Fangfang Yuan, Stephen Wright, Kerstin Eder, David May

Department of COMPUTER SCIENCE

Managing Complexity through Abstraction:

A refinement-based approach to formalize

Instruction Set Architectures

Instruction Set Architecture

• Instructions• Basic data types

• Register file definition• Memory space(s) definition

• Exception handing

ARM: SMLALD

XS1: LMUL

Motivation

• Assembler programming

• Spec for design verification

• ISA evolution

• Tools development

Motivation

Specification,

Tools,

Software

Specification

Tools,

Software

Component

Manufacturer

Product

Manufacturer

3rd Party

Formal Analysis of ISAs

Examples:• 6800 (Z)• 68020 (Nqthm)• VIPER (LCF-LSM/HOL)• DLX (PVS)• JVM (HOL,ACL2)• ARM6 (HOL)

– 6500 Lines HOL4 script

…etc, etc

Objectives:• Specification checking• Micro-architecture

verification • Binary executable

checking

Can we do better?

Need to introduce more structure:J. P. Bowen. Formal specification and documentation of

microprocessor instruction sets. Microprocess. Microprogram.,21(1-5):223–230, 1987.

– Define a set of “easily assimilated concepts” – each “readily understandable” to – layer such a formal specification with the – aim to facilitate its construction, – to ease readability and comprehension, and – to enable re-use.

Event-B

• Set-based• Events are guarded atomic actions

• Step-wise formal refinement–Property-preserving– Maintain consistency

• Hierarchy of abstraction levels• Mature tool support: Rodin platform

A Fresh Approach to Formally Constructing ISAs

Objective:– Complete formal derivation of an ISA

• From first principles• Down to code generation

Method:– Rigorous use of Abstraction/Refinement

• Stepwise refinement in Event-B based on Common ISA properties

– Hierarchy of abstraction levels• Top-down “narrative” of overall functionality• Individual instructions at leaves

– Systematic use of Formal Proof

Atomic Actions vs IF/ELSE

Event1a refines Evt1

Event1b refines Evt1

Event2 refines Evt2

Event3a refines Evt3

Event3b refines Evt3

If Guard1 Then Action1

Action1

ElseIf Guard2 Then Action2

ElseIf Guard3 Then Action3

Else Guard4 Then Action4

???

?

??

ISA Formalization Portfolio

• MIDAS – 33 instructions

Model Structure - Reuse

Generic

Processor

Specific

StateMch

RegMch

MemMch

ControlFlowMch

XMch1

…

…

…

Reusable Formal

Modelling Framework(Template)

ISA Formalization Portfolio

• MIDAS – 33 instructions

• CRISP – 50 instructions

• XCore – 209 instructions

Refinements

Benefits of Modelling Framework

• Step-wise refinement – abstraction levels– Provides structure– Remains comprehensible

• Property-preserving refinement– Maintains consistency within model– Early definition of properties

• Source for code/document generation– Animation/Simulation

• Traceability of requirements

Summary

• Method and Framework for formal ISA Modelling and Analysis– Framework is generic (template) – Method is transferable

• Proof of concept: – MIDAS, CRISP

• 1st industrial application completed: – XCore ISA– Available from http://deploy-eprints.ecs.soton.ac.uk/346/

Demo

!

Tool Flow

Rodin

Testsuite .c

XCore

B2C

XCoreB .cSupport .c/h

MSDev

Studio

XCoreB.exe

XCoreGcc

Test .out

Testsuite Execution

XCore

VMLoader

Console

ServerExecutable

Text Output

Socket

Thank you

Questions?

Department of COMPUTER SCIENCE