Trustworthy specifications of ARM® v8-A and v8-M system level architecture

A. Reid
{"title":"Trustworthy specifications of ARM® v8-A and v8-M system level architecture","authors":"A. Reid","doi":"10.1109/FMCAD.2016.7886675","DOIUrl":null,"url":null,"abstract":"Processor specifications are of critical importance for verifying programs, compilers, operating systems/hypervisors, and, of course, for verifying microprocessors themselves. But to be useful, the scope of these specifications must be sufficient for the task, the specification must be applicable to processors of interest and the specification must be trustworthy. This paper describes a 5 year project to change ARM's existing architecture specification process so that machine-readable, executable specifications can be automatically generated from the same materials used to generate ARM's conventional architecture documentation. We have developed executable specifications of both ARM's A-class and M-class processor architectures that are complete enough and trustworthy enough that we have used them to formally verify ARM processors using bounded model checking. In particular, our specifications include the semantics of the most security sensitive parts of the processor: the memory and register protection mechanisms and the exception mechanisms that trigger transitions between different modes. Most importantly, we have applied a diverse set of methods including ARM's internal processor test suites to improve our trust in the specification using many other expressions of the architectural specification such as ARM's simulators, testsuites and processors to defend against common-mode failure. In the process, we have also found bugs in all those artifacts: testing specifications is very much a two-way street. While there have been previous specifications of ARM processors, their scope has excluded the system architecture, their applicability has excluded newer processors and M-class, and their trustworthiness has not been established as thoroughly. Our focus has been on enabling the formal verification of ARM processors but, recognising the value of this specification for verifying software, we are currently preparing a public release of the machine-readable specification.","PeriodicalId":6479,"journal":{"name":"2016 Formal Methods in Computer-Aided Design (FMCAD)","volume":"22 1","pages":"161-168"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"70","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 Formal Methods in Computer-Aided Design (FMCAD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FMCAD.2016.7886675","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 70

Abstract

Processor specifications are of critical importance for verifying programs, compilers, operating systems/hypervisors, and, of course, for verifying microprocessors themselves. But to be useful, the scope of these specifications must be sufficient for the task, the specification must be applicable to processors of interest and the specification must be trustworthy. This paper describes a 5 year project to change ARM's existing architecture specification process so that machine-readable, executable specifications can be automatically generated from the same materials used to generate ARM's conventional architecture documentation. We have developed executable specifications of both ARM's A-class and M-class processor architectures that are complete enough and trustworthy enough that we have used them to formally verify ARM processors using bounded model checking. In particular, our specifications include the semantics of the most security sensitive parts of the processor: the memory and register protection mechanisms and the exception mechanisms that trigger transitions between different modes. Most importantly, we have applied a diverse set of methods including ARM's internal processor test suites to improve our trust in the specification using many other expressions of the architectural specification such as ARM's simulators, testsuites and processors to defend against common-mode failure. In the process, we have also found bugs in all those artifacts: testing specifications is very much a two-way street. While there have been previous specifications of ARM processors, their scope has excluded the system architecture, their applicability has excluded newer processors and M-class, and their trustworthiness has not been established as thoroughly. Our focus has been on enabling the formal verification of ARM processors but, recognising the value of this specification for verifying software, we are currently preparing a public release of the machine-readable specification.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
ARM®v8-A和v8-M系统级架构的可靠规格
处理器规范对于验证程序、编译器、操作系统/管理程序,当然还有验证微处理器本身,都是至关重要的。但是要发挥作用,这些规范的范围必须足以完成任务,规范必须适用于感兴趣的处理器,并且规范必须值得信赖。本文描述了一个为期5年的项目,该项目旨在改变ARM现有的体系结构规范流程,使机器可读、可执行的规范可以从用于生成ARM传统体系结构文档的相同材料中自动生成。我们已经开发了ARM a类和m类处理器架构的可执行规范,这些规范足够完整和可信,我们已经使用它们来使用有界模型检查正式验证ARM处理器。特别是,我们的规范包括处理器中最安全敏感部分的语义:内存和寄存器保护机制以及触发不同模式之间转换的异常机制。最重要的是,我们已经应用了多种方法,包括ARM的内部处理器测试套件,以提高我们对规范的信任,使用许多架构规范的其他表达,如ARM的模拟器、测试套件和处理器来防御共模故障。在这个过程中,我们还发现了所有这些工件中的错误:测试规范是一条双向的道路。虽然之前有ARM处理器的规范,但它们的范围排除了系统架构,它们的适用性排除了较新的处理器和m类,并且它们的可信度没有完全建立起来。我们的重点是实现ARM处理器的正式验证,但是,认识到该规范对验证软件的价值,我们目前正在准备公开发布机器可读规范。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
The FMCAD 2022 Student Forum How Testable is Business Software? The FMCAD 2020 Student Forum From Correctness to High Quality Concurrent Chaining Hash Maps for Software Model Checking
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1