Abstract
Formal verification is approaching a point where it will be reliably applicable to embedded software. Even though formal verification can efficiently analyze multi-threaded applications, multi-core processors are often considered too dangerous to use in critical systems, despite the many benefits they can offer. One reason is the advanced memory consistency model of such CPUs. Nowadays, most software verifiers assume strict sequential consistency, which is also the naïve view of programmers. Modern multi-core processors, however, rarely guarantee this assumption by default. In addition, complex processor architectures may easily contain design faults. Thanks to the recent advances in hardware verification, these faults are increasingly visible and can be detected even in existing processors, giving an opportunity to compensate for the problem in software. In this paper, we propose a generic approach to consider inconsistent behavior of the hardware in the analysis of software. Our approach is based on formal methods and can be used to detect the activation of existing hardware faults on the application level and facilitate their mitigation in software. The approach relies heavily on recent results of model checking and hardware verification and offers new, integrative research directions. We propose a partial solution based on existing model checking tools to demonstrate feasibility and evaluate their performance in this context.
- Parosh Aziz Abdulla, Mohamed Faouzi Atig, Bengt Jonsson, and Tuan Phong Ngo. 2018. Optimal stateless model checking under the release-acquire semantics. PACMPL 2, OOPSLA (2018), 135:1--135:29. DOI:https://doi.org/10.1145/3276505Google Scholar
- Jade Alglave. 2012. A formal hierarchy of weak memory models. Form. Methods Syst. Des. 41, 2 (Oct. 2012), 178--210. DOI:https://doi.org/10.1007/s10703-012-0161-5Google Scholar
Digital Library
- Jade Alglave, Luc Maranget, and Michael Tautschnig. 2014. Herding cats: Modelling, simulation, testing, and data-mining for weak memory. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI’14, Edinburgh, United Kingdom - June 09-11, 2014. ACM, 40. DOI:https://doi.org/10.1145/2594291.2594347Google Scholar
Digital Library
- ARM Limited. 2011. Cortex--A9 MPCore™ Programmer Advice Notice: Read-after-read Hazards (Arm Reference 761319) (1 ed.). ARM Limited. http://infocenter.arm.com/help/topic/com.arm.doc.uan0004a/UAN0004A_a9_read_read.pdf.Google Scholar
- ARM Limited. 2011. Cortex™--A9 MPCore®: Technical Reference Manual (7 ed.). ARM Limited. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0407g/DDI0407G_cortex_a9_mpcore_r3p0_trm.pdf.Google Scholar
- James Bornholt and Emina Torlak. 2017. Synthesizing memory models from framework sketches and Litmus tests. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, June 18-23, 2017. ACM, 467--481. DOI:https://doi.org/10.1145/3062341.3062353Google Scholar
Digital Library
- Jerry R. Burch, Edmund M. Clarke, Kenneth L. McMillan, David L. Dill, and L. J. Hwang. 1992. Symbolic model checking: 1020 states and beyond. Inf. Comput. 98, 2 (1992), 142--170. DOI:https://doi.org/10.1016/0890-5401(92)90017-AGoogle Scholar
Digital Library
- Roberto Cavada, Alessandro Cimatti, Michele Dorigatti, Alberto Griggio, Alessandro Mariotti, Andrea Micheli, Sergio Mover, Marco Roveri, and Stefano Tonetta. 2014. The nuXmv symbolic model checker. In Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Vienna, Austria, July 18-22, 2014. Proceedings. Springer, 334--342. DOI:https://doi.org/10.1007/978-3-319-08867-9_22Google Scholar
- Soham Chakraborty and Viktor Vafeiadis. 2019. Grounding thin-air reads with event structures. PACMPL 3, POPL (2019), 70:1--70:28. DOI:https://doi.org/10.1145/3290383Google Scholar
- Edmund M. Clarke, Orna Grumberg, and Doron A. Peled. 2001. Model Checking. MIT Press. http://books.google.de/books?id=Nmc4wEaLXFEC.Google Scholar
- Michel Dubois, Christoph Scheurich, and Faye A. Briggs. 1986. Memory access buffering in multiprocessors. In Proceedings of the 13th Annual Symposium on Computer Architecture, Tokyo, Japan, June 1986. IEEE Computer Society, 434--442. https://dl.acm.org/citation.cfm?id=17406Google Scholar
- Cormac Flanagan and Patrice Godefroid. 2005. Dynamic partial-order reduction for model checking software. In Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005, Long Beach, California, USA, January 12-14, 2005. ACM, 110--121. DOI:https://doi.org/10.1145/1040305.1040315Google Scholar
Digital Library
- Kourosh Gharachorloo. 1995. Memory Consistency Models for Shared-Memory Multiprocessors. Technical Report. Stanford, CA, USA.Google Scholar
- Micha Hofri. 1990. Proof of a mutual exclusion algorithm — A classic example. SIGOPS Oper. Syst. Rev. 24, 1 (Jan. 1990), 18--22. DOI:https://doi.org/10.1145/90994.91002Google Scholar
Digital Library
- Gerard J. Holzmann. 2004. The SPIN Model Checker - Primer and Reference Manual. Addison-Wesley.Google Scholar
Digital Library
- Intel Corporation. 2015. Intel 64 and IA-32 Architectures Software Developer’s Manual. Intel Corporation.Google Scholar
- ISO/IEC. 2010. Programming Languages --- C - Committee Draft. ISO/IEC. ISO/IEC 9899:201x.Google Scholar
- Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2018. Spectre attacks: Exploiting speculative execution. meltdownattack.com (2018). https://spectreattack.com/spectre.pdf.Google Scholar
- Michalis Kokologiannakis, Ori Lahav, Konstantinos Sagonas, and Viktor Vafeiadis. 2018. Effective stateless model checking for C/C++ concurrency. PACMPL 2, POPL (2018), 17:1--17:32. DOI:https://doi.org/10.1145/3158105Google Scholar
- Ori Lahav, Viktor Vafeiadis, Jeehoon Kang, Chung-Kil Hur, and Derek Dreyer. 2017. Repairing sequential consistency in C/C++11. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, June 18-23, 2017. ACM, 618--632. DOI:https://doi.org/10.1145/3062341.3062352Google Scholar
Digital Library
- Daniel Lustig, Michael Pellauer, and Margaret Martonosi. 2014. Pipe check: Specifying and verifying microarchitectural enforcement of memory consistency models. In 47th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2014, Cambridge, United Kingdom, December 13-17, 2014. IEEE Computer Society, 635--646. DOI:https://doi.org/10.1109/MICRO.2014.38Google Scholar
Digital Library
- Daniel Lustig, Geet Sethi, Margaret Martonosi, and Abhishek Bhattacharjee. 2016. COATCheck: Verifying memory ordering at the hardware-OS interface. In Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS’16, Atlanta, GA, USA, April 2-6, 2016. ACM, 233--247. DOI:https://doi.org/10.1145/2872362.2872399Google Scholar
Digital Library
- Daniel Lustig, Andrew Wright, Alexandros Papakonstantinou, and Olivier Giroux. 2017. Automated synthesis of comprehensive memory model litmus test suites. In Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2017, Xi’an, China, April 8-12, 2017. ACM, 661--675. DOI:https://doi.org/10.1145/3037697.3037723Google Scholar
Digital Library
- Yatin A. Manerkar, Daniel Lustig, Michael Pellauer, and Margaret Martonosi. 2015. CCICheck: Using hb graphs to verify the coherence-consistency interface. In Proceedings of the 48th International Symposium on Microarchitecture, MICRO 2015, Waikiki, HI, USA, December 5-9, 2015. ACM, 26--37. DOI:https://doi.org/10.1145/2830772.2830782Google Scholar
Digital Library
- Anton Podkopaev, Ori Lahav, and Viktor Vafeiadis. 2019. Bridging the gap between programming languages and hardware weak memory models. PACMPL 3, POPL (2019), 69:1--69:31. DOI:https://doi.org/10.1145/3290382Google Scholar
- Azalea Raad, Marko Doko, Lovro Rozic, Ori Lahav, and Viktor Vafeiadis. 2019. On library correctness under weak memory consistency: Specifying and verifying concurrent libraries under declarative consistency models. PACMPL 3, POPL (2019), 68:1--68:31. DOI:https://doi.org/10.1145/3290381Google Scholar
Digital Library
- Pradeep S. Sindhu, Jean-Marc Frailong, and Michel Cekleov. 1992. Formal specification of memory models. In Scalable Shared Memory Multiprocessors, Michel Dubois and Shreekant Thakkar (Eds.). Springer US, Boston, MA, 25--41. DOI:https://doi.org/10.1007/978-1-4615-3604-8_2Google Scholar
- Caroline Trippel, Yatin A. Manerkar, Daniel Lustig, Michael Pellauer, and Margaret Martonosi. 2017. TriCheck: Memory model verification at the trisection of software, hardware, and ISA. In Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2017, Xi’an, China, April 8-12, 2017. ACM, 119--133. DOI:https://doi.org/10.1145/3037697.3037719Google Scholar
Digital Library
Index Terms
Will My Program Break on This Faulty Processor?: Formal Analysis of Hardware Fault Activations in Concurrent Embedded Software
Recommendations
Chip multithreaded consistency model
Multithreaded technique is the developing trend of high performance processor. Memory consistency model is essential to the correctness, performance and complexity of multithreaded processor. The chip multithreaded consistency model adapting to ...
Advanced Instruction Set Architectures for Reducing Program Memory Usage in a DSP Processor
DELTA '02: Proceedings of the The First IEEE International Workshop on Electronic Design, Test and Applications (DELTA '02)On-chip memories can consume multiple times the area of a processor core, thus affecting to the chip costs dramatically. In this paper, three approaches for reducing program memory footprint in a DSP processor are analyzed: fully 16-bit and two versions ...






Comments