adding 32 bit mode to the acl2 model of the x86 isa
play

Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro - PowerPoint PPT Presentation

May 30, 2023 •183 likes •437 views

Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro Coglio Shilpi Goel Kestrel Centaur Technology Technology Workshop 2018 x86 Modes of Operation larger addresses and operands, memory management, simplified memory management

  1. Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro Coglio Shilpi Goel Kestrel Centaur Technology Technology Workshop 2018

  2. x86 Modes of Operation larger addresses and operands, memory management, simplified memory management privilege levels, IA-32e Mode ‘32-bit mode’ power on Real-Address Protected Compatibility 64-bit or reset Mode Mode (Sub-)Mode (Sub-)Mode no memory management, emulates 32-bit mode limited address space from/to all the other modes Virtual-8086 Mode emulates real-address mode, System Management very legacy Mode run firmware for special uses

  3. Memory Management instructions use the bus uses logical addresses physical addresses Logical Address Segmentation Paging Linear Address Physical Address Segment E ff ective Selector Address

  4. Segmentation machine registers CS (default), SS, DS, ES, FS, and GS Logical Address Hidden Segment E ff ective Part Selector Address cached part of the selector holding information from index(selector) the corresponding points to the points to the descriptor Linear descriptor address inside Address the segment Segment Descriptor points to the base of the segment Descriptor points to the base Segment Table of the descriptor table Global or Local Descriptor Table Register table_indicator(selector) points to the appropriate register

  5. Memory Management instructions use the bus uses logical addresses physical addresses Logical Address Segmentation Paging Linear Address Physical Address Segment E ff ective Selector Address

  6. IA-32e Paging (4K Pages) Linear Address PML4 Dir. Ptr. Dir. Table O ff set o ff set points to the address and so on… inside the page PDE PTE Physical Address first few bits of the last entry linear address points to the PDPTE point to an entry, 4K Page base of a page PML4E, in this structure PML4E points to the next structure PML4E in the hierarchy control register CR3 points to the base of the first paging CR3 data structure

  7. Memory Management visible to system code but not to application code 32-bit mode uses full segmentation and paging (with di ff erent paging modes than the one shown) Logical Address Segmentation Paging Linear Address Physical Address Segment E ff ective Selector Address 64-bit mode uses full paging (the one shown), visible to system code but very limited segmentation (just FS and GS) and to application code

  8. X86ISA: The ACL2 Formal Model of the x86 ISA • Number of instructions: 413 (e.g., arithmetic, floating- point, control-flow, some system-mode opcodes). - See :doc x86isa::implemented-opcodes . • Simulation speed in instructions/second: - Application programs: ~3.3 million. - System programs: ~320,000 (with 1G paging). • Some 64-bit programs verified using X86ISA: - Application programs: bit count, word count, array copy. - System program: zero copy. All measurements done on an Intel Xeon E31280 CPU @ 3.50GHz with 32GB RAM.

  9. X86ISA: Overview model-specific regs byte-addressable fields x86 state env mem (stobj) ms flags view interface to xr rb wb xw the x86 state x86 read x86 write read mem bytes write mem bytes instruction ADD SUB MUL MOV PUSH POP semantic … … functions (step x86) fetch, decode, & (run n x86) execute one instruction

  10. X86ISA: Views Modes of Operation of the Model (NOT of the Processor) Application View System View • Lowest level of memory address: • Lowest level of memory address: linear address . physical address . - User-level segmentation visible. - Full access to segmentation Access only to segment selector and paging data structures. and its hidden part; none to • Necessary level of operation for segmentation data structures. verification of system programs. - Paging abstracted away. • Suitable level of abstraction for verification of application programs. Logical Address Segmentation Paging Linear Address Physical Address Segment E ff ective Selector Address

  11. Coverage of the Model after the work in this paper (application view only in 32-bit mode: no paging yet) (no floating point instructions before the work in 32-bit more yet either) in this paper IA-32e Mode Real-Address Protected Compatibility 64-bit Mode (Sub-)Mode (32-bit) Mode (Sub-)Mode Virtual-8086 Mode System Management Mode

  12. Challenges of Extending the Model to 32-bit Mode • Much more than generalizing the sizes of operands and addresses manipulated by instructions. • Memory accesses are more complicated in 32-bit mode. • Add full (application-visible) segmentation. • Make small, incremental changes. • Keep all existing proofs working — guards, return types, 64-bit programs.

  13. Distinguish between Effective and Linear Addresses they had to be separated in the 64/32-bit model Logical Address Segmentation Paging Segment E ff ective Linear Address Physical Address Selector Address they were essentially the same in the 64-bit model (except for adding FS/GS.base as needed)

  14. Add Mode Discrimination 64-bit model 64/32-bit model (defun 64-bit-modep (x86) (defun 64-bit-modep (x86) t) ;; return T iff ;; IA32_EFER.LMA = 1 ;; and CS.D = 1 ) predicate to check whether the current mode is 64-bit modify definition to check for (always true, rarely called) IA-32e mode (1st condition) and 64-bit sub-mode (2nd condition) IA-32e Mode Real-Address Protected Compatibility 64-bit Mode (Sub-)Mode (32-bit) Mode (Sub-)Mode

  15. Add Temporary Wrappers in Top-Level Instruction Dispatch 64-bit model 64/32-bit model ;; fetch and decode... ;; fetch and decode... ;; dispatch: ;; dispatch: (case opcode (case opcode (#x00 (execute-00 x86)) (#x00 (if (64-bit-modep x86) (#x01 (execute-01 x86)) (execute-00 x86) ...) <throw-error>) (#x01 (if (64-bit-modep x86) (execute-01 x86) <throw-error>)) ...) simplified version of the actual code return ‘unimplemented error’ initially; remove wrappers as each execute-XX is extended to work in 32-bit mode

  16. Add Translation from Logical to Linear Address 64-bit model 64/32-bit model (defun la-to-pa (lin-addr r-w-x x86) (defun la-to-pa ...) ;; unchanged ;; use paging (shown before) ) (defun ea-to-la (eff-addr seg-reg x86) ;; use segmentation (shown before): ;; retrieve segment base and bounds ;; (handle expand-down segments) ;; and add effective address to base ) translate linear address to physical address translate e ff ective address, in the context of segment, to linear address Logical Address Segmentation Paging Segment E ff ective Linear Address Physical Address Selector Address

  17. Add New Top-Level Memory Access Functions 64-bit model 64/32-bit model (defun rm08 (lin-addr ...) ...) ;; unchanged but renamed: (defun rm16 (lin-addr ...) ...) (defun rml08 (lin-addr ...) ...) ... (defun wml08 (lin-addr ...) ...) (defun wm08 (lin-addr ...) ...) ... (defun wm16 (lin-addr ...) ...) ... ;; new: (defun rme08 (eff—addr ...) ...) (defun wme08 (eff-addr ...) ...) ... read & write via linear address (paging in system view; read & write via e ff ective address “direct” in application view) (call ea-to-la and then call rml08 , wml08 , …) Logical Address Segmentation Paging Segment E ff ective Linear Address Physical Address Selector Address

  18. Extend Instruction Fetching 64-bit model 64/32-bit model ;; read instruction pointer from RIP: ;; read instr. pointer from RIP/EIP/IP: rip := (rip x86) ;; 48-bit (canonical) *ip := (read-*ip x86) ;; 48/32/16-bit artistic license stobj field reader new function ;; read instruction (via lin. addr.): ;; read instruction (via eff. addr.): opcode := (rml08 rip ...) ;; etc. opcode := (rme08 *ip ...) ;; etc. ;; increment instruction pointer: ;; increment instruction pointer: new-*ip := (add-to-*ip *ip delta x86) new-rip := (+ rip delta) ;; if new-rip not canonical then fault new function (includes canonical and segment checks) ;; write instruction pointer to RIP: ;; write instr. pointer to RIP/EIP/IP: x86 := (!rip new-rip x86) x86 := (write-*ip new-*ip x86) stobj field writer new function

  19. Other Infrastructural Extensions • Generalize stack manipulation analogously to instruction fetching. • Add 16-bit addressing modes — for e ff ective address calculation (base, index, scale, displacement, …). • Generalize the functions to read/write memory operands. - Use e ff ective addresses instead of linear addresses. - Handle segment defaults and override prefixes. - Use 32-bit or 16-bit addressing modes. • No changes to the x86 stobj were needed.

  20. Instruction Extensions • Comparatively easy, after all the previous infrastructural extensions were in place. • Extend one instruction at a time, removing each 64-bit-modep wrapper in the top-level instruction dispatch. • Generalize determination of operand, address, and stack size. • No changes to existing core arithmetic and logical functions, which already handled operands of di ff erent sizes. • Call the new or extended functions to read & write stack, immediate, and (other) memory operands. • Slightly better code factoring as a byproduct (e.g. alignment checks).

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro Coglio Shilpi Goel Kestrel

Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro Coglio Shilpi Goel Kestrel

Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro Coglio Shilpi Goel Kestrel Centaur Technology Technology Workshop 2018 x86 Modes of Operation x86 Modes of Operation power on Real-Address or reset Mode no memory management,

2.01k views • 137 slides
Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon Austel IBM IBM Outline Outline What a typed ACL2 might look like Vague proposal concerning how to change ACL2 to allow experimentation with type

873 views • 19 slides
Consistently Adding Primitive Recursive Definitions in ACL2 by John Cowles University of

Consistently Adding Primitive Recursive Definitions in ACL2 by John Cowles University of

Consistently Adding Primitive Recursive Definitions in ACL2 by John Cowles University of Wyoming 1 defpun A macro for consistently introducing partial functions into CAL2. Described in Pete &amp; Js paper, Partial Functions in ACL2

295 views • 27 slides
ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya http://staff.computing.dundee.ac.uk/katya/acl2ml/ 12 July 2014 ACL214 J. Heras ACL2(ml): Machine-Learning for ACL2 1/23 Outline Some Challenges in ACL2 1 An overview of

871 views • 56 slides
Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu Northeastern University Boston, MA, USA 1 ACL2 2 ACL2 Formal verification based on pure, first-order Common Lisp. Used to model critical

909 views • 61 slides
Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle ACL2 Workshop Presentation July 14, 2003 Outline Motivation and Goals Technical Background Comments on Our Work Issues and

609 views • 31 slides
GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification

GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification

GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification Inductive invariants are easy to prove Provable by SAT for finite state machines In ACL2, can use GL. Downsides:

596 views • 12 slides
Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming Introduction ACL2 ( r ) is a variant of ACL2 that supports the irrational numbers It is distributed with the ACL2 sources The foundations of ACL2

479 views • 29 slides
Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2 Workshop, FLoC, Seattle, August 16, 2006 1 Introduction ACL2 provides a powerful congruence-based rewriting capability. However, some have

537 views • 19 slides
Memory CS Basics Introduction: memory? 3) Memory Real mode flat model Registers

Memory CS Basics Introduction: memory? 3) Memory Real mode flat model Registers

Memory CS Basics Introduction: memory? 3) Memory Real mode flat model Registers Emmanuel Benoist Fall Term 2016-17 The three assembly programming models Real Mode Flat Model Real Mode Segmented Model Protected Mode Flat

301 views • 12 slides
How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1 Introduction (1) ACL2 Version 3.5 was released in May, 2009. Release note items (see :DOC release-notes) since then: (+ 41 ; 3.6 (8/2009) 3 ;

622 views • 49 slides
Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a logic of total functions. Some recursive equations have no satisfying ACL2 functions: No ACL2 function g satisfies this recursive equation

518 views • 35 slides
1 Miniature Mode Estimation Example ACS Subsystem GHe Pressure Transducer (S) Model

1 Miniature Mode Estimation Example ACS Subsystem GHe Pressure Transducer (S) Model

Outline Motivation Previous Mode Estimation Approaches Example ACS System Improving Model-based Mode Estimation Miniature Mode Estimation System Through Offline Compilation Rule-based system comparison Conclusions

495 views • 4 slides
A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro Coglio Kestrel Institute Workshop 2018 ATJ Java code generator for ACL2 (ACL2 To Java) based on AIJ deep embedding of ACL2 in Java (ACL2 In Java)

901 views • 38 slides
Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop 2018 This talk is for hint abusers This might be you if: You cant be bothered to figure out a good rewriting strategy You just dont know

541 views • 30 slides
DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August 16, 2006 1 Undergraduate Software Engineering Page teaches two SE courses at Oklahoma U. Covers usual topics - specification, documentation,

557 views • 51 slides
Analyzing the Traits and Anomalies of Political Discussions on Reddit Anna Guimar aes, Oana

Analyzing the Traits and Anomalies of Political Discussions on Reddit Anna Guimar aes, Oana

Analyzing the Traits and Anomalies of Political Discussions on Reddit Anna Guimar aes, Oana Balalau, Erisa Terolli, Gerhard Weikum Max Planck Institute for Informatics June 14, 2019 Posted by u/NovelGrass 47.9k New Filipino law requires

848 views • 25 slides
Processes pid = 1000 pid = 1001 stack stack heap heap data/globals data/globals code code

Processes pid = 1000 pid = 1001 stack stack heap heap data/globals data/globals code code

Processes pid = 1000 pid = 1001 stack stack heap heap data/globals data/globals code code file descriptor table: file descriptor table: 1 2 3 1 2 3 saved registers: saved registers: %rax %rbx %rcx %rax %rbx %rcx

715 views • 7 slides
Control flow (1) Condition codes Conditional and unconditional jumps Loops Conditional moves

Control flow (1) Condition codes Conditional and unconditional jumps Loops Conditional moves

Control flow (1) Condition codes Conditional and unconditional jumps Loops Conditional moves Switch statements 1 Conditionals and Control Flow Two key pieces 1. Comparisons and tests: check conditions 2. Transfer control: choose next

482 views • 37 slides
#include &lt;ctype.h&gt; // tolower #include &lt;string.h&gt; // strcmp sfp main() #include

#include &lt;ctype.h&gt; // tolower #include &lt;string.h&gt; // strcmp sfp main() #include

#include &lt;ctype.h&gt; // tolower #include &lt;string.h&gt; // strcmp sfp main() #include &lt;stdio.h&gt; // fgets, fputs void reveal_secret() login { fputs(&quot;SUPER SECRET = 42\n&quot;, stdout); } login int verify(const char*

438 views • 17 slides
Deep Networks? Bo Xin 1,2 , Yizhou Wang 1 , Wen Gao 1 and David Wipf 2 1 Peking University 2

Deep Networks? Bo Xin 1,2 , Yizhou Wang 1 , Wen Gao 1 and David Wipf 2 1 Peking University 2

Maximal Sparsity with Deep Networks? Bo Xin 1,2 , Yizhou Wang 1 , Wen Gao 1 and David Wipf 2 1 Peking University 2 Microsoft Research, Beijing Outline Background and motivation Unfolding iterative algorithms Theoretical analysis

367 views • 32 slides
Distance vector protocols Distance Vector routing principles Routing loops and countermeasures to

Distance vector protocols Distance Vector routing principles Routing loops and countermeasures to

Distance vector protocols Distance Vector routing principles Routing loops and countermeasures to loops Bellman-Ford algorithm RIP, RIP-2 DV-1 S-38.2121 / Fall-06 / RKa, NB Distance Vector Routing Principles DV-2 S-38.2121 / Fall-06 / RKa,

562 views • 31 slides
Android App Anatomy Eric Burke Square @burke_eric Topics Android lifecycle Fragments

Android App Anatomy Eric Burke Square @burke_eric Topics Android lifecycle Fragments

Android App Anatomy Eric Burke Square @burke_eric Topics Android lifecycle Fragments Open source Tape Otto Dagger ActionBarSherlock Android Design on every device. Lifecycle Install Apps Run Forever Uninstall

844 views • 82 slides
The Case for Cooperative Kernel Threads Yanjin Zhu (student) Leonid Ryzhyk (student) Peter Chubb

The Case for Cooperative Kernel Threads Yanjin Zhu (student) Leonid Ryzhyk (student) Peter Chubb

The Case for Cooperative Kernel Threads Yanjin Zhu (student) Leonid Ryzhyk (student) Peter Chubb Ihor Kuz Gernot Heiser NICTA, University of New South Wales, Open Kernel Labs Preemptive Kernel Threads Most OS kernels are multithreaded

231 views • 5 slides

More recommend