Skip to main content
SpringerLink
Log in

Physical Addressing on Real Hardware in Isabelle/HOL

  • Conference paper
  • First Online:
Interactive Theorem Proving (ITP 2018)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10895))

Included in the following conference series:

Abstract

Modern computing platforms are inherently complex and diverse: a heterogeneous collection of cores, interconnects, programmable memory translation units, and devices means that there is no single physical address space, and each core or DMA device may see other devices at different physical addresses. This is a problem because correct operation of system software relies on correct configuration of these interconnects, and current operating systems (and associated formal specifications) make assumptions about global physical addresses which do not hold. We present a formal model in Isabelle/HOL to express this complex addressing hardware that captures the intricacies of different real platforms or Systems-on-Chip (SoCs), and demonstrate its expressivity by showing, as an example, the impossibility of correctly configuring a MIPS R4600 TLB as specified in its documentation. Such a model not only facilitates proofs about hardware, but is used to generate correct code at compile time and device configuration at runtime in the Barrelfish research OS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Note that this defines only the decoding relation i.e. the set of (name, address) pairs. We only need to show termination once we reformulate it as a recursive function: relations in Isabelle/HOL need only be well-founded if used in a recursive definition (or equivalent).

  2. 2.

    See definition view_eq in Equivalence.thy in the attached sources.

  3. 3.

    \(f(x\mathop {:=}y)\) is Isabelle/HOL syntax for the function f updated at x with value y.

  4. 4.

    We can only speculate as to the writer’s intent here. One reason for such a restriction would be speculative execution: The CPU might speculatively cause a TLB lookup on an address that it never actually computes. The results would be discarded, but the damage would be done.

References

  1. Achermann, R.: Message passing and bulk transport on heterogenous multiprocessors. Master’s thesis, Department of Computer Science, ETH Zurich, Switzerland (2017)

    Google Scholar 

  2. Achermann, R., Cock, D., Humebl, L.: Hardware Models in Isabelle/HOL, January 2018. https://github.com/BarrelfishOS/Isabelle-hardware-models

  3. Achermann, R., Humbel, L., Cock, D., Roscoe, T.: Formalizing memory accesses and interrupts. In: Proceedings of the 2nd Workshop on Models for Formal Analysis of Real Systems, MARS 2017, pp. 66–116 (2017)

    Google Scholar 

  4. Alglave, J.: A formal hierarchy of weak memory models. Form. Methods Syst. Des. 41(2), 178–210 (2012)

    Article  Google Scholar 

  5. The Barrelfish Operating System. https://www.barrelfish.org

  6. Beyer, S., Jacobi, C., Kröning, D., Leinenbach, D., Paul, W.J.: Putting it all together – formal verification of the VAMP. Int. J. Softw. Tools Technol. Transf. 8(4), 411–430 (2006)

    Article  Google Scholar 

  7. Bishop, M.K., Brock, C., Hunt, W.A.: The FM9001 Microprocessor Proof. Technical report 86, Computational Logic Inc. (1994)

    Google Scholar 

  8. devicetree.org: Devicetree Specification, May 2016. Release 0.1. http://www.devicetree.org/specifications-pdf

  9. Flur, S., Gray, K.E., Pulte, C., Sarkar, S., Sezgin, A., Maranget, L., Deacon, W., Sewell, P.: Modelling the ARMv8 architecture, operationally: concurrency and ISA. In: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2016, pp. 608–621. ACM, St. Petersburg (2016)

    Google Scholar 

  10. Fox, A., Myreen, M.O.: A trustworthy monadic formalization of the ARMv7 instruction set architecture. In: Kaufmann, M., Paulson, L.C. (eds.) ITP 2010. LNCS, vol. 6172, pp. 243–258. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14052-5_18

    Chapter  Google Scholar 

  11. Gerber, S., Zellweger, G., Achermann, R., Kourtis, K., Roscoe, T., Milojicic, D.: Not your parents’ physical address space. In: Proceedings of the 15th USENIX Conference on Hot Topics in Operating Systems, HOTOS 2015, p. 16 (2015)

    Google Scholar 

  12. Gu, R., Shao, Z., Chen, H., Wu, X., Kim, J., Sjöberg, V., Costanzo, D.: CertiKOS: an extensible architecture for building certified concurrent OS kernels. In: Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, OSDI 2016, pp. 653–669. USENIX Association, Savannah (2016)

    Google Scholar 

  13. Hunt, W.A., Kaufmann, M., Moore, J.S., Slobodova, A.: Industrial hardware and software verification with ACL2. Phil. Trans. R. Soc. A 375(2104), 20150399 (2017)

    Article  Google Scholar 

  14. Integrated Device Technology, Inc.: IDT79R4600 TM and IDT79R4700 TM RISC Processor Hardware User’s Manual, revision 2.0 edition, April 1995

    Google Scholar 

  15. Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: formal verification of an OS kernel. In: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, SOSP 2009, pp. 207–220. ACM, Big Sky (2009)

    Google Scholar 

  16. Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., Yarom, Y.: Spectre Attacks: Exploiting Speculative Execution. ArXiv e-prints, January 2018

    Google Scholar 

  17. Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin, D., Yarom, Y., Hamburg, M.: Meltdown. ArXiv e-prints, January 2018

    Google Scholar 

  18. T.B. Project: Sockeye in Barrelfish

    Google Scholar 

  19. Reid, A.: Trustworthy specifications of ARM V8-A and V8-M system level architecture. In: FMCAD 2016, pp. 161–168. FMCAD Inc., Austin (2016)

    Google Scholar 

  20. Schwyn, D.: Hardware configuration with dynamically-queried formal models. Master’s thesis, Department of Computer Science, ETH Zurich, Switzerland (2017)

    Google Scholar 

  21. Texas Instruments: OMAP44xx Multimedia Device Technical Reference Manual, April 2014. Version AB. www.ti.com/lit/ug/swpu235ab/swpu235ab.pdf

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, ETH Zurich, Zürich, Switzerland

    Reto Achermann, Lukas Humbel, David Cock & Timothy Roscoe

Authors
  1. Reto Achermann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lukas Humbel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Cock
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Timothy Roscoe
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Reto Achermann .

Editor information

Editors and Affiliations

  1. Carnegie Mellon University, Pittsburgh, PA, USA

    Jeremy Avigad

  2. Inria, Nantes, France

    Assia Mahboubi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Achermann, R., Humbel, L., Cock, D., Roscoe, T. (2018). Physical Addressing on Real Hardware in Isabelle/HOL. In: Avigad, J., Mahboubi, A. (eds) Interactive Theorem Proving. ITP 2018. Lecture Notes in Computer Science(), vol 10895. Springer, Cham. https://doi.org/10.1007/978-3-319-94821-8_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-94821-8_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-94820-1

  • Online ISBN: 978-3-319-94821-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation