Constructing Hardware/software Interface Using Protocol Converters

Shengchao Qin *
Department of Informatics
School of Mathematical Sciences
Peking University, Beijing, 100871, China
qinshc@pubms.pku.edu.cn

Zongyan Qiu
Department of Informatics
School of Mathematical Sciences
Peking University, Beijing, 100871, China
zyqiu@pku.edu.cn

Jifeng He †
International Institute for Software Technology
The United Nations University
UNU/IIST, P.O.Box 3058, Macau, China
jifeng@iist.unu.edu

Abstract

Hardware/software partition is a critical phase in hard-
ware/software co-design. This paper proposes a hybrid par-
titioning framework, in which we design a set of protocol
converters to construct the interface component between
the hardware and software components, and reuse the formerly
well-built partitioning rules by introducing protocol con-
verters and rewiting them for this hybrid framework. The
hardware components generated by our partitioning pro-
cess are coded directly in Verilog HDL, which greatly
facilitate the further compilation from it down to netlists.

Keywords: Hardware/software partition, protocol con-
verter, program algebra

1. Introduction

Hardware/software co-design is a design technique
which delivers computer systems comprising hardware and
software components. A critical phase of co-design pro-
cess is to partition the specification into hardware and soft-
ware parts. Meanwhile, an interface component should be
adopted to deal with the interactions between these parts.
Recently, some works have suggested the use of formal
methods for the partitioning process [1, 3, 15]. Balboni et al
([11]) adopt Occam as an internal model for the system ex-
ploration and partitioning strategy. Cheung ([3]) pursues the
structural transformation and verification within the func-
tional programming framework. However, neither has pro-
vided a formal proof for the correctness of the partitioning
process. In [15], Silva et al provide a formal strategy for
carrying out the splitting phase automatically, and presents
an correctness proof. However, their splitting phase delivers
many simple processes, and it's rather difficult to cluster and
join these small processes into the target hardware and soft-
ware components. Furthermore, additional channels and
local variables introducted in the splitting to accommodate
huge number of parallel processes actually increase the data
flow between the hardware and software components.

Our former work ([13]) proposes a formal partitioning
approach to hardware/software partition within a high-level
communicating language, where both the hardware and
software components are coded in the language. Due to
this fact, an obvious gap exists in compiling the hardware
specification down to netlists. In this paper, we'll bridge
this gap by partitioning the system's specification into a
software component coded in a high-level communicating
language, a hardware component coded in a hardware de-
scription language (such as, Verilog), and as well an inter-
face component to manage the interactions between hard-
ware and software. A hardware component of this form
will facilitate hardware compilation. Rather than construct
all these components and the partitioning rules from scratch
and then verify them in program algebra, we define a set of
protocol converters (inspired by [2]), from which we obtain
the interface component. Moreover, we derive new parti-
tioning rules directly from those ones in [13] by introducing
protocol converters and rewriting them. We prove the cor-
rectness of the protocol converters by the algebra for hybrid
programming languages ([4]), which ensures the correct-
ness of all the new partitioning rules.
The algebraic approach advocated in this paper has been successfully employed in the ProCoS project on “Provable Correct Systems” [8, 6]. Sampaio showed how to reduce the compiler design task to one of program transformation by program algebra [14]. Ian Page et al made rapid advance in the development of hardware compilation technique using an Occam-like language targeted towards Field Programmable Gate Arrays [12], and He Jiefeng et al provided a formal verification of the hardware compilation scheme within the algebra of Occam programs [5].

The remainder of this paper is organized as follows. Section 2 retrospects the original hardware/software partitioning framework and points out those parts that can be reused in the work presented here. Section 3 proposes the hybrid partitioning framework and poses the underlying architecture. In section 4, we define the protocol converters and provide the theoretical foundation for them. Section 5 shows how to gain the new partitioning rules from the original ones. A simple conclusion is presented in section 6.

2. Original Framework for Hardware/software Partitioning

This section is a brief introduction to our approach on hardware/software partitioning proposed in [13], which provides shades of results that can be reused, and can be regarded as a starting point of this work.

The hardware/software partitioning approach is pursued within a parallel communicating language, denoted by $\mathcal{L}$, which contains the following syntactic elements:

1. Sequential Process:

$$S := PC \mid S \cdot S \mid S \cdot S \cdot S \mid if \ b \ S \ else \ S \mid S \cap S \mid while \ b \ S \mid \langle g \ S \rangle$$

where $PC := \{x := e \mid skip \mid \text{chaos} \mid e!e \mid e?x \mid g$ is skip or a communication event $e!e$ or $d?x$.

2. Parallel Program:

$$P := S \mid P \parallel P \mid \text{var } x \cdot P$$

In later discussions, we adopt $\text{Var}(P)$ and $\text{Chan}(P)$ to denote the set of variables and channels employed by $P$, respectively.

Our former hardware/software partitioning process is illustrated in Figure 1. The specification to be partitioned is a sequential program within the language $\mathcal{L}$. A collection of syntax-based partitioning rules has been developed to partition the specification into hardware and software components.

It is required that both the hardware and software components satisfy the handshaking protocol [9, 10] and enjoy specially-chosen forms of our language $\mathcal{L}$.

The software component is chosen from the sequential subset of $\mathcal{L}$. It is a member of the set of processes $\text{CP}(B)$, for a given set of channels $B = \{cr_j, ca_j \mid j \in \Gamma\}$, where the set $\text{CP}(B)$ is the minimal set generated by following rules:

1. a communicating process $C$, which does not use any channel in $B$, but $\text{Chan}(C) \supseteq B$.

2. $cr_j \not\in C$, $ca_j \not\in C$, where $C$ is a member of $\text{CP}(B)$ not interacting via any channel in $B$.

3. $C_1 \cap C_2$, or $C_1 \not\subseteq C_2$, or $\not\exists j$ such that $C_j \cap C_2 = \emptyset$, where both $C_1$ and $C_2$ lie in $\text{CP}(B)$, for $i = 1, 2$.

4. $\not\exists j$ such that $C_j \not\subseteq C$, where $C$ is a member of $\text{CP}(B)$.

The hardware component is chosen from the set of processes $\text{H}(B')$, for a given set of channels $B' = \{cr_j', ca_j' \mid j \in \Gamma\}$, and the set of data variables $V = \{x_j, y_j \mid j \in \Gamma\}$. The set $\text{H}(B')$ is composed by the processes of the form:

$$D^B_{cr_j'} = \mu X \cdot (\lambda x \in \Gamma \exists x (\text{cr}_j' \not\in B' \mid \text{ca}_j' \not\in B' \mid x_j \not\in B' \mid \text{skip}))$$

where none of $M_j$ mentions channels in $B'$. The communicating process $D^B_{cr_j'}$ represents a digital device which offers a set of services, each of which responds to a request.
from its environment on an input channel \( c_{r_2} \) by running the corresponding program \( M_j \) and delivering the result to the output channel \( c_{a_2} \) afterwards.

To simplify the interface design, in \cite{13}, we confined the interactions between the hardware and software components to the communications along the channels from the set \( B' \). However, in general, the hardware component is chosen from \( H_B(B') \), which employs a different set of channels \( B' \). Thus, an explicit interface component is needed to deal with the interaction between hardware and software. Such an interface is of the form

\[
\begin{align*}
c \cdash c(B, B') &= q \mu X \cdot \langle \forall i \in I \{ c_{r_i} \} \text{ s.t. } x_i; c_{r_i}' \cdot x_i; c_{a_i}' \cdot y_i; c_{a_i} \cdot y_i; X \} \downarrow \text{skip} \rangle \\
n &\text{that passes the request along a channel } c_{r_i} \text{ into the corresponding channel } c_{r_i}' \text{, then delivers the acknowledgement from a channel } c_{a_i}' \text{ back into } c_{a_i}. \text{ The notion } c \cdash c \text{ means "from channel-based to channel-based".}
\end{align*}
\]

The syntax-based hardware/software partitioning rules were developed in two different styles: the bottom-up and top-down. We illustrate some as follows.

**Bottom-up Rule for Sequential Composition**

\[
\begin{align*}
\text{Split}(S_1, C_1, D), i = 1, 2 & \quad \text{Var}(S_1) = \text{Var}(S_2) \\
\text{Chan}(C_1) &= \text{Chan}(C_2) \\
\text{Split}(S_1; S_2, C_1, C_2, D) &
\end{align*}
\]

**Bottom-up Rule for Conditional**

\[
\begin{align*}
\text{Split}(S_1, C_1, D), i = 1, 2 & \quad \text{Var}(S_1) = \text{Var}(S_2) \\
\text{Chan}(C_1) &= \text{Chan}(C_2) \\
\text{Var}(b) \subseteq \text{Var}(C_1) &
\end{align*}
\]

**Top-down Rule for Iteration**

\[
\begin{align*}
\text{Split}(S, C, D) & \quad \text{Var}(b) \subseteq \text{Var}(C) \\
\text{Split}(\text{while } b \text{ S}, \text{ while } b \text{ C, D}) &
\end{align*}
\]

**Bottom-up Rule for Non-deterministic Choice**

\[
\begin{align*}
\text{Split}(S_1, C_1, D), i = 1, 2 & \quad \text{Var}(S_1) = \text{Var}(S_2) \\
\text{Chan}(C_1) &= \text{Chan}(C_2) \\
\text{Split}(S_1 \cap S_2, C_1 \cap C_2, D) &
\end{align*}
\]

**Top-down Rule for Sequential Composition**

\[
\begin{align*}
\text{Split}(S_1, C_1, D), i = 1, 2 & \quad \text{Var}(S_1) = \text{Var}(S_2) \\
\text{Chan}(S_1) &= \text{Chan}(S_2) \\
\text{consist}(D_1, D_2) &
\end{align*}
\]

### Top-down Rule for Conditional

\[
\begin{align*}
\text{Split}(S_1, C_1, D), i = 1, 2 & \quad \text{Var}(S_1) = \text{Var}(S_2), \text{ Chan}(S_1) = \text{Chan}(S_2) \\
\text{consist}(D_1, D_2), \text{ Var}(b) \subseteq \text{Var}(C_1) &
\end{align*}
\]

\[
\text{Split}_{B \cup B'}(S_1, \text{ if } b \text{ S}_1 \text{ else } S_2, \text{ if } b \text{ C}_1 \text{ else } C_2, \text{ union}(D_1, D_2))
\]

where the predicate \( \text{Split}(S, C, D) \) is defined in \cite{13}, which specifies that the process with \( C \) and \( D \) in parallel is a refinement of the specification \( S \), the predicate \( \text{consist}(D_1, D_2) \) indicates that \( D_1 \) and \( D_2 \) employ the same set of variables and the same set of external channels, i.e., the channels not used for communications with the software component. \( \text{union}(D_1, D_2) \) represents a device providing the union set of services supplied by both \( D_1 \) and \( D_2 \).

The complete set of rules can be reached in \cite{13}. Based on those rules and the new interface we will construct, we can generate the new partitioning rules within a hybrid parallel language framework, where the software component is written in a high level communicating language as above, however, the hardware component is coded within a hardware description language (HDL) as Verilog, which will facilitate the hardware synthesis.

### 3. The Hybrid Partitioning Architecture

This section presents our hybrid partitioning framework, in which we will partition a specification coded in the sequential subset of \( \mathcal{L} \) into three components: a software component owning the same form as that in our former work, a hardware component written in the Verilog HDL, and an interface component to tackle the interactions between hardware and software.

It is worth noting that the hardware and software component will adopt different communicating mechanisms, the signal-based communicating mechanism and the channel-based one respectively. Due to this fact, the partitioning framework is called hybrid(\cite{4}), and the interface component proves to be critical in the sense that it transforms information between two processes under different protocols.

For ease of understanding, we give the source language and the target ones separately, instead of the whole framework. Our source language is the sequential subset of the language \( \mathcal{L} \) defined in Section 2.

The software component generated by our partitioning process will own the same form as that in the original framework, i.e., will be a member of the set of communicating processes \( CP(B) \), for the given channel set \( B \) as defined earlier, which communicates with the environment via communications on channels.

However, the hardware component delivered by our partitioning process will enjoy a quite different form from that
in the approach described in Section 2. It will be a specially chosen process from Verilog HDL, rather than a process in $L$.

Given a set of signal variables $E = \{e_{ri}, ea_i \mid i \in I\} \cup \{\text{ter}\}$, and a set of data variables $V = \{x_i, y_i \mid i \in I\}$, we define a set of processes $D(E, V)$, which is composed by processes of the following form:

$$D^E = \{B \mid \mu X \cdot (\{ \forall e_{ri} (\text{@er}_i \cdot M_i(x_i, y_i) \rightarrow ea_i \cdot X) \} (\text{@ter} \cdot \text{skip}) \}$$

where $\text{@er}_i$ and $\text{ea}_i$ are respectively an input signal and an output signal in Verilog. The signal $\text{ter}$ is used for synchronized termination. Each $M_i(x_i, y_i)$ has input parameter $x_i$ and output parameter $y_i$, and is a member of the set of Verilog processes $MP(V)$, which is constructed by the following rules:

1. $v := e$, or skip, or chaos, where no signal variables from $E$ occur in $v$ or $e$;
2. $M, M'$, or if $b$ then $M$, else $M'$, or while $b$, where $M, M' \in MP(V)$.

The signal-driven process $D_E$ represents a digital device which offers a set of services to its environment, each of them responds to a request from its environment via an input signal $e_{ri}$ by running the corresponding program $M_i$, then putting the result to variable $y_i$ and delivering an acknowledgement through the output signal $ea_i$ afterwards.

Since the hardware and software components adopt different communication mechanisms, the interface component to tackle their interactions should enjoy a hybrid form and convert information between these two levels.

4. The Interface Component as a Protocol Converter

This section pursues the construction of the interface component. From the hybrid architecture mentioned above, we know that the interface component plays an essential role between the hardware and software as a protocol converter (I2)). Rather than construct the interface straightforwardly, we derive it indirectly from our original work by splitting the interface process into two parallel processes, which as well inspires us to obtain the complete set of partitioning rules from that in [13] without redefining them from scratch.

4.1. Protocol Converters

We define several protocol converters in this subsection, one of which will be adopted as the interface component between hardware and software within our partition framework.

First of all, we denote six sets that will be used frequently in following discussions:

- sets of channel names: $B = \{e_{ri}, ea_i \mid i \in I\}$, and $B' = \{e_{r'i}', ea_i' \mid i \in I\}$;
- sets of signal variables: $E = \{e_{ri}, ea_i \mid i \in I\} \cup \{\text{ter}\}$, and $E' = \{e_{r'i}', ea_i' \mid i \in I\} \cup \{\text{ter}'\}$;
- sets of data variables: $V = \{x_i, y_i \mid i \in I\}$, and $V' = \{x_i', y_i' \mid i \in I\}$.

The protocol converters are defined as follows.

**Definition 4.1 (Protocol Converters)**

The process $c-c(B, B')$ is a converter between two communicating protocols on $B$ and $B'$, respectively:

$$c-c(B, B') = \mu X \cdot \left( \{ \forall e_{ri} (e_{ri} \rightarrow e_{r'i} \cdot \text{ea}_i \rightarrow \text{ea}_i') \} (\text{ter} \cdot \text{skip}) \right)$$

Similarly, the process $s-s(E, E')$ converts a signal-driven protocol concerned with signals on $E$ into that with respect to signals on $E'$:

$$s-s(E, E') = \mu X \cdot \left( \{ \forall e_{ri} (e_{ri} \rightarrow e_{r'i}) \cdot \text{ea}_i \rightarrow \text{ea}_i') \} (\text{ter} \cdot \text{ter}') \right)$$

The two protocol converters to appear convert between protocols on two different levels. The process $c-sv(B, E)$ converts a communicating protocol on $B$ into a signal-driven protocol on $E$, whereas the process $s-cv(B, E)$ is the reverse. The data variables from $V$ are used to hold the information delivered by communication events:

$$c-sv(B, E) = \mu X \cdot \left( \{ \forall e_{ri} (e_{ri} \rightarrow e_{r'i} \cdot \text{ea}_i') \} (\text{skip} \rightarrow \text{ter}) \right)$$

$$s-cv(E, B) = \mu X \cdot \left( \{ \forall e_{ri} (e_{ri} \rightarrow e_{r'i}) \cdot \text{ea}_i \} (\text{ter} \cdot \text{skip}) \right)$$

**Theorem 4.2 (Compositionality of Protocol Converters)**

Each of the protocol converters mentioned above is a parallel composition of other two.

1. $c-c(B, B') = c-sv(B, E) \parallel s-cv(E, B')$, provided all variables in $E$ and $V$ are local ones only shared by $c-sv(B, E)$ and $s-cv(E, B')$;
2. $s-s(E, E') = s-cv(E, B) \parallel c-sv(B, E')$, provided all channels in $B$ are local ones only shared by $s-cv(E, B)$ and $c-sv(B, E')$;
3. $c-sv(B, E) = c-c(B, B') \parallel c-sv(B', E)$, provided channels in $B'$ are only used to perform communication between $c-c(B, B')$ and $c-sv(B', E)$;
Figure 2. Protocol converter and interface derivation

\[ s-c_v(E, B) = s-s(E, E') \parallel s-c_v(E', B), \]
provided variables in \( E' \) are only shared by \( s-s(E, E') \) and \( s-c_v(E', B) \).

Theorem 4.2 explores the compositionality of protocol converters. As a by-product, it inspires us the way to derive the hybrid interface from the original one, and as well to compose the new hardware component under Verilog from that under \( L \).

**Theorem 4.3 (Hardware Derivation)** The hardware component on different levels (defined in last two sections) can be derived from one another by protocol converters.

1. \( D^c_{B'} = s-c_v(B, E) \parallel D^c_B \), provided signal variables from \( E \) are local ones only shared by \( c-s_v(B, E) \) and \( D^c_B \).

2. \( D^c_{B'} = s-c_v(E, B') \parallel D^c_B \), provided channels in \( B' \) are only used by \( s-c_v(E, B') \) and \( D^c_B \) to arrange their interactions.

Theorem 4.3 shows that the new hardware component \( D^c_{B'} \) in Verilog HDL can be constructed from the communicating one \( D^c_B \) and a protocol converter. As well it reveals the way to generate the partitioning rules directly from the original ones. The interface and hardware derivation process is shown in Figure 2, where 1-1 denotes the new interface component, the dotted-box represents the new hardware component which hides those channels from \( B' \).

**4.2. Algebraic Proofs**

We present the proofs for theorem 4.2 and 4.3 using program algebra in this subsection.

In addition to the algebraic laws mentioned in [13, 7, 4], we investigate the following laws, which will be used in the proofs later on.

The first law is an expansion law for the hybrid programming language([4]).

**HL1 (hgc-expaan, hybrid guarded choice expansion)**

Let \( G_1 = \bigwedge_{i \in I} (g_i; P_i) \) and \( G_2 = \bigwedge_{j \in J} (h_j; Q_j) \), where \( g_i \) and \( h_j \) are of the form \( \text{ch} ! e \), or \( \text{ch} ? x \), or skip, or output event \( \rightarrow ev \), or input event \( @ev \), for all \( i \in I \) and \( j \in J \).

Let \( g \) and \( h \) denote the disjunction of all input event guards in \( G_1 \) and \( G_2 \), respectively. Then \( G_1 \parallel G_2 = \bigwedge_{i=1}^n (k_r; R_r) \), where the pairs \( (k_r, R_r) \) are precisely all possibilities from the following:

1. \( R_r = P_i \parallel G_2 \), and \( k_r = g_i = \text{skip} \) or \( k_r = g_i = \text{ch} ! e \) or \( k_r = g_i = \text{ch} ? x \), where \( ch \notin \text{Chan}(G_2) \), or \( k_r = g_i = \rightarrow ev \), or \( k_r = g_i = \neg h \), and \( g_i = \@ev \).

2. \( R_r = G_1 \parallel Q_j \), and \( k_r = h_j = \text{skip} \) or \( k_r = h_j = \text{ch} ! e \) or \( k_r = h_j = \text{ch} ? x \), where \( ch \notin \text{Chan}(G_1) \), or \( k_r = h_j = \rightarrow ev \), or \( k_r = h_j = \neg g \), and \( h_j = \@ev \).

3. \( R_r = P_i \parallel Q_j \), and \( k_r = g_i \land h_j \), and \( g_i = \@ev \) and \( h_j = \@ev \).

4. \( R_r = x := e; (P_i \parallel Q_j) \), and \( k_r = \text{skip} \), and \( g_i = \text{ch} ! e \), and \( h_j = \text{ch} ? x \), or \( g_i = \text{ch} ? x \), and \( h_j = \text{ch} ! e \).

The second and third laws deal with two special cases with regard to signals.

**HL2 (eg-elim, event guards elimination)**

Let \( P = G \parallel \{ @ev; Q \} \), where \( G \) is a guarded choice, and \( ev \) is not a shared variable between \( P \) and its environment, then \( P = G \).

**HL3 (self-trig)**

Let \( P = \rightarrow ev; \{ @ev; Q \} \parallel G \), where \( ev \) is not shared by the environment of \( P \), and none of guards in \( G \) mentions \( ev \), then \( P = \text{skip}; Q \).

The following lemma is needed later in the proof of theorem 4.3.

**Lemma 4.4** Let \( P = M; P_1 \), where \( M \in MP(V) \), and \( G \) be a guarded choice construct not containing output guards of the kind \( \rightarrow e \), where all guards in \( G \) are only shared by
$P$ and $G$, then we have

$$P \parallel G = M; (P_1 \parallel G).$$

It can be proved by a simple structural induction on $M$.

Now we can prove the theorems mentioned in last subsection.

The proof of theorem 4.2

(1). For brevity, we denote $c-sv(B, E)$ as $c-s$ and $s-cv(E, B')$ as $s-c$.

RHS

$$\{(hgc-expan), (eg-elimi)\}
= \int_{E} (cr_i ? x_i; (\rightarrow er_i; @ea_i; ca_i \rightarrow y_i; c-s \parallel s-c)) \parallel \text{skip}
= \int_{E} ((cr_i ? x_i; \text{skip}; @(ea_i; ca_i \rightarrow y_i; c-s) \parallel (cr_i' ! x_i; ca_i' ! y_i; \rightarrow ea_i; s-c))) \parallel \text{skip}
= \int_{E} ((hgc-expan), (eg-elimi))
= \int_{E} ((cr_i ? x_i; cr_i' ! x_i; ca_i' ! y_i; c-s) \parallel (ea_i; s-c)) \parallel \text{skip}
= \int_{E} ((hgc-expan), (eg-elimi), (self-trig))
= \int_{E} ((cr_i ? x_i; cr_i' ! x_i; ca_i' ! y_i; c-s) \parallel (ea_i; s-c)) \parallel \text{skip}
= \int_{E} ((hgc-expan), (eg-elimi))
= \int_{E} (\{\text{unique fixed point for guarded recursion}\})
= \text{LHS}
$$

(2). Similar to (1).

5. Partitioning Rules in the Hybrid Framework

This section aims to generate hardware/software partitioning rules within the hybrid framework from those ones in [13] by using protocol converters.

To specify the partitioning rules, we introduce a new predicate $\text{Split}_B(S, C, c-sv, D_E)$ which is defined by:

$$\text{Split}_B(S, C, c-sv, D_E) = \{$$

where the predicate $\text{Split}_B$ is defined in [13] and is explained in section 2.

The following lemma is directly from theorem 4.3.

Lemma 5.1 We have

$$\text{Split}_B(S, C, D_E) \text{ implies } \text{Split}_B(S, C, c-sv, D_E).$$

Based on this lemma, we generate all bottom-up rules straightforwardly as follows.

Bottom-up Rule for Sequential Composition

$$\text{Split}_B^S\left(S_1, C_1, c-sv, D_E\right), i = 1, 2$$

$$\text{Var}(S_1) = \text{Var}(S_2)$$

$$\text{Chan}(C_1) = \text{Chan}(C_2)$$

$$\text{Split}_B^S(S_1; S_2, C_1, C_2, c-sv, D_E)$$

Bottom-up Rule for Conditional

$$\text{Split}_B^S\left(S_1, C_1, c-sv, D_E\right), i = 1, 2$$

$$\text{Var}(S_1) = \text{Var}(S_2)$$

$$\text{Chan}(C_1) = \text{Chan}(C_2)$$

$$\text{Var}(b) \subseteq \text{Var}(C)$$

$$\text{Split}_B^S(b \mid S_1 \text{ else } S_2, C_1, c-sv, D_E)$$

Bottom-up Rule for Iteration

$$\text{Split}_B^S(S, C, c-sv, D_E), \text{Var}(b) \subseteq \text{Var}(C)$$

$$\text{Split}_B^S(\text{while } b \text{ S, while } b C, c-sv, D_E)$$
When \( \text{Var}(b) \cap \text{Var}(D) \neq \emptyset \), we will introduce a local variable \( lb \), and rewrite the conditional and iteration into the forms

\[
\begin{align*}
\text{var } lb & \bullet (lb := b; \text{ if } lb \ S_1 \text{ else } S_2), \\
\text{var } lb & \bullet (lb := b; \text{ while } lb (S; lb := b))
\end{align*}
\]

respectively by the laws in [13].

**Bottom-up Rule for Non-deterministic Choice**

\[
\frac{\text{Split}_{\text{B}}(S_i, C_i, c\rightarrow_{V_i}, D_{V_i}^C), \ i = 1, 2 \quad \text{Var}(S_1) = \text{Var}(S_2) \quad \text{Chan}(C_1) = \text{Chan}(C_2)}{\text{Split}_{\text{B}}(S_1 \cap S_2, C_1 \cap C_2, c\rightarrow_{V_i}, D_{V_i}^C)}
\]

**Bottom-up Rule for Guarded Choice**

\[
\frac{\text{Split}_{\text{B}}(S_i, C_i, c\rightarrow_{V_i}, D_{V_i}^C), \ i = 1, 2 \quad \text{Var}(S_1) = \text{Var}(S_2) \quad \text{Chan}(C_1) = \text{Chan}(C_2) \quad \text{Var}(g_i) \subseteq \text{Var}(C_i) \quad \text{Chan}(g_i) \subseteq \text{Chan}(C_i), \ i = 1, 2}{\text{Split}_{\text{B}}(\{(g_1, S_1), (g_2, S_2), (g_1, C_1), (g_2, C_2), c\rightarrow_{V_i}, D_{V_i}^C\})}
\]

Before presenting the top-down partitioning rules, we introduce some notations and abbreviations which will be frequently used in the forthcoming rules.

Let

\[
\begin{align*}
E_i = & \{ \text{er}_j, \text{ea}_j \mid j \in I_i \} \cup \{ \text{ter} \}, \ i = 1, 2 \\
B_i = & \{ \text{er}_j, \text{ca}_j \mid j \in I_i \}, \ i = 1, 2 \\
V_i = & \{ x_j, y_j \mid j \in I_i \}, \ i = 1, 2
\end{align*}
\]

For simplicity, from now on, we will always assume that

\[
E_1 \cap E_2 = \{ \text{ter} \}, \ B_1 \cap B_2 = \emptyset, \ V_1 \cap V_2 = \emptyset.
\]

Given \( c\rightarrow_{V_i}(B_i, E_i) \), for \( i = 1, 2 \), we define

\[
c\rightarrow = \bigcup c\rightarrow_{V_1 \cup V_2}(B_1 \cup B_2, E_1 \cup E_2).
\]

Given

\[
D_{V_i}^C = \mu X \bullet \left( \{ @\text{er}_j; M_j(x_j, y_j); @\text{ea}_j; X \} \right),
\]

for \( i = 1, 2 \), we define

\[
\text{ExtVar}(D_{V_1}^C) = @D \text{Var}(D_{V_1}^C) \cup (E_i \cup V_i),
\]

\[
D = \text{merge}(D_{V_1}^C, D_{V_2}^C) = @D
\]

\[
\mu X \bullet \left( \{ @\text{er}_j; M_j(x_j, y_j); @\text{ea}_j; X \} \right) @\{
\{ @\text{ter}; \text{skip} \}
\]

Now it's time to present the top-down rules in our new partitioning framework.

**Top-down Rule for Sequential Composition**

\[
\begin{align*}
\text{Split}_{\text{T}}(S_i, C_i, c\rightarrow_{V_i}, D_{V_i}^C), \ i = 1, 2 \quad \text{Var}(S_1) = \text{Var}(S_2) \quad \text{Chan}(C_1) = \text{Chan}(C_2) \quad \text{ExtVar}(D_{V_1}^C) = \text{ExtVar}(D_{V_2}^C)
\end{align*}
\]

\[
\frac{\text{Split}_{\text{T}}(S_1, C_1, c\rightarrow_{V_1}, D_{V_1}^C), \ i = 1, 2 \quad \text{Var}(S_1) = \text{Var}(S_2) \quad \text{Chan}(C_1) = \text{Chan}(C_2) \quad \text{ExtVar}(D_{V_1}^C) = \text{ExtVar}(D_{V_2}^C)}{\text{Split}_{\text{T}}(S_1 \cap S_2, C_1 \cap C_2, c\rightarrow_{V_i}, D_{V_i}^C)}
\]

**Top-down Rule for Conditional**

\[
\frac{\text{Split}_{\text{T}}(S_i, C_i, c\rightarrow_{V_i}, D_{V_i}^C), \ i = 1, 2 \quad \text{Var}(S_1) = \text{Var}(S_2) \quad \text{Chan}(C_1) = \text{Chan}(C_2) \quad \text{ExtVar}(D_{V_1}^C) = \text{ExtVar}(D_{V_2}^C) \quad \text{Var}(b) \subseteq \text{Var}(C_1)}{\text{Split}_{\text{T}}(S_1 \cup S_2, C_1 \cup C_2, c\rightarrow_{V_i}, D_{V_i}^C)}
\]

**Top-down Rule for Non-deterministic Choice**

\[
\frac{\text{Split}_{\text{T}}(S_i, C_i, c\rightarrow_{V_i}, D_{V_i}^C), \ i = 1, 2 \quad \text{Var}(S_1) = \text{Var}(S_2) \quad \text{Chan}(C_1) = \text{Chan}(C_2) \quad \text{ExtVar}(D_{V_1}^C) = \text{ExtVar}(D_{V_2}^C) \quad \text{Var}(g_i) \subseteq \text{Var}(C_1) \quad \text{Chan}(g_i) \subseteq \text{Chan}(C_1), \ i = 1, 2}{\text{Split}_{\text{T}}(S_1 \cap S_2, C_1 \cap C_2, c\rightarrow_{V_i}, D_{V_i}^C)}
\]

**Top-down Rule for Guarded Choice**

\[
\frac{\text{Split}_{\text{T}}(S_i, C_i, c\rightarrow_{V_i}, D_{V_i}^C), \ i = 1, 2 \quad \text{Var}(S_1) = \text{Var}(S_2) \quad \text{Chan}(C_1) = \text{Chan}(C_2) \quad \text{ExtVar}(D_{V_1}^C) = \text{ExtVar}(D_{V_2}^C) \quad \text{Var}(g_i) \subseteq \text{Var}(C_1) \quad \text{Chan}(g_i) \subseteq \text{Chan}(C_1), \ i = 1, 2}{\text{Split}_{\text{T}}(S_1 \cap S_2, C_1 \cap C_2, c\rightarrow_{V_i}, D_{V_i}^C)}
\]

6 Conclusion

Hardware/software partition is a critical phase, and as well a challenging issue in hardware/software co-design process. One possible way to cope with the specification of hardware, software and the interface between them separately, but this approach can hardly ensure that the composition of the three separate specifications satisfy the original requirement. In this sense, the co-specification of hardware, software and their interface has its superiority. In [13], we proposed a formal model for hardware/software partition within Occam algebra, in which a collection of provable partitioning rules have been explored. In that model, the interactions between hardware and software components appear very simple, due to the fact that they are both coded within the same high level communication language, which, on the other hand, reflects there exists a wide gap between our hardware component and the low level hardware description needed in later hardware synthesis phase.
In this paper, we refine the original partition approach and try to produce the hardware component coded directly in Verilog HDL. We adopt a hybrid partitioning framework, in which our partitioning process generates from the original system specification (a high level source program) three components: the software component in the high level communication language, the hardware component coded in Verilog HDL, and a hybrid interface component to cope with their interactions. Rather than construct partitioning rules in the new framework from scratch and then verify them, we introduce a set of protocol converters, from which we derive the new rules directly from the well-built ones in [13], and generate the new interface component together with the new hardware component.

Such an approach owns at least two merits: firstly, the original proved partitioning rules in our former model can be reused, and the proofs for the new rules become straightforward; secondly, the new hardware component is directly coded in Verilog HDL, which will facilitate the compilation from it down to the low level synthesizable description. However, the further synthesis of the interface component is still a challenging issue, which should be part of our future work. As other future work, we shall reconfigure and reorganize the hardware component so as to optimize it and reuse its sub-components. Certain algebraic transformations shall be conducted to link our hardware component with the hardware specification to be compiled in [11] using Verilog algebra.

References


