{"id":"https://openalex.org/W3205972330","doi":"https://doi.org/10.1145/3477132.3483560","title":"Formal Verification of a Multiprocessor Hypervisor on Arm Relaxed Memory Hardware","display_name":"Formal Verification of a Multiprocessor Hypervisor on Arm Relaxed Memory Hardware","publication_year":2021,"publication_date":"2021-10-19","ids":{"openalex":"https://openalex.org/W3205972330","doi":"https://doi.org/10.1145/3477132.3483560","mag":"3205972330"},"language":"en","primary_location":{"id":"doi:10.1145/3477132.3483560","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3477132.3483560","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3477132.3483560","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3477132.3483560","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016831506","display_name":"Runzhou Tao","orcid":"https://orcid.org/0000-0002-3733-5168"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Runzhou Tao","raw_affiliation_strings":["Columbia University, New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"Columbia University, New York, NY, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038737061","display_name":"Jianan Yao","orcid":"https://orcid.org/0009-0008-4675-8980"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jianan Yao","raw_affiliation_strings":["Columbia University, New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"Columbia University, New York, NY, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102926928","display_name":"Xupeng Li","orcid":"https://orcid.org/0009-0000-9954-008X"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xupeng Li","raw_affiliation_strings":["Columbia University, New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"Columbia University, New York, NY, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091013463","display_name":"Shih-Wei Li","orcid":"https://orcid.org/0009-0002-6883-5373"},"institutions":[{"id":"https://openalex.org/I16733864","display_name":"National Taiwan University","ror":"https://ror.org/05bqach95","country_code":"TW","type":"education","lineage":["https://openalex.org/I16733864"]},{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["TW","US"],"is_corresponding":false,"raw_author_name":"Shih-Wei Li","raw_affiliation_strings":["Columbia University, New York, NY, USA and National Taiwan University"],"affiliations":[{"raw_affiliation_string":"Columbia University, New York, NY, USA and National Taiwan University","institution_ids":["https://openalex.org/I78577930","https://openalex.org/I16733864"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055391594","display_name":"Jason Nieh","orcid":"https://orcid.org/0009-0005-8301-4479"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jason Nieh","raw_affiliation_strings":["Columbia University, New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"Columbia University, New York, NY, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000031216","display_name":"Ronghui Gu","orcid":"https://orcid.org/0000-0002-6812-6182"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ronghui Gu","raw_affiliation_strings":["Columbia University, New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"Columbia University, New York, NY, USA","institution_ids":["https://openalex.org/I78577930"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5016831506"],"corresponding_institution_ids":["https://openalex.org/I78577930"],"apc_list":null,"apc_paid":null,"fwci":1.8195,"has_fulltext":true,"cited_by_count":24,"citation_normalized_percentile":{"value":0.88031947,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"866","last_page":"881"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10054","display_name":"Parallel Computing and Optimization Techniques","score":0.9904000163078308,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.8193812966346741},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7920376062393188},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.6730959415435791},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.5705965757369995},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.4813593029975891},{"id":"https://openalex.org/keywords/memory-model","display_name":"Memory model","score":0.43553197383880615},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.3530856966972351},{"id":"https://openalex.org/keywords/parallel-computing","display_name":"Parallel computing","score":0.34392595291137695},{"id":"https://openalex.org/keywords/shared-memory","display_name":"Shared memory","score":0.3092581629753113},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.2973397970199585},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.18554753065109253}],"concepts":[{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.8193812966346741},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7920376062393188},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.6730959415435791},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.5705965757369995},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.4813593029975891},{"id":"https://openalex.org/C12186640","wikidata":"https://www.wikidata.org/wiki/Q6815743","display_name":"Memory model","level":3,"score":0.43553197383880615},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.3530856966972351},{"id":"https://openalex.org/C173608175","wikidata":"https://www.wikidata.org/wiki/Q232661","display_name":"Parallel computing","level":1,"score":0.34392595291137695},{"id":"https://openalex.org/C133875982","wikidata":"https://www.wikidata.org/wiki/Q764810","display_name":"Shared memory","level":2,"score":0.3092581629753113},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.2973397970199585},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.18554753065109253}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3477132.3483560","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3477132.3483560","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3477132.3483560","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3477132.3483560","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3477132.3483560","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3477132.3483560","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1561128936","display_name":"FMitF: Track I: A Secure and Verifiable Commodity Hypervisor","funder_award_id":"1918400","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2637607055","display_name":"SaTC: CORE: Medium: Microverification of Information-Flow Security for the Linux Operating System Kernel","funder_award_id":"2052947","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5412059031","display_name":null,"funder_award_id":"N66001-21-C-4018","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G6894402473","display_name":null,"funder_award_id":"Fellowship","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8575275679","display_name":null,"funder_award_id":"CCF-1918400, CNS-2052947, CCF-2124080","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8677875818","display_name":"FMitF: Track I: Verifying System Software on an Arm Multiprocessor Hardware Model","funder_award_id":"2124080","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3205972330.pdf","grobid_xml":"https://content.openalex.org/works/W3205972330.grobid-xml"},"referenced_works_count":46,"referenced_works":["https://openalex.org/W1525350307","https://openalex.org/W1540575800","https://openalex.org/W1985229168","https://openalex.org/W2054739713","https://openalex.org/W2055184282","https://openalex.org/W2073742357","https://openalex.org/W2085773946","https://openalex.org/W2091776255","https://openalex.org/W2095770127","https://openalex.org/W2110879934","https://openalex.org/W2117502039","https://openalex.org/W2136310957","https://openalex.org/W2138074470","https://openalex.org/W2163490397","https://openalex.org/W2235853928","https://openalex.org/W2280574045","https://openalex.org/W2412857152","https://openalex.org/W2415236938","https://openalex.org/W2564852534","https://openalex.org/W2578546025","https://openalex.org/W2626631502","https://openalex.org/W2738891045","https://openalex.org/W2751343396","https://openalex.org/W2761289806","https://openalex.org/W2762625979","https://openalex.org/W2768537380","https://openalex.org/W2789383461","https://openalex.org/W2798365728","https://openalex.org/W2799051758","https://openalex.org/W2947631473","https://openalex.org/W2974073952","https://openalex.org/W2982041059","https://openalex.org/W2982259651","https://openalex.org/W2995722189","https://openalex.org/W3033481492","https://openalex.org/W3034158217","https://openalex.org/W3046730857","https://openalex.org/W3114431693","https://openalex.org/W3155827311","https://openalex.org/W3156131292","https://openalex.org/W3159547072","https://openalex.org/W4205474951","https://openalex.org/W4211224947","https://openalex.org/W4234066571","https://openalex.org/W4238016509","https://openalex.org/W4240322740"],"related_works":["https://openalex.org/W2976854232","https://openalex.org/W2321466224","https://openalex.org/W2743348030","https://openalex.org/W2622620488","https://openalex.org/W2075174112","https://openalex.org/W2145292010","https://openalex.org/W3179371161","https://openalex.org/W3035751361","https://openalex.org/W1555324927","https://openalex.org/W4226421307"],"abstract_inverted_index":{"Concurrent":[0],"systems":[1,30,35,215],"software":[2,216],"is":[3,91,208],"widely-used,":[4],"complex,":[5],"and":[6,36,49,71,171],"error-prone,":[7],"posing":[8],"a":[9,16,45,55,66,119,140],"significant":[10],"security":[11,116,137,156],"risk.":[12],"We":[13],"introduce":[14],"VRM,":[15,112],"new":[17],"framework":[18],"that":[19,54,57,90,146,154,168],"makes":[20],"it":[21,184],"possible":[22],"for":[23,99,213],"the":[24,72,105,115,123,169,178,209],"first":[25,210],"time":[26],"to":[27,85,187],"verify":[28,86,114],"concurrent":[29,87,214],"software,":[31],"such":[32,53,153],"as":[33,183],"operating":[34],"hypervisors,":[37],"on":[38,65,77,127,139,159,201,217],"Arm":[39,160,202,218],"relaxed":[40,78,108,161,219],"memory":[41,50,79,162,220],"hardware.":[42,80,110,163,205,221],"VRM":[43,81,172],"defines":[44],"set":[46],"of":[47,107,118,122,132,180],"synchronization":[48],"access":[51],"conditions":[52,60,152,173],"program":[56,151],"satisfies":[58,148],"these":[59],"can":[61,82],"be":[62,83],"mostly":[63],"verified":[64,181],"sequentially":[67,141],"consistent":[68,142],"hardware":[69],"model":[70],"proofs":[73,157],"will":[74],"automatically":[75],"hold":[76,158],"used":[84],"kernel":[88],"code":[89,97],"not":[92,175],"data":[93],"race":[94],"free,":[95],"including":[96],"responsible":[98],"managing":[100],"shared":[101],"page":[102],"tables":[103],"in":[104],"presence":[106],"MMU":[109],"Using":[111],"we":[113,134],"guarantees":[117],"retrofitted":[120],"implementation":[121],"Linux":[124],"KVM":[125,147,189],"hypervisor":[126],"Arm.":[128],"For":[129],"multiple":[130],"versions":[131],"KVM,":[133,182],"prove":[135,145],"KVM's":[136],"properties":[138],"model,":[143],"then":[144],"VRM's":[149],"required":[150],"its":[155],"Our":[164,206],"experimental":[165],"results":[166],"show":[167],"retrofit":[170],"do":[174],"adversely":[176],"affect":[177],"scalability":[179],"performs":[185],"similar":[186],"unmodified":[188],"when":[190],"concurrently":[191],"running":[192],"many":[193],"multiprocessor":[194,203],"virtual":[195],"machines":[196],"with":[197],"real":[198],"application":[199],"workloads":[200],"server":[204],"work":[207],"machine-checked":[211],"proof":[212]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":4}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}