JOB DESCRIPTION
About NIO
NIO is a pioneer and a leading company in the premium smart electric vehicle market. Founded in November 2014, NIO’s mission is to shape a joyful lifestyle. NIO aims to build a community starting with smart electric vehicles to share joy and grow together with users.
NIO designs, develops, jointly manufactures and sells premium smart electric vehicles, driving innovations in next-generation technologies in autonomous driving, digital technologies, electric powertrains and batteries. NIO differentiates itself through its continuous technological breakthroughs and innovations, such as its industry-leading battery swapping technologies, Battery as a Service, or BaaS, as well as its proprietary autonomous driving technologies and Autonomous Driving as a Service, or ADaaS.
NIO’s product portfolio consists of the ES8, a six-seater smart electric flagship SUV, the ES7 (or the EL7), a mid-large five-seater smart electric SUV, the ES6, a five-seater all-round smart electric SUV, the EC7, a five-seater smart electric flagship coupe SUV, the EC6, a five-seater smart electric coupe SUV, the ET7, a smart electric flagship sedan, and the ET5, a mid-size smart electric sedan.
The Mission
Transitioning a kernel from a monolithic "Big Kernel Lock" to fine-grained concurrency is a high-risk engineering challenge. Traditional testing is mathematically incapable of catching the non-deterministic "Heisenbugs" inherent in parallel execution. This internship is a 3-month intensive study to determine the practical limits of using automated formal methods to guarantee the safety of concurrent kernel primitives.
The Challenge: The "Logic-to-Silicon" Gap
You will navigate the intersection of low-level systems grit and formal rigor to bridge three volatile domains:
Concurrency: Managing state-space explosion when multiple cores access shared kernel objects simultaneously.
Memory Models: Ensuring locks respect the weak consistency and instruction reordering of ARMv8/RISC-V hardware.
Automated Proof: Using SMT-based tools to achieve high-assurance "push-button" verification without the years-long overhead of manual theorem proving.
Roles and Responsibilities
Design Logic (TLA+/Spin): Formalize locking protocols to mathematically prove the absence of deadlocks and circular waits.
Implementation Audit (ESBMC/CBMC): Apply Bounded Model Checking to C source code to exhaustively scan for data races, pointer safety, and invariant violations.
Hardware Mapping: Verify the placement of memory barriers to prevent hardware-level synchronization failure on modern CPUs.
AI-Augmented Scaling: Leverage LLMs as an "Inference Engine" to synthesize formal invariants and environment harnesses, then critically audit the results for logical soundness.
Qualifications
Currently pursuing or completed a PhD or Master’s degree in Computer Science, Computer Engineering, Applied Mathematics, or a related field with relevant research projects and publications.
Low-Level Systems Mastery: Deep proficiency in C; ability to reason about memory alignment, volatile keywords, and hardware interrupts. You should be comfortable reading ARMv8 assembly to ensure compiler optimizations haven't compromised synchronization.
Concurrent Intuition: A visceral understanding of L1/L2 cache coherency (MESI), lock hierarchies, and why a "correct" C program can fail on weak-memory hardware if barriers are missing.
Formal & Logical Rigor: The ability to model software as a discrete state-machine. You should prefer a "proof of absence" (no bugs exist) over a "proof of presence" (one test passed).
The Researcher's Grit: Persistence in the face of "state space explosion" or cryptic model-checker errors. You must be a detective capable of pruning models to find one-in-a-billion interleaving failures.
Compensation:
The US base salary range for this full-time position is $38.00 - $46.00.
Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
Please note that the compensation details listed in US role postings reflect the base salary only. It does not include discretionary bonus, equity, or benefits.