src/tests: ARCH-SEQ

src/tests/arch-seq.yaml

@@ -0,0 +1,5 @@
+contract_observation_mode: arch
+contract_execution_mode:
+  - seq
+input_mask: 1
+no_priming: true

src/tests/run.bats

@@ -188,7 +188,7 @@ FAST_TEST=1
 
     for test_case in tests/generated-fp/* ; do
         echo "Testing $test_case"
-        run bash -c "./cli.py fuzz -s $INSTRUCTION_SET -t $test_case -i 10000 -c ./tests/ct-cond-bpas.yaml"
+        run bash -c "./cli.py fuzz -s $INSTRUCTION_SET -t $test_case -i 10000 -c tests/ct-cond-bpas.yaml"
         echo "$output"
         [ "$status" -eq 0 ]
         [[ "$output" != *"=== Violations detected ==="* ]]
@@ -197,9 +197,16 @@ FAST_TEST=1
 
 @test "Analyser: Priming" {
     skip
-    run bash -c "./cli.py fuzz -s $INSTRUCTION_SET -t tests/spectre_nested.asm -i 1000 -c ./tests/ct-cond.yaml"
+    run bash -c "./cli.py fuzz -s $INSTRUCTION_SET -t tests/spectre_nested.asm -i 1000 -c tests/ct-cond.yaml"
     echo "$output"
     [ "$status" -eq 0 ]
     [[ "$output" = *"=== Priming ==="* ]]
     [[ "$output" != *"=== Violations detected ==="* ]]
+}
+
+@test "Model: ARCH-SEQ" {
+    run bash -c "./cli.py fuzz -s $INSTRUCTION_SET -t tests/spectre_v1_arch.asm -i 1000 -c tests/arch-seq.yaml"
+    echo "$output"
+    [ "$status" -eq 0 ]
+    [[ "$output" = *"=== Violations detected ==="* ]]
 }

src/tests/spectre_v1_arch.asm

@@ -20,15 +20,9 @@ CMP rbx, 0
 JE .l1  # misprediction
     # rbx != 0
     MOV rax, [r14]
-JMP .l2
+    SHL rax, 8
+    AND rax, 0b111111000000
+    MOV rax, [r14 + rax + 128] # leakage happens here
 .l1:
-    # rbx == 0
-    MOV rax, [r14 + 64]
-    LFENCE
-.l2:
-
-SHL rax, 8
-AND rax, 0b111111000000
-MOV rax, [r14 + rax + 512] # leakage happens here
 
 MFENCE