Skip to content
STIMSMITH

assembler model

Concept WIKI v1 · 5/26/2026

The assembler model is an Isabelle/HOL abstraction of the VAMP processor instruction-set architecture used as the basis for test specifications and conformance testing. It represents addresses as natural numbers, register and memory values as integers, hides lower-level ISA and implementation details such as address translation and interrupts, and defines instruction semantics through an executable transition function.

Definition

The assembler model is an Isabelle/HOL theory that abstracts the instruction-set architecture used for the VAMP processor case study. It was introduced to avoid the complexity of bit-vector representations of data and instructions: addresses are represented as natural numbers, while register contents and memory contents are represented as integers. Test specifications and experiments in the case study are based on this instruction-set, or assembler, model. [C1]

Abstraction level

The model abstracts several ISA and processor-level details. Instructions are represented as an abstract datatype with readable constructor names, address translation is not visible, assembler computations take place in a linear virtual memory space, and interrupts are not visible at this level. The assembler model is described as more abstract than the processor model, making complex details transparent, including interrupt handling, virtual memory and caching, pipelining, and instruction reordering. [C2]

Configuration state

The assembler configuration is an abstraction of the ISA configuration and is defined as the ASMcoret record type. Its fields are:

  • pcp: a natural number representing the program counter.
  • dpc: a natural number representing the delayed program counter.
  • gprs: a list of integers representing the general-purpose register file.
  • sprs: a list of integers representing the special-purpose register file.
  • mm: a memory model represented by a mapping from naturals to integers. [C3]

The register-file type is defined as a list of integers. Because the assembler representation is less restrictive than the bit-vector representation, predicates and conversion functions restrict addresses, values, and configurations to meaningful values. The well-formedness predicate is_ASMcore ensures that both register files contain exactly 32 registers and that register and memory cells contain valid values. [C4]

Instruction representation and semantics

The assembler instruction set is defined in Isabelle as an abstract datatype instr. Operation mnemonics are datatype constructors with their associated operands. The instruction classes shown in the evidence include data-transfer commands, arithmetic and logical operations, test operations, shift operations, control operations, and basic interrupts. [C5]

Instruction semantics are provided by exec_instr, a function over assembler configurations and assembler instructions. For each configuration and instruction, it returns the resulting configuration after executing the instruction in the initial configuration. The transition relation is defined by Step st ≡ exec_instr st (current_instr st), so a transition maps a configuration to its successor by executing the current instruction indicated by the delayed program counter. [C6]

Role in testing

The transition relations of the assembler model are used as the basis of test specifications. In the black-box testing scenario described in the case study, an abstract description of the system under test is used for test generation, with the goal of checking that the processor behaves as described in the assembler model independently of internal implementation details. [C7]

For unit instruction testing, a general specification compares the system under test with the assembler execution function:

test_spec pre σ ι ⇒ SUT σ ι =k exec_instr σ ι

Here =k is an executable conformance relation comparing registers and the top k memory cells rather than infinite memory. Each test case consists of an instruction, an initial configuration, and the resulting configuration after executing the instruction. HOL-TestGen produces tests from this specification, and subsets of instructions can be isolated by adding preconditions that specify the instruction type. [C8]

Tested instruction categories

The case study applies both model-based unit testing and sequence testing. Unit testing is used to test each operation or instruction with different data, while sequence testing is used for sequences of instructions up to a given length. The studied instruction categories are memory-related load and store operations, arithmetic operations, logic operations, and control-flow-related operations. [C9]

LINKED ENTITIES

2 links
Instruction Set Architecture abstracts
HOL-TestGen used_for_test_generation_from

CITATIONS

9 sources
9 citations
[1] C1: The assembler model is an Isabelle/HOL abstraction used in the VAMP case study to avoid bit-vector representations, representing addresses as naturals and register and memory contents as integers. Test Program Generation for a Microprocessor: A Case Study
[2] C2: The assembler model hides ISA and processor details including address translation, interrupts, virtual memory and caching, pipelining, and instruction reordering. Test Program Generation for a Microprocessor: A Case Study
[3] C3: The assembler configuration is the ASMcoret record with program-counter, delayed-program-counter, general-register, special-register, and memory-model fields. Test Program Generation for a Microprocessor: A Case Study
[4] C4: The assembler model uses integer lists for register files, and is_ASMcore enforces 32-register files and validity of register and memory cell values. Test Program Generation for a Microprocessor: A Case Study
[5] C5: The assembler instruction set is an Isabelle abstract datatype whose constructors correspond to operation mnemonics and cover categories such as data transfer, arithmetic/logical, test, shift, control, and interrupt instructions. Test Program Generation for a Microprocessor: A Case Study
[6] C6: exec_instr defines instruction semantics by returning the resulting configuration, and Step defines the successor transition by executing the current instruction. Test Program Generation for a Microprocessor: A Case Study
[7] C7: The assembler-model transition relations are used as the basis of test specifications, and testing checks that the processor behaves as described in the assembler model independently of implementation details. Test Program Generation for a Microprocessor: A Case Study
[8] C8: Unit instruction testing compares the SUT with exec_instr under a conformance relation =k, and HOL-TestGen produces tests from the specification. Test Program Generation for a Microprocessor: A Case Study
[9] C9: The case study uses unit testing and sequence testing, studying memory load/store, arithmetic, logic, and control-flow instruction categories. Test Program Generation for a Microprocessor: A Case Study