First steps towards the certification of an ARM simulator using Compcert
This work addresses the need for certified simulators in low-consumption CPU design, but it is incremental as it builds on existing formal methods like Coq and Compcert.
The authors tackled the problem of ensuring the faithfulness of an ARM simulator (SimSoC) for Systems-on-Chip by proving that its simulation of ARM operations conforms to a formal Coq model of the ARM architecture, using Compcert-C for formal semantics, though it remains a long-term project with no concrete numerical results reported.
The simulation of Systems-on-Chip (SoC) is nowadays a hot topic because, beyond providing many debugging facilities, it allows the development of dedicated software before the hardware is available. Low-consumption CPUs such as ARM play a central role in SoC. However, the effectiveness of simulation depends on the faithfulness of the simulator. To this effect, we propose here to prove significant parts of such a simulator, SimSoC. Basically, on one hand, we develop a Coq formal model of the ARM architecture while on the other hand, we consider a version of the simulator including components written in Compcert-C. Then we prove that the simulation of ARM operations, according to Compcert-C formal semantics, conforms to the expected formal model of ARM. Size issues are partly dealt with using automatic generation of significant parts of the Coq model and of SimSoC from the official textual definition of ARM. However, this is still a long-term project. We report here the current stage of our efforts and discuss in particular the use of Compcert-C in this framework.