The Semantics of Behavioral VHDL’93 Descriptions

Egon Börger, Uwe Gläser, Wolfgang Müller

Dipartimento di Informatica
Università di Pisa
I-56125 Pisa, Italy

Heinz Nixdorf Institut
Universität-GH Paderborn
D-33098 Paderborn, Germany

Cadlab
Universität-GH Paderborn
D-33102 Paderborn, Germany

Abstract

We present a rigorous but transparent semantic definition of VHDL’93 covering the complete signal behavior and time model including the various wait statements and signal assignment statements. We present a VHDL interpreter in the form of rules of a concurrent evolving algebra which faithfully reflects and supports the view given in the VHDL’93 standard language reference manual.

1 Introduction

Approaching the definition of a formal semantics of the IEEE Std-1076 hardware description language VHDL’87 as well as of the new VHDL’93 [VHDL93] standard is of high interest for the synthesis and the formal verification of VHDL models.

Borrione and Paillet [BoPa87] have done first investigations defining the semantics of a VHDL’87 subset in terms of a functional model. Further investigations can be found in [Sa92, SaBo93]. The definition of a subset of the VHDL’87 semantics in terms of Booij-Moore Logic is presented by Read and Edwards in [ReEd94]. Wilsey [Wils90] defines the semantics of a small VHDL’87 subset based on interval temporal logic. Davis [Davis93] has introduced the denotational semantics of the VHDL simulation cycle by the use of an intermediate language that is derived from a very limited behavioral VHDL’87 subset. The structural operational semantics of a VHDL’87 subset (Femto-VHDL) for HOL, verification is presented by Van Tassel in [VaTa93]. Damm et al. give the detailed structural operational semantics of a VHDL’87 subset based on transition systems in [DJS94]. Müller introduces a partly denotational and partly operational approach (High-Level Semantics of VHDL’93) in [Mue93]. Therein the dynamic semantics is sketched by partially ordered events defining Petri-Net-like structures. Olcz and Colom introduce in [OlCo93] a formal model based on elaborated VHDL’87 and its execution in terms of Colored Petri-Nets which covers all basic behavioral properties of VHDL’87. In [OlCo94] they provide a detailed investigation of the VHDL’87 simulation cycle distinguishing three semantical layers: syntax checking and design library building, elaboration, and execution.

Almost all of these approaches consider rather restricted subsets of VHDL’87. None of the above approaches covers the new features of VHDL’93 in detail. The given specifications, due to the applied formalisms, are often too complex to convey a correct understanding of the semantics of VHDL for educational purpose. In this paper we provide a rigorous but simple semantic definition of elaborated VHDL’93 including the new features of postponed processes and pulse rejection limit [VHDL93]. We define the formal semantics of VHDL’93 in terms of Gurevich’s concurrent evolving algebras [Gur91, Gur94]. The flexibility of this concept allows us to produce our specification following the terminology and the view presented by the standard language reference manual [VHDL93].

The remainder of this paper is organized as follows. In Section 2 we briefly introduce what is needed from concurrent evolving algebras. In Section 3 we develop a mathematical definition of VHDL in terms of a VHDL Algebra considering the signal assignment and wait statements as well as the full computational model of interaction between the user defined processes and the kernel process. Section 4 gives a conclusion and future directions.

2 Evolving algebras

Evolving algebras (EAs) can be understood as ‘pseudocode over abstract data’, without any particular theoretical prerequisites. Here we list only the basic definitions and refer for a rigorous formalization to [Gur91, Gur94].
The abstract data come as elements of (possibly not furthermore specified) sets (domains, universes). The operations allowed on universes will be represented by partial functions, where we write \( f(x) = \text{undef} \) if \( f \) is undefined at \( x \). Dynamic changes are obtained through function updates of form “\( f(t_1, \ldots, t_n) := t \)” whose execution is to be understood as setting the value of function \( f \) at given arguments. Note that the 0-ary functions play the role of variables in imperative programming languages.

An EA is defined by a finite set of transition rules of form “if \( \text{Cond} \) then Updates” where \( \text{Cond} \) (condition or guard) is an expression, the truth of which triggers simultaneous execution of all updates in the finite set of Updates. Our rules will always be constructed so that the guards imply consistency of updates. The resulting description determines the dynamics of a very large transition system. We are usually only interested in states reachable from some designated initial states, which may be specified in various ways.

An EA often comes together with a set of integrity constraints, i.e., extralogical axioms and/or rules of inference, specifying the intended domains. In applications of EAs one usually encounters a heterogeneous signature with several universes, which may in general grow and shrink in time—update forms are provided to extend a universe: “extend \( A \) by \( t_1, \ldots, t_n \) with \( \text{Updates extended} \)” where \( \text{Updates} \) may (and should) depend on \( t_i \)’s, setting the values of some functions on newly created elements \( t_i \) of \( A \). Without giving explicit declarations, we shall assume the availability of certain standard mathematical universes such as booleans, integers, lists of whatever etc (as well as the standard operations on them).

A concurrent EA \( \Pi \), is a pair \( (\text{Ag}, \text{Mod}) \) where \( \text{Ag} \) is a finite set of agents and \( \text{Mod} \) is a function that associates a sequential EA with each element of \( \text{Ag} \). A concurrent EA can be seen as the definition of a set of concurrently running agents. Each agent is specified through a finite set of transition rules operating on a globally shared structure; this also covers shared variables. We illustrate the basic concepts of EAs by two examples:

\[
\begin{align*}
\text{Example 1: Exchange Values} & \\
\text{if } \text{Condition} & \text{ then } A := B \\
& \text{B := A}
\end{align*}
\]

\[
\begin{align*}
\text{Example 2: Remove the First Element of a List} & \\
\text{if } \text{List} \in \text{LIST} & \text{ then if } \text{List} \neq \{\} \\
& \text{then if } \text{List} := \text{tail(List)}
\end{align*}
\]

A process \( P \) cannot directly assign a value to a signal \( S \) but has to schedule the signal value \( \text{val} \), desired at time \( t \), into an ordered list \( \text{driver}(P, S) \) consisting of pairs \((\text{val}, t)\), so-called Transactions (see Figure 1). The transactions of a driver are linearly or-

\[\text{LIST} \in \text{LIST} \text{ is used as an abbreviation referring to any valid instantiation of List within the underlying domain LIST.}^2\]

The concepts of EAs directly apply to our view of VHDL whose agents are a user defined processes and one kernel process. Our VHDL specification comes in the form of two modules one for the kernel process and one for the asynchronously operating agents of user defined processes. Note that for a sequential user defined process, to execute a rule in which variables occur means to execute simultaneously all instantiations of this rule obtained by replacing the variables by elements of the corresponding domains. This intuitive explanation should be sufficient for a correct understanding of our rules; for a rigorous foundation of this so-called lockstep interpretation of sequential EAs see [Gur94].

3 The formal model

3.1 Basic concepts

[VHDL93] defines the semantics of the VHDL IEEE standard in terms of a simulator. In our description we adopt this view and also the basic terminology of [VHDL93] as far as possible (see also [OLCo94]).

The model of event driven simulation is based on a finite number of user defined processes \( P \in \text{PROCESS} \) which—under the supervision of the simulation kernel process—concurrently compute new VALUES for given SIGNALs. These signals may cause events at specified points in \( \text{TIME} \). Given the underlying discrete VHDL time model, the domain \( \text{TIME} \) is linearly ordered and contains the distinguished element \( \text{current time } T_0 \).

3.2 The model of system simulation

A process \( P \) contains a method for simulating the dynamics of the processes defined by a set \( \{P_1, P_2, \ldots, P_n\} \) of \( n \) processes and \( \text{TIME} \) is a set of timestamps. A process \( P \) itself is an entity which operates on \( \text{TIME} \) and signals in \( \text{TIME} \). It is equipped with a method \( \text{driver}(P, S) \) that reads the signal \( S \) and passes its time tag \( t \) to \( P \). The process \( P \) is then said to be in the process \( P \) and \( \text{driver}(P, S) \) is the event induced by \( S \) at time \( t \).

\[\text{Process } P \text{ cannot directly assign a value to a signal } S \text{ but has to schedule the signal value } \text{val}, \text{ desired at time } t, \text{ into an ordered list } \text{driver}(P, S) \text{ consisting of pairs } (\text{val}, t), \text{ so-called Transactions (see Figure 1). The transactions of a driver are linearly or-}

\[\text{Kernel value(S)}
\]

\[\text{Process } P_k \text{ driver}(P_k, S)
\]

\[\text{Process } P_1 \text{ driver}(P_1, S)
\]

\[\text{Figure 1: Updating Signals}
\]

\[\text{In the remainder of this paper domains are denoted by capitalized names whereas the related variables are represented by the same name but with only the first letter capitalized.}
\]
Sorted by their time components. For the first element of each driver holds that its time component is $\leq T_i$. The IEEE standard defines that the time components of the other transactions are $> T_i$. Since $value(S)$ for each signal $S$ usually is updated by a set $drivers(S)$, possible conflicts between the transactions of the active drivers of $S$ are resolved via a user defined resolution function; we represent the latter by a $resolved\_value$ function which out of the first elements of active $drivers(S)$ chooses one value for the update of $S$.

During a simulation cycle a process becomes $suspended$ when reaching a wait statement which delays the process execution until (a) the $timeout$ of a specified timer is reached, or (b) one of the corresponding signals is updated, or (c) a given expression becomes true if one of the corresponding signals is updated.

If all user defined processes are suspended, the kernel process becomes $enabled$ and (i) determines the value for the next time $T_i$; (ii) sets the new current simulation time $T_i$ if required; (iii) updates the relevant signals and resets the corresponding active drivers to $inactive$; and (iv) resumes the suspended processes (the processes are invoked by becoming $enabled$).

The kernel decides the type of processes which are invoked during the next simulation cycle ($was\_enabled = \text{postponed or enabled = process}$)\(^3\). Thus, we have to distinguish three consecutive phases for the kernel (see also Figure 4): the $delta\_cycle$ in which the current time $T_i$ does not change, but new values might be assigned to signals and suspended non-postponed processes are invoked; the $postponed\_cycle$ when, just before $T_i$ will advance, the postponed processes are $enabled$; and the $time\_cycle$ where the simulation time is advanced.

As initialization we suppose the kernel to be in phase $delta\_cycle$, current time $T_i$ to be set to 0, $enabled = process$, and the initialization of drivers according to the definitions in [VHDL'93]. We also assume that first the non-postponed processes and then the postponed processes are invoked once.

### 3.2 User defined processes

The rules in this section constitute an agent, one for each user defined process defining the semantics of signal assignment and of various wait statements.

#### 3.2.1 Processing statements

In order to concentrate on the essential behavioral features of VHDL'93, we assume that the control flow of each (sequential) iterative process is determined by the environment which provides the dynamic changes of values for the external function $program\_counter^4$. To express that a user defined process $P$ can be executed only when $P$ is not suspended and when all processes of the same type as $P$ are enabled, we use the following abbreviation:

$$Process\_does\_statement \equiv suspended(Process) = false \land type(Process) = enabled \land program\_counter(Process) = statement$$

Recall that $enabled$ can assume the three values $kernel$, $process$, $postponed$ indicating that the agents of that type are the ones currently executed. Since $type(P)$ is either $postponed$ or $process$ the condition $type(P) = enabled$ ensures that in each simulation cycle only the corresponding processes are executed—either postponed or non-postponed processes. Type $process$ stands for non-postponed processes.

### 3.2.2 Signal assignments

In this paper we consider only the most general form of signal assignment—the inertial signal assignment with an explicit specification of the rejection pulse limit. This statement newly introduced to VHDL'93 supersedes the behavior of the transport signal assignment and the inertial signal assignment of VHDL'87. The statement is of form ($S \leftarrow reject\_pulse\_inertial X_1 \_after\_time_1 \ldots$). In VHDL'93, the optional rejection pulse limit $Pulse$ specifies a time interval of transactions which are not rejected (removed) from the driver when scheduling the new waveform elements. For $Pulse = time_1$, the behavior of the statement is the same as a transport signal assignment. When $Pulse = 0$ the statement is equivalent to the VHDL'87 inertial signal assignment.

The general intuitive meaning of a signal assignment when carried out by some process $P$ is to schedule future values, on the driver identified through

\(^3\)enabled = kernel denotes that the kernel process is active.

\(^4\)An external function in the sense of [Gun91] is a function which is not updated by the rules of the system under consideration; nevertheless such a function might be updated by the environment and thus represents a precise interface for the system.
driver\( (P, S) \) of process \( P \) of signal \( S \). This is done by inserting new transactions (waveform elements) to the driver and removing previously scheduled transactions (preemptive scheduling). Recall, that VHDL requires the sequence of the waveform elements of the statements as well the transactions in the driver to be strictly increasing w.r.t. the time component. Each driver has exactly one distinguished element (first) which is \( \leq T_c \). Note here that in our model time is represented by the absolute time w.r.t. \( T_c \).

![Waveform diagram](image)

Figure 3: Preemptive Scheduling for Inertial Delay

In the special case of \( T_{\text{r}} = 0 \), the whole driver is replaced by the list \((X_1, T_1), \ldots, (X_n, T_n)\) where \( T_i = T_{i-1} + T_c \) denotes the absolute time w.r.t. the current simulation time \( T_c \). Since this means that the first transaction is replaced, the driver has to be set to active by definition.

In the other case, when \( T_{\text{r}} > 0 \), the waveform, which by definition is linearly ordered, is simply appended to the previously shrunk driver. The driver is shrunk by only keeping the transactions with \( < (T_{\text{r}} + T_c) \). We describe this by the function \( \text{driver} = \text{Waveform}\). The further actions are defined in [VHDL93] by a 5 step algorithm in terms of marking transactions and removing the unmarked transactions in Step 5.

In Step 1, the newly inserted waveform elements (new transactions) are marked. Step 2 marks those transactions whose time components are “less than the time at which the first new transaction is projected to occur minus the pulse rejection limit.” Step 3 defines that “for each remaining unmarked, old transaction, the old transaction is marked if it immediately precedes an unmarked transaction and its value component is the same as that of the marked transaction”. Finally, Step 4 marks the first element.

Corresponding to this algorithm, in our model, the resulting driver \( \text{driver}(S, P) \) is obtained as a composition of four separate sublists\(^5\): the first element, the

\^5The composition of lists is defined by the \( \wedge \) operator.

part kept by the rejection pulse limit, the not rejected, and the new transactions. In this composition \( \text{driver'} \) reflects the shrunk driver, \( \text{driver}'' \) corresponds to Step 2 of the above algorithm. The function \( \text{reject} \) implements Step 3. \( \text{reject} \) only keeps those transactions at the right end of the driver whose value is equal to the value of the first new transaction (\( X_1 \)):

\[
\text{reject}(\text{List}, \text{Val}) = \begin{cases} 
\emptyset & \text{if } \text{List} = () \lor \text{value}(\text{last}(\text{List})) \neq \text{Val} \\
\text{return } () & \\
\text{return } \text{reject(front(\text{List}, \text{Val}))} \wedge \text{last(\text{List})} & 
\end{cases}
\]

The full specification of the statement is given by the following transition rule\(^6\).

\[
\text{if Process does } (S \Leftarrow \text{REJECT Pulse INERTIAL } X_1) \text{ then if } T_{\text{r}} = 0 \text{ then } \text{driver}(\text{Process}, S) := \text{Waveform'} \quad \text{active(\text{driver}(\text{Process}, S))} := \text{true} \quad \text{else driver}(\text{Process}, S) := \text{first(\text{driver}(\text{Process}, S))} \wedge \text{driver}'' \text{ reject(\text{driver}'' \wedge X_1 \wedge \text{Waveform'})}
\]

where

\[
\text{driver'} := \text{tail(\text{driver}(\text{Process}, S))} \rightarrow \text{first(\text{driver}(\text{Process}, S))} \wedge \\
\text{driver''} := (\text{driver'} \rightarrow \text{last(\text{driver}(\text{Process}, S)))} \wedge \\
\text{driver}'' := (\text{driver'} \rightarrow \text{last(\text{driver}(\text{Process}, S)))} \wedge \\
\text{driver}'' := (\text{driver'} \rightarrow \text{last(\text{driver}(\text{Process}, S)))} \wedge \\
\text{driver}'' := (\text{driver'} \rightarrow \text{last(\text{driver}(\text{Process}, S)))} \wedge \\
\text{driver}'' := (\text{driver'} \rightarrow \text{last(\text{driver}(\text{Process}, S)))} \wedge
\]

In this rule \( \text{Waveform}'' \) is composed by replacing the relative time of each element of \( \text{Waveform} \) by the absolute time \( T_{\text{r}} \): \( \text{Waveform'} := (X_1, T_1, \ldots) \).

### 3.2.3 Wait statements

The rules for wait statements define how processes are suspended due to wait requirements for a specified time period, a signal, or the truth of a condition.

For modeling \( \text{WAIT FOR} \) statements, we introduce the concept of timers. Timers are objects which are set when a \( \text{WAIT FOR} \) statement is evaluated. That is, if Process \( \text{WAITs FOR} \) Time, then a new timer with timeout \( T_c + \text{Time} \) is created at which the Process is suspended by \( \text{suspended(\text{Process})} := \text{true} \). The function \( \text{waiting} \) identifies the process which is waiting for the expiration time.

\[
\text{if Process does } (\text{WAIT, FOR} \text{ Time}) \text{ then suspended(\text{Process})} := \text{true} \\
\text{extend TIMER by } t \text{ with} \\
\text{timeout(t)} := \text{Time + } T_c \\
\text{waiting(t)} := \text{Process} \\
\text{endextend}
\]

If a Process \( \text{WAITs ON} \) a set of \( \text{Signals} \) then the Process is suspended and added to the set of processes which are waiting for changes of a signal, i.e., each signal in this sensitivity list holds in \( \text{waiting(s)} \) the

\(^6\)Since we want to abstract from the details of expression evaluation we interpret \( X_i \) as placeholders for the corresponding values
set of processes which are suspended on $s$. If a Process $\texttt{WAIT\ UNTIL}$ an expression $\texttt{Expr}$ it is resumed when the expression evaluates to true. The evaluation of the current waiting condition, which is stored in $\texttt{waitcond(Process)}$, is performed iff at least one signal in this expression changes. Those signals are extracted from the expression by $\texttt{condsignals(Expr)}$.

$$\begin{align*}
\text{if } \text{Process does}\ W A I T\ U N T I L\ Expr & \\
\text{then } \text{waitcond}(\text{Process}) := \text{Expr} & \\
\text{end if} & \\
\text{if } s \in \text{condsignals(Expr)} & \\
\text{then } \text{wait}(s) := \text{wait}(s)^{s}(\text{Process}) & \\
\text{end if} & \\
\end{align*}$$

By $\text{WAIT\ UNTIL}$ suspensions a $\text{Process}$ is added to $\text{wait}(s)$ of each $s \in \text{condsignals(Expr)}$.

3.3 The kernel process

The kernel is an agent which starts executing only when all user defined processes are suspended. We abbreviate this by:

$$\begin{align*}
\text{AllProcessesSuspended} & \\
\forall P \in \text{PROCESS}: \text{type}(P) = \text{enabled} & \Rightarrow \\
\text{suspended}(P) = \text{true} & \land \\
\text{enabled}(P) = \text{process}\_\text{postponed} & \\
\end{align*}$$

This specifies that all processes of the currently enabled type $\text{process}$ or $\text{postponed}$ have to be suspended. Then the kernel computes whether the next simulation cycle has to be a delta cycle, a postponed cycle, or whether the time can be advanced and sets $\text{phase} \in \{\text{delta}\_\text{cycle}, \text{postponed}\_\text{cycle}, \text{time}\_\text{cycle}\}$ accordingly (see Figure 2).

If the expected next time $T_n$ is equal to the current time $T_c$, the kernel goes into phase $\text{delta}\_\text{cycle}$. Otherwise, if $T_n > T_c$, the kernel goes either from $\text{delta}\_\text{cycle}$ to $\text{postponed}\_\text{cycle}$ or from the latter to $\text{time}\_\text{cycle}$ phase (see Figure 4). $T_n$ is computed by taking the minimum of all timeouts $\geq T_c$ (mintimer) and of times of all drivers$^8$ (mindriver).

$$\begin{align*}
\text{if } \text{AllProcessesSuspended} & \\
\text{then } \text{enabled} := \text{kernel} & \\
\text{if } T_n = T_c & \\
\text{then } \text{phase} := \text{delta}\_\text{cycle} & \\
\text{elsif } \text{phase} = \text{delta}\_\text{cycle} & \\
\text{then } \text{phase} := \text{postponed}\_\text{cycle} & \\
\text{else } \text{phase} := \text{time}\_\text{cycle} & \\
\text{UpdateDrivers}(T_n) & \\
\end{align*}$$

$$\begin{align*}
\text{where } T_n = \min\{\text{mindriver}, \text{mintimer}\} & \\
\text{mintimer} = & \\
\min\{\text{timeout}(t) \mid t \in \text{TIMER}, \text{timeout}(t) \geq T_c\} & \\
\text{mindriver} = & \\
\min\{\text{time}(t) \mid 3d \in \text{DRIVER}: \text{active}(d) = i, t = t^i\} & \\
\text{where } t^\text{first} = f\text{irst}(d) & \text{ and } t^\text{first} = f\text{irst}(d) & \\
\end{align*}$$

$^7$This is the case if there are some active drivers or if at least one timeout is set to $T_c$.

$^8$In the case of active drivers the time of the newly scheduled first element has to be considered. In the case of inactive drivers the time of the second element has to be considered.

Note here, that in the case of a $\text{time}\_\text{cycle}$ all drivers have to be updated w.r.t. the new time $T_n$ by $\text{UpdateDrivers}$. If any transaction is scheduled for the $T_n$ in any driver these drivers are updated to their tails, i.e., the first element is removed. By definition these drivers become active. Due to the ordering of drivers, we can determine these drivers by checking their second element to $T_n$.

$$\begin{align*}
\text{UpdateDrivers}(t) & \equiv \\
\text{if } d \in \text{DRIVER} \land tail(d) \neq () \land \text{time}(\text{scd}(d)) = t & \\
\text{then } d := \text{tail}(d) & \\
\text{active}(d) := \text{true} & \\
\end{align*}$$

There are three rules describing what the kernel does in each of its three different phases (delta_cycle, postponed_cycle, time_cycle). In the delta cycle and time cycle phase, the kernel checks whether there may be any events on signals (EventOnSignals). Thereafter the kernel changes to sub-phase $\text{process\_resumption}$ in order to resume the user defined processes. In phase $\text{time}\_\text{cycle}$, the kernel additionally has to advance the current time to $T_n$ before. In the case that $T_n$ exceeds the limit $\text{TIME}'\text{HIGH}$ the simulation completes by setting $\text{enabled} := \text{undef}$ (cf. Figure 2). When in phase $\text{postponed}\_\text{cycle}$, the kernel simply invokes all already resumed postponed processes by setting $\text{enabled} := \text{postponed}$.

**Delta Cycle**:

$$\begin{align*}
\text{if } \text{enabled} = \text{kernel} \land \text{phase} = \text{delta}\_\text{cycle} & \\
\text{then } \text{EventOnSignals} & \\
\text{enabled} := \text{process\_resumption} & \\
\end{align*}$$

**Time Cycle**:

$$\begin{align*}
\text{if } \text{enabled} = \text{kernel} \land \text{phase} = \text{time}\_\text{cycle} & \\
\text{then } \text{EventOnSignals} & \\
\text{if } T_n > \text{TIME}'\text{HIGH} & \\
\text{then } \text{enabled} := \text{undef} & \\
\text{else } T_c := T_n & \\
\text{enabled} := \text{process\_resumption} & \\
\text{where } T_n = \min\{\text{mindriver}, \text{mintimer}\} & \\
\end{align*}$$

**Postponed Cycle**:

$$\begin{align*}
\text{if } \text{enabled} = \text{kernel} \land \text{phase} = \text{postponed}\_\text{cycle} & \\
\text{then } \text{enabled} := \text{postponed} & \\
\end{align*}$$

$\text{EventOnSignals}$ sets an event on those signals which have at least one active driver and whose current value value is different from the newly resolved value. In the case of an event, the current value is replaced by

![Figure 4: Different Phases of the VHDL Simulator](image-url)
the resolved value \(\text{resolved\_value}\) applying the user defined \textit{resolution function} (see also Figure 1). The active drivers are reset since this property holds only for one simulation cycle.

\[
\text{EventOnSignals} \equiv \\
\text{if } \exists d \in \text{drivers}(\text{Signal}) : \text{active}(d) = \text{true} \land \text{value}(\text{Signal}) \neq \text{resolved\_value}(\text{Signal}) \\
\text{then event}(\text{Signal}) := \text{false} \\
\text{active}(d) := \text{false} \\
\]

In subphase \textit{process\_resumption} which applies to delta and time cycles only processes may resume on signals and on expired timers. For starting the resumed processes, \textit{phase} has to be set to \textit{enabled} again.

\[
\text{if enabled} = \text{process\_resumption} \land \\
\text{phase} = \text{delta\_cycle} \lor \text{phase} = \text{time\_cycle} \\
\text{then ResumeOnTimers} \\
\text{ResumeOnSignals} \\
\text{enabled} := \text{process} \\
\]

\text{ResumeOnTimers} resumes all processes in \textit{waiting} whose timeout has reached the already updated \(T_c\). \text{ResumeOnSignals} resumes the processes which are sensitive to signals \(s\) with \text{event}(s) := \text{true}. All processes of the set \textit{waiting} of each of these signals are resumed. In case of suspension by \textit{WAIT UNTIL}, i.e., \textit{waitcond} is defined, the corresponding condition \textit{cond\_value} has to be checked. When applying this function, each appearance of each signal \(s\) now refers to the already updated current values of \(S\). Finally, \textit{event} and \textit{waitcond} have to be initialized for the next simulation cycle.

\[
\text{ResumeOnTimers} \equiv \\
\text{if } \text{Timer} \in \text{T} \land \text{timeout}(\text{Timer}) = T_c \\
\text{then suspended}(\text{waiting}(\text{Timer})) := \text{false} \\
\text{ResumeOnSignals} \equiv \\
\text{if } s \in \text{SIGNALA} \land \text{event}(s) = \text{true} \\
\text{then event}(s) := \text{false} \\
\text{if } \text{Process} \in \text{waiting}(s) \\
\text{then if } \text{waitcond}(\text{Process}) = \text{undef} \\
\text{then suspended}(\text{Process}) := \text{false} \\
\text{else if waitcond}(\text{Process}) = \text{true} \\
\text{then suspended}(\text{Process}) := \text{false} \\
\]

\section{Conclusion & future directions}

We presented a rigorous but yet intuitive VHDL'93 algebra aiming at a clean and complete model which supports the understanding of the VHDL'93 language reference manual. In this paper, due to limited space, we did not treat the behavior of shared variables and ports (cf. [BG94]). In a next step we will start to investigate the implementation of adequate tools for machine assisted analysis and verification of EA models. We are also working on a UDL/I algebra with the ultimate goal to provide a uniform framework for comparison of VHDL and UDL/I properties.

\section*{Acknowledgements}

We would like to thank Uschi Hudson, Christel Oczko, Serafin Oloz, Franz J. Ramming, Simon Read as well as the unknown reviewers for their valuable comments when reviewing this article.

\section*{References}


[OlCo94'] S. Oloz and J.M. Colom. The Discrete Event Simulation Semantics of VHDL. In Int. Conf. on Simulation and HDLs, Tempe, Arizona, SCS, Jan. 1994.


