Evaluating the structure
val mux_model_list = [Mux_def, Auxmux_def, M1_def, M2_def,
ctrl_and_def, not_ctrl_and_def, toTime_def, map, Mem, Null_def, Id_def, o_DEF, Foldr, ||_def, id_def, Fork_def, el, Select_def, toTime_def, Tail_def, Bitwise_def, append, hd, tl];
val mux_conv = SIMP_CONV list_ss (mux_model_list);
val MUX_CONV = SIMP_CONV std_ss [DISJ_IMP_THM, FORALL_AND_THM, UNWIND_FORALL_THM1, length, hd, tl, Foldr, map2]);
``Mux [[ck]; [ctrl]] [[a0; a1]; [b0; b1]]``;
mux_conv it;
RIGHT_CONV_RULE(SIMP_CONV std_ss [ONE]) it; RIGHT_CONV_RULE(mux_conv) it;
RIGHT_CONV_RULE(REWRITE_CONV [CheckLength_def, map, append]) it; RIGHT_CONV_RULE(MUX_CONV) it;
> val it =
` Mux [[ck]; [ctrl]] [[a0; a1]; [b0; b1]] =
[[RE ck (~ctrl ∧ b0 ∨ ctrl ∧ a0);
RE ck (~ctrl ∧ b1 ∨ ctrl ∧ a1)]] : thm
We use conversion (mux conv) designed specifically around the definition of func- tions used in the Mux definition, and the combinators for circuit construction defined at Level 1 and Level 0. In the specific example of Mux we also have another conver-
sion MUX CONV that helps to simplify the terms with quantifiers over implications and
connectors, by making use of in-built theoremsDISJ IMP THMand FORALL AND THM, and
UNWIND FORALL THM1.
In the next section, we show how to interpret the delay elements and evaluate the circuits for their behaviour in HOL.
6.7
Simulating models in HOL – interpreting time
So far we have shown how to model circuits using the circuit constructing combinators and functional blocks inFSM∗, in a type safe manner ensuring that the resulting circuit model has symmetry. We also showed how we model delay elements, and combine them to produce circuits that have symmetry and delay as well.
In this section, we will present a method of interpreting these circuits in HOL, for evaluating their behaviour. This is done by using an ML function that does some pre- processing, followed by conversions in HOL to complete the simulation.
The task of the ML function is to take a circuit term written in the HOL logic (using the combinators of FSM∗) and return another term in the HOL logic, which is the equivalent definition of circuit, but that can be now simulated over streams. Thus the
6.7. Simulating models in HOL – interpreting time 87 ML function looks at the right-hand side of the definition of the circuit, a HOL term with the HOL type bool list list → bool list list → bool list list, and returns another HOL term that is an interpretation of the original circuit definition, with the following type
(num →(bool list)list)→(num →(bool list)list)→(num →(bool list)list) The ML function works by systematically applying a HOL function toTime, to the right hand side of the circuit definition, and for a given time pointt, delays the sequence of symmetric and non-symmetric inputs, if they are in the cone of a delay primitive. Thus the intended behaviour of a delay element is captured by delaying the sequences of inputs. If there are no delay elements, then the input sequences are not delayed. The result of applying toTime and delaying the sequence of inputs is another term in HOL that models the behaviour of the original circuit definition.
For a given sequence of symmetric inputs, non-symmetric inputs, and time, if the behaviour of the circuit needs to be determined, one can simply rewrite the circuit term with the definitions of toT ime, definitions of delay primitives such as RE, andAH, and other circuit combinators. We do not show the implementation of the ML function here, since it is simply a term processing step which is done easily by using the built-in ML term construction and destruction functions.
Structured Models Simulatable models in HOL HOL function FSM* ML preprocessor + Equivalent
Figure 6.7: Interpreting structured models for simulation in HOL.
Now we show the definition of the functiontoTime. Definition 6.23. Interpreting circuits temporally
toT ime (c:bool list list → bool list list) σsym (t:num) =c (σsym t)
6.7. Simulating models in HOL – interpreting time 88 One interesting property we want to establish is that all circuits inFSM∗ that have the symmetry expressed by Sym, their equivalent interpreted version on streams has symmetry as well. To define a mathematical definition of symmetry of circuits over streams, we need the concept of applying the permutation on a sequence of Boolean streams, and the notion of length invariance for the sequence. The latter is needed to establish that the length of the buses in symmetric inputs, stays equal for all time points. The function apply applies a permutation (swap) on the sequence of list of buses. Definition 6.24. Applying a swap on a sequence
apply π σ t = map π (σ t)
The predicate length inv states that for all time points the list of buses should have each bus of equal length.
Definition 6.25. Length invariant of sequence length inv σ =∀t. CheckLength(σ t)
Now we can present the definition of symmetry of circuits, interpreted over Boolean streams. The definition captures the notion of structural symmetry. The behaviour of the circuit stays constant, under permutations of input and output states, over all time points.
Definition 6.26. Symmetry for timed versions of circuits Symτ (c: (num →bool list list)→(num →bool list list)) =
∀σsym. length inv σsym ⊃
∀t i j.map(swap(i, j))(c σsym t) =c (apply(swap(i, j)) σsym) t The next lemma articulates the connection between symmetries in the two worlds, the world of FSM∗, where the time is denoted by delay primitives, and the world where circuits are interpreted over streams. The merit of this lemma lies in showing that by interpreting the circuits over streams, using the function toTime, does not destroy the symmetry of the circuit. Thus the two circuit models with the different type are equivalent because they both have symmetry. This is shown in Figure 6.7.
Lemma 6.34. Relation between Sym and Symτ ` ∀c. (Sym c) ⊃ Symτ (toT ime c)
Proof outline: Proof takes place by rewriting with the definitions ofSym,Symτ,toTime,
length inv and apply.
Thus having established the relation between two different symmetries, we can state the following theorem, that says that all type safe circuits validated by the predicate SS, show symmetry when executed over a sequence of time.
Lemma 6.35. Type safe circuits exhibit Symτ ` ∀c. (SS c) ⊃ Symτ (toT ime c)
Proof outline: Follows from Lemma 6.34.
6.7. Simulating models in HOL – interpreting time 89
Examples
In this section we revisit the comparator and the multiplexer example, and show how the function toTime turns them to their versions over streams.
Comparator
We presented the example of a unit-delay in the last section. Now we show how to interpret it using the function toTime. The circuit definition presented in the earlier section is stripped, and the function toTime is applied consistently onto each sub-term on the right hand side of the definition. This is because a delay element in the form of RE was encountered in the definition. The first session shows the output of an ML interpreter, for the comparator. Notice, that the output of the circuit is delayed by one time point, asking the value of the output, by executing the circuit at the previous time point. Thus the effect of mapping a delay element RE is to delay the input sequence σsym by one time point (t-1).
val CompTimed =``λσnsymσsym t.(toTime (map (map (RE (hd (hd (ck))))))
◦(toTime (And◦comp)) σsym (t-1)``;
Now consider two streams of inputs, non-symmetric input nsym, given by a constant value of a symbolic valueck, and the symmetric input given bysymwhose value changes over time. Thus the values returned by the symmetric input sequence at time points 0, 1, and 2 are all different.
val nsym = ``λt. (ck:bool list list)``;
val sym =``λt. if (t=0) then ([[a0; a1];[b0; b1]])
else if (t=(SUC 0)) then [[T;T];[T;F]]
else ([[a0; a1];[c0; c1]])``;
We can write the conversioncomp conv again using the list simplifier, and the defin- itions of combinators, but this time adding the definition of toTime.
val comp_model_list =
[comparator_def, And_def, and_def, fold_def, xnor_def, toTime_def,
map, Mem, Null_def, Id_def, o_DEF, Foldr, ||_def, id_def, Fork_def, el, Select_def, toTime_def, Tail_def, Bitwise_def, append, hd, tl];
val comp_conv = SIMP_CONV list_ss (comp_model_list);
When executed over time points 0, 1 and 2, the trace of the circuit execution can be seen in the HOL session shown in Table A.1, A.2 and A.3, in the Appendix.