skip to main content
research-article
Open access

Flexible Instruction-Set Semantics via Abstract Monads (Experience Report)

Published: 31 August 2023 Publication History

Abstract

Instruction sets, from families like x86 and ARM, are at the center of many ambitious formal-methods projects. Many verification, synthesis, programming, and debugging tools rely on formal semantics of instruction sets, but different tools can use semantics in rather different ways. The best-known work applying single semantics across diverse tools relies on domain-specific languages like Sail, where the language and its translation tools are specialized to the realm of instruction sets. In the context of the open RISC-V instruction-set family, we decided to explore a different approach, with semantics written in a carefully chosen subset of Haskell. This style does not depend on any new language translators, relying instead on parameterization of semantics over type-class instances. We have used a single core semantics to support testing, interactive proof, and model checking of both software and hardware, demonstrating that monads and the ability to abstract over them using type classes can support pleasant prototyping of ISA semantics.

References

[1]
Eyad Alkassar, Mark A. Hillebrand, Dirk Leinenbach, Norbert W. Schirmer, and Artem Starostin. 2008. The Verisoft Approach to Systems Verification. In 2nd IFIP Working Conference on Verified Software: Theories, Tools, and Experiments (VSTTE’08), Natarajan Shankar and Jim Woodcock (Eds.) (LNCS, Vol. 5295). Springer, 209–224.
[2]
Alasdair Armstrong, Thomas Bauereiss, Brian Campbell, Alastair Reid, Kathryn E. Gray, Robert M. Norton, Prashanth Mundkur, Mark Wassell, Jon French, Christopher Pulte, Shaked Flur, Ian Stark, Neel Krishnaswami, and Peter Sewell. 2019. ISA Semantics for ARMv8-A, RISC-V, and CHERI-MIPS. Proceedings of the ACM on Programming Languages, 3, POPL (2019), Jan., 1–31. issn:2475-1421, 2475-1421 https://doi.org/10.1145/3290384
[3]
William R. Bevier, Warren A. Hunt, Jr., J Strother Moore, and William D. Young. 1989. An Approach to Systems Verification. Journal of Automated Reasoning, 411–428. https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.68.6467&rep=rep1&type=pdf
[4]
Per Bjesse, Koen Claessen, Mary Sheeran, and Satnam Singh. 1998. Lava: Hardware Design in Haskell. In Proceedings of the Third ACM SIGPLAN International Conference on Functional Programming (ICFP ’98). Association for Computing Machinery, New York, NY, USA. 174–184. isbn:1-58113-024-4 https://doi.org/10.1145/289423.289440
[5]
Thomas Bourgeat, Ian Clester, Andres Erbsen, Samuel Gruetter, Pratap Singh, Andy Wright, and Adam Chlipala. 2023. A RISC-V Formal Semantics in Haskell. https://doi.org/10.5281/zenodo.7992509
[6]
Robert S. Boyer and J Strother Moore. 2002. Single-Threaded Objects in ACL2. In Practical Aspects of Declarative Languages, Gerhard Goos, Juris Hartmanis, Jan Van Leeuwen, Shriram Krishnamurthi, and C. R. Ramakrishnan (Eds.). 2257, Springer Berlin Heidelberg, Berlin, Heidelberg. 9–27. isbn:978-3-540-43092-6 978-3-540-45587-5 https://link.springer.com/10.1007/3-540-45587-6_3
[7]
Joachim Breitner, Antal Spector-Zabusky, Yao Li, Christine Rizkallah, John Wiegley, and Stephanie Weirich. 2018. Ready, Set, Verify! Applying Hs-to-Coq to Real-World Haskell Code (Experience Report). Proceedings of the ACM on Programming Languages, 2, ICFP (2018), July, 89:1–89:16. https://doi.org/10.1145/3236784
[8]
Andres Erbsen. 2022. An End-to-End Verified Garage-Door Opener. https://github.com/mit-plv/fiat-crypto/blob/master/src/Bedrock/End2End/X25519/GarageDoor.v
[9]
Andres Erbsen, Samuel Gruetter, Joonwon Choi, Clark Wood, and Adam Chlipala. 2021. Integration Verification Across Software and Hardware for a Simple Embedded System. PLDI’21, https://doi.org/10.1145/3453483.3454065
[10]
Shaked Flur, Luc Maranget, and Peter Sewell. 2019. Litmus Test for the RISC-V Memory Model. https://github.com/litmus-tests/litmus-tests-riscv
[11]
Anthony Fox. 2012. Directions in ISA Specification. In Interactive Theorem Proving, Lennart Beringer and Amy Felty (Eds.) (Lecture Notes in Computer Science). Springer, Berlin, Heidelberg. 338–344. isbn:978-3-642-32347-8 https://doi.org/10.1007/978-3-642-32347-8_23
[12]
Anthony Fox, Magnus O. Myreen, Yong Kiam Tan, and Ramana Kumar. 2017. Verified Compilation of CakeML to Multiple Machine-Code Targets. In Proceedings of the 6th ACM SIGPLAN Conference on Certified Programs and Proofs (CPP 2017). Association for Computing Machinery, New York, NY, USA. 125–137. isbn:978-1-4503-4705-1 https://doi.org/10.1145/3018610.3018621
[13]
Anthony C. J. Fox and Magnus O. Myreen. 2010. A Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture. In Interactive Theorem Proving (ITP), Matt Kaufmann and Lawrence C. Paulson (Eds.). Springer, 243–258.
[14]
Shilpi Goel. 2016. Formal Verification of Application and System Programs Based on a Validated X86 ISA Model. University of Texas at Austin. https://repositories.lib.utexas.edu/handle/2152/46437
[15]
Shilpi Goel and Warren A. Hunt. 2013. Automated Code Proofs on a Formal Model of the X86. In Verified Software: Theories, Tools, Experiments, Ernie Cohen and Andrey Rybalchenko (Eds.) (Lecture Notes in Computer Science). Springer, Berlin, Heidelberg. 222–241. isbn:978-3-642-54108-7 https://doi.org/10.1007/978-3-642-54108-7_12
[16]
Samuel Gruetter. 2021. A Model of an OpenTitan Root-of-Trust System Running Hardware Accelerators and Their C/Bedrock2 Device Drivers. https://github.com/project-oak/silveroak/blob/main/firmware/RiscvMachineWithCavaDevice/Bedrock2ToCava.v
[17]
Samuel Gruetter, Thomas Bourgeat, and Adam Chlipala. 2023. Proving That a System with Software Trap Handlers for Unimplemented Instructions Behaves as If They Were Implemented in Hardware. https://samuelgruetter.net/assets/softmul.pdf
[18]
Hrutvik Kanabar, Anthony C. J. Fox, and Magnus O. Myreen. 2022. Taming an Authoritative Armv8 ISA Specification: L3 Validation and CakeML Compiler Verification. In 13th International Conference on Interactive Theorem Proving (ITP 2022), June Andronick and Leonardo de Moura (Eds.) (Leibniz International Proceedings in Informatics (LIPIcs), Vol. 237). Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl, Germany. 20:1–20:22. isbn:978-3-95977-252-5 https://doi.org/10.4230/LIPIcs.ITP.2022.20
[19]
Oleg Kiselyov and Hiromi Ishii. 2015. Freer Monads, More Extensible Effects. In Proceedings of the 2015 ACM SIGPLAN Symposium on Haskell. ACM, Vancouver BC Canada. 94–105. isbn:978-1-4503-3808-0 https://doi.org/10.1145/2804302.2804319
[20]
Michalis Kokologiannakis and Viktor Vafeiadis. 2020. HMC: Model Checking for Hardware Memory Models. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, Lausanne Switzerland. 1157–1171. isbn:978-1-4503-7102-5 https://doi.org/10.1145/3373376.3378480
[21]
Sheng Liang, Paul Hudak, and Mark Jones. 1995. Monad Transformers and Modular Interpreters. In In Proceedings of the 22nd ACM Symposium on Principles of Programming Languages.
[22]
Andreas Lööw, Ramana Kumar, Yong Kiam Tan, Magnus O Myreen, Michael Norrish, Oskar Abrahamsson, and Anthony Fox. 2019. Verified Compilation on a Verified Processor. PLDI’19, 13.
[23]
Daniel Lustig. 2018. A Formalization of the RVWMO (RISC-V) Memory Model. https://github.com/daniellustig/riscv-memory-model
[24]
Prashanth Mundkur, Rishiyur Nikhil, Jon French, Brian Campbell, Robert Norton, Alasdair Armstrong, Thomas Bauereiss, Shaked Flur, Christopher Pulte, and Peter Sewell. 2020. Sail RISC-V Model. https://github.com/rems-project/sail-riscv
[25]
QBayLogic. 2020. Clash. https://clash-lang.org/
[26]
Alastair Reid. 2016. Trustworthy Specifications of ARM® V8-A and v8-M System Level Architecture. In 2016 Formal Methods in Computer-Aided Design (FMCAD). 161–168. https://doi.org/10.1109/FMCAD.2016.7886675
[27]
Michael Sammler, Angus Hammond, Rodolphe Lepigre, Brian Campbell, Jean Pichon-Pharabod, Derek Dreyer, Deepak Garg, and Peter Sewell. 2022. Islaris: Verification of Machine Code against Authoritative ISA Semantics. In Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI 2022). Association for Computing Machinery, New York, NY, USA. 825–840. isbn:978-1-4503-9265-5 https://doi.org/10.1145/3519939.3523434
[28]
Philip Wadler. 1992. The Essence of Functional Programming. In Proceedings of the 19th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’92). Association for Computing Machinery, New York, NY, USA. 1–14. isbn:978-0-89791-453-6 https://doi.org/10.1145/143165.143169
[29]
P. Wadler and S. Blott. 1989. How to Make Ad-Hoc Polymorphism Less Ad Hoc. In Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’89). Association for Computing Machinery, New York, NY, USA. 60–76. isbn:978-0-89791-294-5 https://doi.org/10.1145/75277.75283
[30]
2019. The RISC-V Instruction Set Manual, Volume I: User-Level ISA, Document Version 20191213. RISC-V Foundation, Dec., https://riscv.org/technical/specifications/
[31]
2019. The RISC-V Instruction Set Manual, Volume II: Privileged Architecture, Document Version 20190608-Priv-MSU-Ratified. RISC-V Foundation, June, https://riscv.org/technical/specifications/
[32]
Markus Wenzel. 1997. Type Classes and Overloading in Higher-Order Logic. In Proceedings of the 10th International Conference on Theorem Proving in Higher Order Logics (TPHOLs ’97). Springer-Verlag, Berlin, Heidelberg. 307–322. isbn:3-540-63379-0
[33]
Claire Wolf. 2018. RISC-V Formal Verification Framework. Symbiotic EDA. https://github.com/SymbioticEDA/riscv-formal
[34]
Li-yao Xia, Yannick Zakowski, Paul He, Chung-Kil Hur, Gregory Malecha, Benjamin C. Pierce, and Steve Zdancewic. 2020. Interaction Trees: Representing Recursive and Impure Programs in Coq. Proc. ACM Program. Lang., 4, POPL (2020), 51:1–51:32. https://doi.org/10.1145/3371119

Cited By

View all
  • (2024)Foundational Integration Verification of a Cryptographic ServerProceedings of the ACM on Programming Languages10.1145/36564468:PLDI(1704-1729)Online publication date: 20-Jun-2024

Index Terms

  1. Flexible Instruction-Set Semantics via Abstract Monads (Experience Report)
            Index terms have been assigned to the content through auto-classification.

            Recommendations

            Comments

            Information & Contributors

            Information

            Published In

            cover image Proceedings of the ACM on Programming Languages
            Proceedings of the ACM on Programming Languages  Volume 7, Issue ICFP
            August 2023
            981 pages
            EISSN:2475-1421
            DOI:10.1145/3554311
            Issue’s Table of Contents
            This work is licensed under a Creative Commons Attribution 4.0 International License.

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            Published: 31 August 2023
            Published in PACMPL Volume 7, Issue ICFP

            Permissions

            Request permissions for this article.

            Check for updates

            Badges

            Author Tags

            1. instruction-set semantics
            2. interactive proof assistants
            3. type classes

            Qualifiers

            • Research-article

            Funding Sources

            Contributors

            Other Metrics

            Bibliometrics & Citations

            Bibliometrics

            Article Metrics

            • Downloads (Last 12 months)359
            • Downloads (Last 6 weeks)38
            Reflects downloads up to 30 Nov 2024

            Other Metrics

            Citations

            Cited By

            View all
            • (2024)Foundational Integration Verification of a Cryptographic ServerProceedings of the ACM on Programming Languages10.1145/36564468:PLDI(1704-1729)Online publication date: 20-Jun-2024

            View Options

            View options

            PDF

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader

            Login options

            Full Access

            Media

            Figures

            Other

            Tables

            Share

            Share

            Share this Publication link

            Share on social media