From c4e93a7cfc16fc1d642c87a422aceb8352901f86 Mon Sep 17 00:00:00 2001 From: Alexander Richardson Date: Mon, 16 Sep 2024 01:54:25 -0700 Subject: [PATCH] Use "bounds" violation instead of "length" (#367) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This error also applies to access before the start of the capability, so length is not an accurate term, and most existing software already refers to it as a bounds violation. Fixes: https://github.com/riscv/riscv-cheri/issues/366 --------- Co-authored-by: Andrés Amaya Garcia --- src/attributes.adoc | 2 +- src/insns/atomic_exceptions.adoc | 2 +- src/insns/cbo_exceptions.adoc | 2 +- src/insns/condbr_common.adoc | 2 +- src/insns/hypv-virt-loadx.adoc | 2 +- src/insns/jal_32bit.adoc | 2 +- src/insns/jalr_32bit.adoc | 2 +- src/insns/load_exceptions.adoc | 2 +- src/insns/mret_sret.adoc | 2 +- src/insns/store_exceptions.adoc | 2 +- src/insns/zcmt_cmjalt.adoc | 2 +- src/insns/zcmt_cmjt.adoc | 2 +- src/riscv-integration.adoc | 18 +++++++++--------- 13 files changed, 21 insertions(+), 21 deletions(-) diff --git a/src/attributes.adoc b/src/attributes.adoc index be9da618..3bc90cf7 100644 --- a/src/attributes.adoc +++ b/src/attributes.adoc @@ -93,4 +93,4 @@ endif::[] :cheri_excep_cause_seal: 1 :cheri_excep_cause_perm: 2 :cheri_excep_cause_inv_addr: 3 -:cheri_excep_cause_length: 4 +:cheri_excep_cause_bounds: 4 diff --git a/src/insns/atomic_exceptions.adoc b/src/insns/atomic_exceptions.adoc index e04610a5..fd49d590 100644 --- a/src/insns/atomic_exceptions.adoc +++ b/src/insns/atomic_exceptions.adoc @@ -31,7 +31,7 @@ reported in the CAUSE field of <> or <>: | Seal violation | Authority capability is sealed | Permission violation | Authority capability does not grant <> or <>, or the AP field could not have been produced by <> | Invalid address violation | The effective address is invalid according to xref:section_invalid_addr_conv[xrefstyle=short] -| Length violation | At least one byte accessed is outside the authority capability bounds, or the capability has <> bounds +| Bounds violation | At least one byte accessed is outside the authority capability bounds, or the capability has <> bounds |============================================================================== :!cap_atomic: diff --git a/src/insns/cbo_exceptions.adoc b/src/insns/cbo_exceptions.adoc index 3d844ee8..ca9f2ef9 100644 --- a/src/insns/cbo_exceptions.adoc +++ b/src/insns/cbo_exceptions.adoc @@ -32,7 +32,7 @@ ifdef::cbo_inval[] | Permission violation | Authority capability does not grant <>, <> or <>, or the AP field could not have been produced by <> endif::[] | Invalid address violation | The effective address is invalid according to xref:section_invalid_addr_conv[xrefstyle=short] -| Length violation | None of the bytes accessed are within the bounds, or the capability has <> bounds +| Bounds violation | None of the bytes accessed are within the bounds, or the capability has <> bounds |============================================================================== diff --git a/src/insns/condbr_common.adoc b/src/insns/condbr_common.adoc index a8df852d..4e86c5dd 100644 --- a/src/insns/condbr_common.adoc +++ b/src/insns/condbr_common.adoc @@ -1,5 +1,5 @@ Exceptions:: When the target address is not within the <>'s bounds, and the branch is taken, a _CHERI jump or -branch fault_ is reported in the TYPE field and Length Violation is reported in +branch fault_ is reported in the TYPE field and Bounds violation is reported in the CAUSE field of <> or <>: diff --git a/src/insns/hypv-virt-loadx.adoc b/src/insns/hypv-virt-loadx.adoc index 86919ed2..9ef74aa9 100644 --- a/src/insns/hypv-virt-loadx.adoc +++ b/src/insns/hypv-virt-loadx.adoc @@ -52,7 +52,7 @@ listed below; in this case, _CHERI data fault_ is reported in the <> or | Seal violation | Authority capability is sealed | Permission violation | Authority capability does not grant <> or <>, or the AP field could not have been produced by <> | Invalid address violation | The effective address is invalid according to xref:section_invalid_addr_conv[xrefstyle=short] -| Length violation | At least one byte accessed is outside the authority capability bounds, or the capability has <> bounds +| Bounds violation | At least one byte accessed is outside the authority capability bounds, or the capability has <> bounds |============================================================================== Prerequisites for {cheri_cap_mode_name}:: diff --git a/src/insns/jal_32bit.adoc b/src/insns/jal_32bit.adoc index bfbe986f..8d6522cb 100644 --- a/src/insns/jal_32bit.adoc +++ b/src/insns/jal_32bit.adoc @@ -37,7 +37,7 @@ Exceptions:: |============================================================================== | CAUSE | {cheri_int_mode_name} | {cheri_cap_mode_name} | Reason | Invalid address violation | ✔ | ✔ | The target address is invalid according to xref:section_invalid_addr_conv[xrefstyle=short] -| Length violation | ✔ | ✔ | Minimum length instruction is not within the target capability's bounds. +| Bounds violation | ✔ | ✔ | Minimum length instruction is not within the target capability's bounds. |============================================================================== include::pcrel_debug_warning.adoc[] diff --git a/src/insns/jalr_32bit.adoc b/src/insns/jalr_32bit.adoc index fee459bf..d6c09d99 100644 --- a/src/insns/jalr_32bit.adoc +++ b/src/insns/jalr_32bit.adoc @@ -53,7 +53,7 @@ reported in the CAUSE field of <> or <>: | Seal violation | | ✔ | `cs1` is sealed and the immediate is not 0 | Permission violation | | ✔ | `cs1` does not grant <>, or the AP field could not have been produced by <> | Invalid address violation | ✔ | ✔ | The target address is invalid according to xref:section_invalid_addr_conv[xrefstyle=short] -| Length violation | ✔ | ✔ | Minimum length instruction is not within the target capability's bounds, which will fail +| Bounds violation | ✔ | ✔ | Minimum length instruction is not within the target capability's bounds, which will fail if `cs1` has <> bounds in {cheri_cap_mode_name}. |============================================================================== diff --git a/src/insns/load_exceptions.adoc b/src/insns/load_exceptions.adoc index fc247fe5..7c545d84 100644 --- a/src/insns/load_exceptions.adoc +++ b/src/insns/load_exceptions.adoc @@ -19,7 +19,7 @@ listed below; in this case, _CHERI data fault_ is reported in the <> or | Seal violation | Authority capability is sealed | Permission violation | Authority capability does not grant <>, or the AP field could not have been produced by <> | Invalid address violation | The effective address is invalid according to xref:section_invalid_addr_conv[xrefstyle=short] -| Length violation | At least one byte accessed is outside the authority capability bounds, or the capability has <> bounds +| Bounds violation | At least one byte accessed is outside the authority capability bounds, or the capability has <> bounds |============================================================================== + diff --git a/src/insns/mret_sret.adoc b/src/insns/mret_sret.adoc index 23dbf59f..a9bee1f2 100644 --- a/src/insns/mret_sret.adoc +++ b/src/insns/mret_sret.adoc @@ -27,7 +27,7 @@ Exceptions:: CHERI fault exceptions occur when <> does not grant <> because <> and <> require access to privileged CSRs. When that exception occurs, _CHERI instruction access fault_ is reported in the TYPE field and the -Permission Violation codes is reported in the CAUSE field of <> or +Permission violation code is reported in the CAUSE field of <> or <>. Operation:: diff --git a/src/insns/store_exceptions.adoc b/src/insns/store_exceptions.adoc index b1df5db4..599a0ce1 100644 --- a/src/insns/store_exceptions.adoc +++ b/src/insns/store_exceptions.adoc @@ -19,7 +19,7 @@ listed below; in this case, _CHERI data fault_ is reported in the <> or | Seal violation | Authority capability is sealed | Permission violation | Authority capability does not grant <>, or the AP field could not have been produced by <> | Invalid address violation | The effective address is invalid according to xref:section_invalid_addr_conv[xrefstyle=short] -| Length violation | At least one byte accessed is outside the authority capability bounds, or the capability has <> bounds +| Bounds violation | At least one byte accessed is outside the authority capability bounds, or the capability has <> bounds |============================================================================== + :!store_cond: diff --git a/src/insns/zcmt_cmjalt.adoc b/src/insns/zcmt_cmjalt.adoc index 169790f6..7d5f6ed4 100644 --- a/src/insns/zcmt_cmjalt.adoc +++ b/src/insns/zcmt_cmjalt.adoc @@ -50,7 +50,7 @@ reported in the CAUSE field of <> or <>: | Seal violation | ✔ | Permission violation | ✔ | Invalid address violation | ✔ -| Length violation | ✔ +| Bounds violation | ✔ |============================================================================== include::pcrel_debug_warning.adoc[] diff --git a/src/insns/zcmt_cmjt.adoc b/src/insns/zcmt_cmjt.adoc index e87c468e..28891b55 100644 --- a/src/insns/zcmt_cmjt.adoc +++ b/src/insns/zcmt_cmjt.adoc @@ -50,7 +50,7 @@ reported in the CAUSE field of <> or <>: | Seal violation | ✔ | Permission violation | ✔ | Invalid address violation | ✔ -| Length violation | ✔ +| Bounds violation | ✔ |============================================================================== include::pcrel_debug_warning.adoc[] diff --git a/src/riscv-integration.adoc b/src/riscv-integration.adoc index 5766c936..1b4e0b7a 100644 --- a/src/riscv-integration.adoc +++ b/src/riscv-integration.adoc @@ -778,7 +778,7 @@ xref:mtval-cheri-causes[xrefstyle=short] respectively. | {cheri_excep_cause_seal} | Seal violation | {cheri_excep_cause_perm} | Permission violation | {cheri_excep_cause_inv_addr} | Invalid address violation -| {cheri_excep_cause_length} | Length violation +| {cheri_excep_cause_bounds} | Bounds violation | 5-15 | Reserved |============================================================================== @@ -788,7 +788,7 @@ CHERI violations have the following order in priority: . Seal violation . Permission violation . Invalid address violation -. Length violation (_Lowest_) +. Bounds violation (_Lowest_) [#supervisor-level-csrs-section] === Supervisor-Level CSRs @@ -1016,23 +1016,23 @@ NOTE: `auth_cap` is <> for {cheri_int_mode_name} and `cs1` for {cheri_cap_m | All | {cheri_excep_mcause} | {cheri_excep_type_pcc} | {cheri_excep_cause_seal} | <> seal | isCapSealed(<>)^1^ | All | {cheri_excep_mcause} | {cheri_excep_type_pcc} | {cheri_excep_cause_perm} | <> permission | not(<>.<>) | All | {cheri_excep_mcause} | {cheri_excep_type_pcc} | {cheri_excep_cause_inv_addr} | <> invalid address | <> holds an invalid address -| All | {cheri_excep_mcause} | {cheri_excep_type_pcc} | {cheri_excep_cause_length} | <> length | Any byte of current instruction out of <> bounds +| All | {cheri_excep_mcause} | {cheri_excep_type_pcc} | {cheri_excep_cause_bounds} | <> bounds | Any byte of current instruction out of <> bounds 6+| *CSR/Xret additional exception check* | CSR*, <>, <> | {cheri_excep_mcause} | {cheri_excep_type_pcc} | {cheri_excep_cause_perm} | <> permission | not(<>.<>) when required for CSR access or execution of <>/<> 6+| *direct jumps additional exception check* -| <>, <> | {cheri_excep_mcause} | {cheri_excep_type_jump} | {cheri_excep_cause_length} | <> length | any byte of minimum length instruction at target out of <> bounds +| <>, <> | {cheri_excep_mcause} | {cheri_excep_type_jump} | {cheri_excep_cause_bounds} | <> bounds | any byte of minimum length instruction at target out of <> bounds 6+| *indirect jumps additional exception checks* | indirect jumps | {cheri_excep_mcause} | {cheri_excep_type_jump} | {cheri_excep_cause_tag} |`cs1` tag | not(`cs1.tag`) | indirect jumps | {cheri_excep_mcause} | {cheri_excep_type_jump} | {cheri_excep_cause_seal} |`cs1` seal | isCapSealed(`cs1`) and imm12 != 0 | indirect jumps | {cheri_excep_mcause} | {cheri_excep_type_jump} | {cheri_excep_cause_perm} |`cs1` permission | not(`cs1`.<>) | indirect jumps | {cheri_excep_mcause} | {cheri_excep_type_jump} | {cheri_excep_cause_inv_addr} |`cs1` invalid address | target address is an invalid address -| indirect jumps | {cheri_excep_mcause} | {cheri_excep_type_jump} | {cheri_excep_cause_length} |`cs1` length | any byte of minimum length instruction at target out of `cs1` bounds +| indirect jumps | {cheri_excep_mcause} | {cheri_excep_type_jump} | {cheri_excep_cause_bounds} |`cs1` bounds | any byte of minimum length instruction at target out of `cs1` bounds 6+| *Load additional exception checks* | all loads | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_tag} | `auth_cap` tag | not(`auth_cap.tag`) | all loads | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_seal} | `auth_cap` seal | isCapSealed(`auth_cap`) | all loads | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_perm} | `auth_cap` permission | not(`auth_cap`.<>) | all loads | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_inv_addr} | `auth_cap` invalid address | Address is invalid (see <>) -| all loads | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_length} | `auth_cap` length | Any byte of load access out of `auth_cap` bounds +| all loads | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_bounds} | `auth_cap` bounds | Any byte of load access out of `auth_cap` bounds | capability loads | 4 | N/A | N/A | load address misaligned | Misaligned capability load 6+| *Store/atomic/cache-block-operation additional exception checks* | all stores, all atomics, all cbos | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_tag} |`auth_cap` tag | not(`auth_cap.tag`) @@ -1041,9 +1041,9 @@ NOTE: `auth_cap` is <> for {cheri_int_mode_name} and `cs1` for {cheri_cap_m | all stores, all atomics, CBO.INVAL*, CBO.ZERO* | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_perm} |`auth_cap` permission | not(`auth_cap`.<>) | CBO.CLEAN*, CBO.FLUSH* | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_perm} |`auth_cap` permission | not(`auth_cap`.<>) and not(`auth_cap`.<>) | all stores, all atomics, all cbos | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_inv_addr} |`auth_cap` invalid address | Address is invalid (see <>) -| all stores, all atomics | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_length} |`auth_cap` length | any byte of access out of `auth_cap` bounds -| CBO.ZERO*, CBO.INVAL* | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_length} |`auth_cap` length | any byte of cache block out of `auth_cap` bounds -| CBO.CLEAN*, CBO.FLUSH* | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_length} |`auth_cap` length | all bytes of cache block out of `auth_cap` bounds +| all stores, all atomics | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_bounds} |`auth_cap` bounds | any byte of access out of `auth_cap` bounds +| CBO.ZERO*, CBO.INVAL* | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_bounds} |`auth_cap` bounds | any byte of cache block out of `auth_cap` bounds +| CBO.CLEAN*, CBO.FLUSH* | {cheri_excep_mcause} | {cheri_excep_type_data} | {cheri_excep_cause_bounds} |`auth_cap` bounds | all bytes of cache block out of `auth_cap` bounds | CBO.INVAL* | {cheri_excep_mcause} | {cheri_excep_type_pcc} | {cheri_excep_cause_perm} |<> permission | not(<>.<>) | capability stores | 6 | N/A | N/A |capability alignment | Misaligned capability store |=========================================================================================