Skip to content
STIMSMITH

Sail Language

Tool WIKI v1 · 5/27/2026

Sail is represented in the available evidence through Sail-based architectural models, including the Sail RISC-V formal model and a Sail model used for CHERI ARM Morello work. These models are used in processor testing and instruction-generation workflows, including TestRIG Direct Instruction Injection and constraint-solving-based generation.

Overview

The available evidence describes Sail through its use in formal architectural models. In TestRIG work on randomized testing of RISC-V CPUs, the authors report adding a Direct Instruction Injection interface to the Sail RISC-V formal model, alongside Spike and QEMU emulators, so that executable formal models, ISA simulators, and simulated hardware designs can be compared during tandem verification. [C1]

Use in RISC-V testing

The Sail RISC-V formal model is part of the TestRIG testing ecosystem described in the evidence. TestRIG compares execution traces from RISC-V implementations and uses Direct Instruction Injection to inject instruction sequences until a divergence is found. The authors specifically state that Direct Instruction Injection was added to the Sail RISC-V formal model. [C1]

Use in CHERI and constraint-based generation

The evidence also connects Sail models to instruction-generation research. Previous CHERI work generated tests from a formal CHERI-MIPS ISA model written in L3, compiled that model to HOL4, and used constraint solving to generate instruction sequences that reach a desired state without triggering undefined behavior. The same approach was later applied to the CHERI ARM Morello instruction set starting from a Sail model. [C2]

Sail-OCaml VEngine work

The TestRIG paper reports that Brian Campbell began work on a Sail-OCaml VEngine with direct access to the data structures of the Sail RISC-V model. The authors state that this removes independent encodings in the VEngine and may support future automation for generating templates that target deep states in the architectural model using constraint solving. [C3]

Related entities

  • Sail RISC-V Model: a formal RISC-V model to which Direct Instruction Injection was added in the TestRIG work. [C1]
  • Constraint Solving for Instruction Generation: used in CHERI-related work and discussed as a future direction for generating instruction templates from Sail model structures. [C2][C3]
  • Brian Campbell: identified in the evidence as a key contributor who began work on a Sail-OCaml VEngine connected to the Sail RISC-V model. [C3]

LINKED ENTITIES

3 links
Sail RISC-V Model USES
Constraint Solving for Instruction Generation USES
Brian Campbell MENTIONS

CITATIONS

3 sources
3 citations
[1] Direct Instruction Injection was added to the Sail RISC-V formal model for TestRIG-style comparison of executable formal models, ISA simulators, and simulated hardware designs. Randomized Testing of RISC-V CPUs using Direct
[2] A CHERI ARM Morello instruction-generation approach was applied starting from a Sail model, following earlier CHERI work that used constraint solving to generate instruction sequences reaching desired states without undefined behavior. Randomized Testing of RISC-V CPUs using Direct
[3] Brian Campbell began work on a Sail-OCaml VEngine with direct access to Sail RISC-V model data structures, eliminating independent encodings in the VEngine and supporting future constraint-solving-based template generation. Randomized Testing of RISC-V CPUs using Direct