Our research group at Indiana University is investigating a formalization of digital system design that is based on functional algebra. We have developed a transformation system called DDD to facilitate this study. DDD stands for digital design derivation; the system is used interactively to translate higher level speci cations into hierarchical boolean systems, to which logic synthesis tools are then applied. In this paper, we take a detailed look at how the system is used. In two examples, we examine the sequence of intermediate expressions produced as an implementation is derived. We discuss how these expressions are used at strategic levels of thinking. We illustrate how the choice of target technology in uences the tactical course of derivation. Throughout, we try to give a sense of how functional abstractions are

Derivation and verification represent alternate approaches to design. Derivation aims at deriving a "correct by construction" design while verification aims at constructing a post factum "proof of correctness" for a design. However, as researchers and engineers gain design experience in a formal framework, both approaches are emerging as interdependent facets of design. The thesis of this work is that alternate forms of formal reasoning must be integrated if formal methods are to support the natural analytical and generative reasoning that takes place in engineering practice. As a vehicle for this research, the DDD digital design derivation system was implemented to study formal hardware design in an algebraic framework. DDD is a first-order transformation system which mechanizes a basic design algebra for synthesizing digital circuit descriptions from high-level functional specifications. The system is a collection of correctness preserving transformations that promote a topdown desig...

syntax for design annotations : : : : : : : : : : : : : : : : : 45 4.3 Semantic algebras for design annotations : : : : : : : : : : : : : : : : 46 4.4 Semantic algebras, continued : : : : : : : : : : : : : : : : : : : : : : : 47 4.5 Valuation functions for design annotations : : : : : : : : : : : : : : : 48 4.6 Devices : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 50 5.1 Constant dummy in the basic library : : : : : : : : : : : : : : : : : : 58 5.2 Interconnection devices in the basic library : : : : : : : : : : : : : : : 58 5.3 Devices in the comp library : : : : : : : : : : : : : : : : : : : : : : : 59 5.4 Timing analysis of the design in session box 7 : : : : : : : : : : : : : 66 5.5 Scheduling the design in session box 7 : : : : : : : : : : : : : : : : : : 67 5.6 The design after session box 8 : : : : : : : : : : : : : : : : : : : : : : 68 5.7 The design after session box 15 : : : : : : : : : : : : : : : : : : : : : 74 5.8 The design after session box 16 : : :...

In a formalism of top-down design, we consider the decomposition of behavioral specifications into interacting sequential components. The higher level of description specifies the operations to be performed in a major computation step. The goal is to incorporate a given interface specification in a lower-level specification that accounts for interactions with and among sequential components. This construction generalizes the earlier formalism of system factorization [14] to include interface protocols. It expands on the objectives of high-level synthesis by considering control-synchronization loops in scheduling. This paper presents a specification language for sequential process interaction and develops an interpretation based on finite-state-machines. Operations of minimization, composition and complementation are defined; the last of these being the key to top-down decomposition. A small example is used to illustrate the ideas. Keyword Codes: B.4.3; B.4.4; F.3.1 Keywords: Input/Outp...

In this paper we propose a design strategy that exploits the strengths of different formal approaches to establish a reliable path from a mechanically verified high-level description to a concrete gate-level realization. We demonstrate the use of this approach in the realization of a fault-tolerant clock synchronization circuit. We used the Digital Design Derivation system (DDD) to derive major portion of the design leaving relatively small portions to be verified either by use of a mechanical theorem prover (PVS) or by demonstrating boolean equivalence using Ordered Binary Decision Diagrams. DDD allows the designer to isolate areas of the design space where mechanized proof support can be most effectively applied, while maintaining the overall integrity of the development process. The interface between the different systems has not yet been completely formalized but we believe that our approach will provide an effective design path from high-level specifications to concrete realizatio...

This summary describes results in integrating formal derivational reasoning with low level verification. The reported work is part of a project to construct an FPGA realization of Hunt's FM9001 Microprocessor description by applying the DDD (Digital Design Derivation) System in conjunction with low level verification systems. The purpose is to study the interaction between derivation and verification in hardware design. The result of this work is a derived FM9001 implemented in FPGAs defined by a rigorous path to hardware which integrates both derivation and verification. 1 Introduction Philosophically, derivation and verification represent contrasting approaches to design. Derivation aims at deriving a "correct by construction" design. Verification aims at constructing a "proof of correctness" for a post factum design. However, as researchers and engineers gain design experience in a formal framework, both approaches are emerging as interdependent facets of design [12]. Experience sh...

We present a formal method for the verification of regular VLSI architectures. In our method, the behavioral specification of the chip and its implementation are first expressed in Alpha, a language for the design of regular synchronous architectures. The behavioral specification is refined down to an abstract architecture description, while the implementation is simplified by induction techniques up to the same abstract architecture level. Verification is then done by matching both descriptions. This method has been successfully applied to check the correctness of a 300.000 transistor VLSI systolic chip named Api69 for sequence comparison. Proc. Int. Conf. on Application Specific Array Processors, San Francisco, IEEE Computer Society Press, August 1994, pp. 164--176 1: Introduction Traditionally, hardware systems have been validated by means of simulation. This method is limited, as it is difficult to achieve 100% fault coverage. This is the reason why formal verification is being ...

This 2-year project description is part of the Digital Design Derivation Project of the Hardware Methods Laboratory, Computer Science Department, Indiana University.

Abstract not found