Machine Independent Language formalization and tools

The Machine Independent Language (MIL) captures microarchitectural features such as out-of-order execution. MIL can be used as a form of abstract microcode language, e.g., as a target language for translating Instruction Set Architecture (ISA) instructions, and for reasoning about microarchitectural features that may cause unwanted information flows, e.g., side channels leaking secret information.

We formalize MIL in the HOL4 theorem prover. The formalization includes the in-order and out-of-order dynamic semantics of MIL, a proof of memory consistency between the two semantics, and a notion of conditional noninterference that rules out trace driven cache-based side channels. We verify functions for executing MIL programs and then refine them to the CakeML language, yielding trustworthy MIL analysis tools both inside and outside HOL4. We devised a semi-automated reasoning strategy for conditional noninterference, which we apply to verify confidentiality of several MIL programs.