Skip to content

Commit

Permalink
Merge pull request #11 from CTSRD-CHERI/initial-fixes
Browse files Browse the repository at this point in the history
Minor fixes and formatting changes
  • Loading branch information
andresag01 authored Jan 24, 2024
2 parents 306bf5c + 264a106 commit 859135c
Show file tree
Hide file tree
Showing 6 changed files with 21 additions and 20 deletions.
6 changes: 3 additions & 3 deletions src/cheri-pte-ext.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ clears the tag bit of the capability written to a virtual page with the CW bit
clear.

NOTE: The implementation of the CW bit does not force a dependency on the tag
bit's value of the capability written, so implementations must support this
feature.
bit's value of the capability written, so implementations must support the CW
bit.

The CD bit indicates that a capability with tag set has been written to the
virtual page since the last time the CD bit was cleared. Implementations are
Expand All @@ -55,7 +55,7 @@ to manage the CD bit are permitted:
instruction is executed, the <<pcc>> grants store capability permission, the
tag bit of the capability being written is set and the address written
corresponds to a virtual page with the CD bit clear.
* When a capability store or AMO instruction is execute, the <<pcc>> grants store
* When a capability store or AMO instruction is executed, the <<pcc>> grants store
capability permission, the tag bit of the capability being written is set and
the store address corresponds to a virtual page with the CD bit clear, the
implementation sets the corresponding bit in the PTE. The PTE update must be
Expand Down
10 changes: 5 additions & 5 deletions src/insns/cmove_cmv_16bit.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,22 +12,22 @@ Synopsis::
Capability move (C.MV, C.CMOVE), 16-bit encoding

Capability Mode Mnemonic::
c.cmove cd, cs2`
c.cmove cd, cs2

Capability Mode Expansion::
cmove cd, cs2`
cmove cd, cs2

Legacy Mode Mnemonic::
c.mv rd, rs2`
c.mv rd, rs2

Legacy Mode Expansion::
add rd, x0, rs2`
add rd, x0, rs2

Encoding::
include::wavedrom/c_mv.adoc[]

Capability Mode Description::
Capability register cd is replaced with the contents of cs1.
Capability register `cd` is replaced with the contents of `cs2`.

Legacy Mode Description::
Standard RISC-V C.MV instruction.
Expand Down
2 changes: 1 addition & 1 deletion src/insns/zcmp_cmpopretz.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ See <<CM.CPOPRETZ>> and cite:[riscv-code-size-spec].
==== CM.CPOPRETZ

Synopsis::
Destroy stack frame (CM.CPOPRETZ, CM.POPRETZ): load the return address register and 0 to 12 saved registers from the stack frame, deallocate the stack frame. Move zero into argument register zero. Return through the return address register. 16-bit encodings.
Destroy stack frame (CM.CPOPRETZ, CM.POPRETZ): load the return address register and register 0 to 12 saved registers from the stack frame, deallocate the stack frame. Move zero into argument register zero. Return through the return address register. 16-bit encodings.

Capability Mode Mnemonic::
`cm.cpopretz \{creg_list\}, -stack_adj`
Expand Down
2 changes: 1 addition & 1 deletion src/instructions.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jumps and conditional branches is bounds checked against <<pcc>> regardless of
CHERI execution mode

NOTE: Not all RISC-V extensions have been checked against CHERI. Compatible
extensions, will eventually be listed in a CHERI profile.
extensions will eventually be listed in a CHERI profile.

<<<
=== "Zcheri_purecap", "Zcheri_legacy" and "Zcheri_mode" Extensions for CHERI
Expand Down
19 changes: 10 additions & 9 deletions src/riscv-integration.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,12 @@ where address 2^XLENMAX^ - 1 is within the bounds.
=== Programmer's Model for Zcheri_purecap

For {cheri_base_ext_name}, the 32 unprivileged *x* registers of the base
integer ISA are extended so that they are able to hold a capability. Therefore,
each *x* register is CLEN bits wide and has an out of band tag bit. The *x*
notation refers to the address field of the capability in an unprivileged
register while the *c* notation is used to refer to the full capability (i.e.
address, metadata and tag) held in the same unprivileged register.
integer ISA are extended so that they are able to hold a capability as well
as renamed to *c* registers. Therefore, each *c* register is CLEN bits wide
and has an out of band tag bit. The *x* notation refers to the address field
of the capability in an unprivileged register while the *c* notation is used
to refer to the full capability (i.e. address, metadata and tag) held in the
same unprivileged register.

Register *c0* is hardwired with all bits, including the capability metadata and
tag, equal to 0. In other words, *c0* is hardwired to the <<null-cap>>
Expand Down Expand Up @@ -117,7 +118,7 @@ output tag is always 0
* <<CANDPERM>>: bitwise AND of a mask value with a bit map representation of the
architectural (AP) and software-defined (SDP) permissions fields
* <<CSETBOUNDS>>: set the base and length of a capability. The tag is
cleared, if the encoding cannot represents the bounds exactly
cleared, if the encoding cannot represent the bounds exactly
* <<CSETBOUNDSINEXACT>>: set the base and length of a capability. The base will be
rounded down and/or the length will be rounded up if the encoding cannot represent
the bounds exactly
Expand Down Expand Up @@ -177,7 +178,7 @@ The indirect jump and link <<pcc>> (<<JALR_PCC>>) instruction allows uncondition
jumps to a target address. The target address is provided in an *x* register;
the new address is installed in the address field of the <<pcc>>. The address of
the instruction following the jump (*pc* + 4) is written to an *x* register.
<<JALR_PCC>> causes an exceptions when a minimum sized instruction at the
<<JALR_PCC>> causes an exception when a minimum sized instruction at the
target address is not within the bounds of the <<pcc>> or the target address is
misaligned.

Expand Down Expand Up @@ -1057,7 +1058,7 @@ NOTE: `auth_cap` is <<ddc>> for Legacy mode and `cs1` for Capability Mode
| all stores, all atomics, all cbos | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_seal} |`auth_cap` seal | isCapSealed(`auth_cap`)
| all atomics, all cbos | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_perm} |`auth_cap` permission | AMO only: not(`auth_cap`.<<r_perm>>)
| all stores, all atomics, all cbos | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_perm} |`auth_cap` permission | not(auto_cap.<<w_perm>>)
| all stores, all atomics | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_length} |`auth_cap` length | any byte of access^!^ out of `auth_cap` bounds
| all stores, all atomics | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_length} |`auth_cap` length | any byte of access^1^ out of `auth_cap` bounds
| capability stores, all atomics |6 | N/A | N/A |Misaligned store/AMO| Misaligned capability store or AMO
|=========================================================================================

Expand Down Expand Up @@ -1119,7 +1120,7 @@ invalid addresses. Prior to writing these CSRs, implementations may convert an
invalid address into some other invalid address that the register is capable of
holding. However, these registers hold capabilities in {cheri_base_ext_name}
and the bounds encoding depends on the address value, so implementations must
not convert invalid addresses to other arbitrary invalid address in an
not convert invalid addresses to other arbitrary invalid addresses in an
unrestricted manner.
The following procedure must be used instead when writing a capability A to
these CSRs:
Expand Down
2 changes: 1 addition & 1 deletion src/riscv-legacy-integration.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ address of the instruction following the jump (*pc* + 4) is written to an *x*
register; that register's tag and capability metadata are zeroed.

<<JAL>> and <<JALR>> cause CHERI exceptions when a minimum sized instruction
at the target address are not within the bounds of the <<pcc>>. An
at the target address is not within the bounds of the <<pcc>>. An
instruction address misaligned exception is raised when the target address is
misaligned.

Expand Down

0 comments on commit 859135c

Please sign in to comment.