Automata - a theory dedicated towards formal circuit synthesis by Eisenbiegler, Dirk
Automata | A Theory Dedicated towards
Formal Circuit Synthesis
Dirk Eisenbiegler
Institut fur Rechnerentwurf und Fehlertoleranz
(Prof. Dr.-Ing. D. Schmid)
Universitat Karlsruhe
e{mail: Dirk.Eisenbiegler@informatik.uni-karlsruhe.de
June 13, 1997
Abstract
This is a technical report about a theory named Automata. Automata is an
arithmetic for synchronous circuits. It provides means for representing and
transforming circuit descriptions at the RT level and gate level in a mathemtical
manner. Automata has been implemented in the HOL theorem proving envi-
ronment. Preproven theorems are designed for performing standard synthesis
steps such as state encoding, retiming and state minimization in a mathematical
manner via logical derivation.
Contents
1 Introduction 3
2 Automata Representation 5
2.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2 Equivalence of Automata . . . . . . . . . . . . . . . . . . . . . . 7
2.3 Compound Output/Transition-Functions . . . . . . . . . . . . . . 9
2.4 Product Automata . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.5 Causality of Automata . . . . . . . . . . . . . . . . . . . . . . . . 10
3 Combinatorial Blocks and Memory Blocks 11
3.1 Denitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2 Corresponding Automata Representations . . . . . . . . . . . . . 12
4 Reachability of States 14
4.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.2 State Traversation . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Denitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Theorems for Performing State Traversation . . . . . . . . . . . . 16
Scheme for State Traversation Algorithms . . . . . . . . . . . . . 17
4.3 Automata Equality Proof via State Traversation . . . . . . . . . 17
4.4 Modied State Traversation . . . . . . . . . . . . . . . . . . . . . 18
5 Synthesis Related Transformations 19
5.1 State Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Encoding of Reachable States . . . . . . . . . . . . . . . . . . . . 20
Corollary A: Pure State Encoding . . . . . . . . . . . . . . . . . 21
Corollary B: State Minimization . . . . . . . . . . . . . . . . . . 23
Classifying States . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.2 Retiming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
The Retiming Theorem . . . . . . . . . . . . . . . . . . . . . . . 25
Applying the Retiming Theorem . . . . . . . . . . . . . . . . . . 26
Forward Retiming and Backward Retiming . . . . . . . . . . . . 26
Possibilities and Limitations . . . . . . . . . . . . . . . . . . . . . 27
5.3 Elimination of Redundant Parts . . . . . . . . . . . . . . . . . . . 29
1
6 Systematic Derivation of State Encodings 30
6.1 A Set of HOL Data Types . . . . . . . . . . . . . . . . . . . . . . 30
6.2 Encoding Theorems . . . . . . . . . . . . . . . . . . . . . . . . . 31
6.3 Algorithms for Deriving Correct Encodings . . . . . . . . . . . . 33
Derivation of a Minimal Bit Encoding . . . . . . . . . . . . . . . 33
Derivation of a One Hot Encoding . . . . . . . . . . . . . . . . . 34
7 Structures consisting of Automata 36
7.1 The Relational Circuit Description Style . . . . . . . . . . . . . . 36
7.2 Relational versus Functional Circuit Descriptions . . . . . . . . . 37
7.3 Representing Structures that Consist of Automata . . . . . . . . 38
7.4 Splitting an Automaton into Combinatorial Block and Memory
Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
7.5 Switching from Relational to Functional Circuit Descriptions . . 39
7.6 Subautomata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
2
Chapter 1
Introduction
This paper is dedicated towards formal correctness in hardware design at the
RT (register transfer) and gate level. During RT and gate level synthesis
the circuit description is altered step by step using specic well known trans-
formations such as state encoding, state minimization, boolean optimization,
etc. Although these basic synthesis steps conform to simple logical derivation
steps, post-synthesis-verication is exacting. Post-synthesis-verication tech-
niques only have access to a specication and an implementation, i.e. the input
and the output of the synthesis process. Usually, there is a big gap between
specication and implementation: the state representation, the originally given
partitioning and the naming of the subcomponents and interconnections may
have changed completely. As a major drawback, the information on how the
implementation was derived from the specication is lost. Much of this informa-
tion is essential for verication: How were the control states encoded? Where is
which data stored? Is a redundant data representation used (one-hot-encoding,
signed-digit-encoding etc.)? Which control states were eliminated because of
unreachability, or have some (unreachable) control states been added in order
to get a more ecient/better testable implementation? Which parts of the
gate level implementation belong to the control path/data path of the RT-level
description? etc.
This paper is part of our ongoing work for developing techniques to perform
formally correct synthesis of synchronous circuit descriptions. The automata
theory is intended to be used for simple synchronous circuit descriptions at the
gate level and RT level [EiSK93]. The theory provides theorems describing the
above mentioned elementary RT- and gate level transformations (data encoding,
state minimization etc.) in a logical manner. The automata theory builds a
basis for formal synthesis programs where the entire process is described by a
sequence of renement steps within logic. As a result of the formal synthesis
process, there is not only the implementation of a given specication but also
the proof of its correctness. In contrast to other approaches towards formal
synthesis, this approach is very close to conventional synthesis techniques. It
is not intended to invent new synthesis algorithms but implement conventional
3
ones in a formal manner.
Similar to the approach taken in this paper, [Loew92, Day92] also gives a
formalization of automata descriptions. This allows reasoning about automata.
However, they allow more expressive specications such as non-deterministic
automata and do not provide transformations corresponding to circuit synthesis.
In our work we consider only deterministic translating automata (transductors)
that directly correspond to sequential circuits. Their formalization is purely
functional in nature.
The outline of this paper is as follows: In the next chapter, the formalism for
representing automata is introduced along with its semantics. The denitions
within the rst section build the basis for the entire paper. The third chapter
describes two specialized forms of automata: pure combinatorial blocks and pure
memory blocks. The fourth chapter is dedicated towards reachability of states
and state traversation. The fth chapter describes synthesis related transforma-
tions on automata. There is a set of theorems supporting state encoding, state
minimization, retiming and the elimination of redundant parts. State encoding
requires proper encoding functions. Chapter six presents techniques for deriv-
ing state encodings in a systematic manner. Chapter seven is dedicated towards
structures of automata. The theorems described in this chapter bridge the gap
between functional circuit descriptions with automata and the relational circuit
description style. Furthermore, they provide a means for applying the above
mentioned automata transformations also to parts of automata.
4
Chapter 2
Automata Representation
Usually an automaton is represented by a 6-tuple consisting of input alphabet,
output alphabet, set of states, output function, transition function and initial
state. In this approach, an automaton will be represented by a pair (f; q), where
f is a compound output and transition function and q is the initial state. The
way automata are represented in this approach diers in two aspects: First
the input alphabet, the output alphabet and the set of states are not given
explicitely and second the output function and the transition function are com-
bined to a single output and transition function.
Throughout this paper typed higher order logic expressions will be used. A
type is assigned to each expression and only well typed expressions are allowed.
Let , ! and  be the types corresponding to the input values, output values
and state values, respectively. , ! and  indicate type variables, i.e. arbitrary
types. It is to be noted here, that the types , o and  may also be compound
types such as tuples of basic data types or even tuples of compound types.
In circuit design, the output function and the transition function correspond
to the combinatorial units. However, it is not possible to unambiguously assign
combinatorial units to either the output function or the transition function.
In general, combinatorial units may be part of the output function as well as
part of the transition function. In other words: Their output signal is lead to
the output or to combinatorial units that produce the output, and it is also
lead to the registers or to combinatorial units that produce the new register
values. In circuit synthesis combinatorial transformations are not restricted
to the transformational part or the output part of the combinatorial units.
Therefore, in this approach, the output function and the transition function are
combined to a single output and transition function f whose type is  ! !.
The type of the initial state q is . The entire automaton is represented by a
pair (f; q) whose type is
(  ! !  ) 
An automaton (transductor) describes a mapping from a time dependent input
signal to a time dependent output signal. The type num stands for natural
5
numbers and will be used to indicate time. Time dependent signals are mappings
from num to some data type. num !  indicates the type of the input signal
and num! ! indicates the type of the output signal. Therefore an automaton
denes a mapping of the following type
(num! )! (num! !)
f and q unambiguously determine, how the automaton maps a time dependent
input signal input of type num!  to a time dependent output signal output of
type num! !. The higher order logic function automaton describes the seman-
tics of an automaton given as (f; q). The expression automaton(f; q) indicates a
function that maps input to output. Therefore, automaton is a function of the
following type:
((   ! !  )  ) ! (num! )! (num! !)
Figure 2.1 sketches, how some automaton(f; q) could be \implemented" using a
combinatorial component realizing f and a memory unit D[q]. Throughout the
paper, the symbol D[q] will be used to indicate a simple memory unit, where
the signal is delayed by one clock cycle and where the initial output is q.
f
!!
!

num! !num! 
automaton(f; q)
(num!)!(num!!)
 
D[q

]
Figure 2.1: automaton
2.1 Denition
Before dening the automaton constant itselft, the constant state is introduced.
state is introduced via primitive recursion over time and automaton is dened
as an abbreviation for a compound expression, i.e. a simple equation with
automaton on the left hand side.
Remark: FST, SND and SUC are predened functions of the HOL theorem
prover. FST maps a pair to its rst component, SND maps a pair to its second
component and SUC increments a natural number.
Definition:
`
 
state (f; q) i 0 = q

^
 
state (f; q) i (SUC t) = SND( f(i(SUC t); state (f; q) i t) )

(2.1)
6
For a given automton representation (f; q), state(f; q) describes the state of
an automaton as a sequence, i.e. a mapping from a time dependent input signal
to a state signal, i.e. a mapping from num to . state has the following type:
((   ! !  )  ) ! (num! )! (num! )
state(f; q)
f
D[q]


!
num! 
num! 

Figure 2.2: state
state is dened by means of primitive recursion over natural numbers, which
represent time. For a given input, the expression (state (f; q) input) denotes a
state in terms of a function mapping time represented as num to data values of
type . The expression (state (f; q) input t) denotes the state at some time t.
Based on state, automaton is dened as follows:
Definition:
` automaton (f; q) i t = FST(f(i(SUC t); state (f; q) i t))
(2.2)
Figure 2.3 sketches the relation between the signals involved. For some specic
automaton, the initial state at time 0 as well as the output and transition
function f are pre-given. For some input signal, the states for t > 0 and the
outputs are computed by iteratively applying f .
0
time
output
f f f f
state
input
1 2 3 4
...
Figure 2.3: Input, State and Output of an Automaton
2.2 Equivalence of Automata
Let (f
1
; q
1
) and (f
2
; q
2
) be two automata with types 
1
, !
1
, 
1
and 
2
, !
2
,

2
, respectively. The two automata are equivalent whenever they represent the
7
same input-to-output-function, i.e.
automaton(f
1
; q
1
) = automaton(f
2
; q
2
)
This report puts a stress on transforming automata to equivalent ones. The con-
stant automaton is the corresponding characteristic function for the equivalence
relation between pairs (f; q).
Formulae are only considered to be wellformed when they are well typed.
The above equation is well typed only if the function of the left hand side and
the function of the right hand side have the same type of input values and
output values  and !. Therefore having the same input and output type is a
preliminary for equivalence of automata. However, automata may be equivalent
although the type for representing the states  diers.
0
f
2
f
1
f
2
f
1
f
2
f
1
time
output
state
2
state
1
input
...
1 2 3
Figure 2.4: Input, State and Output of two equal Automata
There are two cases for equivalence of automata. In the trivial case, f
1
equals
f
2
and q
1
equals q
2
. Being equal implies having the same type. Therefore, in
this case, 
1
and 
2
must be equal. When performing bisimulation (gure 2.4),
the states are always equal, i.e. state
1
(t) = state
2
(t).
In the nontrivial case, the two automata are equal although f
1
does not
equal f
2
and q
1
does not equal q
2
. There may even be dierent data types for
the internal states. So the "expressions" f
1
= f
2
and q
1
= q
2
are not even
wellformed, due to a type mismatch.
In circuit design, combinatorial optimizations or simple functional optimiza-
tions on the RT-level correspond to the trivial case. It is pretty easy to de-
scribe such transformations in logic. For combinatorial optimizations, opera-
tions within a boolean calculus will do the job.
More sophisticated synthesis procedures such as state encoding, state min-
imization and retiming correspond to the nontrivial case. Encoding symbolic
states is one step to transform RT-level descriptions down to the gate level.
Retiming and reencoding steps can be used to achieve optimizations that go
beyond of what is possible with trivial transformations. This paper is dedicated
to nontrivial circuit transformations.
8
2.3 Compound Output/Transition-Functions
Compound functions can be described in the -notation supported by HOL. The
following term represents the output and transition function f of the automaton
displayed in gure 2.5. f is described as a mapping from some pair ((a; b); (c; d))
to some pair (x; (a; y)) via a composition of the functions g, h and j. (a; b) are
inputs, (c; d) represent the old state, x is the output and (a; y) indicate the next
state.
((a; b); (c; d)):
let (v; w) = g(b; c) in
let y = h(w; d) in
let x = j(v; y) in
(x; (a; y))
x
c
a
b
y
w
d
j
g
h
D[(0; 1)]
v
Figure 2.5: Compound Output/Transition-Functions
Using the above output and transition function f , the automaton of gure
2.5 can be represented by:
automaton(
((a; b); (c; d)):
let (v; w) = g(b; c) in
let y = h(w; d) in
let x = j(v; y) in
(x; (a; y))
;
(0; 1)
)
2.4 Product Automata
The equivalence of two automata can be proven by proving that the corre-
sponding product automaton constantly produces the T signal. Let there be
9
two automata automaton(f
1
; q
1
) and automaton(f
2
; q
2
). Figure 2.6 displays,
how the product automaton is built. A product automaton performs bisimula-
tion: The input is connected to both functions f
1
and f
2
. The output value
produced by f
1
and f
2
are compared within a equality unit = and the boolean
result is the output of the product automaton.
` (automaton (f
1
; q
1
) = automaton (f
2
; q
2
))
=
8input; t:
automaton(
(i; (s
1
; s
2
)):
let (x
1
; y
1
) = f
1
(i; s
1
) in
let (x
2
; y
2
) = f
2
(i; s
2
) in
let z = (x
1
= x
2
) in
(z; (y
1
; y
2
))
;
(q
1
; q
2
)
)
input t
= T
(2.3)
D[(q
1
; q
2
)]
=
f
1
f
2
Figure 2.6: Product Automaton
2.5 Causality of Automata
The next theorem states, that the behavior of an automaton only depends on its
past history. In other terms: output(t) only depends on input(x); x = 0; 1; : : : t.
Given that two input signals are equal until some time t, than an automaton
produces the same result at time t for both input signals.
` (8x: x  t) input
1
(x) = input
2
(x))
) (automaton (f; q) input
1
t = automaton (f; q) input
2
t)
(2.4)
Causality is a preliminary for realizability. However, this theorem is sort of
academic. It is good to know, that this property holds, but the theorem is not
to be used during synthesis.
10
Chapter 3
Combinatorial Blocks and
Memory Blocks
As already mentioned, it is intended to use automaton to describe arbitrary
synchronous circuits. There are two special cases of synchronous circuits: pure
combinatorial circuits and pure memory blocks. In this chapter, such circuit are
to be characterized by the denitions of combinatorial block and memory block,
respectively. Afterwards the relation between such circuits and general au-
tomata is will be described.
3.1 Denitions
A combinatorial block can unambiguously be dened by a function e
!!
map-
ping the current input to the current output. The constant combinatorial block
maps e to a function mapping some time dependent input i
num!
to some time
dependent output o
num!!
with o(t) = e(i(t)). See gure 3.1.
!

num! !num! 
g
!!
combinatorial block(g)
(num!)!(num!!)
Figure 3.1: Combinatorial Block
The combinatorial block is dened as follows:
Definition:
` combinatorial block e i t = e(i(t))
(3.1)
11
Memory blocks delay the input by one clock cycle. The initial state is given as
a parameter to the memory block constant.
memory block(q)
(num!)!(num!)
D[q

]


num!  num! 
Figure 3.2: Memory Block
Formal denition by means of primitive recursion over time:
Definition:
` memory block init i 0 = init ^
memory block init i (SUCt) = i(t)
(3.2)
3.2 Corresponding Automata Representations
Figure 3.3 sketches, how an automaton can be used to represent combinatorial
blocks with some function g. g maps the input to the output. The state is
initialized with one. one is a HOL standard data type with only one element, and
the constant one
one
represents this unique element. The output and transition
function in gure 3.3 ignores the old value of the state and always produces a
one as the next state.
g
one
D[one]
Figure 3.3: Combinatorial Block Represented by an Automaton
The following theorem states, that the automaton sketched in gure 3.3
equals the corresponding combinatorial block (see gure 3.1).
` combinatorial block e = automaton (((x; y
one
): (e(x); one)); one) (3.3)
Memory parts can be represented by automata, where the input is directly
connected with the input of the internal memory and the output of internal
memory is connected with the output of the automaton (see gure 3.4).
12
D[q]
Figure 3.4: Memory Block Represented by an Automaton
The following theorem states, that the automaton sketched in gure 3.4
equals the corresponding memory block (see gure 3.2).
` memory block init = automaton (((x; y): (y; x)); init) (3.4)
13
Chapter 4
Reachability of States
4.1 Denition
Some state is called reachable with respect to some given automaton (f; q) i
there exists some input sequence i and some time t such that the automatons
state (state (f; q) i t) equals s: reachable
Definition
` reachable (f; q) s = ( 9i; t: state (f; q) i t = s )
(4.1)
The constant reachable maps an automaton (f; q) to a predicate is a character-
istic function for the set of reachable states. reachable has the following type:
((   ! !  )  ) !  ! bool
Figure 4.1 gives an example. The circles represent the states of some automaton.
The initial state q is indicated by a lled circle. An arrow from state a to state
b indicates, that the automaton may switch from a to b in one step. More
formally: There exists an input i such that SND(f(i; b)) = a. The dashed line
describes the set of reachable states.
The following theorems ((4.2) and (4.3)) are directly derived from the def-
inition of reachability. They state, that the initial state is reachable and that
if some s is reachable then so is any successor state SND(f(x; s)) for arbitrary
input x.
` reachable (f; q) q (4.2)
` ( reachable (f; q) s ) ) ( 8x: reachable (f; q) (SND(f(x; s))) ) (4.3)
4.2 State Traversation
This section is dedicated towards determining the set of reachable states of
an automaton. It provides a set of theorems for performing state traversation
within HOL.
14
qreachable(f; q)
Figure 4.1: Reachability in an Automaton (f; q)
State Traversation techniques start with a set only consisting of the initial
state. Within each step the set of states is extended by the states that can
directly (in one clock cycle) be reached from one of the states in the current
set. Finally one may reach a set of states that cannot be extended any more,
i.e. there are no extra states, that can be reached from one of the states. Then
the set covers all reachable states (see gure 4.2).
q
reachable(f; q)
Figure 4.2: State traversation in an Automaton (f; q)
For sake of memory consumption, the elements in the sets of states are
not enumerated explicitely but the set of states is represented by a character-
istic functions. In conventional state traversation techniques, states have to
be represented by tuples of booleans, and BDDs are used for representing the
characteristic functions of the state sets.
In HOL, the set of states will be represented by characteristic functions on
states of arbitrary type , i.e. a function of type  ! bool. In each state of the
state traversation, the current set of state fullls two properties:
1. all states of the set are reachable
2. the set contains the initial state
15
Denitions
The following denition characterizes these property for a set of states repre-
sented by its characteristic function P with respect to some automaton repre-
sented by f and q:
Definition
` are reachable and contain initial state (f; q) P =
(8x:P (x)) reachable (f; q) x) ^
P (q)
(4.4)
The function add direct successors describes the extension step. It maps some
state set P to another state set P
0
= add direct successors(P ) where P
0
covers
all states of P plus the states that can directly be reached by applying the f to
one of the states x of P and some arbitrary input i.
Definition
` add direct successors f P s =
P (s)_
(9x; i:
P (x) ^
s = SND(f(i; x))
)
(4.5)
Theorems for Performing State Traversation
The following three theorems build the basis for the formal state traversation
in HOL. They all deal with the set of states that has been determined so far,
represented by its characteristic function P .
The rst theorem states, that the set fqg is a proper set, i.e. all states
are reachable and the set contains the initial state. fqg is represented by its
characteristic function P = (x: x = q).
` are reachable and contain initial state (f; q) (x: x = q) (4.6)
The second theorem states, that given a proper set represented by P , than
adding the direct successors again leads to another proper set.
` are reachable and contain initial state (f; q) P
) are reachable and contain initial state (f; q)
(add direct successors f P )
(4.7)
The third theorem states, that given a proper set where adding direct successors
does not extend the set, than the current set equals the set of reachable states.
` are reachable and contain initial state (f; q) P ^
(8x: add direct successors f P x) P (x) )
) reachable (f; q) = P
(4.8)
16
Scheme for State Traversation Algorithms
The following algorithm maps some terms f and q representing the term to a
theorem stating that the set of reachable states equals some P . Each state of
the algorithm is represented by a theorem th of the following form:
` are reachable and contain initial state (f; q) P (4.9)
Throughout the algorithm (f; q) will not change but P .
1. Let th be theorem (4.6). Instantiate f and q with the automaton repre-
sentation in question.
2. Normalize the characteristic function P within theorem th
3. Match the left hand side of (4.7) with the current theorem th and apply
modus ponens. Store the result in theorem th'.
4. Normalize the characteristic function P within theorem th'
5. If the characteristic functions in th and th' are equal, then P the second
assumption in theorem (4.8) is fullled. Match the rst assumption with
th and derive the conclusion
` reachable (f; q) = P
via modus ponens. The algorithm terminates returning the above theo-
rem.
If the characteristic functions in th and th' are unequal, then assign th
to th' and continue with step 3.
The algorithm assumes that there exists some normalization procedure for step
2 and step 4.
Remark: The algorithm assumes, that there exists some normalization func-
tion for the characteristic functions for state sets. It always terminates for nite
state  and nite input .
4.3 Automata Equality Proof via State Traver-
sation
According to theorem (2.3), the equivalence of two automata can be turned into
an equivalent proof goal, stating that the corresponding product automaton
always produces the T signal at the output. The following theorem states that,
an automaton always produces a T signal at the output i f produces the T
signal as output for all reachable states and all inputs.
` (8input; t: automaton (f; q) input t = T)
=
(8s; i: reachable (f; q) s) FST(f(i; s)))
(4.10)
17
This allows one to proof the equivalence of automata by rst performing state
traversation according to the previous section and then checking whether the
set characterized by ((f; q) s) is a superset of (s: 9i: FST(f(i; s))).
4.4 Modied State Traversation
The state traversation algorithm described in 4.2 is intended for determining
the exact set of reachable states. It may also be useful to determine a superset
of the set of reachable states. State minimization as described in section 5.1, for
example, eliminates some unreachable states. It therefore requires a superset of
the reachable states as the new state set of the optimized automaton. Proving
the equality of two automata according to theorem 4.10 can as well be done by
proving that FST(f(i; s)) holds for all s of some superset of the reachable states.
To achieve some superset of the reachable states, one can modify the algo-
rithm of section 4.2. Other than in the standard, one can also add arbitrary
unreachable states to the state set. The only thing that need be guaranteed in
the end is that one has achieved a set that contains q and adding the direct suc-
cessors does not extend the set. These properties can rather easily be checked
and, according to the following theorem, are an adequate criterion for ensuring
that the current set is a superset of the reachable states.
` (
P (q) ^
(8i; s: add direct successors (f; q) P s) P (s))
)
=
(8s: reachable (f; q) s) P (s) )
(4.11)
18
Chapter 5
Synthesis Related
Transformations
Equivalence of automata means that for a given input, the automata produce
the same output. An automaton (f; q) can be trivially turned into an equivalent
automaton by substituting f and q by equivalent terms
~
f = f and ~q = q. All
automata achievable by such transformations have one thing in common: the
states are represented in the same way. This section presents automata trans-
formations which go beyond this: state encoding, retiming and the elimination
of redundant parts.
5.1 State Encoding
This section introduces a set of four theorems for changing the state encoding of
states. All four theorems have one thing in common: they change an automaton
according to gure 5.2. An automaton given as (f; q) is modied by inserting
two functions g and h such that state values are encoded via g before they are
led to the memory unit and decoded via h on their way from the memory unit
back to f . The initial value q is substituted by g(q).
D[q]
f
D[g(q)]
g
h
f
Figure 5.1: State Encoding
19
Performing state encoding changes the type of states. In the original au-
tomaton it is , and it becomes 
0
after the encoding. The encoding function
g is a mapping from  to 
0
and the decoding function h is a mapping in the
inverse direction.
The following equation describes this relation in a formal manner. It has
to be noted, that this equation is not a tautology. The four theorems to be
presented have dierent assumptions under which this equation is fullled.
automaton (f; q)
=
automaton(
((i; s):
let a = h(s) in
let (b; c) = f(i; a) in
let d = g(c) in
(b; d)
) ;
g(q)
)


0
reachable(f; q)
g
h
Figure 5.2: Encoding from  to 
0
The rst theorem performs the encoding of reachable states. The second
and the third theorem are corollaries: they perform state encoding of all states
and the pure elimination of unreachable states, respectively. The last theorem
encodes classes of states with the same behavior by single states.
Encoding of Reachable States
The following theorem performs the encoding of reachable states. The left hand
side of the implication in theorem (5.1) states, that there the encoding/decoding
functions g and h are "inverse" for all reachable states. Here, inverse means
h(g(s)) = s but not necessarily g(h(s)) = s. Figure 5.1 illustrates the relation
20
between g and h.
` (8s: (reachable (f; q) s) ) h(g(s)) = s)
)
(
automaton (f; q)
=
automaton(
((i; s):
let a = h(s) in
let (b; c) = f(i; a) in
let d = g(c) in
(b; d)
) ;
g(q)
)
)
(5.1)
Corollary A: Pure State Encoding
The previous theorem has two eects: it eliminates some unreachable states and
it changes the encoding of the remaining states. Determining reachability can
only be performed for small sized automata. The following is restricted to pure
state encoding. In contrast to theorem (5.1), theorem (5.2) performs the state
encoding for the entire set of states | reachability need not be considered.
` (8s: h(g(s)) = s)
)
(
automaton (f; q)
=
automaton(
((i; s):
let a = h(s) in
let (b; c) = f(i; a) in
let d = g(c) in
(b; d)
) ;
g(q)
)
)
(5.2)
Before this corollary can be applied, an appropriate encoding in terms of g and
h has to be found and it has to be proven, that the encoding is correct, i.e.
8s: h(g(s)) holds (see gure 5.3). The quality of the synthesis result (size of
combinatorial logic, size of memory, etc.) very much depends on the encoding
chosen. Usually there are lots of dierent encodings, and there already exist
21
dierent techniques for determining good encodings according to dierent opti-
mization criteria. For types with a huge cardinality, proving 8s:h(g(s)) = s may
become exacting. Besides explicitly proving the correctness of a given encoding,
it is also possible to derive a correct encoding in a systematic manner. Dierent
ways for deriving encoding/decoding function pairs will be described in chapter
6.


0
g
h
Figure 5.3: Encoding all states
Corollary B: State Minimization
Corollary B to theorem (5.1) is dedicated to reducing the state set by eliminating
unreachable states. It is assumed, that one has divided  into 
1
+
2
, where all
the reachable states are in 
1
. There may also be some unreachable states in 
1
,
but there is no reachable state in 
2
. In this situation, the state representation
can be cut down to 
1
using a pair of encoding/decoding functions g and h
where h maps x to INL(x) and g maps every expression INL(x) back to x. It is
to be noted here, that g is only partially specied. The result of applying g to
22
INR(x) is unspecied.
` (
( 8s: (reachable (f; q) s)) ) ISL(s) ) ^
( 8x: h(x) = INL(x) ) ^
( 8x: g(INL x) = x )
)
)
(
automaton (f; q)
=
automaton(
((i; s):
let a = h(s) in
let (b; c) = f(i; a) in
let d = g(c) in
(b; d)
) ;
g(q)
)
)
(5.3)
reachable(f; q)
g
h

1

1

2

1
+ 
2
Figure 5.4: Elimination of Unreachable States
Annotation: Usually  does not have the form 
1
+ 
2
with all reachable
states being on the left hand side. Conversions based on corollary A can be
used to reach such a representation.
Classifying States
The previous state encoding theorems can be used for eliminating unreachable
states and changing the encoding states in a bijective manner. The encoding
function g has always been injective with respect to the set of reachable states.
Other than these theorems, the theorem to be presented in this section may also
reduce the number of states among the reachable states.
23
Theorem 5.4 reduces the number of states by mapping a set of "equivalent"
states to a single state. Let there be some classication for the set of states such
that the output and transition function f always produces equivalent results for
states being in the same class. Equivalent means: the output is the same and
the successor states are in the same class.
The theorem states, that there exists a function h that maps each value
to the representative of its class and an "inverse" function g that maps each
representative of some class to some value of the class (see gure 5.5). g is the
characteristic function of the classication. During state encoding, g is used as
the encoding function and h is used as the decoding function according to gure
5.1.
` ( 8s: g(h(s)) = s )^
( 8s
1
; s
2
: g(s
1
) = g(s
2
)
) (8i:
FST(f(i; s
1
)) = FST(f(i; s
2
)) ^
g(SND(f(i; s
1
))) = g(SND(f(i; s
2
)))
))
)
(
automaton (f; q)
=
automaton(
((i; s):
let a = h(s) in
let (b; c) = f(i; a) in
let d = g(c) in
(b; d)
) ;
g(q)
)
)
(5.4)
5.2 Retiming
In simplied terms, retiming (more precisely: forward retiming) moves the mem-
ory part over some combinatorial part g. In order to guarantee correctness, the
initial state q has to be transformed from q to g(g) (see gure 5.6). Retiming can
signicantly change the delay of the combinatorial part of the circuit and there-
fore increase the clock frequence. Retiming also has an impact on the number of
memory units needed. Combining Retiming with combinatorial optimizations
may even change the consumption of combinatorial units.
24
gh
Figure 5.5: Classifying States
g
h
D[q]
g
h
D[g(q)]
Figure 5.6: Retiming
The Retiming Theorem
The following theorem describes retiming in a very general manner. It states
that the two automata descriptions in gure 5.6 are equal. Both automata con-
sist of two combinatorial subparts f and g. The theorem is a mighty higher
order logic expression stating that this equality holds for all f and all g. There-
fore the theorem 5.5 is not dedicated to a specic retiming step but describes
a general pattern for retiming. As described later on, it can be adapted to
dierent situations.
`
automaton( ((i; s): h(i; g(s))) ; q )
= automaton( ((i; s): let (x; y) = h(i; s) in (x; g(s))) ; g(q) )
(5.5)
Applying the Retiming Theorem
Retiming can be performed in both directions. The synthesis step from left
to right (gure 5.6) is called forward retiming whereas the reverse direction is
called backward retiming. In both directions it is possible to apply the theorem
in various ways.
Using an automaton as a formal representation, the overall forward retiming
procedure consists of four steps:
25
1. First the combinatorial part is split into f and g. Assigning combinatorial
components to f or g can either be performed by hand or some arbitrary
external program may be invoked.
2. Then the general retiming theorem is applied: The current circuit descrip-
tion is matched with the left hand side of the equation and one proceeds
with the right hand side.
3. Then f and g are joined to a single combinatorial part.
4. Finally the new initial values of the shifted registers f(q) are determined
via evaluation.
Figure 5.7 describes, how a circuit is adapted to the retiming theorem. In our
example, there are three combinatorial parts: , +1 and MUX. When applying
our synthesis procedure, f consists of the -component only and g consists of
+1 and MUX.
g
>
+1
MUX
0
D[(0; 0; 0)]
1
h
g
+1
MUX
0
1
h
>
D[(0; 1)]
Figure 5.7: Example for Applying the Retiming Scheme
Forward Retiming and Backward Retiming
At rst glance, backward retiming is just the other way round. The current
automaton has to be matched with the right hand side and the theorem has to
26
be applied in reverse direction. However, determining the new initial state is
not that easy any more since one has to apply the "inverse" of g. In general,
there is no such "inverse" or it is not unambiguous. There may be several initial
states fullling this property and it may even be, that there is none.
Up to now, only unambiguous circuit descriptions have been considered, i.e.
each circuit represents exactly one concrete circuit. However, when performing
a backward retiming step with several possible initial states, this is a synthesis
step where the result should be a set of circuits rather than a single circuit.
There are several formalism where circuits need not necessarily be specied in
an unambiguous manner but can loosely be specied (don't cares etc.). Such
formalisms do not describe single circuits but sets of circuits. Just picking out
one of the circuits and omit the rest may lead to a loss of optimization since
further optimizations steps may produce good results only for the omitted ones.
Dealing with circuit descriptions that do not ensure unambiguity makes
things a magnitude more dicult. One has to be aware of the fact that in
general such circuit descriptions do not ensure consistency. Deriving inconsis-
tent circuit descriptions is ne as far as logic is concerned. Inconsistent circuit
descriptions fulll any specication. So without looking at consistency, con-
structing correct circuit descriptions for arbitrary specications is pretty easy.
From the practical point of view, however, such circuit descriptions are both
worthless and misleading. There is just no circuit in the real world that such
circuit descriptions stand for.
Possibilities and Limitations
In forward retiming, the combinatorial part has to be cut according to the left
hand side of gure 5.6. During retiming, the components of the combinatorial
part have to be assigned to either f or g. However, not all assignments are
possible. Components can only be assigned to g if they only depend on the
states or on the results of other components that are assigned to g. Components
in g must not | neither directly nor indirectly | depend on the overall inputs
of the combinatorial part.
To perform backward retiming, the components assigned to g must not |
neither directly nor indirectly | depend on the overall outputs of the combina-
torial part. In order to avoid inconsistency, backward retiming should also be
restricted to functions g such that there exists an inverse for the current initial
state with respect to g.
Figure 5.8 describes a typical situation before retiming. One can statically
analyze which retiming steps can be performed. As to forward retiming, C2
and C3 cannot be assigned to g due to the dependencies from the input signals.
Furthermore data dependencies within C1, C4, C5 and C6 have to be respected.
Assigning C4 to g and assigning the other components to f would lead to a
proper split of the combinatorial part. The new initial state would become
(0; 1; 0). Assigning C1 and C6 to g and the rest to f , however, would fail since
C6 (a component within g) depends on the result of C4 (a component within
f).
27
D[(0; 0; 0)]
1
C1
>1
>1
C2
>1
C3
C6
C5
1
C4 &
Figure 5.8: Example for Retiming
As to backward retiming, the components C1 and C2 cannot be assigned to
g due to their impact on the output signal. Similar to forward retiming, data
dependencies again have to be considered. For example, it is not possible to
assign C4 to g and to assign C6 to f .
In general, backward retiming does not lead to unambiguous initial states.
Let C3 be assigned to g and the other components be assigned to f . In the
retimed circuit, four 1-Bit D-ipops are required: two at the outputs of C5
and C6 and two at the inputs of C3. The D-ipops at the inputs of C3 can be
initialized with (1; 0), (0; 1) or (1; 1).
Besides data dependencies on the output, there is also a second restriction
for backward retiming: for some cuts, there is no proper initial state. Let C5
and C6 be assigned to g and the other components be assigned to f . For the
output signal of C4 | an input for both C5 and C6 | the requirements are
contradictory. According to C5 the its initial state should be 1 and according
to C6 its initial state should be 0. So for this cut there is no proper initial state.
5.3 Elimination of Redundant Parts
The following theorem can be applied to eliminate parts of the circuits, that
do not aect the input/output behaviour. There are two preliminaries for elim-
inating a combinatorial block: it does not eect the output and the values it
writes to the memory component are only read by itself.
It is assumed that the combinatorial part is divided in two parts g and h
28
(see gure 5.9) where h is the part that is eliminated during the transformation
step.
`
automaton(
((i; (s
1
; s
2
)): let (x; y) = g(i; s
1
) in (x; (y; h(i; s
1
; s
2
)))) ;
(q
1
; q
2
)
)
= automaton( g; q
1
)
(5.6)
D[(q
1
; q
2
)]
g
h
D[q
1
]
g
Figure 5.9: Elimination of Redundant Parts
Synthesis of synchronous VHDL descriptions may lead to such redundant
parts [EiKu95c, EiKu96]. VHDL variables in general have to be implemented
by memory units since in VHDL the result of variables is also accessible in
the next clock tick. However, variables may also be used to only hold variable
values within one clock tick. However, omitting the register is allowed only if
the automaton derived from the VHDL process matches the pattern in gure
5.9.
29
Chapter 6
Systematic Derivation of
State Encodings
The automata theory provides several pairs of encoding/decoding functions for
a set of basic data types. This chapter is dedicated towards formally deriving
encoding/decoding-pairs according to section 5.1. The theorems to be produced
are to be used as assumptions in theorem (5.3).
The chapter is structured as follows: First, the data types that are to be
considered will be introduced. The next section lists a set of theorems support-
ing encoding. The succeeding section will illustrate, how this set of encoding
theorems can be applied to formally derive pairs of encoding/decoding-functions
in a systematic manner.
6.1 A Set of HOL Data Types
The encoding theorems to be described will be restricted to a set of 6 data types
(and type operators). Their semantics is described in a ML-fashion. Greek
letters are used to indicate type variables. HOL provides a type denition
mechanism based on such descriptions [Melh88, GoMe93, Melh93].
In simple words, the semantics is as follows: Each data type t has a set
of constructors that is either a constant of type t or a function mapping some
parameters of some given type to t. The data type holds all values that can
be produced by its constructors. Values produced by dierent constructors are
unequal.
one = one
bool = T j F
num = 0 j SUC of num
()option = none j any of 
  = , of ) 
+  = INL of  j INR of 
30
one, bool and num are simple data types whereas option,  and + are type con-
structors, i.e. mappings from some type to another. The unary type constructor
option, for example, maps some arbitrary type  to ()option. The type con-
structors  and + are binary type constructors mapping arbitrary data types
 and  to   and + , respectively.
The data type one has one single constructor which is also named one. The
constructor one is a constant of type one. Therefore the set represented by the
data type one is foneg. The data type bool represents the boolean values T and
F.
The data type num represents the set of nonnegative natural numbers. It
is dened in a recursive manner. There is a constructor named 0, which is a
constant of type num and there is a constructor function SUC mapping some
value of type num to its successors value.
option is a unary type operator that is used in postx notation. In simplied
terms, option adds one element to some data type. It is dened via the two
constructors none and any. Let  be some arbitrary type. ()option represents
the set consisting of the term none plus all the elements any(x), where x is of
type . In mathematical notation, ()option represents the following set:
fnoneg [ fsome(x) j x 2 g
 represents the scalar product. It is a binary type operator that is used in inx
notation. The ;-operator maps two expressions of type  and  to an expression
of type   . The expression x; y denotes a logical term of type   . In
mathematical notation,   represents the following set:
f(x; y) j x 2  ^ x 2 g
+ represents the "sum" of two types. + is a binary type operator that is used
in inx notation. There are two constructors INL and INR. The constructor
INL maps an expressions of type  to an expression of type  + , and the
constructor INL maps an expressions of type  to an expression of type  + .
In mathematical notation, +  represents the following set:
fINL(x) j x 2 g [ fINR(x) j x 2 g
6.2 Encoding Theorems
The automata theory provides some theorems with pairs of correct encod-
ing/decoding functions for the data types mentioned above. They support con-
versions from RT level data type descriptions down to gate level data types. We
will explain, which are the types these conversions come from and go to, rather
then, explain them in detail.
We will use  *  to indicate, that there is some encoding from type  to
type  and we will use 
*
)
 to indicate, that there are bijective encodings,
i.e. encodings from  to  and vice versa. Table 6.1 lists some useful encoding
theorems and the corresponding data types.
31
Theorem Names Encoding/Decoding
NUM BOOL

num
*
)
bool
NUM PROD num
*
)
num bool
OPTION SUM ()option
*
)
one+ 
OPTION TRANS
y
()option
*
)
(
0
)option
OPTION EXTEND  * ()option
SUM ASSOC (+ ) + 
*
)
+ ( + )
SUM COM + 
*
)
 + 
SUM TRANS
y
+ 
*
)

0
+ 
0
SUM EXTEND  * + 
SUM PROD + 
*
)
bool 
PROD ASSOC ( ) 
*
)
 (  )
PROD COM  
*
)
  
PROD NEUTRAL  one
*
)

PROD TRANS
y
 
*
)

0
 
0
PROD EXTEND  *  
BOOL NEG bool
*
)
bool
Table 6.1: Encodings For Simple Data Types
The theorems NUM BOOL and NUM PROD can be used to convert natural
numbers with a limited range to tuples of booleans. NUM PROD is used to
split a boolean from a natural number and to halve the size of the number, and
NUM BOOL is used for encoding nonnegative numbers that are less than 2.
Theorem OPTION SUM states, that ()option can be encoded by means
of + and one. Theorem BOOL NEG states, that there is an encoding from
booleans to booleans (turning T to F and vice versa).
option, + and  are type operators. The theorems OPTION TRANS,
SUM TRANS and PROD TRANS derive encodings for these type operators.
Provided that there are encodings for the subtypes 
*
)

0
and 
*
)

0
, then the
encoding for the entire type expressions ()option
*
)
(
0
)option, +
*
)

0
+
0
and  
*
)

0
 
0
are derived.
The binary type operators + and  are commutative and associative in
the sense that there are bijective encodings between such type expressions (see
theorems SUM ASSOC, SUM COM, PROD ASSOC and PROD COM).
All the encodings described until now, are bijective encodings. The theorems
OPTION EXTEND, SUM EXTEND and PROD EXTEND, however, describe
encodings that are applicable only in one direction. They all lead to \bigger"
y
* only for natural numbers < 2
y
under the assumption that 
*
)

0
and 
*
)

0
32
types in the sense that the new type contains some extra elements.
6.3 Algorithms for Deriving Correct Encodings
This section gives a gist of how encoding algorithms may look like. The algo-
rithms are motivated by our recent work about the embedding a synchronous
subset of VHDL in HOL [EiKu95c, EiKM96, EiKu96]. See also [KlBr95] for
various other approaches for embedding VHDL. Our approach is based on the
automata theory. For a given behavioural description in VHDL, the corre-
sponding automata description in terms of its initial state q and the output and
transition function f are extracted. In such automata the state  = 
c
 
d
consists of two parts: control state 
c
and data state 
d
. This section addresses
the encoding of the control state part using the encodings given in the previous
section.
The set of controller states is nite. To represent them, type expressions
built with one, option and + are used. To derive a representation on the gate
level, these types have to be mapped to tuples of booleans, i.e. data types
constructed via bool and .Each control state represents either the starting
point or one of the wait-statement positions in the VHDL program. It is not
intended to go into the detail of how these type expressions have resulted. Here
is just a brief hint on their meaning:
 one is used to represent single wait statement positions,
  +  is used to represent the control states of a compound statement
consisting of two parts (sequence, if-then-else) where  represents the set
of wait-statement positions in the rst part and  is used to represent the
wait-statement positions of the second part.
 ()option is used for expressing positions before or after (compound) state-
ments. While any(s) is used to represent wait-statement positions within a
statement, none is used to indicate either the position before the statement
or (in another context) the position immediately after the statement.
Derivation of a Minimal Bit Encoding
There usually is a broad range of correct encodings. The algorithm to be pre-
sented in this section produces an encoding with a minimal number of bits. The
algorithm is illustrated by the following example:
(one+ (one)option)option+ (one+ one)
In the rst step all occurrences of ()option are replaced by one+ . Theorem
OPTION SUM is used to perform this encoding step. The type reached after
the encoding:
(one+ (one+ (one+ one))) + (one+ one)
33
Now the type expression consists of the type constant one and the binary type
operator + only. The cardinality of a set represented by such a type expression
equals the number of one occurrences. Such type expressions can be seen as
binary trees, whose depth corresponds to the number of bits needed for encoding.
In this step, the depth of the tree is reduced by applying SUM ASSOC. The
algorithm balances the tree in a bottom up fashion. Let  +  be some node
where the cardinalities of  and  are jj and jj, respectively. If jj > 2  jj
holds, then SUM ASSOC is applied and if jj > 2jj holds, then SUM ASSOC
is applied in the inverse direction.
In our example, there is only one position, where the tree has to be balanced:
the subexpression (one + (one + (one + one))). Here the cardinality of the left
hand side is 1 and the cardinality of the right hand side is 3. So SUM ASSOC
is applied in the inverse direction. We obtain:
((one+ one) + (one+ one)) + (one+ one)
Until now, the cardinality of the entire type has been left unchanged. In order
to reach a symmetric tree and to be able to encode the type by scalar products
of booleans, we will now add some redundant states. Theorem SUM EXTEND
is applied to encode one by one+ one whenever one is a leaf with a depth less
than the maximum depth of the tree.
In our example, there were 6 states. After the extension, there are 8. In the
automaton the two extra states which have been added during the extension
are unreachable.
((one+ one) + (one+ one)) + ((one+ one) + (one+ one))
Now the type expression tree is symmetric, i.e. in every node the left hand side
equals the right hand side. Theorem SUM PROD is now applied repeatedly
applied in a top down fashion.
bool (bool (bool one))
Finally SUM NEUTRAL is applied to encode bool one by bool.
bool (bool bool)
Derivation of a One Hot Encoding
The algorithm to be described in this section derives boolean encodings that
use one bit per state. Each bit corresponds to one state. When the automaton
is in some state, the corresponding bit becomes T and all other bits become
F. The algorithm will be described with the same example as for the previous
algorithm.
(one+ (one)option)option+ (one+ one)
As in the previous example, the option type operator is eliminated using OP-
TION SUM:
(one+ (one+ (one+ one))) + (one+ one)
34
Applying SUM ASSOC repeatedly leads to:
one+ (one+ (one+ (one+ (one+ one))))
Combining the encodings SUM TRANS (in forward direction), ONE EXTEND
and SUM PROD leads to the following compound encoding:
+ one * bool 
Applying this compound encoding repeatedly produces:
bool (bool (bool (bool (bool bool))))
35
Chapter 7
Structures consisting of
Automata
Until now, circuits have always been described by single automata. Automata
are an appropriate means for describing arbitrary circuits in a functional style.
This chapter is dedicated towards describing circuits by structures of where the
components are automata. Structures of automata will formally be described
in a relational style.
Describing circuits by complex single automata as well as using structures
each consisting of several small automata has its pros and cons. The automata
theory provides means for switching between the two representations styles.
7.1 The Relational Circuit Description Style
Up to now, circuits where formalized as mapping from time dependent input
signals to time dependent output signals. In this section, circuits are to be
described by means of relations between time dependent signals. Relations are
more general than functions: every function is a relation, but it is not the other
way round.
In the relational approach, input and output signals need not necessarily be
distinguished. An expression of the form
P (a; b; c)
states, that there are some signals a, b and c fullling some relation P cor-
responding to some circuit. Representing structures in higher order logic is
straightforward [HaDa86, Melh93]. The general scheme is as follows:
8i
1
; i
2
; : : : i
n
i
; o
1
; o
2
; : : : o
n
o
:
9y
1
; x
2
; : : : y
m
:
R(x
1
; x
2
; : : : x
n
) = R
1
(: : :) ^ R
2
(: : :) ^ : : : ^R
k
(: : :)
36
In this formula, a compound circuit R is dened as a composition of its parts
R
1
; R
2
; : : : R
k
. The external signals i
1
; i
2
; : : : i
n
i
; o
1
; o
2
; : : : o
n
o
are all-quantied
and the internal signals y
1
; y
2
; : : : y
m
are existentially quantied. The interface
of the compound circuit is connected with all external signals, the interfaces
of its components may be connected to arbitrary internal or external signals
according to the given net list. In such net list descriptions, circuits are repre-
sented by relations. Input and output signals are not distinguished, and there
may be several input and output signals.
Figure 7.1 gives an example for a formalization of a circuit structure accord-
ing to this scheme. The compound circuit is named R, its parts are named A,
B and C. The components A, B, C and R are arbitrary synchronous circuits.
The inputs of R are a and b, its outputs are x and y and there are two internal
lines named v and w.
v
A
C
B
R
a
b
w
y
x
8a; b; x; y:
9v; w:
R(a; b; x; y) = A(a; v; v) ^B(w; b; y) ^ C(a; v; x; w; y)
Figure 7.1: Formalization of a Structure
7.2 Relational versus Functional Circuit Descrip-
tions
The major advantage of the relational circuit description style is, that circuits
may be composed easily. Relations are powerful as to expressiveness. They also
allow partial specications that do not represent single circuits but characterize
sets of real circuits. However, such a set may also be empty. Such contradictory
circuit descriptions are crucial. On the one hand side, there is no real circuit
they stand for, and this means they are unsynthesizable. For large sized cir-
cuit descriptions detecting contradictions may become dicult. On the other
hand side, contradictory circuits fulll any property (ex falso quodlibet) which
may lead to false hopes after having proven specic properties for contradictory
circuits.
When building sequential circuit structures, two restrictions have to be con-
sidered: shortcircuits and zero delay cycles. A shortcircuit is an interconnection
of two or more output signals. In the technical practice this leads to an extreme
power consumption in case that the signal values dier. The resulting signal
37
value is uncertain, and it may even come to a destruction of the circuit due to
the heat.
In the sequential timing abstraction, combinatorial components produce the
output signals without delay whereas memory units delay signals by one time
unit. Zero delay cycles are rings of combinatorial components where each com-
ponent produces a signal to an input of its successors. To detect such cycles
in hierarchical structures, one has to analyze zero delay dependencies between
outputs and inputs bottom up. In gure 7.1, for example, the signal v builds a
loop around A. Whether or not this is a zero delay cycle depends on the delay
on the delay between the second input and the output of A. In gure 7.1, there
may also be a second zero delay cycle with the components B and C and the
signals w and y. It depends on the delay between the rst input and the output
of B and on the delay between the second input and the second output of C.
Both shortcircuits and zero delay cycles may lead to contradictory circuit
descriptions. In the functional circuit description approach shortcircuits and
zero delay cycles cannot be described, but with relational circuit structures one
may. One way to avoid such bugs is explicitely check the absence of shortcircuits
and zero-delay cycles [AHL92].
Automata descriptions also have the advantage of being simulatable. For
a given automaton description represented via initial state and output- and
transition function, there is a simple algorithm for mapping the input signal
to the output signal (see section ??). Relations on the other hand are less
constructive. They only state whether or not some signals correspond to some
simulation run of a circuit. However, they do not give a hint on how to perform
simulation, and it may even be that this computation is not computable at all.
7.3 Representing Structures that Consist of Au-
tomata
An automaton can easily be used to describe a relation between an input and
an output
output = automaton(f; q) input
However, both the input and the output may be bundles of signals rather than
single signals. To allow arbitrary interconnections between single signals, one
has to split the signal. The expression
(t: (output
1
(t); : : : ; outputs
n
o
(t))) =
automaton(f; q) (t: (input
1
(t); : : : ; inputs
n
i
(t)))
is similar to the previous one except that input and output are represented by
functions mapping time t to a tuple, where each component corresponds to the
value of one signal within the bundle. Using this pattern, the above mentioned
scheme for representing structures in a relational manner can be used to also
represent structures consistion of several automata.
38
7.4 Splitting an Automaton into Combinatorial
Block and Memory Block
The following theorem describes a relation between automata, combinatorial
blocks and memory blocks. It states that an automaton is equivalent to a
structure consisting of a combinatorial block and a memory block.
Applying this theorem can be considered to be a rst step towards switch-
ing from an automaton description towards a structural description using the
relational description style. The next step could be splitting the memory block
and the combinatorial block into smaller memory parts and combinatorial units,
respectively.
`
(output = automaton (f; q) input)
=
( 9x; y:
(t: (output(t); x(t))) =
combinatorial block f (t: (input(t); y(t)) )
^
(y = memory block q x)
)
(7.1)
D[q]
f
automaton(f; q)
D[q]
f
memory block(q)
combinatorial
block(g)
Figure 7.2: Splitting an Automaton into Combinatorial Block and Memory
Block
7.5 Switching from Relational to Functional Cir-
cuit Descriptions
The next two theorems provide a mechanism for switching from relational circuit
descriptions to automata representations. As described in the previous sections,
39
there are several reasons why this makes sense. The most important reasons
are, that they are unambiguous and simulatable.
Not all relational circuit descriptions are free from contradictions due to zero
delay cycles and shortcircuits. Being free from zero delay cycles, however, is a
preliminary for transforming them them to automata representations. Therefore
having performed this transformations implicitly proves the absence of such
bugs.
The theorems (7.2) and (7.3) provide means for switching between relational
circuit descriptions and single automaton representations. The transformation
is achieved in two steps. In the rst step, theorem (7.2) is applied as often
as possible. Theorem (7.2) combines two parallel circuits. All circuits of some
structure can be considered to be switched in parallel although this may lead
to circuits with connections from its outputs towards its inputs. The result of
the rst step is a structure only consisting of a single component. However, this
still is a structural description since there still may be some connections from
the outputs of this component towards its inputs.
`
( 9x:
(t: (output(t); x(t))) =
automaton(
(((i
1
; i
2
); s): (g(i
1
; i
2
; s); h(i
1
; s); j(i
1
; i
2
; s))) ;
q
)
(t: (input(t); x(t)))
)
=
(output =
automaton( ((i; s): let z = h(i; s) in (g(i; z; s); j(i; z; s))) ; q )
input
)
(7.2)
D[(q
1
; q
2
)]
h
g
D[q
1
]
g
D[q
2
]
h
Figure 7.3: Parallel Connection of Two Automata
40
In the second step, cycles are eliminated by applying theorem (7.2) (see
gure 7.3). Other than the rst step, the second step may fail. The second
step fails for zero-delay cycles. Figure 7.3 illustrates the theorem. There is a
feedback signal that is produced by some component h. To apply the theorem,
it must be provided, that h itself does not depend on the signal, i.e. the feedback
signal must not be connected with an input of h.
The result of step two should be a single automaton component without any
connections between its interface ports. Besides connections from outputs to
inputs, some relational circuit descriptions also lead to interconnections between
outputs due to shortcircuits. Such interconnections cannot be eliminated, the
overall transformation fails.
`
( 9x:
(t: (output(t); x(t))) =
automaton(
(((i
1
; i
2
); s): (g(i
1
; i
2
; s); h(i
1
; s); j(i
1
; i
2
; s))) ;
q
)
(t: (input(t); x(t)))
)
=
(output =
automaton( ((i; s): let z = h(i; s) in (g(i; z; s); j(i; z; s))) ; q )
input
)
(7.3)
D[q]
g
j
h
D[q]
h
j
g
Figure 7.4: Cycle
Theorem (7.4) oers an alternative to theorem (7.2). As with theorem (7.2),
it describes the combination of two components. But unlike theorem (7.2), there
is also a connection from the rst to the second component. Applying theorem
(7.2) would lead to a loop, which one would have to eliminate via theorem (7.3).
The application of theorem (7.4) allows performing this in single step rather than
in two steps. It has to be noted, that theorem (7.4) is only applicable if the two
41
components are interconnected in exactly one direction.
`
( 9x:
( (t: (output
1
(t); x(t))) = automaton (f
1
; q
1
) input ) ^
( output
2
= automaton (f
2
; q
2
) (t: (input(t); x(t))) )
)
=
(
(t: (output
1
(t); output
2
(t))) =
automaton(
((i; (s
1
; s
2
)):
let ((a; b); c) = f
1
(i; s
1
) in
let (d; e) = f
2
((i; b); s
2
) in
((a; d); (c; e))
) ;
q
)
input
)
)
(7.4)
D[(q
1
; q
2
)]
f
1 f
2
D[q
1
]
f
1
D[q
2
]
f
2
Figure 7.5: Concatenation of Two Automata
7.6 Subautomata
The next three theorems are designed for systematically extracting subautomata,
i.e. parts of automata that are themselves automata. The idea behind this is
to allow circuit transformations also on parts of automata, rather than on the
entire automaton. Applying circuit transformation on a subautomaton is per-
formed in three steps. First the subautomaton is extracted by applying the
42
following theorems in forward direction. This leads to a structure, where one of
the components is the subautomaton in question. Then the circuit transforma-
tion is applied to this subautomaton, and nally the theorems, that were applied
to extract the subautomaton are applied in inverse direction to reconstruct a
single automaton.
Theorem (7.5) assumes, that the memory consists of two parts (scalar prod-
uct) and splits apart one the two. The resulting structure consists of a subau-
tomaton and a memory component (see gure 7.6).
`
(output = automaton (f; (q
1
; q
2
)) input)
=
( 9x; y:
( (t: (output(t); y(t))) =
automaton (
((a; b); c): let (r; (s; t)) = f(a; (b; c)) in ((r; s); t));
q
2
)
(t: (input(t); x(t)))
)
^
( x = memory block q
1
y )
)
(7.5)
D[(q
1
; q
2
)]
f
D[q
2
]
f
D[q
1
]
Figure 7.6: Splitting o a Memory Block
Theorem (7.6) and (7.7) split o combinatorial components. Theorem (7.6)
splits o two combinatorial parts that are directly connected to the automaton's
inputs and outputs, respectively (gure 7.7). Theorem (7.7) splits o an inner
43
combinatorial part.
`
(
output =
automaton (
(i; s):
let (a; c) = f(i; s) in
let b = g(a) in
let (d; e) = h(b; c) in
(d; e)
;
q
)
input
)
=
( 9x; y:
( (t: (output(t); y(t))) =
automaton (
((i; b); s):
let (a; c) = f(i; s) in
let (d; e) = h(b; c) in
((d; a); e)
;
q
)
(t: (input(t); x(t)))
)
^
( x = combinatorial block g y )
)
(7.6)
f
g
h
D[q]
g
h
f
D[q]
Figure 7.7: Splitting o a Combinatorial Block / I
44
`(
output =
automaton (
(i; s):
let (a; b) = f(i) in
let (c; d) = g(b; s) in
let e = h(a; c) in
(e; d)
;
q
)
input
)
=
( 9x; y:
( (t: (output(t); y(t))) =
combinatorial block (
(i; c):
let (a; b) = f(i; s) in
let e = h(a; c) in
(e; b)
)
(t: (input(t); x(t)))
)
^
( x = automaton (g; q) y )
)
(7.7)
f
g
h
D[q]
h
f
D[q]
g
Figure 7.8: Splitting o a Combinatorial Block / II
45
Bibliography
[AHL92] AHL. Lambda Reference Manual, 1989.
[Day92] Nancy Day. A comparison between statecharts and state transition
assertions. In [HOL92], pages 247{262.
[EiKM96] D. Eisenbiegler, R. Kumar, and J. Muller. A formal model for a
VHDL subset of synchronous circuits. In APCHDL '96, Bangalore,
India, 1996.
[EiKu95c] D. Eisenbiegler and R. Kumar. Formalizing the semantics for a
synchronous subset of VHDL. Technical Report FZI-Report 8/95,
Forschungszentrum Informatik (FZI), 1995.
[EiKu96] D. Eisenbiegler and R. Kumar. Synthese von verhaltensbeschreibun-
gen in VHDL mittels logischer transformationen. InWorkshop Metho-
den des Entwurfs und der Verikation digitaler Schaltungen, Kreischa,
Germany, March 1996. GI/ITG/GME.
[EiSK93] D. Eisenbiegler, K. Schneider, and R. Kumar. A functional approach
for formalizing regular hardware structures. In [HOL93], pages 101{
114.
[GoMe93] M.J.C. Gordon and T.F. Melham. Introduction to HOL: A Theorem
Proving Environment for Higher Order Logic. Cambridge University
Press, 1993.
[HaDa86] F.K. Hanna and N. Daeche. Specication and verication of dig-
ital systems using higher-order predicate logic. IEE Proc. Pt. E,
133(3):242{254, 1986.
[HOL92] L. J. M. Claesen and M. J. C. Gordon, editors. Higher Order Logic
Theorem Proving and its Applications, volume A-20, Leuven, Belgium,
September 1992. IFIP TC10/WG10.2, North-Holland.
[HOL93] Jerey J. Joyce and Carl-Johan H. Seger, editors. Higher Order Logic
Theorem Proving and its Applications, number 780, Vancouver, B.C.,
Canada, August 1993. Springer-Verlag.
46
[KlBr95] C.D. Kloos and P.T. Breuer, editors. Formal Semantics for VHDL,
volume 307 of The Kluwer international series in engineering and
computer science. Kluwer, Madrid, Spain, March 1995.
[Loew92] Paul Loewenstein. A formal theory of simulations between innite
automata. In [HOL92], pages 227{246.
[Melh88] F. Melham. Automating recursive type denitions in higher order
logic. Technical Report 140, University of Cambridge Computer Lab-
oratory, 1988.
[Melh93] T. Melham. Higher Order Logic and Hardware Verication. Cam-
bridge University Press, 1993.
[ScKK93] K. Schneider, R. Kumar, and Thomas Kropf. Alternative proof pro-
cedures for nite-state machines in higher-order logic. In [HOL93],
pages 213{226.
47
Index
+, 32
;-operator, 32
0, 32
F, 32
INL, 32
INR, 32
SUC, 32
T, 32
any, 32
automaton, 7
bool, 32
none, 32
num, 32
one, 32
option, 32
, 32
FST, 7
SND, 7
SUC, 7
add direct successors, 17
are reachable and contain initial state,
17
automaton', 6
automata
denition, 5
equality, 8
BOOL NEG, 33
causality, 11
combinatorial block, 12
memory block, 12
NUM BOOL, 33
NUM PROD, 33
OPTION EXTEND, 33
OPTION SUM, 33
OPTION TRANS, 33
PROD ASSOC, 33
PROD COM, 33
PROD EXTEND, 33
PROD TRANS, 33
product automaton, 10
reachability, 15
shortcircuit, 38
state encoding, 20
pure, 22
state minimization, 24
state traversation, 16
structures
consisting of automata, 39
relational representation style,
38
subautomata, 43
SUM ASSOC, 33
SUM COM, 33
SUM EXTEND, 33
SUM TRANS, 33
zero delay cycles, 39
48
