COMPUTING
SCIENCE

Algebra of Parametrised Graphs

Andrey Mokhov, Victor Khomenko, Arseniy Alekseyev, Alex Yakovlev

TECHNICAL REPORT SERIES

No. CS-TR-1307  December 2011
Algebra of Parametrised Graphs

A. Mokhov, V. Khomenko, A. Alekseyev, A. Yakovlev

Abstract

One of the difficulties in designing modern hardware systems is the necessity to comprehend and to deal with a very large number of system configurations, operational modes, and behavioural scenarios. It is often infeasible to consider and specify each individual mode explicitly, and one needs methodologies and tools to exploit similarities between the individual modes and work with groups of modes rather than individual ones. The modes and groups of modes have to be managed in a compositional way: the specification of the system should be composed from specifications of its blocks. This includes both structural and behavioural composition. Furthermore, one should be able to transform and optimise the specifications in a fully formal and natural way.

In this paper we propose a new formalism, called Parametrised Graphs. It extends the existing Conditional Partial Order Graphs (CPOGs) formalism in several ways. First, it deals with general graphs rather than just partial orders. Moreover, it is fully compositional. To achieve this we introduce an algebra of Parametrised Graphs by specifying the equivalence relation by a set of axioms, which is proved to be sound, minimal and complete. This allows one to manipulate the specifications as algebraic expressions using the rules of this algebra. We demonstrate the usefulness of the developed formalism on two case studies coming from the area of microelectronics design.
Abstract

One of the difficulties in designing modern hardware systems is the necessity to comprehend and to deal with a very large number of system configurations, operational modes, and behavioural scenarios. It is often infeasible to consider and specify each individual mode explicitly, and one needs methodologies and tools to exploit similarities between the individual modes and work with groups of modes rather than individual ones. The modes and groups of modes have to be managed in a compositional way: the specification of the system should be composed from specifications of its blocks. This includes both structural and behavioural composition. Furthermore, one should be able to transform and optimise the specifications in a fully formal and natural way.

In this paper we propose a new formalism, called Parametrised Graphs. It extends the existing Conditional Partial Order Graphs (CPOGs) formalism in several ways. First, it deals with general graphs rather than just partial orders. Moreover, it is fully compositional. To achieve this we introduce an algebra of Parametrised Graphs by specifying the equivalence relation by a set of axioms, which is proved to be sound, minimal and complete. This allows one to manipulate the specifications as algebraic expressions using the rules of this algebra. We demonstrate the usefulness of the developed formalism on two case studies coming from the area of microelectronics design.

About the authors

Andrey Mokhov studied computing science at Kyrgyz-Russian Slavic University from 2000 to 2005. After graduation with honours he joined the Asynchronous Research Group at Newcastle University as a PhD student and in 2009 he successfully defended his PhD dissertation. Currently he is a research associate in the School of Computing Science, Newcastle University. His research interests include different levels of electronic design automation: from formal models for system specification and verification to logic synthesis and application-specific optimisation.

Victor Khomenko obtained his MSc with distinction in Computer Science, Applied Mathematics and Teaching of Mathematics and Computer Science in 1998 from Kiev Taras Shevchenko University, and PhD in Computing Science in 2003 from Newcastle University. He was a Program Committee Chair for the International Conference on Application of Concurrency to System Design (ACSD'10). He also organised the Workshop on UnFOlding and partial order techniques (UFO'07) and Workshop on BALSA Re-Synthesis (RESYN'09). In January 2005 Victor became a Lecturer in the School of Computing Science, Newcastle University, and in September 2005 he obtained a Royal Academy of Engineering / EPSRC Post-doctoral Research Fellowship and worked on the Design and Verification of Asynchronous Circuits (DAVAC) project. After the end of this award, in September 2010, he switched back to Lectureship. Victor’s research interests include model checking of Petri nets, Petri net unfolding techniques, verification and synthesis of self-timed (asynchronous) circuits.

Arseniy Alekseyev studied computing science at Kyrgyz-Russian Slavic University from 2000 to 2005. After graduation, he joined the Asynchronous Research Group at Newcastle University as a PhD student on the Verification-Driven Asynchronous Design (VERDAD) project. His research interests include formal methods, automated theorem proving and electronic design automation.

Alex Yakovlev received D.Sc. from Newcastle University in 2006, and M.Sc. and Ph.D. from St. Petersburg Electrical Engineering Institute in 1979 and 1982. Since 1991 he has been at the Newcastle University, where he worked as a lecturer, reader and professor at the Computing Science department until 2002, and is now heading the Microelectronic Systems Design research group (http://async.org.uk) at the School of Electrical, Electronic and Computer Engineering. His current interests and publications are in the field of modeling and design of asynchronous, concurrent, real-time and dependable systems on a chip. He has published four monographs and more than 200 papers in academic journals and conferences, has managed over 25 research contracts.

Suggested keywords

ALGEBRA OF PARAMETRISED GRAPHS
CONDITIONAL PARTIAL ORDER GRAPHS
MICROELECTRONICS DESIGN
MULTIMODAL SYSTEMS
Algebra of Parametrised Graphs
Andrey Mokhov, Victor Khomenko, Arseniy Alekseyev, Alex Yakovlev

Abstract

One of the difficulties in designing modern hardware systems is the necessity to comprehend and to deal with a very large number of system configurations, operational modes, and behavioural scenarios. It is often infeasible to consider and specify each individual mode explicitly, and one needs methodologies and tools to exploit similarities between the individual modes and work with groups of modes rather than individual ones. The modes and groups of modes have to be managed in a compositional way: the specification of the system should be composed from specifications of its blocks. This includes both structural and behavioural composition. Furthermore, one should be able to transform and optimise the specifications in a fully formal and natural way.

In this paper we propose a new formalism, called Parametrised Graphs. It extends the existing Conditional Partial Order Graphs (CPOGs) formalism in several ways. First, it deals with general graphs rather than just partial orders. Moreover, it is fully compositional. To achieve this we introduce an algebra of Parametrised Graphs by specifying the equivalence relation by a set of axioms, which is proved to be sound, minimal and complete. This allows one to manipulate the specifications as algebraic expressions using the rules of this algebra. We demonstrate the usefulness of the developed formalism on two case studies coming from the area of microelectronics design.

1 Introduction

While the complexity of modern hardware exponentially increases due to Moore’s law, the time-to-market is reducing. The number of available transistors on chip exceeds the capabilities of designers to meaningfully use them: this design productivity gap is a major challenge in the microelectronics industry [2]. One of the difficulties of the design is the necessity to comprehend and to deal with a very large number of system configurations, operational modes, and behavioural scenarios. The contemporary systems often have abundant functionality and enjoy features like fault-tolerance, dynamic reconfigurability, power management, all of which greatly increase the number of possible modes of operation. Hence, it is often infeasible to consider and specify each individual mode explicitly, and one needs methodologies and tools to exploit similarities between the individual modes and work with groups of modes rather than individual ones. The modes and groups of modes have to be managed in a compositional way: the specification of the system should be composed from specifications of its blocks. This includes both structural and behavioural composition. Furthermore, one should be able to transform and optimise the specifications in a fully formal and natural way.

In this paper we continue the work started in [7][8], where a formal model, called Conditional Partial Order Graphs (CPOGs), was introduced. It allowed to represent individual system configurations and operational modes as annotated graphs, and to overlay them exploiting their similarities. However, the formalism lacked the compositionality and the ability to compare and transform the specifications in a formal way. In particular, CPOGs always represented the specification as a ‘flat’ structure (similar to the canonical form defined in Section 2), hence a hierarchical representation of a system as a composition of its components was not possible. We extend this formalism in several ways:

- We move from the graphs representing partial orders to general graphs. Nevertheless, if partial orders are the most natural way to represent a certain aspect of system, this still can be handled.
- The new formalism is fully compositional.
- We describe the equivalence relation between the specifications as a set of axioms, obtaining an algebra. This set of axioms is proved to be sound, minimal and complete.
- The developed formalism allows to manipulate the specifications as algebraic expressions using the rules of the algebra. In a sense this can be viewed as adding a syntactic level to the semantic representation of specifications, and is akin to the relationship between digital circuits and Boolean algebra.
We demonstrate the usefulness of the developed formalism on two case studies. The first one is concerned with development of a phase encoding controller, which represents information by the order of arrival of signals on n wires. As there are n! possible arrival orders, there is a challenge to specify the set of corresponding behavioural scenarios in a compact way. The proposed formalism not only allows to solve this problem, but also does it in a compositional way, by obtaining the final specification as a composition of fixed-size fragments describing the behaviours of pairs of wires (the latter was impossible with CPOGs).

The second case study is concerned with designing a microcontroller for a simple processor. The processor can execute several classes of instructions, and each class is characterised by a specific execution scenario of the operational units of the processor. In turn, the scenarios of conditional instructions have to be composed of sub-scenarios corresponding to the current value of the appropriate ALU flag. The overall specification of the microcontroller is then obtained algebraically, by composing scenarios of each class of instructions.

## 2 Parametrised Graphs

A **Parametrised Graph** (PG) is a model which has evolved from Conditional Partial Order Graphs (CPOG) [7][8]. We consider directed graphs $G = (V, E)$ whose vertices are picked from the fixed alphabet of actions $A = \{a, b, \ldots\}$. Hence the vertices of $G$ would usually model actions (or events) of the system being designed, while the arcs would usually model the precedence or causality relation: if there is an arc going from $a$ to $b$ then action $a$ precedes action $b$. We will denote the empty graph $(\emptyset, \emptyset)$ by $\varepsilon$ and the singleton graphs $(\{a\}, \emptyset)$ simply by $a$, for any $a \in A$.

Let $G_1 = (V_1, E_1)$ and $G_2 = (V_2, E_2)$ be two graphs, where $V_1$ and $V_2$ as well as $E_1$ and $E_2$ are not necessarily disjoint. We define the following operations on graphs (in the order of increasing precedence):

- **Overlay**: $G_1 + G_2 \overset{df}{=} (V_1 \cup V_2, E_1 \cup E_2)$.
- **Sequence**: $G_1 \rightarrow G_2 \overset{df}{=} (V_1 \cup V_2, E_1 \cup E_2 \cup V_1 \times V_2)$.
- **Condition**: $[1]G \overset{df}{=} G$ and $[0]G \overset{df}{=} \varepsilon$.

In other words, the **overlay** $+$ and **sequence** $\rightarrow$ are binary operations on graphs with the following semantics: $G_1 + G_2$ is a graph obtained by *overlaying* graphs $G_1$ and $G_2$, i.e. it contains the union of their vertices and arcs, while graph $G_1 \rightarrow G_2$ contains the union plus the arcs connecting every vertex from graph $G_1$ to every vertex from graph $G_2$ (self-loops can be formed in this way if $V_1$ and $V_2$ are not disjoint). From the behavioural point of view, if graphs $G_1$ and $G_2$ correspond to two systems then $G_1 + G_2$ corresponds to their *parallel composition* and $G_1 \rightarrow G_2$ corresponds to their *sequential composition*. One can observe that any non-empty graph can be obtained by successively applying the operations $+$ and $\rightarrow$ to the singleton graphs.

Figure 2.1 shows an example of two graphs together with their overlay and sequence. One can see that the overlay does not introduce any dependencies between the actions coming from different graphs, therefore they can be executed concurrently. On the other hand, the sequence operation imposes the order on the actions by introducing new dependencies between actions $a$, $b$ and $c$ coming from graph $G_1$ and action $d$ coming from graph $G_2$. Hence, the resulting system behaviour is interpreted as the behaviour specified by graph $G_1$ followed by the behaviour specified by graph $G_2$. Another example of system composition is shown in Figure 2.2. Since the graphs have common vertices, their compositions are more complicated, in particular, their sequence contains the self-dependencies $(b, b)$ and $(d, d)$ which lead to a *deadlock* in the resulting system: action $a$ can occur, but all the remaining actions are locked.

![Figure 21: Overlay and sequence example (no common vertices)](image-url)
Given a graph $G$, the unary condition operations can either preserve it (true condition $1|G$) or nullify it (false condition $0|G$). They should be considered as a family $\{|b|\}_{b \in B}$ of operations parametrised by a Boolean value $b$.

Having defined the basic operations on the graphs, one can build graph expressions using these operations, the empty graph $\varepsilon$, the singleton graphs $a \in A$, and the Boolean constants 0 and 1 (as the parameters of the conditional operations)—much like the usual arithmetical expressions. We now consider replacing the Boolean constants with Boolean variables or general predicates (this step is akin going from arithmetic to algebraic expressions). The value of such an expression depends on the values of its parameters, and so we call such an expression a parametrised graph (PG).

One can easily prove the following properties of the operations introduced above.

- **Properties of overlay:**
  - Identity: $G + \varepsilon = G$.
  - Commutativity: $G_1 + G_2 = G_2 + G_1$.
  - Associativity: $(G_1 + G_2) + G_3 = G_1 + (G_2 + G_3)$.

- **Properties of sequence:**
  - Left identity: $\varepsilon \rightarrow G = G$.
  - Right identity: $G \rightarrow \varepsilon = G$.
  - Associativity: $(G_1 \rightarrow G_2) \rightarrow G_3 = G_1 \rightarrow (G_2 \rightarrow G_3)$.

- **Other properties:**
  - Left distributivity: $G_1 \rightarrow (G_2 + G_3) = G_1 \rightarrow G_2 + G_1 \rightarrow G_3$.
  - Right distributivity: $(G_1 + G_2) \rightarrow G_3 = G_1 \rightarrow G_3 + G_2 \rightarrow G_3$.
  - Decomposition: $G_1 \rightarrow G_2 \rightarrow G_3 = G_1 \rightarrow G_2 + G_1 \rightarrow G_2 + G_2 \rightarrow G_3$.

- **Properties involving conditions:**
  - Conditional $\varepsilon$: $[b]\varepsilon = \varepsilon$.
  - Conditional overlay: $[b](G_1 + G_2) = [b]G_1 + [b]G_2$.
  - Conditional sequence: $[b](G_1 \rightarrow G_2) = [b]G_1 \rightarrow [b]G_2$.
  - AND-condition: $[b_1 \land b_2]G = [b_1][b_2]G$.
  - Condition regularisation: $[b_1]G_1 \rightarrow [b_2]G_2 = [b_1]G_1 + [b_2]G_2 + [b_1 \land b_2](G_1 \rightarrow G_2)$.

Now, due to the above properties of the operators, it is possible to define the following canonical form of a PG. In the proof below, we call a singleton graph, possibly prefixed with a condition, a literal.

**Proposition 1** (Canonical form of a PG). Any PG can be rewritten in the following canonical form:

$$
\left( \sum_{v \in V} [b_v]v \right) + \left( \sum_{u,v \in V} [b_{uv}](u \rightarrow v) \right),
$$

where:
• $V$ is a subset of singleton graphs that appear in the original PG;
• for all $v \in V$, $b_v$ are canonical forms of Boolean expressions and are distinct from 0;
• for all $u,v \in V$, $b_{uv}$ are canonical forms of Boolean expressions such that $b_{uv} \Rightarrow b_u \land b_v$.

**Proof.** (i) First we prove that any PG can be converted to the form (2.1).

All the occurrences of $\epsilon$ in the expression can be eliminated by the identity and conditional $\epsilon$ properties (unless the whole PG equals to $\epsilon$, in which case we take $V = \emptyset$). To avoid unconditional subexpressions, we prefix the resulting expression with ‘[1]’, and then by the conditional overlay/sequence properties we propagate all the conditions that appear in the expression down to the singleton graphs (compound conditions can be always reduced to a single one by the AND-condition property). By the decomposition and distributivity properties, the expression can be rewritten as an overlay of literals and subexpressions of the form $l_1 \rightarrow l_2$, where $l_1$ and $l_2$ are literals. The latter subexpressions can be rewritten using the condition regularisation rule:

\[ [b_1]u \rightarrow [b_2]v = [b_1]u + [b_2]v + [b_1 \land b_2](u \rightarrow v) \]

Now, literals corresponding to the same singleton graphs, as well as subexpressions of the form $[b](u \rightarrow v)$ that correspond to the same pair of singleton graphs $u$ and $v$, are combined using the OR-condition property. Then the literals prefixed with 0 conditions can be dropped. Now the set $V$ consists of all the singleton graphs occurring in the literals. To turn the overall expression into the required form it only remains to add missing subexpressions of the form $[0](u \rightarrow v)$ for every $u, v \in V$ such that the expression does not contain the subexpression of the form $[b](u \rightarrow v)$. Note that the property $b_{uv} \Rightarrow b_u \land b_v$ is always enforced by this construction:

• condition regularisation ensures this property;
• combining literals using the OR-condition property can only strengthen the right hand side of this implication, and so cannot violate it;
• adding $[0](u \rightarrow v)$ does not violate the property as it trivially holds when $b_{uv} = 0$.

(ii) We now show that (2.1) is a canonical form, i.e. if $L = R$ then their canonical forms $can(L)$ and $can(R)$ coincide.

For the sake of contradiction, assume this is not the case. Then we consider two cases (all possible cases are symmetric to one of these two):

1. $can(L)$ contains a literal $[b_v]v$ whereas $can(R)$ either contains a literal $[b'_v]v$ with $b'_v \neq b_v$ or does not contain any literal corresponding to $v$, in which case we say that it contains a literal $[b'_v]v$ with $b'_v = 0$. Then for some values of parameters one of the graphs will contain vertex $v$ while the other will not.

2. $can(L)$ and $can(R)$ have the same set $V$ of vertices, but $can(L)$ contains a subexpression $[b_{uv}](u \rightarrow v)$ whereas $can(R)$ contains a subexpression $[b'_{uv}](u \rightarrow v)$ with $b'_{uv} \neq b_{uv}$. Then for some values of parameters one of the graphs will contain the arc $(u,v)$ (note that due to $b_{uv} \Rightarrow b_u \land b_v$ and $b'_{uv} \Rightarrow b_u \land b_v$ vertices $u$ and $v$ are present), while the other will not.

In both cases there is a contradiction with $L = R$. \qed

This canonical form allows one to lift the notion of adjacency matrix of a graph to PGs. Recall that the adjacency matrix $(b_{uv})$ of a graph $(V, E)$ is a $|V| \times |V|$ Boolean matrix such that $b_{uv} = 1$ if $(u, v) \in E$ and $b_{uv} = 0$ otherwise. The adjacency matrix of a PG is obtained from the canonical form (2.1) by gathering the predicates $b_{uv}$ into a matrix. The adjacency matrix of a PG is similar to that of a graph, but it contains predicates rather than Boolean values. It does not uniquely determine a PG, as the predicates of the vertices cannot be derived from it; to fully specify a PG one also has to provide predicates $b_v$ from the canonical form (2.1).

Another advantage of this canonical form is that it provides a graphical notation for PGs. The vertices occurring in the canonical form (set $V$) can be represented by circles, and the subexpressions of the form $u \rightarrow v$ by arcs. The label of a vertex $v$ consists of the vertex name, colon and the predicate $b_v$, while every arc $(u,v)$ is labelled with the corresponding predicate $b_{uv}$. As adjacency matrices of PGs tend to have many constant elements, we use a simplified notation in which the arcs with constant 0 predicates are not drawn, and constant 1 predicates are dropped; moreover, it is convenient to assume that the predicates on arcs are implicitly ANDed with those on incident vertices (to enforce the invariant $b_{uv} \Rightarrow b_u \land b_v$), which often allows one to simplify predicates on arcs. This can be justified by introducing the ternary operator, called conditional sequence:

\[ u \overset{\text{def}}{\rightarrow} v = [b](u \rightarrow v) + u + v \]
Intuitively, PG $u \xrightarrow{b} v$ consists of two unconditional vertices connected by an arc with the condition $b$. By case analysis on $b_1$ and $b_2$ one can easily prove the following properties of the conditional sequence that allow simplifying the predicates on arcs:

\[
[b_1]u \xrightarrow{b_1 \land b_2} v = [b_1]u \xrightarrow{b_2} v
\]

\[
u \xrightarrow{b_1 \land b_2} [b_2]v = u \xrightarrow{b_1} [b_2]v
\]

Fig. 2.3(top) shows an example of a PG. The predicates depend on a Boolean variable $x$. The predicates of vertices $a$, $b$, and $d$ are constants 1; such vertices are called *unconditional*. Vertices $c$ and $e$ are *conditional*, and their predicates are $x$ and $\bar{x}$, respectively. Arcs also fall into two classes: *unconditional*, i.e. those whose predicate and the predicates of their incident vertices are constants 1, and *conditional* (in this example, all the arcs are conditional).

A *specialisation* $H|_p$ of a PG $H$ *under predicate* $p$ is a PG, whose predicates are simplified under the assumption that $p$ holds. If $H$ specifies the behaviour of the whole system, $H|_p$ specifies the part of the behaviour that can be realised under condition $p$. An example of a graph and its two specialisations is presented in Fig. 2.3. The leftmost specialisation $H|_x$ is obtained by removing from the graph those vertices and arcs whose predicates evaluate to 0 under condition $x$, and simplifying the other predicates. Hence, vertex $e$ and arcs $(a, d)$, $(a, e)$, $(b, d)$ and $(b, e)$ disappear, and all the other vertices and arcs become unconditional. The rightmost specialisation $H|_{\bar{x}}$ is obtained analogously. Each of the obtained specialisations can be regarded as a specification of a particular behavioural scenario of the modelled system, e.g. as specification of a processor instruction.

### 2.1 Specification and composition of instructions

Consider a processing unit that has two registers $A$ and $B$, and can perform two different instructions: *addition* and *exchange* of two variables stored in memory. The processor contains five datapath components (denoted by $a$...$e$) that can perform the following atomic actions:

a) Load register $A$ from memory;

b) Load register $B$ from memory;

c) Compute the sum of the numbers stored in registers $A$ and $B$, and store it in $A$;

d) Save register $A$ into memory;

e) Save register $B$ into memory.

Table 1 describes the addition and exchange instructions in terms of usage of these atomic actions.

The addition instruction consists of loading the two operands from memory (causally independent actions $a$ and $b$), their addition (action $c$), and saving the result (action $d$). Let us assume for simplicity that in this example
### Table 1: Two instructions specified as partial orders

<table>
<thead>
<tr>
<th>Instruction</th>
<th>Addition</th>
<th>Exchange</th>
</tr>
</thead>
<tbody>
<tr>
<td>Action</td>
<td></td>
<td></td>
</tr>
<tr>
<td>sequence</td>
<td>a) Load A</td>
<td>a) Load A</td>
</tr>
<tr>
<td></td>
<td>b) Load B</td>
<td>b) Load B</td>
</tr>
<tr>
<td></td>
<td>c) Add B to A</td>
<td>d) Save A</td>
</tr>
<tr>
<td></td>
<td>d) Save A</td>
<td>e) Save B</td>
</tr>
</tbody>
</table>

**ADD**

**XCHG**

The operation of exchange consists of loading the operands (causally independent actions a and b), and saving them into swapped memory locations (causally independent actions d and e), as captured by the XCHG scenario. Note that in order to start saving one of the registers it is necessary to wait until both of them have been loaded to avoid overwriting one of the values.

One can see that the two scenarios in Table 1 appear to be the two specialisations of the PG shown in Fig. 2.3, thus this PG can be considered as a joint specification of both instructions. Two important characteristics of such a specification are that the common events \{a, b, d\} are overlaid, and the choice between the two operations is modelled by the Boolean predicates associated with the vertices and arcs of the PG. As a result, in our model there is no need for a ‘nodal point’ of choice, which tend to appear in alternative specification models (a Petri Net would have an explicit choice place, a Finite State Machine – an explicit choice state, and a specification written in a Hardware Description Language would describe the two instructions by two separate branches of a conditional statement if or case [5]).

The PG operations introduced above allows for a natural specification of the system as a collection of its behavioural scenarios, which can share some common parts. For example, in this case the overall system is composed as

\[
H = [x]ADD + [x]XCHG = [x]\{(a + b) \rightarrow c + c \rightarrow d\} + [x]\{(a + b) \rightarrow (d + e)\}.
\]

Such specifications can often be simplified using the properties of graph operations. The next section describes the equivalence relation between the PGs with a set of axioms, thus obtaining an algebra.

## 3 Algebra of parametrised graphs

In this section we define the *algebra of parametrised graphs* (PG-algebra).

PG-algebra is a tuple \( \langle \mathcal{G}, +, \rightarrow, [0], [1] \rangle \), where \( \mathcal{G} \) is a set of graphs whose vertices are picked from the alphabet \( A \) and the operations parallel those defined for graphs above. The equivalence relation is given by the following axioms.

1. \( + \) is commutative and associative.
2. \( \rightarrow \) is associative.
3. \( \varepsilon \) is a left and right identity of \( \rightarrow \).
4. Left and right distributivity of \( \rightarrow \) over \( + \): \( p \rightarrow (q + r) = p \rightarrow q + p \rightarrow r \) and \( (p + q) \rightarrow r = p \rightarrow r + q \rightarrow r \).
5. Decomposition: \( p \rightarrow q \rightarrow r = p \rightarrow q + p \rightarrow r + q \rightarrow r \).
6. Condition: \([0]p = \varepsilon\) and \([1]p = p\).

The following theorems can be proven from PG-algebra axioms.

**Proposition 2.** The following equalities hold:

- \(\varepsilon\) is an identity of \(\oplus\): \(p + \varepsilon = p\).
- \(\oplus\) is idempotent: \(p + p = p\).
- Left and right absorption: \(p + p \rightarrow q = p \rightarrow q\) and \(q + p \rightarrow q = p \rightarrow q\).

**Proof.** First we prove the following auxiliary equality, called *reduced decomposition* or *r-decomposition*: \(p = p + p + \varepsilon\).

\[
\begin{align*}
p &= (\rightarrow\text{-identity}) \\
p \rightarrow \varepsilon \rightarrow \varepsilon &= (\text{decomposition}) \\
(p \rightarrow \varepsilon) + (p \rightarrow \varepsilon) + (\varepsilon \rightarrow \varepsilon) &= (\rightarrow\text{-identity}) \\
p + p + \varepsilon &= (\text{r-decomposition})
\end{align*}
\]

Now the equality \(p + \varepsilon = p\) can be proved as follows:

\[
\begin{align*}
p &= (\text{r-decomposition}) \\
p + p + \varepsilon &= (\text{r-decomposition}) \\
p + p + (\varepsilon + \varepsilon + \varepsilon) &= (+\text{-commutativity}) \\
(p + \varepsilon) + (p + \varepsilon) + \varepsilon &= (\text{r-decomposition}) \\
p + \varepsilon &= (\text{r-decomposition})
\end{align*}
\]

The idempotence of \(\oplus\) can be proved as follows:

\[
\begin{align*}
p &= (\text{r-decomposition}) \\
p + p + \varepsilon &= (+\text{-identity}) \\
p + p &= (+\text{-identity})
\end{align*}
\]

The left and right absorption are proved as follows:

\[
\begin{align*}
p + (p \rightarrow q) &= (\rightarrow\text{-identity}) \\
(p \rightarrow \varepsilon) + (p \rightarrow q) &= (\left\text{left distributivity}) \\
p \rightarrow (\varepsilon + q) &= (+\text{-identity}) \\
p \rightarrow q &= (\rightarrow\text{-identity}) \\
q + (p \rightarrow q) &= (\rightarrow\text{-identity}) \\
(\varepsilon \rightarrow q) + (p \rightarrow q) &= (\left\text{right distributivity}) \\
(\varepsilon + p) \rightarrow q &= (+\text{-identity}) \\
p \rightarrow q &= (\rightarrow\text{-identity})
\end{align*}
\]

**Remark.** Note that as \(\varepsilon\) is a left and right identity of \(\rightarrow\) and \(\oplus\), there can be no other identities for these operations. Interestingly, unlike many other algebras, the two main operations in the PG-algebra have the same identity.

The following equalities can be easily proved by case analysis on the values of the Boolean parameters.

**Proposition 3.** The following equalities hold for conditions:

- **Conditional \(\varepsilon\):** \([b]\varepsilon = \varepsilon\).
- **Conditional overlay:** \([b](p + q) = [b]p + [b]q\).
- **Conditional sequence:** \([b](p \rightarrow q) = [b]p \rightarrow [b]q\).
- **AND-condition:** \([b_1 \land b_2]p = [b_1][b_2]p\).
- **OR-condition:** \([b_1 \lor b_2]p = [b_1]p + [b_2]p\).
- **Choice propagation:**
- $[b](p \to q) + [\bar{b}](p \to r) = p \to ([b]q + [\bar{b}]r)$ \textit{and}
- $[b](p \to r) + [\bar{b}](q \to r) = ([b]p + [\bar{b}]q) \to r$.

- \textit{Condition regularisation}: $[b_1]p \to [b_2]q = [b_1]p + [b_2]q + [b_1 \land b_2](p \to q)$.

\textit{Proof}. First, suppose the value of $b$ (or $b_1$ where appropriate) is 0 (**). Then:

\textbf{Conditional $\varepsilon$}:

\[ [b]\varepsilon = (*) \]
\[ [0]\varepsilon = \text{false condition} \]
\[ \varepsilon \]

\textbf{Conditional overlay}:

\[ [b](p + q) = (*) \]
\[ [0](p + q) = \text{false condition} \]
\[ \varepsilon = (+\text{-identity}) \]
\[ \varepsilon + \varepsilon = \text{false condition} \]
\[ [0]p + [0]q = (*) \]
\[ [b]p + [b]q \]

\textbf{Conditional sequence}:

\[ [b](p \to q) = (*) \]
\[ [0](p \to q) = \text{false condition} \]
\[ \varepsilon = (\to\text{-identity}) \]
\[ \varepsilon \to \varepsilon = \text{false condition} \]
\[ [0]p \to [0]q = (*) \]
\[ [b]p \to [b]q \]

\textbf{AND-condition}:

\[ [b_1 \land b_2]p = (*) \]
\[ [0 \land b_2]p = \text{Boolean algebra} \]
\[ [0]p = \text{false condition} \]
\[ \varepsilon = \text{false condition} \]
\[ [0][b_2]p = (*) \]
\[ [b_1][b_2]p \]

\textbf{OR-condition}:

\[ [b_1 \lor b_2]p = (*) \]
\[ [0 \lor b_2]p = \text{Boolean algebra} \]
\[ [b_2]p = \text{false condition} \]
\[ \varepsilon + [b_2]p = (+\text{-identity}) \]
\[ [0]p + [b_2]p = (*) \]
\[ [b_1][b_2]p \]

\textbf{Choice propagation}:

\[ [b](p \to q) + [\bar{b}](p \to r) = (*) \]
\[ [0](p \to q) + [1](p \to r) = \text{true and false condition} \]
\[ p \to r = (+\text{-identity}) \]
\[ p \to (\varepsilon + r) = \text{true and false condition} \]
\[ p \to ([0]q + [1]r) = (*) \]
\[ p \to ([b]q + [\bar{b}]r) \]

\textbf{Condition regularisation}:

\[ [b_1]p \to [b_2]q = (*) \]
\[ [0]p \to [b_2]q = \text{false condition} \]
\[ \varepsilon \to [b_2]q = (+, \to\text{-identity}) \]
\[ \varepsilon + [b_2]q + \varepsilon = \text{false condition} \]
\[ [0]p + [b_2]q + [0 \land b_2](p \to q) = (*) \]
\[ [b_1]p + [b_2]q + [b_1 \land b_2](p \to q) \]

Now, suppose the value of $b$ (or $b_1$ where appropriate) is 1 (**). Then:
Conditional $\varepsilon$:

\[
\begin{align*}
[b]\varepsilon &= (**), \\
[1]\varepsilon &= \text{(true condition)} \\
\varepsilon &= \text{(true condition)}
\end{align*}
\]

Conditional overlay:

\[
\begin{align*}
[b](p + q) &= (**), \\
[1](p + q) &= \text{(true condition)} \\
p + q &= \text{(true condition)} \\
[b]p + [b]q
\end{align*}
\]

Conditional sequence:

\[
\begin{align*}
[b](p \rightarrow q) &= (**), \\
[1](p \rightarrow q) &= \text{(true condition)} \\
p \rightarrow [b] &= \text{(true condition)} \\
[1]p \rightarrow [1]q &= (**), \\
[b]p \rightarrow [b]q
\end{align*}
\]

AND-condition:

\[
\begin{align*}
[b_1 \land b_2]p &= (**), \\
[1 \land b_2]p &= \text{(Boolean algebra)} \\
[b_2]p &= \text{(true condition)} \\
[1][b_2]p &= (**), \\
[b_1][b_2]p
\end{align*}
\]

Choice propagation:

\[
\begin{align*}
[b](p \rightarrow q) + [b](p \rightarrow r) &= (**), \\
[1](p \rightarrow q) + [0](p \rightarrow r) &= \text{(true and false condition)} \\
p \rightarrow q &= (+\text{-identity}) \\
p \rightarrow (q + \varepsilon) &= \text{(true and false condition)} \\
p \rightarrow ([1]q + [0]r) &= (**), \\
p \rightarrow ([b]q + [b]r)
\end{align*}
\]

Condition regularisation:

\[
\begin{align*}
[b_1]p \rightarrow [b_2]q &= (**), \\
[1]p \rightarrow [b_2]q &= \text{(true condition)} \\
p \rightarrow [b_2]q &= \text{(absorption)} \\
p + [b_2]q + p \rightarrow [b_2]q &= \text{(true condition)} \\
[1]p + [b_2]q + [1 \land b_2](p \rightarrow q) &= (**), \\
[b_1]p + [b_2]q + [b_1 \land b_2](p \rightarrow q)
\end{align*}
\]

OR-condition:

\[
\begin{align*}
[b_1 \lor b_2]p &= (**), \\
[1 \lor b_2]p &= \text{(Boolean algebra)} \\
[1]p
\end{align*}
\]

The value of $b_2$ under the current assignment of variables is either 0 or 1, so we consider the two possible cases:

if the value of $b_2$ is 0 (#) then

\[
\begin{align*}
[1]p &= (+\text{-identity}) \\
[1]p + \varepsilon &= \text{(false condition)} \\
[1]p + [0]p &= (**), \\
[b_1]p + [0]p &= (#) \\
[b_1]p + [b_2]p
\end{align*}
\]

if the value of $b_2$ is 1 (##) then

\[
\begin{align*}
[1]p &= (+\text{idempotence}) \\
[b_1]p + [1]p &= (##) \\
[b_1]p + [b_2]p
\end{align*}
\]

In all the possible cases the equalities hold.
It is easy to see that PGs are a model of PG-algebra, as all the axioms of PG-algebra are satisfied by PGs; in particular, this means that PG-algebra is sound. Moreover, any PG-algebra expression has the canonical form (2.1), as the proof of Prop. 1 can be directly imported:

- It is always possible to translate a PG-algebra expression to this canonical form, as part (i) of the proof relies only on the properties of PGs that correspond to either PG-algebra axioms or equalities above.
- If \( L = R \) holds in PG-algebra then \( L = R \) holds also for PGs (as PGs are a model of PG-algebra), and so the PGs \( \text{can}(L) \) and \( \text{can}(R) \) coincide, see part (ii) of the proof. Since PGs \( \text{can}(L) \) and \( \text{can}(R) \) are in fact the same objects as the expressions \( \text{can}(L) \) and \( \text{can}(R) \) of the PG-algebra, (2.1) is a canonical form of a PG-algebra expression.

This also means that PG-algebra is complete w.r.t. PGs, i.e. any PG equality can be either proved or disproved using the axioms of PG-algebra (by converting to the canonical form).

The provided set of axioms of PG-algebra is minimal, i.e. no axiom from this set can be derived from the others. The minimality was checked by enumerating the finite models of PG-algebra with the help of the Alg tool [3]. It turns out that removing any of the axioms leads to a different number of non-isomorphic models of a particular size, implying that all the axioms are necessary.

Hence, the following result holds:

**Theorem 4 (Soundness, Minimality and Completeness).** The set of axioms of PG-algebra is sound, minimal and complete w.r.t. PGs.

## 4 Transitive parametrised graphs and their algebra

In many cases the arcs of the graphs are interpreted as the causality relation, and so the graph itself is a partial order. However, in practice it is convenient to drop some or all of the transitive arcs, i.e. two graphs should be considered equal whenever their transitive closures are equal. E.g. in this case the graphs specified by the expressions \( a \rightarrow b + b \rightarrow c \) and \( a \rightarrow b + a \rightarrow c + b \rightarrow c \) are considered as equal. PGs with this equality relation are called Transitive Parametrised Graphs (TPG). To capture this algebraically, we augment the PG-algebra with the following axiom:

**Closure:** if \( q \neq \varepsilon \) then \( p \rightarrow q + q \rightarrow r = p \rightarrow q + p \rightarrow r + q \rightarrow r \).

One can see that by repeated application of this axiom one can obtain the transitive closure of any graph, including those with cycles. The resulting algebra is called Transitive Parametrised Graphs Algebra (TPG-algebra).

**Remark.** Note that the condition \( q \neq \varepsilon \) in the Closure axiom is necessary, as otherwise

\[
(a + b) = a + c + c + d + |x|(a + b) + (d + e).
\]

and the operations + and \( \rightarrow \) become identical, which is clearly undesirable.

The Closure axiom helps to simplify specifications by reducing the number of arcs and/or simplifying their conditions. For example, consider the PG in Fig. 2.3. As the scenarios of this PG are interpreted as the orders of the PGs specified by the expressions \( a \rightarrow b + b \rightarrow c \) and \( a \rightarrow b + a \rightarrow c + b \rightarrow c \) are considered as equal. PGs with this equality relation are called Transitive Parametrised Graphs (TPG).

To capture this algebraically, we augment the PG-algebra with the following axiom:

**Closure:** if \( q \neq \varepsilon \) then \( p \rightarrow q + q \rightarrow r = p \rightarrow q + p \rightarrow r + q \rightarrow r \).

One can see that by repeated application of this axiom one can obtain the transitive closure of any graph, including those with cycles. The resulting algebra is called Transitive Parametrised Graphs Algebra (TPG-algebra).

**Remark.** Note that the condition \( q \neq \varepsilon \) in the Closure axiom is necessary, as otherwise

\[
(a + b) = a + c + c + d + |x|(a + b) + (d + e).
\]

and the operations + and \( \rightarrow \) become identical, which is clearly undesirable.

The Closure axiom helps to simplify specifications by reducing the number of arcs and/or simplifying their conditions. For example, consider the PG in Fig. 2.3. As the scenarios of this PG are interpreted as the orders of the PGs specified by the expressions \( a \rightarrow b + b \rightarrow c \) and \( a \rightarrow b + a \rightarrow c + b \rightarrow c \) are considered as equal. PGs with this equality relation are called Transitive Parametrised Graphs (TPG).

To capture this algebraically, we augment the PG-algebra with the following axiom:

**Closure:** if \( q \neq \varepsilon \) then \( p \rightarrow q + q \rightarrow r = p \rightarrow q + p \rightarrow r + q \rightarrow r \).

One can see that by repeated application of this axiom one can obtain the transitive closure of any graph, including those with cycles. The resulting algebra is called Transitive Parametrised Graphs Algebra (TPG-algebra).

**Remark.** Note that the condition \( q \neq \varepsilon \) in the Closure axiom is necessary, as otherwise

\[
(a + b) = a + c + c + d + |x|(a + b) + (d + e).
\]

and the operations + and \( \rightarrow \) become identical, which is clearly undesirable.

The Closure axiom helps to simplify specifications by reducing the number of arcs and/or simplifying their conditions. For example, consider the PG in Fig. 2.3. As the scenarios of this PG are interpreted as the orders of the PGs specified by the expressions \( a \rightarrow b + b \rightarrow c \) and \( a \rightarrow b + a \rightarrow c + b \rightarrow c \) are considered as equal. PGs with this equality relation are called Transitive Parametrised Graphs (TPG).

To capture this algebraically, we augment the PG-algebra with the following axiom:

**Closure:** if \( q \neq \varepsilon \) then \( p \rightarrow q + q \rightarrow r = p \rightarrow q + p \rightarrow r + q \rightarrow r \).

One can see that by repeated application of this axiom one can obtain the transitive closure of any graph, including those with cycles. The resulting algebra is called Transitive Parametrised Graphs Algebra (TPG-algebra).

**Remark.** Note that the condition \( q \neq \varepsilon \) in the Closure axiom is necessary, as otherwise

\[
(a + b) = a + c + c + d + |x|(a + b) + (d + e).
\]

and the operations + and \( \rightarrow \) become identical, which is clearly undesirable.

The Closure axiom helps to simplify specifications by reducing the number of arcs and/or simplifying their conditions. For example, consider the PG in Fig. 2.3. As the scenarios of this PG are interpreted as the orders of the PGs specified by the expressions \( a \rightarrow b + b \rightarrow c \) and \( a \rightarrow b + a \rightarrow c + b \rightarrow c \) are considered as equal. PGs with this equality relation are called Transitive Parametrised Graphs (TPG).

To capture this algebraically, we augment the PG-algebra with the following axiom:

**Closure:** if \( q \neq \varepsilon \) then \( p \rightarrow q + q \rightarrow r = p \rightarrow q + p \rightarrow r + q \rightarrow r \).

One can see that by repeated application of this axiom one can obtain the transitive closure of any graph, including those with cycles. The resulting algebra is called Transitive Parametrised Graphs Algebra (TPG-algebra).

**Remark.** Note that the condition \( q \neq \varepsilon \) in the Closure axiom is necessary, as otherwise

\[
(a + b) = a + c + c + d + |x|(a + b) + (d + e).
\]

and the operations + and \( \rightarrow \) become identical, which is clearly undesirable.

The Closure axiom helps to simplify specifications by reducing the number of arcs and/or simplifying their conditions. For example, consider the PG in Fig. 2.3. As the scenarios of this PG are interpreted as the orders of the PGs specified by the expressions \( a \rightarrow b + b \rightarrow c \) and \( a \rightarrow b + a \rightarrow c + b \rightarrow c \) are considered as equal. PGs with this equality relation are called Transitive Parametrised Graphs (TPG).

To capture this algebraically, we augment the PG-algebra with the following axiom:

**Closure:** if \( q \neq \varepsilon \) then \( p \rightarrow q + q \rightarrow r = p \rightarrow q + p \rightarrow r + q \rightarrow r \).

One can see that by repeated application of this axiom one can obtain the transitive closure of any graph, including those with cycles. The resulting algebra is called Transitive Parametrised Graphs Algebra (TPG-algebra).

**Remark.** Note that the condition \( q \neq \varepsilon \) in the Closure axiom is necessary, as otherwise

\[
(a + b) = a + c + c + d + |x|(a + b) + (d + e).
\]

and the operations + and \( \rightarrow \) become identical, which is clearly undesirable.

The Closure axiom helps to simplify specifications by reducing the number of arcs and/or simplifying their conditions. For example, consider the PG in Fig. 2.3. As the scenarios of this PG are interpreted as the orders of the PGs specified by the expressions \( a \rightarrow b + b \rightarrow c \) and \( a \rightarrow b + a \rightarrow c + b \rightarrow c \) are considered as equal. PGs with this equality relation are called Transitive Parametrised Graphs (TPG).

To capture this algebraically, we augment the PG-algebra with the following axiom:

**Closure:** if \( q \neq \varepsilon \) then \( p \rightarrow q + q \rightarrow r = p \rightarrow q + p \rightarrow r + q \rightarrow r \).

One can see that by repeated application of this axiom one can obtain the transitive closure of any graph, including those with cycles. The resulting algebra is called Transitive Parametrised Graphs Algebra (TPG-algebra).

**Remark.** Note that the condition \( q \neq \varepsilon \) in the Closure axiom is necessary, as otherwise

\[
(a + b) = a + c + c + d + |x|(a + b) + (d + e).
\]

and the operations + and \( \rightarrow \) become identical, which is clearly undesirable.
The corresponding TPG is shown in Fig. 4.1. Note that it has fewer conditional elements than the PG in Fig. 2.3; though the specialisations are now different, they have the same transitive closures.

We now lift the canonical form (2.1) to TPGs and TPG-algebra. Note that the only difference is the last requirement.

**Proposition 5 (Canonical form of a TPG).** Any TPG can be rewritten in the following canonical form:

$$
\left( \sum_{v \in V} [b_v] v \right) + \left( \sum_{u,v \in V} [b_{uv}] (u \rightarrow v) \right),
$$

(4.1)

where:

1. $V$ is a subset of singleton graphs that appear in the original TPG;
2. for all $v \in V$, $b_v$ are canonical forms of Boolean expressions and are distinct from 0;
3. for all $u,v \in V$, $b_{uv}$ are canonical forms of Boolean expressions such that $b_{uv} \Rightarrow b_u \land b_v$;
4. for all $u,v,w \in V$, $b_{uw} \land b_{vw} \Rightarrow b_{uw}$.

**Proof.** (i) First we prove that any TPG can be converted to the form (4.1).

We can convert the expression into the canonical form (2.1), which satisfies the requirements 1–3. Then we iteratively apply the following transformation, while possible: If for some $u,v,w \in V$, $b_{uw} \land b_{vw} \Rightarrow b_{uw}$ does not hold (i.e. requirement 4 is violated), we replace the subexpression $[b_{uw}] (u \rightarrow w)$ with $[b_{uw}^{\text{new}}] (u \rightarrow w)$ where $b_{uw}^{\text{new}} \overset{\text{def}}{=} b_{uw} \lor (b_{uv} \land b_{vw})$. Observe that after this the requirement 4 will hold for $u,v$ and $w$, and the requirement 3 remains satisfied, i.e. $b_{uw}^{\text{new}} \Rightarrow b_u \land b_w$ due to $b_{uv} \Rightarrow b_u \land b_v$, $b_{vw} \Rightarrow b_v \land b_w$, and $b_{uw} \Rightarrow b_u \land b_w$. Moreover, the resulting expression will be equivalent to the one before this transformation due to the following equality:

If $v \neq \varepsilon$ then $[b_{uw}] (u \rightarrow v) + [b_{vw}] (v \rightarrow w) = [b_{uv}] (u \rightarrow v) + [b_{vw}] (v \rightarrow w) + [b_{uv} \land b_{vw}] (u \rightarrow w)$. 

11
In both cases there is a contradiction with

This section demonstrates the application of PG-algebra to designing the multiple rail phase encoding

In this section we consider several practical case studies from hardware synthesis. The advantage of (T)PG-algebra one can formally manipulate specifications, in particular, algebraically simplify them.

5.1 Phase encoders

This section demonstrates the application of PG-algebra to designing the multiple rail phase encoding controllers [4]. They use several wires for communication, and data is encoded by the order of occurrence of transitions in the communication lines. Fig. 5.1(a) shows an example of a data packet transmission over a 4-wire phase encoding
communication channel. The order of rising signals on wires indicates that permutation abdc is being transmitted. In total it is possible to transmit any of the n! different permutations over an n-wire channel in one communication cycle. This makes the multiple rail phase encoding protocol very attractive for its information efficiency [7].

We prefix each of the scenarios with its precondition and overlay the results:

Fig. 5.1(b) shows the top-level view of the controller’s structure. Its inputs are \(\binom{n}{2}\) dual-rail ports that specify the order of signals to be produced at the controller’s n output wires. The inputs of the controller can be viewed as an \(n \times n\) Boolean matrix \((x_{ij})\) with diagonal elements being 0. The outputs of the controller will be modelled by n actions \(v_i \in A\). Whenever \(x_{ij} = 1\), event \(v_i\) must happen before event \(v_j\). It is guaranteed that \(x_{ij}\) and \(x_{ji}\) cannot be 1 at the same time, however, they can be simultaneously 0, meaning that the relative order of the events is not known yet and the controller has to wait until \(x_{ij} = 1\) or \(x_{ji} = 1\) is satisfied (other outputs for which the order is already known can be generated meanwhile).

The overall specification of the controller is obtained as an overlay \(\sum_{1 \leq i < j \leq n} H_{ij}\) of fixed-size expressions \(H_{ij}\), modelling the behaviour of each pair of outputs. In turn, each \(H_{ij}\) is an overlay of three possible scenarios:

1. If \(x_{ij} = 1\) (and so \(x_{ji} = 0\)) then there is a causal dependency between \(v_i\) and \(v_j\), described using the PG-algebra sequence operator: \(v_i \rightarrow v_j\).
2. If \(x_{ji} = 1\) (and so \(x_{ij} = 0\)) then there is a causal dependency between \(v_j\) and \(v_i\): \(v_j \rightarrow v_i\).
3. If \(x_{ij} = x_{ji} = 0\) then neither \(v_i\) nor \(v_j\) can be produced yet; this is expressed by a circular wait condition between \(v_i\) and \(v_j\): \(v_i \rightarrow v_j + v_j \rightarrow v_i\).

We prefix each of the scenarios with its precondition and overlay the results:

\[
H_{ij} = [x_{ij} \land \neg x_{ji}](v_i \rightarrow v_j) + [x_{ji} \land \neg x_{ij}](v_j \rightarrow v_i) + [\neg x_{ij} \land \neg x_{ji}](v_i \rightarrow v_j + v_j \rightarrow v_i).
\]

Using the rules of PG-algebra, we can simplify this expression to

\[
[x_{ij}](v_i \rightarrow v_j) + [\neg x_{ij}](v_i \rightarrow v_j),
\]

or, using the conditional sequence operator, to

\[
[x_{ij} \lor \neg x_{ji}](v_i \xrightarrow{\neg x_{ij}} v_j + v_j \xrightarrow{x_{ji}} v_i).
\]

Now, bearing in mind that condition \([x_{ij} \lor \neg x_{ji}]\) is assumed to hold in the proper controller environment (\(x_{ij}\) and \(x_{ji}\) cannot be 1 simultaneously), we can replace it with [1] and drop it. The resulting expression can be graphically represented as shown in Fig. 5.2(a). An example of an overall controller specification \(\sum_{1 \leq i < j \leq n} H_{ij}\) for the case when \(n = 3\) is shown in Fig. 5.2(b). The synthesis of this specification to a digital circuit can be performed in a way similar to [7].

\(^1\)There are other ways to describe this scenario, e.g. by creating self-loops \(v_i \rightarrow v_i + v_i \rightarrow v_j\).
5.2 Processor microcontroller and instruction set design

This section demonstrates application of TPG-algebra to designing processor microcontrollers. Specification of such a complex system as a processor has to start at the architectural level, which helps to manage the system complexity by structural abstraction [5].

Figure 5.3 shows the architecture of an example processor. Separate Program memory and Data memory blocks are accessed via the Instruction fetch (IFU) and Memory access (MAU) units, respectively. The other two operational units are: Arithmetic logic unit (ALU) and Program counter increment unit (PCIU). The units are controlled using request-acknowledgement interfaces (depicted as bidirectional arrows) by the Central microcontroller, which is our primary design objective.

The processor has four registers: two general purpose registers A and B, Program counter (PC) storing the address of the current instruction in the program memory, and the Instruction register (IR) storing the opcode (operation code) of the current instruction. For the purpose of this paper, the actual width of the registers (the number of bits they can store) is not important. ALU has access to all the registers via the register bus; MAU has access to general purpose registers only; IFU, given the address of the next instruction in PC, reads its opcode into IR; and PCIU is responsible for incrementing PC (moving to the next instruction). The microcontroller has access to the IR and ALU flags (information about the current state of ALU which is used in branching instructions).

Now we define the set of instructions of the processor. Rather than listing all the instructions, we describe classes of instructions with the same addressing mode [1] and the same execution scenario. As the scenarios here are partial orders of actions, we use TPG-algebra, and the corresponding TPGs are shown in Fig. 5.4.

**ALU operation Rn to Rm** An instruction from this class takes two operands stored in the general purpose registers (A and B), performs an operation, and writes the result back into one of the registers (so called register direct addressing mode). Examples: ADD A, B – addition A := A + B; MOV B, A – assignment B := A. ALU works concurrently with PCIU and IFU, which is captured by the expression ALU + PCIU → IFU; the corresponding PG is shown in Fig. 5.4(a). As soon as both concurrent branches are completed, the processor is ready to execute the next instruction. Note that it is not important for the microcontroller which particular ALU operation is being executed (ADD, MOV, or any other instruction from this class) because the scenario is the same from its point of
ALU operation #123 to Rn  In this class of instructions one of the operands is a register and the other is a constant which is given immediately after the instruction opcode (e.g. \texttt{SUB A, #5} – subtraction \(A := A - 5\)), so called \textit{immediate addressing mode}. At first, the constant has to be fetched into IR, modelled as \(\text{PCIU} \rightarrow \text{IFU}\). Then ALU is executed concurrently with another increment of PC: \(\text{ALU} + \text{PCIU}'\) (we use ’ to distinguish the different occurrences of actions of the same unit). Finally, it is possible to fetch the next instruction into IR: \(\text{IFU}'\). The overall scenario is then \(\text{PCIU} \rightarrow \text{IFU} \rightarrow (\text{ALU} + \text{PCIU}') \rightarrow \text{IFU}'\).

ALU operation Rn to PC  This class contains operations for unconditional branching, in which PC register is modified. Branching can be absolute or relative: \texttt{MOV PC, A} – absolute branch to address stored in register A, \(PC := A\); \texttt{ADD PC, B} – relative branch to the address B instructions ahead of the current address, \(PC := PC + B\). The scenario is very simple in this case: \(\text{ALU} \rightarrow \text{IFU}\).

ALU operation #123 to PC  Instructions in this class are similar to those above, with the exception that the branch address or offset is specified explicitly as a constant. The execution scenario is composed of: \(\text{PCIU} \rightarrow \text{IFU}\) (to fetch the constant), followed by an ALU operation, and finally by another IFU operation, \(\text{IFU}'\). Hence, the overall scenario is \(\text{PCIU} \rightarrow \text{IFU} \rightarrow \text{ALU} \rightarrow \text{IFU}'\).

Memory access  There are two instructions in this class: \texttt{LOAD A} and \texttt{SAVE A}. They load/save register A from/to memory location with address stored in register B. Due to the presence of separate program and data memory access blocks, this memory access can be performed concurrently with the next instruction fetch: \(\text{PCIU} \rightarrow \text{IFU} + \text{MAU}\).

Conditional instructions  These three classes of instructions are similar to their unconditional versions above with the difference that they are performed only if the condition \(A < B\) holds. The first ALU action compares registers A and B, setting the ALU flag \(\text{lt}\) (less than) according to the result of the comparison. These flags are then checked by the microcontroller in order to decide on the further scheduling of actions.

Rn to Rn  This instruction conditionally performs an ALU operation with the registers (if the condition does not hold, the instruction has no effect, except changing the ALU flags). The operation starts with an ALU operation comparing A with B, depending on the result of this comparison, i.e. the status of the flag \(\text{lt}\), the second ALU operation may be performed. This is captured by the expression \(\text{ALU} \rightarrow [\text{lt}]\text{ALU}'\). Concurrently with this, the next instruction is fetched: \(\text{PCIU} \rightarrow \text{IFU}\). Hence, the overall scenario is \(\text{PCIU} \rightarrow \text{IFU} + \text{ALU} \rightarrow [\text{lt}]\text{ALU}'\).

#123 to Rn  This instruction conditionally performs an ALU operation with a register and a constant which is given immediately after the instruction opcode (if the condition does not hold, the instruction has no effect, except changing the ALU flags). We consider the two possible scenarios:
1. $A < B$ holds: First, ALU compares $A$ and $B$ concurrently with a PC increment; since $A < B$ holds, the ALU sets flag $lt$ and the constant is fetched to the instruction register: $(ALU + PCIU) \rightarrow IFU$. After that PC has to be incremented again, $PCIU'$, and ALU performs the operation, $ALU'$. Finally, the next instruction is fetched (it cannot be fetched concurrently with $ALU'$ as ALU is using the constant in IR): $(ALU' + PCIU') \rightarrow IFU'$.

2. $A < B$ does not hold: First, ALU compares $A$ and $B$ concurrently with a PC increment; since $A < B$ does not hold, the ALU resets flag $lt$ and the constant that follows the instruction opcode is skipped by incrementing the PC: $(ALU + PCIU) \rightarrow PCIU'$. Finally, the next instruction is fetched: $IFU'$.

Hence, the overall scenario is the overlay of (1) and (2) prefixed with appropriate conditions (here we denote the predicate $A < B$ by $lt$):

$$[lt]((ALU + PCIU) \rightarrow IFU \rightarrow (ALU' + PCIU') \rightarrow IFU') +$$

$$+(\neg lt)((ALU + PCIU) \rightarrow PCIU' \rightarrow IFU').$$

This expression can be simplified using the rules of TPG-algebra:

$$(ALU + PCIU) \rightarrow ([lt]IFU \rightarrow (PCIU' + [lt]ALU') \rightarrow IFU').$$

This case illustrates the advantage of using the new hierarchical approach that allows to specify the system as a composition of scenarios and formally manipulate them in an algebraic fashion. In the previous paper [6] the CPOG for this class of instruction was designed monolithically, and because of this the arc between $ALU'$ and $IFU'$ was missed. Adding this arc not only fixes the dangerous race between these two blocks, but also leads to a smaller microcontroller due to the additional similarity between TPGs for this class of instructions and for the one described below.

**#123 to PC** This instruction performs a conditional branching in which the branch address or offset is specified explicitly as a constant. We consider the two possible scenarios:

1. $A < B$ holds: First, ALU compares $A$ and $B$ concurrently with a PC increment; since $A < B$ holds, the ALU sets flag $lt$ and the constant is fetched to the instruction register: $(ALU + PCIU) \rightarrow IFU$. After that ALU performs the branching operation by modifying PC, $ALU'$. After PC is changed, the next instruction is fetched, $IFU'$.

2. $A < B$ does not hold: the scenario is exactly the same as in the **#123 to Rn** case when $A < B$ does not hold.

Hence, the overall scenario is the overlay of (1) and (2) prefixed with appropriate conditions (here we denote the predicate $A < B$ by $lt$):

$$[lt]((ALU + PCIU) \rightarrow IFU \rightarrow (ALU' + PCIU') \rightarrow IFU') +$$

$$+(\neg lt)((ALU + PCIU) \rightarrow PCIU' \rightarrow IFU').$$

This expression can be simplified using the rules of TPG-algebra:

$$(ALU + PCIU) \rightarrow ([lt]IFU \rightarrow (PCIU' + [lt]ALU') \rightarrow IFU').$$

The overall specification of the microcontroller can now be obtained by prefixing the scenarios with appropriate conditions and overlaying them. These conditions can be naturally derived from the instruction opcodes. The opcodes can be either imposed externally or chosen with the view to optimise the microcontroller. In the latter case, TPG-algebra and TPGs allow for a formal statement of this optimisation problem and aid in its solving; in particular the size of the TPG-algebra expression or TPG is a useful measure of microcontroller complexity. In this paper we do not go into details how to select the optimal encoding, but see [6]. We just note that it is natural to use three bits for opcodes as there are eight classes of instructions, and give an example of optimal 3-bit encoding in the table in Fig. 5.5; the TPG specification of the corresponding microcontroller is shown in the right part of this figure (the TPG-algebra expression is not shown because of its size).
<table>
<thead>
<tr>
<th>Instructions class</th>
<th>Opcode: xyz</th>
</tr>
</thead>
<tbody>
<tr>
<td>ALU Rn to Rn</td>
<td>000</td>
</tr>
<tr>
<td>ALU #123 to Rn</td>
<td>110</td>
</tr>
<tr>
<td>ALU Rn to PC</td>
<td>101</td>
</tr>
<tr>
<td>ALU #123 to PC</td>
<td>010</td>
</tr>
<tr>
<td>Memory access</td>
<td>100</td>
</tr>
<tr>
<td>C/ALU Rn to Rn</td>
<td>001</td>
</tr>
<tr>
<td>C/ALU #123 to Rn</td>
<td>111</td>
</tr>
<tr>
<td>C/ALU #123 to PC</td>
<td>011</td>
</tr>
</tbody>
</table>

Figure 5.5: Optimal 3-bit instruction opcodes and the corresponding TPG specification of the microcontroller.

6 Conclusions

We introduced a new formalism called Parametrised Graphs and the corresponding algebra. The formalism allows to manage a large number of system configurations and execution modes, exploit similarities between them to simplify the specification, and to work with groups of configurations and modes rather than with individual ones. The modes and groups of modes can be managed in a compositional way, and the specifications can be manipulated (transformed and/or optimised) algebraically in a fully formal and natural way.

We develop two variants of the algebra of parametrised graphs, corresponding to the two natural graph equivalences: graph isomorphism and isomorphism of transitive closures. Both cases are specified axiomatically, and the soundness, minimality and completeness of the resulting sets of axioms are formally proved. Moreover, the canonical forms of algebraic terms are developed in each case.

The usefulness of the developed formalism has been demonstrated on two case studies, a phase encoding controller and a processor microcontroller. Both have a large number of execution scenarios, and the developed formalism allows to capture them algebraically, by composing individual scenarios and groups of scenarios. The possibility of algebraical manipulation was essential to obtain the optimised final specification in each case.

The developed formalism is also convenient for implementation in a tool, as manipulating algebraic terms is much easier than general graph manipulation; in particular, the theory of term rewriting can be naturally applied to derive the canonical forms.

In future work we plan to automate the algebraic manipulation of PGs, and implement automatic synthesis of PGs into digital circuits. For the latter, much of the code developed for the precursor formalism of Conditional Partial Order Graphs (CPOGs) can be re-used.

Acknowledgements The authors would like to thank Ashur Rafiev for useful discussions. This research was supported by the EPSRC grant EP/G037809/1 (VERDAD).

References