An Executable Formalisation of the SPARCv8 Instruction Set Architecture: A Case Study for the LEON3 Processor

Hóu, Zhé; Sanán, David; Tiu, Alwen; Liu, Yang; Hoa, Koh Chuen

doi:10.1007/978-3-319-48989-6_24

Cited by 14 publications

(16 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…High-level ISA model and TSO model. The low-level ISA model was published at FM 2016 [28]. This journal paper extends the FM 2016 paper with two components: a high-level ISA model, which serves as the interface for memory operations, and two TSO memory models.…”

Section: Introductionmentioning

confidence: 94%

“…However, the current set of modelled ISA does not include any variance for the SPARC ISA. Although it would have been possible to rewrite the semantics of [28] in Sail, this language lacks some important features necessary for our work. First, Sail does not provide some low-level system semantics such as exceptions and interrupts; second, their framework does not include an execution model for multi-core processors.…”

Section: Introductionmentioning

confidence: 99%

“…2. The low-level model can be exported to OCaml code for both single step execution and sequential execution [28]. 3.…”

mentioning

confidence: 99%

See 2 more Smart Citations

An Isabelle/HOL Formalisation of the SPARC Instruction Set Architecture and the TSO Memory Model

et al. 2020

Self Cite

View full text Add to dashboard Cite

The SPARC instruction set architecture (ISA) has been used in various processors in workstations, embedded systems, and in mission-critical industries such as aviation and space engineering. Hence, it is important to provide formal frameworks that facilitate the verification of hardware and software that run on or interface with these processors. In this work, we give the first formal model for multi-core SPARC ISA and Total Store Ordering (TSO) memory model in Isabelle/HOL.We present two levels of modelling for the ISA: The low-level ISA model, which is executable, covers many features specific to SPARC processors, such as delayedwrite for control registers, windowed general registers, and more complex memory access. We have tested our model extensively against a LEON3 simulation board, the test covers both single-step executions and sequential execution of programs. We also prove some important properties for our formal model, including a non-interference property for the LEON3 processor.The high-level ISA model is an abstraction of the low-level model and it provides an interface for memory operations in multi-core processors. On top of the Z. Hóu

show abstract

Section: Introductionmentioning

confidence: 94%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Isabelle/HOL Formalisation of the SPARC Instruction Set Architecture and the TSO Memory Model

et al. 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…These approaches differ from ours in that they try to give a formal guarantee that a processor model is a valid abstraction of the actual hardware, and to achieve that they require the hardware to be accessible as a white box. More similar to ours are black-box approaches that validate an abstract model by randomly generated instructions or based on dynamic instrumentation [ 20 , 29 ]. Combinations of formal verification and testing approaches for hardware verification and validation have also been considered [ 11 ].…”

Section: Related Workmentioning

confidence: 99%

Validation of Abstract Side-Channel Models for Computer Architectures

Nemati

Buiras

Lindner

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Observational models make tractable the analysis of information flow properties by providing an abstraction of side channels. We introduce a methodology and a tool, Scam-V, to validate observational models for modern computer architectures. We combine symbolic execution, relational analysis, and different program generation techniques to generate experiments and validate the models. An experiment consists of a randomly generated program together with two inputs that are observationally equivalent according to the model under the test. Validation is done by checking indistinguishability of the two inputs on real hardware by executing the program and analyzing the side channel. We have evaluated our framework by validating models that abstract the data-cache side channel of a Raspberry Pi 3 board with a processor implementing the ARMv8-A architecture. Our results show that Scam-V can identify bugs in the implementation of the models and generate test programs which invalidate the models due to hidden microarchitectural behavior.

show abstract

“…The project adopts a multi-layer verification approach where we formalise each layer separately and use a refinement-based approach to show that properties proved at the top level are preserved at the lower levels. This work closely connects with the other components of the project such as the formal modelling and verification of verilog [8] and the SPARCv8 instruction set architecture for the LEON3 processor [9], [10], a verification framework for concurrent C-like programs [11], and automated reasoning techniques for separation logic [12]- [14]. For easy integration, these related sub-projects partly determine our software choices such as Isabelle/HOL and hardware choices such as LEON3 and VHDL.…”

Section: Introductionmentioning

confidence: 97%

An Executable Formal Model of the VHDL in Isabelle/HOL

Khan¹,

Hóu²,

Sanán³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

In the hardware design process, hardware components are usually described in a hardware description language. Most of the hardware description languages, such as Verilog and VHDL, do not have mathematical foundation and hence are not fit for formal reasoning about the design. To enable formal reasoning in one of the most commonly used description language VHDL, we define a formal model of the VHDL language in Isabelle/HOL. Our model targets the functional part of VHDL designs used in industry, specifically the design of the LEON3 processor's integer unit. We cover a wide range of features in the VHDL language that are usually not modelled in the literature and define a novel operational semantics for it. Furthermore, our model can be exported to OCaml code for execution, turning the formal model into a VHDL simulator. We have tested our simulator against simple designs used in the literature, as well as the div32 module in the LEON3 design.

show abstract

An Executable Formalisation of the SPARCv8 Instruction Set Architecture: A Case Study for the LEON3 Processor

Cited by 14 publications

References 17 publications

An Isabelle/HOL Formalisation of the SPARC Instruction Set Architecture and the TSO Memory Model

An Isabelle/HOL Formalisation of the SPARC Instruction Set Architecture and the TSO Memory Model

Validation of Abstract Side-Channel Models for Computer Architectures

An Executable Formal Model of the VHDL in Isabelle/HOL

Contact Info

Product

Resources

About