5.2.1. Considerations for system design

The system designer must ensure that the system is robust enough to handle speculative accesses, and ensure that all executable and Normal type memory regions are safe to access.

Preventing speculative accesses

Speculative accesses do not cause any processor faults. The processor is aware whether an access is speculative, and ignores any error response signalled by the system due to the speculative access. However, the system where the processor is integrated in cannot distinguish between speculative accesses from non-speculative accesses. Therefore, the system designer is required to ensure that the system is robust enough to handle speculative accesses, regardless of whether they are initiated to unexpected memory addresses.

Alternatively, if there are memory regions where no speculative accesses should be initiated to, Arm recommends that you set those regions to have all of the following attributes with the MPU:

  • Device or Strongly-ordered.

  • Execute Never.

Note

Memory regions mapped to the TCM are always treated as Normal Memory and therefore are always subject to speculation.

Preventing accesses

The system must ensure that all executable and Normal type memory regions are safe to access. This implies that all accesses should eventually complete.

Note

  • The processor does not cancel non-speculative accesses and therefore waits for the access to complete.

  • The processor cannot guarantee that speculative accesses will get cancelled and therefore may wait for the access to complete.

For any addresses that are not considered safe to access, Arm recommends that you either ensure that the system returns an abort, or prevent accesses by setting those regions to have all of the following attributes with the MPU:

  • Device or Strongly-ordered.

  • Non-accessible.

  • Execute Never.

Copyright © 2014-2016, 2018 Arm. All rights reserved.ARM DDI 0489F
Non-ConfidentialID121118