Verification of Parameterised FPGA Circuit Descriptions with Layout ...

CHAPTER 4. VERIFYING CIRCUIT LAYOUTS 89
block conjugate (block Q ‘a ∼ ‘a, block P ‘a ∼ ‘a) (‘a i) ∼ (‘a o) attributes {
height = height (i ;converse P ; Q ; P ; o).
width = width (i ;converse P ; Q ; P ; o).
} → converse P ; Q ; P.
block conjugate2 (block R (‘a,‘b) ∼ (‘a,‘b), block S (‘a,‘b) ∼ (‘a,‘b))
(‘a i1, ‘b i2) ∼ (‘a o1, ‘b o2) attributes {
height = height ((i1,i2) ; swap ; converse S ; swap ; R ; S ; (o1,o2)).
width = width ((i1,i2) ;swap ; converse S ; swap ; R ; S ; (o1,o2)).
} → swap ; converse S ; swap ; R ; S.
Figure 4.12: Some of the Prelude library blocks that require manual intervention to prove
their layouts using the tactical-based methods.
velop two new theorems about series compositions that are useful here for decomposing this
problem:
Theorem 20ÎPQxy. Îxy. 0 ≤ Width P x y ;Îxy. (0:: int) ≤ Width Q x y
=⇒ 0 ≤ Width (P ;; Q) x y
Theorem 21ÎPQxy. Îxy. 0 ≤ Height P x y ;Îxy. (0:: int) ≤ Height Q x y
=⇒ 0 ≤ Height (P ;; Q) x y
Proof By simplification, expanding the definitions of series composition and “let”. Theo-
rem 20 also requires the use of the simple lemma 0 ≤ m ∧ 0 ≤ n ⇒ 0 ≤ m + n. Mechanised
proofs are given in Appendix B.5 as part of the SeriesComposition theory.
These theorems essentially prove the validity of series composition size functions, assuming
that the size functions of their constituent blocks are also valid. We prove similar theorems
for parallel composition in Appendix B.6.
Using these theorems we can prove the validity theorems for these two blocks. conjugate2 also
requires additional intervention to split a single identifier representing a pair into two values,
something that can be done automatically by Isabelle’s auto method. The combinators tri,
irt, below and grid also require some manual intervention to re-write the proof scripts. Once
all proof scripts are correct, Isabelle can prove the entire library in 47 seconds of processing
time.