MP.TTf.inv+dmb+po

Description

Note that although the final translation-fault in the second thread must be ordered-before the write of the valid entry in Thread 1 (as the fault must come from a non-TLB read of memory), the translation-fault is not necessarily ordered-after the initial translate or even the first load’s read.

Source

[download toml source]
Page table setup Code
physical pa1 pa2; x |-> invalid; x ?-> pa1; y |-> invalid; y ?-> pa2; *pa1 = 1; *pa2 = 1; identity 0x1000 with code;
Thread 0
{R0=mkdesc3(oa=pa1), R1=pte3(x, page_table_base), R2=mkdesc3(oa=pa2), R3=pte3(y, page_table_base)}
STR X0,[X1] DMB SY STR X2,[X3]
Thread 1
{R1=y, R3=x, VBAR_EL1=extz(0x1000, 64), PSTATE.SP=0b0, PSTATE.EL=0b00}
LDR X2,[X1] MOV X0,X2 LDR X2,[X3]
thread1_el1_handler
MOV X2,#0 MRS X13,ELR_EL1 ADD X13,X13,#4 MSR ELR_EL1,X13 ERET
Final State
1:X0 = 1 & 1:X2=0

Execution Diagrams

Results

ETS MP.TTf.inv+dmb+po forbidden (0 of 4) 9113ms
strong MP.TTf.inv+dmb+po allowed (1 of 4) 52201ms

Command-line invocation

isla-axiomatic --arch=/path/to/rems-project/isla-snapshots/aarch64.ir --config=/path/to/rems-project/isla/configs/aarch64_mmu_on.toml --footprint-config=/path/to/rems-project/isla/configs/aarch64.toml --model=/path/to/rems-project/systems-isla-tests/models/aarch64_mmu_strong_ETS.cat --armv8-page-tables --check-sat-using "(then dt2bv qe simplify solve-eqs bv)" --remove-uninteresting safe --dot . -t /path/to/litmus-tests/litmus-tests-armv8a-system-vmsa/tests/pgtable/HAND/MP.TTf.inv+dmb+po.litmus.toml

To generate diagrams we use model aarch64_mmu_no_axioms.cat to get diagrams of forbidden executions. To generate LaTeX sources of each test, pass --latex=.