RealityCheck: Bringing Modularity, Hierarchy, and Abstraction to Automated Microarchitectural Memory Consistency Verification

Modern SoCs are heterogeneous parallel systems comprised of components developed by distinct teams and possibly even different vendors. The memory consistency model (MCM) of processors in such SoCs specifies the ordering rules which constrain the values that can be read by load instructions in parallel programs running on such systems. The implementation of required MCM orderings can span components which may be designed and implemented by many different teams. Ideally, each team would be able to specify the orderings enforced by their components independently and then connect them together when conducting MCM verification. However, no prior automated approach for formal hardware MCM verification provided this. To bring automated hardware MCM verification in line with the realities of the design process, we present RealityCheck, a methodology and tool for automated formal MCM verification of modular microarchitectural ordering specifications. RealityCheck allows users to specify their designs as a hierarchy of distinct modules connected to each other rather than a single flat specification. It can then automatically verify litmus test programs against these modular specifications. RealityCheck also provides support for abstraction, which enables scalable verification by breaking up the verification of the entire design into smaller verification problems. We present results for verifying litmus tests on 7 different designs using RealityCheck. These include in-order and out-of-order pipelines, a non-blocking cache, and a heterogeneous processor. Our case studies cover the TSO and RISC-V (RVWMO) weak memory models. RealityCheck is capable of verifying 98 RVWMO litmus tests in under 4 minutes each, and its capability for abstraction enables up to a 32.1% reduction in litmus test verification time for RVWMO.

[1]  Margaret Martonosi,et al.  CCICheck: Using μhb graphs to verify the coherence-consistency interface , 2015, 2015 48th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[2]  Adam Chlipala,et al.  Kami: a platform for high-level parametric hardware specification and its modular verification , 2017, Proc. ACM Program. Lang..

[3]  Rajeev Alur,et al.  An Axiomatic Memory Model for POWER Multiprocessors , 2012, CAV.

[4]  Theo Tryfonas,et al.  Frontiers in Artificial Intelligence and Applications , 2009 .

[5]  Sridhar Narayanan,et al.  TSOtool: a program for verifying memory systems using the memory consistency model , 2004, Proceedings. 31st Annual International Symposium on Computer Architecture, 2004..

[6]  Ganesh Gopalakrishnan,et al.  GPU Concurrency: Weak Behaviours and Programming Assumptions , 2015, ASPLOS.

[7]  Margaret Martonosi,et al.  TriCheck: Memory Model Verification at the Trisection of Software, Hardware, and ISA , 2016, ASPLOS.

[8]  No License,et al.  Intel ® 64 and IA-32 Architectures Software Developer ’ s Manual Volume 3 A : System Programming Guide , Part 1 , 2006 .

[9]  Ali Sezgin,et al.  Modelling the ARMv8 architecture, operationally: concurrency and ISA , 2016, POPL.

[10]  Peter Sewell,et al.  A Better x86 Memory Model: x86-TSO , 2009, TPHOLs.

[11]  Gabriel Kerneis,et al.  An integrated concurrency and core-ISA architectural envelope definition, and test oracle, for IBM POWER multiprocessors , 2015, 2015 48th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[12]  Adam Chlipala,et al.  Modular Deductive Verification of Multiprocessor Hardware Designs , 2015, CAV.

[13]  Margaret Martonosi,et al.  PipeProof: Automated Memory Consistency Proofs for Microarchitectural Specifications , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[14]  Margaret Martonosi,et al.  PipeCheck: Specifying and Verifying Microarchitectural Enforcement of Memory Consistency Models , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.

[15]  Sizhuo Zhang,et al.  Constructing a Weak Memory Model , 2018, 2018 ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA).

[16]  Margaret Martonosi,et al.  COATCheck: Verifying Memory Ordering at the Hardware-OS Interface , 2016, ASPLOS.

[17]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[18]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[19]  Cesare Tinelli,et al.  Satisfiability Modulo Theories , 2021, Handbook of Satisfiability.

[20]  Albert Meixner,et al.  Dynamic Verification of Memory Consistency in Cache-Coherent Multithreaded Computer Architectures , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[21]  David A. Wood,et al.  Heterogeneous-race-free memory models , 2014, ASPLOS.

[22]  Rui Zhang,et al.  End-to-End Automated Exploit Generation for Validating the Security of Processor Designs , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[23]  Meng Zhang,et al.  Fractal Coherence: Scalably Verifiable Cache Coherence , 2010, 2010 43rd Annual IEEE/ACM International Symposium on Microarchitecture.

[24]  David A. Wood,et al.  A Primer on Memory Consistency and Cache Coherence , 2012, Synthesis Lectures on Computer Architecture.

[25]  Daniel Lustig,et al.  Automated Synthesis of Comprehensive Memory Model Litmus Test Suites , 2017, ASPLOS.

[26]  Yunsup Lee,et al.  The RISC-V Instruction Set Manual , 2014 .

[27]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[28]  Margaret Martonosi,et al.  RTLCheck: Verifying the Memory Consistency of RTL Designs , 2017, 2017 50th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[29]  Christel Baier,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2015, Lecture Notes in Computer Science.

[30]  Christine Paulin-Mohring,et al.  The coq proof assistant reference manual , 2000 .

[31]  Shaked Flur,et al.  Simplifying ARM concurrency: multicopy-atomic axiomatic and operational models for ARMv8 , 2017, Proc. ACM Program. Lang..

[32]  Benedict R. Gaster HSA memory model , 2013, 2013 IEEE Hot Chips 25 Symposium (HCS).

[33]  John Wickerson,et al.  Remote-scope promotion: clarified, rectified, and verified , 2015, OOPSLA.