First steps towards the certification of an ARM simulator using Compcert

TL;DR

This paper presents initial efforts to formally verify an ARM simulator, SimSoC, by modeling ARM architecture in Coq and proving its components written in Compcert-C conform to the formal model, enhancing simulation faithfulness.

Contribution

It introduces a formal verification approach for ARM simulators using Coq and Compcert-C, combining formal models with actual simulator components.

Findings

Partial formal verification of ARM simulation components

Automatic generation of formal models from ARM specifications

Discussion of challenges in formal verification of simulators

Abstract

The simulation of Systems-on-Chip (SoC) is nowadays a hot topic because, beyond providing many debugging facilities, it allows the development of dedicated software before the hardware is available. Low-consumption CPUs such as ARM play a central role in SoC. However, the effectiveness of simulation depends on the faithfulness of the simulator. To this effect, we propose here to prove significant parts of such a simulator, SimSoC. Basically, on one hand, we develop a Coq formal model of the ARM architecture while on the other hand, we consider a version of the simulator including components written in Compcert-C. Then we prove that the simulation of ARM operations, according to Compcert-C formal semantics, conforms to the expected formal model of ARM. Size issues are partly dealt with using automatic generation of significant parts of the Coq model and of SimSoC from the official textual definition of ARM. However, this is still a long-term project. We report here the current stage of our efforts and discuss in particular the use of Compcert-C in this framework.