An automata theory dedicated towards formal circuit synthesis by Kumar, Ramayya & Eisenbiegler, Dirk
An Automata Theory Dedicated towards Formal
Circuit Synthesis
Dirk Eisenbiegler and Ramayya Kumar
Forschungszentrum Informatik
Prof DrIng D Schmid
HaidundNeuStrae 	
  Karlsruhe Germany
email feisenkumargfzide
Abstract We present a theory for automata in HOL which is dedi
cated towards formal hardware synthesis The theory contains denitions
for formally representing and transforming automata In this approach
hardware is represented by automata descriptions and formal synthesis
is performed by applying formally proven theorems The approach pre
sented is constructive  ie starting from specications at higher levels
of abstractions synthesis can be performed by repeated applications of
these transformations Specialized renements and optimizations at the
RT and gate levels are discussed
  Introduction
This paper is dedicated towards formal correctness in hardware design at the RT
register transfer and gate level During RT and gate level synthesis the circuit
description is altered step by step using specic well known transformations such
as state encoding state minimization boolean optimization etc Although these
basic synthesis steps conform to simple logical derivation steps postsynthesis
verication is exacting Postsynthesisverication techniques only have access
to a specication and an implementation ie the input and the output of the
synthesis process Usually there is a big gap between specication and imple
mentation the state representation and the originally given partitioning may
have changed completely As a major drawback the information on how the
implementation was derived from the specication is lost Much of this informa
tion is essential for verication How were the control states encoded	 Where is
which data stored	 Is a redundant data representation used onehotencoding
signeddigitencoding etc	 Which control states were eliminated because of un
reachability or have some unreachable control states been added in order to
get a more e
cienttestable implementation	 Which parts of the gate level im
plementation belong to the control pathdata path of the RTlevel description	
etc
This paper is part of our ongoing work for developing techniques to perform
formally correct synthesis of synchronous circuit descriptions The automata
theory is intended to be used for simple synchronous circuit descriptions at the
gate and RT level EiSK The theory provides theorems describing the above
mentioned elementary RT and gate level transformations data encoding state
minimization etc in a logical manner The automata theory builds a basis for
formal synthesis programs where the entire process is described by a sequence of
renement steps within logic As a result of the formal synthesis process there
is not only the implementation of a given specication but also the proof of
its correctness In contrast to other approaches towards formal synthesis this
approach is very close to conventional synthesis techniques We do not intend
to invent new synthesis algorithms but implement conventional ones in a formal
manner
The current state of the art about embedding automata in HOL is as fol
lows In ScKK a specic set of formulae named hardware formulae is used
for describing specications and implementations of automata and appropriate
proof procedures are dened Although such descriptions are very useful for post
synthesis verication they do not allow a constructive approach for performing
formal synthesis Similar to the approach taken in this paper Loew Day
describe automata explicitly by means of expressions This allows denitions
and derivations of general theorems about automata However they allow more
complex specications such as nondeterministic automata and do not give con
structive transformations which could lead to circuit implementations In our
work we consider only deterministic automata whose formalization is purely
functional in nature and give transformations which can be used to perform re
nements and optimizations especially at the RT and gate levels The overall
theory can be regarded as a simple toolbox for formal synthesis algorithms at
the RT and gate levels
The outline of this paper is as follows starting from the functional in
putoutput denitions of the automata we go on to describe the property of
reachability In section  we dene the transformations which correspond to
simple synthesis steps state encoding removal of unreachable states and the
elimination of redundant memory parts In section  we provide some encoding
theorems for a small set of data types which is followed by an example in section

 Automata Representation
Usually an automaton is represented by a tuple consisting of input alphabet
output alphabet set of states output function transition function and initial
state In our approach we use the concept of typed functions available in HOL
for representing automata Given that    and  are the types corresponding
to the inputs outputs and states respectively the output and the transition
function have been combined to a single function f  It is to be noted here that
the types   o and  can be compound  such as tuples of basic data types
The entire automata is represented by a pair f q where f has the type
       and q represents the initial state and has the type  The various
manipulations that can be performed using such a representation is the chief
concern of this paper
f and q unambiguously determine how the automaton maps a time depen
dent input signal i
num  
to a time dependent output signal o
num 
 The con
stant automaton maps a pair f q to a function mapping i to o the constant
automaton has the following type
             num   num 
Figure  sketches how some automatonf q could be implemented using a
combinatorial component realizing f and a memory unit D
q
 which stores data
of type  and its initial value is q
automatonf q
 num    num 

num 
f
  

num 

D
q
 

Figure Automaton
The constant automaton will formally be dened by means of another con
stant named automaton automaton is similar to automaton except that the set
of states are also visible see gure  Hence the constant automaton has the
type
             num   num    
automaton

f q
 num    num 

num 
f
  

num   

D
q
 

Figure Automaton
automaton is dened by means of primitive recursion over natural numbers
which represent time For a given i
num  
 the expression automaton f q i
denotes the output and the present state and automaton f q i t denotes the
output and the present state at some time t The denition to follow is performed
by using primitive recursion over t
The output and the next state for some time t can be obtained by applying
f to the pair of current input it and current state s In the beginning t is 
and the automata is in the initial state s  q For all other times t  SUC t


the next state of the output is dened using the current input iSUC t

 and the
current state s Since automatonf q i t

 produces a pair corresponding to the
output and the state the function SND is applied in order to extract the state
from this result

 
automaton f q i   fi q


 
automaton f q i SUC t

 
let
s SNDautomaton f q i t


in
fiSUC t

 s


Now automaton can be dened as
 automaton f q i t  FSTautomaton f q i t 
Example
A simple tra
c light controller is to be described based on the constant automaton
The controller has two boolean inputs reset and up So   becomes bool   bool
There are three outputs named ron yon and gon Each corresponds to one single
light and determines whether this light is on or o All outputs are of type bool
and so  becomes bool  bool  bool
To represent the state s of the tra
c light controller a simple enumeration
type named ryg with values red yellow and green is used The type of the output
and transition function f is as follows
bool
z
reset
  bool
z
up
 z 
input
  ryg
z
old s
z
old state
  bool
z
ron
  bool
z
yon
  bool
z
gon
 z 
output
  ryg
z
new s
 z 
new state

The denitions of f and q are as follows
q  green
fFF red  TFF red 
fFF yellow  FTF yellow 
fFF green  FFT green 
fFT red  TFF yellow 
fFT yellow  FTF green 
fFT green  FFT red 
fTF x  TFF red 
fTT x  TFF red
The expression automatonf q has the following type
num
z
time
 bool
z
reset
  bool
z
up
 z 
input
  num
z
time
 bool
z
ron
  bool
z
yon
  bool
z
gon
 z 
output

 Special Cases of Automata
As already mentioned we intend to use automata to describe both combinatorial
and sequential circuits We will now dene two constants named combinatorial block
for purely combinatorial circuits and memory block for memory parts and we
will explain how they are related to the previously dened automaton
A combinatorial cuircuit can unambiguously be dened by a function e
  
mapping the current input to the current output The constant combinatorial block
maps e to a function mapping some time dependent input i
num  
to some time
dependent output o
num 
with ot  eit see gure  Denition
 combinatorial block e i t  eit 
combinatorial blocke
 num    num 

num 
e
  

num 
Figure Combinatorial Circuits
Memory parts delay the input by one clock cycle The initial state is given
as a parameter to the memory block constant
 memory block init i   init 
memory block init i SUCt  it

One can represent a combinatorial circuit by an ordinary automaton where the
type of the state is one one is a HOL standard data type with only one element
The constant one
one
represents its unique element
 combinatorial block e  automaton x y
one
 ex one one 
Memory parts can be represented by automata where the input is directly con
nected with the input of the internal memory and the output of internal memory
is connected with the output of the automaton
 memory block init  automaton x y y x init 
 Reachability of States
Using the denition of an automaton given in section  we can dene the concept
of reachability The constant reachable maps an automaton given by f q onto
a predicate which indicates if some state s may be reached or not reachable has
the following type
              bool
reachable is dened by means of a constant denition using automaton The
denition states that a state s is reachable i there is some input sequence
i
num  
and some time t such that the current state ie SNDautomatonf q i t
becomes s
 reachable f q s  i t SNDautomaton f q i t  s 
Theorem  states that the initial state q is reachable Theorem  states that
if some s is reachable then so is any successor state SNDfa s for arbitrary
input x
 reachable f q q 
  reachable f q s    x reachable f q SNDfx s  
When encoding states of automata later on in this paper we will have to nd
subsets of states that cover all reachable states Given a predicate P
 bool
indi
cating the chosen subset we can prove the theorem that P covers all reachable
states in an inductive manner using theorem 
 P
 
P q 
s P s  x P SNDfx s


 
sreachable f q s  P s


Theorem  states that P covers all reachable states if
 the initial state q is in the subset described by P  and
 for all states s within this subset any succeeding state SNDfx s for
arbitrary input x is also in this subset
 Transformations on Automata
Equivalence of automata means that for a given input they produce the same
output In other words two automata f q and 

f q are called equivalent i
automatonf q  automaton

f q
An automaton f q can be trivially turned into an equivalent automaton
by substituting f and q by equivalent terms

f  f and q  q All automata
achievable by such transformations have one thing in common the states are
represented in the same way In this section we will present automata transfor
mations which go beyond this  namely those where the states are represented
in a dierent manner the number of states diers etc 
In this section we will rst introduce a more general state encoding theorem
then derive two corollaries to this theorem and nally we introduce a theorem
for removing redundant memory parts
 The State Encoding Theorem
The general state encoding theorem has two technical applications encoding the
data types of the state and elimination of unreachable states
 s reachable f q s  hgs  s


automaton f q 
let

f  v xy z y gzfv hx and
q  gq
in
automaton

f q


The left hand side of the implication states in theorem  that there functions
g and h fullling hgs  s for all reachable states g maps a value of type 
to a value of some type 

and h maps this value back to the former one see
gure 
reachablef q



g
h
Figure Encoding from  to 

The right hand side of theorem  states that the automata automatonf q
and automaton

f q are equivalent

f and q have been derived from f  q g and
h The new initial state q has been obtained by encoding q The new output and
transition function

f has been derived from f by encoding every state input and
decoding every state output
Figure  illustrates how the new automaton looks like Theorem  states
that provided the above mentioned assumption the automata in gure  and 
are equivalent

automaton

f q

f
 
 
 
 
h

 
 

num 
f
  

num 
g
 
 
 


D
q
 
 


Figure State Encoding
Corollary A Determining reachability can only be performed for small sized
automata and theorem  is applied to pure encoding problems The following
corollary is convenient for this purpose
 s hgs  s


automaton f q 
let

f  v xy z y gzfv hx and
q  gq
in
automaton

f q



This automata encoding transformation with its pair of encodingdecoding functions
g h resembles the type denition mechanism of HOL Melh However in state
encoding of automata the new type may have some extra elements Furthermore
the subset of states to be encoded cannot be an arbitrary nonempty set as in type
denitions but must cover at least all reachable states of the automaton
In contrast to theorem  theorem  performs the state encoding for the entire
set of states  reachability need not be considered
Before this corollary can be applied an appropriate encoding in terms of h
and g has to be found and it has to be proven that the encoding is correct ie
s hgs holds The quality of the synthesis result size of combinatorial logic
size of memory etc very much depends on the encoding chosen Usually there
are lots of dierent encodings and there already exist dierent techniques for
determining good encodings according to dierent optimization criteria
For types with a huge cardinality proving s hgs may become exacting
Besides explicitly proving the correctness of a given encoding it is also possible
to derive a correct encoding in a systematic manner We will present an approach
in section 
Example
In our tra
c light example symbolic values were used to describe the state
the controller To convert this RTlevel circuit description into a gate level de
scription states have to be encoded using boolean values We will describe to
dierent implementation alternatives automatonf

 q

 and automatonf

 q


Both automatonf

 q

 and automatonf

 q

 are equivalent to automatonf q
They are derived by means of state encoding using the encodings g

 h

 and
g

 h

 respectively
g

 h

 is a minimal bit encoding where only two bits are used
g

red  FF 
g

yellow  FT 
g

green  TF
h

FF  red 
h

FT  yellow 
h

TF  green 
h

TT  red
Obviously the state TT remains unused and h

g

s is fullled no matter how
the result of h

is dened for TT Besides red every other value could have
been chosen and it would also be possible to leave this decision open at this
moment and instantiate the value later on during boolean optimizations
Applying the g

 h

 state encoding leads to
 automatonf q  automatonf

 q


with
q
 TF
f

FF FF  TFF FF 
f

FF FT  FTF FT 
f

FF TF  FFT TF 
f

FT FF  TFF FT 
f

FT FT  FTF TF 
f

FT TF  FFT FF 
f

TF x y  TFF FF 
f

TT x y  TFF FF
g

 h

 is a one hot encoding For the one hot encoding three bits are re
quired but only the states FFT FTF and TFF are used Since the
outputs also correspond to the control states this approach helps minimizing
the combinatorial logic required for the implementation
g

red  FFT 
g

yellow  FTF 
g

green  TFF
h

FFT  red 
h

FTF  yellow 
h

TFF  green 
h

FFF  red 
h

FTT  red 
h

TFT  red 
h

TTF  red 
h

TTT  red
Applying the g

 h

 state encoding leads to
 automatonf q  automatonf

 q


with
q

 TF
f

FF FFT  TFF FFT 
f

FT FTF  FTF FTF 
f

FT TFF  FFT TFF 
f

FT FFT  TFF FTF 
f

FT FTF  FTF TFF 
f

FT TFF  FFT FFT 
f

TF x y z  TFF FFT 
f

TT x y z  TFF FFT
Corollary B Corollary B to theorem  is dedicated to pure state reduction
problems It is assumed that one has divided  into 
 
 

 where all the
reachable states are in 
 
 In this situation the state representation can be cut
down to 
 
using the following pair of encodingdecoding functions g
B
and h
B

g
B
is introduced by means of a constant specication The variable z may be
instantiated in an arbitrary manner to derive some concrete g
B

 z g
B
INL x  x  g
B
INR y  zy
 h
B
 INL
Remark It is not demanded that 
 
represents exactly the set of all reachable
states It must cover all reachable states but there may also be some unreachable
states
  s reachable f q s  ISLs 


automaton f q 
let

f  v xy z y g
B
zfv h
B
x and
q  g
B
q
in
automaton

f q


Usually  does not have the form 
 
 

with all reachable states being on the
left hand side Conversions based on corollary A can be used to reach such a
representation
 Elimination of Redundant Memory Parts
The last theorem to be introduced describes how parts of the memory can be
omitted if these parts are of no importance for the output and transition function
f  This theorem can be used for removing ipops with unconnected outputs
from a synchronous circuit description
Let us assume that the type of the states  is a scalar product of two types

 
  

and that f is x s
 
 s

 f

x s
 
 for some f

 In other words f
depends on the input and on the left hand side of the pair s
 
 s



 


repre
senting the state but not on the right hand side Theorem  states that this
automata f q is equivalent to the automaton f

 q
 


let
f  x s
 
 s

 f

x s
 
 and
q  q
 
 q


in
automatonf q

automatonf

 q
 


 Systematic Derivation of State Encodings
The automata theory provides several pairs of encodingdecoding functions for
the following set of data types useful for RT and gate level circuit descriptions
These theorems are intended for pure encodings according to corollary B
one  one
bool  T j F
num   j SUC of num
option  none j any of 
     of  
   INL of  j INR of 
On the gate level booleans shall also be used for representing signal values and
the scalar product shall be used for constructing compound signals On the RT
level more complex data types such as enumeration types natural numbers
records and variants can be used Additionally one num  option and   
shall also be used for representing data types at the RT level
The automata theory provides some theorems with pairs of correct encod
ingdecoding functions for the data types mentioned above They support con
versions from RT level data type descriptions down to gate level data types We
will explain which are the types these conversions come from and go to rather
then explain them in detail
We will use  	  to indicate that there is some encoding from type  to
type  and we will use 
	


 to indicate that there are bijective encodings ie
encodings from  to  and viceversa Table  lists some useful encoding theorems
and describes which types they are related to
The theorems NUM BOOL and NUM PROD can be used to convert natural
numbers with a limited range to tuples of booleans NUM PROD is used to
split a boolean from a natural number and to halve the size of the number and
NUM BOOL is used for encoding natural numbers less than 
Theorem OPTION SUM states that option can be encoded by means of
 and one Theorem BOOL NEG states that there is an encoding from booleans
to booleans turning T to F and viceversa
option  and   are all type operators The theorems OPTION TRANS
SUM TRANS and PROD TRANS derive encodings for these type operators
ie under the assumptions that there are encodings for their parameters  let
us say some 
	




and 
	




 the encoding for the entire type expressions
option   and    respectively can be derived
The binary type operators  and   are commutative and associative in
the sense that there are bijective encodings between such type expressions see
theorems SUM ASSOC SUM COM PROD ASSOC and PROD COM
All the encodings described until now are bijective encodings The encodings
in the theorems OPTION EXTEND SUM EXTEND and PROD EXTEND are

 only for natural numbers  

under the assumption that 

	


and 


	



Theorem Names EncodingDecoding
NUM BOOL

num

	
bool
NUM PROD num

	
num bool
OPTION SUM option

	
one 
OPTION TRANS

option

	


option
OPTION EXTEND   option
SUM ASSOC  
  

	
 
  
SUM COM  


	

  
SUM TRANS

 


	


 


SUM EXTEND     

SUM PROD  

	
bool 
PROD ASSOC  
 

	
 
  
PROD COM  


	

  
PROD NEUTRAL  one

	

PROD TRANS

 


	


 


PROD EXTEND     

BOOL NEG bool

	
bool
Table Encodings For Simple Data Types
applicable only in one direction They all lead to bigger types in the sense that
the new type contains some extra elements
 Algorithms for Deriving Correct Encodings
 The Task
We have applied the automata theory to formally describe behavioural circuit
descriptions of a synchronous VHDL subset For a given behavioural description
we extracted the automata description in terms of its initial state q and the
output and transition function f  In these automata derived from synchronous
VHDL the state   
c
  
d
consists of two parts control state 
c
and data
state 
d
 This section addresses the encoding of the control state part using the
encodings given in the previous section
The set of controller states is nite To represent them we used type expres
sions built with one option and  To derive a representation on the gate level
these types have to be mapped by tuples of booleans ie data types bool and
  There usually is a broad range of correct encodings Let us assume that only
the number of bits is to be minimized and that every possible representation
with a minimum number of bits is an appropriate encoding
Each control state represents either the starting point or one of the wait
statement positions in the VHDL program We will not go into the detail of how
these type expressions have resulted Here is just a brief hint on their meaning
 one is used to represent single wait statement positions
    is used to represent the control states of a compound statement se
quence ifthenelse consisting of two parts where  represents the set of
waitstatement positions in the rst part and  is used to represent the
waitstatement positions of the second part
 option is used for expressing positions before or after compound state
ments While anys is used to represent waitstatement positions within a
statement none is used to indicate either the position before the statement
or in another context the position immediately after the statement
 Derivation of a Minimal Bit Encoding
We will illustrate the minimal bit encoding algorithm by an example Let us
assume that 
c
is as follows
one oneoptionoption one one I
Substitution of option In the rst step all occurances of option are replaced
by one Theorem OPTION SUM is used to perform this encoding step The
type reached after the encoding
one one one one  one one II
Balancing Now the type expression consists of the type constant one and the
binary type operator  only The cardinality of a set represented by such a type
expression equals the number of one occurences Such type expressions can be
seen as binary trees whose depth corresponds to the number of bits needed for
encoding
In this step the depth of the tree is reduced by applying SUM ASSOC The
algorithm balances the tree in a bottom up fashion Let    be some node
where the cardinalities of  and  are jj and jj respectively If jj    jj
holds then SUM ASSOC is applied and if jj   jj holds then SUM ASSOC
is applied in the inverse direction
In our example there is only one position where the tree has to be balanced
the subexpression one  one  one  one Here the cardinality of the left
hand side is  and the cardinality of the right hand side is  So SUM ASSOC
is applied in the inverse direction We obtain
one one  one one  one one III
Extension Until now the cardinality of the entire type has been left unchanged
In order to reach a symmetric tree and to be able to encode the type by
scalar products of booleans we will now add some redundant states Theorem
SUM EXTEND is applied to encode one by one  one whenever one is a leaf
with a depth less than the maximum depth of the tree
In our example there were  states After the extension there are  In the
automaton the two extra states which have been added during the extension are
unreachable
one one  one one  one one  one one IV
Substitution of  and one Now the type expression tree is symmetric ie in
every node the left hand side equals the right hand side Theorem SUM PROD
is now applied repeatedly applied in a top down fashion
bool  bool  bool  one V
Finally SUM NEUTRAL is applied to encode bool  one by bool
bool  bool  bool VI
	 Derivation of a One Hot Encoding
We use the same example 
c
as in the minimal bit encoding example
one oneoptionoption one one I
Substitution of option As in the previous example the option type operator
is eliminated using OPTION SUM
one one one one  one one II
Flattening Applying SUM ASSOC repeatedly leads to
one one one one one one III
Substitution of  and one Combining the encodings SUM TRANS in for
ward direction ONE EXTEND and SUM PROD leads to the following com
pound encoding
 one 	 bool  
Applying this compound encoding encodes each repeatedly produces
bool  bool  bool  bool  bool  bool IV
The previous type expression consisted of  states where each of them corre
sponds to one onesubexpression
 Conclusion and Future Work
We have introduced a theory for automata representation and transformation
The transformations dened are constructive and hence lead to renements and
optimizations on the automata through dierent levels of abstraction An illus
tration of how state encodings can be derived in a formal synthesis fashion was
also given The state encoding algorithm presented is similar to conventional
synthesis algorithms except that correctness is guaranteed implicitly since the
algorithm is based on HOL
Such formal synthesis algorithms oer an alternative to the conventional
synthesisverication approach We believe that in general formal synthesis can
be much more e
cient than synthesis combined with an extra verication step
The result of a nonformal synthesis is just the implementation the information
on how the implementation is derived gets lost and cannot be used during the
postsynthesis verication step
We believe that formal synthesis algorithms can also be exploited in other
areas of hardware synthesis such as boolean optimization scheduling system
level synthesis The automata theory will be a basis for circuit descriptions on
the algorithmic and system level
References
Day Nancy Day A comparison between statecharts and state transition assertions
In hug pages 

EiSK D Eisenbiegler K Schneider and R Kumar A functional approach for
formalizing regular hardware structures In hug pages 	

hug Luc Claesen and Michael Gordon editors Higher Order Logic Theorem Prov
ing and Its Applications Leuven Belgium November  NorthHolland
hug Jerey J Joyce and CarlJohan H Seger editors Higher Order Logic The
orem Proving and Its Applications Vancouver BC Canada August 
Springer
Loew Paul Loewenstein A formal theory of simulations between innite automata
In hug pages 

Melh F Melham Automating recursive type denitions in higher order logic
Technical Report 
	 University of Cambridge Computer Laboratory 
ScKK R Kumar K Schneider and Thomas Kropf Alternative proof procedures
for nitestate machines in higherorder logic In hug pages 
This article was processed using the L
A
T
E
X macro package with LLNCS style
