Algebra of Parametrised Graphs by Mokhov A et al.
  
COMPUTING 
SCIENCE 
Algebra of Parametrised Graphs 
 
 
Andrey Mokhov, Victor Khomenko, Arseniy Alekseyev, Alex 
Yakovlev 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
TECHNICAL REPORT SERIES 
 
No. CS-TR-1307 December 2011 
TECHNICAL REPORT SERIES 
              
 
No. CS-TR-1307  December, 2011 
 
Algebra of Parametrised Graphs 
 
A. Mokhov, V. Khomenko, A. Alekseyev, A. Yakovlev 
 
Abstract 
 
One of the difficulties in designing modern hardware systems is the necessity to 
comprehend and to deal with a very large number of system configurations, 
operational modes, and behavioural scenarios. It is often infeasible to consider and 
specify each individual mode explicitly, and one needs methodologies and tools to 
exploit similarities between the individual modes and work with groups of modes 
rather than individual ones. The modes and groups of modes have to be managed in a 
compositional way: the specification of the system should be composed from 
specifications of its blocks. This includes both structural and behavioural 
composition. Furthermore, one should be able to transform and optimise the 
specifications in a fully formal and natural way. 
 
In this paper we propose a new formalism, called Parametrised Graphs. It extends the 
existing Conditional Partial Order Graphs (CPOGs) formalism in several ways. First, 
it deals with general graphs rather than just partial orders. Moreover, it is fully 
compositional. To achieve this we introduce an algebra of Parametrised Graphs by 
specifying the equivalence relation by a set of axioms, which is proved to be sound, 
minimal and complete. This allows one to manipulate the specifications as algebraic 
expressions using the rules of this algebra. We demonstrate the usefulness of the 
developed formalism on two case studies coming from the area of microelectronics 
design. 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
© 2011 Newcastle University. 
Printed and published by Newcastle University, 
Computing Science, Claremont Tower, Claremont Road, 
Newcastle upon Tyne, NE1 7RU, England. 
Bibliographical details 
 
MOKHOV, A., KHOMENKO, V., ALEKSEYEV, A., YAKOVLEV, A. 
 
Algebra of Parametrised Graphs 
[By]  A. Mokhov, V. Khomenko, A. Alekseyev, A. Yakovlev 
Newcastle upon Tyne: Newcastle University: Computing Science, 2011. 
 
(Newcastle University, Computing Science, Technical Report Series, No. CS-TR-1307) 
 
Added entries 
 
NEWCASTLE UNIVERSITY 
Computing Science. Technical Report Series.  CS-TR-1307 
 
Abstract 
 
One of the difficulties in designing modern hardware systems is the necessity to comprehend and to deal with a 
very large number of system configurations, operational modes, and behavioural scenarios. It is often infeasible to 
consider and specify each individual mode explicitly, and one needs methodologies and tools to exploit 
similarities between the individual modes and work with groups of modes rather than individual ones. The modes 
and groups of modes have to be managed in a compositional way: the specification of the system should be 
composed from specifications of its blocks. This includes both structural and behavioural composition. 
Furthermore, one should be able to transform and optimise the specifications in a fully formal and natural way. 
 
In this paper we propose a new formalism, called Parametrised Graphs. It extends the existing Conditional Partial 
Order Graphs (CPOGs) formalism in several ways. First, it deals with general graphs rather than just partial 
orders. Moreover, it is fully compositional. To achieve this we introduce an algebra of Parametrised Graphs by 
specifying the equivalence relation by a set of axioms, which is proved to be sound, minimal and complete. This 
allows one to manipulate the specifications as algebraic expressions using the rules of this algebra. We 
demonstrate the usefulness of the developed formalism on two case studies coming from the area of 
microelectronics design. 
 
About the authors 
 
Andrey Mokhov studied computing science at Kyrgyz-Russian Slavic University from 2000 to 2005. After 
graduation with honours he joined the Asynchronous Research Group at Newcastle University as a PhD student 
and in 2009 he successfully defended his PhD dissertation. Currently he is a research associate in the School of 
Computing Science, Newcastle University. His research interests include different levels of electronic design 
automation: from formal models for system specification and verification to logic synthesis and application-
specific optimisation. 
 
Victor Khomenko obtained his MSc with distinction in Computer Science, Applied Mathematics and Teaching of 
Mathematics and Computer Science in 1998 from Kiev Taras Shevchenko University, and PhD in Computing 
Science in 2003 from Newcastle University. He was a Program Committee Chair for the International Conference 
on Application of Concurrency to System Design (ACSD'10). He also organised the Workshop on UnFOlding and 
partial order techniques (UFO'07) and Workshop on BALSA Re-Synthesis (RESYN'09). In January 2005 Victor 
became a Lecturer in the School of Computing Science, Newcastle University, and in September 2005 he obtained 
a Royal Academy of Engineering / EPSRC Post-doctoral Research Fellowship and worked on the Design and 
Verification of Asynchronous Circuits (DAVAC) project. After the end of this award, in September 2010, he 
switched back to Lectureship. Victor’s research interests include model checking of Petri nets, Petri net unfolding 
techniques, verification and synthesis of self-timed (asynchronous) circuits. 
 
Arseniy Alekseyev studied computing science at Kyrgyz-Russian Slavic University from 2000 to 2005. After 
graduation, he joined the Asynchronous Research Group at Newcastle University as a PhD student on the 
Verification-Driven Asynchronous Design (VERDAD) project. His research interests include formal methods, 
automated theorem proving and electronic design automation. 
 
Alex Yakovlev received D.Sc. from Newcastle University in 2006, and M.Sc. and Ph.D. from St. Petersburg 
Electrical Engineering Institute in 1979 and 1982. Since 1991 he has been at the Newcastle University, where he 
worked as a lecturer, reader and professor at the Computing Science department until 2002, and is now heading 
the Microelectronic Systems Design research group (http://async.org.uk) at the School of Electrical, Electronic 
and Computer Engineering. His current interests and publications are in the field of modeling and design of 
asynchronous, concurrent, real-time and dependable systems on a chip. He has published four monographs and 
more than 200 papers in academic journals and conferences, has managed over 25 research contracts. 
 
Suggested keywords 
 
ALGEBRA OF PARAMETRISED GRAPHS 
CONDITIONAL PARTIAL ORDER GRAPHS 
MICROELECTRONICS DESIGN 
MULTIMODAL SYSTEMS 
Algebra of Parametrised Graphs
Andrey Mokhov, Victor Khomenko, Arseniy Alekseyev, Alex Yakovlev
AbstractOne of the difficulties in designing modern hardware systems is the necessity to comprehend and to deal with avery large number of system configurations, operational modes, and behavioural scenarios. It is often infeasible toconsider and specify each individual mode explicitly, and one needs methodologies and tools to exploit similaritiesbetween the individual modes and work with groups of modes rather than individual ones. The modes and groupsof modes have to be managed in a compositional way: the specification of the system should be composed fromspecifications of its blocks. This includes both structural and behavioural composition. Furthermore, one shouldbe able to transform and optimise the specifications in a fully formal and natural way.In this paper we propose a new formalism, called Parametrised Graphs. It extends the existing ConditionalPartial Order Graphs (CPOGs) formalism in several ways. First, it deals with general graphs rather than justpartial orders. Moreover, it is fully compositional. To achieve this we introduce an algebra of Parametrised Graphsby specifying the equivalence relation by a set of axioms, which is proved to be sound, minimal and complete.This allows one to manipulate the specifications as algebraic expressions using the rules of this algebra. Wedemonstrate the usefulness of the developed formalism on two case studies coming from the area of microelectronicsdesign.
1 Introduction
While the complexity of modern hardware exponentially increases due to Moore’s law, the time-to-market isreducing. The number of available transistors on chip exceeds the capabilities of designers to meaningfully usethem: this design productivity gap is a major challenge in the microelectronics industry [2]. One of the difficultiesof the design is the necessity to comprehend and to deal with a very large number of system configurations,operational modes, and behavioural scenarios. The contemporary systems often have abundant functionality andenjoy features like fault-tolerance, dynamic reconfigurability, power management, all of which greatly increasethe number of possible modes of operation. Hence, it is often infeasible to consider and specify each individualmode explicitly, and one needs methodologies and tools to exploit similarities between the individual modes andwork with groups of modes rather than individual ones. The modes and groups of modes have to be managed ina compositional way: the specification of the system should be composed from specifications of its blocks. Thisincludes both structural and behavioural composition. Furthermore, one should be able to transform and optimisethe specifications in a fully formal and natural way.In this paper we continue the work started in [7][8], where a formal model, called Conditional Partial OrderGraphs (CPOGs), was introduced. It allowed to represent individual system configurations and operational modesas annotated graphs, and to overlay them exploiting their similarities. However, the formalism lacked the com-positionality and the ability to compare and transform the specifications in a formal way. In particular, CPOGsalways represented the specification as a ‘flat’ structure (similar to the canonical form defined in Section 2), hencea hierarchical representation of a system as a composition of its components was not possible. We extend thisformalism in several ways:• We move from the graphs representing partial orders to general graphs. Nevertheless, if partial orders arethe most natural way to represent a certain aspect of system, this still can be handled.• The new formalism is fully compositional.• We describe the equivalence relation between the specifications as a set of axioms, obtaining an algebra.This set of axioms is proved to be sound, minimal and complete.• The developed formalism allows to manipulate the specifications as algebraic expressions using the rulesof the algebra. In a sense this can be viewed as adding a syntactic level to the semantic representation ofspecifications, and is akin to the relationship between digital circuits and Boolean algebra.
1
We demonstrate the usefulness of the developed formalism on two case studies. The first one is concerned withdevelopment of a phase encoding controller, which represents information by the order of arrival of signals on nwires. As there are n! possible arrival orders, there is a challenge to specify the set of corresponding behaviouralscenarios in a compact way. The proposed formalism not only allows to solve this problem, but also does it ina compositional way, by obtaining the final specification as a composition of fixed-size fragments describing thebehaviours of pairs of wires (the latter was impossible with CPOGs).The second case study is concerned with designing a microcontroller for a simple processor. The processorcan execute several classes of instructions, and each class is characterised by a specific execution scenario ofthe operational units of the processor. In turn, the scenarios of conditional instructions have to be composed ofsub-scenarios corresponding to the current value of the appropriate ALU flag. The overall specification of themicrocontroller is then obtained algebraically, by composing scenarios of each class of instructions.
2 Parametrised Graphs
A Parametrised Graph (PG) is a model which has evolved from Conditional Partial Order Graphs (CPOG) [7][8].We consider directed graphs G = (V ,E) whose vertices are picked from the fixed alphabet of actions A = {a,b, ...}.Hence the vertices of G would usually model actions (or events) of the system being designed, while the arcswould usually model the precedence or causality relation: if there is an arc going from a to b then action aprecedes action b. We will denote the empty graph (∅, ∅) by ε and the singleton graphs ({a}, ∅) simply by a, forany a ∈ A.Let G1 = (V1,E1) and G2 = (V2,E2) be two graphs, where V1 and V2 as well as E1 and E2 are not necessarilydisjoint. We define the following operations on graphs (in the order of increasing precedence):
Overlay: G1 +G2 df= (V1 ∪ V2,E1 ∪ E2).
Sequence: G1 → G2 df= (V1 ∪ V2,E1 ∪ E2 ∪ V1 × V2).
Condition: [1]G df= G and [0]G df= ε.In other words, the overlay + and sequence → are binary operations on graphs with the following semantics:
G1 +G2 is a graph obtained by overlaying graphs G1 and G2, i.e. it contains the union of their vertices and arcs,while graph G1 → G2 contains the union plus the arcs connecting every vertex from graph G1 to every vertexfrom graph G2 (self-loops can be formed in this way if V1 and V2 are not disjoint). From the behavioural pointof view, if graphs G1 and G2 correspond to two systems then G1 + G2 corresponds to their parallel compositionand G1 → G2 corresponds to their sequential composition. One can observe that any non-empty graph can beobtained by successively applying the operations + and → to the singleton graphs.Figure 2.1 shows an example of two graphs together with their overlay and sequence. One can see that theoverlay does not introduce any dependencies between the actions coming from different graphs, therefore theycan be executed concurrently. On the other hand, the sequence operation imposes the order on the actions byintroducing new dependencies between actions a, b and c coming from graph G1 and action d coming from graph
G2. Hence, the resulting system behaviour is interpreted as the behaviour specified by graph G1 followed bythe behaviour specified by graph G2. Another example of system composition is shown in Figure 2.2. Since thegraphs have common vertices, their compositions are more complicated, in particular, their sequence contains theself-dependencies (b,b) and (d,d) which lead to a deadlock in the resulting system: action a can occur, but allthe remaining actions are locked.
a cb
(a) Graph G1
d
(b) Graph G2
a
d
cb
(c) Graph G1 +G2
a
d
cb
(d) Graph G1 → G2Figure 2.1: Overlay and sequence example (no common vertices)
2
dba
(a) Graph G1
d
cb
(b) Graph G2
a
d
cb
(c) Graph G1 +G2
a
d
cb
(d) Graph G1 →G2Figure 2.2: Overlay and sequence example (common vertices)
Given a graph G, the unary condition operations can either preserve it (true condition [1]G) or nullify it (falsecondition [0]G). They should be considered as a family {[b]}b∈B of operations parametrised by a Boolean value b.Having defined the basic operations on the graphs, one can build graph expressions using these operations, theempty graph ε, the singleton graphs a ∈ A, and the Boolean constants 0 and 1 (as the parameters of the conditionaloperations) — much like the usual arithmetical expressions. We now consider replacing the Boolean constantswith Boolean variables or general predicates (this step is akin going from arithmetic to algebraic expressions).The value of such an expression depends on the values of its parameters, and so we call such an expression aparametrised graph (PG).One can easily prove the following properties of the operations introduced above.• Properties of overlay:
– Identity: G+ ε = G.– Commutativity: G1 +G2 = G2 +G1.– Associativity: (G1 +G2) +G3 = G1 + (G2 +G3).• Properties of sequence:
– Left identity: ε→ G = G.– Right identity: G→ ε = G.– Associativity: (G1 → G2)→ G3 = G1 → (G2 → G3).• Other properties:
– Left distributivity: G1 → (G2 +G3) = G1 → G2 +G1 → G3.– Right distributivity: (G1 +G2)→ G3 = G1 → G3 +G2 → G3.– Decomposition: G1 → G2 → G3 = G1 → G2 +G1 → G3 +G2 → G3.• Properties involving conditions:
– Conditional ε: [b]ε = ε.– Conditional overlay: [b](G1 +G2) = [b]G1 + [b]G2.– Conditional sequence: [b](G1 → G2) = [b]G1 → [b]G2.– AND-condition: [b1 ∧ b2]G = [b1][b2]G.– OR-condition: [b1 ∨ b2]G = [b1]G+ [b2]G.– Condition regularisation: [b1]G1 → [b2]G2 = [b1]G1 + [b2]G2 + [b1 ∧ b2](G1 → G2).Now, due to the above properties of the operators, it is possible to define the following canonical form of a PG. Inthe proof below, we call a singleton graph, possibly prefixed with a condition, a literal.Proposition 1 (Canonical form of a PG). Any PG can be rewritten in the following canonical form:(∑
v∈V
[bv]v
)
+
(∑
u,v∈V[buv](u→ v)
) , (2.1)
where:
3
• V is a subset of singleton graphs that appear in the original PG;• for all v ∈ V , bv are canonical forms of Boolean expressions and are distinct from 0;• for all u, v ∈ V , buv are canonical forms of Boolean expressions such that buv ⇒ bu ∧ bv.Proof. (i) First we prove that any PG can be converted to the form (2.1).All the occurrences of ε in the expression can be eliminated by the identity and conditional ε properties(unless the whole PG equals to ε, in which case we take V = ∅). To avoid unconditional subexpressions, weprefix the resulting expression with ‘[1]’, and then by the conditional overlay/sequence properties we propagateall the conditions that appear in the expression down to the singleton graphs (compound conditions can be alwaysreduced to a single one by the AND-condition property). By the decomposition and distributivity properties, theexpression can be rewritten as an overlay of literals and subexpressions of the form l1 → l2, where l1 and l2 areliterals. The latter subexpressions can be rewritten using the condition regularisation rule:
[b1]u→ [b2]v = [b1]u+ [b2]v+ [b1 ∧ b2](u→ v)Now, literals corresponding to the same singleton graphs, as well as subexpressions of the form [b](u → v) thatcorrespond to the same pair of singleton graphs u and v, are combined using the OR-condition property. Then theliterals prefixed with 0 conditions can be dropped. Now the set V consists of all the singleton graphs occurringin the literals. To turn the overall expression into the required form it only remains to add missing subexpressionsof the form [0](u→ v) for every u, v ∈ V such that the expression does not contain the subexpression of the form
[b](u→ v). Note that the property buv ⇒ bu ∧ bv is always enforced by this construction:• condition regularisation ensures this property;• combining literals using the OR-condition property can only strengthen the right hand side of this implication,and so cannot violate it;• adding [0](u→ v) does not violate the property as it trivially holds when buv = 0.(ii) We now show that (2.1) is a canonical form, i.e. if L = R then their canonical forms can(L) and can(R) coincide.For the sake of contradiction, assume this is not the case. Then we consider two cases (all possible cases aresymmetric to one of these two):1. can(L) contains a literal [bv]v whereas can(R) either contains a literal [b ′v]v with b ′v 6≡ bv or does not containany literal corresponding to v, in which case we say that it contains a literal [b ′v]v with b ′v = 0. Then forsome values of parameters one of the graphs will contain vertex v while the other will not.2. can(L) and can(R) have the same set V of vertices, but can(L) contains a subexpression [buv](u → v)whereas can(R) contains a subexpression [b ′uv](u→ v) with b ′uv 6≡ buv. Then for some values of parametersone of the graphs will contain the arc (u, v) (note that due to buv ⇒ bu ∧ bv and b ′uv ⇒ bu ∧ bv vertices uand v are present), while the other will not.In both cases there is a contradiction with L = R.This canonical form allows one to lift the notion of adjacency matrix of a graph to PGs. Recall that the adjacencymatrix (buv) of a graph (V ,E) is a |V |× |V | Boolean matrix such that buv = 1 if (u, v) ∈ E and buv = 0 otherwise.The adjacency matrix of a PG is obtained from the canonical form (2.1) by gathering the predicates buv into amatrix. The adjacency matrix of a PG is similar to that of a graph, but it contains predicates rather than Booleanvalues. It does not uniquely determine a PG, as the predicates of the vertices cannot be derived from it; to fullyspecify a PG one also has to provide predicates bv from the canonical form (2.1).Another advantage of this canonical form is that it provides a graphical notation for PGs. The vertices occurringin the canonical form (set V) can be represented by circles, and the subexpressions of the form u → v by arcs.The label of a vertex v consists of the vertex name, colon and the predicate bv, while every arc (u, v) is labelledwith the corresponding predicate buv. As adjacency matrices of PGs tend to have many constant elements, weuse a simplified notation in which the arcs with constant 0 predicates are not drawn, and constant 1 predicatesare dropped; moreover, it is convenient to assume that the predicates on arcs are implicitly ANDed with those onincident vertices (to enforce the invariant buv ⇒ bu ∧ bv), which often allows one to simplify predicates on arcs.This can be justified by introducing the ternary operator, called conditional sequence:
u
b−→ v df= [b](u→ v) + u+ v
4
ad
b
c: x e: x_
a
d
b
c
a
d
b
e
x _
x _
x x_
Figure 2.3: PG specialisations: H|x and H|x
Intuitively, PG u b−→ v consists of two unconditional vertices connected by an arc with the condition b. Bycase analysis on b1 and b2 one can easily prove the following properties of the conditional sequence that allowsimplifying the predicates on arcs:
[b1]u b1∧b2−−−−→ v = [b1]u b2−→ v
u
b1∧b2−−−−→ [b2]v = u b1−→ [b2]v
Fig. 2.3(top) shows an example of a PG. The predicates depend on a Boolean variable x. The predicates ofvertices a, b and d are constants 1; such vertices are called unconditional. Vertices c and e are conditional, andtheir predicates are x and x, respectively. Arcs also fall into two classes: unconditional, i.e. those whose predicateand the predicates of their incident vertices are constants 1, and conditional (in this example, all the arcs areconditional).A specialisation H|p of a PG H under predicate p is a PG, whose predicates are simplified under the assumptionthat p holds. If H specifies the behaviour of the whole system, H|p specifies the part of the behaviour that can berealised under condition p. An example of a graph and its two specialisations is presented in Fig. 2.3. The leftmostspecialisation H|x is obtained by removing from the graph those vertices and arcs whose predicates evaluate to 0under condition x, and simplifying the other predicates. Hence, vertex e and arcs (a,d), (a, e), (b,d) and (b, e)disappear, and all the other vertices and arcs become unconditional. The rightmost specialisation H|x is obtainedanalogously. Each of the obtained specialisations can be regarded as a specification of a particular behaviouralscenario of the modelled system, e.g. as specification of a processor instruction.
2.1 Specification and composition of instructionsConsider a processing unit that has two registers A and B, and can perform two different instructions: additionand exchange of two variables stored in memory. The processor contains five datapath components (denoted by
a . . . e) that can perform the following atomic actions:a) Load register A from memory;b) Load register B from memory;c) Compute the sum of the numbers stored in registers A and B, and store it in A;d) Save register A into memory;e) Save register B into memory.Table 1 describes the addition and exchange instructions in terms of usage of these atomic actions.The addition instruction consists of loading the two operands from memory (causally independent actions aand b), their addition (action c), and saving the result (action d). Let us assume for simplicity that in this example
5
Instruction Addition Exchangea) Load A a) Load AAction b) Load B b) Load Bsequence c) Add B to A d) Save Ad) Save A e) Save B
Execution
a
d
b
c
a
d
b
escenariowith maximumconcurrency
ADD XCHG
Table 1: Two instructions specified as partial orders
all causally independent actions are always performed concurrently, see the corresponding scenario ADD in thetable.The operation of exchange consists of loading the operands (causally independent actions a and b), and savingthem into swapped memory locations (causally independent actions d and e), as captured by the XCHG scenario.Note that in order to start saving one of the registers it is necessary to wait until both of them have been loadedto avoid overwriting one of the values.One can see that the two scenarios in Table 1 appear to be the two specialisations of the PG shown in Fig. 2.3,thus this PG can be considered as a joint specification of both instructions. Two important characteristics of sucha specification are that the common events {a,b,d} are overlaid, and the choice between the two operations ismodelled by the Boolean predicates associated with the vertices and arcs of the PG. As a result, in our modelthere is no need for a ‘nodal point’ of choice, which tend to appear in alternative specification models (a PetriNet would have an explicit choice place, a Finite State Machine – an explicit choice state, and a specificationwritten in a Hardware Description Language would describe the two instructions by two separate branches of aconditional statement if or case [5]).The PG operations introduced above allows for a natural specification of the system as a collection of itsbehavioural scenarios, which can share some common parts. For example, in this case the overall system iscomposed as
H = [x]ADD+ [x]XCHG = [x]((a+ b)→ c+ c→ d) + [x]((a+ b)→ (d+ e)).Such specifications can often be simplified using the properties of graph operations. The next section describesthe equivalence relation between the PGs with a set of axioms, thus obtaining an algebra.
3 Algebra of parametrised graphs
In this section we define the algebra of parametrised graphs (PG-algebra).PG-algebra is a tuple 〈G,+,→, [0], [1]〉, where G is a set of graphs whose vertices are picked from the alphabet Aand the operations parallel those defined for graphs above. The equivalence relation is given by the followingaxioms.1. + is commutative and associative.2. → is associative.3. ε is a left and right identity of →.4. Left and right distributivity of → over +: p→ (q+ r) = p→ q+ p→ r and (p+ q)→ r = p→ r+ q→ r.5. Decomposition: p→ q→ r = p→ q+ p→ r+ q→ r.
6
6. Condition: [0]p = ε and [1]p = p.The following theorems can be proven from PG-algebra axioms.Proposition 2. The following equalities hold:• ε is an identity of +: p+ ε = p.• + is idempotent: p+ p = p.• Left and right absorption: p+ p→ q = p→ q and q+ p→ q = p→ q.Proof. First we prove the following auxiliary equality, called reduced decomposition or r-decomposition: p =
p+ p+ ε.
p = (→ -identity)
p→ ε→ ε = (decomposition)
(p→ ε) + (p→ ε) + (ε→ ε) = (→ -identity)
p+ p+ εNow the equality p+ ε = p can be proved as follows:
p = (r-decomposition)
p+ p+ ε = (r-decomposition)
p+ p+ (ε+ ε+ ε) = (+-commutativity)
(p+ ε) + (p+ ε) + ε = (r-decomposition)
p+ ε
The idempotence of + can be proved as follows:
p = (r-decomposition)
p+ p+ ε = (+-identity)
p+ p
The left and right absorption are proved as follows:
p+ (p→ q) = (→ -identity)
(p→ ε) + (p→ q) = (left distributivity)
p→ (ε+ q) = (+-identity)
p→ q
q+ (p→ q) = (→ -identity)
(ε→ q) + (p→ q) = (right distributivity)
(ε+ p)→ q = (+-identity)
p→ q
Remark. Note that as ε is a left and right identity of→ and +, there can be no other identities for these operations.Interestingly, unlike many other algebras, the two main operations in the PG-algebra have the same identity.The following equalities can be easily proved by case analysis on the values of the Boolean parameters.Proposition 3. The following equalities hold for conditions:• Conditional ε: [b]ε = ε.• Conditional overlay: [b](p+ q) = [b]p+ [b]q.• Conditional sequence: [b](p→ q) = [b]p→ [b]q.• AND-condition: [b1 ∧ b2]p = [b1][b2]p.• OR-condition: [b1 ∨ b2]p = [b1]p+ [b2]p.• Choice propagation:
7
– [b](p→ q) + [b](p→ r) = p→ ([b]q+ [b]r) and– [b](p→ r) + [b](q→ r) = ([b]p+ [b]q)→ r.
• Condition regularisation: [b1]p→ [b2]q = [b1]p+ [b2]q+ [b1 ∧ b2](p→ q).Proof. First, suppose the value of b (or b1 where appropriate) is 0 (*). Then:Conditional ε:
[b]ε = (*)
[0]ε = (false condition)
εConditional overlay:
[b](p+ q) = (*)
[0](p+ q) = (false condition)
ε = (+-identity)
ε+ ε = (false condition)
[0]p+ [0]q = (*)
[b]p+ [b]qConditional sequence:
[b](p→ q) = (*)
[0](p→ q) = (false condition)
ε = (→ -identity)
ε→ ε = (false condition)
[0]p→ [0]q = (*)
[b]p→ [b]qAND-condition:
[b1 ∧ b2]p = (*)
[0∧ b2]p = (Boolean algebra)
[0]p = (false condition)
ε = (false condition)
[0][b2]p = (*)
[b1][b2]pOR-condition:
[b1 ∨ b2]p = (*)
[0∨ b2]p = (Boolean algebra)
[b2]p = (false condition)
ε+ [b2]p = (+-identity)
[0]p+ [b2]p = (*)
[b1]p+ [b2]pChoice propagation:
[b](p→ q) + [b](p→ r) = (*)
[0](p→ q) + [1](p→ r) = (true and false condition)
p→ r = (+-identity)
p→ (ε+ r) = (true and false condition)
p→ ([0]q+ [1]r) = (*)
p→ ([b]q+ [b]r)
Condition regularisation:
[b1]p→ [b2]q = (*)
[0]p→ [b2]q = (false condition)
ε→ [b2]q = (+, →-identity)
ε+ [b2]q+ ε = (false condition)
[0]p+ [b2]q+ [0∧ b2](p→ q) = (*)
[b1]p+ [b2]q+ [b1 ∧ b2](p→ q)Now, suppose the value of b (or b1 where appropriate) is 1 (**). Then:
8
Conditional ε:
[b]ε = (**)
[1]ε = (true condition)
εConditional overlay:
[b](p+ q) = (**)
[1](p+ q) = (true condition)
p+ q = (true condition)
[1]p+ [1]q = (**)
[b]p+ [b]qConditional sequence:
[b](p→ q) = (**)
[1](p→ q) = (true condition)
p→ b = (true condition)
[1]p→ [1]q = (**)
[b]p→ [b]qAND-condition:
[b1 ∧ b2]p = (**)
[1∧ b2]p = (Boolean algebra)
[b2]p = (true condition)
[1][b2]p = (**)
[b1][b2]pChoice propagation:
[b](p→ q) + [b](p→ r) = (**)
[1](p→ q) + [0](p→ r) = (true and false condition)
p→ q = (+-identity)
p→ (q+ ε) = (true and false condition)
p→ ([1]q+ [0]r) = (**)
p→ ([b]q+ [b]r)Condition regularisation:
[b1]p→ [b2]q = (**)
[1]p→ [b2]q = (true condition)
p→ [b2]q = (absorption)
p+ [b2]q+ p→ [b2]q = (true condition)
[1]p+ [b2]q+ [1∧ b2](p→ q) = (**)
[b1]p+ [b2]q+ [b1 ∧ b2](p→ q)OR-condition:
[b1 ∨ b2]p = (**)
[1∨ b2]p = (Boolean algebra)
[1]pThe value of b2 under the current assignment of variables is either 0 or 1, so we consider the two possible cases:if the value of b2 is 0 (#) then
[1]p = (+-identity)
[1]p+ ε = (false condition)
[1]p+ [0]p = (**)
[b1]p+ [0]p = (#)
[b1]p+ [b2]pif the value of b2 is 1 (##) then
[1]p = (+-idempotence)
[1]p+ [1]p = (**)
[b1]p+ [1]p = (##)
[b1]p+ [b2]pIn all the possible cases the equalities hold.
9
It is easy to see that PGs are a model of PG-algebra, as all the axioms of PG-algebra are satisfied by PGs;in particular, this means that PG-algebra is sound. Moreover, any PG-algebra expression has the canonicalform (2.1), as the proof of Prop. 1 can be directly imported:• It is always possible to translate a PG-algebra expression to this canonical form, as part (i) of the proofrelies only on the properties of PGs that correspond to either PG-algebra axioms or equalities above.• If L = R holds in PG-algebra then L = R holds also for PGs (as PGs are a model of PG-algebra), and so thePGs can(L) and can(R) coincide, see part (ii) of the proof. Since PGs can(L) and can(R) are in fact the sameobjects as the expressions can(L) and can(R) of the PG-algebra, (2.1) is a canonical form of a PG-algebraexpression.This also means that PG-algebra is complete w.r.t. PGs, i.e. any PG equality can be either proved or disprovedusing the axioms of PG-algebra (by converting to the canonical form).The provided set of axioms of PG-algebra is minimal, i.e. no axiom from this set can be derived from the others.The minimality was checked by enumerating the finite models of PG-algebra with the help of the Alg tool [3]. Itturns out that removing any of the axioms leads to a different number of non-isomorphic models of a particularsize, implying that all the axioms are necessary.Hence, the following result holds:Theorem 4 (Soundness, Minimality and Completeness). The set of axioms of PG-algebra is sound, minimal andcomplete w.r.t. PGs.
4 Transitive parametrised graphs and their algebra
In many cases the arcs of the graphs are interpreted as the causality relation, and so the graph itself is a partialorder. However, in practice it is convenient to drop some or all of the transitive arcs, i.e. two graphs shouldbe considered equal whenever their transitive closures are equal. E.g. in this case the graphs specified by theexpressions a→ b+ b→ c and a→ b+ a→ c+ b→ c are considered as equal. PGs with this equality relationare called Transitive Parametrised Graphs (TPG). To capture this algebraically, we augment the PG-algebra withthe following axiom: Closure: if q 6= ε then p→ q+ q→ r = p→ q+ p→ r+ q→ r.One can see that by repeated application of this axiom one can obtain the transitive closure of any graph, includingthose with cycles. The resulting algebra is called Transitive Parametrised Graphs Algebra (TPG-algebra).Remark. Note that the condition q 6= ε in the Closure axiom is necessary, as otherwise
a+ b = a→ ε+ ε→ b = a→ ε+ a→ b+ ε→ b = a→ b,
and the operations + and → become identical, which is clearly undesirable.The Closure axiom helps to simplify specifications by reducing the number of arcs and/or simplifying theirconditions. For example, consider the PG in Fig. 2.3. As the scenarios of this PG are interpreted as the orders ofexecution of actions, it is natural to use the Closure axiom to simplify the specification. The algebraic specificationof this PG is
H = [x]ADD+ [x]XCHG = [x]((a+ b)→ c+ c→ d) + [x]((a+ b)→ (d+ e)).Observe that this expression cannot be simplified in PG-algebra. However, with the Closure axiom we can rewriteit as follows:
[x]((a+ b)→ c+ c→ d) + [x]((a+ b)→ (d+ e)) = (closure)
[x]((a+ b)→ c+ (a+ b)→ d+ c→ d) + [x]((a+ b)→ (d+ e)) = (decomposition)
[x]((a+ b)→ c→ d) + [x]((a+ b)→ (d+ e)) = (choice propagation)
(a+ b)→ ([x](c→ d) + [x](d+ e)) = (conditional overlay)
(a+ b)→ ([x](c→ d) + [x]d+ [x]e) = (→ −identity)
(a+ b)→ ([x](c→ d) + [x](ε→ d) + [x]e) = (choice propagation)
(a+ b)→ (([x]c+ [x]ε)→ d+ [x]e) = (conditional ε, +-identity)
(a+ b)→ ([x]c→ d+ [x]e).
10
ad
b
c: x e: x_
a
d
b
c
a
d
b
e
x x_
Figure 4.1: The PG from Fig. 2.3 simplified using the Closure axiom, together with its specialisations
The corresponding TPG is shown in Fig. 4.1. Note that it has fewer conditional elements than the PG in Fig. 2.3;though the specialisations are now different, they have the same transitive closures.We now lift the canonical form (2.1) to TPGs and TPG-algebra. Note that the only difference is the lastrequirement.Proposition 5 (Canonical form of a TPG). Any TPG can be rewritten in the following canonical form:(∑
v∈V
[bv]v
)
+
(∑
u,v∈V[buv](u→ v)
) , (4.1)
where:
1. V is a subset of singleton graphs that appear in the original TPG;2. for all v ∈ V , bv are canonical forms of Boolean expressions and are distinct from 0;3. for all u, v ∈ V , buv are canonical forms of Boolean expressions such that buv ⇒ bu ∧ bv;4. for all u, v,w ∈ V , buv ∧ bvw ⇒ buw.
Proof. (i) First we prove that any TPG can be converted to the form (4.1).We can convert the expression into the canonical form (2.1), which satisfies the requirements 1–3. Then weiteratively apply the following transformation, while possible: If for some u, v,w ∈ V , buv ∧ bvw ⇒ buw doesnot hold (i.e. requirement 4 is violated), we replace the subexpression [buw](u → w) with [bnewuw ](u → w) where
bnewuw df= buw∨ (buv∧bvw). Observe that after this the requirement 4 will hold for u, v and w, and the requirement3 remains satisfied, i.e. bnewuw ⇒ bu ∧ bw due to buv ⇒ bu ∧ bv, bvw ⇒ bv ∧ bw and buw ⇒ bu ∧ bw. Moreover,the resulting expression will be equivalent to the one before this transformation due to the following equality:
If v 6= ε then [buv](u→ v) + [bvw](v→ w) = [buv](u→ v) + [bvw](v→ w) + [buv ∧ bvw](u→ w),
11
which can be proved as follows:
[buv](u→ v) + [bvw](v→ w) = (Boolean algebra)
[buv ∨ (buv ∧ bvw)](u→ v) + [bvw ∨ (buv ∧ bvw)](v→ w) = (OR-condition)
[buv](u→ v) + [bvw](v→ w) + [buv ∧ bvw](u→ v) + [buv ∧ bvw](v→ w) = (conditional overlay)
[buv](u→ v) + [bvw](v→ w) + [buv ∧ bvw](u→ v+ v→ w) = (closure)
[buv](u→ v) + [bvw](v→ w) + [buv ∧ bvw](u→ v+ u→ w+ v→ w) = (conditional overlay)
[buv](u→ v) + [bvw](v→ w) + [buv ∧ bvw](u→ v) + [buv ∧ bvw](u→ w) + [buv ∧ bvw](v→ w) = (OR-condition)
[buv ∨ (buv ∧ bvw)](u→ v) + [bvw ∨ (buv ∧ bvw)](v→ w) + [buv ∧ bvw](u→ w) = (Boolean algebra)
[buv](u→ v) + [bvw](v→ w) + [buv ∧ bvw](u→ w)This iterative process converges, as there can be only finitely many expressions of the form (4.1) (recall thatwe assume that the predicates within the conditional operators are always in some canonical form), and eachiteration replaces some predicate buw with a greater one bnewuw , in the sense that buv strictly subsumes bnewuw (i.e.
buw ⇒ bnewuw and buw 6≡ bnewuw always hold), i.e. no predicate can be repeated during these iterations.(ii) We now show that (4.1) is a canonical form, i.e. if L = R then their canonical forms can(L) and can(R)coincide.For the sake of contradiction, assume this is not the case. Then we consider two cases (all possible cases aresymmetric to one of these two):1. can(L) contains a literal [bv]v whereas can(R) either contains a literal [b ′v]v with b ′v 6= bv or does not containany literal corresponding to v, in which case we say that it contains a literal [b ′v]v with b ′v = 0. Then forsome values of parameters one of the graphs will contain vertex v while the other will not.2. can(L) and can(R) have the same set V of vertices, but can(L) contains a subexpression [buv](u → v)whereas can(R) contains a subexpression [b ′uv](u→ v) with b ′uv 6≡ buv. Then for some values of parametersone of the graphs will contain the arc (u, v) while the other will not. Since the transitive closures of the twographs must be the same due to can(L) = L = R = can(R), the other graph must contain a path t1t2 . . . tnwhere u = t1, v = tn and n > 3; w.l.o.g., we assume that t1t2 . . . tn is a shortest such path. Hence, thecanonical form (2.1) would contain the subexpressions [btiti+1 ](ti → ti+1), i = 1 . . .n − 1, and moreover∧n−1
i=1 btiti+1 6= 0 for the chosen values of the parameters, and so ∧n−1i=1 btiti+1 6≡ 0. But then the iterativeprocess above would have added to the canonical form the missing subexpression [bt1t2 ∧ bt2t3 ](t1 → t3), asthe corresponding predicates 6≡ 0. Hence, for the chosen values of the parameters, there is an arc (t1, t3),contradicting the assumption that t1t2 . . . tn is a shortest path between u and v.In both cases there is a contradiction with L = R.The process of constructing the canonical form (4.1) of a TPG from the canonical form (2.1) of a PG corresponds tocomputing the transitive closure of the adjacency matrix. As the entries of this matrix are predicates rather thanBoolean values, this has to be done symbolically. This is always possible as each entry of the resulting matrixcan be represented as a finite Boolean expression depending on the entries of the original matrix only.By the same reasoning as in the previous section, we can conclude that the following result holds.Theorem 6 (Soundness, Minimality and Completeness). The set of axioms of TPG-algebra is sound, minimal andcomplete w.r.t. TPGs.
5 Case studies
In this section we consider several practical case studies from hardware synthesis. The advantage of (T)PG-algebra is that it allows for a formal and compositional approach to system design. Moreover, using the rules of(T)PG-algebra one can formally manipulate specifications, in particular, algebraically simplify them.
5.1 Phase encodersThis section demonstrates the application of PG-algebra to designing the multiple rail phase encoding control-lers [4]. They use several wires for communication, and data is encoded by the order of occurrence of transitions inthe communication lines. Fig. 5.1(a) shows an example of a data packet transmission over a 4-wire phase encoding
12
communication channel. The order of rising signals on wires indicates that permutation abdc is being transmitted.In total it is possible to transmit any of the n! different permutations over an n-wire channel in one communicationcycle. This makes the multiple rail phase encoding protocol very attractive for its information efficiency [7].
a
b
c
d(a) Phase encoded data
Matrix
phase
encoder
v1v2
vn
x12x21x13x31
x(n-1)nxn(n-1)
......
(b) Matrix phase encoder
Figure 5.1: Multiple rail phase encoding
Phase encoding controllers contain an exponential number of behavioural scenarios w.r.t. the number of wires,and are very difficult for specification and synthesis using conventional approaches. In this section we applyPG-algebra to specification of an n-wire matrix phase encoder – a basic phase encoding controller that generatesa permutation of signal events given a matrix representing the order of the events in the permutation.Fig. 5.1(b) shows the top-level view of the controller’s structure. Its inputs are (n2) dual-rail ports that specifythe order of signals to be produced at the controller’s n output wires. The inputs of the controller can be viewedas an n× n Boolean matrix (xij) with diagonal elements being 0. The outputs of the controller will be modelledby n actions vi ∈ A. Whenever xij = 1, event vi must happen before event vj. It is guaranteed that xij and
xji cannot be 1 at the same time, however, they can be simultaneously 0, meaning that the relative order of theevents is not known yet and the controller has to wait until xij = 1 or xji = 1 is satisfied (other outputs for whichthe order is already known can be generated meanwhile).The overall specification of the controller is obtained as an overlay ∑16i<j6nHij of fixed-size expressions Hij,modelling the behaviour of each pair of outputs. In turn, each Hij is an overlay of three possible scenarios:1. If xij = 1 (and so xji = 0) then there is a causal dependency between vi and vj, described using thePG-algebra sequence operator: vi → vj.2. If xji = 1 (and so xij = 0) then there is a causal dependency between vj and vi: vj → vi.3. If xij = xji = 0 then neither vi nor vj can be produced yet; this is expressed by a circular wait conditionbetween vi and vj: vi → vj + vj → vi.1We prefix each of the scenarios with its precondition and overlay the results:
Hij = [xij ∧ xji](vi → vj) + [xji ∧ xij](vj → vi) + [xij ∧ xji](vi → vj + vj → vi).Using the rules of PG-algebra, we can simplify this expression to
[xji](vi → vj) + [xij](vj → vi),
or, using the conditional sequence operator, to
[xij ∨ xji](vi
xji−→ vj + vj xij−→ vi).
Now, bearing in mind that condition [xij∨xji] is assumed to hold in the proper controller environment (xij and
xji cannot be 1 simultaneously), we can replace it with [1] and drop it. The resulting expression can be graphicallyrepresented as shown in Fig. 5.2(a). An example of an overall controller specification ∑16i<j6nHij for the case when
n = 3 is shown in Fig. 5.2(b). The synthesis of this specification to a digital circuit can be performed in a waysimilar to [7].
1There are other ways to describe this scenario, e.g. by creating self-loops vi→ vi + vj→ vj.
13
vi vjxji_
xij_
(a) Hij
v1
v2
v3x31_
x13_
x21_ x12_
x32_x23_
(b) H12 +H13 +H23Figure 5.2: PGs related to matrix phase encoder specification
Program counter (PC)
Instruction register (IR)
Programmemory
Register A (accumulator)
Register B (address)
Instructionfetchunit (IFU)
Centralmicrocontroller
opcode
PCincrementunit (PCIU)
Memoryaccessunit (MAU)
Datamemory
register bus
Arithmeticlogic unit (ALU)
flags
Figure 5.3: Architecture of an example processor
5.2 Processor microcontroller and instruction set designThis section demonstrates application of TPG-algebra to designing processor microcontrollers. Specification ofsuch a complex system as a processor has to start at the architectural level, which helps to manage the systemcomplexity by structural abstraction [5].Figure 5.3 shows the architecture of an example processor. Separate Program memory and Data memory blocksare accessed via the Instruction fetch (IFU) and Memory access (MAU) units, respectively. The other two opera-tional units are: Arithmetic logic unit (ALU) and Program counter increment unit (PCIU). The units are controlledusing request-acknowledgement interfaces (depicted as bidirectional arrows) by the Central microcontroller, whichis our primary design objective.The processor has four registers: two general purpose registers A and B, Program counter (PC) storing theaddress of the current instruction in the program memory, and the Instruction register (IR) storing the opcode(operation code) of the current instruction. For the purpose of this paper, the actual width of the registers (thenumber of bits they can store) is not important. ALU has access to all the registers via the register bus; MAU hasaccess to general purpose registers only; IFU, given the address of the next instruction in PC, reads its opcode intoIR; and PCIU is responsible for incrementing PC (moving to the next instruction). The microcontroller has accessto the IR and ALU flags (information about the current state of ALU which is used in branching instructions).Now we define the set of instructions of the processor. Rather than listing all the instructions, we describeclasses of instructions with the same addressing mode [1] and the same execution scenario. As the scenarios hereare partial orders of actions, we use TPG-algebra, and the corresponding TPGs are shown in Fig. 5.4.
ALU operation Rn to Rn An instruction from this class takes two operands stored in the general purpose registers(A and B), performs an operation, and writes the result back into one of the registers (so called register directaddressing mode). Examples: ADD A, B – addition A := A + B; MOV B, A – assignment B := A. ALU worksconcurrently with PCIU and IFU, which is captured by the expression ALU + PCIU → IFU ; the corresponding PGis shown in Fig. 5.4(a). As soon as both concurrent branches are completed, the processor is ready to executethe next instruction. Note that it is not important for the microcontroller which particular ALU operation is beingexecuted (ADD, MOV , or any other instruction from this class) because the scenario is the same from its point of
14
ALU
PCIU IFU
(a) ALU op. Rn to Rn
PCIU
ALU
IFU
PCIU'
IFU'
(b) ALU op. #123 to Rn
ALU IFU
(c) ALU op. Rn to PC
PCIU IFU'IFU ALU
(d) ALU op. #123 to PC
MAU
PCIU IFU
(e) Memory access
ALU
IFUPCIU
ALU': lt
(f ) Cond. ALU op. Rn to Rn
ALU
IFU: lt
IFU'PCIU'PCIU
ALU': lt(g) Cond. ALU op. #123 to Rn
IFU: lt
IFU'PCIU
ALU
ALU': lt
PCIU': lt_
(h) Cond. ALU op. #123 to PC
Figure 5.4: TPG specifications of instruction classes
view (it is the responsibility of ALU to detect which operation it has to perform according to the current opcode).
ALU operation #123 to Rn In this class of instructions one of the operands is a register and the other is aconstant which is given immediately after the instruction opcode (e.g. SUB A, #5 – subtraction A := A − 5), socalled immediate addressing mode. At first, the constant has to be fetched into IR, modelled as PCIU → IFU . ThenALU is executed concurrently with another increment of PC: ALU + PCIU ′ (we use ’ to distinguish the differentoccurrences of actions of the same unit). Finally, it is possible to fetch the next instruction into IR: IFU ′. Theoverall scenario is then PCIU → IFU → (ALU + PCIU ′)→ IFU ′.
ALU operation Rn to PC This class contains operations for unconditional branching, in which PC register ismodified. Branching can be absolute or relative: MOV PC , A – absolute branch to address stored in register A,
PC := A; ADD PC , B – relative branch to the address B instructions ahead of the current address, PC := PC+B.The scenario is very simple in this case: ALU → IFU .
ALU operation #123 to PC Instructions in this class are similar to those above, with the exception that thebranch address or offset is specified explicitly as a constant. The execution scenario is composed of : PCIU → IFU(to fetch the constant), followed by an ALU operation, and finally by another IFU operation, IFU ′. Hence, theoverall scenario is PCIU → IFU → ALU → IFU ′.
Memory access There are two instructions in this class: LOAD A and SAVE A. They load/save register Afrom/to memory location with address stored in register B. Due to the presence of separate program and datamemory access blocks, this memory access can be performed concurrently with the next instruction fetch: PCIU →IFU +MAU .
Conditional instructions These three classes of instructions are similar to their unconditional versions abovewith the difference that they are performed only if the condition A < B holds. The first ALU action comparesregisters A and B, setting the ALU flag lt (less than) according to the result of the comparison. These flags arethen checked by the microcontroller in order to decide on the further scheduling of actions.Rn to Rn This instruction conditionally performs an ALU operation with the registers (if the condition does nothold, the instruction has no effect, except changing the ALU flags). The operation starts with an ALU operationcomparing A with B; depending on the result of this comparison, i.e. the status of the flag lt, the second ALUoperation may be performed. This is captured by the expression ALU → [lt]ALU ′. Concurrently with this,the next instruction is fetched: PCIU → IFU . Hence, the overall scenario is PCIU → IFU + ALU → [lt]ALU ′.#123 to Rn This instruction conditionally performs an ALU operation with a register and a constant which isgiven immediately after the instruction opcode (if the condition does not hold, the instruction has no effect,except changing the ALU flags). We consider the two possible scenarios:
15
1. A < B holds: First, ALU compares A and B concurrently with a PC increment; since A < B holds, theALU sets flag lt and the constant is fetched to the instruction register: (ALU + PCIU) → IFU . Afterthat PC has to be incremented again, PCIU ′, and ALU performs the operation, ALU ′. Finally, the nextinstruction is fetched (it cannot be fetched concurrently with ALU ′ as ALU is using the constant in IR):
(ALU ′ + PCIU ′)→ IFU ′.2. A < B does not hold: First, ALU compares A and B concurrently with a PC increment; since A < Bdoes not hold, the ALU resets flag lt and the constant that follows the instruction opcode is skippedby incrementing the PC: (ALU + PCIU)→ PCIU ′. Finally, the next instruction is fetched: IFU ′.
Hence, the overall scenario is the overlay of (1) and (2) prefixed with appropriate conditions (here we denotethe predicate A < B by lt):
[lt]((ALU + PCIU)→ IFU → (ALU ′ + PCIU ′)→ IFU ′)+
+[lt]((ALU + PCIU)→ PCIU ′ → IFU ′).This expression can be simplified using the rules of TPG-algebra:
(ALU + PCIU)→ [lt]IFU → (PCIU ′ + [lt]ALU ′)→ IFU ′.
This case illustrates the advantage of using the new hierarchical approach that allows to specify the systemas a composition of scenarios and formally manipulate them in an algebraic fashion. In the previous paper [6]the CPOG for this class of instruction was designed monolithically, and because of this the arc betweenALU ′ and IFU ′ was missed. Adding this arc not only fixes the dangerous race between these two blocks,but also leads to a smaller microcontroller due to the additional similarity between TPGs for this class ofinstructions and for the one described below.#123 to PC This instruction performs a conditional branching in which the branch address or offset is specifiedexplicitly as a constant. We consider the two possible scenarios:
1. A < B holds: First, ALU compares A and B concurrently with a PC increment; since A < B holds, theALU sets flag lt and the constant is fetched to the instruction register: (ALU+PCIU)→ IFU . After thatALU performs the branching operation by modifying PC, ALU ′. After PC is changed, the next instructionis fetched, IFU ′.2. A < B does not hold: the scenario is exactly the same as in the #123 to Rn case when A < B doesnot hold.
Hence, the overall scenario is the overlay of (1) and (2) prefixed with appropriate conditions (here we denotethe predicate A < B by lt):
[lt]((ALU + PCIU)→ IFU → ALU ′ → IFU ′)+
+[lt]((ALU + PCIU)→ PCIU ′ → IFU ′).This expression can be simplified using the rules of TPG-algebra:
(ALU + PCIU)→ ([lt]PCIU ′ + [lt](IFU → ALU ′))→ IFU ′.
The overall specification of the microcontroller can now be obtained by prefixing the scenarios with appropriateconditions and overlaying them. These conditions can be naturally derived from the instruction opcodes. Theopcodes can be either imposed externally or chosen with the view to optimise the microcontroller. In the lattercase, TPG-algebra and TPGs allow for a formal statement of this optimisation problem and aid in its solving; inparticular the size of the TPG-algebra expression or TPG is a useful measure of microcontroller complexity. In thispaper we do not go into details how to select the optimal encoding, but see [6]. We just note that it is natural touse three bits for opcodes as there are eight classes of instructions, and give an example of optimal 3-bit encodingin the table in Fig. 5.5; the TPG specification of the corresponding microcontroller is shown in the right part ofthis figure (the TPG-algebra expression is not shown because of its size).
16
Instructions class Opcode: xyzALU Rn to Rn 000ALU #123 to Rn 110ALU Rn to PC 101ALU #123 to PC 010Memory access 100C/ALU Rn to Rn 001C/ALU #123 to Rn 111C/ALU #123 to PC 011
MAU: d
PCIU: g
b
e
PCIU': (x+f) y
ALU: d
IFU': y
ALU': z c g_
IFU: f_
y
_
z
. .
a = x+y
g = e+y_
b = z a_.
c = b lt_ .
d = y b_.
e = a b_.
f = y c.
.
_
Figure 5.5: Optimal 3-bit instruction opcodes and the corresponding TPG specification of the microcontroller.
6 Conclusions
We introduced a new formalism called Parametrised Graphs and the corresponding algebra. The formalism allowsto manage a large number of system configurations and execution modes, exploit similarities between them tosimplify the specification, and to work with groups of configurations and modes rather than with individual ones.The modes and groups of modes can be managed in a compositional way, and the specifications can be manipulated(transformed and/or optimised) algebraically in a fully formal and natural way.We develop two variants of the algebra of parametrised graphs, corresponding to the two natural graph equi-valences: graph isomorphism and isomorphism of transitive closures. Both cases are specified axiomatically, andthe soundness, minimality and completeness of the resulting sets of axioms are formally proved. Moreover, thecanonical forms of algebraic terms are developed in each case.The usefulness of the developed formalism has been demonstrated on two case studies, a phase encodingcontroller and a processor microcontroller. Both have a large number of execution scenarios, and the developedformalism allows to capture them algebraically, by composing individual scenarios and groups of scenarios. Thepossibility of algebraical manipulation was essential to obtain the optimised final specification in each case.The developed formalism is also convenient for implementation in a tool, as manipulating algebraic terms ismuch easier than general graph manipulation; in particular, the theory of term rewriting can be naturally appliedto derive the canonical forms.In future work we plan to automate the algebraic manipulation of PGs, and implement automatic synthesis ofPGs into digital circuits. For the latter, much of the code developed for the precursor formalism of ConditionalPartial Order Graphs (CPOGs) can be re-used.Acknowledgements The authors would like to thank Ashur Rafiev for useful discussions. This research wassupported by the Epsrc grant EP/G037809/1 (Verdad).
References
[1] MSP430x4xx Family User’s Guide.[2] International Technology Roadmap for Semiconductors: Design, 2009.[3] Ales Bizjak and Andrej Bauer. Alg User Manual, Faculty of Mathematics and Physics, University of Ljubljana,2011.[4] Crescenzo D’Alessandro, Delong Shang, Alexandre V. Bystrov, Alexandre Yakovlev, and Oleg V. Maevsky.Multiple-rail phase-encoding for NoC. In Proc. of International Symposium on Advanced Research in Asyn-chronous Circuits and Systems (ASYNC), pages 107–116, 2006.[5] Giovanni De Micheli. Synthesis and Optimization of Digital Circuits. McGraw-Hill Higher Education, 1994.[6] A. Mokhov, A. Alekseyev, and A. Yakovlev. Encoding of processor instruction sets with explicit concurrencycontrol. IET Computers and Digital Techniques, 5(6):427–439, 2011.[7] Andrey Mokhov. Conditional Partial Order Graphs. PhD thesis, Newcastle University, 2009.[8] Andrey Mokhov and Alex Yakovlev. Conditional Partial Order Graphs: Model, Synthesis and Application. IEEETransactions on Computers, 59(11):1480–1493, 2010.
17
