Papers, Talks and Patents

My Google Scholar, DBLP, ORCID and Microsoft Academic pages.


HATRA 20 Towards making formal methods normal: meeting developers where they are
SpISA 19 The State of Sail
PhD 19 Defining interfaces between hardware and software: Quality and performance
POPL 19 ISA Semantics for ARMv8-A, RISC-V, and CHERI-MIPS
ARW 18 Detailed Models of Instruction Set Architectures: From Pseudocode to Formal Semantics
OOPSLA 17 Who guards the guards? Formal Validation of the ARM v8-M Architecture Specification
IEEE Micro The ARM Scalable Vector Extension
FMCAD 16 Trustworthy Specifications of ARM v8-A and v8-M System Level Architecture
CAV 16 End-to-End Verification of ARM Processors with ISA-Formal
DATE 14 Advanced SIMD: Extending the reach of contemporary SIMD architectures
CASES 08 SoC-C: efficient programming abstractions for heterogeneous multicore systems on chip
MICRO 08 From SODA to scotch: The evolution of a wireless baseband processor
SBAC-PAD 07 Low-cost Techniques for Reducing Branch Context Pollution in a Soft Realtime Embedded Multithreaded Processor
SiPS 06 Design and Implementation of Turbo Decoders for Software Defined Radio
SDR 06 SPEX: A programming language for software defined radio
TECS 05 Eliminating stack overflow by abstract interpretation
ASPLOS 04 HOIST: a system for automatically deriving static analyzers for embedded systems
ACP4IS 03 Lock inference for systems software
EMSOFT 03 Eliminating Stack Overflow by Abstract Interpretation
RTSS 03 Evolving real-time systems using hierarchical scheduling and concurrency analysis
Haskell FFI The Haskell 98 Foreign Function Interface 1.0: An Addendum to the Haskell 98 Report
ICSE 02 Static and dynamic structure in design patterns
ASPSE 01 Aspect Weaving as Component Knitting: Separating Concerns with Knit
PADL 01 FVision: A Declarative Language for Visual Tracking
GLib 01 The Hugs Graphics Library (Version 2.0)
OSDI 00 Knit: Component Composition for Systems Software
ICSE 99 Prototyping Real-Time Vision Systems: An Experiment in DSL Design
PLDI 99 A Semantics for Imprecise Exceptions
Haskell Report Haskell 98: A non-strict, purely functional language
Haskell Lib Standard Libraries for the Haskell 98 Programming Language
IFL 98 Putting the Spine Back in the Spineless Tagless G-Machine: An Implementation of Resumable Black-Holes
Exceptions Handling Exceptions in Haskell
StdLib 98 Designing the Standard Haskell Libraries
Haskell 97 Green Card: a foreign-language interface for Haskell
Haskell 95a Adding Records to Haskell
Haskell 95b A Proposal for the Standard Haskell Libraries
GFPW 94 Malloc Pointers and Stable Pointers: Improving Haskell's Foreign Language Interface
GFPW 93 Implementing Fudgets with Standard Widget Sets
MSc 93 A Precise Semantics for Ultraloose Specifications
GFPW 89 Designing Data Structures



  • Towards a formal specification of Intel’s x86 architecture
    Novel Architecture and Novel Design Automation (NANDA)
    5–6 September, 2022

    This talk is about my work on creating a formal specification of Intel’s x86 architecture: goals, why it is easy, why it is hard and the research challenges I see in the future.

  • Leaky abstractions
    RISE summer school 2022
    Keynote talk
    UK Research Institute in Secure Hardware and Embedded Systems (RISE)
    Centre for Secure Information Technology (CSIT)
    Belfast UK
    20–21 July, 2022.

    Since at least the 1950s, computer design has been viewed as a stack of separate concerns: programmers need not worry about how the hardware works as long as it satisfies its functional specification; and digital logic designers need not worry about how transistors work as long as they turn on and off. This separation has allowed engineers at each layer of the stack to innovate and has resulted in the remarkable improvements in power, performance and area seen over the last 70+ years. Layers in the stack can be changed independently of their neighbours because each layer in the stack only depends on an abstraction of the layer below. However, these abstractions are “leaky”: the abstractions are approximate and they omit properties such as time, space and power. This talk is about the connections between leaky abstractions and security and on both recent research and research opportunities in relating architectural security to the hardware stack that it rests on.

  • Machine readable specifications at scale
    ZISC seminar, ETH Zurich
    2 June, 2022

    There are lots of potential uses for machine readable specifications so you would think that every major real world artifact like long-lived hardware and software systems, protocols, languages, etc. would have a formal specification that is used by all teams extending, implementing, testing, verifying or securing the design. But, in practice, this is usually not true: most real world systems do not have a well tested, up to date, machine readable specification.

    This talk is about why you might want to change this and some things to consider as you go about it. In particular, it is about the use and creation of machine readable specifications at scale: when the number of engineers affected is counted in the thousands. This sort of scale leads to different problems and solutions than you would see in a 5–10 person project and both the challenges and the potential benefits are significantly larger.

    [See also my blog post Machine readable specifications at scale.]

Rust Verification

Talks about the Rust verification project at Google.

  • How can we formally verify Rust for Linux
    Kangrejos (workshop attached to Linux Plumbers 2021).
    13 September 2021. [pdf]

    This talk describes the state of formal verification for Rust code in the Linux kernel based on the blog posts I wrote.

  • Building Better Systems (Episode #11): Meeting Developers Where They Are
    23 July 2021 (recorded 2nd February). [youtube] [apple podcast] [simplecast] [mp3] [transcript]

    This 36 minute interview with Joey Dodds and Shpat Morina at Galois focuses on adoption and usability of verification tools and where we sit on the spectrum from high-assurance/high-cost to lower-assurance/lower-cost.

  • Using KLEE with Large Rust Programs
    KLEE workshop 2021
    Virtual (London, UK). 11 June 2021. [pdf] [video]

    This 12 minute talk focuses on tools: what we have done to adapt KLEE for use with Rust; the language, compiler, library and linker features we have encountered in real code out in the wild; and how we have tried to solve issues in a way that other Rust verification tools can directly use or adapt.

The Hardware-Software Interface: Quality and Performance

One of the most important interfaces in a computer system is the interface between hardware and software. This talk examines two critical aspects of defining the hardware-software interface: quality and performance.

The first aspect concerns the “radical” idea of creating a single, high-quality, formal specification of microprocessors that everybody can use. This idea does not seem “radical” until you realize that standard practice is for every group to create their own version of a specification in their preferred toolchain. I will describe the challenges that lead to this behavior and how to overcome the challenges. This project lead to the creation of Arm’s official formal specification of their microprocessors and to the formal validation of Arm’s processors against that specification.

The second aspect concerns the tradeoff between portability and performance in the context of high performance, energy efficient, parallel systems. I will describe the challenges in balancing portability and performance and how I overcame them by defining the hardware-software interface in terms of extensions of the C language. This project played a key part in creation of a software-defined radio system capable of implementing the 4G cellphone protocol.

The Arm architecture is the largest computer architecture by volume in the world; it behooves us to ensure that the interface it describes is appropriately defined.

  • Computer Science Department, Glasgow, UK. 21 February, 2019 [pdf]

Engineering and Using Large Formal Specifications

We have great tools and technique to formally verify hardware and software but, if we are apply these to real world systems, we need high quality specifications of real world artifacts such as processors, OSes, libraries, programming languages and internet protocols. This talk is about how we are going to avoid a specification bottleneck - it uses my experience in formalising the ARM processor architecture to suggest an approach that we can use on other large, complex hardware and software to create the specifications we need.

  • ACL2 2018
    Keynote talk, Austin, Texas, USA. 5-6 November, 2018. [pdf]

What makes processors fail - and how to prevent it

A more accessible presentation of the ideas in the ISA-Formal paper for the Electromagnetic Field maker festival.

Modern processors are amazing devices: small, fast, low power and getting better with every generation. But the most amazing things about modern microprocessors is that they work so incredibly reliably despite all their incredible complexity.

This talk is about the battle between complexity and correctness and about how new formal verification tools can be used to help you design higher performance processors that actually work. I will describe the common optimisations, the bugs that these often introduce and how open source tools such as SAT solvers and bounded model checkers can be used to find these bugs.

Creating Formal Specifications of the Arm Processor Architecture

A talk about why creating formal specifications for real world systems is hard and what we can do about it. Some of the key problems are the semantic gap between the architects’ intention and the written specification; challenges persuading different groups to adopt a common specification; the number and diversity of existing implementations; and the practical impossibility of formally verifying all implementations against the specification. I discuss lessons learned when creating a formal specification of the Arm Processor Architecture and using that specification to formally validate processors against the specification. And I discuss how those lessons can be applied in other contexts. This includes use of traditional testing, formal validation, social engineering and building a virtuous cycle to drive up the quality of the specification.

Specifications: The Next Verification Bottleneck

A talk about the importance and difficulty of creating trustworthy specifications of all the software and protocols we will need to verify software and about the techniques I used to create a trustworthy specification of the ARM processor architecture.

How can you trust formally verified software?

A talk about practical things you can do with ARM’s executable formal specification with an emphasis on security research. Despite having the same title, this is a completely different talk from the next one. TUWAT!

How can you trust formally verified software?

A gradually evolving series of talks about my work on creating correct formal specifications (when there are multiple implementations already in existence). Reinforces the idea of having multiple users of a single specification and includes a short version of the FMCAD16, CAV16 and OOPSLA17 talks.

Trusting Large Specifications: The Virtuous Cycle

First talk emphasizing the importance of having multiple users of a single specification.

Trustworthy Specifications of ARM System Level Architecture

Backwards compatible formalization of the ARM Architecture

First public talk about creating formal specifications of ARM processors.

  • Cambridge University Computer Laboratory
    Cambridge, UK, February, 2012. [pdf]


US 16/149,297 Encoding of input to storage circuitry
Alastair David Reid, Dominic Phillip Mulligan, Milosch Meriac, Matthias Lothar Boettcher, Nathan Yong Seng Chong, Ian Michael Caulfield, Peter Richard Greenhalgh, Frederic Claude Marie Piry, Albin Pierrick Tonnerre, Thomas Christopher Grocutt, Yasuo Ishii, US Patent Application, October 2018
US 17/052,655 Branch prediction cache for multiple software workloads
Alastair David Reid, US Patent Application, May 2018
US 9,886,239 Exponent Monitoring
Guy Larri, Lee Douglas Smith, David Raymond Lutz, Alastair David Reid, US Patent, November 2014
US 9,858,169 Monitoring a data processing apparatus and summarising the monitoring data
Alastair David Reid, Katherine Elizabeth Kneebone, Jan Guffens, Lee Douglas Smith, US Patent, July 2008
US 110,261,789 Data processing apparatus and method for controlling performance of speculative vector operations
Alastair David Reid, Daniel Kershaw, US Patent, October 2013
US 9,696,994 Apparatus and method for comparing a first vector of data elements and a second vector of data elements
Alastair David Reid, US Patent, December 2011
US 9,557,995 Data processing apparatus and method for performing segmented operations
Mbou Eyole-monono, Alastair David Reid, Matthias Lothar Böttcher, Giacomo Gabrielli, US Patent, February 2014
US 9,483,438 Apparatus and method for controlling the number of vector elements written to a data store while performing speculative vector write operations
Alastair David Reid, Daniel Kershaw, US Patent, October 2013
US 9,483,243 Interleaving data accesses issued in response to vector access instructions
Alastair David Reid, US Patent, November 2016
US 9,176,737 Controlling the execution of adjacent instructions that are dependent upon a same data condition
Alastair David Reid, US Patent, February 2011
US 9,098,265 Controlling an order for processing data elements during vector processing
Alastair David Reid, US Patent, July 2011
US 9,081,564 Converting scalar operation to specific type of vector operation using modifier instruction
Alastair David Reid, US Patent, April 2011
US 9,021,233 Interleaving data accesses issued in response to vector access instructions
Alastair David Reid, US Patent, September 2011
US 8,887,001 Trace data priority selection
John Michael Horley, Michael John Williams, Katherine Elizabeth Kneebone, Alastair David Reid, US Patent, February 2010
US 8,359,588 Reducing inter-task latency in a multiprocessor system
Alastair David Reid, US Patent, November 2009
US 8,250,549 Variable coherency support when mapping a computer program to a data processing apparatus
Alastair David Reid, Edmund Grimley-Evans, Simon Andrew Ford, US Patent, October 2006
US 8,200,948 Apparatus and method for performing re-arrangement operations on data
Daniel Kershaw, Dominic Hugo Symes, Alastair David Reid, US Patent, December 2006
US 8,190,807 Mapping a computer program to an asymmetric multiprocessing apparatus
Alastair David Reid, Edmund Grimley-Evans, Simon Andrew Ford, US Patent, October 2006
US 8,185,724 Monitoring values of signals within an integrated circuit
Simon Andrew Ford, Alastair David Reid, US Patent, March 2006
US 8,020,039 Recovering from errors in streaming DSP applications
Alastair David Reid, Daryl Wayne Bradley, US Patent, December 2007
US 7,809,989 Performing diagnostic operations upon an asymmetric multiprocessor apparatus
Simon Andrew Ford, Alastair David Reid, Katherine Elizabeth Kneebone, Edmund Grimley-Evans, US Patent, October 2006
US 7,805,595 Data processing apparatus and method for updating prediction data based on an operation's priority level
Emre Özer, Alastair David Reid, Stuart David Biles, US Patent, April 2007
US 7,574,314 Spurious signal detection
Simon Andrew Ford, David Michael Bull, Alastair David Reid, US Patent, October 2006