Directions in ISA Specification

  title={Directions in ISA Specification},
  author={Anthony C. J. Fox},
  • A. Fox
  • Published in ITP 2012
  • Computer Science
This rough diamond presents a new domain-specific language (DSL) for producing detailed models of Instruction Set Architectures, such as ARM and x86. The language’s design and methodology is discussed and we propose future plans for this work. Feedback is sought from the wider theorem proving community in helping establish future directions for this project. A parser and interpreter for the DSL has been developed in Standard ML, with an ARMv7 model used as a case study. 
TSL: A System for Generating Abstract Interpreters and its Application to Machine-Code Analysis
The design and implementation of a system, called TSL, that provides a systematic solution to the problem of creating retargetable tools for analyzing machine code, and the principles behind TSL are described, and how one uses TSL to develop different abstract interpreters are discussed. Expand
A Multipurpose Formal RISC-V Specification
This work sets out to identify the commonalities between projects and to represent the RISC-V specification as a program with holes that can be instantiated differently by different projects, and to serve as the interface between a processor-correctness proof and a compiler-Correctness proof. Expand
Extracting behaviour from an executable instruction set model
This work presents a method which combines symbolic evaluation and symbolic execution techniques to provide a rule-based view of instruction behaviour, with particular application to automatic test generation for large MIPS-like models. Expand
Detailed Models of Instruction Set Architectures : From Pseudocode to Formal Semantics
Processor instruction set architectures (ISAs) are typically specified using a mixture of prose and pseudocode. We present ongoing work on expressing such specifications rigorously and automaticallyExpand
Improved Tool Support for Machine-Code Decompilation in HOL4
Improvements that have been made to the methodology for soundly decompiling machine-code programs to functions expressed in HOL logic have been facilitated by the development of a domain specific language, called L3, for the specification of Instruction Set Architectures (ISAs). Expand
ISA semantics for ARMv8-a, RISC-v, and CHERI-MIPS
This paper presents rigorous semantic models for the sequential behaviour of large parts of the mainstream ARMv8-A, RISC-V, and MIPS architectures, and the research CHERI-MIPS architecture, that are complete enough to boot operating systems, variously Linux, FreeBSD, or seL4. Expand
An Executable Formalisation of the SPARCv 8 Instruction Set Architecture : A Case Study for The LEON 3 Processor
The SPARCv8 instruction set architecture (ISA) has been used in various processors for workstations, embedded systems, and space missions. However, there are no publicly available formal models forExpand
An Executable Formalisation of the SPARCv8 Instruction Set Architecture: A Case Study for the LEON3 Processor
This work gives the first formal model for the integer unit of SPARCv8 ISA in Isabelle/HOL, which captures the operational semantics of the instructions using monadic definitions, and extracts executable code from the formalisation, giving the first systematically verified executable semantics for the SPARC v8ISA. Expand
An Isabelle/HOL Formalisation of the SPARC Instruction Set Architecture and the TSO Memory Model
This work gives the first formal model for multi-core SPARC ISA and Total Store Ordering (TSO) memory model in Isabelle/HOL and formalises two TSO memory models: one is an adaptation of the axiomatic SPARC TSO model, which is suitable for verifying execution results, and it is proved that the operational model is sound and complete with respect to theAxiomatic model. Expand
Modelling the ARMv8 architecture, operationally: concurrency and ISA
This paper develops a concurrency model with a microarchitectural flavour, abstracting from many hardware implementation concerns but still close to hardware-designer intuition, and builds a tool from the combined semantics that lets one explore the full range of architecturally allowed behaviour, for litmus tests and (small) ELF executables. Expand


A System for Generating Static Analyzers for Machine Instructions
The design and implementation of a language for specifying the semantics of an instruction set, along with a run-time system to support the static analysis of executables written in that instruction set are described. Expand
Lyrebird - Assigning Meanings to Machines
This paper presents work in progress on the Lyrebird framework, consisting of a language for specifying the programmer-visible behaviour of a processor and its associated devices, a tool forExpand
Machine Descriptions to Build Tools for Embedded Systems
This paper presents detailed and precise machine-description techniques that are based on a new formalization of RTLs, which have a detailed, unambiguous, and machine-independent semantics, which makes them ideal for supporting automatic generation of retargetable tools. Expand
Verified LISP Implementations on ARM, x86 and PowerPC
This paper reports on a case study, which we believe is the first to produce a formally verified end-to-end implementation of a functional programming language running on commercial processors.Expand
A Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture
A novel and efficient testing approach has been developed, based on automated forward proof and communication with ARM development boards, and some details of the endeavours that have been made to ensure that the sizeable model is valid and trustworthy are given. Expand
RockSalt: better, faster, stronger SFI for the x86
A new checker is built that is smaller, faster, and has a much reduced trusted computing base when compared to Google's original analysis of the x86 instruction set architecture. Expand
Lem: A Lightweight Tool for Heavyweight Semantics
Lem is described, a prototype system specifically designed to support pragmatic engineering of ITP definitions, and has a carefully designed source language, of a familiar higher-order logic with datatype definitions, inductively defined relations, and so on. Expand
A Formally Verified Compiler Back-end
  • X. Leroy
  • Computer Science
  • Journal of Automated Reasoning
  • 2009
This article describes the development and formal verification of a compiler back-end from Cminor (a simple imperative intermediate language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its soundness. Expand
Formalising Java's Data Race Free Guarantee
The data race free (DRF) guarantee provided by Java, as captured by the semi-formal Java Memory Model (JMM), is formalised and found that not all of the anticipated conditions in the JMM definition were actually necessary for the DRF guarantee. Expand
X86 specification in ACL2
  • X86 specification in ACL2