Permute ACPERMS integer operand's bits #325
Comments
|
@nwf-msr : Which instruction(s) do you have in mind for producing the arbitrary 4-bit value you mentioned here? I am guessing is
We currently have these architectural permissions defined:
How about something like this instead? (I am assuming that LM and ASR do not change very often either)
|
Oh, indeed, I just can't count. Even better. :)
ASR changes roughly never, yes.
I think that's a perfectly sensible order and, FWIW, is pretty close to the CHERIoT one.
@davidchisnall might recall something I'm overlookng, tho'. |
|
@nwf-msr : Thanks for the info. I will prepare a PR. @jonwoodruff also pointed out that we would ideally put the software-defined permissions within the 12 LSBs because these are often (perhaps in the allocator? I cannot remember exactly were!), so I will shift those around as well. |
|
I agree that it makes sense to keep the user perms within the 12-bit immediate so that allocators/the kernel can check for them using one instruction less. Not a huge performance improvement, but probably worth doing anyway. The only awkward thing we might need to consider is that the user-perms are "variable length" so any new permissions might need to end up quite high up unless we say "uperm 0/1 go at the low offset, later user-perms start at 32 (since they are rv64 only). It would be worth checking if the allocator/kernel check any bits in addition to the user bits. |
tariqkurd-repo
added
documentation
This a first attempt at permuting the permissions bitmap used for
ACPERM/GCPERM. The main goals are:
* Put 3 reserved bits along with W and LM within bits [4:0]
* These can be changed using the immediate from `c.andi`
* Put software-defined permissions (SDP) within bits [10:0] (even in the
RV64 case!)
* These can be changed using RVI instructions with 12-bit sign-extended
immediates (e.g. `andi`)
* The remainder architecturally-defined permissions (X, ASR and R) above
bit 12 because these are rarely changed
Fixes #325
This a first attempt at permuting the permissions bitmap used for
ACPERM/GCPERM. The main goals are:
* Put 3 reserved bits along with W and LM within bits [4:0]
* These can be changed using the immediate from `c.andi`
* Put software-defined permissions (SDP) within bits [10:0] (even in the
RV64 case!)
* These can be changed using RVI instructions with 12-bit sign-extended
immediates (e.g. `andi`)
* The remainder architecturally-defined permissions (X, ASR and R) above
bit 12 because these are rarely changed
Fixes riscv#325
As discussed on the mailing list (here, here, and here) and as part of #294 and #324, we should permute the current bit pattern used by ACPERM (https://github.com/riscv/riscv-cheri/blob/main/src/img/acperm_bit_field.edn) to leave the bottom-most bits available for extensions.
In RISC-V, an arbitrary value for the least significant four bits of an otherwise all-1s XLEN-length word,
nin0xF...Fn, can be synthesized with a single compressed instruction. That is, these bits are somewhat more precious than the others.In more detail, presently, ACPERM's bit pattern's least significant bits are C, R, W, and X. Experience (between big-CHERI and CHERIoT) suggests that C, R, and X are relatively rarely modified, while W and non-base-specification permissions (load-global, load-mutable) are more often changed as part of exchanging data and structures across trust boundaries.
Therefore, it would be nice for C, R, and X to be moved up to higher bits in the ACPERM bit pattern, with their prior locations left reserved for further extensions (such as the as-yet hypothetical Zcheriot).
The text was updated successfully, but these errors were encountered: