research-article

Public Access

RTLcheck: verifying the memory consistency of RTL designs

Authors:

Yatin A. Manerkar,

Margaret Martonosi,

Michael PellauerAuthors Info & Claims

MICRO-50 '17: Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture

Pages 463 - 476

https://doi.org/10.1145/3123939.3124536

Published: 14 October 2017 Publication History

Abstract

Paramount to the viability of a parallel architecture is the correct implementation of its memory consistency model (MCM). Although tools exist for verifying consistency models at several design levels, a problematic verification gap exists between checking an abstract microarchitectural specification of a consistency model and verifying that the actual processor RTL implements it correctly.

This paper presents RTLCheck, a methodology and tool for narrowing the microarchitecture/RTL MCM verification gap. Given a set of microarchitectural axioms about MCM behavior, an RTL design, and user-provided mappings to assist in connecting the two, RTLCheck automatically generates the SystemVerilog Assertions (SVA) needed to verify that the implementation satisfies the microarchitectural specification for a given litmus test program. When combined with existing automated MCM verification tools, RTLCheck enables test-based full-stack MCM verification from high-level languages to RTL. We evaluate RTLCheck on a multicore version of the RISC-V V-scale processor, and discover a bug in its memory implementation. Once the bug is fixed, we verify that the multicore V-scale implementation satisfies sequential consistency across 56 litmus tests. The JasperGold property verifier finds complete proofs for 89% of our properties, and can find bounded proofs for the remaining properties.

References

[1]

Mark Aagaard, Byron Cook, Nancy A. Day, and Robert B. Jones. 2001. A Framework for Microprocessor Correctness Statements. In Correct Hardware Design and Verification Methods (CHARME). 433--448.

Digital Library

[2]

Mark Aagaard, Robert B. Jones, Thomas F. Melham, John W. O'Leary, and Carl-Johan H. Seger. 2000. A Methodology for Large-Scale Hardware Verification. In Formal Methods in Computer-Aided Design, Third International Conference, FMCAD 2000. 263--282.

Digital Library

[3]

Jade Alglave, Mark Batty, Alastair Donaldson, Ganesh Gopalakrishnan, Jeroen Ketema, Daniel Poetzl, Tyler Sorensen, and John Wickerson. 2015. GPU Concurrency: Weak behaviours and programming assumptions. In 20th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).

Digital Library

[4]

Jade Alglave, Luc Maranget, and Michael Tautschnig. 2014. Herding cats: Modelling, Simulation, Testing, and Data-mining for Weak Memory. ACM Transactions on Programming Languages and Systems (TOPLAS) 36 (July 2014). Issue 2.

Digital Library

[5]

ARM. 2011. Cortex-A9 MPCore, programmer advice notice, read-after-read hazards. ARM Reference 761319. (2011). http://infocenter.arm.com/help/topic/com.arm.doc.uan0004a/UAN0004A_a9_read_read.pdf.

[6]

ARM. 2017. ARM Architecture Reference Manual ARMv8, for ARMv8-A architecture profile. (2017). https://static.docs.arm.com/ddi0487/b/DDI0487B_a_armv8_arm.pdf

[7]

Mark Batty, Kayvan Memarian, Scott Owens, Susmit Sarkar, and Peter Sewell. 2012. Clarifying and Compiling C/C++ Concurrency: from C++11 to POWER. In 39th Annual Symposium on Principles of Programming Languages (POPL).

Digital Library

[8]

Mark Batty, Scott Owens, Susmit Sarkar, Peter Sewell, and Tjark Weber. 2011. Mathematizing C++ Concurrency. In 38th Annual Symposium on Principles of Programming Languages, (POPL).

Digital Library

[9]

Colin Blundell, Milo Martin, and Thomas Wenisch. 2009. InvisiFence: Performance-Transparent Memory Ordering in Conventional Multiprocessors. In 36th International Symposium on Computer Architecture (ISCA).

Digital Library

[10]

Hans-J. Boehm and Sarita Adve. 2008. Foundations of the C++ Concurrency Memory Model. In 29th Conference on Programming Language Design and Implementation (PLDI).

Digital Library

[11]

James Bornholt and Emina Torlak. 2017. Synthesizing Memory Models from Framework Sketches and Litmus Tests. In 38th Conference on Programming Language Design and Implementation (PLDI). ACM.

Digital Library

[12]

Cadence Design Systems, Inc. 2015. JasperGold Apps User's Guide. (2015).

[13]

Cadence Design Systems, Inc. 2016. JasperGold Engine Selection Guide. (2016).

[14]

Eduard Cerny, Surrendra Dudani, John Havlicek, Dmitry Korchemny, et al. 2015. SVA: The Power of Assertions in SystemVerilog. Springer.

Digital Library

[15]

Luis Ceze, James Tuck, Pablo Montesinos, and Josep Torrellas. 2007. BulkSC: Bulk Enforcement of Sequential Consistency. In 34th International Symposium on Computer Architecture (ISCA).

Digital Library

[16]

comododragon. 2016. Stores are not working. (2016). https://github.com/ucb-bar/vscale/issues/13.

[17]

The Coq development team. 2004. The Coq proof assistant reference manual, version 8.0. LogiCal Project. http://coq.inria.fr

[18]

The diy development team. 2012. A don't (diy) tutorial, version 5.01. http://diy.inria.fr/doc/index.html

[19]

Shaked Flur, Kathryn E. Gray, Christopher Pulte, Susmit Sarkar, Ali Sezgin, Luc Maranget, Will Deacon, and Peter Sewell. 2016. Modelling the ARMv8 architecture, operationally: concurrency and ISA. In 43rd Annual Symposium on Principles of Programming Languages, (POPL). 608--621.

Digital Library

[20]

Harry D. Foster. 2015. Trends in Functional Verification: A 2014 Industry Study. In 52nd Design Automation Conference (DAC).

Digital Library

[21]

Kathryn E. Gray, Gabriel Kerneis, Dominic P. Mulligan, Christopher Pulte, Susmit Sarkar, and Peter Sewell. 2015. An integrated concurrency and core-ISA architectural envelope definition, and test oracle, for IBM POWER multiprocessors. In 48th International Symposium on Microarchitecture (MICRO). 635--646.

Digital Library

[22]

R. Guanciale, H. Nemati, C. Baumann, and M. Dam. 2016. Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures. In 2016 IEEE Symposium on Security and Privacy (SP). 38--55.

[23]

Mark Hachman. 2014. Intel finds specialized TSX enterprise bug on Haswell, Broadwell CPUs. (2014). http://www.pcworld.com/article/2464880/intel-finds-specialized-tsx-enterprise-bug-on-haswell-broadwell-cpus.html.

[24]

Sudheendra Hangal, Durgam Vahia, Chaiyasit Manovit, and Juin-Yeu Joseph Lu. 2004. TSOtool: A Program for Verifying Memory Systems Using the Memory Consistency Model. In 31st International Symposium on Computer Architecture (ISCA).

Digital Library

[25]

IBM. 2013. Power ISA Version 2.07. (2013).

[26]

IEEE. 2010. IEEE Standard for Property Specification Language (PSL). IEEE Std 1850-2010 (Revision of IEEE Std1850-2005) (April 2010).

[27]

IEEE. 2013. IEEE Standard for SystemVerilog-Unified Hardware Design, Specification, and Verification Language. IEEE Std 1800-2012 (Revision of IEEE Std 1800-2009) (Feb 2013), 1--1315.

[28]

Intel. 2013. Intel 64 and IA-32 Architectures Software Developer's Manual. (2013). http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf

[29]

L. Lamport. 1979. How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs. IEEE Transactions on Computing 28, 9 (1979).

Digital Library

[30]

Yunsup Lee, Albert Ou, and Albert Magyar. 2015. Z-Scale: Tiny 32-bit RISC-V Systems. (2015). https://riscv.org/wp-content/uploads/2015/06/riscv-zscale-workshop-june2015.pdf.

[31]

Daniel Lustig, Michael Pellauer, and Margaret Martonosi. 2014. PipeCheck: Specifying and Verifying Microarchitectural Enforcement of Memory Consistency Models. In 47th International Symposium on Microarchitecture (MICRO).

Digital Library

[32]

Daniel Lustig, Geet Sethi, Margaret Martonosi, and Abhishek Bhattacharjee. 2016. COATCheck: Verifying Memory Ordering at the Hardware-OS Interface. In 21st International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).

Digital Library

[33]

Daniel Lustig, Caroline Trippel, Yatin A. Manerkar, Margaret Martonosi, and Michael Pellauer. 2017. Check Research Tools and Papers. (2017). http://check.cs.princeton.edu/.

[34]

Albert Magyar. 2016. Verilog version of Z-scale. (2016). https://github.com/ucb-bar/vscale.

[35]

Yatin A. Manerkar, Daniel Lustig, Michael Pellauer, and Margaret Martonosi. 2015. CCICheck: Using μhb Graphs to Verify the Coherence-consistency Interface. In 48th International Symposium on Microarchitecture (MICRO).

Digital Library

[36]

Yatin A. Manerkar, Caroline Trippel, Daniel Lustig, Michael Pellauer, and Margaret Martonosi. 2016. Counterexamples and Proof Loophole for the C/C++ to POWER and ARMv7 Trailing-Sync Compiler Mappings. CoRR abs/1611.01507 (2016). http://arxiv.org/abs/1611.01507

[37]

Jeremy Manson, William Pugh, and Sarita Adve. 2005. The Java Memory Model. In 32nd Annual Symposium on Principles of Programming Languages, (POPL).

Digital Library

[38]

A. Meixner and D.J. Sorin. 2009. Dynamic Verification of Memory Consistency in Cache-Coherent Multithreaded Computer Architectures. IEEE Transactions on Dependable and Secure Computing (TDSC) (2009).

Digital Library

[39]

Scott Owens, Susmit Sarkar, and Peter Sewell. 2009. A better x86 memory model: x86-TSO. Conference on Theorem Proving in Higher Order Logics (TPHOLs) (2009).

Digital Library

[40]

Michael Pellauer, Mieszko Lis, Don Baltus, and Rishiyur S. Nikhil. 2005. Synthesis of synchronous assertions with guarded atomic actions. In 3rd ACM & IEEE International Conference on Formal Methods and Models for Co-Design (MEMOCODE).

Digital Library

[41]

Alastair Reid, Rick Chen, Anastasios Deligiannis, David Gilday, David Hoyes, Will Keen, Ashan Pathirane, Owen Shepherd, Peter Vrabel, and Ali Zaidi. 2016. End-to-End Verification of Processors with ISA-Formal. In 28th International Conference on Computer Aided Verification (CAV).

[42]

RISC-V Foundation. 2015. RISC-V in Verilog. (2015). https://riscv.org/2015/09/risc-v-in-verilog/.

[43]

Susmit Sarkar, Kayvan Memarian, Scott Owens, Mark Batty, Peter Sewell, Luc Maranget, Jade Alglave, and Derek Williams. 2012. Synchronising C/C++ and POWER. In 33rd Conference on Programming Language Design and Implementation (PLDI). 311--322.

Digital Library

[44]

Susmit Sarkar, Peter Sewell, Jade Alglave, Luc Maranget, and Derek Williams. 2011. Understanding POWER Microprocessors. In 32nd Conference on Programming Language Design and Implementation (PLDI).

Digital Library

[45]

Tyler Sorensen and Alastair F. Donaldson. 2016. Exposing Errors Related to Weak Memory in GPU Applications. In 37th Conference on Programming Language Design and Implementation (PLDI). ACM.

Digital Library

[46]

SPARC. 1994. SPARC Architecture Manual, version 9. (1994).

Digital Library

[47]

Daryl Stewart, David Gilday, Daniel Nevill, and Thomas Roberts. 2014. Processor memory system verification using DOGReL: a language for specifying end-to-end properties. In International Workshop on Design and Implementation of Formal Tools and Systems (DIFTS).

[48]

Pramod Subramanyan, Yakir Vizel, Sayak Ray, and Sharad Malik. 2015. Template-based Synthesis of Instruction-level Abstractions for SoC Verification. In Proceedings of the 15th Conference on Formal Methods in Computer-Aided Design (FMCAD '15). 8. http://dl.acm.org/citation.cfm?id=2893529.2893557

Digital Library

[49]

Caroline Trippel, Yatin A. Manerkar, Daniel Lustig, Michael Pellauer, and Margaret Martonosi. 2017. TriCheck: Memory Model Verification at the Trisection of Software, Hardware, and ISA. In 22nd International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).

Digital Library

[50]

Babu Turumella and Mukesh Sharma. 2008. Assertion-based Verification of a 32 Thread SPARC CMT Microprocessor. In Proceedings of the 45th Annual Design Automation Conference (DAC).

Digital Library

[51]

Muralidaran Vijayaraghavan, Adam Chlipala, Arvind, and Nirav Dave. 2015. Modular Deductive Verification of Multiprocessor Hardware Designs. In 27th International Conference on Computer Aided Verification (CAV).

[52]

Mark Walton. 2016. Intel Skylake bug causes PCs to freeze during complex workloads. (2016). https://arstechnica.com/gadgets/2016/01/intel-skylake-bug-causes-pcs-to-freeze-during-complex-workloads/.

[53]

Ping Yeung and K. Larsen. 2005. Practical Assertion-based Formal Verification for SoC Designs. In 2005 International Symposium on System-on-Chip. 58--61.

Cited By

Witharana HJayasena AMishra P(2024)Incremental Concolic Testing of Register-Transfer Level DesignsACM Transactions on Design Automation of Electronic Systems10.1145/365562129:3(1-23)Online publication date: 3-May-2024
https://dl.acm.org/doi/10.1145/3655621
Hsiao YNikoleris NKhyzha AMulligan DPetri GFletcher CTrippel C(2024)RTL2MμPATH: Multi-μPATH Synthesis with Applications to Hardware Security Verification2024 57th IEEE/ACM International Symposium on Microarchitecture (MICRO)10.1109/MICRO61859.2024.00045(507-524)Online publication date: 2-Nov-2024
https://doi.org/10.1109/MICRO61859.2024.00045
Chen CKande RNguyen NAndersen FTyagi ASadeghi ARajendran JCalandrino JTroncoso C(2023)HyPFuzzProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620314(1361-1378)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620314
Show More Cited By

Index Terms

RTLcheck: verifying the memory consistency of RTL designs
1. Computer systems organization
  1. Architectures
    1. Parallel architectures
2. Hardware
  1. Hardware validation
    1. Functional verification
      1. Assertion checking

Recommendations

PipeProof: automated memory consistency proofs for microarchitectural specifications
MICRO-51: Proceedings of the 51st Annual IEEE/ACM International Symposium on Microarchitecture

Memory consistency models (MCMs) specify rules which constrain the values that can be returned by load instructions in parallel programs. To ensure that parallel programs run correctly, verification of hardware MCM implementations would ideally be ...
Synthesizing SVA local variables for formal verification
DAC '07: Proceedings of the 44th annual Design Automation Conference

This paper describes techniques for efficiently handling a subset of System Verilog Assertion(SVA) safety properties with local variables in formal verification. The techniques produce checker circuits using datapath logic and pipeline registers for ...
An Efficient Method for Using Transaction Level Assertions in a Class Based Verification Environment
ISED '11: Proceedings of the 2011 International Symposium on Electronic System Design

Transaction level assertions are powerful way of abstracting property of a design. This paper talks about application of transaction level assertion in a transaction driven verification (TDV)environment and shows how assertions on meaningful collection ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MICRO-50 '17: Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture

October 2017

850 pages

ISBN:9781450349529

DOI:10.1145/3123939

General Chairs:
Hillery Hunter
IBM Research
,
Jaime Moreno
IBM Research
,
Program Chairs:
Joel Emer
NVIDIA and MIT
,
Daniel Sanchez
MIT

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMICRO: ACM Special Interest Group on Microarchitectural Research and Processing
IEEE-CS\DATC: IEEE Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 October 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

MICRO-50

Sponsor:

SIGMICRO
IEEE-CS\DATC

MICRO-50: The 50th Annual IEEE/ACM International Symposium on Microarchitecture

October 14 - 18, 2017

Massachusetts, Cambridge

Acceptance Rates

Overall Acceptance Rate 484 of 2,242 submissions, 22%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
875
Total Downloads

Downloads (Last 12 months)178
Downloads (Last 6 weeks)14

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Witharana HJayasena AMishra P(2024)Incremental Concolic Testing of Register-Transfer Level DesignsACM Transactions on Design Automation of Electronic Systems10.1145/365562129:3(1-23)Online publication date: 3-May-2024
https://dl.acm.org/doi/10.1145/3655621
Hsiao YNikoleris NKhyzha AMulligan DPetri GFletcher CTrippel C(2024)RTL2MμPATH: Multi-μPATH Synthesis with Applications to Hardware Security Verification2024 57th IEEE/ACM International Symposium on Microarchitecture (MICRO)10.1109/MICRO61859.2024.00045(507-524)Online publication date: 2-Nov-2024
https://doi.org/10.1109/MICRO61859.2024.00045
Chen CKande RNguyen NAndersen FTyagi ASadeghi ARajendran JCalandrino JTroncoso C(2023)HyPFuzzProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620314(1361-1378)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620314
Orenes-Vera MYun HWistoff NHeiser GBenini LWentzlaff DMartonosi M(2023)AutoCC: Automatic Discovery of Covert Channels in Time-Shared HardwareProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3614254(871-885)Online publication date: 28-Oct-2023
https://dl.acm.org/doi/10.1145/3613424.3614254
Levine RCho MMcKee DQuinn ASorensen TJust RFraser G(2023)GPUHarbor: Testing GPU Memory Consistency at Large (Experience Paper)Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598095(779-791)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598095
Levine RGuo TCho MBaker ALevien RNeto DQuinn ASorensen TAamodt TJerger NSwift M(2023)MC Mutants: Evaluating and Improving Testing for Memory Consistency SpecificationsProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3575693.3575750(473-488)Online publication date: 27-Jan-2023
https://dl.acm.org/doi/10.1145/3575693.3575750
Fang WHu GZhang H(2023)r-map: Relating Implementation and Specification in Hardware Refinement CheckingIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2023.329445442:12(5113-5126)Online publication date: Dec-2023
https://doi.org/10.1109/TCAD.2023.3294454
Farahmandi FRahman MRajendran STehranipoor MFarahmandi FRahman MRajendran STehranipoor M(2023)CAD for Hardware/Software Security VerificationCAD for Hardware Security10.1007/978-3-031-26896-0_9(187-210)Online publication date: 28-Jan-2023
https://doi.org/10.1007/978-3-031-26896-0_9
Nagarajan VSorin DHill MWood DNagarajan VSorin DHill MWood D(2022)Specifying and Validating Memory Consistency Models and Cache CoherenceA Primer on Memory Consistency and Cache Coherence10.1007/978-3-031-01764-3_11(253-273)Online publication date: 28-Mar-2022
https://doi.org/10.1007/978-3-031-01764-3_11
Manocha ASorensen TTureci EMatthews OAragón JMartonosi M(2021)GraphAttackACM Transactions on Architecture and Code Optimization10.1145/346984618:4(1-26)Online publication date: 3-Sep-2021
https://dl.acm.org/doi/10.1145/3469846
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten