| Page table setup | Code |
|---|---|
physical pa1 pa2 pa3;
w |-> pa1;
x |-> invalid;
x ?-> pa1;
y |-> pa2;
z |-> pa3;
*pa1 = 1;
*pa2 = 0;
*pa3 = 0;
identity 0x1000 with code;
|
|
| Thread 0 | |
{R0=extz(0x1, 64), R1=z, R2=extz(0x1, 64), R3=y}
|
|
STR X0,[X1]
DMB SY
STR X2,[X3]
|
|
| Thread 1 | |
{R1=y, R3=desc3(w,page_table_base), R4=pte3(x,page_table_base), R5=x, R7=z, VBAR_EL1=extz(0x1000, 64)}
|
|
LDR X0,[X1]
EOR X2,X0,X0
ORR X2,X2,X3
STR X2,[X4]
LDR X6,[X5]
EOR X8,X6,X6
LDR X9,[X7,X8]
|
|
| thread1_el1_handler | |
MOV X6,#0
MRS X13,ELR_EL1
ADD X13,X13,#4
MSR ELR_EL1,X13
ERET
|
|
| Final State | |
1:X0 = 1 & 1:X6 = 1 & 1:X9 = 0 |
|
| ETS | PPODA.RT.inv forbidden (0 of 2) 6596ms |
| strong | PPODA.RT.inv forbidden (0 of 2) 5779ms |
isla-axiomatic
--arch=/path/to/rems-project/isla-snapshots/aarch64.ir
--config=/path/to/rems-project/isla/configs/aarch64_mmu_on.toml
--footprint-config=/path/to/rems-project/isla/configs/aarch64.toml
--model=/path/to/rems-project/systems-isla-tests/models/aarch64_mmu_strong_ETS.cat
--armv8-page-tables
--check-sat-using "(then dt2bv qe simplify solve-eqs bv)"
--remove-uninteresting safe
--dot .
-t /path/to/litmus-tests/litmus-tests-armv8a-system-vmsa/tests/pgtable/HAND/PPODA.RT.inv.litmus.toml
To generate diagrams we use model aarch64_mmu_no_axioms.cat to get diagrams of forbidden executions.
To generate LaTeX sources of each test, pass --latex=.