CoWTf.inv+po-ctrl-isb+po

Description

Can another core see a write propagate to its translation-table-walk ‘before’ the writer thread’s own translation-table-walker does?In this test Thread 0 writes a new valid descriptor which Thread 1 uses in a translation-table-walk before sending a message back to Thread 0; if Thread 0 sees that message can a later translation-table-walk still see the old invalid entry?101ex

Source

[download toml source]
Page table setup Code
physical pa1 pa2; x |-> invalid; x ?-> pa1; u |-> pa1; *pa1 = 1; y |-> pa2; *pa2 = 0; identity 0x1000 with code; identity 0x2000 with code;
Thread 0
{R0=desc3(u, page_table_base), R1=pte3(x, page_table_base), R3=y, R5=x, VBAR_EL1=extz(0x1000, 64), PSTATE.EL=0b00, PSTATE.SP=0b0}
STR X0,[X1] LDR X2,[X3] CBNZ X2,L0 L0: ISB LDR X4,[X5]
Thread 1
{R1=x, R2=extz(0b1, 64), R3=y, VBAR_EL1=extz(0x2000, 64), PSTATE.EL=0b00, PSTATE.SP=0b0}
LDR X0,[X1] STR X2,[X3]
thread0_el1_handler
MOV X4,#0 MRS X13,ELR_EL1 ADD X13,X13,#4 MSR ELR_EL1,X13 ERET
thread1_el1_handler
MOV X0,#0 MRS X13,ELR_EL1 ADD X13,X13,#4 MSR ELR_EL1,X13 ERET
Final State
0:R2 = 1 & 0:X4=0 & 1:X0 = 1

Execution Diagrams

Results

ETS CoWTf.inv+po-ctrl-isb+po allowed (1 of 8) 70941ms
strong CoWTf.inv+po-ctrl-isb+po allowed (1 of 8) 64271ms

Command-line invocation

isla-axiomatic --arch=/path/to/rems-project/isla-snapshots/aarch64.ir --config=/path/to/rems-project/isla/configs/aarch64_mmu_on.toml --footprint-config=/path/to/rems-project/isla/configs/aarch64.toml --model=/path/to/rems-project/systems-isla-tests/models/aarch64_mmu_strong_ETS.cat --armv8-page-tables --check-sat-using "(then dt2bv qe simplify solve-eqs bv)" --remove-uninteresting safe --dot . -t /path/to/litmus-tests/litmus-tests-armv8a-system-vmsa/tests/pgtable/HAND/CoWTf.inv+po-ctrl-isb+po.litmus.toml

To generate diagrams we use model aarch64_mmu_no_axioms.cat to get diagrams of forbidden executions. To generate LaTeX sources of each test, pass --latex=.