Relaxed virtual memory in Armv8-A (extended version)

Ben Simner; Alasdair Armstrong; Jean Pichon-Pharabod; Christopher; Pulte; Richard Grisenthwaite; Peter Sewell

arXiv:2203.00642·cs.AR·March 2, 2022·1 cites

Relaxed virtual memory in Armv8-A (extended version)

Ben Simner, Alasdair Armstrong, Jean Pichon-Pharabod, Christopher, Pulte, Richard Grisenthwaite, Peter Sewell

PDF

Open Access

TL;DR

This paper investigates the relaxed-memory concurrency semantics of virtual memory in the Armv8-A architecture, aiming to support system-software verification and improve security-critical system modeling.

Contribution

It explores the design space for relaxed virtual memory semantics, develops models and tooling, and provides a comprehensive analysis for Armv8-A's architecture.

Findings

01

Identified key design questions for relaxed virtual memory semantics

02

Developed axiomatic concurrency models and tooling for behavior analysis

03

Proved model collapse to previous user models under stable configurations

Abstract

Virtual memory is an essential mechanism for enforcing security boundaries, but its relaxed-memory concurrency semantics has not previously been investigated in detail. The concurrent systems code managing virtual memory has been left on an entirely informal basis, and OS and hypervisor verification has had to make major simplifying assumptions. We explore the design space for relaxed virtual memory semantics in the Armv8-A architecture, to support future system-software verification. We identify many design questions, in discussion with Arm; develop a test suite, including use cases from the pKVM production hypervisor under development by Google; delimit the design space with axiomatic-style concurrency models; prove that under simple stable configurations our architectural model collapses to previous "user" models; develop tooling to compute allowed behaviours in the model…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Cloud Data Security Solutions