Systems Verification & Concurrent Kernel Architecture Research Intern

**JOB DESCRIPTION** **About NIO** NIO is a pioneer and a leading company in the premium smart electric vehicle market. Founded in November 2014, NIO’s mission is to shape a joyful lifestyle. NIO aims to build a community starting with smart electric vehicles to share joy and grow together with users. NIO designs, develops, jointly manufactures and sells premium smart electric vehicles, driving innovations in next-generation technologies in autonomous driving, digital technologies, electric powertrains and batteries. NIO differentiates itself through its continuous technological breakthroughs and innovations, such as its industry-leading battery swapping technologies, Battery as a Service, or BaaS, as well as its proprietary autonomous driving technologies and Autonomous Driving as a Service, or ADaaS. NIO’s product portfolio consists of the ES8, a six-seater smart electric flagship SUV, the ES7 (or the EL7\), a mid-large five-seater smart electric SUV, the ES6, a five-seater all-round smart electric SUV, the EC7, a five-seater smart electric flagship coupe SUV, the EC6, a five-seater smart electric coupe SUV, the ET7, a smart electric flagship sedan, and the ET5, a mid-size smart electric sedan. ### **The Mission** Transitioning a kernel from a monolithic "Big Kernel Lock" to **fine-grained concurrency** is a high-risk engineering challenge. Traditional testing is mathematically incapable of catching the non-deterministic "Heisenbugs" inherent in parallel execution. This internship is a 3-month intensive study to determine the **practical limits** of using automated formal methods to guarantee the safety of concurrent kernel primitives. ### **The Challenge: The "Logic-to-Silicon" Gap** You will navigate the intersection of low-level systems grit and formal rigor to bridge three volatile domains: **Concurrency:** Managing state-space explosion when multiple cores access shared kernel objects simultaneously. **Memory Models:** Ensuring locks respect the weak consistency and instruction reordering of **ARMv8/** **RISC-V** hardware. **Automated Proof:** Using SMT-based tools to achieve high-assurance "push-button" verification without the years-long overhead of manual theorem proving. ### **Roles and Responsibilities** * **Design Logic (TLA\+/Spin):** Formalize locking protocols to mathematically prove the absence of deadlocks and circular waits. * **Implementation** **Audit** **(** **ESBMC** **/** **CBMC** **):** Apply Bounded Model Checking to C source code to exhaustively scan for data races, pointer safety, and invariant violations. * **Hardware** **Mapping:** Verify the placement of memory barriers to prevent hardware-level synchronization failure on modern CPUs. * **AI-Augmented Scaling:** Leverage LLMs as an "Inference Engine" to synthesize formal invariants and environment harnesses, then critically audit the results for logical soundness. ### **Qualifications** * Currently pursuing or completed a PhD or Master’s degree in Computer Science, Computer Engineering, Applied Mathematics, or a related field with relevant research projects and publications. * **Low-Level Systems Mastery:** Deep proficiency in **C** ; ability to reason about memory alignment, volatile keywords, and hardware interrupts. You should be comfortable reading **ARMv8** assembly to ensure compiler optimizations haven't compromised synchronization. * **Concurrent Intuition:** A visceral understanding of **L1** **/** **L2** **cache** **coherency** (MESI), lock hierarchies, and why a "correct" C program can fail on weak-memory hardware if barriers are missing. * **Formal \& Logical Rigor:** The ability to model software as a discrete state-machine. You should prefer a "proof of absence" (no bugs exist) over a "proof of presence" (one test passed). * **The Researcher's Grit:** Persistence in the face of "state space explosion" or cryptic model-checker errors. You must be a detective capable of pruning models to find one-in-a-billion interleaving failures. **Compensation:** The US base salary range for this full-time position is $38\.00 - $46\.00\. * Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. * Please note that the compensation details listed in US role postings reflect the base salary only. It does not include discretionary bonus, equity, or benefits.