From 72ab9c0550e3ffadeb329f86f14660f99c4f08b4 Mon Sep 17 00:00:00 2001 From: Tariq Kurd Date: Fri, 9 Feb 2024 15:55:44 +0000 Subject: [PATCH] Rename CJ* to J* and JALR.PCC/JALR.CAP to JALR.MODE --- src/cap-description.adoc | 2 +- src/csv/CHERI_ISA.csv | 15 +++---- src/insns/{cj_j_16bit.adoc => j_16bit.adoc} | 25 ++++------- .../{cjal_jal_16bit.adoc => jal_16bit.adoc} | 22 ++++------ .../{cjal_jal_32bit.adoc => jal_32bit.adoc} | 29 +++--------- .../{cjal_jal_common.adoc => jal_common.adoc} | 0 ...{cjalr_jalr_16bit.adoc => jalr_16bit.adoc} | 22 ++++------ ...{cjalr_jalr_32bit.adoc => jalr_32bit.adoc} | 30 +++---------- src/insns/jalr_cap_32bit.adoc | 44 +++++++------------ ...jalr_jalr_common.adoc => jalr_common.adoc} | 0 .../{cjr_jr_16bit.adoc => jr_16bit.adoc} | 19 +++----- src/insns/wavedrom/c-cj-format-ls.adoc | 8 ---- src/insns/wavedrom/c-cjal-format-ls.adoc | 8 ---- src/insns/wavedrom/c-cjalr-format-ls.adoc | 11 ----- src/insns/wavedrom/c-cr-format-ls.adoc | 6 +-- src/insns/wavedrom/ct-unconditional-2.adoc | 2 +- .../wavedrom/ct-unconditional-jalr-cap.adoc | 4 +- src/insns/wavedrom/ct-unconditional.adoc | 2 +- src/insns/zcmp_cmpopret.adoc | 2 +- src/insns/zcmp_cmpopretz.adoc | 2 +- src/instructions.adoc | 18 +++----- src/riscv-integration.adoc | 21 +++++---- src/riscv-legacy-integration.adoc | 16 +++---- src/riscv-mode-integration.adoc | 2 +- 24 files changed, 103 insertions(+), 207 deletions(-) rename src/insns/{cj_j_16bit.adoc => j_16bit.adoc} (64%) rename src/insns/{cjal_jal_16bit.adoc => jal_16bit.adoc} (55%) rename src/insns/{cjal_jal_32bit.adoc => jal_32bit.adoc} (70%) rename src/insns/{cjal_jal_common.adoc => jal_common.adoc} (100%) rename src/insns/{cjalr_jalr_16bit.adoc => jalr_16bit.adoc} (53%) rename src/insns/{cjalr_jalr_32bit.adoc => jalr_32bit.adoc} (83%) rename src/insns/{cjalr_jalr_common.adoc => jalr_common.adoc} (100%) rename src/insns/{cjr_jr_16bit.adoc => jr_16bit.adoc} (75%) delete mode 100644 src/insns/wavedrom/c-cj-format-ls.adoc delete mode 100644 src/insns/wavedrom/c-cjal-format-ls.adoc delete mode 100644 src/insns/wavedrom/c-cjalr-format-ls.adoc diff --git a/src/cap-description.adoc b/src/cap-description.adoc index 4291044e..fc5eb9ab 100644 --- a/src/cap-description.adoc +++ b/src/cap-description.adoc @@ -191,7 +191,7 @@ capabilities that describe function entry points. A program may jump to a sealed capability to begin executing the instructions it references. The jump instruction automatically unseals the capability and installs it to the program counter capability (see -xref:section_riscv_programmers_model[xrefstyle=short]). The <> instruction +xref:section_riscv_programmers_model[xrefstyle=short]). The <> instruction also seals the return address capability (if any) since it is the entry point to the caller function. diff --git a/src/csv/CHERI_ISA.csv b/src/csv/CHERI_ISA.csv index c80ec072..4d8280ed 100644 --- a/src/csv/CHERI_ISA.csv +++ b/src/csv/CHERI_ISA.csv @@ -58,14 +58,13 @@ "C.CINCOFFSET4CSPN","✔","✔","","","","","✔","Capability","","","","✔","","","","","","","","","","","","C0","","C.ADDI4SPN","C.ADDI4SPN","ADD immediate to stack pointer, representability check","","","","","","","","" "C.MV","✔","✔","","","","✔","","Legacy","","","","✔","","","","","","","","","","","","C2","","","","Register Move","","","","","","","","" "C.CMOVE","✔","✔","","","","","✔","Capability","","","","✔","","","","","","","","","","","","C2","","C.MV","C.MV","Same as CMove","","","","","","","","" -"C.CJ","✔","✔","","","","","✔","Capability","","","","✔","","","","","","","","","","","","C2","","C.J","C.J","Jump to PC+offset, bounds check minimum size target instruction","mode==D (optional)","","","","","","","" -"C.CJAL","✔","","","","","","✔","Capability","","","","✔","","","","","","","","","","","","C2","","C.JAL","C.JAL","Jump to PC+offset, bounds check minimum size target instruction, link to cd","mode==D (optional)","","","","","","","" -"CJAL","✔","✔","","","","","✔","Capability","","","","✔","","","","","","","","","","","","JAL","","JAL","JAL","Jump to PC+offset, bounds check minimum size target instruction, link to cd","mode==D (optional)","","","","","","","" -"JALR.CAP","✔","✔","","","","✔","","Legacy","","","","","","","","","","","","","","","","JALR","","JALR.PCC","JALR.PCC","CJALR available in legacy mode (with zero offset)","mode==D (optional)","","","","","","","" -"JALR.PCC","✔","✔","","","","","✔","Capability","","","","","","","","","","","","","","","","JALR","1-src 1-dst","","","RISC-V JALR available in capability modes (with zero offset)","mode==D (optional)","","","","","","","" -"CJALR","✔","✔","","","","","✔","Capability","","","","","","","","","","","","","","","","JALR","","JALR","JALR","Indirect cap jump and link, bounds check minimum size target instruction, unseal target cap, seal link cap","mode==D (optional)","","","","","","","" -"C.CJALR","✔","✔","","","","","✔","Capability","","","","✔","","","","","","","","","","","","C2","","C.JALR","C.JALR","Indirect cap jump and link, bounds check minimum size target instruction, unseal target cap, seal link cap","mode==D (optional)","","","","","","","" -"C.CJR","✔","✔","","","","","✔","Capability","","","","✔","","","","","","","","","","","","C2","","C.JR","C.JR","Indirect cap jump, bounds check minimum size target instruction, unseal target cap","mode==D (optional)","","","","","","","" +"C.J","✔","✔","","","","✔","✔","Both","","","","✔","","","","","","","","","","","","C2","","C.J","C.J","Jump to PC+offset, bounds check minimum size target instruction","mode==D (optional)","","","","","","","" +"C.JAL","✔","","","","","✔","✔","Both","","","","✔","","","","","","","","","","","","C2","","C.JAL","C.JAL","Jump to PC+offset, bounds check minimum size target instruction, link to cd","mode==D (optional)","","","","","","","" +"JAL","✔","✔","","","","✔","✔","Both","","","","✔","","","","","","","","","","","","JAL","","JAL","JAL","Jump to PC+offset, bounds check minimum size target instruction, link to cd","mode==D (optional)","","","","","","","" +"JALR.MODE","✔","✔","","","","✔","✔","Both","","","","","","","","","","","","","","","","JALR","","JALR.PCC","JALR.PCC","JALR executes as in the other mode (with zero offset)","mode==D (optional)","","","","","","","" +"JALR","✔","✔","","","","✔","✔","Both","","","","","","","","","","","","","","","","JALR","","JALR","JALR","Indirect cap jump and link, bounds check minimum size target instruction, unseal target cap, seal link cap","mode==D (optional)","","","","","","","" +"C.JALR","✔","✔","","","","✔","✔","Both","","","","✔","","","","","","","","","","","","C2","","C.JALR","C.JALR","Indirect cap jump and link, bounds check minimum size target instruction, unseal target cap, seal link cap","mode==D (optional)","","","","","","","" +"C.JR","✔","✔","","","","✔","✔","Both","","","","✔","","","","","","","","","","","","C2","","C.JR","C.JR","Indirect cap jump, bounds check minimum size target instruction, unseal target cap","mode==D (optional)","","","","","","","" "DRET","✔","✔","✔","","","","","Legacy","","","","","","","","","","","","","","","","SYSTEM","","","","Return from debug mode, sets DDC from DDDC and PCC from DPCC","MODE>. - -[#C_CJ,reftext="C.CJ"] -==== C.CJ - Synopsis:: Register based jumps without link, 16-bit encodings -Capability Mode Mnemonic:: -`c.cj offset` +Mnemonic:: +`c.j offset` Capability Mode Expansion:: -`cjal c0, offset` - -Legacy Mode Mnemonic:: -`c.j offset` +`jal c0, offset` Legacy Mode Expansion:: `jal x0, offset` Encoding:: -include::wavedrom/c-cj-format-ls.adoc[] +include::wavedrom/c-j-format-ls.adoc[] Description:: Set the next PC following the standard `jal` definition. @@ -33,15 +24,15 @@ Set the next PC following the standard `jal` definition. *There is no difference in Capability Mode or Legacy Mode execution for this instruction.* Exceptions:: -See <>, <> +See <> include::pcrel_debug_warning.adoc[] -Prerequisites for C.CJ:: +Prerequisites for Capability Mode:: {c_cheri_base_ext_names} -Prerequisites for C.J:: +Prerequisites for Legacy Mode:: {c_cheri_legacy_ext_names} Operation (after expansion to 32-bit encodings):: - See <>, <> + See <> diff --git a/src/insns/cjal_jal_16bit.adoc b/src/insns/jal_16bit.adoc similarity index 55% rename from src/insns/cjal_jal_16bit.adoc rename to src/insns/jal_16bit.adoc index 1a8daa3f..4f5ece4f 100644 --- a/src/insns/cjal_jal_16bit.adoc +++ b/src/insns/jal_16bit.adoc @@ -1,22 +1,16 @@ <<< -//[#insns-cjal_jal-16bit,reftext="Conditional branches (C.CJAL,C.JAL), 16-bit encodings"] [#C_JAL,reftext="C.JAL"] ==== C.JAL -See <>. - -[#C_CJAL,reftext="C.CJAL"] -==== C.CJAL - Synopsis:: Register based jumps with link, 16-bit encodings Capability Mode Mnemonic (RV32):: -`c.cjal c1, offset` +`c.jal c1, offset` Capability Mode Expansion (RV32):: -`cjal c1, offset` +`jal c1, offset` Legacy Mode Mnemonic (RV32):: `c.jal x1, offset` @@ -25,20 +19,20 @@ Legacy Mode Expansion (RV32):: `jal x1, offset` Encoding (RV32):: -include::wavedrom/c-cjal-format-ls.adoc[] +include::wavedrom/c-jal-format-ls.adoc[] -include::cjal_jal_common.adoc[] +include::jal_common.adoc[] Exceptions:: -See <>, <> +See <> include::pcrel_debug_warning.adoc[] -Prerequisites for C.CJAL:: +Prerequisites for Capability Mode:: {c_cheri_base_ext_names} -Prerequisites for C.JAL:: +Prerequisites for Legacy Mode:: {c_cheri_legacy_ext_names} Operation (after expansion to 32-bit encodings):: - See <>, <> + See <> diff --git a/src/insns/cjal_jal_32bit.adoc b/src/insns/jal_32bit.adoc similarity index 70% rename from src/insns/cjal_jal_32bit.adoc rename to src/insns/jal_32bit.adoc index b4f10e01..094627ae 100644 --- a/src/insns/cjal_jal_32bit.adoc +++ b/src/insns/jal_32bit.adoc @@ -1,29 +1,18 @@ <<< -//[#insns-cjal_jal-32bit,reftext="Jumps (CJAL, JAL), 32-bit encodings"] - -[#CJ,reftext="CJ"] -==== CJ - -Expands to <> following the expansion rule for <> expanding to <> from cite:[riscv-unpriv-spec]. [#J,reftext="J"] ==== J Expands to <> following the expansion rule from cite:[riscv-unpriv-spec]. -[#CJAL,reftext="CJAL"] -==== CJAL - -See <> - [#JAL,reftext="JAL"] -==== CJAL, JAL +==== JAL Synopsis:: Jump and link Capability Mode Mnemonic:: -`cjal cd, offset` +`jal cd, offset` Legacy Mode Mnemonic:: `jal rd, offset` @@ -32,7 +21,7 @@ Encoding:: include::wavedrom/ct-unconditional.adoc[] Capability Mode Description:: -CJAL's immediate encodes a signed offset in multiple of 2 bytes. The <> is +JAL's immediate encodes a signed offset in multiple of 2 bytes. The <> is incremented by the sign-extended offset to form the jump target capability. The target capability is written to <>. The <> of the next instruction following the jump (<> + 4) is sealed and written to `cd`. @@ -49,19 +38,13 @@ address is not within the bounds of the <>. In this case, _CHERI jump or branch fault_ is reported in the TYPE field and Length Violation is reported in the CAUSE field of <> or <>. -Prerequisites for CJAL:: +Prerequisites for Capability Mode:: {cheri_base_ext_name} -Prerequisites for JAL:: +Prerequisites for Legacy Mode:: {cheri_legacy_ext_name} -CJAL Operation:: -+ --- -TODO --- - -JAL Operation TODO #where's the target check?# :: +Operation:: + -- TODO diff --git a/src/insns/cjal_jal_common.adoc b/src/insns/jal_common.adoc similarity index 100% rename from src/insns/cjal_jal_common.adoc rename to src/insns/jal_common.adoc diff --git a/src/insns/cjalr_jalr_16bit.adoc b/src/insns/jalr_16bit.adoc similarity index 53% rename from src/insns/cjalr_jalr_16bit.adoc rename to src/insns/jalr_16bit.adoc index bcfd4afa..657235e2 100644 --- a/src/insns/cjalr_jalr_16bit.adoc +++ b/src/insns/jalr_16bit.adoc @@ -1,22 +1,16 @@ <<< -//[#insns-cjalr_jalr-16bit,reftext="Conditional branches (C.CJALR, C.JALR), 16-bit encodings"] [#C_JALR,reftext="C.JALR"] ==== C.JALR -See <>. - -[#C_CJALR,reftext="C.CJALR"] -==== C.CJALR - Synopsis:: Register based jumps with link, 16-bit encodings Capability Mode Mnemonic:: -`c.cjalr c1, cs1` +`c.jalr c1, cs1` Capability Mode Expansion:: -`cjalr c1, 0(cs1)` +`jalr c1, 0(cs1)` Legacy Mode Mnemonic:: `c.jalr x1, rs1` @@ -25,20 +19,20 @@ Legacy Mode Expansion:: `jalr x1, 0(rs1)` Encoding:: -include::wavedrom/c-cjalr-format-ls.adoc[] +include::wavedrom/c-jalr-format-ls.adoc[] -include::cjalr_jalr_common.adoc[] +include::jalr_common.adoc[] Exceptions:: -See <>, <> +See <> include::pcrel_debug_warning.adoc[] -Prerequisites C.CJALR:: +Prerequisites for Capability Mode:: {c_cheri_base_ext_names} -Prerequisites C.JALR:: +Prerequisites for Legacy Mode:: {c_cheri_legacy_ext_names} Operation (after expansion to 32-bit encodings):: - See <>, <> + See <> diff --git a/src/insns/cjalr_jalr_32bit.adoc b/src/insns/jalr_32bit.adoc similarity index 83% rename from src/insns/cjalr_jalr_32bit.adoc rename to src/insns/jalr_32bit.adoc index 83f3b3ac..ec42ed1f 100644 --- a/src/insns/cjalr_jalr_32bit.adoc +++ b/src/insns/jalr_32bit.adoc @@ -1,28 +1,18 @@ <<< -[#CJR,reftext="CJR"] -==== CJR - -Expands to <> following the expansion rule for <> expanding to <> from cite:[riscv-unpriv-spec]. - [#JR,reftext="JR"] ==== JR Expands to <> following the expansion rule from cite:[riscv-unpriv-spec]. -[#CJALR,reftext="CJALR"] -==== CJALR - -See <> - [#JALR,reftext="JALR"] -==== CJALR, JALR +==== JALR Synopsis:: Jump and link register Capability Mode Mnemonic:: -`cjalr cd, cs1, offset` +`jalr cd, cs1, offset` Legacy Mode Mnemonic:: `jalr rd, rs1, offset` @@ -31,7 +21,7 @@ Encoding:: include::wavedrom/ct-unconditional-2.adoc[] Capability Mode Description:: -CJALR allows unconditional, indirect jumps to a target capability. The +JALR allows unconditional, indirect jumps to a target capability. The target capability is obtained by unsealing `cs1` if the immediate is zero and incrementing its address by the sign-extended 12-bit immediate otherwise, and then setting the least-significant bit of the @@ -57,7 +47,7 @@ reported in the CAUSE field of <> or <>: [%autowidth,options=header,align=center] |============================================================================== -| CAUSE | JALR | CJALR | Reason +| CAUSE | Legacy Mode | Capability Mode | Reason | Tag violation | | ✔ | `cs1` has tag set to 0 | Seal violation | | ✔ | `cs1` is sealed and the immediate is not 0 | Permission violation | | ✔ | `cs1` does not grant <> @@ -66,19 +56,13 @@ reported in the CAUSE field of <> or <>: include::pcrel_debug_warning.adoc[] -Prerequisites CJALR:: +Prerequisites Capability Mode:: {cheri_base_ext_name} -Prerequisites JALR:: +Prerequisites Legacy Mode:: {cheri_legacy_ext_name} -CJALR Operation:: -+ --- -TBD --- - -JALR Operation:: +Operation:: + -- TBD diff --git a/src/insns/jalr_cap_32bit.adoc b/src/insns/jalr_cap_32bit.adoc index 4ee92756..edc29677 100644 --- a/src/insns/jalr_cap_32bit.adoc +++ b/src/insns/jalr_cap_32bit.adoc @@ -1,42 +1,38 @@ <<< -[#JALR_PCC,reftext="JALR.PCC"] -==== JALR.PCC - -See <>. - -[#JALR_CAP,reftext="JALR.CAP"] -==== JALR.CAP +[#JALR_MODE,reftext="JALR.MODE"] +==== JALR.MODE ifdef::cheri_v9_annotations[] -NOTE: *CHERI v9 Note:* These instructions used to have separate encodings in -CHERI v9. The instructions depend on the CHERI execution mode and now -they share the same *new* encoding. +NOTE: *CHERI v9 Note:* This instruction used to have separate encodings in +CHERI v9 for each mode. The behaviour depends on the CHERI execution mode and now +only use a single *new* encoding. endif::[] Synopsis:: Indirect jump and link (via integer address or capability) Capability Mode Mnemonic:: -`jalr.pcc rd, rs1` +`jalr.mode rd, rs1` Legacy Mode Mnemonic:: -`jalr.cap cd, cs1` +`jalr.mode cd, cs1` Encoding:: include::wavedrom/ct-unconditional-jalr-cap.adoc[] Capability Mode Description:: -JALR.PCC allows unconditional jumps to a target integer address. The target +JALR.MODE allows unconditional jumps to a target integer address. The target address in `rs1` is installed in the address field of the <>. The address -of the instruction following the jump (<> + 4) is written to `rd`. This is identical to the standard <> instruction, but with zero offset. +of the instruction following the jump (<> + 4) is written to `rd`. +This is identical to the legacy mode <> instruction, but with zero offset. Legacy Mode Description:: -JALR.CAP allows unconditional jumps to a target capability. The capability in +JALR.MODE allows unconditional jumps to a target capability. The capability in `cs1` is installed in <>. The <> of the next instruction following the jump (<> + 4) is sealed and written to `cd`. This instruction can be -used to change the current CHERI execution mode and is identical to <> -but with zero offset. +used to change the current CHERI execution mode and is identical to +<> in capability mode but with zero offset. Exception:: When these instructions cause CHERI exceptions, _CHERI jump or @@ -45,7 +41,7 @@ reported in the CAUSE field of <> or <>: [%autowidth,options=header,align=center] |============================================================================== -| CAUSE | JALR.PCC | JALR.CAP| Reason +| CAUSE | Legacy Mode | Capability Mode| Reason | Tag violation | | ✔ | `cs1` has tag set to 0 | Seal violation | | ✔ | `cs1` is sealed and the immediate is not 0 | Permission violation | | ✔ | `cs1` does not grant <> @@ -54,19 +50,13 @@ reported in the CAUSE field of <> or <>: include::pcrel_debug_warning.adoc[] -Prerequisites JALR.PCC:: +Prerequisites for Capability Mode:: {cheri_base_ext_name} -Prerequisites JALR.CAP:: +Prerequisites Legacy Mode:: {cheri_legacy_ext_name} -Operation JALR.PCC:: -+ --- -TODO --- - -Operation JALR.CAP:: +Operation:: + -- TODO diff --git a/src/insns/cjalr_jalr_common.adoc b/src/insns/jalr_common.adoc similarity index 100% rename from src/insns/cjalr_jalr_common.adoc rename to src/insns/jalr_common.adoc diff --git a/src/insns/cjr_jr_16bit.adoc b/src/insns/jr_16bit.adoc similarity index 75% rename from src/insns/cjr_jr_16bit.adoc rename to src/insns/jr_16bit.adoc index 770f196d..47eb93c0 100644 --- a/src/insns/cjr_jr_16bit.adoc +++ b/src/insns/jr_16bit.adoc @@ -1,23 +1,16 @@ <<< -//[#insns-cjr_jr-16bit,reftext="Conditional branches (C.CJR, C.JR), 16-bit encodings"] [#C_JR,reftext="C.JR"] ==== C.JR -See <>. - -[#C_CJR,reftext="C.CJR"] -==== C.CJR - - Synopsis:: Register based jumps without link, 16-bit encodings Capability Mode Mnemonic:: -`c.cjr cs1` +`c.jr cs1` Capability Mode Expansion:: -`cjalr c0, 0(cs1)` +`jalr c0, 0(cs1)` Legacy Mode Mnemonic:: `c.jr rs1` @@ -36,15 +29,15 @@ Set the next PC according to the standard `jalr` definition. Check a minimum length instruction is in <> bounds at the target PC, take a CHERI Length Violation exception on error. Exceptions:: -See <>, <> +See <> include::pcrel_debug_warning.adoc[] -Prerequisites for C.CJALR:: +Prerequisites for Capability Mode:: {c_cheri_base_ext_names} -Prerequisites for C.JALR:: +Prerequisites for Legacy Mode:: {c_cheri_legacy_ext_names} Operation (after expansion to 32-bit encodings):: - See <>, <> + See <> diff --git a/src/insns/wavedrom/c-cj-format-ls.adoc b/src/insns/wavedrom/c-cj-format-ls.adoc deleted file mode 100644 index 54ef3c56..00000000 --- a/src/insns/wavedrom/c-cj-format-ls.adoc +++ /dev/null @@ -1,8 +0,0 @@ -[wavedrom, ,svg] -.... -{reg: [ - {bits: 2, name: 'op', type: 8, attr: ['2','C1=01']}, - {bits: 11, name: 'imm', type: 2, attr: ['11','offset[11|4|9:8|10|6|7|3:1|5]']}, - {bits: 3, name: 'funct3', type: 8, attr: ['3','cap: C.CJ=101','leg: C.J=101']}, -], config: {bits: 16}} -.... diff --git a/src/insns/wavedrom/c-cjal-format-ls.adoc b/src/insns/wavedrom/c-cjal-format-ls.adoc deleted file mode 100644 index 8c1120f2..00000000 --- a/src/insns/wavedrom/c-cjal-format-ls.adoc +++ /dev/null @@ -1,8 +0,0 @@ -[wavedrom, ,svg] -.... -{reg: [ - {bits: 2, name: 'op', type: 8, attr: ['2','C1=01']}, - {bits: 11, name: 'imm', type: 2, attr: ['11','offset[11|4|9:8|10|6|7|3:1|5]']}, - {bits: 3, name: 'funct3', type: 8, attr: ['3','cap rv32: C.CJAL=001','leg rv32: C.JAL=001']}, -], config: {bits: 16}} -.... diff --git a/src/insns/wavedrom/c-cjalr-format-ls.adoc b/src/insns/wavedrom/c-cjalr-format-ls.adoc deleted file mode 100644 index 444e7133..00000000 --- a/src/insns/wavedrom/c-cjalr-format-ls.adoc +++ /dev/null @@ -1,11 +0,0 @@ -//These instructions use the CR format. - -[wavedrom, ,svg] -.... -{reg: [ - {bits: 2, name: 'op', type: 8, attr: ['2','C2=10']}, - {bits: 5, name: 'cs2/rs2', type: 4, attr: ['5','0']}, - {bits: 5, name: 'cs1/rs1', type: 4, attr: ['5','src!=0']}, - {bits: 4, name: 'funct4', type: 8, attr: ['4', 'cap: C.CJALR=1001', 'leg: C.JALR=1001']}, -], config: {bits: 16}} -.... diff --git a/src/insns/wavedrom/c-cr-format-ls.adoc b/src/insns/wavedrom/c-cr-format-ls.adoc index d08181ea..7614bc06 100644 --- a/src/insns/wavedrom/c-cr-format-ls.adoc +++ b/src/insns/wavedrom/c-cr-format-ls.adoc @@ -4,8 +4,8 @@ .... {reg: [ {bits: 2, name: 'op', type: 8, attr: ['2','C2=10']}, - {bits: 5, name: 'cs2/rs2', type: 4, attr: ['5','0']}, - {bits: 5, name: 'cs1/rs1', type: 4, attr: ['5','src!=0']}, - {bits: 4, name: 'funct4', type: 8, attr: ['4','cap: C.CJR=1000', 'leg: C.JR=1000']}, + {bits: 5, name: 'cs2/rs2', type: 4, attr: ['5','0']}, + {bits: 5, name: 'cs1/rs1', type: 4, attr: ['5','src!=0']}, + {bits: 4, name: 'funct4', type: 8, attr: ['4','C.JR=1000']}, ], config: {bits: 16}} .... diff --git a/src/insns/wavedrom/ct-unconditional-2.adoc b/src/insns/wavedrom/ct-unconditional-2.adoc index b4a17de5..d6fe0c11 100644 --- a/src/insns/wavedrom/ct-unconditional-2.adoc +++ b/src/insns/wavedrom/ct-unconditional-2.adoc @@ -3,7 +3,7 @@ [wavedrom, ,svg] .... {reg: [ - {bits: 7, name: 'opcode', attr: ['7', 'cap: CJALR=1100111', 'leg: JALR=1100111'], type: 8}, + {bits: 7, name: 'opcode', attr: ['7', 'JALR=1100111'], type: 8}, {bits: 5, name: 'cd/rd', attr: ['5', 'dest'], type: 2}, {bits: 3, name: 'funct3', attr: ['3', '0'], type: 8}, {bits: 5, name: 'cs1/rs1', attr: ['5', 'base'], type: 4}, diff --git a/src/insns/wavedrom/ct-unconditional-jalr-cap.adoc b/src/insns/wavedrom/ct-unconditional-jalr-cap.adoc index bc5c9600..7fa357c9 100644 --- a/src/insns/wavedrom/ct-unconditional-jalr-cap.adoc +++ b/src/insns/wavedrom/ct-unconditional-jalr-cap.adoc @@ -4,8 +4,8 @@ {reg: [ {bits: 7, name: 'opcode', attr: ['7', 'JALR=1100111'], type: 8}, {bits: 5, name: 'cd', attr: ['5', 'dest'], type: 2}, - {bits: 3, name: 'funct3', attr: ['3', 'cap: JALR.PCC=001', 'leg: JALR.CAP=001'], type: 8}, + {bits: 3, name: 'funct3', attr: ['3', 'JALR.MODE=001'], type: 8}, {bits: 5, name: 'cs1/rs1', attr: ['5', 'base'], type: 4}, - {bits: 12, name: 'funct12', attr: ['12', 'cap: JALR.PCC=00..00', 'leg: JALR.CAP=00..00'], type: 3}, + {bits: 12, name: 'funct12', attr: ['12', 'JALR.MODE=00..00'], type: 3}, ]} .... diff --git a/src/insns/wavedrom/ct-unconditional.adoc b/src/insns/wavedrom/ct-unconditional.adoc index 1a2aba73..dc5a4867 100644 --- a/src/insns/wavedrom/ct-unconditional.adoc +++ b/src/insns/wavedrom/ct-unconditional.adoc @@ -4,7 +4,7 @@ [wavedrom, ,svg] .... {reg: [ - {bits: 7, name: 'opcode', attr: ['7', 'cap: CJAL=1101111', 'leg: JAL=1101111'], type: 8}, + {bits: 7, name: 'opcode', attr: ['7', 'JAL=1101111'], type: 8}, {bits: 5, name: 'cd/rd', attr: ['5', 'dest'], type: 2}, {bits: 8, name: 'imm[19:12]', attr: ['8', 'offset[19:12]'], type: 3}, {bits: 1, name: '[11]', attr: ['1'], type: 3}, diff --git a/src/insns/zcmp_cmpopret.adoc b/src/insns/zcmp_cmpopret.adoc index 1eb7bf57..d97202a8 100644 --- a/src/insns/zcmp_cmpopret.adoc +++ b/src/insns/zcmp_cmpopret.adoc @@ -29,7 +29,7 @@ Encoding:: _rlist_ values 0 to 3 are reserved for a future EABI variant Capability Mode Description:: -Load capability registers as specified in _creg_list_. Deallocate stack frame. Return by calling <> to `cra`. All data accesses are checked against `csp`. The return destination is checked against `cra`. +Load capability registers as specified in _creg_list_. Deallocate stack frame. Return by calling <> to `cra`. All data accesses are checked against `csp`. The return destination is checked against `cra`. Legacy Mode Description:: Load integer registers as specified in _reg_list_. Deallocate stack frame. Return by calling <> to `ra`. All data accesses are checked against <>. The return destination is checked against <>. diff --git a/src/insns/zcmp_cmpopretz.adoc b/src/insns/zcmp_cmpopretz.adoc index bc542a8a..01039a84 100644 --- a/src/insns/zcmp_cmpopretz.adoc +++ b/src/insns/zcmp_cmpopretz.adoc @@ -29,7 +29,7 @@ Encoding:: _rlist_ values 0 to 3 are reserved for a future EABI variant Capability Mode Description:: -Load capability registers as specified in _creg_list_. Deallocate stack frame. Move zero into `ca0`. Return by calling <> to `cra`. All data accesses are checked against `csp`. The return destination is checked against `cra`. +Load capability registers as specified in _creg_list_. Deallocate stack frame. Move zero into `ca0`. Return by calling <> to `cra`. All data accesses are checked against `csp`. The return destination is checked against `cra`. Legacy Mode Description:: Load integer registers as specified in _reg_list_. Deallocate stack frame. Move zero into `a0`. Return by calling <> to `ra`. All data accesses are checked against <>. The return destination is checked against <>. diff --git a/src/instructions.adoc b/src/instructions.adoc index ae85abe3..96370f8d 100644 --- a/src/instructions.adoc +++ b/src/instructions.adoc @@ -11,7 +11,7 @@ checked against <> . In Legacy mode, a minimum length instruction at the target of all indirect jumps is bounds checked against <> . In Capability mode a minimum length instruction at the target of all indirect -jumps is bounds checked against `cs1` (e.g. <>) +jumps is bounds checked against `cs1` (e.g. <>) . A minimum length instruction at the taken target of all direct jumps and conditional branches is bounds checked against <> regardless of CHERI execution mode @@ -73,9 +73,9 @@ include::insns/auipc_32bit.adoc[] include::insns/condbr_32bit.adoc[] -include::insns/cjalr_jalr_32bit.adoc[] +include::insns/jalr_32bit.adoc[] -include::insns/cjal_jal_32bit.adoc[] +include::insns/jal_32bit.adoc[] include::insns/load_32bit.adoc[] @@ -127,13 +127,13 @@ include::insns/addi4spn_16bit.adoc[] include::insns/modeswitch_16bit.adoc[] -include::insns/cjalr_jalr_16bit.adoc[] +include::insns/jalr_16bit.adoc[] -include::insns/cjr_jr_16bit.adoc[] +include::insns/jr_16bit.adoc[] -include::insns/cjal_jal_16bit.adoc[] +include::insns/jal_16bit.adoc[] -include::insns/cj_j_16bit.adoc[] +include::insns/j_16bit.adoc[] include::insns/load_16bit.adoc[] @@ -259,10 +259,6 @@ See <>, <>. If the access to the jump table succeeds, then the instructions execute as follows: -* In capability mode -** <> executes as <> or <>+<> -** <> executes as <> or <>+<> -* In legacy mode ** <> executes as <> or <>+<> ** <> executes as <> or <>+<> diff --git a/src/riscv-integration.adoc b/src/riscv-integration.adoc index dd75eb77..b2780bfc 100644 --- a/src/riscv-integration.adoc +++ b/src/riscv-integration.adoc @@ -232,14 +232,12 @@ to the base behaviour as described below. ===== Unconditional Jumps -The capability jump and link (<>) instruction replaces jump and link (<>) at -the same encoding. <> sign-extends the offset and adds it to the address of +<> sign-extends the offset and adds it to the address of the jump instruction to form the target address. The target address is installed in the address field of <>. The capability with the address of the instruction following the jump (<> + 4) is written to a *c* register. -The capability jump and link register (<>) instruction replaces the jump -and link register (<>) instruction at the same encoding. This instruction +<> allows unconditional jumps to a target capability. The target capability is obtained by incrementing the capability in the *c* register operand by the sign-extended 12-bit immediate if the immediate is not zero, then setting the @@ -250,7 +248,7 @@ and written to a *c* register. All jumps cause CHERI exceptions when a minimum sized instruction at the target address is not within the bounds of the <>. -<> causes a CHERI exception when: +<> causes a CHERI exception when: * The target capability's tag is zero * The target capability is sealed and the immediate is not zero @@ -258,8 +256,8 @@ at the target address is not within the bounds of the <>. within bounds * The target capability does not grant execute permission -<> and <> can also cause instruction address misaligned exceptions -following the standard RISC-V rules for <> and <>. +<> and <> can also cause instruction address misaligned exceptions +following the standard RISC-V rules. [#condbr-purecap] ===== Conditional Branches @@ -1055,7 +1053,7 @@ NOTE: `auth_cap` is <> for Legacy mode and `cs1` for Capability Mode 6+| *CSR/Xret additional exception check* | CSR*, <>, <> | {cheri_excep_mcause} | {cheri_excep_type_pcc} | {cheri_excep_cause_perm} | <> permission | not(<>.<>) when required for CSR access or execution of <>/<> 6+| *direct jumps additional exception check* -| <>, <>, <> | {cheri_excep_mcause} | {cheri_excep_type_jump} | {cheri_excep_cause_length} | <> length | any byte of minimum length instruction at target out of <> bounds +| <>, <> | {cheri_excep_mcause} | {cheri_excep_type_jump} | {cheri_excep_cause_length} | <> length | any byte of minimum length instruction at target out of <> bounds 6+| *indirect jumps additional exception checks* | indirect jumps | {cheri_excep_mcause} | {cheri_excep_type_jump} | {cheri_excep_cause_tag} |`cs1` tag | not(`cs1.tag`) | indirect jumps | {cheri_excep_mcause} | {cheri_excep_type_jump} | {cheri_excep_cause_seal} |`cs1` seal | isCapSealed(`cs1`) and imm12 != 0 @@ -1080,7 +1078,7 @@ NOTE: `auth_cap` is <> for Legacy mode and `cs1` for Capability Mode | capability stores | 6 | N/A | N/A |capability alignment | Misaligned capability store |========================================================================================= -NOTE: Indirect branches are <>, <>, <>, <>, conditional branches are <>. +NOTE: Indirect branches are <>, <>, conditional branches are <>. NOTE: <> issues as a cache block wide store. All CMOs operate on the cache block which contains the address. Prefetches check @@ -1158,6 +1156,7 @@ semantics of <> This implies that sealed capabilities will always get their tags cleared when written to these CSRs unless the specification explicitly states that the CSR behaves otherwise (see <> and <>). Also notes that <> is -available in a read-only CSR. It can be written with <> instruction -which automatically unseals the capability _before_ the invalid address +available in a read-only CSR. It can be written with a <> instruction +in capability mode or a <> instruction in legacy mode +which automatically unseal the capability _before_ the invalid address conversion above. diff --git a/src/riscv-legacy-integration.adoc b/src/riscv-legacy-integration.adoc index a20a725e..c5933bb6 100644 --- a/src/riscv-legacy-integration.adoc +++ b/src/riscv-legacy-integration.adoc @@ -123,17 +123,17 @@ the tag and metadata of that register are implicitly set to 0. The unconditional jump instructions change behaviour depending on the CHERI execution mode although the instruction's encoding remains unchanged. -The jump and link instruction is <> when the CHERI execution mode is -Capability; the instruction behaves as described in -xref:section_existing_riscv_insns[xrefstyle=short]. That encoding is <> -when the mode is Legacy. In this case, the address of the instruction +The jump and link instruction <> when the CHERI execution mode is +Capability; behaves as described in +xref:section_existing_riscv_insns[xrefstyle=short]. +When the mode is Legacy. In this case, the address of the instruction following the jump (*pc* + 4) is written to an *x* register; that register's tag and capability metadata are zeroed. -The jump and link register instruction is <> when the CHERI execution mode -is Capability; the instruction behaves as described in -xref:section_existing_riscv_insns[xrefstyle=short]. That encoding is <> -when the mode is Legacy. In this case, the target address is obtained by adding +The jump and link register instruction is <> when the CHERI execution mode +is Capability; behaves as described in +xref:section_existing_riscv_insns[xrefstyle=short]. +When the mode is Legacy. In this case, the target address is obtained by adding the sign-extended 12-bit immediate to the *x* register operand, then setting the least significant bit of the result to zero. The target address is then written to the <> address and a representability check is performed. The diff --git a/src/riscv-mode-integration.adoc b/src/riscv-mode-integration.adoc index 4e8ccec0..faad60e8 100644 --- a/src/riscv-mode-integration.adoc +++ b/src/riscv-mode-integration.adoc @@ -59,7 +59,7 @@ bit M of the capability currently installed in the <>. ==== Unconditional Capability Jumps {cheri_mode_ext_name} allows changing the current CHERI execution mode when -executing <> or <>. +executing <> or <>. === Integrating Zcheri_mode with Sdext