ASA-EMulatR Reference Guide > Introduction > Architecture Overview > Chapter 22 – Testing, Validation, and Architectural Compliance > 22.6 PAL and Privilege Boundary Validation

PAL validation ensures that the privileged boundary is absolute and that no violation escapes detection.

Positive tests (correct behavior verified): CALL_PAL from kernel mode enters PAL correctly, CALL_PAL from user mode (unprivileged functions 0x80–0xBF) enters PAL correctly, HW_REI restores context exactly (full register comparison), pipeline serialization occurs on PAL entry (no speculative instruction survives), shadow registers are active during PAL execution and inactive after HW_REI, and IPL = 7/CM = KERNEL on entry for all PalEntryReason values.

Negative tests (violations detected correctly): privileged instruction (HW_MFPR, HW_MTPR, HW_LD, HW_ST, HW_REI) executed outside PAL mode must trap with OPCDEC, privileged CALL_PAL (0x00–0x3F) from user mode must trap, direct jump to a PAL address must trap, manual modification of PAL mode bits must fail, and HW_REI outside PAL mode must trap. All violations must produce precise, architecturally correct exceptions.

Serialization tests: CALL_PAL drains write buffers (stores before CALL_PAL visible after PAL entry), LL/SC reservations cleared on PAL entry and HW_REI exit, no speculative instruction crosses the PAL boundary in either direction.

See Also: Chapter 8 - PAL and Privileged Boundary ; Chapter 20 – Boot Sequence, PAL, and SRM Integration (implementation under test).