A Multipurpose Formal RISC-V Specification

RISC-V is a relatively new, open instruction set architecture with a mature ecosystem and an official formal machinereadable specification. It is therefore a promising playground for formal-methods research. However, we observe that different formal-methods research projects are interested in different aspects of RISC-V and want to simplify, abstract, approximate, or ignore the other aspects. Often, they also require different encoding styles, resulting in each project starting a new formalization from-scratch. We set out to identify the commonalities between projects and to represent the RISC-V specification as a program with holes that can be instantiated differently by different projects. Our formalization of the RISC-V specification is written in Haskell and leverages existing tools rather than requiring new domain-specific tools, contrary to other approaches. To our knowledge, it is the first RISC-V specification able to serve as the interface between a processor-correctness proof and a compiler-correctness proof, while supporting several other projects with diverging requirements as well.

[1]  Luca Benini,et al.  Slow and steady wins the race? A comparison of ultra-low-power RISC-V cores for Internet-of-Things applications , 2017, 2017 27th International Symposium on Power and Timing Modeling, Optimization and Simulation (PATMOS).

[2]  Adam Chlipala,et al.  Kami: a platform for high-level parametric hardware specification and its modular verification , 2017, Proc. ACM Program. Lang..

[3]  Daniel Jackson,et al.  Alloy: a lightweight object modelling notation , 2002, TSEM.

[4]  Adam Chlipala,et al.  The bedrock structured programming system: combining generative metaprogramming and hoare logic in an extensible program verifier , 2013, ICFP.

[5]  Antal Spector-Zabusky,et al.  Ready, set, verify! applying hs-to-coq to real-world Haskell code (experience report) , 2018, Journal of Functional Programming.

[6]  Shilpi Goel,et al.  Formal verification of application and system programs based on a validated x86 ISA model , 2016 .

[7]  Philip Wadler,et al.  The essence of functional programming , 1992, POPL '92.

[8]  Sizhuo Zhang,et al.  Composable Building Blocks to Open up Processor Design , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[9]  Warren A. Hunt,et al.  Automated Code Proofs on a Formal Model of the X86 , 2013, VSTTE.

[10]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[11]  Francesco Zappa Nardelli,et al.  The semantics of power and ARM multiprocessor machine code , 2009, DAMP '09.

[12]  Yuan Xie,et al.  Xuantie-910: A Commercial Multi-Core 12-Stage Pipeline Out-of-Order 64-bit High Performance RISC-V Processor with Vector Extension : Industrial Product , 2020, 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA).

[13]  Alastair David Reid,et al.  Trustworthy specifications of ARM® v8-A and v8-M system level architecture , 2016, 2016 Formal Methods in Computer-Aided Design (FMCAD).

[14]  Tom Ridge,et al.  The semantics of x86-CC multiprocessor machine code , 2009, POPL '09.

[15]  Anthony C. J. Fox Directions in ISA Specification , 2012, ITP.

[16]  Leslie Lamport,et al.  Should your specification language be typed , 1999, TOPL.

[17]  Elad Alon,et al.  A RISC-V vector processor with tightly-integrated switched-capacitor DC-DC converters in 28nm FDSOI , 2015, 2015 Symposium on VLSI Circuits (VLSI Circuits).

[18]  Adam Chlipala,et al.  Integration verification across software and hardware for a simple embedded system , 2021, PLDI.

[19]  Viktor Vafeiadis,et al.  HMC: Model Checking for Hardware Memory Models , 2020, ASPLOS.

[20]  Magnus O. Myreen,et al.  A Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture , 2010, ITP.

[21]  Ramana Kumar,et al.  Verified compilation on a verified processor , 2019, PLDI.

[22]  Robert M. Norton,et al.  ISA semantics for ARMv8-a, RISC-v, and CHERI-MIPS , 2019, Proc. ACM Program. Lang..