Skip to content

Commit

Permalink
Versions appendix: Prepare for removal of CHERI-MIPS.
Browse files Browse the repository at this point in the history 
Use \insnnoref{} for CHERI-MIPS-specific instructions.
  • Loading branch information
@bsdjhb
bsdjhb committed Oct 5, 2022
1 parent 1c600cd commit daefd01
Show file tree
Hide file tree
Showing 6 changed files with 51 additions and 51 deletions.
6 changes: 3 additions & 3 deletions app-versions-7-0-alpha1.tex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@
without concern that they may hold values that are unrepresentable with
respect to capability bounds.

\item New instructions \insnref{CReadHwr} and \insnref{CWriteHwr} have
\item New instructions \insnnoref{CReadHwr} and \insnnoref{CWriteHwr} have
been added.
These have allowed us to migrate special capability registers (SCRs) out of
the general-purpose capability register file, including \DDC{}, the new user
Expand Down Expand Up @@ -185,8 +185,8 @@
reducing the number of instructions and registers required to adjust pointer
values and set bounds.

\item New Capability Branch if Not NULL (\insnref{CBNZ}) and
Capability Branch if NULL (\insnref{CBEZ}) instructions have
\item New Capability Branch if Not NULL (\insnnoref{CBNZ}) and
Capability Branch if NULL (\insnnoref{CBEZ}) instructions have
been added, which optimize pointer comparisons to NULL.

\item A new Capability to Address (\insnref{CGetAddr})
Expand Down
6 changes: 3 additions & 3 deletions app-versions-7-0-alpha2.tex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,19 @@
\item Use of a branch-delay slot with \insnnoref{CCall} Selector
1 has been removed.

\item With the addition of \insnref{CReadHwr} and \insnref{CWriteHwr}
\item With the addition of \insnnoref{CReadHwr} and \insnnoref{CWriteHwr}
and shifting of special capability registers out of the
general-purpose capability register file, we have now removed the check for
the \cappermASR permission for all registers in the
general-purpose capability register file.

\item A new \insnref{CCheckTag} instruction is added, which
\item A new \insnnoref{CCheckTag} instruction is added, which
throws an exception if the tag is not set on the operand capability.
This instruction could be used by a compiler to shift capability-related
exception behavior from invalid dereference to calculation of an invalid
capability via a non-exception-throwing manipulation.

\item We have added a new \insnref{CLCBI} instruction that
\item We have added a new \insnnoref{CLCBI} instruction that
allows capability-relative loads of capabilities to be performed using a
substantially larger immediate (but without a general-purpose
integer-register operand).
Expand Down
2 changes: 1 addition & 1 deletion app-versions-7-0-alpha3.tex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
\item The CHERI Concentrate capability compression format is now documented,
with a more detailed rationale section than the prior CHERI-128 section.

\item The \insnref{CLCBI} (Capability Load Capability with Big Immediate)
\item The \insnnoref{CLCBI} (Capability Load Capability with Big Immediate)
instruction, which accelerates position-independent access to global
variables, is no longer considered experimental.

Expand Down
4 changes: 2 additions & 2 deletions app-versions-7-0-alpha4.tex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
\begin{itemize}
\item We have added new instructions \insnref{CSetAddr} (Set capability
address to value from register), \insnref{CAndAddr} (Mask address of
capability -- experimental), and \insnref{CGetAndAddr} (Move capability
capability -- experimental), and \insnnoref{CGetAndAddr} (Move capability
address to an integer register, with mask -- experimental), which optimize
common virtual-address-related operations in language runtimes such as
WebKit's Javascript engine.
Expand Down Expand Up @@ -38,7 +38,7 @@
described in \cref{\insnmipslabelname{cassertinbounds}}, allows an exception
to be thrown if the address of a capability is not within bounds.

\item The instruction \insnref{CCheckTag} has now been assigned an opcode.
\item The instruction \insnnoref{CCheckTag} has now been assigned an opcode.

\item We have revised the encodings of many instructions in our draft
CHERI-RISC-V specification in Appendix~\ref{app:isaquick-riscv}.
Expand Down
4 changes: 2 additions & 2 deletions app-versions-8-0.tex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
during domain-transition research, and the exception-free mechanism is our
preferred approach.
We have removed capability exception cause codes previously used
for that purpose, and will likely deprecate \insnref{CSetCause}, which was
for that purpose, and will likely deprecate \insnnoref{CSetCause}, which was
used only for exception-based domain transition.

\item The deprecated \insnnoref{CCheckPerm} and \insnnoref{CCheckType}
Expand Down Expand Up @@ -82,7 +82,7 @@
barriers use additional MMU permissions to selectively trap on
capability loads.

\item \insnref{CPtrCmp} has been changed to compare only the addresses of
\item \insnnoref{CPtrCmp} has been changed to compare only the addresses of
the two capabilities, and no longer consider the tag bit, for non-exact
comparisons.
The previous behavior could result in surprising run-time failures of C/C++
Expand Down
80 changes: 40 additions & 40 deletions app-versions.tex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ \section{CHERI ISA Specification Version Summary}
Pointers are allowed to move outside of their defined bounds, but can be
dereferenced only within them.
There is also a new instruction for C-language pointer comparison
(\insnref{CPtrCmp}), and a NULL capability has been defined
(\insnnoref{CPtrCmp}), and a NULL capability has been defined
as having
an in-memory representation of all zeroes without a tag, ensuring that BSS
(pre-zeroed memory) operates without change.
Expand Down Expand Up @@ -127,7 +127,7 @@ \section{CHERI ISA Specification Version Summary}
\item[CHERI ISAv5 / UCAM-CL-TR-891 - 1.18 - June 2016]
CHERI ISAv5 primarily serves to introduce the CHERI-128 compressed
capability model, which supersedes prior candidate models.
A new instruction, \insnref{CGetPCCSetOffset}, allows jump targets to
A new instruction, \insnnoref{CGetPCCSetOffset}, allows jump targets to
be more efficiently calculated relative to the current \PCC{}.
The previous multiple privileged capability permissions authorizing access
to exception-handling state has been reduced down to a single system
Expand Down Expand Up @@ -251,7 +251,7 @@ \section{Detailed CHERI ISA Version Change History}
to capabilities, and several bug fixes such as corrections to sign extension
for several instructions.
A new capability-coprocessor {\pathname cause} register, retrieved using a new
\insnref{CGetCause}, was added to allow querying information on the
\insnnoref{CGetCause}, was added to allow querying information on the
most recent
CP2 exception (e.g., bounds-check vs type-check violations); priorities were
provided, and also clarified with respect to coprocessor exceptions vs.
Expand All @@ -269,7 +269,7 @@ \section{Detailed CHERI ISA Version Change History}
to branch-delay slots and the program counter.
\insnref{CClearTag} simply cleared a register's tag, not its value.
A software-defined capability-cause register range was made available, with a
new \insnref{CSetCause} instruction letting software set the cause for
new \insnnoref{CSetCause} instruction letting software set the cause for
testing or control-flow reasons.
New \insnnoref{CCheckPerm} and \insnnoref{CCheckType} instructions
were added, letting software
Expand Down Expand Up @@ -333,13 +333,13 @@ \section{Detailed CHERI ISA Version Change History}
field, and the semantics of memory access and other CHERI instructions
(e.g., \insnnoref{CIncBase}) are updated for this new behavior.

A new \insnref{CPtrCmp} instruction has been added, which provides
A new \insnnoref{CPtrCmp} instruction has been added, which provides
C-friendly
comparison of capabilities; the instruction encoding supports various types
of comparisons including `equal to', `not equal to', and both signed and
unsigned `less than' and `less than or equal to' operators.

\insnref{CGetPCC} now returns \PC{} as the \coffset{} field of the
\insnnoref{CGetPCC} now returns \PC{} as the \coffset{} field of the
returned \PCC{} rather than storing it to a general-purpose integer register.
\insnref{CJR} and \insnref{CJALR} now accept target \PC{} values
via the offsets of their
Expand All @@ -357,7 +357,7 @@ \section{Detailed CHERI ISA Version Change History}
are described in greater detail.
The security implications of exception cause-code precedence as relates to
alignment and the emulation of unaligned loads and stores are clarified.
The behavior of \insnref{CSetCause} has been clarified to indicate
The behavior of \insnnoref{CSetCause} has been clarified to indicate
that the instruction should not raise an exception unless the check for
\capperm*{Access\_EPCC} fails.
When an exception is raised due to the state of an argument register for
Expand Down Expand Up @@ -403,7 +403,7 @@ \section{Detailed CHERI ISA Version Change History}

Interactions between \EPC{} and \EPCC{} are now better specified, including
that use of untagged capabilities has undefined behavior.
\insnref{CBTS} and \insnref{CBTU} are now defined to use
\insnnoref{CBTS} and \insnnoref{CBTU} are now defined to use
branch-delay slots, matching other MIPS-ISA branch instructions.
\insnref{CJALR} is defined as suitably incrementing the returned
program counter, along with branch-delay slot semantics.
Expand All @@ -414,7 +414,7 @@ \section{Detailed CHERI ISA Version Change History}
or return-register permission bits has been clarified.
Exception priorities and cause-code register values have been defined,
clarified, or corrected for \insnref{CClearTag},
\insnref{CGetPCC}, \insnref{CSC}, and \insnref{CSeal}.
\insnnoref{CGetPCC}, \insnref{CSC}, and \insnref{CSeal}.
Sign or zero extension for immediates and offsets are now defined
\insnmipsref[clbhwd]{CL}, \insnmipsref[clbhwd]{CS},
and other instructions.
Expand Down Expand Up @@ -482,19 +482,19 @@ \section{Detailed CHERI ISA Version Change History}
Bug fixes have been applied to the definitions of \insnref{CSetBounds}
and \insnref{CUnseal}.

Several bugs in the specification of \insnref{CLC}, \insnref{CLLD},
\insnref{CSC}, and \insnref[csbhwd]{CSD}, relating to omissions
Several bugs in the specification of \insnref{CLC}, \insnnoref{CLLD},
\insnref{CSC}, and \insnnoref[csbhwd]{CSD}, relating to omissions
during the update to capability offsets, have been fixed.
\insnref{CLC}'s description has been updated to properly reflect its
immediate argument.

New instructions \insnref{CClearHi} and \insnref{CClearLo} have
New instructions \insnnoref{CClearHi} and \insnnoref{CClearLo} have
been added to accelerate register clearing during protection-domain
switches.

New pseudo-ops \insnref{CGetEPCC}, \insnref{CSetEPCC},
\insnref{CGetKCC}, \insnref{CSetKCC}, \insnref{CGetKDC}, and
\insnref{CSetKDC} have been defined, in the interests of better
New pseudo-ops \insnnoref{CGetEPCC}, \insnnoref{CSetEPCC},
\insnnoref{CGetKCC}, \insnnoref{CSetKCC}, \insnnoref{CGetKDC}, and
\insnnoref{CSetKDC} have been defined, in the interests of better
supporting a migration of `special' registers out of the capability register
file -- which facilitates a convergence of capability and general-purpose
integer register files.
Expand All @@ -508,10 +508,10 @@ \section{Detailed CHERI ISA Version Change History}
The value of the NULL capability is now centrally defined (all fields zero;
untagged).

\insnref{ClearLo} and \insnref{ClearHi} instructions are now
\insnnoref{ClearLo} and \insnnoref{ClearHi} instructions are now
defined for clearing general-purpose integer registers, supplementing
\insnref{CClearHi} and \insnref{CClearLo}.
All four instructions are described together under \insnref{CClearRegs}.
\insnnoref{CClearHi} and \insnnoref{CClearLo}.
All four instructions are described together under \insnnoref{CClearRegs}.

A new \insnref{CSetBoundsExact} instruction is defined, allowing an
exception to be thrown if an attempt to narrow bounds cannot occur
Expand All @@ -521,15 +521,15 @@ \section{Detailed CHERI ISA Version Change History}
A new exception code is defined for this case.

A full range of data widths are now support for capability-relative
load-linked, store conditional: \insnref{CLLB}, \insnref{CLLH},
\insnref{CLLW}, \insnref{CLLD}, \insnref{CSCB},
\insnref{CSCH}, \insnref{CSCW}, and \insnref{CSCD} (as well as
load-linked, store conditional: \insnnoref{CLLB}, \insnnoref{CLLH},
\insnnoref{CLLW}, \insnnoref{CLLD}, \insnnoref{CSCB},
\insnnoref{CSCH}, \insnnoref{CSCW}, and \insnnoref{CSCD} (as well as
unsigned load-linked variations).
Previously, only a doubleword variation was defined, but cannot be used to
emulate the narrower widths as fine-grained bounds around a narrow type
would throw a bounds-check exception.
Existing load-linked, store-conditional variations for capabilities
(\insnref{CLLC}, \insnref{CSCC}) have been updated, including with
(\insnref{CLLC}, \insnnoref{CSCC}) have been updated, including with
respect to opcode assignments.

A new `candidate three' variation on compressed capabilities has been
Expand All @@ -551,20 +551,20 @@ \section{Detailed CHERI ISA Version Change History}

Exception priorities have been documented (or clarified) for a number of
instructions including \insnref{CJALR}, \insnref{CLC},
\insnref{CLLD}, \insnref{CSC}, \insnref{CSCC},
\insnnoref{CLLD}, \insnref{CSC}, \insnnoref{CSCC},
\insnnoref{CSetLen}, \insnref{CSeal}, \insnref{CUnSeal}, and
\insnref{CSetBounds}.

The behavior of \insnref{CPtrCmp} is now defined when an undefined
The behavior of \insnnoref{CPtrCmp} is now defined when an undefined
comparison type is used.

It is clarified that capability store failures due to TLB-enforced
limitations on capability stores trigger a TLB, rather than a CP2,
exception.

A new capability comparison instruction, \insnref{CEXEQ}, checks
A new capability comparison instruction, \insnnoref{CEXEQ}, checks
whether all fields in the capability are equal; the previous
\insnref{CEQ} instruction checked only that their offsets pointed at the
\insnnoref{CEQ} instruction checked only that their offsets pointed at the
same location.

A new capability instruction, \insnref{CSUB}, allows the implementation
Expand Down Expand Up @@ -617,7 +617,7 @@ \section{Detailed CHERI ISA Version Change History}
be represented.
For manipulations such as \insnref{CSeal} and \insnref{CFromPtr},
an exception will be thrown.
For operations such as \insnref{CBTU} and \insnref{CBTS}, the
For operations such as \insnnoref{CBTU} and \insnnoref{CBTS}, the
exception will be thrown on the first instruction fetch following a branch
to an unrepresentable target, rather than on the branch instruction itself.
CHERI1 and CHERI2 no longer differ on how out-of-bounds exceptions are
Expand All @@ -626,7 +626,7 @@ \section{Detailed CHERI ISA Version Change History}

The ISA specification makes it more clear that \insnmipsref{CEQ},
\insnmipsref{CNE}, \insnmipsref[cptrcmp]{CL[TE]U}, and \insnmipsref{CEXEQ} are
forms of the \insnref{CPtrCmp} instruction.
forms of the \insnnoref{CPtrCmp} instruction.

The ISA todo list has been updated to recommend a capability
conditional-move (\insnnoref{CCMove}) instruction.
Expand Down Expand Up @@ -727,15 +727,15 @@ \section{Detailed CHERI ISA Version Change History}
\insnref{CSub} instructions.

To improve code generation when constructing a \PCC{}-relative capability as
a jump target, a new \insnref{CGetPCCSetOffset} instruction has been
a jump target, a new \insnnoref{CGetPCCSetOffset} instruction has been
added.
This instruction has the combined effects of performing sequential
\insnref{CGetPCC} and \insnref{CSetOffset} operations.
\insnnoref{CGetPCC} and \insnref{CSetOffset} operations.

A broader set of opcode rationalizations and cleanups have been applied
across the ISA, to facilitate efficient decoding and future use of the
opcode space.
This includes changes to \insnref{CGetPCC}.
This includes changes to \insnnoref{CGetPCC}.

\creg{25} is no longer reserved for exception-handler use, as \creg{27} and
\creg{28} are already reserved for this purpose.
Expand All @@ -748,11 +748,11 @@ \section{Detailed CHERI ISA Version Change History}
This brings the permission models in 128-bit and 256-bit representations
back into full alignment from a software perspective.
This also simplifies permission checking for instructions such as
\insnref{CClearRegs}.
\insnnoref{CClearRegs}.
The permission numbering space has been rationalized as part of this change.
Similarly, the set of exceptions has been updated to reflect a single system
permission.
The descriptions of various instructions (such as \insnref{CClearRegs}
The descriptions of various instructions (such as \insnnoref{CClearRegs}
have been updated with respect to revised protections for special registers
and exception handling.

Expand Down Expand Up @@ -825,8 +825,8 @@ \section{Detailed CHERI ISA Version Change History}
Instructions that convert from integers to capabilities now share common
\ccode{int_to_cap} pseudocode.

The notes on \insnref{CBTS} have been synchronized to those on
\insnref{CBTU}.
The notes on \insnnoref{CBTS} have been synchronized to those on
\insnnoref{CBTU}.

Use of language has generally been improved to differentiate the
architectural 256-bit capability model (e.g., in which its fields are
Expand Down Expand Up @@ -953,8 +953,8 @@ \section{Detailed CHERI ISA Version Change History}
\insnref{CCSeal}.

Two new conditional-move instructions are added to the CHERI-MIPS ISA:
\insnref{CMOVN} (conditionally move capability on non-zero), and
\insnref{CMOVZ} (conditionally move capability on zero).
\insnnoref{CMOVN} (conditionally move capability on non-zero), and
\insnnoref{CMOVZ} (conditionally move capability on zero).
These complement existing conditional-move instructions in the 64-bit MIPS
ISA, allowing more efficient generated code.

Expand Down Expand Up @@ -982,7 +982,7 @@ \section{Detailed CHERI ISA Version Change History}

The pseudocode for the \insnref{CGetPerm} (capability get permissions)
instruction has been updated to match syntax used in the
\insnref{CGetType} and \insnref{CGetCause} instructions.
\insnref{CGetType} and \insnnoref{CGetCause} instructions.

The pseudocode for the \insnref{CUnseal} (capability unseal) instruction
has been corrected to avoid an aliasing problem when the source and
Expand Down Expand Up @@ -1030,9 +1030,9 @@ \section{Detailed CHERI ISA Version Change History}
The ISA encoding reference has been updated for new experimental
instructions.

A new \insnref{CNExEq} instruction has been added, which provides a
A new \insnnoref{CNExEq} instruction has been added, which provides a
more efficient implementation of a test for negative exact inequality than
utilizing \insnref{CExEq} and inverting the result.
utilizing \insnnoref{CExEq} and inverting the result.

Specify that when a TLB exception results from attempting to store a
tagged capability via a TLB entry that does not authorize tagged store, the
Expand Down

0 comments on commit daefd01

Please sign in to comment.