My Google Scholar, DBLP, ORCID and Microsoft Academic pages.
Papers
| HATRA 20 | Towards making formal methods normal: meeting developers where they are |
| SpISA 19 | The State of Sail |
| PhD 19 | Defining interfaces between hardware and software: Quality and performance |
| POPL 19 | ISA Semantics for ARMv8-A, RISC-V, and CHERI-MIPS |
| ARW 18 | Detailed Models of Instruction Set Architectures: From Pseudocode to Formal Semantics |
| OOPSLA 17 | Who guards the guards? Formal Validation of the ARM v8-M Architecture Specification |
| IEEE Micro | The ARM Scalable Vector Extension |
| FMCAD 16 | Trustworthy Specifications of ARM v8-A and v8-M System Level Architecture |
| CAV 16 | End-to-End Verification of ARM Processors with ISA-Formal |
| DATE 14 | Advanced SIMD: Extending the reach of contemporary SIMD architectures |
| CASES 08 | SoC-C: efficient programming abstractions for heterogeneous multicore systems on chip |
| MICRO 08 | From SODA to scotch: The evolution of a wireless baseband processor |
| SBAC-PAD 07 | Low-cost Techniques for Reducing Branch Context Pollution in a Soft Realtime Embedded Multithreaded Processor |
| SiPS 06 | Design and Implementation of Turbo Decoders for Software Defined Radio |
| SDR 06 | SPEX: A programming language for software defined radio |
| TECS 05 | Eliminating stack overflow by abstract interpretation |
| ASPLOS 04 | HOIST: a system for automatically deriving static analyzers for embedded systems |
| ACP4IS 03 | Lock inference for systems software |
| EMSOFT 03 | Eliminating Stack Overflow by Abstract Interpretation |
| RTSS 03 | Evolving real-time systems using hierarchical scheduling and concurrency analysis |
| Haskell FFI | The Haskell 98 Foreign Function Interface 1.0: An Addendum to the Haskell 98 Report |
| ICSE 02 | Static and dynamic structure in design patterns |
| ASPSE 01 | Aspect Weaving as Component Knitting: Separating Concerns with Knit |
| PADL 01 | FVision: A Declarative Language for Visual Tracking |
| GLib 01 | The Hugs Graphics Library (Version 2.0) |
| OSDI 00 | Knit: Component Composition for Systems Software |
| ICSE 99 | Prototyping Real-Time Vision Systems: An Experiment in DSL Design |
| PLDI 99 | A Semantics for Imprecise Exceptions |
| Haskell Report | Haskell 98: A non-strict, purely functional language |
| Haskell Lib | Standard Libraries for the Haskell 98 Programming Language |
| IFL 98 | Putting the Spine Back in the Spineless Tagless G-Machine: An Implementation of Resumable Black-Holes |
| Exceptions | Handling Exceptions in Haskell |
| StdLib 98 | Designing the Standard Haskell Libraries |
| Haskell 97 | Green Card: a foreign-language interface for Haskell |
| Haskell 95a | Adding Records to Haskell |
| Haskell 95b | A Proposal for the Standard Haskell Libraries |
| GFPW 94 | Malloc Pointers and Stable Pointers: Improving Haskell's Foreign Language Interface |
| GFPW 93 | Implementing Fudgets with Standard Widget Sets |
| MSc 93 | A Precise Semantics for Ultraloose Specifications |
| GFPW 89 | Designing Data Structures |
Talks
Specifications
-
Goals of a modern ISA specification
Programming Languages for Architecture (PLARCH)
17 June, 2023
[pdf]What should we consider when creating an ISA specification? What can we learn from the 1970s? What are the conflicts between different uses of an ISA specification?
(Talking to other researchers after the workshop, it became clear that I had missed out something important: we need to have a range of tools available that can be adapted to suit various needs. If we don’t, then people will continue to roll their own specialized spec because it is too hard to use the official one.)
-
Towards a formal specification of Intel’s x86 architecture
Novel Architecture and Novel Design Automation (NANDA)
Virtual.
5–6 September, 2022
[pdf]This talk is about my work on creating a formal specification of Intel’s x86 architecture: goals, why it is easy, why it is hard and the research challenges I see in the future.
-
Leaky abstractions
RISE summer school 2022
Keynote talk
UK Research Institute in Secure Hardware and Embedded Systems (RISE)
Centre for Secure Information Technology (CSIT)
Belfast UK
20–21 July, 2022.
[pdf]Since at least the 1950s, computer design has been viewed as a stack of separate concerns: programmers need not worry about how the hardware works as long as it satisfies its functional specification; and digital logic designers need not worry about how transistors work as long as they turn on and off. This separation has allowed engineers at each layer of the stack to innovate and has resulted in the remarkable improvements in power, performance and area seen over the last 70+ years. Layers in the stack can be changed independently of their neighbours because each layer in the stack only depends on an abstraction of the layer below. However, these abstractions are “leaky”: the abstractions are approximate and they omit properties such as time, space and power. This talk is about the connections between leaky abstractions and security and on both recent research and research opportunities in relating architectural security to the hardware stack that it rests on.
-
Machine readable specifications at scale
ZISC seminar, ETH Zurich
Virtual
2 June, 2022
[pdf]There are lots of potential uses for machine readable specifications so you would think that every major real world artifact like long-lived hardware and software systems, protocols, languages, etc. would have a formal specification that is used by all teams extending, implementing, testing, verifying or securing the design. But, in practice, this is usually not true: most real world systems do not have a well tested, up to date, machine readable specification.
This talk is about why you might want to change this and some things to consider as you go about it. In particular, it is about the use and creation of machine readable specifications at scale: when the number of engineers affected is counted in the thousands. This sort of scale leads to different problems and solutions than you would see in a 5–10 person project and both the challenges and the potential benefits are significantly larger.
[See also my blog post Machine readable specifications at scale.]
Rust Verification
Talks about the Rust verification project at Google.
-
How can we formally verify Rust for Linux
Kangrejos (workshop attached to Linux Plumbers 2021).
Virtual.
13 September 2021. [pdf]This talk describes the state of formal verification for Rust code in the Linux kernel based on the blog posts I wrote.
-
Building Better Systems (Episode #11): Meeting Developers Where They Are
23 July 2021 (recorded 2nd February). [youtube] [apple podcast] [simplecast] [mp3] [transcript]This 36 minute interview with Joey Dodds and Shpat Morina at Galois focuses on adoption and usability of verification tools and where we sit on the spectrum from high-assurance/high-cost to lower-assurance/lower-cost.
-
Using KLEE with Large Rust Programs
KLEE workshop 2021
Virtual (London, UK). 11 June 2021. [pdf] [video]This 12 minute talk focuses on tools: what we have done to adapt KLEE for use with Rust; the language, compiler, library and linker features we have encountered in real code out in the wild; and how we have tried to solve issues in a way that other Rust verification tools can directly use or adapt.
The Hardware-Software Interface: Quality and Performance
One of the most important interfaces in a computer system is the interface between hardware and software. This talk examines two critical aspects of defining the hardware-software interface: quality and performance.
The first aspect concerns the “radical” idea of creating a single, high-quality, formal specification of microprocessors that everybody can use. This idea does not seem “radical” until you realize that standard practice is for every group to create their own version of a specification in their preferred toolchain. I will describe the challenges that lead to this behavior and how to overcome the challenges. This project lead to the creation of Arm’s official formal specification of their microprocessors and to the formal validation of Arm’s processors against that specification.
The second aspect concerns the tradeoff between portability and performance in the context of high performance, energy efficient, parallel systems. I will describe the challenges in balancing portability and performance and how I overcame them by defining the hardware-software interface in terms of extensions of the C language. This project played a key part in creation of a software-defined radio system capable of implementing the 4G cellphone protocol.
The Arm architecture is the largest computer architecture by volume in the world; it behooves us to ensure that the interface it describes is appropriately defined.
- Computer Science Department, Glasgow, UK. 21 February, 2019 [pdf]
Engineering and Using Large Formal Specifications
We have great tools and technique to formally verify hardware and software but, if we are apply these to real world systems, we need high quality specifications of real world artifacts such as processors, OSes, libraries, programming languages and internet protocols. This talk is about how we are going to avoid a specification bottleneck - it uses my experience in formalising the ARM processor architecture to suggest an approach that we can use on other large, complex hardware and software to create the specifications we need.
What makes processors fail - and how to prevent it
A more accessible presentation of the ideas in the ISA-Formal paper for the Electromagnetic Field maker festival.
Modern processors are amazing devices: small, fast, low power and getting better with every generation. But the most amazing things about modern microprocessors is that they work so incredibly reliably despite all their incredible complexity.
This talk is about the battle between complexity and correctness and about how new formal verification tools can be used to help you design higher performance processors that actually work. I will describe the common optimisations, the bugs that these often introduce and how open source tools such as SAT solvers and bounded model checkers can be used to find these bugs.
- Electromagnetic Field 2018
Eastnor, UK. 31 August - 2 September 2018. [pdf] [video]
Creating Formal Specifications of the Arm Processor Architecture
A talk about why creating formal specifications for real world systems is hard and what we can do about it. Some of the key problems are the semantic gap between the architects’ intention and the written specification; challenges persuading different groups to adopt a common specification; the number and diversity of existing implementations; and the practical impossibility of formally verifying all implementations against the specification. I discuss lessons learned when creating a formal specification of the Arm Processor Architecture and using that specification to formally validate processors against the specification. And I discuss how those lessons can be applied in other contexts. This includes use of traditional testing, formal validation, social engineering and building a virtuous cycle to drive up the quality of the specification.
-
Agence National de la sécurité des systèmes d’information (ANSSI)
Invited talk, Paris, France. 24 October, 2018. [pdf] -
Austrian Computer Science Day
Invited talk, Salzburg, Austria. 15 June, 2018. [pdf] -
OAuth Security Workshop
Invited keynote talk, Fondazione Bruno Kessler, Trento, Italy. 14-16 March, 2018. [pdf]
Specifications: The Next Verification Bottleneck
A talk about the importance and difficulty of creating trustworthy specifications of all the software and protocols we will need to verify software and about the techniques I used to create a trustworthy specification of the ARM processor architecture.
- ENTROPY 2018: ENabling TRust through Os Proofs…and beYond
Invited talk, Villeneuve d’Ascq, France, 25-26 January, 2018. [pdf]
How can you trust formally verified software?
A talk about practical things you can do with ARM’s executable formal specification with an emphasis on security research. Despite having the same title, this is a completely different talk from the next one. TUWAT!
- Chaos Communication Congress (34C3)
CCC, Leipzig, Germany, 27-30 December, 2017. [video] [pdf]
How can you trust formally verified software?
A gradually evolving series of talks about my work on creating correct formal specifications (when there are multiple implementations already in existence). Reinforces the idea of having multiple users of a single specification and includes a short version of the FMCAD16, CAV16 and OOPSLA17 talks.
-
High Performance Embedded and Distributed Systems (HiPEDS) seminar series
Invited talk, Imperial College London, UK, 6th November, 2017. [pdf] -
Formal Aspects of Computing Science (British Computer Society)
Invited talk, London, UK, 29th September, 2017. [pdf] -
Reliable, Secure and Scalable Software Systems (RS4) Workshop
Invited talk, Glasgow, UK, 1st September, 2017. [pdf]
(Completely rewritten from May version.) -
Microsoft Research
Invited talk, Cambridge, UK, 22nd May, 2017. -
Cambridge University Computer Laboratory
Cambridge, UK, 2nd May, 2017. [pdf] -
Queen Mary University
Invited talk, London, UK, 30th November, 2016. [pdf]
Trusting Large Specifications: The Virtuous Cycle
First talk emphasizing the importance of having multiple users of a single specification.
- The 4th South of England Regional Programming Language Seminar (S-REPLS 4)
Imperial College London, UK, 27th September, 2016. [pdf]
Trustworthy Specifications of ARM System Level Architecture
- First Deepspec Workshop, Princeton, NJ, USA, 7th June, 2016.
Backwards compatible formalization of the ARM Architecture
First public talk about creating formal specifications of ARM processors.
- Cambridge University Computer Laboratory
Cambridge, UK, February, 2012. [pdf]
Patents
| US 16/149,297 |
Encoding of input to storage circuitry
Alastair David Reid, Dominic Phillip Mulligan, Milosch Meriac, Matthias Lothar Boettcher, Nathan Yong Seng Chong, Ian Michael Caulfield, Peter Richard Greenhalgh, Frederic Claude Marie Piry, Albin Pierrick Tonnerre, Thomas Christopher Grocutt, Yasuo Ishii, US Patent Application, October 2018 |
| US 17/052,655 |
Branch prediction cache for multiple software workloads
Alastair David Reid, US Patent Application, May 2018 |
| US 9,886,239 |
Exponent Monitoring
Guy Larri, Lee Douglas Smith, David Raymond Lutz, Alastair David Reid, US Patent, November 2014 |
| US 9,858,169 |
Monitoring a data processing apparatus and summarising the monitoring data
Alastair David Reid, Katherine Elizabeth Kneebone, Jan Guffens, Lee Douglas Smith, US Patent, July 2008 |
| US 110,261,789 |
Data processing apparatus and method for controlling performance of speculative vector operations
Alastair David Reid, Daniel Kershaw, US Patent, October 2013 |
| US 9,696,994 |
Apparatus and method for comparing a first vector of data elements and a second vector of data elements
Alastair David Reid, US Patent, December 2011 |
| US 9,557,995 |
Data processing apparatus and method for performing segmented operations
Mbou Eyole-monono, Alastair David Reid, Matthias Lothar Böttcher, Giacomo Gabrielli, US Patent, February 2014 |
| US 9,483,438 |
Apparatus and method for controlling the number of vector elements written to a data store while performing speculative vector write operations
Alastair David Reid, Daniel Kershaw, US Patent, October 2013 |
| US 9,483,243 |
Interleaving data accesses issued in response to vector access instructions
Alastair David Reid, US Patent, November 2016 |
| US 9,176,737 |
Controlling the execution of adjacent instructions that are dependent upon a same data condition
Alastair David Reid, US Patent, February 2011 |
| US 9,098,265 |
Controlling an order for processing data elements during vector processing
Alastair David Reid, US Patent, July 2011 |
| US 9,081,564 |
Converting scalar operation to specific type of vector operation using modifier instruction
Alastair David Reid, US Patent, April 2011 |
| US 9,021,233 |
Interleaving data accesses issued in response to vector access instructions
Alastair David Reid, US Patent, September 2011 |
| US 8,887,001 |
Trace data priority selection
John Michael Horley, Michael John Williams, Katherine Elizabeth Kneebone, Alastair David Reid, US Patent, February 2010 |
| US 8,359,588 |
Reducing inter-task latency in a multiprocessor system
Alastair David Reid, US Patent, November 2009 |
| US 8,250,549 |
Variable coherency support when mapping a computer program to a data processing apparatus
Alastair David Reid, Edmund Grimley-Evans, Simon Andrew Ford, US Patent, October 2006 |
| US 8,200,948 |
Apparatus and method for performing re-arrangement operations on data
Daniel Kershaw, Dominic Hugo Symes, Alastair David Reid, US Patent, December 2006 |
| US 8,190,807 |
Mapping a computer program to an asymmetric multiprocessing apparatus
Alastair David Reid, Edmund Grimley-Evans, Simon Andrew Ford, US Patent, October 2006 |
| US 8,185,724 |
Monitoring values of signals within an integrated circuit
Simon Andrew Ford, Alastair David Reid, US Patent, March 2006 |
| US 8,020,039 |
Recovering from errors in streaming DSP applications
Alastair David Reid, Daryl Wayne Bradley, US Patent, December 2007 |
| US 7,809,989 |
Performing diagnostic operations upon an asymmetric multiprocessor apparatus
Simon Andrew Ford, Alastair David Reid, Katherine Elizabeth Kneebone, Edmund Grimley-Evans, US Patent, October 2006 |
| US 7,805,595 |
Data processing apparatus and method for updating prediction data based on an operation's priority level
Emre Özer, Alastair David Reid, Stuart David Biles, US Patent, April 2007 |
| US 7,574,314 |
Spurious signal detection
Simon Andrew Ford, David Michael Bull, Alastair David Reid, US Patent, October 2006 |