Felipe Lisboa Malaquias
Mihail Asavoae
Florian Brandner
ABSTRACT
In order to prove conformance to memory standards and bound memory access latency, recently proposed real-time DRAM controllers rely on paper and pencil proofs, which can be troubling: they are difficult to read and review, they are often shown only partially and/or rely on abstractions for the sake of conciseness, and they can easily diverge from the controller implementation, as no formal link is established between both. We propose a new framework written in Coq, in which we model a DRAM controller and its expected behaviour as a formal specification. The trustworthiness in our solution comes two-fold: 1) proofs that are typically done on paper and pencil are now done in Coq and thus certified by it’s kernel, and 2) the reviewer’s job develops into making sure that the formal specification matches the standards – instead of performing a thorough check of the underlying mathematical formalism. Our framework provides a generic DRAM model capturing a set of controller properties as proof obligations, which all implementations must comply with. We focus on properties related to the respect of timing constraints imposed by the memory standards, the correctness of the DRAM command protocol and the assertiveness that every incoming request is handled in bounded time. We refine our specification with two implementations based on widely-known arbitration policies – First-in First-Out (FIFO) and Time-Division Multiplexing (TDM). We extract proved code from our model and use it as a “trusted core” on a cycle-accurate DRAM simulator.
- Balasubramanya Bhat and Frank Mueller. 2011. Making DRAM Refresh Predictable. Real-Time Syst. 47, 5 (2011), 430–453. https://doi.org/10.1007/s11241-011-9129-6Google Scholar
Digital Library
- Per Bjesse, Koen Claessen, Mary Sheeran, and Satnam Singh. 1998. Lava: hardware design in Haskell. ACM SIGPLAN Notices 34, 1 (1998), 174–184.Google ScholarDigital Library
- Sylvie Boldo, François Clément, Florian Faissole, Vincent Martin, and Micaela Mayero. 2017. A Coq formal proof of the Lax-Milgram theorem. In Proceedings of the 6th ACM SIGPLAN Conference on Certified Programs and Proofs. 79–89.Google ScholarDigital Library
- Felipe Cerqueira, Felix Stutz, and Björn B. Brandenburg. 2016. PROSA: A Case for Readable Mechanized Schedulability Analysis. In Euromicro Conference on Real-Time Systems(ECRTS’16). IEEE, 273–284.Google Scholar
- Joonwon Choi, Muralidaran Vijayaraghavan, Benjamin Sherman, Adam Chlipala, and Arvind. 2017. Kami: A Platform for High-Level Parametric Hardware Specification and Its Modular Verification. Proc. ACM Prog. Lang. 1(2017), 1–30.Google ScholarDigital Library
- Leonardo Ecco and Rolf Ernst. 2015. Improved DRAM timing bounds for real-time DRAM controllers with read/write bundling. In Real-Time Systems Symposium(RTSS’15). IEEE, 53–64.Google ScholarDigital Library
- Danlu Guo and Rodolfo Pellizzoni. 2017. A requests bundling DRAM controller for mixed-criticality systems. In Real-Time and Embedded Technology and Applications Symposium(RTAS’17). IEEE, 247–258.Google ScholarCross Ref
- Xiaojie Guo, Maxime Lesourd, Mengqi Liu, Lionel Rieg, and Zhong Shao. 2019. Integrating Formal Schedulability Analysis into a Verified OS Kernel. In Computer Aided Verification(CAV’19). Springer, 496–514.Google Scholar
- Mohamed Hassan and Hiren Patel. 2017. MCXplore: Automating the validation process of DRAM memory controller designs. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 37, 5(2017), 1050–1063.Google Scholar
- Mohamed Hassan, Hiren Patel, and Rodolfo Pellizzoni. 2015. A framework for scheduling DRAM memory accesses for multi-core mixed-time critical systems. In Real-Time and Embedded Technology and Applications Sym.IEEE, 307–316.Google Scholar
- Javier Jalle, Eduardo Quinones, Jaume Abella, Luca Fossati, Marco Zulianello, and Francisco J Cazorla. 2014. A dual-criticality memory controller (DCmc): Proposal and evaluation of a space case study. In Real-Time Systems Symposium(RTSS’14). IEEE, 207–217.Google ScholarCross Ref
- Joint Electron Device Engineering Council (JEDEC). 2021. DDR4 SDRAM STANDARD.Google Scholar
- Matthias Jung, Kira Kraft, Taha Soliman, Chirag Sudarshan, Christian Weis, and Norbert Wehn. 2019. Fast validation of DRAM protocols with timed petri nets. In International Symposium on Memory Systems(MEMSYS’19). ACM, 133–147.Google ScholarDigital Library
- Yonghui Li, Benny Akesson, and Kees Goossens. 2014. Dynamic command scheduling for real-time memory controllers. In Euromicro Conference on Real-Time Systems(ECRTS’14). IEEE, 3–14.Google ScholarDigital Library
- Yonghui Li, Benny Akesson, Kai Lampka, and Kees Goossens. 2016. Modeling and verification of dynamic command scheduling for real-time memory controllers. In Real-Time and Embedded Technology and Applications Symposium. IEEE, 1–12.Google ScholarCross Ref
- Reza Mirosanlou, Danlu Guo, Mohamed Hassan, and Rodolfo Pellizzoni. 2020. Mcsim: An extensible DRAM memory controller simulator. IEEE Computer Architecture Letters 19, 2 (2020), 105–109.Google ScholarCross Ref
- Tobias Nipkow, Lawrence C Paulson, and Markus Wenzel. 2002. Isabelle/HOL: a proof assistant for higher-order logic. Vol. 2283. Springer.Google Scholar
- Marco Paolieri, Eduardo Quinones, Francisco J Cazorla, and Mateo Valero. 2009. An analyzable memory controller for hard real-time CMPs. IEEE Embedded Systems Letters 1, 4 (2009), 86–90.Google ScholarDigital Library
- Jan Reineke, Isaac Liu, Hiren D Patel, Sungjun Kim, and Edward A Lee. 2011. PRET DRAM controller: Bank privatization for predictability and temporal isolation. In Conference on Hardware/Software Codesign and System Synthesis. IEEE, 99–108.Google ScholarDigital Library
- Scott Rixner, William J Dally, Ujval J Kapasi, Peter Mattson, and John D Owens. 2000. Memory access scheduling. ACM SIGARCH Computer Architecture News 28, 2 (2000), 128–138.Google ScholarDigital Library
- Andreas Schranzhofer, Rodolfo Pellizzoni, Jian-Jia Chen, Lothar Thiele, and Marco Caccamo. 2011. Timing analysis for resource access interference on adaptive resource arbiters. In Real-Time and Embedded Technology and Applications Symposium(RTAS’11). IEEE, 213–222.Google ScholarDigital Library
- Morten Heine Sørensen and Pawel Urzyczyn. 2006. Lectures on the Curry-Howard isomorphism. Elsevier.Google ScholarDigital Library
- Zheng Pei Wu, Yogen Krish, and Rodolfo Pellizzoni. 2013. Worst case analysis of DRAM latency in multi-requestor systems. In Real-Time Systems Symposium(RTSS’13). IEEE, 372–383.Google ScholarDigital Library
- Xin Xin, Youtao Zhang, and Jun Yang. 2019. ROC: DRAM-based Processing with Reduced Operation Cycles. In Proceedings of the 56th Annual Design Automation Conference 2019. 1–6.Google ScholarDigital Library
- Heechul Yun, Rodolfo Pellizzon, and Prathap Kumar Valsan. 2015. Parallelism-aware memory interference delay analysis for COTS multicore systems. In Euromicro Conference on Real-Time Systems(ECRTS’15). IEEE, 184–195.Google ScholarDigital Library
Recommendations
A formal framework to design and prove trustworthy memory controllers
AbstractIn order to prove conformance to memory standards and bound memory access latency, recently proposed real-time DRAM controllers rely on paper and pencil proofs, which can be troubling: they are difficult to read and review, they are often shown ...
Refresh pausing in DRAM memory systems
Dynamic Random Access Memory (DRAM) cells rely on periodic refresh operations to maintain data integrity. As the capacity of DRAM memories has increased, so has the amount of time consumed in doing refresh. Refresh operations contend with read ...
A Framework for Formal Verification of DRAM Controllers
MEMSYS '22: Proceedings of the 2022 International Symposium on Memory SystemsThe large number of recent JEDEC DRAM standard releases and their increasing feature set makes it difficult for designers to rapidly upgrade the memory controller IPs to each new standard. Especially hardware verification is challenging due to the higher ...
Comments