riscv-cheri icon indicating copy to clipboard operation
riscv-cheri copied to clipboard

Published 20 hours ago verified publisher icon riscv

M bit sense should be inverted

Open sorear opened this issue 1 year ago • 4 comments

In Zcheri_purecap, M is a reserved bit, so Zcheri_purecap software will set M to 0. For this reason, if Zcheri_mode is enabled, M = 0 should trigger Zcheri_purecap-compatible behavior, with M = 1 used for the non-Zcheri_purecap-compatible behavior.

sorear avatar Jan 24 '24 14:01 sorear

I don't agree - on a purecap only core the M bit doesn't exist - it's reserved - and could be used for something else in future. This is unlikely on RV64 as there's a lot of free space in the metadata, but for RV32 this is extremely likely as there are very few reserved bits, and more extensions are planned. The immediate need is to add some CHERIoT style features which will be for a purecap only core which will use that bit for something else, which is why we separated it out.

So software for a purecap only core must not be relying on the state of that bit.

tariqkurd-repo avatar Jan 24 '24 15:01 tariqkurd-repo

I am not proposing for purecap software to rely on the state of the bit, or look at the bit at all.

Purecap software sets all reserved bits to 0, so extensions should do something with the value "0" that is appropriate for purecap. Software that uses a given extension will set its corresponding allocated bits to "1".

sorear avatar Jan 24 '24 15:01 sorear

So software for a purecap only core must not be relying on the state of that bit.

That doesn't work; if the bit exists it needs to be set to the right value! Which makes 0 the sensible value to use in this world, so you don't have to do anything to get the right value by default. Only if you want legacy mode do you need to set it to 1.

jrtc27 avatar Jan 24 '24 16:01 jrtc27

My thoughts on the matter have shifted to "capability extensions can redefine the format of the metadata word within fairly broad limits, so although it is architectural software should treat the metadata word format as implementation defined unless the exact ISA string is known; cbuildcap should not be used in generic software on anything other than a bit pattern previously generated by the implementation". If that is adopted, this issue can be closed.

sorear avatar Jan 28 '24 06:01 sorear

The sense of the M-bit has already been inverted: https://github.com/riscv/riscv-cheri/pull/305

andresag01 avatar Sep 27 '24 09:09 andresag01