odify CFSIM  to  incorporate checks for 
real-tim e constra in t violations, thanks to  th e  features offered by CML; this will be done in the  
near fu ture. O ther rem aining work includes the  developm ent of a  synchronous com pilation 
system  (actually  using an available system  such as O lym pus [Ku91]) and th e  investigation 
of m ixed synchronous/asynchronous com pilation. Effort is also underw ay to  specify several 
large designs, including the  Roll Back Chip [GF91].
For inform ation on the  availability  of the  hopC P code for experim ental assessm ent, contact 
a k e l la Q c s .U ta h . edu.
R eferences
[AG90] Venkatesh Akella and G anesh G opalakrishnan. High Level T est G eneration via 
Process C om position. In Designing Correct  Circuits, Oxford, 1990, pages 99-119. 
Springer Verlag, 1990. Proceedings of  the D C C  Workshop, Oxford, September,  
1990, published in Spr inger ’s new series ‘Workshops in C om put in g ’.
[AG91a] V enkatesh A kella and G anesh G opalakrishnan. H ierarchical A ction Refinem ent: 
A M ethodology for Com piling A synchronous C ircuits from  a C oncurrent HDL. 
In Proceedings of  the Tenth Internat ional  Symposium on Computer  Hardware D e­
scription Languages and their  Appl icat ions, Marseil le , France, A pril 1991.
[AG9lb] Venkatesh Akella and Ganesh G opalakrisnan. CFSIM : A C om piled-Code Con­
curren t Functional S im ulator for VLSI System s. Technical report, D epartm ent 
of C om puter Science, U niversity of U tah , 1991. In preparation ; available upon 
request from  the  authors.
[AG91c] Venkatesh A kella and G anesh G opalakrisnan. Specification and V alidation of a 
USART in hopC P. Technical report, D epartm en t of C om puter Science, U niversity 
of U tah , 1991. In preparation; available upon request from  th e  authors.
[AG91d] Venkatesh Akella and G anesh G opalakrisnan. S ta tic  A nalysis Techniques for the 
Synthesis of Efficient Asynchronous C ircuits. Technical R eport UUCS-91-018, 
D epartm en t of C om puter Science, U niversity of U tah , O ctober 1991.
[AG92] V enkatesh Akella and G anesh G opalakrishnan. From  Process-O riented Functional 
Specifications to Efficient Asynchronous C ircuits. In To Appear, In Fifth Inter­
national Conference on VLSI, Bangalore, India, January  1992.
[BS89] Erik B runvand and R obert F. Sproull. T ransla ting  C oncurrent C om m unicat­
ing P rogram s into D elay-Insensitive C ircuits. In International Conference on 
Com puter-aided Design, I C C A D  89, A pril 1989.
[Cha84] D aniel M. Chapiro. Globally-Asynchronous Locally-Synchronous Systems. PhD  
thesis, D epartm en t of C om puter Science, S tanford U niversity, O ctober 1984.
[Cha87] A rthu r C harlesw orth. T he M ultiway Rendezvous. A C M  Transactions on P ro­
gramm ing Languages and System s,  9(3) :350—366, Ju ly  1987.
[CPS89] Ranee C leveland, Joachim  Parrow , and B ernhard  Steffen. T he concurrency work­
bench: A sem antics based tood for the  verification of concurrent system s. Tech­
nical R eport ECS-LFCS-89-83, Laboratory  for Foundations of C om puter Science, 
Univ of E dinburgh, A ugust 1989.
[Dil89] David L. Dill. Trace Theory fo r  A u tom atic  Hierarchical Verification o f  Speed- 
independent Circuits. M IT Press, 1989. An A C M  Distinguished Dissertation.
[Ebe89] Jo  C. Ebergen. Translating Programs into Delay Insensitive Circuits. C entre for 
M athem atics and C om puter Science, A m sterdam , 1989. C W I  Tract 56.
[GF91] G anesh G opalakrishnan and R ichard Fujim oto. Design and verification of the 
rollback chip using hop: A case study  of form al m ethods applied to  hardw are 
design. Technical R eport UU-CS-TR-91-015, U niversity of U tah , D epartm en t of 
C om puter Science, 1991.
[GFAM89] G anesh C. G opalakrishnan, R ichard Fujim oto, Venkatesh Akella, and N arayana 
M ani. H O P: A process m odel for synchronous hardw are, sem antics, and exper­
im ents in process com position. Integration: The VLSI Journal, pages 209-247, 
A ugust 1989.
[GJ90] G anesh G opalakrishnan and P rab h a t Jain . Some R ecent A synchronous System  
Design M ethodologies. Technical R eport UU-CS-TR-90-016, U niversity of U tah, 
D epartm en t of C om puter Science, 1990.
4 0  VENKATESH AKELLA, GANESH GOPALAKRISHNAN
HOPCP: LANGUAGE AND SEMANTICS 41
[Hen90] M atthew  Hennessy. The Semantics  of  Programming Languages: An  Elementary  
Introduct ion using Structural  Operat ional  Semantics.  John  W iley &; Sons, 1990.
[Hoa85] C. A. R. Hoare. Communicat ing Sequential Processes.  P rentice-H all, Englewood 
Cliffs, New Jersey, 1985.
[Joh84] Steven D. Johnson. Synthesis of  Digi tal  Designs f rom  Recursion Equations.  T he 
M IT Press, 1984. An ACM  D istinguished D issertation-1983. •
[Kel74] R obert M. Keller. Towards a theory  of universal speed-independent modules. 
IE E E  Transactions on Computers , C -23(l):21-33, Jan u ary  1974.
[KM90] D avid Ku and Giovanni De M icheli. H ardwareC - A Language for H ardw are 
Design, Version 2.0. Technical R eport CSL-TR-90-419, C om puter Science Labo­
ratory , S tanford University, April 1990.
[Ku91] D avid Ku. Constrained Synthesis and Optimizat ion o f  Digi tal  Integrated Circuits  
f rom  Behavioral  Specifications. PhD  thesis, D epartm en t of C om puter Science, 
S tanford University, Ju n e  1991.
[LOJF88] L. Logrippo, A. O baid, J .P .B riand , and M .C. Fehri. An In te rp re te r for LO TO S, 
a Specification Language for D istribu ted  System s. Software— Practice  and Expe­
rience , 18(4):365—385, April 1988.
[Man89] N arayana M ani. B ehavioral S im ulation from  High Level Specifications. M aster’s 
thesis, D ept, of C om puter Science, U niversity of U tah , Salt Lake City, UT 84112, 
M ay 1989.
[Mar89] A lain J. M artin . P rogram m ing in VLSI: F rom  C om m unicating Processes to  Delay- 
Insensitive C ircuits. Technical R eport Caltech-CS-TR-89-1, D epartm en t of Com ­
p u te r Science, California In s titu te  of Technology, 1989.
[May90] David May. Com piling Occam  into Silicon. In C. A. R. Hoare, editor, Develop­
ments  in Concurrency and Communicat ion.  Addison-W esley, 1990.
[MC80] C. A. M ead and L. Conway. An Introduct ion to VLSI Systems.  Addison Wesley, 
1980. Chapter  7, entitled “Sys tem T iming”.
[PL91] Ian Page and W ayne Luk. Com piling Occam  into F ield-P rogram m able G ate A r­
rays. In Internat ional  Workshop on Field Programmable Logic and Applicat ions,  
Septem ber 1991. September 4-6, 1991, Oxford University,  UK.
42 VENKATESH AKELLA, GANESH GOPALAKRISHNAN
[Rep91] John  H. Reppy. CML: A H igher-order C oncurrent Language. In A C M  SIG-  
P L A N ’91 Conference on Programming Language Design and Implementa t ion , 
Ju n e  1991.
[RM89] Robin M ilber. Communicat ion and Concurrency.  P rentice-H all In ternational, 
Englewood Cliffs, New Jersey, 1989.
[She85] M ary Sheeran. Design of regular hardw are structu res using higher order func­
tions. In Proceedings of  the Functional Programming and Computer  Architecture  
Conference.  Springer-Verlag, LNCS 201, Septem ber 1985. Nancy, France.
[SST90] E liezer S ternheim , R ajv ir Singh, and Y atin Trivedi. Digital  Design with Verilog 
HDL.  A u to m ata  Publishing Company, C upertino, CA, 95014, 1990. ISBN 0­
9627488-0-3.
[Sut89] Ivan Sutherland . M icropipelines. Communicat ions o f  the ACM , June 1989. The 
1988 A C M  Turing Award Lecture.
[TLW+90] D. E. Thom as, E. D. Lagnese, R. A. W alker, J . A. N estor, J . V. R ajan , and 
R. L. B lackburn. Algori thmic and Register-Transfer  Level Synthesis:  The System  
A rchi tec t ’s Workbench. K luwer Academ ic Publishers, Boston, 1990.
[VHD85] VHDL Language Reference M anual, A ugust 1985. Intermetr ics  Report  IR-MD-  
045-2; See also I E E E  Design and Test, Apr i l  1986.
10 A ppendix
Syntactic Categories
V € V A L d e D P S V A R
e € E X P R P e P r o c N a m e
F D e F u n D e c l P D <E P r o c D e c l
beh e B e h a v i o r proc e P R O C
apo e A s y n c P o r t s ca e C  om pound  Ac t ion
9 e G u a rd cproc e C h o ic e P r o c
spo <E S  y n c O u tp u t  P o r t s spi <E S y n c l n p u t  P o r t s
X e V A R bx e B V A R
vop e V  ec torOp op e A r i t h O p
bop € Boo leanO p F e F u n N a m e
be e B E X P R
HOPCP: LANGUAGE AND SEMANTICS
Sem antic D om ains
<?i €  L oc a lS to re  =  D P S V A R  (-► V A L
Og €  G lobalS tore  =  A s y n c O u t p u t P o r t s  i—► V A L
T r a n s i t i o n  =  V + ( S ta t e )  x C o m pou n dA c t ion  © G u a r d  x V + (S ta t e )
S t a t e  =  P r o c N a m e  x L ocalS tore
P O R T  =  S y n c O u t p u t P o r t s  © S y n c l n p u t P o r t s  © A s y n c P o r t s
H F G  =  { i s t a t e  C V ( S T A T E ) ,  t r e l  C T R A N S I T I O N }
M O D U L E  =  {behavior  C H F G , p o r t s  C ^ +(P O i?T )}
A bstract Syntax
: = p  [] 1 P [ v i , v 2, . . . , v m] \ b e h \ \ b e h '
P D  : — P ( d i , d 2,.  . . , d m) <= proc  \ P ( d i , d 2, . . .  , d m) =  p roc , P D '
F D  : = F ( x  i, x 2, . . . ,  x k) =  e | F ( x 1 , x 2, . . . , x k) =  e, F D '
proc — ca-^+proc  \ P [ e i , e 2, . .  . , e m](w here  a r i t y ( P )  =  m )  \ cproc
cproc — g  -N.+ proc | cproc |] cproc
g = be \ dq \ spi  \ be, dq \ be, spi
a - dq | da \ aa \ spi \ spo
ca =
. t 
a \ a ,ca
e = v  | x  | apo | e op e \ le t  x — e in e \ vop(e  , e , e )
be then  e e lse e |F [e!.e -> ........ eu](wh,ere a r i t y (  F) =  k)
be bx | T r u e  \ F a l s e  \ be op be \ N o t  be \ equa l (e , e )
op := +  1 — 1 * 1 /  1 r s h i f t  | I s h i f t  | index
bop := and  | or n and  \ nor \ exor
vop := update  | subvector
Type Signatures of Transition R elations
*proc  ’ ( P r o c D e c l  x F u n D e c l  x S 'iaie x P ro c  x G lobalS tore  x H F G )
VENKATESH AKELLA, GANESH GOPALAKRISHNAN
~>CA
*beh
(P r o c D e c l  x  F u n D e c l  x S t a t e  x P r o c  x G lobalS tore  x H F G ) 
(F u n D e c l  x  Loca lS to re  x G loba lS tore  x C om pou n dA c t ion )  
t—► (L oca lS to re  x GlobalStore)
(P r o c D e c l  x  F u n D e c l  x  B e h a v i o r )  t—► ( G loba lS tore  x H F G )
T ype Signatures of A uxiliary Functions
c s N a m e
p a r C o m p
a d d t r 2 h f g
P r o c  ► P r o c N a m e
H F G  H F G  H F G  '
H F G  ► ( V + ( S ta t e )  x  C  ompound Act ion  x V + ( S ta t e ) )  ► H F G
Type Signatures of Structural O perators
r e n a m e
connect
expor t
M O D U L E  M O D U L E
M O D U L E  M O D U L E  h-> M O D U L E  
M O D U L E  M O D U L E
