Deriving structural RT-implementations from algorithmic descriptions by means of logical transformations by Blumenroehr, Christian & Eisenbiegler, Dirk
Deriving Structural RTImplementations from
Algorithmic Descriptions by means of Logical
Transformations  
Christian Blumenrohr Dirk Eisenbiegler
Institute for Circuit Design and Fault Tolerance Prof DrIng D Schmid
University of Karlsruhe Germany email fblumeneiseng	iraukade
Abstract
This paper presents a formal synthesis approach where the mapping of an al
gorithmic description towards its structural implementation at the RTlevel is per
formed by means of basic logical transformations in a higher order logic theorem
prover The approach goes beyond pure basic blocks and allows representing and
synthesizing arbitrary computable programs A functional style is used for repre
senting algorithms based on basic  recursive operators whose semantics is dened
within higher order logic
 Introduction
With synthesis heading towards more and more abstract design levels writing sound
synthesis programs is becoming an important matter of scienti
c investigations Due
to the complexity of nowadays circuits and due to the considered abstraction level both
exhaustive simulation and full automatic veri
cation approaches fail The only reasonable
approach towards producing correct synthesis results lies in a synthesis process based on
correctness preserving transformations see Camp As at the gate level where circuits
can easily be formalized and transformed according to a boolean calculus there is a need
to also 
nd formal representations at higher levels of abstraction as on the algorithmic
level
There are many approaches where synthesis is based on a sequence of behavior
preserving transformations such as YSC Camp CAMAD PeKu and TRADES
MHMP They all provide a correctness by construction approach with a 
xed set of
circuit transformations that are assumed to be correct or where there are paperpencil
proofs for their correctness However the implementations of the basic circuit trans
formations are comparatively complex and critical as to correctness In our approach
circuit transformations are performed by applying basic mathematical rules within a
theorem proving environment named HOL GoMe thus guaranteeing correctness im
plicitly We will call this design style formal synthesis see KBES Most formal
synthesis approaches introduced in the past are restricted to lower levels of abstraction
eg LambdaDialog MaFoTRuby ShRa
This paper addresses formal synthesis at the algorithmic level It is part of our ongoing
work towards a formal synthesis tool named HASH higher order logic applied to synthesis
 This work has been partly nanced by the Deutsche Forschungsgemeinschaft Project SCHM 	

of hardware In our previous work BlEi algorithmic synthesis was restricted to pure
data ow graphs The extension to be presented in this paper allows synthesizing arbitrary
algorithmic descriptions ie mixed control and data ow descriptions
Starting point for highlevel synthesis is an algorithmic description The result of high
level synthesis is a structure at the RTlevel consisting of a datapath and a controller
In conventional highlevel synthesis the 
rst step is compiling the description into a
controldata ow graph CDFG representation GDWL Based on this representation
several control states are introduced along the graph thus partitioning the graph into small
cycle free pieces of program each corresponding to one clock tick However the number
of the resulting subgraphs grows exponentionally with the nesting depth of the control
structures Then scheduling allocation and binding are performed on the subgraphs
leading to a symbolic state transition table and a separated datapath Afterwards the
controller and the communication part are generated
Our formal synthesis approach diers from that method Based on a formalization of
 recursion see section  a set of theorems for deriving structural RTlevel implemen
tations from algorithmic descriptions has been proven They can be applied to perform
synthesis in two steps First the program is transformed into an equivalent program with
only one single whileloop section  Afterwards a preproven theorem is applied map
ping the transformed algorithmic description to a RTlevel structure section  The
RTlevel implementation produced in section  is based on a formalization scheme that
is introduced in section 
 Formal representation of programs
According to Churchs Thesis there are several equivalent schemes for describing com
putable functions To be able to talk of algorithmic transformations in logic one 
rst
has to de
ne a programming language with a formal semantics This paper uses simply
typed terms for representing computable functions see GoMe The approach ex
tends a formalization scheme for  recursion as it was presented in EiSK and is part of
our new hardware description language called GROPIUS This language consists of four
parts each corresponding to one abstraction level from the gate upto the systemlevel
GROPIUS has been developed as an intermediate representation format for our formal
synthesis approach To allow the designer to specify an algorithm using an imperative
language it is planned to oer a conversion from C into our representation style at the
algorithmic level
In this approach the elementary parts within a  recursive program are basic blocks
conditions and constants Basic blocks and conditions are compound expressions consist
ing of basic nonrecursive operators Functional expressions are to be used to describe
these expressions that correspond to acyclic data ow graphs In our approach a data
ow graph dfg has the following syntax
vblock  variable j   f vblock  g vblock 
expr  variable j   f expr  g expr  j operator   expr 
dfg   vblock  f let vblock  expr in g expr
The basic operations indicated by operator always terminate and so does the entire func
tion Basic blocks and conditions both are data ow graphs Basic blocks have type
  and conditions have type  bool
When dealing with  recursion one has to be aware of the fact that function applica
tions may not terminate Therefore in this approach the datatype  partial has been
introduced to express results of  recursive functions
partial  Dened of  j Undened
A  recursive function P has type   partial P x  Undened indicates that
the function did not terminate and P x  Dened y indicates that the function did
terminate with y as result
Before introducing programs ie arbitrary  recursive functions we will 
rst introduce
blocks Blocks are  recursive functions but there is a restriction as to their type which
is always   partial instead of   partial for some arbitrary  There are 
ve
control structures for building blocks based on basic blocks conditions and constants
PARTIALIZE THEN IFTE WHILE and LOCVAR The syntax for blocks is as follows
block  PARTIALIZE basic block j block THEN block j
IFTE condition block block j WHILE condition block j
LOCVAR constant block
PARTIALIZE THEN IFTE WHILE and LOCVAR are functions that map basic blocks
conditions blocks and constants to a single block It has to be noted that blocks basic
blocks and conditions are functions themselves Table  gives a de
nition in a mathemat
ical notation A precise de
nition in terms of higher order logic in HOL can be found in
EiSK
PARTIALIZE P x  Dened P x
P THEN Q x 
 
Dened y z P x  Dened z  Qz  Dened y
Undened otherwise
IFTE C P Q x 


Dened y Cx  P x  Dened y 
Cx  Qx  Dened y
Undened otherwise
WHILE C P x 


Dened y n P nx  Dened y  Cy 
m m  n
z Pmx  Dened z  Cz
Undened otherwise
LOCVAR init P x 
 
Dened y z P x init  Dened y z
Undened otherwise
PROGRAM init P x 
 
Dened y z P x init  Dened z y
Undened otherwise
Table  Semantics of control structures
PARTIALIZE is used to turn a basic block P of type   to a block PARTIALIZEP 
of type  partial PARTIALIZEP  is a function that maps some x to DenedP x
It always terminates Undened is never reached THEN is used in in
x notation It maps
two blocks to a single block that executes the two blocks consecutively The second block is
executed only if the 
rst block did terminate The result of P THENQ becomes Undened
i one of the two blocks does not terminate IFTE is a means for expressing conditional
block applications The expression IFTE C P Q maps some x either to P x or to Qx
depending on whether the condition Cx becomes true or false respectively WHILE is
used to describe loops Starting with an initial state x the body is iterated until a state
y is reached that does not ful
ll a condition If such a state does not exist the result
becomes Undened LOCVAR is used to introduce local variables Given an arbitrary
initial value init for the local variable the function is applied to the pair consisting of the
actual state x and init If the result is de
ned the second part of it which corresponds
to the local variable will be dropped and only the 
rst part is returned
The reason for restricting blocks to type   partial rather than   partial
are loops To iterate some function the input and the output must have the same type
However we also want to allow programs where input type and output type dier
Therefore an additional operator named PROGRAM has been de
ned It converts a
block P of type 	   	 partial and some initial value init of type  to a function
PROGRAM init P  of type  partial
program  PROGRAM constant block
PROGRAM init P  maps some x of type  to P x init If P x init terminates then
the result is a pair PROGRAMP init then returns the second component of P x init
and drops the 
rst For a formal de
nition see table 
  An example
The way we formalize programs may at 
rst glance seem a little awkward Usually imper
ative programming languages are used and one needs a WPcalculus or a Hoarecalculus
to give the basic language elements a formal semantics in order to describe mathemat
ically the inputoutput function In our approach programs are directly described in
mathematical notation
Figure  shows some ordinary program in an imperative notation and the corre
sponding translation into our formalism The function gcd maps an input pair p q
Imperative Program Functional Representation
FUNCTION gcd gcd 
var p q  integer  integer	 PROGRAM 





a  p	 PARTIALIZE p q y a bp q y p b THEN
b  q	 PARTIALIZE p q y a bp q y a q THEN
WHILE a   b DO WHILE p q y a ba   b 
BEGIN
IF a  b THEN IFTE p q y a ba  b
a  a b	 PARTIALIZE p q y a bp q y a  b b
ELSE
b  b a	 PARTIALIZE p q y a bp q y a b  a
END	  THEN
RETURN a	 PARTIALIZE p q y a bp q a a b
END	 
Figure  Greatest common divisor
onto a single output The pair a b stands for the auxiliary variables with initial value
  and y corresponds to the output which has the initial value  and returns the value
of the local variable a The initial value for the output is always arbitrary whereas the
initial values for local variables can be 
xed
   Programs in singleloopform
In the following programs of a speci
c pattern named singleloopform slf will play an
important role programs will 
rst be turned into singleloopform see section  and
then a theorem will be applied for mapping singleloopform programs to hardware see
section  Programs in singleloopform are constructed as follows
PROGRAM out init
LOCVAR var init
PARTIALIZE P  THEN WHILE C PARTIALIZE Q THEN PARTIALIZE R

 Formal representation at the RTlevel
To formally represent hardware and to perform formal synthesis at the RT and gate level
a theory called Automata has been developed In this paper we only shortly present
the formal representation of automatons which the next section is based on A detailed
description of the theory can be found in Eiseb
Usually an automaton is represented by a tuple consisting of input alphabet output
alphabet set of states output function transition function and initial state Here an
automaton will be represented by a pair P q where q is the initial state and P is a
compound output and transition function P has type  	 	  
 	 	 and q has type
	 where  
 and 	 are the types of the input alphabet the output alphabet and the
state set Using a compound output and transition function makes sense since it is not
possible to unambiguously assign combinatorial units to either the output function or the
transition function Due to the fact that we only use typed expressions it is not necessary
to explicitly describe the input alphabet the output alphabet and the state set
P and q unambiguously determine the behavior of an automaton The higher order
logic function automaton describes the semantics of an automaton by mapping P q
to a function automatonP q that maps a time dependent input signal type num 
 to a time dependent output signal type num  
 Figure  sketches how some
automatonP q could be implemented using a combinatorial component realizing P




P qautomaton (  ,  )
Figure  automaton
 Interface synthesis
Unlike other approaches we distinguish between the algorithmic iobehavior description
and an interface description specifying how the algorithm communicates with the envi
ronment The algorithmic description only speci
es the functional relation between some
input values and some output values Time is not yet considered The interface descrip
tion maps the algorithm to a speci
c timing in terms of signal events at the interface of
the circuit In our approach the designer writes some arbitrary algorithm and can than
select among a 
xed set of interface description patterns Since the designer does not have
to restart the synthesis from scratch by changing the speci
cation if another interface
behavior is selected as planned previously this division supports design reuse
On the other hand is this method more restrictive than other approaches where both
descriptions are interwoven However we believe that many failures during the synthesis
process can be avoided if one does not mingle iobehavior and timing aspect within a
single description In our approach timing and iobehavior are developed independently
There are many possible interface speci
cation patterns For each interface pattern
a speci
c hardware implementation has to be found and an instantiation theorem has
to be proven stating that the implementation de
nitely implements the algorithm with
respect to the interface speci
cation Usually the interface of the implementation not
only consists of the data signal from the iobehavior given by the algorithmic description
but there are also additional control signals introduced such as start reset and ready to
provide a handshakelike communication and to allow interrupting the execution of the
algorithm
Figure  shows an interface speci
cation pattern named INTERFACE It describes
the relation between some signals input start reset output and ready with respect to
some arbitrary algorithm S The speci
cation states that the circuit has an internal state
named ready with initial value true ready is also forwarded to the output readyt  F
means that at time t the circuit is executing the algorithm whereas readyt  T means
that the circuit is waiting for new input If no calculation is performed the outputsignal
holds the result of the last program execution A calculation can only be started if ready
is set otherwise setting start is ignored After a calculation has been started ready is set
to F If the result is de
ned ready will be set after a certain time and at the same time
the value will appear at the output The execution of the program can be interrupted
by setting the reset signal If the algorithm does not terminate ready will be down until
reset is set
For this interface speci
cation pattern we found a general hardware implementation
for slfprograms S with arbitrary basic blocks PCQ and R and arbitrary values var init
and out init In 
gure  the structure of the implementation is de
ned in a formal manner
using the automaton construct from section  The basic blocks P CQ and R directly
correspond to combinational circuits Figure  gives a graphical representation of this
structure The structure can be divided into two parts The upper part corresponds to the
controller signals reset start and ready the rest of the circuit is used for computations
circuits P  C Q and R communication MUXcircuits and data storage Dcircuits
We have proven a general theorem  stating that the implementation of every slf
program with arbitrary components PCQ and R and arbitrary values var init and
out init ful
lls the given interface speci
cation After having turned an arbitrary program
into a singleloop program which is to be explained in the next section one can apply this
theorem to produce a hardware structure at the RTlevel by means of logical re
nement
Using our formal synthesis techniques at the RT and gate level see EiKB Eiseb
INTERFACE input start reset output ready S 
start  ready  
t reset t ready t 
ready t  start t   ready t    output t   output t 
t    T j ready t
   start t 
CASE Sinput t OF
Dened y  m n n  m  reset t n 
output tm  y  ready t m 
n n  m  p p  n  reset t  p 
ready t n
Undened  m n n  m  reset t n ready tm
Figure  A possible interface behavior
we provide a universal concept for formal synthesis from the algorithmic level down to
the gate level
 P C Q R var init out init
IMPLEMENTATION input start reset output ready P CQR var init out init

INTERFACE input start reset output ready
PROGRAM out init
LOCVAR var init
PARTIALIZE P  THEN WHILE C PARTIALIZE Q THEN PARTIALIZE R

 Converting programs to singleloopform slf	
The slfprogram is derived by applying a set of preproven theorems During this trans
formation process the number of control structures is reduced and at the same time
several boolean auxiliary variables are introduced In general there is not only one slf
representation for a program but there are several equivalent slfprograms According to
section  each slfprogram corresponds to a speci
c hardware implementation with a spe
ci
c timing behavior and a speci
c hardware consumption Dierent theorem applications
may lead to dierent equivalent slfprograms with dierent implementation costs
 Transformation theorems
We have proven in a very meticulous manner a minimal set of  transformation theo
rems that are necessary for converting every program to an equivalent slfrepresentation
Rewriting with these theorems in an arbitrary order always terminates and always ends
up in a slfprogram The result produced does not depend on the order in which the
theorems are applied Furthermore we provide additional transformation theorems This
allows us to produce dierent slfrepresentations leading to dierent costs in terms of
timing and hardware consumption
Due to lack of space we cannot introduce all proven theorems A complete list of the
theorems is given in BlEi As an example we will present four transformation theorems
IMPLEMENTATION input start reset output ready P CQR var init out init 
q  q q t output t ready t 
automaton
 a b c w x y z
let d  b  z in let e f g  P a out init var init in
let h  MUX d e y in let i  MUX d f x in
let j  MUX d g w in let k  b  z in
let l  Ch i j in let mn o  Qh i j in
let p q r  Rh i j in let s  k  l in
let t  c  s in let u  MUX l n q in
let v  MUX k i u in v t o vm t
 q  q qT 
t input t start t reset t



























































   and  Theorems  and  are alternatives to  and  respectively
ie they can be applied in the same situation but lead to dierent costs in terms of timing
and hardware consumption
The theorems  and  turn a sequence consisting of a basic block and a whileloop
with basic block as body into a single whileloop Theorem  introduces a boolean
variable with initial value F P is executed if the variables value is F otherwise Q is
executed The loop condition has changed so that the body is performed at least once
After executing P in the 
rst run the local variable is set to T and P will never be
executed again Theorem  describes a transformation where after executing P also Q
may be performed in the 
rst cycle of the loop
Theorem  leads to an implementation where the operations in P and Q can be
shared since they are never executed in the same clock cycle However the implemen
tation becomes comparatively slow Theorem  on the other hand leads to a faster
implementation with a higher hardware consumption since P and Q can be executed in
the 
rst clock cycle and the loopcondition must be implemented twice
   P C Q
PARTIALIZE P  THEN WHILE C PARTIALIZEQ 
LOCVAR F
WHILE x h Cx  h
IFTE x h h PARTIALIZE x h Qx h PARTIALIZE x h P xT

   P C Q
PARTIALIZE P  THEN WHILE C PARTIALIZEQ 
LOCVAR F
WHILE x h Cx  h
IFTE x h h PARTIALIZE x h x h PARTIALIZE x h P xT
THEN
IFTE x h Cx PARTIALIZE x h Qx h PARTIALIZE x h x h

The transformation theorems  and  are dedicated towards two nested while
loops with a local variable which is to be shifted outwards Again there are basically
two possible ways to transform the program In both cases a boolean local variable is
introduced It indicates whether the inner loop is executed or not The two programs
again dier in timing and hardware consumption Applying theorem  leads to a faster
implementation with additional hardware since the inner loopcondition C has to be
implemented twice
  C  C P init
WHILE C  LOCVAR init WHILE C PARTIALIZE P  
LOCVAR init
LOCVAR F
WHILE x h  h C x  h
IFTE x h  h Cx h  PARTIALIZE x h  h P x h T
PARTIALIZE x h  h x initF

  C  C P init
WHILE C  LOCVAR init WHILE C PARTIALIZE P  
LOCVAR init
LOCVAR F
WHILE x h  h C x  h
IFTE x h  h Cx h  PARTIALIZE x h  h P x h T
PARTIALIZE x h  h x h  h
THEN
IFTE x h  h Cx h  PARTIALIZE x h  h x h  h
PARTIALIZE x h  h x initF

Converting programs into a slfrepresentation can be executed bottomup from the
leaves of the syntax tree automatically by embedding heuristics that decide whether to
apply theorems that lead to faster or to hardware saving implementations The embedding
of nonformal methods is a general strategy of our formal synthesis approach HASH
seeKBES Besides full automation the theorems can also be selected interactively
by the designer
  Further optimizations
The theorems are not optimal in a sense that for more complex transformation steps too
much auxiliary variables are introduced Given for instance two nested loops with a basic
block at the beginning of the outer loop a transformed program with only a single loop
can be generated by 
rst applying one of the theorems  or  to move the basic block
into the inner loop Afterwards one of the theorems  or  must be applied to extract
the local variable that was introduced by the theorem before According to a desired
timing behavior and hardware consumption four compound transformations are possible
leading to four dierent slfprograms With this method always two auxiliary variables
are introduced However one can think of transformation theorems that introduce only a
single variable In fact it is comparatively easy to prove that in each case one variable is
unnecessary There are two alternatives to handle this problem Either more complex and
compact transformation theorems are applied that can be derived using the already proven
transformation theorems or the hardware implementation is passed to state minimization
When transforming programs to singleloopform scheduling is already performed
by choosing the theorems and therefore deciding whether some operations should be
performed in one clock cycle or not However it is also possible to execute the body
of a while loop several times within one clock cycle loopunrolling or to cut the body
in pieces and execute the pieces in dierent clock cycles loopcutting Loop cutting
requires a scheduling information assigning each operation of a basic block to a phase
Dividing a basic block into several control steps according to results of existing heuristics
has already been implemented in EiBK and BlEi In EiBK also performing
allocation and binding has been introduced in a formal manner However these methods
are restricted to pure basic blocks We have derived general theorems for both loop
unrolling and loopcutting see BlEi which allows a more exible synthesis process
with respect to hardware consumption and timing also for  recursive functions

 Conclusion
In this paper we have presented a new methodology for deriving RTlevel structures
from circuit descriptions at the algorithmic level First it is formal The implementation
is derived by applying basic logical steps within a theorem prover thus guaranteeing
correctness Second it provides a new synthesis concept The implementation was derived
by applying program transformations rather than extracting a control and data ow
graph and analyzing an exponential number of control paths Together with our formal
synthesis approach applied to RT and gate level see EiKB Eiseb we thus provide
a universally concept for formal synthesis from the algorithmic level down to the gate
level
Additionally due to their functional representation both the algorithmic description
and the implementation at RTlevel can be simulated e ciently Therefore the designer
can check at every abstraction level whether the implementation ful
lls the speci
cation
he has in mind
References
BlEi C Blumenr!ohr and D Eisenbiegler An e cient representation for formal
synthesis In th International Symposium on System Synthesis pages 
AntwerpBelgium September  IMEC IEEE Computer Society Press
BlEi CBlumenr!ohr and D Eisenbiegler Performing highlevel synthesis via pro
gram transformations within a theorem prover submitted to Fourth Interna
tional Conference on Mathematics of Program Construction June 
Camp R Camposano Behaviorpreserving transformations for highlevel synthesis
In M Leeser and G Brown editors Hardware Specication Verication and
Synthesis Mathematical Aspects number  in Lecture Notes in Computer
Science pages  Ithaca New York July  Mathematical Science
Institute Cornell University SpringerVerlag
EiBK D Eisenbiegler C Blumenr!ohr and R Kumar Implementation issues about
the embedding of existing high level synthesis algorithms in HOL In Joakim
von Wright Jim Grundy and John Harrison editors Theorem Proving in
Higher Order Logicsth International Conference TPHOLs	 number 
in Lecture Notes in Computer Science pages  TurkuFinland August
 SpringerVerlag
EiKB D Eisenbiegler and R Kumar and C Blumenr!ohr  A constructive approach
towards correctness of synthesisapplication within retiming In The European
Design 
 Test Conference pages  Paris France March  IEEE
Computer Society and ACMSIGDA IEEE Computer Society Press
Eiseb D Eisenbiegler Automata " A theory dedicated towards formal circuit syn
thesis Technical Report Internal report  Universit!at Karlsruhe 
http goethe ira ukadefsynthpublicationspostscriptEisebpsgz
EiSK D Eisenbiegler K Schneider and R Kumar A functional approach for
formalizing regular hardware structures In Thomas F Melham and Juanito
Camileri editors Higher Order Logic Theorem Proving and its Applications
number  in Lecture Notes in Computer Science pages  Valletta
Malta September  SpringerVerlag
GDWL D Gajski N Dutt A Wu and S Lin HighLevel Synthesis Introduction to
Chip and System Design Kluwer Academic Publishers 
GoMe MJC Gordon and TF Melham Introduction to HOL A Theorem Proving
Environment for Higher Order Logic Cambridge University Press 
KBES R Kumar  C Blumenr!ohr D Eisenbiegler and D Schmid  Formal syn
thesis in circuit designA classi
cation and survey In M Srivas and A Camil
leri editors Formal Methods in ComputerAided Design First International
ConferenceFMCAD	 number  in Lecture Notes in Computer Science
pages  Palo Alto CA USA November  SpringerVerlag
MaFo EM Mayger and MP Fourman Integration of formal methods with system
design In A Halaas and PB Denyer editors International Conference on
Very Large Scale Integration pages  Edinburgh Scotland August 
IFIP Transactions NorthHolland
MHMP P Middelhoek CHuijs GMekenkamp and EPrangsma et al A method
ology for the design of guaranteed correct and e cient digital systems In
IEEE International High Level Design Validation and Test Workshop Oak
land California November 
PeKu Z Peng and K Kuchcinski Automated transformation of algorithms into
registertransfer implementations IEEE Transactions on ComputerAided
Design of Integrated Circuits and Systems  February 
ShRa R Sharp and O Rasmussen The TRuby design system In CHDL  pages
 
