Derivation and verification represent alternate approaches to design. Derivation aims at deriving a "correct by construction" design while verification aims at constructing a post factum "proof of correctness" for a design. However, as researchers and engineers gain design experience in a formal framework, both approaches are emerging as interdependent facets of design. The thesis of this work is that alternate forms of formal reasoning must be integrated if formal methods are to support the natural analytical and generative reasoning that takes place in engineering practice. As a vehicle for this research, the DDD digital design derivation system was implemented to study formal hardware design in an algebraic framework. DDD is a first-order transformation system which mechanizes a basic design algebra for synthesizing digital circuit descriptions from high-level functional specifications. The system is a collection of correctness preserving transformations that promote a topdown desig...

. This article gives a survey on different methods of formal synthesis. We define what we mean by the term formal synthesis and delimit it from the other formal methods that can also be used to guarantee the correctness of an implementation. A possible classification scheme for formal synthesis methods is then introduced, based on which some significant research activities are classified and summarized. We also briefly introduce our own approach towards the formal synthesis of hardware. Finally, we compare these approaches from different points of view. 1 Introduction In everyday use, synthesis means putting together of parts or elements so as to make up a complex whole. However in the circuit design domain, synthesis stands for a stepwise refinement of circuit descriptions from higher levels of abstraction (specifications) to lower ones (implementations), including optimizations within one abstraction level. Synthesis can be performed by hand for small circuits. Nowadays mor...

the style of ML which combines imperative, concurrent and functional programming. Synchronous channels allow communication between parallel threads and π-calculus style channel passing is provided. SAFL+ is designed for hardware description and synthesis; a silicon compiler, translating SAFL+ into RTL-Verilog, has been implemented. By parameterising functions over both data and channels the SAFL+ fun declaration becomes a powerful abstraction mechanism unifying a range of structuring techniques treated separately by existing HDLs. We show how SAFL+ is implemented at the circuit level and define the language formally by means of an operational semantics. 1

In this paper, a new and formal methodology for specifying and synthesizing systems is presented. Systems are modeled as structures of concurrent processes. The way the processes communicate realizes a hand-shake protocol. The specification at the system level is part of our hardware description language Gropius, which ranges from the gate to the system level. Gropius was designed for a formal synthesis scenario, where synthesis is performed by applying basic mathematical rules within a theorem prover, thus guaranteeing correctness of designs implicitly.

In a formalism of top-down design, we consider the decomposition of behavioral specifications into interacting sequential components. The higher level of description specifies the operations to be performed in a major computation step. The goal is to incorporate a given interface specification in a lower-level specification that accounts for interactions with and among sequential components. This construction generalizes the earlier formalism of system factorization [14] to include interface protocols. It expands on the objectives of high-level synthesis by considering control-synchronization loops in scheduling. This paper presents a specification language for sequential process interaction and develops an interpretation based on finite-state-machines. Operations of minimization, composition and complementation are defined; the last of these being the key to top-down decomposition. A small example is used to illustrate the ideas. Keyword Codes: B.4.3; B.4.4; F.3.1 Keywords: Input/Outp...

This paper presents a case study for using high-level programming techniques to support the migration of software into hardware. The example is a derived implementation of a symbolic processing machine. The design environment employs codesign to maintain consistency between an executable software model of the system and the individual hardware components that are extracted from it. The presentation focuses on the use of continuations to move from a procedural view of memory allocation to a process view. Our previous work has used functional models as a source for correct hardware derivation using a transformational algebra. The work reported here will result in extensions that deal more powerfully with the factorization of sequential subsystems.

Design and synthesis of DRAM based memory systems has been a difficult task in high-level system synthesis because of the relatively complex protocols involved. In this paper, we illustrate a method for topdown design of a DRAM memory interface using a transformational approach. Sequential decomposition of the DRAM memory interface entails extraction of a DRAM memory object from a system description that incorporates the read/write protocol and accounts for refresh cycles. We apply sequential decomposition to a non-trivial example, a formally derived realization of the Nqthm FM9001 microprocessor specification [1], called DDD-FM9001 [2]. 1 Introduction Derivation is a formalization of synthesis with more emphasis on "correct construction" than on design automation. Our tools are a set of transformations that are used to engineer an implementation from a specification, with each transformation accumulating information about the implementation. In a functional framework, a transformatio...

The FLaSH (Functional Languages for Synthesising Hardware) system allows a designer to map a high level functional language, SAFL, and its more expressive extension, SAFL+, into hardware. The system has two phases: first we perform architectural exploration by applying a series of semantics-preserving transformations to SAFL specifications; then the resulting specification is compiled into hardware in a resourceaware manner---that is, we map separate functions to separate hardware functional units (functions which are called multiple times become shared functional units).

This summary describes results in integrating formal derivational reasoning with low level verification. The reported work is part of a project to construct an FPGA realization of Hunt's FM9001 Microprocessor description by applying the DDD (Digital Design Derivation) System in conjunction with low level verification systems. The purpose is to study the interaction between derivation and verification in hardware design. The result of this work is a derived FM9001 implemented in FPGAs defined by a rigorous path to hardware which integrates both derivation and verification. 1 Introduction Philosophically, derivation and verification represent contrasting approaches to design. Derivation aims at deriving a "correct by construction" design. Verification aims at constructing a "proof of correctness" for a post factum design. However, as researchers and engineers gain design experience in a formal framework, both approaches are emerging as interdependent facets of design [12]. Experience sh...

A method of formally correct synthesis is presented, and applied to the automatic construction of pipelined processors. The method is based on a repertoire of elementary correctness-preserving transformations which are efficiently cross-checked by an independent formal verification tool. Basic pipelining strategies as well as automatic post-synthesis verification are provided. 1