Electronic Design
Image courtesy of Thinkstock
<p>(Image courtesy of Thinkstock).</p>

RISC-V Fails Memory Ordering Tests, Sparking Concern and Clarification

The RISC-V instruction set failed more than a hundred tests related to how software running inside a high-end chip stored and retrieved information from memory. The flaws that caused the failures are already being repaired and only affect a high-performance core using the open-source architecture.

Margaret Martonosi, a professor of computer science at Princeton University, and her colleagues published a paper that identified holes in the RISC-V specification, which is supposed to ensure that processors take turns accessing shared memory. The researchers found that one type of RISC-V hardware cheated on memory ordering tests.

Princeton’s paper, released at the ACM International Conference on Architectural Support for Programming Languages and Operating Systems, warned that the holes could cause errors in software running on high-performance hardware based on the RISC-V instruction set, which lays out the most basic functions of chips like memory and logic.

“Incorrect memory access orderings can result in software performing calculations using the wrong values,” Martonosi said in a statement. “These in turn can lead to hard-to-debug software errors that either causes the software to crash or to be vulnerable to security exploits.”

Krste Asanović, chairman of the RISC-V Foundation, said in an April blog post that the failed tests had been taken the wrong way. “It is important to note that failed litmus tests do not correspond one-to-one with errors in the memory consistency models,” he said.

“A single change to the RISC-V ISA specification could eliminate all these errors,” he added.

Asanović said that the holes in the memory consistency model were first identified in late 2015. They would be fixed in the latest release of the RISC-V specification. Daniel Lustig, a research scientist at Nvidia and one of the paper’s authors, is overseeing changes to the memory model.

“Everything’s under control,” Lustig said last month in a Shanghai workshop. “There is nothing really to worry about," he said, adding that the changes should chiefly concern engineers using high-performance cores with more aggressive rules for scheduling memory access.

But the impending changes will not affect simpler cores like Rocket, which anyone can freely download. “The changes will be backwards compatible, such that existing simpler cores would run code written to the new specification correctly,” Asanović assured.

Lustig and other engineers revising the instruction set have downplayed the seriousness of the memory ordering flaws. RISC-V is facing stiff headwinds, including the fact that few engineers appeared to be running away from rival technology from Intel and ARM, which sells its blueprints or more basic hardware designs that chip suppliers can build upon.

The new instruction set, which can be freely used and modified, has intrigued companies looking into custom chips. Many electrical engineers from Google, Microsoft, Oracle, and IBM are a frequent presence at RISC-V meetings. Nvidia has used the instruction set to create a custom controller for its graphics chips. 

An open-instruction set architecture, RISC-V could reduce the massive investment required to develop custom chips. It allows companies to create chips for a fraction of the cost and with better power consumption and performance than closed architectures, while making it easier to integrate custom peripherals.

The architecture was first developed by computer scientists at the University of California, Berkeley – Krste Asanović, Yunsup Lee, and Andrew Waterman – who recently started a company called SiFive to sell cores that serve as a starting point for custom Internet of Things and data center chips.

The holes found inside the RISC-V specification are related to memory consistency models, which set ground rules for how programs inside chips take turns dipping into memory. The models can be affected by slight changes to the machine level, compiler, and high-level programming language of the chips.

Other architectures have suffered from issues with memory consistency models. Similar flaws affected ARM processors used in several versions of the Galaxy Nexus and Nexus 6 smartphones, the researchers said. In 2011, ARM acknowledged the bug and repaired it with changes to the compiler level of its chips.

Asanović pushed back against holding RISC-V to a higher standard than other technology. He said that “no proprietary ISA vendor has published a formal memory model that they guarantee their products will obey.”

To test the RISC-V memory consistency model, the Princeton researchers built a hardware debugging tool called TriCheck, which runs tests using formal specifications of memory ordering rules, also known as axioms. The high-performance hardware that headlined the recent research paper failed 144 out of 1,701 litmus tests.

Asanović, a professor of electrical engineering and computer science at the University of California-Berkeley, said that RISC-V Foundation is considering input from chip designers and software developers to "fill the gaps and the holes and getting a spec that everyone can agree on." He added: "The memory model is part of that."

Correction: This article has additional responses to recent research that exposed holes in the RISC-V specification. An implementation of RISC-V failed "litmus tests" that do not always correspond to actual errors in memory ordering, said the chairman of the RISC-V Foundation.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.