Reliable Many-Core Programming

Lead Research Organisation: Imperial College London
Department Name: Dept of Computing

Abstract

The computational demands of modern computer applications make the
pursuit of high performance more critical than ever, and mobile,
battery-powered devices, as well as concerns related to climate
change, require high performance to co-exist with energy-efficiency.
Due to physical limits, the traditional means for improving hardware
performance by increasing processor frequency now carries an
unacceptably high energy cost. Advances in processor fabrication
technology instead allow the construction of many-core processors,
where hundreds or thousands of processing elements are placed on a
single chip, promising high performance and energy-efficiency through
sheer volume of processing elements.

Many-core devices are present in practically all consumer devices,
including smartphones and tablets. As a result, the general public in
developed countries interact with many-core software daily. Many-core
technology is also used to accelerate safety-critical software in
domains such as medical imaging and autonomous vehicle navigation.

It is thus important that many-core software should be reliable. This
requires reliable software from programmers, but also a reliable
"stack" to support this software, including compilers that allow
software to execute on many-core devices, and the many-core devices
themselves. Recent work on formal verification and testing by myself
and other researchers has identified serious technical problems
spanning the many-core stack. These problems undermine confidence in
applications of many-core technology: defective many-core software
could risk fatal accidents in critical domains, and impact negatively
on users in other important application areas.

My long-term vision is that the reliability of many-core programming
can be transformed through breakthroughs in programming language
specification, formal verification and test case generation, enabling
automated tools to assist programmers and platform vendors in
constructing reliable many-core applications and language
implementations. The aim of this five-year Fellowship is to undertake
foundational research to investigate a number of open problems whose
solution is key to enabling this long-term vision.

First, I seek to investigate whether it is possible to precisely
express the intricacies of many-core programming language using formal
mathematics, providing a rigorous basis on which software and language
implementations can be constructed.

Second, I aim to tackle several open problems that stand in the way of
effective formal verification of many-core software, which would allow
developers to obtain strong guarantees that such software will operate
as required.

Third, I will investigate raising this level of rigour beyond
many-core languages. A growing trend is for applications to be written
in relatively simple, high-level representations, and then
automatically translated into high-performance many-core code. This
translation process must preserve the meaning of programs; I will
investigate methods for formally certifying that it does.

Fourth, I will formulate new methods for testing many-core language
implementations, exploiting the rigorous language definitions brought
by my approach to enable high test coverage of subtle language
features.

Collectively, progress on these problems promises to enable a
*high-assurance* many-core stack. I will demonstrate one instance of
such a stack for the industry-standard OpenCL language and the PENCIL
high-level language, showing that high-level PENCIL programs can be
reliably compiled into rigorously-defined OpenCL, integrated with
verified library components, and deployed on thoroughly tested
implementations from many-core vendors.

Partnership with four leading many-core technology vendors, AMD, ARM,
Imagination Technologies and NVIDIA, provides excellent opportunities
for the advances the Fellowship makes to have broad industrial impact.

Planned Impact

The project has a large set of potential beneficiaries. The ultimate
beneficiaries of my long-term vision for reliable many-core
programming are end-users of software that employs many-core
acceleration. Because many-core hardware now ships with practically
all desktop, laptop and mobile devices, society is starting to
interact with many-core software on a daily basis. By leading to
improvements in the robustness of this software, and the platforms on
which it operates, my proposed project offers significant societal
benefit. Many-core technology is increasingly employed in
safety-critical contexts, for example it has found application in
medical imaging, pedestrian detection, and autonomous navigation for
self-driving cars. Reliability improvements in these areas offer to
make society safer. The rise of many-core technology also presents
new attack vectors that pose cyber-security and cyber-terrorism risks;
the advanced reasoning techniques that my research will bring will
allow many-core software to be rigorously engineered to defend against
these threats.

The fundamental advances made during the project will have long-term
academic impact, yielding results that researchers in several fields
can exploit. See the "Academic Beneficiaries" form for more details.

My Fellowship has very high potential for industrial impact.
Many-core platform vendors, including my project partners AMD, ARM,
Imagination Technologies and NVIDIA and several other companies, will
be able to exploit the Fellowship research to improve many-core
language implementations, increasing their market value. There is
potential for commercial exploitation of the research outcomes by tool
providers, and the wide range of software developers who apply
many-core acceleration in diverse domains will be able to build more
reliable software using the advanced analyses the Fellowship will
bring. All these stakeholders will benefit from the transformation in
the rigour of many-core programming language design offered by my
approach. Specifically, the 80+ industrial contributing members of
the Khronos Group will be beneficiaries of improvements to OpenCL and
related APIs that arise from the project. The large and growing
market associated with many-core technology means that uptake by
industry has the potential to lead to corresponding economic impact.

Close collaboration with industry during the Fellowship will give rise
to industrial impact on the Fellowship partners early during the
five-year project, and my strong impact plans will help to broaden
this impact to other industrial beneficiaries during the project
lifetime, leading to widespread industrial adoption over a 5-10-year
period. This widespread adoption has the potential to transform
many-core programming, impacting on industrial practice in the long
term and benefiting society for decades to come.

Publications

10 25 50
 
Description The main finding is that device drivers for many-core processors can be effectively tested through the use of transformations that preserve the meanings of programs. This led to the successful research behind the GraphicsFuzz spin-out company that was acquired by Google in 2018.
Exploitation Route The open source GraphicsFuzz project (http://github.com/google/graphicsfuzz) can be used by the GPU industry.
Sectors Digital/Communication/Information Technologies (including Software)

 
Description The compiler testing methods developed during the project have led to the formation of GraphicsFuzz, a spinout company, which was acquired by Google in 2018. The technology is now used to improve reliability of the Android ecosystem.
First Year Of Impact 2017
Sector Digital/Communication/Information Technologies (including Software)
Impact Types Societal,Economic

 
Description Chrome University Research Program
Amount $172,000 (USD)
Organisation Google 
Sector Private
Country United States
Start 01/2018 
End 12/2018
 
Description EPSRC Progamme Grant
Amount £6,100,000 (GBP)
Funding ID EP/R006865/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Academic/University
Country United Kingdom
Start 01/2018 
End 12/2023
 
Description EPSRC Standard Mode
Amount £672,083 (GBP)
Funding ID EP/R011605/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Academic/University
Country United Kingdom
Start 01/2018 
End 01/2021
 
Description ICURe Program, Phase 1
Amount £62,165 (GBP)
Organisation Innovate UK 
Sector Public
Country United Kingdom
Start 01/2017 
End 10/2017
 
Description UK Research Institute in Verified Trustworthy Software Systems
Amount £102,847 (GBP)
Organisation National Cyber Security Centre 
Sector Public
Country United Kingdom
Start 08/2017 
End 03/2018
 
Title Framework for compiler testing 
Description A framework for applying metamorphic testing to graphics compilers. 
Type Of Material Improvements to research infrastructure 
Year Produced 2016 
Provided To Others? Yes  
Impact I have founded a spinout company, GraphicsFuzz, based on this innovation. 
URL http://www.graphicsfuzz.com/
 
Description Google 
Organisation Google
Country United States 
Sector Private 
PI Contribution We are designing methods for automated testing of the graphics rendering components of web browsers, including Chrome.
Collaborator Contribution Google are funding the work, and are providing us with feedback on the effectiveness of our techniques.
Impact The work has led to numerous Chrome bug reports, e.g.: https://bugs.chromium.org/p/chromium/issues/detail?id=806201
Start Year 2018
 
Description RTWH Aachen 
Organisation RWTH Aachen University
Country Germany 
Sector Academic/University 
PI Contribution We have had a fruitful collaboration with RTWH Aachen University in relation to floating point support for sybmbolic execution.
Collaborator Contribution Our partners implemented a tool, and we were able to write a paper presenting a detailed comparison of their tool with a competing tool developed at Imperial.
Impact We published a joint paper (https://doi.org/10.1109/ASE.2017.8115670), which won Best Experience Report award at the ASE 2017 conference.
Start Year 2016
 
Title GLFuzz: Automated testing for graphics drivers 
Description An automated method for testing graphics shader compilers. 
IP Reference  
Protection Protection not required
Year Protection Granted 2017
Licensed Yes
Impact None yet.
 
Title GraphicsFuzz 
Description An automated testing tool for graphics drivers. 
Type Of Technology Software 
Year Produced 2017 
Open Source License? Yes  
Impact The software has led to the formation of GraphicsFuzz, a spinout company, which was subsequently bought by Google. 
URL http://github.com/google/graphicsfuzz
 
Company Name GraphicsFuzz Ltd. 
Description GraphicsFuzz finds graphics driver bugs and helps to quickly fix them. 
Year Established 2017 
Impact The company's technology has found bugs in numerous GPU drivers, which has led to conversations about licensing of the technology. GraphicsFuzz Ltd. was acquired by Google LLC in 2018. The directors of GraphicsFuzz now work as Google UK employees.
Website http://www.graphicsfuzz.com/
 
Description A series of widely-read blog posts 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact A series of technical blog posts designed to promote the activities of my fellowship related to graphics driver fuzzing to a broad industrial audience.
Year(s) Of Engagement Activity 2016,2017,2018
URL https://medium.com/@afd_icl/crashes-hangs-and-crazy-images-by-adding-zero-689d15ce922b