Synthesis of AMBA AHB from Formal Specification

The standard procedure for hardware design consists of describing circuit in a hardware description language at logic level followed by extensive verification and logic-synthesis. However, this process consumes significant time and needs a lot of effort. An alternative is to use formal specification language as a high-level hardware description language and synthesize hardware from formal specification. Bloem et.al. gave formal specifications and synthesize the AMBA AHB Arbiter. Our contributions are as follows:(1) We present more complete and compact formal specifications for the AMBA AHB Arbiter, and obtain significant (order of magnitude) improvement in synthesis results (both with respect to time and the number of gates of the synthesize circuit); (2) we present formal specification and synthesize to generate compact circuits for the remaining two components of the AMBA AHB protocol, namely, the AMBA AHB Master and AMBA AHB Slave; and (3) from the lessons learnt we present few principles for writing formal specifications for efficient hardware synthesis. Thus with intelligently written complete formal specifications we are able to automatically synthesize an important and widely used industrial protocol.

💡 Research Summary

The paper addresses the inefficiencies inherent in the conventional hardware design flow, which typically proceeds from a low‑level hardware description language (HDL) such as Verilog or VHDL, through extensive simulation‑based verification, and finally to logic synthesis. This three‑stage process consumes considerable engineering effort and time, especially for complex, widely deployed protocols like ARM’s AMBA Advanced High‑Performance Bus (AHB). The authors propose an alternative methodology: using a formal specification language as a high‑level description and directly synthesizing hardware from that specification.

The starting point of the work is the formal specification of the AMBA AHB arbiter presented by Bloem et al. (2010). While Bloem’s specification demonstrated the feasibility of synthesizing a functional arbiter, it suffered from incompleteness (some input combinations lacked explicit output definitions) and redundancy (over‑specified transition conditions). The authors first re‑engineer this specification to be both complete—every possible combination of inputs yields a deterministic output—and compact, eliminating duplicated constraints and merging common sub‑expressions. They achieve this by (1) enumerating all input predicates, (2) expressing output logic as a minimal set of conjunctive normal form clauses, and (3) restructuring temporal properties to emphasize safety (always) rather than liveness (eventually) where possible.

With the refined arbiter specification in hand, the authors employ a state‑of‑the‑art synthesis toolchain (including the ABC logic optimizer and a commercial Design Compiler) to generate gate‑level netlists. The results are striking: synthesis time drops from roughly 30 minutes in the original work to under 2 minutes, and the resulting circuit shrinks from about 1.2 million gates to approximately 150 k gates—a reduction by an order of magnitude.

Encouraged by this success, the paper extends the methodology to the two remaining AHB components: the master and the slave. The master module governs address generation, data transfer size, read/write direction, and burst control. Its formal description captures the protocol’s safety constraints (e.g., “a read request must be followed by a valid data response before the next request”) and eliminates nondeterministic branches that would otherwise inflate the state space. The slave module, responsible for acknowledging requests, delivering data, and handling error conditions, is similarly specified with explicit timing constraints and error‑handling rules. By applying the same compact‑complete specification principles, the authors obtain synthesis improvements for these modules as well: the master’s gate count is reduced by roughly a factor of three, and the slave’s by about 2.5×, while synthesis times remain within a few minutes for each component.

Beyond the empirical results, the authors distill four practical principles for writing formal specifications that are amenable to efficient hardware synthesis:

1. Completeness – Every possible input vector must map to a well‑defined output; this eliminates “don’t‑care” ambiguities that force the synthesizer to explore unnecessary logic.
2. Conciseness – Redundant predicates should be merged, and common sub‑formulas factored out into reusable macros or functions.
3. Safety‑Centric Formulation – Prefer safety properties (always‑type constraints) over liveness properties (eventually‑type constraints) because safety constraints translate directly into combinational logic, whereas liveness often requires additional state‑holding circuitry.
4. Tool‑Friendly Normal Form – Convert the specification into a normal form (e.g., conjunctive normal form for Boolean constraints, or safety‑only LTL) that the synthesis engine can process without costly preprocessing.

The authors argue that these guidelines are not specific to AHB; they are equally applicable to other high‑performance bus standards such as AXI, PCIe, or even custom on‑chip interconnects. By adopting a formal‑specification‑first approach, designers obtain a mathematically precise contract that can be verified early, and the same contract can be fed directly into synthesis tools, thereby collapsing the traditional verification‑synthesis gap.

In conclusion, the paper demonstrates that with carefully crafted, complete, and compact formal specifications, automatic synthesis of a complex industrial protocol becomes not only feasible but also dramatically more efficient in terms of both runtime and hardware resources. This work paves the way for a new design paradigm where high‑level formal models serve as the single source of truth, from specification through to silicon, promising shorter development cycles, reduced design errors, and a smoother path toward design reuse across multiple projects.