pipeproof
play

PipeProof: Automated Memory Consistency Proofs for - PowerPoint PPT Presentation

Jun 09, 2023 •551 likes •1.36k views

PipeProof: Automated Memory Consistency Proofs for Microarchitectural Specifications Yatin A. Manerkar , Daniel Lustig*, Margaret Martonosi, and Aarti Gupta Princeton University *NVIDIA MICRO-51 http:/ ://check.cs.p .princeton.edu/ Memory

  1. PipeProof: Automated Memory Consistency Proofs for Microarchitectural Specifications Yatin A. Manerkar , Daniel Lustig*, Margaret Martonosi, and Aarti Gupta Princeton University *NVIDIA MICRO-51 http:/ ://check.cs.p .princeton.edu/

  2. Memory Consistency Models (MCMs) ▪ Specify rules governing values returned by loads in parallel programs ▪ MCM must be correctly implemented for all possible programs Compiler Microarchitecture

  3. Memory Consistency Models (MCMs) ▪ Specify rules governing values returned by loads in parallel programs ▪ MCM must be correctly implemented for all possible programs Compiler ISA-Level MCM (x86-TSO, Power, ARMv8, etc) Microarchitecture

  4. Memory Consistency Models (MCMs) ▪ Specify rules governing values returned by loads in parallel programs ▪ MCM must be correctly implemented for all possible programs Compiler Target for compilers… ISA-Level MCM (x86-TSO, Power, ARMv8, etc) Microarchitecture

  5. Memory Consistency Models (MCMs) ▪ Specify rules governing values returned by loads in parallel programs ▪ MCM must be correctly implemented for all possible programs Compiler Target for compilers… ISA-Level MCM (x86-TSO, Power, ARMv8, etc) …and a specification that microarchitecture must implement Microarchitecture

  6. Memory Consistency Models (MCMs) ▪ Specify rules governing values returned by loads in parallel programs ▪ MCM must be correctly implemented for all possible programs Compiler Target for compilers… ??? …and a specification that microarchitecture must implement Microarchitecture

  7. The Infinite Forest [Images: HeeWann Kim, tzblacktd, audino]

  8. The Infinite Forest +∞ Forest goes on forever ( infinite number of possible programs ) +∞ - ∞ - ∞ [Images: HeeWann Kim, tzblacktd, audino]

  9. The Infinite Forest +∞ Can check known hideouts ( verify design +∞ - ∞ for test programs ) - ∞ [Images: HeeWann Kim, tzblacktd, audino]

  10. The Infinite Forest +∞ +∞ - ∞ Are Pokemon lurking in unexplored areas? ( Do tested programs provide - ∞ complete coverage? ) [Images: HeeWann Kim, tzblacktd, audino]

  11. The Infinite Forest +∞ Have we caught all the Pokemon? +∞ - ∞ ( Are there any MCM bugs left in the design? ) - ∞ [Images: HeeWann Kim, tzblacktd, audino]

  12. PipeProof Overview ▪ First automated all-program microarchitectural MCM verification! • Covers all possible addresses, values, numbers of cores ▪ Proof methodology based on automatic abstraction refinement ▪ Early-stage: Can be conducted before RTL is written! µarch and ISA All-Program MCM Specs MCM PipeProof + Correctness Auxiliary Proof! Inputs

  13. Outline ▪ Background • ISA-level MCM specs • Microarchitectural ordering specs ▪ Microarchitectural Correctness Proof • Transitive Chain (TC) Abstraction ▪ Overall PipeProof Operation • TC Abstraction Support Proof • Chain Invariants ▪ Results

  14. ISA-Level MCM Specifications ▪ Defined in terms of relational patterns [Alglave et al. TOPLAS 2014] ▪ ISA-level executions are graphs • Nodes: instructions, edges: ISA-level relations between instrs ▪ Correctness based on acyclicity, irreflexivity, etc of relational patterns • Eg: SC is 𝑏𝑑𝑧𝑑𝑚𝑗𝑑(𝑞𝑝 ∪ 𝑑𝑝 ∪ 𝑠𝑔 ∪ 𝑔𝑠) An IS ISA-level l execution of of mp mp Mes essage passin ing (mp mp) litm litmus tes est (i1) [x] ← 1 (i3) r1 ← [y] po po rf fr (i2) [y] ← 1 (i4) r2 ← [x]

  15. ISA-Level MCM Specifications ▪ Defined in terms of relational patterns [Alglave et al. TOPLAS 2014] ▪ ISA-level executions are graphs • Nodes: instructions, edges: ISA-level relations between instrs ▪ Correctness based on acyclicity, irreflexivity, etc of relational patterns • Eg: SC is 𝑏𝑑𝑧𝑑𝑚𝑗𝑑(𝑞𝑝 ∪ 𝑑𝑝 ∪ 𝑠𝑔 ∪ 𝑔𝑠) An IS ISA-level l execution of of mp mp Mes essage passin ing (mp mp) litm litmus tes est (i1) [x] ← 1 (i3) r1 ← [y] po po rf fr (i2) [y] ← 1 (i4) r2 ← [x]

  16. ISA-Level MCM Specifications ▪ Defined in terms of relational patterns [Alglave et al. TOPLAS 2014] ▪ ISA-level executions are graphs • Nodes: instructions, edges: ISA-level relations between instrs ▪ Correctness based on acyclicity, irreflexivity, etc of relational patterns • Eg: SC is 𝑏𝑑𝑧𝑑𝑚𝑗𝑑(𝑞𝑝 ∪ 𝑑𝑝 ∪ 𝑠𝑔 ∪ 𝑔𝑠) An IS ISA-level l execution of of mp mp Mes essage passin ing (mp mp) litm litmus tes est (i1) [x] ← 1 (i3) r1 ← [y] po po rf fr (i2) [y] ← 1 (i4) r2 ← [x]

  17. ISA-Level MCM Specifications ▪ Defined in terms of relational patterns [Alglave et al. TOPLAS 2014] ▪ ISA-level executions are graphs • Nodes: instructions, edges: ISA-level relations between instrs ▪ Correctness based on acyclicity, irreflexivity, etc of relational patterns • Eg: SC is 𝑏𝑑𝑧𝑑𝑚𝑗𝑑(𝑞𝑝 ∪ 𝑑𝑝 ∪ 𝑠𝑔 ∪ 𝑔𝑠) An IS ISA-level l execution of of mp mp Mes essage passin ing (mp mp) litm litmus tes est (i1) [x] ← 1 (i3) r1 ← [y] po po rf fr (i2) [y] ← 1 (i4) r2 ← [x]

  18. ISA-Level MCM Specifications ▪ Defined in terms of relational patterns [Alglave et al. TOPLAS 2014] ▪ ISA-level executions are graphs • Nodes: instructions, edges: ISA-level relations between instrs ▪ Correctness based on acyclicity, irreflexivity, etc of relational patterns • Eg: SC is 𝑏𝑑𝑧𝑑𝑚𝑗𝑑(𝑞𝑝 ∪ 𝑑𝑝 ∪ 𝑠𝑔 ∪ 𝑔𝑠) An IS ISA-level l execution of of mp mp Mes essage passin ing (mp mp) litm litmus tes est (i1) [x] ← 1 (i3) r1 ← [y] po po rf fr (i2) [y] ← 1 (i4) r2 ← [x]

  19. Microarchitectural Ordering Specifications ▪ Set of axioms in µspec DSL [Lustig et al. ASPLOS 2016] ▪ Used to generate microarchitectural executions as µhb graphs • Nodes: instr. sub-events, edges: happens-before relations between instrs ▪ Observability based on cyclicity of graphs A µhb hb gr graph of of mp mp on on sim imple leSC • Cyclic graph → Unobservable fr • Acyclic graph → Observable po po rf (i1) (i2) (i3) (i4) IF Mes essage passin ing (mp mp) litm litmus tes est EX WB

  20. Microarchitectural Ordering Specifications ▪ Set of axioms in µspec DSL [Lustig et al. ASPLOS 2016] ▪ Used to generate microarchitectural executions as µhb graphs • Nodes: instr. sub-events, edges: happens-before relations between instrs ▪ Observability based on cyclicity of graphs A µhb hb gr graph of of mp mp on on sim imple leSC • Cyclic graph → Unobservable fr • Acyclic graph → Observable po po rf (i1) (i2) (i3) (i4) IF Mes essage passin ing (mp mp) litm litmus tes est EX WB

  21. Microarchitectural Ordering Specifications ▪ Set of axioms in µspec DSL [Lustig et al. ASPLOS 2016] ▪ Used to generate microarchitectural executions as µhb graphs • Nodes: instr. sub-events, edges: happens-before relations between instrs ▪ Observability based on cyclicity of graphs A µhb hb gr graph of of mp mp on on sim imple leSC • Cyclic graph → Unobservable fr • Acyclic graph → Observable po po rf (i1) (i2) (i3) (i4) IF Mes essage passin ing (mp mp) litm litmus tes est EX WB

  22. Microarchitectural Ordering Specifications ▪ Set of axioms in µspec DSL [Lustig et al. ASPLOS 2016] ▪ Used to generate microarchitectural executions as µhb graphs • Nodes: instr. sub-events, edges: happens-before relations between instrs ▪ Observability based on cyclicity of graphs A µhb hb gr graph of of mp mp on on sim imple leSC • Cyclic graph → Unobservable fr • Acyclic graph → Observable po po rf (i1) (i2) (i3) (i4) IF Mes essage passin ing (mp mp) litm litmus tes est EX WB

  23. Microarchitectural Ordering Specifications ▪ Set of axioms in µspec DSL [Lustig et al. ASPLOS 2016] ▪ Used to generate microarchitectural executions as µhb graphs • Nodes: instr. sub-events, edges: happens-before relations between instrs ▪ Observability based on cyclicity of graphs A µhb hb gr graph of of mp mp on on sim imple leSC • Cyclic graph → Unobservable fr • Acyclic graph → Observable po po rf (i1) (i2) (i3) (i4) IF Mes essage passin ing (mp mp) litm litmus tes est EX WB

  24. Our Prior Work: Litmus Test-Based MCM Verification Mic icroarchit itecture in in µspec ec DS DSL Axiom “ Decode_is_FIFO": ... EdgeExists ((i1, Decode), (i2, Decode)) => AddEdge ((i1, Execute), (i2, Execute)). ... Axiom "PO_Fetch": ... SameCore i1 i2 /\ ProgramOrder i1 i2 => AddEdge ((i1, Fetch), (i2, Fetch)). Litm Litmus Tes est [Lustig et al. MICRO- 47, …]

  25. Our Prior Work: Litmus Test-Based MCM Verification Mic icroarchit itecture in µspec in ec DS DSL Axiom “ Decode_is_FIFO": ... EdgeExists ((i1, Decode), (i2, Decode)) => AddEdge ((i1, Execute), (i2, Execute)). ... Axiom "PO_Fetch": ... SameCore i1 i2 /\ ProgramOrder i1 i2 => AddEdge ((i1, Fetch), (i2, Fetch)). Litm Litmus Tes est Mic icroarchit itectural happen ens-before (µ (µhb hb) gr graphs [Lustig et al. MICRO- 47, …]

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Practical Padding Oracle Attacks J. Rizzo T. Duong Black Hat Europe, 2010 J. Rizzo, T. Duong

Practical Padding Oracle Attacks J. Rizzo T. Duong Black Hat Europe, 2010 J. Rizzo, T. Duong

Introduction Finding Padding Oracles Basic PO attacks Advanced PO attacks Summary Practical Padding Oracle Attacks J. Rizzo T. Duong Black Hat Europe, 2010 J. Rizzo, T. Duong Practical Padding Oracle Attacks Introduction Finding Padding

1.33k views • 108 slides
Purchase Requisitions and Receiving Non Vendor Catalog Revised 12/06/2016 Ground Rules

Purchase Requisitions and Receiving Non Vendor Catalog Revised 12/06/2016 Ground Rules

Purchase Requisitions and Receiving Non Vendor Catalog Revised 12/06/2016 Ground Rules Please put cell phones on vibrate, dont answer in class. If urgent, please step outside the classroom. Please do not perform work including email

474 views • 22 slides
Prelim 1 tonight 7:30 PM NetID ends in 0-6: Olin Hall 155 NetID ends in 7-9: Olin Hall

Prelim 1 tonight 7:30 PM NetID ends in 0-6: Olin Hall 155 NetID ends in 7-9: Olin Hall

Try to leave every 3 rd row (mostly) empty Wall Wall usable seats empty seats Prelim 1 tonight 7:30 PM NetID ends in 0-6: Olin Hall 155 NetID ends in 7-9: Olin Hall 165 Previous Lecture: Introduction to 2-d array matrix

831 views • 42 slides
Outline I. Flags what is a flag? who cares? II. (commutative) Generic matrices

Outline I. Flags what is a flag? who cares? II. (commutative) Generic matrices

PO-set paths and q -commuting minors Aaron Lauve LaCIM - UQAM S eminaire de combinatoire et dinformatique math ematique le 7 avril 2006 http://www.lacim.uqam.ca/ lauve (Research) lauve@lacim.uqam.ca Outline I. Flags

819 views • 39 slides
Data science for networked data Po-Ling Loh University of Wisconsin-Madison Department of

Data science for networked data Po-Ling Loh University of Wisconsin-Madison Department of

Data science for networked data Po-Ling Loh University of Wisconsin-Madison Department of Statistics AISTATS Okinawa, Japan April 16, 2019 Joint work with: Justin Khim (UPenn), Varun Jog (UW-Madison), Ashley Hou (UW-Madison), Wen Yan

1.49k views • 104 slides
Kanban vs Scrum Making the most of both QCon, San Francisco Nov 18, 2009 Henrik Kniberg

Kanban vs Scrum Making the most of both QCon, San Francisco Nov 18, 2009 Henrik Kniberg

Kanban vs Scrum Making the most of both QCon, San Francisco Nov 18, 2009 Henrik Kniberg Agile/Lean coach @ Crisp, Stockholm http://www.crisp.se/henrik.kniberg Background: developer, manager, entreprenuer Board of directors

999 views • 52 slides
FLP and RSMs The Consensus Trilogy - Part 1 FLP and RSMs The Consensus Trilogy - Part 1

FLP and RSMs The Consensus Trilogy - Part 1 FLP and RSMs The Consensus Trilogy - Part 1

FLP and RSMs The Consensus Trilogy - Part 1 FLP and RSMs The Consensus Trilogy - Part 1 Announcements Announcements No Lab 1. We will just skip ahead to Lab 2 in 2 weeks. Laziness. More time for you to spend on Lab 2 which looks

1.16k views • 52 slides
CSC304 Lecture 19 Fair Division 2: Cake-cutting, Indivisible goods CSC304 - Nisarg Shah 1

CSC304 Lecture 19 Fair Division 2: Cake-cutting, Indivisible goods CSC304 - Nisarg Shah 1

CSC304 Lecture 19 Fair Division 2: Cake-cutting, Indivisible goods CSC304 - Nisarg Shah 1 Recall: Cake-Cutting A heterogeneous, divisible good Represented as [0,1] Set of players = {1, , } Each player has

336 views • 22 slides
Private Organizations (POs) I n t e g r i t y - S e r v i c e - E x c e l l e n c e 412th Force

Private Organizations (POs) I n t e g r i t y - S e r v i c e - E x c e l l e n c e 412th Force

Private Organizations (POs) I n t e g r i t y - S e r v i c e - E x c e l l e n c e 412th Force Support Squadron Mrs. Jessica ODonnell 08 Feb 2013 Private Orgs www.EdwardsFSS.com AFIs Frequently Asked Questions Templates

599 views • 12 slides
PrivPy: Scalable and General Privacy-Preserving Data Mining Yi Li , Yitao Duan , Yu Yu

PrivPy: Scalable and General Privacy-Preserving Data Mining Yi Li , Yitao Duan , Yu Yu

PrivPy: Scalable and General Privacy-Preserving Data Mining Yi Li , Yitao Duan , Yu Yu , Shouyao Zhao , Wei Xu Institute for Interdisciplinary Information Sciences, Tsinghua University NetEase Youdao Shanghai Jiaotong

2.29k views • 23 slides
Machine Learning II DS 4420 - Spring 2020 MLE, MAP, & Graphical models Byron C. Wallace

Machine Learning II DS 4420 - Spring 2020 MLE, MAP, & Graphical models Byron C. Wallace

Machine Learning II DS 4420 - Spring 2020 MLE, MAP, & Graphical models Byron C. Wallace <latexit

720 views • 56 slides
Git as a HIT Dan Licata Wesleyan University 1 1 Darcs Git as a HIT Dan Licata Wesleyan

Git as a HIT Dan Licata Wesleyan University 1 1 Darcs Git as a HIT Dan Licata Wesleyan

Git as a HIT Dan Licata Wesleyan University 1 1 Darcs Git as a HIT Dan Licata Wesleyan University 1 1 HITs 2 Generator for 2 HITs Homotopy Type Theory is an extension of Agda/Coq based on connections with homotopy theory

1.66k views • 128 slides
Clinical Trials in OSA Samuel T. Kuna, MD Department of Medicine Center for Sleep and Circadian

Clinical Trials in OSA Samuel T. Kuna, MD Department of Medicine Center for Sleep and Circadian

2/13/2018 24th ANNUAL ADVANCES IN SLEEP APNEA AND SNORING February 16-17, 2018 Grand Hyatt on Union Square San Francisco, California Clinical Trials in OSA Samuel T. Kuna, MD Department of Medicine Center for Sleep and Circadian

642 views • 11 slides
We Crashed, Now What? Lorenzo Cavallaro Cristiano Giuffrida Andrew S. Tanenbaum Vrije

We Crashed, Now What? Lorenzo Cavallaro Cristiano Giuffrida Andrew S. Tanenbaum Vrije

We Crashed, Now What? Lorenzo Cavallaro Cristiano Giuffrida Andrew S. Tanenbaum Vrije Universiteit Amsterdam 6 th Usenix Workshop on Hot Topics in System Dependability October 3, 2010, Vancouver, BC, Canada We Crashed, Now What? Cristiano

772 views • 59 slides
Inducing a Discriminative Parser to Optimize Machine Translation Reordering Graham Neubig 1,2,3 ,

Inducing a Discriminative Parser to Optimize Machine Translation Reordering Graham Neubig 1,2,3 ,

Inducing a Discriminative Parser to Optimize Machine Translation Reordering Inducing a Discriminative Parser to Optimize Machine Translation Reordering Graham Neubig 1,2,3 , Taro Watanabe 2 , Shinsuke Mori 1 1 2 3 now at 1 Inducing a

980 views • 34 slides
Warming up Storage-level Caches with Bonfire Yiying Zhang Gokul Soundararajan Mark W. Storer

Warming up Storage-level Caches with Bonfire Yiying Zhang Gokul Soundararajan Mark W. Storer

Warming up Storage-level Caches with Bonfire Yiying Zhang Gokul Soundararajan Mark W. Storer Lakshmi N. Bairavasundaram Sethuraman Subbiah Andrea C. Arpaci-Dusseau Remzi H. Arpaci-Dusseau 2 Does on-demand cache warmup still work ? 3 10s

661 views • 34 slides
A Low Power Asynchronous GPS Baseband Processor Benjamin Z. Tang, Stephen Longfield, Jr., Sunil

A Low Power Asynchronous GPS Baseband Processor Benjamin Z. Tang, Stephen Longfield, Jr., Sunil

A Low Power Asynchronous GPS Baseband Processor Benjamin Z. Tang, Stephen Longfield, Jr., Sunil A. Bhave, Rajit Manohar Cornell University Benjamin Tang 05/07/2012 - 1/18 Motivation Augmented reality Micro robotics navigation

227 views • 19 slides
3. Data Structure and Algorithm 3.1 Proplets for Coding Propositional Content 3.1.1 C ONTEXT

3. Data Structure and Algorithm 3.1 Proplets for Coding Propositional Content 3.1.1 C ONTEXT

A Computational Model of Natural Language Communication 31 3. Data Structure and Algorithm 3.1 Proplets for Coding Propositional Content 3.1.1 C ONTEXT PROPLETS REPRESENTING dog barks. (I) run. 2 3 2 3 sur: sur: 2 3 sur: verb: bark verb:

780 views • 20 slides
ADVENTURES IN TIME & SPACE Jim Royer Syracuse University Joint work with Norman Danner

ADVENTURES IN TIME & SPACE Jim Royer Syracuse University Joint work with Norman Danner

ADVENTURES IN TIME & SPACE Jim Royer Syracuse University Joint work with Norman Danner Wesleyan University GeoCal06 Based on: Adventures in Time and Space, by N. Danner and J.S. Royer, Proceedings of the 2006 ACM Principles of

445 views • 31 slides
Hospice Item Set Presented By: CMS and RTI International February 4 5, 2014 Welcome Welcome

Hospice Item Set Presented By: CMS and RTI International February 4 5, 2014 Welcome Welcome

Hospice Item Set Presented By: CMS and RTI International February 4 5, 2014 Welcome Welcome Introductions General Housekeeping Slide 2 Hospice Item Set Training February 4-5, 2014 1 Day 1 Overview Day 1 Overview HQRP

1.22k views • 48 slides
Statistical Parsing Parsing context-free languages ar ltekin University of Tbingen

Statistical Parsing Parsing context-free languages ar ltekin University of Tbingen

Statistical Parsing Parsing context-free languages ar ltekin University of Tbingen Seminar fr Sprachwissenschaft November 8, 2016 Recap Parsing basics CKY Earley Closing Ingredients of a (natural language) parser .

1.17k views • 51 slides
Qualms About QAM: An Exploratory Study BY: EVGUENIA IGNATOVA PRINCIPAL INVESTIGATOR/SUPERVISOR:

Qualms About QAM: An Exploratory Study BY: EVGUENIA IGNATOVA PRINCIPAL INVESTIGATOR/SUPERVISOR:

10/2/17 Consider Qualms About QAM: An Exploratory Study BY: EVGUENIA IGNATOVA PRINCIPAL INVESTIGATOR/SUPERVISOR: DR. MAURICE FELDMAN CO-INVESTIGATOR: DR. ROSEMARY CONDILLAC Pre-QAM Findings Pre-QAM Findings u Feldman, Atkinson,

436 views • 4 slides
Improved Algorithms for Amplitude- and Phase-Scin9lla9on

Improved Algorithms for Amplitude- and Phase-Scin9lla9on

Improved Algorithms for Amplitude- and Phase-Scin9lla9on Indices of GPS Signals Abram Farley-Kalamazoo College ASTRA Mentors: Irfan Azeem and Adam

555 views • 26 slides
Introduction to Anglican Jan-Willem van de Meent Anatomy of an Anglican Program (ns

Introduction to Anglican Jan-Willem van de Meent Anatomy of an Anglican Program (ns

Introduction to Anglican Jan-Willem van de Meent Anatomy of an Anglican Program (ns examples.one-flip (:use [anglican.core :exclude [-main]] [anglican emit runtime stat]) (:gen-class)) (defquery one-flip [outcome] (let [theta (sample (beta

399 views • 21 slides

More recommend