Architectural coverage for FEAT_GCS in an AArch64 CPU

This thesis addresses the critical need for robust validation of emerging architectural features, with a particular focus on the Guarded Control Stack (GCS) introduced in the Arm Architecture 64-bit (AArch64). GCS is a key security enhancement aimed at strengthening Control-Flow Integrity (CFI) by using hardware-based mechanisms to prevent control-flow hijacking attacks. As modern processors grow increasingly complex, and the consequences of security flaws become more severe, there is a pressing need for validation methodologies that are both thorough and strictly aligned with architectural specifications. To address this challenge, the thesis presents a coverage-driven validation methodology specifically tailored to GCS. The main contribution of this work is the creation and integration of a dedicated sequence into an existing architectural coverage model, targeting the Guarded Control Stack feature. This sequence was designed to systematically exercise all relevant architectural scenarios, including stack operations, entry and exit transitions, and exception handling interactions. The methodology is centered around three components: a Test Generation Tool (TGT), a Golden Model (GM), and a Coverage Tool (CT). The TGT produces targeted instruction sequences that explore edge cases and state transitions in a systematic way. These sequences are executed on the GM, which implements the architectural behavior of GCS according to the official specification. The CT then reads the output of the test execution on the GM to assess which architectural behaviors have been exercised. By analyzing coverage metrics and confirming that all intended scenarios are correctly triggered, the work ensures that the architectural specification of GCS is thoroughly exercised. This approach also supports the identification of potential ambiguities or gaps in the specification, contributing to a more complete and reliable architectural validation and understanding.