Formal Aspects of Computing

, Volume 23, Issue 1, pp 73–89 | Cite as

Using Event-B to construct instruction set architectures

Original Article


The instruction set architecture (ISA) of a computing machine is the definition of the binary instructions, registers, and memory space visible to an executable binary image. ISAs are typically implemented in hardware as microprocessors, but also in software running on a host processor, i.e. virtual machines (VMs). Despite there being many ISAs in existence, all share a set of core properties which have been tailored to their particular applications. An abstract model may capture these generic properties and be subsequently refined to a particular machine, providing a reusable template for development of robust ISAs by the formal construction of all normal and exception conditions for each instruction. This is a task to which the Event-B (Metayer et al. in Rodin deliverable 3.2 Event-B language,, 2005; Schneider in The B-method an introduction, Palgrave, Basingstoke, 2001) formal notation is well suited. This paper describes a project to use the Rodin tool-set (Abrial in Formal methods and software engineering, Springer, Berlin, 2006) to perform such a process, ultimately producing two variants of the MIDAS (Microprocessor Instruction and Data Abstraction System) ISA (Wright in Abstract state machines, B and Z, Springer, Berlin, 2007; Wright in MIDAS machine specification, Bristol University,, 2009) as VMs. The abstract model is incrementally refined to variant models capable of automatic translation to C source code, which this is compiled to create useable VMs. These are capable of running binary executables compiled from high-level languages such as C (Kernighan and Ritchie in The C programming language, Prentice-Hall, Englewood Cliffs, 1988), and compilers targeted to each variant allow demonstration programs to be executed on them.


Virtual machine Instruction set architecture Formal methods Event-B 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Abr96.
    Abrial J-R (1996) The B-Book: assigning programs to meaningsGoogle Scholar
  2. ABH06.
    Abrial J-R, Butler M, Hallerstede S, Voisin L (2006) An open extensible tool environment for Event-B. In: Formal methods and software engineering. Springer, BerlinGoogle Scholar
  3. AMD07.
    AMD Inc (2007) 128-Bit SSE5 instruction setGoogle Scholar
  4. BCo06.
    B-Core (2006) The B-toolkit user manual. B-Core (UK) LtdGoogle Scholar
  5. Bee97.
    Beer I, Ben-David S (1997) RuleBase: model checking at IBM. CAVGoogle Scholar
  6. BH91.
    Brock B, Hunt W (1991) Report on the formal specification and partial verification of the VIPER microprocessor. In: Proceedings of the sixth annual conference on computer assurance, systems integrity, software safety and process securityGoogle Scholar
  7. But06.
    Butler M (2006) Rodin deliverable D16 prototype plug-in tools.
  8. Cas02.
    Caset L (2002) Formal development of an embedded verifier for Java card byte code. In: International conference on dependable systems and networksGoogle Scholar
  9. Ecl09.
    Eclipse (2009) Eclipse platform homepage.
  10. EB06.
    Evans N, Butler M (2006) A proposal for records in Event-B. In: Formal methods 2006Google Scholar
  11. EG07.
    Evans N, Grant N (2007) Towards the formal verification of a Java processor in Event-B. In: Proceedings of the BAC-FACS refinement workshopGoogle Scholar
  12. Fox03.
    Fox A (2003) Formal specification and verification of ARM6. In: Theorem proving in higher order logics. Springer, BerlinGoogle Scholar
  13. GB90.
    Graham B, Birtwistle G (1990) Formalising the design of an SECD chip. In: Hardware specification, verification and synthesis: mathematical aspects. Springer, BerlinGoogle Scholar
  14. HP03.
    Hennessy J, Patterson D (2003) Computer architecture, a quantitive approach. Morgan Kaufmann, Menlo ParkGoogle Scholar
  15. Hit98.
    Hitachi Ltd (1998) SH7707 hardware manualGoogle Scholar
  16. Hun94.
    Hunt W (1994) FM8501: A verified microprocessor. In: Lecture notes in artificial intelligence subseries of lecture notes in computer science. Springer, BerlinGoogle Scholar
  17. KR88.
    Kernighan B, Ritchie D (1988) The C programming language. Prentice-Hall, Englewood CliffsGoogle Scholar
  18. KN01.
    Klein G, Nipkow T (2001) Verified bytecode verifiers. In: Foundations of software science and computation structures. Springer, BerlinGoogle Scholar
  19. LBSL97.
    Lapsley P, Bier J, Shoham A, Lee E (1997) DSP processor fundamentals. IEEE Press, New YorkMATHCrossRefGoogle Scholar
  20. Lee89.
    Lee E (1989) Programmable DSP processors part I and II. IEEE ASSP Mag Oct 1988, Jan 1989Google Scholar
  21. LB03.
    Leuschel M, Butler M (2003) ProB: a model checker for B. FME 2003. Springer, BerlinGoogle Scholar
  22. LY99.
    Lindholm T, Yellin F (1999) The Java virtual machine specification, 2nd edn.Google Scholar
  23. MAV05.
    Metayer C, Abrial J-R, Voisin L (2005) Rodin deliverable 3.2 Event-B language.
  24. Pat07.
    Patterson D (2007) Computer organization and design: the hardware/software interface. Morgan Kaufmann, Menlo ParkGoogle Scholar
  25. Qia99.
    Qian Z (1999) A formal specification of Java virtual machine instructions for objects, methods and subroutines. In: Formal syntax and semantics of Java. Springer, BerlinGoogle Scholar
  26. SDF03.
    Shavor S, D’Anjou J, Fairbrother S (2003) The Java developer’s guide to eclipse. Addison-Wesley, ReadingGoogle Scholar
  27. She07.
    Sherridan F (2007) Practical testing of a C99 compiler using output comparison. Softw Pract Experience 37(14): 1475–1488CrossRefGoogle Scholar
  28. Spi89.
    Spivey JM (1989) The Z notation: a reference manual. Prentice-Hall, Englewood CliffsMATHGoogle Scholar
  29. SM95.
    Srivas M, Miller S (1995) Formal verification of an avionics microprocessor. Langley Research Center, HamptonGoogle Scholar
  30. Sta01.
    Stallman R (2001) Using and porting the GNU compiler collection. In: Free Software FoundationGoogle Scholar
  31. SSB01.
    Stark R, Schmid J, Borger E (2001) Java and the Java virtual machine. Springer, BerlinGoogle Scholar
  32. UL07.
    Utting M, Legeard B (2007) Practical model-based testing—a tools approach. Morgan Kaufmann, Menlo ParkGoogle Scholar
  33. Wri09/1.
    Wright S (2009) MIDAS machine specification. Bristol University.
  34. Wri09/2.
    Wright S (2009) Automatic generation of C from Event-B. In: Workshop on integration of model-based formal methods and toolsGoogle Scholar

Copyright information

© British Computer Society 2010

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of BristolBristolUK

Personalised recommendations