

## Bluespec BSV, the choice for CPU and SoC designers

Rishiyur Nikhil CTO, Bluespec

MPSoC, July 2014 Relais de Margaux, France

SEATING PLANE

Lengert PErstert. typedal Mittijiti) (anali; modules and plant failed by the plant failed b alsc Integer file\_depit = 15: Abstract n Kittili determine overeikstaffed) The BSV language is uniquely suited for CPU and SoC design, and is being used by many CPU/SoC designers for modeling and implementation. We describe the reasons for this, and several examples. frail Dependent o saiste 600 an an an a nex del nois.data ) — 0 7 external : external : www.bluespec.com entrodule : en let estit les © Bluespec, Inc., 2014



## What's so special about BSV?

- Fundamentally parallel/concurrent language, no sequential "base language"
- Architectural Predictability and Controllability
  - Architectures (like algorithms) are the creative part of design; cannot be entrusted to a tool!
- BSV "Rules" are a natural abstraction of hardware behavior
  - Concurrent state machines on shared resources
  - Rules are composable, scalable, atomic state transitions, in object-oriented style
- BSV "Rules" feed naturally into Formal Verification
  - Rules are the basic logic model in many formal verification systems

If you'd like more technical detail, see code examples, see a demo, ... please catch me off-line.

- Most powerful data type system in any language for synthesizable hardware design
  - User-defined types, functional types, polymorphism, typeclasses (user-defined overloading)
  - Custom hardware bit-representations
- Most powerful static elaboration system in any language for synthesizable hardware design
  - Higher-order functions
  - Full orthogonality → very powerful parameterization
    - Can parameterize {functions, modules, rules, actions} by {functions, modules, rules, actions}

## What's so special about BSV (contd.)?

- Fully synthesizable (no concept of "synthesizable subset")
  - *All* high-level features of the language can be used in synthesizable code
- Both computation-oriented and control-oriented designs handled very well
  - Computation: image, video, wireless, crypto, ...
    - Highly complex pipelines, pipeline control, customized memory systems
  - Control: CPUs, caches, MMUs, DMAs, interconnects, memory controllers, highspeed I/O, network processing, ...

If you'd like more technical detail, see code examples, see a demo, ... please catch me off-line.

## H.264 Boundary Strength; H.264+VP8 Deblocking



# Examples of who's using BSV for CPU/SoC design

| Organization                        | Type of model(s)                                                       | Comment                                             | on<br>FPGA? | OS?                                           |
|-------------------------------------|------------------------------------------------------------------------|-----------------------------------------------------|-------------|-----------------------------------------------|
| Bluespec, Inc.                      | ARM (9, Cortex,)                                                       | Synthesizable ISS model                             | Yes         | Linux                                         |
|                                     | RISC-V                                                                 | Synthesizable ISS model and pipeline implementation | Yes         | Linux                                         |
| Intel                               | [proprietary]                                                          | Cycle-accurate CPU pipeline models                  | Yes         | Yes                                           |
| IBM                                 | Next-gen POWER                                                         | Components                                          | Yes         |                                               |
| MIT/IBM                             | PowerPC                                                                | Cycle-accurate CPU pipeline models                  | Yes         | Linux                                         |
| MIT                                 | 110-core single-chip<br>SMP                                            | Exploring hardware-assisted thread migration        | ASIC        | Apps                                          |
| U.of Cambridge (UK)<br>and SRI (CA) | MIPS + security<br>enhancements                                        | With formal verification of security enhancements   | Yes         | FreeBSD                                       |
| U.of Pennsylvania                   | Clean-slate design for<br>security and formal<br>proofs of correctness | With complete formal verification                   | Yes         | Planned                                       |
|                                     | ANURAG                                                                 | FPGA CPU implementation                             | Yes         | ?                                             |
| IIT Madras (Chennai)                | MIPS/RISC-V                                                            | Pipelined implementation                            | Yes         | ?                                             |
| Carnegie-Mellon<br>University       | Itanium                                                                | CPU model, 4000x faster than Modelsim               | Yes         | No                                            |
|                                     | 16 CPU UltraSparc III<br>Sunfire 3800 Server                           | Synthesizable hyper-threaded ISS model              | Yes         | Solaris 8, Oracle 10g<br>Enterprise DB Server |
| U.of Texas (Austin)                 | x86                                                                    | Cycle-accurate CPU pipeline models                  | Yes         | Windows and Linux                             |
| U.of Lund (Sweden)                  | JVM                                                                    | Direct HW exec of JVM bytecodes, garbage collection | Yes         |                                               |
| © Bluespec, Inc., 2014              |                                                                        |                                                     |             |                                               |



## Examples of who's using BSV for CPU/SoC design

### Intl. Symp. on Computer Architecture (ISCA) 2014

#### The CHERI capability model: Revisiting RISC in an age of risk

Jonathan Woodruff<sup>†</sup> Robert N. M. Watson<sup>†</sup> David Chisnall<sup>†</sup> Simon W. Moore<sup>†</sup> Jonathan Anderson<sup>†</sup> Brooks Davis<sup>‡</sup> Ben Laurie<sup>§</sup> Peter G. Neumann<sup>‡</sup> Robert Norton<sup>†</sup> Michael Roe<sup>†</sup> <sup>†</sup> University of Cambridge <sup>‡</sup> SRI International <sup>§</sup> Google UK Ltd firstname.lastname@cl.cam.ac.uk {neumann,brooks}@csl.sri.com benl@google.com

#### Abstract

Motivated by contemporary security challenges, we reevaluate and refine capability-based addressing for the RISC era. We present CHERI, a hybrid capability model that extends the 64-bit MIPS ISA with byte-granularity memory protection. We demonstrate that CHERI enables language memory model enforcement and fault isolation in hardware rather than software, and that the CHERI mechanisms are easily adopted by existing programs for efficient in-program memory safety. for fine-grained protection, combined with significant technical challenges (especially compatibility), has challenged the adoption of capability systems. In contrast, coarse-grained virtual-memory protection has seen wide deployment to isolate application instances from one another. Ubiquitous networking and widespread security threats have renewed interest in finer-grained protection models that not only improve software debuggability, but also mitigate vulnerability exploit techniques (e.g., code injection via buffer overflows).

Processors with canability-based addressing enitomized by

- Implementation of MIPS with extensions for fine-grain (object-granularity) protection and access controls (primarily U.Cambridge UK)
- Formal verification of security properties (primarily SRI)



## Synthesizable ISS enables Tandem Verification

#### Bootstrap: Verify ISS in simulation

- For each instruction executed by the BSV ISS, send "deltas" of arch. state to C ISS, which also executes the instruction and verifies deltas.
- Immediately identifies divergent state!
- Cheap: per-instruction deltas are quite small (couple of words of data).
- This verifies the BSV ISS
- We do this for full OS boot and app runs, not just synthetic test programs.
- (Some tricky details about non-determinism: interrupts, cycle counts, ...)

# Use and re-use: BSV ISS is synthesized to FPGA, and used for tandem verification of actual CPU implementations (pipelined)

- Same game, at next level: BSV ISS verifies BSV complex pipelined implementation
- Fast: MHz speeds, everything is on FPGA
  - Many orders of magnitude faster than simulation
- Verify full OS boot, app execution, driver execution, ...
- Re-use synthesizable ISS for verifying multiple pipelined implementations



**BSV ISS** 

Archite-

ctural State

Archite-

ctural State

Δs

ISS

behavior

In simulation

ISS behavior

Imported C ISS

## RISC-V (basis for Bluespec's Customizable CPU and SoC Kit)

Bluespec offers a family of CPUs based on the **RISC-V** ISA (Instruction Set Architecture)

- 5<sup>th</sup> gen RISC ISA from Univ. of California, Berkeley
  - History: RISC-I (1981), RISC-II (1983), SOAR (1984), SPUR (1989) and various other specialized architectures
- Open ISA (no royalties), open software tools and systems (BSD license)
- Core spec: 32 bit and 64 bit integer instructions

#### Extensible, customizable ISA

- Optional 16-bit instruction coding for small instruction footprint
- Standard extensions for integer multiply/ divide, floating point, atomic memory operations
- Standardized extension mechanism (vector, SIMD, Quad-precision floating point, bit manipulation, ...)

Software (open source, BSD license, on github)

- GCC tools (gcc, objdump, gas
- GDB
- LLVM
- Linux

| Nikhil's Webview X MP5oC 2014 X 🖲 How Bitcoin Works X The RISC-V Instruction Set Arc X +                                                       |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |                                                                                                                                                  |  |  |  |
|------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|
| < 🕙 riscv.org                                                                                                                                  | ⊽ C (S + Google Q                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | ☆ 自 ♣ 斋 =                                                                                                                                        |  |  |  |
|                                                                                                                                                | The RISC-V Instruction Set Architecture                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |                                                                                                                                                  |  |  |  |
| Documentation                                                                                                                                  | RISC-V (pronounced "risk-five") is a new instruction set architecture (ISA) that was originally<br>designed to support computer architecture research and education, but which we now hope will                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | RISC-V News                                                                                                                                      |  |  |  |
| User-Level ISA Specification<br>(version 2.0)                                                                                                  | <ul> <li>become a standard open architecture for industry implementations. RISC-V was originally developed in the <u>Computer Science Division</u> of the EECS Department at the <u>University of California</u>, <u>Berkeley</u>. Our goals in defining RISC-V include:</li> <li>A completely open ISA that is freely available to academia and industry.</li> <li>A real ISA suitable for direct native hardware implementation, not just simulation or binary translation.</li> <li>An ISA that avoids "over-architecting" for a particular microarchitecture style (e.g., microcoded, in-order, decoupled, out-of-order) or implementation technology (e.g., full-custom, ASIC, FPGA), but which allows efficient implementation technology (e.g., full-custor, ASIC, FPGA), but which allows efficient implementation any of these.</li> <li>An ISA separated into a <i>small</i> base integer ISA, usable by itself as a base for customized accelerators or for educational purposes, and optional standard extensions, to support general-purpose software development.</li> <li>Support for the revised 2008 IEEE-754 floating-point standard.</li> <li>An ISA supporting extensive user-level ISA extensions and specialized variants.</li> <li>Both 32-bit and 64-bit address space variants for applications, operating system kernels, and hardware implementations.</li> <li>An ISA with support for highly-parallel multicore or manycore implementations, including heterogeneous multiprocessors.</li> <li>Optional <i>variable-length instructions</i> to both expand available instruction encoding space and to support an optional <i>dense instruction encoding</i> for improved performance, static code size, and energy efficiency.</li> <li>A fully virtualizable ISA to ease hypervisor development.</li> <li>An ISA that simplifies experiments with new supervisor-level and hypervisor-level ISA designs.</li> </ul> | May 6, 2014: We are<br>still working on the<br>draft of the privileged                                                                           |  |  |  |
| oftware                                                                                                                                        |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | ISA design, but hope<br>to release early this                                                                                                    |  |  |  |
| RISC-V Tools<br>> RISC-V GCC<br>> RISC-V LUVM<br>> RISC-V ISA Simulator<br>> RISC-V Verification Suite<br>> Proxy Kernel<br>> Front-end Server |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | Summer for<br>comments.<br>May 6, 2014: RISC-V<br>User-Level ISA Version<br>2.0 is released I This<br>document is also<br>available as Technical |  |  |  |
| RISC-V Linux                                                                                                                                   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | Report <u>UCB/EECS-</u><br>2014-54. This<br>represents the final                                                                                 |  |  |  |
| Hardware Tools                                                                                                                                 |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | frozen version of the<br>base and standard<br>extensions (IMAFD).                                                                                |  |  |  |
| Software<br>mplementations                                                                                                                     |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | March 6, 2014: RISC-V<br>LLVM is released at<br>riscv-llvm.                                                                                      |  |  |  |
| ANGEL<br>(JavaScript ISA simulator)                                                                                                            | What's Available?                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | March 5, 2014: Try out<br>RISC-V Linux on                                                                                                        |  |  |  |
| ANGEL Source                                                                                                                                   | Right now, you can download the final user-level ISA specification, and RISC-V software tools<br>including a GNU/GCC software tool chain, an LLVM compiler, an ISA simulator, and a verification<br>rule.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | ANGEL, our in-browser<br>JavaScript ISA<br>simulator                                                                                             |  |  |  |
| lardware                                                                                                                                       | suite.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |                                                                                                                                                  |  |  |  |

www.riscv.org



## Bluespec's Customizable CPU and SoC Kit



© Bluespec, Inc., 2014

## Summary

- The BSV language is uniquely suited for CPU and SoC design
  - High level, natural expression of hardware structure and behavior
  - Powerful abstraction while remaining fully synthesizable
  - Synthesizable (even models, for fast FPGA execution)
  - From models to implementations
- Many organizations are using BSV for CPU/SoC design
- A RISC-V CPU and SoC kit is available from Bluespec
  - Lowers the barrier to entry in the SoC space because:
    - Open ISA, open source IP, open source software, ...
    - Composable and extensible, due to unique BSV properties

