Kernel Contracts: A Specification Language for ML Kernel Correctness Across Heterogeneous Silicon

arXiv cs.LG / 4/27/2026

📰 NewsDeveloper Stack & InfrastructureModels & Research

共有:

Key Points

The paper argues that ML kernels rely on undocumented “implicit contracts,” leading to disputes when results differ across hardware and software stacks (e.g., precision downcasting, ordering differences, and out-of-bounds behavior).
It introduces a kernel-contract specification language with eight explicit components—identifier, scope, pre/postconditions, tolerance, reference oracle, measurement protocol, and a violation signature.
The authors define twelve contract classes (covering precision, ordering, compiler-induced, and exceptional-value failure modes) and ground them in published empirical evidence.
A key requirement is a three-state calibration: each contract must include at least one reference-conforming implementation and at least one contract-violating implementation that still passes basic functional tests.
The framework is applied to documented incidents (e.g., Huawei Ascend silent precision coercion and AMD out-of-bounds acceptance), showing that informal diagnoses can be mapped to specific contract violations with measurable signatures.
The proposed kernel contract suite serves as a normative benchmark for grading kernel conformance, analogous to how ISASecure benchmarks control systems against IEC 62443.

Abstract

Every ML kernel ships with an implicit contract about what it computes. People rarely write the contract down. When two kernels disagree -- when a matmul on AMD produces a different gradient than the same matmul on NVIDIA, when a fused attention kernel silently downcasts an accumulator, when an out-of-bounds access returns zero on one stack and garbage on another -- there is no formal artifact to arbitrate the dispute. Recent empirical work has measured the gap across silicon platforms, but none of it specifies the contract being violated. We present a specification language for kernel contracts. A contract has eight parts: identifier, scope, precondition, postcondition, tolerance, reference oracle, measurement protocol, and violation signature. We use it to state twelve contract classes covering precision, ordering, compiler-induced, and exceptional-value failure modes, each grounded in published empirical evidence. We require a three-state calibration: every contract must admit at least one reference-conforming implementation and at least one contract-violating implementation that passes basic functional tests. We apply the framework to three documented incidents -- Huawei Ascend silent precision coercion, Sakana AI CUDA Engineer reward hacking, AMD out-of-bounds silent acceptance -- and show that each informal diagnosis maps to a specific contract violation with a measurable signature. A kernel contract suite is a normative reference against which conformance can be graded, in the way that ISASecure grades industrial control systems against IEC 62443.