C64-Secure ABI demo.

[jacobbramley]

This demo illustrates a few calling-convention options for weak (but potentially fast) compartmentalisation across function calls.

[ltratt]

@jacobbramley This looks good, and useful -- thanks!

@0152la Is there an easy way of only building this example in CI on Morello? I must admit that I've forgotten how to navigate the infrastructure for this repo...

[jacobbramley]

@0152la Is there an easy way of only building this example in CI on Morello? I must admit that I've forgotten how to navigate the infrastructure for this repo...

I think I could add it to .buildbot.sh fairly easily. I'll do that whilst I fix the other issues.

[ltratt]

@jacobbramley I remember there's some fiddling because we and try and support multiple platforms. Good luck!

[0152la]

@0152la Is there an easy way of only building this example in CI on Morello? I must admit that I've forgotten how to navigate the infrastructure for this repo...

I think I could add it to .buildbot.sh fairly easily. I'll do that whilst I fix the other issues.

I think the process is:
(a) to build, it'll need to be added to .buildbot.sh. Currently we seem to build both riscv and morello together [1], so you'll probably need another block that'll be (pseudocode) push; make morello-purecap clean; make morello-purecap all; pop.
(b) to run, add it somewhere in the appropriate block in run_tests.sh [2]. I think since it's built only for morello, it'll only be run for morello, but unsure here.

However, since the infrastructure is a bit flimsy I'd think, perhaps as long as it builds it's fine, or even could preclude adding it. I think there's some stuff that's not been ran in CI, and we should probably add everything once (if) we redo the CI.

[1] https://github.com/capablevms/cheri-examples/blob/master/.buildbot.sh#L16-L25
[2] https://github.com/capablevms/cheri-examples/blob/master/tests/run_tests.sh#L64

[probablytom]

Thanks for the patience with this review being so late. Mostly small notes on comments & explanatory text! Great example.

[probablytom]

Are these TODOs to be addressed before merge? If not, I wonder whether it'd be clearer for future readers that it's a warning about the prog's behaviour to mark them NB or something similar…

[jacobbramley]

Not before merge, since what is implemented is sufficient for the demo, but we might decide to address them in some future update if the corner-cases are interesting.

I normally use "TODO" for such things, but if the project prefers a different marker (like NB), that's fine too.

[probablytom]

I think NB would be clearer! Like you say, what's implemented is fine for the demo itself.

[probablytom]

This is obviously key to the example, and I think clarifying what you mean here would help make this example easy to understand; I think it would have helped me more quickly realise what's going on, which I think is important for an examples repo.

I think it's tricky at the moment because the flow of the example is unusual. When I was first reading the PR, I noticed that main calls Z(0), which then calls this relatively beefy function (compared to main). Because it's large and main is so small, it looks like it could be doing lots of the work the example's demonstrating, but really it's a helper function driving recursive calls to the stuff in the assembly! There's a red herring, but the confusion could be avoided by clarifying here.

So for example this comment could explain this as…:

This is the main interactive logic of the example. Every demo function (found in `impls.s`) calls this to determine how many locals to allocate and which demo function to call next (A, B, C, Z, or . to return). The caller of `what_next` also calls the next demo function requested by the user, so the logic demonstrated by this example can be found there. `what_next` just facilitates the interactive part of the program by allowing the user to input which demo function to call next (and its number of locals).

I realise this is just a comment, but given it's also an example I think clarifying what's going on is valuable for future readers.

[jacobbramley]

That's a good suggestion, thanks!

[jacobbramley]

Reworded here: 437b84f

Is that any better?

[probablytom]

This looks brill! I'd nit-pick the TODO that snuck in for the reasons mentioned in earlier comments (you suggested NB as an alternative in another thread, which I really like) but the reword itself is ace :)